Case Study A Municipal Energy Utility s Steps towards Digital Transformation

Size: px

Start display at page:

Download "Case Study A Municipal Energy Utility s Steps towards Digital Transformation"

Sarah Hamilton
5 years ago
Views:

1 White Paper Security Case Study A Municipal Energy Utility s Steps towards Digital Transformation Upgrading a municipal power utility s Web presence to serve the needs of their digital customers can be a daunting task, especially for a major metropolitan area with a half-million power consumers. Starting with a foundation of effective user authentication and data access management, this municipal energy utility (MEU) was able to smoothly transition from paper-based consumers to digital consumers on the first try.

2 We were trying to implement a basic My Account Web site where customers could login and pay their bill. What we needed was to have some kind of secure authentication mechanism that could help us do that. We chose Access Manager. CARL F. Project Manager MEU Company Overview To respect customer security, regulation, and city policy this document will refer to the city utility as Municipal Energy Utility (MEU), and to the project manager as Carl. MEU provides energy for nearly a half-million customer accounts representing a large metropolitan area and serving an equally broad variety of customers from residential apartments to commercial establishments. As a municipal utility operating under strict procedural and budgetary constraints they needed to spin up a service that was simple, secure, scalable, and rock-solid. Their internal environment centers around an LDAP based set of services used to extend access management controls and application proxies. While all customer information and usage data are maintained on their secure network, MEU also takes advantage of third party services for energy usage analysis and payment services. This lets them offer best-in-breed information and data security while minimizing the city s exposure to PCI and other regulatory requirements. 1

White Paper Case Study A Municipal Energy Utility s Steps towards Digital Transformation We have improved the experience over the years; we rewrote the front-end a few times.

3 White Paper Case Study A Municipal Energy Utility s Steps towards Digital Transformation We have improved the experience over the years; we rewrote the front-end a few times. But the process the backend authentication and forwarding of LDAP prerogatives has not. CARL F. Project Manager MEU Phase 1: Core Online Services The initial goal was to create a simplified Web-based account access and bill-pay service to supplement and extend existing phone- and paper-based sign up, energy turn-on/off, and billing services. This My Account portal would provide customers with current energy usage, alerts and notifications, comparative energy usage analysis tools, usage reduction tips, payment history and summaries, and billpay services for their current balance. More importantly, the My Account portal needed to be extensible to easily enable additional services to be offered as they became available, whether on-site maintenance or landlord notifications. Those services needed to be keyed the customer type and location, and feed directly into the billing system. 2

We actually accelerate the thirdparty service behind Access Manager, so the customer has the impression that they never leave our site. It s a MEU experience from A to Z. CARL F.

4 We actually accelerate the thirdparty service behind Access Manager, so the customer has the impression that they never leave our site. It s a MEU experience from A to Z. CARL F. Project Manager MEU Extending the Existing CIS System for Web Access Whether by paper application or online form, initial customer sign-up uses manual customer verification before those records are entered into the customer information system (CIS). This ensures that account data is both clean and complete and provides service technicians with the information needed for manual service turn-on. Working with their system design consultant, MEU implemented a new directory tree and populated it with all unique customer accounts from their existing CIS database. Using secure backend access management tools, new accounts are replicated to the online portal tree as they re entered into the CIS and service is turned on for the customer. This enables account number, customer name and address, and customer ID and contact information to be used in My Account sign-up form to effectively secure online account creation and verify customer identity. When customers sign up for Web access, their online account is already linked to the backend CIS via LDAP to provide instant access to relevant data, including current energy usage and payment history. Because the process leverages robust network identity and access management services already set up behind the firewall, data exchange is fully secured and it becomes possible to create an optimized customer experience through the My Account portal. 3

White Paper Case Study A Municipal Energy Utility s Steps towards Digital Transformation By leveraging advanced backend customer identification and authentication tools in conjunction with

5 White Paper Case Study A Municipal Energy Utility s Steps towards Digital Transformation By leveraging advanced backend customer identification and authentication tools in conjunction with application access management and data control tools, MEU has the core services in place to become a onestop shop for municipal energy services. Letting Customers Track Energy Usage A major benefit of the My Account portal is to supply current usage statistics and enable customers to compare their usage with similar households both in their local area and nationwide. Another benefit is the ability to set alerts on both energy usage and billing dates as well as providing access to tips and tricks for reducing energy usage so customers can stay ahead of the game. By aggregating both information and application features under the My Account portal, customers have complete access to relevant information. While much of that capability is a matter of local files and simple Web scripts, MEU chose to use an external service provider for the usage analysis tools. That gave customers access to nationwide data and comparative usage statistics without requiring internal resources for data collection or maintenance. Using access management tools, the My Account application itself brokers the data exchange and feeds only usage data to the service, not customer identity. The result is that the customer stays within the My Account portal s environment and is never exposed to the external vendor. MEU remains the authoritative source for the customer s experience. 4

