Entries by John Adler

Why Data Security Continues to be Job #1 For Financial Services Companies

Data security is paramount when you’re dealing with customers’ sensitive financial information. A recent Verizon research study showed that nearly 90% of all data breaches are financially motivated. And this timeline of 200+ serious cyber incidents involving financial institutions since 2007 barely scratches the surface of the actual number of incidents. 

Simply put, if you’re in the Financial Services space, data security is at the top of your list of concerns.

Data security has always been a significant focus area, and it became a pressing issue for one of our customers late last year when a vulnerability in the commonly-used Apache Log4j software library was identified. This client wanted to do everything in their power to ensure that their customer data and employee data was secure.

In a matter of weeks, we worked with them to ensure that all of their 1,000+ employees’ devices — whether laptop, desktop, or mobile phone — were fortified against security vulnerabilities, including unpatched software and phishing attacks.

What’s at Stake? Only the Fate of Your Company

The consequences can be earth-shattering for companies that don’t comply with regulations to protect consumer data quickly enough.

Equifax, to take one prominent example, was forced to pay $700 million in 2019 to settle lawsuits after they failed to take steps to protect consumer data by patching a known vulnerability in their database. The resulting breach exposed the personal information of 147 million Equifax customers. In addition to the hefty fines, the incident caused untold, ongoing amounts of damage to Equifax’s reputation. Equifax was still being publicly flogged for the incident five years after the breach in a press release from the FTC on the Log4j vulnerability.

As Equifax can attest, there is such a thing as bad publicity when it comes to data security. Here are a few ways we advise customers on how to ensure their data stays secure so they can stay out of the headlines.

Protect Data Anywhere & Everywhere, No Matter the Device

As the working world has increasingly gone remote, the need to protect data no matter where it lives and how it’s accessed has also become a top priority for many companies. It doesn’t matter where the data is stored — public cloud, private cloud, or on-prem — and it doesn’t matter where it’s accessed or what device it’s accessed on; the needs remain the same. Threat protection, threat detection, and rapid incident response are not just nice-to-haves, they are must-haves.

Fortunately, technology providers like Microsoft have robust security products already in-market that can help companies handle these areas and remediate any incidents quickly. If your organization has Microsoft 365, you have a full set of data security tools at your fingertips.

In the Log4j example referenced above, we had already installed and configured Microsoft Defender for Endpoint, so we leveraged them to run vulnerability assessments for all employee devices, and we used Microsoft Endpoint Manager for remediation.

Defender for Endpoint identified vulnerable devices and software shortly after the Log4j vulnerability became public. Within a matter of weeks, the company’s remediation efforts had reduced the number of vulnerable devices from 200 to 50. In under 8 weeks, there were 0 devices that had security vulnerabilities.

We accomplished a lot using Endpoint Manager. Endpoint Manager allows IT/security teams to easily manage settings and deploy patches for devices across most platforms. This enabled the security team to rapidly whittle down the devices with vulnerabilities all the way to none. The device landscape that Endpoint Manager can be used on includes iOS and Android phones and tablets, Windows desktops and laptops, and Apple macOS machines.

Reign in Application Sprawl to Limit Attacks that Slip Through the Cracks

There’s great value in having one tool to rule them all, or at least as few tools as possible, when it comes to your company’s data security. The splintered market of cybersecurity tools and technologies can actually have the opposite effect of what’s intended.

Fragmented best of breed approaches can make companies less secure, while also costing them significantly more in ongoing licensing costs.

A recent study cited by CIO Dive found that security departments use, on average, 78 apps. At the same time, 75% of IT leaders said that security was their top concern regarding app sprawl. If you’re using anywhere close to 78 security apps, it’s not hard to envision a scenario where a cyberattack could slip through your defenses undetected because, well, doesn’t one of the other security apps have that angle covered?

How Can We Help Secure Your Data?

If you take an integrated approach to data security, limiting the tools you use to the most discrete set possible, you’ll be well on your way to ensuring your customer data remains out of sight of prying eyes.

Taking this approach had the following benefits for our client:

    • Provided a clearer picture of the overall health of their systems and data security efforts
    • Eliminated vulnerabilities that could have had major negative financial and reputational impact
    • Helped simplify and streamline their data security suite of tools, while also training them on underutilized capabilities of MS 365
    • Allowed them to reduce ongoing costs by removing dependencies on extraneous third-party apps

If you feel like your data security efforts could use a boost in one or all of these areas, please don’t hesitate to schedule a free consultation with our team.

Modernizing Your Mobile Tech Stack

Mobile development platforms and languages evolve so quickly these days that they seem to age in dog years. Today’s technology choice du jour may very well be tomorrow’s albatross around your development team’s neck.

Keeping your mobile development tech stack up to date in this environment is a challenge for even the most Agile organizations and tech-savvy leaders. It was no surprise, then, when a customer in the FinTech industry recently came to DMG looking for a recommendation on how to move their mobile efforts beyond the Xamarin platform. 

The Impetus for Platform Change

The company’s leaders knew they needed to modernize their mobile tech stack to provide their customers with the best possible mobile experience. Mobile has clearly been a key consideration for companies large and small for years, but the pandemic has only served to heighten consumer expectations around what they can and can’t do on their mobile devices.

Increasingly, the answer is that consumers want to do it all via mobile. Perhaps most important of all for this customer, consumers don’t mind using mobile apps to track their overall financial health and plan their biggest purchases, like new homes and new cars.

Consumers’ growing comfort with mobile to manage financial wellness was a trend our customer recognized and wanted to have the ability to capitalize on, but they knew they needed to present the best possible mobile experience to users to compete with the Mints and consumer banking apps of the world. It was becoming more and more apparent to them that a mobile experience commensurate with the high consumer expectations for mobile apps simply wouldn’t be possible with Xamarin.  

Why Xamarin, Specifically, Needed to Be Replaced

Xamarin is a .NET application development platform that allows you to write cross-platform apps that can run on any device. Unfortunately for organizations that use it, Microsoft deprecated support for a key component of Xamarin, Xamarin.Forms, in November 2021.

Combined with Xamarin’s inherent limitations on access to device-specific capabilities like GPS, the deprecation was consequential enough that it made the customer’s tough decision — to move away from Xamarin as their app development platform and on to something else — an easy one.  

What would the right technology choice be? That’s where we came in to help. 

Evaluating Options, and Landing on MAUI (Blazor)

DMG worked with the customer to develop a robust analysis on potential Xamarin replacements that was based on the following criteria: 

  • Business needs and other technologies used in their tech stack 
  • Features they wanted to include in their mobile apps that were unable to with Xamarin
  • Technology licensing costs
  • Ramp time for existing team to learn a new app development platform

Ultimately, we ended up selecting MAUI Blazor and helping them make a quick, seamless transition to what is essentially Microsoft’s replacement for Xamarin.

The biggest benefit for our customer is that their dev team can still write one set of code and have it run anywhere, but they can now also tap into mobile device-specific functionality. What’s more, their mobile tech stack has them well prepared for the future based on where Microsoft will be spending their R&D dollars in the mobile development space. Last but not least, our customer is delivering an improved mobile experience to their customers that puts them on par with the competition and makes their existing customers more likely to remain so.