• Home
• Web Seminars
• Events
• White Papers and Research
• eNewsletters
• Marketplace
• Virtual Water Cooler
• RSS/XML

• User Name:
• Password:

• Forgot your Password?

Related Items

• Marketplace

• Find Agent Network products & services

• News

  Big "I" Installs New Leadership Team

  Big I Study: Agents Holding Firm

  Big Names Pondering Purchase of AIG's Life Businesses

  Industry Considers Implications of AIG Saga

  INN Releases 2008 Innovators Awards Program Results

• Virtual Water Cooler

  Applied Systems Recognizes Liberty Mutual Agency Markets' Interface

  Applied Systems Announces New Agency Management System

  Sircon, Compliance 360 to Deliver Regulatory Intelligence Tool

  NARAB Passes House

  Australian Insurer Rolls Out "Trust-based" Pay-as-You-Drive Program

FREE Insurancenetworking.com Site Registration!
	Sign up today and access the leading source of Insurance I.T. information on the Web. Your FREE site registration entitles you to FREE Insurance Networking eNewsletters Search more than 7 years worth of archived data White Papers and Industry Research that provide valuable insights on a variety of technologies and implementation issues Access our Web Seminar series

Keep Networks Secure In the Age of Mobility

Joe McKendrick April 2007

Not so long ago, discussions of IT security tended to focus on the need to install firewalls; to tunnel via private networks; to employ encryption keys and digital certificates; to surround servers with multiple layers of access; and to install firewalls, sandboxes and "demilitarized zones" to snag hackers.

Those tools and methods remain critical, but many in the IT community are recognizing the importance of addressing physical as well as digital vulnerabilities.

What's more, IT people say, security requires scrutinizing the physical realities of every employee and end user, regardless of geographic location and no matter what device they use on the network.

Today's enterprises are no longer centralized data centers of servers with employees connected onsite via local area networks or terminals. In fact, the distinction between internal and external users has nearly disappeared. As a result, many IT assets are beyond the immediate reach of IT managers.

"Our workforce is very mobile," says Mark Odiorne, chief information systems officer for Scottish Re Group Ltd. (Bermuda), reflecting a trend among carriers. "I have far more laptops in my organization than I do desktops."

A network may have every technical security bell and whistle, but that may not help much when someone leaves a laptop or a Blackberry on the seat of a cab. To make matters worse, employees at 80% of America's financial institutions use smart phones and Blackberry devices in a mix of professional and personal capacities, says TowerGroup, a Needham, Mass., research firm.

A recent report from Stamford, Conn.-based research firm Gartner Inc., says 29% of the computers corporations purchased in 2005 were laptops, but the percentage is expected to increase to 44% by 2010.

The challenge is not limited to laptops or Blackberries. All sorts of devices, if lost, could result in a security risk, warns Jim Walker, president and CEO of DataPreserve, Scottsdale, Ariz. "A serious and often overlooked data security issue common to both corporate and small business end-users alike, concerns risks posed by unencrypted, portable data storage devices," says Walker.

AT THE FRINGES

While larger organizations typically have procedures for data backup and protection, "the data at the fringes of organizations or at small businesses is often protected by less-than-secure backup methods," says Walker. "These usually include unencrypted tapes, DVDs, CDs or handy flash drives. Data backed up these ways creates additional security risks, since these backups need to be secured from theft."

Karen Pauli, senior analyst in the insurance practice at TowerGroup, says that vulnerability should concern carriers, especially if they make sensitive information available to mobile devices. Determining the fine points of access can call for an internal policy review, she suggests.

"There's a fundamental question to be asked," Pauli says. "Just because you can send data out in a mobile application-should you? It comes down to looking at your remote workers and your mobile workers, and asking what they really need to have to do their jobs. Do we have to send an entire customer database to them?"

THE MOBILITY RISK

The devices are not under IT's control-or any other department's control, for that matter-and need to be treated as such, says Odiorne.

"We know that those mobile devices, such as laptops, that aren't always within our perimeter are potentially more at risk for things like theft," Odiorne says. "We do full-disk encryption on our laptops. We do backups of the data, via an online service, again encrypted, and we make sure that our VPN connectivity to and from those devices is topnotch and secure. We also spend a lot of time making sure that those machines are up to date as far as antivirus, anti-malware, anti-spyware."

REMOTE COMMAND

Many Scottish Re employees also have company Blackberries, and Scottish Re has the ability to send an electronic command that can decommission them, Odiorne says.

"If we lose track of one, we can go ahead and kill it," says Odiorne. "And we make sure that all the Blackberries and the laptops-everything that travels-has as high a level of security as we possibly can."

For more information on related topics, visit the following channels:

Agent Network

Claims

Customer Service

Enterprise Technologies

Risk Management

Underwriting

Spotlights

• About Us
• Advertising Media Kit
• Reprints
• Editorial Calendar
• Contact Us
• Customer Service
• Privacy Statement

©2008 Insurance Networking News and SourceMedia, Inc. All rights reserved.
SourceMedia is an Investcorp company.
Use, duplication, or sale of this service, or data contained herein, is strictly prohibited.