IT writeup Test Assignment
Target Word Limit: 1000 words
Referencing Style: APA
Healthscope is an Australian company which operates private hospitals, medical centres and International pathology services. The company operates medical/surgical hospitals as well as a number of psychiatric and rehabilitation clinics. Healthscope is a leading private healthcare provider in Australia with 46 hospitals and 52 medical centres. There are 17,000 employees working in different roles and from multiple locations.
The IT Security & Information Assurance department (ISIA) of this large organisation has several key responsibilities, including designing, planning and creating of secured infrastructure. The ISIA is led by a Chief Information Security Officer (CISO) and four security managers responsible for the key areas, such as Information & Physical security, Privacy, Business continuity, Managing Malware and Botnets, Identifying security holes and Applying appropriate remediation measures.
As the workforce becomes increasingly mobile and dispersed, Identity and Access Management (IAM) becomes more important in ensuring organisational security. With growing technological advances and recent threats to Information Security, senior management is concerned about organisational preparedness to handle, Identity and access management (IAM).
As a first step, CISO asks you, one of the Security Managers, to prepare a brief analysis report on the description of IAM, the importance of IAM, developments and finally recommend recent IAM technologies for the implementation in the organisation.
Note: The report should include relevant references in appropriate referencing format.
1000 word report- (Executive summary and references are not included in the word count)
Font –Times New Roman, 12 size
References- Include minimum 5 academic references (web references, Wikipedia …etc are
not considered as academic references)
This IT write up assignment applies APA 6 rules and is a sample for what our expert writers can produce within a short time.
Table of Contents
Identity and Access Management Systems describe a framework of contemporary technology and security measures that are primarily concerned with the appropriate restriction of access to users for the overarching goal of organizational security. Over the years, and with the proliferation of the Internet of things (IoT), this has become a more pertinent issue in many organizations and enterprises. Healthscope, specifically, offers a unique contextual application given its vast resources in terms of a workforce, and several front-end locations. Developments in the field of Identity and Access Management have exponentially risen, given the parallel growth of IoT.
Various technologies are offering diverse implementation scenarios catering to on-site and domestic users, international users, cloud-based integration, co-integration with customer management and enterprise management systems, and so forth. With a plethora of technologies within the realm of Identity and Access Management to choose from, it is essential to consider the contextual application, as well as the capacity for flexibility and scalability within the enterprise. Specific technologies, including Application Program Interface (API), Customer Identity and Access Management (CIAM), and Risk-based Authentication are recommended for Healthscope, in consideration of its implementation scenarios.
Identity and Access Management, otherwise referred to as Identity Management, defines a framework of technologies and security-based policies that restrict unauthorized access and ensure that the proper individuals in an enterprise have sufficient access to resources. Identity Management provides administrators and Information Technology Managers the tools necessary to control user access to critical information within the enterprise (Giaretta, Pepe & Dragoni, 2019). This framework falls under the sphere of Information Technology security and data management and is especially critical in the contemporary market, and for a large organization such as Healthscope.
The need for a robust Identity and Access Management (IAM) system is exacerbated by the Internet of Things (IoT). The proliferation of IoT has caused a modern-day renaissance in technology, which has changed how individuals and organizations approach computer networking. Devices have shifted from being merely tools that facilitated human users to authenticate themselves and execute functions, to being themselves actors in the organization (Giaretta et al., 2019, 239). It, therefore, becomes apparent that organizations that had not implemented IAM ought to design such a framework for organizational security. Further, enterprises with conventional IAM should review and refresh the system to deal with the unique challenges brought about by IoT.
The primary mandate of IAM is quite simple. An IAM system allows an IT administrator to check user access, change these roles and access credentials, track user activity, develop reports based on those activities, and enforce access policies sustainably on an ongoing basis (Indu, Anand & Bhaskar, 2018; Naik & Jenkins, 2016). The IAM system could be integrated seamlessly within the security infrastructure at Healthscope, and executed, maintained, and scaled by the IT Security and Information Assurance Department (ISIA) Managers. It would allow appropriate access to every individual within the vast human resource comprising 17,000 employees to promote accountability and overall organizational security.
IAM technologies have evolved to include, password management and identity repository tools, security-policy enforcement applications, provisioning software, and reporting and monitoring applications. The development in the field of IAM has been accelerated parallel to, and mirroring, development in the field of IoT and now includes domestic on-premises systems and cloud-based interconnected systems. As a result of the consistent development, most of the IAM technologies available have a low maturity, but make up for this with high business value.
