As the primary point of accountability for information technology assets throughout the insurance enterprise, the care and maintenance of an IT asset management (ITAM) program is an inherent part of the IT executive's job.
Historically, the use of integrated software solutions and processes that track the procurement, deployment and lifecycle of hardware and software assets has made IT asset management, well, manageable. But a changing landscape teeming with mobile handhelds of all sizes and types is making that management difficult. Indeed, recent statistics (see "By the Numbers" on page 10) buttress the fact that mobile technologies, including smartphones, tablets, notebook computers and PDAs, and their attendant storage devices, such as USB drives or SD cards, have come to represent a challenge to asset managers that insurers cannot afford to ignore.
Thus, for the insurer's ITAM program, the proliferation of mobile devices and associated apps means organizing chaos-from creating corporate usage policies that cover everything from the types of devices being made available to users, to how and when they can use them (and for what purpose), to the corporate resources (network, applications) they include, and of course, to the security measures that will overlay all usage.
As a result, ITAM has taken on a different, albeit larger, role within the insurance organization. And not surprisingly, insurers are, in some cases, having difficulty keeping up. "Insurers are looking at the thin end of the wedge in terms of corporate ownership of [mobile] hardware," says Matt Josefowicz, insurance practice lead at Novarica. "For the first time in history, mobile computing is outperforming personal hardware in terms of user experience."
Yet, says Josefowicz, there's a certain lack of urgency and momentum exhibited by insurers to apply a variety of mobile technologies to their formal ITAM programs. For some, it's a matter of evaluating whether their current mobile strategy is good enough or needs to be revised based on additional features/functionality of newer devices, notes Josefowicz. "People are still committed to their original mobile platform (Blackberry still being the most common corporate mobile device used by insurers)," he says. "For the new tablets, it's something of a 'wait and see.'"
Brad Tomkins, director of technology services for insurance and technology services firm The Seibels Bruce Insurance Group, concurs. His insurance clients are still investigating the merits of making mobile devices available and if so, incorporating them into their ITAM programs. "They use it in a research & development fashion," Tomkins says. "For example, they are evaluating various tablets to determine how they can use them for everything from expediting claims handling, to development of in-house applications that let customer experience managers get a real-time snapshot of what's going on in their call centers."
Josefowicz agrees that tablets offer more utility in most circumstances than do phones, but doesn't see the devices supplanting the smartphone any time soon. "Its form factor is different; it's still a difficult device to have with you at all times. It's not a pocket device," he says.
The Personal Challenge
At Secura Insurance, an Appleton, Wis.-based provider of personal and commercial lines insurance, tablets are not yet the device of choice, but may be in the future as IT is asked to support them. The company is currently "testing the waters" with tablets says Ernie Pearson, Secura's IT director, applications development. With the exception of a few netbooks, the "weapon of choice" is still the venerable Blackberry, which has grown in popularity to include not just executives, but also mobile workers, field adjusters and field underwriters, he says.
"At one time, we armed our field people with laptops and our VPN in order to enable them to access our core apps. Replacement costs, estimating tools, building evaluation costs all go through the VPN," notes Pearson. "But as some of these devices become 'always on' and empower people to be more connected, it's hard to imagine doing work the old way. The word on the street is that ultimately employees will push insurers to adopt more quickly than they had anticipated. We are seeing that individual usage-the desire for one device for everything-is now what's popular."
Tomkins blames the consumerization of IT-and a new crop of younger employees that are coming into the insurance industry-for mobile technology's popularity. "They want their information, they want it on their device of choice and they want it now. And they want it to be available to them anywhere from the network," he says.
The grassroots movements by employees to use their own devices vs. corporate-issued ones presents yet another ITAM challenge, and one that is not lost on Joseph Shomphe, VP of Shared Services for Arrowhead General Insurance Agency Inc., a managing general agent group that provides commercial, personal and specialty lines insurance. Shomphe says his organization has long supported Blackberries and laptops as mobile platforms, but over the past three years has seen a slow but steady trend toward employees wanting to use both company-owned Blackberry and alternatives and employee-owned devices (iPhone/iPads and Android-based devices).
