The problem
Throughout more than 150 years of serving customers, the insurer had used innovative thinking to better meet people’s needs and fuel their success. Their idea for a new platform that would utilize APIs to enable partner banks to offer digital insurance products grew out of that historic commitment. These “white label” products would enable more people to access the coverage they needed easily and conveniently with institutions they already used.
But in opening up to multiple third party points of sale, a big question remained: could the insurer connect more people with the insurance products they needed, while still protecting the security of the institution, its partners, and their customers?
Before moving forward with the project, the insurer’s team knew they needed to guarantee that trust, monitoring, and security would be at the highest levels, for all involved. That’s when the call went out to RedShield.
The solution
The insurer asked the RedShield team to conduct a proof-of-concept, and provided access to a test and development environment. Even without penetration test data, RedShield moved quickly to implement a wide range of security controls, followed by thorough measurement and evaluation.
The proof-of-concept clearly demonstrated that RedShield had completely blocked malicious traffic, in all target categories. Additionally, after observing activity in ten different countries, it was clear the
RedShield security solution hadn’t slowed site performance in any noticeable way.
RedShield also conducted a trial business process integration workshop, with the goal of agreeing on the non-functional elements of the service, and on service interlock. Working closely with the insurer, RedShield completed the entire process and delivered reports in less than a week.
The results
The insurer was impressed. RedShield proved they could easily integrate into a multi-company environment, and address both functional and non-functional concerns,
in a fraction of the expected timeframe. RedShield’s experience, reputation, and process maturity gave the insurer’s management team full confidence to move forward. Deployment went seamlessly, and the APIs remain fully protected.
Today, RedShield continues to stand guard:
• Monitoring the institution’s tools and systems 24/7
• Auditing the application defenses weekly
• Responding to any customer queries or application updates
• Delivering monthly analyst reports
“To date, risk acceptance has been way overused in our projects. With RedShield, we don’t have to. They move really fast and their test-centric approach gives us real
confidence that the issue is actually resolved.”
—Insurance Company Executive