Home
Topics
Security and risk management for the midmarket
Security tools for the midmarket
Access Granted: Midmarket Firms Take on Identity and Access Management

Access Granted: Midmarket Firms Take on Identity and Access Management

Elisabeth Horwitt

1
2
3
4
5
6
7

A Modular Approach

For midmarket firms with a large number of specialized, non-Microsoft applications, however, a modular approach to IAM may be the only way to go. Setting up automated provisioning and de-provisioning in particular "is a tricky proposition that can fail dramatically, visibly and dangerously career-wise," according to Burton Group's Lewis. A company is more likely to succeed when it starts with 15 applications for which regulatory compliance is a top priority, he adds. "Get those working, demonstrate success and move on to the next phase."

Financial Engines has taken a "staged approach" to IAM, because "we lack the resources to tackle an enterprise-wide project with one comprehensive solution for everything from purchasing to customer management," says Todd. So too at H. Lee Moffitt, Martinez initially looked for a system that provided both user provisioning and SSO but decided to focus on SSO first. It was the higher priority, since end users, particularly doctors, were complaining vociferously about the need to use a different sign-on for each system, he says. "Our doctors now have one password instead of 10. Even if the system cost us a million dollars, it would still pay for itself," Martinez says.

$80: The dollar amount per user for an IAM system suite with full ID management plus maintenance

Still, the project could not encompass all the cancer center's applications. With "best-of-breed applications for everything, we have dozens -- hundreds -- of applications," each with its own user database, Martinez says. As a result, he is initially focusing the SSO deployment on the applications that physicians and researchers use every day. "A lot of hospitals are moving toward a common user database schema, but for us that'll be years, if ever," Martinez says.

But Martinez still plans to deploy user provisioning soon. "From what I've heard and seen, it's worth the hassle." IT administrators currently have to deal with 30 or 40 employee terminations a week, with a typical end user having accounts for four or five applications. "That's a day's worth of manpower," says Martinez.

1
2
3
4
5
6
7

More News and Tutorials

Articles

Related glossary terms

Terms for Whatis.com - the technology online dictionary
- risk assessment framework (RAF)
- latency

This was first published in November 2006

Join the conversationComment

Share

Comments

Results

Contribute to the conversation

All fields are required. Comments will appear at the bottom of the article.

More from Related TechTarget Sites

CIO
Compliance
Health IT
Storage
Cloud computing
Mobile Computing
Windows IT

CIO
- Amid school budget cuts, CIO combines cost savings with innovation
  
  Amid budget cuts, a Florida school district CIO earns high marks for innovations that shore up and improve IT while saving money.
- Students-first mentality drives IT innovation at Athabasca University
  
  CIO Brian Stewart put students first in an overhaul of IT systems at Athabasca University. Read more about this IT Leadership Awards finalist.
- Consistent cybersecurity training a must to meet evolving threats
  
  In this week's Searchlight: bold new threats highlight need for cybersecuity training, why big data requires soft skills, cloud confusion and more.
Compliance
- Q&A: The future of e-discovery technology as data processes evolve
  
  Information governance expert Jeffrey Ritter discusses how technology for e-discovery evolved, and how it influences data processes and management.
- MetricStream and CipherCloud announce new cloud security platforms
  
  In this Product Spotlight, learn about two new security platforms from vendors CipherCloud and MetricStream.
- #Compliance: Proposal to update wiretapping laws draws controversy
  
  Twitter was abuzz after a report of possible updates to wiretapping laws. Opponents argue it would dramatically alter civil rights and online privacy.
Health IT
- Improving medical technology through interoperable devices
  
  The industry is developing interoperable personal health devices to encourage adoption and improve patient care.
- The tangled web: BYOD and HIPAA
  
  The HIPAA omnibus will become official this fall. Is your organization prepared to handle data breaches, BYOD policies and network security?
- HIMSS analytics study weighs in on wireless networks and cloud
  
  A 2013 HIMSS study reveals organizations in the midst of managing wireless networks and cloud computing, among other IT initiatives.
searchStorage
- Can storage hypervisors bring high availability to the cloud?
  
  Learn how the advanced functionality of a storage hypervisor provides a cloud infrastructure with high availability.
- Is there any popular software that allows me to share PCIe SSD cards?
  
  Learn the different methods to share PCIe SSD cards among multiple servers to improve performance and still keep costs down.
- Can object storage systems be used with file-based apps?
  
  Learn how to use applications such as Microsoft Exchange or SQL Server with object storage systems on the back end.
Cloud computing
- Google Compute Engine prices on par with AWS -- for now
  
  Conventional wisdom has Google and AWS locked in the Price War of the Titans with the launch of GCE, but a deeper look reveals a different truth.
- Limiting the effects of cloud computing outages
  
  After making the case for cloud based on high availability, IT pros are upset by cloud outages. With planning, there are ways to craft a strategy.
- Amazon Redshift an appealing alternative to on-premises data warehouse
  
  Amazon Redshift has intriguing pricing and features, but beware of its differences from a traditional, on-premises data warehouse.
Mobile Computing
- Bringing BYOD to your enterprise
  
  Bring your own device (BYOD) can be a boon for both employees and enterprises, but clear policies and management tools are needed.
- Meeting technical requirements for mobile health care deployments
  
  IT departments deploying mobile health care solutions must ensure that using mobile devices in health care settings doesn't violate federal laws or compromise security.
- Making the call: Distributed antenna systems and in-building wireless
  
  Distributed antenna systems and in-building wireless solutions are two options to improve wireless cellular coverage within an enterprise facility.
Windows IT
- How to advance your cloud skills and get ahead of the gap
  
  There may be a growing shortage of IT pros with cloud skills, but you can take action now and become a valuable asset with the right skills.
- Prepare for a SharePoint 2013 upgrade with five tips
  
  Considering an upgrade to SharePoint 2013? Find out the answers to the most common questions IT pros will ask before making the jump.
- Prioritize your IT tasks and finally conquer your to-do list
  
  It's easy to feel overwhelmed by a growing to-do list of IT tasks, but there are easy ways you can decide what to tackle first and what can wait.

All Rights Reserved,Copyright 2007 - 2013, TechTarget