Maintaining a secure and stable informationtechnology environment in one of the most heavily regulated andaudited industries is a significant challenge. So when segmentswithin the financial services sector are presented with newtechnologies that have the potential to transform how theirservices are delivered to consumers, businesses and employees,it takes a great deal of cautioned planning to ensure that nothingis compromised.

Mobile technology presents a tremendous opportunity for creditunions because it allows them to connect to their customers andemployees 24/7. The pressure to deliver new mobile services, beyondmobile web, to financial customers is stressful and verycompetitive.

The pressure to enable employees to use their “always on” mobiledevice is just as intense. For employees, the capability to gainaccess to information remotely from their mobile device delivers anew efficiency and level of awareness that they have not previouslyenjoyed. For the business, it means the ability to work outside ofthe standard business hours, improve satisfaction amongst employeesas well as increase the speed of doing business.

Two deployment models have arisen: Corporately Owned, PersonallyEnabled, and Bring Your Own Device. While COPE provides a degree ofcontrol through ownership, it also imposes capital and operationalcosts and limits device choice that can be avoided by adopting aBYOD strategy. Bring Your Own Device, on the other hand increasesthe concerns over employee privacy, corporate security andinformation control.

Both models introduce new IT and information security challengesfor the delivery of information services across new networks, newprotocols and new endpoint devices. While years of analysis andplanning have gone into the decisions behind the purchase of thetraditional IT systems, these mobile devices and the vendors thatdeliver mobile solutions are merely a few years old. Few of thesesystems have matured through the versioning necessary to achievethe functionality and robustness demanded of financial systems.

Yet, mobility presents such a compelling opportunity that manyindustries including the financial services industry areoverlooking some of the short-term weaknesses, much to the chagrinof IT departments, in order to take part in the mobile bonanza andto avoid being left behind while customers, and even employees,shift their loyalties.

IT departments no longer have the degree of decision-makingcontrol that they once had. When it comes to mobile devices, theemployee has far greater decision-making influence than everbefore. Major device OEMs now understand that the consumer is theirchannel to the enterprise IT department and are marketing theirsolutions directly to this segment. IT is now in the position ofresponding rapidly to the demands of the employee and maintainingthe level of service and security of the traditional system.

IT departments must now integrate these disparate mobile systemsinto their existing infrastructure and processes as well asunderstand and maintain logical partitions between corporate dataand personal data. Additionally, IT must deploy client-sidesoftware to defend against whatever employees choose to downloadonto their devices, and track these devices in order to recoverthem if lost or lock them and potentially wipe the devices of anycorporate data.

Affecting the management practicality of these devices is thefact they these devices were not designed to deliver multi-persona,logically partitioned information. Most devices share storage andmemory amongst all of the apps and data on them. What is needed isa means:

• to isolate the employee apps and data from those of thecorporation,
• to specify and manage the corporate apps and data to the levelof restriction and control demanded of all the other corporate ITsystems,
• to permit the device owner to enjoy all the benefits of theirdevice without restriction or oversight over their personaldata,
• to allow the corporation to remove corporate data from a deviceif it is lost, stolen or leaves the company,
• to allow the device owners to do more than just work and playwith the device:
• to allow them to isolate their banking apps from theirchildren's games;
• to allow them to create a guest on their device forsharing;
• to create a quarantine area on their device for downloads thatthey are unsure of;
• to restrict nosy apps from snooping or swiping their contactlist or taking advantage of the ridiculous permissions that mostapps require by eliminating any potential security holes,
• to make BYOD the viable model that it promises by providingdevices and systems that support the requirements of both thecorporation and the employee.

It will take several more highly publicized security or privacyincidents to force mobile solutions to achieve the level of trustdemanded by the financial services industry before any significantinformation-access services are made available to employees.

Until that time a lot of faith will be placed in VPN andanti-malware products, as well as the constraints in theright-to-use policies that most employees must now sign up for, toprotect apps and data on mobile devices while in the hands ofemployees.

AlecMain is CEO of Graphite Software in Ottawa,Ontario, Canada.