Channels

09:32 AM
Chandra Sekar, Citrix
Chandra Sekar, Citrix
Commentary
50%
50%

Top 5 BYOD Pitfalls Your Bank Should Avoid

Banks must make sure their bring-your-own-device mobile policies provide benefits such as productivity and employee satisfaction, not new headaches around technology, security and compliance

Bring-your-own-device (BYOD) offers powerful benefits for banks, from enabling better customer service at a lower cost to improving employee productivity and satisfaction. Just as ATMs transformed retail banking a generation ago, mobile devices make it possible to provide service in more places and reduce reliance on traditional teller windows and service desks. By allowing employees to choose their preferred work devices -- PC, Mac, mobile -- you can better attract the tech-savvy young professionals your organization needs to succeed.

[3 Tips For Implementing Banking BYOD Initiatives]

As you move to implement BYOD in your bank, though, it's important to think through your approach carefully. A Ponemon Institute study found that regulated data is most at risk when it sits on a mobile device, according to 69% of respondents, which included U.S. IT and data security practitioners. Make sure you avoid the common pitfalls so BYOD can fully deliver on its promise for your bank -- not create a new set of headaches around technology, security, and compliance.

Pitfall 1: Taking a one-size-fits-all approach to BYOD

People often assume that BYOD means allowing employees to bring their own personal devices to work, and perhaps receive a stipend to offset their cost -- but this is not always the right approach. In fact, Citrix recommends considering a different model for BYOD in the banking industry: buying the device for the employee instead of providing a stipend. This fulfills the two essential aspects of BYOD -- increasing mobility and allowing user choice -- but makes it possible to maintain a level of control and management that employees might resent on a personally owned device.

Whether or not you choose to buy BYOD devices for your employees, there will still be some workers who bring their own personal devices into your environment: contractors and temps. While corporate devices can be managed at the device level, application-level management may be more appropriate for personal devices to allay concerns about privacy. You'll also need a way to ensure that enterprise data is never accessed or sent from personal accounts. To meet these needs, make sure the solutions that support your BYOD strategy offer the flexibility to selectively apply mobile device management (MDM), mobile application management (MAM), and secure mobile email as needed.

[To hear about Mobile Devices -- Technologies and Trends, attend the session at Interop on October 2.]

Pitfall 2: Addressing short-term needs through point solutions

As any technology executive knows, requirements change quickly. Often, enterprises launch their BYOD initiative with a device management mindset, and plan their technology approach accordingly -- only to discover that they need to provide enterprise-ready apps, data collaboration capabilities and access to legacy apps from mobile. Email management and secure browsing of intranet content are often overlooked as well, but represent equally important parts of a complete strategy for mobility and BYOD. Before long, the mobile environment becomes a hodgepodge of non-integrated technologies with all the management pain that implies. Many enterprises also realize much later that they have not addressed scalability and data throughput needs for mobile users. Before you take that first step, think about what it truly means to mobilize your business, and then form a technology strategy to address the full range of needs through an integrated platform.

Pitfall 3: Not considering the full range of platforms/devices/apps employees will use

Even if most of your employees will be on the same couple of platforms, we've all seen how fast market share and consumer tastes can shift. To future-proof your BYOD initiative, you need to be able to empower people on any type of device -- Windows, iOS, and Android on mobile; Windows and MacOS on laptops.

Think about how you'll deliver the full range of apps people rely on. For laptops, desktop virtualization provides a solution for diverse Windows and Mac platforms. For mobile devices, consider a staged approach beginning with the mobilization of core business apps like email, calendaring, and document access so people see immediate value. Follow this with vertical third-party apps like CRM or point-of-sale systems. Third, create mobile apps -- but make sure you also have a simple, scalable way to make Windows apps available on tablets without having to develop mobile versions one-by-one.

Pitfall 4: Leaving out a rich data collaboration platform

Employees often need to share sensitive data both inside and outside the organization, from non-public financial data to confidential M&A information. Unless you provide a convenient way for them to do so, they're all too likely to resort to a consumer service like Dropbox or Box -- creating a compliance nightmare. To prevent data leakage and other risks, you need a secure, managed, and fully auditable data collaboration platform -- one that provides a simple, consumer-like experience to ensure full adoption. This functionality should be accessible on PCs and Macs as easily as on mobile devices with full integration to the email clients to support the full spectrum of collaboration scenarios.

Pitfall 5: Having an incomplete BYOD policy (or none at all)

In a highly regulated industry like banking, a complete, well thought-our policy is essential for implementing BYOD without increasing risk. Your policy should encompass considerations such as eligibility, allowed devices, service availability, cost sharing, acceptable use, device support and maintenance, and -- most importantly -- security.

As the role of BYOD and mobility in banking grows, new ways of serving customers and empowering employees will transform our organizations. By avoiding these pitfalls, you can keep your institution at the leading edge of our industry.

