Customer Success Story Hippo Insurance Services Streamlines User Access Reviews with Zilla Security
In the dynamic and heavily regulated world of property insurance, companies are constantly seeking innovative ways to streamline operations and enhance security measures. One such company, Palo Alto-based Hippo Insurance Services, grappled with effectively managing user access reviews (UARs) across their proliferating SaaS and cloud applications. Operating within a regulated framework and handling sensitive financial information daily, Hippo needed to change its process to efficiently accommodate the company’s rapid growth. With the help of Zilla Security, the InfoSec team at Hippo was able to automate over 90% of the access review tasks, thereby reducing the heavy lift of producing compliance and governance reports.
The Challenge: Inefficient User Access Reviews
The organization operates in a highly regulated industry, where UARs are not a choice but a necessity. At the beginning of 2021, the company was using dozens of SaaS and cloud applications hosted across various platforms, which held sensitive financial information crucial to the company’s operation. These applications were subject to quarterly compliance certifications by external auditors, which included UARs.
As the organization expanded, the applications requiring UARs multiplied. With this increase in applications and users, the company searched for efficient solutions.
“By eliminating the manual aspects of user access review, the team could process more reviews more accurately and in less time. The process that used to take two weeks per application was reduced to just two days. This boost in productivity ultimately enhanced the team’s contribution to the organization’s overall security and compliance goals.”
Tal Hornstein, CISO, Hippo Insurance Services
The access reviews, taking up to two weeks to complete, were a team effort, with members from InfoSec, HR, and legal departments contributing their time to the process.
The preparation of audit materials was 100% manual and involved checking access rights, cross-referencing with job roles, validating any changes, and verifying compliance with internal policies and external regulations.
Moreover, each application had a different review process and, at times, unique challenges, further complicating the process.
It was evident that a more streamlined, efficient, and secure solution was needed – one that could effectively automate their user access review processes and help ensure consistent compliance.
Goals and Objectives: A New Vision for User Access Reviews
Hippo sought to transform its user access review processes. The main objectives of the InfoSec team were:
Accelerate the Review Process:
Hippo wanted a system that could speed up these reviews significantly, ensuring faster responses and quicker remediation actions.
Optimize Resource Utilization:
The company was also keen to efficiently use the time of their highly skilled InfoSec personnel. In doing these time-intensive tasks, they were prevented from focusing on more strategic and higher-value initiatives. By automating this process, they aimed to liberate these valuable resources to allow them to contribute more to the organization’s security posture.
The organization knew that achieving these objectives would require a shift in its approach to user access reviews. This realization led them to embark on a search for a solution that could bring about this desired change. It was in this context that they discovered Zilla Security and its identity security platform.
Discovering Zilla Security
The company was drawn to Zilla’s automation and access review workflow capabilities. They acknowledged that Zilla could not only streamline and automate their user access review processes but also offer customized workflows to fit their unique organizational needs. This was crucial in addressing the specific pain points and inefficiencies they were experiencing.
Zilla’s ability to adapt to the company’s existing structure, in combination with its advanced technology, distinguished it from other market options. The company was particularly impressed by Zilla’s unique ability to gather data from applications that didn’t support APIs or other user management capabilities.
Moreover, the company appreciated Zilla’s commitment to customer success.
The Outcome: Enhanced Efficiency and Compliance Readiness
With Zilla’s help, over 90% of the previously manual tasks became automated. The new UAR process begins with automated data collection from all the relevant SaaS and cloud applications. Following the data collection, Zilla also automates mapping the collected data to the organization’s corresponding employees, departments, and roles. This mapping allows for an efficient, automated review, reducing the required time and resources.
Zilla’s solution delivers comprehensive reporting, giving the InfoSec team insights into user access across the organization. This level of insight not only helps the team monitor and manage access effectively, but also assists with compliance and governance requirements, and facilitates the generation of the necessary documentation for external auditors.
With the efficiency created by this process, the InfoSec team and their stakeholders have more time now to focus on other tasks.
“With Zilla’s help, over 90% of our access review tasks became automated. The tedious task of manual information collection, which was previously time-consuming and resource-intensive, became a streamlined, predictable process.”
Tal Hornstein, CISO, Hippo Insurance Services
The process that used to take two weeks per application was reduced to just around two days, and most of the certifications could now be completed by two members of the InfoSec team. Adding more applications to the review was no longer a pain point and did not slow down the team or add extra time to the quarterly audit readiness process.
Key Takeaways Zilla’s Impact on Hippo Insurance Services
Time and Productivity Gains
The impact of Zilla’s automated access review process was immediately evident. The required task of manual information collection, which was previously time-consuming and resource- intensive, became a streamlined, automated process. This transformation resulted in significant time savings for the company’s InfoSec team, freeing them to focus on other tasks that leveraged their skills.
Moreover, productivity saw an increase across the team. By reducing the manual aspects of user access review, the team could process more reviews in less time. This boost in productivity ultimately enhanced the team’s contribution to the organization’s overall security and compliance goals.
Enhanced AWS User Management
With Zilla’s cloud-specific features, managing user access in their AWS environment became more efficient. The InfoSec team could automatically gather and review user access data from AWS, ensuring that access was appropriate and secure. In addition, the team was able to utilize Zilla’s capabilities to manage user identities and access controls, allowing for secure cloud usage.
Compliance and Governance Objectives
A significant accomplishment was the ease with which the company could produce compliance and governance reports. With Zilla’s comprehensive reporting features, the team is able to generate detailed reports that address the needs of external auditors and satisfy the accuracy and completeness requirements. This capability simplified the company’s audit process, helping to reduce both stress and workload for the InfoSec team.
Ultimately, Hippo values Zilla’s customer-centric approach, demonstrated through the platform’s ability to adapt to the company’s needs. Zilla’s innovative methodology helped Hippo’s InfoSec team realize its goal for efficiency and automation. Since each company handles UARs differently, it is critical for Hippo that Zilla maintain a commitment to continuous learning and attentive, fast response to the distinctive needs of its customers.
In conclusion, Zilla proved instrumental in helping the company navigate its user access review processes, productivity, security, and compliance.
About Hippo Insurance Services
Hippo is protecting the joy of homeownership, helping to safeguard customers’ most important financial asset by harnessing the power of real-time data, smart home technology, and a growing suite of home services to deliver proactive home protection. Hippo Holdings Inc.’s operating subsidiaries include Hippo Insurance Services, Hippo Home Care, First Connect Insurance Services, Spinnaker Insurance Company, Spinnaker Specialty Insurance Company, and Mainsail Insurance Company. Hippo Insurance Services is a licensed property casualty insurance agent with products underwritten by various affiliated and unaffiliated insurance companies. Coverage is subject to underwriting qualification and may not be available in all jurisdictions.
For more information, including licensing details, visit hippo.com.
© 2023, HIPPO INSURANCE SERVICES. ALL RIGHTS RESERVED.
© 2023, ZILLA SECURITY. ALL RIGHTS RESERVED.