For about the past six months, the diversified insurance and financial-services company has been giving offshore IT workers access to applications containing sensitive customer data, including Social Security numbers, through dumb terminals that reside in India but limit the user's ability to alter, record, or print the data. "The machines don't even have hard drives," Northwestern Mutual CIO Barbara Piehler says.
The terminals are linked via secure, high-speed telecom lines to Northwestern Mutual's servers in Milwaukee. The Indian workers, employees of subcontractor Infosys Technologies Ltd., use them to perform testing and maintenance on a number of the company's business applications.
Piehler, in a brief interview Monday following a lunch presentation she gave at Gartner's outsourcing conference in Los Angeles, says executives at the company came up with the plan after deciding they weren't getting the most out of their offshore contractors. Northwestern Mutual was previously sending to India only the IT applications that didn't include or require customer data. "But that limits what you can do offshore," Piehler says.
Beyond the secure lines and dumb terminals, Northwestern Mutual has insisted that Infosys add a number of security measures to protect customer data. A guard is posted on the floor of the Infosys facility where Northwestern Mutual's work is performed, and employees aren't allowed to take any documents or media off the floor after their shift is completed. "Nobody cares about protecting our customers more than I do," Piehler says.
Northwestern Mutual doesn't inform its 3 million policyholders that their personal data is in some cases being viewed by offshore workers. "It's just the way we do business now," Piehler says. She adds that the company, which employs about 1,000 technology workers, hasn't cut any domestic IT staff since offshoring IT work to India. Piehler says Northwestern Mutual is considering sending some back-office functions offshore as well.