CIO Africa April 2022 Edition

Page 1

VOL 25 | ISSUE16 | APRIL 2022 EDITION

KSHS.300 | USHS.9,000 | TSHS.6,000 | RWF.2,200 | OTHER USD.9

@CIOAFRICA

CIO, FAMILY BANK. KEEPING IT ALL IN THE FAMILY Inside >>

@CIO_AFRICA | WWW.CIOAFRICA.CO

Jack Sikenyi EMERGING CYBERSECURITY TRENDS IN 2022 RELEASED Demystifying the Kenyan Data Protection Act and GDPR How To Deliver Services and Value Through The Cloud

/CIOAfrica

/CIOAfrica

/CIO_Africa


The CIO Africa Highlights SURVEYS · OVERVIEWS · TECHNOLOGY · EXPENDITURE · PROJECTIONS Compiled by Insight Wells Research, this year’s edition of CIO Africa highlights a case of the three A’s - namely adaptation, analysis and adoption. Throughout the CIO100 Africa submissions, we witness companies not only brace for the pandemic’s impact, but also adopt new ways of doing things as a business survival strategy with IT taking centre stage as a key enabler to business profitability.

Megatrends Report Highlights 2021

GET YOUR COPY TODAY! FOR MORE INFORMATION CONTACT: MARKETING@CIOAFRICA.CO 2

www.cioafrica.co | APRIL 2022 | CIO AFRICA

@CIOAFRICA

@CIO_AFRICA | WWW.CIOAFRICA.CO


@CIO_AFRICA | WWW.CIOAFRICA.CO @CIOAFRICA

www.cioafrica.co | APRIL 2022 | CIO AFRICA

3


>> Contents VOL 25 | ISSUE 16| APRIL 2022 EDITION

CIO AFRICA TEAM Editor-in-Chief Carol Odero

WRITERS

10

>> GUEST EDITOR

16

>> THE ROUNDUP

Kevin Namunwa Steve Mbego Tasha Francis

TECH COLUMNISTS Robert Yawe Michael Michie

PUBLISHER Harry Hare

OPERATIONS DIRECTOR Andrew Karanja

OPERATIONS MANAGER Naomi Kangethe

22

>> THE LEAD

40

>> SECUREWORKS Q&A

Commercial Director Aliza Thobani

MARKETING MANAGER Vanessa Obura

EVENTS MANAGER Ellen Magembe

34

FINANCE MANAGER Teddy Mukabane

EVENT EXECUTIVES Mellisa Dorsila Justin Maganga Felix Moturi

>> IT LEADERSHIP

Virtual & Hybrid Events Coordinator Stacey Njeri

PHOTOGRAPHY Arthur Kuwashima

BUSINESS CONSULTANT Njambi Waruhiu

EVENTS PLAN LEAD Bonface Shikuku

ADMIN STAFF Videlis Syovata Priscilla Egehitsa Daniel Mwaha

44

TRAINING Rose Waguthi

CREATIVE DESIGN Samuel g. Ndung’u

4

www.cioafrica.co | APRIL 2022 | CIO AFRICA

>> THINKING ALOUD

46

>> HARD TALK


Finserve

@Finserve_Africa

On Jenga, we set you up to receive payments from card to mobile wallets across 180 multi-currencies. You can also send simple payment links to your clients anywhere in the world on SMS, social media or email to receive payments. Whichever way your clients want to pay, we’ve got the gateway.

@CIOAFRICA

Call us on 0766000200 or email us on sales@finserve.africa to get set up for free.

@CIO_AFRICA | WWW.CIOAFRICA.CO

Finserve Africa

www.cioafrica.co | APRIL 2022 | CIO AFRICA

5


>> Editorial Team

>> EXECUTIVE TEAM

Harry Hare Chairman & Publisher

Andrew Karanja Director

>> ACCOUNTS

Teddy Mukabane Finance Manager

Aliza Thobani Commercial Director

Kevin Namunwa STAFF Writer

Tasha Francis Editorial Intern

MICHAEL MICHIE Head of IT, TripleOKLaw

Robert Yawe CEO, SYNAptech Technologies

Ambrose Gahene Tech Writer

>> SALES TEAM

Purity Kamau Accounts Assistant

Vanessa Obura Marketing Manager

NGENGI KAMAU SENIOR ACCOUNT Manager

Steve Mbego STAFF Writer

CAROL ODERO Editor-in-Chief

Arthur Kuwashima Lead Photographer

>> OPERATIONS

>> HYBRID EVENTS >> CREATIVE TEAM

Naomi Kangethe HEAD OF OPERATIONS

Stacey Njeri Virtual & Hybrid Events Coordinator

BILLY OMINGO ACCOUNT Manager

SAM NDUNG’U CREATIVE DIRECTION/ GRAPHIC DESIGN

>> EVENTS TEAM

Ellen Magembe Events Manager

PUBLISHED BY:

>> ADMIN

Mellisa Dorsila Events Assistant

Justin Maganga Account Executive

PRINTED BY:

Felix Moturi Audience Generation Executive

SHIRU WAWERU EVENTS SUPPORT

Contacts eDevelopment House 604 Limuru Road Old Muthaiga P O Box 49475 00100 Nairobi, Kenya +254 725 855 249 Email: info@cioAFRICA.co

6

IAN WAGGA Digital Marketing/ Graphic Design

www.cioafrica.co | APRIL 2022 | CIO AFRICA

Ian Obukwa Event Support

MARY KARIITHI Event Support

Videlis Syovata administrator

ALL RIGHTS RESERVED

The content of CIO Africa is protected by copyright law, full details of which are available from the publisher. While great care has been taken in the receipt and handling of material, production and accuracy of content in this magazine, the publisher will not accept any responsility for any errors, loss or ommisions which may occur.


>> LETTER FROM THE EDITOR IN CHIEF

ARE YOU LOYAL TO YOUR BRANDS?

“It takes months to find a customer … seconds to lose one.” – Vince Lombardi

Almost half of the respondents in this survey held by the Kenya Bankers Association prefer fully automated or selfserving banking services. This is taken as proof of digital transformation. It just so happens when banks invest in the customer experience, they have a greater wallet share, and, are far more likely to be recommended by others. They can also easily up-sell or cross-sell products and services. If a bank is terrible at giving financial advice and has abysmal service, customers vote with their feet. But all is not lost. If you are in financial services, you want an engaged customer. To engage them means educating, notifying and surveying said customers. You will also need to embrace the omnichannel approach. Meet your customers where they are, and that tends to be digitally. You have to understand the customer journey. I have heard of instances where certain vloggers, despite getting a whole lot of freebies, still go through the process of buying their own merchandise because if they do not remember the customer has a journey, they would be losing the plot. Banks are great collectors of big data and analytics.

An American study – and we know how democratic their problem solving can get – says American on average, spend 13 hours per year in calling queue. A 2010 study published in the journal Cost Management, “a third of complaining customers must make two or more calls to resolve their complaint. And that ignores the portion who simply give up out of exasperation after the first call.” And, according to a 2017 survey by Customer Care Measurement and Consulting the Carey School of Business at the Arizona State University, “over three quarters of complaining consumers were less than satisfied with their experience with the given company’s customer service department.” Here is the most interesting part. Some companies couldn’t give two hoots about their reputation, especially those who control a large market share. This is reflected by the fact that the Carey School of Business survey respondents said they’re most frustrated with airlines, internet, cable, and telephone service providers. Locally, we know the people we tend to make calls to. We are always hopping on calls to complain about the internet and about banking services. So if 29,000 respondents say a bank is good at customer responsiveness, we kinda want to give them kudos.

@CIO_AFRICA | WWW.CIOAFRICA.CO

This month, I had an extensive conversation with Jack Sikenyi, the CIO, Family Bank. They won an award for creating the Best Tier 2 bank in for their unique way of doing the thing that they do, customer responsiveness and satisfactory digital experience. It seems we have a thing for banking apps, closely followed by mobile banking and internet banking.

Customers share invaluable insights with them that can be used to improve the customer experience. It even goes as far as informing the team on personalisation. Customers are like lovers. They want to feel valued, appreciated, and confident that you have their backs. It means building trust. When customers feel like this, they will tell a friend. This is a good thing. You want it to happen.

@CIOAFRICA

It is no secret that banks had a come-to-Jesus moment the last two years. Not only did they have to think of new ways to face off with their clients, they also had to make their presence felt beyond automation. With the Central Bank of Kenya strongly recommending that we use alternative ways to spend money, - read digital – the idea of cashless states begun to make sense to the middle class.

www.cioafrica.co | APRIL 2022 | CIO AFRICA

7


>> GUEST EDITOR

Sherelle Farrington

Security Solutions Manager at Fortinet

8 KEY STEPS FOR SUCCESSFULLY

NAVIGATING THE TRANSITION TO CLOUD New digital technologies are driving change at an unprecedented pace across all sectors. To remain competitive in this rapidly changing world, organisations require, above all, speed and agility. Cloud-based infrastructure and services promise exactly this. With their economies of scale and flexible, consumption-based pricing, cloud services offer access to leadingedge technology with virtually limitless global scale, and none of the capital investment of an in-house solution. Realising the full potential of cloud requires fundamental changes though, not just in the conception, delivery, and operation of IT and OT services, but in the culture and organisational structure of the entire organisation. Cybersecurity has a critical role to play in this transition - empowering the business to seize this opportunity and ensure that the very ambitions driving cloud adoption do not put the entire 8

www.cioafrica.co | APRIL 2022 | CIO AFRICA

organisation at risk. Rising to this challenge demands that cybersecurity teams go through their own cloud transition. The task may be daunting but there are key enablers that have proven essential to success. Embrace Diversity The preferred choice of cloud environment will often vary from one team to the other, based on their familiarity with specific platforms, or their particular needs and objectives. Forcing everyone to use a single centrally selected option, while simpler to manage, is often just not viable. It can reduce staff satisfaction, increase time to value, and limit the potential benefits that the business is looking to achieve with cloud. With 76 percent of organisations using two or more cloud providers1, cybersecurity and networking teams must rise to the challenge of supporting the business in this endeavor by providing the same level of protection

and connectivity required to secure and integrate a diverse range of cloud environments. Standardize The only way to deliver this consistent protection across hugely different cloud platforms is through standardization. By abstracting security away from the underlying environment, organisations can ensure the same enterprise-grade protection can be obtained across a diverse range of environments. This provides the business with the freedom - and confidence - to select their platform of choice. For security teams, a unified, collaborative security framework simplifies their challenging task of delivering this protection and getting deep visibility across such a diverse and distributed digital landscape. Operations are simpler, delivery is more efficient, the learning curve is lower, and overall protection increases. Not doing so risks coming up against challenges and barriers that can hold back the


Integrating security into these agile cloud environments demands that security and networking teams adopt DevOps practices, tools, culture, and mindset. Security itself becomes code – something called Infrastructure as Code (IaC) - or simply a service to be consumed. It is orchestrated by DevOps tools, validated in its own CI/ CD (Continuous Integration/Continuous Deployment) pipeline, and pushed to central repositories for cross-team access. This Security as Code, or as a Service, must be self-service, flexible and modular. It must integrate realtime cyber defense to proactively mitigate risks – whether from attacks, vulnerabilities, or simple mistakes and leverage AI and machine learning to minimize friction. Fundamentally, security teams must deliver the on-demand scale and agility that are inherent to a DevOps world. Automation and APIs are key. The DevSecOps Advantage Security and networking teams that master cloud and excel in this agile world are able to deliver true business value to the organisation. An integrated Development, Security, and Operations (DevSecOps) team harnesses its multidisciplinary expertise and aligns objectives to deliver better business outcomes faster, with less risk and in a more efficient and effective manner.

Leverage vendor expertise to fast track this process. They have the experience of designing and integrating security into all the different cloud environments for a vast range of customer scenarios. Their tried and tested modular designs provide baseline templates that can be customized and tailored to meet any specific needs. Many also provide free training and may even offer cloud consulting and professional services to help accelerate a team’s transition to cloud. Take full advantage of Cloud In addition to supporting and securing other teams’ transition to cloud, security and networking teams can also benefit from cloud to deliver their own services. As new projects are initiated or existing security solutions come up for renewal, security and networking teams can seize this opportunity to evaluate their options in the same way as their application colleagues do. •

Should we build it or simply consume it as a service – Security as a Service (SecaaS)?

With security as an integral element of the overall environment - at every stage of the software lifecycle - risks are better managed and secure designs are constantly validated throughout. This minimizes last-minute surprises or costly redesigns as code moves from development, to test, to deployment. And since environments may differ at different stages, a cross-platform approach to security simplifies this task. Abstraction and automation are again absolutely vital.

If we build it, should it be built in a cloud or on-premises?

