Molina Healthcare: Centralizing Identity with SailPoint IdentityIQ
For anyone in charge of identity and access management (IAM), the balance between governance and enablement is a fine one. No more is this true than for Molina Healthcare who first came to us with exactly that balancing act in mind. They needed to better manage user access across their organization without employees having too many hoops to jump through right out of the gate, nor leaving policies too lenient, potentially exposing the organization to data breach. We’re thrilled to share their story on our blog today – it’s a perfect example of the value of putting identity at the center of an organization’s security strategy.
As a healthcare provider, Molina Healthcare understands that keeping patients’ information secure while allowing their employees to efficiently perform their jobs is incredibly important to their business. As they continued to grow and take on an influx of membership, they knew it was time to find a solution for IAM.
The three main challenges that pushed Molina to consider an IAM program were self-service access requests, identity governance, and the integration of data to provide centralized visibility and access. Since healthcare is not only in a very highly-regulated industry, all the information and data that needs to be processed for claims can get very complicated very quickly. Information on patients can only be given on a need-to-know basis with manual processes, which meant claims could take longer to complete. With dozens of applications and 20,000 employees, Molina needed to streamline their processes.
This is where SailPoint came in to help. With self-service access requests, the manual processes Molina had to undergo to provide access prior to implementation were eliminated and granting access is now a much more streamlined process. Claims processing is a large part of Molina’s business, and so speeding up this process has provided a great value to the business while also granting IT insight into who has access to what and ensuring users have the right access to the right data at the right time.
Perhaps the best outcome thus far, however, with the implementation of SailPoint is that Molina has been able to eliminate some in-house development on more customized pieces of software. This has freed resources to work on other portions of the organization’s needs. In addition, the self-service access requests have eased business user frustrations with gaining access to the necessary files, while providing favorable results on their identity governance program. This is then empowering the business – and the organization as a whole – to work more efficiently.
From their experience with this project, Molina believes to build a sound foundation for effective IAM to have 5 main points:
- “Know thy data.” Any activity must understand the data first as well as use cases. Is it clean? If not, why? Are there processes that need to be changed that are either:
- Leading to bad data, or
- Will be affected due to automation
- Carry out extensive requirements gathered through business analysis. Try to capture, document and get signoff from stakeholders.
- Form a steering committee that is made up of executives and present the roadmap as well as accomplishments.
- Build a team that can execute and has knowledge of taking projects to production.
- Always show the ROI of the project and its value to the business.
Molina’s next steps are to implement a more robust onboarding and off-boarding process for their users. This will allow for Day 1 access of the appropriate systems for their users: automatically sending Human Resources the correct information to provision the right access, obtaining the right hardware for the new employees, etc. Currently there are a few systems that “handshake” data, but there is a noticeable delay in this exchange. By centralizing the data and operations from implementing SailPoint further into their systems, Molina can enable their business users – and thus the organization as a whole – to become even more efficient while still maintaining a high level of security and compliance.