Banks May Not Be Able to Resist ‘Bring Your Own Device’
User-friendly consumer devices such as Apple’s iPad increasingly are infiltrating the enterprise and transforming workforce expectations. Despite security concerns, employee demands and the productivity gains powered by bring-your-own-device initiatives are forcing banks to embrace BYOD.
By Olivia LaBarre , April 24, 2012 (Featured on www.banktech.com)
Although the consumerization and bring-your-own-device, or BYOD, trends aren’t new concepts, a shift has occurred recently in how banks are approaching them. While CIOs and other bank executives remain wary of security issues surrounding the use of employee-owned mobile devices for work, they’re increasingly embracing consumer IT within the enterprise as an opportunity to drive efficiency and innovation, as well as to increase employee (and customer) satisfaction.
“A major sea change has occurred in the past two or three years” regarding BYOD initiatives at financial institutions, says Gary Curtis, chief technology strategist at New York-based consulting and technology services firm Accenture. “Rather than having an initial reaction of, ‘How many problems is this going to cause?’ CIOs are now saying, ‘How do we make this work without putting the company at risk?’ There’s no longer a question of whether they should make it work — it is happening in just about every major financial institution.”
Bank of America ($2.13 trillion in total assets) is among the institutions that are embracing consumerization in the workforce, reports Cathy Bessant, head of global technology and operations at the Charlotte, N.C.-based bank. Noting that consumerization will continue to pervade the culture of financial institutions, she says Bank of America is “moving increasingly toward” bring your own device. Bessant explains that while many BofA employees already use their own tech devices for work purposes, an official BYOD policy has not been instituted across the entire organization, yet.
But, “It’s not all or nothing,” Bessant notes. “BYOD is something our associates have been asking for and is a huge positive. We’re moving strongly in that direction.”
BYOD programs aren’t limited to large banks, adds Ross Feldman, chief technology officer for U.S. financial services at Palo Alto, Calif.-based HP. “We’re seeing innovation in these areas from the community banks and credit unions, not just the multinational powerhouses,” he reports. In fact, Feldman adds, some smaller financial institutions are farther along in their BYOD implementations than bigger banks because the implementations are occuring on a smaller scale relative to market size.
Needham, Mass.-based Needham Bank (about $1.2 billion in assets) and Ogden, Utah-based America First Credit Union ($5 billion in assets), for example, have proven to be innovative leaders in the BYOD field. Both institutions began by issuing Apple iPads to some employees, then eventually changed their policies to allow employees who didn’t qualify to receive one of those devices to bring in their own.
So what’s driving the recent shift among CIOs toward the acceptance of consumer devices and BYOD in the enterprise? Accenture’s Curtis says the trend largely is due to pressure coming from two directions — the Millennials, the young, tech-savvy generation moving in as new employees; and existing senior executives.
When the pressure to adopt new devices and BYOD comes from an existing senior executive, says Curtis, it’s often because that executive’s child or grandchild introduces him or her to a device such as the iPad. “The next day the executive comes in to work and calls the CIO and asks, ‘When can I have what I need on this type of device?’” Curtis relates. “I can’t tell you the number of cases where I’ve personally heard from the CIO that that’s how it happened.”
Curtis also points to recent research by Accenture on the Millennial generation’s use of technology. “One of the key messages we received from them was that being able to use their own devices and applications with which they’re already familiar was a major factor in their choice of where to work,” he says. “And it will become an even greater factor.”
In fact, a bank can’t be assured of hiring the right tech-savvy talent without considering BYOD, Curtis asserts. “They don’t want to know a world without their own devices, even at work,” he says.
According to Thayne Shaffer, VP of finance at America First, the credit union’s use of iPads and its BYOD policy “keep us competitive as an employer. It makes us current and more appealing than we otherwise would be.” Although an operational decision related to tax reporting started the BYOD ball rolling within America First, Shaffer continues, the institution also wanted to make sure it stayed relevant with the workforce by keeping up with current technology and not limiting its employees too much in that area.
James Gordon, VP of IT at Needham Bank, says that while no one has cited BYOD as a reason for seeking employment at the bank, current employees have expressed gratitude for the program. “I’ve had more than one employee tell me how thankful they are and how much more in-tune with work and responsive they can be because they are able to use their own devices at work,” he comments.
HP’s Feldman stresses that banks shouldn’t forget that employees also are customers. Allowing employees to use the latest consumer devices and applications for work, and asking them for feedback, can provide institutions with valuable insight into customer needs and wants, he says. “That insight enables institutions to deliver advanced tools faster,” Feldman insists. “That’s true innovation.”
