CIO ONE January 2020

Page 1



EDITORIAL

PUBLISHED BY Business Media International REGISTERED OFFICE: Office 10, Sharjah Media City www.bmi-digital.com EDITOR IN CHIEF Raman Narayan narayan@bmimea.com Mob: 971-55-7802403 SALES DIRECTOR Ankit Shukla ankit@bmimea.com Tel: 971-4-2618885, Mob: 971-552572807 EDITORS Baraka Jefwa baraka@bmimea.com Tel: 971-4-2618885 Mob: 971 50 237 3005 CIRCULATION MANAGER Bhawana Bhatia bhawana@bmimea.com Tel: 971-4-2618885 SALES R. Subramanyan subu@bmimea.com Tel: 971-4-2618885 FINANCE Akhilesh Pandey akhilesh@bmimea.com Tel: 971-4-2618885 DESIGN Ali Raza ali@qnamarcom.com Tel: 971-4-2618885

HELLO TO A NEW DECADE OF TRANSFORMATION! At the beginning of the last decade, many of the technologies that are mainstream now were just about beginning to emerge and in that sense, the decade gone by has been quite transformative. The new decade might well be more transformative in terms of how technologies become more integral at our workplaces, in our homes and wherever else we go. Technologies will continue to empower and also be disruptive. The kind of skillsets needed will alter the jobs landscape. Data from IDC research says that cybersecurity roles will see a VLJQL¿FDQW JURZWK RYHU WKH QH[W IHZ \HDUV EXW GHPDQG JURZWK IRU ,7 WHFKQLFDO UROH ZLOO UHPDLQ HVVHQWLDOO\ ÀDW ZLWK D &$*5 'DWD VFLHQWLVWV HQJLQHHUV SUR¿FLHQW ZLWK PDFKLQH OHDUQLQJ WHFKQRORJLHV DUH DPRQJ UROHV WKDW ZLOO VHH VLJQL¿FDQW ULVH LQ GHPDQG $, DQG 5RERWLFV ZLOO DPRQJ WKH NH\ DUHDV RI IRFXV JRLQJ DKHDG ZLWK $, FOHDUO\ EHLQJ VHHQ DV D FUXFLDO HQDEOHU RI LQWHOOLJHQW DXWRPDWLRQ HQKDQFLQJ XVHU H[SHULHQFHV DQG RXWFRPHV across several verticals. AI will also take away several repeat routine tasks from the workIRUFH HQDEOLQJ PRUH H൶FLHQFLHV 5RERWLFV V\VWHPV VSHQGLQJ LV IRUHFDVW WR EH ELOOLRQ WKLV \HDU DFFRUGLQJ WR ,'& $QG ZKLOH KDUGZDUH SXUFKDVHV DUH H[SHFWHG WR PDNH WKH EXON of these investments, the software investments are also a rising component in terms of the spend. )RU WKH &,2V DQG WKH WHFKQRORJ\ KHDGV DW FRPSDQLHV ]HURLQJ RQ D JRRG PL[ RI WHFKQROogies that are optimized to the requirements of their Business are among key concerns. Pioneering deployments of breakthrough technologies will always be a challenge and many companies in this region are stepping up to such deployments that will ensure they are in the forefront of their respective verticals. This year, more companies would look to become more digitally evolved over the course of the year as there is simply no alternative to digital transformation.

R. Narayan Editor in Chief, CIO One

Management Chairman S.N. Tiwari

CEO Saumyadeep Halder

sn.tiwari@bmimea.com

saumyadeep@bmimea.com

Publisher Raman Narayan

Managing Director Ankit Shukla

narayan@bmimea.com

ankit@bmimea.com

A supplement edition from Smart SMB. Disclaimer: While every effort has been made to validate the accuracy of all information included in the magazine, the publishers wouldn’t be liable for any errors therein Copyright@2019 Business Media International LLC. All rights reserved.

-DQXDU\ CIO ONE - 03


CONTENTS

CONTENTS COVER STORY

CASE STUDY Al Fardan Exchange partners with Cloud4c to empower business operations

IS RPA THE AUTOMATION GAME CHANGER?

INDUSTRY INSIGHT

14 Zoho continues to grow footprint in Middle East and beyond

26

Digital transformation in the Automotive industry

30

12

FEATURE Rethinking cybersecurity for the next decade

20

INTERVIEWS Embracing automated Business processes with RPA

A Single Security Recommendation to Solve an Age-Old Problem

32

2020 Application trends, opportunities and challenges

34

How the Edge is set to reshape the world of Education

36

18

A holistic approach to cybersecurity

24

Enabling successful digital transformation

29

04 - CIO ONE -DQXDU\

COLUMN

News

06

New Tech

37

Marketscape

38



NEWS

)257,1(7 6,(0(16 3$571(5 72 3529,'( %(67˨,1˨ CLASS PROTECTION FOR OT NETWORKS Partnership follows announcement of an Integrated Security Solution and Worldwide Bundle Partner Agreement to Support OT/ICS Environments Fortinet has announced a technology alliance partnership with Siemens, a global industrial powerhouse specializing in digital industries from environments such as electrical power, transportation, and oil and gas. The compaQLHV¶ DOVR DQQRXQFHG WKHLU ¿UVW LQWHJUDWHG solution combining best-in-class technology and a worldwide resell agreement to address the unique security and connectivity requirements of operational technology (OT) networks. While OT environments have traditionally been isolated from the rest of the IT network, H൵RUWV WR FRQYHUJH ,7 DQG 27 WR SURYLGH PRUH responsive and agile business outcomes have H[SRVHG 27 DQG LQGXVWULDO FRQWURO V\VWHPV (ICS) to increased cybersecurity risk. AccordLQJ WR WKH 6$16 27 ,&6 6XUYH\ MXVW RYHU SHUFHQW RI UHVSRQGHQWV UDWHG WKH OHYHO of ICS cyber risk to their organization as “seYHUH FULWLFDO´ RU ³KLJK ´ +RZHYHU JLYHQ WKH nature of many OT environments, traditional security solutions can sometimes leave gaps in protection of the aging or sensitive systems in place. Additionally, deploying reliable connectivity and security in harsh and frequently remote or substation environments has tradi-

tionally not been easy. While rugged products GR H[LVW DVVHPEOLQJ DQG GHSOR\LQJ WKH YDULous parts of the complete solution can create issues with connectivity, reliability, space, and even physical security. John Maddison, EVP of products and CMO at Fortinet, says, “OT networks are increasLQJO\ H[SRVHG WR F\EHU WKUHDWV WKURXJK WKHLU convergence with IT systems. By partnering with Siemens, a global leader in OT digital VROXWLRQV )RUWLQHW FRQWLQXHV RXU IRFXV RQ H[panding the Fortinet Security Fabric platform deep into OT networks. This partnership enables our customers to get even more value from their security deployments and facilitates the development and delivery of truly comprehensive, end-to-end security solutions VSHFL¿FDOO\ GHVLJQHG IRU 27 HQYLURQPHQWV ´ +LJKOLJKWLQJ WKH JURZLQJ LPSRUWDQFH RI cybersecurity in OT environments and the QHHG IRU VROXWLRQV VSHFL¿FDOO\ FUHDWHG IRU 27 networks, Siemens has joined the Fortinet )DEULF 5HDG\ 7HFKQRORJ\ $OOLDQFH 3DUWQHU Program to address the security challenges associated with the convergence of OT and IT networks. Technology ecosystem partners

John Maddison EVP of products and CMO, Fortinet are a key part of the Fortinet Security Fabric, which enables Fortinet and partner products to cooperatively integrate and provide comprehensive security solutions. Fortinet’s technology ecosystem partner solutions enable FXVWRPHUV WR JDLQ PRUH H൵HFWLYH VHFXULW\ DQG get even more value from their security deployments. 7KH ¿UVW )DEULF 5HDG\ VROXWLRQ IURP )RUtinet and Siemens integrates Fortinet’s inGXVWU\ OHDGLQJ )RUWL*DWH 1H[W *HQHUDWLRQ )LUHZDOO ZLWK WKH 5XJJHGFRP 0XOWL 6HUYLFH Platform family of switches and routers to improve the integration of cybersecurity into locations with harsh environments such as electrical substations, while simplifying management, space, and power issues.

VECTRA INTEGRATES AI-DRIVEN NETWORK THREAT DETECTION, RESPONSE WITH AWS VPC INGRESS ROUTING Vectra protects cloud deployments in AWS and is now available in the AWS Marketplace ployed using AWS CloudFormation and VecWUD LQVLJKWV DUH SXEOLVKHG DV ¿QGLQJV LQ $:6 6HFXULW\ +XE 7KH SHUIRUPDQFH DQG KHDOWK of the deployment can be fully monitored through Amazon CloudWatch.

Gokul Rajagopalan, Director of product management, Vectra Vectra, the leader in network detection and reVSRQVH 1'5 DQQRXQFHG WKDW LWV DZDUG ZLQning cybersecurity platform integrates AI-driven attacker detections, threat hunting and incident investigations with Amazon VirWXDO 3ULYDWH &ORXG 93& ,QJUHVV 5RXWLQJ The Vectra platform is now available in the AWS Marketplace. The Vectra platform uses Amazon VPC Traf¿F 0LUURULQJ WR PRQLWRU FRQQHFWLRQV LQ $:6 deployments to detect hidden threats without XVLQJ DJHQWV ,W LV UDSLGO\ DQG H൶FLHQWO\ GH-

06 - CIO ONE -DQXDU\

“As enterprises move their high-value data and services to the cloud, it’s imperative to reduce cyber-risks that can take down busiQHVVHV ´ VDLG *RNXO 5DMDJRSDODQ GLUHFWRU RI product management at Vectra. “Our continued strength and leadership in AI-driven cybersecurity – coupled with our availability in AWS Marketplace – validate Vectra as a premier provider of network threat detection and UHVSRQVH IRU WKH FORXG ´ When enterprises scale the size and number of their VPC instances, increased visibility EHFRPHV D UHTXLUHPHQW WKDW LV FRPSOH[ WR VXSSRUW $PD]RQ 93& ,QJUHVV 5RXWLQJ LV D service that helps customers simplify the integration of network and security appliances

within their network topology. :LWK $PD]RQ 93& ,QJUHVV 5RXWLQJ FXVWRPHUV FDQ GH¿QH URXWLQJ UXOHV DW WKH ,QWHUQHW *DWHZD\ ,*: DQG 9LUWXDO 3ULYDWH *DWHZD\ 9*: WR UHGLUHFW LQJUHVV WUD൶F WR WKLUG SDUW\ DSSOLDQFHV EHIRUH LW UHDFKHV WKH ¿QDO GHVtination. This makes it easier for customers to deploy production-grade applications with the networking and security services they require within their Amazon VPC. The Vectra platform works natively in this architecture to detect hidden threats. The Vectra Stream Connector, which delivers security-enriched network metadata to SIEMs and data lakes for threat hunting and attack investigations, is available via a valid AWS Marketplace login. Vectra sensors, which passiveO\ PRQLWRU QHWZRUN WUD൶F DQG H[WUDFW FULWLFDO metadata for analysis and threat detection, are also available via a valid AWS Marketplace login.


NEWS

AVEVA’S VALUE CHAIN OPTIMIZATION SOLUTIONS ENHANCE ENTERPRISE COLLABORATION AND AGILITY Company delivers end-to-end value chain optimization software to help organizations redefine processes, enable deeper collaboration, reduce value leaks, sustain productivity and innovation and ultimately make better and more robust decisions quicker across the operations lifecycle.

&RQVXPHU 3DFNDJHG *RRGV &3* :DWHU DQG :DVWHZDWHU ,W DOVR KHOSV RSHUDWRUV GULYH H൶ciency, make better and faster decisions, reduce cost and create new opportunities across the operations value chain.

Harpreet Gulati, Head of Planning and Operations, AVEVA 2 AVEVA, a global leader in industrial software, announced enhancements to its Value Chain 2SWLPL]DWLRQ R൵HULQJ WR HQDEOH FXVWRPHUV WR eliminate information silos and integrate critical business processes across the operational value chain. AVEVA’s Value Chain Optimization solution, brings together software from across its portfolio that help operators and manufacturers manage their supply chain, operations and process optimization across key industries LQFOXGLQJ 5H¿QLQJ 3HWURFKHPLFDOV 0HWDOV Mining and Materials, Food and Beverage,

“Companies are dealing with a legacy of disconnected processes and working to bridge them to create end-to-end visibility is the foundation for operational digital transformaWLRQ ´ VDLG +DUSUHHW *XODWL +HDG RI 3ODQQLQJ and Operations, AVEVA. “Value Chain Optimization presents a unique opportunity to orchestrate all business and operations activities across the supply chain from feedstock acquisition, planning, scheduling, operations and distribution. AVEVA’s Value Chain Optimization solutions have enabled organizations globally to transform their operations, E\ LPSURYLQJ UH¿QLQJ PDUJLQV E\ XS WR barrel, improving mining asset utilization by UHGXFLQJ ZDWHU XVH E\ DQG LPSURYLQJ SURGXFWLYLW\ E\ LQ IRRG SURFHVVLQJ ´ Industrial operations have grown over the last \HDUV ZLWK SRRU LQWHJUDWLRQ IURP D OHJDcy of point solutions involving manual data transfer or custom software which has resulted in operational silos across the value chain.

AVEVA’s strategy helps organizations address these challenges and create a collaborative environment instead of business or process silos. In this way the operations lifecycle can EH PDQDJHG LQ D FRPSUHKHQVLYH ÀH[LEOH DQG connected manner that brings transparency to the decision-making process across the value chain. ³0DUNHW YRODWLOLW\ GHPDQG ÀXFWXDWLRQV DQG competitive pressure is driving industrial operators to become more global and vertically integrated as they seek ways to continue to FUHDWH H൶FLHQF\ WDNH FRVW RXW RU LGHQWLI\ QHZ RSSRUWXQLWLHV WR GULYH RUJDQL]DWLRQDO SUR¿WDELOLW\ ´ FRPPHQWHG *XODWL ³$9(9$¶V 9DOXH Chain Optimization solutions, combine Cloud technology and Digital Twin innovations with analytics to help operators break down silos and foster better collaboration, enabling our FXVWRPHUV WR UHDOL]H WKH EHQH¿W WKDW FRPHV ZLWK XQORFNLQJ WKHLU YDOXH FKDLQ ´ AVEVA’s Value Chain Optimization is already successfully deployed by several multinational companies globally, including the Abu Dhabi National Oil Company (ADNOC) ZKLFK UHFHQWO\ UHSRUWHG EHQH¿WV RI 0 USD from integrated production planning.

HUCO BAGS DUAL AWARDS AT VMWORLD 2019 Wins Services Partner of the year - METNA and Rising Star Partner of the year - UAE +XFR WKH UHJLRQ¶V SLRQHHU LQ +\EULG &ORXG DevOps, DevSecOps, Cloud Native and Digital Workspace solutions and services, has been awarded the VMware Services Partner of the Year for Middle East, Turkey and North Africa region for the second consecutive year DORQJ ZLWK WKH 5LVLQJ 6WDU 3DUWQHU RI WKH <HDU 8$( DZDUG 7KH DZDUGV KLJKOLJKW +XFR¶V partnership with VMWare and the company’s continuous commitment in delivering worldFODVV VHUYLFHV DQG JUHDW FXVWRPHU H[SHULHQFH ³5HFHLYLQJ WKLV UHFRJQLWLRQ E\ 90ZDUH IRU WKH QG FRQVHFXWLYH \HDU UHLQIRUFHV RXU EHOLHI and journey in delivering world class transforPDWLYH SURMHFWV IRU RXU FXVWRPHUV +XFR LV LQvesting for the future by developing a focused DQG KLJKO\ FHUWL¿HG WHDP WR SDUWQHU ZLWK FXVWRPHUV LQ HPEUDFLQJ WKH EHQH¿WV RI FORXG DQG PRGHUQ HODVWLF DSSOLFDWLRQV :H ¿UPO\ EHOLHYH that being the only partner in the region havLQJ DOO RI WKH ¿YH 0DVWHU 6HUYLFHV FRPSHWHQcies shows our leadership and commitment to

be a trusted advisor to prepare customers for WKH URDG DKHDG ´ VDLG 'LOLS .DOOL\DW 3UHVLGHQW RI +XFR +XFR LV WKH RQO\ FRPSDQ\ WKDW KDV DOO ¿YH Master Services competencies, in Southern Europe and the MENA region, and is amongst the three companies in the EMEA region. CurUHQWO\ +XFR KDV VXFFHVVIXOO\ FRPSOHWHG projects in private cloud, application modernL]DWLRQ 6RIWZDUH 'H¿QHG 'DWD &HQWUH 6RIWZDUH 'H¿QHG 1HWZRUNLQJ (QG 8VHU &RPSXWLQJ DQG 0RELOLW\ +XFR KDV D WUDFN UHFRUG RI being one of the best partners in METNA to EMEA in the SDDC portfolio and is aiming DW EHFRPLQJ WKH QR SDUWQHU ZRUOGZLGH IRU cloud native application modernization. ³9VSKHUH ZLWK SURMHFW SDFL¿F ZDQWV WR XVH .XEHUQHWHV DV DQ DEVWUDFWLRQ OD\HU IRU GHYHOopers and with Tanzu wants to bridge dataFHQWHU DQG FORXG +XFR LV ZRUNLQJ RQ FUHDWLQJ 'HYHORSHU 5HDG\ ,QIUDVWUXFWXUH ZLWK NXEHUQH-

tes and continuous delivery and also we bring infrastructure as a code and automation across the client's software development life cycle. +XFR LV FXUUHQWO\ ZRUNLQJ ZLWK YDULRXV FOLents on application modernization initiatives and recognition by VMware reinforces our &ORXG QDWLYH MRXUQH\ ZLWK RXU FXVWRPHUV ´ VDLG 6LYDJXUXQDWKDQ &72 RI +XFR

-DQXDU\ CIO ONE - 07


NEWS

MASHREQ MIGRATES TO THE MICROSOFT INTELLIGENT CLOUD Will allow Mashreq to more effectively manage workloads transformation by better engaging customers, empowering employees, optimising operations and reinventing products and services.

Sandeep Chouhan Group Head of Operations & Technology, Mashreq Mashreq Bank today announced their migration to the intelligent Microsoft Cloud to scale productivity and boost collaboration. The bank will now be able to accelerate digital

“The intelligent cloud is the most secured, controlled and contains a comprehensive suite of tools that deliver actionable business LQWHOOLJHQFH ´ VDLG 6DQGHHS &KRXKDQ *URXS +HDG RI 2SHUDWLRQV 7HFKQRORJ\ 0DVKUHT “FSI entities, in particular, thrive on the information nuggets hidden beneath their vast data lakes. And as more customers are digital natives, we will need all the advantages available to stay ahead of the curve. Our migration to the Microsoft intelligent cloud, will empower us with the right digital tools while meeting our security data-residency and comSOLDQFH QHHGV ´ In moving to Microsoft’s UAE cloud locaWLRQV 0DVKUHT ZLOO EH DEOH WR PRUH H൵HFWLYHly manage critical workloads such as network, core and security services, as well as tightening authentication and authorisation, and delivering DevOps, AI and Advanced Analytics capabilities- further accelerating their digital

transformation endeavours. In addition, its infrastructure and costs management will be VLPSOL¿HG DQG XSJUDGH SDWKV ZLOO EH PRUH easily implemented. “Mashreq is amongst the most progressive bank, introducing various innovations to the QDWLRQ¶V EDQNLQJ VSKHUH ´ VDLG 6D\HG +DVKLVK *HQHUDO 0DQDJHU 0LFURVRIW 8$( ³2XU partnership with Mashreq will accelerate their digital transformation journey by leveraging the capabilities of the intelligent cloud. Now FSI leaders like Mashreq can migrate with FRQ¿GHQFH DQG WUXVW HPSRZHULQJ WKHP WR DFKLHYH PRUH ´ Leveraging Microsoft’s recently launched datacenters in the UAE, Mashreq will be DPRQJVW WKH ¿UVW ¿QDQFLDO LQVWLWXWLRQV LQ WKH country to migrate to the intelligent cloud, both on premise and on public cloud. The Microsoft Azure cloud is serving major digitalized businesses across the Middle East, as they seek to better engage their customers, empower employees, optimise operations and reinvent products and services.

