Putting security front and centre in the outback

Medical services that city dwellers take for granted can be difficult to deliver outside metro areas. The Royal Flying Doctor Service (RFDS) was formed nearly a century ago to provide health care to communities in the Australian bush. Using aviation, modern medicine, and communications technologies, the dedicated professionals of the RFDS serve as a lifeline for those who live, work and travel in remote Queensland.

How can an organisation with staff spread across Queensland effectively protect mission-critical data?

The RFDS provides aeromedical and primary healthcare services across regional, rural and remote Queensland.

“The RFDS provides medical services across about 1.8 million square kilometres,” said Adam Carey, the organisation’s Digital Infrastructure Program Manager.

“Our clinicians look after patient health, our pilots provide aeromedical retrieval, and my role is to support patients’ digital health.”

Carey is responsible for digital transformation and cybersecurity programs at the RFDS. The organisation recently transitioned core capabilities to software-as-a-service (SaaS) systems. This boosts productivity for workers in distant outposts. It also heightens risk across three dimensions. First is the challenge of protecting remote and cloud-based systems.

“The digital security of patient information is critical — privacy is part of the patient care we provide,” Carey said.

In addition to the fundamental responsibility to protect patients, “the RFDS is absolutely iconic” according to Carey.

“That puts a heavy responsibility on us, as technologists, to make sure the environment is safe. We have a reputation to protect and can’t let a cyber attack erode trust with the public,” he said.

Thirdly, a successful attack might undermine the availability of the digital services that RFDS staff need to do their jobs.

“The stability, resiliency and integrity of our systems have a major impact on our ability to provide medical care,” Carey said.

Boosting security and visibility, with transparency to end users

The RFDS leveraged the advanced security capabilities of the Netskope Next Gen Secure Web Gateway (SWG). It delivers anti-malware and intrusion prevention system (IPS) technologies, firewall and sandboxing, data loss prevention (DLP), threat-intelligence feeds, and other next-gen functionality, through the cloud.

Now, when RFDS users — on any device and in any location — connect to resources via the internet, they first connect to Netskope. The SWG inspects the traffic, then sends it on to the website, SaaS app or other cloud-based destination. Not only does this improve security but it also provides Carey’s team with deep visibility into user activities.

“The Netskope platform does a lot of different things. We look at all parts of the network, and user and data flows. Netskope gives us visibility into the cloud services our staff use. It also gives us the ability to finetune which services and solutions are trusted, and which shouldn’t be available. It’s part of our DLP program to ensure we don’t have data loss, and we use it to ring-fence critical data,” Carey said.

The SWG integrates directly with RFDS’s security information and event management (SIEM) system and, for end users, the solution is transparent.

“That gives us another dimension of user activity, [so we can] ensure that activity on their account and on their data is normal.

“We get no complaints from the field. Our clinicians and nurses don’t have to think about security. They use the systems they need to interact with, while Netskope is in the background, protecting the data and ensuring it’s not lost or leaked,” he said.

Building business agility without security risk

The SWG requires little effort from Carey and his team.

“It’s a very hands-off solution. We don’t have to manage and monitor it day-to-day. We apply our data policies to endpoints, and data is then logged back in, to give us that 24x7 understanding of where our data is, at all times,” he said.

Ever since the RFDS implemented Netskope SWG, remote workers have been securely accessing the websites and cloud solutions they need, without interruption or incident.

“The Royal Flying Doctor Service now has much greater visibility into threats to our environment, allowing us to make more informed risk decisions," Carey said.

He believes the enhanced security for all web traffic has made the RFDS stronger and more resilient. It has also improved his organisation’s flexibility.

“In our journey to 100 years, we have a strategy to continue to digitally innovate. Netskope allows us to be more agile in the technologies we provide to our clinicians and flight nurses. We know that they can safely use cloud-based services, and we can protect their data, regardless of the use case. We keep our users safe so they can deliver patient care,” he said.

Image credit: iStock.com/NicoElNino