Commonwealth and state/territory government funded public company, Healthdirect Australia, has used open source software to build an identity and access management (IAM) solution.
The IAM solution allows users to have one identity across all of its websites and applications. For example, users can sign in using their Facebook, LinkedIn or Gmail account.
Healthdirect Australia chief architect Bruce Haefele told Computerworld Australia that a single sign in is important as it runs a number of health advice websites such as pregnancy/baby care for new parents.
“We work with other partners in the [health] industry to make information available that is appropriate for Australians and meets health guidelines. It’s not as random as searching Doctor Google,” he joked.
Healthdirect Australia also operates a national health services directory of all the care provider organisations in Australia. This can be accessed on iPhone and Android devices so that people can look up health services on their phone. For example, consumers can type in their postcode to find out the location of their nearest late night pharmacy.
- ShutterStock uses OpenStack to reduce network latency issues
- The rise of security-as-a-service in Australia
- NSW gov appoints IT consortium to improve password security
In addition, the organisation runs free call services for Australians including a 24/7 nurse triage line, which people can use to phone up and speak to a nurse about their health.
“Early on, we identified that if we are going to be a safe and trusted organisation, we needed to have a very strong focus on security,” said Haefele. “Over time that has evolved as the federal government has required us to comply with its Information Security Manual [ISM]. We also have to comply with the Privacy Act and the Personally Controlled Electronic Health Record [PCEHR].”
When Healthdirect Australia was looking to develop the identity and access management solution in 2012, it did not have cyber security specialists on staff. Security services provider First Point Global was selected to design and implement the IAM.
"With our IAM infrastructure, most of it is implemented on open source products which were recommended by First Point Global,” he said.
“For example, we use Splunk for security monitoring and an open source log management offering called Log Stash. In other instances, we will use commercial products but if only if there isn’t a good open source alternative.”
In addition to the IAM, First Point Global implemented a Web application firewall, intrusion detection/prevention and vulnerability management.
Follow Hamish Barwick on Twitter: @HamishBarwick