In 2009, the HITECH Act introduced an added level of complexity and opportunity. Specifically, increased regulations and requirements with associated penalties (cost and risk avoidance factor) as well as the opportunity for government reimbursement is driving many Healthcare provider organizations with consider IAM as a strategic initiative.
Audit and Compliance – External auditors wanted to know:
• ‘Who has access to what?’
• ‘Who approved the request?’
• ‘Is the access correct?’
An Easy question but, with thousands of staff members and hundreds of applications, it as an overwhelming burden and one that’s nearly impossible is Healthcare Providers don’t take a strategic long-term approach, and consume the properly aligned technology.
Building an Effective Identity Management StrategyNetIQ
Very few organizations do identity management as effectively as they could.
They have trouble developing effective methods for provisioning new users, de-provisioning old users, updating access privileges as users move around the organization, and automating the user change and configuration processes.
This presentation by identity and access management (IAM) experts, Adrian Lane, CTO and analyst at Securosis, and Rick Wagner, director of product management at NetIQ covered key elements of building a strong IAM strategy and the leading industry practices behind those strategies.
Originally presented as a UBM TechWeb DarkReading webinar the on-demand version will be available at: http://bit.ly/UUABIz until July 1st 2013.
Developing an IAM Roadmap that Fits Your BusinessForgeRock
Presented by Jim McDonald, Engagement Manager, Identropy at ForgeRock Open Identity Stack Summit, June 2013
Learn more about ForgeRock Access Management:
https://www.forgerock.com/platform/access-management/
Learn more about ForgeRock Identity Management:
https://www.forgerock.com/platform/identity-management/
IAM Methods 2.0 Presentation Michael Nielsen DeloitteIBM Sverige
Deloitte gave their view on an approach for successful identity and access management governance projects togehter with IBM Security Systems and CrossIdeas, an IBM company.
The document discusses identity and access management (IAM). It outlines common IAM problems like weak passwords, password sharing, and lack of single sign-on. The presentation then discusses how IAM solutions can provide benefits like improved user experience through single sign-on, enhanced integration across systems, centralized administration to reduce costs, and increased security. Critical success factors for IAM projects include identifying business champions, thorough vendor analysis, defining requirements, understanding product features, and ensuring business support.
Identity and Access Management Playbook CISO Platform 2016Aujas
Checklist Playbook for CISO, CSO and Information Risk & Security Managers to plan and implement a successful IAM (Identity and Access Management) program. It covers Access Governance and Identity Administration, Single Sign On (SSO), Privileged Identity Management, and more.
Identity and Access Management (IAM) is a crucial part of living in a connected world. It involves managing multiple identities of an individual or entity, distributed across disparate portals. In an enterprise, IAM solutions serve as a mean to secure access, control user activities and manage authentication for an App or a group of software (infrastructure).
This detailed PowerPoint brings you the most fundamental concepts and ideas related to identity and access management. Plus, we have debunked some popular IAM myths, so do checkout!
This document presents best practices for deploying and operating an identity management infrastructure. It builds on Hitachi ID’s years of experience in deploying password management and user provisioning into some of the largest and most complex organizations in the world.
The document is organized as follows:
• Overview: Defining Identity Management:
Some basic definitions that help clarify the subsequent material.
• Long Term Commitment:
Identity management is more accurately described as a change in the IT organization and business processes than a finite project. Deployment can reasonably be expected to continue indefinitely, with more features and integrations are added over time.
• Focus on Business Drivers:
Given the long-term investment in identity management, it makes sense to identify and focus the highest priority business drivers first.
• Deliver Early and Often:
To minimize project risk and to ensure a positive return on investment, it is essential to deliver tangible results early in the project, and keep delivering new benefits regularly.
• Usability and Adoption:
Identity management is focused on the user – a human being represented on multiple IT systems, by a combination of identity attributes and privileges. It follows that user adoption is a prerequisite to success.
• Critical Path and Common nterdependencies:
Some integrations and features depend on others. This section identifies major interdependencies, which impact project timelines.
• Project Management Methodology:
A typical methodology for delivering a given project milestone.
• Typical Timeline and Deliverables:
Pulling all of the above together, a sample project timeline is developed, step-by-step.
The document discusses the benefits of implementing an Identity and Access Management (IAM) system from the perspectives of various CXOs. It outlines common issues they face such as high costs of manual user provisioning and access management, ghost accounts, and inability to easily comply with regulations. The document then provides examples of how an IAM system can help address these issues through features such as automated user provisioning, access certification, and single sign-on. It estimates potential cost savings from reduced IT costs, increased productivity, and avoided risks.
Building an Effective Identity Management StrategyNetIQ
Very few organizations do identity management as effectively as they could.
They have trouble developing effective methods for provisioning new users, de-provisioning old users, updating access privileges as users move around the organization, and automating the user change and configuration processes.
This presentation by identity and access management (IAM) experts, Adrian Lane, CTO and analyst at Securosis, and Rick Wagner, director of product management at NetIQ covered key elements of building a strong IAM strategy and the leading industry practices behind those strategies.
Originally presented as a UBM TechWeb DarkReading webinar the on-demand version will be available at: http://bit.ly/UUABIz until July 1st 2013.
Developing an IAM Roadmap that Fits Your BusinessForgeRock
Presented by Jim McDonald, Engagement Manager, Identropy at ForgeRock Open Identity Stack Summit, June 2013
Learn more about ForgeRock Access Management:
https://www.forgerock.com/platform/access-management/
Learn more about ForgeRock Identity Management:
https://www.forgerock.com/platform/identity-management/
IAM Methods 2.0 Presentation Michael Nielsen DeloitteIBM Sverige
Deloitte gave their view on an approach for successful identity and access management governance projects togehter with IBM Security Systems and CrossIdeas, an IBM company.
The document discusses identity and access management (IAM). It outlines common IAM problems like weak passwords, password sharing, and lack of single sign-on. The presentation then discusses how IAM solutions can provide benefits like improved user experience through single sign-on, enhanced integration across systems, centralized administration to reduce costs, and increased security. Critical success factors for IAM projects include identifying business champions, thorough vendor analysis, defining requirements, understanding product features, and ensuring business support.
Identity and Access Management Playbook CISO Platform 2016Aujas
Checklist Playbook for CISO, CSO and Information Risk & Security Managers to plan and implement a successful IAM (Identity and Access Management) program. It covers Access Governance and Identity Administration, Single Sign On (SSO), Privileged Identity Management, and more.
Identity and Access Management (IAM) is a crucial part of living in a connected world. It involves managing multiple identities of an individual or entity, distributed across disparate portals. In an enterprise, IAM solutions serve as a mean to secure access, control user activities and manage authentication for an App or a group of software (infrastructure).
This detailed PowerPoint brings you the most fundamental concepts and ideas related to identity and access management. Plus, we have debunked some popular IAM myths, so do checkout!
This document presents best practices for deploying and operating an identity management infrastructure. It builds on Hitachi ID’s years of experience in deploying password management and user provisioning into some of the largest and most complex organizations in the world.
The document is organized as follows:
• Overview: Defining Identity Management:
Some basic definitions that help clarify the subsequent material.
• Long Term Commitment:
Identity management is more accurately described as a change in the IT organization and business processes than a finite project. Deployment can reasonably be expected to continue indefinitely, with more features and integrations are added over time.
• Focus on Business Drivers:
Given the long-term investment in identity management, it makes sense to identify and focus the highest priority business drivers first.
• Deliver Early and Often:
To minimize project risk and to ensure a positive return on investment, it is essential to deliver tangible results early in the project, and keep delivering new benefits regularly.
• Usability and Adoption:
Identity management is focused on the user – a human being represented on multiple IT systems, by a combination of identity attributes and privileges. It follows that user adoption is a prerequisite to success.
• Critical Path and Common nterdependencies:
Some integrations and features depend on others. This section identifies major interdependencies, which impact project timelines.
• Project Management Methodology:
A typical methodology for delivering a given project milestone.
• Typical Timeline and Deliverables:
Pulling all of the above together, a sample project timeline is developed, step-by-step.
The document discusses the benefits of implementing an Identity and Access Management (IAM) system from the perspectives of various CXOs. It outlines common issues they face such as high costs of manual user provisioning and access management, ghost accounts, and inability to easily comply with regulations. The document then provides examples of how an IAM system can help address these issues through features such as automated user provisioning, access certification, and single sign-on. It estimates potential cost savings from reduced IT costs, increased productivity, and avoided risks.
This document provides guidance on building a comprehensive identity roadmap. It recommends prioritizing initiatives based on complexity and assessing the existing identity infrastructure. Quick wins can be found in addressing orphaned accounts, role management, and implementing single sign-on and password management. The roadmap should plan for increasing maturity through user lifecycle management, role-based access controls, and risk analytics. It also suggests considering identity as a service hosted in the cloud.
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...CA Technologies
The document discusses identity and access management (IAM) solutions from CA Technologies and Deloitte to help organizations balance business growth and security. It describes the disappearing traditional network perimeter and need for a holistic IAM approach. Key solutions discussed include identity management, privileged identity management, advanced authentication, and mobile/cloud security. Case studies show how these solutions helped a tire company manage user access and a government agency implement a new application securely.
Paradigmo specialised in Identity & Access ManagementJulie Beuselinck
Olivier Naveau, Managing Director of the company, presented on identity and access management (IAM). Access control is a top priority for companies according to security surveys. IAM remains difficult due to the growing number of users and applications as well as an evolving landscape including cloud, mobile, social, and compliance needs. The presentation outlined a structured approach to IAM including administering identity data, key IAM processes, technologies, and identifying business value metrics. Paradigmo's proposal takes a process-based approach utilizing ForgeRock's identity platform and Brainwave for identity intelligence.
IAM refers to identity and access management. It involves managing user identities and access across various systems and applications. In cloud computing, IAM takes on additional considerations like managing access to cloud-based applications and services. Key aspects of IAM include provisioning and de-provisioning user accounts, authentication, authorization, role-based access controls, and auditing. IAM aims to bring order to complex identity and access environments while also improving security, compliance and user experience.
The document summarizes Dell's Identity as a Service (IDaaS) offering, which provides identity and access management solutions delivered as a cloud service. It addresses challenges organizations face with on-premises IAM solutions, such as growing access needs outpacing staff capabilities. Dell's IDaaS offering provides modules for provisioning, governance, and access control that can be implemented individually. The modules help with tasks like provisioning/deprovisioning users, access requests, role-based access control, and compliance reporting. The service is delivered through a partnership with Simeio and leverages their expertise and cloud platform. Benefits highlighted include moving IAM from a capital to operational expense and reducing the burden on IT staff.
Identity and Access Management (IAM): Benefits and Best Practices Veritis Group, Inc
Identity and access management (IAM) involves streamlining digital identity and access management across an enterprise. IAM provides benefits like improved security, reduced helpdesk workloads, and compliance. Best practices for IAM include treating identity as the primary security defense, enabling multi-factor authentication, using single sign-on, and conducting regular access audits. Veritis is an IAM expert that can help assess an organization's needs, create an IAM strategy and roadmap, and implement IAM solutions and services.
Identity Governance: Not Just For ComplianceIBM Security
View on-demand presentation: http://securityintelligence.com/events/identity-governance-not-just-for-compliance/
Did you know that proper identity governance will make your organization more secure? Between Separation of Duty violations, entitlement creep and insider threats, user IDs are the doorway to your organization and identity governance can be the deadbolt.
Join this webinar to learn how you can employ identity governance to not only simplify your audit process, but to safeguard your entire organization.
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...IBM Security
In an ever-changing landscape consisting of enterprise apps, mobile devices, and SaaS applications, addressing identity and access management challenges has become increasingly complex, expensive, and time-consuming. In this session we'll explore how cloud-based IAM services can be applied to both new and existing challenges to drive lower ownership costs, quicker time-to-value, and increased agility. Attendees will hear the real-life experiences of VantisLife Insurance, a long-term cloud IAM adopter.
“Are we secure?” It’s the most dreaded question that information security and risk management professionals need to answer. Compliance is a useful starting point, but the number of “compliant” organizations who still suffered a data breach is proof positive that compliance simply isn’t enough. That’s where maturity models come into play. In this presentation, I’ll show you how to apply a capability maturity model (CMM) to your identity and access management (IAM) program, using that model to assess where you are today. I’ll also share tools and techniques you can use to accelerate improvements to your program.
This document provides an overview of entitlement management and identity management concepts. It discusses different access control models like access control lists, role-based access control, attribute-based access control and policy-based access control using XACML. The presenter Chamath Gunawardana is a technical lead at WSO2 who works on their identity server. WSO2 provides open source identity and access management solutions.
Regulatory control functions, such as Operational Risk, Compliance and Audit, increasingly raise questions around the scope, management, and clarity of entitlements within distributed and mainframe application environments
A Practitioner´s Recommendations for successful IAM ProgramsHorst Walther
The document provides 12 recommendations for successful identity and access management (IAM) programs:
1. Get documents organized using a documentation pyramid approach.
2. Be aware of the cross-company nature of IAM projects that touch multiple business functions.
3. Choose the right project scope as an implementation cannot reorganize the entire corporation.
4. Watch for effects of market consolidation as acquired components may not integrate as promised.
5. Ensure availability of domain specialists who are critical for requirements and quality assurance.
6. Beware of overly deep vertical integration and don't try to reinvent standard processes.
7. Remember technical risks still exist as technology claims often exceed realities.
8. Assign responsibilities
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseLance Peterman
This document discusses identity and access management (IAM) programs that can help secure data in modern enterprises. It outlines why identity has become central to security and notes that recent high-profile data breaches involved compromised credentials. The document recommends implementing IAM programs around user management, entitlement management, privileged access management and federation. It also discusses emerging standards like OAuth 2.0, SCIM and OpenID Connect that can help improve security and management of identities.
50 data principles for loosely coupled identity management v1 0Ganesh Prasad
In the field of Identity and Access Management (IAM), Data is more important than Technology. A poorly designed data model can cause an IAM initiative to fail even with massive investments in technology products. Yet Data usually receives only superficial treatment, and many practitioners seem unaware of the basic principles to follow when designing Identity-based systems.
This presentation is a succinct summarisation of 50 data-related principles that an organisation overlooks at its peril.
ITIL v3 defines access management as the process of granting authorized users the right to use a service, while preventing access to non-authorized users. Access management enables users to use services documented in the service catalog. It manages identity, access rights, services, and uses directory services to manage access and rights. The goal is to provide users the right level of access to services according to defined policies and security management.
The document discusses an entitlement management strategy to streamline entitlement provisioning and review processes. It proposes assigning sets of entitlements based on employee roles and enabling managers to request and review entitlements through an online system. This would address issues of over-entitlement, lack of standard processes, and managers spending days reviewing entitlements without fully understanding them. The strategy includes creating a process guide, implementing role-based entitlement sets across the enterprise, and building online review and provisioning systems to manage access rights.
The document provides an overview of the Digital Trust Framework (DTF) and how it will integrate several frameworks including ODA, COBIT 2019, ITIL 4, and ISO 27005 to provide an overall approach for digital trust. The DTF will be a modular, cloud-based, open digital platform that can be orchestrated using AI. It will use the TMForum's Open Digital Architecture as a cornerstone and was developed for a 4IR environment.
Sailpoint Training by expert consultants with hands-on. Join for Sailpoint IdentityIQ Online Training with us. we deliver corporate training for sailpoint"
Identity Management for the 21st Century IT MissionCA API Management
The 21st century mission is dependent on providing secure and agile access to information across an increasing range of stakeholders, both internal and external to your agency. This comes amidst evolving IT missions, budget challenges, a complete IT compliance landscape and an increased need for rapidly deployable and flexible solutions.
This webinar explores integrated identity management solutions and real life use case examples.
Presented By
• Stephanie McVitty - Account Manager, Compsec
• Paul Grassi - Vice President of Federal Programs, Sila Solutions Group
• Jim Rice - Vice President of Federal, Layer 7
• Dieter Schuller - VP of Sales, Radiant Logic
• Phil McQuitty - Director of Systems Engineering, Sailpoint
• Gerry Gebel - President, Axiomatics Americas
This document provides guidance on building a comprehensive identity roadmap. It recommends prioritizing initiatives based on complexity and assessing the existing identity infrastructure. Quick wins can be found in addressing orphaned accounts, role management, and implementing single sign-on and password management. The roadmap should plan for increasing maturity through user lifecycle management, role-based access controls, and risk analytics. It also suggests considering identity as a service hosted in the cloud.
CA Technologies and Deloitte: Unleash and Protect your Business with Identity...CA Technologies
The document discusses identity and access management (IAM) solutions from CA Technologies and Deloitte to help organizations balance business growth and security. It describes the disappearing traditional network perimeter and need for a holistic IAM approach. Key solutions discussed include identity management, privileged identity management, advanced authentication, and mobile/cloud security. Case studies show how these solutions helped a tire company manage user access and a government agency implement a new application securely.
Paradigmo specialised in Identity & Access ManagementJulie Beuselinck
Olivier Naveau, Managing Director of the company, presented on identity and access management (IAM). Access control is a top priority for companies according to security surveys. IAM remains difficult due to the growing number of users and applications as well as an evolving landscape including cloud, mobile, social, and compliance needs. The presentation outlined a structured approach to IAM including administering identity data, key IAM processes, technologies, and identifying business value metrics. Paradigmo's proposal takes a process-based approach utilizing ForgeRock's identity platform and Brainwave for identity intelligence.
IAM refers to identity and access management. It involves managing user identities and access across various systems and applications. In cloud computing, IAM takes on additional considerations like managing access to cloud-based applications and services. Key aspects of IAM include provisioning and de-provisioning user accounts, authentication, authorization, role-based access controls, and auditing. IAM aims to bring order to complex identity and access environments while also improving security, compliance and user experience.
The document summarizes Dell's Identity as a Service (IDaaS) offering, which provides identity and access management solutions delivered as a cloud service. It addresses challenges organizations face with on-premises IAM solutions, such as growing access needs outpacing staff capabilities. Dell's IDaaS offering provides modules for provisioning, governance, and access control that can be implemented individually. The modules help with tasks like provisioning/deprovisioning users, access requests, role-based access control, and compliance reporting. The service is delivered through a partnership with Simeio and leverages their expertise and cloud platform. Benefits highlighted include moving IAM from a capital to operational expense and reducing the burden on IT staff.
Identity and Access Management (IAM): Benefits and Best Practices Veritis Group, Inc
Identity and access management (IAM) involves streamlining digital identity and access management across an enterprise. IAM provides benefits like improved security, reduced helpdesk workloads, and compliance. Best practices for IAM include treating identity as the primary security defense, enabling multi-factor authentication, using single sign-on, and conducting regular access audits. Veritis is an IAM expert that can help assess an organization's needs, create an IAM strategy and roadmap, and implement IAM solutions and services.
Identity Governance: Not Just For ComplianceIBM Security
View on-demand presentation: http://securityintelligence.com/events/identity-governance-not-just-for-compliance/
Did you know that proper identity governance will make your organization more secure? Between Separation of Duty violations, entitlement creep and insider threats, user IDs are the doorway to your organization and identity governance can be the deadbolt.
Join this webinar to learn how you can employ identity governance to not only simplify your audit process, but to safeguard your entire organization.
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...IBM Security
In an ever-changing landscape consisting of enterprise apps, mobile devices, and SaaS applications, addressing identity and access management challenges has become increasingly complex, expensive, and time-consuming. In this session we'll explore how cloud-based IAM services can be applied to both new and existing challenges to drive lower ownership costs, quicker time-to-value, and increased agility. Attendees will hear the real-life experiences of VantisLife Insurance, a long-term cloud IAM adopter.
“Are we secure?” It’s the most dreaded question that information security and risk management professionals need to answer. Compliance is a useful starting point, but the number of “compliant” organizations who still suffered a data breach is proof positive that compliance simply isn’t enough. That’s where maturity models come into play. In this presentation, I’ll show you how to apply a capability maturity model (CMM) to your identity and access management (IAM) program, using that model to assess where you are today. I’ll also share tools and techniques you can use to accelerate improvements to your program.
This document provides an overview of entitlement management and identity management concepts. It discusses different access control models like access control lists, role-based access control, attribute-based access control and policy-based access control using XACML. The presenter Chamath Gunawardana is a technical lead at WSO2 who works on their identity server. WSO2 provides open source identity and access management solutions.
Regulatory control functions, such as Operational Risk, Compliance and Audit, increasingly raise questions around the scope, management, and clarity of entitlements within distributed and mainframe application environments
A Practitioner´s Recommendations for successful IAM ProgramsHorst Walther
The document provides 12 recommendations for successful identity and access management (IAM) programs:
1. Get documents organized using a documentation pyramid approach.
2. Be aware of the cross-company nature of IAM projects that touch multiple business functions.
3. Choose the right project scope as an implementation cannot reorganize the entire corporation.
4. Watch for effects of market consolidation as acquired components may not integrate as promised.
5. Ensure availability of domain specialists who are critical for requirements and quality assurance.
6. Beware of overly deep vertical integration and don't try to reinvent standard processes.
7. Remember technical risks still exist as technology claims often exceed realities.
8. Assign responsibilities
Identity & Access Management - Securing Your Data in the 21st Century EnterpriseLance Peterman
This document discusses identity and access management (IAM) programs that can help secure data in modern enterprises. It outlines why identity has become central to security and notes that recent high-profile data breaches involved compromised credentials. The document recommends implementing IAM programs around user management, entitlement management, privileged access management and federation. It also discusses emerging standards like OAuth 2.0, SCIM and OpenID Connect that can help improve security and management of identities.
