Another large Insurance Implementation for SecuPi

Another Fortune 500 company’s extensive search for a better way to control and manage access to sensitive or regulated data across their enterprise has concluded with the implementation of SecuPi for both On-Premises and Cloud Hosted platforms.
A leading mid-western US Insurance conglomerate with over $5B annual revenue and ~10K employees offering life, auto, health, property and casualty insurance products is now implementing SecuPi enterprise-wide after a long, thorough search and evaluation of numerous potential approaches.
They understood the impossibility of their existing Application and Database specific RBAC solutions being able to meet constantly changing, complex access control, dynamic masking, accountability and privacy compliance requirements. Their hunt for a game-changing approach and market-leading technology was satisfied by SecuPi’s proven solution and vision for how authorization, accountability and protection should work.

Empowering organizations to utilize data in a secure, compliant and responsible way

A detailed evaluation of SecuPi validated their desire for a single, centrally managed, platform-agnostic, completely fault-tolerant solution.  SecuPi was tested on a wide range of data repositories (including Oracle Exadata, Snowflake, Kafka) and application layer technologies (Snowflake Web Tools, Informatica IICS, Tableau Server & Desktop).  They validated SecuPi could support all their current functional and operational requirements for fine-grained, Purpose or Attribute-Based Access Control (PBAC/ABAC), Accountability, Dynamic Masking, Obfuscation, Encryption and Privacy Compliance.  These requirements included the flexibility to fully support data mobility and their strategic migration to Cloud Hosted solutions

The evaluation involved testing many SecuPi core features and functionality including

• Protecting and controlling ALL data On-Prem and Hybrid Cloud
• Dynamic Masking – based on any User or Data attribute
• DAM – protecting privileged DBA access to sensitive data
• IICS – protecting sensitive data from ETL and other developer access
• HYOK – protecting sensitive Cloud Hosted data (Snowflake, AWS Kinesis)
• Non-Prod Protection – obfuscating/anonymizing records
• Streaming Data – protecting data in a Kafka cluster & Kinesis (AWS)
• Alerting/SIEM – proactive protection (blocking access) & alerting
• Privacy – consent and preference management (Right of Erasure, etc.)

Other core requirements included no code changes or API calls within applications, or semantic layer security controls hard-coded into views, or User Defined Functions (UDF) to manage, on each database or data repository. They wanted to have a single location to monitor, detect, alert and proactively block inappropriate or anomalous access to sensitive or regulated data.

Transparency was paramount with no code changes or API calls

The solution had to be platform agnostic, working the same transparent way on all current and future platforms (Oracle, Snowflake, AWS Redshift, AzureSQL, Kafka and more).
The full Enterprise implementation is now well underway and is being conducted in planned phases beginning with the highest risk applications and data repositories first. Another forward thinking company is now more competitive, enjoying the benefits of a single pane of glass, centralized solution for managing all of their sensitive or regulated data On-Prem or Hybrid Cloud.
The business in now free to leverage any new or emerging data storage, advanced analytics, SaaS and DBaaS platform whether On-Prem or Cloud Hosted to improve their competitiveness or lower costs. This can now be done without the added cost of redesigning, testing and implementing their required data security controls all over again from scratch each time they add a new Application or Data Repository.

Contact: sales@secupi.com