12 minute read
A MATTER OF TRUST
VIBIN SHAJU, PRESALES DIRECTOR, EMEA ENTERPRISE, MCAFEE, SAYS THE ZERO TRUST SECURITY MODEL IS A MUST-HAVE FOR THE NEW NORMAL HYBRID WORLD.
Prior to the emergence of the COVID-19 pandemic, the business case for cloud computing had been convincingly established.
Advertisement
Business agility, control over IT costs and significant reductions in complexity were all there for the taking. All that remained was for forward-thinking stakeholders to take the plunge.
Some of the last hurdles to be cleared in winning over die-hard doubters were compliance issues — particularly those imposed by regional governments on the issue of data residency. AWS,
Microsoft and Oracle all established cloud data centres in the GCC region before the pandemic, in part to address data residency concerns across the
Middle East.
Then COVID put public and private organisations across the region on the back foot. Before long, however, enterprises dusted themselves off and headed for the cloud, not for the convincing business case, but out of necessity. Industry pundits spent the next few months revising cloudspend projections upwards. Mid-2020 predictions from IDC, for example, foresaw Middle East Turkey and Africa (META) cloud investment hit US$6.5 billion by 2024.
The other shoe…
Amid this mass migration, an unwelcome — but not altogether unforeseeable — by-product reared its ugly head. Digital opportunists, driven by the perceived unpreparedness of cloud migrators, took advantage of new vulnerabilities, and struck. The UAE alone faced a 250% increase in cyberattacks in 2020, and the government’s own head of cybersecurity attributed much of the surge to WFH conditions.
IT teams had delivered on productivity, employee satisfaction and business agility, but failed to account for the hunger and effectiveness of bad actors. It is an unfortunate fact of cloud life that hybrid architectures that require sensitive data to cross several corporate boundaries make for tempting targets. In addition, those working from home do so on devices that may not be sufficiently updated to account for software vulnerabilities.
The convenience of quick delivery was impossible to refuse. Being able
to go — almost overnight — from a cumbersome, on-premises business with little or no capacity for remote work, to an agile, work-from-anywhere enterprise with scalable infrastructure and predictable costs was something no business could pass up on when faced with the realities of lockdowns and social distancing.
Perimeters become irrelevant
But every element — device, platform, service, domain — added to the corporate network during the transition brought risk to the business. The attack surface ballooned, and personal data and intellectual property found themselves in new jeopardy. Indeed, to the cybercriminal the coronavirus was the gift that kept on giving. They cynically leveraged the pandemic in phishing campaigns, posing as health providers or global medical-research centres to lure a fearful public to fake websites or other unsafe resources. Other campaigns simply exploited known vulnerabilities in widely used applications to gain access to networks.
Such campaigns end with an attack that has already breached the perimeter. If preventative measures such as firewalls, VPNs, and security information and event management (SIEM) are all that exist to protect sensitive data, they will fail in these new hybrid environments.
Simplicity in hybrid networks is reserved for the end user. Complexity is the architectural reality; and that complexity can lead to problems in a miasma of cloud services and applications. IT may try to rein in users and their devices by patching together a tapestry of solutions, but multi-vendor suites only add more headaches. And they can make life difficult for threat responders when it comes to chasing down an alert. To many false positives make effective mitigation and response problematic at best.
Who do you trust?
As a remedy, we should adopt a model that carries a default distrust of users, devices and applications, and centres on identity management to keep unwanted parties at bay. In this zero trust model, IT teams are back in the driver’s seat, with control over the entire network and every component and process within it.
The health of a device, the user’s location when accessing the network, and a host of other factors will come together to give a trust assessment that controls access based on risk. In the cloud-first universe, Zero Trust can reduce threat levels while enhancing compliance. The resultant view for threat assessors is one of user behaviours and device usage mixed with data flows and business processes. This is instrumental in providing a comprehensive real-time picture of emerging threats, which allows rapid action and prevention.
