Insurance

Insurance Providers

The insurance industry manages risk, and recent insurance-company data breaches demonstrate cyber security is one of the biggest. It is not only a legal and regulatory risk, but the risk of data breaches must be managed to retain customers, maintain profitability and protect executive careers.

Challenges

Insurance Data is a High-Value Target

Insurance companies are a very appealing target to hackers. According to the Pittsburgh Post Gazette:

“The value of personal financial and health records is two or three times [the value of financial information alone], because there’s so many more opportunities for fraud,” said David Dimond, chief technology officer of EMC Healthcare, a Massachusetts-based technology provider. Combine a Social Security number, birth date and some health history, and a thief can open credit accounts plus bill insurers or the government for fictitious medical care, he noted.

Multiple Vulnerabilities

Insurance provider data vulnerabilities include:

  • Customer portals
  • Credit card transactions
  • Insider threats
  • External hackers (credential acquisition)
  • Big data warehousing and applications
  • Cloud data storage
  • Employees using content management solutions
  • The need to consolidate operations and data (e.g. acquisitions)

Advanced Threats and Outdated Protection

Today’s insurance companies frequently use outdated mix-and-match security solutions while cyber criminals attack them with the most advanced cyber weapons available. Insurance companies need to update their data security with an enterprise-level solution that not only meets the most challenging compliance constraints but also delivers true security from breach. They need a solution that works:

  • With all kinds of data
  • On multiple operating systems
  • In multiple environments
  • With limited human resources, funds, hardware and software.

Solutions

The Vormetric Data Security Platform

The Vormetric Data Security Platform is the only solution with a single extensible framework for protecting data-at-rest under the diverse requirements of insurance companies across the broadest range of OS platforms, databases, cloud environments and big data implementations. The result is low total cost of ownership, as well as simple, efficient deployment and operation.

Vormetric Transparent Encryption

Vormetric Transparent Encryption provides file and volume level data-at-rest encryption, secure key management and access controls required by regulation and compliance regimes.

Vormetric Data Security Intelligence

Vormetric Data Security Intelligence provides another level of protection from malicious insiders, privileged users, APTs and other attacks that compromise data by delivering the access pattern information that can identify an incident in progress.

Vormetric Application Encryption

Vormetric Application Encryption enables enterprises to easily build encryption capabilities into internal applications at the field and column level.

Vormetric Key Management

Vormetric Key Management enables centralized management of encryption keys for other environments and devices including KMIP compatible hardware, Oracle and SQL Server TDE master keys and digital certificates.

Vormetric Tokenization with Dynamic Masking

Vormetric Tokenization with Dynamic Masking lets administrators establish policies to return an entire field tokenized or dynamically mask parts of a field. With the solution’s format-preserving tokenization capabilities, administrators can restrict access to sensitive assets, yet at the same time, format the protected data in a way that enables many users to do their jobs.

Benefits

Compliance

Vormetric security solutions are designed to help you comply with:

  • Payment Card Industry Data Security Standard (PCI DSS)

Quick and Easy to Install No Matter what your OS

Thales e-Security can work with you to install Vormetric Data Security solutions in weeks rather than months. Thales e-Security solutions work with most major operating systems, including Linux, UNIX and Windows servers in physical, virtual, cloud and big data Cardholder Data Environments (CDE).

Easy to Use

Vormetric Data Security from Thales e-Security makes it simple to address security and compliance concerns by simultaneously defending data in databases, files and Big Data nodes across public, private, hybrid clouds and traditional infrastructures. Central management of the entire data security platform makes it easy to extend data security protection and satisfy compliance requirements across the entire enterprise, growing as required, without adding new hardware or increasing operational burdens.

Doesn’t Slow System Performance

Customers typically report no perceptible impact on end-user experience when using Thales e-Security solutions. Vormetric Transparent Encryption performs encryption and decryption operations at the optimal location of the files system or volume manager taking advantage of hardware cryptographic acceleration, such as Intel® Advanced Encryption Standard-New Instructions (Intel® AES-NI) and SPARC Niagara Crypto, to speed the encryption and decryption of data.

Related Resources

Research and Whitepapers : Vormetric Data Security: Complying with PCI DSS 3.0 Encryption Rules

This white paper outlines how to use Vormetric Transparent Encryption to meet PCI DSS 3.0 Requirements with Data-at-Rest Encryption, Access Control and Data Access Audit Logs in traditional server, virtual, cloud and big data environments. The paper maps PCI DSS requirements 3, 7, 8, 9 and 10 that can be addressed with Vormetric Transparent Encryption….

Learn about the Payment Card Industry Data Security Standard (PCI DSS) 3.0 compliance rules and how Vormetric Transparent Encryption helps achieve PCI DSS encryption and key management compliance by protecting both structured and unstructured data in traditional server, virtual, cloud and big data environments.

Discover how:

  • PCI DSS 3.0 compliance mandates challenge organizations accepting payment card information
  • Policy-based encryption protects stored cardholder data and ensures that only authorized users and services can encrypt and decrypt the data (Requirement 3)
  • Restrict access to cardholder data by business need to know with controls that deliver least privileged access (Requirement 7)
  • Restrict, track and monitor access to cardholder data encryption protects cardholder data on servers, all cardholder data access is monitored and logged (Requirement 9 and 10)

View the whitepaper and learn about how Vormetric can help you comply with compliance rules today.

Download

Research and Whitepapers : Fieldfisher: 2014 Global Compliance: The legal obligations for encryption of personal data in the United States, Europe, Asia and Australia

Updated for 2014, this document examines the global legal obligations to encrypt personal data – included both national and industry drivers. National focuses include the EU (the United Kingdom, France, Germany and Spain), the USA, Asia (Singapore, South Korea, Japan and Taiwan) and Australia….

Driven on by relentless news about security breaches and data loss, law makers and regulators the world over are increasingly engaged in implementing new legal frameworks and defining new obligations for data security. Prominent within recent legal developments has been a focus on encryption and access control, not only of portable equipment and storage media, but also of databases, unstructured data, the Cloud and application data. Financial industry requirements driven by standards such as PCI-DSS are also a strong focus.

In this white paper (The legal obligations for encryption of personal data in the United States, Europe, Asia and Australia) you will learn about:

  • Global Compliance requirements to deploy encryption technologies to protect personal data
  • The legal framework for Data Security in the US, Europe, Asia and Australia
  • How seriously the law in different countries treats security breaches
  • Financial industry compliance requirements around encryption and access controls that are common across the globe
Download