Impact Study: Multi-billion Dollar Mid-Western Mutual Insurance Firm Data Trust & Data De-Identification Strategy

The CIO and his leadership team (LT) where beginning a digital transformation journey with data as an underpinning of their digital future. However, Data Trust and a cohesive Data De-Identification (DDI) Strategy wasn't yet part of the foundation of that Digital Transformation. Having such a strategy would be critical to support the highly regulated Insurance and Financial Services markets the firm operates in and to inform the digital transformation.

Client: Multi-Billion Dollar Mutual Insurance & Financial Services Firm
Industry: Insurance & Financial Planning
Sponsors: CIO & VP of Enterprise Services
Locale: Mid-West, U.S.A.

The Challenge

After several years of a highly decentralized technology operating model, the technology, its architecture, the data management, and governance had become highly fractured for this $28B+ firm. Not surprisingly, this created open audit risks and potential compliance issues. Thousands of systems and hundreds of platforms spanning from on-premise data centers to multiple clouds lacked an overarching strategy to manage data trust and especially DDI for the firm in a consistent fashion across the technology landscape.  

Engagement Description

The CIO and his LT brought in Mesh Digital and its close partner Further Advisory to take a holistic approach to defining the enterprise-wide strategy for managing its Digital Trust and DDI. Together we took a truly 360-degree approach to solving the firm's challenges and supporting its digital opportunities. Encompassing evaluating and defining strategies for the; people, processes, tools, organizational structures, technical architectures, capabilities roadmaps, detailed recommendations, change and program management governance, operating model changes, and implications for governance, risk, and compliance (GRC).

We co-created and partnered across the client's functional business units, plus the LT to generate highly pragmatic strategies that where informed by, socialized, accepted, and agreed to by; Technology, InfoSec, Risk, Compliance, Privacy, Product, Legal, Enterprise Change Management, and several additional functional client teams.

Quote

Outcomes Delivered

We defined an enterprise-wide strategy laser focused on solving for core audit issues and managing its risk. With those strategies also building towards a new operating paradigm for the firm. Going beyond just technical controls to create a holistic program that both protects the enterprise and improves its agility. Where data security and privacy are near frictionless and inclusive of the ways of working, supporting a digitally transformed insurer.

We developed a clear and pragmatic roadmap to fix the root causes that led to the current state. Marshalling executive support, defining a strong governance model, extending existing InfoSec and GRC frameworks, injecting requirements into adjacent transformational programs, positioning a pivot to product orientation, cross functional team delivery, and the cultural changes necessary for a successful transformation.

We identified and addressed tooling gaps, to build towards a platform for Test Data Management to source, protect, and control test data.

We Expanded Cyber & Privacy Governance. Ensuring decision-making and data use is aligned to a common set of security & reliability norms across the enterprise in a light-weight manner.

Informed & Supported Delivering What's Next and New Ways of Working. Shifting the focus to new ways of working and approaches while ensuring secure and reliable data offered a strong underpinning for the firm's business transformation.

We Methodically Removed Roadblocks. Giving developers the knowledge, methods, tactics, and tools to support them to reduce insecure data dependencies, while tightly integrating with future cloud native development frameworks and pattens.