CIO East Africa June Edition 2017 by CIO Africa

VOL 9 | ISSUE 6 | www.cio.co.ke

journeyman 32 The career that led Loic Amado to be Uber East Africa GM

women CIOs 34 12running Global Organisations

BUSINESS

TECHNOLOGY

LEADERSHIP

20 Bottom Line

June 2017

Steve Njenga CIO Barclays on the Bank's IT Journey

Kshs. 300 Ushs. 9,000 Tshs. 6,000 RWF. 2,200 Rest of the World US $ 9 An publication

IDENTITY IS THE NEW FIREWALL The rise in use of applications has created a new world of borderless business. In this new world, security architectures need to control access to applications based on context rather than configuration. The increased use of applications – SaaS, IaaS and in the data centre – means that borderless business is here. But while this has brought greater efficiency and agility, it’s also brought greater security challenges. Traditional firewalls can’t cope In the world of borderless business, security architectures based on a traditional firewall no longer cut it. This is because the perimeter being secured is no longer the data centre. The perimeter is now the plethora of applications used by the business. The introduction of containers has also increased the problem of volatility in network-based access control to applications because of their (often much) shorter life-spans. With lifetimes measured in minutes rather than days or weeks (or months), the strain placed on traditional IP-based firewalls is incredibly high. ID-based access the way forward Identity-based access control to applications, on the other hand, is concerned about matching users and apps, not IP addresses. This provides a more robust way to control access to applications based on context rather than configuration. That means rather than narrowing in on IP addresses, user requests for access can be evaluated based on client, location, device, time of day, network speed and application in addition to IP address (if you still want to look at it). An identity-based access control option also means providing parity across disparate environments. Using traditional IPbased firewalling to control access to applications means using one system in the data centre and another in the cloud. An identity-based access control service can be deployed across both environments. This allows for consistent policies that provide better compliance with corporate policies, as well as less operational overhead in terms of management and auditing. Advanced authentication boosts confidence The rise in security breaches caused by stolen or easily discovered credentials shows that it’s time to move beyond basic, password-based authentication and into a more intelligent way of allowing or denying access. PWC note that advanced authentication provides significant benefits in terms of both customer and corporate confidence. Context-based access control provides similar advanced authentication, using multiple “factors” to evaluate requests. Two-factor authentication can be implemented by such solutions. But organisations can also develop authentication measures that rely on automatically provided contextual clues for an even more seamless application experience. Authentication beyond borders Regardless of what your organisation’s determination on authentication and access control might be, it’s almost certainly true that it won’t rely solely (if at all) on IP-based firewalls. IP-based firewalls rely on the notion that a well-defined corporate border exists. In today’s cloudy, mobile, and almost ephemeral world of application infrastructure, that border no longer exists. Further details on F5’s Web Application Firewall Solution,

Kindly Contact Ameen Varvani ameen.varvani@westcon.com +254 20 420 1021 +254 736 165 900

Editor’s note E

Kenya

Uganda

Tanzania

Rwanda

EDITORIAL DIRECTOR Harry Hare TECHNICAL STAFF WRITERS Lillian Mutegi Baraka Jefwa Jeanette Oloo COLUMNISTS Ben Roberts Bobby Yawe James Muritu Peter Muya Sam Mwangi HEAD OF SALES & MARKETING Andrew Karanja BUSINESS DEVELOPMENT MANAGER Njambi Waruhiu ACCOUNT MANAGERS Amuyunzu Oscar Vanessa Obura SUBSCRIPTION & EVENTS Ellen Magembe Mellisa Dorsila PHOTOGRAPHY BY Arthur Kintu DESIGN Nebojsa Dolovacki Published By

Printed By:

Offset Printing Ltd. Contacts

eDevelopment House : 604 Limuru Road Old Muthaiga : P O Box 49475 00100 Nairobi : Kenya +254 725 855 249, Email: info@cio.co.ke ALL RIGHTS RESERVED The content of CIO East Africa is protected by copyright law, full details of which are available from the publisher. While great care has been taken in the receipt and handling of material, production and accuracy of content in this magazine, the publisher will not accept any responsility for any errors, loss or ommisions which may occur.

Harry Hare

CRY OH CRY, BUT PLEASE REMEMBER TO PATCH I AM EXCITED TO PEN THE EDITORIAL FOR THIS JUNE 2017 EDITION OF CIO EAST AFRICA, HAVING LAST BEEN ON THIS PAGE OVER TWO YEARS AGO.

e have grown in those two years refining and strengthening the different products and services that inform and educate you – our reader.

But the most significant change came last month when Laura Chite, a veteran in the IT communication and marketing space, took over from me as CEO, a position I had held since co-founding the publication, nine years ago. We are all excited to have Laura on board, and we believe she will move the business to the next level. This means a bigger and better CIO East Africa platform serving an awesome audience. Back to IT… Last year was the “Cry” month as WannaCry made a few thousand CIOs and IT leaders cry, losing control of some of their most critical IT infrastructure. More than 200,000 machines were affected globally with Europe being the most affected region. In Kenya, the Communication Authority says sixteen organisations were affected by the Ransomware. We know that companies in Tanzania, Uganda, and Rwanda were also affected, but there has been no official word on the numbers. I am sure you have read acres of newsprint on this already, but I cannot help but belabour the fact that all the affected organisations could have prevented the attack if they had done what every security expert tells you – patch your systems. Microsoft issued a patch for the vulnerability that WannaCry exploited three months ago. Systems to which that patch had been applied did not fall victim to the attack. Decisions had to be made, or not made, to keep that patch off systems that ended up compromised.

I have heard arguments that the affected were critical systems that couldn’t be shut down for patching. I’m sure some of them were indeed critical, but we’re talking about 200,000 plus affected systems. All of them were critical? That just doesn’t seem likely. But even if they were, how do you argue that avoiding planned downtime is better than opening yourself up to the very real risk of unplanned downtime of unknown duration? That’s my take; let me know what you think. Still, on the same subject of security, we have put together a two-day security deep dive for both technical and non-technical leaders on the 14th and 15th of June. This is a must-attend event for the entire C-suite. The two days are packed with keynote presentations, panels, and live hacking simulations for those who have no idea what it looks like to be hacked! So, I encourage you to register and attend the second Africa Security Summit at the Fairmont Norfolk Hotel. As always, this issue is packed with interesting reads, don’t miss John Walubengo’s guest editorial and read about how Barclays is transforming their business through technology. Did you know Steve Njenga, CIO of Barclays Kenya, is a serious biker? Now you do. On the cover he was just about to do his weekend ride. Enjoy!

TO CONTACT ME:

QUOTED VERBATIM

FROM OUR ONLINE LOCATIONS

Mr Steve Njenga, CIO of Barclays Kenya

We need to be in the cloud. We should have been ten years ago. Virtualization is key in order to take full advantage of the cloud.

Five most popular stories on www.cio.co.ke #AfrSS2017: A 'kill switch' is slowing the spread of WannaCry ransomware. #AfrSS2017: Microsoft delivers fixes for XP, Windows 8, and Windows Server 2003 as ransomware crisis puts the company in a tight PR spot. Vodafone transfers a 33% interest in Safaricom to Vodacom. Safaricom profit growth hits Ksh 48.4 billion.

Bright Gameli, Head of Information Security and Risk at Cellulant Group

To find the actual or potential vulnerability in a system, a hacker will look for publicly available codes, or what we call “exploits” and either use them out-of-the-box to exploit the system or modify it to work.

#AfrSS2017:A ransomware attack is spreading worldwide, using alleged NSA code to exploit.

Five top facebook.com/ cioeastafrica posts with highest reach Former Airtel Boss appointed CEO Liquid Telecom Kenya; Ben Roberts becomes Chairman of Board. #EACyberSecurity: CS Mucheru announces the introduction of mobile money interoperability in Kenya. #AfrSS2017: Kenya hit by WannaCry ransomware underlining the vulnerability of local firms Digital disruption is coming, but most businesses don't have a plan.

Robert Yawe, Columnist, CIO East Africa

Data in Kenya has yet to be liberated, not only by the public sector but also private sector custodians.

Bob Collymore gets two more years to head Safaricom.

Five top tweets with the highest reaction Lenana School: Old boys including @mucheru CS ICT commission the foundation stone of the swimming pool donated by Laibons #ICTinSchools. The Laibons of Lenana High School include @ mucheru, CS Ministry of ICT #ICTinSchools.

Mr Loic Amado, General Manager Uber East Africa

In East Africa, we are growing so fast. The app is making quite an impact on the environment in these markets. For example, in Kenya more than 6,000 economic opportunities have been created.

www.cio.co.ke | JUNE 2017 | CIO EAST AFRICA

Follow the link to go through the #CIO #EastAfrica Magazine April Edition 2017 issuu.com/cio-eastafrica… via @issuu. Currently on stage is Dr Bright Mawudor, Chair of @AfricaHackon giving a hacking simulation #EAcybersecurity @Amadeus_Africa. After building the Computer Labs, plans will be put underway to make Lenana the first Cybersecurity Incubator in the region #ICTinSchools. 5

GUEST EDITORIAL

BY JOHN WALUBENGO

BLUE WHALE AND WANNACRY EXPOSE THE INTERNET’S DARK SIDE LAST WEEK, TWO THINGS HAPPENED THAT EXPOSED THE DARK SIDE OF THE INTERNET IN A WAY WE HAVE NEVER EXPERIENCED BEFORE.

he first was “Blue Whale,” an online game that has allegedly claimed the life of one Kenyan and many others across the globe.

The second was a ransomware attack dubbed “WannaCry” that is still spreading globally across Windows-related servers and other computers that had not previously been updated or protected. Let’s start off with the Blue Whale online game. It’s an addictive game that offers teenagers a fifty-day series of challenges with the ultimate and final one being to commit suicide.

A better approach may have been to alert parents and teenagers of the existence of the game and provide advice on how to avoid or overcome the risky and suicidal suggestions within the game. Many of the teen suicide cases reported seem to highlight pre-existing challenges that teenagers face, ranging from absentee or busy parents, peer pressure, lack of role models, to confidence crises. The jury is still out on the game, but my take is that it may have offered an escape route to a vulnerable or over-burdened teenager. Such games exist, and more will be produced.

Even though teenage suicides are happening while the game is online, debate continues as to whether the game is actually the cause of the suicides. Either way, the orientation of the game is quite chilling.

The answer is not to ban them but to invest more time and effort in bringing up emotionally strong teens with the ability to face the world’s ups and down without resorting to shortcuts like suicide.

The Kenyan government, through the ever-ready CEO of the Kenya Film Classification Board, Ezekiel Mutua, quickly moved to “ban” the game and therein lies the problem.

Now back to the ransomware attack. It’s unique in that it managed to combine the normal disruptive nature of computer viruses with the business objective of making a profit from the resulting misery.

It is one thing to declare an online application or game banned, but it is quite another to actually put the ban in effect.

SUBSEQUENT ATTACKS

Unless Kenya builds a huge digital, perimeter firewall mapped along our geographic territory– the Chinese way– it is virtually impossible to ban anything online.

OVER-BURDENED TEENAGER In fact, banning anything online is counterproductive since it creates an impulse to download whatever it is the government is claiming to ban. This is otherwise known as free publicity. 6

Essentially, the virus targets Windows-based machines that have not been updated and encrypts the data on the hard disk. This means that your data is no longer available to you unless you pay the ransom fee in exchange for the decryption keys. Furthermore, the virus demands that you pay the ransom through the new cryptocurrency known as “Bitcoin” and provides you with a forwarding address. Cryptocurrencies provide sufficient anonymity for a criminal to collect their

money without leaving any clues to their identity. Many may quickly miss the point and imagine that Bitcoin or the cryptocurrency is the problem here, but it is not. Cryptocurrency is actually a big topic that will merit its own post later on, but for now, be advised that the ransomware attack is to be blamed squarely on organisations that have not invested sufficiently in protecting their rapidly expanding information infrastructure. From the ever-growing list of victims, one can find hospitals, universities, public and private utilities in energy, telecoms and transport, among others. This could be a wake-up call for these organisations to finally budget for and hire a designated information security officer. Last week will be remembered as the week that finally exposed and mainstreamed the dark side of the internet. Let’s hope the world has learnt lessons and will be better prepared to deal with subsequent attacks since they will surely come to pass. (This article was first published in The Daily Nation.Mr Walubengo is a lecturer at Multimedia University of Kenya, Faculty of Computing and IT. Email: jwalubengo@mmu.ac.ke, Twitter: @ jwalu) CIO EAST AFRICA | JUNE 2017 | www.cio.co.ke

CONTENTS

JUNE 2017 6 Guest Editorial 8 In Brief 9 Appointments 10 Regional Round Up TREND LINES

TREND LINES

Rise of the Machines and Things on the Internet

Workplace transformation? A Shape In or Ship Out situation to organisations

FEATURE

A hacker’s eye view of the East African cyber-security landscape

PICTORIAL

crime

Steve Njenga

CIO Barclays on the Banks IT Journey

The journeyman career that led Loic Amado to be Uber East Africa GM

www.cio.co.ke | JUNE 2017 | CIO EAST AFRICA

PRODUCT REVIEW Inspiron 15 7000 36 Dell review: A gaming

laptop at a decidedly non-gaming price

FEATURE Standard Group: 38 The Creating an innovation culture to stay ahead

OPINION reminds 40 WannaCry CIOs to stay on top of

20 Bottom Line 41 your 21 Safeguarding business from cyber-

Cover story:

Limited for DR with PlateSpin Protect

TREND LINES

IT AND LEADERSHIP

8 CIO Golf to tees off at Karen Country Club

choos26 Broadways es Total Solutions

BCX launch to stir the East Africa enterprise way of doing business

START UP CORNER

Coca Cola’s investments in startups is the real thing for innovation

patching

Step up to cognitive era with watson for cyber security

Hard TALK Insincere 42 Safaricom on Innovation

WOMEN & TECH

12 women CIOs running Global Organisations

IN BRIEF AROUND

AROUND the

WORLD

ORACLE EXPANDS PRESENCE IN AFRICA WITH NEW ABUJA OFFICE

APPLE TO START ASSEMBLING IPHONES IN BANGALORE BY APRIL

ORACLE HAS ANNOUNCED THE OPENING OF A NEW OFFICE IN ABUJA THAT WILL FOCUS ON DRIVING CLOUD ADOPTION ACROSS NIGERIA’S PUBLIC SECTOR.

APPLE PLANS TO START ASSEMBLING THE IPHONE IN BANGALORE BY THE END OF APRIL UNDER A CONTRACT MANUFACTURING ARRANGEMENT WITH TAIWAN’S WISTRON.

