[MUSIC PLAYING] My name is Joe Albers. I work at Secura Insurance as a senior information security engineer. Secura Insurance Company insures businesses, farms, nonprofits, and special events in 13 states within the United States. We are based out of Neenah, Wisconsin. And we have about 1,100 employees, and work with independent agents to sell the insurance. I've worked with One Identity Manager for almost four years, and have grown with the product over several versions. It's a very regulated industry, so we have to make sure we comply with the regulations.
Identity is always important with employees, as well as our extended partners in their insurance products and how they sell the insurance. So identities would be a concern because insurance companies may have a lot of information about their insureds, or people who have had experiences with them through claims such as automobile accidents, or fires, and those things. So Secura began looking for a product to do our identity management. After several challenges with manual efforts to maintain identities, and as well as the need to meet regulatory requirements from our auditors, and making sure that our key controls could be met.
So the growth caused manual processes to not be as successful. One of the key controls being when someone left and needing to remove their access on the day that they actually left. One Identity Manager was chosen because it fit our mid-market environment. It met our requirements, and had extensibility to grow with and expand with as our needs changed. So before Identity Manager, a lot of the processes were email-driven or attempts at making automated forms and processes were semi-successful, but not completely successful. And to pass an audit, you need to be complete.
So a lot of those processes were manual. A lot of inconsistencies could be introduced when identities were provisioned, as well as that consistent it was inconsistent from a user experience. A lot of the entitlements they needed on day one to be productive employee didn't exist. Day one, if they didn't have access to the tools they needed, they were not productive. And it wasn't a great onboarding experience for a new employee. Some of the most important applications at an insurance company fall into our financially significant area where the money follows. And that is part of the auditing requirements, as well as the compliance requirements, is you need to be able to trace the money flow.
So access controls around those financially significant applications are critical. So that was our primary focus. And it actually played as part of the choice of picking Identity Manager because of certifications and all the processes that go around certifications or attestations within the tool set. So some of the benefits we realized from our identity management implementation were around automation from our HR system. And those benefits really came to play to meet some of our metrics, like deactivation of accounts on their last day of work. So because our HR information is fed directly into our identity system, we can then automate and deprovision people on demand or on that day and not have to worry about a manual process.
We have a requirement to do attestations on an annual basis, and that's what we currently do. But we are looking at leveraging some of the automations and the benefits of having a tool to do the attestations more frequently, or in a more user-friendly frequency. And in today's world, with BYOD-- bring your own device-- people might have access to corporate email on their personal devices or corporate assets on their personal devices. And that deprovisioning is critical to getting their access removed at a timely fashion.
But it's absolutely critical to an organization to know what a person has access to and what they're using their access for. Working with HR is critical to help them understand how processes can be automated with their data. And having ownership of that data is very important as well. Working with the business to ensure that their users get the access that they need in a timely fashion is also critical. And there's multiple ways to achieve that. You'll never be done managing identities.
[MUSIC PLAYING]
05:00