Hiscox elevates Workday security management with Smart Audit
$3.4m
25 staff
75%
10 mins
*Usage stats calculated by Kainos product owners
“Smart Audit has given us the confidence to handle both internal and external audits by demonstrating that we manage risk daily. It has saved us considerable time, reducing our daily review process to just 10 minutes.”
About Hiscox
Hiscox is a global specialist insurer, headquartered in Bermuda and listed on the London Stock Exchange. The Hiscox Group employs over 3,000 people in 14 countries, and has customers worldwide. Through the retail businesses in the UK, Europe, Asia and the USA, they offer a range of specialist insurance products in commercial and personal lines.
Streamlining security management in a regulated environment
Hiscox initially rolled out Workday in April 2016, implementing Core HCM and Benefits for the US and UK. As the organisation expanded its Workday capabilities to include Time Off and Leave in ten countries, Time Tracking in three countries, and other modules including Performance and Talent, it faced a new challenge: managing security in an increasingly complex environment.
Operating under stringent Infosec standards, Hiscox found its initial out-of-the-box security setup became inadequate. With 247 active security groups, up to 500 domain permissions, and 135 business processes in some of the super user security groups, manually monitoring access across five Workday tenants was becoming overwhelming.
HR Systems Lead at Hiscox, Sean Visser, said, “Our initial fit-for-purpose setup was becoming inefficient for teams and our available resources. Risk reviews were conducted monthly, but we had a desire to move to a more risk-based, proactive approach.”
Discovery and implementation of automation
In September 2022, Hiscox initiated an audit health check with Kainos which offered a review of findings to highlight potential irregularities which could give rise to Segregation of Duties (SoD) violations or overly-privileged access.
The check highlighted several key features of Smart Audit that impressed the Hiscox team, including automated security membership reviews and the ability to monitor extensive business processes and tasks. The discovery of the Peer Manager review functionality was particularly notable, sparking interest in exploring this feature further.
Sean recalled, “Seeing the audit automation tool in action was eye-opening. We realised there was so much more we could do with this tool than we initially thought. The health check exposed potential risks, which was a revelation.”
Following the positive results from the health check, Hiscox made a swift decision. “I’ve never seen a platform acquisition go through our process so quickly,” Sean noted. The approval came through in a matter of weeks, a testament to the confidence gained from the initial demonstration. Hiscox launched Smart Audit in April 2023, with Kainos providing valuable support throughout the process. “Kainos was flexible with our launch timing and supported us with weekly catch-ups to address any issues and provide on-the-job training,” said Sean.
Transformative impact of Smart Audit
Smart Audit brought transformative changes to Hiscox’s security management. “We gained new perspectives on security that we never had before,” Sean reflected. The tools’ automation capabilities significantly improved efficiency.
“We transitioned from quarterly to daily reviews of security group membership, which drastically enhanced our oversight and response times.” Sean praised Smart Audit for its user-friendly interface and flexibility. “Smart Audit is incredibly easy to configure. We could manage our controls, add or remove them, and adjust schedules with ease,” he said.
The tool also facilitated monitoring across five non-production tenants, enhancing visibility and control. “Smart Audit has given us the confidence to handle both internal and external audits by demonstrating that we manage risk daily,” Sean noted. “It has also saved us considerable time, reducing our daily review process to just 10 minutes.”
Enhanced security and peace of mind
Smart Audit has empowered Hiscox to effectively oversee critical aspects of its security management, including significant access to security group memberships, key business processes and tasks, production configuration changes, security groups with access to sensitive data, inactive accounts, and monitoring scenarios such as employees managing their managers.
As Hiscox continues to streamline processes and advance automation, Smart Audit plays a crucial role in mitigating risks. “Smart Audit is essential for managing risk during our transformation,” explained Sean. "The tool’s capabilities have not only strengthened security but also provided the Workday team with invaluable confidence and clarity.”
Hiscox notes that the ongoing support from Kainos has been excellent, with regular check-ins ensuring the organisation’s evolving needs are met. This proactive collaboration has driven significant policy changes within the organisation, reinforcing the appropriate use of access and bolstering security practices.
With a focus on increasing manager self-service and enhancing cultural adoption within the organisation, Smart Audit remains a foundational element of Hiscox’s strategy. “The tool has established a new benchmark for managing and understanding our security landscape – it’s offered a new focus on the way security and compliance is accessed within Hiscox,” notes Sean.