Blog

Computer monitors with code on screen and red headphones and a keyboard in front
Meet Kevin Miller, DataMotion’s Postman Guru 736 312 Team DataMotion

Meet Kevin Miller, DataMotion’s Postman Guru

Kevin Miller, DataMotion Security Specialist, recently celebrated his seventh anniversary here at the company. During this time, Kevin has worn many hats and brought a wealth of knowledge to the table, including his proficiency of the Postman API testing application, of which he can be considered a subject matter expert. He has helped many of his colleagues and customers understand Postman, and how to succeed with the tool. Kevin was kind enough to sit down with us to share his experience, as well as some tips on how to leverage Postman to its fullest capability. 

Heather Post, DataMotion Developer Advocate: Kevin, thanks for your time. And congratulations on the work anniversary!

Kevin Miller: Heather, thanks—it’s a great achievement.

HP: Throughout your time at DataMotion, you have held a few different titles leading to your current position as the Security Specialist within our Engineering department. Can you tell us more about your role, and what that entails? 

KM: Today, my duties include handling security documents and statements, ranging from our information security plans and operating procedures, to our business continuity and disaster recovery. Security assessments from third parties, especially the bigger assessments like EHNAC and now HITRUST, fall under this umbrella as well.

In the past, I worked closely with support and sales to assist with questions relating to API integrations or specific product integrations, such as those involving Salesforce and the DataMotion secure email content filter. I’m still happy to help both departments when needed. 

HP: I understand that you have had the opportunity to use Postman extensively. Can you explain what Postman is?

KM: Sure! In a nutshell, Postman is a desktop application for performing web requests. As DataMotion provides an extensive number of APIs to go along with our system, Postman provides an easy way to quickly test those APIs or demonstrate their use if questions come up during conversations with customers.

HP: When did you first start using Postman?

KM: My first experience with Postman was back in late 2015 during the initial release phase for SecureMail 5.37 (now referred to as secure messaging center) when our REST APIs were first released. 

It was easy to get the hang of Postman, and it helped us quickly test DataMotion’s REST APIs without the need to build an application to do so for each. The ease of use of Postman at the time lay in the fact that it was a GUI application that was able to perform API requests without requiring vast knowledge of programming techniques. All that was required was the appropriate URLs for the API requests and entering their expected request bodies. Then, all you had to do was click a button to send your request and receive an easy-to-read response. All of this is still true in regard to Postman today. 

HP: Are there any specific projects where Postman plays a significant role?

KM: Most of DataMotion’s current projects involve API development, whether it be the original messaging products or the newer projects being integrated into the self-service portal for our customers to easily use. When creating a new API, we use Postman heavily to test functionality and to ensure the API will handle various parameters correctly. We also use Postman for internal and customer-facing demonstrations. 

Therefore, I would say any time you are developing or adding functionality to an API, that is a great time to use Postman. 

HP: What are some of your tips and tricks for using Postman successfully?

KM: I would advise several actions to make things easier when using Postman. 

The first tip I would recommend is utilizing variables. If you have to utilize the same information in multiple API calls, you can replace this information with a variable and define the value of that variable for an entire collection of calls. Therefore, if you need a session key to run all of your calls but login, you can update this value in one spot rather than having to do so for each of the calls you will be testing. 

My second tip is to create a set of environments that coincide with different sets of URLs. This is particularly helpful when working within our own systems, as many of the functions remain the same, but the base URLs change depending on the system. I simply create one of those useful variables for the base URL and update it based on which environment I will be using. This, again, saves time and the hassle of creating multiple collections of the same API calls.

The third action I’d recommend is very specific to our own messaging products, but is quite useful. This is to create a short console script in the ‘Tests’ category that carries the session key over to other requests in the collection. As an example of how this helps me, I have created a script that will update that session key variable that I mentioned earlier every time I call my Login API call. This streamlines the process of updating the variable and allows me to run any of my API calls directly after logging in. 

HP: Can you explain what the DataMotion Postman collections are, and how they can be used?

KM: All of DataMotion’s Postman collections are geared towards its messaging products, and are best suited for development teams to test sending their expected payloads via API, or for those customers who have on-premise systems to test the APIs within their own environments.

HP: One last question. Do you have any advice for developers who are just getting started with Postman?

KM: For those that have never used Postman, it is a good idea to use a pre-built set of collections to get used to what a request in the application will look like, how to trigger the requests, and what to expect in the response. This will make you much more familiar with the product when it comes time to build and test your own API.

HP: Kevin, thank you for your time today, and for all of the great information!

KM: You’re very welcome!

For additional Postman tips and tricks, check out our blog posts “4 Tips for Becoming a Postman Guru” and “4 More Tips for Your Journey to Becoming a Postman API Testing Guru” which rounded up our Postman series on social media. Finally, be sure to follow us on Twitter, Facebook, and LinkedIn to catch our next tips and tricks series, which focuses on GitHub.

Join our Newsletter

Black and white October calendar sitting on desk next to glasses, a plant, and a pen
The DataMotion October Hot List 1024 435 Team DataMotion

The DataMotion October Hot List

Greetings, readers, and Happy November! As always, we hope that this blog post meets you in the midst of a positive and productive week.

As you may know, October was Cybersecurity Awareness Month. But as a company with over 20 years of experience in secure exchange, we at DataMotion believe that every month should be cybersecurity awareness month. In this vein, we put together a toolkit to help your organization stay secure year-round. We also published takeaways from InsureTech Connect 2021, and a round-up of the second half of our Postman tips and tricks series we shared on social media. Our next series of tips focuses on GitHub, and we think you’ll find this series helpful! You can find the series by following us on LinkedIn, Twitter, and Facebook.

Now, without further ado, let’s dive into October in the DataMotion Blog.

What You Missed in October

Ensuring Secure and Compliant Exchange for Insurance: ITC 2021 “Suffice it to say, there are ample opportunities for technological innovation in the insurance space for companies to help brokers and advisers better, and more securely, communicate with their policy holders.” In this post to the DataMotion Blog, DataMotion Director of Sales Success Christian Grunkemeyer shared his takeaways from ITC Vegas 2021 and the possibilities in store for the insurance vertical. (Note: Whether you attended this event and missed Christian, or would just like to discuss how DataMotion’s secure exchange solutions can benefit your organization, please reach out to our team of experts, who will be happy to set up an introductory call.)

