Larry Whiteside Jr., Chief Information Security Officer for Visiting Nurse Service for New York graciously spent a few moments helping me understand what his organization is doing, how they're addressing security and privacy mandates and how LogLogic is helping. Thanks, Larry, for taking the time.
Please introduce yourself and your organization.
My name is Larry Whiteside Jr and I'm the Chief Information Security Officer for Visiting Nurse Service of New York. Visiting Nurse Service of New York (VNSNY) is the largest not-for-profit home healthcare organization in the nation. Comprised of more than 12,000 employees, including approximately 4,000 mobile nurses with tablet PCs, 8,000 technology accounts, 325 servers and an additional 3,500 endpoints, the company generates vast quantities of messages per second. In the course of an ordinary day, VNSNY provides home healthcare services to between 30,000 and 35,000 clients, which generates an enormous quantity of data, all of which must be tracked, securely stored and easily retrievable.
What are you doing that needed this technology?
We needed to implement a cost-effective and easy-to-use log management system in order to achieve security and compliance objectives. We had to meet multiple compliance mandates, including HIPAA to protect patient records and communication and PCI DSS to protect cardholder payment information. Additionally, we were challenged to meet SOX guidelines. Logs could help us achieve these objectives as well, so we began looking for a solution that would provide the security and functionality we needed, yet still be easy enough to implement by the small IT team, and one that would fit our budget. One of the first things I did when I joined VNSNY was implement a log management system. I've been a part of different organizations in different verticals, but one constant I've learned is that when it comes to information--and being able to effectively leverage it--everything begins with the logs you have at the system level.
What products did you consider before making a selection?
Prior to log management, there weren't really any tools to meet HIPAA compliance. We had a syslog server pushing things to specific servers, but it was not allowed on every application. It was a difficult, manually-driven process that took up a lot of time. When you look at the man hours associated with investigating any incident, it's easy to see why log management is such a vital tool for IT teams looking to efficiently manage a system and maximize ROI. Log management systems cut the man hours required to examine the logs ten-fold.
Why did you select this product?
I see LogLogic as one of the founders of true log management space. If you look back a number of years to see who developed good products that were innovative and worked, LogLogic was right there. Their roadmap and direction allowed me to maximize on capacity in search. The LogLogic suite allows me to look at one source instead of a plethora, and saves my IT team valuable time. LogLogic is truly focused on capturing and storing logs in the most efficient way possible, which is essential for effective logging.
What tangible benefits have you received through the use of this product?
The LogLogic suite has allowed me to now gather much more intelligence about what is going on at the system level. With LogLogic, I can quickly dive into our log management suite and find out what happened with a specific system, as well as associated systems to get much more detailed intelligence about systems and how they are affecting applications and each other, and pass this on to operational personnel who can use the information to improve system performance, application performance, and more. Having that level of intelligence and insight into my network allows me to sleep better at night.
Prior to the LogLogic implementation, VNSNY spent a lot of time collecting logs and then analyzing them, system by system. Typically it would take 25 minutes per system to review system-level and application-level logs, and an additional 20 minutes to correlate data across those systems, meaning it would take IT staff over four hours a week to analyze just ten systems. With LogLogic, the logs are collected in under five minutes, and analyzing them, even across systems, takes a fraction of the time it once did. We’ve cut down the time to query and analyze logs from four and a half hours a week for ten systems to less than an hour a week for 1,000 systems.
What advice would you offer others facing similar issues?
For those facing issues with meeting compliance objectives and successfully streamlined security and intelligence processes, LogLogic is a great product for solving those issues in less time and money. Time is a precious commodity and it is something that you can never get back. LogLogic actually puts time back in my pocket, and allows me to focus that reclaimed time on other things that are important to VNSNY.