API’s and Identity:Enabling Optum to become the HealthCare cloud

Vishal Goyal

Security

Optum Tech

Director IT

SCT11S

@glvishal

@schwarm

#CAWorld

David Schwarm

Optum Tech

Manager Security

SCT11S

Information Risk Management

2 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

© 2015 CA. All rights reserved. All trademarks referenced herein belong to their respective companies.

The content provided in this CA World 2015 presentation is intended for informational purposes only and does not form any type

of warranty. The information provided by a CA partner and/or CA customer has not been reviewed for accuracy by CA.

The Following Added by Customer

The opinions expressed and information provided on the following slides is solely those of the presenters and for informational

purposes only. The information provided in this presentation is not to be used in any way, shape or form for any reason

whatsoever.

For Informational Purposes Only

Terms of this Presentation

3 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Abstract

Brief on how Optum is transforming itself to become the HealthCare Services Cloud and how APIs and Identity are the enablers to make this possible

Vishal Goyal

Director IT

Optum Tech

David Schwarm

Manager Security

Optum Tech

4 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

But First…Who Are We?

UnitedHealth Group is an interconnected company composed of business segments. A few examples:

Health Benefits

• Employer and individual

• Medicare & Retirement

• Military and Veterans

• Amil (Brazil)

• NHS (UK)

• Lusíadas Saúde (Portugal)

Health Services

• Provider Solutions

• Payer Solutions

• Optum Bank

• OptumRX

• OptumCloud

• OptumIT

5 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

In Pursuit of Happiness

6 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

It’s Working... but

Selling the value of WAM with SAML and gaining adoption but not improving end-user experience

12+ million identities but silo’d

End user experience

SAML masks identity problem

Common security framework for registration

Standard WAM/SSO integration patterns and SDK

7 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Our Opportunities

ACA provides huge opportunities

Claims data mining, 100s of millions of claims

Fraud monitoring (US) 80 Billion dollars in 2014

Expose and monetize the data

IaaS/PaaS/SaaS and Hosting

Healthcare exchanges (Private and Government) and Cloud Services

8 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Business Needs IAM

IAM team now has a business partner and needs to solve for:

Optum Cloud Marketplace

Commercialization

Health Exchanges (private & public)

9 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

But We Need it Yesterday!

Now instead of selling the value of identity to the business, we run to keep up with demand

Health APIs

SaaS, PaaS, IaaS

Identity Provider

10 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

And it Better be Foolproof

Downtime can no longer be coordinated and forced upon the business. Commercial customers who expect 24x7 as other cloud providers do.

Enterprise support versus commercial support forced a change of culture

From enterprise IAM team to a commercial cloud IDP

11 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

So, What Did We Build?

We had green field to work with and great technology vendor partners

Best of Breed vended and home grown

SOAP/RESTful

Legacy to mobile

LOA3 – FICAM/MARS-E

Multi-tenancy

12 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

13 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

14 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

OID Login Screen

15 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

What’s Underneath the Hood?

Java based App on WebSphere

Multi-DC Active-Active

Abstraction SDK for all vended and custom solutions

4 million users

16 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Challenges…

Convince and on-board

Migration with end user in mind

Don’t interrupt my SSO partners

Timelines

17 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Changes to Process

Integration– Methodologies

– Teams

Implementation– Timelines

– Notifications

– Policies

– Commercialization

– Audit

18 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Changes to Services

Core– Testing

– Automation

– Monitoring

– Operation

– Reporting

Cloud– Elasticity

– Standards

– Communication

19 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Continuous Improvement

Initial Identity Provider design is 4 years old

More branding flexibility

Better user experience

Automation

REST as default for everything

Get ride of agents, identity tokens for everything

Dynamic elasticity with open shift enterprise

20 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Conclusion

Time to Market

45+ reply party apps

Growing User Community (expected to 9 million)

Consistency

Audit

Improved Standard Compliance

21 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Recommended Sessions

SESSION # TITLE DATE/TIME

SCT05S Roadmap: CA Advanced Authentication and Single Sign-On 11/18/2015 at 04:30 pm

SCT21T Tech Talk: Secure the Open Enterprise 11/19/2015 at 02:00 pm

22 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Security Innovations

Security Exhibition Area

Secure Omni-Channel Access

Security Exhibition Area

Engage Customers

Security Exhibition Area

Must See Demos

23 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

Q & A

24 © 2015 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD

For More Information

To learn more, please visit:

http://cainc.to/Nv2VOe

CA World ’15