MICROSOFT DEMONSTRATES THE POWER OF INTEL˨ LIGENT CLOUD AT ADDA’S DIGITAL NEXT SUMMIT Company showcases a broad range of cutting-edge artificial intelligence solutions for the public sector, at the first edition of Abu Dhabi Digital Authority’s government-focused technology summit Microsoft hold in common – to enhance cusWRPHU DQG FLWL]HQ H[SHULHQFHV ´

Microsoft participated at Abu Dhabi Digital $XWKRULW\¶V $''$ LQDXJXUDO 'LJLWDO 1H[W summit to reiterate its commitment in accelerating digital transformation across government entities. ³$EX 'KDEL 'LJLWDO $XWKRULW\¶V 'LJLWDO 1H[W summit presents a unique platform of how digital transformation is shaping the way governments across the world are embracing LQQRYDWLYH WHFKQRORJLHV WR DFKLHYH PRUH ´ VDLG 6D\HG +DVKLVK *HQHUDO 0DQDJHU 0LFrosoft UAE. “The intelligent cloud holds the potential for governments to engage citizens, empower employees, optimise operations and reinvent services. Our participation is not only D UHD൶UPDWLRQ RI RXU FRPPLWPHQW WR VXSSRUW WKH JRYHUQPHQW LQ LWV PRGHUQLVDWLRQ H൵RUWV but a demonstration of the goals that UAE and

08 - CIO ONE -DQXDU\

'LJLWDO 1H[W RUJDQLVHG E\ 0HVVH )UDQNIXUW 0LGGOH (DVW LV WDNLQJ SODFH RQ DQG 'Hcember in Jumeirah at Etihad Towers, Abu Dhabi. The summit focuses on the key pillars of digital transformation for governments unGHU WKH WKHPH ³(QDEOLQJ WKH *RYHUQPHQW RI WKH )XWXUH´ The launch edition aims to attract more than YLVLWRUV JRYHUQPHQW DGYLVRUV DQG SROLF\ PDNHUV DQG VSRQVRUV 0RUH WKDQ H[SHUWV DUH VSHDNLQJ DW WKH WZR GD\ VXPPLW LQFOXGLQJ VHYHUDO IURP 0LFURVRIW +D\GHQ 6WD൵RUG &RUSRUDWH 9LFH 3UHVLGHQW RI :: Business Applications at Microsoft delivered a keynote session titled ‘Transformation with %XVLQHVV $SSOLFDWLRQV¶ ZKLOH 6D\HG +DVKLVK *HQHUDO 0DQDJHU IRU 0LFURVRIW 8$( SDUWLFLpated in a panel discussion titled ‘Panel of the *URZQ 8SV¶ WR VKHG OLJKW RQ WKH LPSRUWDQFH of upskilling youth in order to stay relevant. Under the theme of ‘Enabling intelligent cusWRPHU H[SHULHQFH DQG JRYHUQPHQW H[FHOOHQFH

with the Microsoft Cloud’ the company showcased various technologies and innovations at LWV ERRWK GXULQJ WKH 'LJLWDO 1H[W 6XPPLW 5HFHQWO\ $''$ DOVR SDUWQHUHG ZLWK 0LFURVRIW E\ DGRSWLQJ '\QDPLFV WR DFFHOHUDWH LWV 6PDUW &LWL]HQ ([SHULHQFH 3RZHUHG E\ 0Lcrosoft innovations, ADDA’s new platform, TAMM is a powerful accelerator for digital transformation in public services across the emirate, enabling government authorities to FUHDWH D VHDPOHVV RPQL FKDQQHO H[SHULHQFH IRU FLWL]HQV HQKDQFH ZRUNÀRZ DQG FDVH PDQagement with unprecedented decision-making capabilities through intuitive and in-depth business intelligence. In response to the surging demand for its intelligent cloud services, Microsoft, earlier this \HDU ODXQFKHG FORXG UHJLRQV LQ WKH 8$( ± one in Abu Dhabi, and one in Dubai. These faFLOLWLHV DUH H[FOXVLYHO\ VHUYLQJ RUJDQL]DWLRQV across the Middle East, enabling them to avail enterprise-grade reliability, security, privacy and the broadest compliance standards – empowering them to achieve more.


NEWS

SAUDI TELECOM COMPANY SELECTS IFS TO IMPROVE CUSTOMER EXPERIENCE Organization’s leading workforce scheduling solution to radically improve the efficiency of 5,000 field service engineers IFS, the global enterprise applications company, announced that Saudi Telecom Company (STC), a world class digital leader providing innovative services and platforms to our customers and enabling the digital transformation of the MENA region, has selected IFS Service Management to increase SURFHVV H൶FLHQF\ LPSURYH PDUJLQV DQG facilitate improved customer satisfaction. To bolster its leading market position and ready the company for future business driven by an increasing need for digitalization, STC launched a comprehensive evaluation process, selecting a service platform to replace legacy business systems while improving operational

H൶FLHQF\ )URP D VKRUW OLVW WKDW LQFOXGHG solutions from some of the largest vendors in the world, STC chose IFS for its powerful VFDODELOLW\ LQWXLWLYH XVHU H[SHULHQFH DQG robust functionality. “We believe IFS’s enterprise class, innovative VROXWLRQV UHSUHVHQW WKH EHVW ¿W IRU RXU RUJDQL]DWLRQDO QHHGV ´ VDLG *HQHUDO 0DQDJHU Enterprise Enablement Jamel Alshahri. “What attracted us to IFS, besides the broad and deep functional capabilities of its software, was its FXVWRPHU ¿UVW DSSURDFK ZKLFK LV DSSDUHQW in all engagements we have had with the company to date. IFS is an agile, collaborative DQG WUXVWZRUWK\ SDUWQHU IRU 67& ´

Stephen Keys, Regional President, APJ ME&A, IFS 6WHSKHQ .H\V ,)6 5HJLRQDO 3UHVLGHQW $3- 0( $ DGGHG ³:H DUH KRQRUHG WR EH working with STC, a prestigious and most valuable brand in the region. We look forward to a long and successful partnership together, creating value for STC and its customers.

SAS ANNOUNCED A COLLABORATION WITH STC TO ENSURE SMOOTH CUSTOMER JOURNEY Customer benefit from better offers and experience based on analytics SAS, a leader in analytics to deliver LQQRYDWLYH QH[W JHQHUDWLRQ VHUYLFHV WR LWV customers, announced that it has collaborated with STC,one of the largest and leading telecommunication services provider in WKH *&& UHJLRQ WR DFFHOHUDWH WKH F\FOH RI innovation to deliver outstanding customer H[SHULHQFH WKURXJK LQWURGXFWLRQ RI $QDO\WLFDO capabilities. :LWK HPSOR\HHV DQG D VWURQJ foothold in the market, STC has continued to be at the frontlines of innovative technology and regional digital transformation. As growing customer needs shifts the competitive boundaries of the telecom sector, STC knows WKH YDOXH RI H[FHHGLQJ FXVWRPHU H[SHFWDWLRQV DQG HQKDQFHG FXVWRPHU H[SHULHQFH ,Q OLJKW of this, the company turned to SAS market leading solutions to better understand customer preferences and trends. =D¿U -XQDLG 5HJLRQDO 0DQDJHU .6$ DW 6$6 says, “armed with a thorough understanding of STC’s business environment and future URDGPDS 6$6 LV H[WUHPHO\ SOHDVHG WR KDYH collaborated with a futuristic organization such as STC and support them in their innovationled journey with advanced analytics. With our industry leading analytics platform and solutions, we aim to ensure STC thrives and capitalizes on opportunities to deliver richer services and products to their customers DFURVV WKH *&& UHJLRQ ´

Customer Lifecycle Management (CLM): By deploying SAS analytics, STC was able to better understand their customer’s preferences. This enabled STC to create below the line customized campaigns to share the ULJKW SHUVRQDOL]HG R൵HU DW WKH ULJKW WLPH WR the right target, leading the telecom company to add more of value to their customer interactions and reduce their customer churn VLJQL¿FDQWO\ ,Q DGGLWLRQ DQDO\WLFV GULYHQ decision-making enabled the company to reposition their loyalty program, increase their brand equity and cross-sell and up-sell R൵HUV DQG VHUYLFHV WR PHHW WKH H[FHHGLQJ H[SHFWDWLRQV DQG GHPDQGV With SAS technology, the STC CLM team launched several thousand micro-campaigns through SAS Campaign Management (CMS) system supported by many analytical models that drive their segmentation and targeting. The added value from these activities has FRQWULEXWHG VLJQL¿FDQWO\ WR WKH WRS OLQH DQG bottom line of the Consumer business unit. Machine Learning: Using advanced machine learning techniques, STC was able to implement a solution in its call centers to identify behavior of repeat callers and complainants by studying their interactions ZLWK DOO WRXFKSRLQWV ZLWKLQ D KRXU ZLQGRZ By leveraging SAS analytics, Call center calls GHFUHDVHG E\ E\ LGHQWLI\LQJ RYHUODSSLQJ

Zafir Junaid, Regional Manager, KSA & Bahrain, SAS behavior and drivers of repeat calls. Post this, STC was able to improve processes, empower agents and ensure that customers have their UHTXHVWV UHVROYHG RQ WKH ¿UVW LQWHUDFWLRQ This collaboration is a natural progression of a successful and longstanding relationship between STC and SAS. Through this partnership, STC aims to take a quantum leap IRUZDUG LQ GDWD GULYHQ FXVWRPHU H[SHULHQFH /XFD 'HFDUOL *HQHUDO 0DQDJHU ± &XVWRPHU Lifecycle Management, STC, says, “at STC, we believe that new technological capabilities are critical as the industry adapts to new forms of competition and unprecedented forces of digital change. Therefore, we are glad to have collaborated with SAS as they are leaders in analytics and the right partners to equip XV ZLWK WKH QHFHVVDU\ WRROV DQG H[SHUWLVH needed to advance in our journey of digital

-DQXDU\ CIO ONE - 09


NEWS

AI IS KEY TO SUSTAINABLE ECONOMY, BOOSTING GLOBAL GDP BY USD 5.2 TRILLION A new report for the world future energy summit predicts ‘AI’ will accelerate breakthroughs across energy, water, waste and smart cities $UWL¿FLDO ,QWHOOLJHQFH $, ZLOO EH D NH\ HQabling technology in achieving renewable energy and sustainability targets, according to a UHSRUW UHOHDVHG WRGD\ DKHDG RI -DQXDU\¶V World Future Energy Summit. 7KH UHSRUW ³$UWL¿FLDO ,QWHOOLJHQFH 7UDQVforming the Future of Energy and SustainabilLW\ ´ LV EDVHG RQ D FRPSUHKHQVLYH OLWHUDWXUH review of AI’s predicted impact – compiled IURP DOPRVW VHSDUDWH FRQVXOWDQWV¶ UHSRUWV journal articles, news articles and analysis, and government documents. It shows AI will be the common factor in sustainability improvements across a wide range of industries, acting as the enabler of other innovations. Current predictions from PwC suggest that by WKH HQG RI WKH QH[W GHFDGH XVLQJ $, IRU HQvironmental applications could unlock a USD WULOOLRQ FRQWULEXWLRQ WR WKH JOREDO HFRQRmy, and at the same time reduce greenhouse JDV HPLVVLRQV E\ SHUFHQW At the Abu Dhabi Sustainability Week’s anchor conference, the Future Sustainability

6XPPLW UXQQLQJ IURP -DQXDU\ D major topic will be how advances in AI, Big Data, and the Internet of Things (IoT) can accelerate sustainable development. During the Future Sustainability Summit, attendees can attend engaging presentations on technology DQG VXVWDLQDELOLW\ VXFK DV µ5HQHZDEOH (QHUJ\ DQG (QHUJ\ (൶FLHQF\ 0HHW $, 6PDUW *ULGV¶ DQG µ,W¶V $OO LQ WKH $OJRULWKP $UWL¿FLDO ,QWHOOLJHQFH /HDGLQJ 8V WR D *UHHQHU 3ODQHW¶ While the focus of most business investments in AI is mainly to generate new revenue or cut operational costs, sources included in the World Future Energy Summit report identi¿HG VXVWDLQDELOLW\ JDLQV DV RIWHQ JRLQJ KDQG LQ KDQG ZLWK ¿QDQFLDO EHQH¿WV ,PSRUWDQWO\ $, helps to answer the question of how to reduce our environmental impact, while at the same time maintaining economic growth.

variable power sources such as wind and soODU PRUH H൵HFWLYHO\ LQWR RXU HOHFWULFLW\ JULGV Virtual power plants running on AI algorithms are emerging and can improve energy access and electricity trading. Solutions such as autonomous driving are transforming the mobility sector thanks to the use of AI. AI also SURPLVHV PDMRU DGYDQFHV LQ HQHUJ\ H൶FLHQF\ by making our cities in particular much more UHVSRQVLYH WR WKH ZD\ ZH FRQVXPH SRZHU ´

“AI has the potential to accelerate sustainable GHYHORSPHQW LQ PDQ\ GL൵HUHQW ZD\V ´ VDLG 'U $OH[DQGHU 5LWVFKHO +HDG RI 7HFKQRORJ\ DW Masdar. “AI can support applications such as battery storage which are helping to integrate

'U 5LWVFKHO DGGHG ³7KH :RUOG )XWXUH (QHUgy Summit provides an unparalleled global SODWIRUP WR H[DPLQH WKH IXOO LPSDFW RI $, RQ sustainable development and to participate in WKLV UDSLGO\ HPHUJLQJ VHFWRU ´

OMAN’S LARGEST INTEGRATED FACILITIES MANAGEMENT, ACCOMMODATION SOLUTIONS COMPANY PARTNER WITH SAP Organisation’s digitization initiatives to drive further efficiencies in Oman’s facilities management and services solution market

5HQDLVVDQFH 6HUYLFHV 6$2* 2PDQ¶V ODUJHVW Integrated Facilities Management and accommodation solutions company, announced today a digital transformation partnership with JOREDO H[SHULHQFH FRPSDQ\ 6$3 WR GULYH H൶ciencies for the company and its clients using state-of-the-art digital platforms. 2PDQ 9LVLRQ FRQWLQXHV WR JXLGH WKH GHvelopment of the Sultanate’s infrastructure, mall and retail, and tourism and hospitality SURMHFWV *ROGVWHLQ 5HVHDUFK VKRZV WKH IDFLOLWLHV PDQDJHPHQW PDUNHW KDV WRSSHG 86' million and is set to grow by more than fourIROG WR 86' PLOOLRQ E\ With globally increasing awareness about

10 - CIO ONE -DQXDU\

worker welfare, Oman is setting new standards on workforce accommodation across its XUEDQ FHQWHUV LQGXVWULDO WRZQV DQG RLO ¿HOGV

with our growth and with real-time insights, ZH ZLOO KDYH RQH RI WKH ¿QHVW WRROV WR PDQDJH RXU PRVW LPSRUWDQW UHVRXUFH 3HRSOH ´

6XSSRUWLQJ ¶V JRDOV RI HFRQRPLF DQG VRFLDO WUDQVIRUPDWLRQ 5HQDLVVDQFH¶V GLJLWDO transformation of its human resources and learning function is centered on adopting the SAP SuccessFactors cloud-based human reVRXUFHV PDQDJHPHQW V\VWHP 5HQDLVVDQFH LV driving talent development with mobile apps IRU VHOI OHDUQLQJ DFURVV PRUH WKDQ HPployees and helping to develop Oman’s workforce of the future.

5HQDLVVDQFH¶V PRELOH DSSV ZLOO SURYLGH HPSOR\HHV ZLWK DFFHVV WR WKHLU +5 WHDP IRU YDUious service requests, access to pay information and learning content with self-learning units that are tailored to individual roles, that would be available anywhere, anytime, and from any type of mobile device.

³$V SDUW RI 5HQDLVVDQFH¶V JRDOV RI EHLQJ WKH best services solutions company and providing safe and hygienic facilities, nutritious cuisine, DV ZHOO DV VXSSRUWLQJ 2PDQ 9LVLRQ ZH need to quickly onboard and train thousands RI HPSOR\HHV ´ VDLG 0DQRM 3DUPHVK &KLHI 3HRSOH 2൶FHU &32 5HQDLVVDQFH 6HUYLFHV 6$2* ³2XU GLJLWDO WUDQVIRUPDWLRQ ZLWK 6$3 SuccessFactors can scale up quickly in line

³,Q WKH UDSLG UHVSRQVH ¿HOGV RI IDFLOLWLHV PDQDJHPHQW DQG IRRG VHUYLFHV ZH¶UH H[FKDQJLQJ best practices in talent development so that 5HQDLVVDQFH FDQ JDLQ UHDO WLPH LQVLJKWV RQ WKHLU HPSOR\HHV¶ H൶FLHQF\ UHOLDELOLW\ DQG FXVWRPHU VDWLVIDFWLRQ ´ VDLG :DKHHG $O +Dmaid, Managing Director, SAP Oman. “SAP SuccessFactors can scale up on our cloud SODWIRUP DQG LQWHJUDWH ZLWK RXU FXVWRPHU H[SHULHQFH VROXWLRQV WR RSWLPL]H FXVWRPHU H[SHULHQFHV ´



NEWS INSIGHT

ZOHO CONTINUES TO GROW FOOTPRINT IN MIDDLE EAST, BEYOND The company now has 10 data centers around the globe, which support more than 45 different applications that help businesses located in more than 180 countries.

