LEADING THE CYBER BATTLE

Page 38

LEADING THE CYBER BATTLE

CELEBRATING SECURITY INNOVATION

ISSUE 52 \ APRIL 2023

Unlock next-level travel experiences and rewards for your customers.

Today’s banking customers want loyalty experiences that elevate every journey. That’s why the original and leading global lounge programme—LoungeKeyTM, brought to you by Collinson—ranks highest in customer enjoyment.

With LoungeKey you can unlock market-leading access to 1,300 airport lounges and premium experiences at more than 650 airports, across 148 countries.

Check out our LoungeKey Banking Hub to learn how the global leading lounge experiences programme can:

keep your card top of wallet for travellers with unique Access on Payment Card and Co-Brand features delight your customers with luxury experiences, ranging from spas and sleeping pods to restaurants and gaming lounges

give your customers seamless airport experiences, no matter where they travel to increase customer value and acquisition.

Visit our LoungeKey Banking Hub to unlock the benefits of the world’s favourite digital travel companion for your customers.

from
• •

LEADING THE CYBER BATTLE

CELEBRATING SECURITY

INNOVATION

44 PRODUCTS

36 22

34 MAKING THE CASE FOR ON-PREM

36 BEST PRACTICES FOR LOWERING CYBER INSURANCE COSTS

38 HOW AI IS SHAPING BUSINESS

40 CHANGING THE STATUS QUO

42 HYBRID IT IS HERE TO STAY

6 NEWS

AVEVA AND PETROFAC ENTER MOU TO ACCELERATE DIGITAL INITIATIVES FOR THE ENERGY INDUSTRY

GARTNER HIGHLIGHTS FOUR STEPS CIOS CAN TAKE TO MITIGATE IT EMPLOYEE FATIGUE

WITH SECURITY COPILOT, MICROSOFT BRINGS THE POWER OF AI TO CYBER DEFENCE

CONTENTS
PUBLISHED BY INSIGHT MEDIA & PUBLISHING LLC
12 CHOOSING THE RIGHT STRATEGY 16 DO YOU TRUST YOUR CLOUD? 20 A BLUEPRINT FOR DIGITAL SUCCESS 22 THE PROMISE OF BLOCKCHAIN 22 KEEPING YOUR DATA SECURE
24
3 CXO INSIGHT ME APRIL 2023
Cloud Network Management With Ease? Nuclias Cloud is designed for Small-to-Medium business that don't want the hassle of the network's tech side and just want things to work.
managing your SWITCHING AND WIRELESS network is simplified No additional training needed • Hassle-free Management • Unlimited Scalability
Need
WITH NUCLIAS CLOUD,
DBA-1210P
DBA-X2830P
AC1300 Wave 2 Access Point AX3600 Access Point AX1800 Access Point DBA-3621P AC1300 Wave 2 Outdoor Access Point DBS-2000 Series Nuclias Cloud Managed Switches Has network control ever been easier? Download the app now and get started. Nuclias Cloud
DBA-X1230P

LURKING IN THE SHADOWS

ChatGPT has taken the world by storm. This large language model-based AI chatbot has already become the fastest consumer application ever, and businesses are starting to use the technology to automate mundane tasks. Microsoft has recently announced plans to help companies create their own chatbots using the OpenAI ChatGPT technology. As the hype around ChatGPT has reached a crescendo, recently, the Italian privacy watchdog has temporarily banned the AI chatbot over data privacy concerns, and other EU members are expected to follow suit. How much of a security risk is ChatGPT? According to a recent report from Cyberhaven, employees are feeding sensitive company data into ChatGPT. This ranges from source code to patient medical records, which could potentially be revealed to a third party. AI chatbots such as ChatGPT remember and use content people feed into it as training data to improve the technology. Its implications could be far-reaching from a cybersecurity perspective.

Another technology that has a profound implication for cybersecurity is the cloud, which has seen a rapid uptick in adoption in recent years. And it was supposed to be more secure than on-prem systems. However, a recent report from Synyk says 80 percent of companies have experienced at least one cloud security incident in the last year. The most common root cause of cloud security breaches is misconfigurations or access-related vulnerabilities. Now this has opened up a new debate in the industry – who is responsible for security in the cloud? Should it be the user or the service provider? In this issue, we’d spoken to industry thought leaders about this burning topic and cloud security trends you must watch out for this year. Also, you’d read about blockchain, which has been around for over a decade but has not quite lived up to its promise. Now, there is a renewed interest in the technology as it is being adopted in global value chains, international trade, decentralised finance, and banking.

Enjoy reading, and let us know what you think.

EDITORIAL
Published by Publication licensed by Sharjah Media City @Copyright 2023 Insight Media and Publishing Managing Editor Jeevan Thankappan jeevant@insightmediame.com +97156 - 4156425 Sales Director Merle Carrasco merlec@insightmediame.com +97155 - 1181730 Operations Director Rajeesh Nair rajeeshm@insightmediame.com +97155 - 9383094
publisher
Production Head James Tharian jamest@insightmediame.com +97156 - 4945966 Administration Manager Fahida Afaf Bangod fahidaa@insightmediame.com +97156 - 5741456 Designer Anup Sathyan 5 CXO INSIGHT ME APRIL 2023
While the
has made all efforts to ensure the accuracy of information in this magazine, they will not be held responsible for any errors

AVEVA AND PETROFAC ENTER MOU TO ACCELERATE DIGITAL INITIATIVES FOR THE ENERGY INDUSTRY

AVEVA has signed a memorandum of understanding (MoU) with Petrofac. The new agreement will see AVEVA cooperate with Petrofac towards:

• Digital transformation of the end-to-end supply chain system process, including engineering cataloging, procurement, site material control and construction planning

• Supporting the delivery of Petrofac’s netzero targets using AVEVA’s sustainable engineering solutions

The plan includes, cooperation kick-off, design thinking sessions for new solutions and use cases, technical assessments, an execution strategy and more.

George Eapen, Group CIO, Petrofac said: “Petrofac and AVEVA have a long-standing relationship and we are very happy to

BENYA GROUP AND SAP SIGN A STRATEGIC PARTNERSHIP AGREEMENT TO DELIVER SAP SIGNAVIO SOLUTIONS

In a significant step to boost digital transformation across the MEA region, Benya Group – the integrated solution, digital transformation, and ICT infrastructure provider in Egypt and the MEA region – has signed a strategic partnership with SAP – the global leader in business operation management software – to introduce SAP Signavio’s smart digital transformation solutions in Egypt, KSA, and UAE.

The partnership was signed at the Benya Group’s HQ in New Cairo, in the presence of Eng. Ahmed Mekky, Chairman and CEO of Benya Group, and Eng. Hoda Mansour, SVP and EMEA South Head of Business Process Transformation at SAP.

As a regional and strategic partner, Benya Group, through its subsidiaries Benya Systems and alfaBenya, will

partner with them to build on to our multi-year digital transformation strategy. As part of our agreement, we will build digital capabilities internally and for our customers that are aligned to Petrofac’s environmental, social and governance (ESG) and sustainability agendas.”

Caspar Herzberg, CEO, AVEVA said: “AVEVA’s solutions drive measurable emission reductions across scopes 1, 2 and 3, helping industrial companies to meet climate commitments aligned to the Paris Agreement. We are delighted to be able to support Petrofac in accelerating the energy transition for their customers, by deriving data-led insights that unlock more efficient ways of working and drive responsible use of our world’s resources.”

Under the MoU, Petrofac will also explore the deployment of AVEVA

Enterprise Resource Management (ERM) and AVEVA Process Simulation in its engineering delivery services, while replacing legacy inhouse and third-party solutions. The new AVEVA solutions will provide Petrofac with value chain visibility and secure audit trails for tracking material procurement, minimising waste and ensuring regulatory compliance. AVEVA’s pioneering software integrates with existing systems to transform siloed supply chains, enabling companies to execute sustainable projects by optimising resources, reducing material and shipping waste, and delivering efficiency and optimisation gains.

introduce SAP Signavio’s smart digital transformation services in the Egyptian and Saudi markets direct. In the UAE, Benya Group will introduce the smart solutions through an alliance with strategic partners. Moreover, the company will leverage its extensive market experience in the banking, petroleum, healthcare, and industrial sectors to offer the latest technology solutions to clients across multiple countries. This partnership comes as a part of Benya’s expansion strategy in the region and underscores its steadfast commitment to driving growth and innovation in the Egyptian and Arab markets.

“We are proud to be able to expand our strategic partnership with the global

technology leader, SAP, and consider this a significant step towards delivering top-notch services to customers. This milestone follows our fruitful joint efforts in finalising digital transformation for several public business sector companies, including more than 30 affiliates of the Holding Company for Metallurgical and Chemical Industries, as well as the water and sanitation sector,” said Benya Group’s Mekky. “We take pride in being an SAP partner. Our constant collaboration with SAP affirms Benya’s ability to boost digitalisation across businesses. We believe that this significant partnership will play a pivotal role in driving strategic projects that support the digital transformation plans in these countries. We are excited to embark on this journey and are confident that it will yield great results.”

“This strategic partnership with Benya Group demonstrates our shared ambition to bring innovative digital solutions that will support digital transformation in Egypt, UAE and KSA. With its significant expertise and track record, we are confident that Benya will drive customer success through implementing solutions from SAP,” said SAP’s Mansour.

NEWS
6 CXO INSIGHT ME APRIL 2023

GARTNER HIGHLIGHTS FOUR STEPS CIOS CAN TAKE TO MITIGATE IT EMPLOYEE FATIGUE

Employees are dealing with an unprecedented amount of change since COVID, and they are fatigued of change. To decrease employee fatigue, CIOs should perform four steps, according to Gartner, Inc.

“Any employee is dealing with digital acceleration, staff departures, having to adjust to various working models, and many more workplace disruptions, and they are exhausted,” said Daniel Sanchez-Reina, VP Analyst, Gartner. “When unmanaged, employee fatigue is impacting the success of technological initiatives.”

While many organisations are devising good change management plans and they are implementing culture change where needed, many CIOs do not get the results they want. “This is because they overlook a critical factor, which is change fatigue,” said Sanchez-Reina.

Gartner defines change fatigue as the negative employee response to change (including apathy, burnout and frustration) that harms organisational outcomes.

“Fatigue hurts an employee’s performance in many ways, including apathy, burnout and frustration. It also decreases a workers’ ability to make decisions, solve complex problems and communicate,” said Sanchez-Reina.

Gartner advised CIOs to take four steps to reduce change fatigue in their organisations.

1. Treat Change Fatigue as a Business Issue

Gartner research found that eight out of 10 CIOs don’t make fatigue a regular part of their conversations about business technology initiatives. “Most CIOs only work with business partners to set project timelines and communication plans, and do not consider the employees’ context. Ultimately, they do not address worker fatigue,” said Sanchez-Reina.

CIOs should factor change fatigue into their planning initiatives by adding a

fatigue evaluation. It should be arranged as a discussion with business partners. This discussion should include, at a minimum, the level of effort each initiative requires and how to combine the day-to-day with the initiative.

2. Distribute Change Leadership

Having a single leader who focuses on getting a project, product or initiative done on time, will have little visibility into the cost in worker fatigue.

Gartner advised CIOs to establish a distributed leadership, like assigning overseers and tactical decision-makers dispersed across the organisation, who have a closer contact with workers and can change directions when fatigue rises. Distributed leadership also spreads the burden of decision making, another key cause of stress.

3. Co-Create Execution and Involve Stakeholders

The most successful organisations make decisions about how to execute change with the cooperation of top executives and lower organisational layers. They also involve IT and business stakeholders in change management.

