Skip to main content

An insurance policy of a different kind

Global insurer reduces complexity, costs and risks with an IAM transformation

In addition to giving the insurer a more cost-effective managed services relationship that was strategic and proactive rather than merely transactional, the transformation project also brought big benefits in other areas—helping to embed continuous advantage across the company.

The starting point

Even insurance companies need insurance—and not just the traditional kind. They need rock-solid safeguards for authenticating the systems, processes and people at the heart of their business operations. The stakes are massive—and so are the opportunities for would-be attackers.

Not only are insurance companies prime targets for fraudsters and cyber criminals—for anyone looking to use even a small crack to gain entry to valuable data, funds, or other exploitable resources—they also are inherently complex businesses. Layers of sensitive customer data, payment and financial systems, core business apps, proprietary corporate information and other digital assets—they all provide potential entrees for evil-doers.

Airtight and effective identity access and management (IAM) has become essential for insurance leaders who want to ensure that their business systems and processes are also airtight.

Who can have access to which systems and which types of data? Who can access which digital apps and tools? Are the right permissions in place and how can you constantly manage them? Questions like these can seem simple, but addressing them correctly and continuously requires a clear strategy.

That’s why one insurance giant decided to take bold, focussed action on a host of interconnected challenges—including costly in-house legacy systems and teams, a complex multivendor landscape, multiple in-flight modernisation programmes and a lack of unified customer identities. The company’s game plan: to consolidate IAM-related capabilities, transfer responsibilities from the IT organisation to information security operations and follow a new path that would reduce complexity, bolster compliance and position the company for future needs.

The way forward

Working with Digital Identity by Deloitte, the insurance industry leader undertook a transformative digital identity programme that tapped the power of cloud to streamline IAM while also enhancing the customer experience, boosting compliance and reducing costs through Deloitte Operate services.

The organisation selected Digital Identity by Deloitte to design, implement and operate its enterprise IAM environment, including privileged access management (PAM) and new customer IAM (CIAM) capabilities. The transformation moved the company from multiple vendors to a single vendor, Deloitte, for managing the entire access management landscape—including technology implementation, ticket servicing and app onboarding.

Deloitte worked with the organisation to host the new AM landscape in the client’s own AWS cloud environment—with SailPoint for identity governance and administration (IGA), CyberArk for PAM, and Okta for single sign-on and customer IAM. Building a single, integrated programme for IAM and related needs required a broad range of capabilities and professionals across the “advise, implement, operate” spectrum—including analysts, engineers, developers and IT architects, as well as specialists in cloud security operations and network security operations. Functioning as an extension of the client’s team, these specialists brought a holistic, problem-solving approach focussed on industry- specific needs, strategic objectives, integrated operations and quality outcomes—rather than just transactions. Deloitte also brought proven processes and methodologies to the project—especially around change management, through a corps of Deloitte organisational change specialists equipped with industry leading practices and standards.

During the transformation journey, the insurer’s move to Deloitte Operate services was quickly put to the test—with news of a concerning industry breach. Cyberattackers were attempting to learn which businesses had purchased cyber insurance. If they could identify cyber-insured companies, the attackers might realise an easier payday—expecting those companies to meet ransomware demands more readily, for example, knowing they were covered by insurance. The insurance company turned to solutions and services provider Deloitte to take action quickly— securing all the external-facing customer apps that touched on its cyber-insurance offerings and enabling multifactor authentication for all of them.

The achievements

In addition to giving the insurer a more cost-effective managed services relationship that was strategic and proactive rather than merely transactional, the transformation project also brought big benefits in other areas—helping to embed continuous advantage across the company. As part of its move to a central cloud environment and a single vendor, through Deloitte’s Operate managed services the company was able to improve its toolset for supporting audit and compliance needs, provide its customers with a more meaningful and secure sign-on experience, and create a roadmap to guide future ambitions for cloud and access management.

Let’s talk cyber

How is your organisation insuring itself for today’s and tomorrow’s cyber needs?

Discover how Deloitte’s worldwide team of industry-focussed specialists can support you every step of the way and help you respond with confidence no matter what the future brings. Contact us to get the conversation started.



Sunny Aziz

Principal Deloitte and Touche LLP


Anthony Berg

Principal Deloitte and Touche LLP


Naresh Persaud

Managing Director Deloitte and Touche LLP


Kavitha Beenukumar

Senior Manager

Deloitte and Touche LLP

Did you find this useful?

Thanks for your feedback

If you would like to help improve further, please complete a 3-minute survey