DirectorySmart and Microsoft’s Active Directory: A Complete eBusiness Solution

OpenNetwork Technologies®

13577 Feather Sound Dr.Suite 390Clearwater, FL 33762727.561.9500 www.opennetwork.com

Enha

nced

Secu

rity W

eb Ac

cess

Cont

rol an

d Po

rtal Se

rvice

s Role

-Bas

ed Po

licy M

anag

emen

t De

legat

ed Au

thor

ity M

easu

remen

t and A

nalys

is W

eb Sin

gle S

ign-

on Fin

e-Gr

ain Ac

cess

Cont

rol

C A S E S T U D Y : A N T H E M B L U E C R O S S B L U E S H I E L D

Enterprise Directory InitiativeTECHNICAL GOALS:

• Universal directory service repository

• Streamline and simplify user management

• Secure user authentication

DirectorySmart and Microsoft’s Active Directory: A Complete eBusiness SolutionCase Study: Anthem Blue Cross Blue Shield

* Enhanced Security* Web Access Control and Portal Services* Role-Based Policy Management* Delegated Authority * Measurement and Analysis* Web Single Sign-on* Fine-Grain Access Control

OVERVIEW

Anthem Blue Cross Blue Shield, one of the largest health benefits compa-nies in the country, was seeking to attain their eBusiness goals within an increasingly complex business environment. Internally referred to as their “Enterprise Directory Initiative”, Anthem key eBusiness objective was to implement a reusable services and security infrastructure that would centralize user management, provide solid secu-rity and user-friendly data access and offer a solution for rolling out multi-ple web services in a secure environment.

They determined that this would require a state-of-the-art secure eBusiness infrastructure and that the infrastructure would need to meet their internal business and technical requirements in addition to the increasingly demanding government regulations for informa-tion security in the healthcare marketplace.

This case study provides a brief overview of the company, their high level business and technical goals, the key challenges they were facing, and then describes how the combination of Microsoft Active Directory and OpenNetwork’s DirectorySmart created a powerful access control and delegated authority solution for Anthem and provided

Anthem Case Study 2

Anthem insures 7 million individuals across 8 states.

Anthem Case Study 3

the full secure eBusiness infrastructure solution they required.

Additional information is available via www.opennetwork.com or by email-ing info@opennetwork.com.

THE CLIENT

Anthem brings health benefits and related services to millions of Ameri-cans. As one of the largest health benefits companies in the United States, Anthem Blue Cross Blue Shield offers residents of Indiana, Kentucky, Ohio, Connecticut, New Hampshire, Colorado, Nevada and Maine quality health plans.

The company, known today as Anthem, began as Blue Cross of Indiana and Blue Shield of Indiana in 1944 and 1946. Anthem began its journey toward becoming a competitive, national organization in 1993, when it merged with the Blue Cross and Blue Shield Plan in Kentucky. In 1995, Anthem signifi-cantly expanded its Midwest operations when it merged with Community Mutual, a Blue Cross Blue Shield Plan in Ohio. They expanded beyond the Midwest in 1997 when thry merged with Blue Cross Blue Shield of Con-necticut and formed Anthem East, which also services non-Blue Cross Blue Shield customers in the New York City metropolitan area.

Anthem expanded its presence in New England with the acquisition of Blue Cross Blue Shield of New Hampshire and its subsidiary, Matthew Thornton Health Plan, in October 1999 and the acquisition of Blue Cross Blue Shield of Maine in June 2000. Also in October of 1999 Anthem created a West region by acquiring Blue Cross Blue Shield of Colorado and Nevada.

The regional Anthem Blue Cross and Blue Shield business units collec-tively cover more than seven million members. In addition to the Blue Cross and Blue Shield health plans in eight states, Anthem also has sub-sidiaries that offer a full line of complementary services.

THE GOAL

eBusiness Goals

* Implement Uniform eBusiness Practices: Anthem and its subsidiaries had the size, scope and talent to be among the most successful health care benefits organizations at both a regional and national level. However, their rapid growth created disparate users among many different systems. It was therefore imperative that uniform eBusiness practices be implemented to enhance administrative efficiency, permit continued growth and maintain Anthem as a strong force within the industry.

* Scale To Large Numbers of Users Efficiently: As an insurance company, Anthem’s business partners include hospitals, doctors, pharmacies and other providers. As such, the organization’s eBusiness transactions would

Anthem Case Study 4

be dealing with several separate organizations along with the thousands of people associated with them. Thus, it was mandatory that they have a system that could handle thousands of users efficiently.