If in the cloud, which cloud?

What cloud services can we take advantage of to automate risk management, threat defense and compliance?

Invest in Upskilling

A transition to cloud is no

Cloud thus offers an opportunity to transform the way that security and connectivity themselves are delivered. Create a Cloud Center of Excellence

straightforward task. It demands the right skills and structure to be in place across the organisation. It requires coordination, alignment, and agreement across diverse functions and teams. A Cloud Center of Excellence (CCoE) is the best-practice approach to enabling this transition. This multi-disciplinary team can accelerate cloud adoption by bringing together the key skills and talent able to deliver the standardization and automation that is critical to cloud success. This isn’t about creating a static team of technology experts. This is an adaptive community of technology, finance, procurement, and business stakeholders that evolves in line with the needs of the organisation to achieve the business goals of cloud and manage risk. Engage the Board Successfully making the transition to cloud demands new organisational processes, structures, and significant workforce upskilling. Executive sponsorship is crucial. The good news is that both cloud and cybersecurity are now key topics at the board level. This creates an opportunity that businesssavvy cybersecurity professionals can capitalize on. Doing so demands learning how to engage and communicate with executives using business language. Being able to clearly articulate the business value that cybersecurity and the new structures offer the organisation in terms of time to value, competitive advantage, business valuation, managed risk, and regulatory compliance. This can prove invaluable in changing the role security plays within the business and gaining support for key initiatives. When navigated successfully, the transition to cloud brings speed, agility, and leading-edge services that set the organisation up for digital success. For cybersecurity and networking teams, it represents an opportunity to transform their role within the organisation and position themselves as critical enablers to this ongoing success. www.cioafrica.co | APRIL 2022 | CIO AFRICA

@CIO_AFRICA | WWW.CIOAFRICA.CO

Adopt DevOps Practices

Adapting to these new ways of working, new environments, and new tools requires individuals themselves to adapt. Everything is now code and each cloud environment is completely unique and proprietary. Teams must understand how to design security into these worlds, understand the services and different options available, and decide how best to make use of them. This becomes even more challenging as teams adopt microservices.

@CIOAFRICA

organisation’s transition to cloud.

9


>> GUEST EDITOR

Harrison Mwashuma

SEVEN OBSERVATIONS OF COVID-19’S IMPACT ON CYBER SECURITY

Senior Systems Engineer, EAST ARFICA, Fortinet

Looking back since the pandemic started, cybersecurity has had a lasting affect in many ways. Recently, Rob Rashotte, VP, Fortinet NSE Training Institute, sat on a panel hosted by Fortinet’s academic partner, the University of Ottawa, to discuss the impact the pandemic has had on the cybersecurity sector. Here are some of the main themes that arose from that conversation:

Observations of COVID-19 Impact on Cybersecurity 1. COVID-19 did not discriminate: It affected all sizes of organisations COVID-19 affected every organisation, from the family-owned business to the large enterprise. In almost all cases you saw the majority of an organisation’s employees working from home. That in itself meant an expansion of the corporate network to home offices. To be secure, organisations needed to provide every employee with the same level of security they would have had if they were working in the office. To add to that, every day working from home was a ‘bring the kids to work day’. When this used to happen in the pre-COVID days, the kids weren’t using the corporate network for schoolwork, zoom piano lessons and gaming, potentially compromising the network without knowing it. This left gaps in home networks that were more at risk for attacks. Chances are parents may have taken corporate security awareness training at some point in the past, but kids probably haven’t. 2. Cybersecurity is so much more than just technology - you can’t forget the human factor when it comes to protecting your network The human factor to cybersecurity is a critical one. Your network needs to be secure but the people in your 10 www.cioafrica.co | APRIL 2022 | CIO AFRICA

organisation using the network need to have the right security awareness training in order to have a truly protected network. Organisations need to realise that if they have 3,000 employees, for example, then that is 3,000 potential gaps in their network. At Fortinet we are seeing a high demand for training that is focused on the end user. We aren’t talking about just the IT department, it is people in every department within your organisation who require the security awareness training and positive reinforcement so that being cyber-aware becomes part of the company culture. There are some great solutions that cover the essentials of what your employees need to know about phishing attacks and ransomware. Some of them, like Fortinet’s, are free to organisations. 3. A work-from-home or hybrid work model helps to increase the hiring pool for organisations but there still isn’t enough people in the industry to close the cybersecurity skills gap Along with the technical skills an individual brings to the table, their communication and collaboration skills are also more important than ever. This past year, organisations in many sectors and many countries were forced to work 100% remotely without the creative environment that a face-to-face brainstorming session naturally creates. If a person possesses these soft skills,

they are much more likely to succeed. Regardless of the ability to recruit around the world, the cybersecurity industry is still in need of a lot more professionals to close the 3.12M cybersecurity skills gap reported by (ISC)² 2020 Cybersecurity Workforce Study. Fortinet’s NSE Training Institute and TAA initiative are helping our customers and partners recruit skilled individuals through our various programmes, including the Education Outreach Programme with a focus on women, veterans and non-profit organisations working to bring people into the industry, get them trained and certified so that they may enter the cybersecurity field. As well as our Security Academy Programme that is focused on working with educational institutions around the world to include cybersecurity into classroom curriculums. 4. Cybersecurity jobs are not just for engineers When we think about roles in the cybersecurity industry we tend to focus on the technical roles. But just like other industries, there is a need for many different roles in a cybersecurity organisation. In addition to both technical and non-technical roles, there are job openings for entry level positions, mid-level and even executive level positions. Every department needs skilled individuals and every individual


@CIO_AFRICA | WWW.CIOAFRICA.CO @CIOAFRICA

www.cioafrica.co | APRIL 2022 | CIO AFRICA

11


>> GUEST EDITOR in the organisation is responsible for the success and security of the organisation. 5. The Board has ultimate responsibility While every employee has a role to play in cybersecurity, the Board has ultimate responsibility. According to the World Economic Forum’s Advancing Cyber Resilience Principles and Tools, “The board as a whole takes ultimate responsibility for oversight of cyber risk and resilience.” Depending on which industry you are in and what types of cyber-attacks your organisation is most vulnerable to, your CISO could report in to different levels in the organisation. If a cyber-attack could cripple your organisation, then your CISO should have a direct reporting line to the CEO with a direct channel of communication into the board.

How to Maintain Cyber Hygiene as COVID-19 Took an Impact on Cybersecurity 6. Cybersecurity is constantly evolving and adapting Cybersecurity attacks are getting much more sophisticated and frequent. Fortinet’s 2021 Global Threat Landscape Report stated another 10.7x increase in ransomware over the last 12 months. The report outlines how that ransomware has not only gotten more prevalent but it’s gotten more destructive as well with attacks that crippled the supply chain of companies like Colonial Pipeline and JBS.

pandemic. We developed packages for teleworking that could help our customers easily extend their networks. And we made sure that our customers were taking advantage of all the features within their existing solutions to get maximum protection. 7. Security awareness best practices make all the difference The biggest thing that employees need to realise in a work-from-home environment is that they are an extension of their company’s network. And if you are part of the network, you are also a potential entry point. Good password policies are just as important at home as they are in the office. As is maintaining a secure workstation. This means not allowing any other family members to use your work devices and ensuring that you aren’t leaving confidential information visible to others. Fortinet’s 2021 Global Threat Landscape Report states: ”even more worrisome to corporate security programmes, however, is the potential for attacks launched from a remote worker’s home network. Think about how many devices lie between an employee working from home and the enterprise applications and data needed to do their job. Now think about all the things attackers could do if they compromise those devices. You can be sure that attackers are thinking about it too.”

world of difference.

Below are helpful reminder tips for improving cybersecurity hygiene: Don’t be Too Quick to Click! Email is the #1 trap. •

If that text or email looks suspicious, don’t open attachments.

Always hover over links to check their true path before clicking.

Free Wi-Fi Comes with a Price! •

Public Wi-Fi is not private. Someone may be listening.

Use a VPN with unique passwords for each login.

Verify all apps before installing.

See Something? Hear Something? Say Something! Report any information security incidents immediately. Be Unique! •

Your login credentials are keys for cybercriminals!

Create a strong passphrase for all your important accounts.

Change default passwords on all your devices.

Be Aware!

The good news is, cyber solutions are also evolving. Fortinet has used the technology for some time but we are seeing an uptick in the adoption of machine learning and AI. With the volume of attacks increasing at such a huge rate, we can’t rely on people alone to be able to monitor new inbound threats.

Organisations also need to invest quickly, if they haven’t already done so, in a security awareness training service and roll this out to all employees, but most especially those working from home. Employees need to understand what attacks look like, what forms they can take, how sophisticated they have become, what the impact is of an attack and what they should do if they suspect they are being targeted.

Organisations are also looking for trusted advisors to help them utilise their current solutions to their fullest. Fortinet took this role seriously with our customers at the beginning of the

People working from home also need to ensure their families have a basic understanding of cybersecurity as well. There are free courses available, like the ones Fortinet offers, that could make a

12 www.cioafrica.co | APRIL 2022 | CIO AFRICA

No tailgating allowed in the workplace.

When visiting the office, don’t share your badge access with anyone.

Lock Before You Leave! •

Data is the new gold.

Your workstation can be a criminal’s playground.

When visiting the office, keep a clean desk and screen lock all your devices before you leave.


Digitalsecurity, everywhere you need it.

@CIOAFRICA

@CIO_AFRICA | WWW.CIOAFRICA.CO

Protect the possibilities with Fortinet.

www.fortinet.com

Copyright © 2021 Fortinet, Inc. All rights reserved.

www.cioafrica.co | APRIL 2022 | CIO AFRICA

13


>> NEW APPOINTMENTS

Congrats on your

STEVE MBEGO

Writer

NEW APPOINTMENT

Imran Manji Appointed Uber Boss For East Africa Uber has announced the appointment of Imran Manji as the new Head of East Africa. He will be responsible for Uber’s business strategy and growth across the region which includes Kenya, Uganda and Tanzania. Imran previously worked as co-CEO for TowerTech Africa. Previously, he worked for Bain & Company, a strategy consulting firm. Commenting on his appointment, Imran said, ”I’m honoured to take on this new role, as I have seen and experienced first-hand the transformative impact Uber has had in the region, from increased convenience of mobility and delivery to opening up earning opportunities for drivers and delivery people across the region,”

Centenary Bank Appoints Micheal Bulyerali Digital Communication Manager Micheal Bulyerali has been appointed Digital Communication Manager at Centenary Bank, Uganda, a fundamental arm in the bank’s marketing and communications division.

of implementing effective internal communication, media and public relations, and digital communications strategies as well as crisis communication.

He is an Associate of the Chartered Institute of Marketing with a master’s degree in Management Studies, Marketing Management, and a Diploma in Professional Marketing Digital Strategy. In addition, he is a member of the Chartered Institute of Public Relations, United Kingdom and possesses vast experience in the fields of digital communication, public relations, and marketing.

Bulyerali served as a Corporate Communication Specialist at the bank, prior to his appointment. For many years, Bulyerali has acquired knowledge and experience in online marketing, advertising, search engine optimization and Google analytics, components that come in handy for his new position.

He brings a wealth of knowledge in corporate communications gained over a period of more than seven years 14 www.cioafrica.co | APRIL 2022 | CIO AFRICA

He is known to workmates as a team player with diligence and a great sense of integrity, Bulyerali’s appointment has been welcomed and hailed by Centenary Bank’s executive management as well as colleagues.

In his new role, he will be responsible for leading, developing, implementing, and monitoring the execution of the bank’s digital marketing and communication strategy to drive online customer acquisition, retention, and engagement.


Stanbic Bank Appoints Dennis Musau As Chief Finance Officer Stanbic Bank Kenya has named Dennis Musau as its Chief Finance Officer (CFO) and Value Officer.He takes over from Abraham Ongenge who has moved to Stanbic Bank Uganda to a similar role. Until the appointment, Musau has been Stanbic Bank Kenya Head of Non-Financial Risk Management for the past three years. Musau is a Corporate Strategy, Enterprise Risk management, Accounting and Auditing Professional. Specialist in Enterprise Risk Management (ERM) Principles, International Financial Reporting Standards (IFRS) and International Standards on Auditing (ISAs). He holds a Bachelor’s degree in AgriBusiness Management and a Master’s in Business Leadership. He is a certified public accountant and a certified information systems auditor. Previously, Musau served at PKF Consulting, PwC Kenya and PwC South Africa. The outgoing Ongenge has been Stanbic Bank Kenya CFO since July 2014.

