The Identity & Access Management Blog

Friday, April 20, 2012

Bridging the Gap Between IDM & Healthcare

This week we're proud to feature a blog post from our sister company, GCA Technology Services. Today we're discussing Healthcare and how to optimize your existing solution for reduced error and compliance findings.

I recently read an article from local, technology-focused periodical that was recruiting nominees for “Technology Entrepreneur of the Year.” As I was reviewing last year’s winner, I noticed something intriguing. The winner works for a company that takes disparate spreadsheets of information from different software providers and connects them so there is one, complete view of the information on just one screen. I was shocked to see that this software company’s CEO first wrote the program in 2001.

What we do here at GCA is no different. We are expanding our sister site, Actionidentity.com to fully showcase our expertise in taking disparate systems and connecting them with a user provisioning solution. More on this later.

The company I was referring to in the beginning of this blog connects spreadsheets. Well, GCA connects healthcare applications (Cerner, AllScripts, Keane, McKesson to name a few) to a user provisioning solution so that new users or those that need to be modified can be managed easier.

Most healthcare organizations have to onboard and off-board new employees, contractors, temporary workers, and visiting employees from another hospital through a manual process. GCA has taken these manual workflows and made them a thing of the past.

GCA has the ability to reduce costs, provision users quicker, and provide transparency and audit-friendly reporting for any and all healthcare organizations. We have had tremendous success and can offer a universal solution for any healthcare application and for any user provisioning (NetIQ/Novell, CA, Oracle, etc) solution.

Interoperability is not a new concept for many people. Healthcare application and user administrators might feel that it is because until now, they were unable to join the two. I’m excited to be working on projects that are the first of their kind, bringing a better experience and a safer/more protected solution that meets HITECH/Meaningful Use/HIPAA regulations.

For more information or if you want to read a case study, go ahead and leave me a comment and I will e-mail you a PDF about the healthcare IDM successes we’ve had.

To learn more about identity management, please visit Action Identity. If you’d like to discuss an identity and access management solution for you, we invite you to contact us.

Still have questions? Contact us!
Be sure to follow us on Twitter!

Tuesday, April 17, 2012

Password-Based Security Risks

Passwords and security risks are a major concern for a lot of growing businesses today, especially those who have or hold access to sensitive information such as police stations, court houses, hospitals and clinics. Many of these organizations use some sort of directory system like eDirectory or Active Directory to maintain their users’ authentication and authorization into the internal network and various databases. Each organization also maintains the password policies for their users (i.e. Expires every 45 days, Must be 7 characters, Must have one number, etc…). With a growing number of applications follows an increased number of passwords, which poses difficulties in managing.

It is common for people to write down their current password somewhere which makes losing it or having it stolen a higher risk for the security of the system. Brute Forcing of passwords is another risk of environments that solely rely on passwords for access to their systems. Brute Forcing is simply guessing the password, which has a high success rate because it’s common for people to use default passwords. Social Engineering to guess passwords is also growing to be a serious threat for systems protected only by user created passwords.

The CJIS Mandate is being put into effect for federal agencies that utilize federal resources to protect sensitive information from threats like the ones listed above. Two-factor authentication requires "something you have" and "something you know" in order to access the system. This eliminates the risk of only needing a password to gain access to important databases. Most agencies are already using some sort of smart card technology to access buildings, parking garages, and specific equipment. By utilizing biometric authentication or smart card authentication, organizations can add a layer of protection limiting improper access to domain resources and environments.

Thank you for your time in reading my blog about the risks of managing an environment solely protected by passwords. If you have any questions, feel free to comment below as I am more than happy to answer any questions or comments.

Vendors such as HID naviGO and Authasas have great software solutions to meet advanced authentication specifications. Read more about Authasas and the features it provides in Authasas: Software for Strong Authentication. To learn more about the CJIS Mandate and HID naviGO's features, check out CJIS Advanced Authentication Requirements and naviGO Software.

I hope you have enjoyed this blog. If you have any questions on this topic, leave a comment below and we’ll get back to you shortly. To learn more about Action Identity and password management, visit our website. To contact us directly, please click here. We look forward to hearing from you.

