This approach served the healthcare community well for decades, but the emerging reliance on hundreds of diverse cloud services has pushed the teams maintaining those solutions to their limits. IAM teams struggle to keep pace with the many new integrations demanded each year, and it is clear that the uniqueness of the healthcare environment is fading away. Many technology leaders now recognize that commercial IAM solutions are better able to keep pace with the rapidly changing cloud environment, and that the time has come to adopt these systems to better serve patients, providers and administrators.
Technology professionals studying the IAM vendor landscape face a monumental decision. The IAM platform they choose will require an almost-herculean undertaking to implement; and once in place, it will serve in a pivotal role at the center of the organization’s cybersecurity program for years, if not decades, to come.
Let’s take a look at some of the key factors technology leaders should consider as they select an IAM platform for their organization.
Evaluate the Reliability of IAM Vendors
IAM platforms join Infrastructure as a Service providers, networking vendors and database platforms at the heart of an organization’s technology stack. A failure in any one of these critical components could bring the organization to its knees. In fact, the instability of homegrown integrations is often one of the driving forces behind a move to adopt a commercial IAM platform. When the IAM system goes down, providers and administrators find themselves unable to log in to any systems, bringing their work to a halt.
For this reason, teams must carefully scrutinize the operational credentials of vendors under consideration. Negotiate service-level agreements, but look beyond the text at the vendor’s track record and architecture. Do the promises they make in agreements seem viable in light of the state of their technology? Do they have a track record of successfully managing operational issues?
Consider the Breadth of Healthcare Security Integrations
The rapid pace of adopting new cloud services is another of the critical factors driving the adoption of commercial IAM platforms. Teams find themselves stretched beyond their limits keeping up with the demand to integrate newly adopted services. Commercial platforms come prebuilt with hundreds of integrations for popular services. Analyze the array of existing integrations against the services used by the organization. How many current services are covered out of the box by the candidate, and how many will require custom development work?
In addition to examining existing services, try to get a sense of the pace of development of new integrations. When new services become popular, how quickly does the vendor release an integration? Is it likely that these new integrations will become available before they are needed, avoiding time-consuming manual integrations?
Ease of Use Matters for Cybersecurity Tools in Healthcare
The IAM platform resides at the core of the technology infrastructure, but in an ideal world, users are barely aware that it exists. How seamless is the IAM technology? Will users rapidly adopt it? In particular, how convenient is the multifactor authentication experience? Will an existing MFA approach integrate seamlessly with the new platform? Or, can a migration to MFA technology offered by the IAM platform occur with minimal user inconvenience?
Make sure to consider the ease of use for the technologists operating the IAM back end as well. Is the administrative interface intuitive? How well does the platform integrate with other components of the organization’s cybersecurity program?
Commercial IAM platforms offer healthcare organizations a variety of important benefits. Institutions that have not already migrated away from homegrown approaches will likely do so in the coming years. The selection of a new IAM platform is a decision that will affect the organization for years to come. Therefore, technology leaders should treat this migration with the attention that it deserves.