The office located in Maitama, will create new employment opportunities for talented professionals.

The move by the company comes even as it awaits approval from the U. S. federal government for some of its proposals for lowering the import duties on components and for creating an ecosystem of local manufacturers who can supply components for their smartphones, according to sources close to the situation.

Oracle has been present in Africa for more than two decades and the company has been instrumental in driving digital transformation for key government departments including NSITF, Lagos State and Edo State. With launch in Abuja, Oracle now operates 13 dedicated offices across Africa.

SAP PLEDGES €1 FOR EVERY TWEET TO SUPPORT AFRICA CODE WEEK GOAL TO EDUCATE 500,000 YOUTH SAP HAS ANNOUNCED A SOCIAL MEDIA FUNDRAISING EFFORT TO SUPPORT AFRICA CODE WEEK IN ITS MISSION TO TEACH BASIC CODING SKILLS TO HALF A MILLION AFRICAN YOUTH THIS YEAR. SAP will donate one euro for every tweet with both #SConnect17 and #AfricaCodeWeek between now and September 8. Now in its third year, the digital literacy initiative is part of SAP’s commitment to drive sustainable growth and skills development on the African continent.

GE TO HELP TRANSFORM OVER 200 HOSPITALS IN EGYPT WITH 700 UNITS OF ITS ADVANCED HEALTHCARE TECHNOLOGIES AS PART OF EGYPT’S VISION TO IMPROVE THE QUALITY AND AVAILABILITY OF HEALTHCARE IN COUNTRY, THE GOVERNMENT SET FORTH AN AMBITIOUS DEVELOPMENT PLAN THAT AIMS TO AVAIL AND IMPROVE PUBLIC HEALTHCARE SERVICES IN EACH GOVERNATE ACROSS EGYPT. Under this plan, GE Healthcare signed a key deal in Berlin, worth 25.8 million USD, to supply more than 200 Egyptian hospitals with a wide range of GE Healthcare’s technologies. GE will deliver and supply 700 units nationwide by the end of 2017, additionally GE will provide training to more than 1,200 doctors, technicians and nurses who will be the end users to operate these technologies. To date, more than 400 units have already been distributed to hospitals across Egypt and GE is expected to complete the delivery and installation of the remaining units across military, Ministry of Health and university hospitals by the end of 2017. 8

The Karnataka state, of which Bangalore is the capital, has announced Apple’s intentions to make the iPhone in the city. Last year Apple announced it was setting up a facility in Bangalore to assist developers on best practices and improved app design around its iOS platform.

TRUMP PUSHES U.S. GOVERNMENT TO THE CLOUD WITH CYBERSECURITY ORDER PRESIDENT DONALD TRUMP HAS FINALLY SIGNED A LONGAWAITED EXECUTIVE ORDER ON CYBERSECURITY, AND HE CALLED FOR THE U.S. GOVERNMENT TO MOVE MORE INTO THE CLOUD AND MODERNISE ITS IT INFRASTRUCTURE. The order is designed to “centralize risk” and move the government’s agencies toward shared IT services, White House Homeland Security adviser Tom Bossert said in a press briefing . “We’ve got to move to the cloud, and try to protect ourselves, instead of fracturing our security posture,” he said. “Too much time and money have been spent protecting old federal IT systems, some of which store U.S. citizens’ data,” he stated. In response, Trump’s executive order demands that all agency heads “show preference” for shared IT services when procuring new services. The planned modernization also includes transitioning government agencies to one or more consolidated networks. Bossert said the goal is to view “our IT as one federal enterprise network.”

ENGLAND HOSPITALS HIT BY COORDINATED RANSOMWARE ATTACK HOSPITALS ACROSS ENGLAND HAVE FALLEN VICTIM TO WHAT APPEARS TO BE A COORDINATED RANSOMWARE ATTACK THAT HAS AFFECTED FACILITIES REQUIRING DIVERTING PATIENTS TO HOSPITALS NOT HIT BY THE MALWARE. The attackers are asking for $300 in Bitcoin to decrypt affected machines, payable within 24 hours or the ransom doubles. If the victims don’t pay within seven days, they lose the option to have the files decrypted, according to U.K. press reports. While multiple healthcare facilities have been hit, the country’s health service says other types of groups have also fallen victim. CIO EAST AFRICA | JUNE 2017 | www.cio.co.ke

APPOINTMENTS MARY GICHARU APPOINTED AS THE NEW MANAGING DIRECTOR FOR THE IHUB

ary Gicharu has been appointed as the new Managing Director for the iHUB having joined the team recently in May 2017. Capitalising on the success of her predecessor, Kamal, who re-established a single brand and realignment, Mary will now focus on operational excellence within the iHub. She will also concentrate her efforts on strengthening further collaboration with the community and will continue to create collaborative extensions and partnerships, both local and international. Mary brings experience and demonstrated performance at globally respected firms within the U.S. and most recently at a Pan-African Bank within Kenya. Ms Gicharu moved back to Kenya in mid-2013 to lead and manage the implementation of Equitel, a secure, converged banking and mobile services channel, and the largest MVNO (mobile virtual network operator) in Africa.

LAURA CHITE APPOINTED NEW CEO FOR CIO EA

She also spent eight years at Morgan Stanley, an Investment Bank in New York, working as a Program Manager in the COO Office. Prior to that appointment, she had hands-on experience in implementations and integration management for their business units. Her past roles included tenures at Coca-Cola Enterprises, Inc., Atlanta, Georgia in the U.S., within their Strategy & Planning and Portfolio Management sections.

IO East Africa has announced the appointment of Laura Chite as its new Chief Executive Officer. She succeeds Harry Hare who will become board Chairman of CIO East Africa.

Laura has over twenty years of professional experience in the IT industry including experience in Human Resources, Public Relations, Events, and Sales & Marketing. She joins CIO East Africa from Microsoft where she was the Marketing & Communications Lead for Microsoft Kenya.

ADIL YOUSSEFI APPOINTED NEW CHIEF EXECUTIVE FOR LIQUID TELECOM

iquid Telecom Kenya has announced the appointment of Adil Youssefi as its new Chief Executive.

Adil succeeds Ben Roberts who will become board Chairman of Liquid Telecom Kenya and continue to concentrate on his role as the Chief Technology Officer for Liquid Telecom Group, a position he has held since 2006. The new CEO joins Liquid Telecom from Airtel Kenya where he has been Managing Director for three years. Prior to that, he worked for Millicom Group, a mobile operator with operations in several African countries, in various capacities across its subsidiaries. He started as a Senior Advisor to the Chief Officer Asia in Sri Lanka in 2008, then moved to Chad to take up the Chief Executive position, and finally served as the Chief Executive of Millicom Ghana in 2012.

www.cio.co.ke | JUNE 2017 | CIO EAST AFRICA

REGIONAL ROUND-UP

COMPILED BY JEANETTE OLOO

UGANDA: UGANDA ICT MINISTRY TO BUILD INNOVATION HUB AS PART OF DIGITAL STRATEGY UGANDA’S MINISTRY OF INFORMATION COMMUNICATIONS TECHNOLOGY, WITH THE HELP OF UGANDA PEOPLES DEFENCE FORCES (UPDF), ARE SET TO BUILD AN INNOVATION HUB IN KAMPALA.

he hub will be built at the Uganda Information and Technology Institute in Nakawa and will offer free working space to innovators.

“We have come up with an innovation support programme. In 2017/18, we have $5m (Shs15b) in the budget. The land has already been identified, and come July 2017 we shall be launching it,” said Mr Frank Tumwebaze, ICT and National Guidance Minister, during the Transform Africa Summit 2017 in Kigali. The innovation hub forms part of the broader digital strategy being drafted by the Ministry of ICT which includes education and health digitisation by the government. “We are in the final stages of tabling to the Cabinet a digital strategy. This strategy will be setting out milestones for each sector. For instance, for the education sector, we will be defining what the e-education parameters and e-government parameters are. When we put government services online, you cut costs, and you remove corruption. We also have to train IT engineers to work for the government–and remunerate them better,” he concluded.

KENYA: LIQUID TELECOM CHALLENGES KFCB BAN ON “BLUE WHALE CHALLENGE” LIQUID TELECOM CHALLENGED THE KENYA FILM CLASSIFICATION BOARD’S (KFCB) BAN ON THE ONLINE GAME “BLUE WHALE CHALLENGE” CITING THAT IT IS NOT A DOWNLOADABLE GAME.

ccording to local media reports, Liquid says it has conducted its own research into torrent flows, app downloads and network data, and confirmed that it could find no evidence of the existence of any such game as a structured, downloadable product that can be classified or banned. The game was banned after a report stated that a Kenyan teenager had committed suicide whilst finishing the 50 challenges of the game and also on international accounts that one hundred teenagers’ lives worldwide were lost as a result of playing this game. KFCB’s CEO Ezekiel Mutua stated that he had ordered the withdrawal of the game from all social media sites in Kenya 10

and asked all Internet service providers to ensure it is not accessible in Kenya in a bid to do damage control. “Blue Whale is not a game in the sense of being a video, or an app, or a website, or any structured product. If it exists, it is an activity, just as ‘Truth or Dare’ has been a ‘game’ played by teenagers over the decades,” said Ben Roberts, the Chief Technical Officer of Liquid Telecom Group and Chairman of Liquid Telecom Kenya. “As a ‘game’, it may be something that teenagers are doing on social media, setting these dares in groups, or across accounts: but it has no identifiable structure or means of being prevented or blocked by Internet Service Providers,” he added, according to the media reports. CIO EAST AFRICA | JUNE 2017 | www.cio.co.ke

REGIONAL ROUND-UP

RWANDA: INMARSAT, ACTILITY DEPLOY CITY-WIDE IOT NETWORK IN KIGALI TO SUPPORT SMART CITY INITIATIVE INMARSAT WILL DEPLOY LORAWAN (LOW POWER WIDE AREA NETWORK) INFRASTRUCTURE AROUND THE CITY OF KIGALI TO SUPPORT THE RWANDAN CAPITAL’S FLAGSHIP SMART CITY PROJECT.

ccording to a press statement by Inmarsat, the network, which will be active for an initial period of a year from 1 May, will be the connectivity platform for a variety of Internet of Things (IoT) applications and will provide a blueprint for smart city projects throughout Africa. The solution will provide city-wide coverage that enables a variety of organisations to develop and deploy IoT applications on a large scale, as well as allowing entrepreneurs to easily connect their front-end IoT devices through a middleware layer. Applications could address any number of urban needs including transport, utilities, health, and education. To demonstrate the IoT’s transformative potential, Inmarsat has deployed a number of proof-of-concepts and technology demonstrations around Kigali. These include environmental monitoring, a smart bus equipped with satellite internet providing ubiquitous connectivity for remote communities, and a precision farming initiative intended to increase crop yield and better manage water resources.

TANZANIA: FREECONFERENCECALL.COM LAUNCHES SERVICES IN TANZANIA FREECONFERENCECALL.COM HAS LAUNCHED FREE CONFERENCE CALLING IN TANZANIA FOR FAMILIES, BUSINESSES AND COMMUNITIES.

reeConferenceCall.com has launched free conference calling services in Tanzania.

According to a press statement, the country can now access high-definition audio conferencing, audio recordings, and mobile applications at any time. Tanzania joins Kenya, Nigeria, and South Africa on a growing list of countries with local access to free global conference calling. FreeConferenceCall.com is an entirely cloud-based technology that focuses on simplifying the lives of its users while saving them money in long-distance fees. The launch of FreeConferenceCall.com services means that over 50 million people in the East African nation now have unlimited, instant local access to free audio, screen sharing, and video conferencing. www.cio.co.ke | JUNE 2017 | CIO EAST AFRICA

TREND LINES

BY RAYMOND MACHARIA

RISE OF THE MACHINES AND THINGS ON THE INTERNET

VERY MANY YEARS AGO, THE INTERNET WAS ALL ABOUT GADGETS, DEVICES AND THEIR TRANSFORMATIVE EFFECT ON LIFE WHEN THE TWO INTERCONNECTED.

ast-forwarding to today, we find our phones and other related devices now rank highly on Maslow’s hierarchy of needs after food. But while the “IoT” (Internet of Things) buzzword has been around for about five years now, it has never enjoyed more prominence than it does today; and when you look closely, it has more to do with things and less to do with the internet. It should be called “ToI”— Things on the Internet. In reality, there is more to IoT than just the collection and exchange of data. IoT provides humans with the convenience and ability to do things more conveniently, faster, and better.

It’s more than a thing Every device that becomes a “thing” on the internet has some basic requirements: • For electronics and software, there is an ability to collect data. • A mode of connecting to the internet with the purpose of sending the data to a central control centre, primarily via a specialised wireless network.

• Capability to analyse the data so as to provide the right response back to the “thing”.

Business – Show me the money As with everything that becomes a part of the internet ecosystem, the end game is to make or to save money through improved efficiencies. So, where is the money with the Internet of Everything? Improved factory automation: Here, factories encompass traditional manufacturing and agribusiness operations where specialised devices based in a given industry provide the data needed at the right time, hence allowing for speedy decision making. Consumer loyalty: This is about smart devices pitched at the consumer with the promise of delivering convenience and tailor-made experiences. One of the best examples I have come across is the Amazon Dash Button that allows consumers to press a Wi-Fi-enabled button to get a product ordered and delivered. No need for calls or emails; just press the button.

Analytics – Where it’s all at While not really the most publicised element of IoT, the data generated is probably the most important aspect of this phenomenon. When it is said that data is the new Oil, it is for a good reason because it can be sold in its raw format to interested parties or analysed to give insight into consumer behaviour guiding product and service distribution.

Operations – Wake up and smell the coffee (maker) All the devices in their billions, as of last count, require some forms of management, replacement, software upgrades and service enhancements owing to their specialised nature and how they transmit data. Today, there are specialised service providers that offer both the building of and managing networks, deploying and managing the command and control centre for these devices, and even collecting, securing and analysing this data.

Security – The really big elephant in the room With the proliferation of so many devices and their connection to the internet, the result has been a new avenue of security breaches. The most common one being the use of connected devices as a BOTNET to deploy DDOS attacks. Where malicious parties responsible for the DDOS attacks used to have only hundreds of thousands of computers, now they have at least several million devices at their disposal. Tight management and close monitoring of devices together with specialised security for IOT devices to prevent them from being used as BOTs are Paramount.

