Companjon embraces a predictive security ecosystem to protect their growing business
Together with Companjon, we’re ensuring that the future of insurance is secure by design. European InsurTech company, Companjon, are disrupting the insurance business by embedding their offerings into the booking systems of their partners. However, the SaaS nature of the key application meant that the company needed to implement a stronger security strategy to minimize risk and protect customers’ personal information. Working with our consulting team, Companjon conducted a full assessment of their maturity level and created a strategy to help raise it to the desired level. This included the implementation of an enterprise risk management strategy, the separation of the policy decision point onto a separate platform and the use of tokenization to ensure that no personal information was passed to the underlying application. Leveraging our managed security services, Companjon now has a trusted partner that is able the ensure that they can effectively manage their risk profile to match their business ambitions.
Identifying the need for a stronger cybersecurity stance
As a new financial services company, Companjon are revolutionizing the insurance industry, leveraging the power of technology to sweep away many of the issues that typically cause customer frustration. By integrating seamlessly into their partners’ websites, providing insurance at checkout, and instant payouts when issues arise, they help organizations in the travel and entertainment industries build customer loyalty.
‘We’re changing the perception of insurance,’ says Companjon Chief Executive Officer, Matthias Naumann. ‘We provide solutions that you can buy on the spot for just one event or just one day. We’re trying to eliminate exclusions and when you claim you get paid in less than 24 hours. The only way to do this is by combining underwriting, technology and solution-building capabilities. That allows us to fully digitize the process and fundamentally changes the way insurance is done.’
For them, the ability to respond quickly to market needs is critical, but they needed to ensure that they were able to provide the level of security that was required.
'Digital security is extremely important to us,’ says Michael Vellat, Chief Business Services Officer at Companjon. Consumers are becoming more and more aware of data protection issues and they’re making choices about which companies they engage with based on this.
‘A strong security stance presents us with an opportunity to differentiate ourselves by doing what’s right for the customer and building a brand based on trust.’
A key challenge for Companjon was that they needed to ensure that their primary application — supplied and maintained by the separate service provider – was secure, something the vendor couldn’t provide.
With a small IT team and limited access to the required cybersecurity expertise, they needed to find a partner to help them ensure that they were able to deliver the levels of security they needed.
Application Security Service, Cybersecurity Maturity Assessment, Governance Risk and Compliance Service, Managed Detection and Response Service, Penetration Testing, Strategic Security Consulting
Azure Security Architecture, Kubernetes, Mesh Security, Tokenization, Vulnerability Management, Zero Trust
Eperi, Priverion, Tenable
‘We picked NTT because they can provide us with leading-edge technologies and capabilities. They have global reach and the expertise we’re looking for. They stand out from their competitors and that aligns with our DNA and our vision for Companjon.’, Chief Executive Officer, Companjon
Creating a future-proof cybersecurity foundation
The critical first step for Companjon was to establish their cybersecurity maturity level. Working with their team, we conducted a Capability Maturity Review giving them a strategic overview of their security environment.
‘We wanted our IT infrastructure to be as secure as possible. Working with NTT we conducted an analysis of what we needed to do to achieve that goal and then worked in an agile and iterative process to achieve that,’ says Vellat.
The result of this assessment was a full report providing them with an overview of their business strategy, business processes, risk management and infrastructure giving them a complete view of their environment. It also provides a benchmark of their current maturity levels measured against their desired state, allowing us to identify any gaps.
Following the consulting engagement, they worked with us to implement the recommendations of the report, including the implementation of our Enterprise Risk Management model. This ensures that there are processes and policies in place throughout the organization to manage risk, from the operational level through to the executive team, leveraging their internal audit capabilities to ensure compliance.
This allows them to guide the evolution of their security strategy based on risk and data. It also provides them with a complete security control of their underlying SaaS application which runs on AWS, by leveraging Azure as the policy decision point and AWS as the policy enforcement point.
This creates segregation between their security policy and the cloud environment where their application is hosted. They’re able to manage this from a single point allowing them to adjust their risk appetite to match their specific needs.
We also implemented a tokenization solution that ensures that no personal information is processed by the application. All personal information is held independently, and only anonymized information is passed on to the application for processing.
This allows them to guarantee compliance with all European data privacy regulations.