Coventry Building Society: Safely and securely adding digital customer value to more than 130 years of savings and mortgage expertise

2,800

employees now use MFA 

Significant

time saved per password reset or approval

15+

apps secured with Adaptive MFA and SSO with more being added

  • Helping people build for the future
  • Mobilising for remote work
  • Delivering security with a quick MFA rollout
  • Delivering stability when people needed it most
  • Empowering employees with automation
Helping people build for the future

With its far reaching range of savings and mortgage products, Coventry Building Society helps its 2 million members save for the future and purchase their own homes. Its IT team makes sure that the society’s 2,800 employees have access to all the tools they need to put members centre-stage, while keeping all their sensitive information secure.

Mobilising for remote work

By the time the COVID-19 pandemic hit, Coventry Building Society had been using Okta for several years to safeguard its Software-as-a-Service (SaaS) applications. When 1,700 of its 2,800 employees had to be rapidly mobilised for remote working, Okta’s extended capabilities helped the society continue its services securely, despite the global disruption.

Delivering security with a quick MFA rollout

Okta offered a three-month licence for Adaptive Multi-Factor Authentication (MFA) for free, enabling Coventry Building Society to roll out Adaptive MFA almost immediately without commercial barriers for the first phase, supported by Okta. Thanks to the ease of use of Okta’s Adaptive MFA and Single Sign-On solutions, it was a frictionless switch for the society’s employees, who got immediate access to their most important applications with a single password.

Delivering stability when people needed it most

Customer trust is Coventry Building Society’s most valuable currency, and by leveraging Okta as part of its wider digital transformation strategy to enable remote work, it was always there for its members despite the pandemic. With apps protected by Adaptive MFA, it strengthened its security posture, mitigating threats such as ransomware.

Empowering employees with automation

Next, Coventry Building Society wants to simplify provisioning tasks that are currently handled manually by moving to Okta’s Lifecycle Management to gain productivity with automated workflows. By automating mundane tasks, it will enable employees to focus on what’s most important: delivering value for its members.

With SSO and MFA, Okta provides a friendly user experience that our colleagues across the business  just ‘get’. Okta really helped us get technology out of our employees’ way at a time when everyone was under enormous pressure, enabling them to focus on delivering service and value to our members.

James Fellows, Chief Information Officer, Coventry Building Society

Benefits

  • 1,700 employees quickly mobilised to work from home
  • 3 months free MFA licences to ensure swift rollout during the pandemic
  • 2,800 employees now use MFA
  • Significant time saved per password reset or approval
  • 15+ apps secured with Adaptive MFA and SSO with more being added

Humans crave a place to call home. As exciting as the world out there is: at the end of the day, we all want our own four walls to return to — to relax, refuel, and get ready for tomorrow. Owning a home is a symbol of stability, but it’s also a considerable financial commitment. For many buyers, it will be the largest purchase of their lifetime, and most will require a mortgage to make it happen. Like any big financial decision, it’s not to be taken lightly, and best made with support from people you trust.

Since 1884, Coventry Building Society has been a trusted partner for people across the UK, helping them build better futures with reliable savings and competitive mortgage products. As a building society, it is owned by its 2 million members. Without the need to make profits to pay dividends to shareholders, members rest assured that the society reinvests every penny earned into its core services.

Where banks and other businesses are pressed to diversify, Coventry Building Society remains laser-focused on its savings and mortgage products. This commitment cements the mutual trust between the society and its members, and the shared sense of purpose resonates across the company.

“At one of our branches recently, I spoke to a lady who was a grandmother who told me she’d been a Coventry member since she was four years old,” remembers James Fellows, Chief Information Officer at Coventry Building Society. “We’re here for our customers in all phases of their lives, whether it’s their first savings account, their second house, or their life savings. We really are a community, 100% committed to our purpose, and that’s why people put their trust in us.”

