RSA Security, www.rsasecurity.com
"The struggle between security and usability is no greater anywhere than in health care," says Chris Gervais, senior research analyst/technologist for Partners Healthcare. Partners' challenge was to give community-based medical and administrative personnel easy, secure access to patient records throughout its extensive Massachusetts network of hospitals and clinics.
The solution, RSA Security's RSA ClearTrust, provided the convenient Web portal Partners needed, with the security that management -- and HIPAA requirements -- demanded. It's the kind of experience that spurred voters to make ClearTrust the gold-medal winner for identity and access management.
In the past, Partners' highly mobile employees had to rely on VPN access -- which meant using digital certificates, sending out installation CDs and giving direct network access to laptops vulnerable to spyware and other malicious code. This was both a management burden and an impediment to adoption.
"Clinicians and admins use ClearTrust to arrange care; largely, it's made it invisible," says Gervais. "They know they log in to a secure site with strong credentials."
Partners had a history with RSA, using RSA SecurID for strong authentication. But what sold Gervais -- and the organization's steering committee -- on ClearTrust over other Web-based access management products was confidence that RSA would provide more functionality out of the box and could get up and running quickly.
"We had an aggressive timeline. Time to market was important," Gervais says. "RSA brought the necessary resources to bear."
Readers gave ClearTrust some of the highest grades across the board in our Products of the Year survey, with particular emphasis on security and performance.
ClearTrust provides Web-based single sign-on capability with highly granular and flexible access control policies through what RSA calls Smart Rules technology. Smart Rules allows organizations to leverage existing data repositories to permit real-time authorization decisions and speed deployment. It supports a wide range of authentication options. Its comprehensive auditing and reporting features were a powerful persuader for Partners.
"Obviously, we have to comply with HIPAA, and we have to go through a bunch of audits," Gervais says. "With ClearTrust, our information security office sets up procedures; inside the application, we have clinical security policies down to the patient level. We can audit changes in patient records going back two years. It's nice, finely grained audit data."
At the heart of Novell's identity and access management offerings beats eDirectory, a mature and very solid directory product that draws reader praise for overall quality and security.
Sun Java System Directory Server Enterprise Edition
Sun Microsystems, www.sun.com
Sun's respected directory shines brightly, drawing reader kudos for performance and overall quality, with a strong vote for security.