As the US economy slowly gains traction, IT budgets are likely to remain flat or only have modest increases for 2013. As such, IT personnel will continue to look for ways to make the organization and infrastructure run more efficiently. CIOs will definitely focus on projects that provide a substantial return on investment and high visibility projects – those that have a significant impact on the most number of employees possible. Below are several areas we predict will be of particular interest to the technology departments in business, government, education and healthcare.
Employee Self Service
Any time a process is put in place that can eliminate calls to the help desk, it will result in a tremendous time savings. As such, the trend towards employee self-service will continue through 2013. HR departments started this trend decades ago when they allowed employees to look up benefits, vacation time remaining and other repetitive tasks without contact a representative. The trend is continuing in the IT group with tasks such as password reset and requesting access to distribution list, network shares and specific applications.
Self Service Reset Password applications have been around for several years now and continue to prove their value. Businesses and schools that have not already adopted this technology will do well to investigate in the coming year. Much like a banking website, end users enroll via a series of challenge questions and, should they forget their password, are able to reset directly from the network login screen or a website. This eliminates a call to the help desk and allows the employee to become productive immediately instead of waiting in the helpdesk phone queue. Two-factor authentication (2FA) enhances security in this area as well. Delivery of a one-time use PIN code via SMS or email insures the person resetting the password is the actual employee.
Another area of self-service involves employees who need access to distribution groups, network shares or applications they currently cannot access. Normally this involves a phone call to the help desk or a paper process requiring multiple signatures that end up in the IT group. Using workflow processes, the employees can initiate the request from a web page on the company intranet and, depending on the request, have it electronically routed to the individuals responsible for approval. In some scenarios, involvement from the IT department may not be necessary if an automated provisioning process is in place or may only need to perform the final step when notified via the workflow system.
Cloud Applications
As solutions like Gmail and Office 365 continue to gain traction in the corporate and education environments, being able to provision and de-provision accounts in a timely fashion becomes critical to controlling costs. While many companies have implemented Identity management solutions for Active Directory, implementing a seamless process to these cloud applications can be a challenge. Though both Google and Microsoft offer tools to synchronize AD with their respective products, they reportedly fall short in many areas and can make account management a tedious chore.
Many vendors offer advanced tools to allow for painless synchronization and management of accounts in these, and many other cloud applications. As most cloud solution providers invoice based on the number of active users in any given month, insuring that user accounts are decommissioned in a timely fashion can lead to incremental savings.
Security and Audit
As in past years, security of the network and providing accurate reporting to auditors will have a large impact on the IT department. Providing employees the access required to applications and network functional areas needed to perform their jobs, while insuring unnecessary accesses are never granted will continue to occupy a large portion of IT resources. IAM providers will continue to enhance solutions to provide automated and seamless interfaces to the myriad of applications in an average organization thereby reducing the overhead to maintain proper access rights.
Controlling the access rights properly when employees join an organization, change positions or leave, makes the audit process that much easier and insures compliance at all times. This will continue to be a driving force in the coming year, especially as the “bring your down device” (BYOD) concept surges.
About Tools4ever
Tools4ever distinguishes itself with a no-nonsense approach and a low total cost of ownership. In contrast to comparable identity and access management solutions, Tools4ever implements a complete solution in several days rather than weeks or months. Because of this approach, Tools4ever is the undisputed identity and access management market leader with more than five million managed users. Tools4ever supplies a variety of software products and integrated consultancy services involving identity management, such as user provisioning, role-based access control, password management, single sign on and access management. For more information, please visit www.tools4ever.com.
Friday, March 29, 2013
Friday, March 22, 2013
Five ways Hospitals can Improve Information Security
- Easily eliminate the security risk of shared accounts- Often times in hospitals, doctors and nurses use shared accounts with one set of credentials for everyone. This is especially common in Emergency Rooms where employees use one PC to access important information. To avoid spending valuable time logging into Windows and launching applications, one generic user account is often used, which is not secure since users can gain access to specific information. It is also makes it difficult when it comes to audits and compliance. Instead doctors and nurses will need their own credentials for each application, but requiring them to remember all new credentials for each of the applications can be difficult, and logging in and out is a time consuming process. A single sign on application will ease this process and allow the employees to only have to remember one set of credentials, making the process of eliminating shared accounts easy. Combining this with a smartcard is even more efficient. Once a user presents the smartcard to the reader, it is recognized by the SSO software and the user is automatically switched, logged in and the right applications are launched.
