Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .




By Vincent Smyth, Senior Vice President EMEA, Flexera Software

A recent research report shows that a large proportion of the over 40,000 major mobile banking apps today contain code that allow them to exhibit excessive permissions, potentially compromising banks’ data security and that of their employees and customers. However, malicious code is not the only source of risk financial institutions must worry about.

Many CIOs are not aware that many seemingly harmless mobile apps allowed onto their networks exhibit risky behaviours – like allowing access to personal and confidential information such as location of phone, details of owner, text messages and so on. These risky apps often violate banks’ Bring Your Own Device (BYOD) policies —but because the risky behaviour is unknown to the institution, enforcing the policy is impossible. An example of such an app is Flashlight, which allows a device to be used as a torch. The makers of this app secretly recorded personal user information and passed that data on to advertisers.

The threats that risky app behaviours present to banks is high as most IT teams don’t have the same insight into and control over mobile app behaviours as they do with traditional enterprise software. And without understanding what risky behaviours mobile apps are capable of and how, ensuring security is impossible and banks’ BYOD policies virtually unenforceable.

So what can banks do? 

Vincent Smyth

Vincent Smyth

They must take a comprehensive approach to managing the mobile application lifecycle – similar to what is already undertaken in the desktop, cloud and web environments. To do this, banks must have tools and processes in place to test their own mobile apps to understand their behaviour, to identify whether any app functions may pose risks to the organisation.

Application Readiness reduces mobile apprisk

Banks have been adopting Application Readiness best practices, processes and technology to prepare enterprise apps for internal rollout – whether they’re physical, virtual, cloud or desktop or. This provides a standardised best practice method for reliably and predictably testing, packaging and deploying apps into the enterprise.

By automating these Application Readiness processes, IT has gained essential insights into application behavior that has resulted in very stable, reliable and secure application environment.  These same Application Readiness processes and technology can and should be extended to testing mobile apps and app behaviours. For instance, Application Readiness tools can perform application reputation scanning, which examines app properties and configuration to determine the mobile device features that the app uses.  It will then issue a report that can be used to establish policies that define which behaviours are risky. These policies can be used by the Application Readiness solution to automatically identify risky apps, allowing IT to manage them appropriately.

Identifying and effectively managing risky mobile apps not only minimises risk, but also enhances the user experience. Employees can use authorised apps with confidence, knowing they’ve been thoroughly vetted. And security officers will have greater confidence that danger has been averted by avoiding apps that exhibit risky behaviours, or by eliminating those risky behaviors before they’re allowed access to the corporate network.

Applying existing processes to mobile

Many banking organisations today are adding new teams to deal with mobile apps and app security.  However, existing teams should have all the experience necessary.  IT organisations that already leverage Application Readiness best practices and technology to safely and reliably deploy enterprise apps can easily extend these same processes for mobile apps – both externally and internally developed.  And in doing so, banks will simultaneously improve operational efficiency and ensure a standardised process for deploying all applications.  Adding mobile apps simply involves extending the familiar process to additional formats, operating systems, and deployment solutions such as mobile device management systems.

For instance, Application Readiness teams have already proven their ability to deal with new formats (application virtualisation) and new operating systems (Windows 8). The same teams are also likely to be involved with preparing desktop apps for mobile device access via Citrix/RDS. So using a single, standardised and consistent Application Readiness process across all enterprise applications, including mobile apps makes sense. Leveraging existing teams’ knowledge and efficiency translates into greater IT agility and lower cost in maintaining Application Readiness.

Even the most innocent mobile apps can pose tremendous risk to banks that are unaware of how their design and function can access sensitive data and, potentially, disseminate that data in violation of BYOD policies.  By taking a comprehensive approach to managing the entire enterprise application lifecycle– including mobile apps – banks must leverage existing staff, expertise and technology to test mobile apps, understand their threat potential, and take appropriate measure.  Importantly, all these approaches are relevant for their own apps too and must be followed with equal vigour.

Global Banking & Finance Review


Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!

By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post