Major security upgrade eases data transfer for HDFC

How much money a company makes is directly proportional to how much information it can push to its people -- especially for a financial organization. With the right information at right time, the bottom line doesn't have to be an unhappy place.

But, the inability to offer a secure environment to transfer information directly impacts revenue-making opportunities. HDFC Standard Life (HDFCSL) was not untouched by this simple equation. To promote their life insurance products and services, the business was signing up as many financial consultants as it could. (Financial consultants are like insurance agents who sign up with HDFCSL so that they can help other people plan their insurance, for a fee).

But sitting in their homes or offices, the financial consultants could not access data they needed. Limited access to leads from a HDFCSL promotion in a local mall, for example, hurt them critically. And not having the most up-to-date information on a certain scheme or policy severely affected their credibility -- and their chances of getting clients to part with their money.

These were just the business problems. On a security front, it was imperative that the access of a financial consultant that had parted ways with HDFCSL be taken away.

With security worrying them and over five lakh financial consultants banging their doors for access to information, the organization realized it was time to move.

"Our mobile workforce solution first went live in early 2004, soon expanding to a full-scale B2B and B2E initiative for our financial consultants, employees and institutional customers in three years. But with it came the call for a robust, scalable and reusable security framework that could easily accommodate newer applications," recalls Sunil Rawlani, executive VP of IT, HDFCSL.

Assured Access

Internally, too, HDFCSL was facing the heat. To keep up with the business, the insurance major was hiring internally staff; in fact, the number of HDFCSL employees doubled in a year. With such an influx of new recruits, the costs and the time spent by the managed security services to handle internal user access management went through the roof. The situation was begging for an access management solution. "We have a managed services team that takes care of user access management for about 18,000 employees. A security gap is not being promptly addressed if somebody has not been de-provisioned fast enough. Similarly, there is a productivity issue if a new recruit has not been provisioned fast enough," says Rawlani.

At the same time, it was getting expensive to administer the system because multiple administrators and helpdesk staff were needed to provision users and help with password management. Regular audits, demanding consolidated and reconciled reports from across applications, worsened the situation.

The IT team at HDFCSL came up with a solution to enable an encompassing yet modular enterprise-wide security framework. The idea hinged around reusing security process frameworks. The result was HDFCSL's first SOA-based project. "With this, the organization is one of the first insurance companies in India to fully deploy an Identity and Access Management (IDM) solution," says Rawlani. Importantly, the ability to reuse the components managed the three C's of the organization: cost, complexity and compliance.