4 More Tips for Your Journey to Becoming a Postman API Testing Guru “…just like sharks can never stop swimming, developers can never stop learning. When I come across some new tips on how to better use some of my favorite (and arguably, most important) tools, I jump at the chance to learn. And that’s why I want to share some amazing Postman tips for API testing.” A series so nice we rounded it up twice—in this blog entry, DataMotion Developer Advocate Heather Post shared the second half of our Postman tips and tricks series. (In case you missed it, check out part one.)

Aggregating Awareness: Your Cybersecurity Month Arsenal “…the digital landscape is changing rapidly.  New opportunities for digital business also present new opportunities for internal and external security threats…But armoring your systems for security and compliance should not hinder a smooth customer experience, nor should these factors interfere with your organization’s workflows.” DataMotion Content Manager Andrea Meyer and Content and Digital Marketing Specialist Sarah Parks have compiled a number of DataMotion Blog posts and other reference materials to help you keep your data secure year-round.

The DataMotion September Hot List In case you missed it in September, the DataMotion Blog played host to the first half of the Postman tips and tricks series, a list of five things to consider before developing software in-house, and more.

From ‘Round the Web

As we have over the past several months, we will once again present cybersecurity news and insights from around the web, including an article from Forbes as to why cybersecurity awareness must extend beyond the official month (we couldn’t agree more). We’re also sharing an article that explores why so many enterprises are not effectively managing cyber risks and resilience, and a list of what you need to know about keeping your data secure going into 2022.

From Forbes: Cybersecurity Awareness Must Extend Beyond The “Month”

From SiliconANGLE: Study Finds Over Half of Enterprises Are Not Effectively Stopping Cyberattacks

From Security Intelligence: What You Need to Know About Data Security Heading into 2022

This month and next, we’re looking forward to sharing news about new DataMotion products, more tips and tricks for using Postman, and some of this year’s editor’s picks. And as a quick note, like so many of our American readers, the DataMotion Blog will take a break the week of November 22nd to observe the Thanksgiving holiday.

But before breaking for the holiday, don’t forget to get a jump on 2022 and subscribe to the DataMotion Newsletter, which delivers industry insights, news, and trends to your inbox once a month.

That is about all for now. Thanks for a great October, and we look forward to seeing you in November!

Join our Newsletter

Man touching digital lock in front of him. Cybersecurity, lock and shield concept
Aggregating Awareness: Your Cybersecurity Month Arsenal 736 313 Team DataMotion

Aggregating Awareness: Your Cybersecurity Month Arsenal

While October is Cybersecurity Awareness Month, organizations should take care every day of every month to ensure that their data is protected while in use, at rest, and in motion. In today’s entry to the DataMotion Blog, we’re creating a cybersecurity toolkit for you with blog posts, whitepapers, and other resources for you to use year-round, as well as a quick summary of how DataMotion keeps your data secure while helping your organization enable compliance.

Suiting Up for Battle

Below are a few entries to the DataMotion blog that will help inform your security outlook and arm your team in the battle against internal and external security threats. This section will include a guide to the zero-trust security model, a series outlining where vulnerabilities may lie within your organization, and a look at the troubling rise of Ransomware as a Service.

DataMotion: A Zero Trust Model You Can Trust “Your organization has trusted but verified, perhaps verified then trusted. But is the ‘trust but verify’ standard enough? Are you really operating as safely as you could, or rather, should be in today’s cyber climate?” In this post to the DataMotion Blog, DataMotion CEO Bob Janacek dives into the zero-trust security model, why you should adopt it, and how this helps our customers stay secure.

Danger for Data “In the first part of this blog series, we will cover the top five risk-prone areas that developers and software engineers should be aware of. In parts two and three, we’ll focus on some of the people-oriented processes putting you at risk of a breach, following up with some actionable tips and recommendations for organizations to protect themselves and their customers’ data.” In this series, DataMotion CEO Bob Janacek explored where vulnerabilities may lie within your organization, and steps you can take today to protect your organization and your data.

Rise of RaaS “Cybercrime groups will do their diligence to identify corporations with ransom insurance, or finances earmarked specifically for that purpose. While larger enterprises are currently the favorite for cyberattacks, smaller organizations also fall victim.” In this three-part series to the DataMotion Blog, DataMotion Developer Advocate Heather Post offers an overview of Ransomware as a Service, how this growing industry can turn your vendors into risk factors, the costs of a cyberattack, and what you can do about it.

A Fully-Armored, Secure Digital Future

To sum up, the digital landscape is changing rapidly.  New opportunities for digital business also present new opportunities for internal and external security threats. Therefore, it is critical that your security practices and protocols keep in-step with these changes. But armoring your systems for security and compliance should not hinder a smooth customer experience, nor should these factors interfere with your organization’s workflows.

Here at DataMotion, we are delivering a secure digital future. We offer a large, flexible platform of services that can adapt to your organization’s needs both today and in the future. Whether you need a full suite of APIs for integrating a secure message center, or a standalone secure email service, our solutions can easily integrate into your existing workflows without disruption. Our integrations include a wide range of APIs, connectors, and protocols, making it possible to securely exchange data from virtually any source, such as a secure website form, and having it reach any delivery endpoint.

Here is a glimpse of what your enterprise can expect with DataMotion’s secure exchange services:

  • Ease of Use DataMotion’s solutions easily integrate into your enterprise’s existing workflows and customer interface. Your customers will have a seamless experience within your website’s portal while your team continues to conduct business as usual without interruption or re-training.
  • Maximum Security Our solutions live on a zero-trust, secure governed database, and use military-grade encryption. We also offer monitoring, support and escalation with our US-based team.
  • Flexible Options We offer a number of services that are flexible and scalable to your enterprise’s current and future needs and requirements.
  • Third-Party Certifications DirectTrust/EHNAC Registration Authority, Certificate Authority, Health Information Service Provider, ONC-HIT 2015 Edition Health IT Modular Certification, and Microsoft Azure SOC2, and FedRAMP certified data center. Secure mailbox and Direct are in the process of HITRUST
  • Verifiable Compliance* HIPAA, GLBA, PCI-DSS, HITECH, GDPR, PIPEDA, FINRA, CJIS

We invite you to learn more about DataMotion, and how our services can complete your cybersecurity arsenal, by visiting us at datamotion.com, or reaching out to our team of experts.

