Seeing is believing: large healthcare and insurance company moves to SaaS

decorative image
Time to read: 10 minutes

This large, multidimensional healthcare and insurance company delivers high-quality, cost-effective eye care through a combination of services to eye care professionals, employers, and over 80 million members around the world.

Challenge

The company was looking to uplevel its identity security strategy and move towards a SaaS-based solution to implement automated processes, simplify access certifications, address audit findings, reduce support tickets, improve user experience, and ultimately reduce the risks associated with fragmented user identities across multiple systems.

Solution

With SailPoint, the company has put a business-friendly face on access control and has enabled business managers to make authoritative decisions on what access is granted to whom. The company has halved the number of support tickets related to identity and access management while streamlining processes. It has also significantly tightened access control and reduced the number of previously overprivileged users.

Industry

Healthcare

Company size

13,000 employees

Products

IdentityNow

Partner

Edgile

With SailPoint IdentityNow, we’re not just reducing operational technical debt. We’re also making the experience better for our users.”

Information Security Manager, a large healthcare and insurance company

12

automated certification campaigns per year

3,000

access requests processed

50%

decrease in monthly onboarding tickets

The company knows that vision solutions are unique to each individual and has invested heavily in providing services for people facing all types of ophthalmic needs. Yet, as it has continued to grow, the company realized it needed better ways to tailor its IT systems and data access to individual employees.

Most importantly, the company wanted a more strategic and SaaS driven approach to solving identity security challenges, including automating the certification of privileged and confidential data access while simultaneously simplifying access control with a business-friendly interface and enabling long-term growth.

IT leaders within the organization recognized that better control over the individual digital identities of the company’s employees would result in better business outcomes for the company, its clients, and its millions of subscribers. As a result, they decided to deploy SailPoint IdentityNow to address access control challenges while at the same time create a foundation for more streamlined and effective future growth.

The need for strategic identity security

Putting a strategic identity management solution in place was vital to addressing the company’s current business challenges and unlocking its future growth potential.

On the strategic side, they needed robust identity security to help with the following:

  • Meeting a range of regulatory and compliance requirements, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
  • Enabling the ability to meet new industry certifications, such as HITRUST, to grow its business.
  • Supporting efficient growth through mergers and acquisitions.

On the tactical side, there were several business problems they needed to solve to become more effective, including:

  • Eliminating pockets of risk from its existing fragmented access management across different systems and data sources.
  • Reducing support tickets that were initiated to onboard or offboard employees.
  • Reducing over-provisioning of access rights that happened when identities and access requirements were not well-defined.
  • Automating access management and certifications to save time and resources.
  • Providing a more business-friendly certification interface to enable management by business users instead of always relying on IT.

Choosing SailPoint

After evaluating its options for a comprehensive, modern SaaS-based identity security solution, the company chose to deploy SailPoint IdentityNow. “We chose SailPoint because it’s the market leader and because of its capabilities. SailPoint is on the cutting edge when it comes to identity management. The product’s scalability and ability to support SaaS were also important,” said the Information Security Manager.

Another important consideration was SailPoint IdentityNow’s ability to put a business-friendly face on managed assets for access certifications. “Certifications and the ease of certifying privileged and confidential access was a huge part of deciding to deploy SailPoint,” said the Information Security Manager. “The ease of the end user experience when it comes to knowing what access they have or knowing what access they’re requesting in business-friendly names, and the ability to bundle entitlements only comes from a solution like SailPoint’s IdentityNow.”

The company has integrated SailPoint with various systems, including Workday HCM, SAP Fieldglass, Salesforce, Snowflake, and more. IdentityNow’s built-in integration capabilities have been vital to the company’s ability to expand the use of identity management across the organization. Not only was the company impressed by SailPoint’s out-of-the-box connectors and framework to connect with different applications, but they also found the DB2 connector particularly helpful. “IdentityNow’s DB2 connector was huge for us, in terms of being able to take database access and turn it into a fine-grained and regulated system of access to provisioned users,” said the Senior Information Security Engineer.

Benefits of IdentityNow across the business

Deploying IdentityNow has been impressive from a business perspective, positively impacting user experience, scalability, automation, speed, and reducing security risks.

“Our previous approach to identity management was reactive and archaic. IdentityNow has flipped that on its head and now allows us to showcase exactly what users have access to. It enables our managers to make authoritative decisions on how that access is granted,” said the Senior Information Security Engineer.

The solution has helped this business cut down on overprivileged users or users with access to too many resources. In the past, it was easier to grant users extra access instead of taking the time to proactively define exactly what they needed access to. But now, with IdentityNow and its capability to tie resources to business-friendly descriptions, users can proactively be provisioned with only the access they need, reducing security risks.

Another significant benefit of deploying IdentityNow has been the faster completion of access management-related support requests, which has been enabled by the automation of processes with IdentityNow. In addition, IdentityNow’s lifecycle automation capabilities have created consistency across all full-time equivalent account creation situations, resulting in fewer errors and faster access provisioning.

“New access requests are going through much, much faster now because of how we’ve integrated IdentityNow with ServiceNow and the communications workflow is all automated,” said the Associate Information Security Engineer. “And with IdentityNow’s Request Center and its business-friendly names and descriptions of resources, we’re seeing users able to specify exactly what they need access to, significantly reducing the back-and-forth clarifications that were previously required.”

The company saw a huge reduction in onboarding ticket volume due to the automated lifecycle states in IdentityNow. In just one example, monthly onboarding tickets dropped by more than half after the IdentityNow deployment.

Just as important has been the impact of IdentityNow on the end user experience. “IdentityNow is helping us deliver access management that is friendly for all levels of the organization and easy for the end user. We have made their experience a lot better,” said the Senior Information Security Engineer. “IdentityNow has really allowed us to combine the two ideals of good security practices with good user experiences.”

The company has also seen savings in license costs with some of its applications since IdentityNow has allowed them to reduce situations of over permissioning and, by extension, over-licensing. “We had some huge cost savings with one application when we were able to resolve licensing issues through automated role assignment with IdentityNow,” said the Associate Information Security Engineer.

In addition to its existing systems, the company is also using IdentityNow to provide identity management for an integration with Snowflake’s data analytics services. According to one of the Snowflake consultants working to bring Snowflake into this company, their IdentityNow integration with Snowflake “is on the bleeding edge for access management and getting it set up.” The organization has leveraged IdentityNow’s sub admin-level access that allows it to delegate access control profile management to the Snowflake administration team, giving them control while removing work that would have traditionally consumed resources. “It’s a very cool use case to have another team leveraging IdentityNow as a sub administrator to continuously support Snowflake, so their identity control doesn’t get stale or generate a lot of requests to our team. It’s great,” said the Senior Information Security Engineer.

A combination of good user experience with strong security

For this organization, SailPoint IdentityNow has been like business rocket fuel—it’s enabled the company to do more, faster, with results that will allow its end users to work more effectively and efficiently.

The company’s positive experience with IdentityNow so far has them planning several future initiatives with the solution, including adding identity management for bots, and using it for separation of duties. They also intend to explore using SailPoint Non-Employee Risk Management to provide risk-based identity management for their non-employee users, such as contractors or partners.

In the end, it all comes back to making the lives of this organization’s end users easier, which they’ve been able to achieve. “With IdentityNow, even though we’ve taken on more work as our business scales, we can do it more efficiently, so we haven’t had to increase the resources proportionally,” said the Information Security Manager. “A big value of our identity management project for us has been how transformative it has been for our end-user experience.”