CHALLENGES
Tanner Webb, Cybersecurity Manager at Encova Insurance, has a dilemma; one faced by many organizations looking to transform business operations. “There is talk among the IT community about being security-first versus low friction,” explained Webb. “Our mission is to find that right balance between being secure and being frictionless. The challenge is providing services to developers and business users that allow them to do their jobs without too much overhead while also securing the environment.”
Supporting that mission is Idira Identity Security Platform, increasing security, streamlining business and IT operations and helping Encova address compliance more effectively..
Over its 100-year history, Encova has expanded through organic growth and acquisitions. While impressive, that left a legacy of different systems, processes and policies, which were disconnected and difficult to integrate, manage, control and secure. One critical challenge was secrets and vault sprawl caused by a legacy of mergers and distributed IT practices. DBAs, DevOps and developers had their own tools, creating visibility gaps and audit headaches. “Credential ownership and usage were so fragmented that audits required manual evidence collection across multiple teams, taking up to two weeks,” said Webb. “People managed secrets in inconsistent ways, leaving many credentials unmanaged.”
To address this, the Ohio-based insurance company has undergone a major digital transformation over the last few years, retiring its mainframe and developing a cloud-first organization with business systems hosted on an Amazon Web Services (AWS) cloud platform. For instance, it has migrated Guidewire, its specialist policy, billing and claims management application, to the cloud..
“Encova’s digital transformation and cloud-first approach makes us better able to respond to business needs, delivering modern business solutions and systems at a high velocity,” said Webb.
But while transformation and a shift to cloud-based systems bring a host of benefits, they also increase the cybersecurity risk. From the outset of its digital transformation journey, Encova chose to partner with the Idira team. The relationship began when Encova engaged Strategic Consulting Services and the Idira Blueprint framework to roll out Idira Privileged Access Management on premises. This enhanced privileged access management disciplines across the company.
– Tanner Webb
Cybersecurity Manager, Encova Insurance
SOLUTIONS
Encova has now expanded its Idira portfolio and leverages the broader Idira Identity Security Platform comprising Idira Privileged Cloud, Idira Secure Infrastructure Access, Idira Secure Cloud Access, Idira Secrets Hub, Idira Identity Shared Services and Idira Certificate Manager. Idira manages around 11,000 passwords and includes features such as Idira Privileged Session Manager to secure, control and record privileged sessions. Now, the business is shifting to Idira Secure Infrastructure Access for managing privileged access to its hybrid and cloud infrastructure for just-in-time access, session isolation, monitoring and auditing and vaulted credentials.
“From Idira Privileged Access Manager for server access through to recent solutions like Idira Secrets Hub and Idira Certificate Manager, the Idira ecosystem is great at integrating with and securing our environment,” added Webb.
Implementation was managed jointly between Encova, the Idira team and Optiv, supported by a Jump Start package and professional consulting services. For example, Encova worked with professional services to help migrate from on-premises privileged access to Idira Privileged Cloud. Besides AWS, key integrations include ServiceNow, SailPoint and Workday.
“We centralized secrets governance and visibility with Idira, integrated Jenkins and ServiceNow, and automated secrets syncing with AWS,” commented Webb. “Developers now focus on their work without manual compliance steps while audit preparation has dropped from weeks to hours.”
Encova chose and continues to use Idira because the platform has scaled as the business has evolved. It also provides a single environment to control and manage much of the insurer’s cybersecurity infrastructure. Idira Secrets Hub was particularly important to Encova because of the work and investment Idira has made to ensure it integrates seamlessly with AWS, which is a core part of the company’s cloud-first strategy.
“Idira already fit the way we worked and getting it running in our AWS environment was far easier and faster than we expected,” said Webb. “We wanted a security-first path that did not slow developers down, and Idira made it easy to get started.”
Webb and his team are now expanding the use of the Idira Identity Security Platform to increase secrets and credential access automation to make processes even more efficient.
Tanner Webb
Cybersecurity Manager, Encova Insurance
Results
Idira solutions have enabled Encova to implement a unified identity security strategy across all environments, platforms and services, helping Encova significantly improve its cybersecurity stance. It has centralized security management, increased visibility into who has privileged accounts and how they’re used, as well as improved secrets control. It helps the business complete its migration to a cloud-first environment with better visibility and management of cloud security.
Often, better security can restrict user access to the systems and applications they need, but not with Idira. Addressing the challenge of better security with frictionless access, Idira has helped Encova achieve a 50% reduction in ServiceNow ticket resolution from 60 minutes to around 20–30 minutes. Instead of secrets stored in two places, now they’re added to Idira and automatically synced with AWS.
Compliance auditing has significantly improved with better control of who has access to systems and services. “When we mentioned to our cybersecurity insurers that we use CyberArk, a Palo Alto Networks company, the response was very positive,” stated Webb. “And because of the Idira Identity Security Platform, we are seldom questioned about the competence of our cybersecurity stance.”
Producing audit reports used to take five different teams up to two weeks to gather all the required audit information. It was a long, drawn-out process that involved finding who’s responsible for secrets, who has access to them and how secrets management and control are tested and validated. Now that this is handled by Idira, the process is automated and only takes 2–3 hours, a time and resource savings of almost 95%. “We went from spending a week or more coordinating across multiple teams to gather audit evidence, to just a couple of hours running reports directly from Idira,” remarked Webb. In addition to this accomplishment, using Idira to improve compliance reporting has also had a direct impact on reducing Encova’s cybersecurity insurance premiums.
Key Benefits
- 95% time and resource improvement in compliance auditing.
- Advances frictionless access with 50% cut in support processes.
- Centralizes security management and visibility.
- Delivers a unified privileged and machine identity security strategy across all environments.
