Vordel - XML and SOA appliances for XML network management

Fortis Case Study

Fortis uses Vordel to secure and manage its SOA-based insurance agent distribution channel

Fortis Insurance Netherlands uses Vordel to protect Web Services delivery as part of IT virtualization strategy to over 8,000 partners

Press release

About Fortis Insurance Netherlands

Fortis Insurance Netherlands insurance company holds a 12.5% market share of its national market with annual turnover figures in excess of �5bn. The company offers individuals and businesses a wide range of life, pension, non-life, healthcare and disability insurances, and mortgage and savings products. It markets its products via a large distribution network of 8,000 independent intermediaries.

The Challenge

Fortis' corporate strategy has been to position the firm as a general intermediary insurer that delivers a range of products to its specialist channel partners who can then focus on their core activities.

In order to meet the needs of these intermediaries, Fortis deployed XML Web Services to deliver products and services online to partners, alongside the provision of services to its own internal employees. Given the sensitive and commercially significant nature of many of the XML Web Services exposed to partners, Fortis required strong certificate-based authentication and authorization. The strictly regulated financial services industry also placed a requirement on the firm to provide comprehensive archive and auditing of all transactions.

Given the diversity of users accessing the insurance services, Fortis needed to validate certificates using a range of CRL, CRL LDAP and OCSP methods. A solution was also required to support a single store of authentication and authorization information that is applied to both Web browser traffic (HTML, forms data) and to XML Web Services traffic (XML, SOAP). The solution needed to be future-proof, supporting the current transport-level security standard (SSL) but capable of extending to leading-edge message-based security standards (WS-Security).

Furthermore, the chosen security solution had to guarantee 99.98% availability and have a high message throughput capability (one application alone handles 30,000 messages per day).

Why Vordel?

Vordel's XML gateway product VordelSecure was chosen for the following reasons:

As an RSA Secured partner, Vordel's products integrate with the existing suite of RSA authentication and authorization products deployed on site (RSA ClearTrust, RSA Keon and RSA Validation Manager). This integration ensures that a single set of authentication and authorization data is used across both Web browser traffic (HTML, forms data) and XML Web Services traffic (XML, SOAP). An XML gateway which was a closed system, introducing a new silo of authentication and authorization data, would not have been appropriate.
VordelSecure provides proven support for the methods of digital certificate validation required by the insurance company and its trading partners (CRL, CRL LDAP, and OCSP). Other competing products do not have the depth of security integration required to satisfy these requirements.
VordelSecure offered greater flexibility and scalability than hardware alternatives. The insurer is not locked into a hardware model where the addition of an additional XML gateway requires delivery of proprietary hardware, and where upgrades require firmware upgrades. Fortis can leverage the speed and convenience of off-the-shelf processor power and memory, rather than being locked into an appliance platform.

Benefits

Re-use existing security infrastructure obtaining return on assets - avoid the cost and extra management complexity of new "silos" of users and policies. The solution allows users management and policy management to be common across both Web browser traffic and XML Web Services traffic.
Complement the corporate strategy of a Customer-centric approach - This security solution allows Fortis to extend services to partners. Without strong authentication and authorization, as well as an audit trail, this would be impossible.
Reduced costs and faster time to market to existing and new markets - With VordelSecure, Fortis has the flexibility to update security policies centrally, implement software upgrades without hard coding and without firmware upgrades, and can easily scale the application of security to new partners and customers as and when required.
Comply with Financial Services regulatory guidelines for auditing and non-repudiation - the use of strong authentication and authorization, as well as keeping an audit trail of all transactions, satisfies regulatory requirements.

To find out more about this study and how Vordel's products can help your company email .