Like large organizations, small businesses also often have several identity and access management issues, such as ensuring security of systems and applications along with handling password issues. Unlike large organizations, they often do not have the staff and resources to easily handle these tasks, so the tasks either go incomplete or require more time and money than necessary. There are several solutions for small businesses though that easily mitigate these problems and save time and money in the long run.
Ensure Security of Systems and Applications
Employees often have many sets of credentials to login to their applications and perform their jobs. To remember multiple sets of credentials, employees often write down their user names and passwords and store them somewhere by their desks. This puts the organization’s applications at risk and reduces the security.
An easy way for small business to reduce the headache of multiple passwords for their employees, as well as ensure the security of their systems, is with a single sign-on (SSO) application. With an SSO solution, employees only have to remember one set of credentials. Once they enter their single user name and password they will thereafter be automatically signed into all applications and systems once they are opened. This ensures that employees will not use non-secure methods to remember their passwords.
A single sign-on solution also can incorporate two-factor authentication for an additional layer of security to systems and applications used by small businesses.
Two-factor authentication is used by requiring users to present a smart card, as well as a PIN code. This adds additional security to the login process. Two-factor authentication also can be customized to the needs of the organization, such as requiring the computer to remember the PIN for a defined period of time or automatically closing all sessions on the computer after the smart card is removed. Each of these customizations adds additional security to the systems, as well as improving efficiency for the user.
Easily Reduce Password Issues
Integrating simple sign on protocols in your business can cut down on security breaches and streamline employee access.
When an employee forgets a password, or is locked out of an application, they needs to go through the time-consuming process of resetting passwords. In a small business, access to a 24×7 help desk may not be possible. If there is a help desk or IT department available at all times, it may have a small staff and focusing on password resets can take away from their time of focusing on other more important issues.
A self-service reset password solution allows end users to easily and securely reset their passwords themselves. They simply register by providing answers to personal questions, much like a banking website. Then, when they need to reset their password, they simply click the “forgot my password” button, provide the correct answers and are able to reset their password without having to contact anyone else at the company.
This reduces the annoyance of password resets for both the IT department and the end user and allows them to both be productive working on more important tasks.
In conclusion, small businesses have many of the same issues that larger organizations deal with. By implementing one or all of the solutions discussed here they are able to reduce the amount of time the IT staff spends dealing with these issues, and not need to have an employee working full time to handle them.
For additional information, please visit our website.
Friday, June 28, 2013
Friday, June 21, 2013
Accessing Cloud Applications - A Challenge for the IT department
For an IT department, working with cloud applications and their providers can present a number of new challenges. Where the IT department previously took a facilitating role that is now transitioning to a coordinating role. In addition, it can be significantly more difficult to control user and access privileges in cloud applications. The control over user accounts and roles — who has access to which cloud applications and data — is more complex than with applications that reside within the network. Below are some of the causes:
1. Large amount of information
The flow of information within the business environment is exponentially larger, and with greater frequency, than a few years ago. Organizations have to deal with a large number of users (employees, partners and even clients in some situations) and also many changes; for example, an employee leaves the organization. Previously, it was possible to perform necessary account management process during a pre-established and given time, like monthly or quarterly. Today, this is no longer feasible and the data must be refreshed weekly or even daily. Also a factor, custom scripts often do not work with cloud applications.
2. Different structure
It is a major challenge for the IT department to manage all identities, roles and the data that exists in the various cloud solutions. Many solutions use proprietary authorization and authentication structures. It is common that the same data is required in different systems, but the varying structures make it very difficult to manage in a centralized fashion.
3. Multiple authentication sources
Active Directory, or other directory service, such as Novell eDirectory or Apple Open Directory, is normally the central authorization point for users and most likely controls access to other internal applications and systems. Cloud applications are typically not Active Directory integrated and the result is the need for multiple authentication sources; a directory service for internal applications and typically one authentication source per application in the cloud.
Working with multiple authentication sources of this type is complex because there are only limited options to synchronize user accounts between the sources — also known as federation support — such as Microsoft ADFS and the SAML standard.
