Back

Unlocking Automation & Compliance: CopperPoint’s Journey with Veza

Industry

Insurance

Organization Size

~800 employees

Headquarters

Phoenix, AZ

Challenges

  • Compliance requirements due to expansion
  • Manual user access reviews
  • Ensuring prompt and complete removal of terminated employee access

Benefits

  • Compliance and Risk Mitigation
    With department of insurance audits in multiple states, Veza provides a robust platform for demonstrating compliance through easy access to evidence of attestations, and clear insights into user access rights and roles.
  • Operational Efficiency
    The manual process of generating, routing, and consolidating spreadsheets for user access reviews, previously taking several weeks per quarter, was replaced with Veza’s automated system, freeing up significant resources and reducing the potential for human error.
  • Identity Security Enhancement
    Veza’s real-time alerts for unauthorized access and its ability to reveal the actual permissions behind roles ensures that CopperPoint maintains a secure and compliant IT environment, especially concerning terminated employees.

Key Features

  • Access Reviews
  • Access Intelligence
  • Access Graph

Introduction

CopperPoint Insurance Companies, based in Phoenix, Arizona, is a prominent insurance provider specializing in workers’ compensation. Over the past five years, CopperPoint has undergone significant transformations, transitioning from a state-funded entity to a private company. With a focus on expanding beyond Arizona and diversifying their portfolio, CopperPoint now operates in ten states, offering a range of insurance services including workers’ compensation and property and casualty lines. In addition to their strategic growth initiatives, CopperPoint has also made strategic acquisitions, further bolstering their presence in the insurance industry and solidifying their position as a trusted provider. These acquisitions have allowed CopperPoint to expand their offerings, enhance their capabilities, and provide even greater value to their customers.

Streamlining Operations and Embracing Cloud: CopperPoint’s Digital Transformation

CopperPoint’s rapid growth through acquisitions brought complexity to its IT infrastructure, with multiple billing systems, policy claims systems, and portals. To streamline operations, the company embarked on a journey towards a unified enterprise platform, vital for its evolution into a larger and more mature operation. Initially operating six data centers, CopperPoint aimed to consolidate and enhance efficiency, reducing them to just two. Embracing cloud technology, they migrated around 70% of their workloads to AWS. However, maintaining their Enterprise data warehouse posed challenges in managing access across the cloud, on-premises infrastructure, and critical systems like Guidewire, which contain sensitive data critical to the business.

Navigating the Challenges of Compliance & User Access Reviews

CopperPoint has long grappled with the challenges of user access reviews, which are commonly accepted as a necessary but flawed and inefficient practice across the industry. The manual process at CopperPoint involved multiple individuals running queries to identify all system users and their roles. This information was compiled into a spreadsheet and sent to over twenty application owners, who were then responsible for confirming the accuracy of user roles. However, determining whether a role is truly read-only for example was close to impossible. The team must then follow up with the app owners, hoping for meaningful comments rather than mere rubber-stamping. The comments are sent back to the organizers, who manually consolidate them and make necessary user and permissions changes, all while meticulously maintaining records.

Despite the seemingly straightforward nature of the process, it heavily relies on manual tasks, countless spreadsheets, and email communication, making it time-consuming and prone to errors. As CopperPoint continues to expand into new states, compliance requirements become more stringent. For instance, the Department of Insurance in Arizona, California, and Alaska demands evidence of these user access attestations during audits. This further emphasizes the need for a more efficient and streamlined approach to user access reviews and staying compliant.

The Veza impact: Immediate time to value

After hearing about Veza from an industry peer, Brad Lontz, SVP IT and CIO at CopperPoint, was intrigued. His peer shared how Veza had helped them quickly identify unauthorized access in databases, and conducted a demo that left Brad eager to explore the possibilities of Veza for his own identity security needs.

In less than a week, Brad’s team successfully connected their AWS environment with Veza’s Access Platform. Moreover, integrating with Guidewire showcased the solution’s flexibility, highlighting Veza’s adaptability and ease of integration via OAA, Veza’s Open Authorization API.

Connecting Veza into our core insurance platform, Guidewire – a system not readily easy to integrate with – was new for Veza. It was impressive to see the tool’s flexibility to plug into something that isn’t a pre-built connector in just a handful of weeks.

Brad Lontz || SVP IT and CIO, CopperPoint

The internal audit team immediately felt Veza’s impact on quarterly user access reviews. The traditional method of creating spreadsheets and manually circulating them was labor-intensive and time-consuming, taking several weeks per quarter. With Veza, this process is now fully automated, and app owners can now attest to permissions through an easy-to-use portal instead of cumbersome spreadsheets. What makes Veza even more powerful is its ability to show the effective permissions (CRUD – create, read update, delete) behind each role. By democratizing complex permission metadata into plain language, app owners can make better informed decisions, such as determining if a role is just granting read-only access, or if there are additional write or delete permissions they weren’t aware of. This enables CopperPoint to spot overprovisioning, ensuring that individuals only have the necessary permissions to do their jobs.

Efficiency, Precision, and Peace of Mind

Veza has truly transformed CopperPoint’s user access review process with efficiency and automation. The impact of Veza’s Access Platform extends beyond cost savings and streamlining of quarterly reviews. It also provides risk mitigation and facilitates the clean-up of excessive permissions and unnecessary access. The platform has proven invaluable in streamlining Department of Insurance reviews, allowing for a comprehensive view of access connections, roles, and permissions. Brad Lontz praised Veza for its unparalleled capabilities in the market:

For access reviews and having clarity on who really has access to what, and how they’re provisioned, Veza is easily the slickest tool I’ve seen out there. It stands alone and unique in its focus area, without any real competitors that match its level of precision and functionality.

Brad Lontz || SVP IT and CIO, CopperPoint

And for the infrastructure team, Veza ensures that when an employee is terminated, all of their access is removed promptly, providing peace of mind. With Veza’s alerting system, Brad is now confident that employee terminations do not slip through the cracks, preventing potential security risks. Overall, Veza has become an indispensable tool for CopperPoint, enhancing identity security measures and ensuring efficient access management throughout the organization.

Key Integrations

About CopperPoint
Founded in 1925, CopperPoint Insurance Companies is a leading provider of workers’ compensation and commercial property and casualty insurance solutions. With an expanded line of insurance products and a growing 10-state footprint in the western United States, CopperPoint is in a strong position to meet the evolving needs of its agents, brokers and customers. It has $5.1 billion in total assets and an enterprise surplus of over $1.5 billion.