Regional health insurer improves security and experience, simplifies monitoring with Microsoft security solutions

MVP Health Care centers its philosophy around people—those it serves, and those who work there. That focus has won the company acclaim as a 2020 honoree of the Albany Business Review’s Best Places to Work and garnered the trust of 700,000 members. Despite a ”David-and-Goliath” imbalance of power and influence between itself and enormous technology disrupters edging their way into the health insurance market, MVP continues to punch above its weight. 

After the company took stock of its security posture, it divested from multiple, onerous security solutions. It deployed unified Microsoft security solutions, which helped to greatly simplify management, lower costs, and refocus its IT and cybersecurity professionals who now have more time to concentrate on the most crucial, value-added tasks. With Microsoft Azure Sentinel, Azure Security Center, Azure Firewall, and many more Azure security solutions plus Microsoft 365 security technologies, they’re building a winning security environment. The company also boosts the security of remote work with Azure Virtual Desktop. With Azure as its cloud platform and Surface devices as its hardware, MVP is realizing multiple benefits of a truly integrated environment.

Facing the challenges of the modern threat landscape

David Swits still remembers his first day as Senior Leader in Cloud and Infrastructure Services at MVP Health Care. “I clicked the internet browser icon on my desktop and counted to 25 seconds to open a web page,” he recalls. “I looked over my shoulder at a fellow employee expecting him to be as horrified as I was but soon found that people at the organization were accustomed to that level of performance.” It didn’t take long for Swits to understand the reasons for the glacial response time. “A plethora of unconnected security solutions was deployed to every desktop. None of them worked with any of the others,” he explains. In his new role, Swits is called upon to develop the company’s cloud infrastructure to help it compete against much larger players. In a healthcare world that depends more and more on information technology, performance and responsiveness are vital. 

The MVP security team knows that the competition for members will not be won by performance alone. Security and member confidentiality are sacrosanct, as much of MVP’s data contains protected health information (PHI), the preservation of which is subject to both state and federal regulations. “The challenge is in front of us 24 hours a day, seven days a week,” says David Miller, Chief Information Security Officer at MVP Health Care. “Every day in the news, we see the uptick in ransomware and other kinds of attacks. Yet we must balance all of this with performance.” 

John Rich, Leader of Cybersecurity at MVP, confronts those challenges in the face of resource constraints typical of IT departments everywhere. People aren’t as scalable as software, yet the volume of sensitive information his team deals with could be overwhelming. “Millions of lines of information stream in daily,” he says. “My team needs a highly developed, mature solution to handle that volume.”

When Michael Della Villa took on the roles of CIO and Head of Shared Services at MVP Health Care, he was determined not only to address performance issues for the sake of all MVP employees, but to optimize productivity and refocus cybersecurity staff on high-value activities. It was a formidable task; some 300 different vendor solutions had built up over the years, many of them designed for specialized functions. And as the company planned a move to the cloud, it also evaluated Amazon Web Services. “As we looked at other vendors and platforms, we realized that it was a no-brainer,” he says. “Microsoft offers the cohesive solution we need. Everything it brings to the table fits beautifully with our direction. It has become an outstanding support for us.” 

Starting the consolidation journey 

Having chosen a vendor, Della Villa and his team embarked on a transition to Microsoft security solutions. It began with deploying Microsoft Defender for Endpoint in late 2018. The team appreciated the ease of use native to Microsoft Defender for Endpoint—an agentless solution that automates security tasks. “Like the other Microsoft tools that remove so much heavy lifting, Microsoft Defender for Endpoint frees us up to concentrate on value-added analytical work,” says Swits.

In tandem with that deployment, the company rolled out the rest of Microsoft 365 at the E5 licensing level. MVP Health Care wanted the convenience benefits of Microsoft Teams and Microsoft 365 Business Voice, which businesses use to replace traditional telephone systems with Teams. The E5 security features were a disproportionately large extra benefit: Microsoft 365 Defender, which merges signals across email, data, devices, and identities to automatically detect and investigate complex threats, piecing together evidence of possible attacks from across all of those technologies. The solution consolidates seemingly unrelated alerts and otherwise hard-to-detect threats. 

The automation in Microsoft 365 Defender helps remediate the affected assets. MVP Health Care also turned on Microsoft Defender for Identity to investigate compromised identities and malicious insider actions. Rolling out Microsoft Cloud App Security, a cloud access security broker, extended MVP Health Care security policies into the cloud, detecting and controlling access that would enable potential malicious activity and preventing attacks to Microsoft 365 and the company’s software as a service (SaaS) apps.

The MVP cybersecurity teams also rolled out Microsoft Endpoint data loss prevention (DLP) and began to convert from its former third-party Splunk security information and event management (SIEM) solution to Azure Sentinel. “Getting cohesive visibility across an entire environment is the biggest problem for organizations,” says James Greene, a consultant who is a de facto member of the MVP cybersecurity team. “With Azure Sentinel, we have a level of visibility that we’ve never had before, all the way down to the endpoints, servers, and applications. We can better protect everything, including member data, with the Microsoft security services we’ve rolled out.”

