The National Cybersecurity Alliance and the Identity Defined Security Alliance (IDSA), present the first 'Identity Management Day,' an annual awareness event that will take place on the second Tuesday in April each year.
We heard from healthcare experts on identity management's importance and how it has become an integral piece of creating a fortified cybersecurity posture and a frictionless customer experience.
Rebecca Archambault, Trusted Identities Leader, Highmark Western and Northeastern New York
“You cannot fully transform your digital presence, or your digital business, without focusing on the digital identity. It should be the first foundational component you understand within your Cyber Security team. The biggest challenge that I see is that most organizations don’t fully recognize the role of identity and its impact to every facet of their business.
My advice would be to make a commitment to invest into an identity strategy, and establish a forward-looking approach. It needs to address the mounting technical debt that legacy systems and applications carry with them. It needs to include implementation of a modern identity solution that simplifies, innovates and enables their business. And finally, the strategy needs to take a ‘risk aware approach’ to balance the customer experience while increasing security.”
Carlos Garcia, Sr Principal Architect, Enterprise Clinical Technology – Genomics, Optum
“I think the biggest challenges remain the fundamentals. So many organizations are still trying to implement provisioning and attestation beyond the core major identity systems like their AD and HR systems. I think great technologies like SAML, when used within an enterprise are great for integrating applications especially after acquisitions, but often become band-aides that mask the underlying issues of dispersed identity silos. The hard work is getting all these systems centralized or at least well managed through best practices around governance and especially deprovisioning. This is an endless challenge with large enterprises that do many small acquisitions a year. Many times the challenge becomes the cost of integrating acquired entities if your systems are too inflexible.
In addition, as multi-cloud adoption grows, managing all those identities and especially the governance around what authorization they have is a big challenge. The business wants to move faster than you have time to create new policies, so thinking ahead of the business challenges coming is important.”
Wes Wright, CTO, Imprivata
“In healthcare, the biggest challenge is finding the resource for implementation and management of the program. Pre-COVID, healthcare IT staff had more work than they could handle. Now, with the addition of the COVID requirements, HIT staff just can’t find the time to implement. My best piece of advice around this is, first, don’t think of identity management as a project –it’s a journey that continues. If you have to name it something, call it a “program.” Second, it’s not an HIT program, you must garner the support and championing of the program from a diverse set of executives (HR, CMO, COO, CIO, CISO, etc.). This way, when you have to forego other projects (the main problem as noted above), then you have the support of other executives, whose projects are probably going to be delayed. As in almost every problem in life, it’s all about communication and collaboration.”