Petya Petrova - Fotolia

IT analytics delivers security and business benefits to UCLH

A six-hospital NHS Foundation Trust is using real-time IT analytics to deliver quick responses to security and other incidents to ensure high availability and security for all its IT services

IT analytics is helping University College London Hospitals (UCLH) NHS Foundation Trust to improve security and IT services, as well as cut costs, through enabling a proactive approach to IT management.

The trust, which consists of six hospitals that provide academically-led acute and specialist healthcare services, considers IT essential to delivering top-quality patient care and world-class research.

This means UCLH’s ICT team is continually looking to improve the levels of system availability, performance and service quality, and identify ways to free up resources and reduce costs.

While most organisations go in search of a technology to address a problem, UCLH’s head of ICT delivery, Mark Taglietti, first saw the potential in technology from Nexthink at an exhibition.

“Nexthink’s user IT Analytics sounded too good to be true, but we asked them to come in and give us a demonstration, and as soon as we saw the graphical representations, user interface and capabilities, we knew it was worth further investigation,” he tells Computer Weekly.

Based on the demonstration, UCLH decided to take advantage of a 30-day trial of the fully functional product as a cost-effective way of seeing exactly what business benefits the technology could deliver in enabling the ICT team to meet its goal of providing a highly available, robust, secure and standardised set of services governed by a standard set of security and other IT management policies.

Nexthink’s try-before-you-buy offer includes a detailed report of everything the software identifies across an IT estate during the trial period.

According to Nexthink, its software analyses all application executions and their associated network connections in real time and uses baseline behaviour patterns to identify any anomalies.

This means organisations can use the software to identify any abnormal endpoint activity, performance and connectivity, unusual user behaviour, unauthorised application or network use, lateral movement of privileged accounts, malware that slips past security defences, security policy violations and any application or system disruption.

Analytics software delivers immediate business benefits

Ronnie Skillen, ICT service transition manager at UCLH, says the ICT team was able to get business benefits from the software from the first day without any training.

Read more about IT analytics

“We were impressed with what the software was highlighting and were instantly able to identify instances of policy violations and wherever best-practice guidelines were not being followed,” he says.

For an investment of £10,000, Taglietti says “it was tactically a no-brainer, considering that it would have cost three or four times as much to get consultants in to tell us the same things”.

The trial made it easy to build a business case to deploy the software permanently, he says, because it demonstrated that the software was a good fit for our organisation at a cost that provided good value.  

“It was clear Nexthink was able to provide the visibility we wanted of the performance and utilisation of IT assets across our IT estate to help improve efficiency, identify potential security vulnerabilities, and plan for longer-term strategic investments,” says Taglietti.

In its first year, he says Nexthink has helped the ICT department become more proactive in its approach to the management of incidents, security and rationalisation of the estate.

Skillen says the insights derived from Nexthink have enabled a proactive rather than reactive approach to problems and performance management, including eliminating a “significant” number of security vulnerabilities.

For example, the ICT team has been able to quickly and proactively identify batches of PCs infected with known malware that has not been picked up by existing security tools.

The team is therefore able to prioritise its mitigation tactics, often identifying and isolating vulnerabilities before the user is even aware of them.

“For example, Nexthink has enabled us to identify where security systems have not been configured to enable the best performance and identify where some of the 11,000 executable files in our environment on a daily basis have been malicious,” says Skillen.

“When we first deployed Nexthink, we were able to identify and eliminate a number of high-risk executable files that were active on our IT estate,” he says.

Outstanding security project

In June, UCLH’s implementation of Nexthink’s IT Analytics won the best security project of the year award in the 2015 Computer Weekly European User Awards.

Helping to resolve application access issues is an example of how Nexthink has helped improve system performance, says Taglietti.

“In once case a consultant was complaining that it was taking up to 40 seconds get into a clinical application. Using Nexthink, within five minutes I was able to see that the machine was on the wrong subnet and identify a further 30 machines with the same problem. As soon as they were patched into the correct network, full-speed access to applications was restored,” he says.

Skillen says Nexthink has also enabled the ICT team to check whether outsourcing suppliers are meeting their obligations outlined in service level agreements.

“We have become a more intelligent customer, we can now enforce evidence-based service improvement plans, and this, in turn, has led to a more sophisticated relationship with our outsourcing suppliers which are not pitching ideas and identifying opportunities to us,” he says.

UCLH outsources several aspects of the management of its technical estate, such as the service desk and management of user technology services.

Real-time intelligence on the performance of the user technology provided by Nexthink IT Analytics enables UCLH’s ICT team to monitor, manage and proactively respond to performance and security issues, fixing them before they turn into problems.

“Nexthink improves availability levels and eases the way of supporting the environment while improving the delivery of information to users,” says Skillen.

IT management improvements

According to Taglietti, Nexthink has enabled ICT to become a more proactive provider of technical services. It has proven beneficial across a number of areas, including incident management, sustainability, security and cost reduction,” he says.

Having access to accurate, real-time information informs good decision-making and enables continual improvement of the IT estate, supplier management and delivery of services, says Skillen.

“Perhaps the biggest return on investment has been in relation to the PC estate, because we are able to monitor the performance of machines on a daily basis, which means we can eliminate those PCs that are not performing properly,” says Skillen.

It also means UCLH can get the longest practical lifespan out of IT assets and make targeted and proactive investments in the most critical areas.   

Details about individual users of Microsoft Windows XP, for example, have allowed IT to plan and complete an aggressive Windows 7 migration.

PCs that had not been refreshed were identified, and a case-by-case decision made as to whether a new machine was required, or if it simply needed a low-cost hardware or operating system upgrade to Windows 7, or even a replacement PC from refurbished stock.

The strength of Nexthink, says Skillen, is that is enables us to fire off bespoke analytics to resolve problems whenever required and provides evidence to guide the best response.

Read more on IT risk management