Zoho Corporation, a global leader in offering a comprehensive suite of business software applications, announced that it is set to launch data centres in the Middle (DVW LQ In a conversation with CIO ONE Ali 6KDEGDU 5HJLRQDO 'LUHFWRU 0($ =RKR Corporation, said that the three leading FRXQWULHV LQ WKH *&& 8$( 6DXGL $UDELD and Bahrain) are all possible locations for the data centers as the organisation might look at multiple data centres for the region. ³+DYLQJ D GDWD FHQWUH LQ WKH UHJLRQ LV very important for us there are new laws coming about personal data privacy and governments are requiring companies and entities in either public or private sector to host their data inside the country. So, 12 - CIO ONE -DQXDU\

LQ ZH DUH JRLQJ WR KDYH RXU ¿UVW GDWD FHQWHU LQVLGH WKH *&& VHUYLQJ WKH FRPPXQLW\ ´ DGGHG 6KDEGDU ([SRXQGLQJ RQ WKH FRVW RI VHWWLQJ XS D data centre, Shabdar notes that it ranges IURP PLOOLRQ PLOOLRQ GHSHQGLQJ on the size of the data centre, the speci¿FDWLRQV XVHG DQG DOVR ZKDW LV SURYLGHG from the hosting country. “We are in a good place where the costing and what kind of set up we want to do, as it is independent from the destination. Thankfully in UAE, Saudi and Bahrain there is very good infrastructure as telcos are there, the internet is quite fast, and they are quite switched on to the data centre conversation, the market however will GHWHUPLQH ZKHUH ZH JR ¿UVW ´ KH DGGHG

To the question, what makes Zoho Corporation stand out from the competition? Shabdar responded: “We build software that stores your data. so, we are not renting or selling the data center space, what we are selling is our product but your data ends up being hosted in your country ZKHUH \RX KDYH WKH IXOO WUXVW ´

ZOHO PARTNERS WITH MASHREQ The announcement was made in conjunction with the launch of Zoho’s partnership ZLWK 0DVKUHT RQH RI WKH OHDGLQJ ¿QDQFLDO institutions in the UAE to bring connected banking solution in the region through Mashreq NeoBiz. With this solution, NeoBiz account hold-


NEWS INSIGHT ers will have access to Zoho Books, the most powerful VAT-compliant accounting software, to eliminate manual data entry and automate reconciliation. 1HR%L] LV WKH ¿UVW GLJLWDO EDQNLQJ SURSRVLWLRQ LQ WKH 8$( H[FOXVLYHO\ DLPHG DW small and medium enterprises to empower them with smart choice to initiate, transact and manage their banking requirements. 3UDVKDQW *DQWL +HDG RI 3URGXFW 0DQDJHPHQW *OREDO 7D[ $FFRXQWLQJ DQG 3D\roll solutions, Zoho Corp said, “Until now, FRUSRUDWH EDQNLQJ DQG (53 LQWHJUDWLRQ ZDV D OX[XU\ WKDW RQO\ ODUJHU EXVLQHVVHV enjoyed. We are happy to join forces with Mashreq to equalize this for businesses of all sizes and make everyday banking and DFFRXQWLQJ ´ 5RKLW *DUJ +HDG RI 1HR%L] DQG %XVLQHVV Banking at Mashreq said, “Mashreq continues to be at forefront of digital transformation, and we believe that our partnership with Zoho will further enhance FXVWRPHU H[SHULHQFH DQG PDNH EDQNLQJ simple. The collaboration will enable SMEs in the UAE to streamline their business operations by combining seamless banking transactions through NeoBiz and leverage the accounting software of Zoho on a single platform thus increasing proGXFWLYLW\ DQG UHGXFLQJ PDQXDO HUURUV ´

ZOHO CHARGES AHEAD WITH 50 MILLION BUSINESS USERS Zoho Corporation, a global, privately KHOG FRPSDQ\ WKDW R൵HUV WKH PRVW FRPprehensive suite of business software applications in the industry, is thrilled to announce today another historic milestone IRU WKH FRPSDQ\ PLOOLRQ EXVLQHVV XVers. This news comes at a time when Zoho is growing considerably. The company QRZ KDV GDWD FHQWHUV DURXQG WKH JOREH ZKLFK VXSSRUW PRUH WKDQ GL൵HUHQW DSplications that help businesses located in PRUH WKDQ FRXQWULHV :LWK WKH UHFHQW launch of Catalyst, Zoho continues to be a major player in the developer space as ZHOO R൵HULQJ QR FRGH ORZ FRGH DQG SUR code applications. As more and more people around the world turn to Zoho for their business needs, the company is redoubling LWV H൵RUWV WR SURYLGH WKH EHVW PRVW XQL¿HG platform, services, and applications in the

industry. With this in mind, Zoho has rearchitected its content collaboration platform from the ground up, optimizing it for teams and businesses. WorkDrive now provides the underlying document management across all Zoho business applications, allowing for XQL¿HG VHDUFK single storage, FRQWH[WXDO LQWHgration, as well as many other vertically integrated capabilities. Businesses seek to go beyond storage today and need enterprise-grade solutions in areas like multi-level security, compliance, and audit control. The unit of work is no longer the individual, but the team. Sharing and collaboration must be implicit in workÀRZV DQG EXVLQHVV SURFHVVHV UDWKHU WKDQ be patched onto solutions that originated as consumer and single-person models. WorkDrive is integrated into the platform, services, and applications layers of the Zoho technology stack and incorporates capabilities like virus detection, encryp-

Vijay Sundaram Chief Strategy Officer, Zoho

tion, image processing, and other AI tools LQ WKH SURSHU EXVLQHVV FRQWH[W "A content collaboration platform must XQGHUVWDQG WKH FRQWH[W RI WKH GRFXPHQWV it stores. A proposal may turn into a sales contract and then into a service level agreement. In this case, the customer engagement went from prospecting to sales to service management. By understanding the connections between these documents—hence their underlying conWH[W²D FRQWHQW FROODERUDWLRQ SODWIRUP FDQ connect and engage the relevant people," said Vijay Sundaram, Zoho's Chief StratHJ\ 2൶FHU :RUN'ULYH FUHDWHV D FRPPRQ XQL¿HG ¿OH V\VWHP DFURVV DOO EXVLQHVV SURFHVVHV VR WKH EXVLQHVV FRQWH[W LV easier to understand and preserve, making WKH V\VWHP VLJQL¿FDQWO\ PRUH YDOXDEOH WR the customer. This unique type of a solution can only come from a vendor who DOVR R൵HUV WKH EXVLQHVV DSSOLFDWLRQV Zoho is also announcing its revamped Workplace suite of productivity applications, which includes Cliq, Notebook, Connect, Writer, Sheet, Show, Showtime, Mail, Meeting, and WorkDrive. Among other new capabilities, Workplace now features an integrated app dashboard that houses customizable widgets that display information from each of the nine apps included in the suite. -DQXDU\ CIO ONE - 13


COVER STORY

IS RPA THE AUTOMATION GAME CHANGER?

By Baraka Jefwa

In traditional workflow automation software developers were required to produce lists of actions to automate a task and interface to the back-end system using internal APIs. RPA on the other hand, is a form of business process automation technology based on bots that develop action lists by watching the user perform tasks, and then perform the automation by repeating those tasks directly. 53$ DGRSWLRQ FRQWLQXHV WR VRDU ZLWK VHYeral use cases surfacing from various inGXVWULHV $FFRUGLQJ WR *DUWQHU 53$ VRIWZDUH UHYHQXH JUHZ LQ WR million, making it the fastest-growing segment of the global enterprise software PDUNHW $OWKRXJK 53$ VRIWZDUH FDQ EH found in all industries, the biggest adopters are banks, insurance companies, telcos and utility companies. These organizations traditionally have many legacy sysWHPV DQG FKRRVH 53$ VROXWLRQV WR HQVXUH integration functionality. 7DONLQJ WR &,2 21( 9LPDO 0DQL +HDG RI ,QIRUPDWLRQ 6HFXULW\ ,7 *5& 3UDFtices, Bank of Sharjah, attributes the high DGRSWLRQ UDWHV RI 53$ ZLWKLQ WKH EDQNLQJ sector to the commoditization of banking services happening globally, as it has mandated global banking sector players to improve the digitization and customer H[SHULHQFH ZKLFK KDV EHFRPH DQ XQDYRLGable option for the global banking players. “Back end processing tasks happening in the banks which are of high volume such DV .<& $0/ &RPSOLDQFH &KHFN LQYROYing customers directly can be automated XVLQJ 53$ ZKLFK PD\ QRW UHTXLUH LQWHUYHQWLRQ RI GHGLFDWHG VWD൵ /LNH PRVW RI the Banks, we are also planning to digitize and automate such activities in near IXWXUH ´ KH DGGHG Takaful Emarat-Insurance on the othHU KDQG DUH DOUHDG\ ZHOO LQWR WKHLU 53$ journey, having embraced the technology VLQFH $FFRUGLQJ WR 9LYHN %KDOOD Director Business Transformation, the 14 - CIO ONE -DQXDU\

organisation is at a very advanced stage RI 53$ LPSOHPHQWDWLRQ DV WKH\ FXUUHQWO\ LPSOHPHQW 53$ ZLWKRXW D VLQJOH OLQH RI Code. 'We are the early starters in the Insurance industry. As insurance industry is a legendary industry hence accepting this is a challenge for many legendary insurers. Embracing has been started by the IndusWU\ DQG DV VRRQ DV LW VHHV WKH EHQH¿WV LW ZLOO scale up." Even though healthcare is not one of the PDMRU VHFWRUV ZKHUHLQ 53$ LV LPSOHPHQWed, Shijin Prasad, ICT Manager, Cure Medical Centers, informs CIO ONE that, as the patient count grows day by day, healthcare providers are facing lot of challenges in Managing levels of Data, ProFHVVLQJ +HDOWKFDUH &UHGHQWLDOV DQG 3D\UROO 6HOI 6HUYLFH 7HUPLQDOV IRU +RVSLWDOV VXSSRUWLQJ 'LJLWL]DWLRQ RI SDWLHQW ¿OHV Optimizing Appointment Scheduling, and ([HFXWLQJ %LOOLQJ DQG &ODLPV 3URFHVVLQJ “To help overcome these operational pain points, more and more healthcare providHUV DUH HPEUDFLQJ 53$ WR DOOHYLDWH WKHVH FKDOOHQJHV DQG GULYH HQKDQFHG H൶FLHQF\ DQG JURZWK +HDOWKFDUH LV SUHGLFWHG WR KDYH D DXWRPDWLRQ SRWHQWLDO 7KLV means more than a third of healthcare WDVNV²HVSHFLDOO\ IURQW R൶FH PDQDJHULDO EDFN R൶FH IXQFWLRQV²FRXOG EH DXWRPDWHG DOORZLQJ KHDOWKFDUH SURYLGHUV WR R൵HU more direct, value-based patient care at ORZHU FRVWV DQG LQFUHDVHG H൶FLHQF\ ´ KH added

Vimal Mani Head of Information Security & IT GRC Practices, Bank of Sharjah ³53$ LV LPSOHPHQWHG WR DXWRPDWH WKH ,QVXUDQFH $SSURYDO 5HTXHVWV %LOOLQJ H[HFXWLRQ &ODLP 3URFHVVLQJ (OHFWURQLF 0HGLFDO 5HFRUGV IRU XSORDGLQJ 5HSRUWV IURP GL൵HUHQW V\VWHPV WR +,6 7KLV UHGXFHG D ORW RI PDQXDO SURFHVV DQG PDQXDO HUURU ´ he continued.

THE FUTURE OF WORK Just as any type of automation, be it of


COVER STORY manual or knowledge- based tasks, the FRQWLQXHG DGDSWLRQ RI 53$ LV GUHDGHG E\ most workers for fear of losing their jobs. $FFRUGLQJ WR D UHSRUW E\ *R *XOI DOPRVW RI 0LGGOH (DVW MREV FRXOG EH DXWRPDWHG DQG DXWRPDWLRQ FRXOG UHSODFH RI MREV JOREDOO\ LQ <HDUV :LWK QXPEHUV such as these it is easy to have doubts on whether you will be losing your job to a machine any time soon. Its thoughts like these that prompt the question: What does 53$ PHDQ IRU WKH IXWXUH RI ZRUN" 5HVSRQGLQJ WR WKH TXHVWLRQ 3UDVDG VD\V WKDW 53$ GRHV QRW SUHVHQW D WKUHDW WR MREV in healthcare. Stating that it enables doctors and nurses to focus on their highly skilled work, by taking on and removing the data-intensive, repetitive and time-consuming tasks related to managing and running a company or organization hence giving them more time to spend on delivering quality patient care. “Automation not only helps by freeing up healthcare professionals' time, but it can also be used to reallocate resources so that there is good enough cover for PRYHV FKDQJHV LQ SODFH ZKHQ WKHUH DUH VWD൵ VKRUWDJHV ´ KH VDLG ³53$ ZRUNV EHVW when used on data-intensive and highly repetitive tasks, while people work better when they can focus on the innovative and specialist tasks as well as pastoral care which is especially important in the healthcare sector. The robot was not perceived as a threat, but as long-awaited KHOS LQ D VLWXDWLRQ ZKHUH VWD൵ WLPH ZDV LQcreasingly being tied up in recurring comSXWHU EDVHG DGPLQLVWUDWLYH WDVNV ´ On his part, Bhalla believes that the fear of losing jobs to machines and automation is one that is shared across many indusWULHV +H KRZHYHU SRLQWV RXW WKDW WKH IHDU ultimately pushes humans to better equip themselves with relevant skills to create a better livelihood. “When industrialization happened the machines in assembly line replaced many humans, but it brought better skillset too. 53$ LQ IXWXUH ZLOO VHUYH WKH SXUSRVH RI ÀDZOHVV TXLFN DXWRPDWLRQV ZKHUH LQ repetitive jobs can be handled by smarter devices, thereby reducing the turnaround time in servicing. Considering entire Service industry focusing on repetitive Jobs, &RJQLWLYH 53$V ZLOO EH WKH NH\ WR HQKDQFHG 6/$V ´ KH FRQWLQXHG

Echoing Bhalla’s point, Mani believes that in the FRPLQJ WLPHV 53$ DGRStion will not be seen as the end for banking jobs. 5DWKHU LW ZLOO DOORZ WKH EDQNLQJ VWD൵ WR IRFXV PRUH on activities targeting cusWRPHU H[SHULHQFH LPSURYHment besides creating new job opportunities. ³53$¶V FRPSHOOLQJ EHQH¿WV ZLOO PDNH WKH EDQNV to view it as an enabler in LPSURYLQJ EXVLQHVV H൶ciency, and in positioning their banks ahead of competition in market in serving the growing the techQR VDYY\ FXVWRPHU EDVH ´ he added. 3UDVDG IXUWKHU H[SODLQV “even though it deals with automation, implemenWDWLRQ RI 53$ LV EDVLFDOO\ DOO DERXW PDQaging the people. The organization right from the top rung to the grassroots must EH WDNHQ LQWR FRQ¿GHQFH )LUVW LQIRUP WKH company’s leadership regarding the need RI DXWRPDWLRQ DQG KRZ LW LV OLNHO\ WR LQÀXHQFH WKH UHWXUQ RI LQYHVWPHQW 52, 7KHQ to convince the employees by open and honest discussion to prove that it won’t D൵HFW WKHLU MRE LQVWHDG WR GHDO ZLWK RSHUDWLRQDO FKDOOHQJHV ´

WHAT IS A CIO TO DO? 7KH VLPSOLFLW\ LQ XQGHUWDNLQJ 53$ LQLWLDtives might see business leaders in organisations go it alone, instead of looking to IT for assistance. Even though the implementation could end up being successful the systems might not end up being utilised to their full potential as the input of the IT leader is priceless to business when it comes to choosing the right technologies. To this point Mani notes that the CIO has to have a say in various stages of implementation including: buy In from management with adequate funds allocation, selection of use cases, selection of a suitDEOH 53$ IUDPHZRUN VHOHFWLRQ RI D VXLWDEOH WHFKQRORJ\ VROXWLRQ HQDEOLQJ 53$ implementation, improvement of skills of IT department for handling innovative 53$ SURMHFWV 6HOHFWLRQ RI LPSOHPHQWDtion partners and continuous monitoring

Vivek Bhalla Director Business Transformation

RI YDOXH GHOLYHUHG E\ 53$ DQG FRUUHFWLYH measures. Adding to Mani’s points, Prasad believes WKDW IRU 53$ LPSOHPHQWDWLRQ VHOHFWLQJ the right set of processes holds the key to VXFFHVV +H QRWHV WKDW WKH GHYHORSPHQW RI a framework which aligns with primary LQWHQW RI 53$ ZLWK DQ RUJDQL]DWLRQ¶V VWUDtegic objectives is key to success. “All organizations have unique needs. 7R IXO¿O WKHP WKH\ UHTXLUH 53$ YHQGRUV ZKR XQGHUVWDQG WKHVH QHHGV DQG R൵HU FXVtomized solutions which can only happen when the organization has conducted a detailed evaluation to determine the precise tools that it would require for a successful 53$ LPSOHPHQWDWLRQ ´ KH VDLG ³%HIRUH JHWWLQJ GRZQ WR WKH DFWXDO H[HFXtion, it is imperative to devise a meticulous and structured implementation apSURDFK ZKLFK ZLOO GH¿QH WKH FRQWRXUV RI your overall strategy. At the initial stage, a team that has been tasked with the imSOHPHQWDWLRQ RI 53$ ZRXOG LGHQWLI\ WKH requisites and provide guiding principles that will help individual business units drive automation. Finally, formulate key SHUIRUPDQFH LQGLFDWRUV .3,V EDVHG RQ ZKLFK \RX FDQ ¿QG RXW WKH VXFFHVV UDWH RI \RXU 53$ LPSOHPHQWDWLRQ ´ KH DGGHG %KDOODK IXUWKHU H[SODLQV WKDW &,2V QHHG WR EH LQYROYHG LQ ³TXDQWL¿FDWLRQ RI HDFK DQG -DQXDU\ CIO ONE - 15


COVER STORY cation, doctor availability and other criteria. • Speeding up account setWOHPHQWV ± 53$ ERWV FDQ accurately calculate the bill amount considering the costs for tests, medicines, wardroom, food, and doctor fees and notify patients of their bill amount. • Streamlining claims manDJHPHQW ± 53$ 6RIWZDUH FDQ speed up the data processing for insurance claims and avoid errors.

Shijin Prasad ICT Manager, Cure Medical Centers

HYHU\ 5RERW FUHDWHG ZLWKLQ WKH RUJDQL]Dtion. Designing of the As-is process which LV LGHQWL¿HG WR EH $XWRPDWHG WKURXJK 53$ 2QFH LGHQWL¿HG WKH SURFHVV LV TXDQWL¿HG E\ WKH )XOO WLPH HTXLYDOHQW )7( RI WKH VDPH 5HGHVLJQLQJ RI WKH SURFHVV ZLWK 53$ DQG TXDQWLI\LQJ WKH VDPH ZLWK )7( saved. FTE savings target is assigned to HDFK GHSDUWPHQW HYHU\ \HDU ´

DOWN TO BUSINESS To the question, what are some of the use FDVHV RI 53$ WKDW H[FLWH" %KDOOD QRWHV WKDW WKH H[FLWHPHQW OLHV LQ JHWWLQJ ULG RI UHSHWLWLYH -REV +H H[SODLQV WKDW ZKHUHYHU there seems to be a repetitive Job it has WR EH WDNHQ XS E\ 53$ )RU H[DPSOH DQ\ reports based on multiple systems or any Updates that happen every day are most OLNHO\ FRQWHVWDQWV IRU 53$ 2Q KLV SDUW 0DQL EHOLHYHV WKDW ³53$ ZLOO GH¿QLWHO\ KHOS EDQNV LQ H൵HFWLYHO\ GHOLYHULQJ RPQL FKDQQHO FXVWRPHU H[SHULHQFHV LPSURYLQJ RSHUDWLQJ H൶FLHQF\ DQG LQ controlling costs which will help in boostLQJ WKH WRS OLQH DQG ERWWRP OLQH ¿JXUHV ´ 3UDVDG VD\V WKDW WKH XVH FDVHV RI 53$ WKDW H[FLWHV WKRVH LQ +HDOWKFDUH ,QGXVWU\ LQclude: • Simplifying patient appointment schedXOLQJ ± 53$ ERWV FDQ VWUHDPOLQH SDWLHQW appointments according to diagnosis, lo16 - CIO ONE -DQXDU\

• Implementing discharge LQVWUXFWLRQV ± 53$ ERWV FDQ ensure the accuracy of discharge guidelines and send reminders to patients about prescription pickups, upcoming doctor’s appointments and medical tests ‡ 5HFRUGLQJ DXGLW SURFHGXUHV ± 53$ VRIWware can record data and generate reports

during audits • Improving the healthcare cycle – The GDWD UHFRUGHG E\ 53$ ERWV FDQ EH XVHG to generate analytics that can help deliver accurate diagnosis and well- tailored treatments ‡ 0DQDJLQJ KHDOWKFDUH ZRUNÀRZV ± 53$ VRIWZDUH FDQ VWUHDPOLQH ZRUNÀRZV LQvolved in managing and coordinating healthcare, case and utilization management and remote monitoring. ,Q VXPPDWLRQ 53$ LV DQ LQWHUHVWLQJ EXVLness process automation system and it has the potential to be a game changer in automating certain tasks in countless organisations. As adoption continues to rise more industries should brace themselves to the HQGOHVV SRVVLELOLWLHV RI ZKDW 53$ KDV WR R൵HU %\ DOORZLQJ WKHLU WHFK OHDGHUV WR take the lead in both implementation and demystifying the myths about the technology to both the management and the employees alike, enterprises would have JLYHQ WKHLU 53$ LQLWLDWLYHV D EHWWHU FKDQFH of succeeding.



