DATA FELON’S NEXT TARGET: INSURANCE FIRMS

Authored article by Rahul Kumar, Country Manager, WinMagic

Consumers’ trust in the financial sector throughout the years has always been high. This trust seeps into the insurance sector as well, partly owing to the perception of the sustained performance of banking and insurance firms. Interestingly though—according to a Capgemini study—a whopping 83 percent of consumers also trust banks and insurers when it comes to their data, with just 3 percent believing that their bank or insurer had ever suffered a breach. However, within that same survey of banking and insurance firms worldwide, just 21 percent of banking executives claimed to be highly confident in their ability to detect a cybersecurity breach. Worse, 26 percent of financial institutions acknowledged having been the victim of a breach.  An intriguing, yet disturbing realization.

This growing menace of data breaches spurred India’s insurance sector regulator, the Insurance Regulatory and Development Authority of India (IRDA), to issue guidelines for insurance firms, which included the need to appoint a chief information security officer (CISO) by April 30, 2018. The main role of the officer would be to articulate and enforce policies to protect information assets, including the creation of internal an Information Security Committee (ISC) in each organization. The guidelines cover aspects relating to data, applications, operating systems and network layers; security audit; and other legal aspects.

Vulnerabilities are evident

In the insurance sector, data is a rich target of theft and misuse.  Insurers share significant amounts of personal policyholder information and health-related information with third parties, increasing the risk of a breach.  Notwithstanding such huge transfer of information taking place, insurance repositories, call centres and service centres have access to sensitive policyholders’ data. Information sharing is essential for conducting insurance business operations. Therefore, to ensure that adequate systems and procedures are in place, rules relating to information sharing must be part standard operating procedures.

It is high time that insurance companies take proactive steps to enhance security and privacy. The above survey findings highlight the need for data-centric approaches like encryption and encryption key management to mitigate the impact of any breach. Moreover, threats also have an increasingly larger attack surface to target, thanks to the burgeoning virtualized and cloud applications, and this brings to focus not only protection for end-point devices, but also virtual servers, public, private, and hybrid clouds, and the Virtual Machines that run on them.

As the cost of a breach, through lost customers, revenue and business, is rising dramatically, insurers need to assess their data security preparedness regularly. The issue of security takes on more urgency with the new EU General Data Protection Regulation (GDPR), which will come into force in a few months and change how companies handle data. GDPR requires that financial organizations reveal a data breach within 72 hours after the incident. The issue of GDPR takes on added significance as most of the private insurance firms have tie-ups with foreign companies.

It is quite a revelation to note that, in the banking and insurance sector, security concerns deter nearly half of consumers (47%) from using digital channels, and 74% of them would switch their bank or insurer in the event of a data breach. Therefore, proper privacy protections offer a strategic business advantage over non-compliant firms. Building the reputation for data privacy is definitely challenging, and preparing the proactive security defences is no easy task, but it can be made much easier with the right tools.

Complying with IRDA’s guidelines to safeguard data

To deal with growing data requirements, tools such as WinMagic’s SecureDoc Enterprise Server and SecureDoc CloudVM provide a common platform to control all aspects of data security as mandated by IRDA’s requirements, including:

  • Unified physical, virtualized, and cloud data security under one solution, reducing operation & time costs associated with managing multiple data security solutions
  • VM-level encryption for virtualized servers and cloud, offering the persistent encryption required for data portability
  • Visibility and control required to strengthen data security compliance efforts through a single console view providing audit, discovery, encryption and key management
  • Eased scalability with easily deployable licenses, supporting any of a customer’s growth or burst needs – no matter what speed, or scale
  • Support for the public, private and hybrid cloud solutions, keeping your data secure as it moves
  • Segregated protection for production and non-production workloads with secured data at the logical level, and against the virtual storage
  • Intelligent policy engine that prevents unapproved copying and snapshots or relocation of VMs outside a customer’s stated boundaries
  • Authentication with enterprise data privacy control to ensure confidentiality, integrity, availability and privacy of the data collected, processed, stored and disposed through cloud services
  • Crypto Erase capability to terminate and remove all security credentials to prevent access to removed data

A common security platform provides you less complexity, more flexibility, and higher security, without cloud platform lock-in. SecureDoc CloudVM’s intelligent key management capability increases visibility and strengthens data security within virtual environments.

With a strong policy engine, SecureDoc Enterprise Server helps you in controlling the encryption key management system across a vast array of layers including endpoints, file servers, physical and virtual servers, cloud, enterprise file sync and share (EFSS) solutions, virtual desktop infrastructure, and Internet of Things (IoT) instances.

The time is now for insurance firms embrace encryption and unified key management to protect data wherever it may be in their organizations. From desktops to servers, data centers to the cloud, build out your uniform data security approach – reducing complexity and data security silos in your organization.