Verisk Analytics builds a consistent, unified customer experience with Okta

Growing together

Verisk Analytics is a data analytics provider that offers consulting services to insurance, energy, and financial services professionals. The organization also offers predictive analytics and decision-support solutions that support professionals in a range of other fields, from fraud prevention to weather risk assessment.

The 50-year-old company has a presence in 30 countries and employs nearly 10,000 people across dozens of subsidiaries and business units. Although these member companies are part of the larger Verisk family, they also enjoy a significant amount of autonomy. As a result, some decisions and responsibilities are taken care of at the member company level, while others are handled globally.

For a loosely connected group of companies, however, it became difficult to juggle these responsibilities. Rapid growth driven by aggressive acquisition created a highly complex IT infrastructure that was difficult and expensive to maintain. Maintaining individual branding was a challenge, and it was hard for member companies to access shared services.

Creating a unified workforce

To resolve these pain points, the company launched a modernization initiative that increased reliance on cloud-based technology. Verisk soon realized it needed an identity solution to better manage access across its complex ecosystem and support its cloud-first vision. After exploring possible solutions, Verisk realized the Okta Identity Cloud with its wide range of integrations could ease future M&A processes, strengthen security, increase flexibility and reliability, and reduce maintenance costs.

Verisk decided to partner with Okta when it realized its own goals aligned well with Okta’s future roadmap. Verisk used Okta Single Sign-On (SSO) to secure a number of internal SaaS solutions, beginning with ServiceNow, followed by Office 365. Now employees can access over 500 applications with a single set of credentials, all through the Okta dashboard.

“SSO used to be an optional feature, but we now require it for any type of corporate access into our growing cloud ecosystem,” says Bahl. “We can't really imagine how any of this would work without Okta, which also allows us to securely manage our cloud solutions, including infrastructure built in Amazon Web Services (AWS).”

Verisk was so pleased with Okta’s performance that it began to explore ways to streamline its external environment as well. The organization had challenges with time-consuming processes, a complex operating model, inconsistent branding, and duplicate customer accounts across various member company directories. Once again, Verisk needed to find a way to unify its technology—this time, in order to improve the customer experience.

The organization formed a community of interest for the purposes of developing a new Customer Identity Access Management (CIAM) strategy. The group was informal at first, sharing ideas and code snippets. Before long, the community of interest had developed a solid roadmap that would work for Verisk and its individual business units.

A seamless identity partner

Verisk knew that it would be more efficient and cost-effective to adopt an out-of-the-box CIAM platform than to build and manage new infrastructure from scratch. Specifically, Verisk needed a solution that could:

• Drive adoption of modern authentication
• Enable the adoption of OpenID Connect and federated identity
• Increase IT efficiency with standardization
• Strengthen security overall

Okta met Verisk’s key criteria and had already proven itself internally, so the team decided to extend the partnership by purchasing Okta Authentication, Authorization, Multi-Factor Authentication, Lifecycle Management, and API Access Management for Customer Identity.

“We knew Okta would give us the ability to break down some of the silos that existed between business units, and unify the customer experience,” says Bahl. “That, in turn, would improve our ability to gather analytics from our customer logins and authentications.”

In addition to purchasing the CIAM products, Verisk also engaged the Okta Customer First team, including Professional Services. “We also have the Premier Success support package, which has been great,” says Bahl. “We’ve got 24/7 support and a dedicated Customer Success Manager that’s always just a phone call away.”

Building a strategy

In 2019, Wood Mackenzie kicked off the deployment strategy process with a three-day hackathon-style workshop.

“It was very open, and very much designed to give engineers the opportunity to ask a lot of questions, get hands-on experience, and then to build out small prototypes and proof-of-concepts with the platform,” says Galea.

The organization decided on a single tenancy model because it reduced the amount of maintenance and overhead required. With this structure in place, Verisk would be able to roll out updates and changes quickly and seamlessly to all of its member companies.

Assembling the environment

The organization began the modernization process by focusing on its legacy infrastructure. Verisk isolated its user registration, sign-on, and password processes, making it possible to connect SaaS solutions through a core set of APIs, including a service API that supported business-specific login. It also integrated developer tools, like Jenkins, with Okta.

Once the customer-facing tenant was in place, Verisk integrated it with the pre-existing workforce tenant, unifying the entire infrastructure. “Any one of our employees who needs to consume our customer-facing apps—and there are a lot of those—can access them through that federation,” says Bahl.

Next, Verisk set up provisioning for customer identities. “We support three types of user provisioning at the moment,” says Bahl. “Inbound federation is highly preferred because it offloads user management onto the customers themselves. We also support delegated authentication from our Active Directory domains. And, of course, we support Okta-mastered users.”

