Secure Data Masking Strategies for Cloud-Native Insurance Systems
DOI:
https://doi.org/10.63282/3050-9246.IJETCSIT-V3I2P109Keywords:
Data masking, Cloud-native insurance, DevSecOps, Cloud security, Data privacy, GDPR compliance, MicroservicesAbstract
Insurance systems have become cloud-native, gaining importance in the modern insurance business as resilient, scalable and flexible systems. Nonetheless, migration to cloud computing has increased security concerns, especially over sensitive customer information and financial data. Data masking techniques are crucial for securing Personally Identifiable Information (PII), Payment Card Information (PCI), and health-related data that must comply with global regulatory standards, such as GDPR, HIPAA, and PCI-DSS. This paper explores the potential of secure data masking in cloud-native insurance ecosystems by integrating DevSecOps practices and cloud security frameworks. The existing articles extensively examine the concepts of Static Data Masking (SDM), Dynamic Data Masking (DDM), and tokenization, as well as encryption-based masking, and present an analysis of appropriateness in an insurance scenario. In addition, we also discuss how data masking can be implemented in a secure way by deploying microservices in containers, using Kubernetes as the orchestration layer, and deploying continuous compliance pipelines. Experimental findings demonstrate how policy tradeoffs can be made between data usability, masking performance, and achieved assurance levels, providing guidelines on how data masking can be implemented in multi-cloud insurance applications
Downloads
References
[1] González, D. F., Lera, F. J. R., Esteban, G., & Llamas, C. F. (2021). Secdocker: Hardening the Continuous Integration Workflow. arXiv preprint arXiv:2104.07899.
[2] Moyón, F., Soares, R., Pinto-Albuquerque, M., Mendez, D., & Beckers, K. (2020, November). Integration of security standards in DevOps pipelines: An industry case study. In International Conference on Product-Focused Software Process Improvement (pp. 434-452). Cham: Springer International Publishing.
[3] Babu, M. S., Raj, K. B., & Devi, D. A. (2020, October). Data security and sensitive data protection using the privacy by design technique. In 2nd EAI International Conference on Big Data Innovation for Sustainable Cognitive Computing: BDCC 2019 (pp. 177-189). Cham: Springer International Publishing.
[4] Weingarth, J., Hagenschulte, J., Schmidt, N., & Balser, M. (2018). Building a digitally enabled future: An insurance industry case study on digitalization. In Digitalization cases: How organizations rethink their business for the digital age (pp. 249-269). Cham: Springer International Publishing.
[5] Catlin, T., Lorenz, J. T., Nandan, J., Sharma, S., & Waschto, A. (2018). Insurance beyond digital: The rise of ecosystems and platforms. McKinsey & Company, 10, 2018.
[6] Ajitha, P., Sai, M. C., & Sivasangari, A. (2020). A joint optimization approach to security and insurance management systems on the cloud. Journal of Computational and Theoretical Nanoscience, 17(11), 4944-4948.
[7] Chase, J., Niyato, D., Wang, P., Chaisiri, S., & Ko, R. K. (2017). A scalable approach to joint cyber insurance and security-as-a-service provisioning in cloud computing. IEEE Transactions on Dependable and Secure Computing, 16(4), 565-579.
[8] Yang, W., & Zhou, J. (2021). Service innovation of insurance data based on cloud computing in the era of big data. Complexity, 2021(1), 2303129.
[9] Quinn, P., & Malgieri, G. (2021). The difficulty of defining sensitive dataThe concept of sensitive data in the EU data protection framework. German Law Journal, 22(8), 1583-1612.
[10] Hammami, H., Brahmi, H., & Yahia, S. B. (2018, January). Security insurance of cloud computing services through the crossroads of human-immune and intrusion-detection systems. In the 2018 International Conference on Information Networking (ICOIN) (pp. 174-181). IEEE.
[11] Archana, R. A., Hegadi, R. S., & Manjunath, T. N. (2018). A study on big data privacy protection models using data masking methods. International Journal of Electrical and Computer Engineering, 8(5), 3976.
[12] Vijayarani, S., & Tamilarasi, A. (2011, June). An efficient masking technique for sensitive data protection. In the 2011 International Conference on Recent Trends in Information Technology (ICRTIT) (pp. 1245-1249). IEEE.
[13] Badgujar, P. (2021). Implementing data masking techniques for privacy protection. Journal of Technological Innovations, 2(4).
[14] Sebrechts, M., Borny, S., Wauters, T., Volckaert, B., & De Turck, F. (2021). Service relationship orchestration: Lessons learned from running large-scale smart city platforms on Kubernetes. IEEE Access, 9, 133387-133401.
[15] Ermolenko, D., Kilicheva, C., Muthanna, A., & Khakimov, A. (2021, January). Internet of Things Services Orchestration Framework based on Kubernetes and edge computing. In 2021, the IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (ElConRus) (pp. 12-17). IEEE.
[16] Böhm, S., & Wirtz, G. (2021). Towards orchestration of cloud-edge architectures with Kubernetes. In International Summit Smart City 360° (pp. 207-230). Cham: Springer International Publishing.
[17] Ahmed, Z., & Francis, S. C. (2019, November). Integrating security with devsecops: Techniques and challenges. In the 2019 International Conference on Digitization (ICD) (pp. 178-182). IEEE.
[18] Jayaraman, P. P., Perera, C., Georgakopoulos, D., Dustdar, S., Thakker, D., & Ranjan, R. (2017). Analytics‐as‐a‐service in a multi‐cloud environment through semantically‐enabled hierarchical data processing. Software: Practice and Experience, 47(8), 1139-1156.
[19] Dutta, S., Madnick, S., & Joyce, G. (2016, June). SecureUse: Balancing security and usability within system design. In International Conference on Human-Computer Interaction (pp. 471-475). Cham: Springer International Publishing.
[20] Duncan, G., & Stokes, L. (2009). Data masking for disclosure limitation. Wiley Interdisciplinary Reviews: Computational Statistics, 1(1), 83-92..
[21] Pappula, K. K., & Rusum, G. P. (2020). Custom CAD Plugin Architecture for Enforcing Industry-Specific Design Standards. International Journal of AI, BigData, Computational and Management Studies, 1(4), 19-28. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V1I4P103
[22] Rahul, N. (2020). Vehicle and Property Loss Assessment with AI: Automating Damage Estimations in Claims. International Journal of Emerging Research in Engineering and Technology, 1(4), 38-46. https://doi.org/10.63282/3050-922X.IJERET-V1I4P105
[23] Pappula, K. K., & Rusum, G. P. (2021). Designing Developer-Centric Internal APIs for Rapid Full-Stack Development. International Journal of AI, BigData, Computational and Management Studies, 2(4), 80-88. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V2I4P108
[24] Pedda Muntala, P. S. R. (2021). Integrating AI with Oracle Fusion ERP for Autonomous Financial Close. International Journal of AI, BigData, Computational and Management Studies, 2(2), 76-86. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V2I2P109
[25] Rahul, N. (2021). AI-Enhanced API Integrations: Advancing Guidewire Ecosystems with Real-Time Data. International Journal of Emerging Research in Engineering and Technology, 2(1), 57-66. https://doi.org/10.63282/3050-922X.IJERET-V2I1P107