INTERVIEW

EMBRACING AUTOMATED BUSINESS PROCESSES WITH RPA Micro Focus announced the general availability of Micro Focus Robotic Process Automation (RPA) in 2019. Anas Jwaied Managing Director, Middle East & Africa, Micro Focus, discusses how the solution gives companies the power to build, secure, and scale automated business processes, from legacy to modern, across the enterprise. How does Robotic Process Automation work? How long does implementation take and what are the major challenges organizations face in implementing RPA? 5RERWLF SURFHVV DXWRPDWLRQ 53$ LQvolves software robots (or bots) that can be easily programmed to automate repetitive tasks and mundane tasks across applications by mimicking human interactions. ,Q RWKHU WHUPV 53$ DXWRPDWHV UXOHV GULYen business processes. 53$ ,PSOHPHQWDWLRQ VKRXOG EH D FRQWLQuous activity in an agile business driven environment, in order to accelerate the time to value and continuously add and introduce automation across departments. The main challenges are identifying the use cases that require automation and deÂżQLQJ WKH EOXHSULQWV RI WKH EXVLQHVV SURcesses. Go into detail about Micro Focus RPA and what makes it stand out from the competition? (YHQ WKRXJK 0LFUR )RFXV 53$ LV IDLUly new to the market, yet it is based on cutting edge technologies that has been SURYHQ RYHU WKH SDVW \HDUV LQ IXQFWLRQal testing (UFT) and process automation (OO) capabilities. 0LFUR )RFXV 53$ HQDEOHV XVHUV WR FRPbine screen-based robotic automation with IT automation in a single UI, bridging fragmented and siloed business processes. A worker-queue-based architecture makes it possible to scale workloads up or down, depending on the size of automated operDWLRQV 7KH SURGXFW RŕľľHUV D VHFXUH FHQWUDO dashboard for robot management, where each robot is assigned a unique ID and has encrypted, role-based access credentials. 0LFUR )RFXV 53$ DGYDQFHG REMHFW UHFRJQLWLRQ GRHV QRW UHTXLUH H[SOLFLW SRVLWLRQLQJ within the UI and therefore enables the roERWV WR EH WUXO\ UHVLOLHQW 5RERWV FDQ HDVLO\ adapt to UI changes such as alterations in 18 - CIO ONE -DQXDU\

size, color, or position, which helps enterprises reduce their bot-maintenance costs. 0LFUR )RFXV 53$ LQFOXGHV WKH PRVW DGYDQFHG $3, &/, DXWRPDWLRQ HQJLQH DQG rich libraries in the market as well as it provides the most advanced recording capabilities powered by Machine Learning DQG $UWLÂżFLDO ,QWHOOLJHQFH What should you consider when deploying RPA in large enterprise environments? The considerations that are crucial to the success in large enterprise environments are: 'RHV WKH 53$ VROXWLRQ RŕľľHU VFDODEOH DUchitecture, comprehensive security, monitoring, and resiliency? (ŕľľHFWLYH DQDO\VLV DQG LGHQWLÂżFDWLRQ RI WRS use cases to be introduced and automated E\ WKH 53$ SODWIRUP DQG WKHVH VKRXOG EH business oriented and not only IT oriented. Deployment Strategy taking into consideration the scalability requirements to PDNH VXUH WKH 53$ SODWIRUP FDQ VXVWDLQ and scale.

Anas Jwaied Managing Director, Middle East & Africa, Micro Focus

Training and adoption across all line of business in order to get the best value out RI WKH 53$ SODWIRUP As a summary, Enterprises must take into account people, process, and technical aspects to develop a holistic approach to DQ HQWHUSULVH OHYHO 53$ LPSOHPHQWDWLRQ ,PSOHPHQWLQJ 53$ DV D SRLQW VROXWLRQ for task automation without proper business-IT alignment will ultimately hamper scalability and sustained bot operations. Kindly detail the stages of an RPA implementation? Which teams in an organization (both in IT & the business as a whole) should be involved in the implementation and why? Throwing bots at automation issues without a proper understanding of require-

ments or a clear strategy will fail to delivHU DQ\ VLJQL¿FDQW YDOXH ,Q RUGHU WR KDYH a successful implementation and adoption RI 53$ LQ DQ (QWHUSULVH WKH IROORZLQJ topics must be considered: • Scalability: 5HVHDUFKHV LQGLFDWH WKDW RQO\ D VPDOO proportion of enterprises have scaled beyond a dozen bots, and they have realized far less value than they envisaged at the LQLWLDO VWDJH RI 53$ LPSOHPHQWDWLRQ )RU that, Process modeling and optimization can help reduce fragmented processes


INTERVIEW and ensure rapid and sustained gains from 53$ LPSOHPHQWDWLRQ ZLWK WKH PLQLPXP necessary bots. Also, Business-IT alignment is key to ensuring that all relevant people, process, and technology aspects are considered, debated, and subsequently incorporated into an enterprise-level process automation strategy. • Process and Integration: Process automation initiative leaders often opt for automating processes in an DV LV VWDWH YLD 53$ ERWV WR KDUYHVW WKH low-hanging fruit in terms of time and FRVW VDYLQJV L H LPPHGLDWH YDOXH +RZHYHU DXWRPDWLQJ DQ LQH൶FLHQW RU XQRSWLPL]HG SURFHVV YLD 53$ ZLOO QRW GHOLYHU DQ\ WUDQVIRUPDWLRQDO YDOXH :KLOH 53$ can deliver quick return on investment, it ZLOO QRW DOZD\V UHGXFH SURFHVV LQH൶FLHQcies. This is an area where a BPMS can GHOLYHU VLJQL¿FDQW YDOXH EHFDXVH LW DOORZV users to model and optimize processes to resolve procedural issues, remove redundant steps, and improve process cycle time. %\ XVLQJ 53$ DQG %306 LQ FRPELQDWLRQ \RX FDQ DXWRPDWH VSHFL¿F VXESURFHVVHV (tasks) of an end-to-end process via software robots. Control can then be passed to BPMS if there is a need for decision-making (e.g., case management). • Monitoring and Exception Management: %XVLQHVV DQG V\VWHP H[HFXWLRQ IDLOXUHV are common occurrences that call for efIHFWLYH H[FHSWLRQ PDQDJHPHQW HVSHFLDOO\ in unattended automation scenarios. BusiQHVV H[FHSWLRQV RFFXU LQ FDVHV ZKHUH GDWD or inputs are not in line with business and application criteria and when established rules are broken. There should be a propHU H[FHSWLRQ PDQDJHPHQW PHFKDQLVP LQ place to ensure that issues can be resolved DXWRPDWLFDOO\ RU SDVVHG RQ H൶FLHQWO\ IRU KXPDQ LQYROYHPHQW 7KH KDQGR൵ WR D EXVLQHVV RU ,7 XVHU IRU SURFHVVLQJ H[FHStions is similar to case management via knowledge workers. There should be a provision for centralized monitoring via a dashboard that enDEOHV XVHUV WR FRQ¿JXUH VFKHGXOH DQG manage bots. Such a monitoring capability should allow users to assign tasks and PRQLWRU WDVN H[HFXWLRQ VWDWXV DQG VKRXOG provide insights into bot performance. • Resiliency: One inherent limitation of traditional 53$ SURGXFWV WKDW XVH VFUHHQ VFUDSLQJ is their inability to readily adapt to UI changes, which often results in errors. Screen-scraping techniques rely on obMHFWV KDYLQJ D ¿[HG SRVLWLRQ RQ WKH

screen, which is unlikely to be the case in most automation scenarios. Needless to say, there is no scope for such errors in the FDVH RI PLVVLRQ FULWLFDO SURFHVVHV H J ¿nancial processes). In such situations, it is important for enterprises to set up control towers to handle changes in systems that can have an impact on the UI. The best remediation for this, is to choose 0LFURIRFXV 53$ ZKLFK KDV 0DFKLQH /HDUQLQJ DQG $UWL¿FLDO ,QWHOOLJHQFH FDSDbilities allowing to recognize the change RI FRQWUROV SRVLWLRQ RU WH[W FDSWXUH LQ WKH 8, DQG VWLOO DGDSW WKH H[HFXWLRQ ZLWKRXW WKH QHHG WR UHGH¿QH DQG UHFRUG WKH EXVLQHVV process allowing high resiliency bots and operations, continuing to work on most occasions, despite UI changes, requiring minimal maintenance and rerecording. • Security: Security is frequently cited as a key conFHUQ LQ HQWHUSULVH VFDOH 53$ LPSOHPHQWDWLRQV 0DQ\ EDFN R൶FH SURFHVVHV DUH commercially sensitive, so it is important to ensure that deployed processes meet the enterprise's security requirements. Integration with enterprise directories will make it easier to manage authentication and authorization, and the servers that run the robotic processes must be secured against tampering. These security measures need to be backed by an auditing service that lets users review the actions WDNHQ E\ WKH 53$ VROXWLRQ :LWK GHVNtop-based robotic automation, users need to embed credentials across several disWULEXWHG GHVNWRSV 7KLV FDQ DGG VLJQL¿FDQW overhead and increase both security and privacy risks. Again, all the relevant Business Units should be involved along with IT who ideally should lead the project in gathering DQG GHSOR\LQJ WKH DXWRPDWLRQ ZRUNÀRZV across the Business Units based accordingly. :KDW DUH WKH EHQH¿WV WKDW HQWHUSULVHV DUH seeing as a result of incorporating RPA into their automation strategies? 53$ UHPHGLDWH EXVLQHVVHV IURP VSHQGLQJ too much time working on mundane, repetitive, error-prone tasks. As an outcome, businesses reduce cost, their time to market and increase customer satisfaction. As DQ H[DPSOH RQH RI RXU FXVWRPHUV PDQDJH WR UHGXFH WKH WLPH DQG H൵RUWV RI D FULWLFDO FXVWRPHU IDFLQJ EXVLQHVV SURFHVV IURP days to less than a day. What industries are the slowest in adopting RPA? Why is this? What can be done

to assist businesses in such industries that want to innovate faster towards these technologies? ,Q JHQHUDO LW LV QRW DERXW D VSHFL¿F LQdustry, the lowest adoption is usually in companies where majority of the Business Processes are manual and not digitized. Digital Transformation come hand in hand ZLWK 53$ VWUDWHJ\ :KDW LV WKH EHQH¿W RI SDULQJ 53$ ZLWK cognitive technologies? Does this strategy work in every industry? Cognitive technologies are already emEHGGHG LQ 0LFUR )RFXV 53$ LQ RUGHU WR enable the platform to do intelligent adjustment while mimicking human actions eliminating the need to revisit the autoPDWHG SURFHVV IRU H[DPSOH DGDSWLQJ WR changes in an interface that are usually trivial if an actual human is interacting with that application (change of the login QDPLQJ IURP ³ORJLQ´ WR ³VLJQ LQ´ +RZ LV 53$ GLৼHUHQW IURP RWKHU HQWHUprise automation tools? Is RPA the best automation tool now? If so, why? 0LFUR )RFXV SRLQW RI YLHZ DERXW 53$ LV that it is a combination of multiple autoPDWLRQ FDSDELOLWLHV $3, &/, EDVHG DXWRmation and UI based automation) integrated to automate any process whether it is IT or business-related. 7KXV WKLV PDNHV DW OHDVW 0LFUR )RFXV 53$ D SODWIRUP WKDW H[WHQGV JHQHUDO ,7 3URFHVV Automation (ITPA) into Business Process Management Suite (BPMS), all under one single end to end platform. Why deploy robots when there are humans? What does RPA mean for the future of work? 53$ DLPV DW UHOLHYLQJ HPSOR\HHV IURP UHpetitive error-prone tasks allowing better productivity and innovative outcomes. In other cases, they will help humans to run routine knowledge-process work, especially repetitive and high-volume transactional functions. ,Q WRGD\¶V G\QDPLF PDUNHW 53$ ZLOO SURYLGH D IDVWHU IXO¿OOPHQW RI EXVLQHVV SURcesses allowing a faster time to market but 53$ DV D WHFKQRORJ\ GLVFLSOLQH LV HYROYing and can do much more. Along with BPMS, ITPA tools, and machine learning capabilities, it can enable end-to-end process automation, not just automate swivel-chair processes. -DQXDU\ CIO ONE - 19


CYBERSECURITY / FEATURE

RETHINKING CYBERSECURITY

FOR THE NEXT DECADE 5HFHQW VWDWLVWLFV IURP F\EHUVHFXULW\ ¿UP 5LVN %DVHG 6HFXULW\ SRLQWHG RXW WKDW GDWD EUHDFKHV have exposed over 38 billion records since 2010. The past decade saw cyber-crime evolve from QRW RQO\ EHLQJ D PHDQV RI LOOHJDOO\ DFTXLULQJ HFRQRPLF JDLQV EXW DOVR LQWR D ZD\ RI DৼHFWLQJ SHRSOHV¶ ZD\V RI OLYHV DV PRUH DQG PRUH LOOHJDO KDFNLQJ JURXSV ZRXOG LQ¿OWUDWH JRYHUQPHQW websites or individuals just as a show of strength or means to unsettle the status quo. By Baraka Jefwa Don’t get me wrong, even though there are various facets to cybercrime the main reason black hat hackers join this infamously lucrative business is to enrich themselves. A recent report published by PWC pointed out that Companies in the Middle East suffered larger losses than other regions, as a UHVXOW RI F\EHU LQFLGHQWV ORVW PRUH WKDQ FRPSDUHG WR JOREDOO\ DQG ORVW DW OHDVW WKUHH ZRUNLQJ GD\V FRPSDUHG WR KLJKOLJKWLQJ WKDW WKH F\bercrime game is still all about the money, DQG KHQFH WKH UHDVRQ WKH ¿QDQFLDO VHFWRU remains a prime target for cyber criminals. 3HU 6WDWLVWD LQ WKH ¿UVW KDOI RI WKH PDMRULW\ RI WKH UHSRUWHG EUHDFKHV LPSDFWHG EXVLQHVV ZKLOH KLW PHGLFDO KHDOWKFDUH RUJDQL]DWLRQV %DQNLQJ FUHGLW DQG ¿QDQFLDO RUJDQL]DWLRQV URXQGHG RXW WKH WRS WKUHH EUHDFKHV ZLWK JRYHUQPHQW PLOLWDU\ FRPSOHWLQJ WKH ¿YH WRS WDUJHWV ZLWK DQG EUHDFKHV UHspectively. .KDOGRXQ $O .KDOGL D WHFKQRORJ\ LQIUDVWUXFWXUH F\EHUVHFXULW\ RSHUDWLRQV H[SHUW LQ WKH ¿QDQFLDO VHUYLFHV VHFWRU WROG &,2 21( WKDW ¿QDQFLDO VHUYLFHV KDYH DOZD\V EHHQ WKH PDLQ WDUJHW IRU FRPSOH[ F\ber-attacks largely because of the tremendous value of the information available. “According to recent reports, more than RI PDOZDUH DWWDFNV LQ WDUJHWHG ¿QDQFLDO VHUYLFHV :H KDYH VHHQ D VWHDG\ ULVH LQ FUHGHQWLDO VWX൶QJ DWWDFNV RYHU WKH past year, fed in part by a growth in phish-

20 - CIO ONE -DQXDU\

Abdulrahman Khaiwi Head of Information Technology, Emirates National Schools


CYBERSECURITY / FEATURE ing attacks against consumers with DDOS (Distributed Denial of Service) attacks as a distraction method. In addition, attackers or criminals started recycling the old attack methods such as SQL Injection, Local File inclusion, Cross-site scripting, -DYD LQMHFWLRQ ´ KH VDLG ³:KLOH WKH VWDELOLW\ RI WKH ¿QDQFLDO VHFWRU is crucial for the economy, cyber-attack is RQH RI WKH WRS ULVNV LQ DQ\ ¿QDQFLDO LQVWLtution. Any attack on critical components RU VHUYLFHV RI WKH ¿QDQFLDO V\VWHP FRXOG have either direct or indirect impacts that could threaten the stability of the system, or of its respective participants. For this reason, the threat of cyber-attacks is no ORQJHU DQ ,7 RU RSHUDWLRQDO ULVN ZLWKLQ ¿QDQFLDO LQVWLWXWLRQV DQG KDV H[SDQGHG LQWR broader more holistic categories, such as ³HQWHUSULVH ULVN´ DQG ³V\VWHP ZLGH ULVN ´ he added. $GGLQJ WR $O .KDOGL¶V SRLQW ,OO\DV .RROLyankal, CISO of a prominent Islamic Bank in Abu Dhabi, says that cyberattacks DUH WKH SULPDU\ WKUHDWV WKH ¿QDQFH LQGXVtry faces globally. As it could very easily bring an entire business to a standstill, or it could have an impact on the customer EDVH DV LW FDQ D൵HFW WUXVW UHSXWDWLRQ DQG cause both regulatory and competitive losses. It is however worthwhile to note that even WKRXJK WKH ¿QDQFLDO VHFWRU LV D KLJK ULVN VHFWRU F\EHUFULPH D൵HFWV DOO VHFWRUV RI WKH HFRQRP\ $ JRRG H[DPSOH RI D VHFWRU one might be tempted to think is safe from cybercrime is education. A conversation ZLWK $EGXOUDKPDQ .KDLZL +HDG RI ,Qformation Technology, Emirates National Schools, quickly dispelled that misconception as he informed CIO ONE that there are entities in the education sector whose operations have been disrupted by cyber criminals or been hit badly by variRXV YHUVLRQV RI 5DQVRPZDUH “Many schools had to pay considerable amounts to unlock their systems from the encryption. Other attacks reported like trojans, malwares etc. with increasing QXPEHUV FRPSDUHG WR SUHYLRXV \HDUV ´ KH said. “Attackers are not only targeting schools, but also higher education institutes. This LV EHFDXVH PRUH VHUYLFHV DUH R൵HUHG HOHFWURQLFDOO\ KHQFH WKH LQFUHDVHG H[SR-

Illyas Kooliyankal CISO of a prominent Islamic Bank in Abu Dhabi

sure and vulnerability. The spectrum of vulnerability is not limited to online services, enrolment, payment gateways and H/HDUQLQJ R൵HULQJV EXW DOVR SURSDJDWHV to facility management of schools like cooling, heating, lighting, access control, alarm systems, CCTV etc. Add to this the introduction of smart devices and active IoT devices is simply a huge temptation to dark web masters. Furthermore, the recent * PDVVLYH EDQGZLGWK DQG LQFUHDVLQJ ULVN RI DWWDFNV E\ F\EHU FULPLQDOV ´ KH DGGHG

A STRATEGIC APPROACH As technology continues to sip into the daily routine of our lives the threat landscape keeps on widening for the cybercriminals who continue to increase the FRPSOH[LW\ DQG YROXPH RI WKHLU DWWDFNV and campaigns, always looking for ways to stay one step ahead of cybersecurity practices – and more often using the world’s evolving technology against us. The big question then becomes: what are the new strategies and solutions that

organisations can use to detect and neutralise zero-day attacks? $ TXHVWLRQ WR ZKLFK .KDLZL UHVSRQGV E\ saying that there are various techniques IRU GHWHFWLRQ RI ³=HUR 'D\ $WWDFNV´ statistical-based, signature-based, behaviour-based, and hybrid detection-based WHFKQLTXHV +H DGGHG WKDW PDMRULW\ RI WKH available defence techniques today are R൵ WKH VKHOI KDUGZDUH DQG VRIWZDUH DSplications using a hybrid model for Zero Day Attack detection methods. ³7KH PDLQ GL൵HUHQWLDWRU EHWZHHQ VPDOO organizations and large organizations to defend itself is often limited by knowlHGJH RI WKH WKUHDW E\ ERWK VWD൵ DQG VHQLRU PDQDJHPHQW DV ZHOO DV DOORFDWHG ¿QDQFLDO UHVRXUFHV ´ KH DGGHG ,Q KLV YLHZ $O .KDOGL VD\V WKDW ³WKH EHVW VWUDWHJ\ LV WR KDYH DQ ,QFLGHQW 5HVSRQVH plan ready that provides an organized process to identify and deal with cyberDWWDFNV +DYLQJ D VSHFL¿F SODQ IRFXVHG -DQXDU\ CIO ONE - 21


CYBERSECURITY / FEATURE

SECURITY- WHO DOES WHAT? Armed with the knowledge that cyber criminals are always on the job; cyber VHFXULW\ H[SHUWV LQFOXGLQJ WKH &,62 who represent the top brass of individuals looking after organizations’ cyber security strategies, are also evolving in their roles. A recent F5 commissioned research by WKH 3RQHPRQ ,QVWLWXWH IRXQG WKDW RI CISOs believe cyber-security is now a business priority. This positions the CISO as a business enabler within an organisation. Just as the CIO the CISO is now more and more reporting directly to the management, prompting a more combined DQG FROODERUDWLYH H൵RUW E\ ERWK VHQLRU ,7 leaders within more organizations. As a &,2 .KDLZL EHOLHYHV WKDW LW LV FUXFLDO WR have a strong relationship between these two C-level roles for better management of any enterprise security and risks.

