The global insurance industry, with worldwide premiums over $4.6 trillion and an asset base above $26.8 trillion, plays a vital role in managing global financial risk and safeguarding individual and business interests. Insurance companies collect, use, and store an enormous quantity of financial, health and medical information. This has let them, as well as regulatory agencies, to focus on establishing effective information security and privacy programs.

Read More

Aujas Solutions

We assist our insurance clients in effectively protecting their data, managing security incidents and vulnerabilities, and in implementing information security risk and compliance programs.

Risk & Compliance Advisory
Insurance companies must comply with standards and regulations such as HIPAA, PCI and DSS, not to mention state and privacy laws.  Insurers also look to implement an information security management system that is aligned with industry best practices, such as ISO27001, to govern their security program.
Our risk and compliance services cover the entire information security landscape and include:
  • An integrated governance, risk and compliance (GRC) management approach that allows our clients to build a system that integrates all the compliance requirements, minimizing audit fatigue.
  • A compliance readiness assessment plus assistance with readiness efforts.  Our Compliance Manager solution helps our clients automate self-assessments.
  • IT GRC automation using RSA Archer eGRC Suite.  We support our customers through the lifecycle of blueprinting and deploying the solution, integrating it with processes and systems, and then managing it. Learn more about our risk and compliance management services.
Identity & Access Management
Managing digital identities and ensuring access is provided only to authorized users is key to information security.  Our insurance clients get end-to-end services for Identity and Access Management (IAM), including:
  • Strategy and design – We evaluate client needs via executive workshops and field assessments and then provide a detailed strategy and roadmap for implementing enterprise-wide IAM initiatives. We also assist our clients with business case analysis, technology evaluation, and solution architecture.
  • Role engineering and entitlement management – We help our clients define roles and manage entitlements to ensure employees have only the access that is required to do their job effectively and only for as long as they do that job. Policy-based dynamic controls allow for automating who can have access to what, at what time, and in what context.
  • Access Management – We help our customers in implementing complete solutions for enterprise access management, including web access management, single sign on, and converged access control.
  • Sustenance and optimization – As an end-to-end solution provider, our support is available to sustain and optimize our clients’ IAM solutions. Identity access management is never static; systems need to evolve with enhancements and upgrades.
Our Identity and Access Management (IAM) solutions are vendor-agnostic, ensuring that our clients get the right IAM solution for their needs. Learn more about our IAM services.
Data Protection

The insurance industry is heavily dependent on data, so protecting it is of prime importance.  Most of the data handled by the industry is heavily regulated and data breaches can result in litigation or hefty fines.

Our data protection service helps our insurance clients identify and classify sensitive data as it is stored, processed and transported across the organization.  We help our clients:

  • Establish a data protection framework and strategy that governs the management of sensitive data such as customer and health information, payment card data, strategic and intellectual property information, etc.
  • Conduct a data flow assessment (DFA) to identify where and how sensitive data is stored and used.  We also conduct data leakage risk assessments (DLRA) to identify breach vectors and the risk of potential breaches.
  • Integrate popular data protection technologies such as data leakage prevention (DLP), database activity monitoring (DAM), information rights management (IRM), data encryption, tokenization and masking/redaction technologies.
  • Monitor their data protection technologies to identify potential data breach incidents, manage consequences, improve effectiveness by fine-tuning rule bases, and moving rules to active protection from passive monitoring.
Our data protection experts work with the insurer’s property, health, casualty insurance groups as well as the internal departments, including underwriting, legal and compliance, finance and accounting, HR, IT, and Marketing, to identify and secure sensitive data. Learn more about our data protection services.
Threat Management

Working with Aujas, insurers can assess and secure their infrastructures, and web and mobile applications.  Our application security services include:

  • Helping our clients design, develop and manage vulnerability management programs. These programs leverage threat intelligence to anticipate and proactively mitigate vulnerabilities.
  • Assessing the company’s infrastructure, application, and mobile application security by conducting vulnerability assessments, penetration testing and code reviews.  We don’t simply stop at scanning technology; we also help you mitigate the risks found.
  • Assisting our customers in mitigating advanced persistent threats with our APT risk mitigation service.
  • Evaluating human behavior using our cloud-based Phishnix. This application not only assesses how susceptible people are to phishing attacks, it also trains them to avoid attacks.
We work with the infrastructure and application/mobile teams to assess the security levels of the existing technology and mitigate risks. Learn more about our threat management services.
Security Intelligence

The insurance industry is another favorite target for hackers.  Many, if not most, insurance companies deploy a technologies such as traditional SIEM, the newer security analytics engines, exfiltration detection, advanced malware detection, and data leakage prevention. Aujas helps insurers get the most out of these technologies:

  • We establish a more responsive incident management program for our clients by incorporating proactive and reactive processes.  We enable our clients to define Indicators of Compromise (IoC), work with threat intelligence and use it with their threat management program.
  • We use our Correlation Library to provide accelerated rules deployment for various SIEM/SA/SI technology providers.
  • We help security leaders see through the reporting fog and focus on what is critical with our analytics and visualization solution for SIEM/SA.
  • We design custom SIEM/SA solutions that go beyond the traditional security event analytics and integrate analysis and correlation to solve other issues such as identity fraud. Learn more about our security intelligence services.
Cloud Security

Cloud computing is a fast growing technology and cloud-based business applications are growing at a rapid pace.
Insurance companies, however, are entering the cloud cautiously. Before moving to the cloud, insurers must consider data confidentiality, security, regulatory compliance, interoperability of standards, and service quality.
We help our Insurance clients enter the cloud with the confidence that their information security is designed to meet stringent insurance standards and comply with industry regulations. We offer:

  • Cloud security advisory – We assist organizations in establishing effective cloud security governance, operations strategies, and tactical processes.
  • Secure cloud applications – We build the cloud application and the ecosystem around the core platform so that cloud applications are easy to use and secure.
  • Secure release – Cloud security is not a one step process; it requires constant innovation across various business needs. Our secure release program for the cloud adopts new and proven approaches and technologies to help secure applications with less user intervention. Learn more about our cloud security services.

Case Studies


Our Methodology Provides the Insurance for an Effective DLP Implementation

Information security was a big concern for large insurance company, which had units specializing in auto, health, and property and casualty insurance. To safeguard information and meet regulatory compliance requirements, the company had implemented ISO27001:2005 controls and achieved certification for compliance.

Download case study

On Demand Security Assessment for Leading General Insurance Company

A leading general insurance company operated 59 branches and offers competitive products including car and two-wheeler insurance, and health and critical illness coverage.

This insurer was known for its online presence and for frequently launching new products and innovative services. They built and deployed applications with short development and release cycles and needed to be assured that the security aspects of these applications were covered.

Download case study