Standard Insurance Company Safeguards Sensitive Data with IBM Optim CHALLENGE Aware of the potential financial consequences of a major data breach, Standard Insurance Company wanted to take a proactive approach to masking personally identifiable information (PII) in its test data systems. But complex dependencies among the company’s testing applications threatened to make the data masking process extremely difficult—if not impossible.
SOLUTION Estuate worked with Standard Insurance’s in-house IT staff to implement IBM Optim Solutions and enhance the insurer’s data masking processes.
RESULTS Using data masking best practices, Standard Insurance is:
Securing the most common location of enterprise data breaches. Protecting customers’ PII, such as credit card numbers, Social Security numbers, names, and addresses. Preventing the potentially multimillion-dollar consequences of data breaches. Reducing the size of the testing database. Minimizing the need to purchase new hardware for testing and QA. Speed time-to-market for new products by streamlining testing.
MAJOR INSURER TAKES A PROACTIVE APPROACH TO DATA MASKING
According to the Ponemon Institute, the cost of a data breach now exceeds $200 per compromised customer
“The traditional way to make sure data is
record. In light of these costs, most enterprises have
disguised in many applications is to go
implemented data security solutions in their production
one at a time, but because Standard
environments. But many companies overlook the need
Insurance had application clusters, they
to secure personally identifiable information (PII) in their
needed to take just the right approach so
testing systems. As a result, about two-thirds of security
that they wouldn’t crash multiple systems
breaches now occur in non-production environments.
and bring their business to a halt.”
Hoping to avoid a major breach, Standard Insurance Company recently took a proactive approach to masking PII across its QA and testing applications. But Standard Insurance runs a complex environment with about 200 test systems. Many of these applications are in-house systems with minimal documentation—and the employees who had designed them had long since left the company. As a result, it was difficult for Standard Insurance’s IT staff to navigate the systems when searching for exposed PII. Adding to the complexity, Standard Insurance’s testing data resided not only in distributed applications, but also in mainframe systems as VSAM, or “flat,” files. In addition, most of these testing applications were dependent on each other. Thus, if Standard Insurance were to mask data in one application, other systems might fail simply because that same data was not masked in those systems’ databases.
2
www.estuate.com - t: 408.400.0680
Allan Martin Senior Optim Consulting Manager Estuate
CONSULTING PARTNER RECOMMENDS AN INNOVATIVE APPROACH
After considering the technical challenge that lay ahead, ®
Standard Insurance engaged Estuate to implement IBM Optim™. IBM Optim delivers powerful data
transformation capabilities to mask personal information
which it would lock down all the applications that contained PII; mask all tables, records, and data across all systems at once; and then start all systems back up again.
such as credit card numbers, email addresses, names, and addresses, enabling companies to use this data
“We knew that there was some risk
safely for application testing.
involved with recommending the Big Bang
Standard Insurance chose Estuate to run the project for
approach. If even one application wasn’t
several reasons. First and foremost, Estuate has rich
masked successfully, this could trickle
experience in using IBM Optim on different platforms—
down and affect all other applications. But
including not only distributed environments such as
we also knew this was the only way to
Linux, UNIX, and Windows, but also mainframes and
ensure that Standard Insurance’s PII
AS-400 or iSeries systems. Second, Estuate had already
would be completely masked in all
successfully applied its test data management process
upstream and downstream systems.”
in dozens of customer implementations.
Allan Martin Senior Optim Consulting Manager
Standard Insurance hoped Estuate would come up with
Estuate
an innovative solution to its unique technical situation. Estuate delivered by proposing a “Big Bang” approach in
MASSIVE PROJECT FINISHES WELL AHEAD OF SCHEDULE
After spending one month interviewing Standard
The team had allotted itself one week to complete the
Insurance’s personnel to fine-tune its approach to the
masking, but finished the task in just two days.
project, Estuate spent several days carefully testing IBM
Regression testing verified the success of the project.
Optim in the company’s environment. Estuate then
“In all my years of working on IBM Optim
created a project control room for the Big Bang project.
implementations, I had never seen a success story of
Six team members—including Estuate and Standard
this magnitude,” says Martin. “We used Optim to
Insurance employees—began running IBM Optim
mask data in about 130 applications—dealing with
processes to mask the company’s data.
mainframes, flat files, and Oracle systems—and finished in half the time we had projected.”
3
www.estuate.com - t: 408.400.0680
MASKING TEST DATA PREVENTS THE MULTIMILLION-DOLLAR CONSEQUENCES OF DATA BREACHES
ABOUT ESTUATE Headquartered in Silicon Valley, Estuate is a global information technology services company that
To assess the true value of Standard Insurance’s project, Martin
specializes in helping companies
compares it to the company’s alternatives. Standard Insurance could
establish and improve enterprise
have chosen to build its own data masking solution in-house, or used
data management strategies and
a competitor to IBM Optim. Martin sees flaws in either approach.
best practices.
“The trouble with in-house data masking solutions is that it’s difficult
Estuate is IBM’s go-to partner for
to know whether you’ve masked data correctly,” says Martin. “Also, a
the implementation of IBM Optim
company then has to design and implement its own test data
Solutions for custom applications,
management process. Contrast that with IBM Optim, which is secure
Oracle E-Business Suite,
and guaranteed by IBM and has a proven process. Optim also offers
PeopleSoft, Siebel and JD Edwards.
much greater speed and ease of use than its competitors.”
We have expertise on distributed
If Standard Insurance had simply chosen to ignore PII in its test data systems, a data breach could have cost the company millions of dollars in lost business. In addition, a government audit could have exposed the company to steep fines and penalties. Standard Insurance now has peace of mind that it is adequately protecting PII
®
platforms and IBM mainframes. Estuate was one of the early partners involved in the Oracle-toDB2 migration program. We work closely with IBM account teams to meet our mutual clients' Enterprise
across its systems.
Data Management needs. “It would only have taken one major breach for Standard Insurance to realize the value of protecting PII—and then it would have been too late,” Martin explains. “Standard Insurance now knows that even if someone did manage to break into their test data systems, it would be impossible for them to steal credit card numbers, Social Security numbers, and other sensitive data.” In addition, IBM Optim’s intelligent subsetting feature will deliver ongoing benefits to Standard Insurance. Intelligent subsetting allows testers to work from a representation of production data, reducing the size of test databases by as much as 90 percent.
Marc Hebert,
“Intelligent subsetting can yield measurable savings in terms of
Estuate’s COO
hardware costs,” says Martin. “It also speeds up backups, restores,
marc@estuate.com
and the process of moving data into testing systems. We look
T: 510-468-7132
forward to seeing the financial benefits Standard Insurance will achieve over time.”
4
For more information contact:
www.estuate.com - t: 408.400.0680