Now that the HIMSS conference has wound down, folks are starting to try to make sense of what, by all accounts, was a massive amount of new and important information to digest.
One of the nuggets that I pulled out was a pressing and real concern for security in the healthcare infrastructure. The concern was voiced clearly through the HIMSS Leadership Survey. The survey was conducted last December through January 2010 and included the responses of 398 healthcare leaders spread among 270 healthcare organizations.
One of the surprises for me is that respondents to the survey were more concerned about internal breaches vs. external breaches or unsecured laptops/PDA’s. In fact, internal security breaches lead the list of worries with 34% of survey respondents naming it as a top concern. And no wonder! 25% reported a security breach in the past year. HealthsystemCIO posted a great summary of the security portion of the survey.
Based on our own third-party research on Active Directory security those concerns seem well founded. Some of the things that the research turned up:
- 92% of organizations grant resource access through Active Directory
- It takes 3 days for HR to notify IT when an employee is terminated and should be de-provisioned in Active Directory. That’s a lot of exposure time.
- More than 42% said that someone in their organization had accessed information that they were not authorized to. In the healthcare setting that could lead to millions of dollars in losses. Ask UCLA.
If you are in a healthcare organization, and you are concerned about security a good place to start very well may be Active Directory. Most organizations use it heavily to authenticate against, and many still provision changes to it as a manual process.
Better security can be one huge advantage of automating your Active Directory user provisioning and de-provisioning. It gets even better when you automate the management of your security groups in Active Directory as well!
Done properly employee adds and terminations are automated, as well as internal transfers and promotions. Plus, you get the added bonus of freeing your staff to work on implementing some of the other great ideas that came out of HIMSS!
Jonathan Blackwell
View ProfileSince 2012, Jonathan Blackwell, an engineer and innovator, has provided engineering leadership that has put GroupID at the forefront of group and user management for Active Directory and Azure AD environments. His experience in development, marketing, and sales allows Jonathan to fully understand the Identity market and how buyers think.