Royal & Sun find single sign-on benefits

Adopting single sign-on technology is helping Ross Spencer feel better about his company’s overall IT security, but he says it’s the software’s less obvious benefits that are currently drawing his attention.

One of the first things Spencer, the Toronto-based manager of IT security at Royal & Sun Alliance Insurance Company of Canada, did when he first joined the company was to go shopping for a single sign-on tool to enable users to log on once to access all authorized applications. Fifteen months ago, he and his team completed the install of SiteMinder and Delegated Management Services (DMS) software from Waltham, Mass.-based security specialist Netegrity Inc.

The idea was to allow a combined 7,000 Royal & Sun staff and a network of affiliated brokers access to the insurer’s various mainframe applications via the Internet without having to sign-on for each one every time it was used. The applications are mostly geared to help brokers gather information on their claims and billing processes, and to break down their monthly revenues to investigate which types of policies are currently proving profitable.

“I think the savings there is from a convenience perspective for our brokers, (for whom) time is money,” Spencer says.

Internally, the company also wanted to provide sensitive employee data, such as payslips and staff investment portfolios available over an intranet once it could be secured.

Getting the job done wasn’t without its challenges, Spencer said. First, all of the broker applications had to be re-fitted so that they could work with SiteMinder. “That was a fairly huge job,” Spencer said. “If you could do it properly, you would want to start on day one to work with the SiteMinder product. It would be a lot easier, because there’s a natural way to fit the two together. If you already have the applications you have to pull them apart and rework them again.”

And as with any major rollout of new software, Royal & Sun had to contend with user buy-in. The company launched a major internal marketing campaign to get its employees onboard. Eventually, though, Spencer said he started to shut down the old ways of logging on in order to hasten the transition. “That’s still going on,” he said.

Although the need for single sign-on was apparent, Royal & Sun knew from the outset that it wasn’t going to rely on ROI assessments to gauge SiteMinder’s value. However, Spencer said the company is enjoying both the obvious and more subtle cost-savings as a result the technology. For starters, Spencer said he now feels much more “comfortable” about the level of security at Royal & Sun.

But it’s the options made available by SiteMinder that are helping to guide Spencer’s next several projects. For instance, he and his staff are currently working on Web-enabling Royal & Sun ‘s application and transaction processing.

“We’re also looking at using SiteMinder for the public to come in and look up information on their own policies versus going through their broker. They might want to look at how much money they owe, or get a quote on something,” he said.

From an internal perspective, SiteMinder could allow new brokers to self-register themselves into the security system and confirm the identity of returning brokers, cutting down on time needed for verification. “We’re covering all of Canada. It’s a big geography. It would be impossible to phone everybody and talk to them all the time.”

As well, DMS2 is also structured so that if brokers have problems with the sign-on process, they could obtain help from their nearest Royal & Sun ffice while Spencer and his team in Toronto still maintain centralized control over the product.

“These are things we’re toying with,” he says.