Thursday, September 19, 2013

Automated Identity and Access Management Tools Reduce Security Risks and Yield Savings for Organizations

In today’s technology filled world, the proliferation of user credentials, such as user names and passwords, has grown exponentially. As such, requirements for managing employee access requirements continue to evolve at an unprecedented pace.

As new solutions are put in place to protect a company’s data, the average employee is forced to remember more and more password and login combinations. For example, the typical employee must remember six sets of user credentials. At the same time, top executives within a firm may need to remember as many as 12 or more password and login credentials.

In many cases, the jumble of logins and access passwords becomes a bit of a mess for employees and the company to manage, not to mention the costs associated with loss of employee productivity and work time. The time spent digging for passwords might be considered inconsequential, but the opposite is often true.

Analyst firms Gartner and IDC have each reported that password-related calls from employees occupy between 25 percent and 40 percent of all inquiries to the helpdesk. As staggering as the amount of time spent manually resetting and managing employee accounts is, it may pale in comparison to the average cost of each call to the helpdesk, which typically ranges between $10 and $31 apiece.

On top of this, an employee that’s lost access to internal systems and programs typically loses 20 minutes of productive work time for each call placed to the helpdesk.

And the costs don’t stop there. Though more difficult to measure, there are risks associated with users, who are desperate to avoid the call to the helpdesk, when they write down credentials on pieces of paper and stick them to monitors or store them underneath keyboards, for example. Doing so creates a great deal of risk and exposes confidential company information to the outside world.

Mitigate the risk
Technologies exist from numerous vendors to significantly reduce the costs and risks associated with password management issues. Effective password reset applications have been around and utilized for several years. The best example of this can be found on a bank or financial institution’s website. For locked accounts, users must answer a series of challenge questions to gain access to their requested information.

For business looking to emulate these examples and do away with manual-, time- and cash-consuming processes, once the system is implemented with the self-service password reset tool, employees and end users enroll in it and going forward, if they ever lose their passwords they can simply reset them on their own whenever they need, without assistance from the IT staff or helpdesk.

Strengthening the security of self-service resets
There will forever be fear on the parts of some individuals who believe that by allowing a single sign on self-service password reset function, they are making it much easier for the security of their systems to be compromised. As you might imagine, there are simple solutions to addresses these concerns, too.

The best example may be two-factor authentication. Two-factor authentication can be accomplished by a user providing a one-time PIN code via SMS or an alternate email address. These password self-service applications typically eliminate up to 95 percent of password-related calls to the helpdesk.

Two factor-authentication can also be used to reduce password-related issues in single sign on applications. These products reduce the number of credentials required to access accounts and information from the previously mentioned log in credentials (ranging from six to 12) to one.

Perhaps the best case for this comes from a recent study by the Ponemon Institute, which found that employees spend on average nine-and-a-half minutes each day logging into the applications needed to perform their jobs.

Another recent survey by Tools4ever revealed that respondents overwhelmingly (67 percent of the sample) stated they spend too much time logging in and out of applications to access information, while 85 percent of respondents agreed that efficiencies would be created by using only one set of credentials.

The most common benefit of two-factor authentication is the reduction of the credentials being written down and stored on or near the desktop by employees, as previously mentioned. Another feature of two-factor authentication involves pairing it with biometrics or scan cards in conjunction with credentials and or a PIN code, which further increases the network security.

Also, as many applications require a password change because of time passage (for example, every three months users must update their passwords), a single sign on solution can anonymously reset the password so end users are never even aware of their passwords. This reduces the chance of a terminated employee gaining access to sensitive systems from home if his or her account is not revoked in a timely fashion.

In addition, as password management solutions mature with the market, prices of the solutions have continued to drop and the expediency with which an implementation can be executed is getting significantly shorter.

Self-service password reset solutions can be deployed in one or two days and provide an ROI in as little as one month. SSO solutions typically are deployed across one or two weeks and provide an ROI in as little as three months or less. ROIs for these solutions are typically based on hard dollar savings only and do not take into account soft dollar savings associated with the increase of security or decrease in associated risks of leaving sensitive systems potentially exposed, which is where the real long-term gains are made for those that implement the systems.