Consolidation carried over into the hardware arena for MVP, which provisions Surface Laptop devices to its employees. “We selected Microsoft Surface as our desktop device,” says Swits. “Because we use Microsoft Defender for Endpoint attack surface reduction, we can actually work with the BIOS in the device to further boost security. And we will resume using Surface Hub for collaboration when our workforce returns to working on site.”

Focusing on the data with a convenient SIEM

The previous SIEM solution at MVP Health Care created management complexity that blocked its value. “We spent so much time trying to maintain the prior system that we weren’t actually using the system,” says Greene. “We easily get very detailed information from Azure Sentinel because it’s so well connected across all of our Microsoft solutions. The focus and clarity we’ve gained across everything we need to manage is a crucial benefit.” 

Greene’s team relies on that connected functionality to simplify and expedite tasks. “One of the biggest benefits for us stems from the ability to use Kusto Query Language (KQL) across log analytics workspaces in Azure Sentinel, and use that query directly in Microsoft Defender for Endpoint,” he says. “Whether we’re using a query to look at performance-related data or following up on an alert, we can send that information directly into Sentinel. We can jump from one tool to the other to deal with the same information. That’s huge for us.”

MVP retains some on-premises applications as it continues transitioning to the cloud. It uses Azure Security Center to aggregate alerts and other security data from its hybrid environment. The company uses Azure Defender to protect hybrid workloads. “Alerts from Azure Defender, Cloud App Security, and other solutions are chained together in an actionable way,” he says. “The entire security suite is seamlessly connected. We appreciate that because we can build a comprehensive policy for dealing with security issues in one place. Without that ability, we’d find ourselves adding another solution to consolidate reporting.” 

MVP facilitates security with Azure Firewall. “One of the reasons we deployed Azure Firewall was to take advantage of its built-in high availability along with the protection a firewall gives us,” he says. Greene also appreciates that platform-wide coordination. “One of the best things about Azure is its back-end interoperability,” he adds. “The effectiveness we get from correlated information to boost security is by far our biggest win.” 

Pivoting gracefully to work from home

Like companies around the world, MVP Health Care protected its employees with a work-from-home transition when the COVID-19 crisis began. The company capitalized on the work it had started by rolling out Azure Virtual Desktop as a way to continue its consolidation and eliminate another remote collaboration solution. Miller appreciates the ability he gains from using Azure Virtual Desktop to provide specialized, locked-down environments for various worker groups, whether they’re internal or external teams. Employees who don’t have that technology would have to connect from home through a virtual private network, and that imposes more restrictions on those devices—leading to reduced performance, and thus to lower productivity. “As an example, MVP can quickly spin up a specialized, project-based development environment, saving us from having to provide new or reprovisioned hardware and installing specialized software,” he explains. “During this time where we need to work from home, that would mean remotely installing the software. We benefit from this secure agility.” 

“On a Thursday in March, we sent everyone home,” recounts Swits. “By the following week, we had 1,800 people working from home with Azure Virtual Desktop. It’s been instrumental to that abrupt but smooth transition.” 

The company relies on a series of industry-specific applications that require intense resource consumption and run on-premises. With Azure Virtual Desktop, MVP Health Care now has a more streamlined option. “We realized that we could eliminate a lot of latency with Azure Virtual Desktop and that our employees could use the applications from home,” Swits adds. “We’ll run it on Surface Go 2 devices for several of our employees—that’s the only device they’re going to need.”

Miller’s team preserved security during remote work by using Azure Active Directory (Azure AD) Conditional Access policies to protect identities and data beyond the company periphery. “Conditional Access in Azure AD is essential for us,” he says. “Having that level of security across domains, being able to lock down identities from countries we don’t deal with but are known for malware, and using multifactor authentication improves our security posture and reduces stress for my team.” 

Poised for further successes

MVP Health Care looks back on a consolidation project that pays multifaceted dividends extending far into the future. Attacks can and do happen on multiple fronts, and MVP now has a toolset to address that multiplicity. “Because Microsoft Defender for Office 365 extends across all our business applications, especially Exchange Online, we can feed any of our investigation items directly to the system for an in-depth phish check,” says Rich. “The tools accomplish deep-dive investigation in the background. And the fact that users can submit suspicious emails for our team to review after the fact is becoming a huge timesaver for us.” 

For Swits, the company’s productivity wins are undeniable. “Now that we have Azure Sentinel and the rest of this interoperable security platform, we don’t need a cadre of people in the back room coding reports in different languages,” he says. “The agility we’ve gained is a huge advantage.” For Miller, that advantage translates to higher productivity as well. “With Azure Sentinel, we have one technology, so we can consolidate our resources,” he explains. “That means just one skill set that covers the entire range of our resources and platform for simplified training, and a common platform to build upon.”

“By maximizing the usability of the toolset for our teams, this approach drastically simplifies our support stance,” says Della Villa. “There are definitely hard dollar savings from divesting from hardware and numerous licenses. But most importantly, we have a standardized platform and a clear road map. That means a single pane of glass to make our teams productive—a premium experience for them, and ultimately for our members.”

Find out more about MVP Health Care on Twitter, Facebook, Instagram, YouTube, and LinkedIn.