Insurance & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


01:38 PM
Nathan Golia
Nathan Golia
Connect Directly

John Hancock CIO: Education the Key to Better Data Security Habits

Working in Massachusetts, an environment with stringent data security and privacy regulations, has taught John Hancock CIO Allan Hackney the value of education in preserving the integrity of corporate data. He spoke with I&T about how the company works with employees to stay secure as the iPad rises quickly within the enterprise.

RELATED: Ernst & Young on why tablets pose security risksHow much do we care about data security?John Hancock on using the iPad for distributionThe insurer's new app

I've been thinking about data security a lot this week after attending a provocative presentation at Ernst & Young on Monday. Most interesting, to me, is this dilemma: As mobile device proliferation, social networking and cloud all gain popularity, the opportunities for leaks increase — yet, it seems like we really don’t care all that much. Many end users know the best practices around securing data, but don't make adhering to them a priority. But with the iPad driving tablet adoption at home and on the job, this dilemma is going to become a reality for CIOs and CISOs across industries — so much so that E&Y's Chip Tsantes advises, "You should just assume any device a user has is compromised."

[Check out our gallery of top insurance iPad apps and advice from experts on what makes a great one.]

That isn't good enough for John Hancock and CIO Allan Hackney. The insurer has made it a priority to embrace the iPad for business and customer-facing applications — however, because of its location (Massachusetts), it must be sure that those applications are as secure as possible. I interviewed Hackney today about the company's approach to tablet application development, and because I had written so much about security this week, I asked him about that as well. Following are some excerpts from that Q&A (which will be posted in its entirety within a week) relating to this week's hot topic.

Insurance & Technology: How do you address the security concerns of your many tablet initiatives in the works?

Allan Hackney: We will only allow people to use approved devices, and the ones that they approve have to adhere to a set of security standards that are well thought-out. Massachusetts has implemented the most stringent data privacy and security laws in the country, and we won't consider any Android device because, at present, it doesn't have the level of security that would comply with the state's requirements.

I&T: But it's not all about just what's built in, right? Is it that much more important to make users aware of good security habits now with so many of these devices floating around?

AH: We spend a lot of time training people and making them aware of the risk and issues. At the end of the day people will do the right thing if they're aware of what that is. One of the things that we're observing is that when we get people around the table to talk about security awareness, people are starting to connect the dots in their head. They think, "If my security guy is talking about phishing on my company iPad, gee, maybe I have that same problem on my personal iPhone," or "If I'm using my iPad with personal and company e-mail, my personal account is just as exposed as the company's if [the device is] lost or compromised."

I&T: Why are tablets worth all the trouble? What's the value added?

AH: There's this whole consumerization of tech that's going on. I'm seeing a huge uptake of tablets, particularly the iPad, that's displacing expensive laptops and desktop services. Users are comfortable with it, and now we're on the cusp of beginning to pull laptops out of the environment. People are just more productive. Even me: My personal e-mail and my work e-mail co-exist on this one device, with the ability to bring work applications together with apps that suit my lifestyle.

Nathan Golia is senior editor of Insurance & Technology. He joined the publication in 2010 as associate editor and covers all aspects of the nexus between insurance and information technology, including mobility, distribution, core systems, customer interaction, and risk ... View Full Bio

Register for Insurance & Technology Newsletters