Do you carry protection?
More urgent than the functionality, however, is security. Mobile security across devices and applications looms over all these initiatives. In addition to monitoring and recording communications for compliance, mobile opens the door to unique malware and user errors. To give an idea of the challenge facing IT and compliance teams, the average financial service firm is exposed to more than 1,600 mobile applications, and with 50,000 new applications added each month to the Apple and Google stores, that figure continues to increase. As enterprises build out mobile capabilities, they cannot turn a blind eye to the fact that, historically, employees have not shown diligence in limiting their workflow to enterprise-approved software.
These user errors and vulnerabilities have prompted great competition among vendors to establish a lead and credibility in the mobile device management space. Not only are there so many options out there and tools attempting to give capability to end users without sacrificing security, but the industry is at a point where it’s willing to take more novel approaches to how it tracks user behavior, explains Jens Hinrichsen, senior VP of business development at NuData Security, a software development company.
Hinrichsen says CIOs and chief security officers are looking more deeply at the activities within the application layer, including what data is being processed and stored, and the security and encryption controls to ensure that data is used only by people for whom it is intended.
“From an enterprise standpoint, the tools are there, not just classic mobile device management like wrappers or containers and the ability to lock down a device remotely,” says Hinrichsen. “Today’s security tools have the ability to limit and detect use in real time within the application layer, including behavioral tools that recognize the user’s workflow patterns and pinch, zoom, and swipe soft biometrics.”
Today’s machine learning analytics can be applied to detect a range of risk, fraud, and unusual behaviors, no matter the online experience. But when sensors indicate suspicious behavior, there are endless ways a company can react. It becomes incumbent on the firm’s risk and compliance departments to decide what to do with that information, and how it falls into their policy.
“Mobile access has all the same risks and demands as the more traditional platforms,” adds Grant, “but what it lacks is a mature central control framework and the comfort of physical protection” that companies have on networks inside their own facilities.
The concept of the mobile enterprise is not a wild idea or pipe dream of technologists. It’s an inevitability, the strains of which are already taxing existing infrastructure. Between an increasingly mobile workforce and the rise of BYOD, corporations must act fast to stay competitive. Preparing for even the next two years will require more service to be available seamlessly through mobile devices.
“Employees expect to have the ability to effectively work from anywhere at any time,” says Grant. “Citi is very much on that journey now. This is a key component of the strategy and road map that we have been actively executing as a company for some time.”