Improving security globally using API's at Allstate

Published: August 25, 2023

The Project

The Identity and Access Management (IAM) team here at Allstate implemented reusable, event-driven, RESTful APIs that expose IAM capabilities and functions for the Enterprise to programmatically consume. The project encompassed all of Allstate's operating regions, spanning various geographic locations, to uphold Identity and Access Management security within the environment.

The IAM API program was powered by cutting-edge technologies that were expertly integrated to deliver maximum benefits. This event-driven API solution leverages multiple technology stacks such as Spring Boot, SIEM integrated with a messaging store and stream processing platform.

Two men holding an award - Improving Security Globally using API's at Allstate.

The Impact

The IAM API program has had a significant impact on the organization, with notable improvements in efficiency, security, and risk management. Through our IAM API Integration initiative, many business and technology benefits were realized.

Project Objectives

Our IAM API program was to focus on exposing Identity and Access Management capabilities via reusable, event-driven, RESTful APIs. Through the creation of this API abstraction layer, we were to provide a common, language-agnostic way of interfacing into our IAM systems which include technologies within the Identity Governance Administration, Privileged Access Management, Directory Services, Access Management, Secrets Management as well as other custom applications.

Project Success

The IAM API program has helped in disseminating time-sensitive information to multiple recipients in near real-time and provided an efficient method for risk reduction.

Our event-driven APIs enable real-time data processing, enabling systems to respond to events instantly and allows real-time mitigation of the risk of privileged account abuse by significantly reducing the amount of time to detect the unintentional or malicious bypass of a protective access control.

On top of this success, the project team were worthy winners of the Identity Fabrics award at the European Identity and Cloud Conference earlier this year in Berlin. The European Identity and Cloud Conference is the place where the digital identity and cyber community comes together to set the course for the future of digitization.