Nottinghamshire Healthcare completes successful PKI upgrade to strengthen security

04 June 2018

Increased use of BYOD and more interconnection prompted the trust to migrate its PKI infrastructure to the newer SHA-2 system.

Increased use of BYOD and more interconnection prompted the trust to migrate its PKI infrastructure to the newer SHA-2 system.

Nottinghamshire Healthcare NHS Foundation Trust has moved to the Secure Hash Algorithm 2 (SHA-2) cryptographic standard to help strengthen security.

With more than 12,000 computing devices and 500 servers under its management, most of the trust’s systems are used internally and unconnected to the internet. 

However, increased use of BYOD and more interconnection prompted the IT department to instigate a migration of its PKI infrastructure to the newer SHA-2 system which is a set of cryptographic hash functions widely used in security applications and protocols, including TLS and SSL, PGP, SSH, S/MIME, and IPsec.

Andy Spencer, system team leader for Nottinghamshire Healthcare, says: “SHA-1 has been depreciated in terms of its security capability, however not all our applications or servers natively supported SHA-2 which meant we needed to consider the upgrade with the context of a wider application server upgrade.”

The actual project was driven by the trust’s IT department under guidance from ANSecurity to ensure high levels of knowledge transfer. 

The vendor says it helped Nottinghamshire Healthcare to overcome the complexity of its legacy PKI, along with dependencies on existing services including mobile device onboarding and remote access control. 

The entire project, including legacy operating systems migration and remediation of weaknesses within the SHA-1 signatures, took just three days. 

ANS Security says the result for the trust is an improved security posture without any disruption to its round the clock operations.

“Any organisations with a legacy windows PKI environment need to perform something similar,” says Jason Parry, Network security architect, ANSecurity. “This may not require a wholesale replacement and, in many cases, it might be applicable to perform a simpler migration to new servers along with an upgrade that renews existing PKI infrastructure.”

ANSecurity says it has performed dozens of these projects over the last 24 months and claims it has a significant number planned for the next year. 

Parry adds: “With its large number of legacy systems, the NHS is a sector that is rapidly moving to SHA-2. 

“Busy IT staff that may have overlooked these types of projects due to the complexity of legacy applications servers should not be overly concerned as the process for migration is relatively straightforward and uses a well understood process.”