Set up in 2006 by the Abu Dhabi Government in collaboration with Munich Re, Daman is now the leading specialist health insurer in the region serving nearly 3 million customers. As a semi-government entity headquartered in the UAE, it was imperative for Daman to comply with a new electronic security governmental standard for information security. Omar Almarzooqi, Manager, IT Security & Networks at Daman, and his team knew that implementing a Network Access Control solution in their environment would be essential to ensure successful compliance with the new regulation.
Besides the implications of complying with the new electronic security regulation, the absence of a NAC presented both security and administrative concerns. While previous wireless solutions worked conveniently, they presented their own concerns and risks which required a more comprehensive solution. In addition to the complexities involving a wireless network, the challenge was even greater on the wired network.
“The previous wired network access controls were not robust enough to meet today’s challenges. With so many locations, all frequented by numerous contractors and customers, the risks we had to look into were considerable and wide reaching,” explained Almarzooqi.
Recognising these risks, Daman began evaluating access control solutions from five market leading vendors and after careful research, narrowed its search down to two candidates, including Aruba. “In addition to security which was the prime requirement, the solution needed to be flexible enough to work in a multi-vendor environment, and scalable enough to be deployed across our twelve large branches without adding complexity or management overheads,” said Almarzooqi.
Each vendor was given an entire floor at Daman’s headquarters to execute a POC within the company’s production environment. These were then scored on the basis of technical, support and commercial criteria. “Aruba completed the implementation in under a week which we found extremely impressive given the complexity of our IT environment,” said Almarzooqi. Aruba’s solution was more easily integrated and performed better than that provided by the competing vendor who had the experience of working on Daman’s network solutions previously.
The insurance provider deployed two Aruba ClearPass Policy Manager 5K virtual appliances in its datacentre and disaster recovery sites and ten further Aruba ClearPass Policy Manager 500 virtual appliance nodes in its branches. This translated to immediate cost savings as Almarzooqi explained, “Because there was no need for any physical appliances, we could maximise the utilisation of our existing servers by running Aruba ClearPass VMs. These were easily installed on commodity hardware which is testament to the open nature of Aruba’s solutions.”
Implementation of ClearPass allows Daman to centrally control network access at all locations via a single intuitive dashboard. No longer can users plug their devices into Ethernet ports and connect to the network, nor does the company need human resources to manage approvals for wireless access. “Now when someone requires access, they simply raise a request from their device which can be instantly approved or rejected with a single click,” explained Almarzooqi. “This process is equally convenient on the wired as well as the wireless network and for devices running all types of operating systems. As a result, all users get a uniformly great experience.”
This self-registration system automates authorisation from over 45,000 devices per week and has entirely eliminated the need for the IT team to get involved, reducing the number of helpdesk calls related to network access from over thirty per day, down to zero.
“Earlier, and without manual intervention, approved devices almost never saw their access being revoked after connectivity was no longer necessary. Now however, we can specify the duration for which authorisation should remain valid at the time of approval. This feature is especially useful when considering the large number of third-party contractors who frequently work from our offices for extended durations,” said Almarzooqi.
Security is further enhanced as ClearPass automatically vets devices prior to connecting them to Daman’s wired or wireless network, thus mitigating the possibility of endpoint vulnerabilities being exploited for an attack or data breach. “We have a pre-set checklist that includes identifying whether the device’s operating system is updated and patched, and that its running antivirus software. ClearPass rapidly tests against our criteria and only devices that meet these checks are permitted access,” said Almarzooqi.
Security and compliance may have been Daman’s only expectations of Aruba’s access control solution, but the company has successfully leveraged ClearPass to introduce several new IT services. “The powerful features of ClearPass have made possible a host of benefits we did not even consider at the time of evaluation. After meeting and exceeding our expectations for NAC, ClearPass enabled us to implement Wi-Fi self-registration and onboarding, Wireless Security Policy Management, BYOD support and guest management,” said Almarzooqi.
ClearPass delivers policy-based network security, allowing employees, contractors and guests to self-register and connect to the network with the appropriate level of access to either the internet or intranet. Via convenient dashboards, Daman’s IT team can set and modify these policies, and monitor all connections as well as their usage of the network.
The company has also started introducing innovations based on ClearPass. “We successfully integrated it with our queue system so now, instead of waiting in line to get a physical coupon to access the Wi-Fi network, guests can connect to our network, click a single button and get a token,” explained Almarzooqi.
Almarzooqi and his team have already begun exploring ways to further extend their ClearPass utilisation. “We are particularly interested in augmenting its security capabilities through integration with Aruba’s endpoint behaviour analytics solution,” he said.
Aruba Introspect monitors the behaviour of endpoint and IoT devices and using AI and machine learning, detects and flags anomalous or malicious activities. “By combining this with ClearPass, we would be able to automatically quarantine or block rogue devices which will drastically enhance our incident response capabilities,” he continued. “Aruba’s solution performs exceptionally well even in our complex multi-vendor environment and its powerful capabilities open up the possibility of leveraging it for many more purposes than we initially intended. We will continue innovating with this solid platform and are excited to grow our relationship with Aruba to enhance services for all stakeholders,” Almarzooqi concluded.
- Integrated with queue management system.
- Augmenting security capabilities through integration with Aruba’s endpoint behaviour analytics.
- Enabled Aruba Introspect to monitor the behaviour of endpoints and IoT devices using AI and machine learning.
- Compliance with electronic security regulation.
- Unify security management for wired and wireless networks.
- ClearPass for access control.
- Wi-Fi self-registration and onboarding.
- BYOD support and guest management.
- Ability to monitor and control network access across 12 locations via a single centralised dashboard.
- Seamless network access authorisation of over 45,000 devices per week.
- Enhanced security with automated device compliance verification.
- Complete elimination of 30+ Wi-Fi access related helpdesk calls per day.
- BYOD and Wi-Fi self-registration support for employees, contractors and guests.