“CIOs should create teams that include technical experts as well as

experts from all of the functions that the initiative will touch,” said SanchezReina. “The blend of people with different perspectives will contribute to the cohesiveness of the people involved in the change.”

CIOs should also set guidance for how their teams should do their work, which helps ensure that the multidisciplinary teams share accountability for results and focus on delivering business outcomes, not merely completing a project plan.

4. Care About the Emotions of Change

“Since a positive or negative emotional impact builds a positive or negative long-lasting memory in our brain, it is critical for CIOs to create a mental track record of as many positives as possible,” said Sanchez-Reina. “For example, some companies include ‘listening to the drawbacks’ sessions in the change plan, where employees have the chance to openly share their concerns. This initiative replaces the occasional venting moments in the water cooler or vending machine, making those concerns manageable.”

Gartner clients can read more in “Four Tactics to Mitigate Change Fatigue.”

7 CXO INSIGHT ME APRIL 2023

WITH SECURITY COPILOT, MICROSOFT BRINGS THE POWER OF AI TO CYBER DEFENCE

Microsoft announced it is bringing the next generation of AI to cybersecurity with the launch of Microsoft Security Copilot, giving defenders a much-needed tool to quickly detect and respond to threats and better understand the threat landscape overall. Security Copilot will combine Microsoft’s vast threat intelligence footprint with industry leading expertise to augment the work of security professionals through an easy-to-use AI assistant.

Naim Yazbeck, General Manager of Microsoft UAE, said: “As the UAE accelerates its digital transformation, it is essential that businesses are equipped with advanced security solutions to combat the increasing sophistication of cyber threats. With Security Copilot, Microsoft is empowering businesses in the UAE to proactively identify and respond to these threats. We are excited to bring this cutting-edge technology to the UAE market and remain committed to delivering innovative solutions that address our customers’ evolving needs.”

Security Copilot is designed to work seamlessly with security teams, empowering defenders to see what is happening in their environment, learn from existing intelligence, correlate threat activity and make more informed, efficient decisions at machine speed.

Simplifying complexity and accelerating responses

In a world where there are 1,287 password attacks per second, fragmented tools and infrastructure have not been enough to stop attackers. And while attacks have increased 67% over the last 5 years, the security industry has not been able to hire enough cyber risk professionals to keep pace. This has led to defenders who are overwhelmed searching for well-disguised attacks within an

impossibly large volume of expanding network traffic and other signals.

Security Copilot will simplify complexity and amplify the capabilities of security teams by summarising and making sense of threat intelligence, helping defenders see through the noise of web traffic and identify malicious activity.

It will also help security teams catch what others miss by correlating and summarising data on attacks, prioritising incidents and recommending the best course of action to swiftly remediate diverse threats, in time.

Continually learning to augment the expertise of security teams

Security Copilot will also continually learn and improve to ensure that security teams are operating with the latest knowledge of attackers, their tactics, techniques, and procedures. The product will provide ongoing access to the most advanced OpenAI models to support demanding security tasks and applications. Its visibility into threats is powered by both the customer organisation’s security data and Microsoft’s vast threat analysis footprint.

These capabilities can empower security teams of any size with the skills and abilities of much larger organisations. In addition, Security Copilot helps address skills shortages in cybersecurity by bridging knowledge gaps and enhancing workflows, threat actor profiles and incident reporting across teams.

“Advancing the state of security requires both people and technology –human ingenuity paired with the most advanced tools that help apply human expertise at speed and scale,” said Charlie Bell, executive vice president, Microsoft Security. “With Security Copilot we are building a future where every defender is empowered with the tools and technologies necessary to make the world a safer place.”

Built on the Microsoft platform and industry-leading threat intelligence

Microsoft is uniquely qualified to help customers explore and adapt AI to boost their cybersecurity defences. Microsoft Security is actively tracking more than 50 ransomware gangs, more than 250 unique nation-state cybercriminal organisations, and receives 65 trillion threat signals every day. Microsoft technology blocks more than 25 billion brute-forced password theft attempts every second, and more than 8,000 security professionals at Microsoft analyse more security signals than almost any other company — on average Microsoft’s Security Operations Centre analysts utilise over 100 different data sources.

Acquisitions

like RiskIQ and Miburo give Microsoft breath of signal and depth intelligence on threat actors that no one else has. And Security Copilot also integrates natively with a growing list of Microsoft Security products, such as Sentinel and Defender, to help customers create an end-to-end experience across their entire security programme.

Availability

Microsoft Security Copilot is currently available through private preview. Please visit https://news.microsoft. com/AI-Security-2023 for more information.

NEWS
8 CXO INSIGHT ME APRIL 2023

VECTRA UNIFIES AI-DRIVEN BEHAVIOR-BASED DETECTION AND SIGNATURE-BASED DETECTION IN A SINGLE SOLUTION

Vectra AI announced the introduction of Vectra Match. Vectra Match brings intrusion detection signature context to Vectra Network Detection and Response (NDR), enabling security teams to accelerate their evolution to AI-driven threat detection and response without sacrificing investments already made in signatures.

“As enterprises transform, embracing digital identities, supply chains and ecosystems — GRC and SOC teams are forced to keep pace. Keeping pace with existing, evolving and emerging cyber threats requires visibility, context and control for both known and unknown threats. The challenge for many security organisations is doing so without adding complexity and cost,” says Kevin Kennedy, SVP Products at Vectra. “Vectra NDR now enables security teams to unify signatures for known threats and AI-driven behavior-based detection for unknown threats in a single solution.”

With the addition of Vectra Match, Vectra NDR addresses core GRC and SOC use cases enabling more efficient and effective:

• Correlation and validation of threat signals for accuracy.

• Compliance for network-based CVE detection with compensating controls.

• Threat hunting, investigation and incident response processes.

According to Gartner, “recent trends in the NDR Market indicate many NDR offerings have expanded to capture new categories of events and to analyse additional traffic patterns. This includes new detection techniques: by adding support for more traditional signatures, performance monitoring, threat intelligence and sometimes malware detection engines. This move toward more multifunction network detection aligns well with the use case of network/security operations convergence, but also with midsize enterprises.”

“The attack surface cyber attackers have at their disposal continues to grow

exponentially creating unknown threats on top of the tens of thousands of known vulnerabilities that exist. Attackers simply have exponentially more ways to infiltrate an organisation and exfiltrate data — and do so with far more frequency, velocity and impact. Keeping pace with attackers exploiting known vulnerabilities and unknown threats is an immense challenge for every Security, Risk and Compliance officer,” says Ronald Heil, Global Risk Advisory Lead for Energy and Natural Resources and Partner at KPMG Netherlands. “Today, cyber-resilience and compliance requires complete visibility and context for both known and unknown attacker methods. Without it, disrupting and containing their impact becomes an exercise in brand reputation and customer trust damage control. Vectra Match capabilities allow us to combine both worlds, having the continued AIbased detection of real-time “movement”, while also having the ability to check against specific Suricata indicators — often required during incident response or proof of compliancy (e.g., Log4J). Consolidating AI-based and signature-

based detection enables optimisation, because in our case, less is more.”

Vectra NDR with Vectra Match

Vectra NDR — a key component of the Vectra platform — provides end-to-end protection against hybrid and multicloud attacks. Deployed on-premises or in the cloud, the Vectra NDR console is a single source of truth (visibility) and first line of defense (control) for attacks traversing cloud and data centre networks. By harnessing AI-driven Attack Signal Intelligence, Vectra NDR empowers GRC and SOC teams with:

• AI-driven Detections that think like an attacker by going beyond signatures and anomalies to understand attacker behavior and zero in on attacker TTPs across the entire cyber kill chain post compromise, with 90% fewer blind spots and 3x more threats proactively identified.

• AI-driven Triage that knows what is malicious by utilising ML to analyse detection patterns unique to the customer’s environment to score how meaningful each detection is, thus reducing 85% of alert noise — surfacing only relevant true positive events that require analyst attention.

• AI-driven Prioritisation that focuses on what is urgent by automatically correlating attacker TTPs across attack surfaces, evaluating each entity against globally observed attack profiles to create an attack urgency rating enabling analysts to focus on the most critical threats to the organisation.

Vectra NDR empowers security and risk professionals with next-level intrusion detection. Armed with rich context on both known and unknown threats, GRC and SOC teams not only improve the effectiveness of their threat detection, but the efficiency on their threat hunting, investigation and incident response programme and processes.

Vectra NDR with Vectra Match is available for evaluation and purchase today.

9 CXO INSIGHT ME APRIL 2023

F5 SAFEGUARDS DIGITAL SERVICES WITH NEW AI-POWERED APP AND API SECURITY CAPABILITIES

F5 announced new security capabilities to give customers comprehensive protection and control in managing apps and APIs across on-premises, cloud, and edge locations. Specifically, new machine learning enhancements provide F5’s cloud security portfolio with advanced API endpoint discovery, anomaly detection, telemetry, and behavioral analysis. As more transactions and customer engagements occur through digital channels such as web and mobile apps, organisations are seeking better solutions to provide secure experiences for their end users and maintain their trust. With APIs as the building blocks of modern web and mobile experiences, protecting these assets is the cornerstone of securing digital services.

F5 customers can now strengthen their security posture with a continuously improving analysis engine and unified policy enforcement. These capabilities enable secure app-to-app communications through validated and monitored APIs, thereby reducing the time security teams spend correcting false positives and accelerating timeto-deployment for new services. The enhancements, as well as new managed service offerings for enterprises and service providers, accelerate the momentum of F5 Distributed Cloud Services, introduced in 2022 and bolstered by the recent launch of multi-cloud networking solutions.

Modern organisations continue to demonstrate a clear preference for hybrid solutions. According to F5’s 2023 State of Application Strategy (SOAS) Report, 85% of respondents have deployed apps and APIs in distributed environments spanning multiple public clouds, as well as onpremises and edge locations. More than 20% of respondents are deploying apps and APIs in six different environments. At the same time, security teams struggle to provide consistent protection and visibility for a rapidly expanding attack surface area. This is primarily because many contemporary web application and API

protection (WAAP) solutions rely on point products or offerings based on (and provided by) CDN vendor technologies that cannot adequately scale beyond cloudbased apps and lack the ability to be deployed on premises, in public clouds, or in other edge locations.

“Applications and APIs are the building blocks of the digital experiences through which we all work, bank, shop, access healthcare, travel, and play,” said Kara Sprague, EVP and Chief Product Officer, F5. “And those experiences are only as secure as the most vulnerable app or API. With greater efficacy achieved via sophisticated profiling techniques and deployment options that span SaaS, packaged software, hardware appliances, and managed services, F5’s app and API security solutions are unmatched. Today’s announcement continues our mission to radically simplify app and API security, empowering customers to accelerate digital innovation with the confidence of comprehensive protection no matter how their apps are built or where they live.”

F5 offers a full suite of capabilities to provide robust protection for apps and APIs across on-premises, cloud, and edge locations. Moreover, F5’s end-to-end approach to security means that threat data can be gathered and analysed across all deployed locations, including ongoing and emerging attack campaigns detected by the F5 Threat Campaigns service. As part of a larger hardware, software, SaaS, and managed services portfolio that also provides best-in-class application delivery capabilities, F5 security solutions protect a diverse mix of distributed apps and APIs in any environment without adding further operational complexity.

Enhanced API Security Provides Greater

capabilities in the public cloud and as-aservice. Unlike API-only point product security providers, F5 delivers API auto-discovery, policy enforcement, and anomaly detection as part of a unified WAAP service, simplifying operations and enforcement through a single console for both app and API protection. Since static signature-based controls are insufficient for protecting API endpoints due to their dynamic, evolving nature, F5 Distributed Cloud API Security utilises optimised machine learning for automatic API discovery, threat detection, and schema enforcement. By observing normal behavior patterns across all endpoints, F5’s advanced analysis engine helps users detect anomalies and refine API schemas to improve their overall security posture. Additionally, F5 supports token identification to detect anomalous behavior accessing JWT tokens and prevent unauthorised usage.

