Avatier unveiled its new access certification tool at the Gartner Identity and Access Management Summit. The latest addition to Avatier AIMS, Compliance Auditor enables auditing of virtually any system or asset on the network at any time and from any location. It is the industry's first access certification software to offer a universal mobile touch interface, which enables IT professionals and business line managers to approve and revoke access, delete accounts, allow exceptions, attach evidence and send access validation audit messages when performing governance risk and compliance activities and audits.
Compliance Auditor's built-in workflow system automatically determines which application owners or management approvers must perform the audits. Finally, IT risk metrics, also based on real-time data, provide scores on potential security and compliance management risk factors around access so the most sensitive access rights receive the appropriate attention.
Along with Group Enforcer, Compliance Auditor offers the most complete access governance solution available to monitor, manage and mitigate identity access management risk. Click here to learn more about Avatier's latest addition to AIMS!
I had a long flight back from a business meeting recently and started thinking about the future of the Identity Access Management space, and considering the potential our solution has for enterprises. Not surprisingly, I like to push the envelope when thinking about the impact IAM can have on an organization. To date, Avatier has been totally committed to a user-centric versus an IT-centric approach to our business. It's critical if we are going to keep up with the speed of business, that our solutions are adaptive rather than programmatic solutions. It's this process that saves IT a considerable amount of money (one of my customers just told me they are saving over $450 per day and $1.1 million since they installed their Avatier solution). For years, I have felt that an easy user interface that makes self-service simple for the business user, and one based on something everyone is familiar with—like an online store-- would be the "killer app" for IAM. The market appears to be in agreement.
But what's the next opportunity on the horizon? It seems to me that this market deserves a new, innovative approach that expands the role of identity access management in an organization. The industry is looking at too small a niche, when our role should be much, much larger. I really believe that the time has to come to redefine IAM in a way that keeps it current with evolving technology advancements, expanding IT ecosystems, and new business-focused customer demands.
Five years ago, my view of a sea change in the industry was putting IAM into the hands of business users, and all of our product development and sales have been focused on that. After trying several failed IT-focused implementations, organizations have come to us realizing that success does hinge on allowing the right stakeholders to decide who gets access to what, when, how and why. The latest Gartner IAM Summit showed that this realization is starting to take hold everywhere.
But for the most part, these identity management solutions have been limited to providing security and access to data. A more holistic view of the identity access management space should go much further and encompass all aspects of assignment management for the entire organization.
This holistic definition (IAM HD) should provide all the features of requesting, approving, tracking and granting assignments, but not just access to applications — access to all corporate assets, including systems, facilities and equipment. Today, IT managers are buying point solutions to handle this problem. IAM HD avoids today's fragmentation and should put everything into one holistic solution. It's a concept we are already bringing into focus with new technologies that you are going to read about right here. Stay tuned.
Avatier helps Gwinnett Medical Center (Gwinnett) tackle efficiency in the face of industry challenges by automating password and provisioning tasks, resulting in reduced help desk calls and greater cost savings.
Doing more with less is a common theme across industries these days, and healthcare is no exception. "The healthcare industry is not unique in the bottom-line pressures it faces," said Rick Allen, vice president of Information Security at Gwinnett. "Reduced growth in Medicare and Medicaid, combined with a rising number of patients, is forcing us to do more — and better — with less."
It is in this environment that Gwinnett is working toward transforming healthcare IT in its community; specifically, ensuring patient information including X-rays, test results, and insurance and payment information — is readily accessible to doctors, nurses and healthcare professionals, whether working onsite or remotely. Access to view such privileged information naturally requires passwords for security, and managing passwords resets for so many physicians and staff can prove challenging for support professionals.
"Our initial investment was in Avatier's enterprise password management system, Password Station, in September 2005," said Mr. Allen. "At the time, requests for Active Directory password resets were overwhelming our help desk, so Password Station was put in place to allow physicians and their office staff — which could be as many as 30 people in one office — to manage, reset or otherwise keep up with their own passwords. This way, we weren't eating our own help desk cycles and were creating more efficiency. And physicians and their staff could more quickly get to the information they needed to be effective in their jobs."
Mr. Allen points to Avatier's reporting module to support his claim of efficiency. "Every morning I get a report of all Password Station Active Directory resets. Armed with this information, I can tie it back to how much help desk money was saved with automatic versus manual resets," he said. And from implementation in 2005 to October 2012, that estimate exceeds $1.1 million, with approximately 73,845 administrative hours saved.
Gwinnett further streamlined its password challenges by purchasing a connector pack from Avatier. With this, Gwinnett was able to synchronize passwords across its Lawson, McKesson HCI and HPF, and Sunquest. Now, when a user changes a password to view information, it also automatically changes his password to place orders. This alone decreased help desk calls, as users had only one password to remember.
But the password synchronization and reset challenge proved to be only part of the problem. After a time, Gwinnett's legacy identity and access management software became unusable. "The system was written for Windows desktop by one of our employees," said Mr. Allen. "When he left Gwinnett, support and maintenance for the system became almost impossible. We couldn't enhance it at all and we couldn't scale it as the company grew. We clearly had to figure something else out."
Indeed, with more than 500 new hires a year, plus a 10 percent annual turnover rate, Gwinnett needed an immediate fix to tackle the overwhelming number of requests for access changes and new access. (In the third quarter of 2012, the number of overall provisioning requests stood at 11,381.) But Mr. Allen didn't have to go far to find a user provisioning software that would rise to the challenge. "When you have a partner that excels in the space, you don't need to look for another to do what they do already," he said. "We were so satisfied with Password Station, we didn't even consider another vendor for user provisioning."
Gwinnett purchased Avatier's user provisioning and access management software Identity Enforcer in July 2011, and, with just one person working on it 50 percent of the time, it was in production that December. As with Password Station, Identity Enforcer integrated easily with Gwinnett's existing hospital information systems, making the rollout seamless and headache-free.
Now, Avatier not only automates password resets and synchronization, it also automates all of Gwinnett's HR user provisioning tasks — whether for new hires, rehires or terminations. Twice a day, the system looks for these changes in position and automatically reconciles it with the appropriate role in the Avatier IT Store. Based on that role, the system knows what kind of access should be given, which groups should be assigned in Active Directory, what menus should be turned on, and so on. For a new hire, this means he is ready to go his first day.
Avatier also streamlines tasks associated with transfers (that is, when a Gwinnett employee is transferred from one position to another), which occur with the most frequency at Gwinnett. While at one time granting and revoking accesses based on the new role was a manual process, these tasks are now automated with Avatier. The system strips out all the different accesses and assigns new accesses for the new role, automatically.
"This has been very well-received by our analysts," said Mr. Allen. "Before Avatier, the analysts got a work order to remove [accesses] in the old role and then a separate work order to add the new ones for the new role. Avatier reconciles these so that there are a lot fewer work orders. Needless to say, that makes [our analysts] very happy."
Mr. Allen credits Avatier with greater efficiency, streamlined business processes and cost benefits — all important elements in a turbulent economy. "Budgets are getting tighter but service demands will always be on the increase," said Mr. Allen. "So anytime I can turn off one system and have another system perform multiple services, it's a good thing for our bottom line. With Avatier, we're doing more with less, and we're more efficient."
Are you already using Account Terminator to schedule the disable and/or delete of accounts across multiple platforms? There are several new features in the latest release of AIMS 9.0 to help you easily find items in the Account Terminator Job Queue and Orphan Approval Queue. Using enhanced filtering, you can quickly find an account without having to paginate through the display.
For the Account Terminator Job Queue
For the Account Terminator Orphan Approval