4. More manual actions
Vendors that do not offer federation support — for example, several vendors of electronic portals and HR systems — offer a Web browser that administrators can use to directly manage the cloud application management. This requires personnel to manually manage the creation of accounts for new employees and partners, and disabling accounts for employees and partners who are no longer part of the organization.
Although typically very well organized, the web portals require a large number of manual operations. This is time consuming and subject to errors. Some applications will allow a bulk upload via a .CSV file but this still requires manual intervention to create the file, upload and verify which can produce a lot of work. In some cases, vendors have developed a link to user accounts to fully automate the process. This is also known as provisioning. The link retrieves information from the portal where the information is contained, and processes it to the electronic learning environment.
5. Password and naming conventions
Another issue that often arises is the standards for naming conventions and passwords. What works or is required in one system, may not work in another. For example, a user ID in the network may be based on the login name and in the cloud application may require the e-mail address. This makes the exchange of user account data between both environments very complex. This same issue can arise with password conventions. Complex passwords are usually required within the network, for example, the requirements of a combination of characters and numbers, however, you may not be able to utilize this convention within the cloud applications. Another factor to consider is the password expiration cycle — one system may be on a 90-day cycle while another might require a change every 30 days. Synchronizing passwords between the network and cloud applications can be tricky and proper planning is required prior to implementation.
6. What if the connection drops?
Vendors that provide links between the network and cloud applications often utilize event-driven synchronization between systems (i.e. when a change occurs, it is propagated immediately between the network and the cloud). However, they may not have a procedure for handling a temporarily dropped connection. Suppose a bulk upload to create a new employee accounts occurs but in the middle of the transfer, the connection with the cloud application drops. The result can be a tremendous amount of manual work to see which records have or have not been created. Cloud applications may not provide a notification that synchronization was successful.
7. Bulk actions
Processing bulk actions in the cloud is sometimes restricted or denied by the application. For example, imagine you need to create user accounts for several thousand employees, partners or clients students in a hosted e-mail system at the beginning of the school year. There are cloud applications that restrict the number of actions that can be implemented at one time or even require that administrative work be done after work hours to avoid overload on the network. While not all cloud application vendors are restrictive in this fashion, several are and this can impose extra work on the IT department.
8. Connecting import scripts
Frequently, various systems within a single network require the same information. The IT department wants to avoid duplicate manual input of information whenever feasible as it is inefficient and can lead to errors. In many cases scripts are created to load the data from an authoritative system to all dependent applications. Usually, a script will be required for each dependent system as the data elements and requirements will be unique. With the advent of cloud applications, this is more difficult to achieve as these solutions do not always provide a methodology to utilize traditional scripts.
Every organization has to deal with tight budgets, strict federal or local regulations and all are under great pressure to constantly seek ways to work more efficiently. Working with cloud applications can, in many cases, mean that the user and access control is not optimal or effective and requires more attention. Suppliers of cloud solutions give little priority to the development of better management of user accounts and access rights in their applications. They are obviously working with the development of new features and business-oriented functionality.
For more information, please visit our website.
1. Large amount of information
The flow of information within the business environment is exponentially larger, and with greater frequency, than a few years ago. Organizations have to deal with a large number of users (employees, partners and even clients in some situations) and also many changes; for example, an employee leaves the organization. Previously, it was possible to perform necessary account management process during a pre-established and given time, like monthly or quarterly. Today, this is no longer feasible and the data must be refreshed weekly or even daily. Also a factor, custom scripts often do not work with cloud applications.
2. Different structure
It is a major challenge for the IT department to manage all identities, roles and the data that exists in the various cloud solutions. Many solutions use proprietary authorization and authentication structures. It is common that the same data is required in different systems, but the varying structures make it very difficult to manage in a centralized fashion.
3. Multiple authentication sources
Active Directory, or other directory service, such as Novell eDirectory or Apple Open Directory, is normally the central authorization point for users and most likely controls access to other internal applications and systems. Cloud applications are typically not Active Directory integrated and the result is the need for multiple authentication sources; a directory service for internal applications and typically one authentication source per application in the cloud.
Working with multiple authentication sources of this type is complex because there are only limited options to synchronize user accounts between the sources — also known as federation support — such as Microsoft ADFS and the SAML standard.
4. More manual actions
Vendors that do not offer federation support — for example, several vendors of electronic portals and HR systems — offer a Web browser that administrators can use to directly manage the cloud application management. This requires personnel to manually manage the creation of accounts for new employees and partners, and disabling accounts for employees and partners who are no longer part of the organization.
Although typically very well organized, the web portals require a large number of manual operations. This is time consuming and subject to errors. Some applications will allow a bulk upload via a .CSV file but this still requires manual intervention to create the file, upload and verify which can produce a lot of work. In some cases, vendors have developed a link to user accounts to fully automate the process. This is also known as provisioning. The link retrieves information from the portal where the information is contained, and processes it to the electronic learning environment.
5. Password and naming conventions
Another issue that often arises is the standards for naming conventions and passwords. What works or is required in one system, may not work in another. For example, a user ID in the network may be based on the login name and in the cloud application may require the e-mail address. This makes the exchange of user account data between both environments very complex. This same issue can arise with password conventions. Complex passwords are usually required within the network, for example, the requirements of a combination of characters and numbers, however, you may not be able to utilize this convention within the cloud applications. Another factor to consider is the password expiration cycle — one system may be on a 90-day cycle while another might require a change every 30 days. Synchronizing passwords between the network and cloud applications can be tricky and proper planning is required prior to implementation.
6. What if the connection drops?
Vendors that provide links between the network and cloud applications often utilize event-driven synchronization between systems (i.e. when a change occurs, it is propagated immediately between the network and the cloud). However, they may not have a procedure for handling a temporarily dropped connection. Suppose a bulk upload to create a new employee accounts occurs but in the middle of the transfer, the connection with the cloud application drops. The result can be a tremendous amount of manual work to see which records have or have not been created. Cloud applications may not provide a notification that synchronization was successful.
7. Bulk actions
Processing bulk actions in the cloud is sometimes restricted or denied by the application. For example, imagine you need to create user accounts for several thousand employees, partners or clients students in a hosted e-mail system at the beginning of the school year. There are cloud applications that restrict the number of actions that can be implemented at one time or even require that administrative work be done after work hours to avoid overload on the network. While not all cloud application vendors are restrictive in this fashion, several are and this can impose extra work on the IT department.
8. Connecting import scripts
Frequently, various systems within a single network require the same information. The IT department wants to avoid duplicate manual input of information whenever feasible as it is inefficient and can lead to errors. In many cases scripts are created to load the data from an authoritative system to all dependent applications. Usually, a script will be required for each dependent system as the data elements and requirements will be unique. With the advent of cloud applications, this is more difficult to achieve as these solutions do not always provide a methodology to utilize traditional scripts.
Every organization has to deal with tight budgets, strict federal or local regulations and all are under great pressure to constantly seek ways to work more efficiently. Working with cloud applications can, in many cases, mean that the user and access control is not optimal or effective and requires more attention. Suppliers of cloud solutions give little priority to the development of better management of user accounts and access rights in their applications. They are obviously working with the development of new features and business-oriented functionality.
For more information, please visit our website.
Friday, June 14, 2013
4 Time-Saving Healthcare IT Industry Trends
As the U.S. economy slowly improves, healthcare facility IT budgets are likely to remain flat, or see only modest increases, in 2013. This means that IT departments will continue to look for ways to make their organizations and infrastructures run more efficiently.
Below are four areas that will be of particular interest to the technology departments in the healthcare industry. Self-service applications for end users' healthcare facilities will likely be looking for time-saving ways to eliminate end-user calls to the IT help desk, so we’ll likely see an uptick in self-service applications for IT end users.
No. 1: Self-Service Applications for End Users
Self-service reset password applications have been around for several years now and continue to prove their value. End users enroll via a series of challenge questions and, should they forget their password, are able to reset directly from the network login screen or website. This eliminates a call to the help desk, and allows the employee to become productive immediately instead of waiting on the help desk phone queue.
