The Red Cross is a longtime leader in the human security business. It organizes disaster response, supplies nearly half the nation’s blood supply, teaches life-saving skills, provides international humanitarian aid and supports military service members and their families. But it hadn’t been so much at the cutting edge of information and identity security until last March, when it was named the first recipient of the CourionCare Program for Non-Profits. Courion, the Westborough, Mass.-based vendor of access governance, compliance and provisioning technology, donated enterprise software licenses for the company’s Access Assurance Suite, which enables automated password reset and synchronization capabilities for the charity’s mix of thousands of staff and volunteers. “It was really a game changer for us,” says Red Cross CISO Suzanne Hall. “I’ve got to manage 70,000 identities on a given day, and when I first came, we didn’t have ability to invest in automated management tool sets. All our procedures were manual.” That not only made it difficult to deliver IT services to a very mobile and dispersed work force. “It also gave us trouble passing audits,” she says. “The risks of unmanaged identities can be huge.” That program helped the agency reduce the risk of security and compliance breaches by automatically eliminating system access when a user changed responsibilities or left the organization. So this past week, the Red Cross announced it is going a step further, with Courion’s new Access Risk Management Suite, to help streamline its transition to the Microsoft Office 365 cloud computing platform. A major project of the new suite will be to consolidate the many varieties of email addresses at Red Cross chapter offices to create a single address for each worker. “It’s important that everyone is operating on the same platform,” Hall says, but adds that the benefits go beyond email consolidation. “Now we can start looking at access management across other applications, and when we do have to scale up for a disaster we can automate the creation of those accounts. We can work with the disaster business operations group. “This is tremendous for us as we migrate to cloud-based services. Without it, we would not be able to support key initiatives.” Hall says she can also tie the suite’s capabilities to projects beyond security. “It lets us decrease the risk and audit issue, and the operation is also delivering more services.” Delivering more services is, obviously, what everybody wants the Red Cross to be able to do. Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe