When BlueCross BlueShield of South Carolina decided to establish a secure, Web-driven, self-service environment for its customers, it had all the content it needed. The only thing missing was the core infrastructure.
The online project, conceived around April 1999, was intended to give customers access to personal data normally obtained through the company's call center. Once the insurer knew what it wanted, the search was on for a solution to make the plans reality.
According to Anne Castro, BCBS's chief design architect, the insurer soon connected with security infrastructure developer OpenNetwork Technologies because OpenNetwork clearly understood its goals and objectives. "I was shopping for a company to relate to my business needs," Castro said.
The DirectorySmart product was introduced to the insurer to meet those needs. The software, according to OpenNetwork, is a platform for securing Web applications and managing e-business security policies. DirectorySmart integrates role-based policy management with Web access to ensure users only have access to certain files or areas.
"We need to know who's signing in, then validate and authenticate them," Castro said. "We can only allow access to the back-end systems via strict validation."
OpenNetwork provided system integration services during implementation, which, according to Castro, made for a speedy six- or seven-month initial delivery. And there were no problems integrating the solution with back-end systems. Castro explained that many existing systems were tweaked to authenticate end user submissions so that back-end access could be granted or denied. "Our challenges stemmed from setting up new technologies and infrastructure," she said, "but we tapped OpenNetwork for problems when they came up."
Castro said because of DirectorySmart's browser-based interface, training times were minimal-usually one hour or less. After training internal staff to use the solution with customers, BCBS set up super-user groups in which members were granted authorization to access customer accounts for personalized online help sessions. She said the customer experience has been enhanced, and results have been positive.
Castro attributes part of the system's success to DirectorySmart's numerous functions, including Web-based access control for authenticating users, Web-based single sign-on for access to multiple Web apps and domains, security auditing and reporting to monitor account access, and log generation for comparisons to security policies. Castro said BCBS plans to use the latter features to their fullest for upcoming rounds of HIPAA compliance-namely self-auditing.
DirectorySmart keeps track of activity by working with established user roles-easily modified by the IT department-to grant initial access to certain parts of a company's system. Whether the user's role is technical or business, the solution automatically opens lines to pre-approved files and directories and monitors each session. Even though DirectorySmart is in constant use, Castro said the system has been running smoothly since it was made live. "There haven't been any disasters or blips, even after we installed updated releases," she said.
And Castro said the initial search for a secure infrastructure also ran smoothly. After BCBS heard about OpenNetwork through the grapevine, the insurer connected with the company, heard the sales pitch, visited OpenNetwork, and expressed its goals. According to Castro, OpenNetwork was the only company the insurer engaged for its secure infrastructure.
THE COMPANY: Blue Cross Blue Shield South Carolina
NET WRITTEN PREMIUM: Undisclosed
WEB SITE: www.bcbssc.com
THE PRODUCT: OpenNetwork Technologies
WEB SITE: www.opennetwork.com
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.