Modernization of the IAM infrastructure and gradual replacement of the existing system
iC Consult was asked to modernize, and successively replace, an IAM solution that had been used for many years and is no longer up-todate. The project is being carried out in several phases. The goal is a long-term, strategically oriented IAM system.
At a glance
Health and accident insurance
Modernization and replacement of the existing IAM infrastructure
Products and services:
- Modern architecture
- Better authorization assignment: more efficient, more structured, easier to certify
- More intuitive user interface
- Faster definition of SoD rules
- Easier to expand and customize
The Swiss health and accident insurance company Helsana protects over 1.9 million people against the financial consequences of illness, accidents, maternity, and the need for care in old age. Helsana has over 3000 employees and, with a premium volume of over six billion Swiss francs, occupies a leading position in the Swiss insurance market.
For over 12 years, Helsana has been using an IAM solution that was extended and adapted as needed. The solution proved to be increasingly difficult to maintain, however, and its usability was no longer up-to-date. After an in-depth internal review, Helsana decided against further updates. By tender, they sought a partner who would gradually develop a long-term, strategic IAM solution and plan a smooth migration from the old to the new solution.
The project requirements were extensive. The first step: analyzing the existing processes and designing the new IAM user lifecycles. The role-based access control had to be reassessed and adapted to future demand. The existing system connections to the existing solution had to be identified and migrated. Of course, knowledge had to be reliably transferred to Helsana’s administration. Above all, however, Helsana was looking for a long-term, consistent IAM solution, which could wrap up various ad-hoc implementations of the past and initiate plannable IAM development.
In the tender, iC Consult won over Helsana with a concept based on SailPoint IdentityIQ. In view of the complexity of the task, it was jointly decided to carry out the project in two phases.
Phase 1 began in the third quarter of 2017 and initially included basic installation and configuration. At the same time, it was considered how the existing IAM user lifecycle processes and the existing complex role model could be implemented and optimized with SailPoint IdentityIQ.
Head of Identity Services,
Helsana Versicherungen AG
“With SailPoint IdentityIQ, we bring the digital foundation of Helsana up to date. Overall, we rate the cooperation with iC Consult as excellent. The quality of deliverables always fulfilled our expectations. Costs and milestones were reliably met. Their high level of commitment, coupled with a reliable, solution-oriented approach, were very valuable to us.”
“Right from the start, iC Consult put itself in our position and understood our requirements. Thanks to their proactive approach and excellent product knowledge, the first migration phase was extremely efficient and smooth. With a deep understanding of what SailPoint IdentityIQ can and cannot do, the project remained on track. Change requests were met with great flexibility, and promptly integrated into the project. Possible concerns were clearly expressed and resolved. Both partners therefore welcome the continuation of the project and very much look forward to the result,” summarizes René Grob, Project Manager at Helsana.
As a result, role assignment rules were unbundled and bulk migrations were further automated. These measures were supplemented by clearly defined administrative processes, both for role owners and for operations. For Helsana employees, transparency was at the top of their wish list. Where do I find my authorizations? How can I take over and process a colleague’s request? To prevent these questions from arising in the future, the user interface was fundamentally revised. Terms were standardized; the application and ordering system was centralized and further automated. A new web frontend bundles all of this on the user side and ensures fast access to the desired functions. Further measures of the first phase addressed basic reporting as well as software distribution via assignment of software roles. Thanks to the very close partnership, this phase of the project was completed in just one year.
For the second phase, which has been running since the end of 2018, the following is planned: migrating all connectors, extending the recertification, and further optimizing the IAM user lifecycle processes. Of central importance, however, is the expansion of reporting and the implementation of further security and compliance requirements of the Swiss Financial Market Supervisory Authority (FINMA).
Although the project is not yet complete, Helsana is very happy with the results achieved thus far. The assignment of authorizations is now much more structured, controllable, and easier to certify. IAM user lifecycle processes can be applied efficiently and are auditable. Security and compliance are guaranteed. The new web frontend offers users more transparency. Together with the extended automation, numerous processes can be handled much more efficiently. The leaner architecture of SailPoint IdentityIQ also offers tangible hardware advantages. Where previously seven to eight servers were needed, three are now sufficient. In addition, the new infrastructure is easier to maintain.
Helsana considers the very good cooperation with iC Consult at least as important as the milestones achieved.