Since 1859, this respected insurer has been committed to serving their community and living up to their stated purpose: “To make your world a safer place.” Widely considered a global industry leader, the institution takes pride in top rating of AA- (very strong) from Standard & Poor’s.


customers in NZ alone


share of the general insurance market in NZ

The problem

Throughout more than 150 years of serving customers, the insurer had used innovative thinking to better meet people’s needs and fuel their success. Their idea for a new platform that would utilize APIs to enable partner banks to offer digital insurance products grew out of that historic commitment. These “white label” products would enable more people to access the coverage they needed easily and conveniently with institutions they already used.
But in opening up to multiple third party points of sale, a big question remained: could the insurer connect more people with the insurance products they needed, while still protecting the security of the institution, its partners, and their customers?
Before moving forward with the project, the insurer’s team knew they needed to guarantee that trust, monitoring, and security would be at the highest levels, for all involved. That’s when the call went out to RedShield.

The solution

The insurer asked the RedShield team to conduct a proof-of-concept, and provided access to a test and development environment. Even without penetration test data, RedShield moved quickly to implement a wide range of security controls, followed by thorough measurement and evaluation.
The proof-of-concept clearly demonstrated that RedShield had completely blocked malicious traffic, in all target categories. Additionally, after observing activity in ten different countries, it was clear the RedShield security solution hadn’t slowed site performance in any noticeable way.
RedShield also conducted a trial business process integration workshop, with the goal of agreeing on the non-functional elements of the service, and on service interlock. Working closely with the insurer, RedShield completed the entire process and delivered reports in less than a week.

The results

The insurer was impressed. RedShield proved they could easily integrate into a multi-company environment, and address both functional and non-functional concerns,
in a fraction of the expected timeframe. RedShield’s experience, reputation, and process maturity gave the insurer’s management team full confidence to move forward. Deployment went seamlessly, and the APIs remain fully protected.
Today, RedShield continues to stand guard:
• Monitoring the institution’s tools and systems 24/7
• Auditing the application defenses weekly
• Responding to any customer queries or application updates
• Delivering monthly analyst reports
“To date, risk acceptance has been way overused in our projects. With RedShield, we don’t have to. They move really fast and their test-centric approach gives us real
confidence that the issue is actually resolved.”
—Insurance Company Executive

Next article: Fixing a Flaw Without Disruption or Budget-Busting
All Case studies

See how we can shield your web applications and APIs

Get your free trial or talk to one of our experts.

Free trial
Talk to us