Final word Truth be told, the potential for IoE (Internet of Everything) does not have a horizon as yet with use cases coming up on an almost daily basis. The implication on society and the economy as a whole will be great, but as with anything good, there is a need for regulation in order to enjoy the benefits while understanding and managing the risks. The writer is the Head of R&D and Planning at Internet Solutions Kenya 12

CIO EAST AFRICA | JUNE 2017 | www.cio.co.ke

Move like your business depends on it. For 20 years, weâ&#x20AC;&#x2122;ve been helping companies unleash the power of their apps to get where they want to go: Faster. Smarter. Safer. WeMakeAppsGo.com

Kindly Contact Ameen Varvani ameen.varvani@westcon.com +254 20 420 1021 +254 736 165 900

TREND LINES

BY LILIAN MUTEGI

WORKPLACE TRANSFORMATION? A Shape In or Ship Out situation to organisations THE WORKPLACE NATURE IS VASTLY CHANGING TODAY. FROM BYOD, TO ENTERPRISE MOBILITY THE WORKPLACE IS GETTING REVOLUTIONIZED AND ORGANISATIONS HAVE TO KEEP UP WITH THE COMPETITIVE LANDSCAPE THAT IS EVOLVING AT A RAPID PACE.

ost businesses are facing intensifying pressure from competitors who have been able to achieve parity in terms of service, technology, and price. Workplace transformation is like an earthquake that is quickly shaking even the firmly established companies, who are now faced with a new task of keeping up with new and innovative business models driven by mobility and cloud. To survive this wave organizations must transform to survive. This transformation effort requires innovation across all models and sectors of the business and must be done with an utmost velocity. What has really changed? According to Muchemi Wambugu, a Digital Consultant, a few years ago the workplace was filled with a lot of manual processes therefore a bigger workforce was required. “When we talk about workplace transformation, we are talking of creating efficiencies at the workplace through use of technology. Which now leads to a reduced workforce. This is mostly driven by the paradigm shift in the industry brought about by social, mobile, analytics, and cloud or what is known as SMAC paradigm. SMAC is having an impact on the workplace. However, technology is only part of the equation, and change is never easy,” added Mr. Wambugu. In order to survive the wave Mr. Wambugu outlined a couple of things that today’s businesses need to consider; Workplace readiness; Businesses need to invest in right technologies. There is also need for organisations to invest in their workforce in terms of requirements. “A young workforce requirements are totally different from the requirements of an older workforce. If you combine what 14

your workers want with what the market needs, you will easily sail through the transformation,” said Mr. Wambugu. Organisations also need to realize the change in the industry and embrace it. “Most organizations are more supply driven but markets are changing towards becoming demand driven economies. Which means I want my things at my time, in my way, and at my instance. Organisations also need to move to a more responsive and adaptive way of doing things,” added Mr. Wambugu. On what new technology trends were driving workplace transformation, “I will call it Everything-as-a-Service,” pointed out Wambugu, “We are looking at businesses not focusing on putting on-prem equipment in-order to continue with the traditional way of doing things but are getting services on demand, forcing people to work differently.“ He added, “This is forcing people to re-think their processes from the rigid, structured and non-adoptive processes to technology systems put in place to allow the processes to be adoptive, in that if the technology is shifting, we can easily shift with it, as one can easily customize it.”

Emerging technologies impacting the workplace Mr. Wambugu cited cloud services as one of the technologies that has impacted the workplace which in turn is driving the adoption of shared services particularly in the public sector. “Shared services help organisations invest less to get more out of it. This is a common trend in counties through getting together to offer similar services. A good example is IFMIS,” he said. “There are different things that we are beginning to see. Traditionally people

used to work eight to five that has shifted to working from anytime and anywhere thanks to technologies around mobility that include BYOD and cloud. Organisations and how they are structured is another trend. Today organisations are flat and outsourcing a lot of resources getting the need to create the centralized infrastructures,” he added. Mr. Wambugu stated that these new technologies have changed the user to become more savvy that they demand for what they want more quickly. The make-up for demand by a client is also different. Before people used to build for that just local area but now the demand is global and everyone wants that product quickly because of social media. Advancements in technology has caused organisations to swap and become technology nimble based on the new technologies from the market, ranging from drones, artificial intelligence and robotics are allowing the quicker conversion of products at a lesser time with a larger audience. Organisations will be forced to change their way of thinking. “Organisations that will survive this are those that will be nimble to create TEAMS that are experimenting and reviewing in the new or near new technology shift that will allow the competitive nature of that business in that cycle,” added Mr. Muchemi. Mr. Wambugu added that many companies that have been strategic have setup two modules; one is structured module that chases the business as usual and the other one is the unstructured that chases innovation and new investments collectively the two modules are able to increase the bottom line from different perspective to create competition for the business. “A study states that 60% of the kids graduating will be doing jobs that are equally not invented yet. If that’s true, then innovation will be a key driver to changing the workplace, therefore workplaces will be forced to shape in or ship out,” concluded Mr. Wambugu. CIO EAST AFRICA | JUNE 2017 | www.cio.co.ke

BY BARAKA JEFWA

FEATURE

The majority of systems in East Africa are not secure from my research. means. These are basically security holes that can potentially give them access. Using these security holes, you can change your status from a normal user to privileged user on the system and can further extend your access to an entire corporate network CIO: Kindly explain how a hacker chooses their target. BG: Hackers see targets as challenges. The thrill to break into a target is always a game that one wants to win. Finding their target can be done in many ways. Usually, they begin using search engines and specific queries that show potential vulnerabilities, or they could get a lead from an innocent conversation during a drink up or coffee.

A HACKER’S EYE VIEW OF THE EAST AFRICAN CYBER-SECURITY LANDSCAPE ON FRIDAY, 12 MAY 2017, A LARGE CYBER-ATTACK WAS LAUNCHED DUBBED, “WANNACRY,” A RANSOMWARE PROGRAM TARGETING THE MICROSOFT WINDOWS OPERATING SYSTEM.

ccording to the latest cybersecurity report by Serianu, Kenya alone was estimated to have lost about Sh18 billion to hackers who siphoned from or blackmailed businesses and individuals.

Dr Gameli is the founder and current chair of Africahackon, which is the first hands-on Cyber Security Conference in East and Central Africa. He describes the entity as: “a trademark under the company ForeSight Tech Group.”

The attack could have been more damning had it not been for a web security researcher, known by his Twitter account “MalwareTech,” who found an effective kill switch which slowed the spread of infection. In solving the “WannaCry” problem, MalwareTech uncovered new versions of the strain that lacked the kill switch. In a world that is seemingly at the mercy of hackers, CIO East Africa sat down with Dr Bright Gameli, Head of Information Security and Risk at Cellulant Group, who is also considered a hacker in his own right, in a bid to better understand the mindset of the hackers.

CIO: What are the different types of hackers, and what do they do? BG: There are three Types of hackers: “Black Hat” hackers –who just want to destroy or are the cyber criminals, “White Hat” hackers– who work to protect an organization or entities, and “Gray Hat” hackers–who are a blend of both.

www.cio.co.ke | JUNE 2017 | CIO EAST AFRICA

CIO: Take me through a day in the life of a hacker… BG: Hackers like to find vulnerabilities in systems and exploit them by any

CIO: Explain what a hacker must do to exploit vulnerabilities found in a target, and how hard or easy it is to exploit. BG: To find the actual or potential vulnerability in a system, a hacker will look for publicly available codes, or what we call “exploits” and either use them outof-the-box to exploit the system or modify it to work. There are operating systems or “hacker distros,” as we call them. For example, Kali Linux is a distro that has most of the tools and exploits that a hacker needs. Most of the tools are open source, so they don’t have to be purchased. It can be very easy to exploit some systems while others can be very difficult. At times, it’s just luck to find vulnerabilities or for a victim to fall prey to a hacker’s exploit. 15

FEATURE CIO: Kindly go into detail about some of the tools of the trade. BG: Kali Linux is one of the most popular operating systems that almost every hacker uses. It is loaded with lots of tools and codes that make it easy for one to modify and use it however they want. One of the best tools, however, that all hackers cannot survive without is google.com. We refer to it as the “highway for hackers” because it has so much that of which a normal user is not aware. For example, I can use Google to find resumes of lectures from all Kenyan universities in just one line of code. We call this kind of code “google dorks.” I can find free movies and books using google dorks, and it’s not hard to learn how to use them. It is not illegal to use them just to gather information. CIO: What is the easiest way for hackers to target and infiltrate organisations? BG: The human element is what causes the most risk. Systems are always fairly secure when configured properly. Hackers just need to exploit the human element. This is known as “social engineering,” and it is a very effective way to get into an organization. This is a vulnerability because we humans are usually trusting and almost always willing to click or download files without actually knowing the source of a piece of information or device. CIO: What does the East African IT landscape look like in the eyes of hackers? BG: The majority of systems in East Africa are not secure from my research. Most people like to wait for the worst to happen before taking any action. Cyber criminals and hackers are taking advantage of this, and companies are losing millions daily. The existing policies, however, such as the Cyber Security Bill do not clearly state the penalties for the various types of hacking. This loophole allows hackers get away with a lot even when accused due to the difficulty in gathering proper evidence for presentment in court. Lastly, there is a lack of cyber security lawyers in the EA IT landscape. This makes it difficult to prosecute a suspect. 16

Hiring a cyber-security engineer to find problems in their network might only cost them 30,000 a year to hire, but should a cyber criminal infiltrate their system, they could be losing five times that amount every quarter. CIO: Is there any specific way to mitigate the risk of being hacked? BG: There isn’t one right way, but general cyber-security awareness training, buying the right equipment for the right environment and having the right expertise to take care of your systems would help a lot. Unfortunately, the combination of all three of these is usually hard to find.

best can a CIO explain to the board the need to hire such an expert? BG: I will say they shouldn’t always look at professional papers to determine if one is fit for this role or not, but rather give practical tests to gauge the potential employee’s ability. A lot of CIOs depend on theoretical experts and not people who have more practical hacking skills, ability, and thoughts.

CIO: Is there a definite way to identify a hacker physically? if not, then what should organisations do to be secure? BG: It’s not easy to identify a hacker physically. Your everyday hacker doesn’t wear a hoodie. They might be your fellow employee on the next desk.

CIOs need to explain the business impact to the board should they be breached at some point. I always tell organizations, “you will be hacked it’s just a matter of time. And if you do fall victim, are you ready?”

We all need to get more cyber-security awareness training with hands-on demonstrations to help show us the various vulnerabilities that exist in the hacker world. For example, if someone comes into your office with a flash disk for you to plug in, you need to be able to recognize the potential actions that might take place on your screen. Seeing these in a training setting will help keep an employee on their toes. Furthermore, organizations need to hire experts to do what we call “Vulnerability Assessment” and “Organization Penetration Testing.” The penetration tester (or “pentester,” as we call them) will try all the techniques on and off the book, as well as use all the tools that hackers are currently using to infiltrate the organization. This, of course, must be done with minimal notification to staff and on a signed contract basis. There are many local talents that can provide these services in Kenya, and the majority come from AfricaHackon. CIO: What advice would you give a CIO looking to hire a cyber-security expert within the region? And how

One should not wait to be hacked before taking action. Organizations need to be proactive rather than reactive when it comes to dealing cyber security. CIO: What is the return on Investment for a company when they hire a cyber-security specialist? BG: They will be saving potentially 90% of their revenue should they hire someone to identify their security weakness. Take a situation for a bank making millions a year. Hiring a cyber-security engineer to find problems in their network might only cost them 30,000 a year to hire, but should a cyber criminal infiltrate their system, they could be losing five times that amount every quarter. CIO: What are your companies doing to help educate people on the existing threat? BG: Africahackon for the fourth time is putting on its annual Cyber Security Conference where we make the public aware of these issues which we have been discussing at a very affordable fee. It is a trademark of the company Foresight Tech Group that actively takes on projects to train organizations as well as offer other cyber-security services. CIO EAST AFRICA | JUNE 2017 | www.cio.co.ke

BY ARTHUR KINTU

PICTORIAL

8 CIO GOLF TEES OFF AT KAREN COUNTRY CLUB TH

IO East Africa had its Eighth Annual CIO Golf Tournament at Karen Country Club on May 20th, 2017. The Event which coincided with Karen Country Club’s 80th Anniversary, also celebrates CIO East Africa’s anniversary. As they play away putting their best at golf, CIOs, IT managers and corporate executives network, share knowledge amongst end user, IT professionals and technology providers on trending technologies. Here are some of the moments as they unfolded! Andrew Karanja hands Patrick N Kariuki (L) a prize after the CIO East Africa Golf Tournament at Karen Country Club

Anthony Gacheru (L) receiving a prize from Moses Gesami of Total Solutions

TBM

CIO East Africa's Director Andrew Karanja hands the winner Marianne Kilonzi a prize after the CIO East Africa Golf Tournament at Karen Country Club

Douglas Gicho, Head of ICT Kiambu County during the just concluded 8th CIO Golf held in Karen Golf Club www.cio.co.ke | JUNE 2017 | CIO EAST AFRICA

Caption should read CIO East Africa's CEO Laura Chite hands John Muiruri a prize after the CIO East Africa Golf Tournament at Karen Country Club

Andrew Karanja tees off during the CIO East Africa Golf Tournament at Karen Country Club

David Nyale during the CIO East Africa Golf Tournament at Karen Country Club

(L-R) Vianney Rusagara, Isaac Maina & Max Kahende stride along after their first tee during the CIO East Africa Golf Tournament at Karen Country Club(R)

One of the golf players sets his ball during the CIO East Africa Golf Tournament at Karen Country Club 17

PICTORIAL

(L-R)Executive Director MEA Titus Ngugi, Director CIO EA Andrew Karanja, Lady Captain Karen Country Club Louisa Gitau and the Manager Corporate Business AMAD Technologies Philip Obondi

Gakuo Macharia during the CIO East Africa Golf Tournament at Karen Country Club

Irene Auma during the CIO East Africa Golf Tournament at Karen Country Club

Participants of the CIO golf tournament winding up the game as one of their trolleys is ready to be packed up.

The Director TBM Henry Maina (left) giving one of the winners a prize after the CIO East Africa Golf Tournament at Karen Country Club 18

(L-R)out-going CIO EA CEO Harry Hare, Executive Director MEA Titus Ngugi and Director CIO EA Andrew Karanja

Karen Country Club Captain Clive Davis addressing participants during the CIO East Africa Golf Tournament at Karen Country Club

The new CIO East Africa CEO Laura Chite (left), the Out-going CEO Harry Hare with a business partner during the CIO East Africa Golf Tournament at Karen Country Club

Jennifer Murigu (L) and Rosemary Njogu take a break during the CIO East Africa Golf Tournament

Total Solution's Moses Gesami hands Grace Mayiani (L) a prize after the CIO East Africa Golf Tournament at Karen Country Club CIO EAST AFRICA | JUNE 2017 | www.cio.co.ke

45995/E

“Cellular phones will absolutely not replace local wire systems.” Marty Cooper. Inventor. 1981.

