• United States



Contributing writer

How the Red Cross found its ID management groove

Jan 18, 20123 mins
Access ControlComplianceData and Information Security

The Red Cross is a longtime leader in the human security business. It organizes disaster response, supplies nearly half the nation’s blood supply, teaches life-saving skills, provides international humanitarian aid and supports military service members and their families.

But it hadn’t been so much at the cutting edge of information and identity security until last March, when it was named the first recipient of the CourionCare Program for Non-Profits.

Courion, the Westborough, Mass.-based vendor of access governance, compliance and provisioning technology, donated enterprise software licenses for the company’s Access Assurance Suite, which enables automated password reset and synchronization capabilities for the charity’s mix of thousands of staff and volunteers.

“It was really a game changer for us,” says Red Cross CISO Suzanne Hall. “I’ve got to manage 70,000 identities on a given day, and when I first came, we didn’t have ability to invest in automated management tool sets. All our procedures were manual.”

That not only made it difficult to deliver IT services to a very mobile and dispersed work force. “It also gave us trouble passing audits,” she says. “The risks of unmanaged identities can be huge.”

That program helped the agency reduce the risk of security and compliance breaches by automatically eliminating system access when a user changed responsibilities or left the organization.

So this past week, the Red Cross announced it is going a step further, with Courion’s new Access Risk Management Suite, to help streamline its transition to the Microsoft Office 365 cloud computing platform.

A major project of the new suite will be to consolidate the many varieties of email addresses at Red Cross chapter offices to create a single address for each worker. “It’s important that everyone is operating on the same platform,” Hall says, but adds that the benefits go beyond email consolidation.

“Now we can start looking at access management across other applications, and when we do have to scale up for a disaster we can automate the creation of those accounts. We can work with the disaster business operations group.

“This is tremendous for us as we migrate to cloud-based services. Without it, we would not be able to support key initiatives.”

Hall says she can also tie the suite’s capabilities to projects beyond security. “It lets us decrease the risk and audit issue, and the operation is also delivering more services.”

Delivering more services is, obviously, what everybody wants the Red Cross to be able to do.