Confronting Security Concerns
While BYOD offers major benefits, security remains a top concern for financial IT executives. Thankfully, Accenture’s Curtis notes, manufacturers are helping by increasingly equipping consumer devices with enterprise-level security features that meet many CIOs’ requirements. Those requirements generally include passwords for access, the ability to remotely wipe out data if the device is lost or stolen, and the ability to store encrypted data, he says.
Needham Bank implemented Mountain View, Calif.-based MobileIron’s mobile device management solution to more easily update and maintain the security of the 56 devices issued by the bank, according to Needham’s Gordon. For employee-owned devices, he says, the bank enforces policies mandating that the firmware be kept up to date.
CIOs need to constantly evaluate their security solutions, especially for mobile devices, Gordon adds. “What people did for fraud and risk prevention five years ago certainly doesn’t work today,” he says. “If you have the ability to take advantage of certain security features within an operating system, then you should. You need to take a look at the new features as they’re made available and do risk assessments on them.”
At Bank of America, employees who use their own technology for work purposes must install a firewall on the devices that separates access to personal and company information, BofA’s Bessant reports. She says the bank has been supporting remote working environments for some of its employees “for years,” so the company has the know-how from a tech perspective to secure remote devices.
But, Bessant acknowledges, there’s more to securing smartphones and tablets than securing laptops or desktop computers. ”Mobile devices are more difficult to secure; there’s a difference between a dispersed working environment and a mobile working environment,” she says. “Essentially, it’s the storage that creates the bulk of the risk in a mobile environment. Fraud is always a potential problem. I believe we will evolve toward the ability of devices to use data but not store it.”
Implementing a cloud-based architecture can mitigate the risk of storing sensitive data on mobile devices, according to Accenture’s Curtis. “In the past couple of years mechanisms have been evolving so that data can be stored in an off-site, fully encrypted cloud environment, and you can obtain it with a password,” he says. In terms of security, Curtis notes, cloud providers’ systems are “probably more secure than most large-scale financial institutions.” He adds that storing data in the cloud also saves an employee’s personal data if the device needs to be wiped remotely.
At the end of the day, Curtis says, there’s a lot of individual responsibility left in the equation for employees who use any device that has access to secure data inside a company. “Explaining what those responsibilities are and why they’re there is crucial, especially with the kinds of threats that are out there these days,” he asserts. “Laying that out in a sensible, common-language way is a challenge to companies, although they’re waking up and starting to do a better job at that and selling the policies to employees rather than just making them sign a paper.”
Many in the financial industry finally are beginning to agree that the benefits of allowing employees to use consumer devices such as tablets and smartphones — whether they’re owned by the company or the employee — outweigh the added security considerations. “There’s work to do to enable access to new devices,” says Curtis. “But there’s a big payoff in risk control and information quality and convenience for employees.”
The Advent of ‘Appification’
Needham Bank has seen increased productivity all the way from support staff to top executives since issuing iPhones and iPads to some employees and allowing others to use their own devices, reports the bank’s Gordon. The “appified” approach that these devices facilitate, he says, has changed the ways people work. “This approach relates back to specific job functions as opposed to the Microsoft Word days, when people said you had to have Word,” he explains. “When people talk about mobile apps, they’re usually related to a specific function.”
According to America First’s Shaffer, “If we sat everybody around the table, they’d show us they have their own little apps that help them with their jobs — there’s no question about that. Employees don’t necessarily just use corporate apps for work; they go out and download their own apps, just like they would at home.”
Corporate apps aimed at enterprise productivity, however, also are making differences at America First. Shaffer points to San Diego-based MeLLmo’s Roambi, an iPhone and iPad app that compiles data and transforms it into interactive visualizations. Board members and credit union executives, he says, now access data such as financial and risk reports using the app. Previously, the IT department had to run reports that were then delivered through piles of printed paper or PDFs. Now, information funnels from a Microsoft (Redmond, Wash.) SharePoint portal to the Roambi app. Employees only need to tap the Roambi icon and in seconds they’re seeing important data represented in interactive charts, Shaffer says.
“That convenience of getting to the data has changed a lot of the conversations and meetings in our organization. Before, someone would bring a chart, someone else would bring another one, and we’d argue about which chart was right, and we didn’t make a decision,” Shaffer continues. “Now all of this data is coming through one source, and everybody has the same information at their fingertips. If you want a metric, it’s in Roambi — you don’t have to go any other place to find it. Our deliberations, decision making and pricing discussions are much more efficient.”
Moving forward, Accenture’s Curtis predicts, innovations spurred by consumerization and BYOD will become more commonplace in bank IT organizations. “If you push the clock forward a few years, you’re going to see a whole different class of devices in the hands of employees of major banks — there’s going to be a lot more mobility in different forms, very powerful apps and a lot of transactional capability,” he says. “Sure, the infrastructure and security requirements will have to be solved; but they will be solved, because this is what consumers want.”