In emergency care settings, clinicians need to act quickly to treat their patients. However, the login processes at hospitals and healthcare organizations can often cause delays with the service that they need to provide their patients.
Many healthcare organizations want to ensure the security of their systems and applications, but this often has a negative impact on the care they give their patients and can also lead to “death by clicking,” where precious moments are lost because of inefficient login processes and procedures. Clinicians need to quickly access the patients’ medical records including their history, dosages, medications, etc. to properly treat the patient. Every second that is lost could have been used in caring for the patient.
Something as simple as logging in to the computer and applications can become an issue and a major consumption of time, especially when it needs to be done multiple times or into multiple applications. This situation can be made even worse if physicians, nurses and other caregivers forget their passwords since they often have to remember several sets of credentials, and become locked out of the network. Though health records need to be kept secure, patient care should not suffer in the process.
Simplifying access to important systems, like patient health records, can save anywhere from a few seconds to several minutes each day, which is time that could be spent caring for patients. Quick access to a patient’s health record allows caregivers to make decisions about what kind of treatment options and medications to pursue. Clinicians often have to check several different systems and records in multiple environments to make these decisions. With a single sign-on solution, employees not only improve their workflow, documentation and security is also improved since the software records all user activities. This allows the healthcare organization to easily see what each employee is doing on the network.
Healthcare organizations need to reduce the headache associated with password issues and increase efficiency for clinicians so that they can provide a better experience for their patients. Simple solutions, such as single sign-on software, can easily mitigate these issues and are a necessity for reducing the time wasted on the login process. By not implementing an SSO solution, healthcare organizations are knowingly wasting precious time which can easily be reduced.
A single sign-on solution allows clinicians to have a single set of credentials to log on to a computer or workstation. Once they log in one time, they are automatically signed into all authorized systems and applications when they are launched.
SSO eliminates major hassles for clinicians and allows them to focus on their key priority, the patients.
The Rivierenland Hospital was one such medical facility that improved its efficiency with an SSO solution. The hospital’s clinicians indicated their frustration at having to remember too many log-in credentials and the time that it took them to log in before assisting each patient. An SSO solution was implemented allowing clinicians to swipe their card near the card reader and enter a PIN to access all of the applications and systems they need without having to remember and enter long passwords.
The solution supports a variety of applications, such as the healthcare solutions Soarian (Siemens), X/Care (McKesson), Patient Data Management System (PDMS) and the Zamicom hospital pharmacy information system, so that separate passwords don’t have to be entered for each.
“We have received compliments from various departments, including the usually highly-critical Intensive Care department. This is an extremely user-friendly solution,” said Jos Meeuwsen, the hospital’s system administrator.
Healthcare organizations are sometimes hesitant to implement an SSO solution because of the misconceptions they have, believing that SSO can hinder security, or that an implementation will be expansive or drawn out.
IT managers assume that if an unauthorized person gets hold of that single log in credential, that person will have access to all the account’s associated applications. Though this does appear to constitute a risk, the log-in process is actually streamlined for the user. Having to remember just one password essentially does away with the risk that the users will scribble passwords on a piece of paper and squirrel them away under their keyboard. If they still feel strongly about it being a security risk, SSO can offer additional security with two-factor authentication. This allows clinicians to swipe or place their card on the card reader in addition to entering a unique PIN. This process ensures that the user needs something physical, the card, and something from memory, the PIN, to access the network. Additionally, a second pass of the card, or removal from the reader, closes all applications and logs the user of the computer.
In regard to the implementation being an expensive and a drawn-out process, the nice thing about an SSO solution is that it’s often not necessary to set it up for all the people in an organization. In a hospital, for instance, SSO is only needed for a select group of people. The advice here is to restrict SSO to the most critical applications and the people who have to log in to a variety of different applications or from multiple locations. The implementation will then be easy to control in terms of price and complexity. This offers an excellent springboard for any further growth and expansion in accordance with changing future needs.
In addition to reducing the amount of time it takes to log in, SSO also has additional benefits. It can easily assist with audits by providing a detailed log of each user who has logged in and what they did on the network. It can also help healthcare organizations easily switch from shared workstations to individual account logins, which is required by HIPPA. Instead of eliminating the shared workstations and giving clinician’s credentials to the systems and applications, SSO easily transitions them to their own single set of credentials. Additionally, many vendors offer a “follow me” feature. This option allows users who have opened applications on Citrix and/or Terminal Server to continue their work on another computer.
An SSO solution along with the many features offered can result in a drastic time savings, particularly in the case of specialists who make their rounds amongst several departments or floors.
Implementing SSO is an easy process, and the solution integrates with almost all applications, including cloud applications. Once up and running, SSO provides the healthcare organization long-lasting benefits including increasing the care that patients receive and eliminates a great deal of wasted time.
For more information, please visit our website.
Thursday, October 24, 2013
Thursday, October 17, 2013
A recent succes story in the banking industry.
Needham Bank, located in Massachusetts, is a private bank providing
high quality services through its five locations. The bank has had a
rich history within the area since 1892 and prides itself on
personalized service and deep community involvement.
Recently, Needham Bank began expanding and has grown to a staff of over 170. As the bank grew in size so did the issues that its employees were having with passwords. End users at the bank need access to several different systems and applications in order to properly assist customers. “End users became frustrated at the number of disparate passwords they had, and the frequency they would have to enter the user names and passwords,” commented James Gordon, First Vice President of Information Technology at Needham Bank. It was also frustrating when employees had to halt what they were doing and contact the help desk to reset their password if they were locked out.
Customers also became frustrated, as they had to wait for bank employees to sign into each application separately, which was time consuming. It also led to security issues due to employees keeping a ‘password sheet’ with each set of their credentials written down in order to remember them. Additionally, IT was frustrated at the amount of password reset calls they were receiving. On average they had to perform around 10-20 password resets a day, which became tedious and took time away from other projects they needed to focus on.
Due to the success experienced with SSRPM, Needham then decided to implement E-SSOM to further mitigate their password issues. “We had already used SSRPM and over the years it worked flawlessly. We expected the same from E-SSOM,” said Gordon.
E-SSOM now allows employees to log in with a single user name and password, and thereafter gain access to all systems and applications for which they have authorization, drastically reducing the login time.
Overall, E-SSOM and SSRPM have allowed employees at the bank to focus more on their customers and less on their password issues. “I now view E-SSOM and SSRPM an irreplaceable part of our network infrastructure and core to how the business will operate moving forward,” said Gordon.
For more information, please visit our website.
Recently, Needham Bank began expanding and has grown to a staff of over 170. As the bank grew in size so did the issues that its employees were having with passwords. End users at the bank need access to several different systems and applications in order to properly assist customers. “End users became frustrated at the number of disparate passwords they had, and the frequency they would have to enter the user names and passwords,” commented James Gordon, First Vice President of Information Technology at Needham Bank. It was also frustrating when employees had to halt what they were doing and contact the help desk to reset their password if they were locked out.
Customers also became frustrated, as they had to wait for bank employees to sign into each application separately, which was time consuming. It also led to security issues due to employees keeping a ‘password sheet’ with each set of their credentials written down in order to remember them. Additionally, IT was frustrated at the amount of password reset calls they were receiving. On average they had to perform around 10-20 password resets a day, which became tedious and took time away from other projects they needed to focus on.
Drastic Reduction in Password Related Issues
Needham first implemented Tools4ever’s Self Service Reset Password Management (SSRPM) to allow employees to reset their own passwords without having to contact the helpdesk. They simply answer several security questions, which they previously provided answers for during initial enrollment, and are able to securely reset their own passwords. This drastically reduced the amount of password related calls the help desk received and allowed employees to quickly complete the process and continue with their work.Due to the success experienced with SSRPM, Needham then decided to implement E-SSOM to further mitigate their password issues. “We had already used SSRPM and over the years it worked flawlessly. We expected the same from E-SSOM,” said Gordon.
Customization
During the implementation of E-SSOM, Tools4ever worked with Needham Bank to ensure that the solution worked with all of their unique applications. Many of the applications in place run on various codebases and include web applications, java-based applications, legacy Windows applications and many more. “Tools4ever was with us through the entire process, making sure to get it right, and tweaking E-SSOM along the way to fine tune it in our environment,” commented Gordon.E-SSOM now allows employees to log in with a single user name and password, and thereafter gain access to all systems and applications for which they have authorization, drastically reducing the login time.
Improvement in Customer Service
With a single set of credentials, employees no longer have to write down their passwords in order to remember them, which has resulted in greatly improved security. E-SSOM has also augmented customer service at Needham Bank, by allowing employees to avoid signing into multiple applications. In addition, if employees do need to reset their passwords, they are able to quickly do it themselves and continue assisting customers. “Employees are able to focus on the customer rather than on their computer,” said Gordon.Overall, E-SSOM and SSRPM have allowed employees at the bank to focus more on their customers and less on their password issues. “I now view E-SSOM and SSRPM an irreplaceable part of our network infrastructure and core to how the business will operate moving forward,” said Gordon.
For more information, please visit our website.
Thursday, October 10, 2013
Strengthen Organizational Security Without Breaking the Bank
As leaders within all types of organizations grow more concerned with the security of their networks, they increasingly turn to enhanced security and access processes over the “normal,” more traditional approaches to user name and password authentication methods.
Two-factor authentication (also known as TFA, T-FA or 2FA) is an approach to authentication that requires the presentation of at least two of the three main authentication factors. For example, a knowledge factor (something specific to the user, such as a password or childhood memory), a possession factor (something the user has, such as a scan card), and an inherence factor (something the user is, such as a type of employee) are all forms of authentication factors.
The banking industry, for example, has used this concept for years with the ATM card. To gain access to your cash, you must have a physical card in hand as well as a personal identification number (PIN) to access your account.
Another example of this is found on laptop computers that manufacturers have built fingerprint readers into. The only way to access the information on the machines is by scanning an approved user’s fingerprint. The application adds a great deal of security and is perfect for industries like finance, healthcare, and even education.
The question for organization leaders seeking stronger authentication processes is this: how can two-factor authentication provide extra security to an organization while not requiring a large capital outlay?
There are two options that are becoming commonplace and ever more affordable:
Password Resets
The concept of using challenge questions like “What’s your mother maiden name”, or “Where were you born?” has been around for many years. Banking websites are the most common example of this concept. If you forget your password and successfully answer the challenge questions to reset your password, you gain access to your cash.
With the advent of smart phones and text messaging, many companies have already added a second factor—a one-time use PIN code delivered via email or SMS must be provided in addition to answers to security questions.
The first iterations of these solutions exclusively relied on the challenge questions to allow password resets. As social engineering concerns have come in to play, vendors have been quick to add 2FA to these solutions. The delivery of a PIN via text messaging to the user’s cell phone number on file insures the reset is being performed by the actual user.
Another benefit of these challenge questions is that they can be utilized by the helpdesk to positively identify a caller. When an employee phones the helpdesk requesting access to a new application or to be added to a shared or distribution group, the helpdesk can access the questions and masked answers. For example, the answer to “What color is your car?” could display as “X_XX_” and the caller would be asked to provide the second and fifth characters. If the correct characters are provided, it insures the caller’s identity. By masking the answers, the helpdesk employees are never exposed to the confidential answers.
A second factor of authentication—delivering a PIN to an email or via SMS—can further enhance a system’s security. Also, the number of questions and answers to be provided to the user can be dictated by company policy, allowing for the greatest level of security for any given organization.
Single Sign-on with Strong Authentication
Many technology leaders acknowledge the benefits associated with a Single Sign-On (SSO) solution—productivity gains reducing the number of required credentials from many to one and reducing calls to the helpdesk for forgotten passwords.
SSO software enables end-users to log in to their systems just once after which access is granted automatically to all of their authorized network applications and resources. SSO also operates as an extra software layer intercepting all log-in processes and completing the details automatically.
A common concern here is that if the one set of credentials is hacked, then access to all systems can be exposed. In this case, two-factor authentication can eliminate this perceived risk.
In a two-factor authentication scenario, the end user presents his ID badge (“something the user has”) to a card reader attached to the machine he is attempting to access and enters his credentials (“something the user has”) then as an extra layer of protection, enters a PIN code when accessing highly sensitive systems.
It is also feasible that the ID badge replaces the credentials and the PIN becomes the second factor.
Two-factor authentication is catching on rapidly in the business to consumer arena as functionality, such as self-password reset was originally implemented to reduce call volume and security of this functionality, has been strengthened in response to identity theft and social engineering. Use of secondary identification methods are now widely available to businesses interested in providing the same secure functionality to employees, and are much more affordable than in the past.
For more information, please visit our website.
For a case study on a recent implementation, click here.
Two-factor authentication (also known as TFA, T-FA or 2FA) is an approach to authentication that requires the presentation of at least two of the three main authentication factors. For example, a knowledge factor (something specific to the user, such as a password or childhood memory), a possession factor (something the user has, such as a scan card), and an inherence factor (something the user is, such as a type of employee) are all forms of authentication factors.
The banking industry, for example, has used this concept for years with the ATM card. To gain access to your cash, you must have a physical card in hand as well as a personal identification number (PIN) to access your account.
Another example of this is found on laptop computers that manufacturers have built fingerprint readers into. The only way to access the information on the machines is by scanning an approved user’s fingerprint. The application adds a great deal of security and is perfect for industries like finance, healthcare, and even education.
The question for organization leaders seeking stronger authentication processes is this: how can two-factor authentication provide extra security to an organization while not requiring a large capital outlay?
There are two options that are becoming commonplace and ever more affordable:
Password Resets
The concept of using challenge questions like “What’s your mother maiden name”, or “Where were you born?” has been around for many years. Banking websites are the most common example of this concept. If you forget your password and successfully answer the challenge questions to reset your password, you gain access to your cash.
With the advent of smart phones and text messaging, many companies have already added a second factor—a one-time use PIN code delivered via email or SMS must be provided in addition to answers to security questions.
The first iterations of these solutions exclusively relied on the challenge questions to allow password resets. As social engineering concerns have come in to play, vendors have been quick to add 2FA to these solutions. The delivery of a PIN via text messaging to the user’s cell phone number on file insures the reset is being performed by the actual user.
Another benefit of these challenge questions is that they can be utilized by the helpdesk to positively identify a caller. When an employee phones the helpdesk requesting access to a new application or to be added to a shared or distribution group, the helpdesk can access the questions and masked answers. For example, the answer to “What color is your car?” could display as “X_XX_” and the caller would be asked to provide the second and fifth characters. If the correct characters are provided, it insures the caller’s identity. By masking the answers, the helpdesk employees are never exposed to the confidential answers.