Mesfin Tasew Bekele Takes Over As CEO Of Ethiopian Airlines Group The Board of Management of Ethiopian Airlines Group has appointed Mesfin Tasew Bekele, as Chief Executive Officer of Ethiopian Airlines Group, effective March 23. Mesfin takes over from Tewolde GebreMariam whose early retirement request due to health issues has been approved by the Board. Mesfin has 38 years of experience in airline management and operations in the areas of aircraft maintenance and engineering and procurement. His other areas of expertise include information technology, flight operations, capability development, capacity building, development of corporate strategies, airline operation management, and corporate leadership. Girma Wake, the Board Chairman of the airline said, ”I would like to congratulate Mr Mesfin on his new appointment and I am fully confident about his capabilities. We believe that he will lead the airline to an even greater success, keeping it on the right track that will see it grow through many generations to come. We are also thankful for the remarkable contributions of the former Group CEO,"

@CIO_AFRICA | WWW.CIOAFRICA.CO

Safaricom Appoints Juliana Rotich Head Of Fintech Intergrated Solutions Safaricom has appointed Juliana Rotich as the head of its fintech integration solutions. Rotich will be tasked with guiding the company’s financial integrated solutions which include M-Shwari, Fuliza and KCB M-Pesa. Rotich is currently a director at BRCK, a Nairobi-based integrated hardware and Software Company. She is also a co-founder of Ushahidi- a free and open-source software for information collection, visualization and interactive mapping.

@CIOAFRICA

Rotich also serves on the boards of diverse firms including Microsoft, iHub, FlashCast Ventures, Standard Media Group, Safaricom Money Transfer Service Limited, Girl Effect, Mookh Africa, Blue Consulting, Atlas AI and Kenya Vision 2030. She is the winner of the 2019 German Africa Award, which honours individuals in Africa who champion peace, democracy, social market economy and human rights. Rotich has a Bachelor of Science Degree in Computer Science from the University of Missouri. www.cioafrica.co | APRIL 2022 | CIO AFRICA

15


Kevin Namunwa

Writer

STEVE MBEGO

Writer

TASHA FRANCIS

EDITORIAL INTERN

what’s

trending

now! THE LATEST NEWS, TECHNOLOGY, TRENDS AND INNOVATIONS FROM ACROSS AFRICA 16 www.cioafrica.co | APRIL 2022 | CIO AFRICA


>> THE ROUND-UP

Report: Kenya Needs Supportive Regulatory Framework To Spur Fintech Growth market, setting the stage for increased innovation in the sector.” Glynn Austen-Brown, Partner, PwC UK, said, ” The progress made in digital innovation worldwide calls for countries to recognise the evolution of financial services offerings. Kenya’s efforts in the growth of FinTech can be seen through its forward-thinking financial inclusion strategies and incentivising schemes such as regulatory sandboxes. However, the gaps and the challenges that FinTech players face can serve to blunt the many positives present in the Kenyan fintech ecosystem. Addressing these challenges will allow Kenya to continue to be at the forefront of technology innovation and developments and provide an enabling environment for such innovations to scale in Africa.”

The research set out in a report FinTech in Kenya: Toward An Enhanced Policy And Regulatory Framework, highlights

TheCityUK and PwC make the case for a series of policy and regulatory enhancements which, if taken forward, could spur greater innovation, unlock capital and investment, and further accelerate financial inclusion. Joseph Githaiga, Associate Director, PwC Kenya, said, ”While Kenya is a leader in the FinTech world, increased impact can be achieved by allowing greater innovation and attracting more investment into Fintech. A supportive regulatory framework is key in attracting more players into the

Formal financial inclusion in services and products in Kenya has grown significantly from 26.7 per cent in 2006 to 83.7 per cent in 2021 – growth largely driven by new financial technology and innovations, especially in mobile money and mobile banking. The report recommends that Kenya should develop a national FinTech policy framework that supports FinTech transformation and innovation, promotes industry growth and removes duplicative regulations in financial services to create certainty in FinTech services and products.

www.cioafrica.co | APRIL 2022 | CIO AFRICA

@CIO_AFRICA | WWW.CIOAFRICA.CO

According to the research by TheCityUK and the Nairobi International Financial Centre (NIFC) developed by PwC, the gaps and challenges in digital lending policy and regulatory framework stand in the way of Kenya becoming a continental leader in FinTech which could dramatically boost financial inclusion.

that Kenya does not have substantive regulation around InsurTech services, equity crowdfunding and cryptocurrencies.

@CIOAFRICA

New research shows that existing gaps and the challenges in Kenya’s digital lending policy and regulatory framework impact the evaluation, approval and regulation of new and complex FinTech products and innovations.

Oscar Njuguna, Acting CEO, Nairobi International Financial Centre (NIFC), said, ”Nairobi has potential to be a leading financial services centre in Africa, and to realise this vision, we must strive to be at the forefront of future-focused growth areas like FinTech. Ensuring that our business environment keeps pace with the industry will help ensure we achieve the sustainable growth we need, benefiting our local and regional economy.”

17


>> THE ROUND-UP

Digital Wallets To Account For A Quarter Of Middle East and Africa Ecommerce Transaction Value By 2025 Notably, while the global e-commerce payment preferences continue to shift away from cash and credit cards towards digital wallets and buy now, pay later (BNPL) in other continents, credit cards remain the single largest e-com payment method across the MEA region. ”In e-commerce payment methods, MEA is seeing continued strength in market-leading credit cards, growth in digital wallets, bank transfer and BNPL, and declines in Cash On Delivery (COD). Credit cards remain the single largest e-com payment method across MEA accounting for 31.3 per cent of 2021 transaction value; they are projected to represent one-third of e-com spend by 2025,” the report says. Accounting for 21 per cent in 2021, credit’s share of global e-com spend is projected to fall to 18.8 per cent in 2025, though absolute value will rise to over $1.56 trillion. Debit is projected to fall less dramatically, from 13.2 per cent of e-com transaction value in 2021 to 12.9 per cent in 2025, with absolute value rising to over $1.07 trillion.

Digital wallets will see the largest payment method share gains in e-commerce transaction value in the Middle East and the Africa (MEA) region by 2025, a study by FIS, an American financial technology company forecasts. ”Representing 17.3 per cent of 2021 e-com spend in MEA, digital wallets are projected to account for 25.6 per cent of e-commerce transaction value by 2025. Led by PayPal and KongaPay, the use of digital wallets in Nigeria is projected to more than double from 7.6 per cent in 2021 to 15.5 per cent in 2025,” the 2022 Global Payments Report by Worldpay 18 www.cioafrica.co | APRIL 2022 | CIO AFRICA

from FIS says. Digital wallets comprised 48.6 per cent of global e-commerce transaction value globally in 2021, or just over $2.6 trillion. The report says they are projected to rise to 52.5 per cent of transaction value in 2025. ”Growth will be driven by digital wallets offering superior checkout solutions, flexibility in underlying payment methods, their anchor role in e-com marketplace ecosystems and local wallets consolidating into regional and global super apps”

While bank transfers accounted for 7.4 per cent of global e-com transaction value in 2021, in MEA, it accounted for 16.3 per cent 0f last year’s e-com transaction value. The report forecasts that the share of bank transfers is expected to remain steady through 2025 in MEA, with slight increases in Nigeria and Saudi Arabia but share declines in South Africa and UAE. Going by the report, traditional banks are set to continue facing tough competition from non-banking players given the projected growth of digital wallets. They need to come up with similar innovative payment methods or risk losing their customers to new players.


Accept All Cookies At Your Own Risk

Cookies were designed to make websites more convenient for users. For instance, an online shopping site can remember a person’s preferred currency, or a social media site might save someone’s login details, so they do not have to continually enter their username and password.

But even before visiting a site, users can customise the cookie settings of their Internet browsers. Most of the popular browsers offer two ways to limit the impact of cookies on a user’s privacy - by completely erasing them from the device, or by blocking certain types of cookies, for example, thirdparty ones. Sure, the delete option may seem simpler and more reliable, but it is far from convenient.

However, cookies can also track people’s activities. An example of this is harvesting user data to make suggestions based on them and, of course, display targeted ads. Such cookies may belong not just to the owners of the site but also to companies with which they have entered into partnership agreements. The latter are called third-party cookies, and they are the reason many say cookies are just tracking tools.

Simply by taking a few minutes to tweak the browser cookie settings, a user will be able to significantly increase their privacy while avoiding unnecessary inconvenience when visiting sites. There are also options like the Private Browsing feature in Kaspersky Security Cloud that will warn about phishing and online scams while taking care of virus protection.

Because cookies contain a wealth of private information, they are subject to regulation. Many countries throughout the world have implemented legislative and regulatory acts that require site owners to ask users for consent to the collection of data, i.e., the permission box when someone first visits a site.

”Cookies are a necessity for our digital lives. That does not mean users simply need to accept everything thereby potentially compromising their privacy and opening themselves up to malware or identity theft. We must all become more aware of the risks inherent to cookies and the potential for abuse. However, tweaking browser settings or customising the cookie settings of each site when someone first visits them will go a long way to mitigating the risks,” concludes Opil.

”Even though the temptation is there to simply accept all cookies to close the annoying window, there are risks associated with that. It is always better to read the fineprint

www.cioafrica.co | APRIL 2022 | CIO AFRICA

@CIO_AFRICA | WWW.CIOAFRICA.CO

and to customise the cookie settings in terms of what information is saved about the user. If the website lets the user set up their own cookies, things like advertising preferences can be set as well as several others that can contain sensitive information about site visitors,” says Bethwel Opil, Enterprise Sales Manager at Kaspersky in Africa.

@CIOAFRICA

According to research, more than one in five websites use persistent cookies that are stored on people’s devices to help remember information, settings, preferences, and sign-on credentials that have previously been saved. And although cookies will potentially be phased out or replaced in the future, with almost every site today still asking whether the user wants to ‘accept all cookies’, Kaspersky highlights that there are certain cybersecurity considerations to keep in mind.

19


>> THE ROUND-UP

Microsoft Expands African Reach with Newly Launched ADC Kenya and Nigeria Offices Microsoft, an American multinational technology company, has opened facilities in Nairobi, Kenya and Lagos, Nigeria for its African Development Centre (ADC).

When talking about taking a Zero-Trust approach to the cybersecurity of your firm, it is important to note that ZeroTrust is a journey and not a destination.

The ADC is Microsoft’s initiative in Africa for an engineering centre to provide local solutions with global scalability as well as provide employment opportunities and further enhance technologically. According to Microsoft Africa Development Centre Managing Director, Jack Ngare, both offices and the Nigerian one has provided a platform for over 450 local developers. The Kenyan centre will now be based in its new ultra-modern state of the art facility at Dunhill Towers in Westlands, Nairobi. The Nigeria office is located at the Kings Tower on Glover Road, Ikoyi. The development houses the product engineering, ecosystem development and innovation teams. The facility will also house the Microsoft Garage which is a new entity that was launched as part of ongoing efforts to scale innovation in the tech ecosystem. On the day the facility was launched in Nairobi, it was graced by a visit by the Kenyan ICT Cabinet Secretary Joe Mucheru, and H E the President of Kenya, Uhuru Kenyatta, and Joy Chik, Microsoft’s Corporate Vice President was also present at the launch of the event. ”As we launch this office, we have already provided employment to over 450 local developers. We have also had a lot of infusion of the Kenyan local culture in the design of the office. This shows Microsoft ADC’s commitment to developing skill and talent in Kenya and Africa in general,” Jack Ngare said. The Microsoft Corporate Vice President, Joy Chik, reiterated Jack’s words and further talked about the journey 20 www.cioafrica.co | APRIL 2022 | CIO AFRICA

Securing the Future with a Zero Trust Approach to Cybersecurity

As we are embracing this fastened Digital Transformation process, getting a zero trust approach to you business is crucial. You cannot be secure in your networks if you are still using the traditional approach in this new digital age.

Microsoft ADC has had since its initial launch in 2019. She further affirmed that with the setting up of the office, it will provide more opportunities for local developers to grow and most specifically help grow the number of women in tech in the continent. ”As we are bringing in people on board, we are also keen that our candidature is diverse because this is an opportunity that is available to all as we are here to develop talent and skill,” she said. In May 2019, Microsoft had announced the establishment of ADC in Nigeria and Kenya, with the mission of creating innovative technology not just for Africa, but for the entire world. Afterwards, there was a call for talented engineers to work on artificial intelligence, machine learning, and mixed reality, with the company committing to investing $100 million in the first five years of operation.

