BioScrip uses the Caymas appliance to secure its geographically diverse infrastructure, which includes IBM RS/6000 and IBM AS/400 application servers and IBM DB2, Oracle, and Sybase database servers. The appliance tracks individual or group identities and uses predefined rules that determine what those groups can access. BioScrip's IT-security staff can view user identities, how they're configured and grouped, and which data they're authorized to see, all through a PC-based management station.
The gateway appliance also tracks user behavior on the network and helps boost performance. With Caymas' One Cycle Lookup tool, for example, remote users each get their own entryway through the appliance instead of having to be queued up.
In one instance, BioScrip was able to avoid a house call from an IBM technician by letting the vendor's technical-support employee tap into a new IBM pSeries 615 server that was causing problems for Goblirsch and his team. Immediately after BioScrip's IT group set up the server, it began "throwing up a red light," Goblirsch says, but the server didn't indicate the specific problem.
Goblirsch called IBM, and while the support rep waited on the phone, he set up a Telnet session. Goblirsch then created a Caymas access ID for the technician so he could tap into BioScrip's network and assess the server remotely. The entire Telnet and remote-access setup took about eight minutes. IBM diagnosed the problem as a minor issue with the power supply, and the server was up and running in 20 minutes. Goblirsch estimates BioScrip's remote-access tool prevented an entire day of server downtime that the company might otherwise have spent waiting for the technician to make a trip to BioScrip's offices.
BioScrip has found other uses for the remote-access appliance. After the merger, the company carried out a Sarbanes-Oxley audit. Goblirsch created Caymas user IDs for 15 outside auditors, along with access to documentation created by the lead auditor and BioScrip's CFO. The appliance let Goblirsch give auditors direct access while restricting them to just the information they needed.
Goblirsch and his team weren't satisfied with other remote-access products they investigated. With the Caymas appliance, he says, he's sure he's providing the remote access his mobile users need without unnecessarily exposing the BioScrip network to external threats.
"We didn't want to subject our sensitive internal E-mail and other data to anything outside," Goblirsch says. "The idea of opening another port in our firewall, just to handle things like mail, felt wrong."