Internal employees continue to pose biggest risk in security breaches.

Latest Experian security forecast - Cost of breaches in the healthcare industry could reach $5.6 billion annually.

How will the next identity spill happen?  The latest Experian data breach industry forecast points to your employees being the biggest threat.  Stronger external authentication and tighter protocols continue to miss the mark.  Employee negligence will continue to be the leading cause of security incidents in 2015.

Experian goes on to state that Healthcare breaches will continue to grow this year.  With the huge challenge of securing such a significant amount of data, the problem becomes even more serious when organizations are faced with a shortage of internal expertise.  With the majority of breaches originating from inside company walls, the report clearly indicates business leaders need to fight the root cause of data breaches rather than buy the latest security widgets.

What are some steps that you can take in your organization to prevent the next identity spill?

• Perform regular certification or attestation of application or role access.
• Implement automated provisioning and deprovisioning of identities
• Implement Role Based Access Control and Attribute Based Access Control
• Control  access to applications via a central identity provider
• Provide Self-Service password reset
• Implement strong authentication, regardless of the application

Preforming regular certification/attestation of access – At any time you need to be able to snapshot the access granted to a resource by roles, locations and person accounts.  Security assignments should be automated, but access should be certified and routed to an appropriate authorized person for review.  This review should verify the access and certify if it is valid or not.  A tool like EmpowerID makes certifications easy for the organization with scheduled certification and attestation policies that can be run and audited.

Implement automated provisioning/deprovisioning – Role based or attribute based access needs to be automatically and immediately provisioned or deprovisioned.  When an employee’s role changes, the resultant set of access needs to be calculated instantly.  Some application and resource access will be taken away and some will be granted.  Absence of role based deprovisioning is a root cause of an employee having too much access.  EmpowerID takes provisioning to the next level by allowing you to provision and deprovision based upon roles in the organization.

Implement RBAC & ABAC controls - You need an RBAC/ABAC engine to continuously evaluate how much access someone should or shouldn't have.  EmpowerID uses a hybrid approach with RBAC and ABAC adding in rules and even Separation of Duties enforcement.

Control access to applications via a central identity provider - Having users log into apps with a separate username and password is a recipe for disaster.  An IdP allows you to centrally validate someone’s identity and then assert that identity into applications wherever they are.  The EmpowerID IdP allows employees to search for applications that are granted for their role, removes ones that are not granted and provides the SSO into the application.

Provide Self-Service password reset - Let's face it, this not only tightens up security, but saves a lot of money.  EmpowerID provides full detailed audit trails of anything account related such as who changed the password, who approved it and more.

Implement strong authentication, regardless of the application - There are a lot of ways to get into your network.  The VPN, the email server and SaaS applications are all exposed entries into the protected network.  Do they all have the same authentication capabilities?  You need an authentication service that supports all the protocols, not just those most used.  EmpowerID can step up authentication at any level for any service.  The VPN, the routers, the SaaS apps, SharePoint, it doesn't matter.

The bottom line is this, an ounce of prevention is better than a pound of cure.  According to Experian the average cost per lost record is just under $200 dollars, with average total impact cost to your organization just under $4 million.  Click through below and let us show you how easy it is to automate access and control privilege in your environment.

EmpowerID has been recognized as a three time leader in a recent KuppingerCole report evaluating Identity and Access Management (IAM) / Identity Access Governance (IAG) Product Suites.

The IAM/IAG Leadership Compass “focuses on complete IAM/IAG (Identity Access Management/Governance) suites that ideally cover all major areas of IAM/IAG as a fully integrated offering,” Martin Kuppinger wrote in the report.

KuppingerCole, a respected global analyst focused on Information Security, examined Identity and Access Management / Governance Suites for this report. They specifically evaluated products that are integrated solutions with a broader scope than single-purpose products. Martin Kuppinger concluded in the report, “With their Windows-based product they [EmpowerID] offer one of the best integrated IAM Suites. All components have been built by EmpowerID, allowing for tight integration into a well thought-out architecture. This integrated approach is a clear strength of EmpowerID."

To request an unabridged copy of the the KuppingerCole report on IAM/IAG Suites, please visit http://info.empowerid.com/download-the-free-kuppingercole-iam-suites-leadership-compass.

Security for identities.  Managing user access to applications.  Auditing user access.

“Ugh”, you might think, “That sounds like more cost, more time, and more responsibility for IT”.

But a platform approach to Identity and Access Management (IAM) that is rich in innovation can result in lower costs, better productivity, and reduced demands for IT resources, while providing managers with better and more timely information.