"Before allowing this, we had to do some thinking about how to allow usage of personal devices in a secure, auditable way," Shomphe says.
Since mobile devices pose their own set of risks mainly due to the ease which they can be transported and lost, adding mobile devices that store and transmit data to Arrowhead's ITAM program meant creating policies and procedures. "It can be especially tricky when dealing with personal devices storing corporate data (such as e-mail)," he says. "We had to make sure we had checks and balances in place that protect both the device owner and our corporate infrastructure and data."
Josefowicz agrees that regardless of the mobile device, VPN access, remote security, remote tracking and remote wiping capabilities are a given. "Those capabilities are available, but the direction a lot of insurers would like to go is to a totally virtual environment that is independent of hardware. If there could just be one secure window and you did all your professional work on that window, you would not need to control people's usage of their devices."
Shomphe says a focus on virtual computing is already a reality at Arrowhead as the same folks asking for additional device usage are now pushing the shared services department to invest in mobile application delivery and website optimization. "The whole process has been a great way to work with our user community as a partner rather than being seen as a roadblock," he adds.
Strategic Concerns
Josefowicz admits that insurance IT departments have a way to go before being able to offer a totally virtual environment; in the meantime, the reasons to apply mobile technologies to ITAM programs are increasing.
In their recent report, Gartner analysts Rob Schafer, William Snyder and Alexa Bona maintain that IT asset management (ITAM) is rapidly evolving from a basic asset inventory monitoring and reporting role to a core financial discipline. "ITAM is increasingly looked to not just for the 'what' of IT costs, but the 'why' and how IT value can be continuously improved," they write. "As ITAM matures, its ability to deliver accurate and timely financial management data and insight will become its core value proposition and increasingly strategic to executive management."
This will be required across functional units such as claims, help desk and even HR systems. This makes sense to Pearson, who says that as the number of mobile devices has grown, his company has become acutely aware of their costs, which are typically allocated back to IT as part of telecommunications. "We are looking at the cost vs. benefits of mobile device use, especially as it applies to their value to the business," he says.
Besides cost/benefit, there are other issues to consider when adding mobile devices to the overall strategy as it applies to IT governance and management, Pearson notes. "How can they be secure? Will we support agents with them? Given the fact that we don't yet have applications for them, where will they come from? Do we have the internal skill set to build them? That has to be part of a forward-looking strategy. Today we are not big enough to have a lab or testing program, but we do have a deployment strategy and security may very well be the #1 issue around whether a program like this flies."
For those insurers that do make applications available for employees, agents or consumers, the call has never been greater for more information and functionality on mobile devices than previously offered online. But the mobile apps that facilitate this information and functionality carry with them inherent risks-risks that are difficult to track via the insurers' ITAM program.
"While insurance providers recognize that mobile apps offer tremendous opportunity to increase market share and customer value, the new medium also brings with it the potential for operational and regulatory risk," says Sebastian Holst, CMO at PreEmptive Solutions, a company that provides software to secure intellectual property and applications, and measure the impact of application investments.
Holst says that mobile applications may offer unique ways to reach the intended audience, improve customer service and reduce operational expense and fraud, but without proper strategy, scope and governance, the costs far outweigh the benefits.
Some carriers are investigating application analytics, which provide monitoring across mobile and back-office components, secure the transmission and management of runtime data, integrate into existing development processes and tools, and offer an extensible framework to fine-tune emerging business models and workflows, says Holtz.
"Without effective application management, deep integration into back-office systems and an exceptional user experience, these very same apps could just as easily alienate users and expose your system to data vulnerabilities."
Of course, this doesn't preclude the human factor of lost or misplaced mobile devices, yet another risk. And whether insurers will be able to effectively apply ITAM as the risk management tool of choice for mobile devices remains to be seen.
Josefowicz says one avenue insurers might take is to focus on delivering a secure window on any device, regardless of platform. "This means users are not downloading material on their own but instead are connected to a window in the glass house. This assumes ubiquitous bandwidth which may not always be there, but my prediction is that there will be some way to make [mobile devices and their applications] part of that glass house. In these early days, however, insurers' policies are not all figured out."
