Office of Insurance Commission

Deploys Trend Micro Deep Security to protect  virtualized and  cloud environments

Overview

The Office of Insurance Commission (OIC), an independent government organization in Thailand, is responsible for supervising and promoting the development of insurance companies. It also helps protect insured customers by making sure they obtain the benefits they are entitled to from the insurance system promptly. OIC's vision is to be continuously developed organization, strengthening the insurance system to become an important mechanism in enabling stability to the people, so as to meet future challenges. OIC focuses on building confidence in and increasing accessibility to the insurance system, strengthening infrastructure of the insurance system, developing human resources, and promoting the use of International Financial Reporting Standards (IFRS), and advancing information technology (IT). OIC’ s IT strategy is to develop and leverage it to build confidence among insurance companies, agents, insured persons, and potential customers.

Challenges

Chuchatr Pramoolpol, Assistant Secretary-General, General Administration, OIC said, “OIC regulates companies and organizations in the insurance industry nationwide, both for life insurance and other insurance. We provide real-time access to information for businesses and consumers. We offer relevant services to each target group quickly and efficiently, with the ability to analyze information for business decisions. Virtualization allows us to do all this quickly. Certainly, the success of virtualization depends on data security, enabling us to safely store, retrieve and use these data in real-time, anytime and anywhere. We have gradually migrated to virtualization in phases because we have to educate users and at the same time maintain data security.”

Late in 2010, OIC established the "I-Site" project to gather important information about each insurance company such as financial status, complaints, and lawsuits. This information is useful for business decisions and the continuous development of the "Insurance Bureau" project, which collects information about insurance policies. Companies can submit, retrieve, and manage their data in real-time.

“Data sent to OIC via the online system and data entered by OIC employees consist of consumers' personal data and companies' financial data. Some of this data is confidential and exclusive, and it should be kept that way,” added Chuchatr.

The Office of Insurance Commission aims to be a Modernized Organization and to become a leading organization in ASEAN. By using Trend Micro’s Deep Security, we are protected from security threats and breaches. This solution helps facilitate and secure our business processes and reduce our IT burdens, enabling us to spend more time on other development initiatives and improve overall IT productivity.

Chuchatr Pramoolpol,
assistant secretary-general,
General administration, Office of Insurance Commission (OIC)

Why Trend Micro

OIC tested security solutions from various brands, comparing all features and functions. Finally, OIC found that Trend Micro TM Deep Security TM could address its various security requirements better than other solutions, especially as the focus of OIC is migrating to virtualization. Deep Security provides several automated security features in one product and is easy to deploy, use and manage and it was highly consistent with virtualized environment. All of its features are useful for OIC, especially anti-malware and virtual patching, which provide protection for its gateways and servers - 80 patches for virtual environment and 30 patches for physical environmen

After deploying Trend Micro Deep Security, we can significantly accelerate our business processes. In addition, our staff, insurance companies, and consumers become more confident in our security as all data is securely protected from cyberattacks.

Chuchatr Pramoolpol,
assistant secretary-general,
General administration, Office of Insurance Commission (OIC)

Solution

OIC deployed Deep Security to its 80 servers including 9 application servers, 13 web servers, 5 database servers, 1 mail server, and 52 servers for management, development, and testing. Agentless, automated security blocks viruses, malware, and other attacks with no hit to performance and far easier management. Moreover, virtual patching helps shield vulnerabilities and significantly reduces patching time. In the past, each patch had to be thoroughly tested before being applied to the production environment, so this patching process took a long time -- one week for patching one machine and it took some additional time to wait and see before patching the whole environment. But now with Trend Micro's Virtual Patching, OIC can shield vulnerabilities immediately.

Results

Trend Micro Deep Security enhances productivity and confidence for OIC, protects insured users’ information, supervises the operation of each insurance company and protects OIC’ s servers. Now OIC can spend less time managing security and focus on leveraging big data from insurance companies for analytics to gain insights such as calculating industry averages. These insights will help improve productivity for insurance companies.

“After deploying Trend Micro Deep Security, we can significantly accelerate our business processes. In addition, our staff, insurance companies, and consumers become more confident in our security as all data is securely protected from cyberattacks. They can work more efficiently without concerns. Having been using Trend Micro's security solutions for over two years, we believe in its technologies, which enable us to deliver faster and more effective services without worrying about any data breaches or attacks. We can confidently make decisions on important matters, and safely transform our IT environment. Users are satisfied with these advanced solutions that bring benefits to all divisions across the organization,” Chuchatr said.

What's Next

OIC plans to complete the first phase of the “Insurance Bureau” project by the end of this year on its intranet, mainly consisting of physical servers. The second phase will be completed within the next 2 years using the cloud. OIC is committed to developing a private cloud for tasks that need high security and strict monitoring. Meanwhile, the office will start to use a public cloud for published content such as the OIC website. OIC is also preparing a disaster recovery (DR) site for real-time backup. This site will go live late this year. Trend Micro Deep Security has been selected to secure these two initiatives

And, OIC has complied with ISO 27001 by employing Trend Micro Deep Security solution to protect confidentiality, integrity, and availability of its information