Territorial Fund of Compulsory Health Insurance (TFCHI) of Primorsky Krai (VGate)

The territorial fund of compulsory health insurance of Primorsky Krai, according to regulations on fund, maintains a regional register of the insured population in the territory of Primorsky Krai. In the register for January 1, 2012 about 2 million updated records about the insured citizens are recorded. Besides, the compulsory health insurance territorial fund monthly collects data on all cases of a citizens' appeal behind medical care in the territory of Primorsky Krai, including personal data insured, the diagnosis, terms and results of treatment, the carried-out procedures and costs of medicines. All this array updated daily requires the most maximum level of information protection.

The task to provide protection of information arrays of personal data of the insured citizens exploited in Fund for a class of information security K1 in 2011 was set for IT specialists and the staff of department of information security Fonda.

The main work on design of secure system of personal data processing and its practical deployment was executed by Ignatenko A.A., the employee of TFCMI of Primorsky Krai who is the highly qualified specialist in the field of automated systems of security for cloud computing.

At accomplishment of these works the following mandatory requirements were imposed:

• all system in general which is referred to as with "secure system of personal data processing" (ZSOPDN) entirely should be under construction on virtual infrastructure based on technology of VMware;
• the security system and control of perimeter should not hinder daily activity of the staff of Fund who are actively working with information bases of personal data;
• a system should have Internet access using secure channels of communication with the remote protected periphery and the federal centers of personal data processing;
• a system should be based on the principle of complete isolation of the environment of personal data processing for external and internal influences;
• personal data cannot be output out of circuit limits at all stages of their processing.

For accomplishment of problems of protection of processing system of personal data the products vGate and Secret Net 6.5 developments of Code of Security company were selected.

Project implementation on deployment of software of vGate was enabled on a newly created resource in the form of the isolated hardware platform and the virtual infrastructure unrolled on this platform based on technology of VMware.

Communication with the protected segment is performed through the hardware terminal client providing two-factor access control on the protected Wednesday of the center of personal data processing.

The head of department of the automated information processing of GU of TFCMI of the PC of Vorobey P. B. noted that as a result of deployment of the software solution vGate for protection of virtual infrastructure of the center of personal data processing the following tasks were solved:

• personal data protection, stored and processed in virtual environment (ZSOPDN) from leaks via the channels specific to virtual infrastructure is provided (control of virtual devices, ensuring integrity and a trusted boot of virtual machines and access control to elements of virtual infrastructure);
• separation of objects of virtual infrastructure into logical groups and spheres of administration using functions of mandatory and role access control is implemented;
• control over changes of security settings on the basis of the approved corporate security policies is set;
• it is configured and started in work of an automated workplace of the system administrator of security;
• registration of access attempts in infrastructure, also a possibility of creation of status reports on virtual infrastructure and control of integrity of perimeter is implemented;
• work with personal data in GU of TFCMI of the PC is brought into accord with requirements of the legislation of the Russian Federation in the field of data protection.

In 2012 in work 15 protected jobs of Fund are used. In these workplaces the network version of the software solution Secret Net of development of Code of Security company is unrolled. Within a year connection to ZSOPDN 18 jobs of branches of Fund in the cities of Primorsky Krai is planned. Expansion of hardware platform ZSOPDN with additional implementation of the vGate software product is also planned. Further development ZSOPDN with connection to a system via secure channels of communication about 60 protected jobs in medical insurance companies of Primorsky Krai and about 100 jobs in the medical organizations is provided.