News Stay informed about the latest enterprise technology news and product updates.

IAM deployment snapshot

Blue Cross and Blue Shield of Kansas City had a list of requirements and projected costs for its identity and access management project. Here's the details.

Editor's note: Three years ago, Blue Cross and Blue Shield of Kansas City began deploying an identity access and management (IAM) infrastructure. For the full feature on this deployment, see the article "Access denied" in's Identity and access management supercast.

More on access management
Access denied

Identity and access management supercast
As with any IT project, Blue Cross and Blue Shield of Kansas City began its identity and access management project with a list of requirements and projected costs. Here is a breakdown of the company's project requirements, tools and outcomes:


  • Provide easy, simple access to key systems and records for both external customers and employees.
  • Make access "bulletproof" from a security standpoint.
  • Lighten the load of IT administrators and help desk managers.

IAM systems deployed:

  • Role-based provisioning that automatically sets up access rights and security levels for new employees based on department and job class, and cancels them upon employee departure. An approval workflow automatically contacts appropriate managers who need to sign off on the provisioning of various rights.
  • Products: Active Directory, RSA Security Inc. and Sun Microsystems Inc. IAM platforms.
  • Single sign-on (SSO) lets employees access all resources to which they are entitled with a single password. Previously, they had to remember passwords and IDs for as many as a dozen applications.
    Product: RSA Access Manager
  • Strong authentication requires employees to provide both a password and a one-time security code via a physical token.
    Product: RSA SecurID
  • Web-based SSO enables doctors, employer groups, brokers and individual plan members to set up their own accounts on the HMO's Web site. Once they authenticate themselves with personal information and enter a password, a single password gives them access to whatever Blue Cross and Blue Shield records and applications they are entitled to.
    Product: RSA Access Manager

Outcomes: IAM has enabled the HMO to do the following:

  • Improve customer service.
  • "Get administrative costs and efficiencies in line" by encouraging patients and physicians to use Web applications rather than call customer service, CIO Kevin Sparks says.
  • Assure regulators and customers that sensitive personal information remains secure.
  • Redeploy the equivalent of two full-time IT staffers who previously handled password-related problems to "high-value tasks."

Time to complete: Three years

Cost: Between $500,000 and $1 million (Sparks attributes at least some of this figure to underestimating the need for up-front planning and "internal housecleaning" of business processes and user databases.)

Elisabeth Horwitt is a freelance writer based in Waban, Mass.

Dig Deeper on Enterprise information security management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.