#HOAHITSEC14

Identity, Security and Healthcare
Geoff Webb
Senior Director, Solution Strategy
Identity, Security and Healthcare
Agenda –
How does identity and the changing practice of identity
management address the ...
Big Challenges Facing Healthcare
• Demand
• Financial
• Role

for healthcare is changing
model is changing

of the patient...
In other words… a lot is changing, fast

4

© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.

#HOAHITSEC1...
Change Increases Risk
These changes increase complexity
as well expectations among users
of systems and patients.
This “co...
Healthcare Breaches Overall

Source: A Look Back: U.S. Healthcare Data Breach Trends - Health Information Trust Alliance (...
94%
7

© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.

#HOAHITSEC14
Causes Of Breaches

Source: Third Annual Benchmark Study on Patient Privacy & Data Security – Ponemon Research
8

© 2014 N...
Type of Breach

Source: A Look Back: U.S. Healthcare Data Breach Trends - Health Information Trust Alliance (HITRUST)
9

©...
A Changing Technology Landscape
Market Trends Driving Change
Cloud

Mobility

Information

Social

ENTERPRISE

11

© 2014 NetIQ Corporation and its affili...
Mobility On The Move

Source: Third Annual Benchmark Study on Patient Privacy & Data Security – Ponemon Research
12

© 201...
Yet Much Remain Unsecured

Source: Third Annual Benchmark Study on Patient Privacy & Data Security – Ponemon Research
13

...
Consumer Cloud Poses A Risk

14

© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.

#HOAHITSEC14
Let’s Get Social

15

© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.

#HOAHITSEC14
More, More, More
•

More:
–
–

Devices

–

Users and participants

–

Collaboration and sharing

–

Mobility

–

•

Inform...
Complexity

All of the above is driving an
explosion in complexity

17

© 2014 NetIQ Corporation and its affiliates. All R...
Cutting Through Complexity

18

© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.

#HOAHITSEC14
Identity Is The Key
•

Identity management is the key to safely unlocking the
power of emergent trends such as:
–

Mobilit...
Building On The Power of Identity
What Is Identity Management?
•

Rapidly changing discipline that helps us
define:
– Who

people are

– What
– What

resour...
The Bottom Line

Identity Management ensures
that the right people have access
to the right resources and
services at the ...
Changing Role Of Identity
• Gone

from highly IT-Centric to very
business-centric

• No

longer owned by the IT organizati...
Identity Ties Together
• Relationships

of people, process and

information
• Regardless
• In

24

of technology

a way th...
Concrete Challenges
• How

do I get people access quickly?

• How

do I monitor what they are doing?

• How

do I reduce t...
The Blind Spot

Employee Lifecycle

Source: http://www.gophoto.us/key/human%20life%20stages
26

© 2014 NetIQ Corporation a...
The Blind Spot

Risk
Blind
Spot

27

© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.

#HOAHITSEC14
Who Is The Risk?

28

© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.

#HOAHITSEC14
Mistakes Are Costly

Source: Datalossdb.com
29

© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.

#HOAHIT...
Mistakes Are Costly

Source: Datalossdb.com
30

© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.

#HOAHIT...
How Do We Solve These Issues?
• Identity

Context
• Adaptive Access
• Integrated Governance
• Identity-Powered Security

3...
Integrated Identity and Access Lifecycle
Powers the entire user lifecycle

32

© 2014 NetIQ Corporation and its affiliates...
What Does This Look Like?
Employees Needs Access…

• Self-service access request to healthcare applications
• Web, cloud and enterprise single sign-...
Managers Need to Manage…

• A complete view of her people and
resources
• Ability to review and approve
requests on-the-go...
And Auditors Need Visibility

• An Identity and Access Governance Platform
• Record and review policies and policy violati...
Integrated Identity Management

These capabilities derive from
integrated, intelligent identity and
access management that...
But Wait…

38

© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.

