Guest post by Dean Wiech, managing director, Tools4ever.
Passwords are everywhere. Despite the endless headlines about their death and sure destruction in countless publications across the globe, passwords are and will continue to be used in nearly every business setting for the foreseeable future. Whether you’re a physician making the rounds in a hospital, a mechanic at a service garage, a CIO for a major software firm, a bank teller logging into several applications to assist customers or an employee at a manufacturer, chances are better than average that you access these systems with a user name and password.
Organizations of all sizes use credentials for their employees to ensure security of the information in their systems, and to protect against unwanted access to the data in the systems. As with any solution used, once in play there’s bound to be some issues incurred with these passwords. Regardless of how many passwords employees need to remember and how often they need assistance to reset them, passwords remain crucial ingredient to a network’s security protocols.
Passwords: Where We Have Come
The first passwords were created in the 1960s for MIT’s Compatible Time-Sharing System. Passwords were first used because several users needed to access the system as unique entities. Each user created a password, which were then stored on the computer system. However, program leaders soon learned that this method of storage did not work after one user who wanted more time on the computer simply printed out the passwords from the machine and logged in as a different user than himself – since each user was only granted so much time per week under their identity. Thus, program leaders discovered that program needed more secure methods for password usage and storage. This also was likely the first recorded data breach anywhere in the world.
The next phase led to encrypted passwords so that no one could easily go in to steal all of the users’ credentials, as was the case at MIT. Passwords began protecting secure information rather than just taking on a gatekeeper role. As they spread into business and workplaces worldwide, passwords became encryption devices that could not easily be hacked or pilfered.
Finally, millions of organizations began to rely on computers, obviously, for all of their business needs and users needed to enter credentials for each system they needed to access. To easily remember all of these passwords, users began to either user very simple passwords or the same password for each system. Again this became an issue since hackers utilized tools to easily compromise the password and gain access to the systems.
Where We Are Today
Welcome to today. As we know, organizations are overwhelmed by the issue of password breaches. Solution? To mitigate this problem, organizations often require employees to use complex passwords, each unique to the different systems they are using. To say the least, this process has evolved into a difficult mental exercise. According to a recent Tools4ever survey, end users access up to an average of 12 different systems and applications to perform their jobs. Humans are usually only capable of remembering about six complex passwords at the most. The rest get written down or filed on some random Excel sheet on the computer’s desktop. So what are they doing to remember all of their credentials?
Of course this defeats the purpose of the use of complex passwords for security, and often leads to frustration of users who take their anger out on the help desk, which is usually overwhelmed by such problems already. Think customer service is considered quality in these organizations? Usually not when these types of processes are in place.
The problems don’t end there. Employee productivity is cut when they must deal with these types of password maintenance issues. For example, every day in a typical healthcare setting, 91 minutes are wasted because of inefficient systems and workflows. On average, healthcare providers login to workstations and applications 70 times per day and spend an average of only 46 percent of their time on direct patient care.
Think of the great things your teams could do if they didn’t have to worry about logging in and out of workstations as they care for patients. While the data accessed may differ from department to department and facility to facility, what remains the same is the fact that, if multiple passwords and login credentials are in-play, there is a high probability that productivity is being negatively impacted. Providing direct access to systems and tools when and where it’s needed is key.
Password issues can also have a huge effect on your employee’s productivity. Think about how long it takes to resolve an issue when an employee is locked out of their account and needs to get a password reset? They need to contact the helpdesk, start a ticket, request that the helpdesk team resets the password, log in then get back to the work they need to accomplish. All of this is time that is taken away from the project they are working on, or the patient they are supposed to be helping. On the technical side, depending on the size of the organization, password management can require a full-time position at a large organization, since one of the top calls to the helpdesk is for password resets.
Another problem with passwords: all the steps, or “clicks,” and authentication processes some employees need to take just to access their applications. When time is critical, such as in hospitals, or when customer service is a priority, every minute counts and passwords can become a deterrent. If nothing else, they can be a time waster, as the 91 lost minutes suggests.
When these issues start to effect productivity of your employees is when it becomes an issue. So as the password and authentication process has evolved and become increasingly complex, how can organizations easily resolve the issues that have come about?
Guest post by Dean Wiech, managing director, Tools4ever.
No matter the industry, each time a purchase is made, business leaders always want to know what they are getting in return for their financial investment. Questions frequently asked include: “How is this going to help me?” and “What is my return on investment?” Another phrase, often uttered by “Mr. Wonderful” Kevin O’Leary from the popular show Shark Tank is, “What am I getting for my investment?”
