Microsoft Infrastructure OptimizationCustomer Solution Case Study

University Saves $200,000 Plus 95 Hours a Week with Centralized Malware Detection

OverviewCountry or Region: United StatesIndustry: Education—Higher education

Customer ProfileThe Medical University of South Carolina (MUSC) is one of the top research centers in the United States. MUSC comprises a 700-bed medical center and six colleges, and has 13,000 employees.

Business SituationMalicious software was a constant nuisance to MUSC employees, interrupting their work and endangering hospital data. The IT staff spent about 30 hours a day removing malware from client PCs.

SolutionMUSC licensed Microsoft Forefront Endpoint Protection 2010 to gain a more proactive stance toward malware and give the IT staff a centralized console for monitoring and remediating endpoint security.

Benefits IT time savings of 95 hours a week IT cost savings of U.S.$200,000 Cost avoidance of $100,000 Enhanced network security Better protection of patient data

“We’re probably saving 95 hours a week, thanks to Forefront Endpoint Protection.”

Robbie Townsend, Team Leader, Managed Desktop and Endpoint Security Teams, Medical University of South Carolina

The IT department at the Medical University of South Carolina (MUSC) has 12,000 client PCs to manage and secure. Invasive malware was a constant threat to hospital data and employee productivity, and the IT department spent roughly 30 hours a day removing malicious software. MUSC then used its Microsoft Enterprise Client Access License to acquire Microsoft Forefront Endpoint Protection 2010. With this new tool, the IT staff can respond proactively to malware threats and is saving 95 hours a week in malware removal time, a productivity savings worth approximately U.S.$60,000 per year. MUSC was also able to eliminate its previous antivirus program that cost $150,000, and avoid the $100,000 cost of acquiring comprehensive malware detection software. Best of all, MUSC now has the data it needs to make its environment more secure, so it can keep PCs running and patient data safe.

SituationFounded in 1824, Medical University of South Carolina (MUSC) is one of the top health-sciences centers in the United States and has one of the top 10 cardiovascular centers. MUSC runs a 700-bed medical center and six colleges; employs 13,000 people, including physicians, researchers, professors, and administrative staff; and trains more than 2,600 health care professionals per year.

More than 15,000 staff members and students access the MUSC computer network, which includes 12,000 managed and unmanaged desktop and portable PCs. Managed PCs (9,500) are part of the hospital’s Active Directory domain and run applications that are distributed and supported by the central IT staff. Unmanaged PCs (2,500) are those that have been purchased by various colleges and departments at MUSC and are not joined to the MUSC domain or supported by the IT staff.

The IT staff is constantly working to better protect and simplify the management of this large fleet of client computers. It uses Microsoft System Center Configuration Manager 2007 R3 to deploy operating systems and security updates to the managed PCs and will soon begin upgrading these computers to the Windows 7 operating system to gain additional management efficiencies.

However, the already busy IT staff was spending an inordinate amount of time reacting to and removing malicious software (malware) from PCs. The university had an antivirus software program, but no protection from other types of malware

and no central console from which the IT staff could create and enforce malware defense policies. “We had between 10 and 15 machines a day being infected by non-virus malware,” says Robbie Townsend, Team Leader, Managed Desktop and Endpoint Security Teams for MUSC. Technicians would be sent onsite to re-image the machines, which was a slow process that could take up to two hours for a field engineer to resolve. This added up to about 100 hours of work each week for the IT staff and prevented employees from using their computers during the cleanup period.

Plus, the IT staff had no way to learn from these incidents. Because technicians “wiped” the hard disks, no one could see what type of malware had been present or what damage had been done. MUSC management had wanted to create a dedicated endpoint security team but never had a way to produce the data needed to quantify the problem and justify the expense. Meanwhile, as Townsend’s team worked hard to keep malware off the MUSC network, new forms of malware continued to invade and heighten security concerns. “The main purpose of malware is to steal information or logged keystrokes, not just infect computers,” Townsend says. “Because we deal with patient healthcare data, Social Security numbers, payment card processing, and other confidential information, we needed to mount a stronger, more proactive defense.”

SolutionIn 2009, MUSC signed an Enterprise Client Access License (CAL) Suite agreement with

25

“The main purpose of malware is to steal information or logged keystrokes.... Because we deal with patient healthcare data, Social Security numbers, payment card processing, and other confidential information; we needed to mount a stronger, more proactive defense.”

Robbie Townsend, Team Leader, Managed Desktop and Endpoint Security

Teams, Medical University of South

Microsoft, which provided volume license terms for a variety of needed Microsoft software, including Microsoft Forefront client security products. The medical center also joined the Microsoft Forefront Technology Adoption Program to evaluate the new line of Forefront products. In mid-2010, MUSC implemented Microsoft Forefront Protection 2010 for Exchange Server, which it uses to provide malware protection on servers that run Microsoft Exchange Server 2007, and Microsoft Forefront Protection 2010 for SharePoint to help protect its SharePoint sites. Because MUSC has both managed and unmanaged client computers, it also implemented Microsoft Forefront Threat Management Gateway 2010, using it as a web proxy to help protect servers that run Exchange Server and Office SharePoint Server from Internet-based attacks.