Khaldoun Al Khaldi Technology infrastructure & cybersecurity operations expert

on zero-day attacks will give you a huge advantage in case of an attack by increasLQJ WKH FKDQFH RI IDVW LGHQWL¿FDWLRQ DQG UHFRYHU\ ´

wi agree that emerging technologies such as deception are able to help, but need to be coupled with other services and soluWLRQV IRU LW WR EH PRUH H൵HFWLYH

.RROL\DQNDO VKDUHV $O .KDOGL¶V VHQWLment in that preparation is key, adding that, “Zero-day attacks are some of the PRVW GL൶FXOW WKUHDWV RUJDQL]DWLRQV DUH still having challenges trying to mitigate H൵HFWLYHO\ )RFXVVLQJ RQ IXQGDPHQWDOV like multilevel defence, least privilege, needs to know etc. are key to ensuring that HYHQ LI WKH XQNQRZQ H[SORLWV KLWV RUJDQL]DWLRQV FDQ EH LPPXQH $Q H൵HFWLYH DQG well-practiced security monitoring and incident management strategy is also very important, so that even if there is a breach, it can be detected and responded to timely DQG H൵HFWLYHO\ ´

“Deception along with other technologies DQG VHUYLFHV VXFK DV 1H[W *HQHUDWLRQ HQGSRLQW SURWHFWLRQ V\VWHPV 0'5 0DQDJHG 'HWHFWLRQ DQG 5HVSRQVH VHUYLFHV EDVHG RQ $, 5LVN EDVHG $GDSWLYH DFFHVV FRQtrol and implementing Zero-Trust security DUH EHQH¿FLDO LQ GHWHFWLQJ DQG QHXWUDOLVLQJ ]HUR GD\ DWWDFNV ´ VD\V $O .KDOGL

When it comes to the question of what technologies can be used to combat the HYROYLQJ WKUHDW ERWK $O .KDOGL DQG .KDL22 - CIO ONE -DQXDU\

“There is no single security solution that can stop all attacks from occurring on a network, however deception technology gives attackers a false sense of security by making them believe they have gained a foothold on the target network and data. +HQFH VXFK WHFKQRORJ\ DGGV D JUHDW YDOXH WR WKH VHFXULW\ VWDFN LQ DQ\ RUJDQL]DWLRQ ´ DGGV .KDLZL

“While the CIO is focusing on the IT solutions, data, processes and solutions that are governed and comply with the policies and how technology would positively disrupt the business. The CISO is looking in GHSWK DW WKH FODVVL¿HG GDWD DQG WKH ULVN RI H[SRVXUH RU GDWD WKHIW E\ DWWDFNHUV (QVXUing the proper controls, policies and procedures are in place achieving the desired mutual state of data protection and integrity. Both roles in harmony would take difIHUHQW SDWKV \HW UHDFKLQJ WKH VDPH SODFH ´ he continues. $V D OHDGLQJ &,62 .RROL\DQNDO HFKRHV .KDLZL¶V VHQWLPHQWV QRWLQJ WKDW ERWK WKH CISO and CIO have key roles in protecting the organization and thus, they need to complement each other instead of competing. “CISOs should be accountable for the organization’s security. CIOs should be FRPSOLPHQWLQJ WKH &,62 ZLWK H[HFXWLQJ deploying the technical controls in the environment. At the same time, CISOs needs to understand and appreciate the business and CIO challenges with respect to functionalities, customer needs and operational challenges and delivery deadlines. Security needs to be designed and implePHQWHG DFFRUGLQJ WR D ZHOO GH¿QHG 5LVN Appetite for the organization, that can support customer requirements and techQRORJLFDO WUDQVIRUPDWLRQ ´ KH FRQWLQXHV


CYBERSECURITY / FEATURE

$FFRUGLQJ WR $O .KDOGL LQ PRVW RI WKH RUganizations, the CISO and CIO have very GLŕľľHUHQW PLQG VHWV ZKHQ LW FRPHV WR ,7 operations. They are also interdependent, since the CIO relies upon the CISO for advice, guidance and risk evaluation while the CISO depends on the CIO for technical support and infrastructure resources. “The two leaders must work together with a holistic, integrated approach that empowers every business department within the organization with a clear vision. Together, they must build trust, formulate SULRULWLHV DQG H[HFXWH WKHP ´ KH DGGHG “Cybersecurity is no longer an IT issue, but a strategic business responsibility. %RWK H[HFXWLYHV PXVW VKDUH FRPPRQ goals for security and IT operations to be VXFFHVVIXO ´ KH FRQWLQXHG

LOOKING FORWARD :LWK D ODUJH QXPEHU RI GDWD EUHDFKHV H[ploits, and backdoor hacks headlining in WKH V LWÂśV LPSRUWDQW IRU WKH &;2V LQ charge of security in every organisation to learn from the mistakes made and do EHWWHU LQ WKH V $FFRUGLQJ WR .KDLZL OHVVRQV OHDUQHG DUH H[SHULHQFHV GLVWLOOHG

from events that could be named as the learnings gained and should be actively considered in future. “Such learnings prepare us to discover opportunities for improvement. FollowLQJ SURSHU DQG HŕľľHFWLYH /HVVRQV /HDUQHG process should prevent us from repeating previous mistakes and help us to repeat our successes. It is an instrumental part of any organization’s overall “continuous LPSURYHPHQW´ SURFHVV ´ KH DGGHG “Concerned organizations need to revise their incident response plan, improve their proactive monitoring and mitigation RQ [ EDVLV NQRZLQJ WKDW WKUHDWV QHYHU VOHHS LQ DGGLWLRQ WR SURSHU DQG HŕľľHFWLYH log management with detailed review. 6WUXFWXUHG WKUHDW KXQWLQJ WKDW GHÂżQHV PRUH strategic and structured hunt techniques analysts should follow, including generating hypotheses regarding malicious activity in an IT environment and updating automated detection capabilities based on GLVFRYHUHG WKUHDWV ´ KH FRQWLQXHG .RROL\DQNDO EHOLHYHV WKDW WKH &;2V VKRXOG HQVXUH WKDW &\EHU 6HFXULW\ H[perts are provided with the right resources and authority to drive the program with a

comprehensive, robust and fast-paced approach. “Fundamental security controls with right processes, security awareness among the employees, and adequate and well conÂżJXUHG VHFXULW\ WHFKQRORJLHV QHHG WR EH implemented and consistently maintained. 'LJLWDO WUDQVIRUPDWLRQ DQG FXVWRPHU H[SHrience are key drivers for the future, and interleaving security controls with a positive approach without compromising the FRQWUROV VKRXOG EH WKH PRWWR RI &,62V ´ he adds. $O .KDOGL EHOLHYHV WKDW RUJDQLVDWLRQV should never underestimate the basic cybersecurity best practices. Instead they should complement them by implementing the sophisticated protection systems and frameworks. “In addition, management should focus more on Cybersecurity continuous awareness within the organization, starting from the Board and Senior Management levels. It should be part of the organization DNA while the CISO is working closely with CIO as business enabler rather than a serYLFH SURYLGHU ´ +H FRQFOXGHG

-DQXDU\ CIO ONE - 23


INTERVIEW

A HOLISTIC APPROACH TO CYBERSECURITY Paramount Computer Systems is one of the leading cybersecurity services provider in the region. Premchand .XUXS WKH &R )RXQGHU DQG &(2 DW WKH FRPSDQ\ GLVFXVVHV KRZ WKH F\EHUVHFXULW\ ODQGVFDSH KDV FKDQJHG DQG the need to adopt best practices

Premchand Kurup Co-Founder and CEO, Paramount Computer Systems

What were the more prevalent modes of attacks in the sector in 2019? Do you think there would any changes in modes of attacks? This is a business where not only is the future uncertain, the past is also uncertain. Accept the reality, is my view. The reality is that attack sophistication is constantly going to increase. Attacks will be automated through AI. So defense mechanisms also should constantly evolve, EH DXWRPDWHG ZLWK $, FRQVWDQW 5HG 7HDPLQJ %OXH 7HDPLQJ H[HUFLVHV PXVW be conducted. Basic hygiene factors like 24 - CIO ONE -DQXDU\

user awareness training ; phishing email WHVWV FRQ¿JXUDWLRQ checks; vulnerability management programs are also of fundamental importance and should not get shrouded by sophistication. In fact in most advertised cases of Attacks the issue has been that clients have not catered to the basics. “A society WKDW VFRUQV H[FHOOHQFH in plumbing because plumbing is a humble activity and tolerates shoddiness in philosophy because phiORVRSK\ LV DQ H[DOWHG activity will have neither good plumbing or good philosophy. Neither it’s pipes nor it’s theories will hold ZDWHU ´ ,W LV SUXGHQW WR UHPHPEHU WKLV stick to the basics.

What are the new strategies and solutions that \RX EHOLHYH DUH QRZ PRVW H൵HFWLYH in detecting and neutralising zero-day attacks? Do you think deception technologies would be one for them? I think it is better for all of us to go back WR WKH EDVLFV NHHS GHWHUPLQLQJ DW PXOWLple times in a year how the security architecture has changed. You cannot protect \RXUVHOI IURP DQ H[WHUQDO RU LQWHUQDO HQvironment that is dynamic with an architecture or process framework that is static.

)RU H[DPSOH PDQ\ FRPSDQLHV WRGD\ KDYH LPSOHPHQWHG 53$ RU %27V GLG WKH\ UHlook at the security architecture before going live. Which tool does BOT Security?? Maybe the way of thinking has to change because this is an industry that is adept at creating an arms race; adept at coinLQJ QHZ WHFKQRORJLHV WKH QHW UHVXOW LV that we will have Confuscious, confounded, bedlam. Deception Technologies , 62$5 DUH DOO SDUW RI WKH DUPV UDFH 7KHUH is no straight forward answer. One man’s meat is another man’s poison.

What role should the CISO / CIO SOD\ GL൵HUHQWO\ LQ HQVXULQJ WKH RUganisation is secure? How should the CIO and CISO work together WR EHQH¿W WKHLU RUJDQLVDWLRQ" My belief is that the CISO must report to WKH +HDG RI 5LVN PXVW KDYH DQ H[FHOlent working relationship with the CIO. It is like Audit not reporting to Finance. In the near future the debate will be on where WKH '32 UHSRUWV , WKLQN LW VKRXOG QRW EH to the CIO.

What cyber security best practices should organizations adhere to in order to remain safe and secure? +DYH D FOHDU 9LVLRQ 0LVVLRQ 6WUDWHJ\ for the Security Program. The organization should have the right combination of 3HRSOH 3URFHVV 7HFKQRORJ\ 3ODQ WKH Budget around that. There should be meticulous attention to detail in Monitoring 0DQDJHPHQW 7KHUH VKRXOG EH FOHDU XQGHUVWDQGLQJ PHWULFV DURXQG 5,6. DQG reporting to the board. Accept Security as a cost of doing business much like Insurance. They should monitor and change the security program based on changes in the H[WHUQDO LQWHUQDO HQYLURQPHQW Finally, pray because more things are


INTERVIEW wrought by prayer than the world dreams of. If you remember Tun Szu in the Art of War, whatever you do, you will be attacked. A pragmatic appreciation of this is important for all across the Board

How should organisations go about securing their networks to exploit the full potential of emerging technologies such as AI, ML and IoT for achieving their business goals? The Network as we know it is dead. IdenWLW\ LV WKH QHZ SHULPHWHU LQ D FORXGL¿HG ZRUOG +RZ ZHOO GR ZH NQRZ ,GHQWLW\ 0DQDJHPHQW $FFHVV 0DQDJHPHQW ,Q D region controlled by Security professionals who graduated from the Networking space, IAM has hitherto received very poor focus ; continuing reluctance on the part of Application professionals to move into Security means that IAM will not receive it’s due. If it continues like this we will all be in trouble. Lets hope the situation changes. This is a clarion call to $SSOLFDWLRQ 'DWD %DVH SURIHVVLRQDOV “Ahoy there. Come to Security. Come to RXU 5HVFXH ´

What is the role of compliance in cyber security and building trust with customers? Does ensuring compliance ensure your cyber security defences are robust? Compliance is important. Compliance is basic hygiene. Compliance helps in benchmarking. But it stops here. It is no &HUWL¿FDWH IRU UREXVW VHFXULW\ )RU UREXVW security, appreciate it is a Program to be PDQDJHG NHHS PRYLQJ XS WKH PDWXULW\ FXUYH $GKHUHQFH WR WKLV PXVW H[LVW LQ SDUallel with Compliance.

In the age of the customer how should businesses make cyber security a top priority to ensure data safety without compromising our customer experience? 6HFXULW\ HDVH RI XVH PXVW EH EDODQFHG properly; it is not one or the other. As a business you need to get this balance right. You need both.

With a large number of data breaches, exploits, and backdoor hacks in 2019, what are the ma-

jor lessons learned that CXOs in charge of security should consider for the coming year? Accept the reality. Attacks will happen. <RX QHHG WR KDYH ZHOO GH¿QHG SURFHVVHV IRU GHWHFWLRQ UHVSRQVH 'HWHFWLRQ DOVR requires the use of sophisticated tools and trained people. The key is how well you are able to respond to an attack and reduce the impact. Also, how fast you can learn and prevent a similar attack from happening. Courage is crucial. Face reality. Face WKH XQNQRZQ HQHP\ .HHS GRLQJ )RFXV RQ 3HRSOH 3URFHVV 7HFKQRORJ\ %XGJHWV .HHS WKH FRPELQDWLRQ ULJKW )LQDOO\ Pray.

Why should organizations consider Governance, Risk and Compliance (GRC) solutions as part of their business strategy and what are the major characteristics to be considered while choosing a solution? Security is really a Program and not a Technology or a Process as is often misunderstood. As an organization enhances LW¶V PDWXULW\ RQ VHFXULW\ LW ZLOO ¿QG WKDW *5& VWDQGV DW WKH KLJKHVW HQG RI WKH 6HFXULW\ 0DWXULW\ &XUYH PXFK OLNH (53 LQ a business. We have successfully helped multiple organizations to integrate risks across the business with the maturity drivHQ DSSURDFK RI 56$ $UFKHU 5HSRUWLQJ WR WKH %RDUG RQ WKH VWDWXV RI 6HFXULW\ 5LVN &RPSOLDQFH RU *RYHUQDQFH PXVW KDSSHQ in an automated manner and not manually as it often gets done today. This can hapSHQ RQO\ ZKHQ D *5& 6RIWZDUH SDFNDJH is implemented and the ideal solution to LPSOHPHQW WKHVH FRQFHSWV LV 56$ $UFKHU which translates organizational processes LQWR DXWRPDWHG ZRUN ÀRZV

What are the key factors for a successful GRC implementation? Like any software there are multiple facHWV WKDW GHWHUPLQH VXFFHVV RI WKH *5& program: ‡ &OHDU DQG ZHOO GH¿QHG %XVLQHVV 5Hquirements Document ‡ )HDWXUHV )XQFWLRQDOLW\ RI WKH 6RIWZDUH 5RDGPDS IRU GHYHORSPHQW )RUUHVWHU *DUWQHU ,'& 9LHZV ‡ 2XW RI WKH ER[ TXLFN ZLQ SRVVLELOLWLHV *DS )LW ‡ ,QWHJUDWLRQ 1HHGV XQGHUVWDQGLQJ RI

the required inputs. Integration promotes complete visibility of data from multiple WHFKQRORJLHV LQ RQH VROXWLRQ VXFK DV 56$ Archer. ‡ &OHDQOLQHVV $YDLODELOLW\ RI LQSXW GDWD • Commitment to processes within the organization. Certain processes may not fall XQGHU SUH GH¿QHG *5& VROXWLRQV &XVtomers can create on-demand application XVH FDVHV ZLWK 56$ $UFKHU WR VXSSRUW FXVtomized processes. ‡ (DVH RI XVH 8VHU ,QWHUIDFH ‡ $QDO\WLFV ,QWHOOLJHQFH 5HSRUWLQJ Dashboards ‡ 3DUWQHU 7HFKQLFDO )XQFWLRQDO ,PSOHPHQWDWLRQ 5HVRXUFHV ‡ 7UDFN 5HFRUG RI ,PSOHPHQWDWLRQ LQ WKH 5HJLRQ ‡ 3RVW ,PSOHPHQWDWLRQ +HOS 'HVN 2SHUDtion Methodology ‡ 0DQDJHG 6HUYLFHV IRU *5& FDSDELOLW\ ‡ 3ULFH 3HUIRUPDQFH • Manpower needs from the customer GXULQJ SRVW LPSOHPHQWDWLRQ

What are your thoughts on Data Privacy and what value would Data Privacy solutions add to the organizations? :D\ EDFN LQ WKLV FRXQWU\ RU WKLV 5Hgion for that matter did not have a CISO. The space we are in today was called InWHUQHW 6HFXULW\ GHFLVLRQV XVHG WR EH WDNHQ E\ WKH +HDG RI ,7 ,Q IDFW FRPSDQLHV did not have a CIO. Times have changed. 7RGD\ WKH 5HJLRQ KDV DURXQG RGG &,62V 0\ EHOLHI LV WKDW ZLWKLQ WKH QH[W few years every large organization where Information Assets is vital to the business ZLOO KDYH D '32 ± 'DWD 3ULYDF\ 2൶FHU Data Privacy will be a comprehensive Program to be managed and moved on the maturity curve. It will have a StrateJ\ 3URFHVVHV 7HFKQRORJ\ YHU\ PXFK OLNH VHFXULW\ 'DWD &ODVVL¿FDWLRQ '/3 that is implemented today is not Data Privacy. I think this will throw up a huge opportunity for Security Professionals. Just like how Networking professionals LQ PRYHG LQWR 6HFXULW\ VHFXULW\ professionals can now move to Privacy. It is a matter of belief, a matter of choice. The call is yours. Data Privacy laws will VRRQ EH SDVVHG LQ DOO 5HJLRQDO &RXQWULHV and compliance to the same will become an absolute requirement. This is an area where Security professionals could meet FRPSHWLWLRQ IURP OHJDO , WKLQN D PL[ RI both is what is required for Data Privacy. -DQXDU\ CIO ONE - 25


CASE STUDY

AL FARDAN EXCHANGE PARTNERS WITH CLOUD4C TO EMPOWER BUSINESS OPERATIONS

By Baraka Jefwa

Financial giant enters partnership with cloud managed services company to migrate its IT infrastructure to private cloud for better business operations.

