Cerner Meets HIPAA Compliance with LogLogic Virtual Appliances
Increased agility, time and cost savings, and compliance without complexity
Cerner’s goal was a new solution for HIPAA compliance. “Our environment is extremely complicated,” says Nichole Windholz, senior security manager at Cerner. “We were looking for a pure logging solution that would be cost efficient and provide us the ability to comply with HIPAA.”
Complying with the Health Insurance Portability and Accountability Act (HIPAA) requires monitoring and auditing system and user activity across the entire network; identifying and investigating security incidents and suspicious behavior; and maintaining an audit trail of system access.
With its systems in more than 18,000 client facilities across the globe, centralized and scalable TIBCO LogLogic® was the solution for compliance as well as for evaluation of security products. “Manually evaluating a security product is extremely difficult,” says Ms. Windholz. “It takes a lot of resources, and we spend a lot of time trying to ensure that the evaluation is going well.”
In this case, the evaluation was a proof of concept (POC) comparing multiple security solutions at the same time. “We had a very short timeline for the POC, and we had four vendors to test simultaneously,” says Windholz. “LogLogic gave us the ability to test all four solutions side by side.”
The TIBCO LogLogic® solution begins connecting to log sources and collecting logs as soon as it comes online. It can also preserve the address of the originating source, which allowed Cerner to set up its POC in minutes, not the months that were originally anticipated. “The time it takes for a source to connect and identify is immediate,” says Windholz. “Since it was already collecting logs, LogLogic gave us the ability to evaluate in our production environment. We were able to make a good decision.”
Compliance Without Complexity
“Regulations require that we log and keep those logs for up to seven years in some cases. TIBCO is giving our internal customers a better experience because we’re able to capture logs, save them, and give them the reports they require.
“Centralized log management with filtering and forwarding is critical for us,” continues Windholz. “We need that capability to send logs to other applications. It just makes things so much easier. We’re able to report and do our auditing from these systems.”
LogLogic Filtering and Forwarding allows creating rules to securely and transparently route data to any destination in real time in a format that will be understandable to the target machine, application, or stakeholder. Each destination only receives the data it needs, helping avoid overloading. The end result is a streamlined architecture that reduces enterprise costs in a variety of ways including management overhead, network congestion, storage requirements, data security, and licensing.
Increased Agility, Time and Cost Savings
With its large and complex network, Cerner wanted to re-use infrastructure as much as possible to save time and cost. It selected LogLogic virtual appliances that provide a significant benefit.
“In our remote offices around the world, virtual infrastructure already exists,” says Windholz. “With the LogLogic virtual appliance, we don’t have to procure new hardware appliances or ship hardware. It makes everything much easier. Everything moves faster. By deploying LogLogic virtual appliances, we have the agility we need to get projects done on time.”
“We have some plans to bring in other types of non-security data, including application and performance data, so we can send that to some of our internal clients,” concludes Ms. Windholz. Doing so will help Cerner IT gain operational efficiency.