*Verifiable Compliance: we help our customers achieve compliance with these regulations.

Additional DataMotion Reading and Resources

The DataMotion Blog

Choosing an API Company: 14 Points for Due Diligence

Whitepapers

The Guide to Protecting Data in Motion

21st Century Data Sharing Techniques for Healthcare Transformation Success

Videos

10 Things to Consider When Implementing a Secure Message Center

The Missing Customer Communication Channel

Resources and Reads from Around the Web

From CISA (Cybersecurity and Infrastructure Security Agency): Cybersecurity Awareness Month 2021 Toolkit

From Health IT Security: 2021’s Top Healthcare Cybersecurity Threats, What’s Coming in 2022

National Cybersecurity Alliance: Stay Safe Online

Join our Newsletter

Man putting on glasses in front of a laptop with a travel coffee cup next to it
The DataMotion September Hot List 736 313 Team DataMotion

The DataMotion September Hot List

Welcome to another edition of the DataMotion Hot List! Our monthly hot lists give you a quick recap of the month’s content, updates, news, and more. September was a busy month for the DataMotion Blog, where we published the third and final installment of our Rise of RaaS series, offered tips on becoming a Postman guru, and shared five things to consider before building software in-house.

We were also pleased to attend the InsureTech Connect conference this week in Las Vegas! Team DataMotion was represented by Christian Grunkemeyer, who shared his thoughts on returning to trade shows, and insights on some of DataMotion’s secure exchange projects for insurance and financial services organizations. Whether you attended the event and missed connecting with Christian, or would simply like to learn more about how DataMotion’s secure exchange solutions can benefit your organization, we’d love to speak—please contact us to set up a quick chat.

What You May Have Missed in September

The Rise of RaaS: The Real Cost of a Ransomware Attack “Understanding how companies recover from a breach, as well as the obstacles they often face in the wake of an attack, can help with financial planning and crafting a security strategy… In this installment, I will go over the financial cost, the required manpower, and reputation damage that is often the residue of ransomware.” In this entry to the DataMotion Blog, Developer Advocate Heather Post explored the real costs of a ransomware attack. In case you missed them, we’ve included the first two installments of the series below:

The Rise of Ransomware as a Service

Consolidating the Vendor Risk Factor

5 Things to Consider Before Developing Software In-house To build or to outsource? That is the question facing many organizations when it comes to developing software solutions. In this post to the DataMotion Blog, we explore five points of consideration when mulling the decision over whether to build in-house.

4 Tips for Becoming a Postman Guru “Through extensive use and some research, my colleagues and I have found there are many tips and tricks to using Postman, which I think you’ll find extremely helpful while testing APIs and building your collections.” In case you missed our Postman #tiptuesday series on social media, Heather Post has rounded up the first four tips into a handy blog post.

The DataMotion August Hot List In case you missed it in August, the DataMotion Blog featured the final installment of the Danger for Data series, kicked off the Rise of Ransomware series, offered a checklist of what to look for when choosing an API vendor, and shared a glimpse into HIMSS ‘21.

News From ‘Round the Web

We’re kicking off Cybersecurity Month with a roundup of news stories to help inform you and your strategy. This month’s news aggregate includes an article on supply chain risk, how working from home is creating new business for cybersecurity, and why officials say that ransomware is here to stay.

From the Hill (MSN): Supply chain risk matters when it comes to cybersecurity for next-gen 911

From Bloomberg: Home Working Is Creating Dangers, New Business for Cybersecurity

Healthcare Info Security: Top US Cyber Officials Say Ransomware Is Here to Stay

Get Social with Us

If you’re not yet doing so, give us a follow us on LinkedIn, Twitter, Instagram and Facebook for company and industry news and updates.

Finally, remember to subscribe to our newsletter to receive updates, industry insights and best practices delivered to your inbox on a monthly basis.

That is all for now. We look forward to seeing you in October!

Join our Newsletter

Developer staring at a monitor with two windows of code open side by side
8 Tips for Postman API Testing Success 736 313 Team DataMotion

8 Tips for Postman API Testing Success

In software development, application programming interfaces (APIs) are an absolute necessity. APIs play a crucial role in enabling various systems to communicate and share data with one another. These versatile tools make it possible for developers to incorporate ready-made code into their applications, saving them the time and effort of creating complex features from scratch. Just as peanut butter pairs perfectly with chocolate, and a baseball game isn’t complete without sunshine, APIs are an integral part of a developer’s toolkit.

When it comes to working with APIs, there’s one tool that stands out above the rest: Postman. Loved by over 15 million developers and half a million companies worldwide, Postman has emerged as a key tool for programmers who need to test APIs, streamline their workflows, and save time.

What is Postman?

Postman is more than just an API testing application. It’s an all-in-one platform that supports every stage of the API lifecycle, from design and development to testing, documentation, and monitoring. With its user-friendly interface and extensive API collections, Postman has simplified the often-complex task of working with APIs.

Imagine you’re experimenting with a new API. You would likely need to set up the necessary request details, create an account, and provide account credentials before making the API call. With Postman’s API collections, all these details are readily available, cutting down your setup time and letting you ‘plug and play’ with ease.

As a testament to its effectiveness, the development team at DataMotion frequently utilizes Postman in their work, appreciating the many ways this tool enhances their productivity and efficiency.

Postman Tips and Tricks for Better API Testing

Postman is more than just an API testing application. It’s an all-in-one platform that supports every stage of the API lifecycle, from design and development to testing, documentation, and monitoring. With its user-friendly interface and extensive API collections, Postman has simplified the often-complex task of working with APIs.

After extensive use of Postman and thorough research, the development team at DataMotion has pulled together numerous tips and tricks to make the most of this powerful tool. These tips will save you time, streamline your API testing process, and help you become a Postman guru.

