Global Insurer

While separating its insurance business from the rest of the group, the company saw an opportunity to boost security and simplify compliance by adopting a new access governance strategy.


About Global Insurer

This European financial services company had grown, both organically and through acquisition, into one of the world’s leading global banking and insurance brands. As a result, the business had become so complex and extensive that overall group performance was beginning to suffer.

The company decided to adopt a business simplification strategy that would allow it to focus on a smaller number of stronger businesses. As part of this strategy, the insurance business would be separated from the banking side of the group — which required the creation of an entirely new IT infrastructure, including a new identity management platform.

Identity management is a particular concern for the insurance business because of its obligations to comply with both Sarbanes-Oxley and PCI-DSS regulations. The company not only needed complete control of access to its IT systems; it also needed to be able to prove to regulators that its systems are secure.

Challenge

While separating its insurance business from the rest of the group, a major financial services company saw an opportunity to simplify compliance by adopting a new access governance strategy.

Our Solution

Before the separation of the insurance business, the company had been using Identity Manager as its corporate identity management platform, and was fully satisfied with its performance. Since the insurance team already had the skills in-house, and the software was available under the company’s existing enterprise license agreement, it was a straightforward decision to base the new solution on the same technology.

“We did not want to simply replicate the existing corporate solution — we also wanted to introduce additional features, such as role-based provisioning of user identities,” said a spokesperson. “The NetIQ (now a part of Micro Focus) solution gave us exactly the functionality we needed.”

Ultimately, the company decided to use Identity Manager for three main purposes. First, it created a corporate directory services (CDS) solution that consolidates all digital entities and identities into a single directory, which is used for LDAP authentication and Microsoft Active Directory provisioning.

Next, it integrated the CDS with a second directory, which it uses to manage role-based user account provisioning services for other systems. This provides automated workflows that ensure that whenever access to a new system is requested, the request is sent to the appropriate managers and administrators for approval.

Finally, to increase security, the company created a wholly separate identity management environment for provisioning system access for privileged users, such as IT system administrators. This environment has the same design and structure as the main solution, but is managed separately — ensuring that standard users cannot accidentally be granted administrator-level access to any of the company’s systems.

During the later stages of its Identity Manager implementation, the insurance business worked with one of our partners to assess the organization’s access governance capabilities — which are particularly important for meeting its compliance obligations. As a result of this assessment, the company decided to implement Access Governance Suite to create a policy-driven framework around identity and access management, and provide enhanced analytics capabilities for security and compliance reporting.

Results

With the combination of Identity Manager and Access Governance Suite, the insurance business will not only gain greater control of the provisioning, management and de-provisioning of user identities; it will also gain greater insight into user access rights, policy compliance and potential risks.

In the first phase of deployment, Access Governance Suite will be used to provide an “actual versus target” report for two insurance applications, which will compare users’ actual access rights with the policies that need to be implemented. Next, the company will develop a process that allows business owners to review and change the entitlements of the employees they manage.

Tight integration between our solutions means that changes authorized by business owners can be fed back directly into the provisioning engine, and the results can be analyzed immediately. The automation of this process leaves no loopholes and eliminates risk — which will make it much easier to demonstrate to regulators that the company is fully meeting its compliance obligations.

Insurance

GermanyEurope

  • Unifies identity management across the insurance business
  • Automates user provisioning with role-based policies and workflows
  • Facilitates compliance with Sarbanes-Oxley and PCI-DSS regulations

Let's Talk


Welcome, Want to talk to someone? Call our Sales team or request a call and we'll get right back to you.

  • Sales: (888) 323-6768

For support information, please visit Technical Support.

Amy Sachrison
Director
Press & Analyst Relations

Phone: (713) 418-5368
Email: amy.sachrison@netiq.com