To implement Zero Trust well, IT stakeholders must establish a roster of users and their access levels to data and services. Privileges should follow a strict recipe of trust combined with corporate need. Sensitive material, for example, should be made accessible only to a confirmed identity who needs it for their work.
Bad actors beware
Under Zero Trust practices, identity confirmation should include multifactor authentication (MFA). Rapid detection of anomalies requires constant monitoring of data transfer and user behaviour. MFA should apply to any major transfer or content access, even if a user is already running an authenticated network session.
Distrust by default may seem distasteful, especially if corporate culture encourages person-toperson trust among team members. Culture changes may require a strong messaging campaign that stresses that digital Zero Trust in no way impugns the character of employees. On the contrary, it is designed to protect them and the company from nefarious outsiders whose motivations are far from charitable.
Zero Trust creates a strong foundation for holistic security, which empowers IT with control over — and confidence in — their environment. The system means bad actors will never be able to provide verified credentials and will be denied access to sensitive data in the cloud. And finally, the cloud can live up to its reputation as a best-of-allworlds breeding ground for agility and innovation.
THE DYNAMIC DUO
MICRO FOCUS IS RIDING THE CREST OF A GROWTH WAVE WITH A RANGE OF INNOVATIVE SOLUTIONS THAT ADDRESS THE BUSINESS CHALLENGES OF ITS CUSTOMERS. WE SAT DOWN WITH THE COMPANY’S NEW REGIONAL LEADERSHIP TEAM – ANAS JWAIED, VP AND GM OF EMERGING MARKETS AND TOUFIC DERBASS, MANAGING DIRECTOR FOR MIDDLE EAST AND AFRICA – TO TALK ABOUT HOW THE SOFTWARE GIANT IS DELIVERING ON THE PROMISE OF SMART DIGITAL TRANSFORMATION.
Micro Focus is a relatively new brand in the region. Have you been able to increase brand awareness?
Toufic: It is a valid question, especially here in the Middle East. When HPE merged its software business with
Micro Focus, we were relatively a new name in this region. However, we have managed to retain 90 percent of our workforce. This strong employee retention has ensured continuity in the relationship with our customers and partners, leading to strong brand awareness.
Anas: I think the brand is stronger than ever. We’d spent a lot of time and investment on the launch event in late 2017, which put us big time on the map. We have been extremely active on social media, and our partners have played a key role in creating awareness in their markets. Also, our loyal customers have been active advocates for us, which helped in strengthening the brand.
2020 was a remarkably difficult year for businesses. What’s been the impact of the pandemic on your business?
Toufic: Even during the pandemic, we were able to thrive because our customers needed to streamline their business operations and go live with applications. We were able to accelerate their digital transformation initiatives with our deep portfolio of solutions and services. With
Anas Jwaied
the smooth roll-out of vaccines, we are confident that the global economy will rebound this year.
Anas: In terms of numbers, we have seen positive growth last year. Though the pandemic adversely impacted multiple industries such as aviation, travel and tourism, retail, and real estate, many organisations in public and private sectors continued to invest in modernising IT and digital technologies to adapt to the situation. We have seen a massive shift to the cloud and new consumption models. Secure access and identity management became more important than ever with the move to remote work, and all these trends augured well for our business.
Are you seeing a significant shift in the tech investment priorities
Toufic Derbass
of your customers in the wake of Covid-19?
Anas: We see that market is moving more and more into digital. There is a lot of focus on AI and automation in both business and IT to enable innovation. In parallel, companies are looking to make IT more resilient to disruptions with business continuity plans. Many of our customers are investing in smart analytics to gain insights into evolving customer expectations and outrun the competition. Simultaneously, cloud-based solutions are finding more acceptance because employees need access to data from any location. If you take Micro Focus as an example, we have been transforming the way we work – remote work has upped the productivity of our employees, and we are going to continue to have this hybrid working model.