Tip 1: Streamline Workflows with Bulk Editing

Manually updating headers and parameters for each request can be time-consuming and repetitive. The ‘Bulk Edit’ feature in Postman is a lifesaver here. You can access this feature in the Header and Params sections, allowing you to see the list of headers or params in text rather than in a table format. This then allows you to copy the text and paste it into your new request. In the same section of your new request, select ‘Bulk Edit’ again and paste the text within. From here you can select ‘Key Values’ which has replaced the bulk edit option to see all your headers or params in the table format. This way, you can swiftly update your requests without having to modify each one individually.

Postman Tip 1, use bulk edit to copy and paste params or headers

Tip 2: Use Variables for Repeated Data in Multiple Requests

Another handy feature in Postman is its support for variables. You can set up variables within a folder or collection for data that is used repeatedly across multiple requests. For example, in DataMotion’s API collections, we have a header for a session key in most of our requests. When the session key updates, you can instead create a variable and update the session key variable’s value. You can then use {{variable}} to reference the variable in your requests. This simplifies updating the session key; you just update the variable value once, and it applies to all references across your requests.

Tip 3: Bulk Test Multiple Requests by Adding a Test Script

As a developer, quality assurance (QA) testing is an inevitable part of your role. Postman has a convenient way of allowing you to test multiple requests at once with the same script. To do this, select the folder or collection containing the requests you want to test, then navigate to the ‘Test’ tab and add your test code. You can then run the entire collection, executing multiple tests at the same time.

Postman Tip 3, test requests in bulk by clicking collection then adding a test script in the test tab

Tip 4: Enabling and Disabling Headers or Parameters

There might be times when you want to run a request without certain headers or parameters. Rather than deleting them and then having to add them back in later, Postman lets you disable or enable headers or parameters with a simple click. Deselect the checkbox next to each header or parameter you want to disable. This allows you to run the request with only the enabled headers or parameters included.

Postman Tip 4, run a request without a header or parameter by deselecting the checkbox next to each

Tip 5: Use the Postman Console to Update Environment Variables from a JSON Response

A great tip I recently learned utilizes the Postman console to update environment variables using data from a JSON response. You can write a script that parses the JSON response returned after making a request, then update an environment variable with this response data – all within Postman.

This trick is particularly useful when getting session keys. Within the DataMotion Postman collection, several requests require a session key. To streamline the testing process, I created a ‘SessionKey’ variable that allows me to easily update each instance at once. Then I add the following code to my console, which captures the updated session key from DataMotion’s ‘Get Sessionkey’ API call and automatically populates the ‘SessionKey’ variable with the response.

var data = JSON.parse(responseBody);

postman.setEnvironmentVariable(“SessionKey”, data.SessionKey);

This ensures that the ‘SessionKey’ variable in the majority of my requests consistently reflects the most current session key retrieved through the ‘GetSessionkey’ API call.

Tip 6: Utilize Postman’s Find and Replace Feature

The session key variable is scattered across the DataMotion collection. If the variable name needed to changed or be updated, it would be a long and menial task to complete. However, this work can be replaced with Postman’s find and replace feature.

To rename a variable, such as the session key variable or an attribute name, navigate to the bottom right of your Postman workspace to find the “Find and Replace” button. Select this button and type in the phrase or regex pattern you would like to identify. From here, select specific instances of this phrase to update or select all. Then enter the new phrase you would like to replace these instances with under the “Replace With” section and click “Replace.”

Navigate to bottom right of Postman window and find the "Find and Replace" button

Tip 7: Convert Your API Requests into Code Snippets

Postman is not just an API testing tool; it’s also great for converting your API calls into code. After configuring your Postman request, simply select the code icon on the right panel of your workspace, select a programming language, and copy the generated code snippet of your request.

You can then seamlessly integrate this snippet into your projects for a streamlined development process.

Select code icon in right panel to get code snippet

Tip 8: Automatically Create Documentation for Your Collections

You can create API documentation for your Postman collections using the documentation icon in the right panel of the Postman workspace.

Once you have selected the documentation icon, you will see the documentation for your request, including details on the endpoint, parameters, headers and body values. You can also select the ‘View the complete documentation’ button at the bottom of this view to get documentation on your entire collection. From here, you can select publish in the top right corner to publish this information, directly from Postman.

Create API documentation for collections with documentation icon

Deep Dive into Secure Message Center API with Postman

While Postman is a powerful ally for any API-related work, its functionality is especially evident when used with the secure message center API. Developed by DataMotion, the secure message center API enables secure messaging, email, and document exchange integration into self-service portals like online banking, insurance member services, wealth management portals, and more.

These self-service portals have become the primary interfaces for customers to manage their accounts, conduct transactions, find healthcare specialists, or check insurance claim statuses. However, these portals occasionally fall short of providing secure and compliant communication channels. This is where the secure message center API, built with data privacy and governance regulations like GLBA and HIPAA in mind, comes into play. By integrating the secure message center API into these portals, businesses can quickly establish a robust, secure, and compliant communication resource.

Postman’s ability to test, validate, and demonstrate the functionalities of the secure message center API proves invaluable in these integrations, making it easier for developers to understand, work with, and leverage the API to its full potential.

Postman Demonstration Videos

To help you navigate the complexities of secure messaging and API testing, DataMotion has prepared a series of demo videos showcasing the use of Postman with the secure message center API. These videos serve as a step-by-step guide, walking you through the API’s functionality and demonstrating how Postman can be utilized to facilitate API testing. Not a fan of Postman, but are looking for something different to test APIs? Check out our recent blog post and video demonstration that leverages the Insomnia REST Client for API testing.

Sending Secure Messages with DataMotion via Postman

Here’s one of our software developers demonstrating our ‘send message’ API. If you’d like to follow along, you can view our Postman Collection on GitHub and try out our APIs in our self-service portal.

Managing Folders in DataMotion's Secure Message Center API with Postman

This video offers a comprehensive demonstration of folder management with the secure message center API. It covers the essential steps of listing, creating, and deleting folders for efficient organization.

If you are developing a self-service portal for a financial services or insurance company – we hope this taste of secure message center programmability clarifies what you can build with our APIs. Of course, there is a lot more functionality – and all of the secure message center APIs are well documented with sample code and SDKs.

