Finding the delicate balance between productivity and security is possible with platform applications on authenticated smart devices, write Malcolm Vather: solutions design manager at T-Systems South Africa
Whether we’re talking about life cover, short-term insurance, medical aid, insurance for unemployment, businesses, property, credit or even cyber-crime- the insurance industry is heavily-regulated and deals with a lot of sensitive customer data.
As such, it can be tough to find a mobility strategy that perfectly balances the need to empower staff with greater productivity, while also stringently protecting all customer data.
To provide the best possible service to clients, insurance company staff certainly need to access essential services like email, official documents and records. But simply using web-based email contains too many weak points: attachments can be saved onto laptops or smartphones, onto remote memory sticks, or forwarded from other email clients or web tools.
This poses a severe data leak risk for the insurance company.
Big stakes
It’s an issue that has been brought starkly into the light with the introduction of new data protection regulation – such as the Protection of Personal Information Act in SA, and the General Data Protection Regulation (GDPR) in Europe.
In fact, the GDPR has extra-territorial reach, in that it governs even the use of data by South African companies, if their clients have any European presence. For example, a local company that insures a fleet of vehicles owned by a European freight operator will need to comply with GDPR from this year onwards.
Insurers must also continually battle the scourge of insurance fraud and identity theft, and it’s only by keeping very tight control on their data that they are able to effectively address such issues. Leaked data can be a treasure trove for malicious forces looking to defraud insurers.
The answer
Just how can insurers achieve the goal of ‘enterprise mobility’ while still minimising the risks of data loss, and complying with this raft of new legislation?
The best approach is to identify the user profiles that need to have mobile access (not everyone in the company may actually need to work remotely) and then to enrol staff members’ mobile devices in a once-off process.
Authenticated staff can access email and documents from a secure platform application that is hosted on their device. All documents and attachments are encrypted, delivered from secure servers, and only available for viewing within the application.
Insurance firms can customise the exact rules around what people are allowed to do with documents – such as only allowing people to email certain documents within the company domain, for instance.
If a staff member feels their device has been compromised, they can log onto a web service that allows them to deregister the device from the enterprise mobility programme, remote lock, remote wipe the device (or just the corporate applications), view the last recorded location, and even ‘ping’ the device (which sounds an alarm tone even if the phone is set to ‘silent’).
Of course, policies need to evolve over time, to remain relevant with technology trends, user trends and legislative trends. To achieve a successful mobility programme, organisations must also conduct thorough change leadership and training – especially for new staff as they join the organisation.
Such an enterprise mobility programme can be managed on an ongoing basis by the in-house technical teams, or can be fully outsourced, from end-to-end, to a trusted ICT partner.