Interested in learning more? Check out these entries:
The Benefits of Using HID to Secure your Company
Becoming Compliant with the CJIS Security Policy
What is IDM?
View More...

Still have questions? Contact us!
Be sure to follow us on Twitter!

Learn about Password Management and CJIS Compliance!

Thursday, April 5, 2012

OpenDJ - Cost Effective Directory Solution

Currently, if you want to run an organized business, you need a directory for your employees and perhaps your clients as well. If you’re an entrepreneur and starting a small business, you may not have the financial means for purchasing one of the big named directory services such as Active Directory or NetIQ’s eDirectory. OpenDJ is a great solution for getting your business off the ground, being that it is the most complete open source directory product. OpenDJ also provides plug-and-play installation, allowing your IT staff to set up the directory and move on to configuring your budding infrastructure. OpenDJ also runs on Java, providing multi-OS deployment, including virtualized environments.

If you’re worried about security, don’t be. Just because the product is open source doesn’t mean they skimp on securing your data with multiple degrees of authentication and authorization, password encryption, and password policies. OpenDJ also allows integrates seamlessly with any vendor specific code you might need/have. OpenDJ may be open source, but it definitely has what it takes to compete with the big dogs in the “closed source – proprietary” environment.

By utilizing the open source availability of this product, with a competent staff of developers, there is almost no limit to what can be implemented using this solution. Don’t fret about having to customize everything yourself though! There is a full suite of tools and management applications that come with your installation. Also, because it runs on the Java Virtual Machine, it can be run virtually on any operating system that supports java.

Thank you for taking time to read my blog. If you have any questions, feel free to comment below as I am more than happy to answer any questions or comments.

To learn more about Action Identity, visit us here. If you'd like to contact us directly, please click here.
What is IDM? Get your Identity and Access Management questions answered here.

Interested in learning more about ForgeRock? Check out these other entries:

Stacking ForgeRock OpenIDM Up to the Competition
What is ForgeRock OpenAM?
ForgeRock's OpenIDM Open Source Identity Management
The Necessity of Identity Management
View more entries

Stacking ForgeRock OpenIDM Up to the Competition

Researching ForgeRock OpenIDM 2.0, and the website’s claim to being flexible and easy to use, has sparked my interest into what the product has to offer. ForgeRock is growing in popularity in the development community because of its open availability and the user community forums. Developers are working together to help improve the software and make a strong code base. OpenIDM 2.0 is designed to help provide businesses with a solution for business process handling and compliance and the product excels at this by using JSON for reconciliation, synchronization, and mapping, making the process of bulk importing users into a system more developer/administrator friendly.

Some key features of ForgeRock OpenIDM that I found interesting were features like its ability to integrate well with 3rd party legacy and cloud applications. OpenIDM leverages use of OpenICF (Open Source Identity Connector Framework), a set of connectors to a number of systems as well as offering the ability to extend with additional connectors. Just to re-emphasize, this product being Open Source and freely available to obtain and modify makes the value of using OpenIDM to meet a business’s Identity Management needs, a highly viable solution.

Identity Management isn't a new thing, and there are many other competing Identity Management products available. Some other similar products are NetIQ (formerly Novell) Identity Manager 4, Oracle Identity Manager 11G, or IBM Tivoli Identity Manager. For the purposes of this blog, I'll stick with NetIQ IDM 4, Oracle IDM 11G, and ForgeRock OpenIDM 2.0.

After learning about how easy to obtain OpenIDM was, I went ahead and downloaded a copy from the site and I'm now giving it a try in a test environment. The product is most certainly something to take a look into if you are interested in Identity Management. I'm excited to dig into ForgeRock OpenIDM, so keep checking back for a future blog on my ForgeRock OpenIDM 2.0 User Experience.

Thank you for taking time to read my blog. If you have any questions, feel free to comment below as I am more than happy to answer any questions or comments.

To learn more about Action Identity, visit us here. If you'd like to contact us directly, please click here.
To get more information on Single Sign On Solutions, please click here.
What is IDM? Get your Identity and Access Management questions answered here.

