With over 12,000 computing devices and 500 servers under its management, Nottinghamshire Healthcare has maintained an ongoing strategy to continually improve its security controls. Most of its systems are used internally and unconnected to the internet. However, increased use of BYOD and more interconnection has prompted the IT department to instigate a migration of its PKI infrastructure to the newer SHA-2 (Secure Hash Algorithm 2), a set of cryptographic hash functions that is widely used in security applications and protocols, including TLS and SSL, PGP, SSH, S/MIME, and IPsec.

“SHA-1 has been depreciated in terms of its security capability, however not all our applications or servers natively supported SHA-2 which meant we needed to consider the upgrade with the context of a wider application server upgrade,” explains Andy Spencer, System Team Leader for Nottinghamshire Healthcare, “It is a significant project that we felt could benefit from dedicated security expertise for which we turned to AN Security.”

AN Security helped the Trust to overcome the complexity of its legacy PKI, along with dependencies on existing services including mobile device onboarding and remote access control. As Jason Parry, Network Security Architect for AN Security explains, “We discussed at length with Andy and his team the merits of several deployment scenarios to determine the best course of action. Next, we agreed a process with various business groups who consume PKI and once ratified completed our standard scope of works documentation with pre-requisites to streamline the deployment.”

The actual project was driven by the Nottinghamshire Healthcare’s IT department under guidance from AN Security to ensure high levels of knowledge transfer. The entire migration project including legacy operating systems migration and remediation of weaknesses within the SHA-1 signatures took just 3 days, leading to improved security posture without any disruption to its 24/7 operations.