Healthcare Department: Securing Access by User and Groups

Attain Insight Security 4X
Healthcare Dept.

HEALTHCARE: Secure Access and Control


A healthcare organization is rolling out IBM Cognos Software to 100 healthcare professionals.  These users need access to several categories of information governed by privacy regulation.  While Cognos provides the granular technical controls to implement security, it is difficult to apply consistently and completely across all Cognos software components, across all environments (Development, Test and Production environments), and across multiple user groups. As well Security 4X offered a single centralized source of audit information for all Cognos instances.

Stringent auditing and compliance requirements

Mainly as a result of the need for compliance with privacy regulation the Health authority has stringent auditing and compliance requirements,  and must prove the accuracy and completeness of access privileges including access history across upgrades and different versions and instances of Cognos.  When auditors with different scope audits visit at short notice, they require user privileges to access relevant reports and data.  The Health authority must respond to this requirement quickly but only to the specific scope of each auditors mandate.  Each auditor focuses on one specific area of privacy regulation.

The Health authority further requires that, for administration reasons, adding/removing users from groups must occur in a specific centralized managed directory server, rather than in the Cognos namespaces for each environment.  The Security 4X External Security with 'Parallel Mapped' groups was a key requirement along with full audit reporting on all add / remove user actions.  With External Security such actions do not involve Cognos leaving Cognos unable to report which users have access, what they have access to, or the history of access privileges.

Security 4X was implemented and provided the following key benefits:
  • Security was built into Framework and Transformer models;
  • Security policies for content and data are created from a centralized console;
  • Security adheres to a consistent and easily understood rules;
  • Auditable security configuration with compliance reporting was enabled.

Security 4x manages this seamlessly and automatically