Default banner

Data Security Solutions for Insurance Providers

Thales helps insurance companies meet security requirements for their most sensitive data wherever it is created, shared and stored.

Insurance providers

The insurance industry manages risk, and recent insurance-company data breaches demonstrate cyber security is one of the biggest legal and regulatory risks. However, insurance providers must also reduce the risk of data breaches to retain customers, maintain profitability and protect executive careers.

CipherTrust data security platform

 

  • Challenges
  • Solutions
  • Benefits

Insurance data is a high-value target

Insurance companies are a very appealing target to hackers. According to the Pittsburgh Post Gazette:

“The value of personal financial and health records is two or three times [the value of financial information alone], because there are so many more opportunities for fraud,” said David Dimond, Chief Technology Officer of EMC Healthcare, a Massachusetts-based technology provider. Combine a social security number, birth date and some health history and a thief can open credit accounts plus bill insurers or the government for fictitious medical care, he noted.

Multiple vulnerabilities

Insurance provider data vulnerabilities include:

  • Customer portals
  • Credit card transactions
  • Insider threats
  • External hackers (credential acquisition)
  • Big data warehousing and applications
  • Cloud data storage
  • Employees using content management solutions
  • The need to consolidate operations and data (e.g. acquisitions)

Compliance

Insurance providers have multiple compliance needs, including:

Advanced threats and outdated protection

Today’s insurance companies frequently use outdated mix-and-match security solutions while cyber criminals attack them with the most advanced cyber weapons available. Insurance companies need to update their data security with an enterprise-level solution that not only meets the most challenging compliance constraints but also delivers true security from breach. They need a solution that works:

  • With all kinds of data
  • On multiple operating systems
  • In multiple environments
  • With limited human resources, funds, hardware and software.

CipherTrust data security platform

The CipherTrust data security platform is an extensible infrastructure that delivers centralised key and policy management for a suite of data security solutions that secure your organisation’s sensitive and regulated data wherever it resides. The result is low total cost of ownership, as well as simple, efficient deployment and operation.

CipherTrust transparent encryption

CipherTrust Transparent Encryption provides file and volume level data-at-rest encryption, secure key management and access controls required by regulation and compliance regimes.

CipherTrust security intelligence

CipherTrust security intelligence provides another level of protection from malicious insiders, privileged users, APTs and other attacks that compromise data by delivering the access pattern information that can identify an incident in progress.

CipherTrust application data protection

CipherTrust application data protection enables enterprises to easily build encryption capabilities into internal applications at the field and column level.

CipherTrust key management

CipherTrust key management enables centralised management of encryption keys for other environments and devices including KMIP compatible hardware, Oracle and SQL Server TDE master keys and digital certificates.

CipherTrust tokenisation with dynamic masking

CipherTrust tokenisation with dynamic masking lets administrators establish policies to return an entire field tokenised or dynamically mask parts of a field. With the solution’s format-preserving tokenisation capabilities, administrators can restrict access to sensitive assets, yet at the same time, format the protected data in a way that enables many users to do their jobs.

Compliance

CipherTrust security solutions are designed to help you comply with:

  • Payment card industry data security standard (PCI DSS)
  • State data breach notification laws
  • National data protection and privacy laws
  • Sarbanes-Oxley, GLBA, Basel III
  • USA Patriot Act
  • The US Federal government’s mandate for encryption
  • Common criteria
  • Others that will arise

Quick and easy to install no matter what your OS

Thales can work with you to install CipherTrust data security solutions in weeks rather than months. Thales solutions work with most major operating systems, including Linux, UNIX and Windows servers in physical, virtual, cloud and big data cardholder data environments (CDE).

Easy to use

CipherTrust data security from Thales makes it simple to address security and compliance concerns by simultaneously defending data in databases, files and big data nodes across public, private, hybrid clouds and traditional infrastructures. Central management of the entire data security platform makes it easy to extend data security protection and satisfy compliance requirements across the entire enterprise, growing as required, without adding new hardware or increasing operational burdens.

Doesn't slow system performance

Customers typically report no perceptible impact on end-user experience when using Thales solutions. CipherTrust transparent encryption performs encryption and decryption operations at the optimal location of the files system or volume manager taking advantage of hardware cryptographic acceleration, such as Intel® Advanced Encryption Standard-New Instructions (Intel® AES-NI) and SPARC Niagara Crypto, to speed the encryption and decryption of data.