Connect with us

Top Stories

With APIs at the Heart of Insurance, Why Their End-to-End Security is Vital



With APIs at the Heart of Insurance, Why Their End-to-End Security is Vital 1

By Olaf van Gorp, Perforce Software

The explosion of application programming interfaces (APIs) to enable digital transformation and open finance continues to escalate. APIs are the connectors, the ‘glue’ that connects services of all kinds. They are a fundamental part of the digital revolution that is changing the world right now. Many financial sectors can benefit from this revolution, including insurance.

In its excellent document: “Digital disruption in insurance: cutting through the noise”, McKinsey talks about the triple prize for the insurance industry: satisfied customers, lower costs, higher growth, and how automation can reduce the cost of a claims journey by as much as 30 percent. Those are pretty powerful messages.

APIs are one of the foundations of digitalization. In the insurance sector, that means ecosystems connected by APIs so that insurers and third parties can share data such as customer claim information (with the consent of the customer, of course). Previously time-consuming steps can be simplified and sped-up, with the customer accepting changes to a policy digitally following an accident, for instance. Welcome to the new era of open insurance.

Introducing Risk

The insurance sector also has the opportunity to learn what other markets have, sometimes to their cost: API security is everything. APIs have huge potential, but they also bring in risk. One of the reasons that companies use APIs is because they provide a controlled route through which critical data can be shared, including with third parties. However, that makes the assumption that the API is robust and not vulnerable to attack. If that API is published, and then discovered to have a problem — a weakness that can be exploited — there is little or no time to take remedial action, thereby leaving that API open to attack, unauthorized access to data, or data shared externally without permission. Suddenly, that controlled route is compromised.

While that may sound like scaremongering, here is some perspective. Once a new website is published, it is likely to be attacked within hours. That is the nature of today’s highly sophisticated cyber-attack community. The result of vulnerable APIs? Insurance companies risk putting their data into the public domain. As we have seen across other industries, vulnerable APIs can lead to some high profile data breaches and cyberattacks.

So, protecting both internal and external APIs has to be a priority, and not something that is dealt with as an afterthought down the line. If APIs are the means to ensure a seamless experience across all channels, pulling together all touchpoints to secure data transfer between all parties in the ecosystem, then they need to be trusted. And that means end-to-end security of APIs across their entire lifecycle, starting with their creation.

Software Development Can Be a Source of Risk

An API is just another piece of software. It is a very clever and useful piece of software, but it is basically still software code. In the software industry, it has long been acknowledged that development of software is the top culprit for introducing future software vulnerabilities. That is changing — partly with a shift towards DevOps to create better collaboration across teams — but it is an ingrained mindset with many software developers that sorting out security is not their problem. That has traditionally been exacerbated by the fact that software developers tend to work in a very individual way, siloed from the rest of the organization. Again, movements like DevOps are changing that, but there are still some other hurdles to overcome.

First, the nature of APIs means that the whole project team is probably going to be focused on creating great performance and functionality, possibly also a great user experience too. Security is often not top-of-mind for anyone.

Anyone Can Be an API Author

Second, the simplicity of APIs means that their creation is within the reach of anyone, so reduced level of expertise is needed, and in many cases, those individuals may work at external consultancies or design agencies. That is great in terms of increasing the range of people who can write APIs, but again, the risk landscape is increased. Even if the in-house team have had the security message drummed into them, it is harder to control the experience of external teams, who may also have less experience in software development. Furthermore, everyone is probably under pressure to deliver that API fast.

API Drivers in Insurance and Other Finance Markets

In banking, open banking standards have been a driver towards better API management and security, and for good reason: the volume of APIs is growing fast, and the more vulnerable APIs there are, the greater the number of ingress points for attack. This is why in Europe, the PSD2 mandates security measures that should be implemented at the API level (and by the way, some of those measures are pretty complex).

In the insurance sector, an increasing maturity around API management and security is being propelled by, for instance in the USA, the NAIC Registry, which allows automated filing of standard reporting documentation required of insurance providers for compliance with state regulations.

