Insurance Brokerage Secures Access to PII and PHI with Netwrix Usercube
Netwrix Usercube enables us to both easily get ready for a security review and pass it because we can show up-to-date data about access permissions of the employees. That's priceless!
Sébastien Briffault, Head of Information Systems Security at ADIS Assurances
- Establish a solid identity base: To protect personal identifiable data (PII) and personal healthcare data (PHI) as required by strict regulations, Adis needed to establish an consistent directory of identities and keep it up to date.
- Simplify permission management: To reduce the time and effort needed for onboarding employees and managing access rights, Adis wanted to move from manual permissions management to a role-based model.
- Simplify recertification campaigns: To keep access entitlements accurate and up to date, Adis needed to make recertification quick and easy for business managers.
- Enable activity tracking: The company needed more visibility into employee identities and permissions in order to spot unnecessary access attempts and ensure traceability of activities.
We opted for Netwrix Usercube as it covered all functional requirements, had an easy-to-understand interface and was easy to scale as our organizational structure evolves over time.
Sébastien Briffault, Head of Information Systems Security at ADIS
The Adis team started to look for an IAM solution after an audit uncovered important security gaps, including very little standardized access, difficulty in reconciling accounts and not enough formalized access revenues. More broadly, they needed a way to control who has access to PII and PHI and how that access is used.
Implementing Netwrix Usercube has revolutionized the company's approach to identity and permissions management, enabling them to achieve the following:
- Efficient workflows for assigning access rights: Adis has successfully moved from ad-hoc manual processes for permissions management to easy, accurate assignment based on a comprehensive catalog of business roles and associated rights. Business managers have clear visibility into access rights, ensuring efficient and effective allocation of permissions.
- Simplified compliance and permission auditing: Netwrix Usercube has enabled Adis to collect key information from different systems, such as AD, ERP, and business applications, and link it with identities. Tracking and analysis of activity, including the history of previously granted access rights, helps the company maintain and prove compliance with regulatory requirements around the processing of personal and medical data.
- Fast recertification campaigns and review preparation: Previously, recertification campaigns took about 4 weeks and required extensive manual work with Excel files. Now, thanks to Netwrix Usercube, campaign preparation takes just 5 minutes, and review of access rights by business stakeholders is quick and easy. As a result, access rights are now regularly reviewed to ensure alignment with changing business needs, enhancing productivity, security and compliance.
- Increased transparency and better communication: Netwrix Usercube provides a common language for permissions management, facilitating clear dialogue between HR, business and IT teams to prevent miscommunication and errors. In addition, Adis teams can develop, update and present key performance indicators (KPIs) more simply to management, enhancing transparency and enabling informed decision-making.
- Improved data security
- Simplified compliance
- Streamlined permissions management and recertification campaigns
- Enhanced business and IT team productivity
ADIS Assurances, a subsidiary of AXA France, is an expert in social protection with a core business of personal insurance. ADIS has more than 500 employees and places quality of service and customer satisfaction at the heart of its strategy.