#HOAHITSEC14
Internet of EVERYTHING
25 billion and 1 trillion items by end of decade

39

© 2014 NetIQ Corporation and its affiliates. ...
And EVERYTHING is
going to want an Identity
(which is a lot)

40

© 2014 NetIQ Corporation and its affiliates. All Rights ...
Identity Powered Healthcare
•

Identity management will define your interactions
with clinicians, partners, associates and...
Next Up

Welcome to
Generation “I”

42

© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.

#HOAHITSEC14
Recommendations
• Evaluate

how your organization uses identity

• Plan

to integrate identity and access
management into ...
Worldwide Headquarters
1233 West Loop South
Suite 810
Houston, TX 77027 USA
+1 713.548.1700 (Worldwide)
888.323.6768 (Toll...
Upcoming SlideShare
Loading in …5
×

Identity, Security and Healthcare

1,586
-1

Published on

Healthcare businesses must balance the requirement to provide the necessary information practitioners need to deliver quality healthcare, with the pressing need to keep patient data private and secure. As more and more patient information moves online and mobile, healthcare organizations are rethinking the role of identity in ensuring that the right people get the right information when and how they need it.

Geoff Webb, Director of Solution Strategy with NetIQ presented 'Identity, Security and Healthcare' at the Heart of America HIMSS chapter event at Johnson County Community College on January 16th 2014. His presentation looked at the evolving trends of mobility, social identity, cloud, and security in the world of healthcare, and how you can start planning now to meet the needs of your organization today and in the future.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,586
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
31
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Well, the good ones look like everything else!
    Not easy to spot: The intent speaks to the "A" in advanced -- the attackers aren't going to announce their intent.
    Hack employees – map using LinkedIn and Facebook
    You’ll need monitoring, logging, etc.
    Transition in to phishing
    As I discussed, the trophy is getting in…When it comes to APTs it is not about how good you are once inside, but that you use a totally new approach for entering the organization.  You don’t bother to just simply hack the organization and its infrastructure; you focus much more of your attention on hacking the employees.
    You can almost map the employees in an organization simply by using published information on LinkedIn. Facebook is another good place to find out where you work and when you are on vacation.
  • Identity, Security and Healthcare

