South African insurer Mutual & Federal needed better control over, and visibility into, system access in order to comply with national legislation, maintain customer confidence and avoid financial penalties. By deploying NetIQ Access Governance Suite, Mutual & Federal gained the ability to monitor and control user identities and access rights for all its business-critical applications through a single user-interface, helping it to manage and demonstrate regulatory compliance.
“Our NetIQ solutions give us broad control of access across all our critical applications and a single view of which users can access which information resources.”MICHAEL STEYN Manager of IT Security, Mutual & Federal
About Mutual & Federal
Mutual & Federal is the oldest short-term insurer in South Africa, providing insurance services to personal, commercial and corporate clients. The company employs almost 3,000 staff and has business users in South Africa, Namibia and Botswana.
Mutual & Federal has a legal obligation to keep its personal, commercial and corporate customers’ personal data safe. Like similar legislation in Europe and other regions, the Protection of Personal Information (POPI) Act in South Africa puts a key focus on control of access to information, requiring that organizations put stringent governance in place.
In preparation for POPI, Mutual & Federal reviewed its existing data governance and security practices and found them wanting. Its manual safeguards and controls around data, using spreadsheets, were effective but extremely time-consuming and resource-intensive.
Michael Steyn, Manager of IT Security at Mutual & Federal, said: “It was quite obvious that if we kept doing our access governance in a manual fashion, we would always be on the back foot and as such, we would not be able to win the game. To properly prepare for POPI, we needed better control and visibility across all of our critical applications.”
Mutual & Federal chose to deploy the NetIQ Access Governance Suite to ensure that it could comply with the new regulatory legislation ahead of the deadline. The NetIQ Access Governance Suite is an identity governance solution that provides a consistent, business-friendly interface built on a common governance model. It spans all business processes relating to identity, access and certification. The new solution works seamlessly in Mutual & Federal’s identity management landscape.
To implement the solution, the insurer turned to Ubusha Technologies, a specialist in identity, access and data governance. Ubusha ran a proof-of-concept for Mutual & Federal, demonstrating that the NetIQ solution would meet its requirements.
Mutual & Federal was particularly impressed with the simplicity of NetIQ Access Governance Suite. “On the day of the launch, our internal line managers needed to get to know the system, and all that was required in terms of training was a 12-minute video clip,” said Steyn. “This shows just how simple and intuitive the NetIQ solution is. It was a pleasure to work with Ubusha in implementing this project, as the company is very knowledgeable, customer-focused and extremely flexible,” he added.
The Governance Platform within NetIQ Access Governance Manager centralizes identity data, roles, business policy and risk modelling to support data security and compliance initiatives and user lifecycle management. By transforming technical identity data from multiple sources and into rich, business-relevant information, it helps Mutual & Federal to enforce and verify access across enterprise applications and to prioritize compliance initiatives through simplified risk assessments.
“The NetIQ solution makes it easier for us to see where we are at risk of security policy violations, so that we can address these issues and ensure we remain compliant,” said Steyn. “By streamlining and automating many elements in the compliance lifecycle, the solution improves our accuracy and effectiveness while also reducing the time, effort and cost involved in compliance,” he explained.
Mutual & Federal can monitor and manage identities and access rights across of all its business-critical applications to ensure that it meets regulations, including those legislated by POPI, through the NetIQ Access Governance Suite.
“The NetIQ solution makes it easy to control access to applications and more critically, to govern access to these applications for the purposes of IT regulatory compliance,” said Steyn. “With NetIQ Access Governance Suite, we get a clear, single view of access across all our applications. This is exactly what we required, and it has put us in precisely the right place to be properly prepared for POPI.”
NetIQ Access Governance Suite boosts internal efficiency around compliance activities at Mutual & Federal, freeing manpower for more critical tasks. “Campaigns that used to take us a week or more to get underway can now be created and launched within minutes,” said Steyn. “The NetIQ solution gives us a simple view of each individual’s access rights and history across multiple systems. Using spreadsheets for this task in the past made it extremely difficult to obtain this degree of insight.”
Mutual & Federal is not yet using the solution to cover its entire infrastructure, but plans are already in place to increase coverage.
Steyn said, “As it is now so easy to review access, we will certainly be bringing a range of other applications under the umbrella of the NetIQ solution. Our ultimate goal is to use NetIQ Access Governance Suite as a portal through which employees can request, modify or terminate access to applications.