A major concern for hospitals is the security and accessibility of their computers, applications and data. Clinicians often share a common user name and password with several of their peers in an area of the hospital in order to make it easy for them to sign on the computer and not have to waste time switching users. With several users logged in together, it is impossible for the hospital to track what each individual user is doing in the system to construct an audit trail. Recently, HIPAA reviewed these practices and recommended changes to improve the security risks. They no longer want user names and passwords to be shared and instead want each user to be identified in the system.
The most practical solution to this problem is the use of a Single Sign On product. Single Sign On would allow each user to sign into the system once and thereafter be automatically logged into each of their applications on the computer without having to enter additional credentials. Results from a Single Sign On pilot in the healthcare market revealed some concerns though with Single Sign On. Their concern was that the e-mail applications of the users might be available to others. The users voiced concerns that they felt very protective over their e-mail and wanted to make sure that no one is viewing their personal information.
This concern could be easily alleviated though with Two-factor Authentication. Two-factor Authentication would ask users to present two forms of identification (pass card, pin code, USB token, etc.) in order to access the workstation which would ensure security of their e-mail accounts. The conjunction of Single Sign On and Two-factor identification solves the HIPAA problem of security while also addressing the users concerns of privacy of their email accounts. The Two-factor Authentication also allows for fast user switching thereby reducing time spent by clinicians waiting on their profile to load.
More information on Single Sign On and Two-factor Authentication on our website.
Tuesday, October 18, 2011
Wednesday, October 5, 2011
Identity Management Metrics
A recent article in PC WORLD, identified ten important metrics that are critical to success if any IDM project. I would like to take a look at a few of these items and expound upon how Tools4ever can provide software and services to provide a clear and concise implementation that will lead to a quick ROI.
Monthly Password Reset Volume – The article points to this as an indicator of password policy effectiveness. Too few resets requests might mean users are using simple passwords or writing them down on sticky notes. Too many requests could indicate the complexity standards are very stringent and users are having difficulty remembering their passwords
Number of Credentials per User – A recent Tools4ever survey uncovered the average user has 10-12 separate, distinct sets of credentials and the article reiterated this fact. Once again, the large number of credential can lead to a large number of calls to the help desk and sticky notes with user name and passwords on the monitor.
Average time to provision or de-provision a User - No one wants a new employee to sit idly for days waiting on network and email access. Even worse, a terminated employee should not have access to anything once they have left the building. Too often the information flow from HR to IT is slow or non-existent in both of these scenarios leading to a loss of productivity or a potential security breach.
The article has many other great discussion topics and is a quick, informative read.
To learn more about Toosl4ever solutions for Identity and Password Management, please visit our website.
Monthly Password Reset Volume – The article points to this as an indicator of password policy effectiveness. Too few resets requests might mean users are using simple passwords or writing them down on sticky notes. Too many requests could indicate the complexity standards are very stringent and users are having difficulty remembering their passwords
- Solution – Self Service Reset Password Manager (SSRPM) – allows companies to enforce complex passwords without inundating the help desk with user reset or unlock requests. The product can be deployed in an average organization in less than one day and the ROI is typically a few months.
Number of Credentials per User – A recent Tools4ever survey uncovered the average user has 10-12 separate, distinct sets of credentials and the article reiterated this fact. Once again, the large number of credential can lead to a large number of calls to the help desk and sticky notes with user name and passwords on the monitor.
- Solution – Enterprise Single Sign On Manager (E-SSOM) from Tools4ever provides a cost efficient method to reduce he number of credentials to one – the AD username and password. This product is easily deployed by Tools4ever consultants in a few hours to a few days – depending on the number of applications. Two factor or strong authentication via biometrics or smart cards eliminated the normal security concerns with SSO implementations.
Average time to provision or de-provision a User - No one wants a new employee to sit idly for days waiting on network and email access. Even worse, a terminated employee should not have access to anything once they have left the building. Too often the information flow from HR to IT is slow or non-existent in both of these scenarios leading to a loss of productivity or a potential security breach.
- Solution – User Management Resource Administrator (UMRA) allows companies to implement a closed loop process that encompasses creation, modification and deletion of user accounts. A common scenario is to synchronize Active Directory with the authoritative data source, typically the HR system, to insure the correct account status and security rights are always present. We forms are easily deployed to handle non-employees such as consultants, volunteers and contractors.
The article has many other great discussion topics and is a quick, informative read.
To learn more about Toosl4ever solutions for Identity and Password Management, please visit our website.
Subscribe to:
Posts (Atom)