Building Security Into Insurance Innovation

The new technology waves we see crashing on our shores – cloud, big data, Internet of Things, mobile – promise a lot of new capabilities and even new business models for the insurance industry. However, enterprises have barely even begun to apply new technology approaches to their core applications and data – and with good reason. Amidst all the great potential these new technology paradigms hold, there’s still a strain of concern about security and viability, across all industries.

Those are among the key points I raised in my opening keynote at the Collaborate 2016 event in Las Vegas, hosted by the three primary independent Oracle user groups - Quest International Users Group, Oracle Applications User Group (OAUG) and Independent Oracle Users Group (IOUG). (OAUG is the user group for Oracle E-Business Suite users, Quest consists of PeopleSoft and JD Edwards users, while IOUG members are Oracle Database managers.)

In the keynote, I covered the results of a survey I helped design and analyze across the three user groups, conducted as part of my work with Unisphere Research/Information Today, Inc. Cloud, big data, IoT and mobile may be all the rage, but adoption is surprisingly tepid when it comes to core applications and data. Twenty-four percent said they were using cloud for some of their enterprise application functions, while 22% report at least some of their enterprise data is in the cloud. Only six percent, however, indicate they are working with IoT data at the enterprise level.

About 18% of executives and professionals say their ERP, core applications or data environments are available through apps or interfaces on smartphones or tablets. For the most part, such access is rudimentary.

Security was a thread that ran through all these categories. For example, two-thirds of enterprise managers worry about the security of enterprise applications and data in the cloud, while 31% site security concerns that go with managing big data loads.

Overall, six in ten executives and professionals are not happy with the state of security within their enterprises. Another 16% simply do not know how well their enterprises are being protected, suggesting a disconnect between technology teams. IT and data managers worry about outside hackers the most (72%), but many are just as concerned about the security preparedness of their vendors. Fear of issues with vendor solutions which could open up breaches is the second-ranked concern, pointing to the need for hyper-vigilance in this area. Internal breaches also rank in the top three as a critical concern—again, highlighting the fact that the greatest threats don’t all come from malicious outsiders.

A majority of managers and executives are approaching the security problem with the establishment of well-defined security policies. Fifty-six percent indicate they are approaching the problem with security policies, while others are enforcing these policies through user authentication, separation of duties strong password policies, and role-based access control and permissions.

The takeaway from all this is that security needs to be part of all application and data activities up and down enterprises. The best security is a well-informed and vigilant workforce, and only training and communication can help deliver this.

For reprint and licensing requests for this article, click here.
Security risk Cloud computing Data security
MORE FROM DIGITAL INSURANCE