Bahrain
Kuwait
Oman
Qatar
Saudi Arabia
UAE
Print
Email
Discuss this article (0 Comments)Catch me if you can
by This email address is being protected from spam bots, you need Javascript enabled to view it on Sunday, 16 August 2009
zoomLAKSHMANAN: With most of the organisations, the auditors are embedded in IT itself – I don’t say it’s a good idea.
With redundancies, the Middle East faces the possibility of a rise in employee theft of data - but not many companies in the region give it enough credence - or even believe that it occurs.
When it comes to IT security, the vast majority of enterprises seem to treat their organisations as if they were independent countries. The workforce is the electorate (and have about as much say in running it), the various division heads act as governors and the CEO is El Presidente.
This makes the CIO a mixture of both the vice president and the head of intelligence - he or she is the individual charged with both ensuring that the daily affairs of the organisation proceed as planned while keeping an eye out for unwanted threats. Unfortunately, far too many CIOs visualise IT security in the same manner as a border agency - it ends up being about watching the horizon for invaders.
In reality, a significant part of the threat landscape of today comes from within the organisation itself - and to no one's surprise, it's not technology that CIOs have to be worried about. While systems can be patched and hardened and require authentication, the biggest threat to protecting data comes from the users themselves, whose motivations range from revenge to plain old financial gain. For IT managers, it's a monstrous headache to protect data against the very people who are supposed to wield it.
Of course, many in the region do not believe this threat exists. And therein lies the rub - unlike Western Europe and the US where companies are required to disclose data leakage incidents by law, in the Middle East there's no such equivalent. As a result, companies are lulled into a false sense of security.
Richard Gayle, managing director at IT security specialists London Global Associates (LGA), confirms that they are commonplace: "There are various reasons why we don't hear much of them. One is that the organisation suffering these breaches per se don't really want to talk about them because it obviously ruins reputational risk, brand risk and so forth."
"The second reason why the information is not in the public domain is because governance, probity and visibility of this type of information is not in the public domain per se. Now that governance and transparency are hot issues, these issues will become available to the commercial and public environments," he continues.
In fact, many firms actually only look into data security once an incident happens. Ganesan Lakshmanan, principal consultant at software vendor CA, says the problem that too much security here in the Middle East is predicated on trust.
"We can see that it's happening. It may not be reported to the outside world. A few days ago, I was approached by one of the banks who know that the information is being lost. They wanted to have a solution in place. So these incidents may not be revealed to the outside world but it is happening," he agrees.
What motivates these employees to leak data? According to Usman Zafar, managing director of Taqnyah Business Solutions, it's most likely another byproduct of the global financial crisis.
"Especially during the recession, many employees have been laid off. It's very difficult for them to get a place in the market. It's like hit-and-try for some of the employees, especially in the IT security sections. One of the most dangerous traps is when they go out of the company - they take the intellectual property rights. We hear with a couple of the organisations that when the guy leaves the company, they take the data," he warns.
Another problem, says Ahmed Baig, head of business management and advisory services at eHosting DataFort (EHDF), is that IT policies rarely make it clear that the data they use in day-to-day work does not actually belong to them.
"Even though the data is gathered during their job, the ownership is 100% with the companies. That's not very clear to employees around the world, not just here. It becomes imperative to ensure that organisations create awareness and inform employees about the ownership of this information, information handling policies, and so on," he explains.
Unfortunately for IT security managers, virtually every device an employee comes into contact with during the course of the workday is a potential vector for data leakage, either intentionally or otherwise. From flash memory to unrestricted webmail access, there are countless venues for data leakage. The problem is complicated, by the recent proliferation in PDAs and laptops, reflecting an increasingly mobile workforce. While it's easy to imagine that they can be used to carry data out or be mislaid, there's another angle, says EDHF's Baig, which companies neglect.
READERS' COMMENTS
Disclaimer: The views expressed here by our readers are not necessarily shared by ArabianBusiness.com or its employees.
MORE FROM ARABIANBUSINESS.COM
TOP IN MIDDLE EAST TECHNOLOGY
TOP MIDDLE EAST BUSINESS STORIES
ALSO IN MIDDLE EAST TECHNOLOGY
From 
SHARE PRICE CHECK
RELATED STORIES
eHosting DataFort
| 11 stories- Turning green
22 Jun '09 | Features - eHDF chief talks up benefits of multi-tenant data centres
4 Jun '09 | News
InterFRONTIERS
| 3 stories- Middle East distribution for Nintendo game series
28 Aug '08 | News - Product News
31 Oct '06 | News
Mobile