For more information, please visit our website.

Thursday, September 12, 2013

Healthcare SSO - Avoid Threats to Level of Care Patients Receive

It is extremely important that in emergency care settings clinicians act quickly to treat their patients. However, the login processes at hospitals and healthcare organizations can often hinder the speed at which clinicians can provide care to their patients.

Clinicians need quick access the patient’s medical history, dosages, medications, etc. to offer the proper care and every second that is lost could have been used for critically needed treatment. While all healthcare organizations need to ensure the security of their systems and applications, this can have a negative impact on the treatment of their patients and can result in time being lost because of inefficient login processes and procedures.

Something as simple as simplifying access to important systems, like patient health records, can save anywhere from a few seconds to several minutes each day, which is time gained caring for patients. By giving clinicians quick access to a patient’s health record, caregivers can make quicker decisions about what kind of treatment options and medications to pursue. Clinicians often have to check several different systems and records in multiple environments to make these decisions. With a single sign-on (SSO) solution, employees not only improve workflow, documentation and security is also improved since the software records all user activities. This also allows the healthcare organization to easily see what each employee is doing on the network.

A single sign-on solution allows clinicians to have a single set of credentials to log on to a computer or workstation. Once they log in one time, they are automatically signed into all authorized systems and applications when they are launched. SSO eliminates major hassles for clinicians and allows them to focus on their key priority, the patients.

The Rivierenland Hospital was one hospital that was able to improve efficiency with an SSO solution. The hospital’s clinicians indicated their frustration at having to remember too many log-in credentials and the time that it took them to log in before assisting each patient. To mitigate these issues an SSO solution was implemented allowing clinicians to swipe their card near the card reader and enter a PIN to access all of the applications and systems they need without having to remember and enter long passwords.

In response to the implementation of SSO, Jos Meeuwsen, the hospital’s system administrator said, “We have received compliments from various departments, including the usually highly-critical Intensive Care department. This is an extremely user-friendly solution.”

There are many reasons why healthcare organizations are hesitant to implement an SSO solution. They believe that SSO can hinder security, or that an implementation will be expansive or drawn out. IT managers assume that if an unauthorized person gets hold of that single log in credential, that person will have access to all the account’s associated applications. Though this does appear to constitute a risk, the log-in process is actually streamlined for the user. Having to remember just one password essentially does away with the risk that the users will scribble passwords on a piece of paper and store them under their keyboard.

If they still feel strongly about it being a security risk, SSO can offer additional security with two-factor authentication. This allows clinicians to swipe or place their card on the card reader in addition to entering a unique PIN. This process ensures that the user needs something physical, the card and something from memory, the PIN, to access the network. In addition, a second pass of the card, or removal from the reader, closes all applications and logs the user of the computer.

In regard to the implementation of SSO being an expensive and a drawn-out process, the nice thing is that it’s often not necessary to set it up for all the people in an organization. For example, in a hospital, SSO is only needed for a select group of people. The advice here is to restrict SSO to the most critical applications and the people who have to log in to a variety of different applications or from multiple locations. The implementation will then be easy to control in terms of price and complexity. This offers an excellent springboard for any further growth and expansion in accordance with changing future needs.

SSO also has additional benefits in addition to reducing the amount of time it takes to log in. The solution can easily assist with audits by providing a detailed log of each user who has logged in and what they did on the network. SSO can also help healthcare organizations easily switch from shared workstations to individual account logins, which is required by HIPPA. Instead of eliminating the shared workstations and giving clinician’s credentials to the systems and applications, SSO easily transitions them to their own single set of credentials. Many vendors also offer a “follow me” feature. This option allows users who have opened applications on Citrix and/or Terminal Server to continue their work on another computer.

An SSO solution, along with the many features offered, can result in a drastic time savings, particularly in the case of specialists who make their rounds amongst several departments or floors. Implementing SSO is an easy process, and the solution integrates with almost all applications, including cloud applications. SSO provides the healthcare organization long-lasting benefits including increasing the care that patients receive and eliminates a great deal of wasted time.

To learn more about SSO and follow me, please visit our website