The newly unified environment resulted in improved visibility as well. “We ship all of our system logs over to a Splunk cloud, which gives us the ability to retain this information for longer periods of time, and do further analysis, reporting and visualization,” says Bahl. “But also it's a nice central repository for all logs, since we send application logs, infrastructure logs, and logs from AWS.”

Each profile that was granted need-based access to an array of web-based, SAML, OIDC, mobile, and terminal session-based applications. Verisk also requires programmers to log in using API tokens. Soon, the company will adopt OAuth for Okta, which will allow Verisk to further strengthen its security with a more granular approach to programmatic access. By providing access to necessary apps--and nothing more--Verisk has found the ideal balance between security and convenience. The end result is increased security without employee resistance.

Wood Mackenzie moves to the cloud

While Verisk was busy creating a more connected infrastructure, one of its member companies, Wood Mackenzie, was restructuring its own environment and building its Wood Mackenzie Lens platform.

“In early 2019, that was quickly followed by Lens Direct, which provides customers with direct access to data and puts our company in a better position to keep up with the fast pace of the digital age,” says Galea.

Integration played a significant role in this effort as well. Throughout the process, the company migrated and integrated approximately 120 products across 22 different subsystems.

“Our key hypothesis was centered on the premise that as privacy legislation evolved and more customers adopted cloud-based services, we would see a greater need for identity platforms,” says Philip Galea, Wood Mackenzie’s director of engineering. “We wanted a cloud-based ecosystem that would mature as customer demands shifted.”

Wood Mackenzie streamlined all user registrations, activations, sign-on requests, and password resets into a single system. “We also established a core set of APIs that fundamentally support an entire ecosystem,” says Galea. “We did a deep integration between Okta and our own employee lifecycle system. More importantly, we established a set of patterns for integrating Okta into all back-office systems, SaaS offerings, and developer tooling.”

With Okta’s proven flexibility and low maintenance requirements, it was quickly established as the identity standard within Wood Mackenzie.

“One of our goals in creating a service-orientated architecture has been to encapsulate business-specific logic related to our users and their lifecycles, and our subscriptions and their lifecycles,” says Galea. “We’ve been able to pull all that into a set of services using Okta’s SDKs and APIs.”

Wood MacKenzie has also benefited from Okta’s new Automations and Hooks features. “They’re fantastic,” says Galea. “We’ve also leveraged some of Okta’s off-the-shelf solutions and we’ve found that to be a really handy capability for a drop-and-replace instead of an LDAP.”

Wood Mackenzie appreciates the visibility and the increased authentication control provided by Okta’s Single Sign-On and API Access Management, too. “We’ve driven strong adoption around OpenID Connect,” says Galea. “It’s a fantastic standard that gives our API teams a fairly strong ability to restrict access in a flexible way.”

Wood Mackenzie has found the customizable Okta Sign-On widget incredibly useful. The widget allows member companies to use their own branding on the Okta dashboard in order to create a consistent experience for customers. “It works straight out of the box, it’s very configurable, and it lets us do a lot of great things that keep us on-brand,” says Galea.

Perhaps best of all, other Verisk Analytics member companies will now be able to use Wood Mackenzie’s use case as a repeatable template for platforms of their own.

The road(map) ahead

It’s now been a little over a year since Verisk launched its CIAM modernization initiative. “Approximately 200,000 users are live and in-production right now, and we're on track to hit about 500,000 by year-end,” says Bahl. He attributes some of that progress to Okta’s developer experience. “It's an excellent resource for documentation, API references, and code snippets. It’s a really great way to quickly get up and running by spinning up your own developer sandbox, with very little friction.”

Moving forward, Verisk Analytics will focus on making more products available through Okta, and on increasing inbound federation with its customers.

“Of course this is something that requires partnership with them,” says Bahl. “Our customers have to be willing and able. But federation is something we want to really push for. Whether it's a new customer or an existing customer who is currently Okta Mastered or AD Authenticated, we want to migrate them towards a more modern authentication method—that’s certainly near the top of my list.”

About Verisk Analytics

Verisk is a leading data analytics provider serving customers in insurance, energy and specialized markets, and financial services. Using advanced technologies to collect and analyze billions of records, Verisk draws on unique data assets and deep domain expertise to provide first-to-market innovations that are integrated into customer workflows. Verisk offers predictive analytics and decision support solutions to customers in rating, underwriting, claims, catastrophe and weather risk, global risk analytics, natural resources intelligence, economic forecasting, and many other fields. Around the world, Verisk helps customers protect people, property, and financial assets.