Take for example a home healthcare provider with $2 billion in revenue and 40,000 employees in 40 states facing constant pressure to reduce costs as a result of declining government reimbursements for their services.  This organization had already used their considerable size advantage to create efficiencies and reduce costs wherever possible.  Then their Chief Security Officer (CSO) conducted a review of IAM technology and presented his management with a plan that would improve the productivity of their employees, reduce the workload on IT, improve the security for patient data and assist their organization in continuing to be a leader in the quality of patient services.

Built from a series of acquisitions in an industry that experiences high turnover, this organization lacked an efficient process for provisioning home healthcare workers into the many web applications they need to perform their work.  The process began with HR creating a manual request for IT to provision a new user into the apps they require, and once this was completed, the new user had to register themselves and create a password in each application. This process was complex and required too much effort for the home healthcare employees to learn and to maintain.

The CSO’s experience with several of the oldest and most installed IAM platforms made him wary of starting a new project with one of them because of their high licensing costs and the difficulty in customizing them to meet an enterprise’s specific needs.  He wanted a solution that would be easier to implement and easier to mantain.

After evaluating multiple products, he chose the EmpowerID platform for its different and innovative approach to Identity and Access Management.  Built on a single codebase with a workflow core and shipping with hundreds of ready to deploy workflows, the CSO was impressed with EmpowerID's broad functionality and its ability to easily design and to automate complex IAM processes with its visual Workflow Designer. 

The CSO determined during a software trial that EmpowerID’s powerful Role-Based Access Control (RBAC) engine could create effective roles based on both an employee’s place in the organizational hierarchy and their location, and it could scale easily for the size of their staff. EmpowerID proved itself to be flexible in also offering Attribute-Based Access Control (ABAC) for their scenarios where the use of contextual policies to govern access is more appropriate. 

He also discovered that EmpowerID’s integrated Single Sign-On (SSO) module federates not only with more recent web applications that natively support SAML authentication, but also with legacy applications that lack SAML capabilities.  Thus he could accommodate all of his user scenarios end to end, from provisioning to access, using EmpowerID, rather than having to integrate two or more applications. 

The CSO concluded that EmpowerID’s “all in one” approach could create the solution they needed in a shorter timeframe with fewer professional services and less risk to their project timeline and budget. The ability to show his management faster ROI helped him to obtain funding for the project. 

EmpowerID’s User, Group and SSO Manager modules were then deployed to provision and to manage federated identity for the application portal, allowing new users to be added within hours, instead of days, and enabling the use of one login by a healthcare provider to access all of their applications. 

New user onboarding was further simplified by creating a feed from the organization’s PeopleSoft HR application to EmpowerID, which in turn creates all the user accounts and access privileges in the applications they need, based on their business role. New users require less training and are ready to go to work as soon as they claim their identity upon first logging into the application portal.

The home healthcare staff appreciate EmpowerID's friendly HTML5 user interfaces that adapt to the screen size of any device they use, whether a tablet or a smartphone, and the reduction in effort to get to their clinical applications, while patients are pleased that less time is consumed by administrative tasks during their scheduled visits. 

EmpowerID’s multi-factor authentication capability (using an OATH token and SMS one time password) was implemented to strengthen system access security and to better protect the privacy of patient data, which is important in meeting regulatory and audit requirements.

EmpowerID also assists the organization’s auditors with data governance – the discipline of ensuring that access to corporate and patient data is secure and is subject to the proper controls. EmpowerID not only improves the quality of data, is also supports configurable Separation of Duties (SOD) policies, attestation procedures and system dashboards for quick visibility of pending tasks and system statistics. EmpowerID provides dozens of reports out of the box and it supports Microsoft’s SQL Reporting Services to quickly provide the information that different users need.

As a result of successfully automating their new user provisioning process and providing a seamless single-sign on experience for its home healthcare staff, this organization is realizing substantial productivity savings that will pay for EmpowerID in a period of just eighteen to twenty-four months. 

The CSO’s vision for a single, flexible platform that could be implemented on-time and within budget to automate and to securely manage multiple aspects of the enterprise, creating new efficiencies and cost-savings, has been fully realized with EmpowerID's deployment.

Ranked by KuppingerCole as a Product Leader, Innovation Leader and Overall Leader in their recent Leadership Compass for Identity Provisioning, EmpowerID helps diverse organizations across the globe improve identity security and access governance, increase productivity, lower costs, and improve service delivery through its innovative and cost-effective approach to IAM.