AI as an Essential Element of App Security

Protection

for Modern

Apps F5 offerings are firmly in step with organisations’ desire to deploy security

According to F5’s SOAS Report, nearly two-thirds of organisations are prioritising the use of AI/machine learning, with security as a top use case. CISOs view such capabilities as a means to reduce the time between detection and response without compromising efficacy or requiring additional security staff. In addition to AI-based enhancements for Distributed Cloud API Security, F5 is introducing AI-driven web application firewall (WAF) capabilities, including unique malicious user detection and mitigation capabilities that create a per-user threat score based on behavioral analysis that determines intent. This enables security operations to choose between alerting or automatic blocking to mitigate an attack that would otherwise go undetected by static signatures. With F5, all traffic is monitored and proactive defenses are applied based on malicious user behavior that can be correlated across Distributed Cloud WAAP deployments.

NEWS
10 CXO INSIGHT ME APRIL 2023

CHOOSING THE RIGHT STRATEGY

EFFECTIVE IMPLEMENTATION OF TECHNOLOGY NEEDS MORE THAN AN EFFECTIVE IT TEAM, WRITES TAHER JHANJHARYA, GROUP CFO OF EFS

FACILITIES SERVICES GROUP

The widespread adoption of technology is transforming the way that businesses operate.

While technology can offer a wealth of benefits, from increased efficiency to enhanced customer experiences, its implementation is not always straightforward. Companies must navigate a range of challenges if they are to reap the rewards of technological advancement. It is very common that technology

implementations are left to IT teams and failures accordingly are associated to the failure of IT team’s capability but is it possible for one department to alone undertake such endeavours?

Organisations around the world are investing billions in technology. However, there often remains a persistent gap between the value of such technologies and the ability to implement them efficiently, especially when different departments are

involved. At a time of transformative technological advancements and fierce global competition, we need to focus on closing the gap between capabilities and achievement. To do so, organisations must delve deeper into the challenges faced including market intricacies, responsibility assignment, resistance to change and the role of IT teams in overall implementation.

One of the biggest obstacles that businesses must navigate when

VIEWPOINT
12 CXO INSIGHT ME APRIL 2023

adopting technology is selecting the right system for their specific needs. With the sheer number of solutions available, it can be difficult to determine which system will best serve a company’s unique requirements. To overcome this challenge, companies must conduct a thorough analysis of their current operations and future goals, to ensuring that they select a system that meets their specific needs and can be integrated effectively into their operations.

One challenge that can arise in technology adoption is a lack of clear ownership between the IT department and the business. This can lead to conflicting priorities and a lack of coordination between the two, hindering the successful integration of the technology into day-to-day operations. To mitigate this challenge, it is important for businesses to establish clear lines of responsibility and communication between IT and the business, and to ensure that both parties are aligned in their goals for technology adoption.

Imagine that a services company that implemented a new project management system to improve its operations. The system was not fit for purpose as it did not meet the specific requirements of the company’s projects either due to selection by a few members of the organisation who did not fully understand the business challenges from ground levels. Furthermore, the implementation of the system did not have enough support from the business, as employees were not fully on board with the change. This resulted in widespread confusion and disruption to the company’s operations, leading to significant financial losses.

Another challenge that businesses must face is resistance to change from employees. New systems can be daunting and unfamiliar, leading to a lack of adoption and a missed opportunity to improve operations. Furthermore, the integration of new technology into existing processes and

systems can be complex and timeconsuming, requiring a coordinated effort from multiple departments.

To overcome the obstacles of implementation and adoption, companies must develop a vision and have a robust change management process. This should include clear communication with employees, to help them understand the benefits and what is the benefit for them in this followed by extensive training to ensure they are equipped to use it effectively. Businesses must involve relevant stakeholders in the implementation process to minimise any disruption to existing operations and ensure that the technology integrates smoothly into their workflows while addressing dayto-day challenges.

Companies also need to make an informed decision by ensuring that they have a clear understanding of the technical capabilities and limitations of the technology they are adopting. This includes assessing compatibility with existing systems, the scalability of the solution, and the level of support available from the technology vendor in the long run beyond the implementation period.

Change management is key to adoption, encompassing the support of senior executives. Executive leadership can provide the necessary resources, drive cultural change, and

make key decisions to support the implementation and integration of new technologies. However, change management should be a process that starts even before the identification of a system. Employees may feel that they will be held to a higher level of accountability as the new technology is more transparent in its processes. This can lead to resistance against adoption; it is essential for executive management to reassure employees that the proposed solution is to become more effective and efficient. The process should address any concerns among team members with respect to their roles in the organisation.

However, even with the best planning, technology adoption can still fail. It is important for businesses to have contingency plans in place and to monitor the adoption process closely, to ensure that the technology is integrated effectively and delivering the desired results. Most digital transformations fail but making sure that success factors are in place can reverse the odds of success from 30% to 80%, according to a report by Boston Consulting Group (BCG). Companies should not merely celebrate investments in new technology, but rather the successful adoption which goes beyond the implementation phase and measures the effective use of the system to solve challenges. Any announcements before successful adoption are only marketing and advertising without real business impact.

In conclusion, the implementation of technology is essential for businesses to remain competitive in today’s fast-paced technological landscape. However, it is also a complex process that requires careful planning and execution. By conducting a thorough analysis of their needs, selecting the right systems, and taking a strategic approach to implementation and adoption, organisations can overcome challenges, minimise the risk of failure, and encourage ownership.

13 CXO INSIGHT ME APRIL 2023

TURBOCHARGING DIGITAL INNOVATION

XERXES COOPER, PRESIDENT OF STRATEGIC MARKETS AT KYNDRYL, EXPLAINS HOW THE COMPANY IS HELPING ENTERPRISES IN THE REGION ACCELERATE DIGITAL TRANSFORMATION.

Can you give us the low-down on Kyndryl’s operations?

When Kyndryl was formed, one of our key goals was to have a much flatter, more focused speed of execution in terms of our business. So what we’re trying to do is to empower our teams on the ground. We have ten major markets, including France, Germany, Italy, US, Japan, Canada, Spain, and Portugal. And then, we have our strategic markets, which are 50 countries spanning all of Asia, the Middle East and Africa, Latin America, and Central and Eastern Europe. So in total, it’s about 50 countries and it comprises about 25 percent of our company. And the common thread we have in many of these countries is that we’ve got a strong group of clients looking to modernise their IT infrastructure. Many of them are at the same maturity curve with the cloud, and what we try to do across these 50 countries is find those intersection points and how we can drive those synergies.

What kind of opportunities do you see in this market?

We are the largest infrastructuremanaged services company in the world. We started with that scale - with 90,000 employees, we operate in about 60 countries and bring nearly 30 years of experience. So think of missioncritical. Think of resiliency. Think of clients who need help managing those systems. And as many of our clients are undertaking their modernisation journey, they need the help of a company like Kyndryl, which can help them do it at scale. And that’s where we see such opportunity in the region

where many clients are looking at a hybrid multi-cloud environment; they need resiliency of their existing environment. They’re looking at the modernisation of critical applications and need a partner to help them bring all of that capability together.

Kyndryl is agnostic but with a point of view. And that’s something our freedom of action now as an independent company allows us to do. So we bring an agnostic point of view, but we bring opinions of what we think would be the right action, which partner, and so on, based on their industry. We see a fantastic opportunity here, not only in the public sector but also in the private sector.

This region doesn’t have much legacy. What are your clients here needing help with?

We don’t see legacy. We see data security, employee experience, and how we’re enabling the strategy for our clients. So when you think of Kyndryl, think of us as the company

that will help clients modernise, build, design, and manage their complex environments. If I look across the region, there’s not a single client that is not thinking about how do they modernise . There’s not a single client that is not thinking about how they manage the complexity of a hybrid cloud world. That’s where Kyndryl steps in. That is the scope of services we bring – it is about helping our clients accelerate their digital journeys.

How does this region stack up compared to the other markets that you handle?

What I see is a lot of similarities. For example, when I think about the Middle East, Asia or Latin America, I see many similarities in terms of strong GDP growth, population, and significant demand for services. You’ve got companies reaching enterprise level here, needing support and help to advance their digital journeys. There is now a need for scale, and that’s an area where Kyndryl is helping our clients manage that complexity along their digital transformation journeys.

What does digital transformation mean to you?

When I think about digital transformation, I think about the end user, the customer experience, and how they can seamlessly, without any friction, consume your product and have that fantastic experience. So then, now think about how companies do that. And how do you not just do it once but do it repeatedly? How do you do it at scale? Digital transformation is also about knowing your client and understanding your client’s needs before they have that. Digital transformation is also a seamless experience. So again, this is where Kyndryl provides the resiliency and the support services for that seamless experience. So digital transformation can mean a lot of different things to different people. But digital transformation is about the end user’s experience and how a company can continue to enhance that. And the key word is continue.

INTERVIEW
14 CXO INSIGHT ME APRIL 2023

DO YOU TRUST YOUR CLOUD?

HOW TO MANAGE SECURITY IN THE CLOUD

Is your organisation’s data truly secure in the cloud? Though cloud security has improved significantly in recent years with cloud providers following successful security practices, concerns still linger. It is estimated that cloud was responsible for 49 percent of the breaches and compromises last year. This is now catching the attention of C-level executive and making them question whether or not their data safe in the cloud, or if they even want to move to the cloud.

“Moving to the cloud has significant benefits for businesses but can also introduce risks outside traditional

FEATURE
Christopher Hills
16 CXO INSIGHT ME APRIL 2023
Ezzeldin Hussein

cybersecurity practices. Securing virtual machines, cloud-based containers, Kubernetes, and serverless workloads, whether in public clouds, private clouds, or a combination of the two (hybrid clouds), means developing a deeper understanding of the security issues that come with cloud workloads,” says Ezzeldin Hussein, Sales Engineer Director, SentinelOne.

He says multi-cloud security solutions that can provide centralised visibility and control across different cloud environments are crucial for protecting data and ensuring compliance. Additionally, Zero Trust security is also taking prevalence. With the rise of remote work and cloud-based services, the traditional network perimeter has become obsolete. Zero Trust security requires all users and devices to be authenticated and authorised before accessing resources.

Giuseppe Brizio, CISO EMEA, Qualys, says whilst many organisations have cloud security as one of their top IT priorities, there are still basic security practices that are not being followed. Moving resources to the cloud too quickly causes organisations to struggle to keep up with ever-expanding cloud attack surfaces and increasing multi-cloud complexity, which, coupled with shortage of skilled cybersecurity resource,s makes the situation even worse.

What are the top cloud security trends to watch out for in 2023?

Mike Fraser, VP & Field CTO of DevSecOps, Sophos, says the top cloud security trends to watch out for include DevSecOps, Zero Trust, attack surface management, cloud-native security, secure access service edge (SASE), and AI / ML for cloud detection and response (CDR).

“DevSecOps spans all these trends and can enable a more collaborative approach through automation across teams to support cloud environments and services to ensure security is builtin from deploying infrastructure as code (IaC) for cloud native workloads to responding to active cloud threats. Advancements in AI / ML for CDR will enable organisations to more intelligently do more with existing talent to cut down on the detection noise and enable response through remediation that augments existing human talent,” he says.

When it comes to the cloud, identitybased threats are one of the most common threats, says Subhalakshmi Ganapathy, IT security evangelist, ManageEngine. To combat them, organisations will explore new avenues in cybersecurity, including Zero Trust architecture in the cloud and consolidation of cloud access security brokers (CASBs). This will ensure that organisations have better visibility on data, assets, and risks as well as reduced operational costs and complexity.