$O )DUGDQ ([FKDQJH LV D PHPEHU RI WKH $O )DUGDQ *URXS ZKLFK KDV URRWV VWUHWFKLQJ EDFN WR (VWDEOLVKHG LQ $O )DUGDQ ([FKDQJH LV LQYROYHG LQ FURVV ERUder-remittances, payroll services, money WUDQVIHU DQG IRUHLJQ H[FKDQJH DPRQJ RWKer services. The company serves UAE’s cosmopolitan community through their VWURQJ QHWZRUN VSDQQLQJ DFURVV DOO (PLUDWHV 5HLQIRUFHG E\ VWURQJ UHODWLRQVKLSV ZLWK RYHU JOREDO FRUUHVSRQGLQJ EDQNV ¿QDQFLDO LQVWLWXWLRQV DQG RWKHU ¿nancial service providers, the organisation R൵HUV VHFXUH WUDQVDFWLRQV WKDW ¿UPO\ SODFH reliability and trust in the forefront. $V D OHDGLQJ ¿QDQFLDO VHUYLFH SURYLGHU $O )DUGDQ ([FKDQJH XQGHUVWDQGV WKDW WKH growth of the organisation as well their FXVWRPHUV¶ ¿QDQFLDO FDSDFLW\ GHSHQGV RQ their ability to embrace the latest techQRORJ\ 0U 6KD¿TXH ,EUDKLP $O )DUGDQ 26 - CIO ONE -DQXDU\

*URXS KHDG RI ,7 LV WKH PDQ UHVSRQVLEOH for ensuring the organisation keeps up with the modern-day trends of technology. Ibrahim describes himself as a tenacious SURIHVVLRQDO DQG KDV \HDUV RI H[WHQVLYH H[SHULHQFH LQ ,QIRUPDWLRQ 7HFKQRORJ\ and Payments. Delving deeper into his career journey, ,EUDKLP H[SODLQV ³, VWDUWHG DV D QHWZRUN engineer in Al Fardan and grew from there into operations manager, and I’m currently CIO of the company. It’s been a long journey where I’ve moved from being a purely technology leader to one who enables the business. My role like most CIOs today is more business driven and less about lookLQJ DIWHU WKH LQIUDVWUXFWXUH ´

IT MEETS BUSINESS Ibrahim adds that even though he still

does look after the infrastructure, he is also getting more involved in other projects for the business such as launching payment products. A recent project he was LQYROYHG LQ ZDV DLPHG DW H[DPLQLQJ WKH company’s move towards remittances on blockchain. As a business enabler Ibrahim and the business team often engage so that IT can understand business needs and he FDQ ¿JXUH RXW D ZD\ WR DXWRPDWH ZKDW LV required, and this he emphasises he does with all the departments within the organisation. “Through our engagements with the business team we got a better understanding of how we could enhance the business by doLQJ WKLQJV GL൵HUHQWO\ 6R WRGD\ ZH KDYH EXLOW RSHQ $3,V WR H[SORUH PRUH FROODERUDtions with FinTech’s and start-ups, as they have some products that can better serve the customer. I evaluate solutions that Fin-


CASE STUDY

7HFKV KDYH WR R൵HU DQG H[SORUH KRZ $O Fardan can leverage on that. I’m currently working with a couple of FinTechs in the UAE market where they are leveraging the Al Fardan remittance engine through WKH RSHQ $3,V ´ DGGHG ,EUDKLP :LWK WKH RUJDQLVDWLRQ¶V FRQWLQXHG H[SORration into more technologies to empower business operations, it should not come as D VXUSULVH WKDW $O )DUGDQ H[FKDQJH LV LQ the middle of a major digital transformation journey. It’s within this journey than the company is moving its complete infrastructure to the cloud in a few months’ time.

Why cloud? Ibrahim notes that their move to cloud is in line with the changing role of the CIO LQWR D EXVLQHVV HQDEOHU +H IXUWKHU SRLQWV out that their reasons for moving their infrastructure to cloud include enabling $/ )DUGDQ ([FKDQJH WR EH DEOH WR TXLFNly address the business needs, reduce the risk to the infrastructure, ensure the infrastructure is always available, reduce the operating costs, reduce dependency on humans and to provide real time security monitoring. “Where the business side of it comes in is that I had my team managing the infra-

structure meaning that all my resources are on technology, which is a good thing. +RZHYHU , QHHG P\ WHDP WR PRYH DZD\ from technology in totality and focusing more on how technology impacts the business. With our move to clouds our important human resources will be able to ZRUN RQ QHZ SURMHFWV IRU WKH EXVLQHVV ´ KH added.

CHOOSING THE RIGHT PARTNERS ,EUDKLP IXUWKHU H[SODLQV ³RXU PLJUDWLRQ is to private cloud, as we have regulations in the UAE that we cannot keep data outVLGH RI WKH FRXQWU\ ,QLWLDOO\ WKHUH ZHUH partners in the region that were meeting RXU H[SHFWDWLRQV ZH ¿QDOLVHG ZLWK RQH &ORXG F 7KH SDUWQHU WKDW ZH DUH JRLQJ ZLWK KDV GDWD FHQWUHV LQ FRXQWULHV DQG they provide services to a number of comSDQLHV ´ “Our complete infrastructure will be manDJHG E\ WKHP &ORXG F ZKDW WKLV PHDQV WR P\ LQIUDVWUXFWXUH WHDP LV IRU H[DPSOH my head of server infrastructure will still have the ownership and responsibility of their area but the thing is that instead of them doing it, they have to monitor and manage it. This will mean that they don’t have to spend too much time on the infrastructure, and they can focus on the new

SURMHFWV WKDW ZH DUH ODXQFKLQJ ´ KH DGGHG %HIRUH FKRRVLQJ WR PLJUDWH WR WKH &ORXG F private cloud, the company, according to ,EUDKLP KDG DOO SK\VLFDO +3 VHUYHUV 2Uacle database servers and Windows application servers, as their initial infrastrucWXUH ,QIUDVWUXFWXUH ZKLFK KH H[SODLQV KH KDG YLUWXDOLVHG H[FHSW WKH GDWDEDVH VHUYHUV DV WKH ¿UVW VWHS WRZDUGV FORXG LQ D ELG WR UHGXFH &$3(; ³,QVWHDG RI JRLQJ ZLWK D &$3(; PRGHO P\ WKLQNLQJ ZDV WR JR ZLWK DQ 23(; model, wherein all we were doing can be part of one SLA and someone else can do LW EHWWHU WKDQ ZKDW , GR ´ KH FRQWLQXHG Ibrahim says that their move to cloud is part of the company’s strategic roadmap where they enhance their systems with QHZ XSGDWHV +H DGGV WKDW WKHLU URDGPDS at the moment calls for more collaboration. “Customers today don’t want to walk into physical branches. They want a seamOHVV GLJLWDO H[SHULHQFH 7R SURYLGH WKLV WR them, your infrastructure should be powHUIXO HQRXJK WR KDQGOH WKDW QH[W VWDJH RI FXVWRPHU H[SHFWDWLRQV 6R ZH KDG RSHQ APIs to collaborate with Fintechs as they are better at interacting with customers. In order to do this, we have to make sure our infrastructure and applications are supSRUWHG ´ ,EUDKLP FRQFOXGHG -DQXDU\ CIO ONE - 27


INTERVIEW

REDEFINING THE “I� IN CIO

With the role of the "CIO" constantly evolving so is the meaning of the job tittle which has existed for a number of years. The most common use of the CIO moniker is Chief Information Officer, with time however CIO has also come to stand for, Chief Innovation Officer, a person in a company who is primarily responsible for managing and driving the process of innovation through digital strategy and change management within an organization. In this piece Alberto Diez talks about his role as Chief Innovation Officer of RAKBANK, also known as the National Bank of Ras Al Khaimah, one of the oldest and most dynamic banks in the UAE. of delivery; we refer to these as automation and DevOps which are the key drivers to making sure we can release apps and websites not only with higher certainty and quality but also with higher speed.

Alberto Diez CIO, RAKBANK Go into detail about your role as RAKBANK's Chief Innovation OfÂżFHU &KLHI ,QQRYDWLRQ 2ŕľśFHU LV D YHU\ ZLGH title. What it means is that I’m mainly in charge of key strategic initiatives within IT driven change like digital transformation, digital innovation and digital chanQHOV $V DQ ,QQRYDWLRQ RŕľśFHU , SHUIRUP my duties bank-wide. So, theoretically I should spend as much innovating, for H[DPSOH WKH EDFNHQG RSHUDWLRQDOO\ ZLWK things such as robotics and automation solutions with the aim of improving decision processes as well as customer jourQH\V LQ WKH IURQW HQG +RZHYHU WKH ODVW year I’ve been here the focus has been to uplift us and move us from a dated digiWDO ÂłYLHZ´ WR VRPHWKLQJ D ELW PRUH LQ OLQH with the current best practices today.

We are also working on how to leverage cloud and build new ecosystems as we have some new apps OUT that we run on AWS. In the backend we have a myriad of technologies and Fintechs that we are using. We are focusing a lot on Open APIs; ZKLFK VWDUWHG ZLWK EDQNV LQ WKH 8. EHLQJ pushed to have open data, that type of technology openness triggered an ecosystem of Fintechs that could pull data from an APIs and give value added services to banks and third parties.

What prompted the move towards embracing Open APIs? We have copied that model, even though it is not regulated in the UAE, and have worked with the bank to create that openness to leverage that Fintech ecosystem. With Open APIs we have released some value-added services for our business banking customers where they can, for H[DPSOH WUDFN WKHLU LQYRLFHV DQG GR DFcounting online. Our driver towards this technology is applying the Open API patterns and best SUDFWLFHV WR RSHQ WKH EDQN IRU UG SDUWLHV and be technology ready. This enables us to be kind of plug n play and that allows us to have that healthy debate about build or buy because you have parts of the bank you can plug in to new things. We are also PRYLQJ DO RXU DSSV WR 5HDFW 1DWLYH

What are the steps you and the banks have taken to align yourself with modern day best practices?

What is the main aim of moving the bank’s apps to React Native?

We have multiple initiatives, especially from a perspective of automating the backend. We are working with technology that has got to do with increasing certainty

Back in the day working on Apps was too FRPSOH[ DV WKHUH ZHUH :LQGRZV SKRQHV Android, Blackberry and Apple and the code when you were building things out-

28 - CIO ONE -DQXDU\

VLGH RI 5HDFW ZRXOG UHTXLUH FRGH IRUNV IRU HYHU\ KDQGVHW 26 7KH PDUNHW KDV QRUmalized a bit and now most of our customers are either Apple or Android. 7KLV PHDQV WKDW LI ZH PRYH WR 5HDFW 1DWLYH ÂżUVWO\ IURP D GHVLJQ SHUVSHFWLYH both architecture and customer facing designs, there is a lot that comes “out of the ER[´ EHFDXVH LWÂśV QDWLYH WR WKH KDQGVHWV and from a technology perspective it simSOLÂżHV WKLQJV ZKHQ \RX GR WHVWLQJ DV \RX can have one code base for all. It helps us improve customer journeys whilst leveraging a good tool sets and framework that help increase speed and cut cost.

In your opinion what prompts digital transformation journeys? And why is it important to keep on innovating? The short answer is because it cuts cost of acquisition and digital is the preferred channel of choice for customers, so innovation is a good catalyst for continuous improvement and this is the backbone of any business. When it comes to innovation and digital transformation, the problem that we have here in the UAE is that we are slightly behind and many of us have been running big transformation project globally so in the initial states of MRLQLQJ 5$.%$1. ZH ZRXOG TXLFNO\ look at banks in Europe and USA and see what they have done to be successful, adapt some of it to the local market, and then quickly draw up a top 5 list for driving innovation and transformation – so some of this is just digital hygiene whilst reducing cost and optimizing sales in the ¿UVW SKDVH 7KLV K\JLHQH SKDVH VKRXOG EH followed by a more focused innovation mindset when tools are in place. My high OHYHO WR GR OLVW FRQFOXGLQJ LQ WKH ¿UVW TXDUWHUV RI LQFOXGH GLJLWDO RQERDUGLQJ GLJLWDO MRXUQH\ LPSURYHPHQWV IRU DSSV web, Fintech integrations via OpenAPI’s and new Credit Cards ecosystems.


INTERVIEW

ENABLING SUCCESSFUL ERP ADOPTION Index InfoTech is a leading business transformation consulting company. The company serves both SME and enterprise clients, driving their digital transformation strategy by encompassing business process re-engineering, digital design and architecture, deployment and maintenance of business-critical solutions and services. ,QGH[ ,QIR7HFK &(2 0XUWD]D (]]L GLVcusses how their consultative approach ensures that the businesses go digital in their processes and transforms the way they work with latest technology. The FRPSDQ\ ZDV HVWDEOLVKHG LQ ZLWK D view on catering to the business application market of the Middle East, India, Africa and they also have active projects in South East Asia.

DF\ V\VWHPV WR QHZ (53 V\VWHPV WDNLQJ them through the entire journey.

³:H R൵HU VROXWLRQV DQG VHUYLFHV IRU (53 +&0 (&0 ,50 *5& 0(6 %, $QDO\WLFV 5RERWLF 3URFHVV $XWRPDWLRQ 53$ 9RLFH EDVHG WHFKQRORJ\ DQG 6PDUW $XWRPDWLRQ :H DUH VSHFLDOLVHG LQ (53 systems, but we are trying to complete our solution to help us service enterprise FXVWRPHUV :H KDYH VHUYHG PRUH WKDQ customers globally and we are looking forward to assisting more businesses in WKHLU GLJLWDO WUDQVIRUPDWLRQ MRXUQH\ ´ VDLG Ezzi.

When we entered the market, Epicor was R൵HULQJ VHUYLFHV E\ WKHPVHOYHV DV WKHUH ZHUHQ¶W WRR PDQ\ TXDOL¿HG SDUWQHUV DYDLOable regionally. So, because of the absence PDLQO\ HQWHUSULVH FXVWRPHUV FRXOG D൵RUG WKH VHUYLFHV DQG VROXWLRQV R൵HUHG E\ (SLcor. With our entrance in the market, we PDGH WKH VROXWLRQV DQG VHUYLFHV D൵RUGDEOH for SMB sector as well. Thanks in part to our relationship the reach of Epicor in the region has continued to increase.

What are some of the solutions and VHUYLFHV \RX R൵HU WKDW KDV VHHQ PRVW interest in the Middle East region? ,Q WKLV UHJLRQ ZH DUH D ÀDJVKLS SDUWQHU RI (SLFRU ZKHUHE\ ZH DUH D FHUWL¿HG SDUWQHU We have been working with Epicor for DOPRVW \HDUV QRZ WKURXJK WKLV SDUWnership we have serviced a couple of large FXVWRPHUV $ JRRG H[DPSOH LV $O 1DERRdha, who are one of our biggest customers in the region. Other than Epicor we KDYH RWKHU R൵HULQJV IRU WKLV UHJLRQ VXFK DV )DUYLVLRQ (53 ZKLFK LV IRU UHDO HVWDWH construction and owners’ associations segment, we have a product called Adda which is for owners’ associations and we also have a document management solution for enterprise customers. $ORQJ ZLWK RXU (53 DQG VRIWZDUH LPSOHPHQWDWLRQV ZH R൵HU RXU FXVWRPHUV D PDVter data management service. Data migration can be a time-consuming process. With this service we help customers to migrate from system to system, irrespective RI ZKHWKHU WKH\ DUH EX\LQJ (53 VHUYLFHV from us. We help them migrate from leg-

Index InfoTech has been a leading Epicor partner in the region for the past decade, can you explain why this status is important and what it means for your clients in the region?

You mentioned Al Naboodha as one of your major customers in the region, who are some of your other customers in the region and what are the main verticals you service ZLWK \RXU R൵HULQJV" With our clientele in the Manufacturing, 'LVWULEXWLRQ 2LO *DV +HDOWKFDUH 5HDO (VWDWH &RQVWUXFWLRQ &RQWUDFWLQJ DQG 5HWDLO ZH HQVXUH RXU LQGXVWU\ VSHFL¿F VROXtions are harmonized to sync in with the unique requirements of our clients. With Al Naboodha, they are using our solution for multiple segments. They are using it for manufacturing, construction, automobile and retail as it is a conglomerate EXVLQHVV DQG WKH\ KDYH D YHU\ GLYHUVL¿HG group. In the real estate vertical, we have a customer called EDACOM, which is a subsidiary of Union properties. We are majorly involved in Epicor sub-contracting business. We deliver on behalf of Epicor in the region, where we have done several big implementations. We have done a couple of big implementations in Africa, including a seven-country implementation for Coca-Cola bottling

Murtaza Ezzi CEO, Index InfoTech

plant. Our focus is mainly on large enterSULVH FXVWRPHUV +RZHYHU WKLV GRHVQ¶W mean we don’t cater to our SME clients. We have built several add-ons on Epicor WR FDWHU VSHFL¿FDOO\ IRU RXU 60( FOLHQWV

Can you talk about the acceptance and usage of ERP systems in the regions you operate? In the Middle East, especially in the Saudi and UAE market, we have seen how companies are growing, and their demand LV QRW JHWWLQJ IXO¿OOHG E\ WKH VPDOOHU DFcounting architecture and they are now UHDG\ IRU WKH QH[W OHYHO RI VRIWZDUH ZKLFK LV WKH (53 V\VWHPV ZKLFK FDQ PDQDJH HQG to end requirements of the business. There are a couple of factors fuelling the DGRSWLRQ RI (53 V\VWHPV D PDMRU RQH LV FRVW LQ WKH DEVHQFH RI DQ (53 V\VWHP LW is hard to identify where spending is more and how to reduce the cost, with the right system in place they can control the costs and they can automate their processes which can reduce the man power requirements in the organisation.

-DQXDU\ CIO ONE - 29


INDUSTRY INSIGHT

DIGITAL TRANSFORMATION IN THE AUTOMOTIVE INDUSTRY Ebrahim Kamalzadeh, Head of IT at Al Nabooda Automobiles explores how digital transformation is providing the automotive industry with a new business model

Ebrahim Kamalzadeh Head of IT, Al Nabooda Automobiles

According to a new United Nations dataVHW ODXQFKHG RQ 0D\ RI WKH current world’s population lives in urban DUHDV 7KH SURMHFWLRQ VKRZV D VKLIW IURP UXUDO WR XUEDQ DUHDV E\ 7KH overall growth of the world’s population FRXOG DGG DQRWKHU ELOOLRQ SHRSOH WR XUEDQ DUHDV E\ ZLWK FORVH WR RI this increase taking place in Asia and AfriFD 5DSLG SRSXODWLRQ JURZWK DQG GHQVLW\ of the urban areas make development of public and private transportation critically important. The modern cities foster new technologies WR D JUHDW H[WHQW 7KH FXUUHQW QRLVH OHYHO air pollution produced by fusil fuel, limited amount of parking space in the populated cities and inevitable human’s driving errors, demand reshaping the current business model of the automotive industry. To align with new technologies and population density of the urban areas, the smart cites desperately pursuing alternate ways in organizing private and public transportations. There are several opportunities available tailoring private and public transportations. 30 - CIO ONE -DQXDU\

Perhaps healthcare and automotive are two of the major sectors undergoing rapid changes in recent years. They achieve highest impact as result of digital transformation. After all, vehicles are a great means of transportation and people spend considerable amount of their times in vehicles. Digital transformation provides the industry with a new business model. This model is consumer centric and demands integrating new technologies into all areas of the business. The brand owners embrace continuous product adaptations and provide additional values to consumers. The digital transformation helps the automotive industry to evolve further and RŕľľHU FRQVXPHUV ZLWK LQQRYDWLYH GLJLWDO services driven by software applications. The digital services bring a new life to the automotive business and position the YHKLFOHV WR DQ H[WHQGHG OHYHO UHIHUUHG DV mobility unit. In fact, mobility is at a new thinking stage, primarily in life of millennials and

*HQ = FRKRUWV $FKLHYLQJ WKH PRELOLW\ LQ automotive industry, necessitates a new platform where mechanical, technological and biological knowledge converge to create this new concept. The new age groups anticipate the vehicles to be an integrated unit embedded with digital products and services. To empower the mobility unit, fostering new technologies is an unconditional part of the journey. World witnesses how current technologies undergo rapid changes and supersedes with the new and advance platforms. The technology life cycle become shortened and consumers don’t prefer owning vehicles anymore since it is not a FRVW H྾HFWLYH H྾RUW The consumers require accessing the moELOLW\ XQLW 7KH\ GR QRW UHVWULFW WKHPVHOYHV ZLWK D VSHFL¿F YHKLFOH PRGHO DQG SUHIHU WR KDYH ÀH[LELOLW\ LQ VHOHFWLQJ WKHLU YHKLFOH EUDQGV DQG PRGHOV IXO¿OOLQJ WKHLU GULYLQJ GHVLUHV 5HVHUYLQJ WKHLU YHKLFOHV LQ DGYDQFH DQG GHWDLOLQJ WKH VSHFL¿F IHDtures of the vehicles become an obvious pre-requisite. The vehicles are considered