No. 2: Cloud Applications in the Healthcare Industry
As solutions like Gmail and Office 365 continue to gain traction in healthcare, the ability to provision and deprovision accounts in a timely fashion becomes critical to controlling costs. While many health systems have implemented identity management solutions for Active Directory (AD), implementing a seamless process to these cloud applications can be a challenge.
Though both Google and Microsoft offer tools to synchronize AD with their respective products, they reportedly fall short in many areas and can make account management a tedious chore. Many vendors now offer advanced tools that allow for easy synchronization and management of accounts in these, and many other, healthcare cloud applications.
No. 3: Use of Single Sign-On
In hospitals and healthcare settings, both authorized and unauthorized people often use the workstation computers, meaning that those unauthorized people can view restricted information if accounts are not securely managed. Yet, clinicians frequently share a common username and password with peers to avoid wasting time switching between user profiles.
By reducing the amount of time required to log in, clinicians can easily and securely access patient information as they quickly move from room to room. It is even possible to integrate “Follow Me,” which allows users who have opened applications on Citrix and/or Terminal Server to continue their work on another computer. Overall, clinicians will be able to focus less on signing in and more on caring for patients.
No. 4: Security and Audit of the Healthcare Industry
As in past years, ensuring security of the network and providing accurate reporting to auditors will have a large impact on the IT department, both in time and money. The IT department needs to provide employees with the correct access rights required to applications and network functional areas, while also ensuring unnecessary access is never granted.
The application also creates the appropriate Exchange mailbox and creates a home folder for the employee on the appropriate share drive. By ensuring the proper access rights, it makes the audit process that much easier and ensures compliance at all times.
For more information, please visit our website.
Below are four areas that will be of particular interest to the technology departments in the healthcare industry. Self-service applications for end users' healthcare facilities will likely be looking for time-saving ways to eliminate end-user calls to the IT help desk, so we’ll likely see an uptick in self-service applications for IT end users.
No. 1: Self-Service Applications for End Users
Self-service reset password applications have been around for several years now and continue to prove their value. End users enroll via a series of challenge questions and, should they forget their password, are able to reset directly from the network login screen or website. This eliminates a call to the help desk, and allows the employee to become productive immediately instead of waiting on the help desk phone queue.
No. 2: Cloud Applications in the Healthcare Industry
As solutions like Gmail and Office 365 continue to gain traction in healthcare, the ability to provision and deprovision accounts in a timely fashion becomes critical to controlling costs. While many health systems have implemented identity management solutions for Active Directory (AD), implementing a seamless process to these cloud applications can be a challenge.
Though both Google and Microsoft offer tools to synchronize AD with their respective products, they reportedly fall short in many areas and can make account management a tedious chore. Many vendors now offer advanced tools that allow for easy synchronization and management of accounts in these, and many other, healthcare cloud applications.
No. 3: Use of Single Sign-On
In hospitals and healthcare settings, both authorized and unauthorized people often use the workstation computers, meaning that those unauthorized people can view restricted information if accounts are not securely managed. Yet, clinicians frequently share a common username and password with peers to avoid wasting time switching between user profiles.
By reducing the amount of time required to log in, clinicians can easily and securely access patient information as they quickly move from room to room. It is even possible to integrate “Follow Me,” which allows users who have opened applications on Citrix and/or Terminal Server to continue their work on another computer. Overall, clinicians will be able to focus less on signing in and more on caring for patients.
No. 4: Security and Audit of the Healthcare Industry
As in past years, ensuring security of the network and providing accurate reporting to auditors will have a large impact on the IT department, both in time and money. The IT department needs to provide employees with the correct access rights required to applications and network functional areas, while also ensuring unnecessary access is never granted.
The application also creates the appropriate Exchange mailbox and creates a home folder for the employee on the appropriate share drive. By ensuring the proper access rights, it makes the audit process that much easier and ensures compliance at all times.
For more information, please visit our website.
Tale of Two Cities
Identity/password management has been a growing trend in the areas of healthcare, education and business. Lately, government agencies at the local, state and federal levels have also been taking a look.
Out of Control Passwords
St. Petersburg, Fla., currently has about 3,600 full- and part-time employees. It was having immense issues with employee password reset requests. On a daily basis, the IT help desk received 10 or more requests to reset passwords to the Active Directory (AD) network and various other applications.
