Behind the Firewall: A Candid Talk with the CITO on Empyrean’s Data Security Strategies

We talked to Empyrean’s CITO, Kelly Clark to get his unique insight into how Empyrean stacks up in cyber security. 

Empyrean: Why are you excited about Empyrean? 

I’ve been in this space for quite some time. Empyrean should be proud of its technical stack. A lot of the organizations that I’ve had experience with are suffering from quite a bit of technical debt. Perhaps its security posture isn’t as strong as it needs to be. And I looked at joining Empyrean, I looked across the market and I was really impressed with the amount of investment they put into their core platform, how they’re thinking about security, their focus on product and their focus on operations service excellence.  All of those things combined, make us the preeminent benefits admin platform and service offering in the industry.  

Empyrean: Why does security matter? 

Data privacy is in the forefront of everyone’s mind. You go online every day; some people still get the newspaper believe it or not and there’s an article about a security breach. Data security and security are super important at the individual and employer level. 

I’m proud to say Empyrean is in a very good spot. Our security model is structured around the HIPAA framework and from there we dropdown into the NIST cyber security framework. The NIST cyber security framework is utilized by most companies in most industries of any size and any scale. So, it’s important for us to capitalize on this and think of three pillars: 

Confidentiality, data integrity, and data accessibility. 

Empyrean: What is Empyrean’s security strategy? 

Our security strategy is really focused on a framework that handles both physical and technical security and it’s built on those three pillars of confidentiality, data integrity, and data accessibility. When you think about security maturity, we often get asked about our SOC 1 and SOC 2 as part of the RFP process. We’ve decided as an organization to enhance our security governance model, our framework, and our maturity by going down the ISO certification route. On top of that, we bring in a 3^rd party who’s doing a complete audit of our security model.  They’re looking at our governance structure, our framework, they’re looking at our roadmap, they’re looking at our investments and they’re scoring us directly against the NIST framework. 

Empyrean: What is Empyrean’s cloud strategy? 

Everybody has different reasons for moving to the cloud. If you think about it from our perspective, we often get asked what’s your cloud strategy, are you moving to the cloud, are you already in the cloud? Our answer is yes, yes, and yes. We’re doing it for some very specific reasons. It provides organizational agility for us around innovation, bringing products to market, it allows us to scale our resources in a much quicker way, provides us cost efficiencies, fosters innovation, and at the end of the day it provides a much more stable base for business continuity planning, and disaster recovery. If you’re an employer group, you’re feeling good that Empyrean’s gone to the cloud. That if something major was to happen, our operations would continue. Employees would have access to the resources, tools, and services that we provide them. For us, it’s fundamentally about innovation, bringing products to market, elasticity, reliability – those are the fundamental reasons we’re moving to the cloud, and we believe in it.  

Our data operations process – second to none in the industry which in turn, lends itself to security. 

Empyrean: Why can we trust you to keep our data secure? 

We are an emerging leader with an 800+ score as a Bitsight rating. You couple that with our compliance components around our SOC and ISO, our transmission encryption, our at rest encryption, and our fundamental focus in security, that’s why you should trust us with your data.  

Check out all of the ways Empyrean secures your data.