Innovation and disruption are two sides of the same coin when describing the global insurance industry. Innovation in the form of digital transformation, new payment platforms, and mobility provide the basis for expansion by meeting evolving customer needs. Adoption of innovation also increases the complexity of your infrastructure and increases the need for managing risk proactively. Legacy infrastructure must become more dynamically provisioned with the rapid transition to the cloud. Existing threat surfaces built up over time must be reduced as bad actors target insurance companies. Governance must be increased to meet the complex and growing set of compliance regimes impacting the insurance industry. All of this comes back to better support for consumers across multiple channels and platforms while protecting the firm’s reputation and lines of business.
Insurance companies are rapidly adopting cloud-based resources. Agility is key to leveraging InsurTech and FinTech innovations.
“More than 70% of insurers use some cloud, and those that do are planning to use more. About 10% of insurers run most of their infrastructure on cloud.”
Source: Cloud Adoption in Insurance: Trends and Issues, Published: March 2018
The drivers for cloud adoption include both cost reduction and increased efficiency driven by increased demands for mobility and business cycles. But before claim handling is mostly automated and the majority of the functions in the cloud, there are some potential obstacles on the way to the promised land.
The Secure Shell protocol is the defacto method of remotely accessing Linux-based servers and transferring data securely between them. An SSH key is an access credential in the SSH protocol. Its function is similar to that of user names and passwords, but the keys are primarily used for automated processes and for implementing single sign-on by system administrators and power users. Based on our research, major enterprises might have millions of these keys in their environment. Some reasons:
This creates an incredibly complex web of connections and critical access credentials that is impossible to keep track of manually. Moving the cloud without solving this problem means that your business loses the efficiency and agility gains promised by the cloud.
Perhaps the most worrisome application of the SSH protocol comes from hackers and malicious insiders; it is their preferred method to move laterally throughout our networks. In many financial institutions, accountability, manageability, governance and even knowledge of these keys is unclear, opening the door to compliance violations. At the heart of the issue is access control. It’s all about protecting the data (PII, credit card data, etc.) and making sure it has authorized access. It doesn’t matter whether access is being requested by a machine, admin or business user.
Recently ISACA issued guidance to the compliance and audit community on how to leverage SSH key management best practices titled “SSH: Practitioner Considerations.”
In a specific customer case, 10,000 Unix/Linux hosts, lacked strong SSH key management that equated to 1.5 million application keys granting access and 70,000 keys each for database administrator and system admins. There can be up to one billion authentications per year granting access. The majority of the access available via these keys is obsolete, having been assigned to employees or third parties who no longer work with or for the financial institution.
The recent data breaches have also increased the scrutiny of state regulators along with the U.S. Department of the Treasury's Financial Banking and Information Infrastructure Committee (FBIIC) and the Executive Branch and Independent Agency Regulatory Cybersecurity Forum. After all, the insurance industry is one of the most heavily regulated-especially by state regulators. Trust relationships between customers and insurance companies is intrinsic to the industry and its survival. The SSH protocol is in fact the backbone of today’s insurance industry.
Regulatory pressure and market dynamics have made compliance a key function in managing risk-especially as it relates to cybersecurity across the enterprise. Specifically, data protection laws, data breach reporting, and the increased use of out sourced providers all relate to the ubiquitous and unmanaged use of SSH across the estate. Proactive management of SSH reduces costs and lowers cyber risk.
Before moving your infrastructure to the cloud, simplify and take control of the complex web connections. This ensures that you don’t replicate the problem in the cloud, have a better security posture to make the move and mitigate existing risks at the same time. With our Universal SSH Key Manager®, you will:
Digital requires agility in all functions and processes. Back your cloud strategies while delivering a more cost effective and secure solution that is PrivX®. Compared to legacy PAMs (privileged access management), PrivX helps you to:
SSH.COM offers insurance institutions:
SSH.COM is committed to partnering with you to provide clear sailing and prevent the factors that could conspire to threaten your organization. Taking advance of disruptive technologies, protecting your infrastructure, while increasing governance is a winning formula for continued growth in the insurance industry.