Gen AI in Business - Global Trends Report 2024.pdf
BCBS & Mediation Layer Architecture
1. A presentation of the Blue Cross and Blue Shield Association. All rights reserved.
BCBSA Mediation
Layer Architecture
August 09, 2012
Presentation at Intel / Gartner Webcast
Plamen Petrov
Chief Enterprise Architect
Blue Cross Blue Shield Association
2. A presentation of the Blue Cross and Blue Shield Association. All rights reserved.
12-131-V
2
Blue Plans have been leading the industry for 83 years
Cover 100M people –
1 in 3 Americans
Blue Plans contract with
96% of U.S. hospitals and
91% of all physicians
Blues committed to serving
local communities and national
customers
Blue Brand is #1 overall
brand equity in the health
insurance industry
Blues serve
85% of Fortune
100 Companies
The Blue Cross and Blue Shield System consists of 38 independently
operated Blue Cross and Blue Shield member companies, a Federal
Employee Program® and an Association, which serves the collective
needs of the Blue Cross and Blue Shield Plans.
Nationwide access. Local support.
3. A presentation of the Blue Cross and Blue Shield Association. All rights reserved.
12-131-V
3
BCBS Plan Members Access Many Services and Data Stores
Plan Member accesses services
provided by different entities and
data stored in many locations
Plan
Member
Local
BCBS Plan
BCBSA
Remote
BCBS Plan
Local
Hospital
Remote
Hospital
Consumer
Services
4. A presentation of the Blue Cross and Blue Shield Association. All rights reserved.
12-131-V
4
Service Brokering and Mediation Layer
Infrastructure
Services
BCBSA Mediation Layer
BluesNet
VPNs
Internet Organization
Organization
Organization
Blue Plan
Cloud Services
Organization
PlanConnexion
Cloud Services
Services Clients
Organization
Organization
BCBSA
Cloud Services
3rd Party Vendor
Cloud Services
Platform
Services
Master Data
Services
Architecture
Standards
Governance
Analytics
5. A presentation of the Blue Cross and Blue Shield Association. All rights reserved.
12-131-V
5
Mediation Services Platform
Mgt
API
Partner
API
Browser or Mobile
AuthN /Info Request
Medical Information
Service Provider Portal
BCBSA Plan A
• Web Server
• Mobile Tier
BCBS Plan B
Flat File
Services Mediation and
Integration Broker
Security Brokerage Technology EDI
Doctor Information
Peer Reviews, Awards
SOAP
JSON
XML
On-prem 3rd Party
Info Providers
• Web Server
• Mobile Tier
• SSL Termination
• Service Metering/Monitoring
• ID translation
• Data Transform
• Protocol Mediation
• Service Routing/Versioning
BCBS Plan C
• Web Server
• Mobile Tier
3rd Party Cloud
Info Providers
Service Mediation and Integration Brokerage
7. 7
Mobile and API Service Growth a Driver for IT CSB
Other Internal CSB Deployments
• Online University
• Healthcare Claims Provider
• SI Delivering Composite Apps
• Telco Service Aggregator
*Source ProgrammableWeb
IT CSB
Platform
Extended Enterprise
Private & Public
Cloud Provider
Developer & Partner
Consumers
CSB Platforms offer way to automate & scale fine-grain service
brokering for composite and mobile apps used by IT
8. 8
3rd Party CSBs &
Data Enrich Services
Partners
SaaS Applications
PaaS App Services
Departments 1-n
Developers &
Service Admins
Global Apps, IDM,
Middleware
Employee Apps
Devices
REST
HTTP
HTTP,
REST
HTTP,
REST/SOAP/
JSON
Id & Security
Broker
Service 1
PII Data
Tokenization
Service 2
API Mgt
Service 3
Orchestrate
VM/Services
Service 4
Dev Community
API Portal
Enterprise Departments/Developers
App to Cloud
Integration
Simplified, API
Exposed
Data
Integration
Service 5
Service/API Providers
On-prem Service
Broker
Sharing API Descriptions, Tools,
REST
JSON
Create Standardized
Apps that invoke
aggregated services
SOAP, JMS, DB,
FTP-any Calls
IT’s CSB Platform Simplifies Service Consumption
9. 9
Security, Access,
Compliance
Developer Community
• Meter usage
• Throttle per SLAs
• API Analytics
• Configuration not code
• Discovery of aggregated
services from IT
• Meta data
• Edge threat protection
• Data Loss Protection
• Federated ID Brokering
• PCI PII Data Tokenization
App Service Gov &
Integration
• API management
• Policy creation & exe
• Legacy & SOA integration
• Orchestrate & transform
• Protocol translation
Service Gateway Fast Path to Operating as a CSB
IT CSB Operator
• Consistent policy enforcement for integration,
security, compliance across departments
Monetization/Charge Back
Vendor Mgt- Contracts, SLA, Tracking
Monitor Security Standards & Policies
Dev Support & Disaster Recovery
Move from Line of Business to “Enterprise
Controlled Consumption of Cloud Services
Responsibilities
& Enablement Tools
Value Added Custom “Glue” Code
COTs Core
CSB Platform
10. 10
Security is Central for IT to Consume and Expose APIs
• Authentication: Enabled through
SSL/TLS, OAuth, SAML, Shared Secret
Mechanisms, Custom API Keys, Digital
Signature/PKI processing, Database
authentication rules
• Authorization: Enabled through XACML,
authorization decision points, coded in
policies, custom built rules
Trust - API Access Control Threat - Perimeter Defense
IdM
• Denial of Service Protection: Via app
security proxies and gateway capabilities
• Code Injection: Via pattern-based
scanning of SQL Injection, XSS, XML
threats, XPath injection
• Malware Detection: Via heuristics that
detect malware behavior
• A/V Scanning: Via signature based
scanning of MIME attachments
• Data Leak Prevention: Via network DLP
scanning for API calls
CSB platforms deliver these capabilities. Standards
based and independently certified
Lets drill into the broker platform a little deeper. Today off the shelf CSB technology enablement platforms exist to build host and deliver the broker service layer. This is typically a multi-tenant architecture that can service departmental needs. For the consuming department this may involve identity SSO or credential mapping for users to access SaaS provider apps, tokenizing or encrypting sensitive PII personal data to meet regulatory compliance concerns before pushing data and content to cloud provider platforms, proxing internal application API with enterprise class security before allowing consumption by partners, orchestration of VMs and services to deliver composite applications, or even to add value added services like moving large volumes of Big Data workloads for analytics. Its clear the cloud API plays an increasingly pivotal role in authentication, integration, security, and data integration for the CSB layer.