CyberArk powers centralized secrets governance to control vault sprawl for Encova Insurance, while accelerating audit readiness and efficiency

Summary

Transitioning from an on-premises mainframe to an AWS cloud environment threatened to increase Encova Insurance’s risk of cyber attacks. However, the CyberArk Identity Security Platform delivered a unified identity security strategy across all environments, strengthened the insurer’s cybersecurity stance and improved compliance auditing while also minimizing impact on day-to-day business operations.

Company profile

Headquartered in Columbus, Ohio, Encova Insurance is ranked in the top 20 mutual insurance companies in the U.S. and is a top-tier carrier ranked among the largest mutuals, serving the Midwest, Northeast and South. It has approximately 1,200 associates and over 2,000 independent agencies operating across 28 states and the District of Columbia.

Employees: 1,200; 2,000 agencies

Challenges

Tanner Webb, Cybersecurity Manager at Encova Insurance, has a dilemma; one faced by many organizations looking to transform business operations. “There is talk among the IT community about being security-first versus low friction,” explained Webb. “Our mission is to find that right balance between being secure and being frictionless. The challenge is providing services to developers and business users that allow them to do their jobs without too much overhead while also securing the environment.”

Supporting that mission is a CyberArk Identity Security platform that is increasing security, streamlining business and IT operations, and helping Encova address compliance more effectively.

Over its 100-year history, Encova has expanded through organic growth and acquisitions. While impressive, that left a legacy of different systems, processes and policies which were disconnected and difficult to integrate, manage, control and secure. One critical challenge was secrets and vault sprawl caused by a legacy of mergers and distributed IT practices. DBAs, DevOps, and developers had their own tools, creating visibility gaps and audit headaches. “Credential ownership and usage were so fragmented that audits required manual evidence collection across multiple teams, taking up to two weeks,” said Webb. “People managed secrets in inconsistent ways, leaving many credentials unmanaged.”

To address this, the Ohio-based insurance company has undergone a major digital transformation over the last few years, retiring its mainframe and developing a cloud-first organization with business systems hosted on an Amazon Web Services (AWS) cloud platform. For instance, it has migrated Guidewire, its specialist policy, billing and claims management application, to the cloud.

“Encova’s digital transformation and cloud-first approach makes us better able to respond to business needs, delivering modern business solutions and systems at a high velocity,” said Webb.

But while transformation and a shift to cloud-based systems brings a host of benefits, they also increase the cybersecurity risk. From the outset of its digital transformation journey, Encova chose to partner with CyberArk. The relationship began when Encova engaged CyberArk Strategic Consulting Services and the CyberArk Blueprint framework to roll out CyberArk Privileged Access Management on premises. This enhanced privileged access management disciplines across the company.

Solutions

Encova has now expanded its CyberArk portfolio and leverages the broader CyberArk Identity Security Platform comprising CyberArk Privileged Cloud, CyberArk Secure Infrastructure Access, CyberArk Secure Cloud Access, CyberArk Secrets Hub, CyberArk Identity Shared Services and CyberArk Certificate Manager. CyberArk manages around 11,000 passwords and includes features such as CyberArk Privileged Session Manager to secure, control and record privileged sessions. Now the business is shifting to CyberArk Secure Infrastructure Access for managing privileged access to its hybrid and cloud infrastructure for just-in-time access, session isolation, monitoring and auditing, and vaulted credentials.

“From CyberArk Privileged Access Manager for server access through to recent solutions like CyberArk Secrets Hub and CyberArk Certificate Manager, the CyberArk ecosystem is great at integrating with and securing our environment,” added Webb.

Implementation was managed jointly between Encova, CyberArk and CyberArk business partner, Optiv, supported by CyberArk Jump Start and CyberArk professional consulting services. For example, Encova worked with CyberArk professional services to help migrate from on-premises privileged access to CyberArk Privileged Cloud. Besides AWS, key integrations include ServiceNow, SailPoint and Workday.

“We centralized secrets governance and visibility with CyberArk, integrated Jenkins and ServiceNow, and automated secrets syncing with AWS,” commented Webb. “Developers now focus on their work without manual compliance steps while audit preparation has dropped from weeks to hours.”

Encova chose and continues to use CyberArk because the platform has scaled as the business has evolved, and because CyberArk is seen as a thought and market leader. It also provides a single environment to control and manage much of the insurer’s cybersecurity infrastructure. CyberArk Secrets Hub was particularly important to Encova because of the work and investment CyberArk has made to ensure it integrates seamlessly with AWS, which is a core part of the company’s cloud-first strategy.

“CyberArk already fit the way we worked and getting it running in our AWS environment was far easier and faster than we expected,” said Webb. “We wanted a security-first path that did not slow developers down, and CyberArk made it easy to get started.”

Webb and his team are now expanding the use of the CyberArk Identity Security Platform to increase secrets and credential access automation to make processes even more efficient.

Results

CyberArk has enabled Encova to implement a unified identity security strategy across all environments, platforms and services, helping Encova significantly improve its cybersecurity stance. It has centralized security management, increased visibility into who has privileged accounts and how they are used, as well as improved secrets control. It helps the business complete its migration to a cloud-first environment with better visibility and management of cloud security.

Often better security can restrict user access to the systems and applications they need, but not with CyberArk. Addressing the challenge of better security with frictionless access, CyberArk has helped Encova achieve a 50% reduction in ServiceNow ticket resolution from 60 minutes to around 20 to 30 minutes. Instead of secrets stored in two places, now they are added to CyberArk and automatically synced with AWS.

Compliance auditing has significantly improved with better control of who has access to systems and services. “When we mentioned to our cybersecurity insurers that we use CyberArk, the response was very positive,” stated Webb. “And because of the CyberArk Identity Security Platform, we are seldom questioned about the competence of our cybersecurity stance.”

Producing audit reports used to take five different teams up to two weeks to gather all the required audit information. It was a long, drawn-out process that involved finding who is responsible for secrets, who has access to them and how secrets management and control is tested and validated. Now that this is handled by CyberArk, the process is automated and only takes two to three hours, a time and resource savings of almost 95%. “We went from spending a week or more coordinating across multiple teams to gather audit evidence, to just a couple of hours running reports directly from CyberArk,” remarked Webb. In addition to this accomplishment, using CyberArk to improve compliance reporting has also had a direct impact on reducing Encova’s cybersecurity insurance premiums.

“Most employees have no idea that CyberArk is running in background, but it is essential to ensuring our environment is secure and managed properly. It means engineers and system administrators can work safely and seamlessly while only those with the right privileges have access.”

– Tanner Webb, Cybersecurity Manager, Encova Insurance

Key benefits

• 95% time and resource improvement in compliance auditing
• Advances frictionless access with 50% cut in support processes
• Centralizes security management and visibility
• Delivers a unified privileged and machine identity security strategy across all environments