Unum

Insurance Provider Reduces Provisioning Time up to 95% with the Help of Sun Identity Manager

A Fortune 500 company with more than 10,000 employees, Unum provides insurance benefits to 42% of Fortune 500 companies and 25 million people worldwide. The largest group disability insurance provider in the United States and the United Kingdom, Unum is also a leading provider of other insurance offerings such as group life and long-term care. The company is headquartered in Chattanooga, Tennessee.

Listen to Audio

Customer Challenges

Expedite employee provisioning
Increase efficiency of security administration personnel
Minimize IT complexity

Solution

Unum engaged PricewaterhouseCoopers and Sun to help design and deploy an identity management solution that automatically provisions and deprovisions employee access to applications that run on mainframes and the IBM AIX and Windows operating systems. Deployed on existing servers in only 12 months, the solution is simple to manage and easy to scale.

Business Results

Reduced time required to provision base access for an employee by up to 95%
Increased accuracy of and control over access-control processes
Simplified security administration
Freed up IT resources to work on more value-added tasks
Built a technology platform that can scale to support future goals

Products and Services

Story Details

Knowing who has access to what information can be a challenge - especially in an international organization with more than 10,000 employees. Before 2008, 14 security administration employees at insurance provider Unum used three systems to manually manage access requests received via e-mail: Resource Access Control Facility (RACF) software was used to manage access to mainframes; AIX security administration tools were used to manage access to AIX-based applications; and Active Directory was used to manage access to Windows-based applications. Not only did IT personnel lack a single point of control over identities and access privileges, but also a single access request took 5-15 days to be completed depending on IT workload and the importance of the request. In addition, the manual process increased the risk of error, which could jeopardize compliance with regulations such as Sarbanes-Oxley.

Rather than developing software to automate provisioning, Unum contacted its partner PricewaterhouseCoopers (PwC) to help establish requirements for an automated identity management solution, and a short list of products from vendors including Sun, IBM, and CA. Even though Unum had never used Sun technologies, Sun Identity Manager topped the list of possible solutions. "We were looking for a long-term partnership with a vendor that was willing to listen to us and be willing to hear the good, the bad, and the ugly when it came to ongoing deployments, maintenance, and support," explains Lynda Fleury, chief information security officer for Unum. "Sun's solution was simple from an architectural perspective, and we could run it on our existing AIX environment. I would have ended up purchasing my own server farm if we went with some of the other solutions." Unum ultimately chose Sun's solution after Sun engineers completed a proof of concept of 14 use cases in just five days.

" I applaud our team, Sun, and our implementer PwC for helping us get to where we are today. We have automated a majority of our most basic, security administration tasks - and to say we did that in a 12-month period is remarkable. "

— Lynda Fleury, Chief Information Security Officer, Unum

Between June and August 2007, Unum worked with engineers from PwC and Sun Support Services to design a solution that uses Sun Identity Manager 7.1. When an employee's status changes in the HR system, Sun Identity Manager initiates one of the following processes:

If an employee is hired or changes roles, Sun Identity Manager sends a system-access request over e-mail to the appropriate managers. Once the request is approved, the system uses RACF, AIX, and Active Directory to automatically make the appropriate changes to the user's access privileges.
If an employee is terminated, Sun Identity Manager immediately revokes the employee's access privileges without waiting for managers' approvals.

Resource adapters in Sun Identity Manager for AIX, RACF, Active Directory, and Microsoft Exchange Server provide for communication between required applications.

In October 2007, Unum launched a pilot of the solution to approximately 100 employees at its subsidiary Colonial Life. By August 2008, the solution went into full production in the United States and Ireland, supporting nearly 10,000 employees. Commenting on the deployment, Fleury notes, "Having a partner like PwC or Sun to help implement a solution like this is absolutely key to recognizing your ROI sooner rather than later."

As a result of its new solution, Unum has reduced the time required to provision access from 5-15 days to less than 24 hours. "We've significantly cut down on our support turnaround time, and now I have a way to measure and ensure that we're constantly meeting our customers' expectations," says Fleury. In addition, managers have a single point of control over identities and access privileges, and the automated process eliminates the potential for data-entry errors. Security administration employees can also focus on value-added initiatives rather than provisioning. "We're only at the tip of the iceberg," Fleury explains. "We're really excited about what we'll be able to do with the solution going forward."

In 2009, the company plans to extend its new Sun solution to replace a custom-built workflow tool that manages customers' access to more than 700 applications. In addition, Unum will streamline the creation of compliance reports - which is currently done through disparate processes - with Java Identity Manager. The company is also evaluating the use of single sign-on to boost productivity and federation to provide access to applications outside of the company. Commenting on its future security goals, Fleury notes that Sun will play a key role. "What we have established with Sun and Sun Identity Manager is the foundation for how we're going to be doing security today, tomorrow, and hopefully ten years out."