As financial software applications proliferated among employees' daily routines, the simple act of logging on became a productivity drain at OneAmerica Financial Partners ($19.9 billion in total assets). "By mid-2007 the average employee had about a dozen different logins," explains Jeff Hornung, VP and information security officer at the life insurer. "As employee frustration grew, help desk calls climbed and 'sticky note' password management became too frequent. We knew productivity was being affected."
Like many insurers, Indianapolis, Ind.-based OneAmerica's heterogeneous IT environment created a hurdle to streamlining identity and access management (IAM). "We're running everything from green-screen legacy systems to leading-edge Web-based applications," notes Hornung. "Additionally some systems are delivered as ASP, which means no opportunity for internal access management. Therefore we started a single sign-on [SSO] initiative and prioritized 200 applications from across the enterprise. Of those, we determined 47 were critical to consolidate."
According to Hornung, in fall 2007 OneAmerica whittled a half-dozen potential vendors to two: a software solution and Lexington, Mass.-based Imprivata's purpose-built appliance, OneSign. "Although we visited a local hospital where OneSign was in production, we were a little skeptical because the staff made it sound almost too good to be true," recalls Hornung. "On the other hand, the software-based solution would add complexity and instability with multiple servers, multiple operating systems and multiple components to manage. Since a business imperative was adopting a solution that my eight-person [IT] staff could administer without requiring development resources, Imprivata seemed a better fit."
Following a brief on-site proof of concept, OneAmerica signed a contract with Imprivata and started the implementation in mid-November. According to Imprivata, the self-contained appliance walks users through the deployment process using a Web-based interface and automatically learns the password behaviors of all applications.
"The proof of concept had familiarized us with configuration, so initial setup went smoothly," Hornung says. "Establishing a hierarchy for how applications would start — since some applications had timing issues — was more time-consuming. Also we deployed a fail-over unit at our SunGard hosted recovery site, which required additional effort. Over the course of the project about 30 business analysts, drawn from several departments, helped with various aspects."
A 150-employee pilot began in March 2008, and following some tweaking the enterprisewide deployment proceeded during May and June 2008. "As we rolled out, some [Redmond, Wash.-based Microsoft] Windows idiosyncrasies turned up," reports Hornung. "We resolved them by ensuring everything loaded in the proper order. Then we started getting positive e-mails, which are unusual for any type of security deployment, along with requests to hook up Imprivata at people's homes."
Beyond feeling the love, OneAmerica's help desk calls dropped about 15 percent for Imprivata-enabled applications, according to Hornung. "For one application it's even about 50 percent," he says. "Of course this translates to productivity gains because Imprivata is averaging about 46,000 successful sign-ons every week for 1,500 users. In other words, people are logging on in seconds rather than opening a spreadsheet to look up passwords or sitting on a help desk call. And passwords on sticky notes have disappeared."
Going forward, OneAmerica will leverage Imprivata's two-factor authentication and biometric device capabilities to meet changing needs and regulations, Hornung says. "For now, we've gone beyond expectations by actually enhancing productivity, which has made everyone on my team very proud."
case study profile
company: OneAmerica Financial Partners (Indianapolis, Ind.; $19.9 billion in total assets).
lines of business: Life insurance.
vendor/technology: Imprivata's (Lexington, Mass.) OneSign identity and access management appliance.
challenge: Reduce password complexity frustrations and related enterprise risk.
Anne Rawland Gabriel is a technology writer and marketing communications consultant based in the Minneapolis/St. Paul metro area. Among other projects, she's a regular contributor to UBM Tech's Bank Systems & Technology, Insurance & Technology and Wall Street & Technology ... View Full Bio