Photo - (From left) Nigel Tan, Director of Systems Engineering, Symantec Malaysia; Vincent Chin, Senior Vice President and Head, Information Technology, Great Eastern Life Assurance (Malaysia) Berhad; and Alex Ong, Country Director, Symantec Malaysia.
Great Eastern Life Assurance (Great Eastern Life) in Malaysia has signed a partnership with security solutions provider Symantec Corporation to provide a comprehensive suite of solutions to help the insurance company build a security culture.
Great Eastern Life senior vice president and head, information technology, Vincent Chin, said the dynamic threat landscape as well as evolving regulatory requirements and the need to protect personal data through the expected enforcement of the Personal Data Protection Act (2010) are some of the drivers that led to the partnership and the insurance firm's focus on enhanced security throughout its organisation.
"In order to effectively meet the various requirements and expectations of our stakeholders, the IT department has a responsibility to proactively review and implement technologies that strengthen our company's information protection posture," said Chin. "We have strong collaboration within the organisation, in terms of people and process, to implement the necessary measures."
"Great Eastern Life [already] has a longstanding and strong partnership with Symantec in information security, storage management and high availability," he added. "Symantec's vision and leadership in information security and storage technologies complement Great Eastern Life's IT objectives and business aspirations."
"As the IT security landscape continues to evolve, companies need to be better prepared to protect their most critical business data with advanced technology," said Symantec Malaysia country director, Alex Ong. "Great Eastern Life's move to place information protection as one of their top priorities is commendable."
"Symantec's long term partnership with Great Eastern Life in protecting their business' critical information and policyholders is a demonstration of the strength of our technology and comprehensive product portfolio, trusted by one of the largest and oldest insurance company in Malaysia," said Ong.
A security culture beyond technology
Great Eastern Life's Chin said the insurance firm intends to build "a good security culture in its business ecosystem, which includes its employees and business partners."
"We conduct periodic security and compliance communication sessions to increase the awareness level on security and to empower our employees and business partners with best practices to stay safe online," he said, adding that such initiatives add to the information security systems and policies already in place.
"Essentially, information security is beyond technology as it encompasses the management of people and business processes," said Chin. "The users in our business environment can be the strongest or the weakest link to information security, therefore developing a good security culture among users across our company is critical. This culture is in fact driven top-down in Great Eastern Life."
He said the company recently partnered with Symantec to offer Norton Internet Security to strengthen the information protection of its agency networks, a vital component in the company's business ecosystem.
Chin said addition endpoint protection involved the standardisaton on Symantec Protection Suite and Symantec Mail Security to protect its desktops, laptops, and email infrastructure.
He said about 80 percent of the company's incoming email was spam, which could pose a security threat to their systems. "The company has seen a notable reduction in spam since implementing Symantec Mail Security. In addition to reduce email server workload, Symantec's security solutions also provide an overview of the state of security across the organisation."
The company's top priority was the safety and integrity of customer information, said Chin, which was why Symantec Endpoint Protection (SEP) was chosen to enable whole disk encryption for its PCs and Notebooks. "SEP has enabled us to enforce policy on USB usage besides disk encryption, protection against malware and network threats. With the SEP central console, we have visibility of the information security posture and status of protection for our PCs and servers. Symantec solutions combined with other security controls provide us with more comprehensive measures in information protection."
Compliance, storage requirements
Chin said the company now uses Symantec Control Compliance Suite (CCS) to automate compliance checks for servers and databases. "Without the CCS tool, it is very laborious for us to perform 'eye-ball' checks against hardening standards and known vulnerabilities. The introduction of CCS gives us better control of policies implementation. In addition, the centralised management console features provide a bird's eye view of our IT compliance posture and enables our system engineers to respond quickly in identifying gaps."
According to Symantec's 2012 State of Information Survey, the total size of information stored globally by all businesses has reached 2.2 zettabytes, which is adding to the cost of storing and managing information.
"Great Eastern Life has made significant investments over the last few years to achieve economies of scale and uplift its overall capabilities," said Chin. "The company has embraced new technologies and initiated strategic programmes, which include being a part of its regional data centre consolidation, server consolidation, virtualisation, storage and backup consolidation."
Great Eastern Life's IT team today manages a total storage capacity of more than 200 terabytes residing on enterprise storage supporting more than 100 business applications, he said. This has grown exponentially from 60 terabytes in a span of three years due to business growth and new business capabilities that leveraged on IT to provide the competitive edge.
Chin said Symantec NetBackup and Veritas Storage Foundation is already in place at Great Eastern Life to provide a foundation for the company's IT infrastructure and further enhanced with Symantec NetBackup Data Protection Optimization for data deduplication technology.
Looking ahead, Great Eastern Life is now working on the next wave of IT initiatives, he said. "This includes the possible adoption of private cloud solutions and software as a service (SaaS) to cater to its escalating IT resource requirements as a result of increasing business demands for IT services and its burgeoning pool of field agents, which now totals more than 17,000."
"We are monitoring these trends and technologies closely on how they can benefit our business. As a financial institution, we will apply stringent reviews on the security aspect of cloud solutions prior to any adoption," he said.
Great Eastern Life began its operations in 1908 as a branch office of The Great Eastern Life Assurance Company Limited. The Malaysian operations were subsequently transferred to a locally incorporated public company, Great Eastern Life Assurance (Malaysia) Berhad under the Scheme of Transfer of Business.
Sign up for CIO Asia eNewsletters.