Four years ago, Yale New Haven Health System began planning to move its doctors, nurses and staff to single sign-on, a technology that promises to allow users to quickly access their various accounts with a single set of credentials, fostering greater security than forcing users to memorize a bevy of passwords.
Yet licensing issues — and the lack of budget to pay for the hefty per-user fees asked for by vendors — scuttled the project from the get-go.
“We wanted to pay per concurrent user, and [the vendors] wanted to do unique users, and they wouldn’t budge,” said Steve Bartolotta, director of GRC programs in the YNHHS’s Office of Information Security. “Without the money and the budget to pay for that licensing, we had to put the project on hold.”
Left to manage their own passwords, the delay dragged on for four years and left the healthcare organization’s 25,000 users less secure. Now, at long last, the organization was able to secure favorable licensing terms and has begun its SSO implementation.