Tag Archives: security
“If I use master data technology to create a 360-degree view of my client and I have a data breach, then someone could steal all the information about my client.”
Um, wait, what? Insurance companies take personally identifiable information very seriously. The statement is flawed in the relationship between client master data and securing your client data. Let’s dissect the statement and see what master data and data security really mean for insurers. We’ll start by level setting a few concepts.
What is your Master Client Record?
Your master client record is your 360-degree view of your client. It represents everything about your client. It uses Master Data Management technology to virtually integrate and syndicate all of that data into a single view. It leverages identifiers to ensure integrity in the view of the client record. And finally it makes an effort through identifiers to correlate client records for a network effect.
There are benefits to understanding everything about your client. The shape and view of each client is specific to your business. As an insurer looks at their policyholders, the view of “client” is based on relationships and context that the client has to the insurer. This are policies, claims, family relationships, history of activities and relationships with agency channels.
And what about security?
Naturally there is private data in a client record. But there is nothing about the consolidated client record that contains any more or less personally identifiable information. In fact, most of the data that a malicious party would be searching for can likely be found in just a handful of database locations. Additionally breaches happen “on the wire”. Policy numbers, credit card info, social security numbers, and birth dates can be found in less than five database tables. And they can be found without a whole lot of intelligence or analysis.
That data should be secured. That means that the data should be encrypted or masked so that any breach will protect the data. Informatica’s data masking technology allows this data to be secured in whatever location. It provides access control so that only the right people and applications can see the data in an unsecured format. You could even go so far as to secure ALL of your client record data fields. That’s a business and application choice. Do not confuse field or database level security with a decision to NOT assemble your golden policyholder record.
What to worry about? And what not to worry about?
Do not succumb to fear of mastering your policyholder data. Master Data Management technology can provide a 360-degree view. But it is only meaningful within your enterprise and applications. The view of “client” is very contextual and coupled with your business practices, products and workflows. Even if someone breaches your defenses and grabs data, they’re looking for the simple PII and financial data. Then they’re grabbing it and getting out. If the attacker could see your 360-degree view of a client, they wouldn’t understand it. So don’t over complicate the security of your golden policyholder record. As long as you have secured the necessary data elements, you’re good to go. The business opportunity cost of NOT mastering your policyholder data far outweighs any imagined risk to PII breach.
So what does your Master Policyholder Data allow you to do?
Imagine knowing more about your policyholders. Let that soak in for a bit. It feels good to think that you can make it happen. And you can do it. For an insurer, Master Data Management provides powerful opportunities across everything from sales, marketing, product development, claims and agency engagement. Each channel and activity has discreet ROI. It also has direct line impact on revenue, policyholder satisfaction and market share. Let’s look at just a few very real examples that insurers are attempting to tackle today.
- For a policyholder of a certain demographic with an auto and home policy, what is the next product my agent should discuss?
- How many people live in a certain policyholder’s household? Are there any upcoming teenage drivers?
- Does this personal lines policyholder own a small business? Are they a candidate for a business packaged policy?
- What is your policyholder claims history? What about prior carriers and network of suppliers?
- How many touch points have your agents and had with your policyholders? Were they meaningful?
- How can you connect with you policyholders in social media settings and make an impact?
- What is your policyholder mobility usage and what are they doing online that might interest your Marketing team?
These are just some of the examples of very streamlined connections that you can make with your policyholders once you have your 360-degree view. Imagine the heavy lifting required to do these things without a Master Policyholder record.
Fear is the enemy of innovation. In mastering policyholder data it is important to have two distinct work streams. First, secure the necessary data elements using data masking technology. Once that is secure, gain understanding through the mastering of your policyholder record. Only then will you truly be able to take your clients’ experience to the next level. When that happens watch your revenue grow in leaps and bounds.
Last week I had the opportunity to attend the Gartner Security and Risk Management Summit. At this event, Gartner analysts and security industry experts meet to discuss the latest trends, advances, best practices and research in the space. At the event, I had the privilege of connecting with customers, peers and partners. I was also excited to learn about changes that are shaping the data security landscape.
Here are some of the things I learned at the event:
- Security continues to be a top CIO priority in 2014. Security is well-aligned with other trends such as big data, IoT, mobile, cloud, and collaboration. According to Gartner, the top CIO priority area is BI/analytics. Given our growing appetite for all things data and our increasing ability to mine data to increase top-line growth, this top billing makes perfect sense. The challenge is to protect the data assets that drive value for the company and ensure appropriate privacy controls.
- Mobile and data security are the top focus for 2014 spending in North America according to Gartner’s pre-conference survey. Cloud rounds out the list when considering worldwide spending results.
- Rise of the DRO (Digital Risk Officer). Fortunately, those same market trends are leading to an evolution of the CISO role to a Digital Security Officer and, longer term, a Digital Risk Officer. The DRO role will include determination of the risks and security of digital connectivity. Digital/Information Security risk is increasingly being reported as a business impact to the board.
- Information management and information security are blending. Gartner assumes that 40% of global enterprises will have aligned governance of the two programs by 2017. This is not surprising given the overlap of common objectives such as inventories, classification, usage policies, and accountability/protection.
