A London-Based NHS Trust

BlueFort Security deployed Silverfort’s advanced multi-factor authentication (MFA) protection capabilities, replacing its legacy MFA solution. Working closely together, the combined team’s objective was to protect patient services and enable the stretched trust’s IT team to implement the new solution quickly and effectively, without impacting their day-to-day activity.

The new Silverfort solution gave the hospital’s IT team the ability to deploy MFA everywhere and to every account. As any NHS trust dealing with the challenge of securing identities will know, this is a big deal. The Silverfort solution also provided the ability to discover and protect service accounts (or ‘non-human identities’) to remove the threat of lateral movement within the organisation’s IT environment.

Securing privileged users is a big focus area in CAF, and historically, one that is hard to put protections around. The Silverfort deployment enabled the trust to extend MFA coverage across its privileged users, and to services that were previously unprotected, allowing for more granular controls and protection around privileged users for tools such as PowerShell and CLI.

Silverfort worked closely with BlueFort and the hospital’s IT team to replace all VPN users in one go, rather than replacing users in small increments over time, and prioritising user and service accounts with the greatest risk potential. As well as avoiding any disruption to users, which is always an inherent risk in any large-scale IT infrastructure upgrade project, the solution reduced threats to patient services without impacting the limited IT team resources.

While the project was focused on implementing an MFA solution, the trust’s IT team quickly realised the Silverfort solution would also provide the visibility they needed to solve the ongoing challenge they had been addressing around AD hygiene.

With this project, BlueFort proved that it’s possible to deploy, configure, and optimise a new MFA solution fast and without disrupting the end-user experience. Working alongside the trust’s IT team, BlueFort delivered the Silverfort rollout in just under three weeks (over the Christmas period), replacing the legacy MFA tool, and successfully migrating 88% of users over to the new system to ensure everything was up and running when staff returned in January. A single email was all it took to complete the switchover; simple, seamless, and secure.

This was made easier by BlueFort’s strategic partnership with the trust’s IT Manager and his cybersecurity team at the hospital: the driving force behind the success of the project. As Silverfort’s leading UK partner, no one was better positioned than BlueFort Security to deliver expert deployment, configuration, and continuous optimisation, ensuring maximum return on investment and significantly enhancing their cybersecurity resilience.

The architecture of the Silverfort solution was central to delivering the project quickly and successfully across so many users at once. Silverfort provides a slick end-user experience, and the speed and efficiency of the deployment meant the IT team could see tangible value from the solution immediately, without having to allocate significant additional time to achieve it.

One of the unexpected but highly valuable outcomes of selecting Silverfort was the exceptional visibility their Identity Threat Detection and Response (ITDR) provided, within the trust’s AD. The depth and clarity of the data delivered by the solution has proven to be a significant benefit, offering value well beyond the original scope of the project.

• CAF (Objective B) and DSPT compliance.
• Reduced threats to patient services without impacting the already-stretched resources of this trust’s IT security teams.
• Visibility of all identities and authentications in their entire hospital estate.
• Deployed security controls against one of the hospitals compromised in the Synnovis breach.

The NHS hospital trust’s IT team needed to ensure it had adequate funding available to support the implementation of the new technologies it knew it needed to meet the broader requirements outlined in CAF. As a guidelines-based framework, CAF moves away from the more prescriptive elements of DSPT towards an outcomes-focused assessment of compliance. This means teams need to be able to demonstrate the deployment, policies, and results around the controls that have been put in place, rather than simply checking a box.

While currently CAF is a guideline, the new outcomes-focused format makes compliance more complex, and this means that many trust IT departments are looking ahead, combining all potential areas of funding to meet the new standards over time. With the challenges facing the NHS trust’s IT team, and the solutions needed to meet compliance, the team needed to put a strong business case together to deliver the project.

This NHS trust funded the project with a combination of budgeted renewal funds, capital underspend, and a portion of centralised funding:

1. Budgeted renewal funds: Replacing legacy technology solutions opens up the possibility of reallocating funds to new solutions with multiple use cases that will achieve several objectives at once.
2. Central funding: Government funding is made available at the start of each financial year for NHS England and regional cyber leads to address common challenges across Integrated Care Systems (ICS). Recognising the identity-based challenges surrounding the Synnovis breach, NHS England allocated funds to support trusts in closing the gaps. The Project Lead and IT Director approached the NHC Regional Cyber Lead with a successful business case for a new solution that would address the issues highlighted by NHS England around MFA for privileged users. Rather than automatically selecting one of the large vendor-point solutions, he reviewed several potential solutions and recognised the value in Silverfort, which would address multiple use cases as well as the underlying issues needed to achieve CAF compliance.
3. Capital underspend: The IT team also had access to capital funding that was earmarked for allocation before the end of the financial year, in line with budgetary planning cycles. With the annual reset of budgets approaching, the team saw an opportunity to invest in a strategic project that would deliver immediate value, while making effective use of the available funds.

BlueFort is the UK’s leading independent Security Solutions Partner (SSP). A unique combination of people and technology focused on simplifying your cyber journey. With a curated suite of tools, products, and skills, BlueFort partners with CISOs and SecOps teams to simplify, consolidate, optimise, and transform their cybersecurity environments. Driven by industry-standard methodologies including NIST, ISO 27001, CyberEssentials+ and CTEM, BlueFort’s tightly integrated security disciplines deliver complete solutions that ensure continuous discovery, validation, and control for your organisation.

BlueFort Security is a trusted cybersecurity partner and G-Cloud 14 supplier.

Silverfort secures every dimension of identity. They are the first to deliver an end-to-end identity-security platform that is easy to deploy and won’t disrupt business operations, resulting in better security outcomes with less work. Discover every identity across every environment, analyse exposures to reduce your attack surfaces, and enforce security controls inline to stop lateral movement, ransomware, and other identity threats.