My name is Vikas Nanda. I work for Baylor College of Medicine as an IM architect. I joined in January 2023.
Baylor College of Medicine is a research center. The faculties work there, staff member works there, students work there. Right now, it has about 2,000 students. We support students. And it's basically a research facility.
All together, we have a 21,000 population. Right now, so many attacks are happening. Brute force attacks are happening because we have a mixture of population. Not everybody is aware of security. When somebody gets an email with a phishing attack, they, by mistake, click a link, it puts us at risk.
We are trying our best to protect-- mitigating the security risks, putting an MFA in place. We are looking at different vendors. We are looking at the biometrics, authentications, things like that.
The credentials get stolen. The attackers can get your credentials and actually bring down the entire network. It's a data privacy things, too.
I used to work for Guardian Life. As I said, I came to Baylor College of Medicine in January 2023. The One Identity was already present there. So now I'm working on to improving that product, getting new features, new products or subsets of products from One Identity.
I think they purchased in 2027-- 2017. They went live in 2018, March.
They used to have an Oracle Sun, right? That product. They moved from Oracle Sun and purchased a One Identity manager or One Identity product. They used to have JML processes, which is a Joiner, Mover, Leaver processes. And when I joined, I actually assigned a task to improve that and working closely, working with the HR and our PDM, which is our Personal Data [? Mod. ?]
Identity manager has inbuilt, out of the box, a lot of connectors. The provisioning, deprovisioning. Out of the box, we can connect to Active Directory. One of the best thing One Identity provides is a SAP connector. We are a heavy on SAP. Very few vendors are out there which out of the box provides a SAP connector. You have to do so much customization. with One Identity it's very easy to connect to SAP.
I don't want to buy a product where we have to do a lot of customization. It doesn't make any sense to me. If we are paying to the company, the headache should be on the company, not to us. Everything is governed right now. Our governance is very important, right?
Since it's a Baylor College of Medicine, our physicians, our doctors, our staff members, they all use Epic. So we need to make sure we are heavily connected on Epic. It's an automated processes, so things are working fine with One Identity.
I'm not too much into actual Epic. All I know that, OK, we created entities via automated processes, via provisioning and deprovisioning from source of truth. It comes to One Identity Manager. One Identity Manager via job server connects to other target system. One of the target system is Active Directory, where Epic pulls that thing.
And then Epic takes its own action to create smaller-- take another credential for doctors and physicians, and then they get access to Epic.
Then the source of truth sends the inactive status or deactivation status. Everything is automated process. We deprovision from all targets. It's all scheduled. It's not real time. It's in near real time. It's very tough to implement-- anybody cannot implement a real time deprovisioning. It's very tough.
Anybody can say that, oh, we do deprovisioning real time, but it's very tough. It's all schedule based. Maybe 15 minutes or 30 minutes schedule based the processes runs. And we deprovision and account.
And our deprovisioning is very solid. It's not just removing an account from Active Directory. A user can have an active session. An account can be stolen, but we make sure we remove their active session, kill their active session, kill their MFA, go to Azure, kill that session as well. So our deprovisioning is not just deleting an Active Directory account. We go beyond that.
Right now, the attestation which has been running since the day one, 2018, the attestation has been running on the special IT accounts, which we call the privileged accounts-- service accounts, generic accounts, vendor accounts. So the attestation runs for the special IT accounts, which is service accounts and the generic accounts. The attestation runs a yearly attestation scheduled.
For the generic-- for the vendor accounts, it's a six month attestation, which is scheduled. So One Identity Manager sends automatic attestation, if it's due, via email right now. But we are looking to improve that, not doing an attestation via email, but looking to do an attestation via web portal, which is a new web portal.
Because we want to actually want our users to start leveraging the new web portal, because none of our user is going to the web portal right now.
I think we recently upgraded to 9.2. We were running on 7.1.3 for many years, which were out of support. We couldn't get any support from One Identity because it was very outdated. The servers which it was running on, that was end of life.
So what we did, we took an internal initiative. Now we upgraded to 9.2 on a brand new servers. Now we want to gain governance capabilities. But I think it's a great tool now, the advanced features we want to utilize.
And we are very much hands-on on your product. We can do any customization on our own. We don't seek any help.
I think I will advise other customers that technology doesn't matter. Your processes has to be mature. If the processes are mature, then you put the technology on top. Make sure you mitigate the security, because security is very important. Bring the right tool in the company. Make sure your processes are mature. Technology cannot fix the broken processes.