How Modern Life Protects PII with the Flexibility of Basis Theory
The team at Modern Life has created a tech-enabled insurance brokerage that gives advisers tools and expert advice to serve their clients. The CTO, Jack Arenas, wanted to focus on Modern Life’s core competency—building a next-gen insurance brokerage—and realized that tokenization and security engineering fell outside of the remit. However, he knew that the technology risk of the business would increase with each new customer. Therefore, the business would be subject to increased scrutiny as it scaled.
"We're operating in a space where regulations have evolved over time to protect customers," said Bryce Lohr, Software Engineer at Modern Life. "We sought to develop proactive security measures to protect our customers and their clients, as well as comply with all relevant regulations, so we had an early need to implement strong security measures, like clear audit trails and process documentation."
Addressing regulatory requirements
Advisors using Modern Life, like any life insurance brokerage, need to obtain sensitive customer information during the insurance application process to look up medical records and perform various background checks. Modern Life implemented Hasura, an open source GraphQL engine, that provides the out-of-the-box access controls needed to meet regulatory requirements. Hasura automatically enforces all of the access rules the Modern Life team sets up for any request to the API.
Hasura solved the problem of access but the team still had to meet the data security requirements of various state and federal regulations. The team needed a way to secure some of the data fields in a way that would be consistent with existing and future requirements.
“We wanted to build a system that enabled us to not only protect our customers, but also respond to any future changes in the regulatory landscape,” Lohr said.
Meeting data security requirements with Basis Theory
The team’s previous experience in financial services gave them some experience with using tokenization around credit card data. “Tokenization is a good way to make sure we have a clear path to obtaining those additional layers of security without significant internal investment in building security software,” explained Jack. But the Modern Life team needed a provider that could integrate with their existing technology stack and would be flexible enough to scale as they evolved their platform.
In Jack’s previous experience, he had used a different tokenization provider, but he found that the plans and pricing would be prohibitive to Modern Life’s steady growth. So, the Modern Life team searched for other solutions and came across Basis Theory. “Overall, we felt that Basis Theory was simpler and more developer-focused than any other option, which was positive for us because we would like a very developer focused, easy-to-implement, clearly documented service to use,“ Lohr mentioned.
Developer-friendly platform for a flexible solution
Basis Theory complements the Hasura implementation with an extra level of security by storing and tokenizing Modern Life’s most sensitive data. Through Hasura Actions - a custom bit of code that runs from inside of Hasura - Modern Life can control who has access to this tokenized PII.
When an adviser needs to see sensitive data, the Hasura Action makes an API request to Basis Theory using the read key. If the end user has the right permissions, this person will be able to see the PII. If not, this PII stays tokenized and secured in Basis Theory until someone with the correct permissions reveals the information.
“[Basis Theory] has been super easy to use, and very clear and straightforward,” Bryce said. The clear, developer-focused documentation allowed Modern Life to be up-and-running with a highly customized solution in just one month with the right amount of control, flexibility, and security Modern Life needs both now and in the future.
In today's highly regulated environment, businesses must comply with regulations while also innovating their technology solutions. Modern Life's use of Hasura and Basis Theory showcases how companies can address regulatory requirements and meet data security requirements while also providing advisors with the tools and expert advice necessary to serve their clients. By leveraging these solutions, businesses can remain secure and compliant while also evolving their technology platforms.