Abeille Assurances relies on Identity solutions to accelerate the insource of its cyber security
Founded in 1856, Abeille Assurances is a major player in the French insurance market. Today, its team comprises 4,200 employees and 1,000 general insurance agents. In 2021 the company became part of the Aéma Group, providing a wide range of products and services covering insurance, protection, savings, and retirement to more than 3.1 million customers.
Challenge
Previously the responsibility of a foreign insurance group, Abeille Assurances' IT team was tasked with bringing its cybersecurity in-house in a very short time. A major priority was the transition of the recertification and authorization processes, that had previously been managed by the former Group's in-house solution.
Solution
SailPoint IdentityNow, combined with the expertise of its integrator partners, enabled Abeille Assurances to streamline and accelerate recertification processes for its 4,200 internal employees, consisting of more than 500 external identities and over 50 non-human identities.
Industry
Insurance
Company size
5,000 employees
“The SailPoint solution immediately demonstrated the added value it could bring to our users.”
Geoffroy Andrieu, IAM Manager at Abeille Assurances.
+300
applications integrated into Identity Security Cloud in one year.1.5
FTEs (full-time equivalent) saved.10 to 2 days
reduction in access creation time.In 2021, following its takeover, Abeille Assurances had to internalize all cybersecurity activities in record time. At the end of 2022, and now as a brand of the Aéma Group, the company's IT team wanted to simplify their Systems and processes. They wanted to improve the user experience, but above all, to stop using a combination of Excel files and internal tools to manage recertifications. The team also wanted to automate the joiners, movers and leavers process. This was a major challenge, not only because the transition timing was very short, but also because the use of customized solutions was well established among users.
“As far as the challenges were concerned, Not only did we need to migrate to SailPoint quickly, but we also had to convince users that a SaaS solution was the right option for Abeille Assurances. After all, it's a cybersecurity solution, and a SaaS one on top of that. Fortunately, the insurance sector is changing, particularly in terms of regulations with NIS 2 and DORA. This meant that we needed to dedicate resources to cybersecurity”, explains Geoffroy Andrieu, IAM Manager at Abeille Assurances.
Abeille Assurances chose to implement a SaaS solution that would enable them to make a rapid transition while using more standardized tools and processes. This challenge was overcome thanks to SailPoint IdentityNow that was deployed in less than a year.
“Before working with SailPoint, we tended to treat specific challenges before the more general ones. By choosing a SaaS solution, we were able to take a slightly more down-to-earth approach to simplify identity management. In believe, That's a major benefit of the SailPoint solution: the product enables us to do things more simply, and as a result, makes our lives easier”, explains Alexandre Mazars, IAG IT Manager at Abeille Assurances.
Massive user adoption of the solution right from the start
Although the previous tools were highly personalized, they were very restrictive for managers and were not user-friendly. The Information Security team had to deal with some initial pushback from the more reluctant users, however user behaviors quickly changed once the benefits were understood.
“The solution immediately demonstrated the added value it could bring to our users,” recalls Geoffroy Andrieu. “For example, the managers in charge of approving recertifications had to do so on the anniversary date of the requests for each member of their teams. In practice, therefore, recertification was a matter that they had to manage throughout the year, depending on the dates of arrival of their employees. By implementing the SailPoint solution, we were able to condense all the recertifications into a single month and plan them in advance. This means that managers can now plan the time needed to complete them in advance.”
Right from the launch of the project, users recognized the benefits of the solution in simplifying their tasks. Among the most welcome features was the introduction of a single interface for making requests and allocating rights. The setting up of validation delegations and the integration of business role description sheets are now much easier to do.
Granting authorizations quickly is also a highlight of the implementation of SailPoint Identity Security Cloud: “Before using the SailPoint solution, it used to take five to ten days from the start of the moment of the identity creation request to the moment when the employee could really start working. Some requests remain manual, however with most aspects automated, it now takes just one or two days”, explains Geoffroy Andrieu.
Once the access to the applications has been granted, the person concerned receives a notification including a link to the application and the related documentation.
“Talking about the tool now and the one we used before, It's like night and day; The new tool is so simple and easy to use, now we know what we ask for”,
extract from an internal survey of Abeille Assurances employees
These features make life easier for users, without compromising on security and traceability. All the actions carried out are traceable, and it is impossible to grant one's own request.
Better management of internal mobility
To address internal mobility involving a change of manager and team at the same time, the Information Security team setup a Workflows module to add this functionality that had previously been missing. A micro-recertification is now automatically triggered so that the new manager can review the employee's access.
A manager who may not know the new employee's authorizations can also transfer the recertification request to the former manager who is more familiar with the matter.
“For certain managers who hold director or VP positions, we have also ensured that the tool's recertification request notifications (in case of employees arriving, recertifications, etc.) are also sent to their backups,” explains Alexandre Mazars, IAG IT Manager at Abeille Assurances. In this case, the Workflows module uses Workday's (HR) identity data to identify the contacts associated with the various managers and includes them in the notification process.
Implementing connectors to accelerate access provisioning
Until the implementation of the SailPoint solution, a support team of four people was dedicated entirely to authorization requests.The team remains in place, as some specific authorizations still have to be allocated manually, however, a singleActive Directoryconnector has saved up to one and a half full-time equivalents (FTEs) over the course of a year.
To date, almost 300 applications are used throughout the organization, 70% of which are already linked to the Active Directory. With just one connector, it has been possible to reach 70% of the application base. 60 applications have already been fully deployed in Identity Security Cloud, which means that they can be requested via self-service in SailPoint, recertified, and then connected to identities. This was all done in the space of a year.
“Identity Security Cloud is a bit like the Zinedine Zidane of IAM tools. Just as Zidane was the maestro in the field, orchestrating the game and distributing decisive passes, Identity Security Cloud acts as a central pivot in the enterprise, skillfully connecting and managing access. Just as Zidane protected the ball from opponents while creating opportunities for his team, Identity Security Cloud ensures data security while facilitating access to corporate resources. And just as Zidane had a knack for simplifying the game while maintaininga high level of performance, Identity Security Cloud stands out for its speed of deployment and its ability to make IAM intuitive for users.” Geoffroy Andrieu.
The benefits of implementing SailPoint solutions:
- Ease of application
- Single interface
- Sorting by Application
- Easier to understand rights
- Leave management
- Possibility of supervising all current requests and forwarding them to support (IAM)
- Possibility of setting up validation delegations
- Speed of execution
- Automatic provisioning in a matter of seconds
- Low error rate (less than 2% error, resolved in less than 24 hours)
- Simple deployment
- No technical deployment required for applications based on AD, AD LDS and Azure AD
- Extensive SailPoint connector catalogue to cover all systems
- Easy API connector development
- Security & traceability
- Traceability of all actions carried out
- No auto-approval possible
Business roles: a major project under development
While the recertification project has been a priority over the past year, the IS team is now turning its attention to the business roles, and once again, SailPoint's solutions will be able to help. With the aim of improving the user experience, the team wants to overhaul all the existing business roles throughout the company. While one half of the company is already using business roles, the other half still hasspace for improvement.
To achieve their objective, the team is already using Artificial Intelligence (AI) tools, particularly SailPoint's Role Mining module. The module provides indicators and statistics across a broad range of user rights: the number of business roles in the company, the content, the number of rights in a business role and more. This stream will improve the quality of the data, while enabling the use of Access Recommendations. It will also facilitate greater automation in the addition of business roles, enabling new employees to get the access they need without asking for it. These features and functionality have improved new employees’ integration and the user experience as whole.
Discover more customer stories.
