Wanting to enable its employees to use their own mobile devices for work, Attijariwafa bank Egypt S.A.E. needed to protect customer data and the bank’s confidential data from mobile security threats.
The bank deployed a cloud-based, cognitive UEM platform that enables it to centrally monitor and manage email access on all of its mobile devices from a web-based portal.
Gains efficiency and worker flexibilityby enabling employees to access email from personal mobile devices
Helps secure mobile devices, users and datawith a cognitive approach to mobile device management
Facilitates registration, provisioning and updatesthrough a centralized web-based portal
Business challenge story
Mobile security versus worker productivity
Mobile technology has forever changed the way people work. In addition to giving employees convenient access to corporate and customer data, mobile devices make it possible to work virtually anywhere, anytime, helping boost productivity. This workforce flexibility, however, can come at a price. As the number of mobile device deployments increase, so do the security risks.
According to Understanding the Mobile Threat Landscape, a 2019 report issued by IBM and Wandera, mobile is the new focal point for cybercriminals when infiltrating organizations and stealing data.
For financial institutions, the news gets worse. Data analysis by IBM X-Force® reveals that the finance and insurance sector suffered 17% of the total cyberattacks and incidents in 2019, and has been the most frequently targeted industry for four consecutive years. Moving forward, as more banks adopt bring-your-own-device (BYOD) to work models, their exposure to breaches and attacks only grows. Employees who use their personal smartphones for work can unwittingly expose sensitive data or install mobile banking trojans and other malicious software.
One bank facing the challenge of ensuring the security of its infrastructure and business data while keeping mobile workers productive was Attijariwafa bank Egypt. Formed in 2017 after the Attijariwafa bank group acquired Barclays Bank Egypt, Attijariwafa bank Egypt operates 64 branches in the country and employs 1,445 people. As part of its digital transformation initiatives, the bank sought to give employees the ability to use their own devices to do their work, instead of relying solely on branch-based desktop machines.
“We wanted our employees to be able to access their emails from their smartphones so they could work more efficiently,” says Mohamed ElNahas, Head of Information Security at Attijariwafa bank. “But we also needed to protect the bank’s data and any confidential data related to customers.”
Although the bank had security policies and systems in place, it lacked a modern and centralized way to view, manage and secure its workforce mobile devices. Managing and deploying mobile security policies was also difficult, as was provisioning advanced security applications requested by the local security team.
How could the bank promote worker mobility without sacrificing data security and better monitor and secure employees’ mobile devices?
Intelligent, cloud-based device management
After comparing competitive solutions, Attijariwafa bank deployed MaaS360 with Watson technology, an AI-powered UEM platform delivered using a software as a service (SaaS) model on IBM Cloud™. The platform enables the bank to centrally monitor and manage all of its mobile devices, apps and content from a web-based portal, and safeguard content in the event of loss or theft.
“MaaS360 has a very good reputation for security,” says Mohamed. “Plus it has different options available for our users and more stability for the system.”
The MaaS360 with Watson platform integrates with the bank’s Microsoft Exchange messaging and collaboration technology for messages retrieval, and the Microsoft Active Directory service for user authentication and pass-through credentials validation. The bank enrolled roughly 400 iOS and Android operating system-based mobile devices with the UEM software using two key features of MaaS360 technology:
- IBM Email Access Gateway (EAG) reverse proxy server technology, deployed in the perimeter network, or demilitarized zone (DMZ), to control and secure Microsoft Exchange ActiveSync webmail traffic flow to the bank’s corporate email environment
- IBM MaaS360 Cloud Extender® software to authenticate users in the Microsoft Active Directory environment
According to Mohamed, implementing the solution meant overcoming some hurdles. Not only was the timeframe aggressive, but also the IT team in Egypt charged with deploying the solution was engaged in another important initiative. IBM worked closely with the bank to understand project and delivery requirements.
“The Egypt team was busy building a new local Exchange system at the time,” recalls Mohamed. “But we had to migrate from the old system owned by Barclay’s Bank and go live with our local Exchange and mobile email retrieval systems before Barclay’s disabled its resources.”
He continues: “So according to a plan developed with IBM — which included design, deployment of MaaS360 components, user acceptance testing, go-live and fine tuning — we had the MaaS360 system up and running in three weeks. With help from IBM professionals, we successfully launched the Exchange system and met the go-live target date.”
To better manage the system, the bank established various levels of administrative roles with specific responsibilities. For instance, system administrators install patches and release updates, apply new policies and act on critical issues raised through the system events logs. A service desk sets the rules for deploying new devices, erases old devices and resolves user requests. And a security team monitors and reviews the system’s audit logs and ensures security policies are applied.
Worker flexibility and data security
Today, Attijariwafa bank Egypt enjoys the best of two worlds: workforce mobility and enhanced data security.
Bank employees can access their corporate email from their personal mobile devices, while IT manages those devices through the MaaS360 with Watson software portal. The portal also makes it easy to register end users, provision and update apps, enforce policies and perform other functions.
“We’ve gained efficiency and worker flexibility,” says Mohamed. “The staff can access their emails and respond in a timely manner while they’re away from the office. Compared to other systems, MaaS360 is one of the best and most secure.”
IBM Cloud also enables the bank to rapidly scale to accommodate its growing mobile deployments, regardless of the number of users and devices. “The system’s performance is better than the old system and it’s more stable,” adds Mohamed.
The SaaS-based solution helps reduce costs and time associated with implementing and operating the technology, and minimizes infrastructure management tasks. With the implementation of MaaS360 with Watson technology, Attijariwafa bank Egypt becomes one of IBM’s largest SaaS clients in Egypt.
Attijariwafa bank Egypt S.A.E.
Headquartered in Morocco, Attijariwafa bank is a leading commercial bank and financial services group, with 4,930 branches in 25 countries. In addition to its banking activities, the group provides a wide range of financial services through several subsidiaries. These services include group insurance, mortgage, consumer credit, fast transfers, leasing, stock brokerage, asset management, and mergers and acquisitions, among others. As of December 2018, Attijariwafa bank employs more than 20,125 people and serves approximately 9.7 million clients.
Take the Next Step
To learn more about the IBM solutions featured in this story, please contact your IBM representative or IBM Business Partner.