50 data principles for loosely coupled identity management v1 0Ganesh Prasad
In the field of Identity and Access Management (IAM), Data is more important than Technology. A poorly designed data model can cause an IAM initiative to fail even with massive investments in technology products. Yet Data usually receives only superficial treatment, and many practitioners seem unaware of the basic principles to follow when designing Identity-based systems.
This presentation is a succinct summarisation of 50 data-related principles that an organisation overlooks at its peril.
ITIL v3 defines access management as the process of granting authorized users the right to use a service, while preventing access to non-authorized users. Access management enables users to use services documented in the service catalog. It manages identity, access rights, services, and uses directory services to manage access and rights. The goal is to provide users the right level of access to services according to defined policies and security management.
The document discusses an entitlement management strategy to streamline entitlement provisioning and review processes. It proposes assigning sets of entitlements based on employee roles and enabling managers to request and review entitlements through an online system. This would address issues of over-entitlement, lack of standard processes, and managers spending days reviewing entitlements without fully understanding them. The strategy includes creating a process guide, implementing role-based entitlement sets across the enterprise, and building online review and provisioning systems to manage access rights.
The document provides an overview of the Digital Trust Framework (DTF) and how it will integrate several frameworks including ODA, COBIT 2019, ITIL 4, and ISO 27005 to provide an overall approach for digital trust. The DTF will be a modular, cloud-based, open digital platform that can be orchestrated using AI. It will use the TMForum's Open Digital Architecture as a cornerstone and was developed for a 4IR environment.
Sailpoint Training by expert consultants with hands-on. Join for Sailpoint IdentityIQ Online Training with us. we deliver corporate training for sailpoint"
Identity Management for the 21st Century IT MissionCA API Management
The 21st century mission is dependent on providing secure and agile access to information across an increasing range of stakeholders, both internal and external to your agency. This comes amidst evolving IT missions, budget challenges, a complete IT compliance landscape and an increased need for rapidly deployable and flexible solutions.
This webinar explores integrated identity management solutions and real life use case examples.
Presented By
• Stephanie McVitty - Account Manager, Compsec
• Paul Grassi - Vice President of Federal Programs, Sila Solutions Group
• Jim Rice - Vice President of Federal, Layer 7
• Dieter Schuller - VP of Sales, Radiant Logic
• Phil McQuitty - Director of Systems Engineering, Sailpoint
• Gerry Gebel - President, Axiomatics Americas
CIS13: How IAM Improved Sallie Mae's Compliance and Risk PostureCloudIDSummit
Jennifer Darwin, Senior Manager, Sallie Mae
Jennifer Darwin will discuss how Sallie Mae used identity management to address its compliance and security challenges. This identity governance case study will discuss how Sallie Mae was able to address more than 3,000 security controls (including FISMA and FFIEC regulations), while simultaneously eliminating critical security vulnerabilities associated with user access privileges, including SoD policy violations, entitlement creep and orphan accounts. She will also provide best practices to help companies achieve the same results.
Security from the cloud is challenging traditional approaches. As organizations transition from perimeter-based security towards user-centric approaches, Security and Risk professionals are transitioning to cloud IAM services or IDaaS (Identity as a Service) to manage identities across cloud environments. By overcoming the limitations of legacy on-premises IAM solutions, organizations are accelerating SaaS adoption, increasing user productivity and recognizing greater returns on their cloud investments.
View our slides for IAM overview and learn about:
• Trends in cloud, and the standards to support them
• State of Identity, Digital Trust, Authentication and Access
• Directory Services and Federation
• SSO (Desktop SSO, Web SSO, and Mobile SSO)
• Automating Onboarding Practices, Provisioning and Deprovisioning
Watch the on-demand webinar here: https://www.brighttalk.com/channel/12923/onelogin?utm_source=brighttalk
Kamal Jethwani, MD, MPH
Corporate Manager - Research and Innovation
Partners Healthcare Center for Connected Health
iHT² CMIO Symposium Beverly Hills – Opening Keynote: Kamal Jethwani, MD, MPH, Corporate Manager – Research and Innovation, Partners Healthcare Center for Connected Health
The document discusses patient relationship management (PRM) and its benefits for healthcare providers. It outlines key healthcare trends driving the need for PRM, such as rising costs, patient choice, and emphasis on quality and satisfaction. PRM helps providers improve patient flow, outcomes and experience by facilitating communication across clinical systems. The presentation includes a case study of a UK healthcare provider that implemented PRM in phases to control patient interactions, interface with clinical systems, optimize resource use, and eventually enable chronic disease management.
The document discusses national identity cards in the UK and France. It provides details on the security features and procedures for obtaining identity cards in both countries. In the UK, identity cards were cancelled in 2011 due to privacy concerns, but age entitlement cards are still used. France issues optional national identity cards that are valid for 15 years and can be used for travel within the EU.
CIS 2015 Modernize IAM with UnboundID and Ping Identity - Terry Sigle & B. Al...CloudIDSummit
UnboundID and Ping Identity are partnering to bring together
their solutions for Federated Single Sign-On, high performance LDAP directory servers, and customer identity
and preference management into an integrated solution for enterprise customers. Obtain a joint product briefing and demo of these solutions to modernize legacy IAM systems.
Fortis and Kailash Hospital both implement customer relationship management (CRM) systems to improve patient care and experience. Fortis operates 63 healthcare facilities across India while Kailash Hospital is located in Noida, India. Both hospitals use CRM to provide instant patient information, respond quickly to appointments, and offer customized services. They measure CRM success through increased customer retention, more frequent patient visits, and greater average spending per visit. While CRM implementation presented training challenges initially, both hospitals now utilize CRM to enhance operational efficiency and patient satisfaction.
Workshop on Identity & Access Management.cisoplatform
Workshop on Identity & Access Management.
(Introduction & Scope,Functional Modules,Taxonomy,Global Trends for Roadmap,Capability Maturity Models,Vendor Selection Criteria, Guide to Vendors in the Landscape, CPI Findings).
The document summarizes key points from a seminar on data protection and the new General Data Protection Regulation (GDPR). It discusses definitions of personal data and health data, consent requirements, privacy by design, data transfers, security obligations, data breaches, the data protection officer role, and impact assessments. The new GDPR brings significant changes including tougher consent standards, higher fines for violations, additional rights for data subjects, and new responsibilities for processors. Member states still have flexibility in some implementation areas, and full compliance will require preparation.
Cal Racey presents on identity management (IdM) services, tools, and processes. He discusses Newcastle University's IdM review which included an audit of systems requiring IdM data and identified architectural gaps. Tools discussed to enhance the IdM architecture include Talend for data integration, Grouper for group management, and Shibboleth for authentication. Newcastle also implemented an Institutional Data Feed Service as a single point of contact for IdM data and integration with applications. The presentation provides practical examples of how these tools were used to realize benefits from improved IdM.
The document summarizes a presentation about helping utilities prepare for cybersecurity. It discusses the Cybersecurity Capability Maturity Model (C2M2) developed by the Department of Energy (DOE) to help organizations assess their cybersecurity practices. The C2M2 uses a maturity model approach with 10 domains and 4 maturity levels to evaluate an organization's cybersecurity capabilities. It also discusses how the C2M2 can be used to support implementation of the National Institute of Standards and Technology's Cybersecurity Framework.