In a survey ManageEngine conducted

on cloud security, 35% of the participants referred to cloud account compromise as the most common threat. “However, the most challenging part of that is detecting them in your environment due to a lack of visibility and the inability to distinguish between unauthorised and legitimate access. Another attack vector that has been with us since the beginning of the internet is ransomware. We’ve seen the damage it has caused for a lot of organisations not only financially but also reputation-wise. This type of attack is increasingly difficult to detect and contain in the cloud,” says Ganapathy.

Christopher Hills, Chief Security Strategist, BeyondTrust, says cloud misconfiguration or lack of configuration is still the leading attack vector. “That being said, there are many other elements related to cloud breaches such as malicious insider, vulnerabilities, phishing access via social engineering, and let’s not forget the leading cause of breaches in general, stolen and/or compromised credentials.”

Is cloud inherently more secure than on-prem?

The level of inherent security in cloud versus on-prem environments is dependent on a variety of factors. These include the specific cloud provider chosen, the security measures implemented by the provider, and the security practices of the customer within their workloads.

Subhalakshmi Ganapathy Giuseppe Brizio
17 CXO INSIGHT ME APRIL 2023
Mike Fraser

Fraser from Sophos says customers may have their own on-prem cloud solutions with comparable security measures. Regardless of the environment chosen, customers are responsible for securing their own workloads, so the baseline cloud provider’s services may be more secure depending on customer size, what cloud security technologies they have in place, and if they have an internal security team or use an external Managed Security Services Provider (MSSP).

“Whether using the cloud or on-prem, depending on each organisation’s comfort level with the cloud provider or your own internal security posture, the keys to your own cloud workload security are implementing DevSecOps practices, leveraging automation, and using cloud security technologies throughout the entire lifecycle of cloud environments,” he says. Hussein from SentinelOne says it is not accurate to say that the cloud is inherently more secure than on-premises infrastructure. The security of a cloud environment depends on various factors like security measures, level of access control, strength of authentication mechanisms, and ability to detect and respond to security incidents.

“Aspects of cloud environments that can make them more secure than on-premises infrastructure include expertise, as cloud service providers often have a deep level of expertise in securing their environments. This expertise may include specialised security personnel, advanced security technologies, and best practices for securing cloud infrastructure. Another aspect is scalability. Cloud environments can be scaled up or down quickly and easily, allowing organisations to quickly adapt to changing security needs or respond to security incidents,” he concludes.

THE EXPERTS SPEAK

BACK IN 2010, THE QUESTION OF WHETHER THE CLOUD WAS MORE SECURE THAN ON-PREMISES INFRASTRUCTURE WAS HOTLY DEBATED. IN THE CURRENT LANDSCAPE, THE ADOPTION OF SAAS AND CLOUD SERVICES HAS MADE THIS IRRELEVANT. IN FACT, MANY NEW AND EMERGING APPLICATIONS ARE ONLY AVAILABLE IN THE CLOUD, AND MOST APPLICATIONS INTERACT WITH NUMEROUS APIS HOSTED IN THIRD-PARTY CLOUDS AND DATA CENTERS.

“AS THE CLOUD HAS BECOME THE DEFAULT PLATFORM FOR MANY APPLICATIONS, AND THE QUESTION OF WHETHER THE CLOUD IS MORE SECURE THAN ON-PREMISES INFRASTRUCTURE IS LIKELY NO LONGER RELEVANT. CLOUD PROVIDERS CAN OFFER NUMEROUS ADVANTAGES, INCLUDING ECONOMIES OF SCALE, REGULAR UPDATES, DATA REDUNDANCY, COMPLIANCE FEATURES, AND TACKLE UNIQUE CHALLENGES SUCH AS REMOTE WORK AND DDOS PROTECTION. THEREFORE, ADOPTING CLOUD SERVICES IS ESSENTIAL FOR BUSINESSES LOOKING TO TRANSFORM DIGITALLY AND STAY SECURE IN THE EVER-CHANGING THREAT LANDSCAPE.

Bashar Bashaireh, Managing Director - Middle East and Türkiye at Cloudflare

WHEN CLOUD SERVICES ARE USED AND CONFIGURED PROPERLY THEY CAN BE JUST AS SECURE, IF NOT MORE SECURE, THAN TRADITIONAL ON-PREMISE ENVIRONMENTS. THE CLOUD SERVICE PROVIDERS ARE ARGUABLY INCENTIVIZED TO INVEST IN SECURITY EVEN MORE THAN ANY SINGLE COMPANY. THERE WILL ALWAYS BE SECURITY ISSUES THAT ARISE BUT IT IS INCUMBENT ON SECURITY TEAMS TO UNDERSTAND THE INS AND OUTS OF THE VARIOUS CLOUD SERVICE PROVIDERS TO ENSURE THAT SECURITY IS EMBEDDED IN THE ARCHITECTURE, ENGINEERING, AND DAY-TO-DAY OPERATIONS.

CLOUD SECURITY IS CONSTANTLY CHANGING, AND STAYING UP TO DATE ON THE LATEST TRENDS IS CRUCIAL. THE TOP CLOUD SECURITY TRENDS TO WATCH OUT FOR INCLUDE MULTI-CLOUD SECURITY, ZERO TRUST SECURITY, CLOUD-BASED AI AND MACHINE LEARNING, CLOUDNATIVE SECURITY, AND DEVSECOPS. WITH THE RISE OF REMOTE WORK AND PERSONAL DEVICES BEING USED FOR WORK, ZERO TRUST SECURITY IS BECOMING MORE IMPORTANT. ATTACKERS ARE ALSO USING AI AND MACHINE LEARNING, WHICH MEANS THAT CLOUD SECURITY PROVIDERS MUST ALSO TURN TO THESE TECHNOLOGIES TO IMPROVE THEIR DETECTION AND RESPONSE CAPABILITIES. CLOUD-NATIVE SECURITY SOLUTIONS OFFER FLEXIBILITY AND SCALABILITY, WHILE INTEGRATING SECURITY INTO THE SOFTWARE DEVELOPMENT PIPELINE (DEVSECOPS) IS ESSENTIAL TO ENSURE THAT SECURITY IS BUILT INTO APPLICATIONS FROM THE START.

Biju Unni, Vice President at Cloud Box Technologies

FEATURE
Frank Kim, SANS Institute Fellow, Cloud Curriculum lead, and CISO-in-Residence at YL Ventures
18 CXO INSIGHT ME APRIL 2023
Access business applications from home, the road and at the office, seamlessly and securely without interruption. For more information visit us at skyhighsecurity.com Skyhigh Security is a registered trademark of Musarubra US LLC. Copyright © 2023 Protecting Your Data No Matter Where it Resides.

A BLUEPRINT FOR DIGITAL SUCCESS

AMIT SAXENA, CIO OF RAMCO PLEXUS, ON KEY INGREDIENTS OF A SUCCESSFUL DIGITAL TRANSFORMATION STRATEGY.

What are the major challenges facing CIOs in 2023?

First and foremost is balancing priorities in an uncertain economy. For CIOs who are part of organisations deeply embedded in the culture, identity, and fabric of their countries, utilizing global technology effectively might be a challenge. Moreover, despite the rapid evolution of unique new technologies such as machine learning and virtual reality, many companies cannot afford to invest in new equipment, even if it’s what they desire. This scenario means CIO should emphasize return on investment as a selling point to help encourage digital transformation.

The second one is bolstering cybersecurity. It’s important to know that all businesses are targets of cybercriminals because it’s now typical for companies to store confidential financial data on business networks. So, another challenge for IT leaders is to convince companies’ decision-makers they must prioritise cybersecurity.

Other significant challenges include:

• Digital transformation and change management: Digital transformation is the process of implementing digital technologies to create new business processes -or rework the existing ones- and build healthy customer experiences to meet the fresh demands of the changing market. And to make the digital transformation process work smoothly, CIOs need to rely on a managerial strategy. Building and managing this team is getting

harder and more challenging as more businesses try to keep up with evolving technologies and cope with change management.

• Staying ahead of AI/ML developments: As CIOs, we must constantly be up to date with current trends to remain relevant and maintain business processes’ security and efficiencies.

• Dealing with supply chain issues and rising costs: IT departments are going through a great need for participating in digital transformation, leaving no time or effort to maintain the already created services and operations.

• Digesting digital transformation and improving interoperability: The need to keep up with this environment breathing evolving technology in and out. They are expected to be ready to develop new products and services and adapt to changes in IT strategies when necessary.

Can you share tips with your peers for digital transformation success?

I’ve mainly four tips for digital

transformation success:

1. Focus on customer service. A customer-centric approach is of utmost importance, so implement the latest technology and focus on your target audience.

2. Gradually implement a digital strategy. Don’t overwhelm employees with sudden change; go progressively.

3. Cooperation and cultural change. All parts of the collaboration should be involved; this will have a cultural shift.

4. Monitor return on investment. You can measure your success by financial returns on investments. Revenue is affected by business strategy; thus, you should keep switching regularly.

Which emerging technologies will have the maximum business impact? The first one on my list is 5G communications. With higher multiGbps maximum data speeds of up to 10 Gbps, ultra-low latency, increased reliability, massive network capacity, and increased availability, 5G will drive innovation across every sector and industry and transform everything as we know it.

Another one is artificial intelligence. Artificial intelligence is shaping in different directions every day. It spans platforms, tools, and applications. AI is the new bride for major tech giants attracting massive spending in the form of investment. At the same time, this technology is becoming more affordable by the day and growing in its uses. Artificial intelligence is now a special interest in trading, asset management, healthcare, manufacturing, automobile, sales, marketing, etc.

Also, watch out for blockchainbased storage. Proponents claim that by taking advantage of the empty space on users’ devices worldwide, blockchain storage can cut up to 90% of the cost of centralised cloud storage. Blockchain storage also allows faster and more customisable storage systems because users can manipulate settings, such as retrieval speed and redundancy.

INTERVIEW
20 CXO INSIGHT ME APRIL 2023

UCC Collaboration Summit 2023

Connecting the World and Empowering Teams with Zoom and Microsoft.

In collaboration with

KSA MOROCCO EGYPT QATAR KENYA OMAN NIGERIA ETHIOPIA UAE

THE PROMISE OF BLOCKCHAIN

WILL THIS DISRUPTIVE TECH FINALLY REALISE ITS FULL POTENTIAL?

Not long ago, blockchain was heralded as the future by industry pundits, and businesses were urged to invest in the technology for new efficiencies. However, distributed ledger technology failed to gain mainstream acceptance and find a purpose beyond cryptocurrencies. So is blockchain still relevant in 2023 and beyond?

IDC FutureScape, which was published in October 2022, predicts that by 2026, approximately 80% of global banks will integrate crypto assets into their risk management systems and decisionmaking processes.

Apart from BFSI, industries such as healthcare, retail, logistics, and manufacturing are also investing in blockchain use cases. For example, the healthcare uses blockchain to digitise health information exchange and trace counterfeit drugs. Logistics is using it to provide secure end-toend supply chain information and data sharing. Manufacturing and retail are using blockchain for assets and goods

management, equipment and service management, warranty claims, regulatory compliance, and loyalty programs.  However, IDC research finds blockchain adoption (excluding cryptocurrency) in the MEA region has slowed down in the past few years. In September 2022, 29% of CIOs across GCC countries planned to increase investment in blockchain by 10% or more in the next 12-18 months. However, according to the January 2023 IDC CIO DX survey, spending priority on blockchain has slipped to be in the bottom three technologies across GCC countries.

