“Consumer confidence is eroding more and more with every data breach. It’s never been more important to take those precautionary measures to secure your IT infrastructure, inside and outside the perimeter. Too many companies wait until it’s too late to set up sufficient protections that extend to endpoints like mobile.”

Alex Cherian, Senior Offering Manager at IBM Security

2. Moving to the cloud

Across industries, there is a general shift toward the cloud model, whether it be partial or full adoption. For the more traditional FS incumbents, the cloud offers an infrastructure that is agile relative to in-house legacy systems, helping them compete with more nimble challengers.

It’s easy to see cloud technology through rose-tinted lenses, but it is not without its pitfalls and not everyone is convinced. Compliance, legal and some IT teams can be skeptical of cloud technologies. Outsourcing means control is diminished, whether it be over the service provided or data residency. In an industry as vigilantly regulated as the Financial Services, this can be more control than some companies are willing to relinquish.

However, commercial demands are necessitating migration to the cloud—not necessarily for business-critical systems, but for non-core processes like HR and Marketing. This means FS companies and governing authorities will need to adapt to a new norm.

In Europe, the European Data Protection Supervisor (EDPS), Information Commissioner’s Office (ICO) and the European Banking Authority (EBA) have all published guidance on the use of cloud service providers (CSPs), with the latter specifically focusing on the Financial Services. In the UK, the Financial Conduct Authority (FCA) has followed suit and published its own guidance pertaining to firms outsourcing to the cloud and other third party IT services.

There is also ISO IEC 27017 which provisions guidelines on information security controls for the use of cloud services. Despite all of these guidelines, accreditations and regulations, these technologies are still in their infancy. Organizations and authorities are still exploring how to best approach the cloud.Financial Services companies in particular need to consider the effect of cloud adoption on operational resilience.

3. Supporting BYOD

According to Forrester, 64% of devices in Financial Services firms are employee-owned. There are two main reasons why BYOD is so appealing to this industry.

The first, and most obvious: it removes the equipment cost. Second, it can limit the legal liability of organizations if employees use mobile devices to carry out illegal activities, such as insider trading.

IT teams supporting this BYOD model are tasked with walking the fine line between protecting corporate data and respecting end-user privacy, all while remaining compliant with the cascade of industry regulations:

Case Study – Multinational British Bank

A multinational British bank was seeking an MTD (Mobile Threat Defense) solution for its BYOD Android devices. The company had rolled out an Android Enterprise container solution managed by BlackBerry UEM to these devices. The company required a solution that is fully integrated with its UEM for automated compliance actions, and minimal impact on the user in any given scenario. They also required the corporate container to be blocked or wiped automatically if a threat is detected or if the MTD app is missing from the device. The company was aware that it needed to be alerted to security threats but wanted to limit the amount of information the MTD solution provided to IT admins due to privacy laws. Demonstrating the diversity of fleets within financial services firms today, this company also requested integrations with Microsoft Intune and Office 365 as well as support for iOS devices. Luckily, this level of interoperability does exist in the MTD market.

By recognizing the unique mobile requirements of this industry as well as the threats affecting mobile users, IT and security leaders can develop a better security strategy that extends beyond the protected perimeter.