What is Zero Trust Model in insurtech: With India being the most targeted country accounting for 13.7 per cent of cyber threats that occur globally, the “Zero Trust” model becomes a unique shield, working on the principle of “Always verify, never trust.” This model challenges the conventional idea of implicit trust, highlighting its vulnerability with the core idea being to ensure that no individual, system, network, or service, whether within or outside the security perimeter, is inherently trusted.
Paras Mehta, Director of Engineering at Bimaplan, says that the 3 security measures — authentication, authorization, and encryption — serve as a robust defence signifying the fundamental principle of never placing blind trust but, instead, consistently verifying the legitimacy of access requests of systems seeking entry in terms of the reason and sharing access to that particular one only.
He reiterates that insurtechs, at the forefront of digital transformation in the insurance industry, handle a vast amount of sensitive customer data, making the application of the Zero Trust model highly imperative. And adds that this approach helps meet regulatory standards, demonstrating compliance through continuous monitoring.
Stating that this model also secures collaborations with third-party entities, minimising the risk of supply chain attacks by implementing strict access controls and mitigating any potential security threats to their database, he goes in details to lay down the 5 pillars of Zero Trust Model —
1. Identity:
User identity is continuously authenticated through measures such as password authentication, multi-factor authentication, conditional access, and dynamic scoring. These mechanisms “prove” the user’s authorization and validation throughout, while moving around the network.
2. Devices:
Device authentication is crucial, with access granted based on real-time risk assessment analytics. Maintaining a complete inventory of devices, including device whitelisting, asymmetric cryptography and secure shell access, mitigates the risk of unauthorised activities.
3. Network:
The model emphasises that the relevant network components of the architecture have their dedicated network, which further ensures that a request or event triggered does not move across the network of the whole infrastructure, rather stays contained within it’s intentional bounds.
4. Application and Workloads:
Insurtechs, dealing with diverse applications and infrastructures, must ensure data sharing is restricted to the relevant access permissions. Authentication and Authorization on a continuous basis keeps the applications accessible via the internet and still keeps the applications secured.
5. Data:
Careful data categorization is the key to store, access and retrieve data as per the sensitivity and availability needs of the data, which forms the foundations of data protection at an organisation level. Encryption, immutability, data integrity checks, data loss prevention, and classification contribute to a risk-free data protection strategy.
Hence, the Director of Engineering at Bimaplan, says that the Zero Trust model emerges as a crucial process to navigate the challenges of cybersecurity. “By embracing the philosophy of “Never trust, always verify,” insurtechs are strengthening their defences, safeguarding sensitive customer data, and complying with regulatory standards. As technology advances, the Zero Trust model stands at the core of security, guiding Insurtechs towards a resilient and secure digital future for themselves and the entire gamut of companies and customers who utilise their product,” he sums up saying.