A second factor of authentication—delivering a PIN to an email or via SMS—can further enhance a system’s security. Also, the number of questions and answers to be provided to the user can be dictated by company policy, allowing for the greatest level of security for any given organization.
Single Sign-on with Strong Authentication
Many technology leaders acknowledge the benefits associated with a Single Sign-On (SSO) solution—productivity gains reducing the number of required credentials from many to one and reducing calls to the helpdesk for forgotten passwords.
SSO software enables end-users to log in to their systems just once after which access is granted automatically to all of their authorized network applications and resources. SSO also operates as an extra software layer intercepting all log-in processes and completing the details automatically.
A common concern here is that if the one set of credentials is hacked, then access to all systems can be exposed. In this case, two-factor authentication can eliminate this perceived risk.
In a two-factor authentication scenario, the end user presents his ID badge (“something the user has”) to a card reader attached to the machine he is attempting to access and enters his credentials (“something the user has”) then as an extra layer of protection, enters a PIN code when accessing highly sensitive systems.
It is also feasible that the ID badge replaces the credentials and the PIN becomes the second factor.
Two-factor authentication is catching on rapidly in the business to consumer arena as functionality, such as self-password reset was originally implemented to reduce call volume and security of this functionality, has been strengthened in response to identity theft and social engineering. Use of secondary identification methods are now widely available to businesses interested in providing the same secure functionality to employees, and are much more affordable than in the past.
For more information, please visit our website.
For a case study on a recent implementation, click here.
Thursday, September 19, 2013
Automated Identity and Access Management Tools Reduce Security Risks and Yield Savings for Organizations
In today’s technology filled world, the proliferation of user credentials, such as user names and passwords, has grown exponentially. As such, requirements for managing employee access requirements continue to evolve at an unprecedented pace.
As new solutions are put in place to protect a company’s data, the average employee is forced to remember more and more password and login combinations. For example, the typical employee must remember six sets of user credentials. At the same time, top executives within a firm may need to remember as many as 12 or more password and login credentials.
In many cases, the jumble of logins and access passwords becomes a bit of a mess for employees and the company to manage, not to mention the costs associated with loss of employee productivity and work time. The time spent digging for passwords might be considered inconsequential, but the opposite is often true.
Analyst firms Gartner and IDC have each reported that password-related calls from employees occupy between 25 percent and 40 percent of all inquiries to the helpdesk. As staggering as the amount of time spent manually resetting and managing employee accounts is, it may pale in comparison to the average cost of each call to the helpdesk, which typically ranges between $10 and $31 apiece.
On top of this, an employee that’s lost access to internal systems and programs typically loses 20 minutes of productive work time for each call placed to the helpdesk.
And the costs don’t stop there. Though more difficult to measure, there are risks associated with users, who are desperate to avoid the call to the helpdesk, when they write down credentials on pieces of paper and stick them to monitors or store them underneath keyboards, for example. Doing so creates a great deal of risk and exposes confidential company information to the outside world.
Mitigate the risk
Technologies exist from numerous vendors to significantly reduce the costs and risks associated with password management issues. Effective password reset applications have been around and utilized for several years. The best example of this can be found on a bank or financial institution’s website. For locked accounts, users must answer a series of challenge questions to gain access to their requested information.
For business looking to emulate these examples and do away with manual-, time- and cash-consuming processes, once the system is implemented with the self-service password reset tool, employees and end users enroll in it and going forward, if they ever lose their passwords they can simply reset them on their own whenever they need, without assistance from the IT staff or helpdesk.
Strengthening the security of self-service resets
There will forever be fear on the parts of some individuals who believe that by allowing a single sign on self-service password reset function, they are making it much easier for the security of their systems to be compromised. As you might imagine, there are simple solutions to addresses these concerns, too.
The best example may be two-factor authentication. Two-factor authentication can be accomplished by a user providing a one-time PIN code via SMS or an alternate email address. These password self-service applications typically eliminate up to 95 percent of password-related calls to the helpdesk.
Two factor-authentication can also be used to reduce password-related issues in single sign on applications. These products reduce the number of credentials required to access accounts and information from the previously mentioned log in credentials (ranging from six to 12) to one.
Perhaps the best case for this comes from a recent study by the Ponemon Institute, which found that employees spend on average nine-and-a-half minutes each day logging into the applications needed to perform their jobs.
Another recent survey by Tools4ever revealed that respondents overwhelmingly (67 percent of the sample) stated they spend too much time logging in and out of applications to access information, while 85 percent of respondents agreed that efficiencies would be created by using only one set of credentials.
The most common benefit of two-factor authentication is the reduction of the credentials being written down and stored on or near the desktop by employees, as previously mentioned. Another feature of two-factor authentication involves pairing it with biometrics or scan cards in conjunction with credentials and or a PIN code, which further increases the network security.
Also, as many applications require a password change because of time passage (for example, every three months users must update their passwords), a single sign on solution can anonymously reset the password so end users are never even aware of their passwords. This reduces the chance of a terminated employee gaining access to sensitive systems from home if his or her account is not revoked in a timely fashion.
In addition, as password management solutions mature with the market, prices of the solutions have continued to drop and the expediency with which an implementation can be executed is getting significantly shorter.
Self-service password reset solutions can be deployed in one or two days and provide an ROI in as little as one month. SSO solutions typically are deployed across one or two weeks and provide an ROI in as little as three months or less. ROIs for these solutions are typically based on hard dollar savings only and do not take into account soft dollar savings associated with the increase of security or decrease in associated risks of leaving sensitive systems potentially exposed, which is where the real long-term gains are made for those that implement the systems.
For more information, please visit our website.
As new solutions are put in place to protect a company’s data, the average employee is forced to remember more and more password and login combinations. For example, the typical employee must remember six sets of user credentials. At the same time, top executives within a firm may need to remember as many as 12 or more password and login credentials.
In many cases, the jumble of logins and access passwords becomes a bit of a mess for employees and the company to manage, not to mention the costs associated with loss of employee productivity and work time. The time spent digging for passwords might be considered inconsequential, but the opposite is often true.
Analyst firms Gartner and IDC have each reported that password-related calls from employees occupy between 25 percent and 40 percent of all inquiries to the helpdesk. As staggering as the amount of time spent manually resetting and managing employee accounts is, it may pale in comparison to the average cost of each call to the helpdesk, which typically ranges between $10 and $31 apiece.
On top of this, an employee that’s lost access to internal systems and programs typically loses 20 minutes of productive work time for each call placed to the helpdesk.
And the costs don’t stop there. Though more difficult to measure, there are risks associated with users, who are desperate to avoid the call to the helpdesk, when they write down credentials on pieces of paper and stick them to monitors or store them underneath keyboards, for example. Doing so creates a great deal of risk and exposes confidential company information to the outside world.
Mitigate the risk
Technologies exist from numerous vendors to significantly reduce the costs and risks associated with password management issues. Effective password reset applications have been around and utilized for several years. The best example of this can be found on a bank or financial institution’s website. For locked accounts, users must answer a series of challenge questions to gain access to their requested information.
For business looking to emulate these examples and do away with manual-, time- and cash-consuming processes, once the system is implemented with the self-service password reset tool, employees and end users enroll in it and going forward, if they ever lose their passwords they can simply reset them on their own whenever they need, without assistance from the IT staff or helpdesk.
Strengthening the security of self-service resets
There will forever be fear on the parts of some individuals who believe that by allowing a single sign on self-service password reset function, they are making it much easier for the security of their systems to be compromised. As you might imagine, there are simple solutions to addresses these concerns, too.
The best example may be two-factor authentication. Two-factor authentication can be accomplished by a user providing a one-time PIN code via SMS or an alternate email address. These password self-service applications typically eliminate up to 95 percent of password-related calls to the helpdesk.
Two factor-authentication can also be used to reduce password-related issues in single sign on applications. These products reduce the number of credentials required to access accounts and information from the previously mentioned log in credentials (ranging from six to 12) to one.
Perhaps the best case for this comes from a recent study by the Ponemon Institute, which found that employees spend on average nine-and-a-half minutes each day logging into the applications needed to perform their jobs.
Another recent survey by Tools4ever revealed that respondents overwhelmingly (67 percent of the sample) stated they spend too much time logging in and out of applications to access information, while 85 percent of respondents agreed that efficiencies would be created by using only one set of credentials.
The most common benefit of two-factor authentication is the reduction of the credentials being written down and stored on or near the desktop by employees, as previously mentioned. Another feature of two-factor authentication involves pairing it with biometrics or scan cards in conjunction with credentials and or a PIN code, which further increases the network security.
Also, as many applications require a password change because of time passage (for example, every three months users must update their passwords), a single sign on solution can anonymously reset the password so end users are never even aware of their passwords. This reduces the chance of a terminated employee gaining access to sensitive systems from home if his or her account is not revoked in a timely fashion.
In addition, as password management solutions mature with the market, prices of the solutions have continued to drop and the expediency with which an implementation can be executed is getting significantly shorter.
Self-service password reset solutions can be deployed in one or two days and provide an ROI in as little as one month. SSO solutions typically are deployed across one or two weeks and provide an ROI in as little as three months or less. ROIs for these solutions are typically based on hard dollar savings only and do not take into account soft dollar savings associated with the increase of security or decrease in associated risks of leaving sensitive systems potentially exposed, which is where the real long-term gains are made for those that implement the systems.
For more information, please visit our website.
Thursday, September 12, 2013
Healthcare SSO - Avoid Threats to Level of Care Patients Receive
It is extremely important that in emergency care settings clinicians act quickly to treat their patients. However, the login processes at hospitals and healthcare organizations can often hinder the speed at which clinicians can provide care to their patients.
Clinicians need quick access the patient’s medical history, dosages, medications, etc. to offer the proper care and every second that is lost could have been used for critically needed treatment. While all healthcare organizations need to ensure the security of their systems and applications, this can have a negative impact on the treatment of their patients and can result in time being lost because of inefficient login processes and procedures.
Something as simple as simplifying access to important systems, like patient health records, can save anywhere from a few seconds to several minutes each day, which is time gained caring for patients. By giving clinicians quick access to a patient’s health record, caregivers can make quicker decisions about what kind of treatment options and medications to pursue. Clinicians often have to check several different systems and records in multiple environments to make these decisions. With a single sign-on (SSO) solution, employees not only improve workflow, documentation and security is also improved since the software records all user activities. This also allows the healthcare organization to easily see what each employee is doing on the network.
A single sign-on solution allows clinicians to have a single set of credentials to log on to a computer or workstation. Once they log in one time, they are automatically signed into all authorized systems and applications when they are launched. SSO eliminates major hassles for clinicians and allows them to focus on their key priority, the patients.
The Rivierenland Hospital was one hospital that was able to improve efficiency with an SSO solution. The hospital’s clinicians indicated their frustration at having to remember too many log-in credentials and the time that it took them to log in before assisting each patient. To mitigate these issues an SSO solution was implemented allowing clinicians to swipe their card near the card reader and enter a PIN to access all of the applications and systems they need without having to remember and enter long passwords.
In response to the implementation of SSO, Jos Meeuwsen, the hospital’s system administrator said, “We have received compliments from various departments, including the usually highly-critical Intensive Care department. This is an extremely user-friendly solution.”
There are many reasons why healthcare organizations are hesitant to implement an SSO solution. They believe that SSO can hinder security, or that an implementation will be expansive or drawn out. IT managers assume that if an unauthorized person gets hold of that single log in credential, that person will have access to all the account’s associated applications. Though this does appear to constitute a risk, the log-in process is actually streamlined for the user. Having to remember just one password essentially does away with the risk that the users will scribble passwords on a piece of paper and store them under their keyboard.
If they still feel strongly about it being a security risk, SSO can offer additional security with two-factor authentication. This allows clinicians to swipe or place their card on the card reader in addition to entering a unique PIN. This process ensures that the user needs something physical, the card and something from memory, the PIN, to access the network. In addition, a second pass of the card, or removal from the reader, closes all applications and logs the user of the computer.
In regard to the implementation of SSO being an expensive and a drawn-out process, the nice thing is that it’s often not necessary to set it up for all the people in an organization. For example, in a hospital, SSO is only needed for a select group of people. The advice here is to restrict SSO to the most critical applications and the people who have to log in to a variety of different applications or from multiple locations. The implementation will then be easy to control in terms of price and complexity. This offers an excellent springboard for any further growth and expansion in accordance with changing future needs.
SSO also has additional benefits in addition to reducing the amount of time it takes to log in. The solution can easily assist with audits by providing a detailed log of each user who has logged in and what they did on the network. SSO can also help healthcare organizations easily switch from shared workstations to individual account logins, which is required by HIPPA. Instead of eliminating the shared workstations and giving clinician’s credentials to the systems and applications, SSO easily transitions them to their own single set of credentials. Many vendors also offer a “follow me” feature. This option allows users who have opened applications on Citrix and/or Terminal Server to continue their work on another computer.
An SSO solution, along with the many features offered, can result in a drastic time savings, particularly in the case of specialists who make their rounds amongst several departments or floors. Implementing SSO is an easy process, and the solution integrates with almost all applications, including cloud applications. SSO provides the healthcare organization long-lasting benefits including increasing the care that patients receive and eliminates a great deal of wasted time.
To learn more about SSO and follow me, please visit our website
Clinicians need quick access the patient’s medical history, dosages, medications, etc. to offer the proper care and every second that is lost could have been used for critically needed treatment. While all healthcare organizations need to ensure the security of their systems and applications, this can have a negative impact on the treatment of their patients and can result in time being lost because of inefficient login processes and procedures.
Something as simple as simplifying access to important systems, like patient health records, can save anywhere from a few seconds to several minutes each day, which is time gained caring for patients. By giving clinicians quick access to a patient’s health record, caregivers can make quicker decisions about what kind of treatment options and medications to pursue. Clinicians often have to check several different systems and records in multiple environments to make these decisions. With a single sign-on (SSO) solution, employees not only improve workflow, documentation and security is also improved since the software records all user activities. This also allows the healthcare organization to easily see what each employee is doing on the network.
A single sign-on solution allows clinicians to have a single set of credentials to log on to a computer or workstation. Once they log in one time, they are automatically signed into all authorized systems and applications when they are launched. SSO eliminates major hassles for clinicians and allows them to focus on their key priority, the patients.
The Rivierenland Hospital was one hospital that was able to improve efficiency with an SSO solution. The hospital’s clinicians indicated their frustration at having to remember too many log-in credentials and the time that it took them to log in before assisting each patient. To mitigate these issues an SSO solution was implemented allowing clinicians to swipe their card near the card reader and enter a PIN to access all of the applications and systems they need without having to remember and enter long passwords.
