Tuesday, April 07, 2009

The Next Frontier?

Identity Management continues to find a space in the Enterprise landscape. It would seem that it's been falling into the realm of Information Security. Not sure that I completely agree with this but at least it's being discussed as part of Enterprise Architecture.

Certain business verticals in particular have been embracing this technology more than others. Most notably, Higher Education has been a big proponent of Identity Management (Gotta give it to Oracle's OIM/Fusion Middleware, they're doing well here right now.) As I think about other verticals, it strikes me that it's about time that the Health Care industry embrace, IdM.

Why so, you might ask? Here's a few of my reasons:
  • HIPAA -- How can you discuss the Health Care field and not talk about HIPAA? Strict access controls, need for compliance, monitoring of changes to accounts? All easily done by IdM. Advances in GRC apps will make even more of a splash.
  • Lots of changes -- Permanent staff, temps, students, visiting professionals means there are lots of changes in the user community, topped with vendors, contractors, patients and visitors makes it seem to me that this should be captured and recorded. Virtual Directories will be key in maintaining these user communities.
  • Identity is more than people -- Role management will also be important for business and technical roles. The better we track how these roles are created and maintained, the easier it will be to administer them.
  • Physical Access management -- Hospitals by nature are intended to be secure, so including means of physical access management will be important, either through "smart cards", biometrics or a combination of both.
I'll be thinking more about this in the coming weeks and months, what about you? Anyone out there doing this in a medical/hospital facility? What are you doing?

2 comments:

Ash said...

good points. another one is that they have a tremendous number of apps. most have more than 100 distinct apps, and i've seen environments with over 500.
this creates a great case for SSO, provisioning and deprovisioning.

Matt Pollicove said...

Ash, that's certainly a key point. the other thing to consider here is how you also blend in with ERP and other big enterprise systems. I think that will be a major influencer as well.

The challenge is in determining ROI to the money folks. That's going to take a bit of number crunching plus support from the Burtons, Gartners, etc.