Confronting Security Concerns
While BYOD offers major benefits, security remains a top concern for financial IT executives. Thankfully, Accenture's Curtis notes, manufacturers are helping by increasingly equipping consumer devices with enterprise-level security features that meet many CIOs' requirements. Those requirements generally include passwords for access, the ability to remotely wipe out data if the device is lost or stolen, and the ability to store encrypted data, he says.
Needham Bank implemented Mountain View, Calif.-based MobileIron's mobile device management solution to more easily update and maintain the security of the 56 devices issued by the bank, according to Needham's Gordon. For employee-owned devices, he says, the bank enforces policies mandating that the firmware be kept up to date.
CIOs need to constantly evaluate their security solutions, especially for mobile devices, Gordon adds. "What people did for fraud and risk prevention five years ago certainly doesn't work today," he says. "If you have the ability to take advantage of certain security features within an operating system, then you should. You need to take a look at the new features as they're made available and do risk assessments on them."
At Bank of America, employees who use their own technology for work purposes must install a firewall on the devices that separates access to personal and company information, BofA's Bessant reports. She says the bank has been supporting remote working environments for some of its employees "for years," so the company has the know-how from a tech perspective to secure remote devices.
But, Bessant acknowledges, there's more to securing smartphones and tablets than securing laptops or desktop computers. "Mobile devices are more difficult to secure; there's a difference between a dispersed working environment and a mobile working environment," she says. "Essentially, it's the storage that creates the bulk of the risk in a mobile environment. Fraud is always a potential problem. I believe we will evolve toward the ability of devices to use data but not store it."
Implementing a cloud-based architecture can mitigate the risk of storing sensitive data on mobile devices, according to Accenture's Curtis. "In the past couple of years mechanisms have been evolving so that data can be stored in an off-site, fully encrypted cloud environment, and you can obtain it with a password," he says. In terms of security, Curtis notes, cloud providers' systems are "probably more secure than most large-scale financial institutions." He adds that storing data in the cloud also saves an employee's personal data if the device needs to be wiped remotely.
At the end of the day, Curtis says, there's a lot of individual responsibility left in the equation for employees who use any device that has access to secure data inside a company. "Explaining what those responsibilities are and why they're there is crucial, especially with the kinds of threats that are out there these days," he asserts. "Laying that out in a sensible, common-language way is a challenge to companies, although they're waking up and starting to do a better job at that and selling the policies to employees rather than just making them sign a paper."
Many in the financial industry finally are beginning to agree that the benefits of allowing employees to use consumer devices such as tablets and smartphones -- whether they're owned by the company or the employee -- outweigh the added security considerations. "There's work to do to enable access to new devices," says Curtis. "But there's a big payoff in risk control and information quality and convenience for employees."
The Advent of 'Appification'
Needham Bank has seen increased productivity all the way from support staff to top executives since issuing iPhones and iPads to some employees and allowing others to use their own devices, reports the bank's Gordon. The "appified" approach that these devices facilitate, he says, has changed the ways people work. "This approach relates back to specific job functions as opposed to the Microsoft Word days, when people said you had to have Word," he explains. "When people talk about mobile apps, they're usually related to a specific function."
According to America First's Shaffer, "If we sat everybody around the table, they'd show us they have their own little apps that help them with their jobs — there's no question about that. Employees don't necessarily just use corporate apps for work; they go out and download their own apps, just like they would at home."
Corporate apps aimed at enterprise productivity, however, also are making differences at America First. Shaffer points to San Diego-based MeLLmo's Roambi, an iPhone and iPad app that compiles data and transforms it into interactive visualizations. Board members and credit union executives, he says, now access data such as financial and risk reports using the app. Previously, the IT department had to run reports that were then delivered through piles of printed paper or PDFs. Now, information funnels from a Microsoft (Redmond, Wash.) SharePoint portal to the Roambi app. Employees only need to tap the Roambi icon and in seconds they're seeing important data represented in interactive charts, Shaffer says.
"That convenience of getting to the data has changed a lot of the conversations and meetings in our organization. Before, someone would bring a chart, someone else would bring another one, and we'd argue about which chart was right, and we didn't make a decision," Shaffer continues. "Now all of this data is coming through one source, and everybody has the same information at their fingertips. If you want a metric, it's in Roambi — you don't have to go any other place to find it. Our deliberations, decision making and pricing discussions are much more efficient."
Moving forward, Accenture's Curtis predicts, innovations spurred by consumerization and BYOD will become more commonplace in bank IT organizations. "If you push the clock forward a few years, you're going to see a whole different class of devices in the hands of employees of major banks — there's going to be a lot more mobility in different forms, very powerful apps and a lot of transactional capability," he says. "Sure, the infrastructure and security requirements will have to be solved; but they will be solved, because this is what consumers want."
Bryan Yurcan contributed additional reporting for this article.
[Banks must focus on improving BYOD skills, says Carlisle & Gallagher's Tom Mataconis.]