Speaking at the Africa Cloud and Security Summit, Kelvin Mugambi, the Technical Solutions Architect Security at Cisco, differentiated the two approaches and explained why it is important to have a Zero Trust approach. ”With the traditional approach, it was assumed that everything is done at one location Therefore, the trust is based on the network location that an access request is coming from,” he said. The issue with this approach is that once an attacker is into the network, then they can move laterally within the access to the crown jewels in your network. ”A zero-trust approach is established for every access request, regardless of where the request is coming from,” Kelvin explained, ”Today you want to prevent risks, you want to make sure that you can validate that any user coming into your network is coming in with a clean device.” A traditional approach doesn’t extend security to the new perimeter of cloud, mobile, and hybrid environment and more. This is why you need to take a zero-trust approach because it extends the trust to support a modern enterprise with cloud apps, hybrid environments and even employees who bring their own devices.


As Kelvin explained in his talk, Cisco has three key areas they approach zero trust from. First is the workforce where they ensure only right users with secure devices can access your application. The second one is the workload which means securing the connections within your apps across the multicloud and the third key area is the workplace which deals with users and devices connected to your network. ”The workplace is your campus. You want to have that proper segmentation that when a user comes in. They are only assigned access to whatever they need to access, nothing else. We are able to carry out that segmentation across your entire campus network,” he said, ”This also applies to your IoT devices you have to remember that IoT devices can be used by attackers to

leverage access to your network.” Kelvin went ahead to explain the reason why firms today need to embrace the zero-trust approach. This approach helps you prevent risks and be completely aware of what happens in your network.

“You also need to have full visibility. You need to know who is joining your network, at what time they are doing it and what exactly they are doing.” Furthermore, a zero-trust approach will reduce the surface of your attack.

Realme Predicts 5G Smartphone Sales to Grow in Kenya ”We see our focus and commitment to meeting dynamic needs of Young and tech-savvy youths in Kenya, yielding better results in the country,” said realme Founder and CEO Sky Li.

Furthermore, a focus on young mobile phone users-accounting for the largest share of Kenya’s population, a wide and strong multichannel strategy has helped realme to grow the fastest over the period under review. The company has maintained the faster growth for the third quarter in a row since the beginning of 2021.

The latest ranking, Li said has enhanced realme’s position as an industry leader in democratizing 5G.

And while the performance was driven by Western European countries such as the UK, Italy, Spain, France and Switzerland, realme sees faster growth in Kenya and Across Africa, this year as these markets prepare for mass roll out 5G in 2022.

Already, realme 9i, the newest model in the number series launched in the market earlier at the beginning of 2022 is recording high sales. It is one of the first phones in Kenya to be powered by the Qualcomm Snapdragon 680 chipset.

The global research firm ranked realme among brands with quarterly 5G shipments of 5 million units or more in Q4 2021- considered major 5G brands. Since 2020, realme has been offering a broader 5G portfolio, having grown from just two 5G smartphones at the beginning of 2020 to 15 at the beginning of 2021 and well over double of that by Q4 2021.

@CIOAFRICA

The youngest of the top six global brands is now dominating the world’s 5G smartphone space with 165 percent year on year growth in unit shipments in the fourth quarter of 2021, across 20 global markets including Africa.

”This reinforces our dedication to work towards our ambition of becoming the democratiser of 5G. As an emerging tech brand, realme has always been committed to encouraging young users worldwide to experience the latest technology like 5G and will continue to deliver appealing and future-ready devices to global fans” said Li.

To further the focus on popularising 5G-enabled smartphones, realme has lowered the average selling price (ASP) of its Number Series 5G devices from 270USD in Q1 2020 to under 200USD (9 5G) in Q1 2022, while simultaneously offering more advanced 5G smartphone options in premium flagship GT Series to meet more users’ needs.

@CIO_AFRICA | WWW.CIOAFRICA.CO

Phone manufacturer, realme, has joined the global league of selling phone markers for the first time, this is according to the latest report by global research firm – Counterpoint.

www.cioafrica.co | APRIL 2022 | CIO AFRICA

21


>> THE LEAD

ARTICLE by

CAROL ODERO

22 www.cioafrica.co | APRIL 2022 | CIO AFRICA


KEEPING IT ALL IN THE FAMILY A CIO in the banking space has a lot to contend with when it comes to the shifting sands of the financial services industry. Jack Sikenyi, CIO, Family Bank, is definitely holding his own.

As CIO, all my IT Systems and equipment are acquired to serve a specific business

When you’re faced with a budget decrease for the IT department, how would you deal with that decrease and prioritise various information-based projects? This was my first task when I joined Family Bank in July 2017. The bank was undergoing tremendous financial strain at the time and I was required to cut down the departmental OPEX by 50 per cent. This was not an easy task, but I managed to do it through a mix of several initiatives. These included: 1.

Contract renegotiations with the vendors

2.

Contract Terminations and Readvertisement of Support Services

3.

Dropping of non-essential support contracts

4.

Consolidation of support services

5.

Consolidation of servers, databases, virtualization, clustering to reduce

on license costs 6.

Consolidation of systems – Using one system to offer more than one service

7.

Prioritization of projects – some projects had to be postponed

8.

Slow-down on hardware purchases

9.

Adoption of open source software and internal software development

It was critical to consult with my IT team and the business teams to prioritise the must have and what was the good to have. We also needed support of other units such as the procurement department to assist in the renegotiation of contracts. What are some of your proudest accomplishments when it comes to your career, especially at Family Bank? I have always desired to use technology to empower lives. Nothing gives me greater satisfaction than touching people’s lives and sese them thrive using technology. One of the bank’s strategic missions was to be the digital bank with the best customer experience. As part of the senior management team entrusted with developing and executing the bank’s strategy, I took up this challenge. We made a strategic plan to achieve this by ensuring that we revamped our internet banking, mobile banking and offered a plethora of digital solutions to our corporate and institutional customers. www.cioafrica.co | APRIL 2022 | CIO AFRICA

@CIO_AFRICA | WWW.CIOAFRICA.CO

Let’s say Family Bank needs to purchase and implement a new IT system at some point. As a CIO, how would you convince [other executives] the system is beneficial?

need. This may be to reduce risk, improve efficiency, business growth. The point is, the request will have started from the business and as CIO I would be simply offering a solution to the already identified business need. This usually makes the discussion easier. Of course, the business also needs to ensure that the business is getting value for money and to achieve this, I do ensure to have supporting documentation for my decision including peer reviews, references, expert opinions etc.

@CIOAFRICA

Jack Sikenyi is an introvert. But the best part is, interviewing does not feel like pulling teeth. He is a contemplative man who takes a moment to pause before offering profound answers to my questions. He, like many other CIOs before him, knows how to connect the tech dots with his solid team. An adventurer with more depth to him than simply his career, Sikenyi comes across as a storyteller. These are usually the best kind of people to have conversations with. As the CIO of Family Bank, Sikenyi is the go-to. Family Bank is the only local bank that is owned by locals in its entirety. With 93 Branches in 32 counties, being the fourth largest bank in terms of branch network makes it formidable bank. The bank has been making double digit year-on-year growth in profits from 2018, even during the COVID pandemic. Awarded the Best Bank in Kenya in 2021 by the Kenya Bankers Association for being the Best Bank in Digital Experience and Features, and in 2020 as the Best Tier 2 Bank and 2nd Overall for Best Bank in Customer Responsiveness and Digital Experience, Sikenyi can proudly pop a bottle of champagne.

23


>> THE LEAD These solutions include: •

Open banking APIs: these have allowed corporates and fintech to onboard seamlessly to use the bank services

Cloud computing: We were the first bank to implement our erp on public cloud. We are currently looking to move our test and dev environments to the cloud.

Banking as a Service: we have offered Saccos micro-finance banking as a service (baas). Saccos and micro finance banks are now able to consume banking services such as cheque truncation from their premises, cardless withdrawals, offer money transfer and money remittance services (SWIFT and RTGS) to their members through our virtual banking platform. Saccos are also able to offer Pesalink and Direct Debit services to their clients through our Banking as a service platform.

This deliberate execution of strategy has resulted in the bank getting awarded for two years in a row as the Best Bank in Digital Experience, Kenya, by the Kenya Bankers Association. I am truly proud of this as it satisfies my desire to empower our customers while giving them a pleasurable digital customer experience. This also shows the impact on business when the CIO (Technology) is involved in the crafting and implementation of business strategy. What would you say that you have learnt from your failures? Which ones in particular, and what did you learn? I have had several failures during my career, including, just recently, the bank experiencing several downtimes issues during a data centre migration and core banking upgrade process. These failures have taught me to be humble, but they have also motivated me to do better in the future and have a more risk aware mindset. After several tests, we assumed that nothing could go wrong and even provided guarantees that we shouldn’t have. I have learnt several lessons and I can 24 www.cioafrica.co | APRIL 2022 | CIO AFRICA

say I am now much wiser for it. Lesson number 1 is that in complex operations, the devil is in the details. You need to have detailed written action plans and checklists to ensure that nothing is missed. One misstep can have catastrophic results. However, for me the biggest lesson is that, though failure and fault are virtually inseparable in most organisations and cultures, we need to find a balance in the apportioning of blame and consequences. Because, only by encouraging a fair and balanced environment is when organisations are able to reap the full rewards of learning from failure. I believe that a culture that makes it safe to admit and report on failure can, and should, coexist with high performance standards. Such an environment often results in quicker resolution of issues and faster restoration of timelines. Not all failures are equal and in as much as some failures are blame-worthy others are praise-worthy. It is important to note that mistakes generally fall into three broad categories: preventable, complexity-related, and intelligent. Organisations and even families need to treat each failure individually, fairly and based on the category that the mistake falls in.

You and your team have won accolades during the most intense season of COVID. What inspired you to put the customer at the centre of the business? During the pandemic, the differentiator was the agility to adapt to the new norm ‘digital’ and to enable customers access their banking seamlessly remotely without visiting the bank ensuring safety, convenience and keeping with the government regulations. Family Bank was able to adapt quickly and was able to quickly provide a wide array of digital solutions including banking as a service, payments, money transfers, customer self-service, global money remittance, and mobile loans etc. Another key driver for the success of the bank during the world pandemic was because of improved customer engagement, increased number of customer base due to the quality of service and our digital offering. We have ensured that the customer gets the best customer and digital experience where we become a bank of choice (top of mind). The customers have in turn become our brand ambassadors. It is important to note that the banking industry has been forced to change because the customer has evolved over time. The banks are no longer


One of the key roles of a CIO is stakeholder management. One of the key skills required to

As CIO, what kinds of resources would you use regularly to stay updated on the most current technological advancements in the IT industry? CIOs must keep abreast with changing technology. I do employ several resources to keep abreast with changing technologies. I am a heavy reader and some of my favorite books are Blue Ocean Strategy by W. Chan Kim and Renee Mauborgne and Bank 4.0: Banking Everywhere, Never At A Bank by Brett King. I also do a lot of research on the internet and view webinars. I follow tech leaders on YouTube. I also am a member of several digital forums. Locally, I am a member of the Banking CIO, CIO Council and Digital Disruption Caucus (DDC). These forums contain Kenya’s top CIO

and technology leaders and I have leant from these groups. They offer a fun and interactive environment to discuss technology. What skills would you identify as necessary to becoming a successful CIO? A good CIO must possess several skills. One of the main reasons businesses hire CIO is to provide guidance in the formulation of business strategy and provide leadership in the use technology in the effective achievement of these business strategies. This means that a good CIO should first understand the needs of the business and able to translate this into an effective technology strategy to meet those needs. Bridging the worlds of business and technology is what a CIO is supposed to be able to do in her sleep. Additionally, today’s CIO needs to be more than a functional leader but must take active roles in shaping and leading the digital future of their organisations. The CIO of today needs to be well-rounded and knowledgeable in all aspects of business, which includes the human side of management and relationship development. To be effective, a good CIO needs to have empathy, to understand customers, www.cioafrica.co | APRIL 2022 | CIO AFRICA

@CIO_AFRICA | WWW.CIOAFRICA.CO

Have you had to deal with unfeasible IT requests from other company executives in the past? How did you deal with these problematic requests?

manage stakeholders is effective communication. Effective communication requires that you practice active listening with a touch of empathy. Find out what they want, understand what they want and after honest evaluation, if the request is not feasible, communicate honestly on why it cannot be done. It is important to choose your words carefully so that the user does not feel slighted, or dismissed, or neglected or disrespected.

@CIOAFRICA

competing amongst themselves but against non-financial institutions such as fintech, social media platforms, technology platforms, streaming giants and so on. The customer has been exposed to all this information and customer experience and expects ‘us’ to come up with at the very least a similar experience but preferably, have innovations and solutions to make their digital and banking experience simple and better than the best that is out there. As a CIO, you must be the Digital Champion of the organisation and must explore and keep abreast of the emerging technologies. It is imperative that you communicate the message of the changing customer expectations of a digital banking experience message to the relevant stakeholders so that it informs strategy. At Family Bank, we achieved this successfully and the bank was able to shorten its digital road map to ensure that it remains the bank of choice to our customers by offering world class digital experience.