The Right Culture

Given that API security is both a priority but also a challenge, how can it be improved? The first step is getting everyone involved to understand why API security is important in the first place, why that needs to start with the development stage, and their roles in mitigating any risks. This needs to apply to external contributors as much to internal ones. Think about investing in training developers on API security.

Think Wider Than Mandatory Measures

Open finance standards have some great guidance on better API security, and it is often mandated. However, these may have a very specific scope, so consider looking at the wider picture, and look at other security measures that can be applied. A handy reference is the OWASP API Security Top 10, which covers the ten most common API vulnerabilities and ways to mitigate them.

Get the Processes Right

Processes that support a more secure API development environment should be comprehensive across all deployment policies, approval workflows, users and groups. In addition, they should encompass: authentication, authorization, malicious pattern detection, message content security, rate limiting, and other security policies. Nominate people who must review an API before it is published, with time-stamped approval. That is typically carried out manually, but combined with automation through the software development process’ delivery Continuous Integration/Continuous Delivery pipeline. Ensure that there is a clear audit trail, so that if something does go wrong, then the original cause can be traced and action taken so that the problem is not repeated in the future.


Given the kind of scale that is usually involved, consistency and repeatability are important, so security policies need to just automatically happen and enforced across all current and future APIs, without needing any extra coding. Additional manual intervention should be avoided, and people should not be able to switch off these policies at will. Introducing an API gateway with in-built security features will help that. That should include policing of contributions from external contributors, but make sure to choose a gateway that can support the different types of API (REST, SOAP, etc), and that automation can take place at scale, particularly since the growth of APIs and the traffic that goes through them will only increase.

Don’t Let API Security Get in the Way

API security should not fall to developers to sort out, because they are busy people who do not need another task. Instead, this should fall to API product managers, security architects, and other individuals more focused on the need for security. Even so, humans should be making the decision, with automated workflows doing the work. Use tools that continually inspect code to detect creates early on and delegate tasks wherever possible to an API management tool for consistent and simplified enforcement of security policies. The more manual intervention can be reduced, across every stage of the API’s lifecycle from creation to deployment, the greater the likelihood that robust APIs will go into production.

Insurance is at a pivotal stage in its adoption of digital technologies, and APIs are a critical part of that journey. Getting the right steps in place now will help insurance companies make the most of the changing landscape, be more efficient, compliant, and competitive, while maintaining (even enhancing!) customer satisfaction. Making sure that APIs are secure right from their early inception through to publishing is an integral part of making all that happen.

Top Stories

How can businesses celebrate Halloween virtually?



How can businesses celebrate Halloween virtually? 2

Bring the spooky season to life by virtually gathering the team for fun activities during October. Even though this year’s celebrations will look a bit different, don’t let the restrictions of remote working stop the fun. Plan a virtual Halloween party and lead up to it with spooky but socially distanced activities to build suspense.

  1. Host a virtual halloween party

The Halloween tradition of a spooky soiree should definitely be on the cards for your remote team. Flesh out a part of your team’s schedule near the 31st October for some creepy fun.

Consider those devilish details, pre-arrange your party activities to avoid any deathly silences (and even more terrifying, ghosting!) at your event. Take inspiration from our virtual Halloween celebration ideas to make it the best virtual halloween party ever.

  1. Organise a murder mystery game

Has anyone on your remote team been acting suspiciously on Slack lately? A virtual murder mystery game could get to the bottom of the matter.

After selecting a theme, designate a host and have them secretly select a perpetrator before writing up clues for the rest of the team. Have the team follow a virtual scavenger hunt of hints before making their grand accusations at the virtual Halloween party.

To delve even deeper into the murder mystery, have the host create characters for each team member with big personalities to match!

  1. Host a costume competition

It wouldn’t be Halloween without a costume competition, complete with a prize for the most impressive outfit. Whilst there are some foolproof classic Halloween options like ghosts, witches, pirates and vampires, drawing new ideas from our current moment can yield some hilarious results.