In response to the implementation of SSO, Jos Meeuwsen, the hospital’s system administrator said, “We have received compliments from various departments, including the usually highly-critical Intensive Care department. This is an extremely user-friendly solution.”
There are many reasons why healthcare organizations are hesitant to implement an SSO solution. They believe that SSO can hinder security, or that an implementation will be expansive or drawn out. IT managers assume that if an unauthorized person gets hold of that single log in credential, that person will have access to all the account’s associated applications. Though this does appear to constitute a risk, the log-in process is actually streamlined for the user. Having to remember just one password essentially does away with the risk that the users will scribble passwords on a piece of paper and store them under their keyboard.
If they still feel strongly about it being a security risk, SSO can offer additional security with two-factor authentication. This allows clinicians to swipe or place their card on the card reader in addition to entering a unique PIN. This process ensures that the user needs something physical, the card and something from memory, the PIN, to access the network. In addition, a second pass of the card, or removal from the reader, closes all applications and logs the user of the computer.
In regard to the implementation of SSO being an expensive and a drawn-out process, the nice thing is that it’s often not necessary to set it up for all the people in an organization. For example, in a hospital, SSO is only needed for a select group of people. The advice here is to restrict SSO to the most critical applications and the people who have to log in to a variety of different applications or from multiple locations. The implementation will then be easy to control in terms of price and complexity. This offers an excellent springboard for any further growth and expansion in accordance with changing future needs.
SSO also has additional benefits in addition to reducing the amount of time it takes to log in. The solution can easily assist with audits by providing a detailed log of each user who has logged in and what they did on the network. SSO can also help healthcare organizations easily switch from shared workstations to individual account logins, which is required by HIPPA. Instead of eliminating the shared workstations and giving clinician’s credentials to the systems and applications, SSO easily transitions them to their own single set of credentials. Many vendors also offer a “follow me” feature. This option allows users who have opened applications on Citrix and/or Terminal Server to continue their work on another computer.
An SSO solution, along with the many features offered, can result in a drastic time savings, particularly in the case of specialists who make their rounds amongst several departments or floors. Implementing SSO is an easy process, and the solution integrates with almost all applications, including cloud applications. SSO provides the healthcare organization long-lasting benefits including increasing the care that patients receive and eliminates a great deal of wasted time.
To learn more about SSO and follow me, please visit our website
Friday, August 23, 2013
The Cost of Not Disabling, Deleting, or Deprovisioning User Accounts
We are all aware of the potential security risks organizations face when they don’t properly disable or delete network accounts when users leave an organization. If former users still have access to customer data and sensitive internal systems, then there is great potential for them to wreak havoc on the file systems.
Most businesses attempt to take immediate steps to prevent this type of action when an employee is terminated or leaves of their own volition, but some do not. However, even if security is not an issue or if there is no concern, there is one very important issue that is often overlooked: the costs associated with not disabling accounts, licensed applications, and cloud-based solutions.
Costs to Company
Take, for instance, Office 365, the increasingly popular solution from Microsoft for hosted email and the Office productivity suite. Costs typically range from $4-$20 per user per month for business clients. Another example is Salesforce.com, another popular web-based CRM application, which ranges from $65-$250 per user per month. Still other applications, such as Sales Genie or Hoovers, have costs associated with downloading a record or creating an email address. All of this adds up to huge expenses for companies.
Next, if we take a look at a company with 1,000 employees (you can scale this example to your own business size) and assume an annual turnover rate of 10%, 100 employees leave on an annual basis. If that company has one cloud-based application averaging $30 per user per month and it takes three months to process all the terminated employees out of all systems, the cost to the company is $9,000.
Obviously, the more subscription-based applications, the longer it can take to deactivate accounts. The more employees and the higher the turnover rate, the greater the potential costs to the subscribing company. This can lead to a great amount of money lost over time. Over three years, this adds up to about $27,000, money that could have surely been used to help in other areas of the company.
In a 2010 study conducted by IDC, results showed that between 25% and 75% of licenses for enterprise applications are either unused or underused. A huge part of this is most likely due to employees who are no longer with the company but still have an active account.
Security
Now, if the application in question has a cost associated with downloading records, the costs to an organization can be tremendous. A recent conversation with a sales manager brought this point into focus, stating that a recently terminated sales rep did not have his access to a lead-generation database revoked until nearly six months following termination. In that time, the one former employee was able to download nearly 15,000 records at a total cost of $7,500 to the company. In any organization with a high sales turnover, this cost can be astronomical.
Another area where licensing costs can come into play is with network-based applications that are licensed on a per-user basis. Very often, applications like Visio, Photoshop, and others are licensed for a large number of users and access rights to these applications are based on group memberships in an active directory. In a similar vein to cloud-based solutions, if a user is not removed from a group that allows access to one of these applications, it is possible that the company could run out of licenses and need to buy more.
This also is true when a current employee is transferred to a new role. As an example, a graphics designer accessing Photoshop is transferred to a managerial role. When the transfer occurs, the rights to the application remain intact because of a lack of communication between the human resources department and the IT group. The manager no longer needs access to Photoshop, but when a new designer is hired, a new license must be purchased.
Solution
In the above cases, proper controls via an automated identity management solution can easily solve these issues by revoking access rights for all employees within an organization, freeing up licenses and minimizing additional and unnecessary expenses. Many solutions are now commercially available to automate the life-cycle of user accounts by linking a human resource application to Active Directory, as well as handling the proper creation and deletion of accounts in network and cloud-based applications. This allows a manager or IT employee in charge of accounts, to easily remove an employee and revoke all access to each system and application with one click. Instead of employee’s accounts being left active, once they leave they will be easily removed, improving security and reducing costs for the organization.
With an automated identity management solution, there is no need to have a dedicated staff to handle accounts. A manager in charge or help desk employee can easily handle the changes, which is why it is beneficial to even small businesses with a limited staff.
For more information, please visit our website.
Most businesses attempt to take immediate steps to prevent this type of action when an employee is terminated or leaves of their own volition, but some do not. However, even if security is not an issue or if there is no concern, there is one very important issue that is often overlooked: the costs associated with not disabling accounts, licensed applications, and cloud-based solutions.
Costs to Company
Take, for instance, Office 365, the increasingly popular solution from Microsoft for hosted email and the Office productivity suite. Costs typically range from $4-$20 per user per month for business clients. Another example is Salesforce.com, another popular web-based CRM application, which ranges from $65-$250 per user per month. Still other applications, such as Sales Genie or Hoovers, have costs associated with downloading a record or creating an email address. All of this adds up to huge expenses for companies.
Next, if we take a look at a company with 1,000 employees (you can scale this example to your own business size) and assume an annual turnover rate of 10%, 100 employees leave on an annual basis. If that company has one cloud-based application averaging $30 per user per month and it takes three months to process all the terminated employees out of all systems, the cost to the company is $9,000.
Obviously, the more subscription-based applications, the longer it can take to deactivate accounts. The more employees and the higher the turnover rate, the greater the potential costs to the subscribing company. This can lead to a great amount of money lost over time. Over three years, this adds up to about $27,000, money that could have surely been used to help in other areas of the company.
In a 2010 study conducted by IDC, results showed that between 25% and 75% of licenses for enterprise applications are either unused or underused. A huge part of this is most likely due to employees who are no longer with the company but still have an active account.
Security
Now, if the application in question has a cost associated with downloading records, the costs to an organization can be tremendous. A recent conversation with a sales manager brought this point into focus, stating that a recently terminated sales rep did not have his access to a lead-generation database revoked until nearly six months following termination. In that time, the one former employee was able to download nearly 15,000 records at a total cost of $7,500 to the company. In any organization with a high sales turnover, this cost can be astronomical.
Another area where licensing costs can come into play is with network-based applications that are licensed on a per-user basis. Very often, applications like Visio, Photoshop, and others are licensed for a large number of users and access rights to these applications are based on group memberships in an active directory. In a similar vein to cloud-based solutions, if a user is not removed from a group that allows access to one of these applications, it is possible that the company could run out of licenses and need to buy more.
This also is true when a current employee is transferred to a new role. As an example, a graphics designer accessing Photoshop is transferred to a managerial role. When the transfer occurs, the rights to the application remain intact because of a lack of communication between the human resources department and the IT group. The manager no longer needs access to Photoshop, but when a new designer is hired, a new license must be purchased.
Solution
In the above cases, proper controls via an automated identity management solution can easily solve these issues by revoking access rights for all employees within an organization, freeing up licenses and minimizing additional and unnecessary expenses. Many solutions are now commercially available to automate the life-cycle of user accounts by linking a human resource application to Active Directory, as well as handling the proper creation and deletion of accounts in network and cloud-based applications. This allows a manager or IT employee in charge of accounts, to easily remove an employee and revoke all access to each system and application with one click. Instead of employee’s accounts being left active, once they leave they will be easily removed, improving security and reducing costs for the organization.
With an automated identity management solution, there is no need to have a dedicated staff to handle accounts. A manager in charge or help desk employee can easily handle the changes, which is why it is beneficial to even small businesses with a limited staff.
For more information, please visit our website.
Friday, August 16, 2013
Using Identity and Access Management Software for Audits
Regulation such as HIPAA, Basel II and Sarbanes-Oxley continues to overwhelm every business sector as organizations are continuously evaluated for their compliance with various standards, legislations and regulations. These evaluations, or audits, will sooner or later affect nearly every organization.
However, it’s not just top line executives that are affected by audits. In fact, ever more increasingly, IT departments are being brought into the audit response process, which means IT managers faced with an audit must be able to demonstrate full control of the data in which they manage.
Simply put, this means:
• IT departments must be able to demonstrate at any time who has access to what systems in the network, and when network actions have been performed (authorizations and reporting). For instance, IT manager should be able to indicate which employees are allowed to approve and pay invoices and who has reset employee X’s password and when.
• IT departments must implement a strong password policy.
Identity and access management (IAM) solutions provide IT administrators with support for legislative and regulatory compliance and are able to help them manage any audits such that:
Who Can Do What in a System?
Role-based access control (RBAC) is a technique for setting up authorization management in an organization and for providing insight into the questions of “who is allowed to do what in the network” and especially “who is not allowed to do so.” With RBAC, authorizations are not assigned to individual staff members but to RBAC roles, which in turn comprise the employee’s department, title, location and cost center. RBAC reduces the chance of error because network actions and changes can only be performed by people who are authorized to do so, based on their role or title.
Many organizations already use RBAC to a greater or lesser extent for: discovery, project implementation and population management. With the right solutions, organizations are able to reduce the hugely labor-intensive, complex and costly process with smart software that makes it possible to automate the majority of the population in an RBAC authorization matrix.
Using an RBAC system, the so-called organizational roles (the way in which employees are figured in the human resources database system, particularly in terms of title, department and cost center) are matched against the technical roles such as applications and folders present across the organization. Organizational partners and vendors can help organizations match their HR system and network, as well as analyze the current authorizations for each organizational role. This allows the organization to decide which HR attributes should be used for each organizational role.
The result of this alignment could be, say, that 90 percent of a particular organizational role (e.g. the role of nurse at the Cardiology department) involves particular authorizations. The logical step would then be to automatically assign all new employees in this role the same authorizations. By letting the occupancy rate govern the assignment of authorizations, a first step can be made toward populating the RBAC matrix in a very simple way. This approach can save you a great amount of time and money.
Strong password policy
Many laws and regulations require the implementation of a strong password policy (strong authorization). To achieve this, it is possible to activate the complexity rules in Windows Active Directory. However, you should first ask yourself whether this complexity is desirable for your organization, as this may have major consequences for your end users.
The default Windows Active Directory password complexity rules are often insufficient. Systems administrators need a more flexible solution that, among other things, makes it possible to determine individually, which rules are applied and when.
As mentioned, earlier, implementing a stricter password policy has major implications for end users, as well as the organization as a whole. End users will need to remember more complex passwords and since most of them will have trouble in doing so, the helpdesk is bound to receive more password reset calls.
To reduce the number of password reset calls, Tools4ever offers SSRPM (Self Service Reset Password Management), which lets end users reset their passwords independently by providing answers to a series of simple, predefined questions.
A stricter password policy also has consequences for the productivity of employees. They will have to remember more complex passwords for all of their applications, and will be far from happy with the situation. For this reason, many organizations choose to implement a single sign-on solution to cater for the needs of their end users.
A single sign-on solution (SSO) allows end users to log in once, after which they are automatically assigned access to all applications and resources across the network, without having to log in again. SSO functions as an additional software layer that handles all login processes and automatically enters the required credentials (automatic login). SSO also ensures that, in addition to Active Directory, a strong password is automatically used for all the underlying applications.
Two-factor authentication
When implementing a strong password policy is insufficient in itself (e.g. because end users end up jotting down their passwords), it is possible to use strong (two-factor) authentication. Rather than entering their user name and password, users will log in by holding a card against a card reader and entering a PIN code. This results in strong authentication, as two-factor authentication is based on something the user has (the card) and knows (the PIN code). In this set up, the card ID is linked to the user’s Active Directory credentials.
It is also possible to implement strong authentication without having to purchase additional hardware. In this scenario, the use of smartphones takes on an important role. This is because smartphones offer various authentication capabilities, such as facial recognition (using the camera), voice recognition (using sound recordings) and geographical positioning (using GPS). This type of low-cost authentication is the latest trend in the field of authentication.
For more details, please visit our website.
However, it’s not just top line executives that are affected by audits. In fact, ever more increasingly, IT departments are being brought into the audit response process, which means IT managers faced with an audit must be able to demonstrate full control of the data in which they manage.
Simply put, this means:
• IT departments must be able to demonstrate at any time who has access to what systems in the network, and when network actions have been performed (authorizations and reporting). For instance, IT manager should be able to indicate which employees are allowed to approve and pay invoices and who has reset employee X’s password and when.
• IT departments must implement a strong password policy.
Identity and access management (IAM) solutions provide IT administrators with support for legislative and regulatory compliance and are able to help them manage any audits such that:
Who Can Do What in a System?
Role-based access control (RBAC) is a technique for setting up authorization management in an organization and for providing insight into the questions of “who is allowed to do what in the network” and especially “who is not allowed to do so.” With RBAC, authorizations are not assigned to individual staff members but to RBAC roles, which in turn comprise the employee’s department, title, location and cost center. RBAC reduces the chance of error because network actions and changes can only be performed by people who are authorized to do so, based on their role or title.
Many organizations already use RBAC to a greater or lesser extent for: discovery, project implementation and population management. With the right solutions, organizations are able to reduce the hugely labor-intensive, complex and costly process with smart software that makes it possible to automate the majority of the population in an RBAC authorization matrix.
