The Protection of Personal Information (POPI) Act deems that control of access to information is a key issue of focus, requiring far better levels of governance than is usually in place within organisations. Understanding its importance, Mutual & Federal – South Africa’s oldest short-term insurer – chose to put measures in place early on, to meet the requirements of this forthcoming act.
Michael Steyn, the company’s manager of IT security, says that initially, the steps put in place were manual controls. While these were effective, they were also incredibly time consuming and resource intensive.
“Once we realised this, we immediately began seeking a better way of governing our access control processes. After all, it is quite obvious that if you keep doing it manually, your organisation will always be on the back foot and as such, you simply cannot win the game. For this reason, Mutual & Federal, after considering a number of potential solutions, chose to implement NetIQ’s access governance suite,” he says, adding that NetIQ simply offered a much better solution for Mutual & Federal than what their rivals did.
“With NetIQ we get broad control of access across all our critical applications and we are also provided with a single view of this access. This is exactly what we require in terms of access control and governance and it puts us in exactly the right place to be properly prepared for POPI.”
“NetIQ uses integrated identity information to create and manage identities and control access to enterprise applications. The solution also makes it easy to control access to IT resources and, more critically, to govern access to these applications for the purposes of IT regulatory compliance,” he says.
Michael explains that to implement the solution, the company turned to identity, access and data governance specialists, Ubusha Technologies. Ubusha implemented a proof of concept for Mutual & Federal which impressed Mutual & Federal, and the company followed up by purchasing the solution.
“It has really boosted our efficiencies and also made more manpower available for more critical tasks. Campaigns that used to take us a week or more to get underway can now be created and launched within minutes. Moreover, the solution provides us with a simple view of an individual’s access across multiple systems, whereas when we were using spreadsheets for this task, it was extremely difficult obtain such insight.”
An additional benefit the NetIQ solution offers the company, continues Michael Steyn, is its simplicity.
“On the day of the launch, all our internal line managers needed to get to know the system, and all that was required in terms of training was a 12 minute video clip. This is how simple and intuitive NetIQ is, and we received many compliments from the end users on this very issue.”
Andrew Whittaker, security practice lead at Ubusha Technologies points out that Mutual & Federal are a mature organisation to partner with.
“The fact that they were well ahead of the curve, implementing controls to protect access to information long before POPI was made law, indicates just how mature they are. Since they knew this was something that needed to be done and they had already begun the process, the implementation of NetIQ was simply the next step in the company’s maturity development. Mutual & Federal is one of the few insurance organisations that, while others have only begun thinking about it, have already put in place measures to mitigate the challenges of the POPI Act,” he says.
Michael adds that they are only utilising a portion of the capability of the solution and plans are already underway to increase the utilization of NetIQ’s access governance suite.
“Since it is now so easy to review access, we will certainly be bringing a range of other applications under its umbrella. In the future, we also want to utilise NetIQ as a portal through which employees can request, modify or terminate access to applications.”
“It has been a pleasure to work with Ubusha in implementing this project, as the company is very knowledgeable, customer-focused and extremely flexible. Since we had never conducted a project of this nature before, it was very important to us to have a partner that was professional and able to manage the project as well as to handle any issues that arose.” concludes Michael.