6 Automating Bill Pay The primary goal of the My Account portal is to enable simple, secure payment services for the customer s current energy bill. MEU chose to do this through an external vendor to ensure best-of-breed security and to shield the city from liability for either customer financial data or regulatory requirements around secure financial transactions. The nature of the transaction requires a full hand-off of the customer from the My Account portal to the vendor s own secured site. This ensures that the transaction itself is fully secured by the expert vendor and that city never sees credit card or other financial data. To enable that secure hand-off, MEU provides the vendor with a minimal data set keyed off of the customer account number to protect customer identity. They also received a set of tokens from the payment vendor to secure the hand-off. Since customer identity is already verified in the My Account portal through Identity Manager which is tied to the CIS, the process is both simplified and secured. When the authenticated customer requests bill-pay the My Account portal initiates a connection with the financial service and exchanges a token along with the account number to secure the connection. The customer then leaves the My Account portal entirely and that connection is terminated until they reauthenticate after completing the transaction. When the transaction is complete, the financial vendor initiates a return connection, exchanges tokens, and ships a completion flag back to the My Account portal keyed to the customer account number, which is then passed back to the CIS through backend access management tools. The only data stored by MEU is payment status, thus protecting both the customer and the city. 5

White Paper Case Study A Municipal Energy Utility s Steps towards Digital Transformation Phase 2: Extended 311 Energy Services In addition to energy, MEU also provides or brokers a variety of

7 White Paper Case Study A Municipal Energy Utility s Steps towards Digital Transformation Phase 2: Extended 311 Energy Services In addition to energy, MEU also provides or brokers a variety of energy-related services for both residential and commercial customers. The centralized My Account portal lets MEU offer a unified Customer Care experience that provides users with access to both information and services for all customer types. This capability is based on the fact that customers, businesses, and contractors are verified before their data is entered into the backend CIS and service provider management applications. This validated data then enables a custom online experience optimized to their particular needs. By leveraging this rich data for each customer and supplier, MEU is able to provide transparent access to both current services and future possibilities through a simple, consistent, and convenient Web interface. Service Turn On/Turn Off Since customer identity is established at login MEU is able to offer fully automated energy turn-on and turn-off services. New customers can sign up for service and schedule turn-on using simple Web forms. Just as importantly, customer demographic and income data can be captured to enable MEU to make automated recommendations for financial assistance, maintenance, and additional service plans. As new programs become available, they can be easily added. Existing customers can schedule service turn-off and make final payments directly from the Customer Service portal, simplifying a multi-step process and enabling both time and cost saving on both sides of the transaction. Onsite Maintenance Plans MEU s most popular service is an onsite appliance maintenance plan essentially a parts and labor warrantee for relevant existing appliances. Because customers are already verified in the Customer Service portal sign-up is both easy and automated. New services are automatically added to the customer s bill and they are provided with clear instructions on how to initiate a service call. While currently a largely manual offering, underlying identity and data access management tools open up the possibility of automated service scheduling and contractor notification. Since both sides of the transaction are secured and validated, this enables increasingly automated services for a marginal maintenance cost. 6

Landlord Cooperation and Protection Because of secure data aggregation and access controls, the city is able to create additional services such as lien notification for landlords.

8 Landlord Cooperation and Protection Because of secure data aggregation and access controls, the city is able to create additional services such as lien notification for landlords. The property owner can sign up through the Web portal for notification if any of their tenants fail to pay city energy utilities. That gives them the ability to follow up with their tenants to avoid having a lien filed against the property for non-payment, thus protecting them from unexpected problems when they decide to sell the property. 7

White Paper Case Study A Municipal Energy Utility s Steps towards Digital Transformation On to the Future Currently, the entire customer experience happens in a Web browser using active page tools

9 White Paper Case Study A Municipal Energy Utility s Steps towards Digital Transformation On to the Future Currently, the entire customer experience happens in a Web browser using active page tools that detect the user s device and ship an appropriate UI. Future plans include building apps for mobile devices (and other emerging technologies) to provide both account management and service requests, as well as offering additional services through third party providers, but delivered under the umbrella of MEU. By leveraging advanced backend customer identification and authentication tools in conjunction with application access management and data control tools, MEU has the core services in place to become a one-stop shop for municipal energy services, no matter who provides those services. That both enables customer satisfaction and supports city-wide economic development. Just as importantly, MEU is not required to poke a new hole in their firewall for each new service application. By starting with a secure foundation of identity and access management, they can spin up as many services as needed with no additional exposure because much of the work is handled behind the firewall after secure authentication and identify verification. That gives them the power to spin up any useful service with a minimum of customization or security exposure a win-win all around. 8

10 Additional contact information and office locations: M 07/ Micro Focus or one of its affiliates. Micro Focus and the Micro Focus logo, among others, are trademarks or registered trademarks of Micro Focus or its subsidiaries or affiliated companies in the United Kingdom, United States and other countries. All other marks are the property of their respective owners.