This document summarizes various technologies related to web identity management and user-centric data protection. It includes technologies for authentication, authorization, anonymity, credentials, access control, privacy, and identity federation. Formats include OAuth, OpenID Connect, U-Prove, Higgins, Shibboleth, and Idemix. Design principles are also covered, such as the 7 Laws of Identity and privacy by design. The landscape shows technologies that empower users to control their online identities and personal data.
During this BlueSpire TrendLab webinar, our healthcare marketing strategists focus on the importance of CRM/PRM systems and how they can positively impact all of your marketing efforts.
Other areas of emphasis included:
• The tides of change in healthcare marketing and how it’s affecting compliance.
• Why making the shift to one-to-one marketing can improve value of care, service line volumes and clinical outcomes.
• How to utilize data-driven strategies for targeted marketing efforts and demonstrate ROI in real-time.
Center for Medicare-and-Medicaid Services-Conditions of Participation for Eme...Karl Schmitt
The Center for Medicare and Medicaid Services in the U.S. Department of Health and Human Services (HHS) is proposing to consolidate emergency preparedness requirements found in the Conditions of Participation (CoPs) for 17 provider and suppliers types under a single Emergency Preparedness Rule. The new rule will be a CoPs for each provider and supplier type outlined within.
In April, C/D/H presented on identity management, specifically comparing Microsoft, Novell, Courion, Oracle/Sun, and IBM.
Download the slide deck for an overview of the solutions and their strengths and weaknesses. You'll also find out more about out-of-the-box vs. add-on functionality, integration capabilities, and rough cost comparisons.
And last but not least, the factors in determining the solution that's right for you.
This document provides an introduction to secure identity management. It discusses the challenges of fragmented identity systems and access controls across different applications. It defines secure identity management as systems and processes that control who has access to information resources and what they are allowed to do. The document presents a framework that includes identity and access management services, provisioning systems, and secure content delivery to organize these functions. It describes how these components work together to address the identity management challenges.
1) Many common myths exist around which organizations need to comply with security and compliance standards like HIPAA, PCI DSS, SSAE 16, and ISAE 3402. In reality, these standards apply to more organizations than commonly thought.
2) Achieving compliance across multiple locations and facilities is challenging but provides organizations assurance their controls and security measures are consistently applied.
3) 365 Data Centers is highlighted as one of the few data center providers to achieve compliance certification across all of their facilities, demonstrating their ability to consistently meet stringent industry standards.
Proactive information security michael Priyanka Aash
The document discusses how information security professionals can take a more proactive approach. It recommends developing a standard questionnaire to complete as part of the change process to identify security impacts early. This helps integrate security into processes. It also suggests implementing a Privacy and Security Impact Assessment tool to identify and mitigate risks associated with new systems before operationalization. Using these tools can help information security professionals address issues proactively before they become threats, build a culture of security, and provide assurance to executive teams.
The document discusses challenges in managing sensitive patient data for healthcare organizations and compliance with regulations like HIPAA. It summarizes a report that found 94% of organizations surveyed experienced a data breach in the past two years, but many lacked response plans or tools to determine breach size and cause. The document promotes a company's HIPAA assessment and compliance training services, arguing that proper information governance is important given laws like HIPAA and the risks of lawsuits and fines from data mishandling.
The document discusses challenges around identity and access management (IAM) and how Deloitte and SailPoint can help address them. Growing regulations and the rise of mobile devices have made managing user identities and access more complex. Deloitte and SailPoint offer IAM solutions and services to help organizations comply with regulations, automate access management, and securely support new technologies while protecting their information assets. Their approach includes governance, user provisioning, access management, and ongoing support throughout the IAM lifecycle.
Banks and other financial services firms need to recognize the threats of cyber risk in a different way. Many have put in place thick walls to protect themselves. But firms cannot be protected at all times from a cyber-related incident. So putting in place structures, technologies and processes to ensure resilience—or fast recovery—is as much or more important than simply putting more locks on the doors or building stronger walls. See www.accenture.com/CyberRisk for more.
Streamlining Identity and Access Management through Unified Identity and Acce...happiestmindstech
Effective identity and access management enables private and public enterprises to manage identities and access in and out of the business boundaries to meet various business objectives. The benefits of IAM are more
or less the same for organizations irrespective of the nature of business. Similarly, the challenges and issues associated with IAM are similar to all industry segments.
Capgemini's Identity and Access Management solution places identity management at the core of an integrated security infrastructure. It comprises processes and technologies that help strengthen compliance, secure operations, and improve agility. Capgemini takes a three-stage approach to implementation: planning to understand needs, preparation to design technical and process solutions, and implementation to realize the solution. Capgemini's advantage is experience in diverse sectors, alliances with leading vendors, and expertise in both commercial and public security solutions.
Get Ready for Syncsort's New Best-of-Breed Security SolutionPrecisely
Since Syncsort's acquisition of security products from Cilasoft, Enforcive, Townsend Security and Trader's - we've been working hard to blend best-of-breed technology and create a powerful, integrated solution. We're happy to announce that the wait is almost over!
In just a few short weeks, Syncsort will announce the first release of this new security solution. We want partners like you on-board with all the latest information on how this great new product will meet your customers' needs to:
• Identify security vulnerabilities
• Pass audits for industry, state or governmental security regulations
• Detect and report on compliance deviations and security incidents
• Lock down access to systems and databases
• Ensure the privacy of sensitive data - both at rest and in motion
Managing Privacy Risk and Promoting Ethical Culture in the Digital AgePerficient, Inc.
The document discusses consumer privacy laws and IT's responsibility in managing privacy risks. It outlines challenges in complying with various privacy regulations and standards. It emphasizes the need for an integrated privacy management framework and promoting an organizational culture of privacy compliance.
Audit and Compliance BDR Knowledge TrainingTory Quinton
The document discusses challenges related to access governance, segregation of duties, change tracking, and litigation mitigation in organizations. It provides details on common access governance challenges, the importance of segregation of duties and change tracking, and the consequences of security events and importance of compliance policies.
Identity Access Management(IAM) - Government Market ReportResearchFox
Identity Access Management(IAM) has been widely accepted nowadays across verticals as most of the technologies (Hardware and software) are running different operating systems and applications. Moreover, these applications are hosted by a 3rd party remote vendor and are accessed remotely. Also with the rise in cyber attacks and security breach most of the administrations and IT departments are working in a synchronized way across different organizations. Hence IAM providers need to provide solutions with the right mix of compatibility, accessibility and limited cost. Avail the sample market report by visiting here: https://www.researchfox.com/reports/identity-access-management-iam&market-report
Avail the complete report at discounted price of 500$
The document discusses designing effective cybersecurity risk management and education programs. It provides an overview of the objectives of the workshop, which are to assess risks and gaps, understand what needs to be done to address them, and create an enterprise-level risk management program. It also discusses scenarios involving a data breach, system outage, and malware outbreak to demonstrate potential costs. The document emphasizes measuring cybersecurity maturity levels and prioritizing the highest risks and most important strategic drivers for an organization.
Business-Driven Identity and Access Governance: Why This New Approach MattersEMC
This white paper explains why taking a business-driven approach to identity and access governance (IAG) can enable organizations to easily prove compliance, minimize risk, and enable the business to be productive.
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHNovell
The document discusses challenges around information security, privacy and compliance in the healthcare industry. It notes that traditional approaches are not adequate due to the complexity of healthcare systems and data. It advocates for a new integrated approach that can correlate log and event data across operations, security, compliance and privacy domains. This will help address issues around user identity management and privacy regulations like HIPAA, HITECH and meaningful use requirements.
