How Zahara provides powerful security for policy data

To state the obvious: Security is critical for a life & annuity policy administration system. Protecting policyholders’ sensitive personal and financial information is table stakes not only for building trust as a business, but also complying with financial regulations. 

Zahara, Zinnia’s next-generation policy management solution, uses blockchain technology to enhance the security of policy data. This technology, otherwise known as digital ledger technology, supports an immutable and decentralized record of all transactions in the system, meaning that once a piece of data is entered into the ledger, it can only be altered by a permissioned, relevant set of parties. Zahara’s architecture reduces the need to share or replicate unnecessarily, reducing exposure of sensitive information.

Unlike traditional administration systems, all the data on Zahara is stored on a managed cloud environment in the form of smart contracts, which are inherently fully auditable. Only explicitly authorized parties on a given smart contract can update its data.

Here are some of the features that help enhance security:

No replication of data

In a typical policy administration system (PAS), data is kept in multiple locations. This can create copying errors and potentially expose it to bad actors. Zahara’s architecture reduces the need to replicate data across multiple databases. The digital ledger acts as a single source of truth for all participants in the system.

Each transaction or interaction within Zahara is executed atomically on the ledger — all the relevant parties have to agree, or the action doesn’t happen. This not only enhances security but also increases the efficiency of operations like generating statements or managing policies, without the need for overnight data batching or bulk transfers. 

One true copy

Because Zahara uses distributed ledger technology backed by a blockchain data structure, there’s no longer a discrepancy between Zinnia’s copy, the carrier’s copy, or the policyholder’s copy of a policy — there’s one true version on the ledger, and updates to that policy can only be made unanimously.

At the same time, each participant in the ledger can only see what they have permission to see. Alice can’t look at Bob’s life insurance policy if he is not a designated observer.

Layered protections

In addition to the security benefits of digital ledger technology, Zahara employs a layered security strategy that integrates multiple forms of defense. These include multi-factor authentication and single sign-on capabilities. 

Beyond that are layers of API security, and the security benefits afforded to applications hosted on Amazon Web Services. Combined with the strict permissions required for every operation, every aspect of Zahara is designed to protect data.

That’s not to say Zahara is foolproof. Zahara still operates within the broader ecosystem of applications and platforms used by insurance companies. Security is the responsibility of all aspects of that ecosystem. And any system is only as strong as its weakest point, including the humans within that ecosystem. Data that isn’t in the cloud, or kept on Zahara, may still be vulnerable. Carriers and distributors may still send data in bulk outside of the Zahara environment, making it vulnerable to large breaches. 

But Zahara also reduces the risk of surrounding systems. Operating a life & annuity business requires multiple capabilities, including generating commissions, onboarding agents, sending out various correspondences, and so on. These surrounding systems within Zinnia or insurance carriers can directly access all versions of Zahara’s data in real time with precise authorization. This avoids replicating data locally within those systems and helps avoid localized data security concerns.

An immutable record of any updates

Even if there is a breach, because Zahara has an immutable ledger history, it’s much easier to audit what happened. On a distributed ledger, every change creates a new version of the smart contract. From the level of data storage to the enterprise API and user experience, Zahara can provide a history of the state of the system and therefore the record of any updates, and who made them.

These security features, and Zahara itself, are built on tools from Digital Asset, specifically Canton, its privacy-enabled blockchain platform, Daml Hub, its fully-hosted cloud environment, and Daml, a privacy-enabled smart contract language. These tools are specifically designed to provide high levels of data privacy to comply with strict financial rules and regulations; unlike traditional public blockchains, the data nodes on Canton require specific permissions to access. 

The combination of these protections means that Zahara provides a high level of data integrity and security compared to a typical PAS. Zahara’s architecture greatly reduces the risk that unauthorized parties can tamper with data, ensuring that stakeholders can trust the information they’re accessing is accurate and reliable. 

About the authors

Vikash Rai is Zinnia’s head of product for Zahara, the next-generation policy management solution for life insurance & annuity carriers. He has more than 20 years of experience in complex product development and startup technology enterprises. 

Myles Ma, CPFC is a senior reporter at Zinnia. Previously, he was an editor and reporter for Credit.com, as well as a reporter for the Star-Ledger. As a journalist, his work has also appeared in USA Today, HuffPost, Salon, CBS News, Inc. Magazine, MarketWatch, Yahoo Finance, The Atlanta Journal-Constitution, and The St. Louis Post-Dispatch. As a financial expert, his advice has been featured in The Washington Post, PBS, CNBC, and elsewhere.