Aegon Insurance uses SecuMailer to send its insurance policies securely to customers

Photo by Vlad Deep on Unsplash

Meint Post

22 May 2024

Aegon Insurance is one of the biggest insurers of The Netherlands. Every month Aegon needs to send out extension messages and insurance policies to its resellers and customers. Aegons IT partner Keylane implemented the connection between the insurance backend and the SecuMailer SaaS platform. Every months thousands of condifential emails are automatically generated and sent via SecuMailer. Fully compliant with GDPR and eIDAS regulations and with 100% uptime in its 4 years of usage so far.

Customer: Aegon Insurance

In a few sentences, please tell us why this initiative is important for data security and three big takeaways that you’d like the reader and audience to know.

This initiative is important because it demonstrates that security and privacy can be maintained while processing large volumes of automated e-mails with highly confidential personal and financial information.

3 big takeaways:

  • Secure Email can be made fully compliant with the GDPR
  • Secure Email can be used for financial information if supported by a well thought out standard (eIDAS standard for protecting financial information via secure email)
  • Data minimalization leads to better data security and privacy guarantees

Briefly describe any barriers to developing this data security and privacy initiative.

  • Secure email with financial information needs to be protected by using 2FA for sender and recipient.
  • Automated emails have to be processed without human interaction.
  • Personal data of EU citizens cannot be processed without extra security measurements in the USA, due to Schremms II.
  • Due to GDPR it is advised to avoid extra copies of emails in portals or cloud (to comply with the data minimization principle).

What is the impact of the initiative on data subject privacy and the proportion of data subjects affected?

The initiative had an impact on all Aegon Insurance customers and resellers. The privacy of all data subjects is fully protected during the communication of the test results. No data leaks have been reported.

Provide 2-4 specific examples and metrics demonstrating how this data security program or initiative has enhanced the organization and its bottom line.

0 data leaks reported (no results delivered to wrong recipient)

2,500,000 test backend messages processed in 2 years’ time

Very low bounce / dropped rate of 1,2% over 2 years’ time.

No impact on Aegon helpdesk, no complaints.

In a few sentences, please explain what data security and privacy risks are reduced by this initiative.

By securing the automated emails the following data security and privacy risks are reduced:

  • No emails are send to the wrong recipient
  • No financial information is revealed by email to persons that are not entitled to this information
  • No emails were processed on USA located systems, so no dependency on the privacy shield.
  • No emails were sent to insecure mail servers
  • This all leads to the conclusion: The customer has not suffered any dataleaks due to SecuMailer and therefore all fines for the GDPR are avoided

By using secure email technology instead of web based portals to inform the recipient of his/her insurance details:

  • No extra copies of the emails are created
  • No data concentration is created

Provide specific examples of how the data security and privacy initiative has been integrated into the organization.

Aegon IT did a full procurement intake with vendor management risk assesment. This took about 6 months and included a full security and architecture review of the SecuMailer platform.

Keylane, the IT partner responsible for managing the Aegon insurance backend, implemented the integration between the backend and SecuMailer. The integration is based on an authenticated and secured SMTP connection.

Better with Amazon Web Services

SecuMailer uses AWS Lambda serverless computing to perform its SaaS services. Thanks to the elastic scaling capabilities of AWS Lambda the SecuMailer SaaS platform is able to scale from single digit email loads to millions of emails per hour. This is very helpful in the case of Aegon where insurance policies are sent in batches at fixed dates in the month. Without AWS Lambda SecuMailer would need to maintain excess capacity at extra costs for limited peak moments per month. Next to the scaling capabilities of AWS Lambda there’s also the data security aspects. Because AWS Lambda avoids the usage of permanent physical servers there are no digital traces left when processing emails. With every email several lambdas are executed, none of which leave any digital traces behind. Lastly AWS Lambda works very well with encryption, be it via encrypted environment variables or via AWS Security Manager, which ensures that all data, whilst being processed, remains fully confidential.

Implementation

Onboarding with SecuMailer is done by the following steps:

  • Buy your solution at AWS Marketplace
  • Follow your implementation instructions ( 30 minutes- 2 hours work)
  • Get personal workshop to integrate all data security and privacy measures also in your organization policy
  • Start sending out all your emails secure and fully compliant with GDPR and eIDAS

Background information SecuMailer:

SecuMailer is a private company. We provide our customers with a SaaS solution to send confidential information by secure email.

SecuMailer was started in 2017 by Yvonne Hoogendoorn CIPP/e and Meint Post CISSP / ISSAP

SecuMailer is fully compliant with the GDPR and certified for eIDAS , ISO 27001:2022, NTA 7516 and has the ECSO-label (European Cyber Security Organization).

SecuMailer is available on the AWS Marketplace.

SecuMailer is one of the founders of the Dutch regulation NTA7516 for secure email with personal medical information. This regulation combines elements of the GDPR, The eIDAS and the Dutch medical laws.

Lees verder

How to Securely Send Large Files via Email

Most of the email our customers send are regular messages to their customers. Sometimes, however, a large file is sent, and nothing is more annoying than the message: the email could not be delivered because the message is too large. SecuMailer has a common limit of 10 MB, but sometimes this is not enough.

10 questions about NTA 7516

With the publication of the NTA 7516 on May 15, 2019, a field standard has been created for sending personal health information by email. Healthcare providers will have to take measures to comply with this standard.