    1. 1. #HOAHITSEC14 Identity, Security and Healthcare Geoff Webb Senior Director, Solution Strategy
    2. 2. Identity, Security and Healthcare Agenda – How does identity and the changing practice of identity management address the major challenges facing the healthcare industry today? •What are the challenges and risks? •How is complexity having an effect? •How does the concept of identity solve these problems? •Where 2 are we headed? © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    3. 3. Big Challenges Facing Healthcare • Demand • Financial • Role for healthcare is changing model is changing of the patient is changing • Healthcare itself is changing • Competitive • Role landscape is changing of government is also changing Source: Business Drivers of Technology Decisions for Healthcare Providers – Gartner December 2013 3 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    4. 4. In other words… a lot is changing, fast 4 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    5. 5. Change Increases Risk These changes increase complexity as well expectations among users of systems and patients. This “consumerization of expectation” is a significant driver of risk for organizations handling sensitive data, such as patient and employee records. 5 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    6. 6. Healthcare Breaches Overall Source: A Look Back: U.S. Healthcare Data Breach Trends - Health Information Trust Alliance (HITRUST) 6 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    7. 7. 94% 7 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    8. 8. Causes Of Breaches Source: Third Annual Benchmark Study on Patient Privacy & Data Security – Ponemon Research 8 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    9. 9. Type of Breach Source: A Look Back: U.S. Healthcare Data Breach Trends - Health Information Trust Alliance (HITRUST) 9 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    10. 10. A Changing Technology Landscape
    11. 11. Market Trends Driving Change Cloud Mobility Information Social ENTERPRISE 11 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    12. 12. Mobility On The Move Source: Third Annual Benchmark Study on Patient Privacy & Data Security – Ponemon Research 12 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    13. 13. Yet Much Remain Unsecured Source: Third Annual Benchmark Study on Patient Privacy & Data Security – Ponemon Research 13 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    14. 14. Consumer Cloud Poses A Risk 14 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    15. 15. Let’s Get Social 15 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    16. 16. More, More, More • More: – – Devices – Users and participants – Collaboration and sharing – Mobility – • Information Risk and penalties Less: – – Visibility – 16 Control Ability to say “no” © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    17. 17. Complexity All of the above is driving an explosion in complexity 17 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    18. 18. Cutting Through Complexity 18 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    19. 19. Identity Is The Key • Identity management is the key to safely unlocking the power of emergent trends such as: – Mobility – Cloud – Information use – Social Media • • 19 Good identity management improves outcomes and reduces risk And it’s cheaper… © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    20. 20. Building On The Power of Identity
    21. 21. What Is Identity Management? • Rapidly changing discipline that helps us define: – Who people are – What – What resources they should have access to – What • privileges they should have that access should be In order to: – Improve – Reduce 21 productivity risk © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    22. 22. The Bottom Line Identity Management ensures that the right people have access to the right resources and services at the right time, in the way they need it 22 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    23. 23. Changing Role Of Identity • Gone from highly IT-Centric to very business-centric • No longer owned by the IT organization • Increasingly reflects the more consumerized technology landscape and expectations of users 23 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    24. 24. Identity Ties Together • Relationships of people, process and information • Regardless • In 24 of technology a way that is secure and manageable © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    25. 25. Concrete Challenges • How do I get people access quickly? • How do I monitor what they are doing? • How do I reduce the risk from privileged users? • How do I know when I have been breached? • How do I report on who has access to what? 25 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    26. 26. The Blind Spot Employee Lifecycle Source: http://www.gophoto.us/key/human%20life%20stages 26 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved.
    27. 27. The Blind Spot Risk Blind Spot 27 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    28. 28. Who Is The Risk? 28 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    29. 29. Mistakes Are Costly Source: Datalossdb.com 29 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    30. 30. Mistakes Are Costly Source: Datalossdb.com 30 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    31. 31. How Do We Solve These Issues? • Identity Context • Adaptive Access • Integrated Governance • Identity-Powered Security 31 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    32. 32. Integrated Identity and Access Lifecycle Powers the entire user lifecycle 32 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    33. 33. What Does This Look Like?
    34. 34. Employees Needs Access… • Self-service access request to healthcare applications • Web, cloud and enterprise single sign-on • Self-service password reset 34 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    35. 35. Managers Need to Manage… • A complete view of her people and resources • Ability to review and approve requests on-the-go • Better information to make access certification decisions, faster 35 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    36. 36. And Auditors Need Visibility • An Identity and Access Governance Platform • Record and review policies and policy violations • Analyze risk from unnecessary access rights • Limit and monitor the activities of privileged users to reduce insider risk 36 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    37. 37. Integrated Identity Management These capabilities derive from integrated, intelligent identity and access management that extends up to the cloud, incorporates mobile computing, and reflects the priorities and speed of business of healthcare professionals 37 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    38. 38. But Wait… 38 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    39. 39. Internet of EVERYTHING 25 billion and 1 trillion items by end of decade 39 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    40. 40. And EVERYTHING is going to want an Identity (which is a lot) 40 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    41. 41. Identity Powered Healthcare • Identity management will define your interactions with clinicians, partners, associates and patients • More devices, more data and more relationships that ever • More opportunities to personalize and respond than ever BUT – the demand for everything to have an identity will tax traditional thinking and approaches 41 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    42. 42. Next Up Welcome to Generation “I” 42 © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    43. 43. Recommendations • Evaluate how your organization uses identity • Plan to integrate identity and access management into the cloud and from mobile devices • Extend identity intelligence into your security management plans • Plan 43 to manage the impact of social identity © 2014 NetIQ Corporation and its affiliates. All Rights Reserved. #HOAHITSEC14
    44. 44. Worldwide Headquarters 1233 West Loop South Suite 810 Houston, TX 77027 USA +1 713.548.1700 (Worldwide) 888.323.6768 (Toll-free) info@netiq.com NetIQ.com 44 © 2013 NetIQ Corporation and its affiliates. All Rights Reserved. www.netiq.com/communities
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×