“Blockchain technology is being widely adopted across various industries in the Middle East & Africa (MEA) region, with the BFSI sector leading the way. The region has seen an increasing number of banks and financial institutions using blockchain for various purposes such as cross-border payments, trade finance, claims processing, and KYC filing,” says Manish Ranjan, Senior Program Manager – Software, Cloud & IT Services at IDC MEA.

What are some of the top trends that will dominate the blockchain industry this year?

According to the World Bank, blockchain’s global market size is expected to reach $1.43 trillion by 2030, with a compound annual growth rate (CAGR) of 85.9%. As blockchain use cases continue to expand, there will be ongoing and emerging trends in 2023. For example, there is a growing trend toward the use of blockchain technology for the supply chain management.

“Blockchain-based supply chain solutions can help to increase transparency and traceability in supply chains, reduce fraud, and improve efficiency. Another major trend that will continue through 2023 is the adoption of decentralised finance (DeFi). DeFi applications enable peer-to-peer transactions and eliminate the need for intermediaries such as banks. Additionally, more industries will see an integration of non-fungible tokens (NFTs). Currently, NFT’s are being used in gaming, sports, art, and other industries. Nike is a good example of this, having acquired RTFKT studio, a digital collectibles company, which will allow the company to sell virtual sneakers to outfit people’s avatars in the metaverse,” says

FEATURE 22 CXO INSIGHT ME APRIL 2023

Stephen Gill, Academic Head of the School of Mathematical and Computer Sciences, Heriot-Watt University Dubai.

Finally, blockchain technology is also being used to develop digital identity solutions as they are more secure and protect user privacy better than traditional identity systems. It is expected that this trend will continue to expand as more organisations realise the benefits of blockchain-based digital identity, he adds.

Blockchain and IoT

Gartner calls the combination of blockchain and IoT a digital transformation sweet spot. A study conducted by Aftrex Market Research in 2018 discovered that the total Blockchain and IoT market could grow to $254.31 billion in 2026. This is due to benefits such as more speed, lower costs, enhanced privacy, and efficient logistics and supply chain.

“With blockchain technology, every data point, including inventory and shipping information, can be decentralised and secured, resulting in improved efficiency and transparency for the IoT-enabled logistics industry,” says Sandeep Shrivastava, Manager – Digital Business Solutions at GBM.

He says the Internet of Things (IoT) technology’s main asset is, precisely, the data that the myriad of sensors embedded in the environment are constantly generating. The diffusion of platforms for IoT data sharing and monetisation is one of the key success factors which may help

to drive the data economy and industrial transformation.

One interesting area of research that is emerging is the use of blockchain to enable a highly scalable Internet of Things Data Marketplace - a data sharing platform based on blockchain, over which data producers and data consumers can share data in a decentralised and trustworthy manner. The blockchain-based IoT Data Marketplace (BIDM) enables a data marketplace where owners of IoT infrastructures can expose the observations that their devices generate while retaining control over who accesses each observation, while directly getting revenue according to the prices they have set.

Gill says combining blockchain and IoT can create more secure and trusted networks. Since blockchain technology enables secure and transparent transactions, while IoT provides real-time data, this combination can help to prevent cyber-attacks and ensure that data is not tampered with. Additionally, using blockchain with IoT will allow streamlining processes and reducing costs.

What is blockchain’s potential for cybersecurity?

One key feature of blockchain is its immutability. The blocks in the chain are linked cryptographically and altering any data stored on them requires significant resources.

“As blockchain technology evolves, we see new use cases emerging in areas such

as cybersecurity, particularly for identity management. Decentralised identifiers (DIDs) offer a promising alternative to our current reliance on emails, passwords, usernames, and other centralised systems. With blockchain tools at our disposal, we can now build innovative identity management systems based on DIDs,” says Shrivastava from GBM.

Gill from Heriot-Watt sums up: “Since blockchain is based on principles of decentralisation and cryptography, this ensures trust in transactions. For example, once transactions are recorded on the blockchain, they cannot be changed. This significantly decreases the likelihood of hackers tampering with stored data. Additionally, decentralisation means no central point of control, making it difficult for cybercriminals to gain access and launch an attack.

“Most importantly, blockchain’s use of advanced encryption techniques make it almost impossible for hackers to access sensitive information. However, there are some infrastructural challenges that can compromise security on the blockchain. For example, since blockchains are transparent by design, participants may share data that attackers can use to infer confidential or sensitive information. Additionally, attackers may compromise private keys to control participants accounts through phishing. Therefore, while blockchain has a great potential for cybersecurity, additional efforts must be made to mitigate cyber threats.”

Stephen Gill Manish Ranjan
23 CXO INSIGHT ME APRIL 2023
Sandeep Shrivastava

SPOTLIGHT ON SECURITY TRANSFORMATION

THE SECOND EDITION OF CYBER STRATEGISTS SUMMIT AND AWARDS 2023 WAS HELD AT SHANGRI-LA HOTEL IN DUBAI. THE EVENT BROUGHT TOGETHER INDUSTRY PRACTITIONERS AND CYBERSECURITY EXPERTS IN THE REGION TO EXPLORE NEW WAYS TO BUILD CYBER RESILIENCY AND DISCUSS INNOVATIONS.

We find ourselves faced with increasing cybersecurity risks in an already challenging environment. The pandemic has opened Pandora’s box regarding security; never have we seen such a dramatic escalation in cyber threats before. Technology innovation was a blessing for many enterprises during the pandemic, without which many businesses would have come to a grinding halt. But, on the flip side, it has exposed all of us to an environment rife with cybercrime, and cybercriminals are constantly looking to exploit vulnerabilities in our systems and networks.

Cyber Strategists Awards honoured cyber warriors at the frontline of the battle against bad guys for demonstrating

leadership, innovations, and vendors for their contribution to the industry.

Keynote addresses from Hariprasad Chede, CISO of the National Bank of Fujairah, and Bader Husni Zyoud, senior information security manager at Sharjah Central Finance Department, kicked off the summit.

The event also featured a panel discussion on the top cybersecurity security trends to watch out for in

2023. The panelists included: Rami Dweik, Country Manager – Middle East North for Vectra AI; Mohammed Al Tamimi, Enterprise Security Group Regional Leader for Middle East, Turkiye and Africa ( META)  at Akamai technologies; Lalan Mishra, Senior Cloud Security Architect at Skyhigh Security; Terence Sathyanarayan, Managing Director, Pulse IS; and Bernard Montel, Technical Director EMEA, Tenable

AWARDS
24 CXO INSIGHT ME APRIL 2023
Rubina Salam Emirates Hospital Group Nitin Shingari Daman Health Arif Irfani Sharjah Islamic Bank
25 CXO INSIGHT ME APRIL 2023
Padam Kafle Aster Hospitals
AWARDS 26 CXO INSIGHT ME APRIL 2023
Rajesh Yadla Al Hilal Bank Mustansir Aziz Automech Group Clen Cletus MBC Hadi Anwar CPX

Data Protection

Critical Infrastructure Security

IT Asset Management Cost Optimization
OT Management & Security Infrastructure Management & Monitoring Device & Network Protection Email, Web Security &MFT Identity Education & Awareness Value Added Cybersecurity & IT Distributor For more information call us @ META HQ: +971 4 285 7366 & Saudi Arabia: 800 8500 851
o
YOUR 360 CYBERSECURITY PROVIDER
AWARDS 28 CXO INSIGHT ME APRIL 2023
Yazad Khandadia (Representative) Emirates NBD Somnath Sarkar Mashreq Bank Jijish Gopi Department of Finance Dubai Jayesh Nandanan Mediclinic Middle East
AWARDS 30 CXO INSIGHT ME APRIL 2023
Saqar Al Ali (Representative) Sharjah Central Finance Department Parvez Hamza (Representative) TAQA Shibu P Kurian Americana Hany Sayed D&B Dubai Younus Changoth Western International
31 CXO INSIGHT ME APRIL 2023
Basem Easa Belal Dubai Sports City Hussain Al Khalsan Zand Hariprasad Chede National Bank of Fujairah Tushar Vartak RAK Bank Jagmohan Singh (Representative) Sukoon
AWARDS 32 CXO INSIGHT ME APRIL 2023
Abdulla Bader Al Sayari Department of Health, Abu Dhabi Sabin Subramanian Class Hotel Apartments Ahmed Al Madani Horizon Terminal Abhilash Radhadevi OQ Trading Mansoor Ali Khan Q Holding SentinelOne Best endpoint security vendor award SANS Institute Best cybersecurity training provider Akamai Best zero trust security vendor award Vectra AI Best cloud security vendor award eSentire Best MDR provider
33 CXO INSIGHT ME APRIL 2023
Tenable Best vulnerability management software vendor

MAKING THE CASE FOR ON-PREM

CLOUD NATIVE MAY GET THE HEADLINES BUT TECHNOLOGISTS CAN’T OVERLOOK THE NEED TO OPTIMIZE PERFORMANCE WITHIN ON-PREMISES ENVIRONMENTS, WRITES

On-premises computing isn’t going anywhere

Government is perhaps the most obvious example of a sector which will continue to rely on traditional, on-premises computing as there are strict requirements to run air-gapped environments, with no access to the internet. Beyond the public sector, industries such as banking and insurance need to negotiate major data sovereignty issues. Organisations need to ensure that customer data resides within the borders of the country where they are operating. As has been the case recently, those who fail to comply with these rules face significant fines and reputational damage.

For all of the focus on cloud native technologies over the last couple of years, it’s sometimes easy to forget that many organisations continue to run most of their IT estate on-premises. And, this is likely to be the situation for some years to come.

Across all industries, IT departments have embraced no code and low code platforms to accelerate release velocity in response to rapidly changing customer and employee needs. Modern application stacks provide organisations

with speed, agility and resilience and undoubtedly represent the future of innovation.

However, the reality is that the transition to cloud native technologies isn’t going to happen overnight and, in some cases, it won’t happen at all due to the unique sensitivities of the data organisations manage. This is why it’s essential for IT teams to ensure they have the right tools and insights to oversee and optimise availability and performance within traditional, onpremises environments.

However, it isn’t just regulation that is driving organisations to maintain their on-premises environments. Some business and IT leaders also favor the additional control that on-premises provides in comparison to cloud, with complete visibility on where data sits and the ability to handle their own upgrades within their own four walls.

This is particularly the case for major global brands that possess large volumes of sensitive intellectual property (IP) — think big global tech companies and semiconductor companies — that are choosing not to place their data in the cloud. They simply don’t want to take the risk of sharing or storing their IP outside of their organisation. So, for all of the

VIEWPOINT
34 CXO INSIGHT ME APRIL 2023

hype surrounding the move to cloud native technologies, there is always going to be a need for some business critical applications to remain onpremises.

This is also causing some organisations to rethink their strategy moving to the cloud. With the economic slowdown continuing to impact businesses, and concerns about the rising costs of cloud computing, IT leaders are making difficult decisions about how and what they migrate to the cloud, in order to keep costs in line. Increasingly, we’re seeing organisations moving to the cloud at their own speed, rather than the haste we saw throughout 2020 and 2021 in response to the pandemic.

Evidently then, there are and will continue to be huge numbers of organisations that still need to manage and optimise legacy applications and infrastructure, whether that is solely on-premises or within a wider hybrid environment.

Managing scale and speed in an onpremises environment

One of the major benefits of cloud computing is that it allows organisations to automatically and dynamically scale their use of IT, with minimal or zero human input. But when you’re deploying an on-premises environment, organisations need to manage scale and speed themselves.

