Introducing SecureXP

ManageMy's SecureXP: Embedded Security Architecture for the Modern Insurance Enterprise

In today’s connected insurance landscape, digital platforms are central to operations — but they also introduce complex security risks. Without robust protections, insurers face rising threats from data breaches, service outages, and compliance failures. Beyond operational impact, these incidents undermine customer trust and expose sensitive personal data.

That’s why every element of the ManageMy platform — including MyPlatform and MyCustomer — is built on SecureXP, our enterprise-grade security architecture. Security isn’t an add-on; it’s integrated by design.

Why Information Security Can’t Be an Afterthought

Insurers are under growing pressure to safeguard both customer data and business continuity. Don’t just take our word for it — recent high-profile breaches show exactly what’s at stake.

Policyholder Risk: Major Life Insurance Data Breach – In mid-2024, a major U.S. life carrier experienced a significant data breach affecting approximately 850,000 policyholders. Exposed information included full names, dates of birth, and Social Security numbers. A serious threat with lasting reputational and regulatory consequences. Incidents like this underline the need for encrypted data handling, strict access control, and secure user authentication.¹

With SecureXP, these protections are embedded. The architecture includes:

Encryption in transit and at rest using TLS/SSL and AES-256, managed through AWS KMS

Granular access control for all user roles

Client-level data isolation in single-tenant or logically-partitioned environments
Continuous monitoring for unauthorized access or abnormal behavior

Carrier Operational Risk: Major Ransomware Disruption – In early 2024, a leading healthcare technology provider was hit by a ransomware attack that disrupted claims processing nationwide. The attack led to an outage lasting several weeks, severely hampering healthcare providers' ability to process claims and receive payments. This disruption not only affected the financial stability of providers but also delayed patient care services. The incident underscores the critical need for carriers to implement resilient cybersecurity frameworks to ensure business continuity.²

SecureXP supports resilience through:

Serverless architecture (AWS Fargate) with auto-healing containers

High availability via multi-AZ deployments

Disaster recovery protocols and system observability through AWS CloudWatch and SIEM tooling
Proactive threat detection via centralized log analysis

These recent examples demonstrate the tangible risks associated with inadequate information security. Implementing comprehensive security solutions like SecureXP can help mitigate these risks.

Security by Design: SecureXP in Every Layer

Unlike bolt-on tools, SecureXP is embedded across the ManageMy platform:

MyPlatform - the digital experience and orchestration layer carriers rely on - secures all APIs and system integrations within a three-tiered architecture — including Web Application Firewall (WAF), isolated private networks, and encrypted databases (Aurora MySQL).

MyCustomer - integrated, multichannel marketing services - ensures secure, encrypted delivery of data and compliant multichannel communications.

Security isn’t retrofitted — it’s engineered from the infrastructure up. Each client environment is isolated in a dedicated VPC or logically separated as a sub-tenant, depending on the selected deployment model. Regardless of the configuration, data confidentiality and platform integrity remain uncompromised.

At ManageMy, we don’t treat security as a feature — it’s a foundational principle. SecureXP ensures that every client interaction, every data flow, and every integration is protected by design. Our clients trust us to deliver secure, scalable solutions — and we take that responsibility very seriously."

- Mark Moran, Chief Product Officer, ManageMy

ManageMy maintains ISO 27001 certification, the international standard for information security management. This certification demonstrates the commitment to implementing and continuously improving robust security controls across all operations, systems, and processes—ensuring data protection, regulatory compliance, and risk mitigation for every client ManageMy serves.

Built for a Connected Future

As insurance continues to digitize, the threat landscape will evolve. SecureXP ensures that ManageMy clients remain prepared — enabling innovation while protecting what matters most: customer data, business operations, and brand reputation.

SecureXP. Built in. Locked down. Ready for what’s next.

- Greg van Druten, Chief Technology Officer

gregory.vandruten@managemy.com

¹ https://www.pomerium.com/blog/january-2025-data-breaches-list

²https://journal.ahima.org/page/revenue-cycle-leaders-share-impact-insights-from-change-healthcare-cyberattack