Mobilising for remote work securely

Trust requires presence, and with deep roots in Coventry and branches across the UK, Coventry Building Society strives to be wherever its members are. An award-winning team of around 2,800 employees keeps the services running, helping savers and borrowers fund their dreams. It’s the mission of the society’s IT team to make sure these employees can access all the tools they need to quickly deliver value to members, while keeping all their sensitive information secure.

With security top-of-mind, Coventry Building Society has been using Okta since 2017 to safeguard access to its SaaS applications. When the COVID-19 pandemic forced it to rethink some of its fundamental processes, Okta ensured continuity in the short term, prompting James and his team to explore its more advanced features.

“From the start, Okta hit several sweet spots for us, enabling our employees to use a single password for everything securely with Single Sign-On,” explains James. “But where our use of Okta came into its own was in our Coronavirus response.”

Balancing security and usability with a seamless switch to MFA

Like many businesses, Coventry Building Society found itself having to readjust to the challenges of remote working in 2020. Previously, around 200 employees would work from home on any given day, accessing the company’s VPN via RSA hard tokens. Suddenly, most of its non-branch staff had to work from home without making the business — which manages multi billion pounds of assets — vulnerable to attacks. That’s why the team decided to implement Okta’s Adaptive Multi-Factor Authentication (MFA).

James had only recently joined Coventry Building Society as a permanent member of the team; his first day coincided with the first day of the COVID-19 lockdown in the UK. Okta helped him hit the ground running: “One of the things that really brought Okta’s capabilities on my radar was how quickly we enabled easy to use MFA for our colleagues. By combining the benefits of our infrastructure transformation programme with Okta’s MFA capabilities, we enabled 1,700 employees to work from home securely in just three weeks, giving everyone access to the tools they needed to be fully effective remotely, such as Zoom.”

Prior to Okta, provisioning users to RSA for remote working, MFA took time with further administrative work on out-of-sync tokens and expiration schedules. Tokens came at a cost with three-year expirations, and sending them out incurred further costs to the IT team to run this service, as well as the delay to users waiting for access. That’s not to mention environmental, social and governance impacts, which cover everything from the lithium that goes into batteries and copper mined to make circuit boards, all the way to the plastic that surrounds RSA tokens, as well as the carbon footprint of shipping them out. And token, software and hardware maintenance for multiple servers per site and for disaster recovery and token replacement for loss or damage added further to annual up-front costs. This wasn't feasible for the rapid rollout of three weeks required to successfully transition to safe remote working. By choosing Okta, Coventry avoided considerable spending on its existing approach.

Okta’s adaptive MFA also improved the user experience. Some users previously had to do more than five MFA prompts daily for different applications with hard and soft tokens. This frustrated users who just wanted to connect to apps - such as Confluence, Jira, Mind Tools, O365, Panopto, Slido, Workday, and Zoom - and get working, without digging hard tokens out from a desk drawer. Over the course of a year, this amounted to significant hours spent doing MFA prompts. Okta’s adaptive MFA reduced this and helped to save on general productivity costs. This user-experience-centric thinking contributed to Coventry Building Society being top-of-the market on metrics such as staff engagement scores and winning a place on The Sunday Times 100 Best Companies to Work For list.

Back in early 2020, new initiatives had to be implemented amid a backdrop of global chaos and uncertainty. To support the society during that time, Okta provided its adaptive MFA licence for free for three months, taking away commercial barriers to support a quick rollout.

“At a time of intense stress, Okta took away a problem and presented a solution by giving us the MFA licence for free, ignoring short-term commercial interests,” says James. “That level of commitment is just one of the reasons we’re happy to have a long-term partnership with Okta.”

Lawrence Jessa, Coventry Building Society’s Senior Manager for Performance and Continuous Improvement, adds: “The seamlessness of Okta’s MFA aspect was a major help. It provided one bit of clarity in an otherwise very opaque world at the start of the pandemic. Besides helping us manage expectations upwards, it also helped us quickly meet the needs of our colleagues and enabled them to serve our customers.”

