Should businesses be worried about Huawei tech on their networks or is this really just hysteria and a political agenda that is sending shockwaves across the IT landscape? Let's discuss.
Full disclosure: I’m based in Hong Kong/China but have no affiliation with Huawei, other than as a consumer (my broadband router and hub). My observations are based on technical, security and process knowledge gathered over the years.
At the time of writing, there is no tangible evidence of security issues for Huawei products, with security firms and researchers around the world failing to detect backdoors or other exploits that would harvest information or deliberately breach network security.
Regardless of the media hype (and what I personally regard as ‘fake news’), Huawei is the second largest smartphone manufacturer in the world. But even this is a small piece of their business, as their product list demonstrates. They operate on all levels of the telecom infrastructure, with international customers including carriers and national network contracts in several countries. Coincidentally, they also hold more 5G patents than any of their rivals, thanks to heavy investment in research and development.
Okay, so Huawei’s expertise is a given. When you consider the current trade war between the U.S. and China, isn’t the timing of the ban a little suspicious? I think so, especially when you consider that the US president has stated that there was room for negotiation on Huawei in future trade talks. If there really was a threat to national security, would that even be an option?
The best approach is to ignore the political agendas involved and base your product selection on your requirements rather than the posturing of someone used to threatening legal action in his private life.
There’s no such thing as 100% security, whether it’s software or hardware. This is the reason why manufacturers release regular security updates, patches and upgrades. Market pressures often dictate the time of product release and it’s technically impossible to check everything before release, especially when you consider the variety of operating systems and equipment used by different users. Can a new release of Windows be tested with every motherboard, graphic card, piece of installed software, or peripherals and connected hardware in advance? It’s impossible and the reason for ongoing updates.
As exploits and vulnerabilities are identified, patches are released to plug them. These are identified by users, security researchers and an internal team. Huawei is no different, with their own bug bounty program, partnering with a security team that has identified no less than 12% of all Android vulnerabilities in the previous two years. Claims that Huawei’s own OS, based on open-source Android, will be less secure are nonsensical. In any case, it will introduce a new player to compete with Google and Apple, always a good thing.
Huawei pricing is a hell of a lot more competitive than its rivals but without sacrificing on build or component quality. This a valid consideration when selecting business or personal smartphones.
Being subsidized by their government is hardly a new thing, is it? Use your preferred search engine and seek out “your country“ and “government subsidies, tax breaks, contractors” and many familiar companies appear in the results.
Secure Your Infrastructure and Data
The purchase of Huawei products (or indeed any other Chinese manufacturer) has little bearing on your organization’s overall security posture. Security encompasses everything and steps are necessary to protect your data and network at all points. End-to-end encryption is used to protect your data storage and file transfers and security hardware such as firewalls and network monitoring tools will help prevent a data breach or detect suspicious internal activity from an internal device on the network.
In addition, of course, if you’re concerned about mobile devices, invest in a permission-based mobile management solution. OR, if you’ve decided on allowing personal devices, assign access according to job role or responsibility. Then again, your company could have a preferred mobile device list, and prohibit certain versions of Android/iOS or manufacturers. The choice is yours. The takeaway is that a smartphone cannot compromise your network security, unless security processes are substandard. In fact, there is more danger from within, when users fall victim to ransomware, phishing attacks etc., despite hours of security awareness training.
In conclusion, if you’re considering Huawei products, don’t let the current blacklist hype deter you. Even if the worst happens and all bans are in full force, their version of Android may lack Google services but there is another player that could fill the gap. Yep, Baidu. If you’re a Google devotee, then wait and see how it all pans out before purchasing a new smartphone.
In the meantime, spare a thought for the shareholders in component manufacturers that are compelled to refuse to do business with one of the largest telecom companies in the world. I’d love to be a fly on the wall at those AGMs. I’d suggest a point of contention: even companies that collaborated with the Nazis were not penalized to this level and without evidence of wrongdoing.