25


>> THE LEAD staff and organisational needs in order to effectively meet them. As I had said earlier, a good CIO also needs effective communication, diplomacy and great stakeholder management.

know a lot more about technology than you and leverage their best practices. However, it is vital that as a CIO you set a direction, a vision for success.

Because as a CIO you will constantly Lastly, the most important skill faced with competing priorities and of a CIO is to have the ability to interests, a good CIO needs to have sell an idea and to influence an sound, accurate decision-making skills. organisation. You need to be able The decisions always need to be accurate, to eliminate barriers so that both well thought of and timely. Also, as a CIO the company and the team can be you will inevitably face crisis, so you need more successful. to ensure that you have developed topHow do you focus on the future notch crisis and change management while sustaining your existing skills, skills. processes, and competencies, so you A CIO also needs to have flexibility can continue to profit and grow from and agility. These are key traits traditional business models? for any leader navigating a VUCA Part of the CIO role is precisely (volatile, uncertain, complex, and that. Ensuring that you can steer ambiguous) world and workplace. organisations and teams into the Flexibility allows the CIO to accept future technologies without losing what change and keep an open mind. you already currently have. The bank CIOs must be the digital champions being cognisant of the role that data of the organisations and must plays in future technologies such as explore and keep abreast of BI, AI, machine learning etc., we have the emerging technologies. already embarked on an exercise of data Organisations will be increasingly cleanup, data reorganisation to ensure looking to harness emerging that our legacy data is ready for the technologies – such as blockchain, future. We have also implemented a virtual and augmented reality, data warehouse that ensures we have automation, machine learning a single point of truth. We are running a and artificial intelligence to drive legacy core banking system, and whilst business transformation and we are in the process of upgrading this, growth. The CIO must be able to we have ensured that this has not come guide the organisation in selecting in the way of our customers enjoying a the technologies that will both wonderful digital experience. We have transform business operations implemented an enterprise service and drive top-line growth through bus and open bank APIs that allow improved customer experiences. our digital channels to connect and integrate seamlessly with our current CIOs must attract talent and build core banking. winning teams. This requires several skills including, leadership, We have also established several trust, effective communication, and in-house developed solutions and empathy. It also requires a high level partnered with several FinTech to of emotional intelligence. People are mitigate the gaps inherent in our legacy the organisation and CIO’s number systems and to ensure that there is no one asset and as CIO you need to customer need that is left unattended. provide them with the resources to How do you build a successful CIO ensure that they can be successful. career? As CIO you need to understand that you do not need to be the smartest Succeeding in the role of CIO requires a mix of skills that encompass leadership, person in the room, but you do business and tech savviness. The career need to surround yourself with path to becoming a CIO is not set and the smartest people, people who 26 www.cioafrica.co | APRIL 2022 | CIO AFRICA

most often, it is a long and winding road to the top. Common education requirements for becoming a CIO include a Bachelor’s degree in Computer Science, Software Engineering, Information Systems or a related field, and often a Master’s degree in Business Administration or Information Technology. Credentials and experience in Project Management are also key. Here are five steps I would suggest building your CIO career path: 1.

Complete a 4-year Bachelor's in Computer Science or a related field.

2.

Gain experience and certification in project management.

3.

Find a specialty or niche and build your technical credibility through technology certifications.

4.

Seek out management and leadership opportunities to get hands-on experience in managing people.

5.

Get real-world experience in IT governance and risk management. Most CIOs have more than 15 years’ experience in technology

6.

Complete a master’s degree (MBA would be best), and work on your leadership skills.

How do you balance risk with keeping the lights on? Keeping the lights on (KTLO) refers to basic systems and infrastructure maintenance and ensuring that systems and services are always available to the customers. This often clashes with risk concerns especially when it comes to emergency changes needed to keep the lights on. I mitigate this risk by ensuring a robust change management process and policy that always guides the steps that need to be followed when executing a change, including emergency changes. In as much as keeping the lights on is important, risk management needs to be at the center of all organisational processes. Additionally, one of the best ways to manage risk and keep the lights on


is through automated processes and procedures for example automated patch management, automated endpoint security updates, change management system, centralized system updates, automated backups and automated monitoring and fail-over solutions. These have assisted to keep the uptime up. We have also implemented several security measures to ensure that even as the bank is on 24/7, we are mitigated from cyber-attacks. Some of these tools include, a perimeter firewall, end-point protection, network access controls, database firewalls, SIEM tools, SOC, Privileged Access Management and Audit Trails Does being on call 24/7 interfere with your personal life in any way?

through e-learning and webinars. Would you recommend this career? This is a wonderful and rewarding career. The thing I love most is that you actually see change and transformation from the work of your hands. It’s almost like being an artist where you get to create a masterpiece. Plus, there’s never a dull day in a CIO’s world. What do you do for fun? I enjoy road trips and drives…I must say I have done all the counties in Kenya except Turkana, Samburu and Mandera (this is my next project). My bucket list also has a Cairo to Cape-town drive. I also do play soccer occasionally with the “wababaz” and I also enjoy good reads and good movies.

To some extent it does, I have two phone lines and I must be always reachable on one of them even in the middle of the night. However, as CIO it is key to ensure that you establish a work-life balance to avoid burn-out. I have a very able team and I can be away from work, knowing that everything is under control. I learnt at a very early age the importance of empowering your team, by giving them the right tools and the right authority to allow for effective delegation. However, in as much as you delegate, you remain the accountable officer, so I am usually consulted on any complex decisions. What would you say is the technology that keeps you neck to neck with international organisations and on a global scale? In the case of Family Bank, I would say our mobile and internet banking platforms, which I believe are world class. This is regarding both the technology used, the security and the features provided. They have greatly assisted in providing the banks customers with a world class digital experience. We are also exploring public cloud and were the first bank in Kenya to run our ERP from the cloud.

@CIO_AFRICA | WWW.CIOAFRICA.CO

How big is your team and how do you keep it innovative, agile and productive during this day and age of working remotely? I have a team of 30, which is quite lean considering that we must keep the lights on 24/7 and we do majority of our operations including data center, network management, core banking support, data base management, project management etc. in-house.

@CIOAFRICA

It is quite a challenge to keep the team motivated during this day and age of working remotely. However, I have found that use of collaborative tools such as Microsoft Teams really comes in handy. We also have social media forums that allow us to collaborate. I have also ensured that the team has access to the tools needed including VPN. I also encourage the team to boost their skills www.cioafrica.co | APRIL 2022 | CIO AFRICA

27


>> GUEST EDITOR

BARRY HENSLEY

SECUREWORKS CHIEF THREAT INTELLIGENCE OFFICER

EMERGING CYBERSECURITY TRENDS IN 2022 RELEASED

It is a year-end tradition to make predictions about the upcoming year. Predictions based on insights from 2021 can help organisations prepare for 2022, and preparation is essential for success. As cybersecurity professionals, we need to be diligent about doing everything we can to increase our chances of success. Any failure on our part could put the organisations we serve at risk. That’s why I strongly encourage you to download Emerging Cybersecurity Trends in 2022, an informative assessment of the global threat landscape by Secureworks® top subject-matter experts. Unlike prognostication that provides mere thought-provoking forecasts or faux prophecies, our report will materially aid you in preparing for the year to come. After all, forewarned is forearmed. You’ll be better able to protect yourself against coming threats if you have a reasonably sound sense of what those threats will be. The nature of those threats determines which technologies you should deploy, which skills you need to hone, how you can best allocate your limited staff, and what kind of assistance you need from your security partners. The following are some topics covered in this valuable report: •

Security gaps most likely to attract opportunistic attackers

The shifting inclination of attackers to seek success by speed rather than stealth

Why cybersecurity teams must be cautious about focusing solely on ransomware as the primary potential threat for a large single-loss event

How intensifying regulatory pressures (on targets) and law enforcement attention (on attackers) are affecting the ”philosophy” of criminal tactics

How ransomware groups can profit without encrypting data

Cloud-based attacks and the illusion of ”assumed security”

The state of government-sponsored threat activity

I also encourage you to forward the report link to your colleagues and others who might find it useful. Cybersecurity is truly a community endeavor. At Secureworks, we don’t limit our focus to just protecting our customers. We believe that by working together to out-innovate our shared adversaries, we can help secure human progress itself. 28 www.cioafrica.co | APRIL 2022 | CIO AFRICA


@CIO_AFRICA | WWW.CIOAFRICA.CO @CIOAFRICA

Defend Every Corner of Cyberspace with Security Analytics & Human Intelligence

secureworks.com

www.cioafrica.co | APRIL 2022 | CIO AFRICA

29


>> IT LEADERSHIP

Kevin Namunwa

Writer

30 www.cioafrica.co | APRIL 2022 | CIO AFRICA


From Eastlands, THROUGH The Army, to Connecting Africa TO SATELLITE INTERNET

Among the troops assembled was a technology crew. Yes. An IT team went with the Kenyan army to Somalia. One of the members of the military IT team was Oscar Mwai. He was among the first batch who set out to Somalia to fight the Al Shabaab militant group. This is a story of Oscar Mwai, the former Kenya Defence Forces (KDF) IT guy and the CEO of OstaTech. A story of how a small boy fell in love with technology and never rested until he achieved the unimaginable in technology. Today, Oscar Mwai is the founder and CEO of OstaTech – a FinTech company that also provides services in connectivity, drones, agriculture tech solutions, and security solutions. Oscar has always been passionate about technology, and it has given him a story to tell. Oscar’s love for technology began in 1995 when he was a small boy in primary school. He was lucky to have a neighbour who was working at a tech company in Nairobi. He grew up in Eastlands, Nairobi, an area famous for producing big successful individuals across multiple sectors. The likes of Tom Mboya, Raila Odinga, Rtd President Daniel Moi, and Mutahi Ngunyi were once residents of Eastlands. This is where he first set his eyes on a computer. His neighbour brought

”Our neighbour showed me how to play solitaire and Mine Craft on the computer and these things really piqued my interest. This was back when the computer cursor was actually a mouse,” he jokes. ”As I was enjoying games on the computer, this guy decided I needed to do more with it. He said he would teach me programmeming,” Oscar said. He learned how to programmeme while still in primary school. When he joined Highway Secondary School, still in Eastlands, the school had started rolling out computer classes and this impressed him a lot. Here, he was learning about Microsoft apps. The teachers used Oscar’s help in compiling documents on the computer because he was highly skilled in the same. His love for technology rose. He knew he was destined for a tech course. Indeed, he went to do a diploma in Management Information Systems at the Kenya College of Communication Technology (KCCT), which later became Multimedia University. It was after KCCT that Oscar went to join the military when the Kenyan militarise was trying to computerize itself. ”I was informed that the military was looking for a someone with a background in tech after I had joined as an infantry soldier. I went to Mombasa and took the tech opportunity. It was my role for eight years. This is when I went to Somalia in 2011.” He left the army after Somalia and ventured into business. He had a short stint doing business in Mombasa where he opened a few shops and a bar before he decided to start Ostatech in 2017. ”I started OstaTech originally as a fleet management company. Over

time, the company grew into other solutions including connectivity, drone lessons, security solutions and agritech solutions.” OstaTech is now a group of Company with below companies as subsidiaries; •

DroneVision - offering commercial drone services like mapping, survey, infrastructure inspection,

Agrvision - offering smart agricultural practices through use of Artificial intelligence,machine learning, agricultural drones.

Osta Comms ( Satellite connectivity, digital transformation, cloud services)

At Ostatech currently, Oscar is focused on bringing satellite internet connectivity in Kenya. They partnered with IEC Telecom to realise this. ”In Kenya today, we have 85 per cent connectivity to the internet and there is still room for improvements. In our partnership with IEC Telecoms we want to help increase this coverage and achieve our project of last mile connectivity,” he says. ”We are also in talks with various arms of the government to improve the internet connectivity of areas in Kenya that are using 2G internet,” Oscar explains. With satellite connectivity, you can access the internet from wherever you are on the planet. Satellite covers every inch of the globe and is mainly used in areas where 2G is still being used.

@CIO_AFRICA | WWW.CIOAFRICA.CO

Towards the end of 2011, Kenya’s then president Mwai Kibaki announced that the country will be sending its troops to Somalia. The Kenyan army assembled all troops and set out to Somalia to intervene in the fight against terrorism.

home a computer one day and it really captured the attention of the OstaTech boss.

OstaTech’s mission today is connecting more areas in Africa to satellite internet. Through partnerships with governments across the continent, this can be realised sooner rather than later. Oscar says that this is already underway and the company will make significant steps in 2022.

