BACKGROUND

ThedaCare is a 100-year old community-owned health system serving a diverse population throughout Wisconsin at four hospitals and 30 other related locations statewide. The third largest health care employer in Wisconsin, ThedaCare has grown from its modest beginning as a merger of two community hospitals with 2,000 employees and $150 million in revenue, to 5,300 employees and $550 million in revenue today. Everyday ThedaCare’s dedicated staff helps improve the health of patients through an array of comprehensive health services including home care and assisted living support.

DIAGNOSIS: SLOW NETWORK

ThedaCare had a dilemma. It had adequate bandwidth to support the computing needs of its 5,300 employees, but application response times were extremely slow. In fact, the company was reaching its Internet bandwidth capacity on a daily basis. Despite having appropriate use policies in place, ThedaCare suspected that not all of its bandwidth being consumed was for business purposes. However, corporate network usage policies were difficult to enforce because its IT team was unable to peer into their network to match application usage to specific users or even machines.

Further hampering its efforts, ThedaCare employees routinely use similar applications for both research and personal use, making it difficult to differentiate between approved and unauthorized usage. ThedaCare sought to speed up its network and eliminate issues related to bandwidth capacity by establishing, monitoring and enforcing appropriate policies.

THE PRESCRIPTION FOR NETWORK HEALTH

ThedaCare was using a UTM appliance for firewall, URL filtering, proxy and email virus protection, but found it unable to provide adequate performance, or the granular visibility necessary for the company to achieve its objectives. ThedaCare also found the device’s user interface difficult to navigate, its visibility into security threats limited and software upgrades cumbersome. The performance of the UTM device further decreased with each new function ThedaCare activated.

ThedaCare selected Palo Alto Networks PA-4000 Series to replace its current firewall, increase application visibility and control, more rigorously scan for malware and to improve performance and web content filtering. And because the PA-4000 Series is able to integrate with an organization’s Active Directory (AD), ThedaCare could identify both the application in use and the individual accessing it. “The PA-4000 Series’ ability to link to our AD was a huge advantage for our Systems Engineers,” says Rick Rohde, Technology Development Engineer for ThedaCare. “No other product can do this.”

BALANCING SECURITY WITH BUSINESS

After installation, ThedaCare’s IT team instantly identified more applications and threats active on its network than it had been aware of. “There was a lot of streaming audio and video media usage going on that was absorbing abnormally high bandwidth and introducing threats,” explains Rohde. Running streaming media from YouTube, or from news and sports web sites, and using programs such as Instant Messaging, proxy applications and Peer-to-Peer (P2P) file sharing without IT’s knowledge can cause serious problems for organizations. Such applications unnecessarily consume bandwidth and introduce threats while inviting potential compliance and legal issues.

Armed with this information, ThedaCare’s IT team outlined two options to the firm’s business leaders. First, it demonstrated that it could instantly reduce corporate bandwidth usage by ten percent just by enforcing current user policies. The second scenario balanced adding more bandwidth to allow staff access to more applications, but with IT reasserting security and control and scrutinizing network use for the safe use of those applications. ThedaCare’s business team chose the more flexible approach. The company expanded its bandwidth and amended its user policy to relax guidelines, while heightening monitoring for inappropriate application access and to minimize risks.

“Before installing the PA-4000 Series, we never had the ability to break down Internet traffic on our network to truly see what was bogging it down,” says Rohde. “Palo Alto Networks helped us see exactly how our network bandwidth was being used. Now our firewall is much easier to manage, our network is faster and we’ve created more room for business applications. Most importantly, we can safely enable the applications the business needs. Palo Alto Networks next generation firewalls gave us the information we needed for IT to speak frankly with the business side of our company about risk and jointly develop a solution that protects everyone.”