- Where Insurance & Technology Meet

Implementing Mobile – User Assumptions and Security Realities

An increasing amount of data suggests that consumers and employees are assuming that mobile technologies – smartphones and tablets – will become integrated in insurer offerings  and accepted as normal business tools.   And a number of insurers hare moving from pilot projects to production applications.  One outstanding question is: are security methods and procedures keeping pace?  The jury is still out, but the necessary action plan seems straightforward.

We have noted that the movement to mobile is not restricted to large insurers, and many smaller insurers are finding this is becoming a competitive equalizer.  We have also seen that regulatory organizations in the US and Canada are developing guidelines to encourage the use of mobile devices for financial transactions.  The result has been an increase in expectations.

In a recent opinion piece in, Edward Cammarato, John Cantwell, from Verisk Insurance Solutions, noted: “In the near future, customers will ask for mobile solutions to be included in their offerings and demand them at no additional cost. Just as today’s customers have assimilated online payment of policy premiums, they’ll also expect to upload possible claims data (with photos) using their mobile applications”.

At the recent NetVu User Group Meeting, Vertafore President and CEO Euan Menzies in his opening address , indicated that Web 3.0 will have the same level of impact as the original move to the Web with mobility, collaboration and insight driving the transformation.

Continued expansion will be contingent on appropriate security.  So where are we?  First, it needs to be noted that constructing mobile security for the insurance industry is complicated  because of the number of touch points that the insurance industry has.  Quoted in Insurance & Technology, Sadik Al-Abdulla, senior manager in CDW’s security practice, said, “Data loss prevention in the insurance industry is particularly challenging because you must follow sensitive data every step of the way.  … There is more opportunity for data loss because the insurance industry handles more data than other industries, and because more employees touch the data.”

In an accompanying piece, Chad Hersh, from Novarica, was asked how the industry was doing, indicated  that he felt it was not that far along.  However, he provided some advice:  “The security requirements for mobile aren’t necessarily novel, but rather are extensions of the security needs of the desktop, the Blackberry, the laptop, and the cell phone.  … That being said, they need to be taken as seriously as those other platforms.”

At the end of the day, business managers and IT staff need to examine the exposures, and the options for providing security.  There are resources to help.  Recently, Insurance Networking News summarized a report by advisers Janco Associates, Inc. on techniques to manage employees’ personal mobile devices, and the results – a combination of technical and procedural recommendations – look like applied common sense, such as: ‘Include remote device wiping’, ‘Provide simple workable solutions that even novices can use.’  The slideshow on INN is worth a look.

The first step needs to be to acknowledge the need, then gather the appropriate resources.  Given the trend, it seems worth the effort.