Unum deployed a comprehensive enterprise security initiative to address the continually changing threat landscape with the help of Symantec products.
Unum is one of the leading providers of employee benefits products and services and the largest provider of group and individual disability income protection insurance in the United States and the United Kingdom. Unum employs about 10,000 people, serves the needs of 171,000 businesses, and protects more than 25 million people worldwide when illness or injury occurs.
As an insurance provider, one of Unum’s measurements is its ability to conduct business with its customers in a secure fashion. A reliable information technology (IT) security posture was required to protect Unum from the constantly evolving threats. An IT transformation was developed and implemented to address Unum’s objectives of maintaining business continuity, controlling costs, ensuring compliance, adapting to evolving threats and technologies, focusing on core competencies, improving discovery, eliminating manual processes, and providing quality service. It also addressed technology challenges affecting costs and productivity, including unlimited data retention, a distributed workforce, messaging security, spam volume, and server compliance issues.
Lynda Fleury, Unum’s assistant vice president and chief information security officer, was chartered in 2001 to drive the comprehensive enterprise security initiative. In addition to building out her Enterprise Information Security & Risk Management (EISRM) organization, Unum’s existing Symantec relationship was expanded to include security management, email archiving and e-discovery, web security, messaging security, and compliance.
First, Unum’s security monitoring and management processes were outsourced to Symantec Managed Security Services, allowing the EISRM team to focus on other more business-critical matters. Second, for email archiving and e-discovery, the Unum team implemented Symantec Enterprise Vault, including Discovery Accelerator and Microsoft Exchange Journaling. Third, the team used Symantec Enterprise Security Manager to ensure compliance with regulatory and policy standards. Fourth, messaging security was outsourced using MessageLabs Hosted Email Solutions from Symantec. Fifth, EISRM added Symantec DeepSight Threat Management System to provide actionable intelligence about current security threats. Finally, Symantec Web Gateway appliances were deployed to automate and improve Web gateway security.
The Alchemy Solutions Group, working with Unum, performed a detailed business value analysis of the Symantec products selected for the enterprise security program. The analysis concluded that over a seven-year period, the insurance provider will recognize more than $2.3 million in labor productivity gains and cost savings. Some of the business benefits include:
- Security Management Labor Productivity Gains: $1.3 million in IT labor productivity gains through outsourcing security monitoring and management from January 2004 through December 2009
- Proactive Threat Management Labor Productivity Gains: $86,000 in IT labor pro¬ductivity improvements through automating threat management from July 2007 through December 2009
- e-Discovery Labor Productivity Gains: $148,000 in IT discovery labor productivity gains from January 2004 through December 2009
- Messaging Security Cost Savings and Productivity Gains: $552,000 in IT labor productivity gains and server and storage cost avoidance through outsourcing messaging security from January 2007 through December 2009
- Web Gateway Management Labor Productivity Gains: $7,000 in IT labor productivity improvements through automating Web security from January 2008 through December 2010
- Email Storage Cost Savings: $245,000 in storage cost avoidance from 2009 through 2010