The thing about working in health insurance is that it can often feel pretty stodgy. It can often seem stuck in the past. My own particular role deals with support for EDI files which are being sent back and forth by batch jobs, and along with that, lots of talk about compliance. It’s hard to find opportunity for innovation because we’re so busy implementing new regulations. There’s also a number of technologies we don’t use, such as use Cloud-based tools, because of the fear of security breaches. At times feels like I’m having the same technology conversations they must have had in the 1960’s. It’s as if someone forgot to tell the industry that the Cold War is over.
So I was drawn to the powerpoint presentation for this week’s class, where it discussed how to approach security architecture in the Digital Age. The idea was that security teams should come at it from a standpoint of Agility vs. Risk. What would be the security risk of X and would it encourage or discourage business agility? How will the team respond so that business outcomes can be delivered and the organization can remain safe? To assist in this process, it recommended Six Principles of Trust and Resilience.
The six principles encourage risk assessments, business outcomes and the flow of information as a means of facing security concerns, and seem to provide a good balance.
The digital age is upon us, whether we like it or not. Even in a “stodgy” industry, there are things we can do to embrace innovation while trying to keep organizations safe. We can either embrace it or be left behind.
References:
Fusco, David J. “Enterprise Security Architecture” [PowerPoint Slides]. Retrieved from: https://psu.app.box.com/s/u8m9w1glab5opirio2zng8tyw99y9i6d