moderator mache Creeger
George Neville-Neil is a past member of the Paranoids group at Yahoo!;
and principal of Neville-Neil Consulting.
Carol Realini is past CEO of Chordi-ant; founder and CEO of Obopay.
Steve Bourne is CTO, El Dorado
Ventures; past president of ACM, chair
of ACM Queue Editorial Board, and
chair of ACM Practitioner Board.
Mache Creeger (Moderator) is Principal, Emergent Technology Associates.
CReeGeR: Andrew, when you were responsible for the use of mobile devices
at a major financial institution years
ago, what were the biggest concerns?
toY: We focused on the BlackBerry.
The two major problems we had were
our inability to customize services
and maintaining control of service
reliability. The BlackBerry presented
itself as a closed system; the NOC
(Network Operations Center), the ser-
vices, and the server software were all
controlled by RIM (Research in Mo-
tion). There were very few APIs to work
with and because of its proprietary
nature, we had a limited understand-
ing of its underlying architecture. As
a result, when something broke it was
hard to fix. Theoretically it was secure
and RIM could talk about why that
was true, but the same reasons that
made it hard to penetrate made it dif-
ficult and expensive to maintain as a
mission-critical platform. We always
worried about losing email, with our
only recourse being to call RIM and
demand it be fixed.
the lines of “you have to protect your
We focused on such things as
avoiding client data loss that triggered
financial industry-specific mandated
actions. Data loss required notifying
each client of the breach and potential
access by anyone, including a compet-
itor. The loss of a mobile device meant
the regulatory notification require-
ment would be triggered if data secu-
rity was not provable to some level of
technical certainty. Being able to make
that guarantee drove us to ensure that
proper screen locks and encryption
were placed on mobile devices.
It is important to create a culture
that does not view the security guy
as the enemy. Security should enable things otherwise not possible.
If a company wants to enable financial transfers, then you need security,
because without it the business will
collapse under fraud and real-world
attacks. Security is not a goal but a
means to deliver business value and
manage risk in sustainable ways.
ReaLini: My company is about delivering consumer-facing functionality
over mobile devices, and we have payment and banking services at the back
end. We deliver that functionality in
the U.S., as well as India and Africa.
Those environments are diverse—a
lot of dumb phones, a lot of smart-
PhotograPhs by toM uPton