Security Business

FEB 2019

Find news and information for the executive corporate security director, CSO, facility manager and assets protection manager on issues of policy, products, incidents, risk management, threat assessments and preparedness.

Issue link:

Contents of this Issue


Page 42 of 59

February 2019 / / Security Business 43 ment Administration (DEA) mandate for a separate two-factor authentication when using electronic prescribing for controlled substances (EPCS) solutions – a key weapon in the opioids battle. Rather than addressing these authentication requirements separately, administrators can cut costs by moving to integrated systems that extend multi-factor authentication across the entire identity and access management lifecycle. Integrated systems can elevate trust through digital certificates and signatures backed by public key infrastructure (PKI) security. They can incorporate One Time Password (OTP) tokens and biometrics to comply with EPCS regulations. The same systems can also be used to protect patient records and data, implement secure access to facilities, and authenticate remotely to VPNs using mobile devices. Truly converged access control will ultimately consist of a single security policy, one credential, and one audit log – and deliver an improved patient experience, more comprehensive security view and more coordinated approach to privacy protection. The goal is a fully interoperable, multi-layered security infrastructure that is based on a flexible and adaptable platform which enables hospital administrators to preserve investments as they grow, evolve and continually improve their security capabilities. The Power of Convergence In much the same way that users are gravitating to mobile solutions, in part, because they like how it interconnects their digital world, so too are healthcare institutions embracing the combination of physical and data security onto a single credential. Users want to do far more with their trusted identity credentials than just open doors, especially when they also must access healthcare records, EPCS systems and other hospital systems many times each day. Healthcare institutions are among the first to harness the power of converged credentials. Many are using a cloud-based model to provision IDs, perform authentication for physical and logical access control, and manage EPCS systems. The next step is to pull everything related to identity management into a unified system capable of granting and managing access rights. The convergence trend will drive the adoption of PIAM software to unify identity lifecycle management by connecting multiple and disparate physical access control systems (PACS) and IT security systems to other parts of the IT ecosystem, such as user directories and HR systems. PIAM software becomes the hub for all these systems while also tying in key external services for running background checks or verifying the identities of visitors and others. A single PIAM solution standardizes identity management for employees, contractors, visitors, suppliers, tenants and vendors – enabling organizations to manage all identities and issue credentials across all buildings, systems, permissions and associated workflows, regardless of the underlying access control system at any given location. Visitor management is a particularly important element to consider when assessing hospital security – ideally, hospitals should integrate visitor

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Business - FEB 2019