How the Middle East Influenced the U.S. in Mobile Security

Thomas Glare

Whether we like it or not, smartphones play a major role in our lives. This is true from both a personal and professional perspective. Professionals use mobile devices, such as smartphones or tablets, across the globe. From fintech companies such as Trustly to state institutions in the U.S., everyone relies on mobile devices to be more efficient. 

However, when assessing all the benefits mobile devices bring to the table, the professionals can not ignore the need for smarter mobile security rules. With more and more devices being used for official and often confidential data, as well as a huge craze in BYOD ( Bring Your Own Device) caused by the current global situation, security in personal devices is a very real concern. 

The Middle East Leading the Pack

Surprisingly enough, Saudi Arabia was the first country to implement a unified framework that deals with mobile security aspects. The SAMA – Saudi Arabian Monetary Authority – implemented the Cyber Security Framework to control this environment better. Just a few months later, the UAE also launched the National Electronic Security Authority. The agency recognizes the need for clear regulations and personal/company data protection. 

It shouldn’t be surprising that Middle Eastern countries decided to move for a unified framework to improve mobile security and overall electronic safety. Several considerable companies in these countries suffered many waves of cybersecurity breaches. The case of Aramco, significant for suffering a week shut down due to the Shamoo wiper virus, was the impetus to fast-track the Cyber Security Framework. 

Seeing what just happened in the neighboring country, the UAE decided to prevent such a huge disaster. This unfolded simultaneously as the European Union began work on GDPR. All these forces lead to a new chapter in business data – the age of thorough data encryption!

The U.S. Reaction

The U.S. took some time to react to the changes towards mobile security that were taking place around the globe. In the early 2010s, most users didn’t think too much about security threats when they set up devices. However, earlier in 2020, the US finally presented a new set of rules that governed smart devices and the security of the entire IT sector. 

Of course, this doesn’t mean that big companies like Google, Apple, or Facebook didn’t already have excellent security protocols in place. However, this was largely within the private field. The average citizen rarely enjoyed the same privileges. 

The Cybersecurity Maturity Model Certification – or CMMC – implemented data containerization in a similar manner to what Saudi Arabia and the UAE did a few years before. A considerable change from past US federal data-handling guidelines left most of the data safety compliance procedures as optional. 

It was exceptional timing as the COVID 19 outbreak put a lot of stress on IT systems. Lots of employees have using their own devices to access company data. The new approach towards mobile device data containerization already proves to be safer and will boost security. The regulations that the US passed, linked with what’s happening in the EU and the Middle East, help apply the best practices for mobile device management. More specifically, the regulations will dictate the way we handle company data on a personal gadget. 

The regulators are making efforts to get convincing data from companies regarding their mobile security procedures. A few years back, they considered data protection taken care of as long as mobile phones had a password on. However, things are dramatically different now. Companies need to prove that they encrypt data at all times. This applies when the data is on a mobile device, and when users send data from device one to another. Proof of actual data protection and separation of personal credentials from data is required.

The Best of Both Worlds

The advances in smartphone technology make it a lot easier for employees to switch from personal to business endeavors. But not every company is happy knowing sensitive data can be stored on a personal device. However, the current trends show that there’s no other viable workaround other than isolating the personal from the corporate and securing both sets of data at the same level. 

In days when it’s already commonplace for companies to contractually reserve the right to remotely wipe a personal phone clean due to suspicion of data loss, finding the middle ground is essential. Data containerization is the path towards making BYOD a non-issue for companies. The widespread use of this practice should enable all players to enjoy the mobile security they aim for. 

The first steps for deep mobile security are in motion. The day when you will be able to enjoy mobile slots for Android on the same phone that you use to close deals is close. Hopefully, companies and key players in the industry will finally embrace data containerization.