- Security methodology is moving from a reactive approach to compliance-driven and proactive (risk-based) methodologies. There is simply too much data and too many events for analysts to monitor. Organizations need to understand their assets and their criticality. Big data analytics and context-aware security is then needed to reduce the noise and false positive rates to a manageable level. According to Gartner analyst Avivah Litan, ”By 2018, of all breaches that are detected within an enterprise, 70% will be found because they used context-aware security, up from 10% today.”
I want to close by sharing the identified Top Digital Security Trends for 2014
- Software-defined security
- Big data security analytics
- Intelligent/Context-aware security controls
- Application isolation
- Endpoint threat detection and response
- Website protection
- Adaptive access
- Securing the Internet of Things
Columnar Deduplication and Column Tokenization: Improving Database Performance, Security and Interoperability
For some time now, a special technique called columnar deduplication has been implemented by a number of commercially available relational database management systems. In today’s blog post, I discuss the nature and benefits of this technique, which I will refer to as column tokenization for reasons that will become evident.
Column tokenization is a process in which a unique identifier (called a Token ID) is assigned to each unique value in a column, and then employed to represent that value anywhere it appears in the column. Using this approach, data size reductions of up to 50% can be achieved, depending on the number of unique values in the column (that is, on the column’s cardinality). Some RDBMSs use this technique simply as a way of compressing data; the column tokenization process is integrated into the buffer and I/O subsystems, and when a query is executed, each row needs to be materialized and the token IDs replaced by their corresponding values. At Informatica for the File Archive Service (FAS) part of the Information Lifecycle Management product family, column tokenization is the core of our technology: the tokenized structure is actually used during query execution, with row materialization occurring only when the final result set is returned. We also use special compression algorithms to achieve further size reduction, typically on the order of 95%.
Informatica recently hosted a webinar on Enterprise Data Archiving Best Practices with guest speakers, Tony Baer from Ovum and Murali Rathnam from Symantec IT. With over 600 registrations, I would say that enterprise data archiving is not hot, it is white hot. At least for Informatica. With Big Data entering the data center, organizations are looking for ways to make room – either in the budget or in the data center itself. Archiving is a proven approach that achieves both. Given the complexities and interconnections of enterprise applications, Enterprise Data Archive solutions based on market leading technologies such as Informatica Data Archive, can deliver on the value proposition while meeting tough requirements. (more…)
In this video, Rob Karel, vice president of product strategy, Informatica, outlines the Informatica Data Governance Framework, highlighting the 10 facets that organizations need to focus on for an effective data governance initiative:
- Vision and Business Case to deliver business value
- Tools and Architecture to support architectural scope of data governance
- Policies that make up data governance function (security, archiving, etc.)
- Measurement: measuring the level of influence of a data governance initiative and measuring its effectiveness (business value metrics, ROI metrics, such as increasing revenue, improving operational efficiency, reducing risk, reducing cost or improving customer satisfaction)
- Change Management: incentives to workforce, partners and customers to get better quality data in and potential repercussions if data is not of good quality
- Organizational Alignment: how the organization will work together across silos
- Dependent Processes: identifying data lifecycles (capturing, reporting, purchasing and updating data into your environment), all processes consuming the data and processes to store and manage the data
- Program Management: effective program management skills to build out communication strategy, measurement strategy and a focal point to escalate issues to senior management when necessary
- Define Processes that make up the data governance function (discovery, definition, application and measuring and monitoring).
For more information from Rob Karel on the Informatica Data Governance Framework, visit his Perspectives blogs.
This week the EMC World 2012 conference is taking place in Las Vegas. Informatica is participating as a partner continuing its commitment to the EMC Select Partnership for the Informatica ILM and MDM solutions. Informatica has continued to expand its partnership to include support for its Greenplum Hadoop distribution – mostly to support organizations needs for big data integration while making big data manageable and secure. (more…)
As a routine matter of delivering care, billing for services and operating their hospitals and physician practices, healthcare providers deal with patient’s protected health information all day, every day. Dealing with the data becomes routine and it’s easy for sometimes onerous security and privacy policies and procedures to be overlooked. While we’d all like that not to be the case, delivering healthcare (and getting paid for it) is a hugely complex undertaking and focusing exclusively on human processes and calling for constant vigilance and attention to detail can only go so far. (more…)
Security is a work-in-progress for the Apache Hadoop project and sub-projects, as I discuss as part of an O’Reilly Hadoop tutorial, “Get started with Hadoop: from evaluation to your first production cluster”. Below are several of the security tips and best practices that I discuss in that article. (more…)
Enterprises use Hadoop in data-science applications that improve operational efficiency, grow revenues or reduce risk. Many of these data-intensive applications use Hadoop for log analysis, data mining, machine learning or image processing.
Commercial, open source or internally developed data-science applications have to tackle a lot of semi-structured, unstructured or raw data. They benefit from Hadoop’s combination of storage and processing in each data node spread across a cluster of cost-effective commodity hardware. Hadoop’s lack of fixed-schema works particularly well for answering ad-hoc queries and exploratory “what if” scenarios.