Chandra Sekar is Director of Product Marketing for Citrix XenMobile.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Nathan Golia
50%
50%
Nathan Golia,
User Rank: Author
9/30/2013 | 11:31:03 PM
re: Top 5 BYOD Pitfalls Your Bank Should Avoid
Interesting stuff. I do wonder about #3, though. When it comes to financial institutions, sometimes it's not so much "bring your own device" as it is "you can use the device you prefer from the selection of the most popular handsets and OSes." I don't think this is a bad approach Gă÷ I think in a highly regulated industry where security is paramount, it's important to ensure that IT understands the environment through which data is being moved.
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
10/1/2013 | 12:40:30 AM
re: Top 5 BYOD Pitfalls Your Bank Should Avoid
It seems that BYOD and mobile security is no longer about the device. Instead, mobile security is about securing the data on the device. Some FIs no longer care what device you use. Instead, the company encrypts and secures a portion of the device that holds corporate data. In the event of a compromised device, the company can wipe the "company" data on the device, while the rest of the device remains untouched.
Byurcan
50%
50%
Byurcan,
User Rank: Author
10/1/2013 | 12:51:33 PM
re: Top 5 BYOD Pitfalls Your Bank Should Avoid
I would have assumed any company with a BYOD policy was already buying the devices for employees, rather than giving them a stipend to purchase what they want, but if many are still doing the latter, it seems very unsecure. The company buying the device would allow IT to install the necessary security controls before issuing to the employee.
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
10/1/2013 | 2:04:38 PM
re: Top 5 BYOD Pitfalls Your Bank Should Avoid
Many BYOD policies are actually just that: Bring (or Buy) Your Own Device. The employee goes out and gets the device that they want to use. The company then secures the corporate data on the device.
AdamG293
50%
50%
AdamG293,
User Rank: Apprentice
10/1/2013 | 6:37:36 PM
re: Top 5 BYOD Pitfalls Your Bank Should Avoid
BYOD will continue growing as mobile devices continue to play a greater role in our lives. That's why most major IT players are offering solutions to address such BYOD challenges as security and device management.

Does BYOD come with headaches? Of course it does. However, security issues and IT management headaches (how do I support all those devices?) can be addressed by using new HTML5 technologies that enable users to connect to applications and systems without requiring IT staff to install anything on user devices. For example, Ericom AccessNow is an HTML5 RDP client that enables remote users to securely connect from iPads, iPhones and Android devices to any RDP host, including Terminal Server and VDI virtual desktops, and run their applications and desktops in a browser. This enhances security by keeping applications and data separate from personal devices.

Since AccessNow doesn't require any software installation on the end user device G㢠just an HTML5 browser, network connection, URL address and login details - IT staff end up with less support hassles. The volunteer or temporary employee that brings in their own device merely opens their HTML5-compatible browser and connects to the URL given them by the IT admin.

Visit http://www.ericom.com/BYOD_Wor... for more info.

Please note that I work for Ericom
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
10/3/2013 | 12:26:24 PM
re: Top 5 BYOD Pitfalls Your Bank Should Avoid
Thanks for the note. There are a variety of ways to secure BYO devices. Sometimes, a firm insists on the ability to lock down the entire device, but this doesn't seem to be the preferred way anymore. Sometimes, a firm can secure the data on the device (in a wrapper, or box). Or, as you mentioned, a firm can secure the connection to the corporate systems that house the data.
hudson.josh
50%
50%
hudson.josh,
User Rank: Apprentice
10/10/2013 | 3:07:29 AM
re: Top 5 BYOD Pitfalls Your Bank Should Avoid
In healthcare (just like in banking with SOX), not having a good BYOD policy can result in large HIPAA fines, so a good BYOD policy is very important but it is really the education of staff about the policy that will make it a success or failure. An good example is that our hospital put a BYOD policy in place to use Tigertext for HIPAA and SOX complient text messaging, but the doctors still used their unsecure regular SMS text messaging. Even though we had a good BYOD policy, it wasn't enough, we had to bring each doctor in to admin for training and explaining the HIPAA issues and how to use the app correctly. Now we have most of the doctors in compliance which has significently lowered the HIPAA risks and increased productivity for the doctors and the hospital. Here is an example of a BYOD policy similar to ours: http://www.hipaatext.com/wp-co...
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
10/10/2013 | 9:46:58 AM
re: Top 5 BYOD Pitfalls Your Bank Should Avoid
Great example. When it comes to security and compliance, technology can't meet the demands alone. Companies need training and education of employees to enforce the rules. CISOs are also facing this challenge. Many thought that a good firewall or other security technology was enough. But all employees need to be aware of threats and, in this case, potential HIPAA violations.
KBurger
50%
50%
KBurger,
User Rank: Author
10/10/2013 | 11:50:34 AM
re: Top 5 BYOD Pitfalls Your Bank Should Avoid
Healthcare is a great test "case"/area for many of these emerging technology areas. My understanding from covering insurance is that providers (doctors, mainly) are ironically resistant to change and don't like to have new systems imposed on them, even if there are proven benefits. So any successes in educating providers about benefits, policy, process, etc., should provide some real best practices to other industries. Thanks for your insights.
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology Oct. 14, 2014
Bank Systems & Technology's new Must Reads is a compendium of our best recent coverage of customer analytics. Learn what big data means for banks, meet Wells Fargo CDO Charles Thomas, find out how to connect with your Gen Y customers, and more.
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.