“The future business landscape is clear, and it is digitalisation or liquidation.” BCX Don’t let the past repeat itself. Talk to us about future-proofing your business with tailor-made digital solutions. Meet the future today with BCX, Africa’s premier end-to-end digital solutions partner.

www.bcx.co.za | #bcxmeetthefuture

TREND LINES

BY MANIKANDAN NATARAJAN

The industry has repeatedly failed in most cases to convince the CFO and CRO on “security decision making”, based on a combination of “impact-driven & Risk Aware” context. We are still struggling with High-risk and “Low-risk”. We need to move from that and check on “Good-Risk and Bad-Risk” in the context of the business operation. According to me, the focus must be more on Detect and Respond than on Prevent. We must have learnt more from recent attacks to detect and respond and more on how to prepare after a disaster.

BOTTOM LINE IF YOU ARE FROM A TEAM CHASING COMPLIANCE, YOU ARE MOST LIKELY NOT FOCUS ENTIRELY ON THE REALITY OF SECURITY AND REAL-TIME THREAT LANDSCAPE.

f you are from a team chasing compliance, you are most likely not focus entirely on the reality of security and real-time threat landscape.

us protected”. The response is not in if we are protected. The response must be fashioned around “how secure & Whatif Scenarios”.

At the same time, if you are from Security Ops, handling and making decisions on Technologies, you would in most cases make compliance secondary.

Most security implementations are centered around a Paranoia to implement preventive technologies.

Both, are serious points of failure (and am neither the first nor the the last one saying this)

Maturity in adoption can only scale if the team can involve someone from the Risk team and the Business/ Finance.

Organizations must initiate security objectives, with the above pointers & with an assumption that they are probably “in or will be in a state of compromise.” It will be evident that the scope of ‘security’, it s ’boundaries’ and ‘applicability’ will be re-written!! There will be theft, there will be compromise, there will be fraud, the smartness is in Predicting, Detecting and responding to it. Attacks will continue and will get stronger and smarter, we should be in a position to out-smart them, which simply means, we need to think smarter and harder.

WORD OF CAUTION: Do not let Paranoia drive your security decisions, let assurance drive the decisions. You will never be able to find a lock that doesn’t break, it is all about finding what can stand long till you get to know of a breach and what to do when you get to know.

I would follow what the experts have been crying out aloud for a long time now: Separate Security Governance from Operations. Most security initiatives fail simply because they start with either a compliance program (& stop there), or start by implementing a technology in an un-informed manner. The imperative is not in embracing a program or a certain technology implementation, the imperative is in clearly understanding “the Why”. If the security ops is able to convince the CFO on the investment they seek, it is only fair that the CFO would ask “if that would keep 20

CIO EAST AFRICA | JUNE 2017 | www.cio.co.ke

BY NIKKI SUMMERS

SAFEGUARDING

YOUR BUSINESS FROM

CYBERCRIME

TREND LINES

• EDUCATE YOUR END-USERS ABOUT THE BASICS OF INFORMATION SECURITY: For example, make sure they know why they need to choose strong passwords and that they are alert to the dangers of phishing emails designed to persuade them to give their log-in details to people with criminal intentions. • INSTALL ANTIVIRUS AND ANTI-MALWARE SOFTWARE ON YOUR LAPTOPS AND DESKTOP COMPUTERS: Keep it up to date with the latest software to ensure that your data and applications are always protected. • GET SERIOUS ABOUT MOBILE SECURITY: Lock your device behind a PIN code or password when not in use to prevent hackers or thieves from accessing your data. In addition, most mobile devices today allow you to track their location or remotely wipe data, a good functionality to enable in case the device goes missing.

FROM MALWARE TO PHISHING, AND FROM HACKING TO THEFT OF DATA STORAGE DEVICES, THE RISKS OF FALLING VICTIM TO A SECURITY GAP ARE CONTINUALLY GROWING. ANY BUSINESS BUILDER IN AFRICA MUST PREPARE TO COMPETE IN THE DIGITAL ECONOMY BY PROTECTING THEIR BUSINESS FROM CYBERCRIME.

he consequences of falling victim to an information security gap can be severe, including legal liability, financial losses, irreparable damage to customers’ trust, and loss of confidential company data.

According to the 2016 Cyber Security Report from Serianu, Kenyan organisations are losing around Sh17.5 billion a year to cybercrime, a dramatic increase from Sh15 billion in the previous year. Here are some ways you can protect your business by following some basic good practices: • TRUST THE CLOUD: Cloud computing can be more secure than traditional IT. Established cloud suppliers invest vast amounts of money into securing their applications and have www.cio.co.ke | JUNE 2017 | CIO EAST AFRICA

technology infrastructure beyond the means of any small business. Thus, the cloud provider is better equipped to handle malware, hackers, DDOS attacks, and all the common cybercrime threats and nuisances of the information age. There’s also less risk of losing data stored on a laptop or a USB stick because everything is stored in the cloud and not on devices that could be lost or stolen. Cloud allows customers to control their business from wherever they are. For businesses to be able to improve their security and integrity of their data is highly important in a world where cybercrime is slowly taking over.

• KEEP SOFTWARE UP TO DATE WITH SECURITY PATCHES: When it comes to desktops and notebooks, be sure to keep your operating systems and browsers up to date with the latest security patches. • WHERE YOUR CLOUD PROVIDER ALLOWS IT, ENABLE TWO-FACTOR AUTHENTICATION: For example, you could set your account up to ask for a code sent to you by SMS when you log in or use a fingerprint in addition to a password. • BE CAREFUL ABOUT WHERE YOU LOG ONTO CLOUD SERVICES: Be wary of unsecured public Wi-Fi networks. • ENFORCE STRONG PASSWORDS AND KEEP THEM SECRET: Cloud services can usually be accessed through any device connected to the public network. You will authenticate yourself to the service with a username and password. Protect yourself by choosing a strong password that is difficult to guess, but easy for you to remember. Don’t use the same password on multiple accounts. Use a password of at least 16 characters including at least one number, one uppercase letter and a special symbol staying away from use of names of family, friends or pets. 21

www.liquidtelecom.com

AFRICAN. We can help grow world-class business out of Africa. We believe in the ambition and potential of African business. It’s why we’ve built Africa’s largest fibre infrastructure and provide an award-winning satellite network, capable of keeping any enterprise connected, protected and competitive at all times. Because we are not just a telecoms company. We are your technology partner.

Building Africa’s digital future

THE RISING POPULARITY OF WI-FI ACROSS AFRICA Wi-Fi is the connectivity solution of choice for so many of today’s devices. Liquid Telecom examines why the network technology is growing in importance to businesses and consumers across Africa.

here are a number of reasons why Wi-Fi has established a central role for itself in the modern communications ecosystem. It is the default wireless communication protocol used by laptops, tablets and smartphones. At the end of most broadband connections there is a Wi-Fi access point, as it is the cheapest and most ubiquitous way to connect non-wired devices to the internet. As such it is the primary method of connection to the internet in offices and homes around the world. In public venues, Wi-Fi acts as a complementary network technology and Wi-Fi offloading – the migration of data from mobile to Wi-Fi networks - is becoming a popular way to help quench the insatiable thirst for mobile data worldwide. In fact, more traffic was offloaded from mobile networks on to Wi-Fi than remained on mobile networks in 2016, according to the latest Cisco Visual Networking Index. The importance for guest Wi-Fi is growing to the business world, where it is a recognised way of driving value and brand loyalty. In the case of Africa, public Wi-Fi hotspots have also proved to be an effective way to improve internet access to underserved communities.

A Wi-Fi hub for Africa Behind the scenes, network operators such as Liquid Telecom are discovering new ways to work with mobile operators and ISPs to maximise the business benefits of Wi-Fi networks. For example, Liquid Telecom offers a service called Africa Wi-Fi Hub. This allows Liquid Telecom’s wholesale customers to access its public

Wi-Fi hotspots, enabling their subscribers to connect to hundreds of locations across some of Africa’s fastest-growing economies. It also allows operators to make their public Wi-Fi hotspots available to some of Liquid Telecom’s roaming partners, joining a global network of public Wi-Fi hotspots quickly and easily. The hub will help to encourage Wi-Fi roaming across the region, enabling mobile operators to offer international coverage at far lower costs than mobile roaming and providing connectivity for international travellers. As more local ISPs and operators join Africa Wi-Fi Hub, Wi-Fi roaming is set to accelerate across the region, enabling more subscribers to easily and securely connect to public Wi-Fi hotspots and avoid costly data roaming charges.

The mutual benefits of free Wi-Fi Reliable free Wi-Fi is becoming an expectation of visitors to many venues, but the benefits of providing this service are mutual for both business and customer. Wi-Fi can be used as a platform for personalised and location-based communication either through a Wi-Fi portal webpage or through the customer’s own app, which can be triggered based on the presence of the user in a given location. Combined with insights into customer behaviour, Wi-Fi can drive additional sales and enable new revenue streams through proximity marketing. Earlier this year, Liquid Telecom entered into a partnership with GlobalReach Technology that is helping African businesses deploy and manage Wi-Fi for

their customers. The managed service enables the smallest cafes to the largest shopping malls and hotels to offer Wi-Fi securely to their customers. It is also being used by governments and municipalities to offer free Wi-Fi to citizens in a reliable, cost-effective manner, providing a platform to deliver e-government services.

A hotbed of hotspots Improving broadband access is widely recognised as stimulating economic and social growth. The transition to a knowledge-based economy brings with it new business models and industries, while at the same time transforming how public services, education and healthcare can operate. For this reason, a growing number of African governments are introducing free Wi-Fi initiatives to underserved areas. In Kenya, Liquid Telecom has been working alongside the Kenyan government to introduce Wi-Fi networks to underserved towns up and down the nation. The first such initiative of its kind in the country was launched in Nakuru County, which attracts up to 30,000 unique users a day. It was recognised as Best Wi-Fi Deployment to Connect the Unconnected in a Rural Environment at the World Wi-Fi Day Awards in June 2016. The rollout of more public hotspots across Africa looks set to boost economic activity and education further over the coming years. For more information on Liquid Telecom’s Wi-Fi offering visit www.liquidtelecom.com

BY STAFF WRITER

BCX LAUNCH TO STIR THE EAST AFRICA ENTERPRISE WAY OF DOING BUSINESS BCX, RECENTLY LAUNCHED IN KENYA WITH A FOCUS OF DELIVERING TECHNOLOGY CAPABILITIES AND SKILLS TO DELIVER END-TO-END DIGITAL SOLUTIONS FOR LARGE AND MEDIUM ENTERPRISES IN THE PUBLIC AND PRIVATE SECTORS.

CX’s ICT solutions in ICT consulting and digitization solutions portends a complete range of managed solutions that include both LAN and WAN, unified communications, and connectivity solutions. In addition, cloud computing technologies underpinned by best in class security solutions and a host of value added services that include enterprise mobility services and analytics software with a specialized competency in the IOT (Internet of Things) and big data solutions, are on offering by BCX’s product portfolio for the market. Headquartered in Centurion, South Africa, BCX has an extensive African footprint with its international subsidiaries which include Kenya, Nigeria, Tanzania, Namibia, Zambia, and Botswana as well as a presence in Dubai and the United Kingdom. Its strategic vendor relationships with multinationals have over the years enabled BCX to deliver best-in-class solutions across industry verticals with skills and expertise that seamlessly deliver integrated services to its customers. “BCX is committed to providing ICT solutions that reduce the cost of doing business, increase overall business productivity, and empower businesses to use technology as a competitive advantage, “ says Mr Pat Muthui , BCX Kenya’s Chief Executive.

Transforming Kenya through digitization and technology “I am very excited about the launch of BCX in Kenya and believe that BCX is now positioned to address emergent technology and digitization needs of companies and organizations operating in East Africa, both within their domeswww.cio.co.ke | JUNE 2017 | CIO EAST AFRICA

tic Kenya market, and as they expand into the rest of East Africa and beyond,” added Muthui. “Organizations that do not embrace digitalization and transform accordingly run the risk of becoming redundant to their customers” reiterates Muthui.

TREND LINES

BCX is now the first brand in Africa that can offer end-to-end ICT solutions from a single provider. “While digitization has become a top priority for businesses throughout Africa. It’s becoming clearer than ever that companies that do not invest in digital solutions will be left behind as the business landscape continues to evolve. BCX provides a clear roadmap for companies throughout Africa to embrace digitalisation and be prepared to serve both their current and future customers,” says Muthui. BCX commitment is providing ICT solutions that reduce the cost of doing business, increase overall business productivity, and empower businesses to use technology as a competitive advantage.

County revenue management

In light of this, Telkom and BCX have announced the launch of BCX, Africa’s premier, end-to-end information communication technology (ICT) solutions provider. This new brand, built from a strategic partnership between Telkom Business and BCX, is uniquely suited to support businesses throughout the continent as they seek to digitalise business operations. Muthui opines, “BCX is built from the foundation of Telkom Business’s deep knowledge of infrastructure and BCX expertise in providing customised ICT solutions for its customers.

With the guidelines from the Commission on Revenue Allocation of Kenya based on section 161 of the Public Finance Management Act, 2012, BCX has innovatively developed solutions that not only enable the county governments to collect revenue but also comply with the requirement of the CRA. These functionalities span rates, levies, licenses, charges for property, trading property, trading agricultural produce, hospital services, and other tariffs that enable the county’s citizens access and the ability to pay for services in the county. The next generation of the solution Pat Muthui, BCX Kenya’s will enhance the county’s Chief Executive citizen’s experience.

CASE STUDY API Economy According to the CEO, “We have enabled some of our clients to develop a robust API management platform. This platform helps scale micro-services that reach underserved segments of the market with more agility, velocity, and efficiency than before.” “This platform also has enabled the management of multiple applications operating complex environments, with the ability to access partners, including the developer community, that wishes to access client services. These platforms can also be used to improve the enterprise security features where the business interacts in its ecosystem. We expect organizations that use our integration services to monetize and extract more value from their current commercial models, but with greater flexibility, due to the discovery of new opportunities to bill for enhanced revenue as well as revenue-sharing with intermediaries and end-user clientele. 25

TREND LINES

BY BARAKA JEFWA

BROADWAYS CHOOSES TOTAL SOLUTIONS LIMITED FOR DR WITH PLATESPIN PROTECT Broadway Group of Companies, which primarily consists of baking, milling and retail organisations based in Kenya that have been producing fresh bread and flour products for over 50 years, has chosen to implement Total Solutions’ PlateSpin Protect, in a bid to accelerate and simplify the recovery of their critical enterprise resource planning (ERP) servers, cutting recovery point and time objectives (RPTO) from days to minutes.

