Snap Poll of Life and PC Insurers on MDM and PII
Available Only for Members of the NA Celent Insurance Research Panel
Snap polls reflect questions asked by members of the Celent Research Panel, a group of C level executives at insurers. This snap poll was fielded November 12 and 13,2020. 31 insurers representing both life and PC insurance companies responded. The question that was posed was:
The question that was posed was:
One of the members of the research panel is working on implementing a Master Data Management (MDM) solution and is interested in understanding how other insurers are deploying their MDM solution when the main source and destination systems of record are on-premises. If you are placing your MDM in the cloud, how are you addressing the security of millions of records containing Personally Identifiable Information of customers and prospects given that encryption and tokenization alone may not be enough.
They, like most insurers, capture a wide variety of sensitive information such as drivers licenses or social security numbers. They’ve been storing all data on premise using encryption and tokenization but are looking at MDM in the cloud and are trying to understand how others handle this kind of decision.
They see three models
–Defend the castle - keep the PII data on premises and don’t allow massive amount of customer PII to be stored in the cloud.
–Open the gates - store the data in the cloud and replicate all the security procedures including encryption, tokenization, PCI, HIPPA, CCPA there.
–Hybrid – If MDM must have PII in it, keep the solution on prem and let the less sensitive info reside in the cloud such as when MDM feeds CRM.
They see models two and three as allowing for highly democratized data with frictionless access to the data by data scientists and business users, but also see those models as being much more work (read $$$) to maintain as they need to duplicate the security procedures between on prem and in the cloud. And if you’re using multiple cloud providers (e.g. PowerBI in Azure and Policy Admin on AWS) now you have multiple environments to secure for compliance.
They are wondering how others have decided about where to put their MDM and what posture is utilized for allowing massive amount of PII in the cloud in a multi-tenant software environment.
- If you have MDM, is it in the cloud or on-prem?
- Which of the three models described above are you using? 1. 2. 3.
- Why did you choose that model?
- If you keep massive amount of PII data in the cloud in a multi-tenant MDM application, how do you manage duplication of security across the cloud?