Proprietary & Confidential. Copyright IDMWORKS 2017.

1

Best Practices for Assessments

SanFrancisco.HealthPrivacyForum.com #HITprivacy

MAY 11–12, 2017SAN FRANCISCO, CA

Proprietary & Confidential. Copyright IDMWORKS 2017.

Assessing your Identity & Access Management Maturity

Proprietary & Confidential. Copyright IDMWORKS 2017.

3

ABOUT IDMWORKSWe are a group of problem solvers that deliver technological solutions for business through leadership and development with over 600+ successful Engagement with Clients Across Multiple Sectors

Vision Mission Finish

“Our team has always enjoyed a great working relationship with IDMWORKS over various projects spanning multiple years. Our experiences have always been professional and have resulted in excellent service delivery and highly effective outcomes.” –F. Como, Excellus Blue Cross Blue Shield

Operational since 2004135+ EmployeesD&B rating of 95%Offices in across the US and India

IDMWORKS Consulting: IAM Consulting (Advisory & Implementations)Hosted & Managed Services (MSP and Support Services)

IDMWORKS IdentityForge: Mobile/Custom DevelopmentManufacturer of Mainframe connectors (i.e. Cerner), EPIC web

service connector, and dozens more Non-Employee Identity Suite (NEIS) (i.e. traveling nurses,

affiliates, students, temps, contractors, etc)IDMWORKS Data Center (“DCMWORKS”): Data Center Migrations, MSP

FACTS

Proprietary & Confidential. Copyright IDMWORKS 2017.

4

Our Customers Come From Every Area Of Healthcare

Proprietary & Confidential. Copyright IDMWORKS 2017.

5

Assessing your IAM Maturity (model included)

Proprietary & Confidential. Copyright IDMWORKS 2017.

6

Once an organization achieves an “Optimized” status they must Rinse & Repeat the process.

This will allow the re-alignment of priorities and strategy as the IAM vision adapts with the business

Level 1Initial

Level 2Developing

Level 3Defined

Level 4Managed

Level 5Optimized

Governance is ad hoc and informal

Tools put in place on a piecemeal basis

An IAM vision is defined

An IAM architecture is defined

Tactical priorities set based on certain business drivers

Technology redundancy is likely

An IAM governance structure is defined

The IAM PMO is established

Multiyear projects are aligned with vision and strategy

IAM performance targets are actualized

Performance is continuously monitored

Transformational

value

Discrete technology projects

Business value is tactical

Responsibilities are poorly defined

Key stakeholders are actively involved in the IAM program

IAM architecture aligned with EA

The IAM program is dynamic and adaptive to changes in business conditions

Rinse & Repeat (aka Plan, Build, Run)

The Identity & Access Management (IAM) Maturity Model

Proprietary & Confidential. Copyright IDMWORKS 2017.

7

IAM provides a practical, structured and coherent approach to the management of users' identities and their access to systems and data.

What Should We Assess?

IAM ensures the right people get access to the right resources at the right times for the right reasons

Why Should We Assess?

The IAM Assessment

Proprietary & Confidential. Copyright IDMWORKS 2017.

8

IAM Technologies Grouped by Primary Functional Capability

What Should We Assess (expanded)?

Proprietary & Confidential. Copyright IDMWORKS 2017.

9

Best Practices For Assessments, Blueprints & Roadmaps: When To Refresh Your Identity Management Roadmap

Proprietary & Confidential. Copyright IDMWORKS 2017.

10

A Future State Blueprint defines what the organization believes can reasonably be accomplished incrementally within a phased long-term roadmap to successfully address the over-arching pursuit of the organizations’ Security Services vision.

The Blueprint endorses the Roadmap implementation of several core Identity & Access management component technologies to build a solid Identity & Access Management Services Framework to support more efficient, more secure and more effective delivery of Security services in the future.

Identity & Access Mgt.Component

Then Now

Roadmap? Change?

Automated Provisioning

Automated Identity Data Synchronization

Granular User Admin/Authentication and Authorization Mgmt

Password Management

Role Management

SSO & Federation

Privileged Identity Mgmt

Identity Analytics

Proprietary & Confidential. Copyright IDMWORKS 2017.

11

How do we maintain our IAM Maturity?• Strategy

• Responsibility

• Architecture

• Plan & Budget CP

ID Infrastructure design

Processes

Controls

• Identity andentitlementsprocesses

• Technologyselection &implementation

• Communications

GovernSteering Committee

Executive SupportDelegation of Authority

Risk Assessment

Plan Build

Run

And now that we have refreshed….

Proprietary & Confidential. Copyright IDMWORKS 2017.

12

Today’s Takeaways

Proprietary & Confidential. Copyright IDMWORKS 2017.

13

888.687.0437

www.idmworks.com

Facebook.com/idmworks

info@idmworks.com

Call Us:

PO BOX 140040, Coral Gables,FL 33114