Case Study: CSS Insurance streamlines document authorization with Axiomatics Policy Server

Insurance Company Streamlines Authorization, Saves Development Time and Cost

CSS Insurance, Switzerland's largest health insurance provider, faced authorization issues with its corporate document management system. The system, which housed over ten million documents and handled two million daily requests, had become too open over time, risking security and compliance breaches. To address this, they turned to Axiomatics and its Axiomatics Policy Server (APS) to implement a more secure, externalized form of Attribute Based Access Control.

Axiomatics implemented its APS solution to manage authorization externally, moving the company away from its built-in, role-based system. The project was completed in just three weeks by a two-person team. The solution successfully enforced stricter internal security policies, provided more effective access control based on user and document attributes, and resolved the previous over-privileged access. CSS Insurance was so pleased with the results that it identified further tasks to onboard onto the Axiomatics system.

CSS Insurance

Sebastian Goodrick

Head of IT Security