In addition to giving the insurer a more cost-effective managed services relationship that was strategic and proactive rather than merely transactional, the transformation project also brought big benefits in other areas—helping to embed continuous advantage across the company.
Even insurance companies need insurance—and not just the traditional kind. They need rock-solid safeguards for authenticating the systems, processes and people at the heart of their business operations. The stakes are massive—and so are the opportunities for would-be attackers.
Not only are insurance companies prime targets for fraudsters and cyber criminals—for anyone looking to use even a small crack to gain entry to valuable data, funds or other exploitable resources—they also are inherently complex businesses. Layers of sensitive customer data, payment and financial systems, core business apps, proprietary corporate information and other digital assets—they all provide potential main courses for evil-doers.
Airtight and effective identity and access and management (IAM) has become essential for insurance leaders who want to ensure that their business systems and processes are also airtight.
Who can have access to which systems and which types of data? Who can access which digital apps and tools? Are the right permissions in place and how can you constantly manage them? Questions like these can seem simple, but addressing them correctly and continuously requires a clear strategy.
That’s why one insurance giant decided to take bold, focused action on a host of interconnected challenges—including costly in-house legacy systems and teams, a complex multivendor landscape, multiple in-flight modernisation programmes and a lack of unified customer identities. The company’s game plan: to consolidate IAM-related capabilities, transfer responsibilities from the IT organisation to information security operations and follow a new path that would reduce complexity, bolster compliance and position the company for future needs.
Working with Digital Identity by Deloitte, the insurance industry leader undertook a transformative digital identity programme that tapped into the power of cloud technology to streamline IAM while also enhancing user experience, boosting compliance and reducing costs.
The organisation selected Digital Identity by Deloitte to design, implement and operate its enterprise IAM environment, including privileged access management (PAM) and new customer IAM (CIAM) capabilities. The solution was managed and delivered as an innovation and outcomes-based ‘Operate’ service by Deloitte, moving the company from multiple vendors to a single vendor, Deloitte, for managing the entire access management landscape—including technology implementation, ticket servicing and app onboarding.
Deloitte worked with the organisation to host the new AM landscape in the client’s own AWS cloud environment—with SailPoint for identity governance and administration (IGA), CyberArk for PAM and Okta for single sign-on and customer IAM. Building a single, integrated programme for IAM and related needs required a broad range of capabilities and professionals across the “advise, implement, operate” spectrum—including analysts, engineers, developers and IT architects, as well as specialists in cloud security operations and network security operations. Functioning as an extension of the client’s team, these specialists brought a holistic, problem-solving approach focused on industry- specific needs, strategic objectives, integrated operations and quality outcomes—rather than just transactions. Deloitte also brought proven processes and methodologies to the project—especially around change management, through a corps of Deloitte organisational change specialists equipped with industry leading practices and standards.
During the transformation journey, the insurer’s move to to an Operate service was quickly put to the test—with news of a concerning industry breach. Cyberattackers were attempting to learn which businesses had purchased cyber insurance. If they could identify cyber-insured companies, the attackers might realise an easier payday—expecting those companies to meet ransomware demands more readily, for example, knowing they were covered by insurance. The insurance company turned to solutions and services provider Deloitte to take action quickly— securing all the external-facing customer apps that touched on its cyber-insurance offerings and enabling multifactor authentication for all of them.
In addition to giving the insurer a more cost-effective managed services relationship that was strategic and proactive rather than merely transactional, the transformation project also brought big benefits in other areas—helping to embed continuous advantage across the company. As part of its move to a central cloud environment and a single vendor through a managed Operate service, the company was able to improve its toolset for supporting audit and compliance needs, provide its customers with a more meaningful and secure sign-on experience and create a roadmap to guide future ambitions for cloud and access management.
How is your organisation insuring itself for today’s and tomorrow’s cyber needs?
Discover how Deloitte’s worldwide team of industry-focussed specialists can support you every step of the way and help you respond with confidence no matter what the future brings. Contact us to get the conversation started.
Sunny Aziz - Principal, Deloitte US - Deloitte and Touche LLP
saziz@deloitte.com
Anthony Berg - Principal - Deloitte and Touche LLP
antberg@deloitte.com
Naresh Persaud - Managing Director - Deloitte and Touche LLP
napersaud@deloitte.com
Kavitha Beenukumar - Senior Manager - Deloitte and Touche LLP
kbeenukumarrenuka@deloitte.com