Presentation to House Committee on Technology: HHS System Identity & Access Management



Similar documents
IDENTITY MANAGEMENT AND WEB SECURITY. A Customer s Pragmatic Approach

The Unique Alternative to the Big Four. Identity and Access Management

Provisioning and Deprovisioning 1 Provisioning/De-provisiong replacement 1

Identity Management Overview. Bill Nelson Vice President of Professional Services

Identity and Access Management Point of View

Business and Process Requirements Business Requirements mapped to downstream Process Requirements. IAM UC Davis

Health and Human. Services. Commission. InternalAutht Division. Internal Audit Plan. Fiscal Year 2016

Establishing A Multi-Factor Authentication Solution. Report to the Joint Legislative Oversight Committee on Information Technology

Foundation ACTIVE DIRECTORY AND MICROSOFT EXCHANGE PROVISIONING FOR HEALTHCARE PROVIDERS HEALTHCARE: A UNIQUELY COMPLEX ENVIRONMENT

Status: Final. Form Date: 30-SEP-13. Question 1: OPDIV Question 1 Answer: OS

Identity & Access Management in the Cloud: Fewer passwords, more productivity

Identity and Access Management

How to leverage SAP NetWeaver Identity Management and SAP Access Control combined solutions

Course 50382A: Implementing Forefront Identity Manager 2010 OVERVIEW

secure user IDs and business processes Identity and Access Management solutions Your business technologists. Powering progress

Identity and Access Management. An Introduction to IAM

Entrust IdentityGuard Comprehensive

- Identity & Access Management

PROTECT YOUR WORLD. Identity Management Solutions and Services

Automated User Provisioning

SaaS at Pfizer. Challenges, Solutions, Recommendations. Worldwide Business Technology

101 Things to Know About Single Sign On

<Insert Picture Here> Oracle Identity And Access Management

B2C, B2B and B2E:! Leveraging IAM to Achieve Real Business Value

Identity Management Basics. OWASP May 9, The OWASP Foundation. Derek Browne, CISSP, ISSAP

1 Introduction to Identity Management. 2 Identity and Access Needs are Ever-Changing

Strategic Identity Management for Industrial Control Systems

Identity and Access Management Memorial s Strategic Roadmap

Identity Management with midpoint. Radovan Semančík FOSDEM, January 2016

1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges

Installing, Configuring, and Managing a Microsoft Active Directory

Centralized Oracle Database Authentication and Authorization in a Directory

CA SiteMinder SSO Agents for ERP Systems

Ulster University Standard Cover Sheet

Introductions. KPMG Presenters: Jay Schulman - Managing Director, Advisory - KPMG National Leader Identity and Access Management

Security management White paper. Develop effective user management to demonstrate compliance efforts and achieve business value.

Achieving HIPAA Compliance with Identity and Access Management

RSA Via Lifecycle and Governance 101. Getting Started with a Solid Foundation

Identity and Access. Management Services. HCL Information Security Practice. Terrorist Sabotage. Identity Theft. Credit Card Fraud

STATE OF NEW YORK IT Transformation. Request For Information (RFI) Enterprise Identity and Access Management Consolidated Questions and Responses

Access Control BUSINESS REQUIREMENTS FOR ACCESS CONTROL

SAML SSO Configuration

September 9, 2013 Don Hoag Deloitte Consulting, LLP

Managing Access for External Users with ARMS

Implementing Forefront Identity Manager 2010

Government of Canada Directory Services Architecture. Presentation to the Architecture Framework Advisory Committee November 4, 2013

How to Use ADP Self Service

AD Self Password Reset Installation and configuration

Architecture Guidelines Application Security

Allidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM facebook/allidm

Identity Lifecycle Management. Lessons Learned

Delivering value to the business with IAM

Integrated Identity and Access Management Architectural Patterns

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

IDENTITY & ACCESS MANAGEMENT

Identity and Access Management for the Hybrid Enterprise

Research. Identity and Access Management Defined

Quest One Identity Solution. Simplifying Identity and Access Management

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

Password Management Before User Provisioning

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

The Four "A's" of Information Security

Approaches to Enterprise Identity Management: Best of Breed vs. Suites

UNI. UNIfied identity management. Krzysztof Benedyczak ICM, Warsaw University

CL_50382 Implementing Forefront Identity Manager 2010

Identity and Access Management Policy

Certification Practice Statement

NE-6425C Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

Configuring and Troubleshooting Windows Server 2008 Active Directory Domain MOC 6425

CA Single Sign-On Migration Guide

The 7 Tenets of Successful Identity & Access Management

Defender Delegated Administration. User Guide

NISTIC Pilot - Attribute Exchange Network. Biometric Consortium Conference

Oracle Identity Manager (OIM) as Enterprise Security Platform - A Real World Implementation Approach for Success

Integrated Identity Management Whitepaper

Five Business Drivers of Identity and Access Management

Transcription:

