Tag Archives: IP Address

Use of Cloud Apps Creates Data Leakage

A large U.S. cable television company recently sought to better understand how its employees were using cloud apps to stay productive. Management had an inkling that workers routinely used about a dozen or more cloud file sharing and collaboration apps.

Ed note_CipherCloud_Willy Leichter

An assessment by CipherCloud showed the employees actually were using 204 cloud services that posed a security risk: 78 cloud storage apps and 126 collaboration apps, many of which included file-sharing functions.

Emerging risk: A major concern for the cable company was that sensitive information about customers and employees could leak unnoticed beyond its network perimeter.

Free cloud file storage makes it convenient to share data quickly and widely. The company learned that sensitive files had been moved into folders accessible to people who should not have had access to the information.

Wider implications: Like many organizations, the cable company routinely stores customer transactions data as well as employee healthcare data covered by HIPAA privacy rules. The rising use of free Web apps by employees has created many more opportunities for data leakage and could lead to sanctions and fines – or, worse, an embarrassing, expensive data breach.

The cable company set up sanctioned accounts with a popular cloud storage service-Box-for employees to use. It also has begun examining other steps it can take to impose tighter controls around sensitive company records.

Excerpts are from ThirdCertainty’s interview with Willy Leichter of CipherCloud. (Answers edited for length and clarity.)

3C: Can you outline how the rising use of cloud apps in the workplace is creating security issues?

Leichter: A typical process is one person sends you something from a Dropbox account, and suddenly you become a Dropbox user. Or, often, departments will say, “OK, we’re going to use Dropbox or Hightail for this particular project,” and it kind of grows department by department. It grows virally.

The challenge is the very nature of the whole file-sharing world. It’s like Swiss cheese. It’s designed to be very easy to share and to open up public links and to let another person in.

That’s where this cable company approached us. They had about a dozen different things they knew about and wanted to standardize.

3C: You found a lot more than a dozen cloud apps in use.

Leichter: We found well over 1,000 cloud apps, what we call shadow IT apps, that they were using. We have about 20 different categories of such apps; it could be software development tools, or it could be social tools. In one category, file-sharing tools, we found more than 120 apps. This one category is probably the most actionable category because file sharing involves sending people documents.

3C: How did this discovery help the cable company?

Leichter: They were trying to do two things. They were trying to standardize on two or three different file-sharing services and use monitoring tools on them. And they also wanted to shut down the worst offenders, which you can do easily enough.

3C: In general, what kinds of malicious or worrisome activity are you seeing in shadow IT?

Leichter: It’s kind of a spectrum. Officially sanctioned apps are being scanned in real time, using tools we and others make. That’s kind of a new world. We can give you all kinds of detail about who’s using all these apps. Then there’s the other 90% of the apps in shadow IT.

Anomalies can be where someone is sending huge amounts of files to some strange apps. Or someone is downloading stuff they shouldn’t be at two in the morning. Or it could be multiple people using the same account from different IP addresses. Someone is logging in from San Jose and then an hour later they’re logging in from Beijing. You can spot a lot of these and take steps to shut them down.

3C: What else surprised the cable company?

Leichter: One of the things they learned is why people were doing this. For the most part, it was because the company wouldn’t pay for them to use an account. So they were account hopping from one freebie to the next. It was because people just did not want to pay for stuff.

So now the company is trying to steer people to use better practices through outreach and education. And it also is buying them accounts.

E-Signatures: an Easy Tech Win

While industry analysts and thought leaders speculate on the adoption and impact of telematics, driverless cars and the Internet of Things on insurance, it is worth revisiting how we are doing with more mainstream technologies. Electronic signatures and e-apps have been around for years, yet paper-based applications remain the norm. A survey of 113 insurance professionals conducted late in 2014 by e-SignLive and PC360 revealed only 33% of respondents are using e-signatures.

Because insurance is a regulated industry, “paper” work is inevitably at the heart of all we do. For that reason, any effort to digitize the business of insurance needs to start by eliminating paper and manual signatures. From there, digital records and the data they contain can flow seamlessly through distribution, policy administration, ratings, billing, claims and other core systems. Digital insurance is not a theoretical, utopian concept. It is not only possible – it is being done with great success.

E-signatures are a relatively quick and easy technology to add to your existing core systems and workflows. Yes, it is possible to get started overnight, but don’t let the minimal investment of time and money fool you – the impact of going digital is significant for everyone involved.

BENEFITS FOR CARRIERS

Full Visibility

Digital transactions have unique advantages over paper. When your business mails out a paper package for a customer to sign, you have no control once the documents leave your hands. Similarly, if your business takes place through the agent channel, you have little control over the process. Were the proper procedures followed at every stage of the process?