This document summarizes the findings of a study on managing complexity in identity and access management (IAM) conducted by Ponemon Institute. Some key findings:
1) Most organizations find their IAM processes overly complex and difficult to manage, with over 300 information resources and 1200 access requests per month on average.
2) Respondents believe access changes are not fulfilled in a timely manner, access requests are not always verified against policies, and IAM policies are not strictly enforced.
3) The costs of IAM failures are estimated at $105 million annually on average due to lost productivity, revenue, and technical support costs.
4) Growth of unstructured data, mobile devices, regulations,
This document summarizes the findings of a study on managing complexity in identity and access management (IAM) conducted by Ponemon Institute. Some key findings:
1) Most organizations find their IAM processes overly complex and difficult to manage, with over 300 information resources and 1200 access requests per month on average.
2) Respondents believe access changes are not fulfilled in a timely manner, access requests are not always verified against policies, and IAM policies are not strictly enforced.
3) The costs of IAM failures are estimated at $105 million annually on average due to lost productivity, revenue, and technical support costs.
4) Growth of unstructured data, mobile devices, regulations,
Another survey conducted in 2021 by the International Association of Privacy Professionals (IAPP) found that compliance with data protection laws such as GDPR and CCPA is the top privacy-related concern for organizations.
How many times have you been surprised, and frustrated, to learn your IT capabilities won’t support a new or key business objective? Given the rapidly changing healthcare industry and multitude of new initiatives, this scenario happens all the time.
So how can you help ensure your IT components will work together, and can be leveraged to drive business results?
You need a blueprint — a way to align IT to the business – an IT Enterprise Architecture.
A sound Enterprise Architecture ensures your business is supported by IT components working together to deliver both a return-on-investment and projected business results.
Similar to Identity Management: Front and Center for Healthcare Providers (20)
[To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
This PowerPoint compilation offers a comprehensive overview of 20 leading innovation management frameworks and methodologies, selected for their broad applicability across various industries and organizational contexts. These frameworks are valuable resources for a wide range of users, including business professionals, educators, and consultants.
Each framework is presented with visually engaging diagrams and templates, ensuring the content is both informative and appealing. While this compilation is thorough, please note that the slides are intended as supplementary resources and may not be sufficient for standalone instructional purposes.
This compilation is ideal for anyone looking to enhance their understanding of innovation management and drive meaningful change within their organization. Whether you aim to improve product development processes, enhance customer experiences, or drive digital transformation, these frameworks offer valuable insights and tools to help you achieve your goals.
INCLUDED FRAMEWORKS/MODELS:
1. Stanford’s Design Thinking
2. IDEO’s Human-Centered Design
3. Strategyzer’s Business Model Innovation
4. Lean Startup Methodology
5. Agile Innovation Framework
6. Doblin’s Ten Types of Innovation
7. McKinsey’s Three Horizons of Growth
8. Customer Journey Map
9. Christensen’s Disruptive Innovation Theory
10. Blue Ocean Strategy
11. Strategyn’s Jobs-To-Be-Done (JTBD) Framework with Job Map
12. Design Sprint Framework
13. The Double Diamond
14. Lean Six Sigma DMAIC
15. TRIZ Problem-Solving Framework
16. Edward de Bono’s Six Thinking Hats
17. Stage-Gate Model
18. Toyota’s Six Steps of Kaizen
19. Microsoft’s Digital Transformation Framework
20. Design for Six Sigma (DFSS)
To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations
Ellen Burstyn: From Detroit Dreamer to Hollywood Legend | CIO Women MagazineCIOWomenMagazine
In this article, we will dive into the extraordinary life of Ellen Burstyn, where the curtains rise on a story that's far more attractive than any script.
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Final ank Satta Matka Dpbos Final ank Satta Matta Matka 143 Kalyan Matka Guessing Final Matka Final ank Today Matka 420 Satta Batta Satta 143 Kalyan Chart Main Bazar Chart vip Matka Guessing Dpboss 143 Guessing Kalyan night
Best practices for project execution and deliveryCLIVE MINCHIN
A select set of project management best practices to keep your project on-track, on-cost and aligned to scope. Many firms have don't have the necessary skills, diligence, methods and oversight of their projects; this leads to slippage, higher costs and longer timeframes. Often firms have a history of projects that simply failed to move the needle. These best practices will help your firm avoid these pitfalls but they require fortitude to apply.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.AnnySerafinaLove
This letter, written by Kellen Harkins, Course Director at Full Sail University, commends Anny Love's exemplary performance in the Video Sharing Platforms class. It highlights her dedication, willingness to challenge herself, and exceptional skills in production, editing, and marketing across various video platforms like YouTube, TikTok, and Instagram.
NIMA2024 | De toegevoegde waarde van DEI en ESG in campagnes | Nathalie Lam |...BBPMedia1
Nathalie zal delen hoe DEI en ESG een fundamentele rol kunnen spelen in je merkstrategie en je de juiste aansluiting kan creëren met je doelgroep. Door middel van voorbeelden en simpele handvatten toont ze hoe dit in jouw organisatie toegepast kan worden.
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...Neil Horowitz
On episode 272 of the Digital and Social Media Sports Podcast, Neil chatted with Brian Fitzsimmons, Director of Licensing and Business Development for Barstool Sports.
What follows is a collection of snippets from the podcast. To hear the full interview and more, check out the podcast on all podcast platforms and at www.dsmsports.net
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Tastemy Pandit
Know what your zodiac sign says about your taste in food! Explore how the 12 zodiac signs influence your culinary preferences with insights from MyPandit. Dive into astrology and flavors!
4 Benefits of Partnering with an OnlyFans Agency for Content Creators.pdfonlyfansmanagedau
In the competitive world of content creation, standing out and maximising revenue on platforms like OnlyFans can be challenging. This is where partnering with an OnlyFans agency can make a significant difference. Here are five key benefits for content creators considering this option:
Discover timeless style with the 2022 Vintage Roman Numerals Men's Ring. Crafted from premium stainless steel, this 6mm wide ring embodies elegance and durability. Perfect as a gift, it seamlessly blends classic Roman numeral detailing with modern sophistication, making it an ideal accessory for any occasion.
https://rb.gy/usj1a2
HR search is critical to a company's success because it ensures the correct people are in place. HR search integrates workforce capabilities with company goals by painstakingly identifying, screening, and employing qualified candidates, supporting innovation, productivity, and growth. Efficient talent acquisition improves teamwork while encouraging collaboration. Also, it reduces turnover, saves money, and ensures consistency. Furthermore, HR search discovers and develops leadership potential, resulting in a strong pipeline of future leaders. Finally, this strategic approach to recruitment enables businesses to respond to market changes, beat competitors, and achieve long-term success.
[To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
This presentation is a curated compilation of PowerPoint diagrams and templates designed to illustrate 20 different digital transformation frameworks and models. These frameworks are based on recent industry trends and best practices, ensuring that the content remains relevant and up-to-date.
Key highlights include Microsoft's Digital Transformation Framework, which focuses on driving innovation and efficiency, and McKinsey's Ten Guiding Principles, which provide strategic insights for successful digital transformation. Additionally, Forrester's framework emphasizes enhancing customer experiences and modernizing IT infrastructure, while IDC's MaturityScape helps assess and develop organizational digital maturity. MIT's framework explores cutting-edge strategies for achieving digital success.
