Client’s challenge
The CIO of a major US property and casualty insurance company was having difficulty responding to business needs that required changes to existing IT applications and infrastructure. She realized that one of the primary obstacles was complexity in security controls and functionality. Since most of the organization’s major software applications relied on security processes and technologies that lacked sufficient integration, the IT department was having trouble responding to the information integration, aggregation and reporting needs of the business.
PricewaterhouseCoopers Advisory solution
PricewaterhouseCoopers (PwC) Advisory helped the insurer develop an enterprise security “blueprint” using core elements of SecurityATLAS™, PwC’s strategic framework for security. This approach provided the company with the crucial planning tools needed to establish a vision and strategic direction for the company’s enterprise application security technology. It also furnished the organization’s internal resources with pre-established guides that shortened application development lead times and lowered total implementation costs.
PwC Advisory began by interviewing the insurer’s key IT and business stakeholders and compiling an inventory of the company’s existing technology. In the process, the PwC team determined that over 80% of the company’s applications included poorly integrated authentication and authorization mechanisms. In partnership with the organization’s enterprise architects and developers, PwC helped the insurer define integrated control objectives for authentication, authorization and monitoring procedures, and identify how the company might untangle key business information from complicated security mechanisms.
The PwC Advisory team’s knowledge of how complex and divergent security objectives can be met in a common infrastructure was important to this initiative’s success. Team members were able to help the company separate security architecture from application design, allowing developers to focus on improving critical business logic.
Impact on client’s business
It is estimated that, when fully implemented, the simplified security architecture will decrease the company’s integration costs by 20%, reduce system and application development costs by 15% and result in $2 to $4 million in annual cost savings for security operations. Collectively, these results will help the CIO improve the effectiveness of IT and respond more quickly to the needs of the business.
