The second in a series of postings on how advisors and their partners can effectively, and safely, take advantage of mobile technology.In Part One, we addressed the business issues around mobile technology, while in Part Two below, we walk through the necessary steps to building a mobile policy.
Today’s economic climate has led many financial services firms to shift technology investments to areas that reduce costs and improve overall workforce productivity. Increasingly, these investments include mobile solutions—and updating the enterprise infrastructure that is necessary to deploy and support them.
Mobile access to enterprise resources, such as CRM and client information or more sophisticated tools, can significantly improve user productivity and client satisfaction. But getting these capabilities into the hands of users requires much more than just investment in hardware and software. A successful mobile strategy starts with careful planning and consideration of your business objectives. Then, to successfully build, deploy and manage mobile solutions, the significant technology, process, cost and commercial risks involved must be properly addressed.
Comprehensive mobile policies share five key elements: security, infrastructure and technology, user mobility and use policy, support, and future-proofing.
Securing mobile devices and the corporate assets on them is a challenge for any enterprise, but especially so in financial services. Cybercriminals are increasingly turning their attention to the mobile channel, hoping to exploit security gaps that have already been closed on the Web. The first step is deciding what information and services can be accessed on a mobile device, and how securely that information must be protected. Ensuring your mobile infrastructure uses secure transport and data encryption is important, but the most effective approach to mobile security includes a combination of security at the infrastructure, communication, application and device levels, coupled with a robust policy that specifies what users can do with mobile applications and data.
Leveraging your firm’s existing infrastructure can significantly reduce the costs and risks associated with deploying mobile solutions. Making sure new technology and processes are compatible and easily integrated with existing systems is critical. Firms should assess their hardware platforms, operating system and database software, software development tools and environments, communications, technical standards, internal and external data and business logic interfaces (and the physical location of data), as well as configuration management, support infrastructure and release control procedures.
When creating a mobile policy, device management and inventory, user management and recognition, data access and authentication, analytics, performance monitoring and mobility profiling as they relate to security must be considered. These capabilities play a big role in the security policy, and are further complicated if your firm already supports devices owned by employees. It is also important for the policy to address the reality of lost and stolen devices to protect corporate and client data.
An organization’s approach to supporting mobile devices and applications should address what apps and devices are covered, acceptable use of the information, loss prevention and recourse, and device repair and replacement If employees are allowed to access corporate assets on personal mobile devices, then the firm must decide on the amount and type of support that will be offered to users and the additional security or policy measures required to mitigate risk. A training policy is also essential to cover mobile-specific risks, regulatory and compliance issues, and best practices.
No comprehensive plan is complete without protecting the firm’s mobile investment against the next technology innovation, as device and operating system fragmentation continue to increase (see my first blog posting on this subject). The most effective mobile apps tend to be targeted at specific tasks most important to a mobile user. These types of solutions often need access to a smaller, more manageable set of data interfaces than larger, more comprehensive enterprise applications. By making sure your firm’s core infrastructure is secure, scalable and designed to support modern Web services, development teams will find it easier and more cost-effective to build new solutions on top of existing enterprise assets, and keep them current.
Mobile technology can greatly improve the experience and productivity of the people that interact with your firm. But it is vital to approach mobility with a comprehensive strategy paired with effective policies and controls to manage costs, reduce exposure to data loss, prevent security breaches and compliance issues and extend the useful life of your technology investments.