On the August 3, 2010 Peer Incite call with Wikibon, we spoke with Lincoln Cannon, the director of Web systems for Merit Medical, on the strategies and benefits of using innovations in identity and access management to securely move to Cloud-based applications. We also learned that these same Cloud security innovations are now poised at his firm to deliver the same value proposition to applications inside the data center – tangible business value in terms of cost, time to market, improved security, scalability to future requirements, and improved user experiences to key end-users in the medical supply business. For Merit Medical, a standards-based federated identity and access management approach has become a center post for delivering effective and efficient business applications as a service to end-users.
Security is often viewed an inhibitor in the transition to Cloud-based services. But for Merit, security and specifically security services for identity and access management, was the enabler. Here are the details:
The Need – Collaboration
Merit Medical Systems Inc. is a mid-size business and a leading manufacturer of medical devices used in diagnostic and interventional cardiology and radiology procedures. Headquartered in South Jordan, Utah, Merit has 1,700 employees worldwide, almost 100 in direct sales in the United States, 20 global sales executives, and a number of product distributors. The move to Cloud services was motivated by:
- The need to improve information sharing and collaboration between corporate employees and across the mobile and global workforce;
- The interest extending collaboration and e-learning capabilities to a growing set of distributors without the need for a VPN;
- Requirements to keep costs low while delivering an exceptional user experience on the desktop and iPhone platforms.
Google apps and an e-learning SaaS application satisfied the core end-user requirements as defined by the sales and marketing teams. For the CIO’s office, a set of infrastructure security requirements also needed to be met, including:
- Centralized control via an existing Active Directory;
- Single sign-on for internal and external apps;
- Effective administrative controls for provisioning users, de-provisioning users, and maintaining granular, role-based access rights for employees and outside partners;
- Open standards-based interface for SAML and non-SAML applications;
- Support for future applications, including Sharepoint and CRM/Salesforce.com.
The Solution – Federated Identity and Access Management
Merit selected SinglePoint, a security SaaS solution from Symplified, to tie together end-user business needs and infrastructure security requirements from the CIO's office. Through a single administrative interface, the Merit workforce can be provisioned and de-provisioned through Active Directory to internal and SaaS-based applications with policy-based access rights and more quickly navigate between documents and applications through Google, the e-learning application, and apps inside the Merit data center.
The pay-off for Merit comes in the form of satisfied users and infrastructure owners, ROI, and cost, and a platform from which to grow:
- Satisfied users – No new UID/password credentials to remember, simpler navigation between internal and SaaS-based applications, more effective content sharing between corporate and a distributed workforce, accessibility of services through both desktop and iPhone access devices;
- Satisfied CIO – Active Directory remains the authoritative source of user records, support for a standards-based solution, and support for the complete lifecycle of a user record;
- Cloud Security Infrastructure – Ability to extend the identity and access management platform to internal applications and future SaaS platforms; "parallel provisioning in multiple applications".
- ROI and Opex – Fewer than 100 man hours invested in the initial deployment, and an end cost of about $1 per user, per application, per month for single sign-on and user administration, role-based access control, and audit across enterprise and SaaS-base applications.
Action Item: Cloud apps are here to stay, and the experience of Merit Medical is perfect example of the value Google apps and others deliver to mid-size businesses, and the ability of identity management as a service to help deliver this value quickly, securely, and efficiently. As mid-size business users assess the risks and benefits to moving to the Cloud, they should use the Merit Medical case as one model for identity management in Google apps and other Cloud-based applications.