We asked one of our Gold Partners, Enline, to give us an insight into the world of identity and access management.
Enline have been existence since 1985 - providing impartial and trusted advice on Information Security and Infrastructure solutions to hundreds of organisations in the public and private sectors.
Their Managing Director, Mike Nelsey, kindly took up our challenge and has written this excellent 10-point guide…
Forget the phrase Identity and access management, in today’s healthcare environment, clinical efficiency, information sharing, security and of course, cost reduction are sought.
As more organisations look to share services, share information or merge, the state of the underlying infrastructure, the accuracy of user information and authority becomes more of an issue.
These are the points to which Identity and Access management has the most important bearing. So you’ll have been thinking about this for a while. Phrases such as Single Sign-on, Joiner-Mover-Leaver management, cross-organisation working may have been mentioned. Clinicians, help desk, administrators and auditors all want it “to be easier”.
So where to start, what to avoid, and the broader benefits of such a programme are points that come to mind. Matters such as:
1. Implement smart
Look to roll out technologies once, even tactical ones, as a part of a broader strategy. Don’t put yourself in a cul-de-sac for the next steps.
2. Don’t follow broken working practices
Automating them doesn’t make them better.
3. Remember the users
If the processes you introduce are difficult, users will look to short cut them so that they can do their jobs efficiently.
4. Launch the programme with a publicity campaign and champions
Ensure adoption with your users and create some interest before “go live”
5. Start small and build
Many identity programmes have been abandoned with scary amounts of money wasted. Why? The organisation has been too ambitious at the outset.
6. Manage the exceptions, not the norm
Again, an obvious one, but over-complicating matters by taking a “bottom-up” approach will add cost, complexity and time to your project.
7. Know what the art of the possible is – and the cost
Cross organisational working or information sharing lends itself to over complicated, expensive or just plainly unnecessary approaches. Technologies such as federation allow users to be managed from their host organisations and secure solutions implemented in weeks.
8. Educate your users to the risks
Compliance violation, risk of being compromised; users don’t necessarily appreciate the risks of sharing a password or login. Explain it in basic terms. “You could be blamed for someone else’s transgression.” “Security is like Health & Safety – it is everyone’s responsibility”.
9. Build your business case well
It is not just about “ROI” and we shouldn’t pretend that this is the case. More effective working, less risk and user satisfaction all play a part and sometimes we get carried away with projected savings that are simply unreal. The softer organisational benefits should be clearly described.
10. Do nothing and you will fail
User dissatisfaction, difficult or impossible management and auditing, help desk overload. These are symptoms of poor identity and access management. Introduce new applications, new transformations on top of this, and whatever cost you have in mind will rise exponentially.
And finally...talk to knowledgeable advisors
Ones who will listen, look, learn and then recommend. Clinical Context? Single Sign on? User management and workflow automation? Federated services? All may have a role, or none! Let them guide you on the most appropriate approach for your organisations, now and in the future.
Mike Nelsey, Managing Director, Enline.
Enline will be running an event on 31st January 2012 in Manchester for event is for Clinical and IT professionals who want to learn how Microsoft’s Health Solutions can simplify and streamline access to patient information to improve patient care, enhance patient safety and increase Clinician satisfaction. Click here to find out more and register