Wie In-Common Laboratories mit einer integrierten Kaseya-Lösung die IT-Sicherheit, Compliance und Effizienz im Gesundheitswesen gestärkt hat

Case study highlights

• Consolidated more than six standalone IT and security tools into one integrated Kaseya platform, streamlining monitoring, ticketing, backup, compliance and security operations.  

• Enabled a four-person IT team to efficiently support a 100-person healthcare organization through automated monitoring, ticket creation and incident prioritization.  

• Maintained ISO 27001 and SOC 2 Type 2 compliance while conducting monthly internal, external and endpoint security testing — 12x more frequently than annual audit requirements.  

• Automated backup validation and recovery with layered on-premises and cloud protection, replacing manual Excel-based tracking with verified restore testing and audit-ready reporting.  

• Strengthened cyber resilience with 24/7 SOC monitoring, using RocketCyber and SaaS Alerts to detect and contain suspicious activity before it could impact operations.  

Replacing disconnected tools with one unified platform 

In-Common Laboratories (ICL) has spent nearly six decades supporting healthcare organizations across Canada. 

The organization serves healthcare providers in one of the most highly regulated industries in the country. When Karanjkar joined the organization six years ago, the IT environment relied heavily on disconnected systems and one-off tools. 

“We had a standalone ticketing tool. We had a standalone endpoint management tool. We had a standalone antivirus,” he explained. 

That fragmented approach created operational inefficiencies and increased the effort needed to manage the environment. “Each tool is designed to do a specific thing,” Karanjkar said. “The idea was to get rid of those standalone tools and get a suite of applications, which would be integrated and could do the job 24/7 while we’re not watching and at a good cost.” 

ICL ultimately standardized on the Kaseya stack, consolidating endpoint management, monitoring, ticketing, backup, ransomware protection, compliance monitoring and security operations into a unified platform. 

The operational impact was immediate. 

“Kaseya 365 Ops helps my team to monitor the system, application users, endpoints,” Karanjkar explained. “At the same time, it creates tickets automatically and [helps us] be more efficient in terms of not just monitoring, but also logging, tracking and resolving [issues].” 

Instead of manually sorting through alerts and troubleshooting incidents across disconnected tools, the platform now automates much of the operational workflow. 

“There are a lot of alerts that keep coming, which are automatically logged as a ticket into Autotask,” he said. “The ticket is assigned the right priority based on the alert that came through.” For ICL’s lean IT organization, those efficiencies have become critical. 

“Managing a one-hundred-person company with just a four-person team is not an easy task,” Karanjkar explained. The integrated platform now allows the team to spend less time manually monitoring systems and more time supporting strategic initiatives. 

“It gives us a lot of time back to work on better things, to add more services to the team as a whole,” he said. 

Strengthening healthcare security and compliance 

As a healthcare organization handling sensitive patient information, security and compliance are foundational priorities for ICL. 

“Being in the healthcare industry and dealing with a lot of patient health information, it is very important that the data remains within the system, within the organization,” Karanjkar explained. 

To support strict regulatory requirements, “we are fully on prem. We are not on cloud,” he said. 

ICL has also achieved some of the industry’s most demanding security certifications. “I think [we are] the only Canadian company in healthcare and not-for-profit that is both ISO 27001 certified and SOC 2 Type 2 certified,” Karanjkar said. 

To maintain those certifications, the company runs extensive ongoing penetration testing. That includes external testing, internal testing and endpoint testing across the organization’s infrastructure. 

“We run an external test. We run an internal test. We run a test on all the IPs internally,” Karanjkar said. The organization performs all three monthly — far exceeding standard audit expectations. And they do it without disrupting daily operations. 

“The requirement is you have to do it at least once a year,” he explained. “And then we said we do it every month. And they were surprised.” 

The automated reporting capabilities built into the Kaseya stack also dramatically simplified compliance management. “We have the monthly reports,” Karanjkar said. The auditors “were simply amazed.” 

ICL also consolidated its security stack around Kaseya technologies including endpoint backup, SaaS Alerts, RocketCyber, ransomware protection, antivirus, endpoint monitoring and zero-trust security capabilities. 

And because it’s all Kaseya, it’s always on the cutting edge. “One good thing is when you subscribe to this suite… anything new that comes is automatically added to us,” he explained. 

