Unifying Database Security in Moody’s Data Bridge

Aman PathaniaJuly 26, 2024

In January 2024, we announced that over 250 clients were using Moody's Intelligent Risk Platform™ (IRP), capitalizing on a cloud-native, robust, and integrated risk analytics platform.

Early in the platform's development, a strategic decision was taken to ensure clients could easily transition from their existing on-premises Moody's RiskLink workflows to the IRP. Data Bridge has beeninstrumental for customers in that journey.

Moody's Data Bridge was introduced in 2020, with a primary function to facilitate the migration of SQL workflows from on-premises servers to the cloud.

It has proved to be a pivotal tool for companies modernizingtheir risk analytics and moving to the advanced technology offered by the IRP, without having to go through painful re-writing of all their existing integrations with on-premises tools.

Data Bridge can also lower the cost of moving to the cloud from other risk analytics systems such as Touchstone; given SQL Server was used as the underlying store for the system a team's know-howcan be utilized during the transition to Risk Modeler™, UnderwriteIQ™, ExposureIQ™ or other IRP applications.

Below are some key features offered by the Data Bridge that help clients integrate their workflows seamlessly using modern technology offerings:

• Data Movement: Migrating to the IRP Platform, Data Bridge paves the way to move data from an on-premises system to the Data Bridge SQL instance. It allows EDM (Exposure Data Module) and RDM (Results Data Module) data to be uploaded, plus custom SQL Server databases.
• APIServices:The Data Bridge APIsdefine services for all the key operations to support different user personas of Data Bridge. It supports operations for small and large database artifacts, leveraging Amazon Web Services (AWS) for storage and transfer.
• Manage Administrative Operations: Data Bridge delivers controls for the application administrator to manage access, database archives, rename databases, set TLS (Transport Layer Security) versions, and more.
• Job Management: Data Bridge also provides a consolidated view of all the various job operations performed by application users.

Data Bridge has evolved significantly over the past few years, and its integration capabilities have expanded to include the key IRP platform applications Risk Modeler, ExposureIQ, and UnderwriteIQ, to assist clients in managing their risk data more effectively.

Let's examine this evolution in more detail:

Data Bridge: Developing an Architectural Solution

With a diverse client group adopting Data Bridge, including insurers, reinsurers, and brokers, each client has unique and complex dataset structures, requiring distinct levels of access control for specific datasets.

For example, firms often want strict data governance controls regarding which teams and individuals has access to specific datasets, like business data.

Platform administrators can now configure fine-grain access controls for specific datasets and databases, and map these to specific groups using a Data Bridge database security feature.

Data Bridge achieves this by granting access to an EDM or RDM only for required user groups. This approach solves the access control issue and extends the architectural data governance framework in Data Bridge with those used in Risk Modeler (see Figure 1 below) and ensures a seamless user experience across the different applications on the IRP platform.

Figure 1: IRP Ecosystem with Unified Security Controls

Data Bridge and the IRP Ecosystem

The Data Bridge database security feature can also ensure business teams manage and configure access to the exposure data as required, including:

1. Unified Access Across the Platform: Configuring access to specific databases ensures a user can seamlessly access data across different applications within the IRP. For example, if a user has permission to access a specific Data Bridge database, they can access that database on any other IRP application like Risk Modeler, UnderwriteIQ, or ExposureIQ.2. Integration with Single Sign On (SSO) updates:For clients utilizing SSO, any changes made to user groups then apply to SQL logins created by the user within the group and are updated in addition to their access to the IRP.3. Controlled T-SQL access: Data Bridge consumer and contributor users can now perform T-SQL on the Data Bridge databases if they have access to it.4. Data Integrity: Data integrity was a critical consideration for this feature's development, unifying key attributes like database ownership and granting data entity access across the platform:i) Database Ownership: Maintainingdatabase ownership is crucial when importing a database to the platform. The application ensures that operations like 'Load from Data Bridge' and 'Deregister' do not change database ownership.

ii) Load from Data Bridge: The new features ensure access to EDM databases is managed via core applications like Risk Modeler, ExposureIQ,and UnderwriteIQ once loaded from Data Bridge.

Seamless Transition for the Existing Client Base

The newly introduced features are designed to ensure that clients can continue with existing workflows without disrupting their ongoing business workflows.

Hence, clients can strategize their transition plan and adopt new enhanced security controls while fine-tuning and configuring their data ownership.

This is extremely helpful when clients have many databases on Data Bridge requiring database ownership and access configuration.

Below are several operational capabilities to help seamlessly migrate to the enhanced security controls:

• Data Bridge allows security controls to be configured at the server and database layer, or for a single layer. This gives an ability to configure database security based on organizational requirements.
• The option to select specific databases where security principles should not be applied; extremely helpful when client reference databases need to be accessible across all business groups within an organization.
• Just use one click to turn the feature ON or OFF at the tenant level when all database-level configurations are complete and required owners and groups are assigned to the respective databases on Data Bridge. In case of any glitches in the configuration, a single click can revert the tenant settings to the previous state.

Delivering a New IRP Security Experience

We are extremely excited about how database security can help our client organizations manage access to the exposure and non-exposure databases stored in Data Bridge.

Not only does this help our clients with a seamless experience across different IRP applications but is another step toward building a single platform for risk data management and modeling.

To learn more about database security, which helps customers to unify and manage access to their risk data, please email[email protected].

Aman Pathania

Assistant Director, Platform Product Management, Moody's

Aman is an Assistant Director, Platform Product Management at Moody's. He is a part of Moody's Intelligent Risk Platform™ product management team and leads Moody's Data Bridge product. Aman has over 15 years of experience in technology and product management, designing and developing platform-based solutions and building cloud-optimized solutions for SaaS product offerings.

He has previously worked in various software engineering, client engagement, and product management roles with Genesis - a subsidiary of the Digital Currency Group (DCG), and Fiserv.

He holds a bachelor's degree in computer science engineering from the Himachal Pradesh State University.

• #Data Bridge
• #Intelligent Risk Platform
• #Risk Modeler
• #platform administration
• #data security
• #Data governance