The financial services industry has always been separated from the public by some sort of barrier. In the Old West, bank tellers sat behind iron bars. Even to this day, many retail banks have glass between the customer and the banker. Financial services enterprise data centers are housed in nondescript buildings, with perimeter security and state-of-the-art internal controls.
The same applies in the technology world. Traditionally, a financial firm's entire IT infrastructure sits safely behind a firewall. These safety measures have been in place since the beginning of, well, banking. But things are starting to change.
The increasing use of mobile devices by employees has moved the security perimeter far outside of the bank's firewalls. Now each device, which has corporate applications, customer data, and other sensitive information, needs to be secured. Furthermore, mobile device adoption by enterprise employees continues to grow, as more workers demand mobile functionality and tools.
[For more on how financial firms are approaching security challenges, read: Former FBI Agent Talks Cyber Security With Deloitte].
Large financial institutions have a big challenge when it comes to securing and supporting their mobile users. Fidelity Investments, one of the world's largest mutual fund managers, has approximately 40,000 employees and manages close to 20,000 mobile devices, including smartphones and tablets. JPMorgan has more than 200,000 employees globally. If it had the same mobile adoption rate as Fidelity, it would have close to 100,000 devices under its watch.
In addition to the increase in mobile usage, firms have to protect other things outside the firewall. Recently, law enforcement officials have said they fear hackers will try to destabilize the markets by infiltrating trading systems or exchanges. The move to destabilize the markets is a marked shift from prior hacks, where criminals tried to steal data for monetary gain. The SEC has stated that the number and sophistication of attempted hacks into the infrastructure supporting the financial markets are intensifying.
The increased security concerns surrounding the financial markets motivated the SEC to begin querying financial firms about their security practices and procedures as part of their annual audits. For financial services leaders, securing everything from market connections to mobile devices will be under the SEC's microscope as the agency strives to make sure all firms are doing their part to avoid an infiltration that destabilizes the markets.
Though firewalls are still important, the overall amount of data, number of applications, and amount of data outside the firewall continue to grow. The new security battle will not only involve traditional safeguards such as firewalls, but also tools that can secure data, applications, and systems that are outside the traditional firewall.Greg MacSweeney is editorial director of InformationWeek Financial Services, whose brands include Wall Street & Technology, Bank Systems & Technology, Advanced Trading, and Insurance & Technology. View Full Bio