US Department of Veterans Affairs

Department of Veterans Affairs Improves Security and Achieves Compliance

9.16M
veterans enrolled
400K+
employees
500K+
endpoints

Netwrix PolicyPak makes it much easier to comply with federal security mandates. In fact, in some cases, we would simply have no way to implement the mandated settings without PolicyPak. For example, we can allow granular access to particular settings for those who need them. Before PolicyPak, we would have had to open the settings for everyone, which isn’t what you want to do from a security standpoint.

Jamie Hosley, IT Analyst, Office of Information and Technology at US Department of Veterans Affairs 
 

Challenge
  • To ensure business continuity and offer outstanding service to veterans, the VA needed to ensure consistent policy across 500,000+ computers and other endpoints. However, Microsoft Group Policy offered limited management functionality, especially for non-Microsoft products.
  • The VA needed a scalable way to support desktops running different version of Windows and to enable staff to securely use any popular browser.

Having PolicyPak brings great clarity to security discussions. If someone needs access to specific settings in an application, we can work with our security team to show them all of the settings we control, and look at the exceptions a group might need for a specific reason, and determine the best resolution.

Jamie Hosley, IT Analyst, Office of Information and Technology at US Department of Veterans Affairs 
 

Netwrix Solution

After evaluating the offerings on the market, the VA chose Netwrix PolicyPak Group Policy Edition as the best-of-breed solution. Its out-of-the-box support for a diverse set of applications was a key to budgetary approval. Deployment across its 500,000+ endpoints was quick and  smooth, enabling the VA to achieve the following benefits:

 

Easier application management. PolicyPak enables the IT team to maintain consistent settings for third-party applications and save a great deal of time on app maintenance. “Before PolicyPak, it would have been extremely difficult and time consuming to apply a newly released patch for Adobe Reader, for instance — we would have had to do a full uninstall followed by a full re-install every time Adobe updated the product,” explains Jamie Hosley, Office of Information and Technology at the VA. In fact, the team plans to use PolicyPak Design Studio to control the settings for a number of custom apps as well. “The more settings we can lock down, the fewer support calls we will have to handle,” Hosley says.

 

Support for multiple browsers. The VA was able to set Chrome as a default browser for the entire organization while routing specific applications to be opened in other browsers for compatibility reasons. For example, legacy applications open in Internet Explorer because they run best there. “Once the routing is made, an application will always open in the correct browser, even if someone already has a different browser open,” says Hosley.

 

Tighter security. PolicyPak makes it easy to apply security settings and lock down resources, while also providing the flexibility to define exceptions when a project requires unique settings. In addition, the IT team can enforce least privilege by preventing users from downloading unapproved versions of browsers, and can ensure that applications are distributed only through the corporate configuration manager, not random websites that might be spreading malware. “Microsoft’s AppLocker is not a good fit for our needs,” Hosley says. “We prefer the simple to use and seamless security settings we can put in place using PolicyPak.”

 

Easier Windows 10 deployment. PolicyPak made it much easier for the VA to implement Windows 10 across its endpoints. “PolicyPak makes it extremely easy to apply file associations,” Hosley says. “For example, we can control whether PDF files are associated with Adobe Reader or the full version of Adobe Acrobat, based on which tool is installed on a particular machine.”

 

Better GPO management. PolicyPak enabled VA to consolidate the dozens of GPOs assigned to each kiosk to a single GPO and to eliminate unneeded GPOs that have accumulated over the years. “We had GPOs that applied to applications or configurations that are no longer in use, but people were resistant to touching them because there might be a dependency somewhere,” Hosley says. “PolicyPak makes it easy to turn those legacy GPOs off, see what happens and make any adjustments that might be needed.”

Key Benefits
  • Stronger security
  • Improved user experience
  • Enhanced regulatory compliance
  • Easier IT management
Netwrix Applications
Customer Profile

The United States Department of Veterans Affairs provides healthcare services to eligible military veterans. It runs 1,255 healthcare facilities that serve 9 million veterans each year.

Customer: US Department of Veterans Affairs

Industry: Government

Website: www.va.gov/