“PlateSpin Protect is disaster recovery software that uses virtual infrastructure capacity to protect both physical and virtual workloads. It delivers mirroring-like RTO and RPO performance at a price point approaching tape,” said Moses Gesami, Business Development Manager- Enterprise Solutions - Total Solutions, Kenya. “There is a need for disaster recovery because, disasters do happen and accidents do happen, to that effect. So, the question should be, what exactly are we going to do when the disaster does happen?” Gesami added.

The Broadway Group, Total Solutions partnership After running a proof-of-concept exercise with two short-listed solutions, the Group chose “PlateSpln” Protect and worked with Total Solutions Limited to implement the solution by defining and managing standards at the group level for data protection and disaster recovery (DR) across all enterprise sites. PlateSpin Protect makes it much faster to recover server systems, which minimises service interruption in the event of a server failure. We simply click to select the virtual image we want to restore instead of having to rebuild entire servers from several tapes or other backup options. With PlateSpin Protect, we are able to recover workloads (data and operating systems) within minutes, thus

propelling our revenue generation”, says Mr. Devan Shah, Business Development Executive for the Group. Broadway Group of Companies, is a multi-generation, family-run enterprise primarily formed of Broadway Bakery Limited, Bakex Millers Limited and Broadwalk Limited. The ERP servers at the Group are based on site. They are protected by a proprietary disk replication technology supplied by the MicroFocus NetlQ, collocated and based at the Safaricom Data Centre which is approximately 5 kilometers away within Thika town. Being the most business-critical servers, they are replicated every 30 minutes to the DR site.

How PlateSpin works PlateSpin Protect creates virtual copies of the protected workloads at specified times then replicates the changes to a remote copy of these servers. The solution protects both virtual and physical workloads and dramatically accelerates recovery by removing the need to configure a new physical server and then laboriously restore the systems from backup files. An intuitive web interface makes it easy for administrators to manage snapshots and replications, and also enables simple testing of server copies. “Even more important for us was the fact that we could run the business from the DR site for days while incidences within the primary site are getting resolved” said Mr. Shah. Per Gesami, PlateSpin bridges the gap between expensive near-zero-downtime solutions, and low-cost tape backup. “Traditional disaster recovery solutions force you to choose between performance and price. You and your users want low RPOs and RTOs, typically four hours or less. That’s virtually impossible with tape. But on the other hand, it’s prohibitively expensive to mirror the whole data center,” said Gesami. “Our disaster recovery solutions let you meet or exceed RPOs and RTOs within an hour or less, at a price point that lets you protect more of your servers for less money.” He concluded.

CIO EAST AFRICA | JUNE 2017 | www.cio.co.ke

BY JEANETTE OLOO

COVER STORY

Steve Njenga of Barclays on the Bankâ&#x20AC;&#x2122;s IT Journey Barclays has operated in Kenya for over one hundred years, and for 2017 the bank is focused on using technology to achieve efficiency, going digital, and delivering top-notch services to its customers. www.cio.co.ke | JUNE 2017 | CIO EAST AFRICA

COVER STORY

n an interview with CIO East Africa, Mr. Steve Njenga, CIO of Barclays Kenya, reiterated on the bank’s strategy saying that to archive the stated objectives, the focus is on people, processes, and technology. Sentiments to which his colleague in the bank Mr. Vincent Nzai, Head of Processing Hubs agrees.

Coming from an American corporate system to the Kenyan corporate system, Steve Njenga joined Barclays Bank in 2015 and believes one of the reasons he was brought on board was to help address the bank’s system stability issues. Since his arrival at the bank, there has been a tremendous change.

perspective, the cloud provides an opportunity to access services around the clock.

the way to paperless visitor management which would be unique to Barclays.

“We need to be in the cloud. Virtualization is key in order to take full advantage of the cloud. A virtualised core banking system ensures that banking services are reliable 24/7 and that services are recoverable in a matter of seconds in case of a failure,” Mr. Njenga stated.

“In September last year, we launched an online meetings and appointments scheduler. Our customers can now schedule appointments online with any of our specialists. You no longer need to physically come to our branches to have a face-to-face, online meeting with a specialist at the branch. You don’t have to drive all the way to Haile Selassie to engage in an appointment with the bank,” said Mr. Nzai.

“The cloud gives a lot of leverage, especially when it comes to testing and delivering services, with an emphasis on speed to market – a cloud implementation allows you to build quickly, test

Services and Initiatives To get started, Mr. Njenga says the focus was on ensuring a stable core banking system. This has largely been achieved in the last 24 months. Ensuring system stability for the bank’s customers is a journey and continues to be a critical aspect of Business as Usual (BAU). The mission for 2017 and beyond is to transform the business into an efficient, digital and customer led organisation. Barclays is investing heavily in the digital strategy to drive process efficiency in order to provide all who interact with Barclays a world-class experience. To achieve its goals, the bank is taking steps to ensure all team members are on the same page and work together. “We are also currently looking at ways of digitising customers’ inputs and instructions, and Robotics is helping with the automation process,” said Mr. Vincent Nzai.

Cloud The cloud is still a new concept for banks in Kenya yet from a customer 28

Barclays’ is also keen on leveraging digital technology for business mobility and continuity to ensure that work is done whether or not the employees are in the office. This gives our employees the freedom to work from wherever they need to be, whether that is from home, a customer’s office, a branch or during their commute.

Security On security, Mr Njenga stated that he felt the bank is pretty secure since the bank is able to leverage on the security measures set up by the Barclays Group. quickly and launch to the market quickly. Most big banks today have huge development and test environments replicating their production systems. All these duplicate systems are costing them lots of capital. Maintaining them poses challenges in terms of how to get quicker and more efficient,” echoed Mr. Nzai.

Digital Workplace Transformation Transformation into a digital and efficient organisation is a key pillar for Barclays. And part of their agenda is to eliminate paper, starting from audits all

“The concerns I have are related to the integrated business place. Now that we are all [businesses] becoming more and more integrated, it is no longer just Barclays and partners operating separately. We now have systems that link all of us together. If one of your neighbours has a breach in their security, you could get impacted. It is more of an industry-wide kind of concern that I am just now starting to feel, but I am not sleepless yet,” said Mr. Njenga. “The overall cyber security situation in Kenya is not the best. But for Barclays – so far, so good. In my professional opinion, the Kenyan environment is not CIO EAST AFRICA | JUNE 2017 | www.cio.co.ke

COVER STORY This Barclays CIO is a biker and an organic farmer, but these are not the most fascinating things about the tech brains of the Barclays Kenya CIO. Mr. Njenga owns a V-Star 950 Tourer bike and can be spotted wearing leather on the weekends. Topping off his biker leathers is a solid white, multi-functional, 3-in-1 TransFormer Helmet system. Specifically, it’s a Scorpion EXO-900X for those who speak biker language.

You have to be good at making your case and demonstrating that what you bring to the table does add value to positive customer impact, and that it is a differentiator in the market. as secure as it should be. That poses a threat to all businesses and not just banks, a threat to everybody who is part of the system,” he added.

Blockchain Technology Barclays Kenya is not doing much with blockchain technology due to the recent warnings from the Central Bank on the perceived insecurities of crypto-currencies.

The helmet is also Bluetooth-enabled with speaker pockets–but that’s not all. It has an aero-tuned ventilation system, which means it has a sort of air-conditioner function, and also an AirFit liner inflation system.

tured to nurture their growth in terms of funding, coaching and mentoring. “We have one facility each in Cape Town, Tel Aviv, and London, with plans for two more elsewhere in Africa over the next 12-18 months. Barclays Rise also houses the Barclays Accelerator, an intensive 13-week programme designed to accelerate start-ups. The program has startups leveraging blockchain technology for financial services, however the

technology can be leveraged in areas as diverse as management of land title.. It’s in projects like these where you find innovations that you’ll soon see make

Mr. Njenga was proud, however, of what the global team was doing on innovation. They have an accelerator program called “Barclays Rise” - a global community for open innovation, designed by Barclays to help shape the future and drive the bank’s growth. Through this initiative Barclays is creating a community in which start-ups, corporates and innovators can connect, co-create and scale the ideas that could become the next revolution in delivering new products and services to our customers, clients and colleagues. In each location, Rise will provide a physical site for innovative companies, offering a co-working environment, world-class event spaces, and meeting rooms. Rise brings together the world’s best and brightest startups and experts to create the future of financial services. The program is strucwww.cio.co.ke | JUNE 2017 | CIO EAST AFRICA

COVER STORY their way into the marketplace in the near future,” said Mr. Njenga.

PesaLink One of the new innovations coming out of the Kenyan financial services sector is PesaLink. It is a front-end switching system developed by Integrated Payment Systems Limited (IPSL), a company owned by the Kenya Bankers Association (KBA). PesaLink allows banks to link to each other’s systems and allow money transfer services to customers. According to Mr. Njenga, PesaLink has a huge potential if it is marketed and driven appropriately by KBA. He believes it could provide stiff competition for MPESA. “Right now all they [PesaLink] have is the P2P (Person-to-Person) transactions. Imagine when they have the full package of B2B (Business-to-Business), B2P (Business-to-Person), or P2B (Per-

son-to-Business) transactions. One of the things we talked about is the ability to do all those transactions online, for example leveraging PesaLink P2B the online Jumia shopping cart. My only hope is that they push and drive uptake - you need a critical mass for this kind of thing to work, but the potential is humongous,” he emphasised.

Advice to other CIOs “My advice to other CIOs is to hang in there. This is a tough job but rewarding in many ways. I used to report to a CIO who was a good friend. When I accepted and took this job, he reminded me what CIO really means: “Career Is Over,” Mr. Njenga said breaking into a hearty laugh. “This job is pretty demanding, and as a CIO you need to build good relationships with the people who matter and stay focused on the numbers. And, al-

The cloud gives us a lot of leverage, especially when it comes to testing and delivering services with a speed-to- market.

Barclays Bank of Kenya is run by a Board of Directors chaired by Mr. Charles Muchene who succeeded Mr. Francis Okomo-Okello in October 2016. Since its establishment over 100 years the Bank has grown in leaps and bounds to reach 833,268 customers, have 121 branches across the country including 214 ATMs and 54 iATMs and Deposit taking ATMs. Mr. Jeremy Awori is the current Managing Director of Barclays Bank of Kenya. He has been at the helm of the bank since February 2013. To date Barclays Bank of Kenya has 2,591 employees and is the first and only Board in Kenya with 50:50 gender ratio. In 2016 Barclays Bank of Kenya launched multiple products ranging from, Prepaid Cards with two key products namely; Corporate Payroll and Multi-currency Prepaid Cards in the same year. Barclays, also launched Mobile Point of Sale (mPOS) payment solution that enables customers to pay for products and services using their debit or credit cards on the go and a Deposita cash management solution, a machine that allows customers to bank their money right at their premises, avoiding the costs and risks associated with cash in transit. ways remember that at the end of the day it is really the business that determines what you can actually do. “You have to be good at making your case and demonstrating business value - that what you bring to the table adds value and positively impacts the customer, and that it is a differentiator in the market. You must be able to do that, and that takes some skill. It basically means you are going to bring ten things to the table and maybe only one will really stick. It will only stick because you kept driving, and driving, and driving. That’s why I am saying, ‘Hang in there!’ It is a tough job but just hang in there. It is almost a thankless job, but we do it because we love what we do,” Mr. Njenga concluded breaking into another emphatic laugh.

CIO EAST AFRICA | JUNE 2017 | www.cio.co.ke

BY DAVID NEEDLE

STARTUP CORNER

“At our company, the cultures comes from the top. My CEO is also Chief Digital Officer and fosters the thinking that anyone can contribute,” said Comstock. “We have a suggestion box and regular hack days. The next one will be around AI.”

IS COCA-COLA AS AN INCUBATOR FOR FAST-GROWING STARTUPS? IT MAY SEEM AN ODD MATCH, BUT ALAN BOEHME, CHIEF INNOVATION OFFICER AT THE $42 BILLION BEVERAGE GIANT, SAYS IT’S A SMART MOVE. “You can’t innovate in a vacuum. You need to reach out to partners and customers,” Boehme said at the CIO Perspectives Conference here this week. “We scan the broad spectrum of trends and get inspiration from–not trying to solve specific business problems because that is incremental–but by looking at where we have to go.” Boehme is referring to “The Bridge”, a program Coca-Cola launched globally three years ago. The Bridge selects ten startups each year that are given the opportunity to leverage Coke’s marketing expertise. On the flip side, The Bridge gives Coke early access to new consumer technologies. The early results are promising. After three years, The Bridge has spawned sixty-eight pilot programs, fifteen license agreements, and four global license agreements. Now Boehme, based in Silicon Valley far from Coke’s Atlanta headquarters, is looking to scale even faster. One way is partnerships. Coke already has a brand partnership with Turner Broadcasting and Mercedes-Benz. “The partnership with Turner and Mercedes has been an unbelievable blessing,” says Boehme. “Turner teaches us a lot about where advertising is headed and how content will be consumed by smartphones and websites. Mercedes brings an unbelievable focus on quality, and Coke brings our marketing expertise–so everyone benefits. The Bridge has also partnered with such tech heavyweights as Amazon, Google, and Microsoft. www.cio.co.ke | JUNE 2017 | CIO EAST AFRICA

Some of the services and technologies the startups have produced are things Boehme says the drink giant would never have thought of by themselves. This includes augmented reality software that shows a store owner what an endcap (the display at the end of an aisle) product placement will look like. Another offers some interesting ways to reuse content. For example, Coke is reusing its famous “I’d like to teach the world to sing” commercial in movie theaters with an opportunity for selected consumers to be part of the song. Another more practical technology uses video technology to monitor wear on truck tires so they can be replaced before there’s a blowout. Boehme says these startups benefit from access to Coke’s resources. “When you’re a four-, eight-, or ten-person company looking to support 200 countries across multiple languages, it’s hard to provide the kind of coverage that’s necessary,” he said. “We went from three to twenty-seven countries with augmented reality in three months. Now we want to get to one-hundred countries in a year.”

CBS Interactive encourages “moonshots” Not every company can, or should, invest in startups, but that doesn’t mean you can’t benefit from new ideas. In a later panel on innovation, Stephen Comstock, CIO of CBS Interactive, talked about encouraging discussions of “moonshots”: big ideas that can potentially take the company to the next level.

One example was a recent effort to make everything self-service. “When we got out of the way, and the ideas that came back were amazing. Everyone was participating. Comstock said it’s important to make everyone feel they can participate rather than “siloize” innovation. That said, however, he had noted that someone has to “herd the cats” so there aren’t crazy projects out there that don’t relate to the company’s mission.

