Industry: Financial services and insurance
"MobileIron works very well with our internal certification entities and the process is completely automated. The certificates are automatically downloaded and linked to the company’s security guidelines."Jochen Brünger , Head of IT production, Continentale Insurance Federation
In an age of online platforms, the Continentale Insurance Federation still relies on the experience of its sales team. But if they are to operate effectively, the 1,000 external and 400 internal staff must use mobile technology. The MobileIron platform and AppConnect ecosystem provides them with secure access to emails, contact data and contract documents while they're on the move.
The digital economy has transformed the insurance business. Many companies are increasingly reliant on websites, while others are building on the experience of seasoned sales teams; each insurer has to choose its own strategy. Continentale Versicherungsverbund auf Gegenseitigkeit (Continentale Insurance Group Mutual), a mutual insurance federation still relies heavily on its exclusive team of over 1,000 independent sales agents. Digital technology has provided new ways of making the best use of their years and decades of experience. Most importantly, the IT department has provided them with smartphones and tablets, giving secure access to corporate resources. Even the in-house sales support team has gone mobile over the past couple of years. Today, over a thousand internal and external smartphones and tablets are connected to Continentale's Exchange server and databases, and centrally managed and secured using MobileIron’s enterprise mobility management (EMM) platform. One key factor when choosing MobileIron was its high-performance certificate management function.
"For the past few years, we've been carrying out user authentication using certificates stored on smartcards on our in-house computers," says Jochen Brünger, the federation's head of IT production. "We wanted to use the same authentication process on smartphones and tablets. MobileIron works very well with our internal certification entities, and the process is completely automated. The certificates are automatically downloaded and linked to the company's security guidelines."
Automatic certificate management
At the beginning of 2012, Continentale chose MobileIron’s multi-OS platform as the basis of its mobile IT strategy. Previously, it had been using a very limited management platform dating from the early days of mobile technology.
"Three or four years ago, our mobile IT strategy was still based on Palm PDAs, often synchronized with Citrix terminal servers," Brünger explains.
In the second half of 2011, Continentale began looking for a state-of-the-art mobility solution that would manage multiple mobile operating systems centrally and offered automatic certificate management. They used iPhones and iPads with the latest version of iOS as a standard, but independent external sales representatives were also allowed to use their own Android devices, though they had to use the Touchdown app to access Continentale's Exchange server. Touchdown is a mail client for Android smartphones, with security features such as remote wipe, PINs and encryption which are not available in earlier versions of Android.
Acronis Access and the AppConnect ecosystem used for document management
Continentale uses mobile applications for email, personal contacts, calendars, social networks, and secures access to contract documents. MobileIron was implemented by system integrator sector27, an IRON partner with a wealth of mobility expertise.
Harald Kiy, one of its two directors, recalls: "We'd been working with Vodafone for many years. We met Continentale at a trade fair, and ended up doing business with them."
The apps are managed by multiple MobileIron Sentry proxy servers based on MobileIron AppTunnel technology. This transmits encrypted business data securely between the corporate network and a container-protected business app on the mobile device, without having to set up a full VPN connection, which requires large amounts of battery storage and is often vulnerable to harmful code. Continentale uses AppTunnel technology for the Acronis document management solution. The Acronis Access business app (previously known as MobilEcho) is part of MobileIron's AppConnect container technology, and the federation also plans to use the IBM Connections (formerly Lotus Connections) social media system.
Brünger explains: "With Acronis Access on the AppConnect ecosystem, traveling staff can access documents on their mobile devices as quickly and securely as on our file servers using a notebook or desktop PC."
They can also edit, share and comment on documents. The access rights in the Active Directory make it easier to manage data and documents in accordance with security guidelines.
Mobile reaches critical mass
Certificates are essential to Continentale's mobile document management.
Sector27's Harald Kiy says: "We tested their certification requirements using a beta version of Acronis Access, and then with the series version. Jochen Brunger and the IT team were more than willing to experiment. We all learned a lot, and we actually enjoyed the whole process."
Brünger says Continentale now has most of the mobile devices it needs.
"We'll definitely be issuing more smartphones and tablets in the next 12 to 18 months. I estimate between 100 and 200, but we're now sufficiently mobile as a business." The federation will be keeping its EMM modules under review, he says. "For example, we're currently looking at the Secure Browser module, which is a good way of making our intranet even more secure."
AppConnect protects apps throughout their lifecycle
MobileIron AppConnect secures business data over the mobile application lifecycle, from installation to withdrawal. It protects proprietary and selected third-party apps from the Apple AppStore, Google Play, and other mobile marketplaces, allows mobile IT teams to protect corporate data against unauthorized access, and offers the following main functions:
Authentication: IT managers can ensure that only authorized users access application data and use certificates to verify their identity. Single sign-on (SSO) capabilities allow authenticated users to access multiple authorized applications by logging on once from their smartphone or tablet.
Configuration: Appropriate settings ensure that the system operates effectively.
Authorization: Users can be allowed to, or prevented from, using apps or storing data on mobile devices.
Access control: IT managers can block access to apps if this would endanger the security of the corporate network.
Analysis: Monitors the use of apps.
Deletion: Apps and data can be remotely deleted from smartphones and tablets.