Click here to view an edited video of the discussion
The financial world has never been particularly keen to embrace mainstream consumer technology, either internally or when dealing with customers. Often, the perceived risks of doing so lead IT or compliance departments to eye these non-business-critical technologies with a mixture of distrust and disinterest, and in many cases they flatly refuse even to consider them.
But this may not be an option any longer - smart phones, tablet computers, social media and the myriad technologies that fall under the all-encompassing banner of 'Web 2.0' are increasingly being seen as vital to get the best from staff and to engage effectively with customers. According to research by the consultancy Aite Group, 60% of financial services firms currently describe their experience level regarding social media as 'novice' or 'beginner', but 90% plan to have dedicated budgets in place for these areas by 2012 and some spend as much as 10% of their total marketing budget on social-media initiatives in an attempt to connect with customers and build brand awareness and affinity.
Similarly, Apple's iPad - which sold 3 million units within 80 days of launch - was viewed very much as an entertainment device when it was launched, but a good number of consumers will also have expected to access online banking and other such services through dedicated applications on the tablet device. Some banks are even trialling the iPad internally as a laptop replacement.
Implementing these kinds of technologies is of growing importance to financial institutions, then, but there are some very real risks involved in doing so, and dealing with the multifarious security and compliance issues involved is no small task, as a panel of security and IT experts explained in a recent Leadership Series round table discussion hosted by The Banker. The discussion was sponsored by McAfee and independently edited by The Banker.
Watch the videoÂThis is an edited version of the discussion from The Banker's Exclusive Leadership Series. Click below to view more:
|
GROWING PREVALENCE
Consumer technology is undoubtedly more common than ever in the financial world and firms are starting to make increasing use of the tools it offers. "With things such as mobile computing, we've had a number of projects running for a while now and these have been driven by changes in the market place," said Stephen Gailey, director of IT with Barclays Capital (BarCap), who is responsible for security technology at BarCap and Barclays Wealth. "We also find that the traditional corporate device manufacturer is moving into the retail space and the retail manufacturers are trying to develop enterprise customers."
Social media is another priority for financial services firms, said David Edwards, Nationwide Building Society's senior manager for information security, and this is an area on which the UK,-based firm has been focusing its attention. "There are two aspects of it from my perspective," he said. "One is the actual employee engagement - the ability to use social networking sites from their work space. The other is the ability to exploit social networking sites for marketing purposes."
This latter ability was a key aspect of Nationwide's marketing efforts at the time of the 2010 World Cup in South Africa. "Back in the summer, for the World Cup, there was a lot of [social media] activity around our campaign because Nationwide was heavily involved with England as a football sponsor, and it was basically trying to utilise social networking as a marketing channel," said Mr Edwards, adding that this approach brought with it an increased risk of exposing Nationwide's IT networks to various forms of malware and other threats.
Despite these examples, and the broader explosion of consumer technology use in the enterprise, there is no doubt that the financial world has been rather slow on the uptake. "From a business IT standpoint, innovation has been on hold," said Rees Johnson, senior vice-president and general manager of network defence with computer security firm McAfee. "We've experienced a drive for efficiency within the enterprise over the past decade - especially with the recession over the past couple of years - and there hasn't been anywhere near as much innovation in the enterprise as there has been in the consumer world."
INNOVATION OVERDUE
The panel agreed, however, that innovation in banks' use of consumer technology is now long overdue, particularly when it comes to building relationships with customers.
Many banks have rated rather low on customer-service ratings in recent years. In the US, for example, consumer complaints about banks were up 42% since 2008, according to a recent survey from the Better Business Bureau. Consumer technology can play a vital part in interacting with customers, who may be more comfortable with social media such as Facebook or Twitter than more traditional banking channels.
"It is fundamental to customer engagement: if the customer doesn't feel that they're capable of approaching their organisation through their chosen method, then I think they're going to go and find somebody else who will [provide this]," said Mr Edwards. "Social networking as a consumer channel into an organisation is coming. The issue is: do you get on the front foot or are you at the back of the queue, so that by the time you launch your offering, the market has already been snapped up by other, more agile competitors? It is important for Nationwide to look to the future and be in a position where we can be in the front of the movement rather than at the back trying to catch up."
