Challenge: If enterprises do not want employees to use unapproved applications that expose their firm to security risks, they must respond to employee demand for enterprise versions of consumer applications. The timing could not be more important for IT to embrace mobile, understand their enterprises' application exposure, and put policy and controls in place.
Wall Street & Technology's Capital Markets Outlook 2015
Here are 10 topics that will be a focus for financial institutions in 2015 and beyond:
- Technology Innovation Returns to Financial Services
- Global Banks Need to Demonstrate RDA Progress in 2015
- Where Should You Spend Your IT Budget in 2015?
- Financial Firms to Struggle With Growing Social Infrastructure in 2015
- As Market Matures, Fintech Startup Winners Will Emerge in 2015
- Universities Increasing Programs for Data Scientists
- Next Year, Aim for Communication & Clarity of Cloud Apps
- E-Trading Disruptors Seek Untapped Liquidity in Corporate Bonds
- Swap Markets Debate Anonymous Trading in SEFs
- The Clock For Market Structure Change Is Ticking
- Increasing Cyberthreats Pose Massive Challenge for Financial Firms
Why It's Important: In November, Skyhigh Networks, a cloud visibility and enablement company, released a report showing the number of apps is rising much too fast for IT to manage. When asked, CIOs guessed that their firms were exposed to 30-42 applications -- a far and laughable cry from the actual. For financial services, the average exposure is now at 844 applications, with some firms over the 1,500 mark.
Where the Industry Is Now: Whether or not financial firms acknowledge extent of the the mobile boom, it is well under way. Studies show the popularity of mobile apps exploded much faster than IT expected and too often well beyond their knowledge and ability to control.
The exposure is hardly malicious. Often employees are simply using non-approved tools to be more productive. For example, when popular applications like EverNote or DropBox are blocked by IT with a firewall or proxy for failing to meet internal security standards, employees are left searching for unblocked alternatives, which probably pose a greater risk to the enterprise than the original apps.
Disturbingly, another Skyhigh survey found that, without alternatives to offer their employees, 49% of IT leaders felt pressured to approve applications that do not meet company requirements. And 72% of IT professionals "did not know the scope of shadow IT at their companies but wanted to know."
Not knowing the extent of cloud exposure also results in a lot of unnecessary expense. According to Anne Marie Murray, global product marketing manager at the lifecycle management technology firm Tangoe, many of the people who try to manage cloud app exposure today do so in spreadsheets. "It's surprising, as it's very 10 years ago to manage these things in spreadsheets, but there's really no good way to do it." When IT gains an enterprise-wide view, it often finds a lot of duplicate services across departments. Many times, companies don't realize they're paying for unused cloud licenses, multiple contracts with the same vendor, or even training courses nobody has leveraged.
Focus in 2015: Awareness of application exposure unfolded throughout 2014, and 2015 is the year to address it more comprehensively. More enterprises are working to approve and integrate popular applications and to create their own versions of applications for employees and customers, effectively slowing down the adoption of risky third-party apps.
"Next year, we can expect to see more applications that are enterprise specific, with more security built in and with components large firms need and feel comfortable with," Murray said. Internal IT teams and financial technology startups are playing a role in creating the bulk of new applications developed specifically for the enterprise.
Management of an enterprise app environment must also be more comprehensive, and the proper modeling and architecture to support apps on servers will begin to take shape in more robust ways next year.
Industry Leaders: With more firms organizing around mobile solutions, we may be moving toward a new generation of IT leadership. By the end of 2015, it's possible that mobile experience will be one of the top job requirements for a CIO in financial services.
"The tension and exposure within companies has made mobile initiatives a priority and high-level conversation rather than a side project," said Ojas Rege, vice president of strategy at the mobile IT firm MobileIron. "For the CIO, it's going to be very important they demonstrate real success in this area."
Price Tag: Perhaps one of the biggest evolutions in mobile applications that will help IT build the enterprise-ready applications environment is the aggressive internal move from traditional Windows applications to modern mobile applications. In financial services, Rege said, the security officers are just now realizing that new generations of operating systems (IOS, Android 5, and Windows 10) are much more secure than those of the past, because they have isolated memory storage (sandboxes), preventing data leaking from one app on a server to another.
"We are going to see an explosion of smartphones and tablets within banks for employees," Rege said. "So my prediction is you will start to see substantial internal application modernization programs, because the value from modernizing from security and cost perceive is substantial. I expect to see a lot of investment in that."Becca Lipman is Senior Editor for Wall Street & Technology. She writes in-depth news articles with a focus on big data and compliance in the capital markets. She regularly meets with information technology leaders and innovators and writes about cloud computing, datacenters, ... View Full Bio