Motorists Insurance is a super-regional mutual company owned by policyholders that has a national reach through affiliations. Since their beginning in 1928, the focus has been delivering exceptional customer service, which their 1,200 associates and 20,000 agents deliver to over 700,000 policyholders. Unfortunately, manual identity and access management processes and legacy systems were hindering their team’s efficiency and productivity levels. When the company redefined their vision for their security program, addressing these inefficiencies shot to the top of the priority list.
In order to meet expectations for the reinvented information security program, they needed to move away from the conservative IT insurance industry stereotype and adopt a more innovative approach. They decided to invest in an identity governance platform that could scale with the company, complementing the new vision.
Legacy systems and manual processes were the cause of a less than ideal user experience. Users had separate logins and passwords for various systems, and there was no single disabling point when employees or agents ended their relationship with Motorists. Password hygiene was also non-existent, creating additional potential risk for bad actors to infiltrate IT systems.
Tony DeAngelo, Assistant Vice President, Information Security at Motorists Insurance, leads the identity team and sought to build an IT infrastructure that would automate these manual processes. This would allow employees and agents the ability to do their jobs on day one and provide proper access controls that reduce the risk of potential exposure. SailPoint was the selected partner for their identity governance foundation. CyberArk and Okta were also selected as additional pillars for the program to address their needs around access management and privileged users.
Taking the Leap to Automated Identity Management
DeAngelo and his team set out to mature identity and access management from a legacy environment. Provisioning and deprovisioning access for internal associates and the Motorists agent base were the priority for their program. They took a look at the systems and applications these two groups needed to do their jobs. Birth-right access was also established, which provided employees with immediate access.
“Giving our team access to systems and tools upon joining the company is our priority and ensures they have everything they need to be successful,” said Data Security Analyst Helen Shinn. When the account creation was manual, multiple teams administrated access for various systems in order to get an agent functional. With SailPoint, access for various systems is streamlined into a single, automated workflow, increasing onboarding and the speed to market. The IT staff have felt the benefits from this as manual provisioning has gone away, therefore reducing the burden on them. The user experience is now much more positive, and agent feedback reflects that.
Data Security Analyst Phil Miller has been with Motorists Insurance for 35 years. He has seen the focus on identity rise, and the success of the identity program gives them a seat at the table where overall security strategy is discussed. “We are now involved in the planning stages for IT security, instead of being notified of decisions we need to execute on,” Miller shared. The identity team continuously solicits feedback from the business, so they can keep evolving and maturing the program. This collaborative approach allows them to implement proactive solutions that support the business’ strategy.
The Trifecta – Identity Governance, Access Management & Privileged User Management
Motorists Insurance takes a holistic and best practice approach with their IT strategy. Okta provides them single sign-on and multi-factor authentication capabilities, further elevating the user experience. The insurance industry is heavily regulated and facing increased scrutiny around privileged access and appropriate management of these accounts. Motorists leverages CyberArk to build a framework around several privileged accounts and systems housing that data.
SailPoint is the provisioning and governance engine at the center of the platform. “Our identity governance program, when coupled with our access management and privileged access strategy, give us a blend of complementary technologies that enable us to deliver on the company’s strategic IT vision,” DeAngelo said.
DeAngelo and his team took the time to understand the workflows and processes of the business units before embarking on their journey. “Identity governance is not an IT problem, it’s a business problem. And it can’t be solved in a vacuum. Representation of your vital stakeholders is necessary for success. This takes time, but this collaborative process reinforces the integration, expectations, platform delivery and workflows put in place. This also provides an opportunity to educate the various teams on the importance of the program, which increases adoption and adherence.”