x Abu Dhabi, UAEFriday 21 July 2017

Wanted: IT security policies for smartphones used at work

The Life: While staying in the loop at work via smartphones is a plus for company employees, guarding confidential data is essential.

Increasing use of smartphones and other devices in the office can be a problem for IT managers as they struggle to adapt. Jeff Topping / The National
Increasing use of smartphones and other devices in the office can be a problem for IT managers as they struggle to adapt. Jeff Topping / The National

In a country as fond of smartphones and tablets as the UAE, it is not surprising many want to continue using their shiny gadgets at work.

But almost half of UAE workers are barred from using their own devices in the office, according to a joint study by BT and Cisco.

And 50 per cent of UAE companies, perhaps motivated by security fears, do not offer office Wi-Fi, in spite of the productivity gains that could be had.

With smartphone usage growing at an exponential rate - a total of 1.7 billion smartphone handsets were shipped globally during 2012 alone - IT managers are under pressure to keep up.

"Smartphone devices are putting pressure on every single enterprise around the world - how can they integrate and protect or manage these devices?" says Wael El Kabbany, a vice president of BT in the Middle East and Africa.

"If these companies can manage to integrate these devices one way or another they'll definitely tap into an area that will save them money and increase the amount of productivity."

Interestingly, the study found government and banks were the most stringent when it comes to employees using their own devices for work purposes.

The report also found nine out of 10 respondents were dissatisfied with the services offered by their employers, saying their organisations needed to take further steps to boost productivity gains from smart devices.

The fast pace of replacement cycles also deters IT managers from spending heavily on networks that may be eclipsed by technology upgrades, says Osama Rasoul, a sales manager for network architectures at Cisco.

Not wanting to spend money on a network that in two years will not work is a common complaint, Mr Rasoul adds.

But the fears of IT managers may be well informed, as the study showed only 16 per cent of UAE workers acknowledged the security risks of using personal devices, compared with a worldwide average of 26 per cent.

IT managers were also significantly more concerned about theft of company-provided devices than the global average, which BT attributes to the transient nature of the UAE workforce.

The requirements of IT security - such as blocking transfers of business-sensitive company information and confidential client data or preventing insider trading - are largely misunderstood, separate research has found.

Half the respondents to a study last year from International Data Corp said employees underestimating the importance of security policies would be the biggest challenge this year.

Often it is a straightforward task to educate employees and mid-level management, says David Michaux, a director of technology security services at Whispering Bell, which runs security audits of firms across the Arabian Peninsula.

Chief executives, however, are a different story - especially when the latest must-have piece of technology is released.

"If the iPhone 6 launches tomorrow, you can be sure that next week it's going to be here in the UAE in the hands of some of the top management," he says. "At that point, none of the security providers are going to have a solution in place. The onus is on the IT manager and IT teams to find a way to secure and integrate this device into their environment."

Allowing Android or iOS devices access to company networks can mean weakening security standards and even the more rigorous BlackBerry Enterprise servers still require installing new software and a potential dilution of firms' access policies.

Employees' use of jailbroken devices - where a user has disabled the security, copyright, SIM-blocking and other features - can also affect a company's security features as well as copyright protections.

And more prosaically, devices that are lost in the back of taxis or at hotels can be major security risks if they fall into the wrong hands and are not secured with a password.

"For the person who finds this, if there's no pin code, great - if there is, chances are it's 1234 or 0000," Mr Michaux adds.

 

ghunter@thenational.ae