About New York City Health and Human Services
New York City Health and Human Services oversees nine agencies focused on health, social services and criminal justice. New York City Health and Human Services Connect (HHS-Connect) develops and maintains applications and technology platforms to support more than 80,000 constituents, including clients, agencies, city workers and nonprofit providers.
Challenge
HHS-Connect is focused on breaking information silos across HHS' nine agencies, each of which has their own commercial and homegrown IT solutions. "Historically, HHS had no overarching enterprise architectural strategy," said Lou Sell, chief architect for New York City Health and Human Services. "Each agency built their own solutions over the years to suit specific business problems. We needed the ability to monitor security events from all of these systems to prevent policy violations, but manually reviewing and correlating these logs would have taken an inordinate amount of time. We simply didn't have the manpower."
The agency also needed a way to demonstrate compliance with the numerous state and federal regulations it is subject to. "There are many laws that govern the data we're sharing," said Joe Fleischman, project manager, Office of the CIO for New York City Health and Human Services. "To ensure compliance with these regulations, we needed the ability to correlate security logs and transactions across systems to gain a comprehensive view. We also have many security filtering policies that determine which individuals at which agencies can access certain data. We needed a way to effectively track those policies."
Novell Solution
After researching a number of commercial and custom solutions, HHS-Connect chose Novell Sentinel™ and Novell Sentinel Log Manager to monitor its IT systems in real time.
"Building a custom solution would have cost hundreds of thousands of dollars, and would have been extremely difficult and costly to maintain," said Fleischman. "Plus we would very likely have had to replace the custom solution after a few years when it no longer fulfilled our needs. We found Novell Sentinel and Novell Sentinel Log Manager to be extremely customizable. We can easily pull in the right data fields and correlate that data to glean the information we need."
HHS-Connect worked with Accenture, a global market leader in technology, consulting and outsourcing and a Novell Business Partner, to implement the Novell solution. "We have hundreds of different logs being generated across our systems," said Fleischman. "Accenture devised a strategic plan to identify the most valuable logs and highest severity events to monitor. The Accenture team built the connectors to various application databases so that we can centrally monitor security activities. The project was a success and was completed on time. We attribute that to Accenture and to the Novell solutions."
HHS-Connect now uses Novell Sentinel to detect and log security events, including application transactions, web service calls, authentication events, each day. The agency uses Novell Sentinel Log Manager to collect and analyze its log data. The software makes it easy to quickly recognize anomalies and potential policy violations. "We now have a single point of control for collecting and analyzing logs," said Fleischman. "That makes it much easier to gain a holistic view of our environment and proactively monitor any potential security issues."
Results
"Novell Sentinel and Novell Sentinel Log Manager help us make sense of data from a myriad of sources, so we can quickly identify and respond to any system anomalies and potential policy violations," said Fleischman. "I don't know how we would have accomplished this type of sophisticated monitoring solution without them."
The Novell solutions were well suited to the agency's heterogeneous IT infrastructure. "We now have an extensible solution that we can adapt to our environment," said Fleischman. "The Novell solution requires far less overhead to maintain than a custom application and if we have a new requirement we need to track, we can easily create a new report or rule."
The Novell solutions proved to be a good investment for HHS-Connect's complex environment. "Novell Sentinel and Novell Sentinel Log Manager have already paid for themselves," said Fleischman. "Tracking these logs manually would have required a minimum of 20 additional staff, and would have been far less effective for safeguarding data and ensuring security."
HHS-Connect has also improved its reporting and auditing capabilities. "Using Novell Sentinel and Novell Sentinel Log Manager we're better prepared for audits and can minimize the risk of security breaches," said Fleischman. "If, for example, an authorized user misuses our systems, we can quickly identify and stop this behavior. We can even identify exactly what the user did with the records in question to further mitigate risk."