Conclusion and Invitation for Further Exploration

APIs have revolutionized the way developers work, and Postman is one of our favorite tools leading the charge in making API testing more accessible, efficient, and effective. As we continue to explore and discover new facets of this and other powerful tools, we’ll continue to share our knowledge and tips with the developer community. For more insights into the world of Postman, similar tools like Insomnia, and API testing in general, follow us on LinkedIn, Facebook, and Twitter and subscribe to our monthly newsletter. We post new tips and tricks every Tuesday, providing fresh content to help you master these incredible tools. To put your Postman learning into practice, download our Postman collections on GitHub.

Feel free to contact us for any questions or to discuss your project ideas, and don’t hesitate to book time for a conversation or technology demonstration!

Updated November 9, 2023

Join our Newsletter

Patient signing insurance claim form next to doctor
The Great Return to the Trade Show: InsureTech Connect 2021 736 313 Christian Grunkemeyer

The Great Return to the Trade Show: InsureTech Connect 2021

InsureTech Connect will mark my first in-person trade show since the onset of the pandemic. I miss the in-person human interaction and hearing people’s stories! There are so many emotions around this – I’m nervous, excited, and truly curious about what to expect onsite. But most of all, I’m relieved. While DataMotion has already been represented at the HIMSS Conference this year in Las Vegas, I’ve almost attended a number of shows since March 2020. The unknown has become increasingly frustrating, and knowing that I’ll definitely be attending this show is such a great feeling.

I am excited about this event in particular because of the opportunity to help insurance and financial services organizations fix security-related obstacles in their member portal and mobile app workflows. DataMotion has been heavily involved in a number of secure communications projects over the past few years with insurance companies and financial institutions, focusing on integrating a secure messaging center for simplified client and member communications. These integrations bring users, both customers and staff, into established, familiar experiences, such as a mobile app, member portal, or client login. These platform integrations also spare users from being directed to third-party portals to create yet another username and password.

While every organization is different, there is one consistent similarity among our customers: they know, and want, what’s best for their clients. In short, ease of use, coupled with security, is the order of the day.

What we’ve been hearing from folks over the past 18 months (via phone conversations and web conferences, of course) is that an integrated secure message center helps organizations enable a person-centric business model. This, in turn, helps improve the overall customer experience and ultimately maximizes star ratings (e.g. Net Promoter Score), minimizes per-member costs, and promotes competitive advantage through customer service.

In order to achieve these elements, the secure messaging platform needs to integrate into both the client-facing front end and the back end, including the email environment (Microsoft 365, Google), CRM, call center applications, etc. There are a lot of moving parts here, including adherence to regulatory compliance, so it is critical that the platform is as flexible as possible in order to seamlessly integrate into every aspect.

From what we have heard, it seems as if the goal of many organizations is to minimize infrastructure costs by moving to the cloud. This is largely because hosted/cloud services do not require significant capital expenditures. With that flexibility, APIs help facilitate rapid and frictionless integration(s) across an enterprise’s solutions ecosystem (call center, CRM, ticketing system, etc.). The scalability of a cloud solution maximizes useful life, and minimizes year-over-year cost of ownership. The integration goals have been to enable full omnichannel capabilities of their backbone solution(s).

Finally, convenience plays a major role in this shift. It has been established that members prefer to receive plan information electronically, rather than by mail or in person. Providing the ability to access plan information via email not only benefits members with that overall convenience, but also helps promote member retention by easing engagement and building a trusted relationship.

I’d love to hear from everyone who’s attending the conference, and take a few minutes to talk about what you’re doing to provide a more integrated communications experience for your clients and members – maybe we can help! Let’s connect:

If you are attending the conference, you can set up an in-person or virtual meeting via the InsureTech Connect Matchmaking app: https://matchmaking.grip.events/insuretechconnect/app/home

Whether you are attending or not, I would still love to speak—you can schedule a meeting on my HubSpot calendar: https://meetings.hubspot.com/christiang

Looking forward to seeing you in Las Vegas!

Join our Newsletter

Programmer working on developing software with two laptops, a monitor, a keyboard, and a track pad
5 Things to Consider Before Developing Software In-house 736 313 Team DataMotion

5 Things to Consider Before Developing Software In-house

It’s a common analogy: the decision between building or buying a software application is comparable to choosing whether to build or buy a house. The pros and cons for both are similar. Building it yourself often leads to something made specifically for your needs and could save you money. However, it also can take much longer than predicted and has a substantial risk of unexpected expenses. While choosing to buy can be the simpler and faster decision, you may not receive that “made just for you” feeling you were hoping for. Many of our customers struggled with this dilemma before choosing to use a third-party vendor. Why is this? We’ll highlight five things to consider before developing software in-house and why it may be better to let someone else do the heavy lifting.

Stressed out developer taking a break while resting hands on headBefore getting started, we want to emphasize that building software in-house is not always a bad decision. If your desired solution is expected to be core to your business and your team has the resources to build it themselves, then building it in-house can be the better option. Not only will your solution have the features you need, but you’ll also have greater control over it in the long run. On the contrary, if your solution is not expected to handle core business processes and your team has other critical priorities, we encourage you to keep reading.

Now that we’ve gotten that out of the way, let’s get started. Here are five things to consider before building software in-house.

Five Things to Consider Before Developing Software In-House:

1. It’s a massive time commitment. As we alluded to earlier, building a new software solution or application from scratch can be an extremely long, drawn-out process. In fact, the time it takes to develop the front and back-end infrastructure for a standard web application is 4.5 months. If your project includes complex features, such as secure messaging, assume it will take longer. And when you think you’re done, you’re not. Work isn’t complete once you go live. As the software developer, you will be responsible for monitoring, updating, and supporting your application even after it’s launched.

2. It’s incredibly expensive. When you build software in-house, it’s common to assume that you’re saving money. While that may be true, it’s not always the case. To put the costs into perspective, let’s crunch some numbers.

For simplicity, we’re assuming we have a one-person team, a front-end developer. We’re also assuming they’ll complete the project in 4.5 months while working 40 hours per week.

