The future of healthcare is personalized, joined services shaped by actionable insights. That relies on building secure digital health services that customers can trust.
Cyberattacks are getting more sophisticated and harder to detect, and the damage to businesses and their reputations can be difficult to recover from. Although security is complex, resources can be scarce. Getting the best return on investment is crucial to balance protecting customer data with safeguarding service delivery.
Bupa is a global health insurance provider with more than 32 million customers across 190 countries. We’re proud to be leading the way with a digital experience that securely meets the rapidly changing needs of customers.
In Australia and New Zealand, we’re the largest healthcare provider, protecting the health of 4.7 million citizens. Technology plays a critical role in delivering exceptional services to customers and supporting our 20,000 staff in the region.
Customers want a personalized experience. To deliver this seamlessly, we need to ensure we have the highest security measures in place.
Threats evolve all the time. Heightened visibility and control of the technology stack are crucial to stay ahead of cyberattacks and to identify and resolve vulnerabilities. We launched a project to enhance our security posture as part of our transformation strategy.
Bupa had already implemented ServiceNow IT Service Management (ITSM) and ServiceNow Configuration Management Database (CMDB). To strengthen the existing environment and expand the platform, we rolled out ServiceNow Vulnerability Response and Security Incident Response.
This improved our visibility into the vulnerabilities of assets in the CMDB and across Bupa. It also made it easier to identify and prioritize incidents, accelerate resolution times, and decrease incident response times.
Integrating ServiceNow Security Operations modules with our existing estate added value to our security posture. Along the way, we learned three lessons to protect and connect customers:
Leadership buy-in is crucial
Teams need to be primed and ready to patch systems within service-level agreements (SLAs). Getting buy-in from senior leaders as early as possible and using a phased approach to change is really valuable. Teams will quickly start seeing how the project benefits them, which will progressively simplify change management.
It’s important to work with stakeholders from C-level to the front line and use messaging that resonates with them. Explain how you’re going to make life easier for each group and which tasks you can automate or streamline.
Better visibility creates richer insights
By exposing the risks that could affect our business and users, the team has been able to remediate them quickly. As a result, they’ve been able to spend more time focusing on our digital priorities agenda and developing new products to drive revenue and profit.
Companies often cite difficulties in recruiting staff with strong security skills. Driving down vulnerability is a great way to maximize time and resources if you have a small team.
Equally, if the security team can turn data into actionable insights for the rest of the business, it demonstrates the importance of cyber hygiene and may help the department secure a bigger budget.
You can’t improve what you can’t measure
ServiceNow provides a wealth of data points to help understand the system and identify opportunities for continuous improvement. Dashboards can highlight bottlenecks, track performance, and simplify capacity management.
When you’re in the business of reducing risks, you need strong solutions, strong leadership, and a good team. By getting buy-in from senior management as part of your change management program, you can iterate at speed and stay ahead of security threats.
Find out more about Bupa’s security transformation in our Knowledge 2021 session. Registration is free.
© 2021 ServiceNow, Inc. All rights reserved. ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.