@CIOAFRICA

Techies tend to have the most interesting backgrounds that drove them into their current careers. Oscar Mwai, Founder and CEO of OstaTech certainly has one.

www.cioafrica.co | APRIL 2022 | CIO AFRICA

31


>> THE BIG STORY

Eric M. K. Osiakwan Entrepreneur

AFRICA’S EMERGING CRYPTO ECONOMY

If you thought Africa was not ready for crypto, you would be very wrong. On the 1 March South Africa based cryptocurrency exchange, VALR announced their $50 million Series B raise at a $240 million valuation led by Pantera Capital. On that same day, Africa’s leading mobile operator MTN announced their purchase of 144 plots of virtual land in Africarare - the first African virtual reality metaverse featuring digital land making MTN the first African company in the metaverse. On 10 February 2022, the Central Bank of Kenya (CBK) issued a discussion paper on their Central Bank Digital Currency (CBDC), contrary to its previously held position that crypto was not allowed in the Kenyan banking industry.

on a network that is distributed across a large number of computers. The fundamental difference between CBDC and Crypto is the former is asset backed while the latter is not, so it seeks to create value through some intrinsic mechanism like mining. One primary drawback is that the speculative nature of mining makes it considerably volatile. This has given rise to ”stable coins” which are crypto asset that aim to maintain a stable value relative to a specified asset, or a pool of assets. A Global Stable Coin (GSC) is a stable coin with potential reach and adoption across multiple jurisdictions and could achieve substantial volume down the line.

A day before the CBK’s CBDC move, Zambia announced plans to complete research by the end of this year to create it’s CBDC. Africa’s cryptocurrency (crypto) market grew by 1,200 per cent with $105.6 billion worth of crypto assets between July 2020 and June 2021, according to the 2021 geography of cryptocurrency report. A new African crypto exchange, www.topit.africa did $15 million in transactions in the last two quarters of 2021.

On 25 October 2021, Nigeria became the first African country to launch its own CBDC by the Central Bank of Nigeria (CBN), about six months after CBN issued a communique to banks to shut down customer accounts linked to crypto. At the launch, President Muhammadu Buhari said, ”the adoption of a CBDC could improve economic activities and increase Nigerian GDP by $29 billion over the next 10 years.” In August 2021, the Bank of Ghana (BoG) announced a partnership with Giesecke+Devrient (G+D) to pilot a general-purpose Central Bank Digital Currency (retail CBDC) in Ghana. According to a 2021 survey of central banks conducted by the Bank for International Settlements (BIS), it was observed that 86 per cent of central banks are actively researching the

In this concluding essay on Africa’s digital economy to end the first quarter, I focus on the emerging crypto economy in Africa. CBDC is a digital currency issued by the Central Bank, and is intended to serve as legal tender, while Crypto is a privately issued digital asset based 32 www.cioafrica.co | APRIL 2022 | CIO AFRICA

potential for CBDCs, 60 per cent were experimenting with the technology and 14 per cent were deploying pilot projects. In Africa, there are about a dozen countries exploring CBDCs according to a tracker by the Atlantic Council think tank. Even though Africa has the smallest crypto economy of any region, it has the highest grassroots adoption in the world with Kenya, Nigeria, South Africa and Tanzania all ranking in the top 20 of the Global Crypto Adoption Index. This has led to Africa having a bigger share of its overall transaction volume made up of retail-sized transfers than any other region at just over 7 per cent, versus the global average of 5.5 per cent. This is partly because crypto is reducing the high transaction cost in Africa when it comes to remittance and movement of money. Another reason for the adoption is the safeguard against inflation which keeps going up in most African economies. And most importantly, it is a means of getting around regulations according to Edmund Higenbottam, Managing Director of Verdant Capital, who said that the popularity of the crypto currency was tied to the strict capital controls deployed on the continent. ”Cryptocurrencies are a means of getting around regulation. And you see that in terms of the high usage of cryptocurrencies in countries that have very strong exchange controls or capital controls. You see using cryptocurrencies


to get around regulation in many different ways, including money laundering regulations.” Nigerian Vice President Yemi Osinbajo said, ”Cryptocurrencies in the coming years will challenge traditional banking, including reserve banking, in ways that we cannot yet imagine. We need to be prepared for that seismic shift.”

• EVENTS AND CONFERENCE MANAGEMENT • AUDIO VISUAL AND EVENTS GEAR • BRANDED PROMOTION GIFTS & APPAREL • EXPO BOOTH BUILDING & CUSTOM BUILDS

O FF I C I A L A V & EXPO PARTNERS CONTACT: TEL: +254 786 188 400 EMAIL: BRANDING@EVENTS-SOLUTIONS.CO.KE WWW.EVENTS-SOLUTIONS.CO.KE www.cioafrica.co | APRIL 2022 | CIO AFRICA

@CIO_AFRICA | WWW.CIOAFRICA.CO

That challenge seems to be less so in Sarafu, a network of community-governed digital currencies running on a public, nonprofit university led decentralised ledger system called BloxBerg (an EVM Ethereum blockchain). Originally started in Kongowea village, Mombasa, spread to Nairobi’s slums and now in refugee camps such as Kakuma. It is cushioning these communities in the face of the corona recession as an alternative currency of settlement for the trade of community goods and services. The Sarafu’s community currency network has reported growth, totaling $3 million in trade for 58,600 users across Kenya. In Ghana, www.BenBen.com.gh is working with the Lands Commission and some banks to create a smart-contract based house financing system – these are the kinds of innovations that will bring the cyrpto economy to the mainstream in Africa in the not-too-distant future.

PRODUCTS & SERVICES:

@CIOAFRICA

Topsy Kola-Oyeneyin, Partner of McKinsey’s Payments Practice based in Nairobi, said ”people look at crypto as a way of basically storing their money like a crypto stable coin, ready to be converted to the local currency as needed functioning as hedge against devaluation. They then realised that with the stored crypto, they can participate in crypto lending via a decentralised finance (DeFi) liquidity pool and earn some interest. So, all of a sudden your crypto actually becomes more valuable.” Then there are those who want a loan as the borrower so they can use their crypto assets as collateral for loans much faster than might be possible through traditional lending. This mimics the traditional savings and loans schemes that have been used in Africa for generations, now deployed using crypto. ”It’s very exciting but there is still a gulf between the crypto opportunity and those who can access it. A number of the underbanked really don’t understand how to participate in the crypto market. That’s a challenge.”

33


>> IT LEADERSHIP

Kevin Namunwa

Writer

34 www.cioafrica.co | APRIL 2022 | CIO AFRICA


Demystifying the Kenyan Data Protection Act and GDPR There is a lot about data that is black and white. But there are certain parts that are still grey. How well do you know your Data Protection Act (2019)?

Shem Otanga Partner, Cliffe Dekker Hofmeyr (CDH), helps debunk the Data Protection Act and what it means for CIOs Shem believes more still needs to be done in the enforcement of the DPA. “There are proactive institutions that have taken steps to align their policies, procedures, infrastructure with the requirements of the Act,” Shem said. ”From my experience, what I’m seeing is that there’s a lot of compliance appetite from foreign institutions because they realise that the act has extra-territorial applicability to them.” There have been a lot of foreign companies coming to Kenya and this affects the local companies. These companies are coming from countries where these laws were enacted way before and with them coming to Kenya right now, they are at an advantage with the laws here still in the process of enforcement. According to Shem, compliance has also

The Issue of Consent Consent is another misunderstood factor. The definition of consent is up for debate. People have had their personal data processed without necessarily giving consent, as per the definition of consent. ”I find a large gap in compliance. People collecting personal data without notifying the data subjects themselves. They process it, sometimes use it commercially and this is a common incident of breach. We have also seen cases of people collecting your data for one purpose and using it for another,” the CDH partner said. ”Consent cannot be implied. It has got to be free, specific and informed. The firm processing personal data needs to tell the data subject where the data will be stored, what it will be used for, which third parties will have access to it, and to disclose the security measures put in place to protect this personal data,” he further explained. Unsurprisingly, most Kenyans are not conversant with the limits of consent. For instance; you might be online trying to access either a loan or a certain digital service and end up giving your personal data without knowing that the company is breaching your rights. Consent can’t be tied to anything else. You are not supposed to be denied a certain digital service because you didn’t share some sort of

personal data. The General Data Protection Regulation (GDPR) EU’s GDPR comes in to add more protection to the data subject. The GDPR is what has led to a lot of the legislative activity we are seeing in Africa on data protection. It is considered by many to be the most comprehensive in data protection and it covers the entire EU. ”The GDPR was centrally placed, and it gathered global traction also because it has extra-territorial applicability. It says, ‘If you being outside the EU collect or process personal data of persons within the EU then you are obligated to comply with the standards provided by the GDPR.” With the incorporation of the GDPR, we are now seeing a fair amount of litigation in relation to privacy rights even though it mostly applies to image rights. The GDPR was incorporated in the Act to make it more inclusive in all the key areas in relation to data safety. There are a lot of organisation processing personal data at one point or another. It is important that they are regulated on how they use the personal data. In Kenya, the office of the Data Protection Commissioner is not yet fully functional, which is why for the most part, the act is not being enforced. This is the reason why some of these companies are not running up and down to prove what they are using personal data for, where it is stored and if the data they received was consensual. Hopefully, in the near future, Shem expects we will see the Act being enforced to the letter. After all, data is the new oil in need of protection. www.cioafrica.co | APRIL 2022 | CIO AFRICA

@CIO_AFRICA | WWW.CIOAFRICA.CO @CIO_AFRICA | WWW.CIOAFRICA.CO

Plenty of companies, if not all, process your personal data. Except, the definition of personal data is so wide, your employer getting your name and national ID number means they have accessed and processed your personal data.

been an issue with the development of the Act. He says that the data subject needs to know when a company is processing their personal data, and what they are doing with it. The company dealing with your personal data needs to have a ground for processing the personal data, either a consent or several other grounds.

@CIOAFRICA @CIOAFRICA

The Kenyan Data Protection Act came into force in 2019, but it is yet to be enforced fully as there still are debates around the various parts of the act. The act is heavily aligned to the European Union’s General Data Protection Regulation (GDPR) that has been at the forefront in ensuring that personal data of EU residents is protected and is used for the right purposes. One of the most confusing parts of the act is what it says about processing of personal data.

35


>> SUMMIT 2022

STEVE MBEGO

Writer

AFRICA CLOUD & SECURITY SUMMIT 2022

How To Deliver Services and Value Through The Cloud Cloud computing has become a critical tool for businesses. The pandemic was a global wake-up call that shone a spotlight on the importance of systems resilience, agility, adaptability and scalability. In a presentation at the Summit, Managing Director East Africa Region, Africa Data Centres, Dan Kwach highlighted the importance of cloud migration for organisations. ”Cloud is a catalyst for innovation and growth in the future. It is also the heart of business reinvention through the strategic use of data analytics and artificial intelligence. Cloud is a game-changer. It is no longer merely a convenient source of computing or storage resources and businesses that view the cloud this way are missing out on its true value,” he stated. Kwach also advised organisations on how they can best deliver services and value through the cloud. According to him, for organisations to gain true value from the cloud, they should first come up with a good strategy. ”To gain true value, the first step must be aligning the entire enterprise. Any good cloud strategy requires a methodical framework for delivering and measuring the value to the organisation both currently moving forwards, and this must delve into financials, operations and technologies,” he said. According to him, ”A business must realise how it will benefit from cloud 36 www.cioafrica.co | APRIL 2022 | CIO AFRICA

You Have Been Hacked. What Next?

migration. It also makes sense to prioritise the easy rewards first, which goes beyond mere cost savings,”. He stated that entities can realise the following value by successfully implementing cloud in the business. According to him, the cloud will: •

Help to support business acceleration

Maximize developer productivity

Increase the efficiency of the infrastructure

Enhance compliance and security.

When it comes to public cloud, Kwach said organisations should carefully choose the right hyperscalers to work with ”Any organisation needs to look at the support it will get from a hyperscaler as well as how it can benefit in terms of innovation and digital transformation. When it comes to going greener, hyperscalers are also on the lookout for ways to increase their sustainability and lower their footprint,” he said. Furthermore, he advised organisations on setting up the right team that will enable them to implement their cloud migration strategy. ”Nothing is going to beat a well-oiled human resource team. In as much as you can talk about scalability and agility on the cloud side, it is imperative on us to make sure that the teams we have in our organisations are working to the same kind of speed,” he stated.

With an increase in cyber threats, organisations need not only to protect themselves against hackers but also to have an effective data breach response plan in case it happens. In a presentation during the Summit, Territory Manager at Symantec by Broadcom Software, Djamil Jaddoo advised organisations on the need to have an incident response plan that will guide the actions to be taken in case they are hacked.