- No written down passwords-Hospitals would like to implement strong and complex passwords due to audits requirements. Implementing complex passwords though has major consequences for end users. Often if users have to remember several different and complex passwords, which also need to be changed once in a while, they will write them down and store them somewhere. This makes the applications and systems insecure since people can easily find out the credentials. With a single sign on solution doctors and nurses will not need to write down there credentials since they will only need to remember one combination of username and password. This will eliminate this security risk and give hospitals the possibility to easily implement complex passwords.
- Give employees correct access rights - To ensure security of the network and information in a hospital, employees need to be given the correct security permissions depending on their job roles. Ensuring that employees have the proper access rights will improve security. Doing so requires setting controls which can take the IT department months to implement. Using a role based access control solution can assist with this process. It will help the IT department easily populate the RBAC matrix and provide a simple overview of network resources available to an employee base on their job role.
- User provisioning - Often when employees leave employment at a hospital, the IT staff is not notified right away and the employees accounts are left open allowing ex-employees the ability to access information. This makes the systems and information not secure and can lead to serious problems. With an automated account management solution in place, the IT department can quickly and easily de provision accounts as soon as an employee leaves, to ensure security and easily comply with audit standards.
- Stored Information- With a single sign on solution information can be stored about who is logging into each application and what they are doing. This will allow the IT department to easily review who has access to what and if their applications and systems are secure. It will also allow them to easily comply with audit standards.
Friday, March 15, 2013
A Case Study on Self Service Password Resets
South County Hospital is a 100 bed acute care hospital located in
Wakefield, Rhode Island and has more than 1,200 employees. With a focus
on lean management, and an effort to make processes as efficient as
possible, the hospital began to look for ways to improve password
management and reduce the number of support calls to the help desk. The
help desk was averaging 20 to 25 password resets a month, each requiring
about half an hour to complete due to the arduous process of receiving
the call, placing a work order, resetting the password and then
contacting the users, most of whom are busy clinicians. By improving
this process, the hospital also wanted to enhance the user’s experience
so they did not have to wait on the process and could easily reset their
own passwords and get on with their jobs.
When looking for a vendor with a solution to their password management issues, Tools4ever was a front runner as South County had previous experience utilizing another of their products, RealLastLogon. Tools4ever’s Self Service Reset Password Manager (SSRPM) would be able to resolve all of the password reset issues in their environment and also integrate with their Outlook web access page, a top priority at the hospital. SSRPM would also be able integrate with Meditech, the hospital information system, to synchronize the password. Although the decision was made to have the integration done as a phase 2 task, the ability to do so in the future was a major consideration.
For more information, please visit our website.
When looking for a vendor with a solution to their password management issues, Tools4ever was a front runner as South County had previous experience utilizing another of their products, RealLastLogon. Tools4ever’s Self Service Reset Password Manager (SSRPM) would be able to resolve all of the password reset issues in their environment and also integrate with their Outlook web access page, a top priority at the hospital. SSRPM would also be able integrate with Meditech, the hospital information system, to synchronize the password. Although the decision was made to have the integration done as a phase 2 task, the ability to do so in the future was a major consideration.
Easily Customize and Integrate with Systems
At SSRPM was installed easily in South County’s environment and was able to integrate with all the applications at the hospital. SSRPM is now set up to work with three different applications at the hospital; Outlook Web Access for email, the standard Windows credential provider, when logging onto to the computer, as well as remote web access for people working outside the network. The hospital was even able to modify the security questions which users would be asked when resetting their passwords. “The ability to choose questions that have an answer that only the user would know yet are easy to remember is important” said Ken Hedglen, Information Technology Manager at South County Hospital.No Training Required
With SSRPM, users no longer need to spend precious time contacting the help desk and waiting for a reply to their password reset request. They are now able to answer a series of security questions and quickly reset their own password. The hospital also liked that they did not need to provide any training on the product due to it being self-explanatory. “Any system that we implement that we don’t hear anything about after the fact is good, because no news is good news when it comes to systems” said Hedglen. SSRPM has also been beneficial to the helpdesk as they can handle other types of work orders. “The helpdesk can now focus on more important issues rather than simple password resets and are much more productive” said Hedglen.For more information, please visit our website.
Friday, March 8, 2013
Time-Saving Healthcare IT Industry Trends
As the U.S. economy slowly improves, healthcare facility IT budgets are likely to remain flat or see only modest increases in 2013. This means IT departments will continue to look for ways to make their organizations and infrastructures run more efficiently. Below are several areas that will be of particular interest to the technology departments in the healthcare industry.