Toufic: There is a big focus on industryspecific discussions. If you want to be relevant to your customers, you have to speak about their use cases. With the breadth of our portfolio, which includes ML and analytics, we are well-positioned to have these industryspecific discussions. You can no longer get away with selling solutions that do not address the core business needs.
Micro Focus has built its portfolio around four key pillars. Is there any particular product category that is growing faster?
Toufic: It depends on seasonality. Last year, during the lockdown, when companies shifted to work from home arrangements, IT had to scale and provide remote access to applications. As a result, we saw a big surge in demand for security and testing solutions. However, we are seeing sustainable growth across all of our four pillars. Now, with IDOL and Vertica in our portfolio, we are able to embed ML into all our products, allowing us to tailor our offerings to various industries.
Anas: Indeed, we have seen a doubledigit growth in the cyber risk business, especially around application security and IAM as a result of the shift to remote work. Also, we registered good growth in application delivery management and hybrid IT management solutions, which include DevOps and service management automation.
In the Middle East and Africa, which are the fastest-growing markets for your business?
Toufic: We see a lot of momentum in Saudi Arabia, Qatar, and Egypt. Saudi is building a robust digital infrastructure and creating smart cities such as NEOM. Qatar is getting ready for the world cup next year, and in Egypt, there is a big drive from the government to modernise the country. And, of course, the UAE has always been a growth market for us, and we have a huge loyal installed base here, which allows us to grow organically.
Recently, you have announced a partnership with AWS. Can you give us a regional perspective of this alliance?
Toufic: This strategic agreement is to transition mainframe workloads onto AWS and it underscores our position as a leading modernisation technology vendor. The modernisation of mainframe applications is imperative for digital transformation in large enterprises. You’d be surprised to know there are many enterprises that still run monolithic mainframe workloads in our region as well. This partnership will help them to accelerate their transition to agile services in an evolutionary approach.
Anas: The mainframe is still around, especially in public sector and financial services industry. From a regional perspective, we have been talking to customers who are using mainframe and our Cobol-based applications, and they have shown keen interest in taking this to the cloud. We are still in the early stages of this partnership, with many pilot projects underway. We will probably see this partnership take off in a major way by the second half of this year.
Micro Focus is promising to deliver ‘high tech and low drama’. What does that mean?
Anas: CIOs are looking to accelerate application delivery and at the same time, simplify IT transformation and strengthen cyber resiliency. We have been delivering mission-critical software that delivers the results necessary to succeed in the digital economy. We act as a bridge between legacy and new and emerging technologies, which helps enterprises to run and transform. By combining pragmatism and customer-centric innovation, we have helped thousands of organisations of all sizes to evolve, manage and modernise their enterprise application infrastructure. By low drama, what we mean is that you don’t have to rip and replace anything; you don’t have to take away your existing systems and applications. We will help you use what you have by modernising and transforming it. WE HAVE MORE THAN 300 TRUSTED, PROVEN PRODUCT LINES AND RELEASED 500 PLUS PRODUCTS IN THE LAST TWELVE MONTHS ALONE. OUR MENTALITY IS TO MAKE SURE WE CONTINUE TO SUPPORT, AND ADD NEW VALUE TO THE DEPLOYMENTS WE’VE ALREADY MADE. THAT MAKES US VERY UNIQUE.
Covid-19 accelerated the pace of digital transformation last year. Do you expect that to continue this year as well?
Toufic: Definitely. Now they have the benefit of hindsight, and from the discussions with some of our customers, I gather that they have been able to secure more budgets for digital transformation. The executive management has realised that business survival depends on agility, which requires investment in technology or they might just fade away. In other words, digitisation has become a business imperative.
What sets you apart from the competition?
Anas: We have the size, scale, and expertise to solve the industry’s most challenging problems. Micro Focus is one of the top ten pure-play enterprise software companies globally, and we have been in business for more than 40 years with 40,000 customers around the world. We have more than 300 trusted, proven product lines and released 500 plus products in the last twelve months alone. Our mentality is to make sure we continue to support, and add new value to the deployments we’ve already made. That makes us very unique.
