Jul 28 2023

4 Ways Microsoft Entra ID Secures Health IT Environments

Ensuring secure access to private patient data from anywhere is crucial.

Healthcare organizations are dynamic ecosystems with users that include clinicians as well as business and IT support. While they have different information access needs, the ultimate goal of all of these roles is to provide quality care and keep sensitive patient information secure.

Microsoft Entra ID (previously known as Microsoft Azure Active Directory) is a cloud-based access management system that can be used across all lines of business in a healthcare organization. Though its name has changed, the solution still provides the same sophisticated security features beyond typical passwords.

“We used to have organizations say, we don’t trust the cloud, the cloud’s not secure. And the irony is the cloud is more secure than anything anybody has on-premises,” says Kent Compton, principal solution architect of Microsoft Identity and Security for CDW. “Almost all of the hacks have been to on-premises systems as opposed to cloud systems.”

With organizations re-evaluating policies they instituted during the COVID-19 pandemic, Compton says it’s the perfect time to upgrade access management procedures.

“My team and I make sure that customers spend time understanding the different Entra ID features,” he says. “We want to understand the objective that they are trying to solve. Then we can work backward and find the features that can help.”

Below, Compton outlines some of the top Entra ID features that give healthcare organizations safer and seamless operations.

DISCOVER: How Microsoft Azure supports digital transformation in healthcare.

1. Centralizes Identity to Protect Patient Data from Cyberthreats

Because the workforce in healthcare can be dispersed among several settings — including offices, clinics and at home — having an authentication system that can address security needs is important, Compton says.

Entra ID is a cloud-based directory service that provides authentication and authorization for all of Microsoft’s enterprise applications. Because the system uses verifiable credentials based on whether a user is an issuer, an individual or a verifier, privacy and interactions are decentralized and more protected.

“It’s important to understand that Entra ID is multiple things. The product itself is scalable,” Compton says, adding that features include validation for quick self-service employee onboarding, partners and customers; access granting and permissions; self-service account recovery; and credential enabling that can be used anywhere.

Click the banner to learn how your health system can benefit from a hybrid cloud environment.

2. Requires Multifactor Authentication to Strengthen Security

Compton says he encourages all of his customers, not just healthcare clients, to use multifactor authentication. Every Entra ID user has a password but also uses a passcode sent to a mobile device or a fingerprint to ensure stronger security.

“We never set up Entra ID without multifactor authentication. Passwords are inherently weak and have been for a while. They are really falling out of favor, certainly from a security perspective,” Compton says.

The added layers of authentication make users identify key indicators including who they are, what they know and where they are. Biometric authentication, including fingerprints and face recognition, verify users in the safest way possible, Compton says.

“There’s a whole industry movement, whether it’s the National Institute of Standards and Technology, Microsoft or Google, that is pushing toward passwordless authentication. It works like using face recognition on your smartphone to be able to unlock access to all of the various applications that you have,” he says.

3. Enables Integration with Several Hardware and Software Solutions

Entra ID has a directory of verifiable credentials, and includes many international, national and healthcare-specific standards and certifications that help the program connect to a variety of software and hardware solutions.

Compton says there are thousands of healthcare applications, and the integration relies on standards.

“Modern apps that are web-based are great partners with Entra ID. There are thousands of healthcare applications, and the thing that’s nice about these cloud-based services is that deploying them is pretty simple,” he says. “Entra ID can provide authentication for thousands of Software as a Service applications, including any organization’s internal web-based applications.”

RELATED: Set a secure foundation for your move to Microsoft Azure.

4. Provides Increased Security for Flexible Healthcare Workplaces

Whether employees are working in the office, a remote setting or a fast-paced hospital, having a single sign-on option through Entra ID allows for efficiency in the workplace, Compton says.

“Single sign-on means that once someone has signed into their device, they can open and access any of the applications they use and never be prompted,” Compton says.

When employees work from home or in a hybrid setup, having Entra ID is more secure for all users, especially when sensitive patient data is being processed, Compton says.

“Doctors can work from home at night, writing patient records or making updates,” he says. “Entra ID ensures that they can work in a more secure manner versus just giving them a laptop and VPN.”

Brought to you by:

ipopba/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.