ISSUE 39 \ FEBRUARY 2022
FUTURE
READY American School of Dubai powers digital learning with an intelligent network
CONTENTS
14
44 PRODUCTS
AMERICAN SCHOOL OF DUBAI POWERS DIGITAL LEARNING WITH AN INTELLIGENT NETWORK
FUTURE READY
18
28
12
SECURING THE EDGE
ARTIFICIAL 28 ISINTELLIGENCE EXPENSIVE?
18
A PRIMER ON DEVSECOPS
DIGITAL 32 FOSTERING TRANSFORMATION
20 GOING CLOUD-NATIVE
THREAT 34 WHY INTELLIGENCE IS VITAL
THE EMERGENCE OF 24 MACHINE LEARNING
THE DEFINITION OF A 38 SUSTAINABLE FUTURE
OPERATIONS
26
THE FUTURE OF BLOCKCHAIN
PUBLISHED BY INSIGHT MEDIA & PUBLISHING LLC
ROBOTIC PROCESS 42 AUTOMATION PREDICTIONS FOR 2022
6
NEWS
GLOBAL DRILLING CONTRACTOR BORR DRILLING LEVERAGES IFS CLOUD UAE-BASED ADFOLKS OBSERVES 300% GROWTH IN CLOUD CONSUMPTION SOLARWINDS DATABASE PRODUCTS NOW ON AZURE MARKETPLACE FEBRUARY 2022
CXO INSIGHT ME
3
Security Analytics at Cloud Scale Securonix breaks the rules of traditional SIEMs with analytics-based threat detection, cloud-native architecture for effective, scalable cloud monitoring, and simplified management with an as-a-service model. Sheik Abideen
Chandni Rathva
sabideen@securonix.com
rchandni@securonix.com
00971529255052
+91 9228777377
For more information: www.securonix.com Follow us @securonix
© 2022 Secuonix. All rights reserved
EDITORIAL
THE NEXT SILICON VALLEY
E
arlier this month, I’d the opportunity to travel to Saudi Arabia to attend LEAP. For a debut event, I was impressed by the scale, participation, quality of speakers, and of course, the number of visitors. LEAP has cemented Saudi’s position as the largest digital economy in the MENA region and was a testament to the country’s accelerating digital revolution. The event witnessed some major announcements, including a $6.4 billion investment in future technologies and entrepreneurship by the Saudi minister for communications and information technology. This includes Aramco Venture’s $1 billion Prosperity7 fund, NEOM’s first cognitive metaverse, and the incumbent telecom operator stc’s $1 billion investment to boost regional connectivity and infrastructure to support Saudi’s rapidly expanding and cloud sector. For me, the most important announcement was the launch of the Garage, a new platform for start-ups. Set up by King Abdulaziz City for Science and Technology, the Garage aims to
create a full-service environment for local and international start-ups. The ultimate objective of this project is to create Saudi as the Silicon Valley of the Middle East. Can the Kingdom really pull it off? Right now, the country has a lot going on in its favour, with a technology sector worth more than $40 billion. Saudi has identified technology as a key enabler of its economic diversification programme. Its cloud-first policy and personal data protection laws have made rapid strides in this direction. It is already one of the fastest-growing Fintech and digital content markets in the region. In addition, it has a population big enough to sustain a talent ecosystem. Though all these augurs well, the Kingdom still has a lot of ground to cover to become a transformational technology leader in the region. It will have to foster homegrown talent and attract global high-tech companies to create an ecosystem. Right now, with its ambitious plans, executive vision, and investments in disruptive technologies, Saudi has every chance of emerging as the next Valley.
Published by
Managing Editor Jeevan Thankappan jeevant@insightmediame.com +97156 - 4156425
Sales Director Merle Carrasco merlec@insightmediame.com +97155 - 1181730
Operations Director Rajeesh Nair rajeeshm@insightmediame.com +97155 - 9383094
Publication licensed by Sharjah Media City @Copyright 2022 Insight Media and Publishing
Production Head James Tharian jamest@insightmediame.com +97156 - 4945966
Administration Manager Fahida Afaf Bangod fahidaa@insightmediame.com +97156 - 5741456
Designer Anup Sathyan
While the publisher has made all efforts to ensure the accuracy of information in this magazine, they will not be held responsible for any errors
FEBRUARY 2022
CXO INSIGHT ME
5
NEWS
GLOBAL DRILLING CONTRACTOR BORR DRILLING LEVERAGES IFS CLOUD
Christian Pedersen, IFS
I
FS, the global cloud enterprise software company, has announced international offshore drilling contractor Borr Drilling is upgrading
GARTNER PREDICTS GLOBAL IT SPENDING TO GROW 5.1% IN 2022 Global IT spending is projected to total $4.5 trillion in 2022, an increase of 5.1% from 2021, according to the latest forecast by Gartner. Despite the potential impacts of the Omicron variant, economic recovery with high expectations for digital market prosperity will continue to boost technology investments. “2022 is the year that the future returns for the CIO,” said John-David Lovelock, distinguished research vice president at Gartner. “They are now in a position to move beyond the critical, short term projects over the past two years and focus on the long term. Simultaneously, staff skills gaps, wage inflation and the war for talent will push CIOs to rely more on consultancies and managed service firms to pursue their digital strategies.” 6
CXO INSIGHT ME
FEBRUARY 2022
its existing IT platforms to latest IFS versions including IFS Cloud, IFS Cloud Services and IFS Success Services. Borr Drilling owns and operates 28 jack-up rigs of modern and high-specification designs providing drilling services to the offshore energy exploration and production industry worldwide. IFS Cloud will support mission-critical business processes, including enterprise asset management (EAM), onshoreoffshore data replication, supply chain management, and global financials. Comprehensive and on-demand insights into the condition of the platform is critical when drilling for oil and gas. Maintenance is also a high priority for rig owners as it is contributes to both uptime and cost savings. The IFS solution meets SOX compliance and lets its customer manage
maintenance, supply chain, and finance quicker and more efficient, connecting data across all these functions. It also features inbuilt replication between Head Office and rigs. IFS Cloud can be used onshore and offshore by all rigs and global support organisations. “IFS is a key strategic partner to Borr Drilling and we are very happy to continue our digitalisation journey with IFS’ latest products and technology,” says Kjetil Gran, IT Director at Borr Drilling. “IFS Cloud provides us with the comprehensive end-to-end functionality in a single platform that simplifies mission-critical business processes and provides the insigths we need to make key decisions. I look forward to continuing our partnership with IFS.” “Energy is a key focus industry for IFS,” said Christian Pedersen, Chief Product Officer at IFS. “We are proud to be able to support rig, FPSO and complex vessel owners with critical oil & gas industry functionality through IFS Cloud.”