Using an RBAC system, the so-called organizational roles (the way in which employees are figured in the human resources database system, particularly in terms of title, department and cost center) are matched against the technical roles such as applications and folders present across the organization. Organizational partners and vendors can help organizations match their HR system and network, as well as analyze the current authorizations for each organizational role. This allows the organization to decide which HR attributes should be used for each organizational role.
The result of this alignment could be, say, that 90 percent of a particular organizational role (e.g. the role of nurse at the Cardiology department) involves particular authorizations. The logical step would then be to automatically assign all new employees in this role the same authorizations. By letting the occupancy rate govern the assignment of authorizations, a first step can be made toward populating the RBAC matrix in a very simple way. This approach can save you a great amount of time and money.
Strong password policy
Many laws and regulations require the implementation of a strong password policy (strong authorization). To achieve this, it is possible to activate the complexity rules in Windows Active Directory. However, you should first ask yourself whether this complexity is desirable for your organization, as this may have major consequences for your end users.
The default Windows Active Directory password complexity rules are often insufficient. Systems administrators need a more flexible solution that, among other things, makes it possible to determine individually, which rules are applied and when.
As mentioned, earlier, implementing a stricter password policy has major implications for end users, as well as the organization as a whole. End users will need to remember more complex passwords and since most of them will have trouble in doing so, the helpdesk is bound to receive more password reset calls.
To reduce the number of password reset calls, Tools4ever offers SSRPM (Self Service Reset Password Management), which lets end users reset their passwords independently by providing answers to a series of simple, predefined questions.
A stricter password policy also has consequences for the productivity of employees. They will have to remember more complex passwords for all of their applications, and will be far from happy with the situation. For this reason, many organizations choose to implement a single sign-on solution to cater for the needs of their end users.
A single sign-on solution (SSO) allows end users to log in once, after which they are automatically assigned access to all applications and resources across the network, without having to log in again. SSO functions as an additional software layer that handles all login processes and automatically enters the required credentials (automatic login). SSO also ensures that, in addition to Active Directory, a strong password is automatically used for all the underlying applications.
Two-factor authentication
When implementing a strong password policy is insufficient in itself (e.g. because end users end up jotting down their passwords), it is possible to use strong (two-factor) authentication. Rather than entering their user name and password, users will log in by holding a card against a card reader and entering a PIN code. This results in strong authentication, as two-factor authentication is based on something the user has (the card) and knows (the PIN code). In this set up, the card ID is linked to the user’s Active Directory credentials.
It is also possible to implement strong authentication without having to purchase additional hardware. In this scenario, the use of smartphones takes on an important role. This is because smartphones offer various authentication capabilities, such as facial recognition (using the camera), voice recognition (using sound recordings) and geographical positioning (using GPS). This type of low-cost authentication is the latest trend in the field of authentication.
For more details, please visit our website.
Friday, July 26, 2013
Role-based Access Control Ensures Extra Security in Healthcare
Traditionally, implementing RBAC for the care setting can be daunting, but there are efficient ways to bring a system on board that allow health system leaders to track, audit and allow who has access to what information and when.
While Role-based Access Control (RBAC) has uses in every industry, the healthcare provider can benefit enormously from a proper implementation. The potential to save exists not only by reducing potential fines in HIPAA and/or Sar-Box audits, but also from conceivable lawsuits if sensitive patient data is exposed to the wrong personnel.
RBAC Overview
RBAC is a technique for implementing authorization account management across organizations. This technique involves assigning access privileges to certain files and sets of data on the basis of an employee’s role rather than assigning access privileges to individual users. These roles in turn comprise the department, function, location and cost center associated with an employee, also allowing all of an employee’s interactions with the system to be captured, in essence creating an audit trail for the organization in case one is ever needed.
Implementation Difficulties
Typically, one of the difficulties in implementing RBAC is the enormous investment of time that can be required to populate the matrix. This task can be a daunting one as the combination of locations, departments, employee types and roles – and the access rights they should be entitled to — can require a tremendous initial effort to accurately define. However, there is an easier way to get started.
The human resources (HR) system is an excellent source for determining these combinations. This will pave the way for a role model on the organizational level. As an example, a hospital in Location “A” has a surgery department that includes the functional role of “nurse.” The organizational role can be created on the basis of the function, department and location found in the HR system. These are “nurse,” “nurse in Location A” and “surgery nurse,” respectively. After “nurse” and “surgery” have been defined, a nurse in the surgery department will automatically be identified as “nurse + surgery” and assigned the appropriate access privileges and applications.
Using this method, it becomes very easy to populate more than 80 percent of the RBAC table. A major benefit of this approach is that new employees can start being productive on their first day while time is freed up for the assignment of specific privileges on an application and system level.
A subsequent step is to translate these organizational roles into application or system roles, which will comprise the remaining 20 percent of the RBAC table. The basis for this is already present and now further stacking will take place. The assignment of the system roles can easily be handled by the relevant manager. After all, managers rather than HR personnel are responsible for the access privileges of their employees. On the basis of a workflow, the relevant manager will be prompted by an e-mail notification and/or web form to specify the access privileges and applications for the employee concerned.
The RBAC software can subsequently record the manager’s choices to further populate the empty sections of the RBAC table and eventually achieve a fully populated table. This means it is possible to have a manager handle all the translations of roles within her department, with an option to delegate tasks to a colleague. An action triggered by the manager may also result in a workflow notification to a license manager. This allows managers to exactly determine and manage what happens within their department or cost center.
Inevitably, an employee’s location, position or role will change over time. A properly implemented RBAC system allows for a transition of the access and application rights, as well. When the employee changes jobs within the organization, the RBAC matrix ensures he has the proper rights for his new role. The workflow component can notify the previous manager about the transition to insure access to systems and data no longer required are revoked in a timely manner, and also the new manager will be notified in case any special privileges are required for the new role.
By using the method described above, implementing RBAC does not have to be a long, painful and drawn out process. Implementation can be handled in weeks rather than years and the healthcare facility can start reaping the benefits of proper data access control quickly.
Fore more information, please visit our website.
While Role-based Access Control (RBAC) has uses in every industry, the healthcare provider can benefit enormously from a proper implementation. The potential to save exists not only by reducing potential fines in HIPAA and/or Sar-Box audits, but also from conceivable lawsuits if sensitive patient data is exposed to the wrong personnel.
RBAC Overview
RBAC is a technique for implementing authorization account management across organizations. This technique involves assigning access privileges to certain files and sets of data on the basis of an employee’s role rather than assigning access privileges to individual users. These roles in turn comprise the department, function, location and cost center associated with an employee, also allowing all of an employee’s interactions with the system to be captured, in essence creating an audit trail for the organization in case one is ever needed.
Implementation Difficulties
Typically, one of the difficulties in implementing RBAC is the enormous investment of time that can be required to populate the matrix. This task can be a daunting one as the combination of locations, departments, employee types and roles – and the access rights they should be entitled to — can require a tremendous initial effort to accurately define. However, there is an easier way to get started.
The human resources (HR) system is an excellent source for determining these combinations. This will pave the way for a role model on the organizational level. As an example, a hospital in Location “A” has a surgery department that includes the functional role of “nurse.” The organizational role can be created on the basis of the function, department and location found in the HR system. These are “nurse,” “nurse in Location A” and “surgery nurse,” respectively. After “nurse” and “surgery” have been defined, a nurse in the surgery department will automatically be identified as “nurse + surgery” and assigned the appropriate access privileges and applications.
Using this method, it becomes very easy to populate more than 80 percent of the RBAC table. A major benefit of this approach is that new employees can start being productive on their first day while time is freed up for the assignment of specific privileges on an application and system level.
A subsequent step is to translate these organizational roles into application or system roles, which will comprise the remaining 20 percent of the RBAC table. The basis for this is already present and now further stacking will take place. The assignment of the system roles can easily be handled by the relevant manager. After all, managers rather than HR personnel are responsible for the access privileges of their employees. On the basis of a workflow, the relevant manager will be prompted by an e-mail notification and/or web form to specify the access privileges and applications for the employee concerned.
The RBAC software can subsequently record the manager’s choices to further populate the empty sections of the RBAC table and eventually achieve a fully populated table. This means it is possible to have a manager handle all the translations of roles within her department, with an option to delegate tasks to a colleague. An action triggered by the manager may also result in a workflow notification to a license manager. This allows managers to exactly determine and manage what happens within their department or cost center.
Inevitably, an employee’s location, position or role will change over time. A properly implemented RBAC system allows for a transition of the access and application rights, as well. When the employee changes jobs within the organization, the RBAC matrix ensures he has the proper rights for his new role. The workflow component can notify the previous manager about the transition to insure access to systems and data no longer required are revoked in a timely manner, and also the new manager will be notified in case any special privileges are required for the new role.
By using the method described above, implementing RBAC does not have to be a long, painful and drawn out process. Implementation can be handled in weeks rather than years and the healthcare facility can start reaping the benefits of proper data access control quickly.
Fore more information, please visit our website.
Friday, July 12, 2013
Benefits and Risks of BYOD
The “bring your own device” (BYOD) trend continues gaining speed across many industries . Plainly put, BYOD is when employees have the ability to bring their own technical devices—like smart phones, tablets and laptops -- and use the company’s network instead of a company-provided device. BYOD has many benefits and risks, though, that each organization’s IT department needs to consider.
Benefits
Increased Productivity
The use of technology at work has increased significantly over the past few years as using paper and manual processes continue to decrease. In education, for example, schools have increasingly taken to using technology in the classroom by providing students with tablets and computers. Recent research has shown that this type of learning allows students to be more interactive and engaged in the learning process. In business, the use of technology has increased because of green practices and organizations realizing that by positioning themselves as environmentally friendly they are saving money and generating external support of their efforts. Though technology increases overall productivity, research also shows that employees are even more productive if the device they use is their own.
Lower Cost to the Company
Though the use of technology is a benefit to employers as it without a doubt makes employees more productive, the cost to companies that purchase a large number of computers or tablets is a tremendous financial commitment. Most of the technology used by organizations is only current and up to date for a certain, limited period of time and then becomes obsolete and in need of replacement. By allowing employees to bring, and use, their own devices, they can always have up-to-date technology without the company constantly incurring the costs for new models. For many, this practice has been extremely beneficial as many budgets are being cut and organizations are forced to trim spending.
BYOD shift costs from the company to the user and allows employees to use their own devices. BYOD policies also allow employees to use the technology that they are comfortable with and that they prefer, rather than what the company dictates they them. Users also may upgrade their devices to the newest features more frequently than what the company can afford to budget for on an ongoing basis.
Risks
Support of many different devices
Though there are many benefits to allowing BYOD, there are several risks that concern the IT staff. First of all, since it is not one standard device that everyone is using, the IT department will need to support many different types of devices and operating systems. This makes it very difficult to mitigate an issue with a device when the user needs assistance.
No control over what is on device
Organizations have no control over what types of applications are put on the device, which makes it very difficult to enforce security. Though employees probably would not download games or other entertainment applications on their work computer, in the case of BYOD, since the device is their own and also used for pleasure, they will certainly download numerous types of personal applications on the device.
Security Risks
BYOD increases the risk of having a security breach of important data. When an employee leaves the company, they do not have to give back the device, so company applications and other data may still be present on their device. This can lead to some company data being unsecure. There are also certain compliance regulations that businesses have to follow, such as HIPPA or GLBA, which are difficult to enforce when a device is not owned by the company.
Infrastructure Issues
Different types of devices operate at different speeds and with different operating systems. This can be difficult for an IT department to set up and maintain infrastructure to support different device needs. Also, if employees are able to bring their own devices, there will be many more devices used than what would be if the company was providing them. Employees might bring all of their phones, tablets and computers to work, meaning there will be much more strain on the company’s Wi-Fi and network.
Solutions
Easily setup new devices
With an influx of devices the IT department will need to add them all to the network, which can be extremely time consuming. Solutions such as Tools4ver’s User Management Resource Administrator (UMRA) allow IT staff to easily add these new devices by adding them in Active Directory. End users will even be able to register their devices themselves if required.
Only allow certain devices to be registered
Since there are many different types and brands of devices that employees can use, an organization will have to decide which ones it is going to allow and support. This allows it to focus on a narrower selection of devices and be able to solve issues that arise with those devices. When a user tries to register a device, UMRA can be set up to only allow supported devices to be registered, thus not allowing unsupported devices to be registered on the company network.
Ensure Security
Security is a big issue with allowing BYOD at a company. When an employee leaves, he takes the device with him, so it is important that each departing employee does not still have access to important company data. With UMRA, once an employee leaves the company, his account can automatically be disabled, thereby deactivating his access to the network and any secure data. This ensures that when an employee leaves he will not be able to continue accessing important company data. This can also help to comply with regulations and audit needs. No one will have access to applications and data that they are not supposed to have access.
For more information, please visit our website.
Benefits
Increased Productivity
The use of technology at work has increased significantly over the past few years as using paper and manual processes continue to decrease. In education, for example, schools have increasingly taken to using technology in the classroom by providing students with tablets and computers. Recent research has shown that this type of learning allows students to be more interactive and engaged in the learning process. In business, the use of technology has increased because of green practices and organizations realizing that by positioning themselves as environmentally friendly they are saving money and generating external support of their efforts. Though technology increases overall productivity, research also shows that employees are even more productive if the device they use is their own.
Lower Cost to the Company
Though the use of technology is a benefit to employers as it without a doubt makes employees more productive, the cost to companies that purchase a large number of computers or tablets is a tremendous financial commitment. Most of the technology used by organizations is only current and up to date for a certain, limited period of time and then becomes obsolete and in need of replacement. By allowing employees to bring, and use, their own devices, they can always have up-to-date technology without the company constantly incurring the costs for new models. For many, this practice has been extremely beneficial as many budgets are being cut and organizations are forced to trim spending.
BYOD shift costs from the company to the user and allows employees to use their own devices. BYOD policies also allow employees to use the technology that they are comfortable with and that they prefer, rather than what the company dictates they them. Users also may upgrade their devices to the newest features more frequently than what the company can afford to budget for on an ongoing basis.
Risks
Support of many different devices
Though there are many benefits to allowing BYOD, there are several risks that concern the IT staff. First of all, since it is not one standard device that everyone is using, the IT department will need to support many different types of devices and operating systems. This makes it very difficult to mitigate an issue with a device when the user needs assistance.
No control over what is on device
Organizations have no control over what types of applications are put on the device, which makes it very difficult to enforce security. Though employees probably would not download games or other entertainment applications on their work computer, in the case of BYOD, since the device is their own and also used for pleasure, they will certainly download numerous types of personal applications on the device.
