Better Together: Identity Governance for Healthcare

Healthcare executives have, in the past, been rightfully cautious about moving to the cloud as they are entrusted with sensitive data. However, the promise of transformational care and the economics of the cloud, combined with advances in cloud security, is making a cloud-enabled healthcare organization much more compelling. It’s important that an identity-focused security strategy leads the way to deliver a secure environment that is managed and supports governance and audit.

To thrive in a more digitally connected world, healthcare organizations need strong, business-aligned identity governance to manage access to applications and resources both in the cloud and in private data centers. A critical and often unaddressed risk for these organizations is that they may have many more cloud applications in use than IT is aware of, and these applications may handle regulated data in a non-controlled and non-compliant manner.

With SailPoint, Microsoft, and Edgile, healthcare organizations can empower their employees while embracing innovation and protecting their enterprises.

An Integrated Identity Governance Solution

Healthcare enterprises can now leverage the identity governance capabilities of SailPoint with the risk-based identity and access management protection of Microsoft Azure Active Directory (AD) to drive their organizations forward to effectively manage access in the era of mobility, applications and the cloud. The combination of Microsoft’s proven productivity and access management solutions, SailPoint’s market-leading identity governance and Edgile’s expert security and risk consulting is a powerful way for healthcare organizations to empower users while also protecting their digital assets.

The integration of SailPoint and Azure AD deliver powerful functionality and creates a framework for productivity, agility, and security by:

• Providing governance-based access to all on-premises and cloud applications
• Enabling risk-based identity protection for applications
• Accelerating the ability to empower users with single sign-on and self-service functionality
• Ensuring security requirements are met via identity governance
• Creating a business-aligned strategy and roadmap for an overall IAM program supported by expert implementation services

The New Identity-Centric Workflow

Clinicians, operational staff, and other healthcare workers require quick and convenient access to the right applications so they can effectively support the delivery of patient care. However, given the complexity of modern applications, access automation has become critical for ensuring uninterrupted productivity and eliminating user frustration. The combination of SailPoint and Microsoft Azure AD accelerates productivity for end users and asset owners. Automation is applied throughout the user lifecycle, thus minimizing manual intervention to grant access throughout a person’s employment.

The combination of Azure AD and SailPoint ensures that new employees have easy access to the resources and applications they need – even before they start work on their first day. As their role within the business changes, their access changes along with them. When they leave the organization, their access is securely disabled. Each change not only affects accounts and entitlements within the organization, but it also synchronizes with the user’s application view, ensuring that users can easily see what applications are currently available to them.

For exceptional cases not covered by automated processes, employees can use self-service to make application access requests for specialized or temporary access to resources. These requests are routed through the appropriate approval workflows and the entitlements on the applicable systems are provisioned, ensuring compliance with security policy. Automated certification of access verifies that users have only the access they need, when they need it. This eliminates extraneous access, assists in proving compliance and enhances the overall security position of the healthcare organization.

The SailPoint, Microsoft Azure AD and Edgile alliance ensures the workforce productivity and agency by ensuring appropriate access to resources and granting the power to request additional access.

This collaboration means employees and contractors can always have access to what they need – and just as importantly, only what they need. It provides a uniform policy that can be enforced across the entire enterprise, no matter the method of granting access. Finally, it provides for significant savings due to increased productivity and reduced helpdesk requirements or need for manual request and approvals.

The SailPoint, Microsoft and Edgile collaboration enables:

• Automatic, policy-based access in accordance with employee events, including joining, moving or leaving the organization
• Increased user productivity via simple self-service password change and reset requests, supported across the entire enterprise and multiple applications, whether on-premises or in the cloud
• Flexible, discretionary-based access request support for out-of-band additional resources and applications

Proven Partnerships Reduce Risk

Adopting new technology and deployment models has historically been a matter of acquiring the “latest and greatest” technology in the hope its potential will match its promise. In today’s increasingly digitized healthcare environment, an organization’s technical agility has become fundamentally critical to operational success. When providers struggle to integrate new functionality, it can ultimately impact patient care and caregiver productivity. For payers, it puts worker productivity and profits at risk. Poorly integrated, bolted-on solutions create problems by their very nature, weakening functionality and security alike.

The flexibility and intelligence of SailPoint and Microsoft Azure AD integration, supported by Edgile’s strategy and implementation services, gives healthcare organizations a proven method of rapidly adopting future functionality, whether on-premises or in the cloud.

It’s a forward-thinking solution, designed to quickly and efficiently incorporate new functionality.

By embracing innovation correctly, healthcare organizations ensure compliance. This gives healthcare organizations the IT infrastructure to:

• Accelerate the speed of business by adopting new technology quickly and efficiently, such as mobile, cloud, or software-as-a-service (SaaS) solutions
• Rapidly scale to meet new business opportunities and support acquisitions
• Lower costs by quickly swapping out components for improved and more efficient options

Identity Governance in Action

Together, SailPoint and Microsoft Azure AD equip users with seamless access to their essential healthcare applications and resources, while also ensuring security requirements are met through identity governance.

Consider these two examples of how automating identity management can improve operational efficiency and IT service delivery to clinical and operational staff:

1. Employee Setup and Access. New nurses or other clinical team member joins the staff at one of the hospitals. In the past, generating accounts and providing access to the network and Active Directory, email, Electronic Medical Record system (EMR such as Epic, Cerner, or others), and other groups was a set of manual or semi-automated steps that took days or weeks to perform.

