Encova insurance works to build a unified organization through digital transformation

Encova Insurance Deploys Cyberark PAM To Strengthen Security And Boost Compliance


Company profile

Headquartered in Columbus, Ohio, Encova Insurance is ranked in the top 20 mutual insurance companies in the USA with nearly 1,200 associates and over 2,000 independent agencies operating across 28 states and the District of Columbia.

Industry: Insurance
Annual Revenue: USD 1 billion
Employees: 1,200


CyberArk Underpins Business and Digital Transformation Strategy for Top 20 USA Insurer

Encova Insurance was formed from an affiliation between Motorists Insurance Group and BrickStreet Insurance. Both companies had gone through previous associations and acquisitions, which meant there were many separate businesses within each organization.

Encova’s history left the business and its assistant vice president for IT security services, Tony DeAngelo, with a problem. He explained, “As Encova started as a collection of companies, we had many different pockets of IT, different technology bases and different ways of doing things. We had multiple billing and policy systems, and the ultimate goal was to get these down to one system.”


To build a single, unified organization, Encova launched a comprehensive digital and cultural transformation. A key part of that was security and the insurance giant turned to CyberArk to help implement an effective and robust privileged access management strategy. Encova leveraged CyberArk Strategic Consulting Services and the CyberArk Blueprint framework to help design an optimal implementation, covering topics such as workflow mapping and creating a methodology to determine the prioritization of accounts and systems to onboard and secure.

“Part of the digital transformation is about bringing the group together, moving away from legacy technologies and embracing a one-company approach. The change has allowed the business to reinvent its identity access management strategy with CyberArk being at the core.”

– Tony DeAngelo, Assistant Vice President, IT Security Services, Encova Insurance

The transformation project involved revamping back-office systems and consolidating profit centers. Numerous consultants were hired to help expedite the initiative and – to ensure ongoing compliance with the stringent regulations imposed throughout the insurance industry – a parallel focus was placed on enhancing privileged access management disciplines across the company.

Encova also utilized CyberArk Privilege Cloud Jumpstart – a service package – to assist with the execution of the plan determined by the strategic consulting team; onboarding initial accounts, and sharing best practices to help internal teams effectively configure, administrate and maintain their CyberArk solutions.

Rising to the Compliance Challenge

DeAngelo noted, “The compliance bar is being raised year-over-year, and as we consolidate, we need to demonstrate enhanced in-house governance and better control of consultants, as well as ensuring a frictionless transition internally. That’s where CyberArk came in: We were able to jump in and immediately start attacking some of those internal challenges.”

An almost universal dynamic observed by DeAngelo and his team is how privileged access management has changed from being an IT-only issue to now include every aspect of the organization. He described the experience, “It is the realization that privileged access extends much deeper into the business than people originally thought. Before, it mostly involved access rights for server and application administrators. However, today it extends beyond those groups to embrace the full breadth of privileged access anywhere in the business.”

He continued, “Being a mid-market insurance company with a small IT team, we wear a lot of hats. You may have a software engineer developing code, supporting an app and responding to service calls; all creating a challenge for segregating duties. CyberArk ensures that a developer only accesses a privileged account when necessary, and it gives us the evidence that we have a fully compliant and effective system.”

Bringing Everything Together

The solution that Encova has deployed is the SaaS version of CyberArk Privileged Access Manager, which is protecting users spread across multiple states. It supports both on-premises systems and infrastructures, as well as the company’s growing cloud environment.


Although privileged access management has always been part of the Encova security policy, the introduction of CyberArk has enhanced the process and made it more efficient. DeAngelo elaborated, “In the past, we had individual siloes and a variety of approaches for different groups, some manual and some just standard account segregation. Today, as CyberArk is the standardized solution for all teams, we can take a streamlined and consistent approach: Having everything centralized perfectly fits our ‘one-company’ strategy.”

CyberArk is a Business Enabler

The first big win from using CyberArk was with database administrators [DBAs].“Encova is a company built on masses of private data, and our database administrators are intertwined with all of this critical information, as well as and our business-critical systems. Our DBAs understood the benefits and embraced the privileged access management project early on, witnessing how CyberArk optimizes workflows, reduces friction and minimizes disruption. We were able to demonstrate to the company that security is not a roadblock; it’s actually a business enabler,” said DeAngelo.

Encova is seeing other parts of the business beyond its IT staff using privileged access. One team uses robotic process automation to manage first-call resolution for independent agents and is using CyberArk Vaults to secure the process. Other areas of the business – such as data warehousing and other data-oriented groups – are becoming hybrid technical teams that need to frequently engage with technology. They need privileged access and CyberArk gives them the capability to temporarily function like traditional IT administrators while still protecting the data.

Flexibility to Pivot and Control

For anyone implementing a privileged access management program, DeAngelo offered the following guidance, “My advice is: Be adaptable. Take advantage of the teams willing to work with you, and do not feel stuck to a playbook or a rigid plan. We had good traction by jumping around to areas willing and able to engage. We had a lot of strategic projects and some resource constraints, so adapting and working with enthusiastic groups definitely helped to build energy and momentum behind the program.”

As Encova continues to become increasingly cloud-centric and develops a more diverse IT environment, CyberArk will play a key part in managing privileged
access. According to DeAngelo, “CyberArk gives Encova the flexibility to pivot back and forth between privileged and regular access rights. Being able to assure senior management that we can engage the appropriate controls as needed, and remain compliant throughout the process, is really a big win for us.”

Key benefits

  • Supported company-wide digital transformation initiative with an effective privileged access management strategy
  • Reinforced financial regulatory compliance and ease of auditing
  • Unified and centralized privileged access across all business functions, not just IT

Talk to an expert

Understand the key components of an Identity Security strategy

Get a first-hand look at CyberArk solutions

Identify next steps in your Identity Security journey