Security Risks
BYOD increases the risk of having a security breach of important data. When an employee leaves the company, they do not have to give back the device, so company applications and other data may still be present on their device. This can lead to some company data being unsecure. There are also certain compliance regulations that businesses have to follow, such as HIPPA or GLBA, which are difficult to enforce when a device is not owned by the company.
Infrastructure Issues
Different types of devices operate at different speeds and with different operating systems. This can be difficult for an IT department to set up and maintain infrastructure to support different device needs. Also, if employees are able to bring their own devices, there will be many more devices used than what would be if the company was providing them. Employees might bring all of their phones, tablets and computers to work, meaning there will be much more strain on the company’s Wi-Fi and network.
Solutions
Easily setup new devices
With an influx of devices the IT department will need to add them all to the network, which can be extremely time consuming. Solutions such as Tools4ver’s User Management Resource Administrator (UMRA) allow IT staff to easily add these new devices by adding them in Active Directory. End users will even be able to register their devices themselves if required.
Only allow certain devices to be registered
Since there are many different types and brands of devices that employees can use, an organization will have to decide which ones it is going to allow and support. This allows it to focus on a narrower selection of devices and be able to solve issues that arise with those devices. When a user tries to register a device, UMRA can be set up to only allow supported devices to be registered, thus not allowing unsupported devices to be registered on the company network.
Ensure Security
Security is a big issue with allowing BYOD at a company. When an employee leaves, he takes the device with him, so it is important that each departing employee does not still have access to important company data. With UMRA, once an employee leaves the company, his account can automatically be disabled, thereby deactivating his access to the network and any secure data. This ensures that when an employee leaves he will not be able to continue accessing important company data. This can also help to comply with regulations and audit needs. No one will have access to applications and data that they are not supposed to have access.
For more information, please visit our website.
Friday, June 28, 2013
Security Steps for Small Businesses
Like large organizations, small businesses also often have several identity and access management issues, such as ensuring security of systems and applications along with handling password issues. Unlike large organizations, they often do not have the staff and resources to easily handle these tasks, so the tasks either go incomplete or require more time and money than necessary. There are several solutions for small businesses though that easily mitigate these problems and save time and money in the long run.
Ensure Security of Systems and Applications
Employees often have many sets of credentials to login to their applications and perform their jobs. To remember multiple sets of credentials, employees often write down their user names and passwords and store them somewhere by their desks. This puts the organization’s applications at risk and reduces the security.
An easy way for small business to reduce the headache of multiple passwords for their employees, as well as ensure the security of their systems, is with a single sign-on (SSO) application. With an SSO solution, employees only have to remember one set of credentials. Once they enter their single user name and password they will thereafter be automatically signed into all applications and systems once they are opened. This ensures that employees will not use non-secure methods to remember their passwords.
A single sign-on solution also can incorporate two-factor authentication for an additional layer of security to systems and applications used by small businesses.
Two-factor authentication is used by requiring users to present a smart card, as well as a PIN code. This adds additional security to the login process. Two-factor authentication also can be customized to the needs of the organization, such as requiring the computer to remember the PIN for a defined period of time or automatically closing all sessions on the computer after the smart card is removed. Each of these customizations adds additional security to the systems, as well as improving efficiency for the user.
Easily Reduce Password Issues
Integrating simple sign on protocols in your business can cut down on security breaches and streamline employee access.
When an employee forgets a password, or is locked out of an application, they needs to go through the time-consuming process of resetting passwords. In a small business, access to a 24×7 help desk may not be possible. If there is a help desk or IT department available at all times, it may have a small staff and focusing on password resets can take away from their time of focusing on other more important issues.
A self-service reset password solution allows end users to easily and securely reset their passwords themselves. They simply register by providing answers to personal questions, much like a banking website. Then, when they need to reset their password, they simply click the “forgot my password” button, provide the correct answers and are able to reset their password without having to contact anyone else at the company.
This reduces the annoyance of password resets for both the IT department and the end user and allows them to both be productive working on more important tasks.
In conclusion, small businesses have many of the same issues that larger organizations deal with. By implementing one or all of the solutions discussed here they are able to reduce the amount of time the IT staff spends dealing with these issues, and not need to have an employee working full time to handle them.
For additional information, please visit our website.
Ensure Security of Systems and Applications
Employees often have many sets of credentials to login to their applications and perform their jobs. To remember multiple sets of credentials, employees often write down their user names and passwords and store them somewhere by their desks. This puts the organization’s applications at risk and reduces the security.
An easy way for small business to reduce the headache of multiple passwords for their employees, as well as ensure the security of their systems, is with a single sign-on (SSO) application. With an SSO solution, employees only have to remember one set of credentials. Once they enter their single user name and password they will thereafter be automatically signed into all applications and systems once they are opened. This ensures that employees will not use non-secure methods to remember their passwords.
A single sign-on solution also can incorporate two-factor authentication for an additional layer of security to systems and applications used by small businesses.
Two-factor authentication is used by requiring users to present a smart card, as well as a PIN code. This adds additional security to the login process. Two-factor authentication also can be customized to the needs of the organization, such as requiring the computer to remember the PIN for a defined period of time or automatically closing all sessions on the computer after the smart card is removed. Each of these customizations adds additional security to the systems, as well as improving efficiency for the user.
Easily Reduce Password Issues
Integrating simple sign on protocols in your business can cut down on security breaches and streamline employee access.
When an employee forgets a password, or is locked out of an application, they needs to go through the time-consuming process of resetting passwords. In a small business, access to a 24×7 help desk may not be possible. If there is a help desk or IT department available at all times, it may have a small staff and focusing on password resets can take away from their time of focusing on other more important issues.
A self-service reset password solution allows end users to easily and securely reset their passwords themselves. They simply register by providing answers to personal questions, much like a banking website. Then, when they need to reset their password, they simply click the “forgot my password” button, provide the correct answers and are able to reset their password without having to contact anyone else at the company.
This reduces the annoyance of password resets for both the IT department and the end user and allows them to both be productive working on more important tasks.
In conclusion, small businesses have many of the same issues that larger organizations deal with. By implementing one or all of the solutions discussed here they are able to reduce the amount of time the IT staff spends dealing with these issues, and not need to have an employee working full time to handle them.
For additional information, please visit our website.
Friday, June 21, 2013
Accessing Cloud Applications - A Challenge for the IT department
For an IT department, working with cloud applications and their providers can present a number of new challenges. Where the IT department previously took a facilitating role that is now transitioning to a coordinating role. In addition, it can be significantly more difficult to control user and access privileges in cloud applications. The control over user accounts and roles — who has access to which cloud applications and data — is more complex than with applications that reside within the network. Below are some of the causes:
1. Large amount of information
The flow of information within the business environment is exponentially larger, and with greater frequency, than a few years ago. Organizations have to deal with a large number of users (employees, partners and even clients in some situations) and also many changes; for example, an employee leaves the organization. Previously, it was possible to perform necessary account management process during a pre-established and given time, like monthly or quarterly. Today, this is no longer feasible and the data must be refreshed weekly or even daily. Also a factor, custom scripts often do not work with cloud applications.
2. Different structure
It is a major challenge for the IT department to manage all identities, roles and the data that exists in the various cloud solutions. Many solutions use proprietary authorization and authentication structures. It is common that the same data is required in different systems, but the varying structures make it very difficult to manage in a centralized fashion.
3. Multiple authentication sources
Active Directory, or other directory service, such as Novell eDirectory or Apple Open Directory, is normally the central authorization point for users and most likely controls access to other internal applications and systems. Cloud applications are typically not Active Directory integrated and the result is the need for multiple authentication sources; a directory service for internal applications and typically one authentication source per application in the cloud.
Working with multiple authentication sources of this type is complex because there are only limited options to synchronize user accounts between the sources — also known as federation support — such as Microsoft ADFS and the SAML standard.
4. More manual actions
Vendors that do not offer federation support — for example, several vendors of electronic portals and HR systems — offer a Web browser that administrators can use to directly manage the cloud application management. This requires personnel to manually manage the creation of accounts for new employees and partners, and disabling accounts for employees and partners who are no longer part of the organization.
Although typically very well organized, the web portals require a large number of manual operations. This is time consuming and subject to errors. Some applications will allow a bulk upload via a .CSV file but this still requires manual intervention to create the file, upload and verify which can produce a lot of work. In some cases, vendors have developed a link to user accounts to fully automate the process. This is also known as provisioning. The link retrieves information from the portal where the information is contained, and processes it to the electronic learning environment.
5. Password and naming conventions
Another issue that often arises is the standards for naming conventions and passwords. What works or is required in one system, may not work in another. For example, a user ID in the network may be based on the login name and in the cloud application may require the e-mail address. This makes the exchange of user account data between both environments very complex. This same issue can arise with password conventions. Complex passwords are usually required within the network, for example, the requirements of a combination of characters and numbers, however, you may not be able to utilize this convention within the cloud applications. Another factor to consider is the password expiration cycle — one system may be on a 90-day cycle while another might require a change every 30 days. Synchronizing passwords between the network and cloud applications can be tricky and proper planning is required prior to implementation.
6. What if the connection drops?
Vendors that provide links between the network and cloud applications often utilize event-driven synchronization between systems (i.e. when a change occurs, it is propagated immediately between the network and the cloud). However, they may not have a procedure for handling a temporarily dropped connection. Suppose a bulk upload to create a new employee accounts occurs but in the middle of the transfer, the connection with the cloud application drops. The result can be a tremendous amount of manual work to see which records have or have not been created. Cloud applications may not provide a notification that synchronization was successful.
7. Bulk actions
Processing bulk actions in the cloud is sometimes restricted or denied by the application. For example, imagine you need to create user accounts for several thousand employees, partners or clients students in a hosted e-mail system at the beginning of the school year. There are cloud applications that restrict the number of actions that can be implemented at one time or even require that administrative work be done after work hours to avoid overload on the network. While not all cloud application vendors are restrictive in this fashion, several are and this can impose extra work on the IT department.
8. Connecting import scripts
Frequently, various systems within a single network require the same information. The IT department wants to avoid duplicate manual input of information whenever feasible as it is inefficient and can lead to errors. In many cases scripts are created to load the data from an authoritative system to all dependent applications. Usually, a script will be required for each dependent system as the data elements and requirements will be unique. With the advent of cloud applications, this is more difficult to achieve as these solutions do not always provide a methodology to utilize traditional scripts.
Every organization has to deal with tight budgets, strict federal or local regulations and all are under great pressure to constantly seek ways to work more efficiently. Working with cloud applications can, in many cases, mean that the user and access control is not optimal or effective and requires more attention. Suppliers of cloud solutions give little priority to the development of better management of user accounts and access rights in their applications. They are obviously working with the development of new features and business-oriented functionality.
For more information, please visit our website.
1. Large amount of information
The flow of information within the business environment is exponentially larger, and with greater frequency, than a few years ago. Organizations have to deal with a large number of users (employees, partners and even clients in some situations) and also many changes; for example, an employee leaves the organization. Previously, it was possible to perform necessary account management process during a pre-established and given time, like monthly or quarterly. Today, this is no longer feasible and the data must be refreshed weekly or even daily. Also a factor, custom scripts often do not work with cloud applications.
2. Different structure
It is a major challenge for the IT department to manage all identities, roles and the data that exists in the various cloud solutions. Many solutions use proprietary authorization and authentication structures. It is common that the same data is required in different systems, but the varying structures make it very difficult to manage in a centralized fashion.
3. Multiple authentication sources
Active Directory, or other directory service, such as Novell eDirectory or Apple Open Directory, is normally the central authorization point for users and most likely controls access to other internal applications and systems. Cloud applications are typically not Active Directory integrated and the result is the need for multiple authentication sources; a directory service for internal applications and typically one authentication source per application in the cloud.
Working with multiple authentication sources of this type is complex because there are only limited options to synchronize user accounts between the sources — also known as federation support — such as Microsoft ADFS and the SAML standard.
4. More manual actions
Vendors that do not offer federation support — for example, several vendors of electronic portals and HR systems — offer a Web browser that administrators can use to directly manage the cloud application management. This requires personnel to manually manage the creation of accounts for new employees and partners, and disabling accounts for employees and partners who are no longer part of the organization.
Although typically very well organized, the web portals require a large number of manual operations. This is time consuming and subject to errors. Some applications will allow a bulk upload via a .CSV file but this still requires manual intervention to create the file, upload and verify which can produce a lot of work. In some cases, vendors have developed a link to user accounts to fully automate the process. This is also known as provisioning. The link retrieves information from the portal where the information is contained, and processes it to the electronic learning environment.
5. Password and naming conventions
Another issue that often arises is the standards for naming conventions and passwords. What works or is required in one system, may not work in another. For example, a user ID in the network may be based on the login name and in the cloud application may require the e-mail address. This makes the exchange of user account data between both environments very complex. This same issue can arise with password conventions. Complex passwords are usually required within the network, for example, the requirements of a combination of characters and numbers, however, you may not be able to utilize this convention within the cloud applications. Another factor to consider is the password expiration cycle — one system may be on a 90-day cycle while another might require a change every 30 days. Synchronizing passwords between the network and cloud applications can be tricky and proper planning is required prior to implementation.
6. What if the connection drops?
Vendors that provide links between the network and cloud applications often utilize event-driven synchronization between systems (i.e. when a change occurs, it is propagated immediately between the network and the cloud). However, they may not have a procedure for handling a temporarily dropped connection. Suppose a bulk upload to create a new employee accounts occurs but in the middle of the transfer, the connection with the cloud application drops. The result can be a tremendous amount of manual work to see which records have or have not been created. Cloud applications may not provide a notification that synchronization was successful.
7. Bulk actions
Processing bulk actions in the cloud is sometimes restricted or denied by the application. For example, imagine you need to create user accounts for several thousand employees, partners or clients students in a hosted e-mail system at the beginning of the school year. There are cloud applications that restrict the number of actions that can be implemented at one time or even require that administrative work be done after work hours to avoid overload on the network. While not all cloud application vendors are restrictive in this fashion, several are and this can impose extra work on the IT department.
8. Connecting import scripts
Frequently, various systems within a single network require the same information. The IT department wants to avoid duplicate manual input of information whenever feasible as it is inefficient and can lead to errors. In many cases scripts are created to load the data from an authoritative system to all dependent applications. Usually, a script will be required for each dependent system as the data elements and requirements will be unique. With the advent of cloud applications, this is more difficult to achieve as these solutions do not always provide a methodology to utilize traditional scripts.