   By automating access, once new nurses are processed by HR, they are provisioned with email, EMR and other key business applications, network, Active Directory and other groups based on their role while their manager is notified. When nurses go to orientation and EMR training for new employees, the nurses can log into the new user portal to self-claim their account (enter relevant identifying information), agree to the terms, and set their password. The entire process can be performed in advance or the morning of onboarding, taking hours, not days or weeks.

2. Contractor access. The emergency department (ED) has hired several agency nurses to help meet staffing demands. The IT team must provide access to EMR, such as to Epic or Cerner, within two hours of notification. Determining the appropriate access can be a matter of making educated guesses for EMR entitlements, which runs the risk of over-entitlement or delays from reworking errors or missed entitlements. And while audit procedures require each agency nurse to sign confidentiality, nondisclosure and acceptable usage agreements, there’s no clear or simple process to do that.

   By automating access with SailPoint and Microsoft Azure AD, the charge nurse can use self-service to enroll the new agency nurses and ensure that they have the correct access requested to the appropriate resources. The agency nurses can log into the new user portal and self-claim their account and agree to necessary terms and conditions. Access automatically expires when they are no longer working in the ED. With integration and automation, the process can be completed quickly, with lower operations and compliance risk.

Identity governance enables the shift from traditional vulnerable methods of access and protection to ensuring that employees, contractors, and partners anywhere are empowered to succeed, and the right people have the right access to the right applications and data at the right time. Of course, protection in the modern era means proving it through compliance and reporting. Automated audit reporting can demonstrate compliance via pre-defined reports.

Together, SailPoint and Microsoft Azure AD provide:

• Automated access reviews
• Certification of all processes
• Secure access through automated remediation
• Automation to enforce best security practices to ensure policy adherence
• Reduced security risks across the entire organization
• Support for mature customers to implement higher-order security policies, such as separation of duties

The combination of these services gives organizations in healthcare and other highly-regulated industries the means to meet their compliance and security needs.

Take a Strategy-First Approach

Technology alone is not enough for successful identity governance and management in a mobile-first, cloud-first world with growing cyber risk. Healthcare organizations need to align their business goals to a roadmap for identity management to mitigate the risk of a breach. Planning, design and implementation are critical for program success. But in many healthcare organizations, the IT department is already short-staffed while cybersecurity skills are in top demand and positions are hard to fill.

Healthcare organizations must put together a security strategy first in order to move to the cloud. This allows organizations to move quickly and strategically review, assess and implement Microsoft Azure AD’s secure access with SailPoint identity governance capabilities. Next, healthcare CIOs, CISOs and CTOs should create the business-aligned strategies that address the new hybrid identity provisioning, automation and governance challenges in healthcare.

With this strategy-first approach, healthcare organizations can:

• Create a vision of the business goals and build a roadmap for technology investments
• Assess the current state of identity governance using a proven framework and articulate the future state of a business-aligned cybersecurity solution
• Develop a technical proof of concept to reduce the risk of technology change and prove that the intended solution will meet expectations
• Implement Microsoft Azure Active Directory and SailPoint

Start with a Strong Foundation

Conducting business in a mobile and cloud era while countering a constantly shifting threat landscape requires a proven approach. Microsoft, SailPoint and Edgile have collaborated on an elegant enterprise access management and identity governance solution, underpinned by expert strategy and implementation. With an effective, business-aligned identity governance solution, clinicians, administrators and other users have seamless access while also ensuring data and access remains secure and available.

SailPoint’s proven identity governance extends Microsoft Azure AD to provide full, fine-grained provisioning and lifecycle governance across enterprise systems both on-premises and in the cloud. Key identity governance capabilities such as access certifications, access requests, separation-of-duty policies, role management, and audit reporting enhance Azure Active Directory’s unique access management and identity protection services. Edgile’s strategy-first consulting approach, technical proof-of-value testing, and implementation services delivers an identity governance solution that’s aligned with the business and mitigates the risk caused by change.

With the power of SailPoint, Microsoft Azure AD, and Edgile, healthcare organizations can meet strict compliance requirements, enhance cybersecurity and provide modern identity management – while continuing to improve patient care and control costs.

SailPoint: The Power of Identity™

SailPoint, the leader in enterprise identity management, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in virtually every industry.

Microsoft Azure Active Directory

Microsoft Azure Active Directory is a growing collection of integrated cloud services that developers and IT professionals use to build, deploy, and manage applications through our global network of datacenters. With Azure Active Directory, you get the freedom to build and deploy wherever you want, using the tools, applications, and frameworks of your choice. Azure Active Directory is a rich, standards-based identity and access management cloud solution that gives you a robust set of capabilities to simplify user access to cloud apps, protect sensitive data and applications. A high-availability service that integrates with on-premises Active Directory and handles billions of authentications each day, it helps secure access to on-premises and cloud applications including Microsoft web services like Office 365, and many non-Microsoft software as a service (SaaS) applications.

Edgile

Edgile is a trusted partner and advisor on cyber risk, providing strategy and implementation consulting services to the world’s leading organizations. Edgile’s Jumpstart program for Microsoft Azure and SailPoint provides organizations the strategy required to move to the cloud. Edgile’s proven ‘lift and shift’ blueprint successfully moves enterprises to the cloud while managing risk and modernizing the organization’s security model. As a Microsoft Gold Partner, Edgile is recognized for its deep expertise in EM+S, Azure Active Directory, and Active Directory across its practice, which includes identity experts honored as MVPs by Microsoft. SailPoint named Edgile its partner of the year for the Americas in February 2017.

Learn more about Identity for Healthcare.