HESTA is in the business of improving the financial future of every member. The Australian industry superannuation fund manages the retirement savings of more than 880,000 members, supporting members through access to high-quality advice, education and insurance cover. The majority of HESTA’s members work in health and community services.
More than 80% of our members are women who typically have lower account balances and lower pay than their male counterparts. Sheena Peeters, HESTA’s general manager of technology says. “HESTA is committed to making a real difference in every members’ financial future and supporting them to make good long-term decisions that can help build their retirement savings.”
HESTA’s technology teams serve three groups: HESTA’s workforce, organizations that provide HESTA services to their employees, and members who join the super fund.
Workforce IT made modern
The organization’s commitment to its members is evident in its approach to IT, which stresses the importance of balancing strong security with a streamlined, effective user experience.
When HESTA realized that its proliferation of cloud-based apps was negatively impacting its employees’ ability to serve customers efficiently, the organization began looking for an identity management solution. Ultimately, HESTA wanted to consolidate its workforce infrastructure, while maintaining its flexibility, easing the log-in process, and securing access to cloud-based tools. The company selected Okta based on a quicker time-to-value, and the opportunity to save money without compromising service or product quality.
HESTA has rolled out Okta Universal Directory, Single Sign-On, and Lifecycle Management , followed by API Access Management. This enabled the company to quickly secure and consolidate access to its growing suite of personal and business applications, including Office 365 and Zscaler. As a result, the IT team reduced time spent on IT tasks by 80%. They also experienced an 80% improvement in offboarding users and workflow reporting and auditing.
Increased availability and security
That initial project helped ease the pressures on HESTA’s small IT staff while ensuring access was provided securely and with minimal disruption to employees. Near the end of 2019, HESTA decided to explore ways to provide members with more control—plus the same level of security and convenience—by building a new web-based retirement planning tool.
Many of HESTA’s members work in fields that require them to balance shift work and family responsibilities, which means they tend to log in to manage their retirement savings whenever and wherever they can find the time, whether that’s at lunchtime—or 2:00am in the morning.
As a result, a new member-focused initiative needed to provide members with omnichannel and mobile access to financial tools—a goal that required HESTA to update identity access management and partner to implement a new user portal.
Working within stringent industry guidelines, and protecting against the ever-increasing risk of security breaches, security had to remain top of mind for HESTA. A member-facing modernization initiative had to provide members with a high level of security without compromising the simplicity of the user experience or the availability of the portal.
HESTA wanted to give customers secure access to intuitive, interactive digital channels. Any back-end complexity needed to not impact a streamlined user dashboard, and the migration process had to be seamless.
“Anytime we address a technology problem, we need to think about who our members are, what they're trying to achieve, and how that aligns with what we’re trying to achieve,” says Peeters. “That’s really critical to us.”
A flexible identity partner
HESTA went to market with three primary considerations in mind: time-to-value, cost, and quality. “Our digital architecture is spread across multiple layers, including cloud engineering, DevOps, and automation,” says Peeters. “We needed to complete the initiative with speed and velocity. But we also needed to figure out how to deliver a really strong experience—which includes ease-of-use—while still maintaining our member's trust.”
HESTA decided that extending its pre-existing relationship with Okta was the right way forward. In addition to a 210% ROI, HESTA’s internal Okta deployment also mitigated business risk by providing technology teams with greater access control without increasing complexity.
“Based on our previous experience, we thought Okta would check all the boxes and add the flexibility to enable our hybrid architecture,” says Peeters. “We decided to give all the heavy lifting to Okta—and then enable the business by retrofitting anything that’s left.”
The maturity of Okta’s approach to enterprise IT security was also a draw, particularly in terms of its ability to provide insight into user logs. In the end, HESTA purchased the following Okta products:
“Having partners who understand how we're servicing our customer base is really important, and I think we have that partnership with Okta today,” says Peeters. “The relationship was tested and proven through our workforce implementation. So we trusted Okta to help us with this journey, too.”
The organization also needed to ensure that its new environment was flexible enough to support future use cases.
Building for the future
“We didn't want to be so constrained by our IT stack that we couldn’t add new components without having to re-engineer the whole architecture,” says Peeters.
“We also had to orchestrate a migration process that ran in parallel—all member portals, all legacy authentication, new member portal—with seamless and secure member logins they wouldn’t even notice.”
The organization decided to support its new portal by building a loosely decoupled architecture connected by sets of APIs, with Okta playing a key role as a customer identity access management partner. Okta involvement supported HESTA holistically increase time to value, future-proof its architecture, and provide members with intuitive, interactive digital channels, integrated across a cohort of systems in a very secure manner.
HESTA also has Java Virtual Machines that are hosted on an Amazon Web Services tenant. By maintaining that tenant, the organization retained flexibility across all digital channels.
From legacy to logic
HESTA went live with the new portal and retirement planning tool in February 2020, after integrating its newly purchased Okta Customer Identity products.
HESTA’s approach to the migration process, was to enable members to migrate from legacy to new digital services by using behind the scenes authentication logic to perform this function. As HESTA members logged in through their legacy identity provider, logic automatically determined if they’d already been migrated, or if it was their first login and this generated the events to create accounts in Okta post implementation.
After their accounts were activated in Okta, members were then securely authenticated to the new portal. The logic worked so seamlessly that members hardly noticed the back-end shift. The next time they logged in, they were automatically routed through to the new portal.
HESTA also built a dashboard that allows it to actively monitor activity logs. The organization specifically monitors its top ten users, events (prioritized by user breakdown and severity), and password events like resets and updates. HESTA’s SoC team monitors this dashboard 24/7.
“This gives us a lot of meaningful insight into where our members’ pain points are and increased monitoring capability for unwanted traffic or suspicious activity,” says Peeters.
This approach also helps HESTA’s IT team track emerging trends in member behaviour. “We've spent some time analyzing the logs and making sure that we proactively adjust these dashboards to provide better intelligence, not only to ensure the most secure and convenient member experience possible, but also continuously tap into NPS scoring,” adds Peeters.
Exceeding expectations
Over the course of the implementation, HESTA has learned a few key lessons in customer identity access management. To begin with, using a loosely decoupled architecture not only helped HESTA complete the current modernization initiative quickly—it also helped the organization future-proof its architecture.
HESTA has also achieved its goal of strengthening security without negatively impacting its members. The organization’s monitoring has shown shifts in the way its members are engaging with its digital tools: HESTA’s Net Promoter Score has improved, and member engagement has increased.
“There’s no doubt we had a variety of different options that we needed to work through,” says Peeters. “But we have a true partnership with Okta, and that support helped us achieve our goals. The experience was better than industry standard, and gives us the ability to continually improve. Work is ongoing on improving how we deliver services to our members as part of supporting members to improve their financial future. Improvements in Net Promoter Scores definitely show us that we're on the right track.”
About HESTA
HESTA is the largest superannuation fund dedicated to Australia’s health and community services sector. An industry fund that’s run only to benefit members, HESTA now has more than 880,000 members (over 80% are women) and manages over $60 billion in assets invested around the world. HESTA is committed to creating a real difference to the financial future of every member. HESTA focuses on achieving strong, sustainable, long-term returns while making a positive difference to the world members will retire into.