Single Sign On in the NHS

Richard Lane, healthcare technical strategist – Microsoft UK

A typical clinician in the NHS has to remember around 5 identities and passwords to access the various IT systems required of his/her daily duties. NHS IT users often experience password fatigue and try to simplify matters by using the same password for multiple systems.

Security therefore suffers because of this. Typically these applications have varying password requirements (length, complexity etc) and the passwords often expire at different times and get out of synch easily. 

In short, there is a constant battle between the NHS IT department trying to enforce identity and access management security and the NHS IT User who is trying to work with these various IT systems, whilst maintaining a clinical service under often extreme pressures. "I see greater value in ESSO solutions that make use of the existing Infrastructure an NHS Trust has already invested in."

Secure and automated log-on

Wouldn’t it be great if solutions existed whereby a user is logged on automatically to each application required, regardless of the application type.

Also, wouldn’t it be good if security could be increased by setting each application password to its maximum length and changing the password automatically every week for example, with the user being blissfully unaware.

Well, there are solutions that can do this and generally fall under the banner of Enterprise Single Sign-On Solutions or ESSO. A number of these solutions work by introducing a hardware appliance into the environment which takes a feed from your directory service; Active Directory for example.

A client that is installed on each PC polls the appliance for security profiles, application information etc. The problem with these appliance-based ESSO solutions is that in order to achieve resilience, numerous appliances have to be purchased and placed strategically around the network.

The value of single sign-on

I see greater value in ESSO solutions that make use of the existing Infrastructure an NHS Trust has already invested in.

If for example a Trust uses Microsoft Active Directory, they will hopefully already have a resilient solution through the strategic placement of Domain Controllers, far better for the ESSO solution to extend the use of this investment rather than introducing a further layer of complexity and management overhead.

One such solution is Enterprise SSO by Evidian which not only works with Active Directory but also integrates with the CFH Smartcard.

Evidian’s E-SSO also allows for fast user switching, a must have in busy areas where multiple clinicians share a PC. Another aspect that I like about this solution is the ability for mobile users to reset their passwords.

Related Articles:

- Read about Evidian's solution as implemented at Shrewsbury and Telford Hospital

- Find out more about Evidian's solution in the healthcare sector

- Podcast: Shrewsbury and the Benefits of Single Sign-on

- View this live meeting recording: Extending the use of AD to deploy Single Sign On integrated with the CfH SmartCard