Anastasiya Novikava
Copywriter
Anastasiya believes cybersecurity should be easy to understand. She is particularly interested in studying nation-state cyber-attacks. Outside of work, she enjoys history, 1930s screwball comedies, and Eurodance music.
Rey.id is a dedicated and integrated health insurtech. The company integrates technology to innovate the insurance industry providing its customers with comprehensive and holistic health, accidental, and critical illness protection. Rey is the first insurtech in Indonesia’s start-up landscape to integrate digital insurance, healthcare ecosystem, and wellness features into one end-to-end experience.
Supporting thousands of members, Rey offers a modern approach to conventional insurance — it’s a platform-based, simplified insurance experience, taking on the new form of a subscription model that is gaining popularity during the last couple of years.
Adapting to fulfill the unmet social and healthy lifestyle needs brought Rey these new opportunities to deliver more affordable and much-needed healthcare services to Indonesians — Rey’s CTO and Co-Founder Bobby Siagian shares how NordLayer plays a supporting role in achieving the No.1 objective when building a start-up in the healthcare sector.
Start-ups make grand ideas with a laser focus on product development and delivery. Thus, very few businesses fundamentally care about their security in the first place. Rey is health insurance as an end-to-end experience, which in its essence, deals with sensitive and highly regulated data. Therefore, trust is one of the core brand’s promises to its customer.
Many start-up developers don’t pay attention to the security of their infrastructures. For example, in development or staging environments, they often make critical mistakes by leaving those environments open publicly, highly clashing with terms of security.
Rey’s clientele includes direct consumers and business clients, allowing companies to provide good health insurance to their employees. The services available on the platform provide access to healthcare services of self-examination, symptom check-ups, and teleconsultation with health professionals online and offline to have their medical prescriptions filled anywhere and anytime.
Our business is about trust. When building Rey, we set the security standards quite high from the beginning. We’re responsible, not only for our members but also for our employees’ information security.
Implementing appropriate security controls to mitigate risks was one of the first tasks at Rey. As teams work remotely from their preferred locations, security managers must know that the connection is protected and will support the remote work strategy.
Continuous commitment to information security and digital assets of data privacy leads to starting everything from scratch, with information security on top of mind. Rey had to build a system that could be trusted, pass highly regulated Indonesian institutional requirements, and store members’ data safely for 25 years.
Incorporating VPN and fixed IP into the security infrastructure backbone helps us browse secretly and securely by encrypting the connection and improving the security for accessing internal apps, dashboards, and cloud connectivity.
VPN connection is mandatory for Rey’s employees based on their job roles and access permissions. The company has defined Standard Operating Procedures (SOPs), including Single Sign-On (SSO) for user authentication.
Encrypted and verified connections with NordLayer enable core and customer-tied teams, like engineering, DevOps, infrastructure, IT support, and non-tech teams in a protected manner, while security admins can feel comfortable and convenient about this connection.
Depending on the needs, the responsible team can add new employees, whitelist IP addresses to new servers, or assign groups so employees can perform their tasks, like uploading or fixing the code and deploying the systems, instead of worrying about the complexity of VPN configuration in the infrastructure.
NordLayer, by its design, incorporates different security features that combine in between and integrate into Rey’s infrastructure framed by internal policies.
Assessing the breach risks of specific job roles - connection to the company dashboard to edit any operational procedures or access the functional tools to fill new users and members - can be performed only by running NordLayer’s client first.
Zero-risk is impossible, therefore, to answer Rey’s commitment to the existing and potential members, NordLayer allows Rey to combine its security measures with security compliance standards. These adequate security measures helped Rey to achieve ISO 27001, a huge milestone, especially for a young company, to provide further assurance.
NordLayer solution seamlessly integrated into Rey’s systems, allowing them to connect to their app and cloud servers securely. Business VPN service is hardware-free and doesn’t require constant resources to establish and maintain it.
We want to focus on our products by reducing the complexity and unnecessary in-house development, but building an internal VPN requires attention — it takes more time and exposes us to risks of losing momentum from a business perspective.
Once Rey implemented NordLayer, VPN configuration was out of the to-do list, so they could focus more on their business and product development. According to Rey’s CTO, the decision is cost-saving for the long term.
Despite the peculiarities of different industries, modern companies have to deal with similar security challenges and issues.
Therefore, knowledge sharing is one of the elements of building successful and reliable businesses, so the CTO of Rey.id Bobby Siagian puts the main points on where to start protecting your company:
As it’s challenging to ensure there isn’t any security gap left, make sure you evaluate possible threat scenarios and install solutions to mitigate the risks. NordLayer’s solution offers a broad spectrum of security features that combine and effectively reduce these online threats, so contact us to build your company’s network’s cyber resilience.
Subscribe to our blog updates for in-depth perspectives on cybersecurity.