INDUSTRY INSIGHT not only a means of transportation but it ZRXOG EH SDUW RI DQ H[SHULHQWLDO DQG HPRWLRQDO MRXUQH\ 7KH FRQVXPHUV H[SHFW WR have embedded an advanced technology empowering the consumer accessing data during onboarding stage and augmented with range of social media and entertainment services. The automotive industry IRFXVHV RQ SURYLGLQJ D SOHDVDQW H[SHULence and reward with high level of customer satisfaction and loyalty. Video conferencing would be inevitable part of this journey and used to perform job related, social and private activities. Tesla has taken the leadership and pioneering in building Electric Vehicles (EVs). The EVs are the potential opporWXQLW\ IRU ORZHULQJ WKH &2 HPLVVLRQV +RZHYHU FDUERQ GHEW DVVRFLDWHG ZLWK EVs or battery manufacturing is still high. The life cycle and disposal of the batteries is a problem associated with the EVs. EVs XVH SRZHU JULG WR UHFKDUJH +DYLQJ PRUH EVs on road and further empowering of EVs demand increase in consummation of national grid. Looking for other sources of energy to recharge the batteries is focus of the industry. Autonomous or self-driving is result of applying digital transformation and remains one of the prim focus of the automotive industry. The concept of driving autonomously, brings revolutionary changes to the industry. In the autonomous concept, WKHUH DUH VWDJHV FDWHJRUL]LQJ WKH DXWRmation levels of the vehicles starting from /HYHO IXOO\ PDQXDO WR /HYHO IXOO\ automated). The present technology yet to mature providing the consumer with a Leave 5 autonomy. The technology-based FRPSDQLHV VXFK DV *RRJOH KDYH DOUHDG\ stepped into this path and are way ahead testing their Waymo for Level 5 autonomy. Over-speeding, road safety ignorance, driver’s distraction and symptoms of serious health conditions such as heart atWDFN DUH VRPH RI WKH NQRZQ H[DPSOHV RI human driving limitations. Autonomous driving is a promising technology to safeguard people for impractical human driving behavior that may cause accidences, road unsafety and take lives of many people annually. Meetings these objectives necessitate incorporating of new technologies in tomorrow’s vehicles. Traditionally, the automotive supply-chain consist of OEMs, WKH EUDQG UHJLRQDO RྜFHV DQG FDU GHDOHUV

Digital transformation brings new shape WR WKH VXSSO\ FKDLQ PRGHO DQG H[WHQGV further by having new joiners onboard which are technology and software vendors. The new players having important role in bringing disruptive innovation to the automotive sectors. The giant OEMs such as VW already have the tipping point behind and reshape their role in the industry. It is interesting to know how technology based companies having game changing FRQWULEXWLRQ LQ ÀRXULVKLQJ WKH LQQRYDWLRQ in the industry. Digital transformation depends highly on availability of data and hence Big Data is an essential part of the transformation journey. The mobility unit would be furnished with a mechanism enabling continXRXV GDWD H[FKDQJH WR RXWVLGHœV ZRUOG XVing sensors and cameras embedded in the vehicles. Cloud services communicates to the mobility unit and the surrounding environment where the unit operates. * LV WKH QHZ PRELOH QHWZRUN FRQQHFWLYLW\ DOORZV H[FKDQJLQJ PDVVLYH DPRXQW of data between the cloud services and the vehicle or vehicle-to-vehicle. With a EDQGZLGWK RI *ESV DQG D ORZ ODWHQF\ the new mobile technology empowers the mobility unit with capabilities such as understanding surrounding environment reDO WLPH DQG RQ WKH À\ XSGDWH RI VRIWZDUH applications driven by cloud services. The IOT elements incorporated in the vehicles are embedded with sensors collecting data and delivering to cloud or to the build-in intelligence agent of the vehicle. Autonomous won’t be feasible without AI and Machine Learning. These technologies are critical in providing the mobility unit with features to safeguard the vehicle in environment where vehicle operates. The Environment Awareness is critical important empowering the mobility unit to monitor position of nearby vehicles, reading road signs, tracking other vehicles, looking for pedestrians, maintaining distance with other objects, detecting road edges, identifying lane markings, weathHU IRUHFDVWLQJ DQG XQGHUVWDQGLQJ WUDྜF DURXQG DKHDG RI WKH YHKLFOH The development in modern technology and the online connected vehicles provide hackers a perfect playground. The auton-

omous vehicles are prone to cybercrime and Information Security became a chalOHQJLQJ H྾RUW IRU WKH IXWXUH YHKLFOHV 7KH DPRXQW RI GDWD LQÀRZ RXWÀRZ RI WKH PRbility unit would be enormous. Encryption protocols and Blockchain technology VKRXOG SURWHFW SULYDF\ DQG FRQ¿GHQWLDOLW\ of data. Threats of penetrating into the intelligent agent of the mobility unit may have disaster consequences. The threat vectors for the mobility units are more as it is a moving object and continuously FRQQHFWV WR GL྾HUHQW QHWZRUNV 3HQHWUDWing and hacking the networks where vehicle connects to, might cause disabling the vehicle sensors which leads to major crashes. The mobility units are more vulnerable to threats and attackers then many other devices. The strategic business model for the mobility units is planned to operate base on D VKDULQJ PRGHO DQG XVHG E\ GL྾HUHQW consumers. Using and accessing digital services during onboarding and driving HYHQWV ZLOO FDXVH PDQ\ GDWD H[FKDQJH VSHFL¿F WR WKH XVHU :KHQ PRELOLW\ XQLW LV handover and stations for the forthcoming consumer, the datasets used by predecessor users should reset entirely. The security architecture of mobility unit will be complicated as it connected to many devices and networks. The mobility XQLWV PLJKW EH XVHG WUDYHOLQJ LQ GL྾HUHQW VWDWHV RU FRXQWULHV +HQFH WKH ORFDO SULYDcy law and legislation are debatable subjects and concerns of human acts such as *'35 Sealing the vehicles with a security shield and protecting the vehicles against penetration attempts, phishing, ransomware or any type of malware attacks is a tough and challenging for the security providers. 7KH 2(0V &DU 'HDOHUV *RYHUQPHQWV ORFDO DXWKRULWLHV ÀHHW FRPSDQLHV LQVXUance and fuel providers are some of the major stakeholders impacted by the outcome of applying digital transformation in automotive industry. 7HFKQRORJ\ LV IDVW PRYLQJ DQG EHQH¿Wing development of the industry rapidly. +RZHYHU WKH LQGXVWU\ HQFRXQWHUV WHFKQRlogical, infrastructural, environmental and legislative challenges reaching maturity of its ultimate goals.

-DQXDU\ CIO ONE - 31


COLUMN

A SINGLE SECURITY RECOMMENDATION TO SOLVE AN AGE-OLD PROBLEM Morey Haber, CTO & CISO, BeyondTrust, discusses about a top security recommendation that can be implemented across any organisation to enforce strong enterprise password security ,Q WKH F\EHU ZRUOG ZHœUH H[SRVHG WR DQ onslaught of recommendations and top lists for improving IT security. They may have some universal characteristics, but are infrequently not relevant for adoption by everyone, everywhere, and at every time. In fact, can you guess what the number one, universal, and best security recommendation is for everyone to embrace? +HUHœV D KLQW LW LV UHODWHG WR SDVVZRUGV To further set the stage for this recommendation, let’s consider all the infosec recRPPHQGDWLRQV ZH H[SHULHQFH RQ D GDLO\ basis. These include everything from security skills and cyber awareness training to patch management. They target problems from phishing to vulnerability management, but are not necessarily relevant to every employee within an organisation, nor are they necessarily relevant to each person on their personal devices at home. While it is common knowledge to avoid email spam, and employees are often trained on how to identify suspicious emails and advised not to click on suspicious links, it is interesting that younger generations are far less likely to embrace email outside of the corporate enterprise. Instant messaging and other forms of social media are their tools of choice, which suggests that traditional email may slowly fade away like postal correspondence, or 32 - CIO ONE -DQXDU\

WKH ID[ PDFKLQH 7KH GHPLVH RI HPDLO PD\ take a few more decades to transpire, but this downshift is well underway. $OO RI WKLV KHOSV IXUWKHU UHÂżQH WKH VLQJOH EHVW UHFRPPHQGDWLRQ 5HPHPEHU ZH need to consider a universal security recommendation that translates to everyone. )L[LQJ DQ $JH 2OG 6HFXULW\ ,VVXH 5HJDUGOHVV RI SHUVRQD DW KRPH RU DW work, the one thing everyone uses are passwords. We use passwords for work, for resources on the Internet, for social media and for our applications. We use them in the form of passcodes and PINs IRU EDQNLQJ PRELOH GHYLFHV DQG IRU RŕľśFH and home alarm systems. Passwords are ubiquitous, and we use them constantly — even on newer systems that ironicalO\ FODLP WR EH ÂłSDVVZRUG OHVV ´ ,Q WKHVH instances, a mechanism under the hood is still identifying your access rights and VWRULQJ WKDW ÂłVRPHKRZ´ The most common storage of any password is within a single human brain. We assign a password to a system or application, recall it when it needs to be used, and hopefully remember it each time we change it. Our brains are full of passwords, and often, we forget them, reuse them, need to share them, and are forced to document them on post-it notes, spread-

sheets, and even communicate them via HPDLO RU 606 WH[W PHVVDJHV D YHU\ SRRU security practice!). These insecure methods for creating, sharing, and reusing passwords are responsible for the types of data breaches that routinely make the front-page news, serving as cautionary tales of what is at high-risk of happening when good password management strategies are not adhered too. 7KH UDPLÂżFDWLRQV FULVVFURVV ERWK RXU SURfessional and personal lives. Passwords literally can be found everywhere, and we need at least one basic WHQDQW WR KHOS Âż[ D WKRXVDQG \HDU ROG problem. Therefore, the most important security recommendation for everyone is: Ensure that every password you use is unique and not shared with any other resource (including people) at any other


COLUMN aged against the corresponding resource DVVLJQHG LI 0)$ RU )$ LV QRW SUHVHQW If passwords are unique, a threat actor cannot use one compromised account and password to attack other resources. The attacker’s options and movement are sigQL¿FDQWO\ OLPLWHG WKRXJK WKH\ FRXOG WU\ WR leverage advanced techniques to steal other credentials from the system they have compromised, such as by scraping passwords from memory. In that case, not only generating unique passwords, but also rotating passwords frequently will help mitigate the attack. Solutions for privileged password management across an organisation’s entire information and security infrastructure can help. Advanced tools provide automated management for sensitive accounts and SDVVZRUGV LQFOXGLQJ 66+ NH\ PDQDJHment), such as shared administrative accounts, application accounts, local administrative accounts, and service accounts, across nearly all IP-enabled devices. This helps ensure this top security recommendation can be implemented across any organisation to enforce strong enterprise password security.

Morey Haber CTO, BeyondTrust

time. While there is no denying that rememberLQJ DQ DOUHDG\ FRQVLGHUDEOH DQG HYHU H[panding list of passwords (an average of IRU WKH PRGHUQ GD\ FRUSRUDWH XVHU is improbable for most humans, there are password management tools, solutions, and techniques for making this a reality, thereby going a long way toward reducing password-related threats. Modern operating systems, browsers, and applications can help create unique passwords for every resource, and securely store them for retrieval in lieu of a human having to remember every single one. The passwords are basically stored behind one XQLTXH ³PDVWHU´ SDVVZRUG LW PD\ DOVR EH referred to as a "key" or "secret") that only the individual knows. While this is good solution for home and small business users (to a limited degree), it does not scale

to most businesses that need to share accounts (due to technology limitations) and automatically generate unique passwords, such as to keep up with employee changes or to meet regulatory compliance guidelines. Another security best practice to be mindful of — a password alone should never be the only authentication mechanism for critical data, sensitive systems, and potentially daily operations into those resources. Multi-factor authentication (MFA) or WZR IDFWRU DXWKHQWLFDWLRQ )$ VKRXOG be layered on top to ensure a unique password, per account, is actually being used by the correct identity when authentication is required. One key merit of this universal security recommendation is that it ensures that if your password is stolen, leaked, or inappropriately used, it can only be lever-

All of this helps IXUWKHU UHÂżQH WKH single best recommendation. 5HPHPEHU ZH need to consider a universal security recommendation that translates to everyone. -DQXDU\ CIO ONE - 33


COLUMN

2020 APPLICATION TRENDS, OPPORTUNITIES AND CHALLENGES Vincent Lavergne, RVP of System Engineering at F5 Networks discusses about the anticipated app-centric trends that will change the game and tear up the rulebook Without wheeling out all the usual clichés, KDV EHHQ DQRWKHU ZKLUOZLQG RI GLVruptive innovation and opportunity – with plenty of challenges to tackle and circumvent along the way. The threat landscape mutated with predictable unpredictability, multi-cloud app deployments are becoming mainstream ¿[WXUHV DQG 'HY2SV PHWKRGRORJLHV VWDUWHG H[HUWLQJ D QHZIRXQG LQÀXHQFH RQ EXVLness plans. 7KH ELJ TXHVWLRQ LV ZKDW KDSSHQV QH[W" What anticipated app-centric trends will change the game and tear up the rulebook (again)?

DIGITAL TRANSFORMATION TAKES SHAPE ZLOO VHH PRUH RUJDQLVDWLRQV VKLIW away from aspirational sloganeering to substantively embrace what can, and should be, a seismic step-change. Inevitably, business leaders will get more involved in application decisions designed WR GL൵HUHQWLDWH RU SURYLGH XQLTXH FXVWRPHU H[SHULHQFHV ([SHFW D QHZ JHQHUDWLRQ RI DSSOLFDWLRQV WKDW VXSSRUW WKH VFDOLQJ DQG H[SDQVLRQ RI business’ digital models to emerge. This will include taking advantage of cloud-native infrastructures and driving automation through software development. Further down the line, digital transformaWLRQ H൵RUWV ZLOO OLNHO\ EH $, DVVLVWHG SDUticularly as they leverage more advanced capabilities in application platforms, teOHPHWU\ GDWD DQDO\WLFV DQG 0/ $, WHFKnologies.

Vincent Lavergne RVP of System Engineering, F5 Networks

End-to-end instrumentation will enable application services to emit telemetry and act on insights produced through AI-driven analytics. We anticipate that these distributed application services will improve performance, security, operability, and DGDSWDELOLW\ ZLWKRXW VLJQL¿FDQW GHYHORSPHQW H൵RUW

THE RISE AND RISE OF APPLICATION CAPITAL $SSOLFDWLRQV DUH QRZ ¿UPO\ HVWDEOLVKHG DV

34 - CIO ONE -DQXDU\

the main conduit for companies to develop and deliver goods and services. They have become modern enterprises’ important assets. (YHQ VR PRVW VWLOO RQO\ KDYH DQ DSSUR[Lmate sense of how many applications they have, where they’re running, or whether they’re under threat. This will soon change. 7R PDQDJH $SSOLFDWLRQ &DSLWDO H൵HFWLYHO\


COLUMN it is essential to establish a company-wide strategy that sets policy and ensures compliance. This includes addressing how applications are built, acquired, deployed, managed, secured, and retired. At a high OHYHO WKHUH DUH VL[ GLVWLQFW DQG XQDYRLGable steps that need to take place: build an LQYHQWRU\ DVVHVV WKH F\EHU ULVNV GH¿QH application categories, identify the appliFDWLRQ VHUYLFHV QHHGHG IRU VSHFL¿F DFWLYLWLHV GH¿QH GHSOR\PHQW SDUDPHWHUV DQG clarify roles and responsibilities. The primary aim of an application strategy should always be to enhance and secure all digital capabilities – even as their UHDFK DQG LQÀXHQFH VKLIW DQG H[SDQG

DEVOPS’ CULTURE CLUB The technical minutiae DevOps methodologies and associated tools got a lot of publicity this year. ZLOO EH DOO DERXW JHWWLQJ WKH FXOWXUH right, marrying theory with best practice and unlocking new levels of productivity without upsetting the operational apple cart. Culture is not optional. Team structure alone dramatically changes pipeline automation, with traditional single-function teams often falling behind their contemporary, DevOps-driven counterparts. Consequently, we will see more collaborative team structures and alignment on key metrics that give NetOps additional means to focus on what the business requires: faster and more frequent deployments. DevOps has a ten-year head start on NetOps in navigating and overcoming obstacles around certain types of integration, tools, and skillsets. Collaborative teams FDQ H[SORGH WKH VWDWXV TXR E\ SURPRWLQJ standardisation on tools that span from delivery to deployment (like Jenkins and *LW+XE *LW/DE DevOps should not – and cannot – end with delivery. That means deployment IXQFWLRQV ¹ DORQJ ZLWK D FRPSOH[ SLSHOLQH of devices and application services – must be automated. This won’t happen without H྾HFWLYH FXOWXUDO UHDOLJQPHQW

THE DATA CENTRE IS ALIVE AND KICKING!

&RQÀDWLQJ WKH DGRSWLRQ RI 6DD6 ZLWK ,DD6 caused speculation that cloud was cannibalising IT. Pundits warned that data centers would disappear. 7KH UXPRXUV ZHUH H[DJJHUDWHG 'DWD FHQWUHV DUH VWLOO EHLQJ EXLOW H[SDQGHG DQG UXQ around the globe. The cloud hasn't managed to – and likely never will – kill the data centre. (DUO\ LQ DQ ,'& H[HFXWLYH WROG FKDQQHO SDUWQHUV DW WKH ,*(/ 'LVUXSW FRQIHUHQFH WKDW RYHU RI FRPSDQLHV WKH\ surveyed anticipated repatriating public cloud workloads. Security, visibility, and performance remain common concerns. 5HSDWULDWLRQ UHODWHG RSSRUWXQLWLHV LQFOXGH improving availability of multi-cloud operational tools and a push towards application architectures that rely on more portable technologies such as containers. The data center is not dead. It just evolving.

APPLICATION PROTECTION CHALLENGES According to F5 Labs, the server-side lanJXDJH 3+3 Âą XVHG IRU DW OHDVW RI ZHEVLWHV VLQFH ÂąZLOO FRQWLQXH WR VXSSO\ rich, soft targets for hackers. Situational awareness is critical to mitigate both vulnerabilities and threats. Businesses are also realising that applications encompass more than just the FRGH WKDW WKH\ H[HFXWH $WWHQWLRQ QHHGV to be paid to everything that makes them WLFN LQFOXGLQJ DUFKLWHFWXUH FRQÂżJXUDtions, other connectable assets, and users. The prevalence of access attacks such as phishing are an obvious case in point. ) /DEV DQDO\VLV RI EUHDFK GDWD FRQÂżUP WKH QHHG IRU ULVN EDVHG VHFXULW\ SURgrams instead of perfunctory best practice poses or checklists. Organisations need to WDLORU FRQWUROV WR UHĂ€HFW WKH WKUHDWV WKH\ DFWXDOO\ IDFH 7KH ÂżUVW VWHS LQ DQ\ ULVN assessment is a substantive (and ongoing) inventory process. As ever, the industry will gradually incorporate emerging risks into business modHOV )RU H[DPSOH FORXG FRPSXWLQJ KDV gradually shifted from a bleeding-edge risk to a cornerstone of modern infrastruc-

ture. The risks associated with the cloud have either been mitigated or displaced to contractual risk in the form of service level agreements and audits.

API AND YOU KNOW IT The word is out. Application programming interfaces (APIs) can transform business models and directly generate revenue. Cybercriminals know this. More than ever, organisations need to focus on the API layer, particularly in terms of securing access to the business functions they represent. One of the biggest issues is overly broad permissions, which means attacks through the API can give bad actors visibility into everything within the application infrastructure. API calls are also prone to the usual web request pitfalls such as injections, credential brute force, parameter tampering, and session snooping. Visibility is another major and pervasive problem. Organisations of every stripe – including IT vendors – have a notoriously poor track record of maintaining situational API awareness. API security can be implemented directly in an application or, even better, in an API gateway. An API gateway can further protect APIs with capabilities like rate limiting (to prevent denial of service attacks) and authorisation. Authorisation narrows access to APIs by allowing access to speFL¿F $3, FDOOV WR RQO\ VSHFL¿HG FOLHQWV XVXDOO\ LGHQWL¿HG E\ WRNHQV RU $3, NH\V $Q $3, JDWHZD\ FDQ DOVR OLPLW WKH +773 methods used and log attempts to abuse other methods so you're aware of attempted attacks.

