Today, nearly 500 accounts are automatically provisioned or deprovisioned every month, and even the accounts of employees who leave the company are automatically disabled as names are removed from the payroll — a process that safeguards security by eliminating orphan accounts.
"I feel like we're ahead of the game" in terms of bleeding-edge IAM solutions in the healthcare industry, Pettigrew says.
Making the case with ROI
While the benefits —safety, efficiency and simplicity — make IAM seem like a no-brainer, the cost of such systems can be hard to justify, says Pettigrew. "You can argue that you're saving money, but the bigger [issue] is you're not going to end up on the front page of the newspaper for violating some regulation and being fined millions of dollars," he says.
Indeed, in financial circles it's a game of reducing fraud and paying less for technology than you could lose in a security breach or fine, Kreizman says. Depending on their companies' security needs, IT departments will have to go beyond basic IAM implementations and link different channels together or monitor transaction behaviors, and that gets expensive, he adds.
At HMS, Pettigrew is confident that password self-service and automated access tools are cutting labor costs, but he says the savings are still hard to quantify. To help sell the $4.5 million project, he divided it into manageable phases, and the IT team showed some benefit to the business at the end of each phase.
Intel has been able to measure some productivity improvements from BYOD and IAM. Harkins says most employees who use their own mobile devices report gaining an hour of productivity per week.
He compares this ROI challenge to the transition from desktops to laptops. Companies transitioned to laptops "around the faith and belief that agility, flexibility and mobility would enable creativity and enable the company to move faster, and it certainly has," he says. But even in that case, he adds, "the financial ROIs were those semi-qualitative things."
Privacy issues loom
As more biometric ID systems, cameras, mics and GPS tools are used to authenticate users, privacy concerns will inevitably follow.
"Privacy and security are like magnets," Harkins says. "When they're turned the right way, they're perfectly binding because you need security to have privacy. But if you start turning one of them a different way, there's a polarization that occurs because security can encroach upon privacy. That's going to be the challenge: How do you reconcile the potential polarization between security and privacy?"
Sign up for CIO Asia eNewsletters.