Health, finance lead charge to unite PACs and LACS
17 August, 2015
The idea of using a single credential for both physical and logical access is an idea as old as smart cards. It makes sense, the card used to open the door in the morning should be the same one used to access a computer, secure networks and authenticate to applications.
But this concept of identity convergence has seen only modest acceptance outside of the federal government with its deployment of PIV credentials. The obstacles are frequently cited. “Physical access staff and IT staff don’t play well together. Who is going to pay for a system that crosses responsibility lines?” These are just a couple common refrains.
Some experts say this is starting to change as regulatory requirements and fear of data breaches drive key industries including health care and financial services to consider converged credentials.
Convergence in the bayou
Ochsner Health System in New Orleans is rolling out a converged credentialing system to its 16,000 employees at 10 hospitals in the area, says Mark Dupuis, security director at the health care provider. “We have an old, outdated system, and an update is necessary for security,” he says. “We wanted to look where we could take this and have a credential, not just an ID badge.”
The health care system was using a combination of proximity and bar code technology for physical access and has decided to go with HID Global’s Seos technology for the converged credential, Dupuis explains. The organization is just at the start of rolling out the system, issuing the IDs to new employees and those needing a replacement badge. “We’re developing a plan to get the cards out to all employees,” he adds.
Ochsner has some multi-technology door readers already in place and will be transitioning other access points to the same readers. From there it’s a matter of adding applications where the card can be used, and Dupuis sees no limits.
One of the most important apps will be an easy but secure login for physicians and other health care practitioners who use multiple workstations through the course of the day. These employees will login with a user name and password plus the credential at the start of the day, and then on subsequent logins just tap their card for access. The same tap will also be used to authorize jobs at multi-function printers and scanners.
Oschner Health will also use the system to track the attendance of medical students. The organization has a partnership with Queensland University medical school, and university officials want to leverage the system to keep track of students.
The full roll out of cards, readers and applications will take most of 2015, and Dupuis stresses his goal is to have everything in place by the end of the year.
Student loan servicer goes converged
MOHELA is the higher education loan authority for the state of Missouri and one of the top 10 largest student loan servicers in the U.S. Based in St. Louis, the organization employs 400 full-time staff that work with students, schools and lenders to service upwards of $18 billion in student loans.
Because employees work with such confidential information, it’s paramount that access be secure. The Federal Information Security Management Act (FISMA) was enacted to require stringent security practices for companies that receive federal grants or support federal programs. Because MOHELA services federal student loans, the agency is required to abide by FISMA requirements, including using multi-factor authentication when accessing sensitive data.
The company didn’t want to add another token so it opted for a converged credential. “We wanted a solution that would integrate desktop authentication with our existing door badging system,” says Don Bertier, CIO at MOHELA.
The company opted for Gemalto’s IDPrime .NET Converged Badge. Because Microsoft solutions were already being used there wasn’t the need to install or maintain extra software or middleware. The smart cards were integrated with door security at MOHELA’s facility, making a converged badge for physical and logical access as well as photo identification.
Because MOHELA employees are already in the habit of carrying door access cards, the added logical security was implemented with little adjustment. When arriving at work, a MOHELA employee will first badge into the office. Once at the workstation, the employee inserts the same card into the card reader before entering their complex password to securely access the network. This combination secures the logical access and complies with the multi-factor requirements set forth by FISMA.