Gulf companies not controlling BYOD

Business use of personal mobile devices is common in the Gulf, but most companies are not properly managing access to corporate networks and data, says Hani Nofal, head of GBM’s Intelligent Network Solutions division.

Tags: Bring Your Own Device (BYOD)Gulf Business Machines
  • E-Mail
Gulf companies not controlling BYOD Nofal: Organisations are not focusing on BYOD policies and data, but connectivity.
By  Mark Sutton Published  June 9, 2013

While there is high penetration of mobile devices in the Gulf region, too many organisations are not controlling what employees are doing with their mobile devices, and are focusing just on connectivity and wireless, according to Hani Nofal, executive director, Gulf & Pakistan, Intelligent Network Solutions, GBM.

Nofal said that a recent survey conducted by GBM, of 900 small and large organisations in the Gulf region, showed that many companies lacked basic security components, and had no clear strategy to manage mobile devices and the bring your own device trend. The survey showed 70% of respondents had three or more mobile or connected devices.

“What is more interesting is that 62% of those organisations said that they allow their employees to connect to enterprise networks with those devices,” he said.

“Our view on this is that the technology is there, to allow you to connect your personal device, that is not really the issue. The concern really is the security aspect of this activity. Very few of the 62% have really invested in secure infrastructure, and the basic elements that would allow them to understand who is connected to what resource, who is allowed to access what application, how you can track it, set up basic access lists and so on.”

The BYOD trend has taken hold in regional organisations, but Intelligent Network Solutions (INS), the networking arm of GBM, is seeing a worrying lack of awareness of policies and no focus on data, leaving corporate data and networks exposed.

Nofal said that to some extent, vendors are to blame for confusing the end users by promoting a variety of different approaches to mobile device management.

“In any new initiative, everyone has their own approach. If you talk to some vendors, they will tell you it is about how you implement your wireless network, so people think it is all about having a wireless network and enabling a couple of features in it. It is not the connectivity, it is the end-to-end process, from defining the policies, defining responsibilities, access controls, that will allow you to implement and monitor such a technology,” he commented.

In conversations with customers, INS has been highlighting the need to drive awareness of the need for policies as the starting point for a BYOD strategy.

“There is still a lot of education required in our region for organisations to be able to define the basic elements that they need to implement, before they can claim that they have BYOD capabilities,” he added.

INS is aiming to bring a holistic approach to its customers, to help them better understand the situation. The company has consolidated its network offerings, including solutions and services, into a single proposition, called the GBM Security Framework.

“Over the last 23 years, with our experience and customer base, we have built a lot of experience around security, across the multiple lines of business that we have,” Nofal explained. “What we have decided is to try and break the silos, and bring all of these lines of business together, to form a unique end-to-end security story.”

The GBM Security Framework includes all levels of security that a company needs to consider, including consulting for governance, risk and compliance requirements; security and compliance analytics and reporting capabilities, so that companies are able to actually track and monitor the security landscape; and the underlying operational security domains, to deliver solutions to address people, data, applications and infrastructure. The framework pulls together solutions from across GBM’s vendor portfolio and its services and consulting capabilities.

The company sees growing awareness of security issues, driven in part by high profile attacks on regional entities, but this is mainly at government level so far, he said.

In part, investing in security can still be a difficult business case for an IT manager to build, because the return on investment is intangible. Regional organisations are also often failing to conduct regular security assessments. Nofal said that the security framework is intended to address these shortcomings, and to help end user organisations to adopt best practices as part of adopting BYOD.

“Our reference is always the framework, we try and start with the assessment and advice, to see what the customer has, any gaps they might have, and then take them through the process of building the BYOD capabilities. If you don’t spend time to understand where the gaps are in your infrastructure, then we aren’t ready to talk about BYOD,” he said.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code