Every organization has to deal with tight budgets, strict federal or local regulations and all are under great pressure to constantly seek ways to work more efficiently. Working with cloud applications can, in many cases, mean that the user and access control is not optimal or effective and requires more attention. Suppliers of cloud solutions give little priority to the development of better management of user accounts and access rights in their applications. They are obviously working with the development of new features and business-oriented functionality.
For more information, please visit our website.
Friday, June 14, 2013
4 Time-Saving Healthcare IT Industry Trends
As the U.S. economy slowly improves, healthcare facility IT budgets are likely to remain flat, or see only modest increases, in 2013. This means that IT departments will continue to look for ways to make their organizations and infrastructures run more efficiently.
Below are four areas that will be of particular interest to the technology departments in the healthcare industry. Self-service applications for end users' healthcare facilities will likely be looking for time-saving ways to eliminate end-user calls to the IT help desk, so we’ll likely see an uptick in self-service applications for IT end users.
No. 1: Self-Service Applications for End Users
Self-service reset password applications have been around for several years now and continue to prove their value. End users enroll via a series of challenge questions and, should they forget their password, are able to reset directly from the network login screen or website. This eliminates a call to the help desk, and allows the employee to become productive immediately instead of waiting on the help desk phone queue.
No. 2: Cloud Applications in the Healthcare Industry
As solutions like Gmail and Office 365 continue to gain traction in healthcare, the ability to provision and deprovision accounts in a timely fashion becomes critical to controlling costs. While many health systems have implemented identity management solutions for Active Directory (AD), implementing a seamless process to these cloud applications can be a challenge.
Though both Google and Microsoft offer tools to synchronize AD with their respective products, they reportedly fall short in many areas and can make account management a tedious chore. Many vendors now offer advanced tools that allow for easy synchronization and management of accounts in these, and many other, healthcare cloud applications.
No. 3: Use of Single Sign-On
In hospitals and healthcare settings, both authorized and unauthorized people often use the workstation computers, meaning that those unauthorized people can view restricted information if accounts are not securely managed. Yet, clinicians frequently share a common username and password with peers to avoid wasting time switching between user profiles.
By reducing the amount of time required to log in, clinicians can easily and securely access patient information as they quickly move from room to room. It is even possible to integrate “Follow Me,” which allows users who have opened applications on Citrix and/or Terminal Server to continue their work on another computer. Overall, clinicians will be able to focus less on signing in and more on caring for patients.
No. 4: Security and Audit of the Healthcare Industry
As in past years, ensuring security of the network and providing accurate reporting to auditors will have a large impact on the IT department, both in time and money. The IT department needs to provide employees with the correct access rights required to applications and network functional areas, while also ensuring unnecessary access is never granted.
The application also creates the appropriate Exchange mailbox and creates a home folder for the employee on the appropriate share drive. By ensuring the proper access rights, it makes the audit process that much easier and ensures compliance at all times.
For more information, please visit our website.
Below are four areas that will be of particular interest to the technology departments in the healthcare industry. Self-service applications for end users' healthcare facilities will likely be looking for time-saving ways to eliminate end-user calls to the IT help desk, so we’ll likely see an uptick in self-service applications for IT end users.
No. 1: Self-Service Applications for End Users
Self-service reset password applications have been around for several years now and continue to prove their value. End users enroll via a series of challenge questions and, should they forget their password, are able to reset directly from the network login screen or website. This eliminates a call to the help desk, and allows the employee to become productive immediately instead of waiting on the help desk phone queue.
No. 2: Cloud Applications in the Healthcare Industry
As solutions like Gmail and Office 365 continue to gain traction in healthcare, the ability to provision and deprovision accounts in a timely fashion becomes critical to controlling costs. While many health systems have implemented identity management solutions for Active Directory (AD), implementing a seamless process to these cloud applications can be a challenge.
Though both Google and Microsoft offer tools to synchronize AD with their respective products, they reportedly fall short in many areas and can make account management a tedious chore. Many vendors now offer advanced tools that allow for easy synchronization and management of accounts in these, and many other, healthcare cloud applications.
No. 3: Use of Single Sign-On
In hospitals and healthcare settings, both authorized and unauthorized people often use the workstation computers, meaning that those unauthorized people can view restricted information if accounts are not securely managed. Yet, clinicians frequently share a common username and password with peers to avoid wasting time switching between user profiles.
By reducing the amount of time required to log in, clinicians can easily and securely access patient information as they quickly move from room to room. It is even possible to integrate “Follow Me,” which allows users who have opened applications on Citrix and/or Terminal Server to continue their work on another computer. Overall, clinicians will be able to focus less on signing in and more on caring for patients.
No. 4: Security and Audit of the Healthcare Industry
As in past years, ensuring security of the network and providing accurate reporting to auditors will have a large impact on the IT department, both in time and money. The IT department needs to provide employees with the correct access rights required to applications and network functional areas, while also ensuring unnecessary access is never granted.
The application also creates the appropriate Exchange mailbox and creates a home folder for the employee on the appropriate share drive. By ensuring the proper access rights, it makes the audit process that much easier and ensures compliance at all times.
For more information, please visit our website.
Tale of Two Cities
Identity/password management has been a growing trend in the areas of healthcare, education and business. Lately, government agencies at the local, state and federal levels have also been taking a look.
Out of Control Passwords
St. Petersburg, Fla., currently has about 3,600 full- and part-time employees. It was having immense issues with employee password reset requests. On a daily basis, the IT help desk received 10 or more requests to reset passwords to the Active Directory (AD) network and various other applications.
Departmental leaders decided on a two-phase approach to tackle the issue. They first looked for a solution to allow end users the ability to reset their own passwords to the AD network then implemented a self-service reset password tool. The first aspect of the implementation required end users to select a series of challenge questions and provide answers to those questions. After enrollment, end users could simply click a "Forgot My Password" link on the login screen, provide the answers and reset their password accordingly.
The second phase of the password project was to reduce the number of passwords required to access internal systems. As it stood, the average employee needed to remember eight user name/password combinations while some employees had upwards of 20. Again, the city's leaders looked to commercially available single sign-on solutions and settled on the same vendor that provided the self-service application.
The overall result for both phases of the projects was a reduction in the amount of time IT staff spends resetting passwords to nearly zero.
New HR application and new Directory Service
Tampa, Fla., faced several daunting tasks. The roll out of a new HR/financial system required that each employee had an AD account to access the application. This situation was further exacerbated because the city was running Novel eDirectory and GroupWise for email.
After purchasing a commercially available product, the basic implementation was completed in a few days. This was accomplished by taking an extract from the outgoing HR system and using the current employee list as the basis. After the HR/financial system implementation was completed, the IT group circled back to the identity management provider to put additional components in place.
First was an automated process to create and disable users. Every time a new hire is entered into the HR system, the AD account and Exchange mailbox are created without manual intervention.
Conversely, whenever an employee is indicated as terminated in the HR solution, the account is automatically disabled.
The second phase of the project was to implement a Web portal for allowing employees to request access to different security and distribution groups along with a variety of applications or specific roles within an application. An end user can login to the portal with their network credentials and be presented with a variety of options to request additional access. Once completed the request is routed to the employee's manager for approval and then to the IT department for final approval.
In summary, both municipalities were able to utilize identity and password management solutions to allow their IT employees and end users work more efficiently overall.
For more information, please visit our website.
Out of Control Passwords
St. Petersburg, Fla., currently has about 3,600 full- and part-time employees. It was having immense issues with employee password reset requests. On a daily basis, the IT help desk received 10 or more requests to reset passwords to the Active Directory (AD) network and various other applications.
Departmental leaders decided on a two-phase approach to tackle the issue. They first looked for a solution to allow end users the ability to reset their own passwords to the AD network then implemented a self-service reset password tool. The first aspect of the implementation required end users to select a series of challenge questions and provide answers to those questions. After enrollment, end users could simply click a "Forgot My Password" link on the login screen, provide the answers and reset their password accordingly.
The second phase of the password project was to reduce the number of passwords required to access internal systems. As it stood, the average employee needed to remember eight user name/password combinations while some employees had upwards of 20. Again, the city's leaders looked to commercially available single sign-on solutions and settled on the same vendor that provided the self-service application.
The overall result for both phases of the projects was a reduction in the amount of time IT staff spends resetting passwords to nearly zero.
New HR application and new Directory Service
Tampa, Fla., faced several daunting tasks. The roll out of a new HR/financial system required that each employee had an AD account to access the application. This situation was further exacerbated because the city was running Novel eDirectory and GroupWise for email.
After purchasing a commercially available product, the basic implementation was completed in a few days. This was accomplished by taking an extract from the outgoing HR system and using the current employee list as the basis. After the HR/financial system implementation was completed, the IT group circled back to the identity management provider to put additional components in place.
First was an automated process to create and disable users. Every time a new hire is entered into the HR system, the AD account and Exchange mailbox are created without manual intervention.
Conversely, whenever an employee is indicated as terminated in the HR solution, the account is automatically disabled.
The second phase of the project was to implement a Web portal for allowing employees to request access to different security and distribution groups along with a variety of applications or specific roles within an application. An end user can login to the portal with their network credentials and be presented with a variety of options to request additional access. Once completed the request is routed to the employee's manager for approval and then to the IT department for final approval.
In summary, both municipalities were able to utilize identity and password management solutions to allow their IT employees and end users work more efficiently overall.
For more information, please visit our website.
Friday, May 24, 2013
Four Simple Solutions for Introducing Complex Passwords
You want to introduce complex passwords with a view to improving information security. But the introduction of such stronger passwords, which also have to be changed regularly, leads to resistance among end-users. After all, they have to remember of multitude of password/username combinations. This results in non-secure situations – employees write down passwords on Post-Its – and many password reset requests to the helpdesk. Here are four simple solutions with which you can indeed introduce complex passwords into your organization, but without causing frustration among users.
1. Reduce the number of passwords with Single Sign On
Reduce the number of passwords and ensure that employees only have to remember one, complex password instead of dozens. Single Sign On ( SSO) offers the ability to do this. SSO lets employees log in just once, after which access is automatically granted to all applications and systems the user might open. So the staff-member doesn’t have to log in afresh for each application. And that saves an average of three to five logins with varying passwords each day.
Perhaps you want to do away with even this remaining password? In that case SSO can be deployed in combination with an access pass. The security card your employees use to gain access to the premises or for time and attendance, then replaces the final password/username combination. By presenting a card to or into a reader and if required, entering a PIN code, the user is automatically logged in. When the employee again presents the card to a reader, he or she is then logged out.
2. Automatic password synchronization
Would it not be ideal if the same password/username combination could be used for every application? The difficulty here is that the passwords almost always have an expiry date and need to be renewed regularly. And the expiry date is not the same for every application. For some applications a new password has to be set monthly, while other software might only require it once a year. It’s virtually impossible for users to reset a newly-introduced password in all the other required applications so that the password would then indeed be identical everywhere.
However you can actually automate this very well with solutions for password synchronization, which ensure that passwords are and remain synchronous in multiple systems. The newly-set password is then immediately intercepted and forwarded to all other applications.
3. Help users to create strong passwords
Employees often find it difficult to come up with complex passwords. Some applications insist that the password must contain an uppercase letter, a punctuation mark or a figure. Or that the password must differ from the old one by X percentage.
That’s why users need some help in creating new, strong passwords. Password creation tools assist users to produce their passwords. The established complexity rules are shown when users configure a new password, and they are notified whether the relevant requirements have been met.
4. Let users reset their passwords themselves
As mentioned earlier, the introduction of complex passwords leads to an increase in the number of password reset requests to the helpdesk. To ease the burden on the helpdesk it’s possible to let users reset their passwords themselves. Users identify themselves by correctly answering a number of personal questions (e.g. ‘What’s your mother’s maiden name?’) and can then reset their own passwords, without the intervention of the helpdesk.
A combination of these solutions means time-consuming registration procedures are a thing of the past and the helpdesk is relieved of the problems. Users benefit from maximum user-friendliness, while productivity rises.
For more information, please visit our website.
1. Reduce the number of passwords with Single Sign On
Reduce the number of passwords and ensure that employees only have to remember one, complex password instead of dozens. Single Sign On ( SSO) offers the ability to do this. SSO lets employees log in just once, after which access is automatically granted to all applications and systems the user might open. So the staff-member doesn’t have to log in afresh for each application. And that saves an average of three to five logins with varying passwords each day.
Perhaps you want to do away with even this remaining password? In that case SSO can be deployed in combination with an access pass. The security card your employees use to gain access to the premises or for time and attendance, then replaces the final password/username combination. By presenting a card to or into a reader and if required, entering a PIN code, the user is automatically logged in. When the employee again presents the card to a reader, he or she is then logged out.
2. Automatic password synchronization
Would it not be ideal if the same password/username combination could be used for every application? The difficulty here is that the passwords almost always have an expiry date and need to be renewed regularly. And the expiry date is not the same for every application. For some applications a new password has to be set monthly, while other software might only require it once a year. It’s virtually impossible for users to reset a newly-introduced password in all the other required applications so that the password would then indeed be identical everywhere.
However you can actually automate this very well with solutions for password synchronization, which ensure that passwords are and remain synchronous in multiple systems. The newly-set password is then immediately intercepted and forwarded to all other applications.
3. Help users to create strong passwords
Employees often find it difficult to come up with complex passwords. Some applications insist that the password must contain an uppercase letter, a punctuation mark or a figure. Or that the password must differ from the old one by X percentage.
That’s why users need some help in creating new, strong passwords. Password creation tools assist users to produce their passwords. The established complexity rules are shown when users configure a new password, and they are notified whether the relevant requirements have been met.
4. Let users reset their passwords themselves
As mentioned earlier, the introduction of complex passwords leads to an increase in the number of password reset requests to the helpdesk. To ease the burden on the helpdesk it’s possible to let users reset their passwords themselves. Users identify themselves by correctly answering a number of personal questions (e.g. ‘What’s your mother’s maiden name?’) and can then reset their own passwords, without the intervention of the helpdesk.
A combination of these solutions means time-consuming registration procedures are a thing of the past and the helpdesk is relieved of the problems. Users benefit from maximum user-friendliness, while productivity rises.
For more information, please visit our website.
Thursday, May 16, 2013
Control Data and Applications Securely When Employees Come & Go
In today’s complex corporate and business network environments, controlling access to sensitive data is of utmost concern. The amount of security-related data stored across a network is immense for many organizations, and relating all this data to the user’s account information in Active Directory can be tricky and time consuming.
There are really three sides to proper data security. The first step is ensuring that new employee accounts are created with the proper access rights when an employee joins the organization. The second is making sure those access rights remain accurate during the employee’s tenure, and the third is revoking all access rights when the employee leaves.