Estimate for how many hours it will take to build software in house. Taking 4.5 months and multiplying it by week per month and 40 hours per work week.

That works out to 720 hours for one employee to work on a single application. Odds are, you’ll have a team of developers working together, so make sure to multiply that number by the number of people on your team.

Since we’re talking in terms of money here, let’s convert that to how much you will spend during that time frame, using $57 as the average pay per hour for a front-end developer in the United States.

Estimate for cost to build software in house. Taking the average pay per hour for a front-end developer multiplied by the number of hours to develop a standard web application. Estimated cost comes out to $41,040

$41,040. That’s the minimum you’ll spend to build a standard web application. Now, we’ll admit that math was not perfect. You’ll likely have a larger team, consisting of employees in various roles, all getting paid different amounts.

Not to mention – all that time and money that went towards building your application could have been spent focusing on other priorities, so there’s an opportunity cost to consider.

3. It’s (probably) already been built. Unless your requirements are highly specific and unique, there’s an excellent chance someone has already built all, or at least part of, what you’re searching for. A third-party vendor has already put an extensive amount of time and work into testing and perfecting their solution to ensure it works exactly as expected. Thus, they will know the ins and outs of their product, how it was built, what it can and cannot integrate with, the potential to customize it, and solutions to common problems. In short, these folks have years of experience and know what they’re doing.

Word of warning: not every third-party vendor is built equal. While many have taken the necessary steps to protect their system’s security and meet the needs of their customers, it’s important to do your due diligence when choosing to outsource all, or parts of, your project. Here are 14 points to consider when vetting a third-party vendor, particularly when choosing an API company.

4. You will be your own support team. As mentioned earlier, building software in-house means providing support for your software throughout its lifespan. This requires a significant, ongoing time commitment from your team. It also involves a constant effort to maintain the skills and knowledge to properly respond to requests. This means continuous training for your current team, and any future team members.

5. Other products have been polished and perfected. Remember when we mentioned earlier that an application with your requirements has likely already been built? This is a critical topic, so we’re going to reference that again in this last point. Many API and SaaS companies have been around for a while and have already spent years testing, modifying, and updating their services. Often, this results in a fine-tuned product specifically designed to meet customer demands.

This experience factor is also important to consider if your desired solution must comply with industry and privacy regulations. To satisfy compliance requirements, specific steps must be taken, and certain criteria met both within the services offered and the organization who provides the service. Many third-party vendors have already taken the extensive time needed to fulfill these requirements so their customers can focus their resources elsewhere.

To Sum Up

Building software in-house may sound like a promising idea when you’re considering a project. However, it is critical to assess the pros and cons of building it yourself, lest you fall into a never-ending development cycle. And if your project involves any type of secure messaging system, additional time must be taken to meet regulatory compliance requirements.

To close out this blog post, we’d like to provide you with five preliminary questions to ask yourself when choosing to build or buy software:

  1. Is my desired solution core to my business processes?
  2. How much time and money should I devote to my project?
  3. Do integrations for any of my solution’s preferred features exist?
  4. Do I have the resources to update, maintain, and provide support for my solution throughout its lifespan?
  5. If my solution deals with any kind of sensitive information, what are the relevant regulations with which it must comply?

DataMotion offers a variety of API and pre-built solutions for organizations seeking to add an easy-to-use and secure messaging system to their communications toolkit. We also offer several pricing plans for our pre-built services and tiered pricing for our transactional APIs. To get an estimate on how much you’ll spend using our secure message delivery API, you can use the calculator on our pricing page.

Explore More

Sources and Related Reads

Join our Newsletter

Hacker using laptop surrounded by falling dollar bills on a blue background
The Rise of RaaS: The Real Cost of a Ransomware Attack 736 310 Team DataMotion

The Rise of RaaS: The Real Cost of a Ransomware Attack

Welcome to the DataMotion Blog’s third and final installment to the Rise of Ransomware as a Service series. Thus far, we have focused on what Ransomware as a Service is, examined some recent attacks and how they started, and explored the snowball effect that can follow when your third-party vendor is a risk factor. While these are important elements to understand in order to help create a defensive plan to avoid falling victim to a similar attack, there are still a couple of critical questions left to ask. What happens after an attack occurs? What is the true cost of a ransomware attack?

Understanding how companies recover from a breach, as well as the obstacles they often face in the wake of an attack, can help with financial planning and crafting a security strategy. For example, many organizations have opted to invest in ransomware insurance, or to establish a fund specifically for the possibility of an attack, because paying a ransom is often the fastest route to getting an encrypted infrastructure up and running again. In this installment, we will go over the financial cost, the required manpower, and reputation damage that is often the residue of ransomware.

Financial Woes

The prices of everything, from milk to gas, are rising—and we hate to inform you, but ransom is no different. As companies continue to pay ransom demands to decrypt their environment or retrieve their data, cybercrime groups ask for more. A Forbes article found the average cost of ransomware recovery has grown $1.08 million in the last year. The cost per company, however, can vary, depending on its size and revenue. For example, JBS (the meat packing company who was hacked in early June) paid hackers $11 million to retrieve their data and get their systems back up and running. Colonial Pipeline paid their attackers roughly half of that, about $5 million. Though in Colonial Pipeline’s case, $2.3 million of the payment was recovered by the DOJ’s Ransomware and Digital Extortion Task Force. Given that the companies mentioned above each paid a hefty ransom, it might seem like a good idea to allocate resources, just in case.

Unfortunately, with the rise in ransom cost and the growing frequency of attacks, the price for insurance coverage is also increasing. Many insurance companies are starting to restrict their coverage, or drop ransomware coverage altogether. Those who find the higher cost in coverage to be worth it run into an entirely new issue: insurance is something hacking groups look for. Cybercriminals know they can’t extract blood from a stone, so they perform research to target companies who can afford to pay. Once they breach an environment, they often look for signs the compromised company has financial security to help determine the price of the ransom they will charge. A Washington Post article found hacking groups are referring to insurance companies as “an endless pot of gold” and are known to send screen shots of insurance plans to organizations from their own systems during negotiations. This greatly weakens a company’s ability to lower the ransom price, and may even increase the demand.