That ongoing innovation allows ICL to continuously modernize its security posture without constantly evaluating and purchasing separate products. 

Improving cyber resilience with automated backup and recovery 

For healthcare organizations, data protection and recoverability are essential operational requirements. ICL uses the Kaseya backup stack to protect endpoints, servers, mailboxes and shared data. They also cover all their Microsoft 365 mailboxes with Spanning, which has indefinite retention and backups. 

Server backups follow a layered protection strategy. 

“The first backup happens in an appliance within the data center, which is on prem,” Karanjkar explained. “And the second copy of the backup goes to the cloud, where it’s retained for a longer time.” 

The organization also automated backup testing and verification, which is a major compliance requirement in healthcare. 

“After getting the Unitrends backup solution, we are not just able to back it up, but we are able to restore the backup virtually, automatically test the sanity of the data, and we get a report every time we do the restore,” he said. 

Those automated restore reports have become invaluable during security audits. 

“Any auditor… would want to know, how are you backing up the data?” Karanjkar explained. “Can you restore it and can you use it?” 

And ICL can confidently answer those questions with automated evidence. “We get these assurances and a report proves it at the end of the month,” he said. 

Before implementing Kaseya’s backup platform, the process was highly manual. “We were actually maintaining Excel sheets to keep track of the backups,” Karanjkar explained. Now monitoring and reporting are fully automated. 

24/7 security monitoring without burnout 

One of the biggest organizational changes for ICL has been reducing the operational burden on its small IT team. 

“We work 9 to 5,” Karanjkar explained. “There is nobody to actually monitor the alerts” after hours.  

Today, SaaS Alerts and RocketCyber continuously monitor the environment 24/7. That monitoring recently helped prevent a potentially serious account compromise. 

“On a Saturday afternoon, we get an email from SaaS Alerts about a suspicious login attempt from a user,” Karanjkar recalled. Shortly afterward, the RocketCyber team escalated the incident directly. 

“I get a call from the RocketCyber team saying we got an alert,” he explained. “We see that the user is logging in from Cyprus.” 

Because all company operations are based in Canada, the login immediately raised concerns. 

“We don’t have users traveling to Cyprus,” Karanjkar said. “So, this was definitely a red flag.” 

The team quickly confirmed the login attempt was successful and immediately contained the incident and avoided further damage. The incident demonstrated the value of intelligent, behavior-based threat monitoring. 

“One more good thing about alerts is it analyzes the pattern,” Karanjkar said. “Where are the users logging in from? What time of the day are they logging in from?” 

That behavioral analysis allows RocketCyber to identify suspicious activity and prioritize truly critical alerts. So even if no one is working, there’s always eyes out for trouble. 

“For critical alerts, we get the call or the alert from the RocketCyber team who are monitoring 24/7,” he said. The result is stronger protection without requiring employees to constantly remain on call. 

“It helps the company because now we have less people working after hours,” Karanjkar explained. And this has all led to a better quality of life for their employees.  

Scaling securely for the future 

As In-Common Laboratories continues expanding, the organization sees the Kaseya platform as a critical part of its long-term growth strategy. “Our company is expanding,” Karanjkar said. “We are adding more endpoints. We are adding more servers. We are adding more storage.”  

Rather than adding operational complexity, ICL plans to scale using the same integrated platform. “I am going to scale up the existing tools,” he explained. “We will add more licenses to cover more endpoints, to cover more backup servers, and to do more automation.” 

Automation through Datto RMM and Kaseya 365 will continue reducing manual IT effort as the environment grows. “That is going to make life super easy once we are into that expansion mode,” Karanjkar said. 

For organizations in highly regulated industries like healthcare, Karanjkar believes integrated platforms and strong vendor partnerships are essential. 

“I will definitely recommend [my peers] explore and use Kaseya,” he said. Especially because of Kaseya’s Canadian data residency support. 

“Kaseya gives me an assurance that any data on the cloud is hosted on the Canadian soil,” Karanjkar explained. “This is a big plus point from compliance point of view.” 

Ultimately, the organization now operates with stronger security, improved compliance, better automation and a significantly more efficient IT operation. 

“It gives you a lot of confidence in terms of the quality of work, the quality of monitoring, alerts, patching, antivirus, zero trust,” Karanjkar said.  

Ready to see how Kaseya can transform your business? Set up a demo today.