|
www.evidian.com
Identity and access management for business and people
Evidian and its partners
help you implement secure management software that achieves
maximum performance
for your business. Evidian's products and services suit a vast
range of organisations, and speciailises in government and
public sector organisations, having implemented their solutions
with Winchester City Council, and The Police Service of Northern
Ireland.
Retail and services
To help ensure the best and most trusted service to your users, Evidian provides
corporations with high-end service assurance and security management software. |
Telecoms manufacturers
Evidian provides an open and robust fault management and service assurance
software to support complex, multi-service telecom equipments. |
High tech and manufacturing
Evidian manages service assurance for business processes and complete security
policy, from front end to legacy. |
Carriers
Evidian provides a uniquely comprehensive service assurance
and security software to support complex, multi-service, multi-technology
environments, such as UMTS, GPRS and GSM.
|
ISP/ASP
Chosen by some of the largest
European Internet service providers, Evidian offers
trusted services for millions of customers with service
management, security and load balancing software. |
Government
To help ensure the best and most trusted service to your users, Evidian provide
governments with high end service assurance and security management software. |
Finance
Chosen by large banks and insurance corporations, Evidian helps ensure 24/7
transaction service assurance and Basel II compliant security, while deploying
extranet and intranet online services
Identity and access management
- new challenges for the banking industry
Identity and Access Management allows
fine-grained management of user management processes. This is especially
critical in the banking world, where, if access to IT is not managed
in a rational way, it can be a source of major operational risks,
which directly translate into financial losses.
The new Basel capital accord introduced
the notion of operational risk into the evaluation of the minimum
capital solvency requirements for banks. Among the risk evaluation
methods proposed by the accord, the advanced measurement approaches
(AMA) authorise the financial establishment itself to evaluate the
operational risks linked to its activity.
To do this, the bank has to set up an
operational risk management system and an entity responsible for
installing and managing it. The operational risk internal management
system relies in particular on the following data:
|
|
Data on the losses
actually experienced |
|
|
Data on the operational incidents
liable to generate costs (loss data) |
Correlation of these data produces regular
reports, which contribute to evaluating minimum capital solvency
requirements.
More than a regulatory requirement, the
new accord must be seen as an opportunity to significantly improve
identity and access management. Such an overhaul can generate considerable
return on investment by improving the productivity of users and IT
personnel. It can also allow you to easily deploy procedures that
are critical in a banking environment, such as "de-provisioning" and
role-based management.
Implementing an identity and access
management solution
Setting up an identity and access management solution can offer significant
advantages:
|
|
Immediate reduction
in operational risks, by reducing the possibility of data
access loopholes |
|
|
Information accessible and
auditable on (a) authorised or illicit accesses and (b)
allocation of access rights. This information makes it
easier for the entity concerned to measure the operational
risks and can be directly used by the reporting tools already
in place |
|
|
Possibility of immediate reaction
when a source of operational risk is detected. These management
tools have a centralised console for managing all access
rights. After diagnosing a risk indicator, the detected
loophole (typically an over-generous access rights policy
or a rights allocation error) can thus be closed immediately |
|
|
Simplification of technical
concepts. In an identity and access management solution,
the technical IT aspects are masked to enable the users
to concentrate on the allocation of access rights. |
Health care
With long-term experience in health care, Evidian provides complete IT service
assurance and security management software. Their security integrates tightly
with authentication systems such as the French Carte Vitale and the British
NHS Computing for Health smartcard.
Identity and access management
- the new challenges for healthcare
Many countries have introduced or are introducing legislation to ensure the
security and privacy of health information. Complying with these new rules
can be a costly headache if done manually or using inadequate tools. We describe
a more rational approach, focusing on the specfic example of the United States
HIPAA requirements and terminology.
Among the stated goals of HIPAA are an
improvement of the health insurance and health care industries in
terms of protection of health information and cost reduction through
administrative simplification. The Security and Privacy Rules are
designed to make sure that patient health information is not misused.
As more and more health information is
now available in electronic format, it is critical to control access
to systems and applications containing that information. Covered
Entities are required to implement technical safeguards and security
measures in order to restrict access to users and patients on a need-to-know
basis.
These technical safeguards can be very
time-consuming and even ineffective if you restrict yourself
to out-of-the-box security provided by application or server
vendors. Individually
configuring each such data repository - and workstation - so
that they comply with the Security and Privacy Rules is not
a good solution.
The best way is to implement a global
Identity and Access Management (IAM) solution that will help to protect
access to PHI at the enterprise level.
The three Ps of I&AM for regulatory
compliance
Implementing an IAM solution to ensure regulatory compliance involves the whole
CE, and goes beyond simple technology considerations. Indeed, the implementation
phase of the product itself is usually quite fast, thanks to automated deployment
tools. What consumes time in a project are the organisational and human aspects,
as well as the inventory of applications, data stores and workflows that concern
Protected Health Information.
People -
Regulatory compliance will require the cooperation of
physicians, staff and other employees. A project can
be greatly helped if it has the clear and public support
of the Covered Entity's general management.
|
Process -
Implementing regulatory requirements such as the HIPAA
Security Rule means putting in place new processes. These
processes represent a lot of changes in people's habits,
and costly training for the entire organisation. If some
processes are automated, that can help decrease costs.
|
Product -
This is the technology side of the equation. As the technological
environment within the Covered Entity may be quite complex,
it is best if the management of the entire solutions
hides that technological complexity
|
Evidian IAM Suite can help Covered Entities
implement the requirements of the Security Rule in a cost-effective
and coherent manner:
|
|
Define in one single
location the HIPAA-mandated procedures pertaining to access
control, then deploy them over the whole Covered Entity. |
|
|
Use simple yet systematic role-based
rules to restrict access to Protected Health Information. |
|
|
Centrally define and enforce
a global password policy. |
|
|
Centralise activity logs related
to user access to Protected Health Information in one location,
so that they can be easily audited. |
|
|
Control access to workstations
and applications. |
|
|
Manage user identities in a
systematic way, even if the data stores containing these
identities are located in various directories. |
See the Evidian
NHS resource centre for specific information on how Enterprise
SSO and IAM can improve security while reducing costs.
Check out the product range Vigil Software
offers by Evidian: |
Evidian 
