1. IAM Requires a Cloud-Smart Mindset
Identity management practices in legacy environments are often built out across years of resource additions. They become decentralized and organized around particular on-premises assets. A modernized approach to identity management is to secure and govern identities and access from the cloud. This requires a fundamentally different approach to overall identity architecture.
“A unified and interconnected architecture is the first critical step that enables the success of identity modernization projects,” says Irina Nechaeva, general manager of identity product marketing at Microsoft. “It helps organizations think holistically about all users and all resources, helping define points of consolidation and simplification.”
Most healthcare organizations need to secure access to dozens of applications, from third-party Software as a Service tools to on-premises customized resources. It can be overwhelming to figure out where to get started with updating access management for all of these assets.
“A good way to simplify your identity modernization program is to group these applications by the type of authentication protocol, either modern or legacy,” Nechaeva says. “This will inform the new identity architecture and modernization initiative milestones.”
EXPLORE: These are the top three reasons to modernize your IAM program.
2. Healthcare Organizations Manage Authentication Protocols
Legacy authentication protocols such as Lightweight Directory Access Protocol and Kerberos often sit alongside modern ones, including OAuth 2.0 and Security Assertion Markup Language, inside today’s IT environments. This situation requires the creation and management of individual user identities across resources, which can overwhelm IT teams.
One way to get a handle on managing multiple authentication protocols is using an application gateway. “An application gateway can be used to connect newer systems to legacy applications,” says Wesley Gyure, executive director of security product management for IBM. “These solutions proxy the flow of traffic and transform the data formats into the new authentication protocols being used to implement single sign-on.”
61%
The share of IT and security professionals who consider IAM tools to be very effective at improving visibility into their security environment
Source: CDW, 2024 CDW Cybersecurity Research Report, June 2024
Identity orchestration is another solution that can help organizations move away from juggling multiple authentication protocols. These tools provide a way to streamline identity and access management by organizing all of a health system’s identity and authentication services into automated workflows.
“Identity orchestration allows organizations to build customized IAM architecture,” Gyure says. “This allows for easy integration of new systems and helps prevent vendor lock-in.”
3. Employee Buy-In Is Critical to IAM Success
While IT teams are quick to grasp the value of modernizing IAM processes, it may be less apparent to employees. They are used to doing things a certain way. To help manage the change required for a new authentication process, consistency is key. Applying the same authentication protocol across the environment will help ensure a successful transition.
“You want to strive for consistency with your IAM programs,” Gyure says. “Making a change overnight and expecting immediate compliance will not work. Instead, a phased approach, delivering a consistent user experience, using the same authentication protocol across apps, will yield better results.”
In addition to consistency, you want to have a plan in place to educate users about the new processes being implemented. Gaining employee and clinician buy-in and conducting proper education are important steps in mitigating an impact on patient care or the provider and patient experience.
Click the banner below to read the “2024 CDW Cybersecurity Report.”
“Establishing a clear communication plan that outlines the benefits and features of the new IAM tool is crucial for fostering acceptance among users,” Nechaeva says. “Additionally, providing comprehensive training sessions tailored to different user roles can help demystify the tool and ease the transition process, ensuring that employees feel confident in using the new system.”
Integrating new IAM practices into your environment can be a complex task, requiring consideration of not only the technology but the processes and the people. In addition, healthcare organizations require compliance with regulatory guidelines, including HIPAA, the General Data Protection Regulation, the Sarbanes-Oxley Act and the California Consumer Privacy Act.
With so many considerations to address, organizations should consider a Rapid IAM Strategy Assessment to evaluate overall alignment to IAM best practices and provide suggestions for where improvements can be made to strengthen that alignment.