  1. Collaborate on a spooky party playlist

Sure, Spotify has a whole host of spooky playlists (this one called Spooky is a fine example), but it’s much more fun to create a new one as a team.

From the Monster Mash to Rhianna’s Disturbia to Van Halen’s Running with the Devil, feed in the funky favourites ready for the virtual dance floor.

  1. Challenge your team to a virtual pumpkin carving competition 

A low-cost way to ignite some creativity in your team, set a challenge to create the best Jack-O-Lantern with a prize for the most frightening result.

There are no fancy tools required to carve your first pumpkin. Check out some pumpkin carving tutorials to get you started and remember, safety first, advise your team to go slow if it’s their first time experimenting with this special Halloween skill.

  1. Get creative with your virtual backgrounds

Host your morning check-in in an eerie forest. Catch up for your one-on-one (1:1) in an abandoned fairground. Hold your all-staff meetings while being chased by zombies.

The spine-tingling opportunities are endless when you’re using video chat and Google images.

Getting started with one-on-one (1:1s)? Download our Ultimate Guide to Running 1:1s  to help you get the most out of your meetings.

  1. Stream a Halloween movie together

Hosting a team movie watching party can be an amazing way to bond through the shared experience of terror. Set a time and date to tune in together then have a full debrief at your team catch-up the next morning.

Choose a movie that’s easy to find; classics are always a good option (and tend not to be too terrifying) – try Alien, The Birds or Jaws.

Alternatively, you can stream it all together using Netflix Party.

  1. Start a horror book club

A spooky novel can also be a fun way to engage with your team that can last over several weeks. Horror is one of the all-time great book club themes and experiencing a terrifying novel with others can stop you from going down a spooky rabbit hole alone.

Assign a host of the club and get them to ask the group questions about the books scariest moments and most terrifying themes. Sharing any spooky facts about the book can also give your book club an edge. For example, did you know that the idea of Dracula came to author Bram Stoker in a wild nightmare that was suspected to have been caused by bad seafood?

Have lots of book lovers at your workplace? Start a virtual book club and keep the book club tradition going throughout the entire year!

Employment Hero, one of Australia’s fastest-growing tech companies

Continue Reading

Top Stories

Five key challenges CIOs in insurance will face over the next 12 months



Five key challenges CIOs in insurance will face over the next 12 months 3

By Andrew Jenkins, Principal in the CIO & Technology Officers Practice at Odgers Berndtson, discusses five challenges CIOs will face as the world emerges into the new normal.

Even before the pandemic, CIOs in insurance had their hands full. Many insurance companies – which have historically been digital laggards – were increasingly embarking on ventures to embed customer-focused products, integrate disparate systems and data structures, and use technology to implement organisational redesign. Now, with companies six months into the pandemic, these programmes have become that much harder to implement and a number of new hurdles have emerged that technology leaders will also have to overcome. These are five of the key challenges CIOs in the insurance industry will face over the next 12 months:

1.) Implementing Agile transformation in a remote environment

Pre-pandemic, Agile transformation – the process of adapting the values, principles and practices of an organisation so that it can react rapidly to change – had been gaining traction among insurers. This was particularly true of those that saw the benefits it could bring in driving a customer-oriented approach to product development. However, Agile relies on teams physically co-locating together and using the power of shared knowledge and rapid communication. With the UK and other countries shifting in and out of lockdowns, CIOs will face an uphill battle when trying to introduce Agile programmes among entirely remote workforces. At the very least it will require the implementation of technology that can enable the same sort of collaborative environment a physical office provides.

2.) Changing the cultural mindset about the customer journey.

Insurance is a very commoditised industry and has historically focused on digital transformation to drive cost efficiency – the aim being to provide the most competitive premiums. However, market share is increasingly being consumed by firms that are investing in their approach to customer engagement and using technology to transform the end-to-end customer journey. For the leadership teams of many insurers this might seem like an unorthodox approach to digital transformation. CIOs will therefore need to work hard to bring their fellow executives round to the idea that digital innovation for the customer is more profitable than digital innovation to reduce back-end costs – it’s a cultural mindset shift that will also need to permeate through the organisation if the CIO wants to truly transform the approach to customer engagement.