Let’s take a more in-depth look at solutions for all three of these phases of data security.
Solutions
By using a role-based access control matrix in conjunction with an identity management solution, companies can ensure that accounts for new employees are always created with proper access rights.
The first step of this stage is to define the roles that employees should have in the organization. This is usually a combination of department, location and job title. While establishing the data access rights, group memberships and application requirements for each role can be time consuming, the end result will allow a template for both new employee creation and an audit point in the future.
Software applications are available that will allow the linking of a human resource system to Active Directory for automatic account creation with all proper rights. Additionally, if there are special requirements, a workflow system can easily be established to allow manager and system owners to process approvals before access is granted.
Access rights to data often tend to creep into multiple areas over an employees’ tenure with an organization. For example, rights are assigned to one employee for special projects while one employee is covering for another on leave or when an employee changes departments and responsibilities. The revocation of these special or historical rights occurs infrequently at best. Again, software solutions are available to analyze the rights of employees and make the information actionable. For the product to provide value, there are several items that should be considered as mandatory including the ability to detect:
The final step in the data security process is one that is often overlooked or not performed in a timely fashion: The termination of access rights to the network, data and all applications, including cloud-based solutions, must be accomplished immediately upon an employee’s termination.
Recently, a sales manager at a large organization that’s also a client of Tools4ever told a horror story about this very topic. A terminated sales rep had his network access revoked immediately upon departure, but the organization did not have a process in place to disable access in a timely manner to a cloud-based business intelligence application. The terminated employee realized the account was sill “live” and proceeded to download more than 10,000 records over the course of the next 30 days at a cost to the company of more than $6,000.
The point of this story: Imagine the costs if 20, 30 or 100 terminated employees did this very same thing in a short period of time.
When putting a process in place to handle terminated employees, the most common scenario is, once again, a link to the HR system. When an employee is terminated, a synchronization process needs to be in place to handle the decommissioning of accounts in all internal and external systems. If feasible, using web services or application programming interfaces (API’s) to automate the process will save time and money in the long run. Where not feasible, an email workflow process should be established whereby system owners are notified to terminate the account and positive feedback required to establish the work has been completed.
Summary
It is imperative that organizations implement the necessary security measures to insure that access to data, groups and applications are right sized for an employee during their tenure. Equally critical is the revocation of all account access when they depart. Failure to meet these criteria can lead to theft of secure data and costly access to external applications.
For more information on our Identity and Password Management solutions, please visit our website.
There are really three sides to proper data security. The first step is ensuring that new employee accounts are created with the proper access rights when an employee joins the organization. The second is making sure those access rights remain accurate during the employee’s tenure, and the third is revoking all access rights when the employee leaves.
Let’s take a more in-depth look at solutions for all three of these phases of data security.
Solutions
By using a role-based access control matrix in conjunction with an identity management solution, companies can ensure that accounts for new employees are always created with proper access rights.
The first step of this stage is to define the roles that employees should have in the organization. This is usually a combination of department, location and job title. While establishing the data access rights, group memberships and application requirements for each role can be time consuming, the end result will allow a template for both new employee creation and an audit point in the future.
Software applications are available that will allow the linking of a human resource system to Active Directory for automatic account creation with all proper rights. Additionally, if there are special requirements, a workflow system can easily be established to allow manager and system owners to process approvals before access is granted.
Access rights to data often tend to creep into multiple areas over an employees’ tenure with an organization. For example, rights are assigned to one employee for special projects while one employee is covering for another on leave or when an employee changes departments and responsibilities. The revocation of these special or historical rights occurs infrequently at best. Again, software solutions are available to analyze the rights of employees and make the information actionable. For the product to provide value, there are several items that should be considered as mandatory including the ability to detect:
- Direct access to a file/directory rather than access through a group membership;
- Access to a file/directory through multiple or nested group memberships;
- Groups and user accounts that are no longer present in Active Directory;
- Duplicate access privileges to a file/folder of a user or user group;
- Access to files/directories through a local or file system user account.
The final step in the data security process is one that is often overlooked or not performed in a timely fashion: The termination of access rights to the network, data and all applications, including cloud-based solutions, must be accomplished immediately upon an employee’s termination.
Recently, a sales manager at a large organization that’s also a client of Tools4ever told a horror story about this very topic. A terminated sales rep had his network access revoked immediately upon departure, but the organization did not have a process in place to disable access in a timely manner to a cloud-based business intelligence application. The terminated employee realized the account was sill “live” and proceeded to download more than 10,000 records over the course of the next 30 days at a cost to the company of more than $6,000.
The point of this story: Imagine the costs if 20, 30 or 100 terminated employees did this very same thing in a short period of time.
When putting a process in place to handle terminated employees, the most common scenario is, once again, a link to the HR system. When an employee is terminated, a synchronization process needs to be in place to handle the decommissioning of accounts in all internal and external systems. If feasible, using web services or application programming interfaces (API’s) to automate the process will save time and money in the long run. Where not feasible, an email workflow process should be established whereby system owners are notified to terminate the account and positive feedback required to establish the work has been completed.
Summary
It is imperative that organizations implement the necessary security measures to insure that access to data, groups and applications are right sized for an employee during their tenure. Equally critical is the revocation of all account access when they depart. Failure to meet these criteria can lead to theft of secure data and costly access to external applications.
For more information on our Identity and Password Management solutions, please visit our website.
Friday, May 10, 2013
From RBAC to CBAC: Claim Based Access Control
Many organizations that are in the process of defining the various different organizational roles for the purpose of Role Based Access Control (RBAC) will realize that this is a major or even unachievable undertaking. After all, mapping out all the roles for each department and job title is a time-consuming job. A consultant will have to check with every department to create an inventory of user privileges, formalize it and gain approval. Also, a high level of detail is to be avoided, as this would make it necessary to define as many roles as there are employees, which would undermine the value of automation.
To solve problems like these, Tools4ever has developed an Identity and Access Management solution that combines RBAC with Claim Based Access Control (CBAC). CBAC involves the assignment of access rights to applications and other services based on a so-called claim (proof of authenticity) through which a third party vouches for the authenticity of the person who is requesting access rights or a particular service.
In actual practice, this means that difficult scenarios, exceptions and doubts in the area of authorizations are handled by members in the organization rather than automatically assigned/revoked. To this end, Tools4ever offers a self-service portal which requests for access privileges can be delegated to the relevant manager or employee. Following their approval, the changes will be implemented across the network.
CBAC allows organizations to quickly and intelligently gain control over user access to network resources. All the decisions regarding the assignment of access rights are directly made by the responsible staff members.
For more information on Identity Management solutions, and other Tools4ever products, please visit our website.
Friday, May 3, 2013
South Jersey Healthcare uses Tools4ever
As a leader in providing quality identity and access management solutions, Tools4ever continues to be especially proficient in developing, implementing and automating user account management processes within the healthcare setting.
Tools4ever, the worldwide market leader in identity and access management solutions with more than five million user accounts, announced today that South Jersey Healthcare, based in Vineland, New Jersey, has implemented User Management Resource Administrator (UMRA) to standardize and streamline its user account management processes throughout the organization.
A nonprofit healthcare organization made up three major regional hospitals and more than 60 outpatient care locations, South Jersey Healthcare uses UMRA to assist with the standardization of account creation and management for the more than 6,000 employees, as well as to provide employees within the organization with the correct access rights to internal systems.
Before UMRA, South Jersey Healthcare employees entered account data using their own conventions - such as custom passwords and logins - which often led to error, confusion and lost productivity. Tools4ever's UMRA easily allows leaders at South Jersey Healthcare to customize electronic forms for account creation while not burdening the employees in charge of this task with elevated rights. Instead of free form data entry, UMRA's electronic templates have drop-down menus with information including department names, radio buttons with locations and addresses built in, as well as mandatory fields required to create an account.
"UMRA has helped clean up Active Directory to make it more consistent and useful for our entire organization," says Andrew Gahm, systems and security engineer at South Jersey Healthcare.
Departmental, IT and health system directors at South Jersey Healthcare now are assured that the information included in their account is accurate and correct, and the organization no longer needs to focus time on cleaning up messes or correcting account disparities from accounts that were not previously created correctly, says Gahm.
As a worldwide leader in identity and access management solutions, Tools4ever is especially proficient in developing, implementing and automating user account management processes within the healthcare setting. Tools4ever has carried out thousands of implementations for healthcare organization such as South Jersey Healthcare including South County Hospital in Wakefield, Rhode Island, CentraState Healthcare System in Freedom Township, New Jersey, and Providence Hospital, in Columbia, South Carolina.
"As hospital and healthcare leaders continue to be met with mandates and reform, solutions such as automated user account management will be increasingly vital to them and ever important as they seek new ways to not only manage data, but managing who has access to certain and specific data," says Dean Wiech, managing director of Tools4ever. "Tools like UMRA are powerful allies to IT leaders and organizational management as they allow for regular information audits to be conducted and even streamline the account creation and data management process."
For more information, please visit our website
Tools4ever, the worldwide market leader in identity and access management solutions with more than five million user accounts, announced today that South Jersey Healthcare, based in Vineland, New Jersey, has implemented User Management Resource Administrator (UMRA) to standardize and streamline its user account management processes throughout the organization.
A nonprofit healthcare organization made up three major regional hospitals and more than 60 outpatient care locations, South Jersey Healthcare uses UMRA to assist with the standardization of account creation and management for the more than 6,000 employees, as well as to provide employees within the organization with the correct access rights to internal systems.
Before UMRA, South Jersey Healthcare employees entered account data using their own conventions - such as custom passwords and logins - which often led to error, confusion and lost productivity. Tools4ever's UMRA easily allows leaders at South Jersey Healthcare to customize electronic forms for account creation while not burdening the employees in charge of this task with elevated rights. Instead of free form data entry, UMRA's electronic templates have drop-down menus with information including department names, radio buttons with locations and addresses built in, as well as mandatory fields required to create an account.
"UMRA has helped clean up Active Directory to make it more consistent and useful for our entire organization," says Andrew Gahm, systems and security engineer at South Jersey Healthcare.
Departmental, IT and health system directors at South Jersey Healthcare now are assured that the information included in their account is accurate and correct, and the organization no longer needs to focus time on cleaning up messes or correcting account disparities from accounts that were not previously created correctly, says Gahm.
As a worldwide leader in identity and access management solutions, Tools4ever is especially proficient in developing, implementing and automating user account management processes within the healthcare setting. Tools4ever has carried out thousands of implementations for healthcare organization such as South Jersey Healthcare including South County Hospital in Wakefield, Rhode Island, CentraState Healthcare System in Freedom Township, New Jersey, and Providence Hospital, in Columbia, South Carolina.
"As hospital and healthcare leaders continue to be met with mandates and reform, solutions such as automated user account management will be increasingly vital to them and ever important as they seek new ways to not only manage data, but managing who has access to certain and specific data," says Dean Wiech, managing director of Tools4ever. "Tools like UMRA are powerful allies to IT leaders and organizational management as they allow for regular information audits to be conducted and even streamline the account creation and data management process."
For more information, please visit our website
Friday, April 26, 2013
84% of Helpdesk Employees said they Could Save Time if they had the Ability to Reset their Own Passwords
IT and helpdesk employees often deal with an overwhelming amount of calls to the helpdesk each day. The survey found that over half the respondents (55%), said their helpdesk receives over 100 calls a week! It also found that 56% of respondents felt that the overwhelming amount of calls to the helpdesk were due to people having too many passwords to remember leading them to need to reset many of them. Many of those surveyed also said their company requires complex passwords in conjunction with requirements to change their passwords every month. All of this leads to a lot of time spent on password resets, which could be easily done by end users with Self Service Reset Password Management software.
Key Findings
There were a total of 110 respondents which consisted of helpdesk and IT employees. A summary of the key findings:
Many of the password reset calls are for Active Directory
Active Directory passwords are critical to reset quickly because without them users cannot access their computers or any additional applications to get their work done. 71% of respondents said that password reset calls are usually for AD accounts, which shows the importance and time critical nature of the password resets which most help desk employees are dealing with.
The helpdesk could save a great deal of time if end users could reset their own passwords:
If end users were able to safely and securely reset their own passwords without having to contact the helpdesk, it would save both the end users and the help desk a great deal of time and allow them to focus on other important tasks. 84% of respondents agreed that they could save a lot of time if a self service reset password solution was introduced at their companies. Many help desk employees also felt that this type of solution could save a great deal of money as well as increase the level of service for end users.
Self Service Reset Password Manager
Self service reset password solutions are applications that allow end-users to reset their password on the basis of a number of simple, predefined questions. They simply click the ‘forgot my password’ button and provide answers to the security questions. The results of this survey clearly indicate that employees and employers both can reap the benefits and time savings associated with an automated solution to provide self service when it comes to forgotten passwords.
For the complete survey results, click here.
For more information on SSRPM, please visit our website.
Key Findings
There were a total of 110 respondents which consisted of helpdesk and IT employees. A summary of the key findings:
- The helpdesk receives an overwhelming amount of calls each week:
- Helpdesk and IT employees spend an inordinate amount of time on tasks that are simple but are time consuming such as password resets. The survey found that 55% of the respondents said that they receive over 100 calls a week! This shows how extremely busy they are with simple tasks which take time away from other projects.
Many of the password reset calls are for Active Directory
Active Directory passwords are critical to reset quickly because without them users cannot access their computers or any additional applications to get their work done. 71% of respondents said that password reset calls are usually for AD accounts, which shows the importance and time critical nature of the password resets which most help desk employees are dealing with.
The helpdesk could save a great deal of time if end users could reset their own passwords:
If end users were able to safely and securely reset their own passwords without having to contact the helpdesk, it would save both the end users and the help desk a great deal of time and allow them to focus on other important tasks. 84% of respondents agreed that they could save a lot of time if a self service reset password solution was introduced at their companies. Many help desk employees also felt that this type of solution could save a great deal of money as well as increase the level of service for end users.
Self Service Reset Password Manager
Self service reset password solutions are applications that allow end-users to reset their password on the basis of a number of simple, predefined questions. They simply click the ‘forgot my password’ button and provide answers to the security questions. The results of this survey clearly indicate that employees and employers both can reap the benefits and time savings associated with an automated solution to provide self service when it comes to forgotten passwords.
For the complete survey results, click here.
For more information on SSRPM, please visit our website.
Friday, April 19, 2013
Tools4ever Develops Connector with Microsoft Lync
Tools4ever’s new connector make it possible to configure a host of settings for Lync users based on information from the source system, such as setting a phone number for the use of Microsoft Exchange Unified Messaging, among other features.