This is particularly challenging when there are pronounced fluctuations in demand. Within most sectors, there are spiking events at certain times during the year. An obvious example is within retail, where there are big shopping days such as Yellow/White Friday and Cyber Monday. And the impact of these events also extends to other industries such as financial services where banks see a massive spike in payments transactions.

IT teams need to be prepared for these fluctuations in demand, ensuring their on-premises applications and infrastructure are able to handle major spikes. They simply cannot afford any disruption or downtime, otherwise they risk losing customers, reputation and revenue.

IT teams need unified visibility across all IT environments

In order to always deliver seamless digital experiences, technologists need real-time visibility into IT availability and performance, up and down the IT stack, from customer-facing applications right through to core infrastructure. This allows technologists to quickly identify causes and locations of incidents and sub-performance, rather than being behind and spending valuable time trying to understand an issue.

Crucially, technologists need to be able to correlate IT data with realtime business metrics so they can identify those issues which have the potential to do most damage to end user experience. And when it comes to managing surges in demand, they need tools which provide dynamic baselining capabilities to trigger additional capacity within their hyperscale environment. This takes the pressure off of IT teams during the busiest times of the year.

Increasingly, as organisations move to hybrid environments, with application components running across cloud and on-premises environments, IT teams need to ensure they have unified visibility across their entire IT estate. They need an observability platform which provides flexibility to span across

both cloud native and on-premises environments — with telemetry data from cloud native environments and agent-based entities within legacy applications being ingested into the same platform. This unified visibility and insight are crucial for technologists to cut through complexity and manage soaring volumes of data.

Currently, most IT departments are deploying separate tools to monitor on-premises and cloud applications, and this means they have no clear line of sight of the entire application path across hybrid environments. This means they are having to run a split screen mode and can’t see the complete path up and down the application stack. As a result, it becomes incredibly difficult to troubleshoot issues which means that MTTR and MTTX inevitably go up.

While the shift to modern application stacks will undoubtedly grow in popularity, the reality is that some organisations will continue to run most of their IT estate on-premises for some years to come. And within some industries, the shift is unlikely.

Organisations, therefore, need to keep one eye on the present, rather than focusing all of their attention on the future. They have to ensure that they have the tools and insights they need to optimise availability and performance at all times, and the capabilities to predict and respond to spikes in demand.

Crucially, where organisations are running applications which span both on-premises and cloud native environments, they need to adopt a hybrid observability strategy in which they are able to correlate telemetry data into the overarching mix of already instrumented applications through traditional agent-based monitoring systems. This unified visibility across on-premises and cloud environments will provide the foundation for seamless digital experiences at all times, and ensure that technologists are able to support their organisations’ moves to the cloud, as, when and if it happens.

35 CXO INSIGHT ME APRIL 2023

BEST PRACTICES FOR LOWERING CYBER INSURANCE COSTS

MOHAMMAD ISMAIL, REGIONAL DIRECTOR - MIDDLE EAST, DELINEA, ON HOW TO CONTROL CYBER INSURANCE COSTS WITHOUT COMPROMISING ON POLICY QUALITY

Delinea’s latest State of Ransomware Report showed a startling reduction of ransomware in 2022, with t just 25% of the surveyed IT decision makers saying they fell foul to ransomware attacks – down from 64% in the previous 12 months.

However, these encouraging statistics only tell part of the story, and those that are hit with ransomware attacks are only too aware of the devastating consequences. In 2022, more organisations reported financial loss (56%) and lost customers (50%)

compared with the previous year. In the UAE, eight out of ten companies have experienced email-based phishing attacks, with 44% leading to financial loss.

So, it’s clear that cyber insurance is still a must-have for many companies – and lots are realising this, with a Delinea report finding that around 70% of respondents have applied for cyber insurance. And with nearly 80% of businesses with cyber insurance having had to use it (often several times) –there’s no getting around the fact that many UAE companies are considering having this in place.

But it’s not always that simple, with insurers assessing each company individually to get an understanding of their particular risks and potential consequences – as well as investigating how well a company is protected against potential attacks. This means that some businesses are still likely to find it difficult to obtain affordable insurance. Consequently, some may decide to divert funds from other areas of the business, some will accept a coverage reduction or an increase in the excess just to pay a lower price, and others will give up and remain uninsured.

VIEWPOINT
36 CXO INSIGHT ME APRIL 2023

Is it all doom and gloom?

Companies should move away from doing “just enough security” to tick the boxes to get a policy and take a more strategic approach to improve their posture with security investments that cover critical aspects and are future-proof.  As Marsh noted in 2022 UK analysis “As insurer competition increases, insureds with favourable risk profiles and effective cyber controls may start to see pricing reductions.” With this in mind, here is what organisations should start considering.

1Identify risks and educate employees

Insurers want clients to understand their risks and have established risk management processes, potentially including a cybersecurity risk assessment. Identifying vulnerabilities also helps gauge any company’s cyber risk tolerance.

Insurers also want to see regular cybersecurity training beyond simple online tests or signoffs on security policies. Make cybersecurity awareness training part of the corporate culture and include it any time company-wide or departmental training is conducted.

2Track assets and privileged accounts

Organisations should have an inventory of all devices, software, and privileged accounts that attackers can target, including those used by remote workers. Identify all threat vectors and determine the value and scope of the assets to insure. Discovery tools for Active Directory accounts and passwords, service accounts, and local accounts and applications make this much easier.

3Automate passwords and use MFA

Using manual spreadsheets for password management is a red flag to insurers. Implement a privileged password management solution such as a password vault to track credentials and generate and rotate complex passwords so people don’t have to type or remember them. Use automation to apply policies consistently and avoid human error.

Multi-Factor Authentication (MFA) adds another layer of security. Show insurers the right steps have been taken to counter credential-based cyberattacks by using MFA both at login and at privilege elevation.

4Implement PAM and defence-in-depth

Hackers often conceal their activities under the guise of a legitimate administrative user. A comprehensive PAM solution helps control access to systems and data and comply with regulations. Look for software that can automate the identification and analysis of risk to privileged accounts, along with vaulting, continuous monitoring, and session recording.

Demonstrate that additional measures are taken to protect from malware attacks by implementing defence-in-depth. This includes implementing and enforcing least privilege access, restricting, or removing local admin rights, and layering in threat intelligence and endpoint protection solutions.

5Backup accounts and use endpoint security

When disaster strikes, it’s critical to recover quickly. Make sure all secrets (passwords and other credentials) aren’t tied to a single location and can be moved to a safe space. A successful password

management or PAM solution should have infrastructure redundancy for breakglass access.

An endpoint security tool also makes identifying and responding to attacks easier. Choose a solution with comprehensive monitoring, alerting and reporting capabilities for privileged behaviour on workstations and servers. IT security teams should be able to identify unexpected behaviour and conduct forensic analysis if a breach occurs.

6Monitor credential usage

Keep an eye on employees’ credential usage: 82% of data breaches involve the human element, including social attacks, errors and misuse, according to Verizon’s 2022 Data Breach Investigations Report.

Leverage a PAM solution that can monitor remote sessions, extend remote monitoring to cloud sessions, and uses Privileged Behaviour Analytics to look at what digital identities access to detect anomalies and stop attacks.

7Create an incident response plan

An incident response plan can stop a cyber breach becoming a catastrophe. It helps IT operations, security, and incident response teams to form a united front against an attack, coordinate a rapid response, and maintain business continuity. Use a customisable template to create an incident response plan. Include a checklist of roles and responsibilities and actionable steps to measure the extent of a cybersecurity incident and contain it before it damages critical systems. Conduct incident simulations to identify areas for improvement and demonstrate that response readiness is more than theoretical.

Of course, cyber insurance should never replace a robust, evolving cybersecurity program. But it is a key part of any program to help protect against the evermore severe effects of attacks such as ransomware. And the stronger your cybersecurity plans, programs and policies are, the cheaper cybersecurity insurance will be and the simpler it will be to get.

37 CXO INSIGHT ME APRIL 2023

HOW AI IS SHAPING BUSINESS

RAMPRAKASH RAMAMOORTHY, DIRECTOR OF AI RESEARCH AT MANAGEENGINE, ON CURRENT TRENDS FOR AI.

How do you see the democratisation of AI impacting enterprise IT?

From a ManageEngine perspective, the Middle East region was the fastest adopter of AI last year. Even from a product perspective, every single ManageEngine product is AI-enabled now. We talked about the democratisation of AI. Now it is all about commoditisation of AI. Artificial intelligence was seen as a niche technology a couple of years back, but now the technology has achieved escape velocity. So, it is everywhere. And now, with things like ChatGPT and new language models coming in, there is a sustained interest in AI – it is no longer going through hype cycles. It has become mainstream, and we will see more of that in the future.

How are you helping your users adopt AI?

Like always, we’re adding more Explainable AI wherever possible. We’ve seen that wherever we add an explanation, the confidence grows, and people start returning to using that feature. And we have added more AI-enabled reports. Last year, AI was more of a pull thing. Now it is a push thing. And users are also getting confident with the results. So that’s why we see more adoption. We’ve been making improvements to ensure the accuracy goes up - what was around 85 percent is now, on average, at 90 percent. This means the model has stayed in production

for a long time, has seen a lot of past data, and it’s getting better. So it’s more like a natural evolution.

Are you seeing any new use cases?

The recent trend has been on generative AI, which will be a game changer. But we will have to wait and watch how it will impact enterprises, especially IT. These are more consumer-focused tools. For example, six months back, we had DALL.E, which generates images and art from a text prompt, making a lot of ripples. And now we are seeing chat GPT making a lot of noise. These are natural language models; I see them as an enhanced version of Siri or Alexa. But the impact Siri or Alexa made on IT was very minimal.

However, where we see use cases coming up with generative AI is writing some firewall rules. For example, by looking at past usage patterns and if there

is heavy social media traffic after 5 pm, you can amend your firewall scripts in such a way that it is reduced. So there will be very niche areas where generative AI can be used. But the challenge is these models are very large today. So you need a ton of training data to train these models. At ManageEngine, we have always focused on building models with a lower footprint, meaning less data is required to train the models, but at the same time, it should be deployable at the endpoint. Though language models are important, we aren’t sure how large language models will work because the use case is very niche in service delivery.

Are you leveraging AIOps in IT management?

We eat our own dog food. We use ManageEngine in Zoho. Most of our beta releases are being tested in our production environment, and that knowledge seeps into our customers.

So we are definitely using AIOps in production.

When do you expect AI-enabled hardware to come to the market?

In the consumer world, we already see a lot of headphones with powerful noise cancellation technologies and in-built voice-to-text features, etc. On the hardware side, now we have things like FPGAs (Field Programmable Gate Arrays), where you can customise your chipset for workloads you have. We are working on bringing AI models to FPGAs so that you can remove the clutter from the CPU. The CPU does what it does, and then all of your AI is done on this FPGA platform. For example, Intel has QSV chips. What it does basically is when you receive a video stream or on a Zoom call, it does not tax the CPU; it goes into the QSV chip. Now we see such specific hardware-enabled AI chips coming to the market. Everybody’s working on it. Intel is working on it. Nvidia is working on it. Even from the inference perspective, the training can be done on your cloud without taxing the CPU on FPGAs. We don’t make hardware but work with many of these hardware companies to ensure our models are FPGA compatible. Again, we are looking at this from a cloud perspective, not hardware.

INTERVIEW 38 CXO INSIGHT ME APRIL 2023

Di gi t al Insights offers SOC as a Serv i ce, which allows yo ur organization to set up a comp l ete 24 x7 security o p e rations center (SOC365) function at a significantly lower cost than constructing an in- hou s e SO C. O u r t e am help s you detect, analyz e, in vestig ate , validate, a nd respond to threats using right mix o f people, s kills, pr ocesses, and technology.

