Maintain compliance and fuel growth with data ownership
Insurers should examine the ways their SaaS application data is being handled.
Cloud adoption has exploded as a result of the pandemic and stay-at-home orders, accelerating digital transformation for insurers exponentially. According to EY, most insurers aim to move at least 80% of their business to the cloud in the coming years, building on the workloads they have already migrated. As more of the industry becomes fully digitized, there’s been a new-founded emphasis on security and compliance when it comes to data.
Recently, Maine and North Dakota adopted the National Association of Insurance Commissioners (NAIC) data security model law, joining at least 11 others states that have already adopted the model law that applies to insurers, insurance agents and other entities licensed by state departments of insurance. There is an expectation that more states will continue to adopt the NAIC law. Insurance professionals should keep these security obligations in mind when assessing the sufficiency of their data practices, as it’s only a matter of time before a national law is presented.
To guarantee compliance, laws and regulations are met at every level, insurers should examine the ways their SaaS application data is being handled, accessed and stored. Fully owning one’s data is the only way to ensure 100% compliance. It also gives organizations the opportunity to stimulate growth.
The risk
SaaS applications make life and business management easier, but they also bring their own complications when it comes to compliance. As important customer data is moved from on-premises systems to cloud and SaaS applications, like Salesforce, data immediately becomes more difficult to track and audit. When data is stored in these third-party applications, the applications actually own that data, getting all of the benefits of ownership and leaving organizations with the liability.
This issue is on top of the internal security implications of not maintaining ownership and control of the confidential data. Every time data is moved or copied from an insurer’s infrastructure into other applications, insurers will essentially need that app vendor to sign a BAA (Business Associate Agreement) to accept responsibility for the safety of clients’ data and maintain appropriate safeguards. Not only is this a headache of a process, but insurers are also still at risk for access controls and audit trails. Then, when insurers need to access the data in the SaaS applications for audits and analysis, they have to download, make copies and store it in their own locations (most of the time not securely).
The data sprawl this creates is a massive breach in security, causing more access points and vulnerabilities that increase risk. It can also cause inaccuracies from a lack of version control and the impossible task of auditing where the data is stored and who has accessed it.
The solution
The bright side? Ownership of the data can prevent almost all of these issues. Insurance organizations that back up and store their data in their own company cloud infrastructure, such as Azure or AWS, enable their data to be accessible, secure and auditable. At a high level, an insurance organization that owns their data and stores it in a location of their choice versus keeping it in the SaaS vendors’ applications are maintaining their digital chain of custody. Data in an owned cloud means the organization can control who has access to the data and where it travels. This data trail makes it easier to audit and trace when, where, and who made changes — a game-changer for dealing with the many new regulations coming that require detailed audit trails.
Along the same vein, owning and storing data in one secure location like an owned data lake means a decreased surface area of exposure. Instead of individuals making various copies of data for individual use, data that is stored in-house can be pulled down into business intelligence or analytics tools from a single source. Reducing the surface area of exposure removes potential breach points that could lead to data corruption or, worse, a cyberattack.
The beyond
A successful backup tool not only helps to ensure compliance but also gives organizations complete access to historical data — a treasure trove of insights that can be used to improve underwriting, pricing, risk assessment and reinsurance. For example, by incorporating SaaS backup data, including every data change within an organization, into models for policy writing, the models can become even more accurate.
Insurance institutions need data backup solutions that are agile and can grow and change with business and regulatory needs. It’s not enough to rely on applications for backup and access to the critical data that fuels an insurance business. Insurers that are bringing in the digital age will invest in the data management tools needed to ensure compliance and invigorate growth.
Joe Gaska (grax@v2comm.com) is CEO of GRAX, the SaaS data backup solution.
See also: