Proof Point - February 2010
Western & Southern Financial Group
Increasing Efficiency with Novell Access Governance Suite and Novell Identity Manager
Most financial services companies today are facing increasing regulatory requirements. Western & Southern adopted Novell Access Governance Suite and Novell Identity Manager to automate compliance processes, without the need for additional headcount
A Fortune 500 company, Western & Southern Financial Group (Western & Southern) provides life insurance, annuities, mutual funds and investment management through one or more of its member companies. The company is one of the 10 highest-rated life insurance groups in the world according to Standard & Poor's and has assets owned, managed and under care in excess of $42 billion as of December 31, 2008.
As states adopt new insurance regulations, both public and private insurance companies have had to increase their compliance initiatives. Western & Southern must comply with the new Model Audit Rule (MAR) regulations sponsored by the National Association of Insurance Commissioners (NAIC), as well as several other regulatory requirements including HIPAA and Graham-Leach-Bliley.
Instead of increasing headcount to manage the additional reporting, monitoring and auditing required, Western & Southern wanted to automate many of its compliance-related processes. The company also wanted to increase security to maintain its superior reputation and rapid growth rate.
"Novell offers a cost-effective, integrated suite of products across the entire identity management spectrum," said Mark W. Pfefferman, Assistant Vice President & Director of the Identity & Access Management Program at Western & Southern Financial Group. "Novell has a good vision for what we are trying to accomplish and we found that Novell Access Governance Suite fills an important niche in the market."
As the foundation of its identity management platform, Western & Southern uses Novell Identity Manager to automatically synchronize user identity information across multiple systems including Novell eDirectory, Microsoft Active Directory and Microsoft Exchange. In the past, manual provisioning processes could often take up to a week. Now the IT team can provision new users with access to everything they need in less than a day.
"Our user provisioning process needs to be air tight," said Pfefferman. "With Novell Identity Manager, we get automatic feeds from our HR system and can give new users access to our network and e-mail their first day on the job."
Novell Access Governance Suite includes two components that will help Western & Southern meet new compliance requirements: Novell Roles Lifecycle Manager to simplify access control based on user roles; and Novell Compliance Certification Manager to automate the monitoring, reporting and remediation of access privileges.
The combination of Novell Identity Manager and Novell Access Governance Suite will help Western & Southern to map business roles to IT entitlements, allowing the company to provision access to systems and resources based on the user's role in the organization.
Western & Southern is working with Deloitte & Touche LLP on its enterprise roles management initiative to automate the company's compliance processes.
"The amount of time and energy required by companies to achieve compliance with a host of regulatory requirements is growing exponentially," said Lyle Carlson, Director at Deloitte & Touche LLP. "Establishing a roles-based infrastructure is a smart way for clients to simplify and automate much of their compliance management."
"Our experience with the Deloitte & Touche team has been outstanding," said Pfefferman. "They are extremely professional, knowledgeable and business savvy. They bring a set of skills and methodology—especially with enterprise roles management—that will dramatically improve our ability to automate user provisioning and compliance-related monitoring and reporting."
Novell Identity Manager will provide Western & Southern with a standardized and simplified process for provisioning entitlements based on roles, while Novell Access Governance Suite will enable the company to report on user access rights.
Because the Novell solution automates provisioning processes and provides monitoring and reporting of user access rights, Western & Southern can avoid hiring additional temporary or permanent IT staff.
ResultsTo address increasing compliance requirements, Novell Access Governance Suite will give Western & Southern greater visibility into user access rights, as well as a platform to support roles-based access controls. Such control will improve compliance with key regulatory requirements, including NAIC MAR, without the need for additional headcount.
Using Novell Identity Manager, Western & Southern has reduced the time spent on user provisioning by 80 percent and reduced password-related helpdesk calls by 45 percent. By reducing user administrative time, the IT staff can focus on more strategic projects to help the company be more agile and responsive to customer needs.
"Novell Access Governance Suite is an integral part of our plan to maintain the highest levels of security and meet our regulatory requirements," said Pfefferman. "It is also the most efficient and cost-effective solution for us."