Simplifying compliance and risk management

Leading research institutions, like PediatricCare*, not only pioneer breakthrough treatments, they must also be on the leading edge of information technology to support their mission.

PediatricCare originally engaged ANX to perform security assessment and identity management readiness services for their technology environment. However, over the course of the services, one issue consistently rose to the top of the list that caused the scope of services to be revisited: the need for improved processes and technologies to support secure, simplified, and standard access to applications and systems within their environment.

PediatricCare’s environment presented some unique challenges. PediatricCare hosts 40+ applications, many developed and managed by independent groups, some of which are external parties. Most of the applications are custom developed or open-source research applications, not commercial off-the-shelf applications. As such, they have unique access control models as well as their own user provisioning and administration processes.

With many of the applications handling sensitive patient health and personally identifiable information (PII), ANX and PediatricCare felt that deploying the applications in a traditional DMZ to make them Internet accessible was an unacceptable risk. However, provisioning network access across a diverse user community and providing users with a consistent experience whether they were coming from PediatricCare or from other outside locations was problematic.

To solve these challenges, ANX and PediatricCare collaborated on a breakthrough identity and access management solution. The successful solution would need to simultaneously meet three requirements: 

Simplify user administration and access to applications. Due to the varied experience and technical know-how of the users and the diverse group of administrators, the solution had to provide tools for both users and administrators.

Create a consistent user experience. Due to the mobile and diverse group of users, the solution had to present a consistent experience from within and outside of the PediatricCare environment.

Secure sensitive data. Due to the potential of sensitive data being present, the solution had to provide multiple layers of security without impacting the overall operation of applications and systems within the environment.

Given the size and technical complexity of the project, ANX proposed a multi-phased project that was executed over almost two years. The first phase involved a proof-of-concept to ensure that the solution met all three requirements and demonstrate that project requirements could be achieved in a cost-effective manner. The second phase of the project involved implementing the new network environment to handle the proposed design of the new environment. This included implementing new core network and security equipment along with processes and technologies to support access and administration of the environment. The third and final phase involved implementing the new Identity and Access Management (IAM) infrastructure and migrating applications to the environment. The new IAM infrastructure includes provisioning, delegated administration, single sign-on, and access management technologies to support the core processing and management of users across the environment.

* Real Name withheld to maintain competitive advantage