These materials are perfect for enhancing your business or classroom presentations, offering visual aids to supplement your insights. Please note that while comprehensive, these slides are intended as supplementary resources and may not be complete for standalone instructional purposes.
Frameworks/Models included:
Microsoft’s Digital Transformation Framework
McKinsey’s Ten Guiding Principles of Digital Transformation
Forrester’s Digital Transformation Framework
IDC’s Digital Transformation MaturityScape
MIT’s Digital Transformation Framework
Gartner’s Digital Transformation Framework
Accenture’s Digital Strategy & Enterprise Frameworks
Deloitte’s Digital Industrial Transformation Framework
Capgemini’s Digital Transformation Framework
PwC’s Digital Transformation Framework
Cisco’s Digital Transformation Framework
Cognizant’s Digital Transformation Framework
DXC Technology’s Digital Transformation Framework
The BCG Strategy Palette
McKinsey’s Digital Transformation Framework
Digital Transformation Compass
Four Levels of Digital Maturity
Design Thinking Framework
Business Model Canvas
Customer Journey Map
2. 2SailPoint Technologies Confidential & Proprietary Do Not Distribute
Welcome
Thank You for attending today’s webinar
The webcast is being recorded and will be available shortly after the event
Webcast audio is in listen only mode. You can communicate via the
GoToWebinar question panel.
Glossary of Terms
IDENTITY GOVERNANCE – Next-Generation approach to identity management that goes
beyond provisioning, allowing clients to sustainably govern how they manage access. Enabling
organizations to determine who has access to what resources, if that access is appropriate and if
it threatens security or compliance posture.
ROLE LIFECYCLE MANAGEMENT (RLM) – Process that enables organizations to mine, map,
manage and report on the complex relationships of users, business rules and the entitlements
assigned to them within the IT infrastructure.
PREVENTATIVE AND DETECTIVE CONTROLS – Preventative controls are designed to keep
errors or irregularities from occurring in the first place. Detective controls are designed to detect
errors and irregularities which have already occurred and to assure their prompt correction.
3. 3SailPoint Technologies Confidential & Proprietary Do Not Distribute
Agenda
Speaker Introductions
Healthcare Providers
Changing Landscape of Business and IT
Identity and Access Management Business Drivers
Case Study: Presbyterian Healthcare Services
IAM Journey
IAM Revelation and Program
Lesson Learned
A Word from Our Sponsors
4. 4SailPoint Technologies Confidential & Proprietary Do Not Distribute
Speakers
Andrew Ames
VP Marketing
Logic Trends
Larry Wolf
Regional Director
Logic Trends
Aaron Frankel
Security Operations
Manager,
Presbyterian
Health Systems
Jackie Gilbert
VP Marketing &
Founder
SailPoint
5. 5SailPoint Technologies Confidential & Proprietary Do Not Distribute
Company Overview
National services, consulting and systems integration firm focused on
Security, Identity and Access Management (IAM)
Proven, repeatable IAM deployment methodology: IAM5™
Hundreds of successful IAM Engagements executed in nearly every industry
Regional offices: Atlanta, Dallas, Chicago, New York
New Mexico’s only private, non-profit healthcare system serving over 700,000
patients at over 30 different clinics and 7 hospitals
Largest health care provider and managed care organization in New Mexico
Fastest growing physician group, employing more than 500 physicians
and practitioners
Award-winning identity governance software, SailPoint IdentityIQ™, provides
superior visibility into and control over user access to sensitive applications
and data while streamlining the access request and delivery process
Helps the world’s largest organizations to mitigate risk, reduce IT costs and
ensure compliance
Customers include top healthcare, pharmaceutical, health/life insurers,
financial services, property & casualty insurers, and other highly regulated
industries
7. 7SailPoint Technologies Confidential & Proprietary Do Not Distribute
Business Drivers for Healthcare Providers
CURRENT STATE
HIPAA audit; HHS Oversight
HITRUST Maturity & CSF, SAS70
CURRENT STATE
Clinician survey results:
#1 request: Simplified app access.
Approx. 40% of help desk calls
were password reset.
CURRENT STATE
IT teams pale in comparison to
corporate standards. HITECH
driving more IT adoption.
Increased security scrutiny.
CURRENT STATE
30% of Stage 1 Meaningful Use
Criteria are IAM related.
Increased scrutiny and penalties
assoc with HIPAA alignment.
Risk and Compliance
End User Experience
Operational Efficiency
Meaningful Use
8. 8SailPoint Technologies Confidential & Proprietary Do Not Distribute
Healthcare Provider Industry Survey Results
Industry survey provided by Zoomerang
Polled 600 healthcare decision makers
10%
38%
38%
10%
4%
Inadequate application
access security
Breach of confidential
information
Unauthorized access to
clinical applications
and patient data
Audit failure
Other
1%
2%
15%
29%
53%
They aren't considered very
much
They aren't a factor at all
They are the primary drivers
They are an influence
They are strongly considered
What is your greatest security concern? How much do HIPAA/HITECH drive your
organization’s IT purchasing decision?
Direct correlation between “security concerns” and purchasing decisions.
9. 9SailPoint Technologies Confidential & Proprietary Do Not Distribute
40%
24%
6%
12%
6%
9%
3%
Top 3 IAM Drivers for Healthcare Providers
70% of registered attendees identified:
1. Improved user experience
2. Automated user lifecycle mgmt
3. Tighter compliance related controls
11. 11SailPoint Technologies Confidential & Proprietary Do Not Distribute
Company Overview
Established in 1908, New Mexico’s largest non-profit
healthcare system, largest health care provider and largest
managed care organization with:
7 hospitals and 40 clinics
Over 9,000 employees, including 500+ physicians &
clinicians and 3,000+ contractors
Over 700,000 patients generating over 1.2M visits/yr
Top 10 integrated healthcare delivery network
INDUSTRY, PERSONNEL AND COMMUNITY EXCELLENCE
12. 12SailPoint Technologies Confidential & Proprietary Do Not Distribute
IAM Journey @ PHS
2008 20112009 2010
Influential and vocal Cardiology
Group seeks to invest heavily in IT to
improve patient care. Heart Glass
(single pane) initiative begins to
address patient data management
for cardiology physicians. Auditors
seek more granular insight into
access and IT controls.
PHS seeks to address
several business & IT
requirements with IAM.
Conducts internal discovery,
and interfaces with IT
analyst. Initial focus was
technical in nature, with an
appetite for eProvisioning.
PHS’ users clamor for
improved experience and
self-service. IT and
Security collaborate to
build upon the IAM
platform to enable these
end-user services.
ARRA & HITECH Act
provide PHS with a
renewed vision on
simplification, both
infrastructure and
clinical IT.
Multiple PHS groups
collaborate to understand
and define key IT, audit,
security, clinical and
business goals, and the
role of IAM. Logic Trends
works as advisor to
establish program that
aligns with key initiatives.
PHS looks to further
leverage the eProvisioning
platform and introduces
Patient Context
Management to support
data integration of several
key clinical applications.
13. 13SailPoint Technologies Confidential & Proprietary Do Not Distribute
IAM Revelation & Goals
2008 20112009 2010
Influential and vocal Cardiology Group seeks
to invest heavily in IT to improve patient care.
