Insurer gain secure access to all applications – IAM for insurance provider
Insurance providers are often businesses with complex, distributed structures are faced with the challenge of managing complex and heterogeneous IT landscapes centrally and effectively, all the while being under extreme pressure to save time and costs. Mergers and acquisitions have further added to this challenge in recent years. All the thousands of employees require access to a broad range of different software systems depending on their tasks. Often there are up to 100 distributed applications in addition to a central insurance application running on the strategic platform like z/OS.
Challenge: Up until recently, in many insurance companies each new user received his or her access rights based on a so-called comparative user model. Whenever a user changed the division or department and assumed new duties, part of the old access rights were carried along and added to the new set of authorizations.
So, in addition to rights assignment taking too much time without central identity and access management in place, this whole process also leads to many employees accumulating a high number of authorizations during the course of their careers at the insurer. It has thus become high time to do away with this dangerous, unchecked growth of authorizations. Also, the timely configuration and deletion of user rights – particularly regarding temporary staff – tie up the greater part of the IT Security department’s resources, who are nonetheless not able to meet the defined service levels and the security policies of the company.
Moving from information silos to central rights allocation
Insurances need to consider introducing a solution for cross-application user administration and automated role allocation. It must be their goal to optimize the company’s authorization processes in order to improve both internal efficiency and security. From the very start it is very important that they need a well-designed requirements analysis and a detailed project plan to achieve this goal. The IAM for insurance provider must also protect sensitive data while at the same time granting permissions to specific groups.
The complex heterogeneous IT landscape grown over many years calls for a well thought out plan and also makes it imperative for the customer’s and provider’s project management teams to closely coordinate their actions. Excellent user data quality represents a key criterion for the project’s success.
The first phase the insurance should ensure that all user data is cleaned and consolidated as much as possible in a central repository to provide a solid foundation for the next projects steps. The user master data of the insurance company stored in the HR system will be automatically imported by using the Provisioning Engine. Next User ID consolidation should be performed to connect HR-provided users to their corresponding account data in the company’s key target systems (e.g. RACF, Active Directory, Microsoft Exchange and Lotus Notes). Thereafter these target systems will be automatically loaded in the IAM system. The next project stage should add the other main systems and applications to the central administration concept step by step, according to priority (e.g. OnDemand, SAS, Interflex, Marval etc.).
Functional Departments should be in charge of Creating Roles
The key target system administrators should be involved in the IAM project early on. Together with their help, the project team should decide for each of the integrated systems and applications which authorizations represented the functions that will be executed by employees. Since this question is best answered by the functional departments, one by one must take it into their own hands to create the respective application and business role profiles. The appointed role managers should be enablted to create, edit and delete roles using a comfortable menu that does not require them to have in-depth IT knowledge. “Business roles” include the required authorizations to fulfil a specific function or to work in a specific department; they comprise different “Application roles” that define the access rights needed to perform specific tasks within such function for the individual applications.
Better protection and increased efficiency
- Access rights of employees leaving the company are immediately revoked, while those joining or changing job roles receive precisely the required rights without any delay.
- This also helps speed up the task of setting up new accounts, e.g. for vacation substitutions delegated at short notice, or integrating call center agents.
- Achieve an automation level of over 90% for rights allocation;
IT Department Meet Service Level Agreements
With annew IAM system in place, when a new colleague now joins, for instance, the Policy department, the integrated workflow process is instantly launched. The employee is entered in the HR system and is assigned predefined business and application roles matching his duties. As a result, from the very first day of work he has all authorizations needed to perform the tasks assigned to him in the company. This means that the insurance can fulfill their service level agreements rather easily.
The insurance will now be able to securely and efficiently manage all user rights in the company in a transparent and controlled manner. Central and role-based access authorization also helps to reduce the high administration costs. Service level agreements for user authorization are now met 100%, and the level of security has also in-creased. The SAM Enterprise Identity Manager of Beta Systems supports the implementation as well as the enforcement of compliance with internal security policies and strict legal provisions.