Insights

Christie Foundation NHS Trust

28.09.22

The Brief

As Europe’s largest single-site cancer centre, the Christie Foundation NHS Trust is known for delivering exemplary care to a population of 3.2 million in the Greater Manchester and Cheshire area, as well as to patients from all over the UK who require highly specialized cancer treatments. After having to rapidly adapt to enable remote working on account of the Covid-19 pandemic, the Trust found its existing IT management methodologies and techniques were not condusive for an environment that could be quickly and easily scaled to deliver everything end users require.

The Trust recognize that, now more than ever, it needs the ability to support employees regardless of their location or device type. While the absolute priority for the Foundation is to provide the best in patient-centric care, they also recognise that financial stability and the proper use of resources is key to achieving this.

In order to reach and maintain its full potential, the Christie Foundation requested Thought Leader Consultancy from Make IT Happen. In April 2022, we began working with the team to ascertain a clear picture of their existing IT architecture. We then made recommendations about what their future environment should look like and how best to get there.

The Process

As part of the two-week Thought Leader Consultancy, Make IT Happen carried out onsite and remote discovery of the Trust’s traditional End User Compute (EUC) management approach, talking to personnel across all departments to discover pain points and potential for improvement. Among other aspects, we inspected the Trust’s Active Directory structure, Organizational Unit (OU) structure, Group Policy Objects (GPO), System Centre Configuration Manager (SCCM) — now known as Microsoft Endpoint Configuration Manager (MECM) — processes, Application portfolio, device types and procedures for patching and testing. This allowed us to fully understand the “As-Is” environment before developing strategies for improvement.

Matt Keetch, Make IT Happen’s CEO and technical director, explains that the team looked at the Trust’s processes “from cradle to grave,” from equipment being ordered to devices and software being delivered to employees. “It’s a way of making sure these people, who are very busy and up against things from both an operational and financial aspect, are doing things as efficiently as possible and not spending more than they need,” he says.

Problems Identified

Although the Trust’s traditional EUC system was technically functional and indeed some aspects were being very well managed, we found an urgent need for some thorough housekeeping and upgrades. Christie NHS Trust had been using MECM for all their most important IT activities, including:

Secure and scalable deployment of operating systems, applications and software updates.
Real-time actions on managed devices.
Compliance settings management.
Management of all device types.
The running of the Software Center, where staff could request and install the software assigned to them.

This traditional system was very mandraulic, requiring IT to manually set up tasks and configure settings for every device type and every type of user. The way the system was configured was unintuitive, inefficient and unsafe. For example, every single app and its accompanying patches and updates were deployed to every user. This resulted in a huge overhead cost and unnecessary security risks. During the Thought Leader Consultation, Make IT Happen discovered more than 70 device types and more than 5,000 individual devices were being managed by the MECM and therefore the IT team. “The maintenance of that many devices is at best onerous, at worst, unachievable,” says Keetch.

We also found an excessive amount of Organisation Units (OU) and GPOs, which had grown organically over the years and had begun to get unmanageable. There were more than 9,300 users and user groups in MECM and many OUs that were clearly artifacts and duplicates, and more-than 5,000 Group Policies. This resulted in a highly confusing and vulnerable architecture.

The system of requesting devices from IT, was through attending the tech bar and having the technical team check all the software and settings were in place for the individual user was also time consuming and inefficient.

And with multiple systems requiring unique and strong passwords, a typical IT staff member was tasked with remembering more than 25 passwords.

Recommendations

After the two-week Thought Leader Consultation, Make IT Happen made a number of recommendations to the Christie Trust on how they could appropriately configure, manage and maintain their OUs and GPOs and future-proof their system with the latest best-in-class solutions. We presented our findings on the optimisations that could be made across the As-Is environment while demonstrating the feasibility, timeline and effort required to adopt a gold-standard modern managed solution.

Here is a selection of our recommendations:

First and foremost, we recommended a move to a co-managed solution using Microsoft Endpoint Manager (MEM) and Microsoft Endpoint Configuration Manager (MECM) in order to provide a unified solution for managing all of the Trust’s devices, users and policies.
Hospital staff should only receive the apps they need according to their pre-set personas. “The Trust needs to get a grip of its software asset management, especially these days with the increased potential of cyber attack,” says Keetch. “The NHS is under a lot of pressure and just focused on keeping the lights on. When you’re deploying applications to everyone, everyone is exposed to the same risks.”
We recommended using Microsoft Autopilot to streamline the way devices are handed off to staff.
To solve the Trust’s password problems, Make IT Happen recommended Windows Hello for Business, which uses hardware encryption with a GDPR-compliant use of biometric data to completely do away with passwords. With a shift from local applications to SaaS cloud apps and the increased need for staff to work remotely, such a set up, in our opinion, is a must-have instead of a nicety.

Impact

Although most of our recommendations are still waiting to be dovetailed into the Trust’s business case for approval from the higher ups, the IT team has seen how they can transform into a future state in six months’ time. They now know exactly what they have, what they need to do and how to get there.

The immediate and future impacts include:

6158 installed apps have been reduced to 206 of the latest and most needed versions. Streamlining and properly deploying apps based on their need has removed the Trust’s huge overhead cost and reduced the security risk. “If people are moving from one operating system across to another, not rationalising and optimising your application portfolio is akin to moving house and leaving 100 boxes up in your loft,” says Keetch. “Do you really want to move all those boxes to you new house and never look at them again?”
A move to Modern Management would bring together MECM, Azure AD and MEM (Intune) into a modern managed solution with cloud capabilities, without the need for a costly and complex migration. This would allow the Trust’s entire system to be viewed and managed within a single screen
With Microsoft Autopilot, devices could be delivered to anyone, anywhere, with the right apps, settings and configurations automatically deployed. This could help reduced the IT team from six to two people, freeing up personnel in a massively resource restrained environment.
Windows Hello for Business will eliminate the cost of password resets (£60 per person) and the risk of password-related security breaches.
After the work is complete, staff will be able to run all systems remotely whenever they need.

“From a cost and an operational perspective, the work will reduce pressure on IT support and massively increase convenience for doctors and nurses,” says Keetch. “If they’re dealing with IT problems, they’re not taking care of their patients, so from the hospital’s perspective, that’s the biggest win.”