Interested in learning more about ForgeRock? Check out these other entries:
What is ForgeRock OpenAM?
ForgeRock's OpenIDM Open Source Identity Management
The Necessity of Identity Management
View more entries

Benefits of Automated User Provisioning

User provisioning to company software such as payroll, commonly knows as identity management, has typically been a daunting task for database administrators or IT professionals. However, lately we have seen a new trend in automating the processes through means of a driver. Using drivers, the database administrator can create the user in the directory, or another program connected to the directory, and the user will be provisioned to all the programs he has access to and that are connected to the directory. This alleviates much of the mundane task of entering the same data in multiple positions and allows the database administrator to put it in one centralized location.

Automated user provisioning allows tasks that would normally take days to enter mere hours. Another benefit is that it creates a single point of failure, leaving your environment more streamlined. If an attribute, i.e. last name has to change because the user got married or had another life changing event, the database administrator would only need to change it in one spot, and the drivers will go out to their applications and submit the change in all the software the directory is set up to communicate with.

Automated user provisioning is the next step for organizations to become more efficient and streamlined when handling new hires or edits to current users. There are many benefits to taking a more driver oriented approach to user provisioning, however they all boil down to simplicity and efficiency.

For more information on automated user provisioning, and to learn more about us, visit Action Identity. If you’d like to discuss an identity and access management solution for you, we invite you to contact us.

Still have questions? Contact us!
Be sure to follow us on Twitter!

Benefits of Automated User Provisioning

Still have questions? Contact us!
Be sure to follow us on Twitter!

Authasas: Software for Strong Authentication

The primary push for acquiring strong, two-factor authentication is to satisfy the CJIS Mandate. Many state and local police departments require access to the NCIC (National Crime Information Center). In order to retain access to this information, all law enforcement agencies must comply with the CJIS Mandate’s demand for strong, two-factor authentication. The cut-off for this date is at the end 2012, meaning that all law enforcement departments who have not satisfied the requirements of the CJIS Mandate, but wish to retain access to the NCIC, shall be fined.

Authasas is a pure software vendor, who integrates closely with NetIQ (formerly Novell) products. Their software is compatible with a wide variety of strong authentication hardware, ranging from smart cards and proximity cards to biometrics. The beauty behind a vendor who specializes in nothing but the software is usually a good indicator of solid software. This instance is no exception to that.

Authasas supports three types of credential storage: Active Directory via schema extension, ADLDS (formerly ADAM), or eDirectory. The installer itself is very straightforward and a full server-client install takes no more than twenty minutes tops.

Notice the subtle changes to the login screen. In the picture above, we’ve configured the software on the client side only to allow for the traditional username and password or a card reader as login options. The picture displayed above is fully customizable during the installation process; allowing companies to place their own logos in place of the Authasas one.

The enrollment process can occur by an administrator on the server, or through the client by the user.

The picture above displays how to enroll a user through the Active Directory Users and Computers window. Notice how Authasas has its own tab, with the ability to customize functionality for each individual user. Logs are very straight forward, as well.

Authasas centralizes all of its logging within its own container in the Event Viewer. Authasas utilizes its own logging service to gather logs from all of the machines installed with the client on the network, tracking all logical access and access attempts.

The beauty behind Authasas is the incredible efficiency delivered by something seemingly simple. Deploying Authasas in your environment not only satisfies the requirements of the CJIS Mandate, but also satisfies the biennial FDLE audit for logical access.

If you are interested in an Authasas strong authentication demo, please contactus. For more information about how this specifically applies to the CJIS Mandate, CJISMandate.com.

Thank you for taking the time to read my blog about Authasas and the CJIS Advanced Authentication Mandate. If you have any questions, feel free to comment below as I am more than happy to answer any questions or comments.

To learn more about Action Identity, and how we can assist in making your organization CJIS compliant, visit our website.

Interested in learning more? Check out these entries:
What is IDM?
Messaging Protocols SOAP vs. REST, Which One's Better?
View More...