You’ve Been Served

The rising cost of ransomware is not the only thing to worry about. As we reviewed in the last part of this series, an organization’s clients can become caught in the crossfire of these attacks, leaving customers’ data and systems vulnerable to subsequent attacks. This can destroy a company’s reputation and devastate their customer base.

Some organizations are able to pay ransom in secret, so their reputations likely won’t suffer the same damage as their wallets. However, it’s hard to keep the cat in the bag when your customers are affected. For example, last month T-Mobile was once again breached, and their customers’ data was compromised. The data for 47 million current and former customers was posted on a public site as a result of this breach, including social security numbers and financial records.

Once the smoke clears and damage is analyzed, lawsuits often follow, adding legal fees and settlement payments to the total cost of a ransomware attack. Colonial Pipeline experienced this after they were hacked; as a result, their oil distribution halted, leaving much of the southeastern U.S. without oil. The legal fallout includes business owners suing for lost profits and customers suing over higher prices while waiting for distribution, on the grounds that a lapse in Colonial Pipeline’s security causing the breach. This is becoming a familiar fate for other organizations as well.

Time is Money

As if the ransom and lawsuits weren’t enough, you also need to factor in the profit lost when your servers are down. This profit loss is what often drives the pressure to pay a ransom in the first place. Every day that your environment is unaccusable and your services are down, the more profit is lost. But paying hackers is a double-edged sword. The more money a cybercriminal group makes, the stronger and more resourceful they become, making them even more dangerous and unstoppable. The new accessibility to malicious software that RaaS brings, coupled with a steady stream of profits from paid ransoms, is only adding fuel to this fire.

Not to mention, there really is no honor amongst thieves. 92% of organizations who paid a ransom did not get all of their data back. New servers need to be built and brought online before services can resume, which can be an expensive and tedious task. Once your environment is up and running again, production is often slowed due to a loss in data. As we discussed in the second installment of this series, disaster recovery servers are the best way to recover data and bring servers back online. It’s also important to back your servers up often to minimize data loss and bring productivity up to speed as quickly as possible and limit the amount of revenue lost.

Additional Preparations

As promised, below are two additional tips to help protect your environment from a ransomware attack, hopefully sparing you a logistical headache:

Preparation Tip #1

The first tip is to implement an email gateway to avoid phishing attacks. An email gateway can help scan links and documents within incoming messages to identify potential malicious code and immediately deny the message or move it to your trash folder. By identifying and removing malicious emails, which hackers often exploit for entry to your systems, you greatly reduce the threat of a phishing attack. Email gateways can also be used to create other rules in addition to thwarting malicious messages. For example, to send data securely with DataMotion software, right from your email client, you can easily create a rule that will send any message with a tag like “[Secure]” to be encrypted and sent over a secure line. This tag can be added anywhere such as the subject or body of the message, and doing so helps lock down sensitive data and meet compliance regulations.

Preparation Tip #2

The second tip we have for you today is to patch and update your products and environment as soon as new updates are released. As zero-day vulnerabilities are detected within an environment or product, a patch or update is created as soon as possible to correct the vulnerability and protect you from the exploitations that can follow.  The Kaseya attack started with a zero-day vulnerability in Kaseya’s VSA server. Once the hackers discovered the vulnerability, they quickly scanned the Internet to find customers utilizing this product in order to exploit the lapse and breach customers’ systems as well. Had Kaseya discovered the vulnerability first and deployed a patch to resolve this error, only those customers who did not deploy the patch would still be at risk.

The Gist of It…

Every ransom that is paid to undo an attack emboldens and strengthens cybercrime groups. But the price of a ransomware attack goes beyond the cost of ransom. With the costs of service downtime, legal fees, lost data and new equipment factored in, ransomware becomes much more expensive than what is often portrayed to the public. And to top it off, your company and leadership team’s reputations are definitely at risk, along with the trust of your current and potential customers.

With the rise of Ransomware as a Service, attacks will continue to be launched, likely with greater frequency. However, implementing the tips reviewed in this series will help you and your organization create a solid defense and resilient infrastructure against ransomware attacks. One tactic we review is to implement email encryption and to secure your data transfers. You can quickly find more information on how to enact this functionality today with DataMotion APIs.

Be sure to check out the DataMotion Blog and our Resources page for great development advice, including articles on protecting your environment both internally and externally.

Be Sure to Read the Other Parts of This Series:

Sources and Additional Reference Reads

Join our Newsletter

Image of smartphone resting on a laptop with a calendar and pencil sitting to the right
The DataMotion August Hot List 736 310 Team DataMotion

The DataMotion August Hot List

Greetings, readers, and welcome to the DataMotion Hot List, where we recap the month’s news, updates, and content. This month, we delivered the final installment of the Danger for Data Series, shared 14 points of consideration when vetting an API company, explored the rise of ransomware as a service (also explaining why your third-party vendors could be putting you at risk) and published takeaways from the 2021 HIMSS conference in Las Vegas.

In other news, you spoke, and we listened—you now have the ability to purchase our secure message delivery API directly via the DataMotion website! This new feature includes a $25 credit automatically deposited to your account for use towards our secure message delivery API. Read more about this new feature and how you can benefit.

And finally, before we begin this month’s Hot List, we are pleased to announce the Postman Tips and Tricks series! DataMotion Developer Advocate Heather Post is sharing some of her tips for using Postman, with a new tip published every Tuesday on DataMotion’s LinkedIn, Facebook and Twitter pages. Please feel free to like, share, and comment with your own Postman tips and questions!

The DataMotion Blog: What You Missed in August

Danger for Data, Part Three: Remedies for Risk In the third and final installment of our Danger for Data series, DataMotion CEO Bob Janacek explores actionable risk mitigation steps for an enterprise’s IT and business sides. In case you missed them, check out parts one and two of this series:

Choosing an API Company: 14 Points for Due Diligence There is a lot to consider when vetting an API company. In this blog entry, DataMotion Director of Operations Alex Mushkin shares 14 points to include in your due diligence checklist.

The Rise of Ransomware as a Service In the first part of the Rise of Ransomware as a Service series, Heather Post explores this new industry, its players, and why it poses a threat to your enterprise.