The blind spot that exists with paper is eliminated online. Insurance companies gain real-time visibility into what is taking place at the time of signing. Overnight, you can monitor the status of in-progress transactions, track drop-offs and transactions about to expire and analyze trends in customer behavior.

NIGO Rates Bottom Out

In the digital world, customers go online, get quotes, choose coverage and complete an application through the channels and devices of their choice. They enter application data electronically, and workflow rules are enforced to ensure an error-free application.

Overnight, this eliminates the average 60% Not-in-Good-Order (NIGO) rate that occurs with paper-based new business applications. It saves the industry hundreds of millions of dollars, in hours that no longer have to be spent fixing documents. This is significant, considering that an error-free digital process costs a third to a fourth of what a process with errors costs.

Easily Demonstrated Compliance

Once your new business applications become completely digital, compliance teams will be one of the biggest winners. By automating, they gain the ability to:

  • Capture digital audit trails, including an active audit trail that allows you to replay any transaction exactly as the customer experienced it;
  • Minimize exposure to risk because of misplaced or lost documentation;
  • Make the process of demonstrating compliance less resource- and time-intensive.

Online transactions with strong audit trails provide a record of every action taken by customers. You know when they signed, how they signed, how much time they spent reading each page, what IP address they transacted from. Plus, audit trail data can be extracted for analytics purposes and even greater insight into your business.

Once your company has gone digital, you no longer spend weeks preparing for audits and market conduct exams, identifying paper files or getting them out of storage. How would your VP of compliance react if you told her that you could quickly pull any signed record from a database of millions of documents, guarantee it is in good order and replay the entire transaction to prove that your company followed all regulatory rules?

Virtually All Legal Disputes Defused

When carriers think about going digital, many have concerns over legal risk. Fortunately, the legal framework has been in place since 2000. Case law has shown that if the process is clear to the signer, and signer intent is properly established, the courts will accept e-signatures and e-records as evidence.

A top auto insurer can attest to the fact that e-signatures decrease the risk of legal disputes compared with paper signing. This carrier has been capturing customers’ signatures electronically for the last 10 years and has only seen one case involving e-signed records go to court – despite more than one million customer inquiries.

Costs Cut

Keeping transactions digital helps your bottom line. Gartner Research reported on a large carrier’s digital process, noting, “E-signatures saved $10 per transaction, with the potential of annual recurring savings of millions of dollars. This includes costs for mailing, postage, paper handling and processing.” There were 275 million life insurance policies in force in the U.S. in 2013. Multiply that by $10, and the potential industry-wide savings climb into the billions.

Immediacy

Across all channels, closing the deal when the customer is ready and engaged is critical. By offering e-signature capability on its website, one global insurer is able to convert visitors immediately and avoid dropoff rates that occur when the process falls to paper.

This is as advantageous for new business and renewals as it is for claims. Clearly, the immediacy of submitting a signed claim from a smartphone on the spot is a differentiator. For the customer, that means faster resolution in moments of stress – ultimately improving satisfaction and increasing retention.

BENEFITS FOR CUSTOMERS

Customers want convenience and speed and a company that is easy to do business with. McKinsey recently confirmed that, “more than 80% of insurance customers began their shopping process using direct channels. Online is increasingly the initial channel of choice even among customers who value the agent relationship.”

Clearly, expediting the process of buying insurance is important across all channels. Someone who starts insurance shopping on Google Compare may very well still appreciate having an informed agent talk him through the policy options, but not if that means dropping back to an antiquated, paper-ridden, offline process.

Keeping the transaction digital just makes it so much easier to purchase, renew or modify a policy. Carriers repeatedly find that e-signatures help lower NIGO rates, increase customer loyalty and boost referrals. In fact, one insurer experienced a 14% higher retention rate with customers who e-signed their new business policy.

BENEFITS FOR AGENTS

Both captive and independent agents spend too much time on administrative work. Insurance Journal reported that, “Only about one-third of producers spend more than half their time selling […] Instead, they are spending more time than they think they should on administration and client service.”

Even when using a modern agency management system or e-app, productivity is lost when you have to print to paper for signatures. Those applications must then be photocopied, shipped, faxed, chased down, corrected, scanned and archived. All of this creates a huge time and productivity drain. The good news is, e-signatures save as much as 90% of the time and cost of administrative labor.

mod

GOING DIGITAL MAKES SENSE FOR INSURANCE

Clearly, the insurance industry is moving down the path to digital. However, the pace of change is accelerating, and carriers and producers that don’t offer a fully digital process online and on mobile devices will be left behind. Analyst firm Novarica sums it up best: “The time for insurance carriers to take concerted action with an e-signature strategy is, in Novarica’s view, now. The technology, legal framework and customer expectations have all reached a point where carriers need to proceed in order to compete.”