Departmental leaders decided on a two-phase approach to tackle the issue. They first looked for a solution to allow end users the ability to reset their own passwords to the AD network then implemented a self-service reset password tool. The first aspect of the implementation required end users to select a series of challenge questions and provide answers to those questions. After enrollment, end users could simply click a "Forgot My Password" link on the login screen, provide the answers and reset their password accordingly.
The second phase of the password project was to reduce the number of passwords required to access internal systems. As it stood, the average employee needed to remember eight user name/password combinations while some employees had upwards of 20. Again, the city's leaders looked to commercially available single sign-on solutions and settled on the same vendor that provided the self-service application.
The overall result for both phases of the projects was a reduction in the amount of time IT staff spends resetting passwords to nearly zero.
New HR application and new Directory Service
Tampa, Fla., faced several daunting tasks. The roll out of a new HR/financial system required that each employee had an AD account to access the application. This situation was further exacerbated because the city was running Novel eDirectory and GroupWise for email.
After purchasing a commercially available product, the basic implementation was completed in a few days. This was accomplished by taking an extract from the outgoing HR system and using the current employee list as the basis. After the HR/financial system implementation was completed, the IT group circled back to the identity management provider to put additional components in place.
First was an automated process to create and disable users. Every time a new hire is entered into the HR system, the AD account and Exchange mailbox are created without manual intervention.
Conversely, whenever an employee is indicated as terminated in the HR solution, the account is automatically disabled.
The second phase of the project was to implement a Web portal for allowing employees to request access to different security and distribution groups along with a variety of applications or specific roles within an application. An end user can login to the portal with their network credentials and be presented with a variety of options to request additional access. Once completed the request is routed to the employee's manager for approval and then to the IT department for final approval.
In summary, both municipalities were able to utilize identity and password management solutions to allow their IT employees and end users work more efficiently overall.
For more information, please visit our website.
Out of Control Passwords
St. Petersburg, Fla., currently has about 3,600 full- and part-time employees. It was having immense issues with employee password reset requests. On a daily basis, the IT help desk received 10 or more requests to reset passwords to the Active Directory (AD) network and various other applications.
Departmental leaders decided on a two-phase approach to tackle the issue. They first looked for a solution to allow end users the ability to reset their own passwords to the AD network then implemented a self-service reset password tool. The first aspect of the implementation required end users to select a series of challenge questions and provide answers to those questions. After enrollment, end users could simply click a "Forgot My Password" link on the login screen, provide the answers and reset their password accordingly.
The second phase of the password project was to reduce the number of passwords required to access internal systems. As it stood, the average employee needed to remember eight user name/password combinations while some employees had upwards of 20. Again, the city's leaders looked to commercially available single sign-on solutions and settled on the same vendor that provided the self-service application.
The overall result for both phases of the projects was a reduction in the amount of time IT staff spends resetting passwords to nearly zero.
New HR application and new Directory Service
Tampa, Fla., faced several daunting tasks. The roll out of a new HR/financial system required that each employee had an AD account to access the application. This situation was further exacerbated because the city was running Novel eDirectory and GroupWise for email.
After purchasing a commercially available product, the basic implementation was completed in a few days. This was accomplished by taking an extract from the outgoing HR system and using the current employee list as the basis. After the HR/financial system implementation was completed, the IT group circled back to the identity management provider to put additional components in place.
First was an automated process to create and disable users. Every time a new hire is entered into the HR system, the AD account and Exchange mailbox are created without manual intervention.
Conversely, whenever an employee is indicated as terminated in the HR solution, the account is automatically disabled.
The second phase of the project was to implement a Web portal for allowing employees to request access to different security and distribution groups along with a variety of applications or specific roles within an application. An end user can login to the portal with their network credentials and be presented with a variety of options to request additional access. Once completed the request is routed to the employee's manager for approval and then to the IT department for final approval.
In summary, both municipalities were able to utilize identity and password management solutions to allow their IT employees and end users work more efficiently overall.
For more information, please visit our website.
Subscribe to:
Posts (Atom)