Security is hardly a new concern for insurance companies, but heres a reality check: With the explosion of data and insurers efforts to leverage and manage it, the industry does not have any mature means of securing traditional and Big Data.
Very few organizations realize they need to address data security in a systematic fashion. Part of the problem is that IT is playing catch-up with the business. Insurers business models are changing rapidly and so are the related security requirements. But are IT organizations putting the same rigor into ensuring data security that they are into supporting new business models?
Growing volume, variety and velocity of data adds to the complexity of data management. Earlier, there used to be only one kind of data to manage and secure, but today you have to deal with both structured and unstructured data.
Just getting your arms around traditional and newer forms of data will be a sign of progress. However, improving data security is not only about investing in products and tools. Here are three principles that should guide how you tie your data security investments to business goals:
1. Its All About Culture Your most important priority should be changing your corporate culture to understand both business model changes and the limitations of the technology intended to deal with them. ITs response can be perceived as at odds with other business priorities. The lines of business often perceive systems and controls imposed by IT as impeding speed to market – a mindset that must change. It has to be an all around culture, where products are launched quickly but you also keep customer data confidential and there is no data loss. This means avoiding dangerous short cuts such as using production data for testing.
2. Keep Your House in Order
Security has to be comprehensive, the same as keeping your home safe. You should know which door might be weak, or if a window needs to be locked. You should take the same approach with data. Implement controls to protect your data against breaches in the same way youd install locks or barriers to keep intruders out of your home. A large or even medium organization will have anywhere from 3,000 to 5,000 applications running and many of these applications are owned by more than one group or unit. Many insurers have built monstrous repositories that get all the data from back-end and policy administration systems. With so much business conducted on online platforms, when it comes to data, insurers have security vulnerabilities pretty much everywhere. And hackers dont need the code information to access this critical information— all they need are tentacles to obtain the complete persona of a customer.
3. Focus on Protecting the Persona
It is essential that you approach data holistically. Instead of securing isolated bits and pieces of information, concentrate on personal identifiers all the data that provides a more complete picture of each insured. There are many ways to get information about someone bank account or Social Security number, or type a name into Google, Skype or LinkedIn — which is why you have to focus on a comprehensive persona when it comes to securing the data. After all, insurance and healthcare policy data has a higher value on the black market than bank account information.
Constantly monitor and audit data footprints, specifically regarding Personal identifiable Information (PII) or Personal Health Information (PHA). You need to know everything – what (what PII), where (which applications, services, data stores/inventory), how much (volume), how (how information comes in, goes out, moves within and outside the organization), who (who needs it, who accessed it, who tried to access it), when (frequency of access), and why (reasonable access, privileged versus open access, relevance to a role).
In short, improving data security is not a one-time activity. It requires a holistic, ongoing approach that brings together business and IT. How are you going to achieve this?
Read our whitepaper, titled ‘Extracting Value from Healthcare Data: An Analysis of Industry Leading Data Models‘ that discusses three industry-leading data models that enable seamless flow of information between stakeholders in the healthcare ecosystem to deliver patient-centric and accountable care.