Banks turn their eyes to mobile failings: McAfee

Banks lack mechanisms to determine whether mobile devices used to access customer financial information are secure, according to McAfee CTO of cloud and datacentre solutions, Greg Brown.

Financial institutions want customers to do more mobile banking, but they don't have the mechanisms to ascertain whether the mobile devices used to access financial information have been compromised, according to McAfee CTO of cloud and datacentre solutions, Greg Brown, speaking at the Intel Cloud Summit in Bangkok, Thailand, on Tuesday.

Financial institutions having been working to revamp their online banking portals and releasing new mobile apps to make personal banking convenient for customers. As such, online and mobile banking adoption have skyrocketed in recent years.

"These organisations want you to use online banking, because it makes it more efficient for you to do transactions and for them to run their businesses," he said.

Because of this, the banking and financial sector is increasingly concerned with mobile devices being a point of attack and data loss. According to Brown, it is important that the integrity of access devices is considered, not just the IT infrastructure behind them.

"The protection of end-point devices is just as important as making sure the infrastructure, where you are putting the data, is secure," Brown said.

He acknowledged that mobile security is a tricky business in financial institutions, and broadly across the enterprise space, as well. This is made more difficult as businesses move into the cloud and has less visibility and control over its IT infrastructure.

"It is more difficult to secure mobile devices, in that they start off as not being managed by any IT departments," Brown told ZDNet. "They inherently carry a diverse range of applications, and despite the walled garden approach, we are seeing those devices are subject to attacks and are subject to vulnerabilities in applications."

The app space is dynamic, and consumer apps generally don't have the strong security controls the mature enterprise style apps do, he said. While banking or company provisioned apps may not carry vulnerabilities themselves, the array of consumer-grade apps that may sit beside them can be a gateway for cyber-assailants.

Google's Play Store has been known to contain apps that carry security risks, due to its open nature.

With open platforms like Google's Play Store, Brown said that organisations have to start thinking about building quarantine zones within mobile devices to prevent data loss and security breaches.

"The mobile industry, in general, has to evolve more before it can offer the same level of confidence established in the traditional PC market," he said.

Spandas Lui attended the Intel Cloud Summit as a guest of Intel.