Related Items
  FREE Insurancenetworking.com Site Registration!
Sign up today and access the leading source of Insurance I.T. information on the Web.

Your FREE site registration entitles you to

FREE Insurance Networking eNewsletters

Search more than 7 years worth of archived data

White Papers and Industry Research that provide valuable insights on a variety of technologies and implementation issues

Access our Web Seminar series

   

Roving Trouble

Michael Sisk December 2006

According to a survey conducted by Fierce-Wireless-Bluefire Wireless Security this year, more than 80% of financial services respondents say their organization's use of handheld devices had increased over the past two years. Meanwhile, 87% say they are concerned about the security of e-mail access to corporate server-based accounts and of remote access to corporate networks, and 85% say that access to Web-based e-mail had become a significant security concern.

As to specific wireless security concerns, more than 60% say their top-ranked worries are viruses or attacks on the corporate network, and the security of data during transmission over wireless or cellular networks. Loss or theft of wireless devices ranked third, with about 50% of financial services executives indicating a concern, despite recent high-profile cases of lost laptops with sensitive customer data.

"A year ago, the chief security concerns revolved around the potential loss or theft of smart phones and wireless devices, but the results of the [survey] clearly paint a very different ... story," says Mark Komisky, CEO of Bluefire Security. "As enterprises increasingly are using wireless devices to create and transmit new data and to access the most sensitive information sitting on their corporate servers, the risks are much greater."

Analysts agree that the mobile device security challenge is a formidable one, and that many institutions have a long way to go.

Bob Egan, director of emerging technologies at TowerGroup, says that "in general, the industry is backward from where it needs to go. Throughout the financial services industry, executives are stepping back into the future, acting as if mobile device access is an extension to their existing remote access policies (e.g. working from a home office PC). But smart phones and PDAs offer significant new variables on a number of fronts," given their ubiquity, storage capacity and ability to tap the Web.

"It's a bit of a scary world," says Bill Clark, a research vice president at Gartner. "There's not much you have to do to take a PDA or smart phone for personal use and sync it up with a network. There are tens of millions of unprotected mobile devices out there."

Brian Mitchell, vice president of technology controls for the investment bank at JPMorgan, says that mobile devices pose two broad challenges. The first is that, by nature, the enterprise does not have physical control of the devices as with PCs, making it a challenge to check and update configurations and software. "In the field, anything can happen, through loss, theft or the employee making changes," he says.

The second challenge, Mitchell says, is the employee's relationship with the device. Even if the bank owns the device, employees tend to take a more personal ownership of their phone, PDA or laptop than their office PC, "and so they may choose do things with the device that they wouldn't do with a desktop PC, such as downloading software [which can harbor viruses or malware]. Since it's not always connected to the network, our control over it is limited."

For more information on related topics, visit the following channels:


Compliance

Customer Service

Data Management

Distribution

Enterprise Technologies

Insurance Network

Outsourcing

Risk Management

Vendor Spotlights