It is not just customers who value the ability to make use of social media, however. Allowing employees to access these tools where possible, as well as to take advantage of the new generation of mobile devices such as smart phones and tablet computing devices, can play an important part in building a happy staff.
"As the younger generations move into the work force, they're used to operating and having this technology and this access to their lives, as consumers. And while there is an expectation of control when you're working in a company, there's also an expectation of having some ability to use this sort of thing. So I think it is very important to keep up from an enterprise perspective," said Carl Froggett, Citi's global security engineering lead and security manager for Europe, the Middle East and Africa.
Mr Froggett added that, as time goes on, a firm that does not keep up with these trends in employees' needs will risk being unable to attract new talent.
"This will get more important," he said. "Today, maybe it's on the fringes of being a deal breaker... but as time goes by, the advances are very rapid and you've got to keep up. If you do not, it actually becomes a bigger risk for an organisation."
Mr Johnson agreed: "Companies have to embrace this so that they can attract and retain top talent," he said, adding that McAfee has noted a generation gap being driven by the consumerisation of IT, and that expectations created by experiences in the consumer world are now being carried over to the workplace. He said: "They [employees] are expecting something new when they come into the work force, but when this new talent comes into an organisation, they look around and say: 'How can I be so powerful as a consumer, yet so lame as an employee?'"
But the desire to use these kinds of technologies in the workplace may not always be confined to younger members of staff, said Mr Gailey, noting that he had not observed a clear generational split at BarCap. "We're finding that these devices are being embraced right across the organisation, whether it's somebody coming straight out of university or somebody who has been in the organisation for a very long time. There seems to be a fairly universal demand for these kinds of tools."
This may be fortunate, given that the rewards of allowing non-traditional mobile devices and the like into the workplace are likely to extend beyond happy employees, to major gains in productivity, added Mr Gailey. "We see the great advantage in using these devices internally as being that they are now mobile computing platforms... If people can be effective regardless of where they are and what other computing facilities they have available to them, then that brings enormous benefits to the organisation," he said.
RISKS AND CHALLENGES
The benefits of these technologies may be too great to ignore, but there are some major risks involved in implementing them and doing so could lead to a number of headaches for bank's compliance and risk departments.
The chief danger of allowing mobile devices into the enterprise is the risk of data loss, Mr Johnson argued, pointing to the number of handsets left in taxis, which in London alone totals at least 10,000 a month, according to various estimates.
"The concept of 'loseability' with the data that we have is going to be a huge problem, because it's a lot easier to misplace these small devices compared with a laptop. I would say that's probably the biggest issue that we see there, the data-loss concept," said Mr Johnson.
Many of the same risks are posed by social media, said Mr Gailey. "Things there started out as a method to have fairly simplistic communications with your peers, but now we're into cloud computing, so you can share documents. It's the loss of data out into these areas that we have to guard against," he said. He added that he is hopeful that security developments in this area may eventually open up some of these tools for enterprise use instead of forcing IT departments to inflict a blanket ban.
"At the moment we have to use a sledge hammer to crack a nut and just block those elements of it that might allow data to leak out," said Mr Gailey. Possible solutions do exist, such as tools that allow an employee to look at profiles on a social network but not to use the chat or messaging functions. However, because these types of software are relatively new, their reliability has not always been proven, the panel cautioned.
Additionally, the introduction of new devices and methods of communication into the workplace could easily cause financial institutions to fall foul of the many regulatory requirements they have to follow. Aside from obvious concerns over data loss, a major challenge facing financial services firms that wish to take advantage of these technologies is the need to have some control over the use of these devices without eliminating the functionality that made them desirable in the first place.
The UK Financial Services Authority, for example, recently called for all firms involved in trading to record all calls made or received on company mobile phones, which could be tough to implement for certain handsets.
Similarly, it is common practice for non-recorded communication channels to be prohibited, so IT departments must find a way for web mail to be shut down on mobile devices, no small task given the range of browser-enabled phones on the market at present.
TACKLING THE RISKS
If financial institutions are to take advantage of these technologies, and harness the enormous potential benefits, then dealing with these risks is a necessity. Tackling them, however, is easier said than done.