By examining the answers to these questions, business managers and organizational leaders must ensure that their budget is being adhered to and that purchases by the organization are considered, or proven, not to be a “waste” of money.” Often, return on investment (ROI) is a combination of both “hard” and “soft” costs and savings, which can often be difficult to determine. The “hard” cost is easy to define: What am I spending now versus what will I be spending on a different product, solution or system, or by doing nothing? Alternately, how is this solution going to allow me to save money in the long run? In this scenario – “hard” costs and savings — there is a definitive dollar figure that is able to be applied to implementing a solution.
“Soft” savings are a bit more of a complex issue; they are more difficult to determine and to document. For example, time and labor saved, or stress saved by employees completing a task that takes 10 minutes versus 35 minutes are soft savings. Soft savings also might be seen in improvements in customer service or in the customer experience. It is difficult to put a dollar amount on these scenarios and improvements, but they do impact a business, its success and its financial performance.
Time is money, of course, but in the case of healthcare perhaps it’s more fitting to say that “time is life.” This savings equates to valuable potential life-saving time, as we well know, and, in turn, improves patient care. As healthcare organizations seek ways to allow clinicians the ability to focus more on patients rather than on information technology, there are some solutions available — many that that are often overlooked that allow them to reach their goals. Some of these technology solutions provide a direct correlation between a physician’s ability to enter an information system, retrieve or enter information and get back to focusing on patient care. Essentially, with these types of solutions, like access and identity management, physicians can get back to work more quickly and their interaction with the technology is reduced.
Dean Wiech, managing director of Tools4ever, a global provider of identity and access management solutions, has worked in healthcare for more than 25 years. Here, he discusses how IAM enhances the ROI for health systems, and how the solutions make patient care more efficient, how they work in healthcare, and how systems and records can be made more secure — for patients and providers — because of the technology.
Tell me about yourself and your experience in healthcare.
I have been actively selling software solutions in the healthcare market for 25 years. I have sold and/or managed teams in about 50 percent of the country. I have always focused on solutions that provided a definable ROI based on productivity and time savings.
Tell me about Tools4ever. How does the company serve the space? Tell me about your products and how they are used in healthcare.
Tools4ever is a company that focuses on the identity and access governance space. We assist the healthcare market in insuring that the lifecycle of user accounts are managed in a timely and accurate manner. We also have solutions that save care providers time by eliminating repetitive login tasks and avoiding the need to call the help desk for password resets
How is Tools4ever different than some of the competitors in your space?
I believe our primary differentiator is time to implement. We can get the basics up in running in a few days to a few weeks, depending on the solution. The majority of our competitors take months to years to complete an install. The result is the healthcare organization can realize a much quicker benefit from the product and a quicker ROI.
What’s your footprint like in healthcare and who are some of the organizations you work with? How do you help them?
We have numerous hospitals and long-term care providers across the country. One example is South County Hospital in Rhode Island. It utilizes our Self Service Reset Password Management (SSRPM) solution to allow end users to reset forgotten network passwords. We then synchronize that password to several other solutions to allow a reduction in the number of credentials the employee needs to remember.
Another example is a major university hospital in New York City. It uses our user management solution for several tasks. The most recent example is provisioning patients to the network to allow them to view their records on a mobile device provided by the hospital for the duration of their stay. We also implemented a password self-service reset function to allow the patients to reset their passwords without a further burden on the help desk.
Guest post Chris Shaw, senior vice president and general manager, OneSign Products Group at Imprivata.
The aging population and skyrocketing cost of care are driving healthcare organizations around the world to rethink their business and delivery models, and to develop more efficient ways to keep their populations healthy. In the United States, meaningful use objectives defined by the Department of Health & Human Services (HHS) under the Health Information Technology for Economic and Clinical Health (HITECH) Act have propelled hospitals to lead the way in the adoption of electronic health records (EHR) in order to optimize care delivery and improve patient outcomes.
At Chilton Hospital, an award-winning, nonprofit hospital in northwestern New Jersey, the benefits of digitization were clear, and the IT department was committed to making the shift to EHR, regardless of meaningful use and its incentives. Yet they anticipated resistance from their care providers, who were accustomed to finding all the patient information they needed in one paper chart. When Mark Lederman, Chilton CIO, joined the hospital in 2011, he knew that his team was going to have to find a way to implement the EHR system without forcing clinicians to log in and out of multiple applications dozens of times a day.