NHS Blood and Transplant Privileged Access Security Case Study

This case study outlines the security challenges faced by NHS Blood and Transplant (NHSBT) in protecting privileged access and legacy infrastructure while maintaining critical patient services. It details the organization's struggle with enforcing multi-factor authentication (MFA) for domain administrators in Active Directory, as well as the lack of visibility into service accounts, which created security gaps. The document explains how NHSBT partnered with Silverfort to implement a solution that enforced MFA across all privileged access and provided visibility into service accounts. The case study highlights the successful deployment of Silverfort's identity security platform, which allowed NHSBT to secure remote desktop protocol access and comply with the NHS Data Security Protection Toolkit and Cyber Assessment Framework. It also discusses the ongoing efforts to clean up service accounts and the future plans for implementing advanced identity controls, including risk-based access policies and biometric authentication.