Security System Protecting Investors’ PII

The Challenge

MassMutual offers life insurance and protection products, as well as retirement and investment services to help individuals meet their financial goals. MassMutual desired to have more control over their ecommerce website and to be independent of relying on third parties. MassMutual came to ITX with the goal of owning their own high-quality ecommerce platform.

Considering MassMutual hosts and transmits large amounts of personally identifiable information (PII) via integration, security is a high priority for them. The legal and compliance aspects of the platform had to go above and beyond what ITX had traditionally implemented in infrastructure and architecture.

Our Approach

To protect users’ PII, the team used a sophisticated encryption to abide by PCI compliance. The implementation consisted of field-level database encryption with rotating key access on separate servers. The front end of the customer experience is a form for users to enter basic personal information; each individual field is then encrypted with its own rotating key. ITX performed extensive penetration testing in addition to bringing in professional hackers to attempt to break the application and hack into servers or exploit serious security risks. In the end, ITX came out with flying colors.

In addition, the application was put through several rounds of Veracode scans. Thanks to awareness of the high level of security needed during the build, minimal medium and no critical or high priority risks were found from penetration testing and Veracode scans. ITX was able to quickly respond to the medium and low risks that came out of testing.

The Result

ITX built, from the ground up, the proprietary platform that is now the standard for MassMutual, and also updated their servers to be able to handle the data masking and encryption. We developed and implemented a highly secure solution for MassMutual that focuses on ensuring that PII is handled in a manner that mitigates risk from data breaches.

This process for building a holistically secure solution can be clearly defined and adapted for other clients who require a higher level of security. This allows ITX to predictably steward clients with security concerns toward what is needed to protect their own information, as well as the personal information of their users.

This relationship was the result of a referral from the full-service marketing firm, Martino Flynn, who was commissioned by MassMutual to oversee the strategy behind UX design for the ecommerce platform. Due to ITX’s past work with Martino Flynn, they knew ITX was capable of developing an inspiring product that could fulfill MassMutual’s security requirements. ITX worked closely with Martino Flynn throughout development to create a product that was not only secure but also a pleasure for users to interact with.