SOC365 security exp erts look for cybersecurity

t hreats by monitoring your logs, cloud e nvironments, d evices, s ystem s and network. In addition to con stant m o nitoring, we detect and investigate cyberattacks ac ros s your entire organisation.

In an event of intrusion /a ttack, o ur SOC team will p rovide incident response immediately and will support yo ur internal IT o r security team to be gi n remediation.

C o mplete IT C ompliance & Security Ma na gem ent in a Sin gle Pane of Glass for PCI DSS, I S O 27001, HIPAA, a nd SOC 2.

Rapid on-boarding and deploymen t provides immediate c y b e r threat protection.

www.digitalinsights-uae.com | info@digitalinsights-uae.com www.soc-365.com | info@soc-365.com
from
24/7/365 Security Monitoring Vulnerability Assessment Asset Discovery Incident Response Intrusion Detection Behavioural Monitoring Integrated Threat Intelligence Compliance Reporting Network Traffic Analysis Penetration Testing Endpoint Detection & Response
Key Benefits of our SOC365 Security Operation Center are: 24/7 SOC365 Security Operation Center UAE +971 4 2415 888 | UK +44 203 130 1723
“We protect organisations
Cyber attacks”
The

CHANGING THE STATUS QUO

The last few years have introduced unprecedented business conditions for every industry, but among the most heavily affected are cloud-based services that are run by the global network of data centers. The business model has changed to accept new realities and fulfill new obligations—and extrapolating this recent history into the near future is an uncertain exercise at best. Nevertheless, it is of vital interest that we do gain as clear a perspective as

possible—because more of the world depends on cloud services, and by extension, data center operations than ever before. If there’s one thing we know the future holds, it’s that our dependence on them is going to increase.

An unprecedented one-two-three punch

The challenge is that over recent years the baseline has continued to move. First, the world was rocked by global COVID-19 lockdowns and the overnight reality of

hundreds of millions of people working and learning from home. This shift threw immense pressure onto data centers to handle high-bandwidth video and other cloud-based applications over a much more widely distributed area.

Then came the worldwide supply chain disruptions and labor shortages, making it hard for data centers to build out additional capacity because they couldn’t find critical components or the skilled people to install and run them.

And most recently, global inflation and spiking energy prices, exacerbated by the conflict in Ukraine, have forced companies and nations alike to further rearrange their supply chains and make adjustments to continue operating persistently elevated energy costs.

Note that these are just world events that aren’t even exclusive to the business of data centers. In addition, the growing social and commercial role of back-end data center processing and storage has presented just as many challenges.

VIEWPOINT
40 CXO INSIGHT ME APRIL 2023

Doing more, in more places, with less margin for error

Consider all the new applications that rely on capable, reliable data center support to operate. For instance, there is the mobile app ordering at your local restaurant, the high-speed robots in a warehouse picking your online order just minutes after you hit “Check Out” and even the driving assist-equipped vehicle in the next lane. The speed and volume of data being generated, processed and transported by these applications and countless others is growing exponentially. The world cannot afford downtime, no matter if the consequence is a delayed lunch order or compromising the full efficacy of a 5G-connected driving-assist system, especially since Dubai Smart Self-Driving Transport Strategy aims to transform 25% of total mobility journeys in Dubai into selfdriving by 2030.

Low-latency 5G is unlocking the bandwidth—and just as important, the low latency—that many of these new and amazing applications require to work. All that gets piped to data centers, which are increasingly being moved to the edge of the network to shave those last few precious milliseconds off the response time reporter (RTR).

Energy efficiency will drive data center evolution in 2023

For all data center environments, efficiency is not so much a metric for profitability as it is a metric for survival. Whether a small to mid-sized multi-tenant data center or a vast cloud or hyperscale deployment, the intense, simultaneous pressures of demand and expenses— particularly energy expenses—will determine its future.

The bottom line is that data centers must increase the efficiency of their delivery of services, using fiber and edgebased infrastructure, as well as machine learning (ML) and artificial intelligence (AI). And at the same time, they must increase the efficiency of operations—and that means reducing energy use per unit of compute power.

Certainly, cost is the most obvious factor when weighing energy efficiency,

but it’s by no means the only one. Consider how customers and investors are growing more attuned to how their corporate partners source and use their electricity.

Going into 2023, sustainability will be a critical topic in the Middle East, as Dubai plays host to COP 28 and the region works towards meeting its Net Zero

commitments. That is why it is so urgent that energy efficiency takes top priority and data centers make critical upgrades to that end.

On a more strategic level, moving data centers to the edge of the network, connected by high-speed fiber, can improve energy efficiency as well as latency. Also, consider locations where there is access to renewable energy sources like wind, solar, hydro and nuclear.

For the largest cloud and hyperscale data centers, there is an opportunity to take advantage of localised power generation in various forms, to both power the data center, and if excess power is generated, provide back to the grid.

Efficiency flows downstream

While many may never appreciate the broader social and commercial impact a data center has on the world, it’s worth remembering how fast, robust data storage and processing can improve all of the most vital parts of our days—and indeed, our lives.

For instance, every day, the cloud-based services that data centers enable, help:

• Employees to connect with each other and work efficiently from their homes, office, or while traveling

• Factories to build, stock, manage and ship products with robotic labor that prevents countless workplace accidents and injuries

• Ordinary people to create expressive user-created content that connects individuals across a school or around the planet in gaming, social media and the metaverse

• Service providers to stream all kinds of entertainment and information content to homes, laptops and mobile devices in a seamless mesh of connectivity

All of these examples, and countless others, demonstrate how much efficiency in our daily life depends on data centers—and that demonstrates how important energy efficiency will matter to those data centers in 2023 and beyond.

41 CXO INSIGHT ME APRIL 2023
THE BOTTOM LINE IS THAT DATA CENTERS MUST INCREASE THE EFFICIENCY OF THEIR DELIVERY OF SERVICES, USING FIBER AND EDGEBASED INFRASTRUCTURE, AS WELL AS MACHINE LEARNING (ML) AND ARTIFICIAL INTELLIGENCE (AI). AND AT THE SAME TIME, THEY MUST INCREASE THE EFFICIENCY OF OPERATIONS—AND THAT MEANS REDUCING ENERGY USE PER UNIT OF COMPUTE POWER.

HYBRID IT IS HERE TO STAY

F5 REPORT FINDS GLOBAL ORGANISATIONS CONTINUE TO GRAPPLE WITH MULTI-CLOUD PPPORTUNITIES AND CHALLENGES

Hybrid IT here to stay, according to F5’s 9th annual State of Application Strategy Report (SOAS).

Globally surveyed IT decision-makers claim that more than one-fifth of their applications are hosted in six different environments, resulting in a series of security and operational challenges, as well fuelling demand for multi-cloud networking solutions.

“App hosting decisions are typically based on specific goals, and organisations have realised that there’s simply no one environment that’s best for them all,” said Lori MacVittie, Distinguished Engineer at F5, and SOAS report co-author.

On-premises deployments remain the foundation of today’s application architectures

Against this hybrid-centric backdrop, the SOAS report found that that public cloud aspirations (and hype) are returning to earth.

In 2018, 74% of survey respondents planned to deploy “up to half” their apps in “a cloud.” Today, just under half of respondents (48%) say they currently have any apps deployed in the cloud, and on average organizations deploy only 15% of their app portfolio in the cloud.

After years of decline, the percentage of applications hosted in traditional, on-premises data centres grew by 2%

over 2022 levels to 37%. The share of on-premises deployments exceeds 50%, as both traditional and cloud environments exist on premises.

Although most other deployment models—such as public cloud and SaaS—have been on the rise in recent years, each levelled out or slightly decreased in 2023. The mobility of applications facilitated through app repatriation is a key driver of that trend. This continues at high rates for the second year in a row: more than a third (43%) of respondents are repatriating apps or plan to do so soon.  The need to control app sprawl in a multi-cloud world is the top motive here, cited by 54%.

REPORT
42 CXO INSIGHT ME APRIL 2023

Repatriation is especially concentrated in the financial services, telecommunications, and technology industries—those likely to be juggling multiple clouds and potentially also the most likely to possess the necessary skills to efficiently manage their apps on premises.

Private clouds host only 17% of the average enterprise portfolio—barely half as much as on-premises data centres. SaaS is close behind at 16% (though technically it’s a consumption model, not a deployment model).

The overall picture is one of hybrid diversity anchored by business priorities for data sovereignty, risk management and customer experience requirements.

Modern app architectures are everywhere.

Every surveyed organisation operates modern apps, consumes SaaS, or does both. On average, more than a third (40%) of their portfolios (excluding SaaS) can be described as modern, which includes mobile apps and the use of microservices. This percentage has been growing steadily and is expected exceed 50% (and probably 60%) by 2025.

Nevertheless, 95% of organizations still operate traditional apps, with 85% stating that they are managing and securing both.

When it comes to retiring traditional apps, 59% of respondents are replacing them by building modern versions. Organisations in manufacturing and government are most likely to build their own. Meanwhile, about 46% of organisations—healthcare prominent among them—are replacing traditional apps with SaaS offerings. One in five expect to simply decommission apps that are no longer needed.

At the same time, 16% have no plans to retire traditional apps that may preserve core business functionality, as in banking or insurance. In industries such as energy, healthcare, or telecommunications, where slow-

moving regulatory requirements tend to lock in technologies, up to 33% of respondents expect to retain traditional apps.

The SOAS report predicts that the percentage of modern apps in the average portfolio across industries is likely to steadily rise throughout the decade. A significant portion of those may be microservices chained together solely to interface with a traditional app.

App security and delivery technologies are also distributed  59% of SOAS respondents deploy app security and delivery services on premises, and an equal majority deploy at least one in a cloud.

Cloud deployments are especially common for security technologies. But the delivery of app security and delivery technologies via SaaS is growing in popularity. Nearly one-third (30%) use this method, which can help grow and scale apps across clouds or other environments without increasing complexity or reducing control.

Identity and access management (IAM) technologies such as SSL VPN, single sign-on (SSO), and identity federation are the most commonly deployed app services today. Notably, the number of different app services deployed overall has more than doubled since 2017.

Multi-cloud challenges continue, but solutions exist.

Nearly nine of every 10 respondents operating in multiple clouds continue to cite challenges with multi-cloud security, performance, and cost.

The top challenge in 2023 is the complexity of tools and APIs that results from the lack of standardisation or interoperability of the tools used for different deployment models (39%). Applying consistent security policies is the next largest challenge for the second year in a row (36%), performance optimisation (36%), and determining the most cost-efficient cloud for the app (35%).

“These challenges are no doubt why organisations in the Americas and EMEA called multi-cloud networking the most exciting trend over the next few years,” said MacVittie.

To keep pace with all the challenges and opportunities, the SOAS report recommends that organisations embrace and combine complementary approaches, including IT practitioners that aren’t limited to siloed expertise, process methodologies such as site reliability engineering (SRE), and tools such as declarative deployment policies.

Crucially, they also need to explore app security and delivery technologies that cross deployment models, may be delivered as a service, perform consistently across all the organisation’s distributed apps and architectures—including those it obtains as SaaS.

“Digital business requires an adaptive IT infrastructure, and organisations need solutions that mitigate the challenges of operating in hybrid and often multi-cloud landscapes,” MacVittie concluded. “The key to easily achieving that is to engage with partners whose solutions extend the connectivity of multi- cloud networking to secure and deliver all kinds of apps and APIs that are distributed across various clouds, data centres, and edge locations.”

43 CXO INSIGHT ME APRIL 2023

NVIDIA GeForce RTX 4070

NVIDIA announced the release of the GeForce RTX 4070, its latest addition to the RTX 40 series lineup. Starting at AED 2,579, the RTX 4070 joins the RTX 4090, 4080, and 4070Ti GPUs in bringing the latest NVIDIA technologies to gamers and creators worldwide.

