Case Study

'INSURING' SECURITY AS A BUSINESS ENABLER

With roots that trace back to 1919, AIG is a global insurance company with operations in more than 80 countries and jurisdictions. AIG provides a range of insurance products to support their clients in business and in life, including: general property/casualty, life insurance, and retirement and financial services through our General Insurance, Life and Retirement and Investments business units.

For nearly 100 years, AIG has been committed to helping its clients prepare for what’s next. Whether that’s helping cities and communities to prepare for and recover from natural disasters or providing a financially secure retirement for millions of Americans, AIG’s tradition of expertise is rooted in understanding the trends driving insurance needs, and how to help others manage their risk proactively. However, when it came to its own potential security risks, AIG sought to reevaluate and transform its physical security approach. Looking to move away from decentralized system silos, and inefficient and error-prone manual processes, AIG implemented an AlertEnterprise Physical Identity and Access Management (PIAM) system that unified their security, automated their processes, enhanced customer experience, and reduced operational cost.

OVERVIEW

American International Group, Inc. (AIG) is a leading global insurance organization serving commercial, institutional, and individual customers in more than 100 countries and jurisdictions.

Objectives

  • Customer service on the front end
  • Security on the back end
  • Situational Intelligence and reporting
  • System self-service and empowerment
  • Increased efficiency and reduced operational cost

The Numbers

  • 100K+ Cardholders
  • 185+ Locations
  • 34 Countries
  • 50+ Badging Offices
  • Multi-tenant Buildings
  • 1000+ Visitors Per Day
“We went from 84 locations on our corporate standard access control system (all within the United States) in 2011 to more than 185 locations in 34 countries in 2018. AlertEnterprise has been a great partner and force multiplier for us. Their platform has enabled us to provide independence and autonomy to the customers we support while ensuring a safe and secure process by ensuring the process flow is in alignment with our policies and standards.”

– Allen Viner, Global Head of Physical Security, AIG

A New Policy of Security

Responsible for securing more than 100K cardholders in 190 corporate locations spread across 135 cities worldwide, AIG’s Global Physical Security and Administration team delivered an enterprise-wide physical security transformation. With a vision of convergence, the team implemented Enterprise Guardian software unifying their badge and building access, and delivered situational intelligence to identify potential security risks in real-time for further investigation. The Enterprise Guardian software’s direct connection with AIG HR and affiliated company directory systems provided smooth onboarding and secure offboarding and termination performance. Through the integration with the corporate physical access control system (PACS), AIG automated its badging process. By using the software’s powerful reporting tools and dashboards, AIG enabled quicker, easier, and auditable analysis of facility utilization, badge activity, and access recertification. Beyond increased security and process, the system also provided critical data insights on space utilization that lead to significant real estate savings.

1. DECENTRALIZED TO CENTRALIZED

SECURITY CONVERGENCE across physical and logical systems.

HR and AFFILIATED COMPANY DIRECTORY system integration enables smooth hire to retire identity lifecycle event automation.

PACS integration provides one source for badging and recertification. PACS client software access lockdown for maintenance use only.

VISITOR IDENTITY MANAGEMENT provides automated visitor access security, approval and check-in/check-out.

REAL ESTATE system integration for space utilization reporting and insights

3. AUTOMATION OF ACCESS REVIEWS AND RECERTIFICATION

AUTOMATE method and process to quarterly review critical access by Area Owners.

NOTIFY/REMOVE user’s access levels not used in past 90 days

IDENTIFY ROGUE card holder accounts

SYNCS with PACS configuration

DELEGATE review of user with critical access by manager

RECERTIFY Area Owners and Delegates

2. CUSTOMER EXPERIENCE

SELF-SERVICE empowers users, managers and area owners and reduces the burden of security staff so they can focus on critical areas.
  • Look-up access
  • Request/approve access
  • Terminate access
  • Recertification
  • Badge printing
TENANT COMPANY self-service to manage their employees, contractors and visitors

4. PHYSICAL/ LOGICAL SECURITY AUDITING

HIGH RISK DATA CENTERS
  • Auditable recertification process
  • Future system integration to being access control to the cabinet level
TRACKING HIGH RISK access combinations
  • Trading floors
  • Staff counsel
LEASED OFFICE SPACE security and risk
  • Tenant portal