Rise of RaaS: Consolidating the Vendor Risk Factor In the second part of this series, Heather Post continues her deep dive into the emergence of RaaS, this time exploring recent ransomware attacks, why your third-party vendor might be a security liability, and risk mitigation.

HIMSS 2021 Takeaways: Healthcare, Cybersecurity and Interoperability While we did not host a booth this year, Team DataMotion still made its way to sunny Las Vegas to attend the annual HIMSS conference. Doug Rubino, Business Development Director, Healthcare, sat down for an interview to discuss his event takeaways. (In case you missed it, be sure to also check out Doug’s summary and takeaways of June’s 2021 DirectTrust Summit.)

Reads from ‘Round the Web

This month, Forbes called out five cybersecurity myths, VentureBeat explained why cybersecurity should be a priority, and TechRepublic reported on a White House meeting where tech companies pledge to toughen U.S. cybersecurity:

From TechRepublic: Tech companies pledge to help toughen US cybersecurity in White House meeting

From VentureBeat: Clear and present danger: Why business leaders must prioritize cybersecurity

From Forbes: Five Cybersecurity Myths That Need To Go

That is about it for this month. Like many of you in the U.S., the DataMotion Blog will take a holiday next week to observe Labor Day, but we’ll be back the following week with the third installment of the Rise of Ransomware as a Service series. Before you take off for the long weekend, be sure to subscribe to our monthly newsletter for industry insights, thought leadership, and best practices delivered to your inbox. And if you need a little addition to your weekend reading, stop by July’s Hot List.

To our U.S. readers, we wish you a safe and happy Labor Day weekend!

Join our Newsletter

Stethoscope on top of clipboard while a doctor and a patient communicate in the background
HIMSS 2021 Takeaways: Healthcare, Cybersecurity and Interoperability 736 310 Doug Rubino

HIMSS 2021 Takeaways: Healthcare, Cybersecurity and Interoperability

Team DataMotion recently attended the 2021 HIMSS (Health Information Management Systems Society) conference in Las Vegas, Nevada, August 9th-13th. While we did not host a booth this year, some of our team represented our company as attendees, and we wanted to hear about their experience. We sat down with Doug Rubino, Business Development Director, Healthcare to discuss the overall event, Doug’s takeaways, and what is in store for the industry.

Q: Doug, thanks for taking the time to speak with us. Could you give us a sense of some of the overall discussion topics at the conference?

Doug Rubino: I had the opportunity to speak with quite a few attendees and in general, there were some interesting conversations. One of the more-discussed topics was the weather—it was HOT in Vegas! Other points of general discussion were, as you can imagine, COVID-19, the delta variant, and the impact on this year’s event. But industry-wise, some of the more common discussion themes throughout the week focused on telehealth, remote patient monitoring, population health and care management in areas pertaining to at-risk communities, and public health. There was also much discussion around the use of artificial intelligence within healthcare.

Q: Could you tell us a little about some of the challenges that organizations are facing?

DR: One challenge is the enablement of public health organizations and other community-based organizations to securely exchange PHI and other sensitive clinical information amongst stakeholders within the healthcare ecosystem. These stakeholders include health systems, health plans, and other ancillary provider organizations, among others. Community-based organizations, which exist to support those most at risk in our society, often do not have the technology in place to support interoperability.  Finally, from a business standpoint, there is a real lack of business-related processes and internal workflows to support initiatives such as closed-loop referrals.

Q: Were there any challenges cited that were specific to cybersecurity?

DR: Yes, indeed. Based on my conversations and from what I heard at the sessions, many (if not all) healthcare organizations seem to be operating at an increased level of awareness regarding cybersecurity threats to their infrastructure. This concern also extends to ransomware attacks, especially in light of some of the recent news stories.

Another security-related challenge that came up at HIMSS 2021 was the common issue around legacy systems. In addition to the outdated hardware and software, many organizations have a marked lack of internal expertise and knowledge of internal network schematics and topology. This, essentially, boils down to a general failure to understand where system vulnerabilities exist, which ultimately leads to the inability to anticipate and identify cybersecurity threats, and to prevent an attack.

To mitigate the risks of cybersecurity threats across a healthcare organization, it’s essential to fortify vulnerable endpoints. Here at DataMotion, our library of APIs is intended to do just that, ensuring a seamless flow of sensitive data into and out of an organization to ensure its privacy and confidentiality. We operate through verifiable compliance, multi-cloud design and low-code technology, making it easy to integrate into a workflow while adding an extra layer of security.

Q: From challenge springs innovation. What kind of new ideas are making their way into the space?

DR: There are some exciting new concepts and developments in this area! To name a few, the use of artificial intelligence for patient flow and medical coding, ambient clinical intelligence, the automation of clinical documentation, and some of the advances being made with respect to prior authorizations.

Q: We saw your event agenda, and it was packed with some interesting-sounding sessions! Could you tell us a little about one of the sessions, and some of your key takeaways?

DR: During “Keynote: Healthcare Cybersecurity Resilience in the Face of Adversity” the speaker had a great point when discussing cybersecurity. He stated that too many organizations do not have a complete picture of how their information systems are connected. In order to effectively secure an environment, an organization must have a complete picture of its network schematic across the entire enterprise to properly secure all endpoints. This really spoke to what we do at DataMotion, making these connections to keep data and documents secure, and how increasingly important services like ours are to the healthcare ecosystem.

Q: What were some of the other, overall topics and what developments do you see coming in those areas?

DR: In general, there was a lot of discussion around social determinants of health and incorporating public health into the general healthcare ecosystem. I anticipate there will be an increased focus on enabling the interoperability of organizations operating in and servicing the public health space. For example, linking community-based organizations to the greater healthcare ecosystem.

Q: Doug, thanks for your time and sharing your takeaways from HIMSS 2021. It sounds like this was a productive event!

DR: It really was! HIMSS is an outstanding, informative conference, and it always gives a great sense of what is coming down the road for the industry. I’m looking forward to HIMSS ‘22!

 

Explore More

Directly Speaking: The 2021 DirectTrust™ Summit

21st Century Data Sharing Techniques for Healthcare Delivery Transformation Success

HIPAA Compliance in the Age of Population Health Management

Join our Newsletter