APAC CIOOutlook

Advertise

with us

  • Technologies
      • Artificial Intelligence
      • Big Data
      • Blockchain
      • Cloud
      • Digital Transformation
      • Internet of Things
      • Low Code No Code
      • MarTech
      • Mobile Application
      • Security
      • Software Testing
      • Wireless
  • Industries
      • E-Commerce
      • Education
      • Logistics
      • Retail
      • Supply Chain
      • Travel and Hospitality
  • Platforms
      • Microsoft
      • Salesforce
      • SAP
  • Solutions
      • Business Intelligence
      • Cognitive
      • Contact Center
      • CRM
      • Cyber Security
      • Data Center
      • Gamification
      • Procurement
      • Smart City
      • Workflow
  • Home
  • CXO Insights
  • CIO Views
  • Vendors
  • News
  • Conferences
  • Whitepapers
  • Newsletter
  • Awards
Apac
  • Artificial Intelligence

    Big Data

    Blockchain

    Cloud

    Digital Transformation

    Internet of Things

    Low Code No Code

    MarTech

    Mobile Application

    Security

    Software Testing

    Wireless

  • E-Commerce

    Education

    Logistics

    Retail

    Supply Chain

    Travel and Hospitality

  • Microsoft

    Salesforce

    SAP

  • Business Intelligence

    Cognitive

    Contact Center

    CRM

    Cyber Security

    Data Center

    Gamification

    Procurement

    Smart City

    Workflow

Menu
    • Insurance
    • Cyber Security
    • Hotel Management
    • Workflow
    • E-Commerce
    • Business Intelligence
    • MORE
    #

    Apac CIOOutlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIOOutlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    Editor's Pick (1 - 4 of 8)
    left
    InsurTech and the Benefit to the Business

    Brendan Mills, CIO, nib Group

    Diverse Environment Presents Challenges, Opportunities

    Helen Attenborough, CIO, Asia Pacific & Latin America, QBE Insurance

    Establishing Trust from Business Stakeholders

    Ash Shah, Regional P&C CIO and Chief of Staff, AXA, Asia Region

    Reinventing Capabilities Across Insurance Value Chain

    Raymond J Oral, CIO, CNA Insurance

    Innovation challenges and the Insurance Broker

    John Petersen, CIO, Heffernan Insurance Brokers

    Technology as Key Driver for Reduced Insurance Cost

    Paul Brady, VP & CIO, Arbella Insurance Group

    Enterprise Mobility: Still Needs a Sound Business Case

    Henkten Bos, CIO, Ageas Insurance Company (Asia) Ltd

    Consumer Insight, Experimentation and Other Winning Strategies for the Insurance Disruption Game

    Louise Billmeyer, VP & CIO, Principal Financial Group

    right

    Understanding Insurance Security

    Sean Murphy, VP & CISO, Premera Blue Cross

    Tweet
    content-image

    Sean Murphy, VP & CISO, Premera Blue Cross

    Traditionally, the healthcare industry has been reluctant to embrace the cloud. In many cases, for good reason. There were unclear supplier obligations under HIPAA along with sketchy access and data control provisions that really slowed adoption. Over the last few years, these concerns have begun to be addressed, especially in terms of large cloud service providers, I think healthcare organizations have started to embrace the benefits of cloud computing. From a security perspective, cloud actually improves security in some ways over on-premise environments. I find that large cloud computing suppliers can provide more cost-efficient robust physical security controls, better access to highly-qualified security personnel, and best-in-class security assets. Additionally, I can expect better vulnerability management as critical updates are done with improved consistency. Another benefit is in the area of asset, data availability and recovery. In “as a service” (XaaS) models, the cost benefit for business resiliency and disaster recovery are very attractive.

    The first challenge is in determining real value. Security requirements are most often cited as meeting with resistance from business and even IT decision makers. But candidly, my experience is that many challenges are self-inflicted wounds coming from security technology that promises more than it can deliver. The business remembers these false starts and develops a reluctance to fund every new, shiny security technology without demonstrated value. Therefore, implementation of new security technology must better address the “people, process, technology” triad. Solutions implemented without personnel trained to use them will run inefficiently or sit idle. Security and business processes cannot operate independent of each other. Security must be built into business and IT initiatives. At the same time, security must be savvy about business processes and IT production service levels to facilitate availability and uptime.

    And last, new security technology and security requirements are a reality of the insurance business, especially healthcare insurance. So, we have to make sure we optimize what we already have. From there, we always need to make sure additions are complementary and measurably reduce risk by maturing our security capabilities.

    Quick Tips for Security

    It starts with understanding the business. From there, I would say understand the risk. So, the first step is to know which risks are most important to the insurance sector and address them explicitly. The second step is to innovate around integration of devices or singular “point” solutions.

    One device that can protect, detect, and recover up and down the entire Open Systems Interconnection (OSI) model is innovation I am interested in seeing. Ultimately, I need to have one view and machine-level learning of the threat intelligence provided by internal and external monitoring and alerting systems. Negotiating APIs with various vendors with niche solutions is a non-starter.

    Where is Insurance Security Heading?