* Create a Secure eBusiness Environment: The Health Insurance Portability and Accountability Act of 1996 (HIPAA), which is being called the “Y2K of healthcare,” establishes government-mandated standards for electronic healthcare transactions and mandates practices for privacy and security of electronic patient data. The U.S. Department of Health and Human Ser-vices has developed and will enforce standards related to data security in all electronic healthcare transactions. Healthcare organizations must find ways to become HIPAA compliant within the next 26 months or face stiff penalties, so creating a secure eBusiness environment was crucial for Anthem.

Technical Goals

* Create a Universal Directory-Service Repository: The first step in estab-lishing a secure eBusiness environment would involve migrating all of Anthem’s internal and external system users into one directory using Active Directory while transitioning to Windows 2000. This would create a universal directory-service repository that would centralize user manage-ment, provide extranet management and access-control system, and imple-ment a reusable services infrastructure.

* Streamline and Simplify User Management:: in order to establish the high-est level of efficiency, it would be necessary to provide the system with the abilities to securely add, delete, modify and import online user information into the directory through an easy-to-use, intuitive, web based interface. Anthem also must be able to perform these functions internally by desig-nating them to information technology, customer support or other employ-ees.

* Secure User Authentication and Separate Network Passwords: The issue of security was vital to Anthem due to HIPAA regulations and the need to protect patients’ privacy. The ultimate system solution must be imple-mented that authenticates users signing on to corporate web applications, and grants them access based on their entitlements. Further, separate internal and external network and Web application passwords must be established to ensure unauthorized users are not able tot enter the compa-ny’s internal network system.

THE CHALLENGES

Anthem’s aim was to continue their long-term commitment to the Windows operating system while deploying a high level of eBusiness functionality. They needed features including security authentication, role delegation and role-based administration. Several data repositories existed as a result of the company’s continued growth, thereby creating disparate users among many different systems. Anthem’s NT network operating system presented certain constraints on password and user attributes, authentication and user scalability. These combined factors had caused user management to become time consuming, security implementation complex and data

Challenges• Disparate data

repositories

• Constraints on password and user attributes

• Time consuming user management

• Complexity

Anthem Case Study 5

access impractical. THE SOLUTION

In order for Anthem to remain on a Microsoft Network supported strategy and reach their eBusiness objectives, several steps had to be taken. These steps involved leveraging Anthem’s native network operating system, Windows 2000, and infrastructure directory, Active Directory, into a single information repository. Subsequently, as a directory-based security infra-structure, DirectorySmart would enable the streamlining of complex rela-tionships, consolidate user and policy management, and securely extend access to applications and resources to diverse customers and partners.

Creating the centralized data repository Anthem needed required migrat-ing all existing NT users-both internal and external-into Active Directory. This migration, in conjunction with DirectorySmart, provided Anthem with an extranet management and access-control system that runs on top of Active Directory. Through the LDAP interface DirectorySmart presented on top of the Active Directory repository, the crucial security requirements the system demanded were met and fully supported the desired password attributes. Further, by coupling DirectorySmart and Active Directory while utilizing Microsoft’s SDK , Windows 2000’s secure authentication pass-word scheme was retained. Thus, a hybrid of Active Directory and Direc-torySmart was created that offered Anthem the high-level security they sought.

Overall, DirectorySmart security software complimented Active Directory and provided Anthem with a complete eBusiness security solution through the following features:

* Enhanced Security DirectorySmart’s enhanced security options ensure the maximum effective-ness for the secure infrastructure. DirectorySmart’s security audit feature logs and reports on all requests to protected resources, and all directory modifications made using the DirectorySmart system. The security alert feature allows Administrators to configure a threshold for failed login attempts that immediately alert IT or security personnel if breached. End-to-end support of industry standard SSL encrypts all communication with the directory.

* Role-Based Policy ManagementAt the heart of DirectorySmart is role-based policy management. Roles may include administrative capabilities such as Super Administrator, Delegated Administrator and End User. Roles may also have a business context such as customer support representative or agent. Individual users are easily assigned to one or more roles and are subsequently managed and given

Anthem Case Study 6

access to specifically designated Web services.

