July 19, 2016

Security is hardly a new concern for insurance companies, but heres a reality check: With the explosion of data and insurers efforts to leverage and manage it, the industry does not have any mature means of securing traditional and Big Data.

Very few organizations realize they need to address data security in a systematic fashion. Part of the problem is that IT is playing catch-up with the business. Insurers business models are changing rapidly and so are the related security requirements. But are IT organizations putting the same rigor into ensuring data security that they are into supporting new business models?

Growing volume, variety and velocity of data adds to the complexity of data management. Earlier, there used to be only one kind of data to manage and secure, but today you have to deal with both structured and unstructured data.

Just getting your arms around traditional and newer forms of data will be a sign of progress. However, improving data security is not only about investing in products and tools. Here are three principles that should guide how you tie your data security investments to business goals:

    1. Its All About Culture                                                                                                                                              Your most important priority should be changing your corporate culture to understand both         business model changes and the limitations of the technology intended to deal with them. ITs         response can be perceived as at odds with other business priorities. The lines of business often         perceive systems and controls imposed by IT as impeding speed to market – a mindset that         must change. It has to be an all around culture, where products are launched quickly but you                     also keep customer data confidential and there is no data loss. This means avoiding dangerous                   short cuts such as using production data for testing.

    2Keep Your House in Order
        Security has to be comprehensive, the same as keeping your home safe. You should know which         door might be weak, or if a window needs to be locked. You should take the same approach with         data.  Implement controls to protect your data against breaches in the same way youd install         locks  or barriers to keep intruders out of your home. A large or even medium organization will         have anywhere from 3,000 to 5,000 applications running and many of these applications are                     owned by more than one group or unit. Many insurers have built monstrous repositories that                     get all the data from back-end and policy administration systems. With so much business                           conducted on online platforms, when it comes to data, insurers have security vulnerabilities pretty           much everywhere. And hackers dont need the code information to access this critical  information—         all they need are tentacles to obtain the complete persona of a customer.

    3Focus on Protecting the Persona
        It is essential that you approach data holistically. Instead of securing isolated bits and pieces of         information, concentrate on personal identifiers all the data that provides a more complete picture         of each insured. There are many ways to get information about someone bank account or         Social Security number, or type a name into Google, Skype or LinkedIn — which is why you         have to focus on a comprehensive persona when it comes to securing the data. After all,                             insurance and healthcare policy data has a higher value on the black market than bank account                 information.

Constantly monitor and audit data footprints, specifically regarding Personal identifiable Information (PII) or Personal Health Information (PHA). You need to know everything – what (what PII), where (which applications, services, data stores/inventory), how much (volume), how (how information comes in, goes out, moves within and outside the organization), who (who needs it, who accessed it, who tried to access it), when (frequency of access), and why (reasonable access, privileged versus open access, relevance to a role).

In short, improving data security is not a one-time activity. It requires a holistic, ongoing approach that brings together business and IT. How are you going to achieve this?

Read our whitepaper, titled ‘Extracting Value from Healthcare Data: An Analysis of Industry Leading Data Models‘ that discusses three industry-leading data models that enable seamless flow of information between stakeholders in the healthcare ecosystem to deliver patient-centric and accountable care.

Tags
Data And Analytics
Viswanathan Ganapathy
Viswanathan Ganapathy

Viswanathan Ganapathy is part of the Technology Excellence Group (TEG) in the Healthcare Industry Solutions Unit at Tata Consultancy Services (TCS). He conceptualizes new strategic solutions and platforms for healthcare clients including payers, integrated payer-providers, specialty providers, and pharmacy benefit management companies. Ganapathy has 25 years of industry experience in technology, solutions, and consulting with a special focus on data security. He has an MBA with a specialization in Healthcare from the Yale School of Management, Yale University, New Haven.

Related Posts
Insurance Next

Blockchain-for-Insurance Applications: How Should Global Insurers Respond?

Blog Author Image
Pratap Tambe
April 5, 2018
Insurance Next

Time to Rethink Your Analytics Strategy?

Blog Author Image
Katherine Burger
November 23, 2016
Insurance Next

What’s Holding Back Your Big Data and Analytics Efforts?

Blog Author Image
S Rajesh
July 5, 2016