Standard Insurance Case Study


Published on

Aware of the potential financial consequences of a major data breach, Standard Insurance Company wanted to take a proactive approach to masking personally identifiable information (PII) in its test data systems. But complex dependencies among the company’s testing applications threatened to make the data masking process extremely difficult—if not impossible.Estuate worked with Standard Insurance’s in-house IT staff to implement IBM Optim Solutions and enhance the insurer’s data masking processes.

Published in: Technology, Economy & Finance
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Standard Insurance Case Study

  1. 1. Standard Insurance Company Safeguards Sensitive Data with IBM OptimCHALLENGEAware of the potential financial consequences of a major data breach, Standard Insurance Company wanted to take aproactive approach to masking personally identifiable information (PII) in its test data systems. But complexdependencies among the company’s testing applications threatened to make the data masking process extremelydifficult—if not impossible.SOLUTIONEstuate worked with Standard Insurance’s in-house IT staff to implement IBM Optim Solutions and enhance theinsurer’s data masking processes.RESULTSUsing data masking best practices, Standard Insurance is:  Securing the most common location of enterprise data breaches.  Protecting customers’ PII, such as credit card numbers, Social Security numbers, names, and addresses.  Preventing the potentially multimillion-dollar consequences of data breaches.  Reducing the size of the testing database.  Minimizing the need to purchase new hardware for testing and QA.  Speed time-to-market for new products by streamlining testing.
  2. 2. MAJOR INSURER TAKES A PROACTIVE APPROACH TO DATA MASKING According to the Ponemon Institute, the cost of a data breach now exceeds $200 per compromised customer “The traditional way to make sure data is record. In light of these costs, most enterprises have disguised in many applications is to go implemented data security solutions in their production one at a time, but because Standard environments. But many companies overlook the need Insurance had application clusters, they to secure personally identifiable information (PII) in their needed to take just the right approach so testing systems. As a result, about two-thirds of security that they wouldn’t crash multiple systems breaches now occur in non-production environments. and bring their business to a halt.” Hoping to avoid a major breach, Standard Insurance Allan Martin Company recently took a proactive approach to masking Senior Optim Consulting Manager PII across its QA and testing applications. But Standard Estuate Insurance runs a complex environment with about 200 test systems. Many of these applications are in-house systems with minimal documentation—and the employees who had designed them had long since left the company. As a result, it was difficult for Standard Insurance’s IT staff to navigate the systems when searching for exposed PII. Adding to the complexity, Standard Insurance’s testing data resided not only in distributed applications, but also in mainframe systems as VSAM, or “flat,” files. In addition, most of these testing applications were dependent on each other. Thus, if Standard Insurance were to mask data in one application, other systems might fail simply because that same data was not masked in those systems’ databases.2 - t: 408.400.0680
  3. 3. CONSULTING PARTNER RECOMMENDS AN INNOVATIVE APPROACH which it would lock down all the applications that After considering the technical challenge that lay ahead, ® contained PII; mask all tables, records, and data Standard Insurance engaged Estuate to implement IBM across all systems at once; and then start all systems Optim™. IBM Optim delivers powerful data back up again. transformation capabilities to mask personal information such as credit card numbers, email addresses, names, and addresses, enabling companies to use this data “We knew that there was some risk safely for application testing. involved with recommending the Big Bang Standard Insurance chose Estuate to run the project for approach. If even one application wasn’t several reasons. First and foremost, Estuate has rich masked successfully, this could trickle experience in using IBM Optim on different platforms— down and affect all other applications. But including not only distributed environments such as we also knew this was the only way to Linux, UNIX, and Windows, but also mainframes and ensure that Standard Insurance’s PII AS-400 or iSeries systems. Second, Estuate had already would be completely masked in all successfully applied its test data management process upstream and downstream systems.” in dozens of customer implementations. Allan Martin Standard Insurance hoped Estuate would come up with Senior Optim Consulting Manager an innovative solution to its unique technical situation. Estuate Estuate delivered by proposing a “Big Bang” approach inMASSIVE PROJECT FINISHES WELL AHEAD OF SCHEDULE After spending one month interviewing Standard The team had allotted itself one week to complete the Insurance’s personnel to fine-tune its approach to the masking, but finished the task in just two days. project, Estuate spent several days carefully testing IBM Regression testing verified the success of the project. Optim in the company’s environment. Estuate then “In all my years of working on IBM Optim created a project control room for the Big Bang project. implementations, I had never seen a success story of Six team members—including Estuate and Standard this magnitude,” says Martin. “We used Optim to Insurance employees—began running IBM Optim mask data in about 130 applications—dealing with processes to mask the company’s data. mainframes, flat files, and Oracle systems—and finished in half the time we had projected.”3 - t: 408.400.0680
  4. 4. MASKING TEST DATA PREVENTS THE ABOUT ESTUATEMULTIMILLION-DOLLAR CONSEQUENCES OF Headquartered in Silicon Valley,DATA BREACHES Estuate is a global information technology services company that To assess the true value of Standard Insurance’s project, Martin specializes in helping companies compares it to the company’s alternatives. Standard Insurance could establish and improve enterprise have chosen to build its own data masking solution in-house, or used data management strategies and a competitor to IBM Optim. Martin sees flaws in either approach. best practices. “The trouble with in-house data masking solutions is that it’s difficult Estuate is IBM’s go-to partner for ® to know whether you’ve masked data correctly,” says Martin. “Also, a the implementation of IBM Optim company then has to design and implement its own test data Solutions for custom applications, management process. Contrast that with IBM Optim, which is secure Oracle E-Business Suite, and guaranteed by IBM and has a proven process. Optim also offers PeopleSoft, Siebel and JD Edwards. much greater speed and ease of use than its competitors.” We have expertise on distributed platforms and IBM mainframes. If Standard Insurance had simply chosen to ignore PII in its test data Estuate was one of the early systems, a data breach could have cost the company millions of partners involved in the Oracle-to- dollars in lost business. In addition, a government audit could have DB2 migration program. We work exposed the company to steep fines and penalties. Standard closely with IBM account teams to Insurance now has peace of mind that it is adequately protecting PII meet our mutual clients Enterprise across its systems. Data Management needs. “It would only have taken one major breach for Standard Insurance to realize the value of protecting PII—and then it would have been too late,” Martin explains. “Standard Insurance now knows that even if someone did manage to break into their test data systems, it would be impossible for them to steal credit card numbers, Social Security numbers, and other sensitive data.” In addition, IBM Optim’s intelligent subsetting feature will deliver ongoing benefits to Standard Insurance. Intelligent subsetting allows testers to work from a representation of production data, reducing For more information contact: the size of test databases by as much as 90 percent. Marc Hebert, “Intelligent subsetting can yield measurable savings in terms of Estuate’s COO hardware costs,” says Martin. “It also speeds up backups, restores, and the process of moving data into testing systems. We look T: 510-468-7132 forward to seeing the financial benefits Standard Insurance will achieve over time.”4 - t: 408.400.0680