3.) Adapting the business model to make greater use of public and private cloud platforms

Using cloud platforms – whether that is working with a cloud provider or investing in a private platform – can improve the speed to market for new products, enhance the claims experience for customers and help firms expand globally. There are now insurers that have built leading policy, claims and underwriting platforms simply in partnership with Google. However, like customer engagement, CIOs face an embedded mindset within the executive team, where the idea of cloud investment is often still viewed as just a method to modernise legacy infrastructure. CIOs will need to change the hearts and minds of fellow c-suite executives if their company is to truly unlock the power of cloud technology.

4.) Implementing technology to maintain and build culture in a mixed workforce

A mixed model of on-site and remote working is the future of work. Especially as countries seesaw between implementing and lifting lockdowns, workforces will be made up of hybrid digital and on-site employees. Working closely with the people function, CIOs will need to consider the sort of technology that can maintain team cohesion, ensure visibility so that remote and on-site employees are performance managed equally, and that will enable people to mimic the ‘watercooler’ moments remotely. Most employees now expect a blended remote and on-site working lifestyle. Insurance firms will therefore need a technology infrastructure that replicates for remote employees both the collateral learning that comes from sitting next to someone and the collective engagement that comes from office camaraderie.

5.) Adopt newly defined leadership traits

When Coronavirus began to upend both the social and business environment, certain leadership traits quickly emerged as the most successful for navigating organisations through the crisis. The best c-suite leaders demonstrated a desire to communicate consistently and to convey a message of ‘we’re all in this together’. When managing the most distressing aspects of the virus’ impact, they used compassion, empathy and humility to connect with their teams and displayed genuine authenticity, regardless of the function they led. Importantly, the most successful leaders were, and still are, making brave decisions at speed, and are now either building upon or adapting their organisation’s cultural identity to instil a sense of purpose in the workplace. Due to the demands of the pandemic, CIOs have found themselves in the hotseat and their role is central in guiding organisations out of the crisis; adopting these new leadership traits will be paramount to their success in achieving this.

CIOs in insurance face a particularly tough challenge – an industry that is on the one hand taking steps to redefine itself digitally, but on the other is still working under traditional approaches to technology, all of which is taking place during a global pandemic. To come out stronger on the other side, CIOs will need to convince their fellow c-suites of the benefits of investing in the customer journey, help their business unlock the power of the cloud, and make remote-working a long-term success that coincides with transformation. Finally, and while it may seem obvious, they should remember that the world has changed, and that this change demands a new quality of leadership.

Continue Reading

Top Stories

LightArt’s Project Demonstrate What The Future Hold For Real Estate Market



LightArt's Project Demonstrate What The Future Hold For Real Estate Market 4

This piece explores how LightArt byTom John Or-Paz seeks to leverage art to improve neighborhoods at scale in the branded real estate sector.

Tom John Or-Paz’s LightArt Project Demonstrates What The Future Hold For Real Estate Market

Urban neighborhoods across many cities of the world have been recording a rapid rise in gentrification over the last few decades. Sometimes, multiple neighborhoods in the same city are gentrified simultaneously, as in the case of Washington DC with close to 150 gentrified neighborhoods between 2000 and 2013.

LightArt's Project Demonstrate What The Future Hold For Real Estate Market 5

Depending on who you ask, gentrification could either be seen as a blessing, a curse, or a mix of both. Urban theorist Richard Florida observes that gentrification is a symptom and potentially a cure, for the scarcity of quality urbanism.

In his words, “the driving force behind gentrification is the far larger process of spiky reurbanization—itself propelled by large-scale public and private investment in everything from transit, schools, and parks to private research institutions and housing redevelopment.” This peice explores how LightArt, a new player in the branded real estate industry seeks to leverage art to improve neighborhoods at scale.