Happy New Year! All this is of course the tip of an increasingly interconnected iceberg. Any New Year’s resolution worth its salt should include a commitment to comprehensively master the development, deployment, operation, and governance of application portfolio. The best way to do this, and to get visibility into the code-to-customer pathways for all applications, is to leverage a consistent set of multi-cloud appliFDWLRQ VHUYLFHV +HUHœV WR D VDIH LQQRYDWLYH DQG WUDQVIRUPDWLRQDO -DQXDU\ CIO ONE - 35


COLUMN

HOW THE EDGE IS SET TO RESHAPE THE WORLD OF EDUCATION Gamal Emara, Country Manager - UAE at Aruba, a Hewlett Packard Enterprise company, discusses how edge networking is the one major shift the education industry has yet to undergo in its technological revolution. sion and comfort with the subject matter being taught. If a student is thought to be struggling, WKH V\VWHP ZRXOG SURYLGH DGGLWLRQDO H[SODnation and guidance in the classroom, and WKHQ R൵HU WR UHSOD\ YLGHR RI FULWLFDO SDUWV RI lessons and lectures during self-study outside the classroom. The system would also curate content from across the internet to help the VWXGHQW JR GHHSHU LQWR D WRSLF RU ¿QG PRUH XQGHUVWDQGDEOH H[SODQDWLRQV DQG KHOS EULQJ FRPSOH[ FRQFHSWV WR OLIH WKURXJK VLPXODWLRQV DQG $5 95

The education industry has undergone a technological revolution over the past decade, but there’s still one major shift on the horizon that brings together many of the technologies that have been pegged as revolutionary (augmentHG UHDOLW\ IRU H[DPSOH ± LQ IDFW LW LV HVVHQtial for their success in the education sector. That technology is edge networking, and far from being a technical concept, it’s something that educational institutions and local governments rapidly need to understand and implePHQW 7KH (GJH R൵HUV WKH SRWHQWLDO WR HQKDQFH VWXGHQW SHUIRUPDQFH FRQ¿GHQFH DQG PHQWDO wellbeing.

Personalized learning plans could be created and continuously updated from the data accumulated about the individual and their preferred learning styles and mediums. Teachers ZRXOG PRQLWRU WKLV DQG UH¿QH LW LQ FRQYHUVDtion with students and their parents. The teachHU¶V H[SHULHQFH FDQ DOVR EH HQKDQFHG WKURXJK smart classrooms that promote collaboration and adapt to each educator’s preferences.

:H GH¿QH WKH (GJH DV WKH QHZ H[SHULHQFes being enabled by edge technologies for teachers, students, employees, and any users of network services. Edge technologies allow the processing of data by devices at the edge of networks, which is where users and devices are. It is where things connect to the network, whether they are wired or wireless. The edge is where actions take place. Over time, these actions at the edge will become smarter. The opportunity at the Edge is driven by many things, including smart applications powered E\ DUWL¿FLDO LQWHOOLJHQFH $, DQG PDFKLQH learning (ML), mobile devices, Internet of Things (IoT) technologies, data analysis, QH[W JHQHUDWLRQ :L )L * FRPPXQLFDWLRQV DQG ³HGJH WR FORXG FRPSXWLQJ ´ The new edge network combines AI, ML, and automation to continuously learn, predict, and adapt to changes, needs, and threats in real time. The new edge network utilizes technologies and software to make sense of the resulting insights, enabling businesses to act and UHVSRQG RSWLPL]LQJ WKH H[SHULHQFH IRU WKH customer or user wherever they are. Pushing intelligence out to the edge will drive change in the design of our products, services, processes, and organizations, and transform how decisions get made – giving greater autonomy to the devices at the edge. $FFRUGLQJ WR *DUWQHU HGJH FRPSXWLQJ ZLOO EH a necessary requirement for all digital busiQHVVHV E\ :LWK SRWHQWLDOO\ WULOOLRQV RI dollars being invested in the hope of generating huge economic returns, the argument for paying attention to the Edge opportunity is

36 - CIO ONE -DQXDU\

Gamal Emara Country Manager - UAE, Aruba

clear and the window for learning and action is narrowing.

Edge Technology – Transforming Education 7KH (GJH R൵HUV WKH SRWHQWLDO WR HQKDQFH VWXGHQW SHUIRUPDQFH FRQ¿GHQFH DQG PHQtal wellbeing. Andrew Barnes, Director of 7HFKQRORJ\ DW %U\DQVWRQ 6FKRRO LQ WKH 8. outlines the following scenario: The technologies provide the foundation for a boundaryless environment, where students are supported by AI that monitors, manages, and facilitates WKHLU OHDUQLQJ H[SHULHQFH DQG VXSSRUWV FROlaboration between students, enabling access to key resources, in the classroom or lecture theatre, across the facility, and in their home. )RU H[DPSOH LQ WKH FODVVURRP $, ZRXOG monitor indicators of students’ comprehen-

([SORULQJ WKH ORQJHU WHUP SRWHQWLDO IRU UDGically new approaches to education, futurist Bronwyn Williams highlights the critical role of the Edge technologies in changing the way we can access information wherever we are E\ ³FRQQHFWLQJ KXPDQ EUDLQV WR WKH FORXG ´ David Wood suggests the use of “mobile devices and headsets by which people can join LQWR YLUWXDO FODVVURRPV DW DQ\ WLPH´ FRXOG IXUther enable the notion of a boundaryless future of education. A Markets and Markets study emphasises three major growth factors for IoT in education: increased use of connected devices in schools and universities, eLearning, and widespread cloud-based solutions. A range of new revenue opportunities is opening up that could make a major contribution WR WKH ¿QDQFHV RI HGXFDWLRQ LQVWLWXWLRQV FDSturing video of the best lectures and making them available for a micropayment to other institutions and individuals around the world; DOORZLQJ H[WHUQDO EXVLQHVVHV DQG LQGLYLGXDOV to book classroom and laboratory space on demand to have their own meetings or work on developing their own ventures outside normal school hours; collaborating with other LQVWLWXWLRQV WR FRQGXFW H[SHQVLYH ODERUDWRU\ H[SHULPHQWV ± RQH SDUWQHU FRXOG GR WKH ODE work while the others viewed or analyzed it and shared the costs.


NEW TECH

623+26/$%6 ,17(/,; $ &/28'˨%$6(' 7+5($7 INTELLIGENCE PLATFORM, IS NOW AVAILABLE Allows on-demand API access to turnkey cyberthreat expertise threat research; predictive insights from machine and deep learning models; and much more.

Sophos announced the availability of SophoV/DEV ,QWHOL[ D FORXG EDVHG WKUHDW LQWHOOLJHQFH and analysis platform that enables developers to build more secure applications. With SoSKRV/DEV ,QWHOL[ GHYHORSHUV FDQ PDNH $3, calls into the platform for turnkey cyberthreat H[SHUWLVH WKDW DVVHVVHV WKH ULVN RI DUWLIDFWV VXFK DV ¿OHV 85/V DQG ,3 DGGUHVVHV 7KH SODWform continuously updates and collates petabytes of real-time and historical intelligence, including: telemetry from Sophos’ endpoint, network and mobile security solutions; data IURP KRQH\SRWV DQG VSDP WUDSV \HDUV RI

Through the use RI VHFXUH 5(67IXO APIs, developers can directly tap the SODWIRUP ZLWK ¿OH submissions for static and dynamic anal\VLV TXHULHV RQ ¿OH KDVKHV 85/V ,3 DGdresses, and Android DSSOLFDWLRQV $3.V to proactively answer questions like, ³,V WKLV ¿OH VDIH" :KDW KDSSHQV LI , RSHQ RU H[HFXWH LW"´ RU ³,V WKLV OLQN VDIH" :KDW KDSSHQV LI , FDOO WKLV 85/"´ 6RSKRV/DEV ,QWHOL[ LV available through the AWS Marketplace and includes several free tier options, allowing developers to immediately access and start using the intelligence platform. “Sophos is building a global community around its APIs to spark innovation among GHYHORSHUV %\ H[SRVLQJ D YDULHW\ RI LQWHOligence from SophosLabs directly through 5(67IXO $3,V ZH¶UH PDNLQJ LW VLPSOHU WKDQ

CITRIX MAKES WORK PERSONAL &RPSDQ\ GHOLYHUV LQWHOOLJHQW IHHG DQG SHUVRQDOL]HG ZRUNÀRZV ZLWKLQ &LWUL[ Workspace to cut digital noise and empower employees to do best work &LWUL[ DQQRXQFHG JHQHUDO DYDLODELOLW\ RI QHZ IHDWXUHV ZLWKLQ &LWUL[ :RUNVSDFH LQFOXGLQJ DQ LQWHOOLJHQW IHHG DQG SHUVRQDOL]HG ZRUNÀRZV designed to simplify work by eliminating digital noise and automating meaningless tasks so that employees can focus on their core jobs and be their best. 8VLQJ &LWUL[ :RUNVSDFH FRPSDQLHV FDQ RStimize the work day for every employee by organizing, guiding and automating work in an intelligent and personal way that enables them to focus on doing what they do best - and do it best. Infused with innovative technologies such as machine learning and micro applications, &LWUL[ :RUNVSDFH HQDEOHV RUJDQL]DWLRQV WR FUHDWH D VLQJOH XQL¿HG DQG H[SHULHQFH WKDW LV intelligent and secure across apps and data.

/HYHUDJLQJ RXW RI WKH ER[ LQWHJUDWLRQV WR WKH world’s most commonly used applications, including SAP (Ariba, Concur and SuccessFactors); Microsoft (Dynamics, Power BI and 7HDPV *RRJOH * 6XLWH 'ULYH &DOHQGDU DQG Directory); Salesforce; Workday; Atlassian (Jira); Zendesk and ServiceNow; more than SUH FRQ¿JXUHG PLFURDSSV DQG WKH QHZ intelligent features, companies can:

ever before to quickly and easily integrate WKUHDW LQWHOOLJHQFH LQWR QHZ DQG H[LVWLQJ DSSOLFDWLRQV DQG RSHUDWLRQV ´ VDLG -RH /HY\ &72 6RSKRV ³:LWK 6RSKRV/DEV ,QWHOL[ ZH¶UH lowering the barrier to realize analysis for anyone developing an application or platform. The information breadth and depth are also valuable for IT admins, researchers, security analysts, or students in need of top-tier threat LQWHOOLJHQFH ´ 6RSKRV/DEV ,QWHOL[ R൵HUV WKUHH NH\ VHUYLFH features: ‡ 5HDO WLPH /RRNXSV (QDEOHV TXLFN FODVVL¿FDWLRQ RI DUWLIDFWV ZLWK GLUHFW DFFHVV WR WKH latest SophosLabs intelligence by querying ¿OH KDVKHV 85/V ,3V RU $QGURLG DSSOLFDWLRQ WKXPESULQWV 5HSXWDWLRQ VFRUHV LGHQWLI\ NQRZQ EDG DQG NQRZQ JRRG ¿OHV DV ZHOO DV those in the grey area • Static File Analysis: Leverages multiple machine learning models, global reputation, deep ¿OH VFDQQLQJ DQG PRUH ZLWKRXW QHHGLQJ WR H[HFXWH WKH ¿OH LQ UHDO WLPH • Dynamic File Analysis: Provides dynamLF ¿OH DQDO\VLV DQG FODVVL¿FDWLRQ FDSDELOLWLHV WKURXJK H[HFXWLRQ DQG LQVWUXPHQWDWLRQ RI VXEPLWWHG ¿OHV LQ VDQGER[HV XWLOL]LQJ WKH ODWHVW runtime detection techniques to reveal true behaviors of potential threats

DO HPSOR\HHV ZLWK FRQWH[W DQG VPDUWV VR WKH\ can spend less time on menial tasks and focus on meaningful work. • In addition, companies can also connect WKURXJK &LWUL[ :RUNVSDFH WR OHJDF\ KRPHgrown systems and create engaging micro applications and micro automation using lowcode tooling.

• Automate repetitive, valueless tasks. ‡ ([WUDFW WKH PRVW SHUWLQHQW WDVNV DQG LQVLJKWV from systems of record and deliver them in intelligent feeds to individual users on any device or channel. • Create single-purpose steps to simplify the H[HFXWLRQ RI PXQGDQH WDVNV VXFK DV ¿OLQJ H[SHQVHV UHTXHVWLQJ WLPH R൵ DQG VXEPLWWLQJ purchase orders, among other things. ‡ %XLOG SHUVRQDO ZRUNÀRZV DURXQG LQGLYLGX-

-DQXDU\ CIO ONE - 37


MARKET SPACE

SERVICENOW RESEARCH SHOWS THAT DESPITE INCREASE IN CYBERSECURITY SPENDING BREACHES INCREASED IN 2019 According to respondents, 60% of breaches in 2019 involved vulnerabilities where available patches were not applied 6HUYLFH1RZ WKH OHDGLQJ GLJLWDO ZRUNĂ€RZ company making work, work better for people, has released its second sponsored study on cybersecurity vulnerability and patch management, conducted with the Ponemon Institute. The study, “Costs and ConsequencHV RI *DSV LQ 9XOQHUDELOLW\ 5HVSRQVH´ IRXQG WKDW GHVSLWH D DYHUDJH LQFUHDVH LQ DQQXDO spending on prevention, detection and remeGLDWLRQ LQ FRPSDUHG ZLWK SDWFKLQJ LV GHOD\HG DQ DYHUDJH RI GD\V GXH WR GDWD silos and poor organizational coordination. /RRNLQJ VSHFLÂżFDOO\ DW WKH PRVW FULWLFDO YXOnerabilities, the average timeline to patch is GD\V At the same time, the risk is increasing. AcFRUGLQJ WR WKH ÂżQGLQJV WKHUH ZDV D LQcrease in cyberattacks over the past year, and RI EUHDFKHV ZHUH OLQNHG WR D YXOQHUDELOLW\ where a patch was available, but not applied. 7KH VWXG\ VXUYH\HG DOPRVW VHFXULW\ professionals to understand how organizations are responding to vulnerabilities. In this report, ServiceNow presents the consolidated ÂżQGLQJV DQG FRPSDULVRQV WR LWV VWXG\ 7RGD\ÂśV 6WDWH RI 9XOQHUDELOLW\ 5HVSRQVH 3DWFK :RUN 5HTXLUHV $WWHQWLRQ The survey results reinforce a need for orgaQL]DWLRQV WR SULRULWL]H PRUH HŕľľHFWLYH DQG Hŕľścient security vulnerability management: ‡ LQFUHDVH LQ ZHHNO\ FRVWV VSHQW RQ SDWFKLQJ FRPSDUHG WR ‡ PRUH GRZQWLPH YV GXH WR GHOD\V in patching vulnerabilities. ‡ RI UHVSRQGHQWV SODQ WR KLUH DQ DYHUDJH RI ÂżYH VWDŕľľ PHPEHUV GHGLFDWHG WR SDWFKLQJ LQ WKH QH[W \HDU DW DQ DYHUDJH FRVW RI annually for each organization. ‡ RI UHVSRQGHQWV VDLG WKH\ PXVW HQJDJH with other departments across their organizations, which results in coordination issues that GHOD\ SDWFKLQJ E\ DQ DYHUDJH RI GD\V 7KH ÂżQGLQJV DOVR LQGLFDWH D SHUVLVWHQW F\EHUcriminal environment, underscoring the need to act quickly: ‡ LQFUHDVH LQ WKH YROXPH RI F\EHUDWWDFNV LQ WKH ODVW PRQWKV FRPSDUHG WR WKH VDPH WLPHIUDPH LQ ‡ 1HDUO\ LQFUHDVH LQ F\EHUDWWDFN VHYHULW\

38 - CIO ONE -DQXDU\

FRPSDUHG WR

their IT and security team interactions will strengthen the security posture across their RUJDQL]DWLRQV ´

7KH UHSRUW SRLQWV WR RWKHU IDFWRUV EH\RQG VWDŕľľing that contribute to delays in vulnerability patching: ‡ RI UHVSRQGHQWV QRWHG WKH ODFN RI D FRPmon view of applications and assets across security and IT teams. ‡ RI UHVSRQGHQWV VDLG WKH\ FDQQRW WDNH FULWLFDO DSSOLFDWLRQV DQG V\VWHPV RྡLQH WR patch them quickly. ‡ RI UHVSRQGHQWV VDLG LW LV GLŕľśFXOW WR SULoritize what needs to be patched. $FFRUGLQJ WR WKH ÂżQGings, automation delivHUV D VLJQLÂżFDQW SD\Rŕľľ in terms of being able to respond quickly and HŕľľHFWLYHO\ WR YXOQHUDELOLWLHV )RXU LQ ÂżYH RI UHVSRQGHQWV who employ automation techniques say they respond to vulnerabilities in a shorter timeframe through automation. “This study shows the vulnerability gap that has been a growing pain point for CIOs DQG &,62V ´ VDLG Sean Convery, general manager, ServiceNRZ 6HFXULW\ DQG 5LVN “Companies saw a LQFUHDVH LQ GRZQtime due to patching of vulnerabilities, which hurts customers, employees and brands. Many organizations have the motivation to address this challenge EXW VWUXJJOH WR HŕľľHFtively leverage their resources for more impactful vulnerability management. Teams that invest in automation and maturing

ServiceNow Security Operations 9XOQHUDELOLW\ 5HVSRQVH LV SDUW RI 6HUYLFH1RZ Security Operations, a security orchestration, automation and response engine built on the Now Platform. Designed to help security WHDPV UHVSRQG IDVWHU DQG PRUH HŕľśFLHQWO\ WR incidents and vulnerabilities, Security OperaWLRQV XVHV LQWHOOLJHQW ZRUNĂ€RZV DXWRPDWLRQ and a deep connection with IT to streamline security response.

COSTS AND CONSEQUENCES OF GAPS IN VULNERABILITY RESPONSE THE RACE TO OUTPACE THE ATTACKERS CONTINUES

17%

Increase in cyberattack volumes over the last 12 months

39%

27% Increase in cyberattack severity over the last 12 months

60%

39% of breach victims knew they were vulnerable before they were breached

60% of breach victims said they were breached due to a vulnerability for which a patch was availiable

ORGANIZATIONS ARE NOT KEEPING UP WITH THE HACKERS

60%

60% say attackers are outpacing enterprises with technology such as machine learning and artiďŹ cial intelligence

48% 52% of respondents say their organizations are at a disadvantage in responding to vulnerabilities because they use manual processes

Almost half of respondents (48%) report that their organizations had one or more data breaches in the past two years. 60% of these respondents say these breaches could have occurred because a patch was available for a known vulnerability but not applied

PATCHING HELPS PREVENT DATA BREACHES MANUAL PROCESSES AND SILOED TOOLS DELAY PATCHING

+ No common view of assets and applications across security and IT

AUTOMATION AND ADDITIONAL STAFF REDUCE RESPONSE TIME TO VULNERABILITIES

80% 80% of organizations that use automation say they have the ability to respond to vulnerabilities in a shorter timeframe

Learn how organizations reduce the time to respond to vulnerabilities. Get the report: servicenow.com/ponemon-vs

+ No esay way to track whether vulnerabilities are being patched

= Things slip through the cracks because emails and spread-sheets are used to manage the patching process

36% Only 36% of respondents say their companies have enough staff to patch fast enough to prevent a data breach

Organizations that invest in automation experience the following beneďŹ ts: 1. reducing downtime, patching in a timely manner 2. able to prioritize the most critical vulnerabilities 3. increasing the efficiency and effectiveness of the IT staff




Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.