Self-Service Applications for End Users
Healthcare facilities will likely be looking for time-saving ways to eliminate end-user calls to the IT help desk, and so we’ll likely see an uptick in self-service applications for IT end users.
Self-service reset password applications have been around for several years now and continue to prove their value. End users enroll via a series of challenge questions and, should they forget their password, are able to reset directly from the network login screen or website. This eliminates a call to the help desk, and allows the employee to become productive immediately instead of waiting on the help desk phone queue.
South County Hospital in Rhode Island recently realized the benefits of a self-service reset password application. Its help desk averaged 20 to 25 password reset requests a month, each requiring about 30 minutes to complete because of the arduous process of receiving the call, placing a work order, resetting the password and then contacting the users, most of whom were busy clinicians. Once the self-service application was put in place, users no longer spent precious time contacting the help desk and waiting for a reply.
In addition, two-factor authentication (2FA) enhances security in this area. Delivery of a one-time use PIN code via SMS or email ensures the person resetting the password is the actual employee who has rights to the system and the ability to request password changes.
Another area of self-service involves employees who need access to distribution groups, network shares or applications they currently cannot access. Traditionally, this requires that the end user contact the helpdesk or initiate a tedious paper process requiring multiple signatures. By using workflow processes, the employees can easily initiate the request from a Web page on the company Intranet and, depending on the request, have it electronically routed to the individuals responsible for approval. If an automated provisioning process is in place, involvement from the IT department may not be necessary, or they may only need to perform the final step when notified via the workflow system.
Cloud Applications in the Healthcare Industry
As solutions like Gmail and Office 365 continue to gain traction in healthcare, the ability to provision and de-provision accounts in a timely fashion becomes critical to controlling costs. While many health systems have implemented identity management solutions for Active Directory, implementing a seamless process to these cloud applications can be a challenge. Though both Google and Microsoft offer tools to synchronize AD with their respective products, they reportedly fall short in many areas and can make account management a tedious chore.
Many vendors now offer advanced tools that allow for easy synchronization and management of accounts in these, and many other, healthcare cloud applications. As most cloud solution providers invoice based on the number of active users in any given month, ensuring that user accounts are decommissioned in a timely fashion can lead to incremental savings.
Use of Single Sign On
In hospitals and healthcare settings, work station computers are often used by several people, meaning restricted information can be viewed by unauthorized individuals if accounts are not securely managed.
Yet, clinicians frequently share a common user name and password with peers to avoid wasting time switching between user profiles.
With several users logged into one machine, it is impossible to track how each employee is using the system. Therefore, shared accounts are being eliminated, leaving employees with the task of having to remember several credentials. Often, these credentials need to contain special characters that are difficult to remember and that need to be changed frequently, which leads to employees being locked out of their accounts.
Single sign on software will continue to be a trend in 2013 because of its ability to alleviate this issue. It is a tool that enables end users to log in just once, after which access is granted automatically to all of their authorized network applications and resources. In addition, other solutions can be paired with single sign on, such as fast user switching, which allows users to log in and out with a badge or pass card.
By reducing the amount of time required to log in, clinicians can easily and securely access patient information as they quickly move from room to room. It is even possible to integrate “Follow Me,” which allows users who have opened applications on Citrix and/or Terminal Server to continue their work on another computer. Overall, clinicians will be able to focus less on signing in and more on caring for patients.
Security and Audit of the Healthcare Industry
As in past years, ensuring security of the network and providing accurate reporting to auditors will have a large impact on the IT department, both in time and money. The IT department needs to provide employees with the correct access rights required to applications and network functional areas, while also ensuring unnecessary access is never granted. This process will continue to occupy a large portion of IT resources. Providence Hospital in South Carolina was one such hospital that needed to reform its process. According to hospital leaders, they had more demands on the department and weren’t getting any additional staff because of economic factors. As such, hospital employees needed to work smarter and employ tools to help create more efficiency.
By automating its account management, the assignment of group privileges and permissions to individual users can now easily be completed with a Web form. The application also creates the appropriate Exchange mailbox and creates a home folder for the employee on the appropriate share drive. By ensuring the proper access rights, it makes the audit process that much easier and ensures compliance at all times.
For more information on our solutions, please visit our webpage.
Self-Service Applications for End Users
Healthcare facilities will likely be looking for time-saving ways to eliminate end-user calls to the IT help desk, and so we’ll likely see an uptick in self-service applications for IT end users.
