Spark has announced that Fidelity Life, New Zealand's largest locally-owned life insurer, is working with Spark to implement a data governance strategy. The collaboration, which includes tapping into Spark’s security consulting service and Microsoft Purview tools, will give Fidelity Life greater visibility and control over sensitive data, improving the insurer’s overall resilience and competitiveness.
At Fidelity Life, like many other businesses, more of its people now work beyond the confines of the traditional office setting, using digital systems that connect everything from data centres to cloud services and devices. This progressive decentralisation of IT has been effective at providing working freedom while also presenting new opportunities for strengthening data and information security that cascade across disparate systems.
“Most organisations sit on hundreds of millions of files across hybrid environments. Trying to figure out the location of data is a difficult problem to solve,” comments Tahira Begum, Security Lead GRC (governance, risk, and compliance) at Fidelity Life. “We recognised the need for a robust data protection and governance strategy to mitigate risks, ensure compliance with industry regulation, and protect customer information.”
Plotting the data landscape
Spark conducted data security workshops in three of Fidelity’s key business units to identify data security risks, set security controls, and establish compliance priorities to strengthen data management practices. The data security check was conducted using Microsoft Purview tools. This mostly automated process is crucial for identifying data sets like emails, collaborative content, and document storage, and for spotting potential security risks.
The workshops also zeroed in on users' day-to-day habits, building a detailed picture of where people store certain types of data and how data is managed. Classifying – or labelling – data and documents according to specific attributes is fundamental to Fidelity Life’s data protection strategy and ensures data is managed according to its classification.
Strategy before tools
For Fidelity Life, strategy comes before tools: “Our data protection strategy is the driving force,” says Tahira. “Then you’ve got your tools to roll it out. First, you’ve got to recognise data as a target and answer the questions: where is my data, which data is sensitive, who has access to the data, and how is it being used?” Microsoft's Data Loss Prevention (DLP), a key component of the Microsoft Purview suite, is vital to Fidelity Life's approach to data protection. The company utilises the Microsoft Purview compliance portal to develop and implement DLP policies that keep an eye on sensitive data, among other tools.
Spark General Manager for Digital Services and Solutions Liz Urquhart says, “Implementing a robust data governance strategy is imperative for any organisation aiming to harness the full potential of its data assets. A structured framework and the right tools helps to ensure data accuracy, consistency, and security, and empowers organisations with valuable insights to sustain competitive advantage in the market.”
Communicating change
Now working with a clearer picture of Fidelity Life’s data landscape, Tahira and team are readying the company for changes to its security policy and monitoring. Communication is key to socialising changes that people readily embrace.
“Communication, understanding and action are critical, because security is so much more than ticking the box on technical controls,” says Tahira. “Our next step is educating our people so that they are comfortable with the changes we are making. This process is crucial to developing a culture of data security awareness and responsibility across all levels of the organisation.”
Tahira’s advice to other organisations is to start the process with a thorough assessment of the data landscape and regulatory requirements. “Engaging experts like Spark and Microsoft and using tools such as Purview can provide invaluable insights and solutions for specific needs.”