identity, security and healthcare

Geoff WebbSenior Director, Solution Strategy

Identity, Security and Healthcare

#HOAHITSEC14

© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.2

Identity, Security and Healthcare

Agenda –

How does identity and the changing practice of identity management address the major challenges facing the healthcare industry today?

•What are the challenges and risks?

•How is complexity having an effect?

•How does the concept of identity solve these problems?

•Where are we headed?

#HOAHITSEC14


Big Challenges Facing Healthcare

• Demand for healthcare is changing

• Financial model is changing

• Role of the patient is changing

• Healthcare itself is changing

• Competitive landscape is changing

• Role of government is also changing

Source: Business Drivers of Technology Decisions for Healthcare Providers – Gartner December 2013

#HOAHITSEC14


In other words… a lot is changing, fast

#HOAHITSEC14


Change Increases Risk

These changes increase complexity as well expectations among users of systems and patients.

This “consumerization of expectation” is a significant driver of risk for organizations handling sensitive data, such as patient and employee records.

#HOAHITSEC14


Healthcare Breaches Overall

Source: A Look Back: U.S. Healthcare Data Breach Trends - Health Information Trust Alliance (HITRUST)

#HOAHITSEC14


94%#HOAHITSEC14


Causes Of Breaches

Source: Third Annual Benchmark Study on Patient Privacy & Data Security – Ponemon Research

#HOAHITSEC14


Type of Breach

Source: A Look Back: U.S. Healthcare Data Breach Trends - Health Information Trust Alliance (HITRUST)

#HOAHITSEC14

A Changing Technology Landscape


Market Trends Driving Change

Mobility Information SocialCloud

ENTERPRISE

#HOAHITSEC14


Mobility On The Move


#HOAHITSEC14


Yet Much Remain Unsecured


#HOAHITSEC14


Consumer Cloud Poses A Risk

#HOAHITSEC14


Let’s Get Social

#HOAHITSEC14


More, More, More• More:

– Information

– Devices

– Users and participants

– Collaboration and sharing

– Mobility

– Risk and penalties

• Less:– Control

– Visibility

– Ability to say “no”

#HOAHITSEC14


Complexity

All of the above is driving an explosion in complexity

#HOAHITSEC14


Cutting Through Complexity

#HOAHITSEC14


Identity Is The Key

• Identity management is the key to safely unlocking the power of emergent trends such as:

– Mobility

– Cloud

– Information use

– Social Media

• Good identity management improves outcomes and reduces risk

• And it’s cheaper…

#HOAHITSEC14

Building On The Power of Identity


What Is Identity Management?

• Rapidly changing discipline that helps us define:

–Who people are

–What privileges they should have

–What resources they should have access to

–What that access should be

• In order to:–Improve productivity

–Reduce risk

#HOAHITSEC14


The Bottom Line

Identity Management ensures that the right people have access

to the right resources and services at the right time, in the

way they need it

#HOAHITSEC14


Changing Role Of Identity

• Gone from highly IT-Centric to very business-centric

• No longer owned by the IT organization

• Increasingly reflects the more consumerized technology landscape and expectations of users

#HOAHITSEC14


Identity Ties Together

• Relationships of people, process and information

• Regardless of technology

• In a way that is secure and manageable

#HOAHITSEC14


Concrete Challenges

• How do I get people access quickly?

• How do I monitor what they are doing?

• How do I reduce the risk from privileged users?

• How do I know when I have been breached?

• How do I report on who has access to what?

#HOAHITSEC14


The Blind Spot

Employee Lifecycle

Source: http://www.gophoto.us/key/human%20life%20stages


The Blind Spot

RiskBlind Spot

#HOAHITSEC14


Who Is The Risk?

#HOAHITSEC14


Mistakes Are Costly

Source: Datalossdb.com

#HOAHITSEC14


How Do We Solve These Issues?

• Identity Context•Adaptive Access• Integrated Governance• Identity-Powered Security

#HOAHITSEC14


Integrated Identity and Access LifecyclePowers the entire user lifecycle

#HOAHITSEC14

What Does This Look Like?


Employees Needs Access…

• Self-service access request to healthcare applications

• Web, cloud and enterprise single sign-on

• Self-service password reset

#HOAHITSEC14


Managers Need to Manage…

• A complete view of her people and resources

• Ability to review and approve requests on-the-go

• Better information to make access certification decisions, faster

#HOAHITSEC14


And Auditors Need Visibility

• An Identity and Access Governance Platform

• Record and review policies and policy violations

• Analyze risk from unnecessary access rights

• Limit and monitor the activities of privileged users to reduce insider risk

#HOAHITSEC14


Integrated Identity Management

These capabilities derive from integrated, intelligent identity and access management that extends up to the cloud, incorporates mobile computing, and reflects the priorities and speed of business of healthcare professionals

#HOAHITSEC14


But Wait…

#HOAHITSEC14


Internet of EVERYTHING

25 billion and 1 trillion items by end of decade

#HOAHITSEC14


And EVERYTHING is going to want an Identity

(which is a lot)

#HOAHITSEC14


Identity Powered Healthcare

• Identity management will define your interactions with clinicians, partners, associates and patients

• More devices, more data and more relationships that ever

• More opportunities to personalize and respond than ever

BUT – the demand for everything to have an identity will tax traditional thinking and approaches

#HOAHITSEC14


Next Up

Welcome to Generation “I”

#HOAHITSEC14


Recommendations

• Evaluate how your organization uses identity

• Plan to integrate identity and access management into the cloud and from mobile devices

• Extend identity intelligence into your security management plans

• Plan to manage the impact of social identity

#HOAHITSEC14


Worldwide Headquarters1233 West Loop South Suite 810 Houston, TX 77027 USA+1 713.548.1700 (Worldwide)888.323.6768 (Toll-free)[email protected]

www.netiq.com/communities

http://www.facebook.com/netiq

http://www.twitter.com/netiq

http://www.linkedin.com/groups?gid=2745833

identity, security and healthcare

Technology

netiq corporation

power of identity

identity ties

concept of identity

key identity management

healthcare agenda

healthcare industry

changing discipline