Get started Bring yourself up to speed with our introductory content.

Four steps to ensure security deployment success

Security deployment will go smoother if enterprises step back, ask questions, involve everyone and lower expectations.

Sharp HealthCare prides itself on being at the forefront of technological adoption, with five campuses and 1,300 doctors connected on a network that's rated among the nation's best.

So when Sharp CIO Bill Spooner led a major initiative to both boost security and increase physician computer use with a combination of biometrics and passwords, he was aware of the pitfalls.

After interviewing vendors and making its choices, San Diego-based Sharp found the road to progress still marked with unexpected potholes, namely tying together disparate systems with different security features. "We may have gone into it a bit more naively than we should have," Spooner says. "We didn't recognize the complexity from day one."

Sharp tapped Courion to handle its identity management and has been able to unite a network system that includes Linux software, a Unix platform and a plethora of specific applications from nurse charting programs to patient tracking software, each with its own security features.

With even the most basic security deployment now a complex prospect, security vendors say enterprises can avoid surprises in security deployments by asking some key questions both of vendors and of themselves.

David Frogel, Courion's director of business development, says potential customers often already have a future vision of what they want to implement, but sometimes fail to acknowledge the complexity.

Frogel and others prescribe these four key steps for a successful deployment.

Step back. Evaluate the process you hope to improve or secure better through the deployment. Frogel says Courion once worked with a customer that had provisioned some 17,000 password accounts that were unnecessary. "It's a chance for people to rethink why they're doing something that they may take for granted," Frogel said.

Ask questions. Eric Schultze, executive director of product research and development at Shavlik Technologies, says would-be buyers should scrutinize security products." Just asking questions can help sift out subpar vendors. "Even if you don't have the capacity to unravel all the answers, you'll get a better feel for things," he says.

Involve everyone. At Sharp, a sizable technical team spearheaded the biometrics/password push, but doctors and nurses had to be on board for it to work.

Lower expectations. Rather than trying to roll out a company-wide deployment, consider finding a division or business unit where it can be tested and ramped up more quickly. "We worked with a client that, because of a number of acquisitions, is really 20 health care companies in one," says Frogel. "For them to try and push anything out company-wide would be almost impossible."

This was last published in November 2003

Dig Deeper on Information security program management