Join us June 8th to hear first-hand experiences from Bain Capital’s VP and CISO, Mark Sutton, in our webinar “Lessons Learned Building Bain Capital’s Insider Threat Program.” Register Now
One-E-App Case Study
The Center to Promote HealthCare Access – a government-sponsored non-profit – is a mission-driven organization that combines software development with process reform, advocacy and a deep commitment to helping underserved people.
One-e-App, The Center's signature product, is an innovative, web-based system for connecting families with a range of health, social service and other federal and state support programs. Communities can use One-e-App for programs such as Medicaid, S-CHIP, Food Stamps (SNAP), Earned Income Tax Credit, utility assistance, local health insurance expansion programs and more.
As an innovator in providing state-of-the-art solutions for health and social services, The Center is dedicated to providing usability, ease of access and responsiveness. And this innovation must come without compromising any aspects of data security or compliance.
The One-e-App application platform is deployed and managed on 93 servers and 91 workstations across 3 geographically separated data centers. Thanks to its robust n-tier architecture, One-e-App is built for high performance and data security in all levels of data access. Given the sensitivity of personal heath records data and the internal and government regulations regarding data access compliance, The Center sought to augment its security with an auditing solution that would detail all data and server access, including from internal staff.
"Our application architecture is built to meet strict security and up-time requirements, but we still need to document every server access by IT Admins and internal staff developers", noted Vinay Singh, IT Operations Manager for The Center. "This is critical for keeping our servers up and running, and also to answer management's needs to demonstrate compliance."
With a focus on meeting their compliance and uptime needs, The Center sought a solution that provides visibility into activity on their servers. After comparing various alternatives, The Center chose ObserveIT, due to its ability to provide real-time exposure. "ObserveIT lets us know what is happening inside our servers at any time," commented Mr. Singh. "When two developers are both working on a server at the same time, it is hard to tell who changed what. ObserveIT allows us to track exactly what happened."
With One-e-App's need for performance, ObserveIT's small server footprint also impacted the deployment decision. In early 2009, a proof of concept was deployed on the One-e-App network. After successful POC completion, ObserveIT was rolled out in July 2009 to a system-wide deployment on 100 servers. Since the successful rollout, the admin team can now respond immediately to management requests for utilization reports of Terminal Servers. "We can track utilization, which allows peace of mind when a developer is in the server. If anything happens, we can always see what happened."