HITInfrastructure

Security News

Identity Governance and Admin Protects HIT Infrastructure

Gartner's latest Magic Quadrant report reveals how identity management is evolving and what it means for HIT infrastructure systems.

Source: Thinkstock

- Gartner released its latest Magic Quadrant report that highlights the need for identity governance and administration (IGA), which is especially significant to HIT infrastructure when organizations have multiple information systems and a growing network.  

IGA tools are responsible for managing user identity and access rights across multiple systems to speed up the login process for users as well as provide adequate security protocols across infrastructure systems.

According to Gartner’s report, more than half of IGA vendors will have IGA capabilities available as a service by 2019, which is up from under 10 percent last year. Report analysts also predict that, more than 30 percent of new IGA deployments will be service-based by 2019, up from under 5 percent last year.

IGA tools aggregate identity and access rights data from different systems across an IT infrastructure. The solution uses the collected data to correlate IGA functions, including identity lifecycle management, access requests, workflow orchestration, access certification, reporting, and analytics. The IGA solutions keep track of role and policy management and auditing.

Currently, the majority of vendors only provide IGA tools as on-premise software with several offering services in the cloud. As health IT infrastructure generally migrates towards cloud-based environments, cloud based authentication and identity management systems are needed.

“Many IGA vendors are either building out cloud-delivered IGA, bolstering their on-premises solutions to include SaaS connectors, or establishing new IGA offerings delivered as a service — the race to the cloud is on,” the report stated.

While cloud IGA solutions are expected to gain popularity in the coming years, many organizations are currently exploring hybrid deployments.

Report authors suggested that organizations understand the current functional differences between on-premise and cloud-based IGA before basing a decision on future assumptions about the technology. Gartner expects cloud-based IGA to evolve rapidly, but pointed out that a hybrid solution may be easier to adapt to other cloud-based systems in the future.

Report analysts found that the IGA market has matured over the past several years, citing that the majority of vendors can generally fulfill all the most common IT infrastructure needs. The general capabilities of IGA tools are relatively consistent across all vendors, but when certain environments, such as healthcare, come into play, organizations need to pay attention to the specific features offered by different IGA solutions.

The integration of user and entity behavior analytics (UEBA) capabilities is one IGA trend observed over the past year. UEBA allows IT administrators to observe real-time detection for faster response to unauthorized users.

Report authors said an increased vendor focus on threat protection was motivation to improve security posture. Vendors are providing better and faster incident detection and response capabilities.

Increased adoption of analytics solutions also impacted IGA. The report found that organizations looking for a risk-aware approach to identity management can no longer successfully use traditional access certification methods because they are inexact and error-prone.

Vendors are now using analytics to detect common patterns to better detect errors. IGA Analytics is also being used to add support for advanced risk analysis across infrastructure systems, such as electronic health records (EHRs).

Vendors have also added mobile apps or mobile web interfaces to better monitor the network by implementing approval requirements such as password reset, access requests, and certifications.

According to Gartner research, several vendors have made significant efforts to make their IGA solution easier to deploy, administer, customize, and debug.

As healthcare organizations deploy more devices and solutions onto their network, the more complete identity management solutions need to protect clinical data. New authentication processes call for faster response times from IT administrators and better network visibility.