”An incident response plan (IRP) is a set of documented procedures detailing the steps that should be taken in each phase of incident response. IRP is an organisational process that enables timely, effective response to cyberattacks,” he said. According to Djamil, the incident response process includes:

recur. It should also include guidelines for roles and responsibilities, communication plans, and standardized response protocols. The Communication Plan, Djamil says, will enable organisations to treat communications with care, keep stakeholders informed and comply with law enforcement that requires security breaches to be reported to authorities when they happen.

identifying an attack,

understanding its severity and prioritizing it,

investigating and mitigating the attack,

restoring operations, and

Djamil noted that security should not only be a management concern but should cut across all categories of people including customers.

taking action to ensure it won’t

”We are moving from the board room

to the basement. Security is top of mind to all CEOs, CISOs, and Boards, it’s never been a better time to approach customers about their security concerns and plans into the future,” he said. Companies that fail to take cybersecurity seriously stand to suffer financial and reputational hits. ”Just some of the many recent examples of major financial and reputational hits enterprise can suffer. Attackers aren’t going after small, unprotected companies either. Attackers are targeting large enterprises because that’s who has the money to pay out ransoms. And because they’ve found weak spots in these companies' security postures,” he stated.

Strategies For People Transformation In Digital Transformation

Effective communication is a critical cog in digital transformation as it generates the synergy that promotes a better understanding of what an organisation is trying to achieve. According to Isaac, there is a higher risk of digital transformation failure when management fails to communicate effectively and prepare its people well for the change. ”Effective communication from management is very important. Management must share their vision, what they want to bring and the effect it will have on the organisation. Organisations should benchmark their employees with companies that have already undergone training to share www.cioafrica.co | APRIL 2022 | CIO AFRICA

@CIOAFRICA @CIOAFRICA

In a panel discussion during the CIO Africa Cloud & Security Summit themed What About People Transformation In Digital Transformation? Isaac Mwangi, Leader, Technology Strategy, Miradi Capital, Robert Nyamu, Partner & Technology Consulting Leader at Ernst & Young and Imran Chaudhrey, Country Manager, EA at Fortinet shared strategies on how organisations can prepare their people for digital transformation. The session was moderated by Anita Chege, Head, Products, Digital & Marketing at Letshego.

@CIO_AFRICA | WWW.CIOAFRICA.CO @CIO_AFRICA | WWW.CIOAFRICA.CO

COVID-19 has forced many organisations worldwide to undergo digital transformation. However, failure to prepare, involve and hire the right people during such transformations could make the whole process unsuccessful.

37


>>SUMMIT 2022 experiences. This helps people to have a feel of what is expected,” he said. Another issue standing in the way of a successful digital transformation in an organisation is people issues as highlighted by Imran. He said: ”Digital transformation is a big driver for business. Many times, we find a disconnect between the vision and the actual implementation of the project on the ground because of people issues. Employees may fear that automation may cause job losses,”.

Two Security Considerations In Cloud Management

Imran noted that the shortage of IT talent that faces many African countries is a real impediment to digital transformation. ”As customers move to the cloud, the biggest challenge for organisations is having the right skillsets for digital transformation. Organisations are not investing in cyber-ready professionals There is a huge IT skill gap of talent in Africa and this problem is going to be on for a while” he stated. Robert advised companies to hire the right people to come up with digital transformation strategies and implementation. ”The people element is very important in getting digital transformation right. You need the right people to help with the strategy. You need to democratise the process because most people sometimes resist change,” he stated. Cybersecurity threats have increased in the last two years as organisations accelerated digital transformation due to the ongoing pandemic. The experts, therefore, urged governments to take cybersecurity seriously as they transition to digital platforms. ”Security is not an afterthought. It is a critical pillar in the digital transformation and should be incorporated right from the beginning of the design phase. You need to involve security experts whenever you roll out apps. You must train customers both on the applications and security endpoint,” Isaac said. 38 www.cioafrica.co | APRIL 2022 | CIO AFRICA

CIOs should combine Zero Trust and Secure Access Service Edge (SASE) strategies to safeguard their organisation's resources from cybersecurity attacks, experts say. In a presentation during CIO Africa Cloud & Security Summit, Territory Manager at Symantec by Broadcom Software, Djamil Jaddoo and Technical Manager at Symantec by Broadcom Software, Tharvesh Takoory, say when used together, the two approaches would help safeguard organisations from cyberthreats. Tharvesh advised organisations to adopt the zero-trust approach to thwart hackers from physically accessing critical company resources that may expose them to cybersecurity risks. ”Zero trust is based on verifying every user. It is based on verifying every user. It is centred on the belief that organisations should not automatically trust anything inside or outside their perimeters and must verify everything trying to connect to its resources before granting access - based on identity, context and trustworthiness,” Tharvesh said. According to Tharvesh, Zero Trust sits between people, devices and networks.

Organisations should ensure that only the right people get access to the resources that they need. They should also manage the devices that access their networks and should have come up with practices that monitor, audit, and safeguard their networks from cyber-attacks. In coming up with a Zero-Trust strategy, Tharvesh advises organisations to first define it starting with access, then prioritize capabilities, identify useful technologies to be used in the process, come up with data security policies for hybrid cloud and enable secure access to internal apps. Moreover, organisations can achieve Zero Trust through SASE (Secure access service edge). SASE is an emerging offering combining comprehensive WAN capabilities with comprehensive network security functions to support the dynamic secure access needs of digital enterprises. ”SASE creates the structure that makes Zero Trust flexible and easy to manage by pushing simple, fast, flexible and scalable security to the service edge. It helps organisations manage their tech and infrastructure approaches from one location. It creates the structure that makes Zero Trust flexible and easy to manage,” Djamil said.


Symantec™ Data-Centric SASE Scalable, high-performance, cloud-delivered network security at the Service Edge. SASE is a vision of converged technologies to improve network performance and security for users who can be anywhere, use any device, and need access to content and applications

@CIOAFRICA

Ask for a demo today! Contact us at esa@mbcom.com.

@CIO_AFRICA | WWW.CIOAFRICA.CO

from corporate data centers and cloud platforms.

MBCOM Technologies, Broadcom Representative 2nd Floor, Standard Chartered Tower, Bank Street, Cybercity, Ebene, Mauritius | esa@mbcom.comwww.cioafrica.co | APRIL 2022 | CIO AFRICA

39


>> SECUREWORKS Q&A

STEVE MBEGO

EMERGING TRENDS IN CYBERSECURITY

Ivy Kashero,

Territory Manager - Emerging Africa - Secureworks

Writer

According to predictions from Gartner, global spending on cloud services is expected to reach over $482 billion in 2022, up from $313 billion in 2020. CIO Africa spoke to Territory Manager – Emerging Africa, Ivy Kashero at Secureworks on the latest cybersecurity trends organisations should look out for in 2022 as they embrace the cloud. Q1. With organisations adopting cloud services more than ever, what would you say are the 5 threats to cyber security in 2022? There will be an increase in cloud-based attacks due to the assumed security of these platforms. Organisations 40 www.cioafrica.co | APRIL 2022 | CIO AFRICA

will deploy new applications and infrastructure to the cloud where possible and spend less time understanding the particulars of their environment. There will be an increase in cloud-based attacks due to the false assumption that security

is built into the core cloud platforms (Azure, AWS, etc.) or within SaaS applications. Organisations will deploy new applications and infrastructure to the cloud where possible and spend less time understanding the particulars of their environment.


Insufficient identity, credential, access and key management.

a. This includes the failure to use multifactor authentication, misconfigured access points, weak passwords, lack of scalable identity management systems, and a lack of ongoing automated rotation of cryptographic keys, passwords and certificates. b. The SolarWinds breach cast light on this increasingly important issue – how authentication mechanisms can be stealthily subverted to reach sensitive resources hosted on cloud services. SolarWinds revealed the fragility of cloud single sign on. Having gained initial access via trojanized SolarWinds code, threat actors were able to completely bypass authentication controls in several of their victims by stealing SAML token-signing certificates or other secret key material. Their administrative access also allowed them to add new credentials, modify permissions to cloud applications, and evade multi-factor authentication by enrolling additional devices they had access to. It formed a striking, realworld example of a cross-domain credential compromise.

Data Leaks and Data Breaches. Since the cloud is a shared environment, a single vulnerability on the cloud opens the whole environment to be compromisedw leading to data breaches and loss.

The top 5 threats for the cloud are: •

Insecure APIs. Insufficient API security is one of the major causes of cloud data breaches. Gartner predicts that by 2022, APIs will be the most common vector used frequently in cyber-attacks.

Misconfiguration. It’s not uncommon for enterprises on the cloud to suffer from some sort of cloud misconfiguration, which affects security. Common weaknesses include default passwords, inadequate access restrictions, mismanaged permission controls, inactive data encryption, and many more. Many of these vulnerabilities result from insider threats and a lack of security awareness. At the same time, cloud providers add new security features all the time, and when they do, the security controls are often set by default to be the least secure so as not to break legacy systems. The onus is then on the customer to understand and implement these new controls. If the controls are not set up correctly, then there is a lot of potential for misconfiguration errors. Advanced threats and attacks against the cloud application provider. State-sponsored threat activity remains narrowly targeted but often drives the focus of security practitioners and the media alike. The way in which the SolarWinds breach cast light on

how threat actors can subvert authentication mechanisms to reach sensitive resources hosted on cloud services is a case in point. Q2. As there has been such a surge in working from home, this has created concerns for cybersecurity professionals, exposing businesses to many threats. What preventive measures would you recommend a business takes to fill those gaps? Organisations must adopt a Zero Trust security model. If employees are going to be accessing all their workloads remote, then a strong authentication and least privilege model must be in place. Endpoint based security is also more important than ever. XDR, and agentbased vulnerability management are the order of the day. Organisations need to protect each endpoint no matter where it resides. Organisations need to also provide robust guidance and training for employees. Make it clear how employees should be working remote, and how they are still responsible for protecting company data and devices. And finally, the one thing that we learned from the surge in work from home is that companies can no longer rely on traditional network border/ perimeter controls. Companies now need to perform testing to ensure that their ‘new’ perimeter is secure. Due to the surge in remote work due to COVID 19, Secureworks began offering a Remote Access Vulnerability Assessment. Leveraging existing methodologies from wide-scope Penetration Testing, the Remote Access Vulnerability Assessment is designed to test your organisation’s remote access point vulnerabilities and verify that new www.cioafrica.co | APRIL 2022 | CIO AFRICA

@CIO_AFRICA | WWW.CIOAFRICA.CO @CIO_AFRICA | WWW.CIOAFRICA.CO

@CIOAFRICA @CIOAFRICA

While cloud-based technologies, such as containers, make cloud deployment easier, they also introduce additional risk as the daemons and orchestrator APIs used to manage them introduce their own attack surfaces that require specialized expertise to properly harden and monitor. Cloud and SaaS solutions introduce areas that are still not clear in terms of who owns the data protection, and threat actors know this. Therefore, we can expect more attacks due to misconfigurations, vulnerabilities, and a lack of adequate controls on these platforms.

41


>> SECUREWORKS Q&A and existing remote access technologies were deployed in a secure manner. For a more in-depth analysis of perimeter security, business should consider a widely scoped External Penetration test and Web Application Security Assessments for externally exposed technology. Q3. What three cybersecurity questions should every C-Suite ask? •

What is our inherent cyber security risk posture, and how is that measured? What is our attack surface and do we have visibility into our entire attack surface? Any gaps in visibility will need to be addressed.

What level of maturity should we be at to properly manage our inherent risk posture and what framework are you using to measure maturity? What is the process and cost to get us to the proper maturity level?

What is our MTTD (mean time to detect) a threat? This speaks to how quickly can an organisation detect and remediate an issue or threat actor's activity in their environment based on the previous question about visibility. If the MTTD is too slow, periodic security exercises might be carried out to keep security staff in practice. It might also raise questions as to missing visibility/effectiveness of existing visibility which should then be resolved.

Q4. Would you like to share any cybersecurity forecasts or predictions of your own with our readers? The Cyber-Skills Gap Will Grow Wider in 2022. Continued cyberattacks reaching further down-market into targets of opportunity – of all sizes and across 42 www.cioafrica.co | APRIL 2022 | CIO AFRICA

every industry – will exacerbate the already yawning cyber-skills gap. This will lead to increased recruitment and turnover in the ranks of security defenders as scarce talent is sought out in the marketplace by an increasing number of buyers across all sectors

rising demand for solutions that span both functions, and security vendors will include both IT and Security in their roadmaps, such as detection and enumeration of the attack surface, and deep telemetry from discovered assets with IT and Security insights.

