The clash between convenience and security has been in motion as the world has shifted to mobile devices, but this is only the beginning. While highly-connected companies have been managing these challenges for years, the speed, scale, and scope of the ongoing business transformation are enormous.
Nothing highlights this clash better than testimony given this month by the Director of National Intelligence, James Clapper in his strongly-worded Worldwide Threat Assessment of the U.S. Intelligence Community to the U.S. Congress. While those outside the intelligence community seldom hang on every word uttered by nation’s top intelligence official testifying about the grave threats facing the United States, Director Clapper’s most recent remarks should be a wake-up call to corporate America.
Of particular interest to the banking and financial services industry, the director offered advance warning of future threats, specifically the explosion of mobile “smart objects” that will share information directly with Internet-enabled services. This dynamic creates a so-called “Internet of Things” and changes the way individuals and businesses operate at every level.
DNI Clapper also issued stark warning that our increased dependency on mobile devices for every aspect of our lives presents a major risk. His powerful quote is perfectly clear, “security and safety assurance are not guaranteed and threat actors can easily cause security and/or safety problems in these systems.”
Nobody will be able to say we were never warned.
[The mobile employee -- as well as the mobile customer -- are here to stay. Is your bank prepared? Learn how to set up and maintain a mobile infrastructure that can support today's needs and tomorrow's expected mobile demands. Attend the From BYOD to 802.11ac: How to Build A Next-Generation Mobile Infrastructure session at Interop 2014 in Las Vegas, March 31-April 4.
You can also REGISTER FOR INTEROP HERE.]
To succeed, companies—banks, financial services providers, insurance companies, and retailers to name a few industries—must constantly adapt to a customer base highly dependent on mobile devices to manage their money, conduct transactions, access information, and communicate. The millions of devices in the hands of consumers epitomize convenience, closing the gaps between company and customer, and ultimately drive increased revenue. But unless they are secured, mobile devices offer many opportunities for bad actors. So, how can companies balance authentication requirements that ensure a great user experience, yet remain secure at the same time?
To start, banks and other businesses must restore consumer confidence and trust, lost in the wake of high-profile breaches. Assuring customers that your company provides a secure platform is now a business imperative and competitive advantage. This begins with highlighting aggressive measures companies—and their supply chain partners—are taking to provide a secure user experience, reaching consumers directly and via marketing, the press, social media and advertising.
Such claims, however, must be true. More than that, how companies substantiate their promises must defy common perceptions that mobile devices are not secure.
Here’s the good news: mobile devices can be the most secure channel for conducting business with consumers.
The key to mobile security success is a multi-layered approach that enables companies to verify who their customers are and what they are authorized to do. This is best done by identifying the following: the customers’ hardware devices; the authorized mobile network service; multi-factor biometrically-verifiable identity of the customer using the device; the location of the customer and device by GPS; and cross-checking the customers’ requests against what the customer is authorized to do.
This all can sound overwhelming to an organization, but in reality these decisions are being made in split seconds—or less. More critical than ever is the ability to not only verify a Transaction of Consequence, like a password reset, wire transfer or even payments from a mobile device, but also to confidently authenticate the user making the request.
Smart CIOs, CISOs and other C-suite executives realize that the transition to mobile devices will increase the need for security because individual users will create more layered options for securing networks that businesses can integrate into their platforms.
While this sounds like a tall order, companies in banking and finance are already adopting such approaches. Banks have a particular advantage over retail, for example, as their regulatory compliance obligations require them to know their customers in order to deter money laundering. Soon, all companies will need to know their customers because the rapidly evolving threat environment will require it. Those businesses that adapt soonest and proactively resolve the clash between mobile device convenience and security will come out ahead.
Todd Hawkins is director of Identity Management Business Initiatives at CSC.