12:05 PM
5 Enterprise Mobile Security Tips for Financial Firms
Financial firms are increasingly using the mobile environment for applications to serve their clientele better. Modern work platforms enable financial applications to be developed quickly for optimal collaboration and peak customer experience.
For example, CME Group, the world's leading derivatives marketplace, needed to automate workflows, improve end-to-end visibility, and enable continuous improvement. It applied a modern work platform to create applications, consolidating processes while leveraging mobile for improved access and shorter response times.
At a more local level, the Bank of Tennessee has created mobile applications to enable its loan officers to process mortgages wherever it's most convenient for its customers -- enabling this community bank to level the playing field with the big boys.
As useful as mobile-enabled applications can be for the financial services industry, adding mobility can pose serious concerns for enterprise IT, particularly in terms of security.
Financial industry leaders must ensure their mobile-enhanced applications comply with a variety of security requirements. The five most important requirements are:
- Secure network communication
- Secure local data storage
- Protection against malware
- Secure authentication
- Remote disablement
Let's look in closer detail at each requirement and what you need to keep in mind.
Secure network communication
Make certain that all communication between client devices and servers is transmitted over HTTPS with SSL encryption. HTTPS/SSL is the industry standard for secure web communication between devices. Limiting connection to servers with trusted SSL certification ensures unauthorized users cannot gain access. Address any vulnerabilities to the Heartbleed bug; fortunately, the virus is limited to OpenSSL version 1.01 and the beta version 1.02.
Also, consider configuring mobile applications to work with a secure virtual private network (VPN) connection from the mobile device. This will allow clients to establish a secure connection to systems behind the enterprise firewall, and it ensures that your servers will not be directly accessible from the public Internet.
Secure authentication
Authentication from mobile devices must be handled on the server side to ensure that a central administrator maintains control of this aspect of security. Authentication architecture must be easily integrated with your corporate LDAP or SSO authentication servers.
Secure local data storage
It goes almost without saying that server location and user ID information on each mobile device must be encrypted. Documents downloaded to the mobile device must also be stored locally in an encrypted format.
Don't allow enterprise data to be stored on mobile devices; instead, make it deliverable on demand to the user via a secure network communication. By storing only the minimum amount of data required for local processing, using local encryption, and using secure network communication for all other data, you maximize enterprise data security.
Protection against malware
Native mobile applications -- as opposed to mobile-optimized web interfaces -- offer a superior user experience and protect against malware on mobile platforms.
Malicious applications steal information and infect devices, using common web attack techniques such as JavaScript injection (XSS) or SQL injection. These malicious apps concentrate on browser security holes as a primary means of attack.
Because mobile browsers are less mature than desktop browsers, staying with native mobile applications, rather than web interfaces, provides an immediate security layer for enterprise data.
Remote disablement
By some analysts' estimates, mobile device loss and theft can be as much as 50% higher than laptop computers. If a mobile device is lost or stolen, it is common practice to disable that device remotely to prevent information theft or unauthorized software access. Mobile device platforms provide varying levels of support for remote disablement. Evaluate each individually for its merits and issues.
Native mobile client application makes it easy to disable features remotely, including removal of the application or locking its access.
With the rapid adoption of mobile devices in business, financial services IT experts must make data security the cornerstone of their mobile device strategy. Network encryption, secure authentication, minimal data storage, and passcode locking ensure your enterprise data can be securely transmitted to your mobile users. Today's modern work platform offers solutions to mobile-enable your enterprise applications and processes while maintaining a high level of security and access control.
Evan McDonnell is Appian's Vice President of Industry Practices and is responsible for guiding the company to meet the needs of specific industries. Evan has an extensive background in enterprise and SaaS software. He was most recently Vice President of Marketing at CodeRyte, ... View Full Bio