When it comes to mobile technologies and the nuances of the data being housed and transmitted on them, insurers don’t know what they don’t know. “Several insurance companies lack an awareness of data protection, especially with mobile technologies,” Stefan Van Overtveldt, chief engineer at Mastek, told Insurance Networking News.
But the pressure is on—from an employee satisfaction standpoint as well as a customer service standpoint—to get mobile devices and associated insurance apps into the hands of users. Van Overtveldt outlined the state of mobile technologies as a bridge to a discussion about adaptive case management at this week’s MajescoMastek user conference in Austin.
Using real-time polling, Van Overtveldt made the case for stepping up management efforts of mobile devices by addressing the “bring your own” (BYO) device to work issue. When asked if their companies allowed workers to bring their own mobile devices to work for use in accessing corporate systems, the more-than-100 audience members replied as follows:
14.8 percent: Mobile Devices Only
29.6 percent: Mobile Devices & Tablets
38.9 percent: Mobile Devices and Laptops
16.7 percent: No BYO mobile devices allowed
“So the majority of you allow your employees’ personal mobile devices to house and transmit corporate data,” he told them. “You realize that there will be three to 10 front-office and two to five back-office apps churning on these devices.”
Van Overtveldt cautioned the audience that in their attempts to empower their users, the mobility application path will have profound impact on their back-office applications and operations, and following his presentation sat with Insurance Networking News to expand on the topic.
“We know how to protect the laptop, but this knowledge does not exist with mobile development,” he said. “People can take the data off a mobile device, such as a cell phone, smart phone or tablet, and use it. The question becomes: How can you monitor what data is where and mask the sensitive data?”
Van Overtveldt stressed masking over field-level encryption as the way to create a secure environment from which users can function.
“Traditional security and management approaches just don’t work,” he said. “It’s moving from infrastructure and application authentication to data access authorization, and for this you need a pseudonimization approach.”
This approach takes precedence over anonymization, which simply rearranges the data, whereas pseudonimization replaces most identifying fields within a data record with one or more artificial identifier's. Van Overtveldt noted that most breaches tend to come from internal sources, so if a company approves a BYO policy, it’s important to include rules on data sets that can or cannot be replicated and have users access data and applications via a special WiFi network, not a VPN. “It’s about shifting the security on the device. Without this approach, any company that thinks they can control their BYO issues is deluding themselves,” he said.
The discussion about managing mobile devices with critical risks is obviously not fully realized, led Van Overtveldt to a discussion of adaptive case management (ACM), which, as a relatively new concept, is used to deal with less predictable situations. ACM is often compared to business process management, he said, which models workflows, and tends to work in production/distribution environments.
“But this does not work with knowledge workers and the processes that vary by individual,” said Van Overtveldt. “ACM tools provide systems support to the types of go/no-go decisions that are made by a human.”
Rather than thinking of it as a “fit your work to comply with tool,” ACM should involve a framework that fits the way work is done.
Van Overtveldt admits that ACM is an emerging concept, but believes it will increase in importance as insurers better understand its value.
