Platform security in a cloud-based world: How Socotra protects insurance products and customer data from cyberthreats
March 23, 2021
Insurance companies collect and access a lot of data to help them make smarter decisions and deliver more personalized customer experiences. But as cyberthreats become more sophisticated, safeguarding this mission-critical data must be a top priority.
Insurers that are transitioning from outdated legacy systems to cloud-native platforms should ensure that their core provider can safely encrypt and store their customer data, while offering essential advantages of the cloud like continuous and zero-downtime upgrades, flexibility, and scalability.
At Socotra, we are committed to protecting the confidentiality, integrity, and availability (CIA) of your data by maintaining industry-leading security standards. Here are the ways we keep your sensitive information safe.
End-to-end platform security
Our core platform offers built-in encryption for your customer data—whether at rest or in transit—through our cloud provider. To respond to vulnerabilities and maintain compliance in the cloud, we also provide the following security services:
- Preventive controls like network firewalls, end-to-end encryption, and world-class data center security
- Detective controls, such as network and container image scanning
- Responsive controls, including dynamic firewall rules
- Single sign-on (SSO) capability for multiple identity providers
Industry-leading certification and protocols
Socotra maintains ISO 27001 certification, which is internationally recognized as the most reputable standard for information security management systems.
We develop our supported services and open APIs through a secure software development lifecycle (S-SDLC) and apply the widely-adopted CIS (Center for Internet Security) Benchmarks to our cloud provider and software configuration. In addition, we enforce targeted coding training, so our engineers are aware of exploitations and OWASP vulnerabilities.
Our Continuous Integration (CI) pipeline, which is part of our quality assurance (QA) process, scans our codebase and identifies supply chain vulnerabilities to protect our platform. Our Information Security Team runs regular penetration tests to determine if and where our software may be open to exploitation. The findings are reviewed, prioritized, and remediated to help keep our platform secure even as we add new features for our customers.
Robust cloud-based protection
To ensure the reliable operation of our platform, we proactively scan the network for vulnerabilities and run audits for insecure cloud configurations. Our intrusion detection system (IDS) analyzes all uses of a customer environment to detect and prevent malicious activity in real time.
We also use personally identifiable information (PII) discovery and data loss prevention (DLP) to keep sensitive data private. Our DLP solution, using machine learning algorithms, carefully examines this data and notifies us if there are problems in access control.
Our cloud providers also have extensive compliance and security teams that are dedicated to safeguarding their infrastructure. This lets them react quickly to any emerging threat and constantly adapt to changing risk models.
Socotra delivers comprehensive platform security in a cloud-based world
“Security is core to our business,” said Christopher Nielsen, Socotra Chief Information Security Officer. “For insurance companies, making the switch to the cloud offers benefits that not only enhance data security measures but also ensure that the system is always available and easily scalable. With our comprehensive security program, insurers can have all the benefits of the cloud and feel reassured that their data is protected.”