Patching will increasingly becoming important. Organisations will fail to patch their systems in a timely manner and consequently will be compromised. This will be particularly profound in smaller organisations that lack the staff and expertise to properly manage patching, configuration, and policy changes as well as overall remediation. As a result, there will be increased demand for systems that prioritize, automate, track, and verify remediation

Q5. What are the latest threat patterns that organisations should look out to?

activities among service companies that work with smaller organisations. Log4j is just the latest example of the level of disruption and risk a vulnerability can deliver as we close out 2021. Risk-Based Vulnerability Management will Take Lead. Spending will increase in the area of vulnerability management and organisations will invest more in risk-based modeling and prioritization solutions. The Virtual SOC is Here to Stay In 2022, we will not see the return to on-site SOCs. Instead, we will see an increase in a hybrid model where several services will be outsourced (threat detection, threat hunting, incident response) and others will remain controlled internally but through remote workers. The physical walls of the SOC have permanently been taken down ITOps & SecOps Combine Powers IT Operations and Security Operations synergies will increase in 2022. We’ll see

Privilege escalation from on-prem to cloud or vice versa. With some cloud platforms, such as Azure for example, companies might have migrated from on-prem to cloud during the pandemic and might be unprepared for just how linked their on-prem and new cloud infrastructure might still be. The Secureworks Counter Threat Unit ™ has demonstrated in previous projects that it is possible to jump from having a user in an on-prem machine to having a user in the cloud platform and pivoting from there to spin up further infrastructure. Companies need to be aware of how inter-linked their user accounts and infrastructure can be (including use of third party auth providers). Ensuring least privilege is implemented through cloud platforms. So often we see over-privileged IAM users/ access tokens being stolen and used to malicious spin up coin miners, or ransomware S3 buckets that had overpermissive access Q6. What are best practices for today and how can businesses avoid cyber threats such as ransomware, phishing attacks, etc.? Make sure the company is well read on any technology they are using, for example default configurations and their downsides (often default configurations are insecure and need to be changed). Companies should also keep up to date on security information related to platforms they have


infrastructure in to keep up to date with the latest developments (both feature and security wise) Q8. Is cybersecurity getting more expensive or less expensive? This depends on how you look at it. Cloud platforms are adding new features every day for built in vulnerability scanning of VMs and images, CICD scanning, more in-depth monitoring, even crossplatform capabilities in some cases. Unfortunately, many of these security features cost more money. A great example is when it comes to licenses. The cost differential can increase substantially and what you are effectively paying for is further availability of logs for users. In this aspect it could be considered more expensive if you want all the bells and whistles.

prem infrastructure. Q9. Companies are turning to AI to enhance their cybersecurity. What are the downsides of using AI in cybersecurity? AI is great at catching anomalies in log data but companies shouldn't rely on a single process to catch everything. Companies should use a mixture of AI log analysis, human threat hunters, metric alerting, etc. to cast the net as wide as possible and cover as many bases as they can. Each process has its own pros and cons, but using them all in conjunction with one another leads to force multiplication which enhances security protection. AI can also greatly speed the work of human analysts and do so at a speed and scale beyond the reach of unaided human operators.

But it can’t be your only cybersecurity strategy. When you're searching for important needles in immense haystacks, the most effective strategies will always come from the pairing of machine intelligence with the best of human intuition from expert analysts. In terms of downsides, AI can be expensive to build up/maintain and it can produce false positives like any other monitoring process (handson-keyboard humans included). AI also requires a lot of training data. With cybersecurity, we rarely have enough training data of malicious activity because we’re facing intelligent adversaries that are always changing their tactics to try to outmaneuver our latest prevention and detection capabilities, including ML.

@CIO_AFRICA | WWW.CIOAFRICA.CO @CIO_AFRICA | WWW.CIOAFRICA.CO

From another perspective, some organisations might opt not to enable every single security feature being offered by cloud platforms and instead spin up their own CICD scanning, image scanning and perhaps even their own SIEM. Doing this may allow cost savings whilst still capitalizing on the broad visibility logs from cloud platforms can provide. Organisations with these advanced capabilities can also tailor and scale their compute engines to their exact needs to save money. And, if utilised correctly, most cloud platforms offer great billing visibility and alerting which can be used to manage costs.

@CIOAFRICA @CIOAFRICA

To summarize, if you just pick defaults and turn on all security features in cloud it'll be more expensive in all likelihood. But if you put in the time to learn your environment and your own business needs, you can utilise scaling to minimize costs and you might actually save some money compared to old onwww.cioafrica.co | APRIL 2022 | CIO AFRICA

43


>> THINKING ALOUD

Michael Michie

The Games We Should Play The Cloud has more to it than meets the eye. It can do as much as the imagination can stand. Why not use gaming to explore it especially if you are in the financial services industry? Finding the right use and implementation of cloud solutions can be a challenge. One may end up with complex solutions that serve little 44 www.cioafrica.co | APRIL 2022 | CIO AFRICA

purpose or heavily under utilise the cloud solutions they have. Beyond the point of cloud adoption, that is email and document management, exist opportunities that can be imagined and tested, the results would be as wild as the imagined use case.

of the ages, the oldest and best way to learn. Games have a rich history of using cloud that shows the potential of cloud services and solutions. Certainly, games equally had a gradual progression through the adoption of cloud to get to where they are now.

Playing around with the cloud like this can create interesting solutions. Naturally we turn to games, the tools

The financial services industry is one of the fastest growing cloud consumers out there and they too are


The best way to understand dynamic and interactive apps is through gaming. With role playing games (RPGs), the story can be left for the player to discover through their own style. These games have a variety of characters to choose from and various playing styles, all the way down to the tiny cosmetics that would make the game a unique experience even after several play throughs. Other games take this a notch higher and allow for multiple endings depending on the journey the player took. Transfer this into a financial services app and what do we have? Right off the bat we have a bulky and resource intensive app that runs on a set of limited devices (like Crysis 3, a game so powerful most PCs struggled to run it then). These interactive apps are what we now desire - where we can customise and interact more uniquely facing a stumbling block. Maybe this is the reason most financial services apps look identical. They are trimmed to a point where we are always left with a skeleton just with rs) Games have the answer to this and its in the history of gaming

Cloud gaming essentially attempts to allow any game despite the spec requirements run on any device such as a mobile or tablet, removing the heavy cost of highend PCs and consoles. The concept sounds simple and can be compared to streaming services such as Netflix, HBOMax and Crunchyroll which have removed the cinema, tickets, expensive snacks, and fixed schedules. Financial services apps can at times be as bad as banking at a branch (that you didn’t open your account in). These apps are merely digital versions of the same services with the same limitations and pain points. The apps are more of text boxes, labels, and input boxes. User experience can not be tracked to a granular level. Maybe worst of all despite who much is spent on making brands unique the financial services apps are all the same, indistinguishable. The adoption of a similar model to that of cloud gaming has adopted would mean that the apps

developed can grow in complexity without restricting some devices from running the apps. The apps can contain video, audio features, even have accessibility for those with impairments to leverage on. More services can be offered as they all run in the cloud. With most of the heavy compute on the cloud, more devices can be made compatible with the apps’ older android and IOS operating systems would run the app, and this would mean more potential penetration into the market for the app. It would mean the ability to improve the security of the apps. Too many apps out there require end users to update manually meaning vulnerable versions are out there in the wild. This is a huge concern. Unless with each update there is a complete overhaul of the architecture and technology stack. That is a tall order and highly unlikely. The end user devices would be spared the trouble of drained battery, over heating and reduced performance whenever these apps run. Having an app that barely consumes any resources on the end user devices is a great user experience to leave a customer with. The challenges normally faced with cloud gaming fortunately do not all translate into its adoption into the financial services industry. The latency issues would be barely felt, unless the financial services app built is also a Triple A game with Next Gen graphics. Hardware selection and video compression would not be challenges that would migrate over. The best way to learn and appreciate the value of adopting the cloud gaming architecture would be to play in the cloud experience when the limits of its utilisation are limited to the imagination. Remember, you can learn more in an hour of play than a year’s worth of conversation. Go play with the cloud. www.cioafrica.co | APRIL 2022 | CIO AFRICA

@CIO_AFRICA | WWW.CIOAFRICA.CO @CIO_AFRICA | WWW.CIOAFRICA.CO

The new and better cloud offerings is the frontier awaiting the best of the financial services industry. New and better simply means the interactive and dynamic app. An interactive app goes beyond scripted responses. It can utilise more than just text and buttons to communicate feedback, actions, and reactions. A dynamic app is one that can adapt to the end user it changes to the preferences and style of use.

and the cloud. At the start, games began using the cloud for storing saved game data. This allowed users to access their profiles and saved games on other devices. They were no longer restricted to the console that they had. But this was just the beginning. Next was the game streaming watching other players play various games either live games or recorded games on platforms such as YouTube and Twitch and slowly increasing these into more interactive sessions especially with the live games such as on Twitch. Cloud gaming was the next evolutionary step. This is the ability to use any devices to play any game without worry of the game hardware and software requirements. All that was required is the device a player has be capable of input (control to send instructions), and output (display to show the results of the input).

@CIOAFRICA @CIOAFRICA

following a similar path. This is case where learning from history can put organisations ahead of the curve. Financial service providers have all raced to the mobile app segment to leverage it to grow market share, revenues, improve retention, discover more about their customers, create new and better solutions for the customers.

45


>> HARD TALK

ROBERT YAWE CEO, Synaptech Solutions

The No Tech C.I.O. A few days before penning this article, I was invited to moderate a discussion at one of the CIO Symposiums on cloud, The Africa Cloud & Security Summit with the provided talking points being managing systems on the cloud such as security, patching and hardware refresh. As the proposed topic felt dry, I opted to go off at a tangent and try to pry out the main reason why we are not seeing an exodus to the cloud yet we have been talking about it for over ten years now across different fora. While preparing, I needed an example that was close to home on how cloud must be perceived by many of us and so I picked Abunuwasi (a tale popular along the East African coast) who built the sultan a castle in the clouds. I believe that would be what would today be referred to as Infrastructure as a Service (IaaS). I believe that for many of us, infrastructure as a service is a little easy to embrace if at the end what you get is still ”bare metal,” something familiar especially for those still running on-premise data centres and by extension happen to be the same ones who keep me in business. Over the years, we have kept adding prefixes to ”As A Service” such as Security, Storage and more recently, Software. In the real world, all this is being collapsed into just Cloud with all the other services disappearing from view. That, to me, could be what is causing resistance from my ilk. When you have defined yourself by the volume of hardware in your control ranging from blade servers to flash drives, it 46 www.cioafrica.co | APRIL 2022 | CIO AFRICA

can be heart wrenching to perceive life without hardware or its related trappings. In one of my previous articles, and I believe also the topic of my current podcast, (www.aqute.co.ke/yawes-hard-talk/) I wrote about how Google, yes, the 800-pound gorilla who you can’t live without, had stolen one of my clients. In short, the client had been moved by Google from an onpremise hosted MS Exchange Server to G-Suite, allowing them to power off the server on which it resided, cancelled my support contract and also redeployed or fired a number of staff whose work it was to keep it running while also configuring user devices. Just like that, my client went from legacy, yes exchange on premise is now legacy, and instead flew out into the cloud with instantaneous mobile access to email from their device of choice without having to talk to IT. Yet, as we speak, they totally refuse to move any other service into the cloud as they believe it is not safe. Recently, I was taken through a demo on a core banking application which is entirely in the cloud providing all the aaSs which means that a bank can be setup without a need to hire a single person for their IT skills in the same way you run your social media activities. Therefore, does this mean that in the near future, CIO will not need any ownership of IT to deliver services to the organisation’s staff and clients?


Business | Technology | Leadership Leverage the CIO Africa digital services to build stronger business relationships with the most valued customers and prospects.

Partner zone

Weekly newsletter

Thought leadership, Product Demos, Customer Engagement

Engaging content Marketing where your customers come for content

Reach over 10,000 Curated readers who receive our newsletter every week

Social media marketing

ONLINE ADVERTISING

Reach over 100k users through our social media platforms

Place your banners adverts where they will be seen. We drive more than 3 Million page views

CUSTOM RING-BACK TONES Let potential customers hear your messaging when calling their friends, family or colleagues

Seize the opportunity to position your brand, products and services on the CIO Africa portal.

@CIOAFRICA

WEBINAR

@CIO_AFRICA | WWW.CIOAFRICA.CO

Push your digital marketing with the right tools and partner

marketing@cioafrica.co www.cioafrica.co | APRIL 2022 | CIO AFRICA

47


PARTNER WITH US FOR A SEAMLESS VIRTUAL & HYBRID EXPERIENCE To partner with us, please contact: Tel: +254 (0) 701 627 097 studio@cioafrica.co

@ONAIRSTUDIOS 48 www.cioafrica.co | APRIL 2022 | CIO AFRICA

@CIOAFRICA

@CIO_AFRICA


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.