The process of gentrification and its impact on real estate

There’s no single all-encompassing definition for gentrification but it broadly refers to a process by which a neighborhood experiences some infrastructural and socioeconomic changes due to a surge in real estate investments and an influx of new higher-income residents into an erstwhile historically disinvested neighborhood.

On the plus side, gentrification can transform disinvested neighborhoods into thriving centers of economic prosperity. The influx of real estate investments leads to the renovation of infrastructure, parks, and public areas. The rise in construction activity leads to a job boom, and the newly-opened service and retail businesses also hire more people. There’s also been a direct correlation between gentrified neighborhoods and an increase in the property tax base which in turn provides more funding for local public schools and makes the local police force better equipped.

On the other side of the coin, there are arguments that gentrification eventually prices out longtime residents of a neighborhood from renting or buying properties in a place they’ve called home for decades. There’s also the argument that lower-income residents of gentrifying neighborhoods often become economically marginalized. Another critical but unquantifiable effect of gentrification is the argument that it destroys the soul of neighborhoods.

How LightArt wants to merge art and real estate to improve the curb appeal of neighborhoods at scale

Tom John Or-Paz, a millionaire entrepreneur believes that art can be a valuable tool to improve the curb appeal of neighborhoods and to unlock the positive features of gentrification at scale. Tom wants to rethink neighborhoods through his new company, LightArt, a branded real estate company seeking to facilitate the intersection between modern art, intentional design, and functional living spaces.

According to Tom, “for us, art is an emotional journey that turns a standard project into a way of life.” LightArt works with a team of cultural consultants, artists, designers, and architects to transform a regular property into the envy of the neighborhood by combining art and color with community life.

Tom John Or-Paz has been involved in the branded real estate space since 2013 when he was the Senior VP of Business Developments at Fashion TV, a position from which he led the company to launch its first branded real estate project. Afterward, he got involved with many other branded real estate projects across Europe, the Middle East, and emerging Asia.

Tom John Or-Paz started LightArt in 2019 and now, LightArt is starting out with its first branded real estate in the Florentine neighborhood of Tel Aviv, Israel. The neighborhood had previously been known for commerce and trade, it had a TV series named after it in the 1990s and it is now gradually being transformed into an urban bohemian neighborhood with pristine beaches, excellent nightlife, and Bauhaus-inspired buildings for artsy souls.

There’s no particular rhythm or rhyme to how or where gentrification happens. In Lisbon Portugal, the medieval Mouraria neighborhood used to be dilapidated up until 2009 when it started getting gentrified. It has now become a dining destination with fantastic hilltop views.

The same is true if you’ve recently been to the Villa Crespo neighborhood of Buenos Aires in Argentina, you’ll most likely remember its nice mix of modern art, cool retail shops, and historic synagogues. Yet, it wasn’t always that cool and it had previously been a crumbling relic of a historically Jewish community before being revived by gentrifiers.

LightArt however differentiates itself from the competition in the branded real estate sector by working with real estate developers in the post-planning and permit stage by infusing art into their base designs.

Beyond infusing art into the designs, LightArt also ensures that the properties are outfitted with the latest smart home technology systems from the ground up. The properties have leading smart home technology, automated parking service, and an app-based property management service. LightArt also works with the property developers to market the properties to the right prospects.

LightArt also commissions and provides the artwork for the external and public areas of the properties while working with the people that purchase the properties to style the interior to match their art tastes and design preferences. LightArt then  facilitates a concierge service that refreshes the look and feel of the property by refreshing and replaces the artwork every quarter.

What does the future hold of the real estate market?

Branded real estate is becoming increasingly popular and they could become the new standard for the real estate industry. Liam Bailey, head of Residential Research at Knight Frank and author of the Global Branded Residences – 2019 report observes that “it seems likely that as global wealth creation expands, the demand for high-quality residential development property in key global centers will undoubtedly rise.