Tools4ever announced recetnly that is has developed a connector for the enterprise instant messenger application Microsoft Lync (previously Microsoft Office Communicator). The new connector drastically simplifies the management of user accounts and access privileges by eliminating the need for manual and error-prone procedures.
Tools4ever’s Identity and Access Management suite, including User Management Resource Administrator (UMRA), allows users to have actions performed in Microsoft Lync based on data from any source system. For instance, a Lync user is created when a new employee is added to the human resource system. It is also possible to disable a Lync user when the associated employee leaves service.
Besides enabling and disabling user accounts in Microsoft Lync, the new Lync connector make it possible to configure a host of settings for users based on information from the source system, such as setting a phone number for the use of Microsoft Exchange Unified Messaging, as well as makes it possible to retrieve information from Lync for various reporting purposes, such as a list of Lync users including their status, phone number, rights and/or Lync group, or to select a group of Lync users based on their location specified in Active Directory.
Since these actions are performed without the need for intervention or manual procedures by systems administrators, valuable time can be saved and errors prevented.
UMRA is deployed by many organizations for the day-to-day management of user accounts in the Active Directory. As part of the influx, progression and departure of employees, UMRA serves as a graphic shell around the network with which, for instance, a service desk can use electronic forms to carry out these user account management tasks safely and by delegation. Alongside the basic management of user accounts in the Active Directory, UMRA offers (default) connectors for handling the user management for various other systems, including facility management, content management, email and helpdesk systems.
“Tools4ever continuously develops new tools and products to help our clients achieve the most from their solutions, and to automate, access and manage their accounts in the most efficient manner,” said Dean Wiech, managing director of Tools4ever. “Tools4ever’s new Lync connector enables more internal automation and dramaticly simplifies the management of user accounts.”
A full overview of UMRA connectors is available on the website. For more about Tools4ever, visit www.tools4ever.com.
Tools4ever announced recetnly that is has developed a connector for the enterprise instant messenger application Microsoft Lync (previously Microsoft Office Communicator). The new connector drastically simplifies the management of user accounts and access privileges by eliminating the need for manual and error-prone procedures.
Tools4ever’s Identity and Access Management suite, including User Management Resource Administrator (UMRA), allows users to have actions performed in Microsoft Lync based on data from any source system. For instance, a Lync user is created when a new employee is added to the human resource system. It is also possible to disable a Lync user when the associated employee leaves service.
Besides enabling and disabling user accounts in Microsoft Lync, the new Lync connector make it possible to configure a host of settings for users based on information from the source system, such as setting a phone number for the use of Microsoft Exchange Unified Messaging, as well as makes it possible to retrieve information from Lync for various reporting purposes, such as a list of Lync users including their status, phone number, rights and/or Lync group, or to select a group of Lync users based on their location specified in Active Directory.
Since these actions are performed without the need for intervention or manual procedures by systems administrators, valuable time can be saved and errors prevented.
UMRA is deployed by many organizations for the day-to-day management of user accounts in the Active Directory. As part of the influx, progression and departure of employees, UMRA serves as a graphic shell around the network with which, for instance, a service desk can use electronic forms to carry out these user account management tasks safely and by delegation. Alongside the basic management of user accounts in the Active Directory, UMRA offers (default) connectors for handling the user management for various other systems, including facility management, content management, email and helpdesk systems.
“Tools4ever continuously develops new tools and products to help our clients achieve the most from their solutions, and to automate, access and manage their accounts in the most efficient manner,” said Dean Wiech, managing director of Tools4ever. “Tools4ever’s new Lync connector enables more internal automation and dramaticly simplifies the management of user accounts.”
A full overview of UMRA connectors is available on the website. For more about Tools4ever, visit www.tools4ever.com.
Friday, April 5, 2013
Major Time Saver for Helpdesk...
Tools4ever recently conducted a survey on the issue of allowing end users reset their own passwords, and if and how this could benefit the helpdesk or IT employees .
IT and helpdesk employees often deal with an overwhelming amount of calls to the helpdesk each day. The survey found that over half the respondents (55%), said their helpdesk receives over 100 calls a week! It also found that 56% of respondents felt that the overwhelming amount of calls to the helpdesk were due to people having too many passwords to remember leading them to need to reset many of them. Many of those surveyed also said their company requires complex passwords in conjunction with requirements to change their passwords every month. All of this leads to a lot of time spent on password resets, which could be easily done by end users with Self Service Reset Password Management software.
Key Findings
There were a total of 110 respondents which consisted of helpdesk and IT employees. A summary of the key findings:
The helpdesk receives an overwhelming amount of calls each week:
Helpdesk and IT employees spend an inordinate amount of time on tasks that are simple but are time consuming such as password resets. The survey found that 55% of the respondents said that they receive over 100 calls a week! This shows how extremely busy they are with simple tasks which take time away from other projects.
Many of the password reset calls are for Active Directory:
Active Directory passwords are critical to reset quickly because without them users cannot access their computers or any additional applications to get their work done. 71% of respondents said that password reset calls are usually for AD accounts, which shows the importance and time critical nature of the password resets which most help desk employees are dealing with.
The helpdesk could save a great deal of time if end users could reset their own passwords:
If end users were able to safely and securely reset their own passwords without having to contact the helpdesk, it would save both the end users and the help desk a great deal of time and allow them to focus on other important tasks. 84% of respondents agreed that they could save a lot of time if a self service reset password solution was introduced at their companies. Many help desk employees also felt that this type of solution could save a great deal of money as well as increase the level of service for end users.
Self Service Reset Password Manager:
Self service reset password solutions are applications that allow end-users to reset their password on the basis of a number of simple, predefined questions. They simply click the ‘forgot my password’ button and provide answers to the security questions. In reference to the survey results, Dean Wiech, Managing Director of Tools4ever, Inc. stated, ”The results of this survey clearly indicate that employees and employers both can reap the benefits and time savings associated with an automated solution to provide self service when it comes to forgotten passwords.”
Read the full survey results:
For more details on SSRPM and its full functionality please visit our website.
IT and helpdesk employees often deal with an overwhelming amount of calls to the helpdesk each day. The survey found that over half the respondents (55%), said their helpdesk receives over 100 calls a week! It also found that 56% of respondents felt that the overwhelming amount of calls to the helpdesk were due to people having too many passwords to remember leading them to need to reset many of them. Many of those surveyed also said their company requires complex passwords in conjunction with requirements to change their passwords every month. All of this leads to a lot of time spent on password resets, which could be easily done by end users with Self Service Reset Password Management software.
Key Findings
There were a total of 110 respondents which consisted of helpdesk and IT employees. A summary of the key findings:
The helpdesk receives an overwhelming amount of calls each week:
Helpdesk and IT employees spend an inordinate amount of time on tasks that are simple but are time consuming such as password resets. The survey found that 55% of the respondents said that they receive over 100 calls a week! This shows how extremely busy they are with simple tasks which take time away from other projects.
Many of the password reset calls are for Active Directory:
Active Directory passwords are critical to reset quickly because without them users cannot access their computers or any additional applications to get their work done. 71% of respondents said that password reset calls are usually for AD accounts, which shows the importance and time critical nature of the password resets which most help desk employees are dealing with.
The helpdesk could save a great deal of time if end users could reset their own passwords:
If end users were able to safely and securely reset their own passwords without having to contact the helpdesk, it would save both the end users and the help desk a great deal of time and allow them to focus on other important tasks. 84% of respondents agreed that they could save a lot of time if a self service reset password solution was introduced at their companies. Many help desk employees also felt that this type of solution could save a great deal of money as well as increase the level of service for end users.
Self Service Reset Password Manager:
Self service reset password solutions are applications that allow end-users to reset their password on the basis of a number of simple, predefined questions. They simply click the ‘forgot my password’ button and provide answers to the security questions. In reference to the survey results, Dean Wiech, Managing Director of Tools4ever, Inc. stated, ”The results of this survey clearly indicate that employees and employers both can reap the benefits and time savings associated with an automated solution to provide self service when it comes to forgotten passwords.”
Read the full survey results:
For more details on SSRPM and its full functionality please visit our website.
Friday, March 29, 2013
IT Trends for 2013
As the US economy slowly gains traction, IT budgets are likely to remain flat or only have modest increases for 2013. As such, IT personnel will continue to look for ways to make the organization and infrastructure run more efficiently. CIOs will definitely focus on projects that provide a substantial return on investment and high visibility projects – those that have a significant impact on the most number of employees possible. Below are several areas we predict will be of particular interest to the technology departments in business, government, education and healthcare.
Employee Self Service
Any time a process is put in place that can eliminate calls to the help desk, it will result in a tremendous time savings. As such, the trend towards employee self-service will continue through 2013. HR departments started this trend decades ago when they allowed employees to look up benefits, vacation time remaining and other repetitive tasks without contact a representative. The trend is continuing in the IT group with tasks such as password reset and requesting access to distribution list, network shares and specific applications.
Self Service Reset Password applications have been around for several years now and continue to prove their value. Businesses and schools that have not already adopted this technology will do well to investigate in the coming year. Much like a banking website, end users enroll via a series of challenge questions and, should they forget their password, are able to reset directly from the network login screen or a website. This eliminates a call to the help desk and allows the employee to become productive immediately instead of waiting in the helpdesk phone queue. Two-factor authentication (2FA) enhances security in this area as well. Delivery of a one-time use PIN code via SMS or email insures the person resetting the password is the actual employee.
Another area of self-service involves employees who need access to distribution groups, network shares or applications they currently cannot access. Normally this involves a phone call to the help desk or a paper process requiring multiple signatures that end up in the IT group. Using workflow processes, the employees can initiate the request from a web page on the company intranet and, depending on the request, have it electronically routed to the individuals responsible for approval. In some scenarios, involvement from the IT department may not be necessary if an automated provisioning process is in place or may only need to perform the final step when notified via the workflow system.
Cloud Applications
As solutions like Gmail and Office 365 continue to gain traction in the corporate and education environments, being able to provision and de-provision accounts in a timely fashion becomes critical to controlling costs. While many companies have implemented Identity management solutions for Active Directory, implementing a seamless process to these cloud applications can be a challenge. Though both Google and Microsoft offer tools to synchronize AD with their respective products, they reportedly fall short in many areas and can make account management a tedious chore.
Many vendors offer advanced tools to allow for painless synchronization and management of accounts in these, and many other cloud applications. As most cloud solution providers invoice based on the number of active users in any given month, insuring that user accounts are decommissioned in a timely fashion can lead to incremental savings.
Security and Audit
As in past years, security of the network and providing accurate reporting to auditors will have a large impact on the IT department. Providing employees the access required to applications and network functional areas needed to perform their jobs, while insuring unnecessary accesses are never granted will continue to occupy a large portion of IT resources. IAM providers will continue to enhance solutions to provide automated and seamless interfaces to the myriad of applications in an average organization thereby reducing the overhead to maintain proper access rights.
Controlling the access rights properly when employees join an organization, change positions or leave, makes the audit process that much easier and insures compliance at all times. This will continue to be a driving force in the coming year, especially as the “bring your down device” (BYOD) concept surges.
About Tools4ever
Tools4ever distinguishes itself with a no-nonsense approach and a low total cost of ownership. In contrast to comparable identity and access management solutions, Tools4ever implements a complete solution in several days rather than weeks or months. Because of this approach, Tools4ever is the undisputed identity and access management market leader with more than five million managed users. Tools4ever supplies a variety of software products and integrated consultancy services involving identity management, such as user provisioning, role-based access control, password management, single sign on and access management. For more information, please visit www.tools4ever.com.
Employee Self Service
Any time a process is put in place that can eliminate calls to the help desk, it will result in a tremendous time savings. As such, the trend towards employee self-service will continue through 2013. HR departments started this trend decades ago when they allowed employees to look up benefits, vacation time remaining and other repetitive tasks without contact a representative. The trend is continuing in the IT group with tasks such as password reset and requesting access to distribution list, network shares and specific applications.
Self Service Reset Password applications have been around for several years now and continue to prove their value. Businesses and schools that have not already adopted this technology will do well to investigate in the coming year. Much like a banking website, end users enroll via a series of challenge questions and, should they forget their password, are able to reset directly from the network login screen or a website. This eliminates a call to the help desk and allows the employee to become productive immediately instead of waiting in the helpdesk phone queue. Two-factor authentication (2FA) enhances security in this area as well. Delivery of a one-time use PIN code via SMS or email insures the person resetting the password is the actual employee.
Another area of self-service involves employees who need access to distribution groups, network shares or applications they currently cannot access. Normally this involves a phone call to the help desk or a paper process requiring multiple signatures that end up in the IT group. Using workflow processes, the employees can initiate the request from a web page on the company intranet and, depending on the request, have it electronically routed to the individuals responsible for approval. In some scenarios, involvement from the IT department may not be necessary if an automated provisioning process is in place or may only need to perform the final step when notified via the workflow system.
Cloud Applications
As solutions like Gmail and Office 365 continue to gain traction in the corporate and education environments, being able to provision and de-provision accounts in a timely fashion becomes critical to controlling costs. While many companies have implemented Identity management solutions for Active Directory, implementing a seamless process to these cloud applications can be a challenge. Though both Google and Microsoft offer tools to synchronize AD with their respective products, they reportedly fall short in many areas and can make account management a tedious chore.
Many vendors offer advanced tools to allow for painless synchronization and management of accounts in these, and many other cloud applications. As most cloud solution providers invoice based on the number of active users in any given month, insuring that user accounts are decommissioned in a timely fashion can lead to incremental savings.
Security and Audit
As in past years, security of the network and providing accurate reporting to auditors will have a large impact on the IT department. Providing employees the access required to applications and network functional areas needed to perform their jobs, while insuring unnecessary accesses are never granted will continue to occupy a large portion of IT resources. IAM providers will continue to enhance solutions to provide automated and seamless interfaces to the myriad of applications in an average organization thereby reducing the overhead to maintain proper access rights.
Controlling the access rights properly when employees join an organization, change positions or leave, makes the audit process that much easier and insures compliance at all times. This will continue to be a driving force in the coming year, especially as the “bring your down device” (BYOD) concept surges.
About Tools4ever
Tools4ever distinguishes itself with a no-nonsense approach and a low total cost of ownership. In contrast to comparable identity and access management solutions, Tools4ever implements a complete solution in several days rather than weeks or months. Because of this approach, Tools4ever is the undisputed identity and access management market leader with more than five million managed users. Tools4ever supplies a variety of software products and integrated consultancy services involving identity management, such as user provisioning, role-based access control, password management, single sign on and access management. For more information, please visit www.tools4ever.com.
Subscribe to:
Posts (Atom)