Heart Glass (single pane) initiative begins to
address patient data management for
cardiology physicians. Internal and external
audit seek more granular insight to access
and IT Controls.
Presbyterian Healthcare seeks to
address several business & IT
requirements with IAM…conducts
internal discovery, purchases and
implements a solution. Initial focus
was technical in nature, with an
appetite for eProvisioning.
PHS’s user community clamors
for improved experience and self-
service. IT and Security
collaborate to build upon the IAM
platform to enable these end-user
services.
ARRA & Health Information
Technology for Economic and
Clinical Health (HITECH) Act
provides PHS with a renewed
vision on simplification, both
infrastructure and clinical IT.
PHS looks to further leverage
the eProvisioning platform
and introduce Context
Management, supporting the
data integration of several key
clinical applications.
IAM is a business challenge first and a technology issue,
second. What does the business need?
Multiple PHS groups collaborate to
understand and define key IT,
Audit, Security, Clinical and
Business goals, and the role of
IAM. Logic Trends works as
advisor to establish program that
aligns with key initiatives.
Multiple PHS groups
collaborate to understand
and define key IT, Audit,
Security, Clinical and
Business goals, and the
role of IAM. Logic Trends
works as advisor to
establish program that
aligns with key initiatives.
Enable simplified access reporting and
demonstration of IT controls to best support the
many needs of Audit
Expose user-friendly entitlements to business
users so access decisions can be made efficiently
and effectively
Automate application access based on
authoritative user events, to create agility and
speed when dealing with patient-care
Improve and simplify the user experience thereby
empowering users with the tools to do their job
Mature the IT, Identity and Application
infrastructure to enable more rapid adoption
of solutions
14. 14SailPoint Technologies Confidential & Proprietary Do Not Distribute
IAM Program Development
With a clear understanding of the
business needs, PHS set out to
align the proper activities
Leveraging the Logic Trends IAM5
methodology, PHS embraced:
Phased approach with prioritization
of initiatives
Data & process focus first
Maturity model to enable future
functionality
Business case and frequent solution
release schedule
15. 15SailPoint Technologies Confidential & Proprietary Do Not Distribute
Role Development
“smart” eProvisioning of new users
based upon roles
Full user lifecycle with approval and
controls
Zero-day user and application
enablement
Enterprise risk management
Strengthen IT controls
Compliance reporting alignment
IAM Program Execution
Phase 1
Phase 2
Phase 3
Top Down (business) and Bottom-Up
(app / entitlement) analysis
Business and technical role
development (model)
Policy alignment with role and
business functions
Business-aligned definition of “Who
Has (and needs) Access to What”
Flexible yet accountable model for
identity and access management
Least privilege without role explosion
Applications
Managers
FUNCTIONALITY BUSINESS VALUE
Enterprise identity data collection,
reconciliation & cleansing
Defining “Who Has Access to What”
Policy awareness and definition
User access certification
Identity, access & entitlement maturity
Enhanced IT controls
Audit alignment
IAM platform enabler
End user empowerment & efficiency
16. 16SailPoint Technologies Confidential & Proprietary Do Not Distribute
Lessons Learned
IAM is always evolving and the business will remain dynamic…
remain agile and annually assess priorities, technology and
alignment
Focus on your data & entitlements first (who has access to
what). Everything else in your IAM program builds upon that.
Quick Wins are critical for maintaining momentum and
organizational support for Identity and Access Management
initiatives.
Develop an IAM strategy, and seek support and contributions
from key business and clinical stakeholders.
Experienced partners can help navigate the process to ensure
objectives are met.
18. 18SailPoint Technologies Confidential & Proprietary Do Not Distribute
Logic Trends
A leading professional services firm focused on Identity & Access
Management and Governance
Corporate Profile
Founded in 2002
Inc. 500 Fastest Growing US private
company honoree for five years
Logic Trends services its National
client base through operations in
Atlanta (HQ), Dallas, Chicago,
New York, and Baltimore
Services Profile
300+ Engagements Completed
Repeatable IAM5 Services Framework
Full IAM Lifecycle Service Delivery including:
Strategic Advisory
Program/Project Management
Full IAM SDLC Support
Cloud-Based IAM offering
24X7 Support Center
Resource Snapshot
Senior Delivery Team, 12+ years of IAM delivery
70 employees nationally
Regionally focused
with national
coverage
Sample Healthcare Clients
19. 19SailPoint Technologies Confidential & Proprietary Do Not Distribute
IAM5 – Approach & Methodology
Identity and Access Management often represents the first truly
enterprise solution an organization will deploy. Consequently, IAM
is an organizational, process, and corporate culture challenge first
and a technology challenge second. Our broad experience with
Enterprise IAM has led to the following methodology development:
The IAM5 Methodology is positioned to deliver incremental wins and
outputs for the business and technical audiences
20. 20SailPoint Technologies Confidential & Proprietary Do Not Distribute
IAM for Healthcare
Perfect storm of…
Compliance needs
Provider consolidation
Patient access
IT adoption
End user experience
improvements
Requires a partner with
healthcare, business, IT and
security knowledge capital
21. 21SailPoint Technologies Confidential & Proprietary Do Not Distribute
Introducing SailPoint
Leading identity and access governance (IAG)
solution provider
Founded in 2005
Headquartered in Austin, Texas
Over 140 employees around the world
Our global customer base
Over 75 companies in 14 countries
Our specialty: security & privacy regulatory
challenges in healthcare, financial services and
insurance
We help our customers to
Reduce risk of non-compliance
Proactively manage security and identity risk
Lower administration and compliance costs
Enhance employee productivity
Pave the way for future initiatives
22. 22SailPoint Technologies Confidential & Proprietary Do Not Distribute
SailPoint IdentityIQ Suite
A unified solution for automating compliance and user lifecycle
processes – built on a common roles, policy, and risk model
Compliance
Management
Lifecycle
Management
Automates regular review
of user access
Proactively detects and
notifies managers of
policy violations
Detects and mitigates
identity & access risks
Provides analytics &
reporting for proof of
compliance
Provisions new users
Automates routine user
administration tasks
Job changes
Location changes
Forgotten or expired
passwords
De-provisions
terminated users
23. 23SailPoint Technologies Confidential & Proprietary Do Not Distribute
Determine Current
State
Who has access to what?
Is that access appropriate?
Automate User
Lifecycle Processes
Access Request
Event Lifecycle Mgmt
Workflow/Connectors
Model Desired State
Mine, model & define roles
Define access policies
Configure risk model
SailPoint’s Unique
Governance-Based Approach
Aggregate and correlate data
Data cleanup
Access reviews
Remediation & critical
corrective actions
Mine, model & create roles
Define role assignment rules
Define business policies (SoD
and other)
Define risk model components
Configure access request
Define lifecycle events
(joiner, mover, leaver)
Establish approval
workflows and policies
Define change management
processes
Deploy connectors
where needed
24. 24SailPoint Technologies Confidential & Proprietary Do Not Distribute
SailPoint: Fast Results, Fast ROI
Immediate value to the business
Identify potential risks and vulnerabilities
Remediate problems to reduce risk
Automate strong controls and reliable, repeatable oversight
Provide proof of compliance on demand
Ensure compliance with these safeguards by all staff
Measurable results in weeks
Reduced compliance costs and staffing requirements
Revocations of inappropriate access (avg. 20-30%)
Detection and remediation of policy violations
Elimination of high-risk accounts