Tag Archives: IdM

  • 0

eMail Highlights a Data Protection Conundrum

Tags : 

eMail poses some interesting challenges from the information governance perspective, challenges that have been carried forth since the birth of personal computing and early misjudgements made in establishing this new computing concept.

Personalisation

Personal, or moreover the personalisation of user access and assignment of rights in a corporate setting being the issue, that has become an challenge for organisations trying to wrestle back ownership of corporate data, through the introduction of identity and access management solutions, and most importantly role based access control models (RBAC).

It is a fact that a great many users perceive the allocation of a user logon ID (usually some representation of their name) and the subsequent allocation of email, as something that is personal to them, and not just the means and tools provided by the corporation to help them perform their duties.

This is not helped in some respect by the right to privacy in the corporate setting automatically assigned by law, when in truth (ignoring personal use for the moment) the first claim on the corporate data contained within an email is surely with the employing organisation?

Data Protection Conundrum

eMailThis conundrum is perhaps best illustrated by the NHS own provision of a national (cloud type) email offering (NHSmail), founded on the principle of the NHS staff being allocated and email address for life! A concept that creates some potentially major information governance challenges and issues.

e.g. nurse A, works for a trust in the GNU clinic, and routinely handles sensitive and private information, not all granted necessarily in a patient identifiable form via email, but for the sake of argument assume that she has a function that warrants the use of email in this way.

Nurse A leaves the trust, and takes up post in another trust, in a difference less sensitive business function, she according to the policy for NHSmail takes her mail account with her. Unless the first trust has a very robust starters and leavers admin and management process (a great many do not), any data (unless archived off by the user), goes with her to her new post, that’s information governance issue one.

The second information governance issue concerns the loss of continuity, that arises is the fact that her replacement (and this is largely true of any mail system) will most likely never get sight of their predecessors communications.eMail Open

Many staff, because they use email for personal purposes as well as business purposes, will typically clean their mailbox down, this being more about protecting their personal privacy, as opposed to protecting those individuals information they may have been privy too.

Even is a user bothers to sort and sift in deletion, to subsequently leave behind relevant info for the person following into the role, the second information governance issue of disconnection still occurs, because likely as not the mailbox never gets reassigned, instead the new user gets a new mailbox.

Of course email is just one example of a number of personalisation issues that came into existence, personal file shares, user based permissions, are other significant information governance concerns affected by the starters and leavers process.

Identity Assurance

Until identity and access management, and importantly the evolution toward RBAC takes a hold, organisations will continue to experience these issues and more that are less about breaches of privacy, and more about the perhaps less tangible aspect of discontinuity, that results in inefficient and costly working practices, of learn it all again, every time a staff role change occurs.

eMail ForwardThe commercial corporate world is moving fast with the adoption of identity assurance and RBAC solutions, because they recognise the cost and downside of not doing so, and in health of course the sterling work of the CfH Identity Management Team and NHS Spine implementation of RBAC to national apps provides a model for health, time now for this to be adopted at the local level.


  • 0

Courion Selects eCulture Solutions as Key Solution Partner

Tags : 


NHS specialist will focus on providing Courion’s solutions to manage access governance across UK

London, UK 6th June 2011 — Courion Corporation, the leading provider of access risk management solutions that help organizations cost effectively deal with compliance and security risk, has selected eCulture Solutions as a Solution Partner in the UK to offer healthcare trusts the ability to improve their risk management strategies with automated identity and access governance (IAG) solutions.

eCulture Solutions specialises in providing IAG solutions to healthcare organisations and is an expert in serving NHS foundations in particular. The organisation is well-versed in the details of the Information Governance Toolkit — the NHS standard from Connecting for Health — which describes the required safeguards for, and appropriate use of, patient and personal information. By partnering with Courion to offer best-in-class user access management and compliance solutions, eCulture Solutions can help Trusts to define, assess, enforce and verify their access policies so that all user access is appropriate and compliant with policies.

“We’ve found that Courion’s Access Assurance Suite™ addresses the guidelines set out by the NHS Information Governance Toolkit to safeguard personal health information more comprehensively than any other provider,” said Paul White, managing director of eCulture Solutions. “Courion brings a wealth of expertise and understanding to the table. The company has been identified by Gartner as a Leader in this space for the past few years and has a very clear IAG focus. It is very refreshing for our customers to see a suite that is truly fit for this purpose.”

“As well as monitoring users for accidental or malicious use of data, Courion’s User Activity Manager integrates identity with reports and alerts, merging a unique identity profile to user activity information, so that managers are able to identify users who are not making full use of the systems at their disposal.” added White.

“Confidential data, and access to it, is of huge importance for all UK government departments,” said Marc Lee, EMEA sales director at Courion. “With eCulture Solutions, we have a partner that understands what NHS managers specifically need, and what the Information Governance Toolkit requires, at a very detailed level.”

Courion’s unique approach to identity, access and compliance management ensures that only the right people have the right access to the right resources and are doing the right things. Access Assurance unifies Access Governance, Access Compliance and Access Provisioning in the most complex, heterogeneous environments. This comprehensive approach increases operational efficiency and transparency, strengthens security, and improves compliance, while delivering the industry’s fastest time to value and lowest total cost of ownership.

About Courion

Courion’s award-winning Access Assurance Suite solutions are used by more than 450 organizations and over 12 million users worldwide to quickly and easily solve their most complex identity and access management (password management, provisioning, and role management), risk and compliance challenges. Courion’s business-driven approach results in unparalleled customer success by ensuring users’ access rights and activities are compliant with policy while supporting both security and business objectives. For more information, please visit our website at www.courion.com, our blog at blog.courion.com, or on Twitter at twitter.com/Courion.


Archives

Categories

Upcoming Events

  1. IEEE 4th World Forum Internet of Things

    February 5 @ 8:00 am - February 8 @ 5:00 pm
  2. HIMSS18

    March 5 @ 8:00 am - March 9 @ 5:00 pm
  3. HIMSS Europe 18

    May 27 @ 8:00 am - May 29 @ 5:00 pm

Have a digital project idea you would like help with, then check out our services available from eCulture Solutions