Friday, April 13, 2012

Healthcare CIOs Losing Sleep over IAM

In his blog, “Life as a Healthcare CIO,” Dr. John Halamka of Beth Israel Deaconess Medical Center identifies ten information security issues keeping him awake at night. IAM is prominent among them:
5.  Identity and Access management - Managing the ever changing roles and rights of individuals in a large complex organization with many partners/affiliates is challenging.  If an affiliate asks for access to an application, how do you automatically deactivate accounts when users leave an affiliate, given the lack of direct employment relationships?
Provisioning and de-provisioning user access in a timely manner is a key issue for all IT organizations. Unfortunately, among many IT professionals we've spoken with, there is a tendency toward over-reliance on provisioning controls as a solution to IAM issues. Effective detection controls are an oft-neglected part of the access control security regime. Thus, another of Dr. Halamka's worries:
9.  Forensics -  increasingly sophisticated security infrastructure implies more events to research which requires additional staff that are challenging to find, recruit and retain.
Not only is it hard to find qualified staff, but the choices for infrastructure to support the analysis all have significant drawbacks. SIEM-based approaches deal only with network-level data and over relatively short time windows. They lack sophisticated data analysis features, and don't allow for custom schemas. They are good for real-time alerting to events, but lack the more evolved capabilities to look at user and application-level data and their behaviors.

Custom data warehouse/OLAP solutions have their own problems: the expense of development and maintenance, managing ETL from a wide variety of systems, and writing and maintaining SQL queries for various policies and exceptions (and that's assuming that the all relationships between workers, patients, and resources can be modeled effectively).

No wonder CIOs are losing sleep.

Veriphyr uses big data analytics to tackle the investigation problem: unlike SIEMs, we focus on user and application-level information to identify problem activity with more sophisticated analysis. Unlike OLAP systems, we use our proprietary heuristics to analyze the data, reduce the scale of the data problem, and evaluate policy against suspicious activity, instead of brute-forcing an analysis against an entire data warehouse. Unlike either approach, we leverage cloud infrastructure so that nothing needs to be installed at the client's premises – we don't disrupt your environment or your workflow.

Put your user access worries to bed, and sleep better yourself. Visit Veriphyr at

“What Keeps Me Up at Night 2012” - Life as a Healthcare CIO, April 10, 2012

For more posts like this, subscribe to our RSS feed, and follow us on Twitter (@Veriphyr).


No comments:

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at