Distributed identity enables multi-cloud for healthcare & life sciences

Overview

Cloud adoption by healthcare and life sciences organizations accelerated with the events caused by the global pandemic that started in 2019. With remote telehealth and other technology advancements, healthcare and life sciences organizations needed to adjust rapidly. 

While modernizing quickly is necessary, organizations must also adopt a multi-cloud strategy to remain competitive. Much like building a town full of homes without planning sufficiently for the supporting infrastructure, adopting multiple clouds without a strategy brings many challenges. 

Life sciences and healthcare organizations are entrusted with the most precious  (and valuable) data: their customers’ personal health information (PHI). Protecting PHI is critical; the loss of trust caused by a breach would be devastatingly damaging. Hospitals, biotech companies, creators of important life-saving drugs, and more were trying to manage distributed identities securely across multiple clouds, and finding it nearly impossible. 

Organizations must be able to manage identity securely and efficiently across multiple clouds. 

In this paper, we examine:

• What’s driving life sciences and healthcare organizations to adopt multi-cloud,
• Challenges of adopting multi-cloud and; 
• The solution for addressing identity silo proliferation in this hybrid environment.

Trends Driving Healthcare and Life Sciences to Adopt Multi-Cloud

The move towards digital healthcare is unstoppable — and it’s here to stay. We saw with COVID last year an increased adoption of telemedicine. An article in the AMA reported that McKinsey & Co. estimated that physicians saw between 50 and 175 times more patients via telehealth than they did before the pandemic. 

Additionally, the number of connected devices in healthcare is growing fast. From heart monitoring apps to blood pressure and blood glucose measuring devices, 2021 is seeing the introduction of all kinds of new technology using smart devices.

The consumerization of healthcare data and patient-led engagement is critical to providing exemplary service and we are seeing all kinds of technological advancements in this area. 

Patients can easily access their healthcare data through healthcare provider portals. They can refill prescriptions with their phones, make appointments, respond to doctor questionnaires and pay their bills online or through their mobile device.

Healthcare companies, like many organizations, are adopting multi-cloud for many reasons. 

First, multi-cloud may be the only way to meet the needs of a large organization. Some divisions may find that AWS meets their needs, while another division within the same company may prefer (or need) to use Microsoft Azure AD, for example. They may need access to specialized compute capabilities of different clouds like Big Query from GCP, ML from Azure, or RedShift from AWS. Distributed computing leverages the best of each cloud.

Some organizations don’t want to get locked into one particular vendor and will use multi-cloud to maintain their choice. Most organizations use 3.5 clouds on average. A study by Dimensional Research found that 77% of businesses are planning to adopt a multi-cloud strategy in the next two years to better meet their customer service, computing, and regulatory needs.

Organizations are embracing distributed technology as well. Distributed compute through containerization and the use of Kubernetes enables apps to run on different clouds with little or no rework. Distributed data through the use of data fabrics allow data to be securely managed either behind the firewall or in the cloud (or both). And finally, distributed identity through Identity Orchestration allows consistent access to apps and data wherever they are.

The Challenges of Multi-Cloud Adoption

Organizations are moving to the cloud quickly.  Healthcare and life sciences are at the forefront of this adoption, with 95% having a cloud-first strategy or looking to migrate to the cloud soon. COVID has been a catalyst for companies to adopt the cloud sooner, with many saying they are accelerating cloud adoption to support remote workers and remote patient care. 

Approximately 80% of workloads have not yet moved to the cloud. Mission-critical applications, legacy applications, for example, have not made the move to the cloud. The key challenges for slow adoption include security, time/budget, and integration and are discussed in more detail here:

Data Security

 Data security is a critical issue when dealing with healthcare data. Once a person’s healthcare data is breached, there’s no way to create a ‘new’ medical history, you are breached forever. Recent breaches have shown that an even more aggressive stance of ‘assume breach’ is called for to protect critical data more effectively.

With the move to the cloud, identity has become the new perimeter using Zero Trust architectures that continually authenticate users. Managing identity and access policies across a range of clouds and IAM vendors are impossible without new tools.

Limited Time and Budget

 Many organizations have realized that time is the most challenging obstacle to overcome when moving to the cloud. You can’t make more time, and everything about moving to the cloud requires time. Time is needed to discover your apps and infrastructure that need to move to the cloud. With perhaps hundreds of apps and a dozen identity systems, it can take years and years of manual work to move.

 Budget considerations are also very important. Organizations need to fund identity innovation, but that’s hard to do when you need to continue to spend on outdated infrastructure and technology at a considerable cost. Companies struggle with the need to decommission end-of-life legacy systems and invest in more efficient cloud-based solutions.

 Integration

Connecting apps and users requires the integration of identity systems and apps, which historically has meant lots of manual work. Connecting identity systems from different vendors running on different cloud platforms also meant manual work and retooling. Rewriting apps to support other clouds and identity systems can be hard if you don’t have ready access to your apps’ source code or don’t ‘own’ the apps.

Advantages of Multi-Cloud for Healthcare and Life Sciences

There are specific advantages for healthcare and life sciences to use multi-cloud. Here, we take a look at a few of the most important considerations. 

•   Flexibility to manage data residency and governance on-premises and across clouds. This is very important to health care organizations who must know exactly where their data resides at all times.

•   Scalability from infinite compute and storage. Patient data will never stop growing, and there will always be a need to maintain patient records, billing records, etc.

•   Cost optimization. The ability to run workloads on the most efficient provider and also to redirect funds from legacy to modern cloud technology.

•   Granular access control at cloud scale. Identity orchestration enables organizations to manage access for millions of customers and users to hundreds (even thousands) of apps. 

Adopting a Multi-Cloud Strategy

Having a multi-cloud identity strategy is the best and most secure approach to managing your growing silos of identities across many clouds and on-premises environments. The following three recommendations will help you understand, plan, and implement a solid course of action.