Keep the focus on the needs of the business “We’d love to focus on innovation for innovation’s sake, but if we did, we wouldn’t have jobs. It has to be tied back to business needs,” added Tom Cullen, Vice President and CIO at Driscoll’s, the $3.5 billion supplier of fresh berries. For Cullen, working with business partners on moonshots is of interest, but he thinks it’s important to focus on improvements to “the small stuff” when it comes to his company. “Maintain trust with your team and create an environment where they feel they can fail and you have their back,” he said. Boehme also made an interesting point about how hard it can sometimes be to evaluate whether what appears to be a good idea is worth the investment. So much of its success or failure can be a function of timing. He recalled Pets.com, which became the poster child for all the high-flying internet firms before the dotcom crash in the early 2000s. Last month, PetSmart bought Chewy.com, the leading online retailer of pet supplies (the same idea as Pets.com), for a whopping $3.35 billion. “We laughed at the sock puppet (the mascot Pets.com featured in its ads), and when Pets.com crashed we all said ‘what a bad idea,’” said Boehme. “The problem wasn’t that it was a bad idea; it was that it was ten to fifteen years too early.” 31

IT AND LEADERSHIP

BY BARAKA JEFWA

UBER WAS FOUNDED IN 2009 AS UBERCAB. FOLLOWING A BETA LAUNCH IN MAY 2010, ITS SERVICES AND MOBILE APP OFFICIALLY LAUNCHED IN SAN FRANCISCO IN 2011 AS UBER. IN JULY 2012, THE COMPANY INTRODUCED UBERX. BY EARLY 2013, THE SERVICE WAS OPERATING IN THIRTYFIVE CITIES. FAST FORWARD TO 2017, AND UBER IS NOW AVAILABLE IN OVER 475 CITIES AROUND THE WORLD.

n Africa, Mr Amado is the General Manager of Uber for East Africa. He has had the role for less than a year now. Prior to this assignment, Mr. Amado was an Uber launcher in different cities across the globe. His journey with Uber started in May 2014 after successfully launching Uber in Germany. “I started at Uber three years ago. I started as an international launcher– which is setting up the business for Uber in new cities around the world. What you do is you land on the ground and really try to gauge the environment, the culture, the people, the way the city moves. You hire a local team because a local team knows the pain points of the city,” he said. “After you hire the local team, you train them, and you are also the policy, communications and regulatory point of contact. You are involved in getting first drivers onto the app and then marketing the service to the riders. Once the platform is up and running and a team is up and hired, you move on to the next city,” he added. In his role as an International launcher, Amado has had to travel to various parts of the globe to help set up Uber. After his stint in Germany as a launcher, he moved on to Athens, Greece in November 2014. He stayed there until April 2015, he then successfully launched Uber in Morocco Egypt and Croatia. A positional change soon followed for Amado which was his entry into management. 32

THE JOURNEY THAT LED LOÏC AMADO TO BE UBER EAST AFRICA GM “I moved to the head of expansion position for Sub-Saharan Africa, and that was in April 2016. I managed a team of three international launchers, and I was head of expansion. We launched Ghana, Tanzania, and Uganda in one month. We continue to see tremendous growth from these markets, ” said Mr Amado.

Uber in East Africa

“I moved to Pakistan where I led the launch of Uber in Karachi. We launched new markets and new products. In Pakistan, we also launched the first low-cost product in the region; uberRickshaw a product that features ‘Tuk Tuk’s, that was extremely exciting,” he added..

“In East Africa, we are experiencing tremendous growth, the app is making such a huge impact in the lives of people in this region. For example, in Kenya Uber has created more than 4,000 economic opportunities for driver-partners and contributed to the growth of the

In December 2016, after his stint in Pakistan, Amado moved into his new role as General Manager of East Africa, where he looks after four markets, namely; Mombasa, Nairobi, Dar es Salaam and Kampala.

CIO EAST AFRICA | JUNE 2017 | www.cio.co.ke

IT AND LEADERSHIP Uber’s growth has not been without its challenges. Earlier in the year, a section of Uber taxi drivers went on strike in demand for higher rates because of low profits. Amado, though, insists that Uber follows a data-driven economic model that caters to both drivers and riders. Kenyan economy. There is so much potential in Kenya, being the fastest growing market in Sub- Saharan Africa. We have seen potential for products like Uber Eats and Uber Rush, that we have launched in other parts of the world,” said Mr. Amado In East Africa, one of the main challenges Uber has faced is traffic congestion in cities. This is a problem which Amado insists Uber is on the forefront of solving. They are trying to help to solve this problem in a bid to increase efficiency. “If then there is a lot of traffic you can’t have enough trips. This is a challenge that has also presented an opportunity for us. We want to play a big role in reducing congestion and pollution in a lot of cities. In cities like San Fransico and New York, we launched UberPOOL a product that enables riders going in the same direction share an Uber. Uber has helped these cities reduce the number of vehicles on the roads with more people sharing rides.” he confirmed.

“We are a data driven company, when we determine Uber pricing, we always consider local conditions together with a pricing model that is tried and tested in 475+ cities across the world. When we raised prices we were confident that the prices would encourage riders on the road to increase trips for drivers and at the same time ensure the basic economics of driver-partners are sustainable.” said Mr. Amado. On the challenge of competition, Amado added that Uber is happy with the market’s competitive nature because it creates more opportunities for the customers. He goes on to add a twist to the concept of competition by stating that Uber is currently trying to compete with private car ownership.

Uber’s Milestones in the region

Even though the product is yet to launch in the country, Amado says that Uber continues to work with different cities around the world to reduce congestion and UberPOOL is part of the solution.

“In two years we started in Nairobi, and we expanded in Mombasa, within Kenya. But also in Nairobi one of the milestones is how we expanded within the city and other neighborhoods, we are now also available in; Thika, Ongata Rongai and Athi River. We also launched in Uganda and Tanzania last year,” said Mr. Amado.

“We’ve been here in Kenya for only two years. It’s been the fastest growing city in Africa except for South Africa. It’s only the start with uberX. Uber Pool will come down the line as well, and then you will see the impact it is making,” he said.

Speaking on some of the other major milestones, Amado pointed out that the company has been playing its part in driver engagement in a bid to provide extra opportunities for discounts or higher earnings for drivers.

FUN FACT We lauched Uber in Nairobi two years ago with credit cards as the only payment method. The credit card penetration in Kenya was really low. We saw the need to launch cash as a payment option on our app and since then we saw rapid growth of Uber in Kenya. A fun fact, Kenya was the very first market at Uber to launch cash. www.cio.co.ke | JUNE 2017 | CIO EAST AFRICA

Loïc Amado, GM Uber, EA, Personal profile Prior to joining Uber, I worked at a venture capital firm Nova Founders after founding my own travel startup and completing my military service in the Swiss Army. I attained my Bachelor of Science (B.Sc.) in Applied Economic Sciences & Finance from the University of Antwerp in Belgium. I also have a Master of Science (M.Sc) degree in Finance from the City University of Hong Kong. I have a heart for Africa, I am enthusiastic about the burgeoning technology industry on the continent and is excited about being a part of its growth. I am Swiss and Belgian and can speak fluent German, Dutch, French, English and a bit of Spanish.

“We signed a partnership with Sidian Bank, where drivers that have 900 trips and above on the app, and have a satisfactory rating of 4.6 and above can have access to a brand-new car without a down payment, that is because drivers are making a credit history on the Uber app. We have also partnered with Branch one Kenya’s fastest growing mobile lender on attaining 500 trips and a rating of 4.5 stars a driver can get a loan of up to Ksh 30,000,” said Amado. The company has also partnered with Total and Auto Express to provide driver-partners with discounts on services. Uber also recently launched an interesting partnership with UAP Old Mutual, where drivers can get free money management courses to help them develop healthy saving habits. Mr Amado added that the company is currently focusing on promoting their new business product, dubbed, Uber for Business that provides a transport solution for corporate companies which Amado concluded by saying, “U4B (Uber for Business) is the biggest business product that we have in Africa with Nairobi being the most successful city in Africa.” 33

WOMEN IN TECH

BY LILIAN MUTEGI

12 WOMEN CIOS RUNNING GLOBAL ORGANISATIONS

ACCORDING TO RESEARCH BY BOARDROOM INSIDERS, A C-SUITE MARKETING CONSULTANCY FIRM, IN EARLY 2016, EIGHTY-SEVEN FORTUNE 500 COMPANIES HAD FEMALE CIOS, OR 17.4 PERCENT.

s of November 1, same year, the number dropped to seventy-five, or just 15 percent. And while 20 percent of Fortune 100 companies have women CIOs in 2016, the number went down from 24 percent in 2015. However…

Jane Moran-CIO Unilever Jane Moran is the current Global CIO of Unilever, World’s third largest Consumer Goods Company. Jane has over 25 years of IT experience and comes to Unilever from Thomson Reuters where she most recently held the role of Group CIO. In December 2014, Jane was named by Computer Weekly as the most influential person in UK Information Technology. In April 2012, Jane was recognised by CNN as one of the ten most powerful women in technology as part a profile on leading women. In December 2011, Jane was profiled and on the cover of CIO Magazine.

Paula Tolliver- CIO Intel Paula C. Tolliver is corporate vice president and chief information officer (CIO) of Intel Corporation. Tolliver joined Intel as the Chief Information Officer in 2016. Before coming to Intel, she was Corporate Vice President of Business Services and Chief Infor34

mation Officer at The Dow Chemical Company.

Stephanie von FriedeburgWorld Bank Group CIO

Marcy Klevorn- CIO FORD

Stephanie von Friedeburg was appointed World Bank Group CIO and VP for Information and Technology Solutions in 2012.

Marcy Klevorn has been the FORD Group Vice President, Information Technology (IT) and Chief Information Officer (CIO) from January 2017. Klevorn has spent her entire Ford career in IT, serving in a variety of positions in the Americas, Ford of Europe, and Ford Credit. She started at Ford in 1983 in Telecommunications Services and worked at various positions within Ford IT and Ford Credit through 2004. In 2005, she was appointed Product Lifecycle Management Global Director and implemented process changes in data and information management across product creation. In 2006, as Enterprise Defragmentation Director, Klevorn led the strategy and implementation of infrastructure defragmentation, data center consolidation, and overall systems management at Ford. From May 2006 through September 2011, she led Ford’s IT Infrastructure organization. From September 2011 through September 2013, Klevorn served as IT Director for Ford of Europe and was a member of the Ford of Europe Operating Committee (EOC). She then was named Director, Office of the CIO, responsible for managing Ford’s global IT business applications, architecture, data centers, web-hosting requirements, engineering and infrastructure services.

Von Friedeburg has been with the World Bank Group since 1992, serving in a wide variety of roles including CIO for the International Finance Corporation (IFC), Senior Manager for IFC Global Information, and Communication Technologies, Manager for IFC General Manufacturing Investments in Russia and the former Soviet Republics, and Manager for IFC’s Global Telecommunications Portfolio. Von Friedeburg is on the Advisory Board of Box.org, an organization helping nonprofits become more productive and collaborative in achieving their mission. She is also an advocate for the advancement of women in Information and Technology, having co-founded the International Finance Institutions (IFI) Women in IT organization. Von Friedeburg also sits on the Board of the Bank-Fund Staff Federal Credit Union and the Global Business Initiative External Advisory Committee for Georgetown University’s McDonough School of Business.

Sheila Jordan-CIO Symantec Sheila Jordan was appointed the CIO for Symantec in January 2014. Prior to that, she was the Senior Vice President, CIO EAST AFRICA | JUNE 2017 | www.cio.co.ke

WOMEN IN TECH IT – Communication and Collaboration at Cisco. Jordan also has held leadership roles at The Walt Disney Company and Martin Marietta. She received her Bachelor of Arts degree in accounting from the University of Central Florida and her Master of Business Administration degree from the Florida Institute of Technology. She serves as a director for NextSpace, a provider of innovative physical and virtual infrastructure for entrepreneurs, and sits on the CIO Advisory Board for SnapLogic.

Pam Parisian-CIO AT&T Pam Parisian is the Chief Information Officer of AT&T. Prior to becoming the CIO, she was responsible for AT&T’s business systems as well as their Global End-User Experience in 2014. She previously served as Senior Vice President-Mobility and Home Solutions IT. She also served as Senior Vice President-Wireless Systems and Software Engineering. Her role included all wireless application software strategies in planning, design, development, and operational support including billing and quality control. Prior to her work with AT&T, she was Vice President of IT Acquisition Strategy and Planning for Cingular Wireless. Before joining Cingular, Ms Parisian was Chief Information Officer for BellSouth Cellular.

Cynthia Stoddard-CIO Adobe Cynthia Stoddard was appointed as Senior Vice President and Chief Information Officer for Adobe in June 2016. Stoddard is an IT industry veteran with more than twenty-five years of experience in technology and software development. Prior to Adobe, she was Chief Information Officer and Senior Vice President of Data Storage and Management the company NetApp. www.cio.co.ke | JUNE 2017 | CIO EAST AFRICA

Fumbi Chima-CIO Burberry Originally from Ibadan Nigeria, Fumbi Chima was appointed as the CIO of fashion house Burberry in October 2015. Prior to Burberry, Fumbi was the Corporate VP and CIO for Walmart Asia and was responsible for aligning the e-commerce strategies with technology solutions in the region. She has extensive experience in the technology arena having held IT and technology positions at AMEX and JP Morgan. Fumbi was also recently selected as a member of the United Nations’ digital taskforce working to address the digital economy in Asia. She serves on the board of the World Affairs Council and is a member of the International Women’s Forum and the Executive Leadership Council (ELC).

Sigal Zarmi- CIO PWC Sigal Zarmi is Chief Information Officer for the PwC network and fulfills the same role for PwC US. Before joining PwC, Sigal was CIO for GE Capital. She also held numerous leadership roles with GE including CIO and Chief Quality Officer for GE Corporate Financial Services, Managing Director and Chief Operating Officer of GE Energy Financial Services, CIO for GE’s Financial Guarantee Insurance Company, and CIO of GE Corporate Treasury. Prior to GE, she held leadership positions at two financial services firms and began her career as a programmer at Motorola.

Sabine Everaet- CIO Coca-Cola Sabine was appointed Europe Group CIO for The Coca-Cola Company in 2009. According to CIOnet, Sabine’s career started in 1991 as a consultant for KPMG and later Price Waterhouse with a key focus on process & organizational redesign and ERP implementations.

In 1995, she joined The Coca-Cola Company as a business analyst and consequently held various IT project and account management roles with continuously expanding functional and geographic responsibilities. In 2007, Sabine became Deployment Services Director on a global program aiming to move the Bottlers’ operating model towards standardized data and processes supported by mainly SAP systems.

Maya Leibman-CIO American Airlines Maya Leibman is Executive Vice President and Chief Information Officer for American Airlines. Prior to her role as CIO, Leibman was president of the AAdvantage loyalty program, where she oversaw all aspects of the AAdvantage program and led the Customer Relationship Management (CRM) and customer research initiatives for the airline worldwide. Leibman joined the airline in 1994 in the Revenue Management department.

Daphne E. Jones- CIO GE HealthCare Daphne E. Jones is Senior Executive and Chief Information Officer at GE Healthcare which provides medical imaging, patient monitoring, drug discovery, and employs over 55,000 people. Prior to her role at GE Healthcare, Daphne was Corporate Officer, SVP, and CIO at Hospira, Inc., a global pharmaceutical and infusion technology company. She began her career at IBM serving in sales and systems engineering for multiple industries She then moved on to Johnson & Johnson where she served as CIO. In 2016, Jones received the “Luminary Award” from the University of West Indies, and in April 2014, Jones was honored by being named one of Illinois’ “Most Powerful and Influential Women” by the National Diversity Council. She was named to Computerworld’s Premier 100 CIOs in 2012. 35

PRODUCT REVIEW

BY HAYDEN DINGMAN

few years back we were hyped about Lenovo’s selling its Y50 for $1,200. Now? You can pick up a Dell Inspiron 15 7000 Gaming notebook for $850. That’s with a 1050 Ti thrown in.

Sure, it might not be the most powerful gaming laptop, but getting a system with a dedicated graphics card at this price is crazy. And if it weren’t for one major caveat, the Inspiron 15 7000 Gaming would be an insane deal.

Big red The Inspiron 15 7000 Gaming looks damn good—at least on the outside. Dell put it into a fairly standard chassis, about an inch thick and with the iconic Dell logo on the outside. The fan vents do sport some flashy grills, but otherwise, this Inspiron looks like an enterprise laptop. You could take it to work, use it in meetings, and people would say “Ah yes, a Dell. Clearly, that person is entering data into spreadsheets.” At least, that’s what I assume. That is if you order the black version. Ours came in bright red (or “Beijing Red” as Dell puts it), and it’s much flashier than it needs to be. If you want this for gaming on the down-low, it’s better to stick to something more traditional. While the chassis is inoffensive, that doesn’t hold true once you lift the lid. The Inspiron 15 7000 Gaming has only one real design issue, and it’s the screen. Ah yes, the screen—bane of inexpensive laptops the world over. We had the same complaint about the aforementioned Y50 a few years back. It had excellent internals at fire-sale prices, but with a screen seemingly recycled out of the trash. The Inspiron 15 7000 Gaming follows in those same footsteps. Its screen is ugly. We’re talking light bleed on all four edges, a viewing angle of roughly 15 degrees, muted colour reproduction, and what I can only describe as “fuzziness”. Even when running at the laptop’s full 1920x1080 resolution, smaller text looks slightly blurry and indistinct. The display is only 15.6 inches, not a 30inch monstrosity, so there’s no reason it should look fuzzy. Yet here we are. It’s the only beef I have with this laptop. Appearance? Fine. Power? Fine—we’ll get to that in a second. Price? Excel36

DELL INSPIRON 15 7000 REVIEW: A GAMING LAPTOP AT A DECIDEDLY NON-GAMING PRICE Inexpensive gaming laptops—they’re the order of the day with component prices reaching new lows and non-gaming companies putting out quality products at a bargain. lent. But this screen is simply awful, and I can’t stress that enough. It’s a shame, whether you’d use this Inspiron as a cheap gaming laptop or for getting work done. In fact, the latter makes this notebook a particularly hard sell given the number of quality, work-oriented 15-inch laptops in the same price range. Everything else offers a much better experience. The keyboard and trackpad are both plain but serviceable. The keyboard offers single-color red backlighting, which is useful, if not very bright. The trackpad is slightly offset to the left, centred under the main keyboard. I find that design a bit annoying and cramped, especially for gaming, but I assume in most situations you’d hook up a mouse for anything serious. The trackpad is responsive, though, with good sensitivity out of the box. I was impressed given the myriad troubles I’ve had previously with trackpads on inexpensive laptops.

Ports include a lock slot, barrel charging, single USB 3.0, and SD card reader on the left; and an ethernet jack, HDMI out, two more USB 3.0 ports, and a headphone/mic jack on the right. While we’re on the topic, you’ll want to use that headphone jack. The Inspiron 15 7000 Gaming’s built-in audio is as good as you’d expect from an $850 laptop—or in other words, not that good at all. The speakers work in a pinch, but any gaming will beg for decent headphones.

Performance Under the hood, this Inspiron is pretty damn solid. Again, it’s not a $3,000 gaming beast, but our review unit came packed with a quad-core Intel Core i57300HQ clocked at 2.5GHz, Nvidia GTX 1050 Ti, 256GB SSD, and 8GB of RAM. It’s a modest machine, but even “modest” is surprisingly powerful nowadays.

PRODUCT REVIEW

After running through our usual bevvy of benchmarks, I came away impressed with the results. In last year’s Rise of the Tomb Raider, for instance, the Inspiron 15 7000 Gaming still managed 44.6 frames-per-second on the Very High setting. Drop down to High, and you get 52.8 frames-per-second. Is that the smooth 60 frames-per-second at 1080p that PC gamers crave? No, but it’s definitely better than I expected from a GTX 1050 Ti in one of 2016’s prettiest games. Head back a few years, and the scene looks even better, with the Inspiron 15 7000 Gaming pumping out 56.8 framesper-second in Middle-earth: Shadow of Mordor on Ultra with the 4K texture pack installed. That said, there are better laptops out there. Even moving up to a GTX 1060-equipped machine can provide a big bump in performance. As you can see in the charts, the GTX 1060-equipped Alienware 13 managed 87.3 frames-persecond in Shadow of Mordor and 59.1 frames-per-second in Rise of the Tomb Raider. Jumping up one more level to the HP Omen 17 and its GTX 1070 netted 118.9 frames-per-second and 95.5 frames-per-second, respectively. These machines are more future-proof, too. Of course, they cost more. For $850, the Inspiron 15 7000 Gaming’s performance is way better than expected. The Inspiron 15 7000 Gaming’s performance holds up well outside of gaming, too. It put up a score of 3,486 in PCMark 8’s Work Conventional test at 1080p, which compares favourably to the 1060-equipped Acer Predator 15. We also put it through our Handbrake encoding benchmark, which involves converting a 30GB MKV file to a smaller MP4 to the Android Tablet preset. It’s a CPU-focused test, and the results can also reveal how a system handles itself under a heavy thermal load. In www.cio.co.ke | JUNE 2017 | CIO EAST AFRICA

this particular benchmark, the more modest Core i5-7300HQ did take a clear second place to the Core i76700HQ laptops we’ve tested. This new midrange quadcore took an hour and six minutes compared to the 50 to 55-minute range of the Core i7 quad-cores. That’s absolutely fine, though. You likely won’t be using this machine for any heavy content creation, and we didn’t see any major issues with throttling of performance. If that still gets you down, cheer up— the Dell has one huge advantage, and that’s the battery life. Typically, gaming laptops have terrible battery life, even when they’re running off of integrated graphics. The Inspiron 15 7000 Gaming, however, averaged about eight hours in our battery rundown test. Our benchmark is performed by setting the screen brightness between 250 and 260 nits and audio volume to 50 percent, then plugging in a set of earbuds and playing a 4K video file on loop in a Windows 10’s Movies & TV app until the machine dies. The Inspiron’s runtime is impressive, especially given that the Acer Predator 15 and Alienware 13 only lasted just over four hours in the same test. And those two machines lasted longer than I expected of gaming laptops. Playing games will run the battery dry much faster, of course, but this means you can use this notebook for other tasks without worrying about finding a power outlet.

Bloatware Okay, I lied a bit about the screen being my only caveat when it comes to the Inspiron 15 7000 Gaming. I forgot about another common problem with inexpensive laptops: preinstalled bloatware. And wow, Dell has packed it into every nook and cranny here.

It’s a modest machine, but even “modest” is surprisingly powerful nowadays.

You’ll find the usual offenders, of course, such as McAfee. Get ready to wipe that and a couple of random games off your machine and never look back. But it’s Dell’s own programs I actually find most annoying. They interrupt you seemingly every fifteen minutes to let you know about some other special offer, some bit of software you need to register, some crapola you don’t want and don’t need. There’s a whole folder of stuff here: Dell Customer Connect, Dell Digital Delivery, Dell Notifications (an independent notification system!), Dell Update, SupportAssist, and more.

Get ready to hate this screen. It’s frustrating. Frankly, I’ve gotten used to the experiences offered by Razer, Origin, and even the higher-end laptops from MSI and Asus. Get the laptop, sign in, and then...nothing! It’s clean. Razer might prompt you with some of its software—Synapse or what have you—the first time you log on, but you can tell it to leave you alone and then enjoy peace and quiet. These lower-end laptops come crammed with unnecessary software and remind you of that fact every damn day. It’s a mess and just an awful user experience for anyone without the patience to seek and destroy all the offending programs. It’s one more thing to keep in mind before you purchase an Inspiron 15 7000 Gaming: The price is excellent, but the hidden cost is in the bloatware.

BOTTOM LINE That price is so, so excellent though. I am really and truly amazed at the gaming performance you can get from a sub-$1,000 laptop nowadays, and doubly amazed that this machine comes from Dell. Granted, it’s not incredibly powerful nor future-proof. But it’ll play most of today’s games at decent enough quality, and will definitely play games like League of Legends, Dota 2, Rocket League, CSGO, Team Fortress 2, and Overwatch—you know, some of the most popular multiplayer games of the day. Hook up a mouse, and you’re ready to game on the go—all for $850. Not bad at all. 37

FEATURE

BY LILIAN MUTEGI

The Standard Group: Creating an innovation culture to stay ahead FROM THE STANDARD NEWSPAPER , TO TELEVISION, RADIO, AND INTERNET SERVICES, STANDARD MEDIA GROUP MANAGES A BROAD AND COMPLEX ARRAY OF SERVICES. STANDARD NEWSPAPER IS PERCEIVED AS THE OLDEST NEWSPAPER IN EAST AFRICA HAVING BEEN ESTABLISHED IN 1902, AS A WEEKLY PAPER KNOWN AS THE AFRICAN STANDARD. THE AFRICAN STANDARD WAS THEN OWNED BY ALIBHAI MULLA JEEVANJEE, AN IMMIGRANT BUSINESSMAN FROM INDIA.

n 1905 Jeevanjee sold the paper to two British businessmen who changed the name to the East African Standard. It became a daily paper and moved its headquarters from Mombasa to Nairobi in 1910. “He started the paper so as to tell things from his side. At the time the newspaper declared strongly colonialist viewpoints,” said Orlando Lyomu Finance Director, The Standard Media Group in an interview with CIO East Africa as we explored the Group’s Innovation Journey. Around 1963 the African Standard was acquired by The British-based Lonrho Group. The paper changed its name to Standard in 1977 but the name East African Standard was revived later. It was then sold to Kenyan investors in 1995. In 2004 the name was changed back to The Standard. In 1989, at a time when Kenya was going into multi-party era, the Standard Group acquired the KTN Television Channel. In 1991 KTN was added to Standard as the first independent TV Station.” I was in High School back then and KTN was the best thing after the slice of bread,” said Mr. Orlando. 38

Afterwards all the other Standard Products including PDS and Radio Maisha were on boarded and two years ago the group started a second TV Station KTN News as well as our digital platform. “It is been five years trying to penetrate the Digital Market. We are trying to find our footing into this as it is new to everyone and still figure out how the digital age can make commercial sense to the business. Despite all the content we have, we have to find a way to render it in a way that people come to you either through buying it or attract them in huge numbers so that you sell advertising,” Being the oldest media house in Kenya the Group for the longest time had its own struggles. “For some reason despite being the oldest media house in the region, everything remained oldest. In the sense that our operations were very slow. We have impressive facilities but underneath the glamour and splendor, was a system that was very archaic. Things were done traditionally and because of that we needed more people to do it,” said Mr. Lyomu. He added that he likened the state of the media house to the case of a sleepy

giant that needed an army to be moved. “Whereas when you wake it up it will do a lot by itself,” he said. Starting from the company’s production, Mr. Lyomu told us that reporters would write stories and send via personal accounts and if the editor could not access the emails, the stories would get lost, making it hard to measure productivity for reports, since information was coming through unregulated channels. The same applied to the accounts systems leading to huge revenue losses due to lack of right channels for accountability. “We had challenges ranging from visibility of the business-there was no visibility about the sales and returns at different branches and the overall organisation had difficulty understanding the performance of all locations to Manual approval – approvals were paper based and there was no control to validate discounts. Controlling the revenue leakages and fraudulent activity from internal and external customers was a major challenge as well,” said Mr. Orlando. To retain its previous glory, the company had to think fast. From his end, Mr. Lyomu had to convince the CEO to convince the CIO EAST AFRICA | JUNE 2017 | www.cio.co.ke

FEATURE board, that to save the business The Group needed to automate the business through the implementation of an ERP System. “The challenge here was trying to explain what the Return on Investment would be. We are all wired to think on these lines and people want to see numbers,” said Mr. Lyomu. The budget estimated was close to 400 million. ”Don’t forget as a company we were still struggling with the cashflow crisis. So how do we sell this and get along with it. It was more like putting your head on a chopping board and cutting it,” added Mr. Lyomu. He further stated, “The next issue was around people, in terms of which company would deliver such a huge project for us. The next move was to convince the board to approve the 400 million budget. But finally we were able to kickstart the project,” he added. The Group was looking at two key ERP Systems, the Oracle Financial and SAP. Being a media house, it was key that they get a system that incorporates operations that will fit their niche. The Group then settled for SAP and settled for Invenio and Alttab Africa Limited as implementing partners. “We settled for both reason being that Alttab was a good local company with ERP Expertise but no media expertise while Invenio was a good international company with media expertise. So we brought the two companies on board,” said Mr. Lyomu. In 2014 June, the project kicked off with one simple deadline to go live in January 2015. Because being a listed company, we would reduce the complexity of working with two systems during the audit. “It was not easy. I remember at some point while having our go live or not to go live conversations with SAP, they suggested we have an extended deadline as risks of failure were too high. But come to think of www.cio.co.ke | JUNE 2017 | CIO EAST AFRICA

it, projects fail because we want to do everything. We had to narrow the project to key operational factors that needed to go live and must run efficiently for us to succeed the rest we can onboard or soft tune as we go along,” said Lyomu. He added, “Number one was the paper had to be read so any process that would deliver that had to work. Number two was, we must invoice the client so any process around that also had to be ready. Number three was we need as a company to run a trial balance so the process on that as well should be ready.” The system went live on 1st January 2015 as planned. However, at some point the system failed but the team was quick to detect the error in time to make it to press on time, well, a few hours past press time. Even with the systems in place there was now an even bigger problem and that was data! “ The quality of data, in terms of getting the right vendor information now stood as a major challenge for us. We had over up to 5000 vendors, whom we didn’t know.” “We had to find a unique identifier for these people. So what we now did was, each vendor was given an SAP Account in that every time they pay us, the money would hit SAP Account directly. In the same system we developed a system and gave sales executives a gadget that gets to record the unsold copies as well as the sold, the cash received and generates a revenue receipt,” added Mr. Lyomu.

The aftermath.. “With the systems in place, today, I can see every transactions and revenue accountability has become quite easy. When I joined Standard, we were collecting 250-350 million a month and today, on average we are collecting 450500 million a month. This has helped

seal a few revenue leakages gaps,” he added. He further stated ”That has helped us do more, innovate more and invest in more areas. You can see now the Return on Investment that was quite hard to quantify in numbers, the system has enabled us make real time and better decisions and account for our revenues as well as offer better services tour customers. This has helped drive better profitability and secures cashflow management.” Phase two of the project was started immediately and lasted for six months. This was on the media side where the SAP implemented IS Media platform which focused on Media Advertising. “Naturally Phase two was easier. We went live with Phase Two and SAP suggested we submit our project for the The SAP Quality Awards, awards given every year to customers for successful implementations and delivery Excellency of SAP solutions,” said Mr. Lyomu. “We won The Bronze SAP Quality Award in the Fast Delivery category, following the implementation of SAP ERP and IS-Media solution, implemented by Invenio and Alttab. The award was achieved due to the quick and cost-efficient implementation of the SAP ERP solution to TSG. This was a crowning moment The Group,” he added.

BENEFITS “What used to take us long can now get done in a short time. One year later and with two phases implemented, (SAP ERP and SAP IS Media) The Standard Media Group had managed to decrease revenue leakages by 90% and expects to record a 25% lower debt volume this year,” said Mr. Lyomu The Group also increased revenue from newspaper vendors, thanks to a new mobile money collection process. They also were able to streamline distribution operations with a highly visible and transparent supply chain. “We have automated our News System as well. We are also getting away from the old OB Vehicle and moving to light portable devices. Our reporters now have GSM Packs to do live reporting from anywhere they are. We get to invest less for more,” said Mr. Lyomu “Technology dictates how our business should be done. So it is up to us to keep innovating so that we remain relevant and that is what we keep doing at TSG so as to stay ahead,” concluded Mr. Lyomu. 39

OPINION

WANNACRY REMINDS CIOS TO STAY ON TOP OF PATCHING BY CLINT BOULTON

THE WANNACRY RANSOMWARE WORMING ITS WAY THROUGH THOUSANDS OF CORPORATE WINDOWS COMPUTERS IS A SOBER REMINDER OF THE IMPORTANCE OF SAFEGUARDING SOFTWARE, PARTICULARLY WHEN PATCHES BECOME AVAILABLE FOR CRITICAL VULNERABILITIES.

nd while it’s easy to shame affected companies for failing to patch their software, cybersecurity experts say the calculus is much more difficult. Regardless, the experts agree that Wannacry was serious enough that it warranted immediate patching. Quick recap: Friday 12th, 2017, hackers unleashed malware that began spreading among computers, shutting them down by encrypting data and then demanding a ransom of $300 to unlock them. This ransomware, built with the EternalBlue Server Message Block worm hackers stole from the National Security Agency, impacts computers running Windows 7 and Windows XP.

Troy Hunt, a Microsoft regional director who conducted multiple OS and browser upgrades while working at Pfizer, says one of the most painful and costly parts of patching was ensuring compatibility with existing software. “The last one I recall was simply an Internet Explorer upgrade, and the cost of rectifying nonfunctional web apps within the organisation was a seven-figure amount,” Hunt wrote on his blog. “Organisations need to be proactive in monitoring for, testing and rolling out these patches. It’s not fun, it costs money, and it can still break other dependencies, but the alternative is quite possibly ending up like the NHS or even worse.”

Microsoft issued a security update to stop WannaCry from impacting Windows 7 on March 14. It released a similar patch for Windows XP, which the company ceased supporting in 2014, over the weekend. But WannaCry’s spread has been swift, with more than 200,000 computers at FedEx, Renault, the U.K. National Health Service (NSA), and other organisations spanning 150 countries falling prey to the ransomware. WannaCry could signal the beginning of a broader attack as a variant

Failing to test patches for incompatibilities is risky, Viscuso says. For instance, if a financial services firm breaks a crucial high-speed trading application while conducting an upgrade, it will have to shut down the application and fix the code costing the company potentially tens of millions of dollars of downtime.

To patch or not to patch

When a vendor launches a patch outside of its normal patch cycle, as Microsoft did when it released MS17-010 on March 14, it disrupts the cadence that companies have built into their IT and business processes. Viscuso says many companies wait until the next patching cycle to roll out something. That’s why so many companies were impacted by WannaCry; they simply didn’t patch when Microsoft made its upgrade available.

The news has thrown IT departments into chaos. As CIOs and CISOs scramble to mitigate damage, it’s worth exploring the process enterprises use in deciding whether to patch or not. Mike Viscuso, CTO of cybersecurity firm Carbon Black and a former NSA analyst, says that IT departments teams conduct monthly or quarterly courses of patching and upgrades for dozens or even hundreds of applications they’ve developed in-house. Prior to rolling out patches, IT departments conduct regression testing to ensure their custom software will still work with the new code. 40

Damned if you do But failing to keep up with patching also courts risks.

Patching the vulnerability that cracked open the door to WannaCry was a no-brainer despite the challenges it presented because it was capable of being exploited remotely, says Steve Grobman, CTO of security software maker McAfee.

Simply making a network connection with a machine introduced the threat. But because this patch dealt with the Server Message block–the part of the OS that enables file-sharing –the likelihood of breaking applications during patching was also high. The risk was particularly steep for organisations with large numbers of legacy applications, some of which were two or more decades old whose developers may no longer be alive, Grobman says. For that reason, many companies simply elected not to patch. “They’ve been leaving the pot on the stove while they go to work for many years and there hasn’t been an issue,” Grobman says. “When you exhibit risky behaviour, just because something bad doesn’t happen shouldn’t imply something couldn’t happen.” Grobman expects CIOs will recalibrate their IT processes to take a much more aggressive approach to patching. This is important at a time when the Shadow Brokers hacker collective that claims to have stolen EternalBlue and other exploits from the NSA says that more exploits are on the way. But with roughly 5,000 new vulnerabilities emerging every year, it will be impossible for CIOs to patch every hole, says Carbon Black’s Viscuso. He says that CIOs must rank the ones that pose the greatest threat to their businesses, test them and schedule upgrades. The takeaway for CIOs: keep your work computers updated with patches on a regular basis and apply emergency patches as needed. Ensure PCs are running a current operating system and manage your anti-virus software to maintain updated virus definitions. Backup PCs and servers nightly so if ransomware does get into your network, you can restore resources quickly. ( The author is a senior writer for CIO. com.) CIO EAST AFRICA | JUNE 2017 | www.cio.co.ke

OPINION

STEP UP TO COGNITIVE ERA WITH WATSON FOR CYBER SECURITY BY PATRICK RONO

Evolving IT environment New information technologies such as Cloud, IOT and Mobile and social computing are changing the way our society works and the way companies do business. Technological innovation and increased adoption of electronic platform has enhanced communication , automated complex processes and provided a wealth of information that can be processed into useful actions . Today billions of devices are inter-connected. This opens a door to more potential vulnerabilities and exposes company’s most valuable assets to new security risks. To achieve optimal security companies have to invest in smart security technologies. A few years ago protecting computer networks from attacks consisted of having good access controls and a solid perimeter defense including but not limited to firewalls, anti-virus software and web gateways. Unfortunately, humans continue to count on walls, whether made of digital technology or stones, to protect them. Today these methods are not the most sufficient approach for safeguarding your assets. The mistake is assuming everything outside is bad and everything inside is good. Internal networks have entered the era of Zero Trust. Every device and user inside a network must not be considered any more trustworthy than unknown devices and users outside the firewall. Once a hacker is inside a network, the perimeter defenses becomes more of a trap than a protection. Most organizations have come to learn this the hard way. Attacks are getting more sophisticated, malware comes in new forms and hackers are continuously using modern tools trying to penetrate into systems. The perimeter defenses of yesterday are no match for today’s attack vectors.

Shift towards cognitive Security Cognitive security is the use intelligent systems to analyze security trends and www.cio.co.ke | JUNE 2017 | CIO EAST AFRICA

distill enormous volumes of structured and unstructured data into information, and then into actionable knowledge to enable continuous business improvement and security . Cognitive technologies are helping intelligence analysts grapple with today’s unprecedented levels of financial crime,terrorism, and other serious global cyber threats. Cognitive systems can ingest terabytes of unstructured data rapidly and allow analysts to more quickly query it , surface hidden connections among entities within it and get investigators the information they need in time to act. Cognitive technologies such as natural language processing , pattern recognition and machine learning tap-into the explosion of unstructured data can hold the key to breaking a case. Cognitive security involves training a new generation of cognitive systems. These systems ingest , reason and learn security topics. When an incident occurs, it taps into structured and unstructured security data then devises a threat research process to perform knowledge and threat discovery on the offense. It then gives results and recommendations about the threat. An analyst can then perform further actions based on the recommendations by the systems and send the information along with evidence and key insights returned to incident response team to take remediation.

Watson for Cyber Security a Game Changer What is Watson of Cyber security? Watson for Cyber security is a cognitive security system that understands information security language. Cognitive security is characterized by technology that is able to understand, reason and learn information security . A much greater scale of relevant data is now accessible with Watson that can process and interpret the 80% of today’s unstructured data. Watson can ingest a corpus of knowledge and then this knowledge is enhanced as security professionals inter-

act with this system. As time goes by it’s knowledge base grows and continues to observe behaviors and events,distinguishing bad from good and the ability to leverage integrated defenses to block the new threats get stronger. Watson processes a new information at a speed that can surpasses any human ability. By making security analyst more effective and accelerating the response to emerging threats, Watson will improve level of confidence and risk control and help to address the current skills gap in security industry.

What Watson can do for your business The volume of threat data and security incidents exceed the capacity of even the most skilled security professional. Watson for Cyber Security taps into unstructured data that is (research papers, websites, blogs) and correlates this data with local offenses. This augments a security analyst ability to understand and identify threats. Watson is the first augmented intelligence technology designed to power cognitive Security Operation Centre (SOC). It integrates with IBM security intelligence solution – QRadar- helps uncover hidden threats and automate insights revolutionizing the way security analyst work. Watson also generates reports on threats in a matter of minutes. Speeding up both threat detection time and response time.

Future of Watson for Cyber security As the cognitive security community grows, and the viability of new attacks is diminished, cyber crime will enter into a new economic reality. Efforts to develop malware that evades detection will become increasingly complex and costly. Cognitive security will empower security analysts with the capabilities to find early warnings of potential attacks and significantly increase attack detection. Cyber criminals will find the payoffs to be harder and harder to achieve. 41

HARD TALK

BY ROBERT YAWE

IS SAFARICOM SINCERE ON INNOVATION?

his was not empty rhetoric, as Microsoft went a step further and made available free online training that allows one to qualify as a data scientist.

I recently took up the offer and challenge by Microsoft to take up data science. There is too much data out there and too few people who know how to extract knowledge.

I am currently on my fourth module, and so far, it is clear that there is a need for more ICT professionals to take up the study of data science, as it will soon be more important than an MBA. As part of the exercises, Microsoft gives you access to huge data sets hosted on their Azure cloud platform. This allows you to appreciate the fact that you do not need huge in-house servers to take advantage of the big data sets. The more I study, the more handicapped I feel as I cannot find relevant local data sets on which I can test my newly acquired skills. Data in Kenya has yet to be liberated, not only by the public sector but also private sector custodians. I call them custodians because the collection of the data was paid for by the public sector and there is a need to make it available to its rightful owners. Access to Information Act, 2016, that gives effect to Article 35 of the Constitution of Kenya declares that the provision of information is a fundamental freedom enjoyable by all citizens, yet I am unable to get access to information such as the censorâ&#x20AC;&#x2122;s data or even detailed results of KCSE and KCPE results. You must be wondering why I put Safaricom in the title and not the government. Well, it is because Safaricom has more data about me than any other entity, so to me, they are the ones denying me the larger portion of my fundamental freedom. The empty rhetoric by Safaricom of their dedication to encourage innovation is the other reason why I felt it prudent to target them instead of others who give no such assertions. Safaricom knows how much I spend, where I spend I,t and when I spend it. They know all my close contacts as well as casual contacts. They know where I have been, who I visited, and for how long. With the vibration sensor on my phone, they will soon be able to know what I did, when, where and with whom.

All that is my personal data. Throw in the new surveillance cameras, and they can now verify that it was me carrying out all those activities. It is annoying that we cannot make such basic data available. Imagine how more difficult it will be to implement an electronic medical records (EMR) policy. I am not looking to have them gagged or make to sign nondisclosure agreements, but only to release the same to me in a format that I can extract knowledge from it to make the new life they have provided me with more palatable. They should also be able to anonymize the rest of the data and make it available to me so that I can extract even greater insights into what is going on around me. I should be able to find out whether I am being stocked or even when my activities have become routine so that I can change them to retain my sanity. That is only on a personal scale. Imagine making the data available to allow the analysis of vehicular and foot traffic patterns that can assist the police who are tasked with controlling the flow within the cities. It would also be able to help us provide business opportunities using the data that Safaricom already uses to optimize locations of mPesa agents. This is public data, and the first thing we need to do is include telecommunications transactions under the banking and insurance acts as they relate to retention of data. Safaricom is currently dumbing-down data vital to developing artificial intelligence, which is a critical part of the innovation for which they are giving lip service. Safaricom, it is my constitutional and fundamental right to have access to ALL the data that you hold on me. This includes which broadcast transmission station (BTS) that I interacted with, when, and for how long, to the mPesa agent who I use the most frequently. I look forward to you releasing my data so that I can continue with my data science endeavors utilizing relevant data to produce insights on myself. CIO EAST AFRICA | JUNE 2017 | www.cio.co.ke