Cloud Adoption Creating Identity Management Headaches in Healthcare

By Special Guest
Eric Olden, CEO, Strata Identity
  |  July 14, 2021

Healthcare organizations are moving to the cloud, and often more than one cloud for many reasons.

First, this environment enables them to maximize the benefits of each cloud for their specific needs. For example, some divisions of an organization find that Microsoft (News - Alert) Azure is ideal, while others prefer AWS. 

Another reason is that many organizations simply want to avoid vendor lock-in. Indeed, most use more than three clouds.

In addition, organizations are keen to leverage the power of distributed technology, which enables apps to run on different clouds with little or no re-work, and to securely manage data behind the firewall or in the cloud, or by both means.

Understanding the Challenges

Moving to the cloud is neither easy nor fast. The majority of organizations have only moved a fraction of their mission-critical and legacy applications because moving them is time-consuming, difficult, and very expensive. There are several reasons for this:


Securing data, especially patient data, has always been a prime focus for healthcare organizations. A single data breach can result in hundreds, even thousands of patients’ records being compromised or stolen. Multi-cloud environments make the task of securing data more complex because identity has become the new perimeter.

Budget Constraints

While the time/budget issue is a perennial challenge for most IT organizations — it is especially pronounced when it comes to multi-cloud adoption.

Time is the more important factor of the two, as everything about moving to the cloud demands time  — and time always costs money. Discovering the apps and infrastructures to move to the cloud is highly labor-intensive as is the process of rewriting them.

The budget side of the issue is also intense, as organizations must feed different money pits at the same time. While their priority is investing in new cloud-based technology — including identity management — organizations must also maintain outdated infrastructure and technology at the same time.

Identity Silos

Connecting multiple cloud apps and various identity systems with hundreds, even thousands of users involves a monumental amount of integration work, which traditionally has meant manual labor. That’s because each cloud platform uses a different identity system, so managing users and policies across multiple cloud platforms is complicated and time-consuming.

Despite these challenges, healthcare organizations can reign in cloud identity management by following these best practices:

Distributed Identity

To manage identities where they reside — whether on-premises or in the cloud — healthcare organizations need a distributed identity model. This approach decouples apps from identity systems, enabling an organization to distribute identity and access policies across the network while managing user access to all applications.

By leveraging distributed identity management, an organization can maximize its hybrid cloud or multi-cloud strategy in a way that’s both cost-effective and scalable. This approach enables an organization to unify access policies for customers, patients, the supply chain ecosystem, as well as for the workforce.

Implement Hybrid Access

A hybrid access solution enables an organization to securely migrate on-premises applications to the cloud, without the cost of rewriting old applications. This approach uses cloud identity systems to manage access and security policies for on-prem apps and extends the identities to the cloud without making modifications to their code.

Use Existing Standards

Standards are the bedrock for implementing distributed identity. There are three core open standards: SAML, OAuth, and OIDC.

SAML is an XML-based way of exchanging authentication and authorization data between entities, notably between identity providers and service providers.

OAuth enables users to grant websites or applications access to their information on other websites without revealing their passwords.

OIDC allows users to be authenticated by cooperating websites via a third-party service, enabling users to log into multiple sites without needing a separate identity and password for each.

It’s possible to bridge the divide between older on-premises identity systems and their newer cloud brethren. In fact, it’s critical for healthcare organizations that want to use multiple cloud providers. Using a distributed approach that overlays orchestration capabilities on top of incompatible identity systems is the best alternative for reducing costs, complexity and improving security.

About the Author: Eric has made a career out of simplifying and securing enterprise identity management. He founded, scaled, and successfully exited both Securant/ClearTrust (Web Access Management) and Symplified, (the first IDaaS company). Recently Eric served as SVP and GM at Oracle (News - Alert), where he ran the identity and security business worldwide and was responsible for product development, go to market, and partnerships. As a technologist, he was a co-author of the SAML standard, created the first pre-integrated SSO platform, and is the visionary behind the Identity Fabric™.

Edited by Luke Bellos
Get stories like this delivered straight to your inbox. [Free eNews Subscription]