Eight years of superb compliance. Cost savings of several hundred thousand in seven months for one automation project alone. Those are major accomplishments to brag about. But Chris Blanks, Top Technical Automation Specialist at Transamerica Life Insurance Company, part of the international Aegon Group, is more interested in uncovering new ways to reduce risk and cut costs than he is in bragging about IT’s accomplishments.
From talking to Chris, you learn that achieving operational excellence by reducing costs, innovating and making better use of resources is ingrained in Transamerica’s culture. The Global IT organization is constantly looking for ways to automate tasks because automation, when applied strategically, simultaneously drives out cost, reduces risk, and increases business agility. For Aegon and Transamerica, this is a great example of transforming the business value of IT.
The IT staff is applying automation in creative ways to address critical challenges like staying on top of regulatory changes and adapting to shifting customer needs and expectations. The staff’s recent wins in automation are empowering the business to innovate and, as a result, increase competiveness.
Chris shared with us the details of two of IT’s most successful projects: intelligent, closed-loop compliance and event-driven automation.
Compliance is Priceless
Compliance reviews come with the territory when you’re in the insurance and financial services business. And Chris recalls that it used to be a struggle to cope with the many internal and external reviews. “When Sarbanes-Oxley passed, we started questioning how we were approaching these reviews or audits,” he recalls. “We asked ourselves if we couldn’t come up with a single process to handle drift management and provide auditable evidence of compliance. That was the origin of our intelligent, closed-loop compliance process.”
Using BMC BladeLogic Server Automation, the staff created a set of daily compliance jobs that today evaluate approximately 7,000 servers in the U.S., Canada, Scotland, The Netherlands, Hong Kong and other countries. For each server, the system performs an average of 100 validations that predominately relate to security but also ensure baseline configurations as part of Good Controls. When the audit is done, BladeLogic completes the required auditable evidence by creating the right documentation inside BMC Remedy ITSM.
The next step is to remediate any noncompliant server. This step is also fully integrated into Remedy, following important ITSM processes. A change ticket is added into Remedy, noting all required information including the server, the issue to be resolved and the corresponding compliance rule. In most cases, change approvals occur automatically, and the correction is then automatically applied to the out-of-compliance server.
After remediation, the audit job reruns to ensure that the remediation was successful. In most cases, the change is successful. If not, however, the Remedy ticket is updated to note the reason for the failure and it is escalated to the appropriate support team. This ensures that every compliance issue is resolved as quickly as possible, and the staff intervenes only when absolutely required.
According to Chris, the compliance project wasn’t about saving money. “Compliance is something you simply must have. It’s about avoiding risk and complying with legal mandates and industry standards, not about cutting costs or reducing headcount.” But this closed-loop process has saved many hours that used to be spent gathering and consolidating data to respond to an audit request. “Instead of putting six people in a room for a week to respond to an audit, we have one person spending a few hours,” he explains.
An additional benefit of this process is that it slashes the time required to fix compliance issues. It previously took days or even weeks for compliance issues to be resolved, with many person hours expended. “With BladeLogic, we get compliance and automated remediation of critical vulnerabilities within minutes. Without BladeLogic, we would be back to our old, semi-manual approach where fixing critical vulnerabilities could take several days or even weeks after they had been found.” This type of automation has been transformative to Transamerica’s business. “We’re in a good place with respect to audits,” Chris says, “and we get a lot of praise from the auditors.”
For more information on how BMC’s Intelligent Compliance works, see www.bmc.com/compliance.
Event-driven Automation Saves!
Transamerica’s event-driven automation project started with the recognition that level 2 staff spent too much time watching consoles and reacting to what they saw. There was no bandwidth for proactive notifications, nor was any manpower available to take over routine tasks from level 3 teams. The project team identified the types of events that were consuming the most time for these specialists and used BladeLogic and Atrium Orchestrator capabilities to automate them.
As the event-driven automation process began to respond to events, level 2 teams had much of their mundane, repetitive work automated. This enabled them to reach out to the level 3 teams and take responsibility for routine tasks such as server builds and decommissions. As a result, level 3 teams now have more time to focus on such activities as maturing the environment. To date, the staff has defined 137 automated responses. And in the first 7 months, the process handled 94,273 events, which saved more than 9,000 hours of staff time.
“But the real story here is about transforming the mindset,” Chris concludes. “We’ve gotten past being reactive and we’ve moved into proactive mode. And that has put our team on a whole new level with respect to serving Transamerica customers.”