Creating a comprehensive mobile policy

Today’s economic climate has led many financial services firms to shift technology investments to areas that help reduce costs and improve overall workforce productivity. Increasingly, these investments include mobile solutions – and updating the enterprise infrastructure that is necessary to deploy and support them.

Mobile access to enterprise resources, such as CRM and client information or more sophisticated tools, can help significantly improve user productivity and client satisfaction. But getting these capabilities into the hands of users requires much more than just investment in hardware and software. A successful mobile strategy starts with careful planning and consideration of your business objectives. Then, to successfully build, deploy, and manage mobile solutions, the significant technology, process, cost, and commercial risks involved must be properly addressed.

Comprehensive mobile policies share five key elements: security, infrastructure and technology, user mobility and use policy, support, and future-proofing.

Securing mobile devices and the corporate assets on them is a challenge for any enterprise, but especially so in financial services. The first step is deciding what information and services can be accessed on a mobile device, and how securely that information must be protected. Cybercriminals are increasingly turning their attention to the mobile channel, hoping to exploit security gaps that have already been closed on the web. Many people are less aware of what constitutes risky behavior on their mobile device as compared to their desktop PC, and locking down employee-owned devices is impractical. User profiling is not foolproof, and device hardware ‘sectioning’ tools are still nascent. Ensuring your mobile infrastructure uses secure transport and data encryption is important, but the most effective approach to mobile security includes a combination of security at the infrastructure, communication, application and device levels, coupled with a robust policy that specifies what users can do with mobile applications and data.

Leveraging your firm’s existing infrastructure can help significantly reduce the costs and risks associated with deploying mobile solutions. Making sure new technology and processes are compatible and easily integrated with existing systems is critical. Firms should assess their hardware platforms, operating system and database software, software development tools and environments, communications, technical standards, internal and external data and business logic interfaces (and the physical location of data), as well as configuration management, support infrastructure, and release control procedures.

When creating a mobile policy, device management and inventory, user management and recognition, data access and authentication, analytics, performance monitoring, and mobility profiling as they relate to security must be considered. These capabilities play a big role in developing a comprehensive information and device security policy, and are further complicated in the 70% of companies that already support devices owned by employees. It is important to address the reality of lost and stolen devices, as well; regardless of whether it is an employee’s personal device or one provided by the firm, protecting corporate data requires a policy that covers both the reporting of lost devices and how and when lost devices are wiped.

An organization’s approach to supporting mobile devices and applications should address what apps and devices are covered, acceptable use of the information, loss prevention and recourse, and device repair and replacement. If employees are allowed to access corporate assets on personal mobile devices, then the firm must decide on the amount and type of support that is offered to users and the additional security or policy measures required to mitigate risk. A training policy is also essential to cover mobile-specific risks, regulatory and compliance issues, and best practices.

As device and operating system fragmentation continue to increase, no comprehensive plan is complete without protecting the firm’s mobile investment against the next technology innovation. The most effective mobile apps tend to be targeted at specific tasks most important to a mobile user. These types of solutions often need access to a smaller, more manageable set of data interfaces than larger, more comprehensive enterprise applications. If a firm’s core infrastructure is secure, scalable and designed to support modern Web services, development teams find it easier and more cost-effective to build new solutions on top of existing enterprise assets, and keep them current.

Mobile technology can help greatly improve the experience and productivity of the people that interact with firms utilizing it. But it is vital to approach mobility with a comprehensive strategy, paired with effective policies and controls to manage costs, reduce exposure to data loss, prevent security breaches and compliance issues, and extend the useful life of technology investments.