identity, security and healthcare
DESCRIPTION
Healthcare businesses must balance the requirement to provide the necessary information practitioners need to deliver quality healthcare, with the pressing need to keep patient data private and secure. As more and more patient information moves online and mobile, healthcare organizations are rethinking the role of identity in ensuring that the right people get the right information when and how they need it. Geoff Webb, Director of Solution Strategy with NetIQ presented 'Identity, Security and Healthcare' at the Heart of America HIMSS chapter event at Johnson County Community College on January 16th 2014. His presentation looked at the evolving trends of mobility, social identity, cloud, and security in the world of healthcare, and how you can start planning now to meet the needs of your organization today and in the future.TRANSCRIPT
Geoff WebbSenior Director, Solution Strategy
Identity, Security and Healthcare
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.2
Identity, Security and Healthcare
Agenda –
How does identity and the changing practice of identity management address the major challenges facing the healthcare industry today?
•What are the challenges and risks?
•How is complexity having an effect?
•How does the concept of identity solve these problems?
•Where are we headed?
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.3
Big Challenges Facing Healthcare
• Demand for healthcare is changing
• Financial model is changing
• Role of the patient is changing
• Healthcare itself is changing
• Competitive landscape is changing
• Role of government is also changing
Source: Business Drivers of Technology Decisions for Healthcare Providers – Gartner December 2013
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.4
In other words… a lot is changing, fast
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.5
Change Increases Risk
These changes increase complexity as well expectations among users of systems and patients.
This “consumerization of expectation” is a significant driver of risk for organizations handling sensitive data, such as patient and employee records.
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.6
Healthcare Breaches Overall
Source: A Look Back: U.S. Healthcare Data Breach Trends - Health Information Trust Alliance (HITRUST)
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.7
94%#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.8
Causes Of Breaches
Source: Third Annual Benchmark Study on Patient Privacy & Data Security – Ponemon Research
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.9
Type of Breach
Source: A Look Back: U.S. Healthcare Data Breach Trends - Health Information Trust Alliance (HITRUST)
#HOAHITSEC14
A Changing Technology Landscape
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.11
Market Trends Driving Change
Mobility Information SocialCloud
ENTERPRISE
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.12
Mobility On The Move
Source: Third Annual Benchmark Study on Patient Privacy & Data Security – Ponemon Research
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.13
Yet Much Remain Unsecured
Source: Third Annual Benchmark Study on Patient Privacy & Data Security – Ponemon Research
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.14
Consumer Cloud Poses A Risk
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.15
Let’s Get Social
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.16
More, More, More• More:
– Information
– Devices
– Users and participants
– Collaboration and sharing
– Mobility
– Risk and penalties
• Less:– Control
– Visibility
– Ability to say “no”
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.17
Complexity
All of the above is driving an explosion in complexity
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.18
Cutting Through Complexity
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.19
Identity Is The Key
• Identity management is the key to safely unlocking the power of emergent trends such as:
– Mobility
– Cloud
– Information use
– Social Media
• Good identity management improves outcomes and reduces risk
• And it’s cheaper…
#HOAHITSEC14
Building On The Power of Identity
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.21
What Is Identity Management?
• Rapidly changing discipline that helps us define:
–Who people are
–What privileges they should have
–What resources they should have access to
–What that access should be
• In order to:–Improve productivity
–Reduce risk
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.22
The Bottom Line
Identity Management ensures that the right people have access
to the right resources and services at the right time, in the
way they need it
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.23
Changing Role Of Identity
• Gone from highly IT-Centric to very business-centric
• No longer owned by the IT organization
• Increasingly reflects the more consumerized technology landscape and expectations of users
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.24
Identity Ties Together
• Relationships of people, process and information
• Regardless of technology
• In a way that is secure and manageable
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.25
Concrete Challenges
• How do I get people access quickly?
• How do I monitor what they are doing?
• How do I reduce the risk from privileged users?
• How do I know when I have been breached?
• How do I report on who has access to what?
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.26
The Blind Spot
Employee Lifecycle
Source: http://www.gophoto.us/key/human%20life%20stages
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.27
The Blind Spot
RiskBlind Spot
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.28
Who Is The Risk?
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.29
Mistakes Are Costly
Source: Datalossdb.com
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.30
Mistakes Are Costly
Source: Datalossdb.com
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.31
How Do We Solve These Issues?
• Identity Context•Adaptive Access• Integrated Governance• Identity-Powered Security
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.32
Integrated Identity and Access LifecyclePowers the entire user lifecycle
#HOAHITSEC14
What Does This Look Like?
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.34
Employees Needs Access…
• Self-service access request to healthcare applications
• Web, cloud and enterprise single sign-on
• Self-service password reset
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.35
Managers Need to Manage…
• A complete view of her people and resources
• Ability to review and approve requests on-the-go
• Better information to make access certification decisions, faster
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.36
And Auditors Need Visibility
• An Identity and Access Governance Platform
• Record and review policies and policy violations
• Analyze risk from unnecessary access rights
• Limit and monitor the activities of privileged users to reduce insider risk
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.37
Integrated Identity Management
These capabilities derive from integrated, intelligent identity and access management that extends up to the cloud, incorporates mobile computing, and reflects the priorities and speed of business of healthcare professionals
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.38
But Wait…
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.39
Internet of EVERYTHING
25 billion and 1 trillion items by end of decade
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.40
And EVERYTHING is going to want an Identity
(which is a lot)
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.41
Identity Powered Healthcare
• Identity management will define your interactions with clinicians, partners, associates and patients
• More devices, more data and more relationships that ever
• More opportunities to personalize and respond than ever
BUT – the demand for everything to have an identity will tax traditional thinking and approaches
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.42
Next Up
Welcome to Generation “I”
#HOAHITSEC14
© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.43
Recommendations
• Evaluate how your organization uses identity
• Plan to integrate identity and access management into the cloud and from mobile devices
• Extend identity intelligence into your security management plans
• Plan to manage the impact of social identity
#HOAHITSEC14
© 2013 NetIQ Corporation and its affiliates. All Rights Reserved.44
Worldwide Headquarters1233 West Loop South Suite 810 Houston, TX 77027 USA+1 713.548.1700 (Worldwide)888.323.6768 (Toll-free)[email protected]
www.netiq.com/communities