Impact Study

Impact Study: Big Blue Health Insurer's Enterprise IAM Strategy & Architecture

The CISO of this $21B US Health Insurer was looking to leverage IAM to underpin the firms Digital Transformation, but also to empower its workforce just as new challenges & opportunities emerged in healthcare due to the COVID-19 pandemic. The firm needed its first ever Enterprise-wide IAM Strategy.

Michael D. Kleinberg

3 min read
Impact Study: Big Blue Health Insurer's Enterprise IAM Strategy & Architecture
Big Blue Health Insurer's Enterprise Identity & Access Management (IAM) Strategy & Architecture

When the CISO of this $21B USD Health Insurer was challenged to expand the firm's ability to underpin a Digital Transformation, but also needed to empower the firm's workforce to operate in new ways just as new challenges and opportunities emerged in healthcare due to the COVID-19 pandemic. To do so this healthcare company needed its first every Enterprise-Wide Identity & Access Management (IAM) strategy, guiding principles, processes, organizational structure, technology and tools to support the next step in driving positive healthcare outcomes for its members and customers while providing the needed services to fuel its workforce to transform its business.

Client: Multi-Billion Dollar Health Insurer
Industry: Healthcare & Insurance
Sponsor: Chief Information Security Officer (CISO)
Locale: United States

The Challenge

With this 75-year-old firm facing the twindemic effects of a COVID-19 pandemic and the need to Digitally Transform itself to continue to stay relevant and operate effectively. The firm lacked a formal Enterprise-Wide IAM strategy yet was also open to leveraging new digital capabilities to both help differentiate in its market and to provide great Customer & Colleague Experiences (CX).

All this while it also had a large and complex existing IAM technology environment comprised of many organically acquired vendor products (e.g., technical debt), legacy related processes, and complexity that stood in the way of delivering Unified IAM capabilities needed now and in the future. Doing so without compromising their security, privacy, risk, and regulatory postures.

Engagement Description

The CISO and his leadership team wanted a more strategic approach to delivering digital capabilities than they had historically taken, steering away from just buying tools to solve problems as they had done not always to good effect in the past. The vision and leadership of this client was also commendable in leveraging this functional strategy to help support both improved health and business outcomes. Which was both inspiring and well needed in this industry. Knowing that even in the challenging U.S. Healthcare Industry that both health and business outcomes didn't need to be mutually exclusive for healthcare payers and providers.

The high-level goals of the engagement where to:

  • Set a Strategy Compass (Vision, Mission, Guiding Principles, & a Strategic Plan)
  • Define the Architectural Scaffolding (Solution Architecture & a path to get there)
  • A shift to Productization and a pragmatic, with a agile and provocative Capabilities Roadmap
  • Embed IAM as a component of Experience Management (XP) and Product Release Plans to improve key experiential performance metrics (e.g., NPS & CSAT)

While having digital environment more than ever, that needed to cater to demands for simple, fast, and secure access to applications and services. At the same time, meeting the massive need to ensure members, customer, and other stakeholder needs where achieved in a way that meets and exceeds the ever growing regulatory, cybersecurity, and privacy challenges faced in the healthcare and insurance industries.

QUOTE

💡
“We got more value out of this engagement than we thought we would! You were able to challenge people in a good way from the status quo, which we needed!” - Sr. Director of InfoSec

Outcomes Delivered

An Enterprise-Wide Unified IAM (UIAM) Strategy squarely focused on transitioning from a technology centric, siloed approach to being business outcome centric with an intergrated platform leveraging a Modern Operating Model.

A reimagined Ways of Working (WoW) and Product Orientation treating IAM as an Agile product and managed through a Product Deveolopment LifeCycle (PDLC) comprised of business and IT resources that own the full capability lifecycle. The organization was repositioned to achieve an informed, engaged, aligned, digital culture that supports, and manages change and innovation, using a common language and understanding is needed of IAM interactions, concepts, capabilities, and responsibilities as they relate to business functions.

Enterprise architectural guardrails inclusive of IAM standards and development accelerators, including the use of DevSecOps and pre-built design patterns. Plus, Identity Governance (IG), Identity Lifecycle Management (ILM), Auditing, and Reporting processes that where modernized reducing the amount of manual labor, risks, and technical knowledge required to complete operational processes.

An IAM data strategy, including architecture, management, governance, and stewardship of IAM data to be inclusive in a broader enterprise-wide Data Strategy, steered by a Chief Data Officer (CDO) or equivalent executive. Positioned to implement a single source of truth for identities via an extensible centralized, modern data store, with a unique, immutable identifier (GUID) which contains the relationships between roles, personas, entitlements, and identities.

Business Value Derived:

  • Cohesive collaboration across the enterprise
  • Decreased time to value (TTV)
  • Reduced risks (implementation, operational, cost, security, privacy, regulatory compliance, reputational, etc.)
  • Focus on business outcomes not technology outputs
  • Enablement of improved Business Innovation & Agility
  • Improved cost economics & total cost of ownership (TCO)
  • Improved business process execution quality and reduced administrative costs
  • Improved member & customer satisfaction