The rise in IT spending is fueling the increased adoption of the bring-your-own-device (BYOD) culture in the region, and given its inherent advantages for employees and employers, BYOD adoption is bound to grow further in the coming years.
However, BYOD adoption is accompanied by IT security risks arising out of lack of awareness about device security among employees. The situation is compounded by insufficient network resources and the lack of formal BYOD policies at organizations to manage security risks emanating from use of personal devices on official servers and networks.
CIOs in the region need to respond by preparing IT networks and formulating a BYOD policies, which are designed to manage this increased demand for BYOD and mobile diversity in the region.
Falcon Invoice Discounting: The best investment platform in india for investors
Byod in the middle east
1. 1 www.arabbusinessreview.com
BYOD in the Middle East
The rise in IT spending is fueling the increased adoption of the bring-your-own-device
(BYOD) culture in the region, and given its inherent advantages for employees and
employers, BYOD adoption is bound to grow further in the coming years.
However, BYOD adoption is accompanied by IT security risks arising out of lack of
awareness about device security among employees. The situation is compounded by
insufficient network resources and the lack of formal BYOD policies at organizations to
manage security risks emanating from use of personal devices on official servers and
networks.
CIOs in the region need to respond by preparing IT networks and formulating a BYOD
policies, which are designed to manage this increased demand for BYOD and mobile
diversity in the region.
An Employee Engagement Tool or an IT Threat?
Middle East is among the fastest growing IT markets in the world, with IT spending in the
region expected to exceed $32 billion in 2014. As per the latest IT forecast by IDC,
spending on IT products and services in the Middle East will increase 7.3% year on year and
2. 2 www.arabbusinessreview.com
will cross $32 billion in 2014. Nearly 75% of this expenditure is expected to come from
individual customers, the public sector, and the communications and financial services
verticals. The key growth driver will be public sector investments in improving government
services, education, and healthcare services in the GCC region.
The rise in IT spending is fueling the increased adoption of the bring-your-own-device
(BYOD) culture in the region, as the increased proliferation of smartphones and tablet PCs,
as well as increased mobility of workforces is forcing a shift in the way that companies
operate on a day-to-day basis. A survey by Aruba Networks found out that employers in
the Middle East were more likely to say Yes to BYOD, as compared to companies in other
parts of the world. The study found that 70% of EMEA enterprises allowed some form
access from personal devices, a figure backed by Cisco’s 2013 Middle East ICT Security
which found that almost two-thirds of employees in the region are allowed to use their
own devices to access the company server or network.
Percentage of Companies saying Yes to BYOD across Regions
Source: Aruba Networks
Given its inherent advantages for employees and employers, BYOD adoption is bound to
grow further in the coming years. BYOD allows workers to operate on devices that they
are comfortable working on, and in some cases from a location of their choice (e.g. home),
thus extending flexibility in working environment. Therefore, the BYOD culture benefits
3. 3 www.arabbusinessreview.com
employees and bossts their motivation and engagement levels. But its benefits are not
limited to employees are alone. Employers too stand to benefit considerably. As per Cisco
Consulting Services estimates, the annual cost benefits of BYOD range from $300 to $1,300
per employee, depending on the employee’s job role. In addition, happier and motivated
employees have higher productivity, and are more likely to focus on innovation rather than
just dealing with daily chores at workplace, thus contributing to the overall growth of the
organization.
However, BYOD adoption is accompanied by IT security risks arising out of lack of
awareness about device security among employees. The use of mobile devices like
smartphones and tablets is expected to grow over the next few years, as the region is
expected to have 850 million mobile users by 2017. And most of these devices will also be
used by employees at workplace as BYOD adoption increases – this is corroborated by the
Middle East ICT Security Study that found that nearly 64% employees are allowed to use
their own devices to access the company server or network. However, 65% of employees
their own devices in the workplace currently do not understand the security implications of
using personal devices in the workplace, thereby exposing the company server or network
to high degree of IT security risk.
The situation is compounded by insufficient network resources and the lack of formal
BYOD policies at organizations to manage security risks emanating from use of personal
devices on official servers and networks. As of 2013, only 55% companies in the Middle
East have a plan or a formal policy to manage the use of personal devices for work related
purposes. As a result, cyber-criminals are increasingly attacking internet infrastructure
rather than individual computers or devices, with password and credential theft,
infiltrations, and breaching and stealing data. Therefore, it is not surprising that businesses
in the Middle East are facing a growing risk of cyber-attacks as per the 2014 IT Security
Study in the Middle East.
4. 4 www.arabbusinessreview.com
As per the Aruba Networks survey, the IT security challenge is accompanied by insufficient
network resources to support the influx of multimedia-rich devices, as 35% organizations
claimed that they did not have enough wireless coverage and capacity for supporting BYOD.
Overall, the key challenges and concerns highlighted by businesses considering or
implementing BYOD in the region are:
Securely connecting devices (especially mobile) to corporate networks
Avoiding an increase in IT resources and expenses
Ensuring wireless coverage and capacity
Ensuring device security
Establishing corporate policies and acceptable uses
Enforcing access rights to resources based on user, device, and app
CIOs in the region need to respond by preparing IT networks and formulating a BYOD
policies, which are designed to manage this increased demand for BYOD and mobile
diversity in the region. As a first step, CIOs need to develop IT infrastructure that is
capable of supporting a broad array of devices without overburdening their IT staff. With
mobile devices leading the BYOD adoption, this would mean increased investment in
wireless infrastructure in the coming years. The requisite IT infrastructure development
needs to be complemented by developing and implementing organization-wide BYOD
strategy and policy. To develop an effective policy, organizations need to define and
understand factors such as which devices and operating systems to support, security
requirements based on employee role and designation, the level of risk they are willing to
tolerate, and employee privacy concerns.
The key characteristics of a good BYOD policy are:
Balances security requirement vs. employee experience and privacy. It is important to
develop policies that have minimal impact on employee’s experience, while maintaining
the required security levels. Equally important is defining and communicating the level of
vigilance/monitoring that IT department plans to implement to monitor device usage.
5. 5 www.arabbusinessreview.com
Given that BYOD is an employee-driven phenomenon, a policy that is too restrictive or
invades user privacy might prove counter-intuitive to the whole concept (and related
benefits) of BYOD. So mapping the security requirement based on employee role is critical.
Supports multiple devices and operating systems: It is important for CIOs to factor-in all
types of platforms and operating systems used by employees. While iOS is a natural choice
due to the high level of in-built security, Windows (phone, PC, tablets) and Android (phone,
tablets) have also gained immense popularity and can no longer be overlooked.
Is flexible (semi-BYOD): for organizations that have high degree of data security risk (e.g.
financial services firms), CIOs can opt for semi-BYOD policies which allow their employees
to use their own devices so long as they comply to a list of company-approved devices, so
that IT departments don’t have sleepless nights over what devices their networks might
have to accommodate.
Most importantly, a good BYOD strategy is focused educating employees about BYOD
policies and ensuring compliance to alleviate related risks. It is important for
organizations to not just develop such policies, but also provide guidance on ‘Do’s and
Don’ts’ and best practices on using personal devices for official purpose. Conducting
company-wide roadshows and training/counselling sessions, followed-up by online tests
around the company’s BYOD policies is another way to driving home the message of the
company’s seriousness about such initiatives and IT security at the same time.
We believe designing and implementing BYOD policies is important not just for organizations
that either adopted or are considering BYOD, but for others as well since BYOD adoption is a
question of ‘when’ and not ‘if’ for businesses in the region.
The article was originally published at: Arab Business Review
To read more thought-leadership stuff by leaders from Arab Region, please visit Arab Business Review