IAM deployment snapshot

By Elisabeth Horwitt, Contributor 02 Nov 2006 | SearchCIO.com

Digg This!     StumbleUpon     Del.icio.us

More on access management Access denied Identity and access management supercast

As with any IT project, Blue Cross and Blue Shield of Kansas City began its identity and access management project with a list of requirements and projected costs. Here is a breakdown of the company's project requirements, tools and outcomes:

Requirements:

• Provide easy, simple access to key systems and records for both external customers and employees.
• Make access "bulletproof" from a security standpoint.
• Lighten the load of IT administrators and help desk managers.

IAM systems deployed:

• Role-based provisioning that automatically sets up access rights and security levels for new employees based on department and job class, and cancels them upon employee departure. An approval workflow automatically contacts appropriate managers who need to sign off on the provisioning of various rights.
• Products: Active Directory, RSA Security Inc. and Sun Microsystems Inc. IAM platforms.
• Single sign-on (SSO) lets employees access all resources to which they are entitled with a single password. Previously, they had to remember passwords and IDs for as many as a dozen applications.
  Product: RSA Access Manager
• Strong authentication requires employees to provide both a password and a one-time security code via a physical token.
  Product: RSA SecurID
• Web-based SSO enables doctors, employer groups, brokers and individual plan members to set up their own accounts on the HMO's Web site. Once they authenticate themselves with personal information and enter a password, a single password gives them access to whatever Blue Cross and Blue Shield records and applications they are entitled to.
  Product: RSA Access Manager

Outcomes: IAM has enabled the HMO to do the following:

• Improve customer service.
• "Get administrative costs and efficiencies in line" by encouraging patients and physicians to use Web applications rather than call customer service, CIO Kevin Sparks says.
• Assure regulators and customers that sensitive personal information remains secure.
• Redeploy the equivalent of two full-time IT staffers who previously handled password-related problems to "high-value tasks."

Time to complete: Three years

Cost: Between $500,000 and $1 million (Sparks attributes at least some of this figure to underestimating the need for up-front planning and "internal housecleaning" of business processes and user databases.)

Elisabeth Horwitt is a freelance writer based in Waban, Mass.

Tags: Enterprise information security management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Enterprise information security management Information security and risk management guides for CIOs Talking swine flu and Conficker with the CIO of the CDC Network access control: Security advice for enterprise CIOs Evaluating network access control: NAC policy enforcement matters Enterprise risk management quiz for CIOs Network access control now addresses multiple needs Enterprise risk management solutions for CIOs Gartner: Future IT security jobs to focus on risk management strategy Avoiding gotchas of security tools and global data privacy laws Security standards to help manage compliance for those federal funds

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary