The Baylor College of Medicine
"Baylor College of Medicine is a teaching, healthcare, and research organization with complex user access needs. After extensive research, we engaged Partners Consulting to implement the Sun Identity Management suite across many of our complex corporate systems, replacing custom applications." - Stephen R Ford, Director, Information Security, IT Security and Compliance, Baylor College of Medicine
Partners Consulting specializes in identity and access management (IAM) solutions and ERP implementations. With ten offices throughout the United States, they work with industry leading applications from Sun, Oracle, and others. In addition to IAM, Partners Consulting provides significant expertise in complementary practices such as governance, risk and compliance (GRC), identity and access governance, and enterprise applications — virtually the entire spectrum for workforce lifecycle management needs.
“Because of Partners many years of experience and focus on enterprise applications and user identity and access management, we have gained a unique perspective on solutions that pertain to the security, management, and regulations surrounding user accounts and their access rights,” says Jim Guinn II, executive vice president at Partners Consulting Solution Division. “As a Sun Identity Management Specialty partner, we have a rich background in addressing these challenges for large and small organizations.”
“For complex identity and access management deployments, we have developed a very manageable approach that leverages our methodology,” says Guinn. “After identifying our client’s requirements, we perform a ‘build versus buy’ assessment, and then recommend a measureable and manageable deployment strategy that ensures success.”
Complex
Teaching hospitals and medical schools represent a challenging environment for IAM. The community of users in this environment often need extended user attributes and duplicate human resources (HR) records for various reasons. For example, a doctor at a teaching hospital will have a payroll record in the HR system, and may need access to admit patients to multiple facilities or affiliated hospitals. The same doctor may be participating in government research programs, which requires different HR records for tracking grant dollars. That same doctor may be instructing classes as well as taking continuing education classes.
An environment such as this requires enhanced access and identity governance — the same user can have multiple roles, and needs readily available access to various clinical, patient, and building systems, and back office administration systems — all according to strict and auditable policies. Any changes to a user’s IAM rights or profile must be swiftly applied and centrally managed.
Baylor College of Medicine (BCM) in Houston, the only private medical school in the Greater Southwest, is recognized as a premier academic health science center and is known for excellence in education, research, and patient care. BCM receives significant research funding from the National Institutes of Health and the National Science Foundation, and each year trains thousands of medical, graduate, nurse anesthesia, and physician assistant students, as well as residents and post-doctoral fellows.
BCM is located at the largest medical center in the world — the Texas Medical Center, home to 32 schools and hospitals, 72,000 employees, and 33,000 students spread across 1,000 acres. The ability to quickly add, change, or delete a user’s access rights can have a direct affect on patient care, and the overall affect of BCM’s ability to serve the medical community.
Over the years BCM had developed a series of scripts and programs, wrapped around their SAP R/3 HR system, to help manage its complex user entitlement needs. This custom-developed system reached a point where it was too cumbersome and expensive to maintain, and not easily extensible to meet new requirements — issues that packaged software could easily overcome. In addition, users were faced with multiple authentication prompts while performing their jobs, and security controls varied across different systems. At the same time, BCM wanted to stay focused on its core competencies of advancing medical learning and research activities — as well as their new hospital operations — rather than continue to develop an increasingly complex, custom user-provisioning software platform.
The goal was to implement a commercial IAM solution to consolidate and simplify provisioning services, providing user provisioning, single-sign on (SSO) capabilities and a central directory for access entitlements that could be used in multiple areas of the organization. This solution would also serve as a foundation and platform for identity and access federation with key partners at the Texas Medical Center, facilitating fast and accurate identity and access management for its large medical, academic, and support ecosystem.
First class care
BCM engaged Partners Consulting to help evaluate possible identity, access management, and security solutions. BCM chose to leverage Partners’ proven IAM RoadMAP service to accomplish their requirements gathering, gap-analysis, and product assessment needs. After a comprehensive review of the business objectives, Partners Consulting facilitated various architectural reviews of other commercially available IAM tools, and guided BCM though an assessment workshop with the support of the IT and medical departments. From there, the Partners project team delivered a comprehensive identity strategy and technical architecture for all centrally-managed systems and applications. Partners recommended Sun Identity and Access Management solutions to improve the user provisioning and employee life cycle management processes.
Partners Consulting implemented a multiphased strategy, starting with an upgrade from Sun Directory Server 5.2 to Enterprise Edition 6.3. This provided true enterprise directory services that could be leveraged across the enterprise and serve as a core component to the strategy. Separate instances, with subsets of data, were consolidated into a load-balanced Master-Consumer deployment, enabling the required scalability and synchronization of user identity data.
While the directory work was being completed, high priority user provisioning tasks were addressed. Employee lifecycle management processes were automated and a single console was implemented to provide control over most user security data. BCM users frequently move throughout the organization and often exist simultaneously as students, research staff, employees, and so on. The implementation was able to accommodate these requirements and others to give users many benefits without limiting their previous flexibility.
"We have been pleased with the results from Partners and Sun in a collaborative effort to meet our business objectives while staying within our budget requirements and time expectations," said Stephen R. Ford, Director, Information Security, IT Security and Compliance at Baylor College of Medicine.
click here to download the case study
» For more information
» See our complete list of Case Studies