Presentation to House Committee on Technology: HHS System Identity & Access Management Bowden Hight Deputy Executive Commissioner Information Technology Services Health and Human Services Commission May 21, 2014

HHS Scope & Use Internal Users 5 Enterprise agencies More than 55,000 employees More than 800 locations across Texas About 900 applications External Users HHS Clients Non-HHS state agencies Federal agencies Trading Partners and Business Associates Goal of a secure and meaningful information exchange to clients via self service on multiple types of devices. Examples include: Eligibility workers are able to work from multiple locations. Providers can validate eligibility for Medicaid and check authorized services. Clients verify their identity through self-attestation. Once validated, eligible clients can receive notifications, check status of benefits and report changes in status. Clients can access a 36 month history of their personal health records, request medical transportation and search for providers. CASA volunteers can access portions of a foster child s case record for real Page 2 time information.

HHS Identity Access Management (IAM) Identity and Access Management solutions enable the right individuals to access the right resources at the right times for the right reasons. Stores Information Authentication and authorization External user registration and enrollment Internal user enrollment The identity management system stores information about the following resources: applications, databases, devices (e.g. mobile phones, pagers, card keys), facilities (e.g. warehouses, office buildings, conference rooms), groups, operating systems, people (e.g. employees, contractors, customers), policy (e.g. security policy, access control policy), and roles. The identity management system authenticates and authorizes both internal and external users. Upon request for access to a resource, the identity management first authenticates the user by asking for credentials, which may be in the form of a username and password, digital certificate, etc. After authentication, the identity management system authorizes the appropriate amount of access based on the user's identity and attributes. The identity management system allows external users to register accounts with the identity management system and also to enroll for access privileges to a particular resource. If the user cannot authenticate with the identity management system the user will be provided the opportunity to register an account. Once an account is created and the user successfully authenticates, the user must enroll for access privileges to requested resources. Only after the user has successfully registered with the identity management system and enrolled for access will access to that resource be granted. The identity management system allows internal users to enroll for access privileges. Unlike external users, internal users will not be given the option to register because internal users already have an identity within the identity management system. The enrollment process for internal users is identical to that of external users. Password management The identity management system allows for password management. Users are able to reset their own passwords and synchronize passwords across multiple systems. The IT help desk is also able to reset passwords on behalf of users. Auditing The identity management system facilitates auditing of user and privilege information. The identity management system can be queried to verify the level of user privilege. The identity management system provides data from authoritative sources, providing auditors with accurate information about users and their privileges. User Self Service The identity management system allows users to maintain their own personnel information and perform certain routine account tasks. For example, users can update their personal contact information, change their passwords, or synchronize passwords across all systems. If necessary, the changes can be validated before the appropriate authoritative sources are updated. Central Administration The identity management system allows administrators to centrally manage multiple identities. Administrators can centrally manage both the content within the identity management system and the structural architecture of the identity management system. Delegated Administration The identity management system allows delegated administration, so that administrators can manage identities for which they are responsible. Delegated administrators are not able to make any structural changes to the identity management system. Delegated administrators are only able to manage the information stored in the identity management system. Page 3

Current HHS IAM HHS has three initiatives to support automated provisioning/deprovisioning, access authorization and single sign-on services to HHS agencies: Enterprise IAM supports 23 applications from HHSC and DADS accessed by more than 8,000 users. Texas Integrated Eligibility Redesign System (TIERS) IAM supports integrated eligibility and 12 other applications accessed by more than 16,000 users. Enterprise Single Sign-On (ESSO) supports 6 applications accessed by more than 13,000 users. The HHS IAM solution includes: High availability/redundancy. Disaster recover support. Support of multiple HHS agency applications. Support of multiple application architectures.. Page 4

Future of HHS IAM Expand IAM services to all HHS agencies. Support for mobile security. Support for cloud security. Role-based provisioning. Support for identity federation and trust. Active directory integration with Enterprise IAM. Page 5

A Statewide IAM Solution HHS would benefit from a statewide solution with the following gains: Increased ability to coordinate and communicate with clients, agents and employees. Easy integration with other state agencies and business partners. Reduction of costs and work effort, including: Eliminating more than 200 different agency solutions. Minimizing time spent on interagency communications. Improving security (architected into the solution). Page 6

Lessons from HHS Implementation IAM requires a highly complex, multi-year implementation due to scope, number of applications, number of business partners, etc. Elements of a successful IAM project include: Strong executive sponsorship and governance to manage the scope, prioritize applications and manage risks. A project roadmap consisting of multiple mini projects that demonstrate an immediate return on investment. Experienced, dedicated project management staff or vendors. A project team with representatives from each agency, and each organization with the agency, that is being touched by the solution, including HR, IT, Help Desk, Training and upper-level management. Proper expectations set and communicated with expectation of realistic accomplishments within a reasonable timeframe. Realistic understanding of complexity of applications and internal infrastructure support processes. Appropriate level of resources dedicated to the project within IT and within business areas. Page 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information