Skip to main content

RSA Insurance

IT Migration Case Study

Consolidating a global IT infrastructure

Ensuring a smooth transition during cross-geography merger and acquisition for RSA

RSA is a general insurance company that built major operations in Europe, Canada, the U.S. and the Middle East.

In 2021, RSA's global operations were acquired by a consortium of insurers in an £8 billion merger and acquisition deal from Intact Financial Corporation and Tryg. This necessitated a separation of RSA's Scandinavian business and an infrastructure integration from global business operations in North America, the Middle East, the UK and Ireland to the new parent company.

The businesses subsequently entered into a complex set of transition service agreements (TSAs) that required in-depth co-ordination with regional IT programmes to integrate and separate systems and platforms. Simultaneously, RSA saw an opportunity to consolidate, modernise and strengthen its operations for greater efficiencies and security.

A cross-geography team of stakeholders was formed to navigate the differing applications, security requirements, licencing agreements, regulations and logistical hurdles associated with these initiatives.

RSA identified an opportunity to consolidate, simplify and strengthen its operations for greater efficiencies and security during the integration of its global IT systems.

Our objective

RSA engaged Deloitte—leveraging its deep technical knowledge and vast experiences working across multiple regions—to deliver an M&A programme specifically designed to facilitate secure separation and integration of IT systems, technology stacks and business functions.

Under the agreement, the Deloitte team was tasked with addressing the following objectives:

  • Work with cross-functional client teams and third-party providers to define and deliver separation and integration activities along with architecture improvements.
  • Design and support execution of rapid on-premises data centre exit.
  • Provide insight and counsel on technical simplification and security best practises.
  • Oversee, support and manage migration activities across nine countries.


RSA identified an opportunity to consolidate, simplify and strengthen its operations for greater efficiencies and security during the integration of its global IT systems.


Integrating and fortifying the security of a diverse network of IT systems required an extensive discovery phase and deep analysis. 

Deloitte deployed an experienced team of practitioners with delivery and technical knowledge throughout RSA’s operational footprint. The team assessed and managed migration activities while overseeing each infrastructure enhancement, applying principles outlined in Deloitte’s Digital Workplace Architecture report.

Key functions included reviewing existing architecture and providing scope analysis, validation, project management and technical assurance.

Engaging with Stakeholders

Deloitte teams met with stakeholders from across RSA’s operations and outside experts and suppliers to understand the requirements and potential challenges of the project. Primary considerations included identifying and complying with disparate local and national regulations, preserving network security and personal data and merging the business’s digital platforms and software without interrupting operations.

The company was already relying on Microsoft technology for critical processes and wanted to continue using the Microsoft stack, enabling RSA to make full use of their Microsoft licencing bundle.

Deloitte leveraged their product knowledge across the technology stack, geographically diverse teams and end-to-end services to implement a comprehensive solution that fulfilled these requirements.

Devising a Strategy

To better understand the scope and objectives of the engagement, Deloitte conducted a six-week review of RSA’s existing infrastructure spanning nine countries. After capturing this insight, the Deloitte team outlined recommendations for consolidating technologies within a unified technology stack and further synchronising operational processes.

These recommendations included best practises for domain cutovers across geographic locations, considerations when migrating user data across different Microsoft tenets and supporting architecture enhancements for greater efficiencies, security and user experiences.


Deloitte served as an advisor to RSA while managing its own regional teams during the multi-phased engagement.

Phase One

Primary objectives of the first phase included:

  • Supporting RSA on regional migration projects specific to project planning, technical design, co-ordination and execution. 
  • Spearheading architecture improvements and enhancements, including supporting the development of the new cybersecurity framework.
  • Designing identity protection best practises and related policies to mitigate user risk and regulate system access, including implementing privileged identity management protocols to support more secure access for RSA’s existing Microsoft administrators.

Phases Two and Three

Following successful completion of the first phase, Deloitte commenced the second and third phases of the engagement, which included:

  • Supporting the remainder of regional migration projects, including co-ordinating clean-up activities; designing, testing and piloting further architecture improvements; monitoring cutover results; and decommissioning select legacy platforms.
  • Conducting a security review of remaining assets and engaging with stakeholder teams to pinpoint areas for continued enhancements.
  • Strategising and executing a successful exit of on-site data centres due to supplier pressure. 

Throughout this engagement, Deloitte worked in concert with RSA stakeholders and third parties to preserve uptime, maintain customer support, avoid data loss and ensure a smooth user experience during the transition.


Deloitte’s IT integration and security work has provided RSA with a unified and modern technology infrastructure as part of the Intact group.

With the company’s newly incorporated global operations, collaboration between companywide business units and the Intact group has been simplified for the benefit of employees and administrators.

The technical security enhancements also are helping better insulate RSA’s business from external threats, ensure data protection and enhance the overall cybersecurity of the business. Additionally, the exiting of on-premises data centres resulted in significant cost-savings while improving postbox security.

In facilitating the successful migration and modernisation of the company’s workplace IT architecture, Deloitte was able to help RSA continue operations with no disruption in service while achieving a foundation that the company can build upon—further enhancing its IT infrastructure for the future.

By the numbers

Domain cutovers over 9 countries

Users cutover globally

SharePoint sites migrated

Postboxes migrated

Postboxes cutover between platforms


“Working with Deloitte following RSA’s acquisition has been a complete pleasure and totally pain-free. The resources on the ground provided second-to-none technical and architectural capabilities that augmented seamlessly into RSA’s own existing engineering teams. I have no doubt that the value added by the Deloitte team directly contributed to the programme of work being the huge success it was.”

Derek Norton, Head of Modern Workplace Services, RSA

Did you find this useful?

Thanks for your feedback

If you would like to help improve further, please complete a 3-minute survey