* Delegated AuthorityOne of the most powerful DirectorySmart capabilities is that it allows a delegated administrator to securely create, modify and change an orga-nization’s individual user information. The enhanced delegated authority feature allows companies to delegate user management out to the lowest logical level, decreasing the centralized management burden of user roles and profiles. This feature provides tremendous cost savings and a greater level of customer service for companies using DirectorySmart.

* Web Access Control and Portal ServicesBy keeping track of user profiles, roles and information entitlements, DirectorySmart ensures that users are authenticated and authorized before allowing access to specific Web services. DirectorySmart can leverage this information to create a personalized “portal” or view of corporate Internet services based on an individual user’s organization and role profile.

* Web Single Sign-OnDirectorySmart handles security for multiple domains within an enterprise or between an enterprise and its partners. DirectorySmart allows users to sign on once for access to multiple Web services for which they are autho-rized, even if these services are located on multiple domains.

* Fine Grain Access ControlDirectorySmart provides the infrastructure to manage access control within a Web service. This feature enables companies to implement secu-rity within their Web applications through simple API calls to the Directo-rySmart secure infrastructure, thereby enhancing their ability to rapidly bring applications to the Web in a secure environment.

* Measurement and AnalysisDirectorySmart provides activity and usage measurement and analysis that can be analyzed by organization, individual and Web service. Through these reports, DirectorySmart provides enterprises with the ability to adapt their Internet services and marketing strategies.

THE RESULTS

By leveraging Active Directory and the DirectorySmart eBusiness security infrastructure Anthem was able to create a universal data repository. This enabled them to develop a secure infrastructure for corporate Internet ser-vices and Web applications across the enterprise. Coordination with busi-ness partners and key customers was streamlined and scaled to handle thousands of users. Further, obstacles concerning security and compliance with HIPAA regulations were overcome and the emphasis placed on the reuse of existing systems kept duplication to a minimum.

Thus, the complete, secure eBusiness solution Anthem was seeking was achieved through the combination of Active Directory and Directory Smart.

Anthem Case Study 7

Their secure eBusiness infrastructure includes such high-level benefits as:

* Lowest Cost of Ownership: Anthem was able to leverage their investment of Windows 2000 and Active Directory through DirectorySmart’s unique architecture, the ease of use of the software and by the efficient processes supported by the system. Its server plug-in based architecture for Web access control means that it does not require additional platforms for policy enforcement. Support costs are minimized through DirectorySmart’s user-friendly delegated user management capabilities, which allow an enterprise to cost effectively scale to support millions of users.

* Fastest Deployment Time: DirectorySmart installs efficiently and provides and provides Anthem with reusable security infrastructure components. These components include Web access control plug-ins that can directly leverage the established security infrastructure and thus speed the deploy-ment of Web applications.

* eBusiness Scalability: As Anthem’s business continues to grow Directo-rySmart can scale with them to support millions of users. The system is designed for the largest and most complex of computing environments.

* Fully Integrated Security Infrastructure: DirectorySmart’s secure eBusi-ness infrastructure possesses the unique ability to model complex busi-ness relationships easily and securely, and offers the most comprehensive solution for access control in the marketplace. Key components include authentication, authorization, and should Anthem choose to implement PKI, the system will support any X.509 compliant PKI certificate.

* Directory-Based Security Infrastructure: DirectorySmart leverages and builds upon Active Directory’s native capabilities as a central repository for security policies and takes advantage of the native characteristics of LDAP, which include high performance, availability and enhanced scalability. This allows a company to maximize the benefit of their investment in directory technology.

ACTIVE DIRECTORY AND DIRECTORYSMART: A COMPLETE eBUSINESS SECURITY INFRASTRUCTURE

The key element for success in this case was the centralization of the com-pany’s directories and the synchronization of Active Directory and Directo-rySmart to provide Anthem a secure, comprehensive solution. Active Direc-tory is at the core of the Windows 2000 operating system that will dominate computer environments in the workplace. Existing Microsoft customers will look to Active Directory as the first step in creating a Web-based direc-tory-services model. By implementing DirectorySmart secure software, enterprises simultaneously leverage their investment in Windows 2000 and Active Directory, thereby attaining a leading-edge secure eBusiness infra-structure.

DirectorySmart’s secure features-particularly delegated authority, role-based administration and security authentication-enhance the use of Active Directory and offer businesses a complete, cost-effective secure solution for attaining their eBusiness goals. Working hand-in-hand with Microsoft developers, the DirectorySmart team established their product as the first secure eBusiness infrastructure compliant with Active Directory, simulta-