The GeForce RTX 4070 is the ideal GPU for 1440p resolution gaming and allows streamers and content creators to create even faster with RTX acceleration and AI tools. The GeForce RTX 4070 benefits from the NVIDIA RTX platform, including NVIDIA DLSS 3, NVIDIA Reflex, NVIDIA Game Ready Drivers, RTX Video Super Resolution, and more. The GeForce RTX 4070 with DLSS 3 is on average 1.7x faster compared to last generation’s RTX 3070Ti with DLSS 2. It is also 20% faster on average in traditional games while reducing average gaming power consumption by 23%.

GeForce RTX 4070 graphics cards will be available from April 13th in the NVIDIA in-house Founders Edition design

Kingston FURY Renegade Pro

Kingston FURY adds to its DDR5 memory lineup with the introduction of the Kingston FURY Renegade Pro DDR5 RDIMM, a new overclockable server-class memory module designed to meet the computing demands of next-gen workstations and high-end desktops.

For platforms that use DDR5 Registered DIMMs, Kingston FURY Renegade Pro DDR5 RDIMMs provide the high bandwidth and increased reliability that users like creators, engineers and data science professionals require to meet the workload demands of the latest applications, all

from select retailers, as well as custom boards, including stock-clocked and factory-overclocked models, from top add-in card providers such as ASUS, Colorful, Gainward, GALAX, GIGABYTE, INNO3D, KFA2, MSI, Palit, PNY and ZOTAC. GeForce RTX 4070 graphics cards will also be available in desktops from top system builders worldwide. For a limited time, gamers that purchase eligible GeForce RTX 4090, 4080, 4070Ti and 4070 graphics cards and desktop PCs from now until May 8th, 2023, will receive the Overwatch 2 Ultimate Battle Pass plus an additional 1,000 Overwatch 2 Coins, a $40 value.

without sacrificing the data integrity and superior quality grade found with server-class memory. DDR5 Registered DIMMs feature on-die ECC built into the DRAM memory component and support module-level ECC, capable of detecting and correcting multi-bit errors.

With Plug N Play at 4800MT/s, Kingston FURY Renegade Pro DDR5 RDIMMs enable users to automatically overclock without having to mess with settings. Or they can choose from one of the Intel XMP 3.0 certified and motherboard qualified four and eight channel kits at speeds up to 6000MT/s with factorytuned timings, speeds, and voltage.

Kingston FURY Renegade Pro DDR5 RDIMMs are available in single-module capacities up to 32GB, kits of 4 up to 128GB, and kits of 8 up to 256GB. 100% tested at speed and backed by a limited lifetime warranty and legendary Kingston reliability.

PRODUCTS
44 CXO INSIGHT ME APRIL 2023

ASUS Evo Platform

ASUS has introduced its new Evo Platform Lineup of laptops to deliver the best possible performance across the board, no matter what you need to get done. The Zenbook 17 Fold OLED, Zenbook 14 OLED, and Zenbook S 13 Flip OLED all confirm to the Intel EVO platform, which is made up of laptops that meet certain standards based on usability in real world situations. These involve specifications such as processor speed, battery life, as well as Wi-Fi technology.

ASUS’ Evo Platform Lineup ensures that no matter which model you choose, you’ll be getting the very best that ASUS has to offer. A powerful Intel 12th Gen Core processor and Intel Iris X Graphics make every task easier, whether it’s streaming, browsing, editing, or just taking care of business at home. Super-fast Intel Wi-Fi 6 offers file transfer speeds up to three times faster than standard Wi-Fi. ASUS’ Evo Platform Lineup of laptops also awake in less than a second from being opened, which are much more responsive than ever.

Another key advantage of ASUS’ Evo Platform Lineup is the cinema-grade OLED display used in each model, which comes with a best-in-class color gamut.

LG SOUNDBAR SC9S

They reproduce colors with superb real-life accuracy for professional-grade visuals and offer ultrafast 0.2 ms response times and up to 120 Hz refresh rates, making them perfect for professional and creative work, or for anyone who simply wants to enjoy the very best color fidelity and motion clarity. OLED displays can also reduce harmful blue light by up to 70% compared to LCD displays, making them extra gentle on your eyes to reduce the risk of retinal damage.

LG Electronics (LG) recently introduced its new LG SoundBar SC9S, which comes in as a perfect companion for the brand’s lineup of LG OLED C series.

LG OLED has recently celebrated its 10th year anniversary, evolving into a mainstay of the premium TV market in just 10 years through its unmatched contrast which enables perfect blacks and true-to-life colors, as

well as its unprecedented flexibility and thinness creating an immersive audiovisual experience complete with seamless design. The new soundbar is the pinnacle of LG’s audio prowess and brings with it features that are practical, convenient, and stylish.

With its seamless integration with LG OLED C series, the new SoundBar takes advantage of both the TV and SoundBar sounds for creating a more detailed audio experience. Paired with Dolby Atmos, DTS:X, and IMAX Enhanced technology, users can bring home theater-like surround sound for a more immersive audio-visual experience. Featuring the world’s first Triple Up-firing Channel, the new LG SoundBar SC9S is also capable of delivering a wider range and richer soundstage. This works in hand with the Triple Level Spatial Sound, which uses a Head Related Transfer Function (HRTF) related 3D engine that creates a virtual middle layer for more sophisticated surround sound. Its companion wireless subwoofer further targets low notes and hits them with ease and top quality.

45 CXO INSIGHT ME APRIL 2023

WHY AI NEEDS HUMAN INTELLIGENCE

SUNIL PAUL, MD OF FINESSE, ON WHY WE SHOULD NOT IGNORE ACTUAL INTELLIGENCE AMID ARTIFICIAL INTELLIGENCE.

The rise of artificial intelligence (AI) has arguably changed the world of technology. AI has the potential to revolutionise industries ranging from healthcare to transportation, making our lives more efficient, productive and convenient.

As AI advances, it could replace jobs once performed by humans. Some of the jobs that are most at risk of being replaced by AI in the future include manual labour, could be automated using robots and other forms of AI; Chatbots and other forms of AIpowered customer service tools can automate routine customer service tasks, handle basic inquiries and complaints. AI algorithms can analyze financial data and make investment recommendations, potentially reducing the need for human financial analysts and advisors.

But in the excitement and anticipation of AI’s future capabilities, we must not forget the importance of intelligence itself, the skills that make us human.

Actual intelligence includes a range of skills and traits essential to human functioning, such as critical thinking, emotional intelligence, creativity, and empathy.

AI can perform tasks that require speed, accuracy, and data analysis, but lack the nuanced and complex thinking skills of humans. However, AI cannot fully replicate human creativity. Human creativity relies on our ability to connect ideas, form analogies, and think outside the box.

Similarly, AI lacks the ability to empathise with others, read and interpret social cues, and understand emotions, key components of human interaction.

Actual intelligence, or human intelligence, is currently superior to AI in several ways:

Creativity and innovation: Humans are capable of generating completely new ideas and creating novel solutions to problems. While AI can be trained to identify patterns and make predictions, it has yet to demonstrate the ability to create something truly original.

Emotional Intelligence: Humans have the ability to understand and express their emotions, and the ability to recognise the emotions of others and respond appropriately. AI, on the other hand, cannot truly understand emotions and can struggle to respond appropriately in certain situations.

Adaptability: People are able to adapt to new situations and environments and learn from experience. AI systems, on the other hand, require extensive training and are limited by the data used for training.

Common sense: Humans have a certain amount of common sense that allows them to make decisions based on intuition and prior knowledge. AI can be trained to recognise patterns and make predictions based on data, but it lacks the ability to apply common sense to new situations.

Physical Abilities: Humans have the ability to manipulate their environment, move and navigate complex environments, and perform a variety of physical tasks. While there are advances in robotics and AI that enable machines to perform physical tasks, they still lack the versatility and dexterity of the human body.

At current levels, AI can automate routine and repetitive tasks, but it cannot replicate the problem-solving and decision-making skills needed in many fields. Individuals with critical thinking, creativity and emotional intelligence are better equipped to adapt to the evolving job market.

Furthermore, it is important to recognise that AI is just as impartial and ethical as the data it uses to train. Bias in AI algorithms can lead to unfair outcomes and perpetuate systemic inequalities. Real intelligence is essential to recognise and address these biases, as humans can better  understand the social and ethical implications of her AI.

Moreover, it’s important to note that while AI may replace some jobs, it may also create new ones in fields such as AI development, maintenance, and repair. Additionally, many jobs may be augmented rather than completely replaced by AI, allowing humans and machines to work together in new ways.

In summary, AI has the potential to change our lives in many ways, but it is important not to overlook the importance of actual intelligence.  AI can perform many tasks more efficiently than humans, but it lacks the complex thinking skills, creativity, and empathy that are essential to human functioning. Real intelligence is needed to navigate an ever-changing job market, deal with AI biases, and remain human in our interactions. Therefore, as AI develops, we must continue to cherish and nurture genuine intelligence.

BLOG 46 CXO INSIGHT ME APRIL 2023

Empower your organization with Lenovo Hybrid Cloud solutions

Unlocking opportunity through IT agility –Hybrid Cloud solutions that allow you to grow at your own speed.

Scan to know more

Turn static files into dynamic content formats.

Create a flipbook

Articles inside

WHY AI NEEDS HUMAN INTELLIGENCE

2min
page 46

LG SOUNDBAR SC9S

1min
page 45

ASUS Evo Platform

0
page 45

Kingston FURY Renegade Pro

1min
page 44

NVIDIA GeForce RTX 4070

0
page 44

HYBRID IT IS HERE TO STAY

4min
pages 42-43

CHANGING THE STATUS QUO

3min
pages 40-41

HOW AI IS SHAPING BUSINESS

4min
pages 38-39

BEST PRACTICES FOR LOWERING CYBER INSURANCE COSTS

4min
pages 36-37

MAKING THE CASE FOR ON-PREM

4min
pages 34-35

SPOTLIGHT ON SECURITY TRANSFORMATION

1min
pages 24-33

THE PROMISE OF BLOCKCHAIN

4min
pages 22-23

A BLUEPRINT FOR DIGITAL SUCCESS

2min
page 20

THE EXPERTS SPEAK

1min
pages 18-19

DO YOU TRUST YOUR CLOUD?

3min
pages 16-18

TURBOCHARGING DIGITAL INNOVATION

3min
page 14

CHOOSING THE RIGHT STRATEGY

3min
pages 12-13

F5 SAFEGUARDS DIGITAL SERVICES WITH NEW AI-POWERED APP AND API SECURITY CAPABILITIES

3min
pages 10-11

VECTRA UNIFIES AI-DRIVEN BEHAVIOR-BASED DETECTION AND SIGNATURE-BASED DETECTION IN A SINGLE SOLUTION

2min
page 9

WITH SECURITY COPILOT, MICROSOFT BRINGS THE POWER OF AI TO CYBER DEFENCE

2min
page 8

GARTNER HIGHLIGHTS FOUR STEPS CIOS CAN TAKE TO MITIGATE IT EMPLOYEE FATIGUE

2min
page 7

BENYA GROUP AND SAP SIGN A STRATEGIC PARTNERSHIP AGREEMENT TO DELIVER SAP SIGNAVIO SOLUTIONS

2min
page 6

AVEVA AND PETROFAC ENTER MOU TO ACCELERATE DIGITAL INITIATIVES FOR THE ENERGY INDUSTRY

0
page 6

LURKING IN THE SHADOWS

1min
page 5

Unlock next-level travel experiences and rewards for your customers.

0
pages 2-4
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.