1. Use distributed identity to enforce consistent access across multiple clouds

Managing identities where they reside using an abstraction and orchestration layer is the only way to break vendor lock-in and ease your management burden across multiple clouds and on-premises applications.

Strata’s Identity Fabric decouples your apps from identity systems so you can quickly move across clouds and identity providers. This approach ensures a hybrid cloud strategy and multi-cloud strategy that’s cost-effective and scales with your enterprise. This approach also allows you to unify access policies for customers, patients, the supply chain ecosystem, and your workforce

2. Leverage secure hybrid access and automation to enable predictable migration to the cloud 

Organizations are looking for a way to migrate legacy and on-premises applications to the cloud but often hold back due to security concerns and the sheer cost of rewriting old applications to modern cloud protocols.

Maverics Identity Orchestrator™ connects to any identity system, transparently migrates users and credentials, replicates and synchronizes policies and configurations, and abstracts authentication and session management. Identity migration enables you to move apps without costly application modernization.

3. Embrace emerging standards for distributed identity

 Standards have enabled rapid growth and adoption of the cloud. For example, SAML is  the gold standard for federated identity and trust, and additional standards like OAuth and OIDC have evolved to handle authorization. Now there is a need for a standard policy that works across vendors and clouds build especially for distributed multi-cloud use cases.

 For legacy apps that don’t support SAML or OIDC, the Identity Orchestrator handles the processing of federated identity. Upon success, the Identity Orchestrator passes the user ID to the web app the way it already consumes identity, for instance, through HTTP headers.

Recommendations

Here are some specific recommendations to help you on your journey to managing identities in a multi-cloud healthcare/life sciences environment.

• Protect patient privacy and data with comprehensive identity and access policies with an identity control plane and Identity Orchestration. Identity Orchestration enables consistent identities across multiple clouds and identity systems by programmatically automating identities into the various identity providers and creating a composite identity profile by building attributes from several identity providers in real-time.
• Maintain compliance with demonstrable controls and consistent access policy and visibility across clouds with an identity fabric. An identity fabric abstracts the various underlying identity infrastructures that an organization uses. This abstraction layer unifies different identity systems’ APIs, data models, user access policies, and feature sets into a consistent identity fabric, saving effort learning multiple APIs and identity systems.
• Enable secure hybrid access to on-premises apps and data to cloud-based users with Zero Trust architectures. The Identity Orchestrator deploys seamlessly into any networking topology, proxying the upstream apps and working without changes to load balancers, firewalls, and the web-tier hosting the apps. To protect against ‘side door’ access, the Identity Orchestrator can deploy as a ‘sidecar’ on web servers (such as IIS or Apache) and app servers. The Identity Orchestrator acts as a Zero Trust app gateway, securely extending access to apps whether those apps are on-premises or run in the cloud.
• Migrate from legacy to modern platforms. The Identity Orchestrator bridges functional gaps in user access policies between the complex policies enforced by legacy identity systems (such as contextual access and custom calculated attributes) and the simpler policies enforced by the cloud identity providers (such as app-based MFA). To do this, the Identity Orchestrator uses JavaScript and Go Service Extensions that extend the built-in policies of Azure AD to provide nearly infinite flexibility to enforce consistent user access policies for any app.
• Embrace standards-based identity for authentication (SAML) and authorization (OAuth/OIDC) and policy (IDQL). The Identity Orchestrator transparently transforms SAML or OIDC authentication sessions, and attributes claims the proprietary sessions and headers the legacy app expects.

About Strata

Strata is pioneering the concept of Identity Orchestration for distributed multi-cloud identity. The Strata Identity Fabric enables enterprises to seamlessly unify on-premises and cloud-based authentication and access systems for consistent identity management in multi-cloud environments. Strata’s distributed approach to identity enables organizations to break decades-old lock-in that has prevented a broader transition of enterprise workloads to public cloud infrastructures. The company’s founders co-authored the SAML open standard for identity interoperability, created the first cloud identity services, delivered the first open-source identity products, and are now building the first distributed identity platform. For more information, visit us on the web at www.strata.io and LinkedIn

Maverics Identity Orchestrator connects to any identity system, transparently migrates users and credentials, replicates and synchronizes policies and configurations, and abstracts authentication and session management. Identity migration enables you to move apps without costly application modernization. 

Authors

Carlos Rodarte, Founder & Managing Director, Volar Health LLC
Carlos Rodarte is the Founder & Managing Director of Volar Health, LLC a leading strategy and innovation consultancy company enabling data-driven solutions that improve health and society. Previous notable roles for Mr. Rodarte include Sr Vice President, Life Sciences Strategy & Business Development at Health Catalyst, Inc, and Co-founder & CEO of HealthRhythms, Inc.

Eric Olden, Co-founder, and CEO of Strata Identity
Eric Olden is a co-founder and CEO of Strata Identity. Previously, he founded, scaled, and sold two identity pioneers Securant and Symplified. Notably, Mr. Olden Co-authored SAML, an open standard that allows identity providers (IdP) to pass authorization credentials to service providers (SP). 

Eric Leach, Co-founder, and CPO of Strata Identity
Eric Leach is co-founder and Chief Product Officer of Strata Identity. He has more than 20 years of experience in leading product strategy, go-to-market, and innovation for identity management, application security, and data protection products at Apcera, Salesforce, Oracle, and Sun. 

Thom Locke, VP Customer Success, Services and Support at Strata Identity
Thom is a senior executive with over 40 years of experience in the security space helping clients worldwide with identity/access solutions, data, and cloud security. Previously, Mr. Locke served as Sr Practice Director NA Business Development / ASG Solution Architecture Lead at Oracle.