An insurance giant's multi-cloud journey to secure innovation

Preparing for a future of unlimited possibility

From Brunei to Taiwan, India to New Zealand, the Asia-Pacific region is perhaps best defined by diversity. It's a tapestry of cultures, languages, ethnicities and religions.

By far the world's most populous continent, and largest, Asia is home to 60% of the global population and covers nearly a third of the planet's landmass. It spans the Arctic circle to subtropical jungles, Arabian desert to far eastern volcanic islands.

Diverse systems of governance exist side-by-side, from Western-style democracies to absolute monarchies. A delicate geopolitical balance affects everything from trade to cross-border digital communication. Asia is expected to account for 60% of global growth by 2030. It hosts the world's 2nd and 3rd largest economies, and nations such as Myanmar and Sri Lanka that are today powerfully emerging from poverty.

In this exciting yet challenging environment, AIA Group has grown into the largest Pan-Asian insurance group with a unique 100% focus on the Asia-Pacific. For more than a century, AIA has been in the business of helping people achieve dreams and prepare for the future across Asia in all of its diversity – whether that means affordable life insurance in Vietnam or wealth management for UNHWs in Singapore.

While honoring a storied history, AIA realises it must prepare for its own future, to underwrite a new century as successful as its first. Two years ago, that meant a digital transformation from 100% on-premise to hybrid and multi-cloud architecture, a strategy aimed at enabling agile application-based ecosystems across the sprawling and diverse Asian landscape. The leaders at AIA felt that only a cloud environment would bring the unlimited scale, agility and resilience needed to carve out the future in a fast-moving market.

A major challenge emerged. How to ensure frictionless cloud workflows and data-sharing (key to evolving AIA's extended Asia-Pacific family) while enabling the "bank-level security" to which the group aspired? AIA also needed to ensure its system faced zero downtime during app releases and updates.

The only answer could be a world-class identity and access management solution. Cloud-based SaaS (software-as-a-service) approaches enabling leading-edge authentication and application integration, the group felt, would be the only way to underwrite a future both vibrant and secure.

"Two years ago, we were trying to build a new legacy on outdated legacy infrastructure, and it wasn't working. There was no cloud compute and very few SaaS applications," recalls Roger Elliott, Senior Manager, Identity and Access Management, AIA Group. "To make the vision work, we needed an identity platform at the height of our cloud ambitions. Our existing solution was cumbersome and, worse, not always effective. That's when we discovered Okta Identity Cloud and unlocked a future of unlimited possibility."

Bringing together 20,000+ workers across Asia with application agility and integration

In any cloud transformation, apps and APIs are the lifeblood that connects all units in the ecosystem. Integrating them securely is critical to preventing circulatory blockages. For AIA, "securely" meant multi-factor authentication (MFA) for more than 20,000 workers across Asia, in a cloud transition that makes individuals the new security perimeter.

However, AIA's legacy authentication provider for single sign-on (SSO) offered neither the agility nor identity-based security needed for the group's cloud leap, says Roger.

Beyond the "cumbersome" interface, the provider was "painfully slow" in implementing system upgrades due to tedious change management processes. Roger says it took several months per application to update SSO.

The deal-breaker was that the old solution didn't offer MFA. Roger says AIA recognised multi-factor approaches were critical in a global insurance industry that handles millions of sensitive data points per hour, especially in a region as disjointed as the Asia-Pacific. Roger deemed the legacy solution not up to the task of handling key integrations such as ServiceNow (an enterprise workflow solution) and Workday (an HR platform).

Roger's team tried to bolt on another MFA service to the existing security provider but realised after nine months and countless attempts later that it wasn't working for the team. This was because the MFA solution did not enable compatibility with other providers.

That's when the group began hunting for a new identity solution to secure its multi-billion-dollar underwriting empire. Roger was given authorization to carry out a "greenfields" transformation, a clean slate to implement the best strategy for securing AIA's future.

Roger turned to Okta due to its top placement in Gartner ratings, compatibility with multiple cloud providers, and Adaptive Multi-Factor Authentication for Single Sign-on. The decision exceeded expectations by instantly upgrading AIA's identity and access capabilities while simultaneously enabling more frictionless workflows across the group's Asia-Pacific markets. It was the beginning of a journey that went beyond workforce security, opening new avenues for customer engagement and Zero Trust strategies.

The importance of being neutral: multi-cloud transformation with an agile partner

In planning its cloud transformation, AIA embraced multiple providers to give it flexibility working with partners hosted on different platforms, and a choice of best-in-class tools. It also needed to maintain some systems behind an on-premise firewall.

In such a hybrid and multi-cloud environment, AIA needed identity and access management that enables seamless navigation among disparate environments. "Consistency across platforms is challenging, because each one takes a different approach to security," says Roger.

Okta provided a simple answer: vendor neutrality. No longer was AIA locked into a single provider for security or any other needs. Vendor neutrality allows the group to stay on Office 365 and deploy AWS and Google Cloud Platform, while maintaining on-prem presence, all under a unified (and intuitive) cyber-security protocol.

It opened doors to more frictionless collaboration among business units and with outside partners, in any cloud environment. One of the best parts, says Roger, was that this versatility and security came mostly out-of-box.

"It's the easiest deployment I've worked on. I'm used to spending 12 months setting up a system. This took less than eight weeks," he explains. "Being able to buy a service like Okta and get it working within weeks is amazing."

The newfound agility has yielded powerful results. Since adopting Okta, AIA averages nine integrations per month compared to one every six weeks with its previous security provider. Okta's own speed with security updates – roughly 50 per month (against one every few months previously) – gives AIA peace of mind it's always a step ahead of the hackers.

"For a fast-moving organization like ours, it's critical that we're able to integrate apps on the fly," says Roger. "Okta allows us to do that with application readiness that makes changes in real-time, carries out testing, and deploys fast and securely."

A future of endless possibility with customer identity and Zero Trust strategies

With its Pan-Asian workforce Okta ready, AIA now has sights on customer identity access management (CIAM) with Okta Customer Identity. Roger says it's an even bigger challenge, since AIA has occasionally faced "inconsistency" in how it handles CIAM in different markets.

"Okta makes a big difference by providing consistent policy across the group," says Roger. "Just as important, Okta enables the flexibility our units need to carry out their own development and customer management. It's the best of both worlds."

AIA is rolling out its Okta Customer Identity initiative on AIA Vitality, the group's flagship insurance and wellness program (which gives rewards for a healthy lifestyle.) AIA has deployed Okta Customer Identity for Vitality in Indonesia, Thailand and the Philippines. The solution has already enabled customers to consolidate their profiles across devices – and flexibly track their points progress in real-time. In the future, it foresees one million monthly active users signing on with Okta across the Asia-Pacific.

AIA's other major initiative is delving deeper into reconciling Zero Trust with frictionless sign-on. A key tool promises to be FastPass, which enhances security with factors such as biometrics, while enabling a no-password experience on all devices.

"On the one hand, we want to move to Zero Trust. On the other, we're trying not to bug users too much. It's a balancing act, right?" says Roger. "Okta is the only solution that enables us to find the sweet spot. That opens up a world of possibility to build our future with both creative collaboration and peace of mind."