A leading health insurance company has implemented a secure, flexible and scalable Network Access Control (NAC) solution from Aruba. Daman has deployed two Aruba ClearPass Policy Manager 5K virtual appliances in its data centre and Disaster Recovery sites in addition to 10 further Aruba ClearPass Policy Manager 500 virtual appliance nodes in its branches.
Set up in 2006 by the Abu Dhabi Government in collaboration with Munich Re, Daman is now the leading specialist health insurer in the region serving nearly three million customers.
As a semi-government entity headquartered in the UAE, it was imperative for Daman to comply with a new electronic security governmental standard for information security. Omar Almarzooqi, Manager, IT Security and Networks at Daman, and his team knew that implementing a Network Access Control (NAC) solution in their environment would be essential to ensure successful compliance with the new regulation.
Besides the implications of complying with the new electronic security regulation, the absence of an NAC presented both security and administrative concerns. While previous wireless solutions worked conveniently, they presented their own concerns and risks which required a more comprehensive solution.
In addition to the complexities involving a wireless network, the challenge was even greater on the wired network. “The previous wired network access controls were not robust enough to meet today’s challenges. With so many locations, all frequented by numerous contractors and customers, the risks we had to look into were considerable and wide-reaching,” said Almarzooqi.
Flexibility, scalability and openness take precedence
Recognising these risks, Daman began evaluating access control solutions from five market-leading vendors and after careful research, narrowed its search down to two candidates- one of them was Aruba.
“In addition to security which was the prime requirement, the solution needed to be flexible enough to work in a multi-vendor environment, and scalable enough to be deployed across our twelve large branches without adding complexity or management overheads,” said Almarzooqi.
The proof is in the POC
Each vendor was given an entire floor at Daman’s headquarters to execute a POC within the company’s production environment. These were then scored on the basis of technical, support and commercial criteria.
“Aruba completed the implementation in under a week which we found extremely impressive given the complexity of our IT environment,” said Almarzooqi. Aruba’s solution was more easily integrated and performed better than that provided by the competing vendor who had the experience of working on Daman’s network solutions previously.
Immediate cost savings
The insurance provider deployed two Aruba ClearPass Policy Manager 5K virtual appliances in its data centre and Disaster Recovery sites and 10 further Aruba ClearPass Policy Manager 500 virtual appliance nodes in its branches.
This translated to immediate cost savings as Almarzooqi said: “Because there was no need for any physical appliances, we could maximise the utilisation of our existing servers by running Aruba ClearPass VMs. These were easily installed on commodity hardware which is testament to the open nature of Aruba’s solutions.”
A NAC for security
Implementation of ClearPass allows Daman to centrally control network access at all locations via a single intuitive dashboard. No longer can users plug their devices into ethernet ports and connect to the network, nor does the company need human resources to manage approvals for wireless access.
“Now when someone requires access, they simply raise a request from their device which can be instantly approved or rejected with a single click,” said Almarzooqi. “This process is equally convenient on the wired as well as the wireless network and for devices running all types of operating systems. As a result, all users get a uniformly great experience.”
This self-registration system automates authorization from over 45,000 devices per week and has entirely eliminated the need for the IT team to get involved, reducing the number of helpdesk calls related to network access from over 30 per day, down to zero.
Taking security a step further
“Earlier, and without manual intervention, approved devices rarely saw their access being revoked after connectivity was no longer necessary. Now, however, we can specify the duration for which authorisation should remain valid at the time of approval. This feature is especially useful when considering the large number of third-party contractors who frequently work from our offices for extended durations,” said Almarzooqi.
Security is further enhanced as ClearPass automatically vets devices prior to connecting them to Daman’s wired or wireless network, thus mitigating the possibility of endpoint vulnerabilities being exploited for an attack or data breach.
“We have a pre-set checklist that includes identifying whether the device’s operating system is updated and patched and that its running antivirus software. ClearPass rapidly tests against our criteria and only devices that meet these checks are permitted access,” said Almarzooqi.
Security and compliance may have been Daman’s only expectations of Aruba’s access control solution, but the company has successfully leveraged ClearPass to introduce several new IT services.
“The powerful features of ClearPass have made possible a host of benefits we did not even consider at the time of evaluation. After meeting and exceeding our expectations for NAC, ClearPass enabled us to implement Wi-Fi self-registration and onboarding, Wireless Security Policy Management, BYOD support and guest management,” said Almarzooqi.
Enhanced experience for all stakeholders
ClearPass delivers policy-based network security, allowing employees, contractors and guests to self-register and connect to the network with the appropriate level of access to either the Internet or intranet. Via convenient dashboards, Daman’s IT team can set and modify these policies and monitor all connections as well as their usage of the network.
The company has also started introducing innovations based on ClearPass. “We successfully integrated it with our queue system so now, instead of waiting in line to get a physical coupon to access the Wi-Fi network, guests can connect to our network, click a single button and get a token,” said Almarzooqi.
Behavioural analysis on the horizon
Almarzooqi and his team have already begun exploring ways to further extend their ClearPass utilisation. “We are particularly interested in augmenting its security capabilities through integration with Aruba’s endpoint behaviour analytics solution,” he said.
Aruba Introspect monitors the behaviour of endpoint and IoT devices and using AI and Machine Learning, detects and flags anomalous or malicious activities. “By combining this with ClearPass, we would be able to automatically quarantine or block rogue devices which will drastically enhance our incident response capabilities,” he continued.
A commitment to innovation
“Aruba’s solution performs exceptionally well even in our complex multi-vendor environment and its powerful capabilities open up the possibility of leveraging it for many more purposes than we initially intended. We will continue innovating with this solid platform and are excited to grow our relationship with Aruba to enhance services for all stakeholders,” said Almarzooqi.