When it comes to introducing foreign devices into a business environment, IT departments need to have the infrastructure in place to manage them, said Mr Johnson.
"It is critical to know that those devices are accounted for and that they're authorised and managed in an enterprise fashion. Just as important is securing against data loss by working out how to protect the data centre to avoid security breaches," he said. "There is all this information coming into the data centre and you need to make sure there is some sort of barrier in front of that - such as a firewall - so that you know who is coming into your network and can make sure that they are authorised."
Mr Johnson also pointed to the need for a comprehensive and up-to-date IT threat-intelligence platform to ensure that security keeps up with the demands of a rapidly changing technological landscape. "The threat landscape has changed so dramatically that if it [the IT security department] is not coordinating with the most up-to-date information... then it is inferior protection, today more than ever," he said.
Educating employees in the safe usage of any new technology introduced into the workplace also has an important and foundational role, said Mr Edwards. "You've got to have a culture and education policy in place so that users understand the principles of what they should and shouldn't be doing, and then [firms should] put the controls on top of that to help enforce it," he said. "I think it starts off with a clear set of policies and standards for the organisation to adopt - and for employees to follow."
For these new consumer-technology tools to find a place in the workplace, responsibility also lies with their manufacturers, who should be aware of, and cater for, enterprise usage, the panel agreed. And indeed, this is already happening among some social-media providers, said Mr Froggett. "The social networks are not stupid - they appreciate that what wins today is the number of users they have," he said.
"Facebook is a good example. It is actually quite open, and pretty much anybody can engage with its platform and use its authentication methods. As enterprises want to leverage those kinds of platforms more, then certainly they [technology firms] are going to need to take into account the regulatory issues and work with the businesses and the industry to continue to provide a platform that we can use."
These technology providers - whether it be mobile device manufacturers or social network providers - should engage with the financial world now if they want to be successful there in the future, said Mr Gailey.
"When it comes to social-networking providers, when it comes to smart-phone providers, then long-term I think the ones who will be successful working with enterprise customers will be the ones that take security seriously now," he said.
"I think the vendors who understand that they need to sort out security for their products and services for the enterprise today are the ones who will succeed - not just in enterprise, but long-term in the retail markets as well."
FUTURE USAGE
The potential benefits of engaging with consumer technology are now numerous, the panel agreed. But it will only become more important in the future, and there is a long way yet to go.
"I think that these technologies clearly bring competitive advantages and, while it is very hard to see what is [going to happen] far in the future, I think we are clearly all looking at these technologies now because we understand that they're important to our business in the future," said Mr Gailey.
Mr Edwards agreed, commenting that these new technologies will be an increasingly dominating force in the market, both as a distribution channel and also as a matter of actual business progression in moving towards a web-based service model.
While it may be imperative for the financial world to take on these technologies at some point, there is no need to get into all stages at once. But even a more measured approach will require careful planning, Mr Johnson cautioned.
"I think it's important to make sure you look at all the options available... and look at which ones you should embrace as an enterprise, because embracing them all today is perhaps too much," he said. "So what makes most sense for your enterprise today? Is it the marketing approach, the security approach, or some way to lower the cost of bringing customers into the organisation? I think a specific business is where it all begins within each institution."
Regional variation in customer, as well as staff, demand and expectations could also be important considerations, and different markets may well require different approaches, explained Mr Froggett.
"There may be a geographical element in here as well. We tailor things to specific markets in specific countries depending on what market forces are operating at that particular time," he said.
"We may end up using some of the more cutting-edge stuff in a particular market just to gain that competitive advantage. We might not necessarily want to scale that across the globe, however, so it's definitely something that needs to tie in with the business strategy. And that business strategy does need to understand the risk of adopting these things, because it only takes one bad piece of press to bring the wheels off a particular innovation."
Nevertheless, far more may need to be done by technology providers before banks can take full advantage of cutting-edge consumer technology. "We have a number of running projects around these technologies at the moment and we would like to push these forward more quickly. We feel held back because we don't have the tools to do that," said Mr Gailey. "So I'd like to see the security vendors and the firms that provide the services in the first place give us the tools we need so that we can actually roll these things out faster."
