Leading Clinic Operator Achieves Compliance and Efficiency Goals

Company Snapshot

With around 170 healthcare facilities nationwide, Asklepios is one of the largest private clinic operators in Germany. Their strategic focus is developing future-oriented medicine for all patients of the highest quality standards. The Asklepios Clinics Group includes hospitals, specialist clinics, psychiatric clinics, medical care centres, as well as post-acute and rehabilitation clinics. Organizations in the healthcare sector are faced with the challenging task of meeting highly complex requirements for IT password management. They must be able to manage, monitor and control privileged credentials and control access to on-premises, cloud and hybrid infrastructures.The IT devision of Asklepios Kliniken uses BeyondTrust Password Safe for efficient and secure password storage, session management and allocation of credentials.

Business Requirements

In the Asklepios Kliniken group of companies, internal IT employees require protected access to server systems. In order to comply with comprehensive compliance guidelines, legally compliant logging of all administrative work is indispensable. “As an integrated, digital health group, we must always be able to track who worked with which server and when, even with external partners,” emphasized Felix Diroll, Head of Server Team of the IT division at Asklepios Kliniken. “Together with the highly specialized IT service provider N3K Informatik GmbH, we have found the right security solution that enables policy-compliant management of passwords and user privileges.”

“In the healthcare sector, we are committed to particularly high standards of IT security and data protection. With Password Safe, we can reliably implement all legal IT compliance requirements while simultaneously gaining the necessary cost efficiency, flexibility and productivity in our daily operations.”


IT Infrastructure Harmonization with Password Safe

In a preparatory workshop, several products were considered. On the recommendation of N3K, Password Safe was selected to move forward with a proof of concept in which the previously defined business requirements were verified in practice.

The feasibility analysis showed that the solution could be implemented within the existing infrastructure and that only minor technical adjustments were required. Subsequently, the technical team began implementation of Password Safe into the business process.

With Password Safe, the Asklepios server team was able to comply with legal requirements and achieve a harmonization of its own IT infrastructure. N3K Network Systems supported the IT devision in setting up, configuring, and initially deploying the solution. In addition, N3K undertook the basic implementation of the due diligence processes and the instruction of the IT administrators.

The implementation of the solution was completed within just a few days. “Our users no longer know the passwords of their accounts”, said Diroll. “Instead, users request credentials via just-in-time access when needed, without seeing them in plain text.” In a nationwide, decentralized team that extends from Sylt to the Alps, risks such as password loss or theft are now avoided. The BeyondTrust solution combines privileged password management; same comment for Session Monitoring. “And unlike other providers, BeyondTrust has no hidden costs for API or SSH services,” said Diroll.

How Password Safe Secured Asklepios. BeyondTrust Password Safe enables unified password and session management for seamless tracking and control of privileged accounts. The Asklepios clinics use the following functions:

Security & Privacy

BeyondTrust Password Safe can discover, manage, and monitor all privileged credentials, as well as ensure complete control and traceability of privileged accounts. This allows the Asklepios clinics to ensure the protection of passwords and login data that provide access to business-critical IT systems. As part of the ISO certification criteria, assigned passwords expire after a specific time

Auditing & Session Monitoring

The enterprise solution provides full logging of all activities and sessions to meet IT compliance requirements, ensuring easy deployment, use, and maintenance with reliable automation. To meet compliance guidelines and forensic analysis at Asklepios Kliniken, the activities and meetings requiring documentation can be logged and monitored in consultation with the works council. To comply with the legal archiving obligation, data is stored tamper-proof for ten years and then completely deleted.

Password Management & Rotation

BeyondTrust helps Asklepios comply with IT security standards even in decentralized business environments. Password Safe works with a wide variety of clients to exchange passwords on the selected target systems and assign permissions. The solution also solves challenges in the rotation and assignment of privileged access data at remote locations.

Certifications to Meet Demanding Data Storage Standards

As typical for hospitals, clinics, and the entire healthcare sector, Asklepios must also enforce the highest security standards in terms of data storage and treatment of personal information. The legal and industry-specific requirements for reliability and fire protection, for example, stipulate that the hardware servers used must be protected at different locations and even against aircraft crashes.

BeyondTrust integrates seamlessly into this particularly demanding IT landscape and meets the relevant certifications and criteria catalogs. With Password Safe, IT managers who work throughout Germany can intelligently organize their IT assets and accounts, reduce manual effort and maintain security control over their IT systems.

Milestones & Future Plans

In the first phase, Password Safe was deployed on 600 IT systems to simplify management of credentials. Based on the positive practical experience with the credential management and automation functions on different platforms, Asklepios decided after six months to expand the implementation to over 3,000 systems.

In the next phase, the holistic approach of the solution to privileged access management (PAM) is to be more closely integrated to accompany remote access by external users with administrative rights in accordance with the guidelines.

Prefers reduced motion setting detected. Animations will now be reduced as a result.