Security solution for broker systems

Zürich, 16.09.2013 – Reference Generali Versicherungen

Generali Insurance was looking for a new security solution for its broker systems that would give external sales partners easy and secure access to internal applications. At the same time they wanted it to be less complex and to have the broker portals and authentication solutions disentangled. Airlock Suite presented a comprehensive yet at the same time flexible solution for these requirements.

Generali Insurance operates two different broker systems for their two lines, non-life and life insurance. Both external and internal employees access them to prepare quotes, manage their portfolios and to request information about training and commissions.

Airlock Suite: a flexible solution

In 2012 Generali Schweiz made the decision to replace the web authentication platform. Cost considerations, the complexity of the existing solution and the high cost for changes to the existing platform led to this decision. Following a careful look at the necessary investment costs and the amortisation time for a new solution, the following was clear: a change was inevitable.

It was soon evident that the Airlock WAF web application firewall in combination with Airlock IAM authentication product fulfilled all requirements: while the existing system was based on five different products from three different manufacturers, Ergon offered an appropriate solution from the one source. This allowed for a disentanglement of the broker portals and authentication solution while making it possible for Generali Insurance partners to easily and securely access internal applications. It also became evident that over 50 % of the operating costs can be saved by using the ergon products.

In a two-week validation phase, Ergon was able to prove that the Airlock Suite solution was the right one for Generali: they managed to meet the main requirements within the specified time period—thus showcasing the advantages of the ergon solution’s modular design. “That reassured us that Ergon was the right partner for us” says Ivan Hafner, project manager and head of security at Generali.

"The overall solution of Airlock Suite enables us to guarantee our external partners easy access to our different internal applications and ensures a high degree of security.”

Ivan Hafner IT Security Officer, Generali

Competent and motivated partner

Following this successful proof of concept the project kicked off with a very ambitious schedule: Airlock Suite was to be online in just six months. “No one believed we could stick to this plan - not even myself!” remembers Ivan Hafner. The team even planned for just five months to have one month buffer time. “It was hard to meet the deadline in this period of time but in the end we managed to do it within the five months. Complex systems with many interfaces were affected and the migration took place while in operation with 7000 users. Even very small changes are a great challenge - to migrate to a completely new solution and in such a short period of time was a huge accomplishment”, says Ivan Hafner.

It was only possible thanks to the extreme motivation and expertise of all involved: “It was a pleasure to work with the project employees from Ergon. Their work ethic was also very efficient”, continues Ivan Hafner.

Hurdles successfully navigated

Although requirements for the It project were fairly clear from the outset, an unpredicted hurdle or two did crop up, for example, during the implementation it emerged that a certain application needed to be used by an external user group but that the user group in question was not permitted to have comprehensive access to that application. Thanks to the flexibility of Airlock Suite and the commitment of the Ergon employees, this new requirement was successfully met within a day. By expanding the Airlock WAF configuration and making a few changes to the Airlock IAM configuration, the various access levels were enabled for the application in question.

The large number of applications with extremely heterogeneous mechanisms for the transfer of user data, which in part did not comply with common standards, was a challenge for the team. The experts at Ergon were able to support a large number of backends by implementing a small, specific expansion: this new feature for Airlock IAM made it possible to process and transfer a few manufacturerspecific, nonstandard identity vehicles.

Successful simplification

Ergon’s new solution completely satisfied Ivan Hafner: “The goal of simplification was clearly achieved.” An example: whereas previously 24 servers were necessary for operation, the new solution manages with just seven.

However, the goal was not simply to reduce complexity but also to increase usability for users and thus lower costs. Previously, support had been a major cost factor: for example, users could not reset their password on their own. With the new solution, users can reset their own passwords without contacting the helpdesk. “The cost saved here and the increased user acceptance are not to be underestimated” says Ivan Hafner.