Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Legacy modernization in insurance: what IAM teams should watch


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9773
Topic starter  

TL;DR: elipsLife Netherlands modernized its employee benefits platform with Comarch to replace legacy systems, improve user experience, automate end-to-end processing, and support data migration, cloud deployment, and integration with more than 12 external platforms. The deeper lesson is that modernization programmes now reshape identity, access, and operational governance at the same time, so control design must keep pace with platform change.

NHIMG editorial — based on content published by Comarch: elipsLife Netherlands platform modernization case study

By the numbers:

Questions worth separating out

Q: How should insurers govern identity during legacy platform modernization?

A: Insurers should treat modernization as an identity inventory exercise as much as a systems migration.

Q: Why do insurance modernisation projects increase access risk?

A: Modernisation increases access risk because it compresses more policy, claims, and finance activity into fewer platforms and more connected workflows.

Q: What do teams get wrong about automation in insurance operations?

A: Teams often assume automation reduces governance needs, when it usually raises the stakes for identity control.

Practitioner guidance

  • Build an identity inventory into the migration plan Catalogue every service account, API key, batch job, and operator credential tied to the legacy platform before cutover, then assign an owner and retirement date for each one.
  • Re-segment privileged access across core workflows Separate administrative, operational, and integration identities so claims, policy, finance, and document generation do not share the same permissions or recovery paths.
  • Validate automation checkpoints at process boundaries Add validation and approval steps where one system action can trigger downstream policy, claims, or document changes, especially in high-impact business flows.

What's in the full article

Comarch's full case study covers the operational detail this post intentionally leaves for the source:

  • The full migration scope across product administration, claims handling, finance, and document management.
  • The integration pattern used to connect with more than 12 external industry or national platforms.
  • The performance and deployment details behind the cloud-hosted insurance platform.
  • The business context for why elipsLife prioritised modernization and ecosystem alignment.

👉 Read Comarch's case study on elipsLife's insurance platform modernization →

Legacy modernization in insurance: what IAM teams should watch?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 9257
 

Legacy insurance modernization is an identity governance project, not just an application project. The article is framed as operational transformation, but the underlying change is that access, workflows, and external integrations are being reconstituted at the same time. That makes identity continuity the hidden risk surface. Practitioners should treat modernization as a revalidation of every machine, service, and human entitlement that supports policy and claims operations.

A few things that frame the scale:

  • 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to the Ultimate Guide to NHIs.
  • 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.

A question worth separating out:

Q: What should identity teams verify before moving an insurer to cloud deployment?

A: They should verify that operational identities and administrative identities are separated, that each integration has a named owner, and that no credential is carrying forward only because it was needed in the legacy system. Cloud deployment is the right moment to remove inherited access paths that no longer match the business process.

👉 Read our full editorial: Legacy insurance modernization exposes the identity governance gap



   
ReplyQuote
Share: