controlled remotely and tracked by
inventory and asset tracking,” Hersh
says.
O’Neill agrees that control is important. Out of Princeton Insurance’s 150
employees, about 20 have smartphones,
but O’Neill is researching ways to get
more smartphones to more employees.
“It is important that we weigh the want
and desire for information by employees
versus the security level,” she says. “You
want people to be on 24/7—not everyone agrees with that, I know—but you
want to enable people to respond if they
want to.” She says that issuing laptops
was the first step to 24/7 access, but ultimate mobility requires smartphones. “If
you’re going to go down that line, you
have to continue down that line.”
O’Neill’s plan for an employee who
wants 24/7 access is to give them two
choices—either accept a company-issued and approved phone or purchase
their own personal phone that is compatible with Princeton’s current server. If
the employee chooses to use his own
phone, “he has to bring that device into
me and it becomes my device,” she says.
“I’m going to load all of the policies, and
all of the security on it.” The employee is
required to use a password to get into
the device, and if the password is entered
incorrectly three times, O’Neill will
wipe out that device entirely.
O’Neill emphasizes that this is the
plan. While, currently, the only smartphones those 20 Princeton Insurance
employees use are company-issued, she
believes she will soon be working with
employees’ personal phones. “Anybody
on the corporate team who needs it, we
give it to them,” she says. “Most of them
have separate personal phones as well. So
they carry two phones, which they don’t
like to do.”
Employees using their personal
phone for business present many risks,
especially when it’s a smartphone not
supported by the IT staff, Hersh says.
“We’re seeing problems associated with
employees who want to use their
iPhone, Google Android or Windows
Mobile phones for business-related
activities—e-mailing, viewing customer data, etc. It seems like a great
productivity boost, but realistically,
what happens if they lose that device?
Also, Windows Mobile phones, in particular, have the ability to read and edit
Microsoft Office documents, and that’s
a particular problem.”
“I want employees to have a
phone they’re going to use.
However, if I’m going to give
them something, I’m going to
control it.”
– Darby O’Neill, Princeton Insurance
In terms of asset management, insurers are going to have to figure out what
they can support and how much control
they’re willing to exert over their
employees, Hersh says. “What many
companies outside the industry are starting to figure out is that they need to have
policies and procedures associated with
smartphone use, and be willing to work
with their employees on making sure
everyone is in compliance.”
SMARTPHONES GALORE
A July 2009 Forrester Research survey of
CIOs from a number of industries shows
that the iPhone is gaining popularity for
business use. According to the survey,
more than half of enterprises already
support more than one mobile device—
mostly BlackBerry and Windows Mobile
devices. And, nearly one out of four
enterprises support the iPhone.
After two years of avoiding the
iPhone, O’Neill is considering supporting it. “I said no to iPhones for two reasons: First, it was a device that didn’t
function well in the Microsoft environment that most of us have, and it presents itself as too much of a toy from a
corporate perspective,” she says. “Now, I
want employees to have a phone they’re
going to use. However, if I’m going to
give them something, I’m still going to
control it.”
SETTING A POLICY
Setting a smartphone policy should start
with the smartphone, right? Wrong,
says Aon’s Kalinich. “The smartphone
governance policy should not be developed in a vacuum,” he says. “It should
be developed in concurrence with overall enterprise IT governance because as
soon as you establish the foremost policy on governance for smartphones,
there’s going to be some new technology that already makes your policy outdated.”
Kalinich says insurers need to determine the types of information they consider confidential and who should have
access to that type of information. “It
could be that an entity determines that a
certain set of people with a specific skill
set should have information on underwriting or claims or settlement procedures,” he says. “And another set of people should only have information on
employees, our vendors and so forth.
You have to set your governance policy
more based on who needs to know
what information, and after you set that
policy, that’s when you implement that
overall macro-level policy with respect
to data and information into the different devices. It makes your governance
policy much more flexible. It makes the
policy much more adaptable.”
The whole issue of smartphones is
fluid, dynamic and changing on a regular basis, Kalinich says. He uses the
example of the 3G network, the newest
mobile environment. He predicts that in
two years 3G will be passe, and 4G
devices will be prevalent. “So your policy for the 3G network will be obsolete in
2010 or 2011, and you’ll be stuck creating another policy for 4G,” he says.
O’Neill worries the constant changes
will affect her company’s helpdesk operations. “My helpdesk, which is a pretty
limited staff, is going to have to be tech
savvy on a number of smartphones and
operating systems because you’re constantly going to have issues,” she says.
“We’re trying to figure out if we can
standardize on something or pick three
or four for employees to choose from.
It’s a management nightmare.” INN
For more about mobility’s
role in the organization,
search, “Strategy
Influences Insurance Buyers” at
www.insurancenetworking.com.