    Keeping with the theme of integration, optimization, and cloud adoption, I would expect to see in the near future, better technology around extending and preserving corporate security policies in cloud environments, especially around Cloud Access Security Brokers (CASB) and Identity and Access Management (IAM) technology. This is because of the hybrid nature of on-premise environments being interconnected to multiple large cloud providers and increasingly more connected IoT. We have to look for the best options to maintain and enforce efficient policies in all the environments in a seamless and transparent way.

    Over the course of my career, I have learned three lessons. First, healthcare information security is different. To effectively apply enterprise information security to a healthcare organization, you really have to understand healthcare, particularly the physician workflow and patient safety impact of security changes.

    Second, training and awareness efforts remain highly important and effective. Credentialed users (or the valid credentials of users) are the start of a majority of data breaches. Rather than approaching end users as the root cause of the problem, you need to enlist their help as the first line of defense and first responders. It really comes down to an organizational culture of security being everyone’s responsibility, not just the niche of Information Security or even the IT department.

    The third lesson has to do with the evolution of the CISO’s role within an organization. With the advancement of the role to the C-suite comes newer responsibilities of decision-making. The business acknowledges the value in integrating good security up front and top down rather than as an afterthought in business partner relationships, vendor management, system development, and technology procurement.

    Integration is Key to Cost-efficiency

    The best way technology can be used to mitigate rising security solution costs is to integrate multiple solutions into one and reduce the human interface requirement. Combine into one system the capabilities to protect network resources, monitor, and alert on network traffic, and then remediate and recover network assets to minimize downtime. However, the complexity of that single system should not demand an inordinate increase in personnel to run the solution. as it just substitutes one cost with another.

    Additionally, security solutions can automate manual tasks and learning to more quickly assimilate and take action on threat intelligence streams against data that is gathered within the environment. Big data and Artificial Intelligence (AI) represent exciting opportunities for creating force multipliers versus each new solution requiring a manpower tradeoff or increased personnel to operate, refine, and orchestrate.

    I think you need to answer two questions every day―So what? And, what else? When we do a periodic assessment of our security tools inventory, one of the key components is looking at the data the devices give us. They all generate gobs of data in reports. Does any of that data actually measure added security or reduced risk? The tough task is determining “so what?” At every level of analysis (tactical,

    operational, strategic) you have to know the answer. The “what else?” question measures the value we are getting now and forecasts additional capabilities we can gain from our tools.

    Recently, we embarked on a tools rationalization view of our environment against the Center for Internet Security (CIS) Controls for Effective Cyber Defense to help us address where we have adequate assets and where we have gaps. The gaps are being addressed via a security roadmap as well as addressing “what else” our current tools can do to realize additional capabilities or integrate into other tools to improve the overall coverage. In these ways, we drive more value out of our security solutions and, by extension, our security solution suppliers.

    tag

    Information Security

    Cloud Computing

    Big Data

    inventory

    IoT

    Physical Security

    Identity and Access Management

    Weekly Brief

    loading
    Top 10 Insurance Tech Solution Companies - 2020
    ON THE DECK

    Insurance 2020

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Read Also

    Listening Beyond Hearing

    Listening Beyond Hearing

    Salvatore Incardona, Head of IT, Amplifon Australia
    Modernizing Lending Through Innovative, Secure and Scalable Technology

    Modernizing Lending Through Innovative, Secure and Scalable Technology

    Steven Meek, Chief Information Officer, Pepper Money
    Advancing the Chemical Industry through Digital Transformation

    Advancing the Chemical Industry through Digital Transformation

    Jan Mandrup Olesen, Global Head of Digital Business, Indorama Ventures
    Cultivating a Sustainable Future through Collaboration

    Cultivating a Sustainable Future through Collaboration

    Jiunn Shih, Chief Marketing, Innovation & Sustainability Officer, Zespri International
    Mastering Digital Marketing Strategies

    Mastering Digital Marketing Strategies

    Tasya Aulia, Director of Marketing and Communications, Meliá Hotels International
    Building a Strong Collaborative Framework for Artificial Intelligence

    Building a Strong Collaborative Framework for Artificial Intelligence

    Boon Siew Han, Regional Head of Humanoid Component Business & R&D (Apac & Greater China), Schaeffler
    From Legacy to Agility Through Digital Transformation

    From Legacy to Agility Through Digital Transformation

    Athikom Kanchanavibhu, EVP, Digital & Technology Transformation, Mitr Phol Group
    Change Management for Clinical Ancillary Teams: Aligning Practice with Policy and Progress

    Change Management for Clinical Ancillary Teams: Aligning Practice with Policy and Progress

    Ts. Dr. James Chong, Chief Executive Officer, Columbia Asia Hospital – Tebrau
    Loading...
    Copyright © 2025 APAC CIOOutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy and Anti Spam Policy 

    Home |  CXO Insights |   Whitepapers |   Subscribe |   Conferences |   Sitemaps |   About us |   Advertise with us |   Editorial Policy |   Feedback Policy |  

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://insurance.apacciooutlook.com/cxoinsights/understanding-insurance-security-nwid-4245.html