Some of the milestone developments within IAM frameworks include Application Program Interface (API) Security, which enables IAM for use with Business to Business (B2B) Commerce. This is an essential service as it secures back-end transactions in an enterprise to help manage critical services such as stock acquisition and inter-business communication. API security also facilitates better cloud-integration, and implementation of micro-services within IAM systems (Kunz et al., 2019; Sharma, Dhote & Potey, 2016). In an increasingly mobile-oriented technology landscape, API security has the potential to be a fundamental component in IAM infrastructures.
Another critical development in the field comprises customer identity and access management (CIAM) technology, which allows profile creation and management of users, as well as the extensive management and authentication of system players. These technologies are often used complementarily with Identity Analytics (IA) systems for a multi-layered security infrastructure within IAM. CIAM does allow integration with Customer Relationship Management (CRM) and Enterprise Resource Planning (ERP) platforms for a more streamlined consumer-based service delivery approach (Kunz et al., 2019; Naik & Jenkins, 2016). The implementation of CIAM and IA systems is, therefore, diverse and scalable within enterprises.
Consequently, IAM frameworks today allow administrators to manage access privileges for users in diverse scenarios conveniently. These users may include domestic on-site employees or offshore contractors, working in varied computing environments, and over different computing architecture, including Microsoft Windows, UNIX, Linux, Macintosh, Mobile Operating systems, and IoT services. Ultimately, a good IAM system should facilitate the centralized management of users in an enterprise in a consistent and scalable manner.
When recommending IAM frameworks, it is essential to consider that the systems ought to be robust yet flexible to accommodate the varying complexities of the modern computing environment. Contextual implementation within an enterprise is also a key consideration factor. The primary concerns in Healthscope are ensuring organizational security that may be compromised by the increasingly mobile and dispersed workforce. The recommended initial step in the implementation of an IAM infrastructure would be an API security framework. This is valid option that can be configured to the specific requirements of Healthscope, and integrated with cloud architecture for easier disbursement and implementation to all its employees over the various locations. API framework is important for sign-on functionality from a mobile location and user-managed access. This would allow the ISIA department or allocated security to manage device authorizations, as well as personal identifying data.
API Systems can also be co-integrated with a CIAM framework for the front-end. This would allow the authentication and management of consumers, as well as promote self-service and profile creation and management over its 46 hospitals and 52 medical centers. The CIAM framework also allows Healthscope to manage its Customer management databases more easily. For increased functionality, however, the CIAM framework allows further integration with Identity Management and Governance (IMG) systems that provide autonomous or semi-autonomous ways to manage the identity life cycle. This would allow Healthscope to collect and manage personally identifiable data while complying explicitly with overarching identity and privacy regulations. For an additional security layer in the system, specifically on the back-end and employee-oriented platforms, Healthscope can implement additional IAM security measures such as Risk-based Authentication (RBA) solutions. These are highly intuitive systems that consider the context and usage scenarios of a user, as well as their level of authentication and access to form a risk score. Based on the evaluation of these scores, ISIA can prompt higher-risk users for additional security measures such as two-factor authentication. This allows the assessment of potential security loopholes and pre-emptive interventional measures.
Giaretta, A., Pepe, S., & Dragoni, N. (2019). UniquID: A quest to reconcile identity access management and the IoT. International Conference on Objects, Components, Models and Patterns (pp. 237-251). Doi:10.1007/978-3-030-29852-4_20
Indu, I., Anand, P. R., & Bhaskar, V. (2018). Identity and access management in cloud environment: Mechanisms and challenges. Engineering Science and Technology, an International Journal, 21(4), 574-588. Doi:10.1016/j.jestch.2018.05.010
Kunz, M., Puchta, A., Groll, S., Fuchs, L., & Pernul, G. (2019). Attribute quality management for dynamic identity and access management. Journal of information security and applications, 44, 64-79. Doi:10.1016/j.jisa.2018.11.004
Naik, N., & Jenkins, P. (2016). A secure mobile cloud identity: Criteria for effective identity and access management standards. 2016 4th IEEE International Conference on Mobile Cloud Computing, Services, and Engineering (MobileCloud) (pp. 89-90). Doi:10.1109/MobileCloud.2016.22
Sharma, D. H., Dhote, C. A., & Potey, M. M. (2016). Identity and access management as security-as-a-service from clouds. Procedia Computer Science, 79, 170-174. Doi:10.1016/j.procs.2016.03.117