Rey.id is a dedicated and integrated health insurtech. The company integrates technology to innovate the insurance industry providing its customers with comprehensive and holistic health, accidental, and critical illness protection. Rey is the first insurtech in Indonesia’s start-up landscape to integrate digital insurance, healthcare ecosystem, and wellness features into one end-to-end experience.
Supporting thousands of members, Rey offers a modern approach to conventional insurance — it’s a platform-based, simplified insurance experience, taking on the new form of a subscription model that is gaining popularity during the last couple of years.
Adapting to fulfill the unmet social and healthy lifestyle needs brought Rey these new opportunities to deliver more affordable and much-needed healthcare services to Indonesians — Rey’s CTO and Co-Founder Bobby Siagian shares how NordLayer plays a supporting role in achieving the No.1 objective when building a start-up in the healthcare sector.
The Challenge
Commitment to be a trustworthy start-up
Start-ups make grand ideas with a laser focus on product development and delivery. Thus, very few businesses fundamentally care about their security in the first place. Rey is health insurance as an end-to-end experience, which in its essence, deals with sensitive and highly regulated data. Therefore, trust is one of the core brand’s promises to its customer.
Click to tweet“Many start-up developers don’t pay attention to the security of their infrastructures. For example, in development or staging environments, they often make critical mistakes by leaving those environments open publicly, highly clashing with terms of security.”
Rey’s clientele includes direct consumers and business clients, allowing companies to provide good health insurance to their employees. The services available on the platform provide access to healthcare services of self-examination, symptom check-ups, and teleconsultation with health professionals online and offline to have their medical prescriptions filled anywhere and anytime.
Click to tweet“Our business is about trust. When building Rey, we set the security standards quite high from the beginning. We’re responsible, not only for our members but also for our employees’ information security”.
Implementing appropriate security controls to mitigate risks was one of the first tasks at Rey. As teams work remotely from their preferred locations, security managers must know that the connection is protected and will support the remote work strategy.
The Solution
…but first, security infrastructure
Continuous commitment to information security and digital assets of data privacy leads to starting everything from scratch, with information security on top of mind. Rey had to build a system that could be trusted, pass highly regulated Indonesian institutional requirements, and store members’ data safely for 25 years.
Click to tweet“Incorporating VPN and fixed IP into the security infrastructure backbone helps us browse secretly and securely by encrypting the connection and improving the security for accessing internal apps, dashboards, and cloud connectivity.”
VPN connection is mandatory for Rey’s employees based on their job roles and access permissions. The company has defined Standard Operating Procedures (SOPs), including Single Sign-On (SSO) for user authentication.
Click to tweet“Encrypted and verified connections with NordLayer enable core and customer-tied teams, like engineering, DevOps, infrastructure, IT support, and non-tech teams in a protected manner, while security admins can feel comfortable and convenient about this connection.”
Depending on the needs, the responsible team can add new employees, whitelist IP addresses to new servers, or assign groups so employees can perform their tasks, like uploading or fixing the code and deploying the systems, instead of worrying about the complexity of VPN configuration in the infrastructure.
Why choose NordLayer?
NordLayer, by its design, incorporates different security features that combine in between and integrate into Rey’s infrastructure framed by internal policies.
Assessing the breach risks of specific job roles - connection to the company dashboard to edit any operational procedures or access the functional tools to fill new users and members - can be performed only by running NordLayer’s client first.
NordLayer’s security infrastructure integration, according to Rey
Zero-risk is impossible, therefore, to answer Rey’s commitment to the existing and potential members, NordLayer allows Rey to combine its security measures with security compliance standards. These adequate security measures helped Rey to achieve ISO 27001, a huge milestone, especially for a young company, to provide further assurance.
The Outcome
Free-hands approach to effective security
NordLayer solution seamlessly integrated into Rey’s systems, allowing them to connect to their app and cloud servers securely. Business VPN service is hardware-free and doesn’t require constant resources to establish and maintain it.
Click to tweet“We want to focus on our products by reducing the complexity and unnecessary in-house development, but building an internal VPN requires attention — it takes more time and exposes us to risks of losing momentum from a business perspective.”
Once Rey implemented NordLayer, VPN configuration was out of the to-do list, so they could focus more on their business and product development. According to Rey’s CTO, the decision is cost-saving for the long term.
Pro cybersecurity tips
Despite the peculiarities of different industries, modern companies have to deal with similar security challenges and issues.
Therefore, knowledge sharing is one of the elements of building successful and reliable businesses, so the CTO of Rey.id Bobby Siagian puts the main points on where to start protecting your company:
As it’s challenging to ensure there isn’t any security gap left, make sure you evaluate possible threat scenarios and install solutions to mitigate the risks. NordLayer’s solution offers a broad spectrum of security features that combine and effectively reduce these online threats, so contact us to build your company’s network’s cyber resilience.