Apart from the appeal and emotional sentiments of living in a branded property, branded properties provide an additional layer of trust, security, and provenance because the success of the venture influences how the brand name attached to the project is perceived.

Likewise, Liam’s report also shows that that branded real estate also benefits the property developer. For instance, branded real estate is reportedly valued by as much as 34% on average than non-branded properties. Granted, the higher valuation of branded real estate varies from  5.7%in Jakarta to 45%  in Puerto Rico and as high as 120% in some exotic markets such as Dubai.

Branded real estate provides more identification and endorsement for people who want to be associated with the lifestyle of the brand. Thankfully, art unifies people across socio-economic divides and LightArt might be up to something in its bid to leverage art to get the best out of gentrification without robbing neigborhoods of their souls.


This is a Sponsored Feature

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Call For Entries

Global Banking and Finance Review Awards Nominations 2020
2020 Global Banking & Finance Awards now open. Click Here

Latest Articles

How can businesses celebrate Halloween virtually? 6 How can businesses celebrate Halloween virtually? 7
Top Stories1 day ago

How can businesses celebrate Halloween virtually?

Bring the spooky season to life by virtually gathering the team for fun activities during October. Even though this year’s...

Five key challenges CIOs in insurance will face over the next 12 months 8 Five key challenges CIOs in insurance will face over the next 12 months 9
Top Stories1 day ago

Five key challenges CIOs in insurance will face over the next 12 months

By Andrew Jenkins, Principal in the CIO & Technology Officers Practice at Odgers Berndtson, discusses five challenges CIOs will face as...

Why the future of work hinges on a mutually beneficial employer-employee contract 10 Why the future of work hinges on a mutually beneficial employer-employee contract 11
Business1 day ago

Why the future of work hinges on a mutually beneficial employer-employee contract

By Stuart Hearn, CEO and founder of Clear Review, the leader in performance management It feels like there’s been almost continual talk of...

For lenders: 5 reasons for losing a customer 12 For lenders: 5 reasons for losing a customer 13
Finance1 day ago

For lenders: 5 reasons for losing a customer

By Matt Cockayne, Chief Commercial Officer at Yapily Businesses of all sizes are battling the ongoing effects caused by the...

Eight Benefits of International Financing 14 Eight Benefits of International Financing 15
Finance1 day ago

Eight Benefits of International Financing

By Luigi Wewege is the Senior Vice President, and Head of Private Banking of Belize based Caye International Bank   Lending...

How the UK’s tax system could change to recover from COVID-19 16 How the UK’s tax system could change to recover from COVID-19 17
Finance1 day ago

How the UK’s tax system could change to recover from COVID-19

By Finn Houlihan, Director at ATC Tax   The economic impact of the COVID-19 pandemic on the British economy continues...

LightArt's Project Demonstrate What The Future Hold For Real Estate Market 18 LightArt's Project Demonstrate What The Future Hold For Real Estate Market 19
Top Stories1 day ago

LightArt’s Project Demonstrate What The Future Hold For Real Estate Market

This piece explores how LightArt byTom John Or-Paz seeks to leverage art to improve neighborhoods at scale in the branded...

The digital game plan for CFOs in a post COVID-19 world 21 The digital game plan for CFOs in a post COVID-19 world 22
Finance1 day ago

The digital game plan for CFOs in a post COVID-19 world

By Neil Kinson, Chief of Staff, Redwood Software – explains the digital priorities for CFOs as they prepare for a...

Keynotes Announced: SAP Financial Services Live 2020 23 Keynotes Announced: SAP Financial Services Live 2020 24
Events1 day ago

Keynotes Announced: SAP Financial Services Live 2020

We are delighted to announce our Keynote Speakers & Session Titles for the upcoming free to attend digital event for...

Using AI to combat fraud risk 25 Using AI to combat fraud risk 26
Technology1 day ago

Using AI to combat fraud risk

By Andrew Foster, VP consulting, AppZen Fraud experts use three factors to explain the motivation for an individual to commit...

Newsletters with Secrets & Analysis. Subscribe Now