Getting the tech out of people's way

Making sure Coventry Building Society’s employees faced as little friction as possible when serving their members was the number one priority for the tech teams. Instead of inconvenient hard tokens, they could now use Okta Verify to access their apps in seconds, from any location, all with a single password.

“With SSO and MFA, Okta provides a user friendly experience that our colleagues across the business just ‘get.” Lawrence says. “Okta really helped us get technology out of our employees’ way at a time when everyone was under enormous pressure, enabling them to focus on delivering service and value to our members.”

Before Okta, Coventry Building Society’s admin team was swamped responding manually to high volumes of tickets for things such as password resets on systems that were important but not used daily. By consolidating 15 apps behind Okta and using Okta Workflows to link to its ServiceNow to speed up approvals flows, in the future Coventry Building Society will automate password resets and approvals flows, saving considerable admin time.  

“Okta enables us to roll out new tools with full MFA and little effort,” says James. “It also allows us to try out new apps and see how employees like them, and remove them again if they don’t prove to be valuable. And, because they readily integrate with Okta, we don’t need to have our engineers on it — they can instead focus on more value-adding tasks.” 

Okta allows the society to roll out tools with fast time to value, to test how users respond and then roll back if required, all without building any infrastructure or using up IT time. 

Banking on a strong security message

Because it deals with sensitive financial information, Coventry Building Society needs to adhere to strict security standards and meet numerous regulatory and compliance requirements. But its first line of defence against attacks is an educated staff, and Okta helps drive home the company’s security messaging.

“In a world where ransomware is one of the biggest threats, we need to provide a consistent security philosophy, but that’s difficult if we’re asking our employees to type in credentials on third-party websites,” says James. “By giving them access to these tools with Okta, we’re not just making life easier for our colleagues, we’re simplifying the message and strengthening our security.”

Unlocking Okta’s potential with Customer First support

Now that employees have simple and secure access to all their core applications, which can easily be modified and added to as the society evolves, the team is ready to leverage even more of Okta’s capabilities. To that end, Lawrence works closely with Okta's Customer First Support offerings to map out the next projects in line with the wider IT and business strategy.

“We’ve got a close relationship with Okta’s Customer First team, which has really opened our eyes to the art of the possible,” says Lawrence. “In quarterly business reviews, we align our trajectory and see where there’s potential to expand going forward. And often when we encounter problems, it turns out that we’ve already got the right Okta solution, we just haven’t implemented it yet.”

Empowering employees with automation

One of these solutions is Lifecycle Management, which will help Coventry Building Society to automate tasks that are currently handled manually. There’s a big team of access control specialists who work hard to make sure all permissions for all of its employees line up and are up-to-date — a laborious task, made harder by a time-consuming login process for each application. With Lifecycle Management, the society will be able to create automated workflows for access permissions, freeing its employees from repetitive tasks and increasing responses.

“We’ve got an incredible team of access control specialists, but they’re stuck doing manual tasks, crunching tickets, which takes a lot of time that could be better spent elsewhere,” says Lawrence. “Being able to use Okta for access provisioning to create a singular, automated workflow will be liberating.”

Automated workflows are just one part of Coventry Building Society’s wider push for digital innovation, bringing its trusted savings and mortgage experience into the cloud age: “We’re on a digital transformation journey, digitising our business through the power of technology,” says Lawrence. “There’s a couple of Okta projects we’re working on that will make it easier for our employees to focus on what’s most important: giving value back to our members.”

As Coventry Building Society embarks on its automation journey, the team is excited to see the next phase of its five-year Okta partnership take shape. And after braving a pandemic together, this partnership is stronger than ever, says James: “In difficult times, you find out who your friends are. Okta was one of a handful of suppliers that really stepped forward during the Coronavirus pandemic and beyond. It’s a commitment like that which makes a heck of a difference. That’s why we’re happy to have built this long-term partnership with Okta.”