Self-service reset password applications have been around for several years now and continue to prove their value. End users enroll via a series of challenge questions and, should they forget their password, are able to reset directly from the network login screen or website. This eliminates a call to the help desk, and allows the employee to become productive immediately instead of waiting on the help desk phone queue.
South County Hospital in Rhode Island recently realized the benefits of a self-service reset password application. Its help desk averaged 20 to 25 password reset requests a month, each requiring about 30 minutes to complete because of the arduous process of receiving the call, placing a work order, resetting the password and then contacting the users, most of whom were busy clinicians. Once the self-service application was put in place, users no longer spent precious time contacting the help desk and waiting for a reply.
In addition, two-factor authentication (2FA) enhances security in this area. Delivery of a one-time use PIN code via SMS or email ensures the person resetting the password is the actual employee who has rights to the system and the ability to request password changes.
Another area of self-service involves employees who need access to distribution groups, network shares or applications they currently cannot access. Traditionally, this requires that the end user contact the helpdesk or initiate a tedious paper process requiring multiple signatures. By using workflow processes, the employees can easily initiate the request from a Web page on the company Intranet and, depending on the request, have it electronically routed to the individuals responsible for approval. If an automated provisioning process is in place, involvement from the IT department may not be necessary, or they may only need to perform the final step when notified via the workflow system.
Cloud Applications in the Healthcare Industry
As solutions like Gmail and Office 365 continue to gain traction in healthcare, the ability to provision and de-provision accounts in a timely fashion becomes critical to controlling costs. While many health systems have implemented identity management solutions for Active Directory, implementing a seamless process to these cloud applications can be a challenge. Though both Google and Microsoft offer tools to synchronize AD with their respective products, they reportedly fall short in many areas and can make account management a tedious chore.
Many vendors now offer advanced tools that allow for easy synchronization and management of accounts in these, and many other, healthcare cloud applications. As most cloud solution providers invoice based on the number of active users in any given month, ensuring that user accounts are decommissioned in a timely fashion can lead to incremental savings.
Use of Single Sign On
In hospitals and healthcare settings, work station computers are often used by several people, meaning restricted information can be viewed by unauthorized individuals if accounts are not securely managed.
Yet, clinicians frequently share a common user name and password with peers to avoid wasting time switching between user profiles.
With several users logged into one machine, it is impossible to track how each employee is using the system. Therefore, shared accounts are being eliminated, leaving employees with the task of having to remember several credentials. Often, these credentials need to contain special characters that are difficult to remember and that need to be changed frequently, which leads to employees being locked out of their accounts.
Single sign on software will continue to be a trend in 2013 because of its ability to alleviate this issue. It is a tool that enables end users to log in just once, after which access is granted automatically to all of their authorized network applications and resources. In addition, other solutions can be paired with single sign on, such as fast user switching, which allows users to log in and out with a badge or pass card.
By reducing the amount of time required to log in, clinicians can easily and securely access patient information as they quickly move from room to room. It is even possible to integrate “Follow Me,” which allows users who have opened applications on Citrix and/or Terminal Server to continue their work on another computer. Overall, clinicians will be able to focus less on signing in and more on caring for patients.
Security and Audit of the Healthcare Industry
As in past years, ensuring security of the network and providing accurate reporting to auditors will have a large impact on the IT department, both in time and money. The IT department needs to provide employees with the correct access rights required to applications and network functional areas, while also ensuring unnecessary access is never granted. This process will continue to occupy a large portion of IT resources. Providence Hospital in South Carolina was one such hospital that needed to reform its process. According to hospital leaders, they had more demands on the department and weren’t getting any additional staff because of economic factors. As such, hospital employees needed to work smarter and employ tools to help create more efficiency.
By automating its account management, the assignment of group privileges and permissions to individual users can now easily be completed with a Web form. The application also creates the appropriate Exchange mailbox and creates a home folder for the employee on the appropriate share drive. By ensuring the proper access rights, it makes the audit process that much easier and ensures compliance at all times.
For more information on our solutions, please visit our webpage.
Friday, March 1, 2013
Securing workstations from the risk of exposing sensitive data
Health care and security through single sign on and two-factor authentication
In hospitals and health care settings, work station computers are often used by several people, meaning restricted information can be viewed by unauthorized individuals if accounts are not securely managed.
Yet, clinicians frequently share a common user name and password with peers to avoid wasting time switching between users.
With several users logged into one machine, it is impossible to track how each employee is using the system in case there’s ever a need to construct an audit trail or to track how employees use the systems.
The first step to reducing the risk of exposing sensitive data to those who shouldn’t have access is to create user accounts for every person that needs access. While this may seem like an easy task there are number of considerations to keep in mind. For example, it’s necessary to ensure accounts are created in a timely fashion and that proper access rights are given in the network, and that the account is disabled if the employee leaves.
But even with strict security requirements in place, users increasingly have to enter a separate combination of usernames and passwords for each application they wish to access. Taken daily, users can easily enter credentials for more than a dozen applications, producing even more issues. It takes time and opens up other security issues (passwords written on sticky notes stuck to the monitor or on pieces of paper slid under the keyboard for example, or overly simply passwords). Help desks also frequently field calls from users who’ve lost passwords, resulting in elevated support costs.
One practical and secure solution to this problem is the use of a Single Sign On (SSO) product. SSO allows each user to sign into the system once and thereafter be automatically logged into each of their applications on the computer without having to enter additional credentials.
Results from a survey in the health care market revealed some concerns though with SSO, including that the e-mail applications of the users might be available to others. Users expressed concern, being very protective of their e-mail and their personal information. Of course, this issue also can occur if users have shared accounts on the same computer and fail to completely close a browser when logged into an e-mail account.
The concern that information may be easily accessed by non-account owners in a SSO environment can easily be alleviated by using two factor authentication. Two-factor authentication asks a user to present a second form of identification in addition to their user name and password like a pass card, pin code or USB token to access the workstation. This ensures there is an added level of security of their e-mail and other accounts and means even if someone besides the account owner has possession of a password, they are unable to access the account without that second piece of information.
Using the two pieces, SSO and two-factor authentication, in conjunction solves HIPAA security problems for keeping electronic information safe while also addressing the users’ concerns of privacy for their accounts. The two-factor authentication also allows for fast user switching, thereby reducing time spent by clinicians waiting on their profile to load.
By utilizing automated solutions for identity and access management, the burden on the IT staff also can be decreased and overall system security will increase, allowing employees more time to focus on the real work at hand without having to worry about sharing access to systems or worrying about multiple password applications.
For more information, please visit our website.
In hospitals and health care settings, work station computers are often used by several people, meaning restricted information can be viewed by unauthorized individuals if accounts are not securely managed.
Yet, clinicians frequently share a common user name and password with peers to avoid wasting time switching between users.
With several users logged into one machine, it is impossible to track how each employee is using the system in case there’s ever a need to construct an audit trail or to track how employees use the systems.
The first step to reducing the risk of exposing sensitive data to those who shouldn’t have access is to create user accounts for every person that needs access. While this may seem like an easy task there are number of considerations to keep in mind. For example, it’s necessary to ensure accounts are created in a timely fashion and that proper access rights are given in the network, and that the account is disabled if the employee leaves.
But even with strict security requirements in place, users increasingly have to enter a separate combination of usernames and passwords for each application they wish to access. Taken daily, users can easily enter credentials for more than a dozen applications, producing even more issues. It takes time and opens up other security issues (passwords written on sticky notes stuck to the monitor or on pieces of paper slid under the keyboard for example, or overly simply passwords). Help desks also frequently field calls from users who’ve lost passwords, resulting in elevated support costs.
One practical and secure solution to this problem is the use of a Single Sign On (SSO) product. SSO allows each user to sign into the system once and thereafter be automatically logged into each of their applications on the computer without having to enter additional credentials.
Results from a survey in the health care market revealed some concerns though with SSO, including that the e-mail applications of the users might be available to others. Users expressed concern, being very protective of their e-mail and their personal information. Of course, this issue also can occur if users have shared accounts on the same computer and fail to completely close a browser when logged into an e-mail account.
The concern that information may be easily accessed by non-account owners in a SSO environment can easily be alleviated by using two factor authentication. Two-factor authentication asks a user to present a second form of identification in addition to their user name and password like a pass card, pin code or USB token to access the workstation. This ensures there is an added level of security of their e-mail and other accounts and means even if someone besides the account owner has possession of a password, they are unable to access the account without that second piece of information.
Using the two pieces, SSO and two-factor authentication, in conjunction solves HIPAA security problems for keeping electronic information safe while also addressing the users’ concerns of privacy for their accounts. The two-factor authentication also allows for fast user switching, thereby reducing time spent by clinicians waiting on their profile to load.
By utilizing automated solutions for identity and access management, the burden on the IT staff also can be decreased and overall system security will increase, allowing employees more time to focus on the real work at hand without having to worry about sharing access to systems or worrying about multiple password applications.
For more information, please visit our website.
Subscribe to:
Posts (Atom)