The Wayback Machine - https://web.archive.org/all/20060314172129/http://www.insurancetech.com/news/showArticle.jhtml?articleID=181501688
Insurance & Technology : Who Goes There?
<a href="https://web.archive.org/all/20060314172129/http://as.cmpnet.com/event.ng/Type=click&amp;FlightID=49777&amp;AdID=84093&amp;TargetID=31&amp;Segments=17,34,115,1411,2549,2690,3108,3448,5620&amp;Targets=31,456,315,2164,2625,2878&amp;Values=34,46,51,63,77,82,90,100,140,203,222,227,232,442,646,656,1184,1255,1311,1388,1431,1716,1767,1785,1798,1901,1925,1935,1936,1945,1970,2217,2299,2310,2326,2352,2408,2678,2727,2767,2862,2878,2942,3235,3261,3284,3347&amp;RawValues=&amp;Redirect=http://www.sap-insurance.com/sam/" target="_top"><img src="https://web.archive.org/all/20060314172129im_/http://i.cmpnet.com/ads/graphics/as5/ua/sap/728x90groundlevel.gif" width="728" height="90" border="0"></a>







news tools resources events
Who Goes There?
Controlling access to information through identity management is key to securing critical client and corporate data.
By Peggy Bresnick Kendler
Insurance & Technology
March 07, 2006

Q: Why is identity management so important, and what are the biggest challenges insurers face in that area?

A: Kirk Herath, Nationwide: Identity management is the key to the most important aspect of information security: access controls. Only authorized parties are permitted to have access to information. So permitting unauthorized parties access to information is a breach of security that now, under 23 different state laws, requires you to notify your customers.

A: Craig Shumard, CIGNA: One of the largest challenges is ensuring employees only have access to the information needed to do their jobs -- and nothing else. Both customers and key regulations such as HIPAA mandate this "minimum necessary" principle. At CIGNA, we have implemented Role Based Access Control (RBAC). RBAC has improved access controls by basing rights on predefined job roles, which not only increases consumer confidence and ensures regulatory compliance, but also has reduced security administrative costs.

Another challenge is implementing "federated identity" capabilities, so that customers can use their existing authentication and authorization credentials from their own networks to gain access to their information stored in their insurers' networks. Increasingly, customers are requesting this feature. Federated identity is further complicated because tools in this arena still are developing from competing identity management standards groups.

A: Elliott Zember, FoxT Technologies: Sarbanes-Oxley has increased the emphasis on the automation and transparency of financial and IT controls. Too, the recent mandates for disclosure of security breaches and loss of consumer data expand the scope of HIPAA and Gramm-Leach-Bliley Act (GLBA) mandates. These trends have increased corporate awareness of the need for more-robust identity and access management policies, procedures and IT controls.

Q:. How are insurers working to secure customer data and rebuild consumer confidence?

A: Herath, Nationwide: Under federal and state law, we're required to secure customer nonpublic personal information. Therefore, over the past six years, all financial services companies have developed detailed information security and privacy policies and procedures. Most companies also have initiated employee training programs to make employees aware of these policies and procedures as well as their responsibilities under them.

A: Mark Ford, Deloitte & Touche: Laws such as Sarbanes-Oxley, HIPAA and GLBA, as well as other regulations, have come to fruition due to a clear and present demand from the public to hold companies accountable for their actions, which include the use and protection of personal information. These regulations are driving a change in the way corporate America is responding to the application, maintenance and monitoring of control and security throughout the enterprise. From a process and technology point of view, identity management has emerged as a key support structure for building a controlled and secure enterprise. Again, identity management is a complex enterprise solution that can help to solve these types of issues; however, you must first understand the key business drivers for implementing an identity management solution and make sure that your identity management strategy will meet your business goals, one of which may be to provide protection to private information.

A: Zember, FoxT: While a company's network security may have state-of-the-art external authentication and access controls, the different technology platforms and operating systems may not. Public company or not, each insurer must consider internal application access controls, user roles and authentication, segregation of duties, and a very robust network architecture that monitors and reports on internal access violations and attempts to penetrate security, and reports to management both the good news and the bad news. The only way to insure customer confidence and increase the level of trust is to install the necessary controls and then report on the results of those controls to consumers.


1 ||2 Next Page > >




PRINT THIS ARTICLE
E-MAIL THIS ARTICLE
REPRINT THIS ARTICLE


Insurance & Technology Marketplace (sponsored links)
SEC & HIPAA IM Compliance
Satisfy regulatory and compliance requirements for instant messaging.
Advancing Document Process Management
Oc? Business Services integrates technology, processes and people to manage business document assets throughout their lifespan. Solutions span copy, print, fleet management, mail and fulfillment, imaging, records and business performance management.
White paper: Collaboration in Financial Services
A top industry consultant recommends that financial companies implement collaboration technologies such as workflow, instant messaging and virtual workspaces. Download this free white paper to learn more about collaboration in financial markets.
Numara Help Desk & Network Monitoring Software
Numara provides Track-It! and Network Monitor - the leading help desk and network management solutions for call tracking, IT asset management, patch management, electronic software distribution, and network performance monitoring. Free demo & trial
Break Some Glass?BI, Reporting in a Whole New Way
Build a new dashboard application in a day? Add new dimensions to existing applications in minutes? Deploy your enterprise business intelligence solution in less than a month? Join this online presentation and find out how!

Buy a Link Now

Hewlett-Packard Back up your important business data with the HP DAT 72 USB tape drive.
How does your pay rate? Check the InformationWeek Salary Survey
Mobilized Solutions Guide: Find and compare solutions for your business
Top Requested White Paper Categories from TechWeb White paper Library
Top ten search terms from the TechWeb TechEncyclopedia


 

Sponsored Links
Adaptive WAN for Finance: An Industry Guidebook



Connected Enterprise
December 2005
The promise of business intelligence tools finally is being realized as insurers extract informational wealth from their vast data resources.


Insurance Companies Deliver Premium Service: Forward-thinking insurance companies are updating their networks to deliver premium service while reducing costs
To compete most effectively, insurance companies must make investments in technologies that can provide sustainable competitive differentiation for them in terms of speed, flexibility, and effective communication with policyholders and business partners.

Solving the Complexities of Intelligent Records and Email Management for Today's Insurance Companies
As the insurance industry has grown, so have the record management issues that most insurance companies face. Learn how FileNet Records Manager helps insurers solve regulatory compliance and record management issues such as HIPAA and Sarbanes-Oxley.

Enterprise Personalization for the Insurance Industry
In today's highly competitive environment, providing timely and relevant policyholder communications is critical. Exstream Software's Dialogue enterprise personalization solution allows insurers to create, manage, and deliver the full stream of insurance communications consistently, efficiently, and cost-effectively.

Fiserv Workers Compensation Solution Helps First Cardinal Deliver Topflight Claims Handling
First Cardinal Corporation needed an integrated Workers Compensation system that that would enable growth and bring together policy and claims administration. Read why First Cardinal liked the fact that the Fiserv Insurance Solutions system addressed both of these issues and was designed specifically for Workers Compensation.



A listing of the most
popular areas of our site

Our Buyers' Guide is a must-have list full of vendor and product details for vendors in insurance administration, enterprise applications/services, financial management, and hardware. Shouldn't you be browsing the Buyers' Guide before you make that decision? Shouldn't your company and its product be in the guide? It's FREE.





Ed Cals  |  Contact Us  |  Reprints  |  Ad Info  |  Media Kit  |  Send Us Your Comments  |  RSS