MUSC was naturally eager to evaluate Microsoft Forefront Endpoint Protection 2010 when Microsoft announced it. Forefront Endpoint Protection 2010 builds on System Center Configuration Manager 2007 R2 and R3, so customers can use their existing client management infrastructure to deploy and manage endpoint protection. This shared infrastructure helps reduce ownership costs while providing improved visibility and control over endpoint management and security. MUSC deployed Forefront Endpoint Protection to all 12,000 managed and unmanaged PCs in December 2010. Departmental IT staff installed the program manually on unmanaged PCs.

University management created a dedicated endpoint security team (now three people strong), which the university

had needed for years. One new person was hired; two others joined the team from other areas of IT. “We created the Endpoint Security Team to reduce malware incidences,” says Kurt Nendorf, Director of Infrastructure Services at MUSC. “This required the ability to detect malware, analyze the root cause, and then collaborate with other technology teams to implement preventative measures. This team is critical to our overall information security effort, and Forefront was one of the first tools they selected to accomplish their mission.”

Whereas before, the MUSC network security team could take action only after receiving an alert that malware had infected a PC, endpoint security team members today receive alerts of malware attempts and can access the computer remotely to immediately halt the attack and clean the computer. They also can see if any data was stolen during the cleaning process.

“We can monitor malware-attack attempts from a central console,” Townsend says. “We can also see which computers are missing security updates and if a user uninstalls Forefront Endpoint Protection, so we can immediately reinstall it.” The team also has insight into the university’s unmanaged computers for the first time. “These systems accounted for a disproportionately high percentage of malware infections, so this is an important new capability,” Townsend says.

BenefitsWith Forefront Endpoint Protection, MUSC has been able to reduce the time its IT staff spends removing malware and save money

35

on antivirus and malware software. It is also better able to protect hospital data.

IT Time Savings of 95 Hours a WeekThe IT staff has been able to significantly reduce the time it spends on malware removal. “We’re probably saving 95 hours a week, thanks to Forefront Endpoint Protection,” Townsend says. “We can confirm that a PC was cleaned and is no longer infected, so we rarely have to reimage PCs.” With this time savings, the IT staff is able to adopt additional proactive security processes.

$200,000 Savings plus $100,000 Cost AvoidanceThe IT time savings represents about U.S.$60,000 a year, or the salary of one full-time employee, in productivity savings. MUSC was also able to eliminate $150,000 a year by getting rid of its antivirus software program, a function now filled by Forefront Endpoint Protection.

“In addition to at least $200,000 savings on labor and antivirus software, we avoided spending $100,000 to license Forefront Endpoint Protection and System Center Configuration Manager independently, instead using our Enterprise CAL to avoid that cost,” says Townsend.

Enhanced Network SecurityWith the data obtained from Forefront Endpoint Protection, the university was able to create an endpoint security team that

works continuously to strengthen MUSC desktop security. “We sorely needed a dedicated endpoint security team but could never justify it,” Townsend says. “Forefront Endpoint Protection gave us the security metrics for the management team and gives us the data we need to keep our environment more secure. The people on this team were already spending nearly all their time reacting to malware; now we are spend our time preventing it and progressively improving the organization’s security posture. Plus, we have time now to handle other security-related issues such as laptop encryption and monitoring security appliances.”

Better Protection of Patient DataA more secure desktop environment is vitally important to a healthcare organization, which has patient data, Social Security numbers, and other confidential information on its computers. “With Forefront Endpoint Protection, we’re able to keep our employee and patient data safer, which is important to our reputation,” Townsend says.

Microsoft Infrastructure OptimizationWith infrastructure optimization, you can build a secure, well-managed, and dynamic core IT infrastructure that can reduce overall IT costs, make better use of resources, and become a strategic asset for the business. The Infrastructure Optimization model—with basic, standardized, rationalized, and dynamic

45

For More InformationFor more information about Microsoft products and services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information Centre at (877) 568-2495. Customers in the United States and Canada who are deaf or hard-of-hearing can reach Microsoft text telephone (TTY/TDD) services at (800) 892-5234. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information using the World Wide Web, go to: www.microsoft.com

For more information about Medical University of South Carolina services, call (843) 792-2300 or visit the website at: www.musc.edu

This case study is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Document published May 2011

Software and Services Microsoft Server Product Portfolio− Microsoft Forefront Endpoint

Protection 2010− Microsoft System Center

Configuration Manager 2007 R2

"With Forefront Endpoint Protection, we’re able to keep our employee and patient data safer, which is important to our reputation.”

Robbie Townsend, Team Leader, Managed Desktop and Endpoint Security

Teams, Medical University of South Carolina

“With Forefront Endpoint Protection, we’re able to keep our employee and patient data safer, which is important to our reputation.”

Robbie Townsend, Team Leader, Managed Desktop and Endpoint Security

Teams, Medical University of South Carolina

levels—was developed by Microsoft using industry best practices and Microsoft’s own experiences with enterprise customers. The Infrastructure Optimization model provides a maturity framework that is flexible and easily used as a benchmark for technical capability and business value.

For more information about Microsoft infrastructure optimization, go to:www.microsoft.com/io

55