Technology
Game changer
Vertafore and The Hartford are making strides in
streamlining password management
By Nancy Doucette
“It’s extremely expensive to manage passwords,” observes Gray Nester, senior vice president and IT services manager for BB&T Insurance Services, Inc. (BB&T), headquartered in Charlotte, North Carolina.
Admittedly, BB&T isn’t your typical independent agency and, as a result, Nester’s responsibilities are vastly different from most agency IT executives. In addition to his agency duties, Nester is vice chairman of the board for the Network of Vertafore Users (NetVU, formerly The AMS Users’ Group).
BB&T has 100 locations and about 3,200 employees. The agency uses Sagitta from Vertafore as its management system and holds 1,700 licenses for the product. Nester says that unlike many national brokers that run regionalized systems, BB&T uses a consolidated database. And because BB&T is bank-owned, protecting that data is essential.
How costly is it to manage passwords for an expansive organization like BB&T? Nester says setting up a new user takes about eight hours by the time he connects the individual to all the internal and external systems the new user needs. Internal systems might include Vertafore products such as Sagitta, PL Rating, ReferenceConnect (the next generation of Sage), or BenefitPoint. User names and passwords could easily be different for each product.
Setting up a new user isn’t simply flipping an on/off switch, he explains. BB&T employees aren’t given access to the entire database. Their access is “role based,” meaning their user name and password grants them access to only those parts of the system that they need to do their job.
Externally, each carrier requires a user name and password, and those are likely to be different from those that the user has for the internal systems.
Nester conservatively estimates that once an employee is connected, it takes each user one minute to log into a carrier system. If the user doesn’t remember a carrier password, then that person has to call the agency’s help desk. And if the password has expired—which routinely happens every 30 or 60 days, depending on the carrier—that requires a call to the carrier to get a new password issued—a process that might take 30 minutes.
Those minutes across the enterprise rob BB&T of sales and service opportunities.
And then there’s the matter of de-activating an individual’s access to systems—both internal and external—should an employee leave the agency. Nester says that part of the process takes about four hours. He “de-provisions” the former employee from the agency’s system first. Then he has to go to each of the external systems the employee used and de-activate them from those systems as well.
Jim Rogers, ACE (ACORD Certified Expert), director of distribution technology strategy for The Hartford, notes that for large agencies like BB&T, managing user identities and passwords for new hires, de-provisioning user identities and passwords for former employees, and administering the agency’s credentials for the various carriers the agency represents may consume between 25% to 50% of an IT department’s time.
Of course, password management isn’t just a “big agency” issue. “But the inefficiencies do multiply, the larger the organization is,” he observes.
Independent agents and brokers of all sizes responded to a survey conducted recently by the Real Time/Download Campaign that asked them to prioritize nine possible enhancements to real time programs and tools. Twenty-seven percent of the respondents said that easier password management should be a priority for carriers and vendors.
Addressing priorities
Last March during the NetVU Conference, Vertafore announced its Vertafore Identity Management which will allow users to access all their Vertafore products and connect with “federated” business partners with one user name and password. (Identity federation refers to a relationship wherein partners share digital identities with other trusted partners.)
According to Susanna Morgan, senior vice president of product strategy and marketing for Vertafore, “Vertafore Identity Management is designed to improve agent-carrier connectivity by introducing a more streamlined and secure system for password and identity management, built on open technology standards.”
Vertafore Identity Management includes four capabilities that improve identity management for agencies of any size:
• Single sign-on, which enables users to log into one Vertafore product and immediately gain access to all other Vertafore products for which the user has rights or licenses.
• Identity manager, a Web-based tool for centralized user provisioning and password self-service.
• Identity federation with participating Vertafore partners eliminates the need for users to maintain logins with each carrier.
• Centralized, secure Web access to carrier credentials that agents need to access carrier Web sites.
Lisa Bukowitz, senior product manager for Vertafore, explains that Vertafore Identity Management will become the underpinnings of the Vertafore product suite. “If an agency has more than one Vertafore product, Vertafore Identity Management will help the user navigate through the products more efficiently,” she says.
Additionally, she says, agents who choose to federate will be able to have single sign-on access to carrier Web sites, premium finance programs, and potentially even their e-mail… essentially all their software applications.
Bukowitz points out that Vertafore Identity Management’s Web-based front end will allow agency IT administrators to provision and de-provision users more easily. “With basically one click, former users will be denied access across all products,” she says.
“It will be a different paradigm,” Morgan observes. “Carriers will no longer change their passwords on a regular basis. There will be a trusted relationship between Vertafore Identity Management and the identity management systems that the carriers are going to have.”
Vertafore Identity Management will be available by the end of 2010, she says. “It will be an incremental roll out, beginning with TransactNOW® and PL Rating, and select carrier partners. From there we will roll it into the management systems, starting with Sagitta.”
Carrier offering
In referencing the identity management systems that carriers are going to be using, Morgan is referring to another new product announced during the NetVU Conference. In one of the break out sessions, The Hartford demonstrated its new identity management capability in which user names and passwords are no longer required.
The Hartford’s Jim Rogers explains there’s a “circle of trust” that is created between multiple entities. In essence, each organization trusts its trading partners to authenticate their own users’ identities. The presentation at the NetVU Conference featured federated business partners The Hartford, Vertafore, and BB&T.
Rogers says that The Hartford used open standards in developing this solution, meaning they’re readily available and applicable across the industry. “At The Hartford, we always use standards,” he notes. “In this case we’re using standards around security—different ‘flavors’ that respond to different needs.
“Many of the carrier security officers know about these standards because they’re used on the Internet and by many Web-based companies,” Rogers points out. “What has been missing until now is a production model that shows how the insurance industry can work together to implement those standards.
“The Hartford has this password management capability in production today with BB&T. Our infrastructure is totally different from BB&T’s and Vertafore’s, but we can still exchange meta data. That’s what we want to share with the industry—these standards work across different technology platforms,” he emphasizes.
Rogers adds: “There’s been a lot of carrier interest since the NetVU Conference,” he says. “They’re asking us to meet with their staff to talk about the open standards that we have implemented.”
“The combination of Vertafore Identity Management and the federated solution will easily eliminate more than 100,000 user names and passwords from BB&T’s environment alone,” Gray Nester says. And once more carriers federate, he estimates being able to save over 300 hours a day across the organization.
At the industry level, better password management by vendors and carriers will improve real time usage. Presently, agencies may not be performing as many real time functions because staff members have forgotten their password for a particular carrier. As a result certain carriers aren’t being quoted, which is a disservice to the customer as well as the carrier.
“This is a game changer,” Nester proclaims. “What Vertafore and The Hartford are doing in the area of password management is providing a lot of opportunity to the whole industry.”
For more information:
BB&T Insurance Services, Inc.
Gray Nester
Phone: (704) 954-3073
The Hartford
Jim Rogers, ACE
E-mail: jim.rogers2@thehartford.com
Vertafore, Inc.
Susanna Morgan
Phone: (425) 354-6190
Web site: www.vertafore.com/identitymanagement |