Today's threats are growing in size and complexity as more mobile devices are used to check bank balances or execute simple transfers, exchange email that contains sensitive information or store confidential documents. Most banks develop a password policy to protect Web applications on these mobile devices. The reality is that this is not enough.
Web applications associated with mobile banking are under threat from a variety of sources, such as: loss or theft of the mobile device resulting in exposure of data, interception of sensitive data that passes over Wi-Fi or a 3G network, capture of data via Bluetooth connections and mobile viruses.
The goal of a Web application security policy is to find or intercept these threats before they fully exploit the vulnerabilities and to maintain balance between consumer convenience and heavy-duty security. To achieve this, financial services should work through the following steps before a Web application is released to end users.
Review security policies to ensure they are specific to already-installed Web applications and adequately govern the use of mobile devices on the network. These policies must be enforced technologically and are dependent on user compliance. Do not apply generic security policies.
Review software life cycle documents in all phases to ensure planned Web applications have met security requirements and that their
To continue reading for free, register below or login
To read more you must become a member of SearchFinancialSecurity.com
threat vulnerability analysis has been updated. Ensure application design evaluation has been adequately conducted.
Conduct a pilot study by testing Web application security in a sample portion of a mobile banking system. This will help security managers to solve any potential technological and user compliance problems before conducting the test on a large scale, as well as determine what education and training the testers will need to solve unusual anomalies. Without proper training and education, finding or stopping the threats before they exploit the application vulnerabilities can be difficult.
As part of the study, perform the following steps to ensure the application security policy is adequate. This process can be repeated within any step to fix inherent problems.
Protecting Web applications within banking mobility can be a challenge for a financial services firm. Developing the policy to protect them can make the job easier and keep data safer.
About the author:
Judith M. Myerson is a Systems Architect and Engineer and Enterprise System Integration consultant. Her areas of interest include middleware technologies, enterprise-wide systems, database technologies, application development, network management, computer security, information assurance, financial RFID technologies and project management. She can be reached at jmyerson@verizon.com.
