Opportunity | Protecting Critical Policyholder Data

The customer is a digital insurance carrier that offers life insurance and annuities to policyholders globally. The company has expanded by purchasing portfolios from other insurance companies.

Data protection plays a crucial role in every acquisition the insurer undertakes, as the company needs to handle and store personally identifiable information (PII) for each new set of customers’ portfolios and policies. “De-identifying data is key for our business,” explains the Chief IT Architect. “We have a lot of self-service digital portals that customers use for onboarding and registration, and the portals collect PII like social security and date of birth. We must validate that onboarding technology solutions work as expected through functional or integration testing.” Safe data management is also critical because DataMasque must protect against data breaches and meet regulatory compliance.

The insurer previously relied on an inefficient manual process for data masking non-production data, which involves modifying data to ensure usability for authorized individuals while rendering it worthless to unauthorized users.

“We had to schedule time to talk to our security team and chief information security officer, and then create documentation, which took a long time,” says the Chief IT Architect. “We wanted to save time by finding a solution that could automatically de-identify PII.”

Solution | De-Identifying Sensitive Data with DataMasque on AWS

After evaluating several data masking technology providers, the insurer selected DataMasque, an Amazon Web Services (AWS) Partner that provides a data de-identification and obfuscation solution on AWS. DataMasque identifies sensitive data in production databases and substitutes it with functional, consistent values before the data exits production. “DataMasque could integrate seamlessly with our growing AWS environment,” said the Chief IT Architect. “We also appreciated how DataMasque de-identifies the data in the production tier, so data never moves from production to non-production.”

The insurer selected DataMasque for its ability to apply de-identification rules consistently across all data sources, ensuring uniform data masking. The insurer already used Amazon Simple Store Service (Amazon S3) and Amazon DynamoDB for storing customer and policy data, so it was an easy process to implement DataMasque on AWS. Moreover, DataMasque employs AWS CloudFormation to process unmasked but encrypted Amazon Relational Database Service (Amazon RDS) production snapshots, creating encrypted, masked snapshots suitable for non-production environments.

DataMasque enhances the consistency of masking across various data stores for the insurer. “DataMasque allows us to centralize and standardize our previously disparate data storage solutions,” commented the IT Architect. “Consistency is important because masked, de-identified data can alter its meaning when it crosses boundaries.”

Outcome | Reducing the Potential for Breaches and Saving Time through Automation

Switching to DataMasque on AWS has provided the insurer with stronger protection against data breaches and potential revenue loss. “Using DataMasque on AWS, we’ve reduced our cyberattack radius by reducing the number of people who have access to PII,” said the IT Architect. “This improvement in our overall security posture helps us mitigate risk and simplifies our management of regulatory compliance.”

Furthermore, the insurer has streamlined its data masking workflow, accelerating data preparation for de-identification. “Previously, we had to spend a lot of time on custom development for data masking, and then we had to validate assumptions with privacy and security,” explained the IT Architect. The organization also plans to use DataMasque to automate machine learning models. “Automation will enable us to pause, review, and release models to production more confidently, as we will have greater familiarity with the actual data modeling process. This will have a significant impact on our financials and our overall business performance.”