Gartner forecasts that the IT services segment – which includes consulting and managed services – is expected to have the second highest spending growth in 2022, reaching $1.3 trillion, up 7.9% from 2021. Business and technology consulting spending, specifically, is expected to grow 10% in 2022. Through 2025, organisations will increase their reliance on external consultants, as the greater urgency and accelerated pace of change widen the gap between organisations’ digital business ambitions and their internal resources and capabilities, according to Gartner. “This will be particularly poignant with cloud as it serves as a key element in achieving digital ambitions and supporting hybrid work,” said Lovelock. “Gartner expects the vast majority of large organisations to use external consultants to develop their cloud strategy over the next few years.” In 2020, within the enterprise application software market, the cloud market became larger than non-cloud
market for the first time, due in part to the coronavirus pandemic. By 2025, Gartner expects it to be double the size of the non-cloud market. Cloud is responsible for nearly all of the 11% spending growth within the enterprise software segment in 2022 as organisations focus on upgrading their software stack to software-as-a-service (SaaS) to support continued flexibility and agility.
UAE-BASED ADFOLKS OBSERVES 300% GROWTH IN CLOUD CONSUMPTION
A
dfolks, a UAE-based engineering services company, has announced that it has seen a 300% increase in cloud consumption by companies in the UAE and wider GCC region since 2020. CIOs have started to leverage the power of cloud for better efficiency, security, and faster return on investments. According to the latest forecast by Gartner, Inc., the enduser spending on public cloud services in the Middle East and North Africa (MENA) region will total $ 5.7 billion in 2022. Adfolks, a 5-year-old tech venture supports digitally forward-thinking enterprises including Dubai Airports, DP World, Mashreq, EMAAR, Arab National Bank among several others to deliver market differentiation through smart technology solutions powered by cloud-based technologies. “The potential of cloud is massive and based on our own findings, currently, CIOs in the region have just skimmed the surface. We strongly believe that organisations in GCC can immensely
SAP, STC PARTNER FOR ENHANCED SERVICES AND DIGITAL SOLUTIONS stc, the digital enabler of digital and telco services in KSA, signed an agreement with global technology company SAP to enhance its services through a range of digital solutions. The mutual agreement aligns with Saudi Vision 2030 and will see both organisations sharing their experiences and global best practice to address customer challenges. Saud AlSheraihi, Vice President, Product and Solutions, stc said, “This mutual cooperation between stc and
benefit and race towards a positive ROI by utilising the power of cloud. We frequently run cloud assessment modules for enterprises on their legacy systems and help them make informed decisions on integrating cloud within their IT strategy. Adfolks over the years has enabled the CIOs in GCC to put a roadmap with immediate and long-term goals by adjusting the variables as per the need, for instance, scale, cost and licensing,” said Arun Mohan, CEO of Adfolks. The company works closely with CIOs to chart their digital transformation journey and focuses on building internal capabilities around upcoming tech trends. These areas are prudently chosen with close collaboration with platform providers in the cloud space. “When Microsoft started providing Azure cloud services in the region, cloud wasn’t a core component in the IT strategy for most enterprises. Skillsets in the market for all aspects starting with advocacy,
training, consulting, and actual delivery, and managed service were limited in the early days. With cloud adoption gaining momentum in the region, the case for digital transformation has never been more urgent. Strategic partners like Adfolks not only bring together the power of Azure with their services and infrastructure expertise but also help enterprises in the region develop resilience and transformation while ensuring stringent compliance and regulatory guidelines. Microsoft has pledged to invest $20 billion over the next five years in cybersecurity, quadrupling its previous annual investment,” said Yvonne Chebib, Global Partner Solutions Lead, Microsoft UAE. Organisations in the MENA region have started migrating their on-premises IT infrastructure deployments to SaaS, IaaS and PaaS cloud environments. Savings arising due to this migration are eventually routed back into the local economy, thereby making a significant contribution to the country’s digital economy. Prior to the pandemic, the organisations had one unified office with all employees in one place. With decentralisation, the boundaries of the organisation have become ambiguous. Data is all over the place, demanding a need for a comprehensive and consolidated security strategy including a strong cloud framework.
SAP is a continuation of stc’s strategy to be the digital enabler in the region by helping clients to accelerate their digital transformation. Through this partnership, we look forward to exploring potential future business opportunities, while capitalising on SAP’s global experience in innovative technologies and Solutions by stc’s investments in local capabilities and system integration expertise.” The signing took place at LEAP, KSA, a global platform for future technologies and disruptive technology professionals from around the world, witnessed Eng. Riyadh Muawad, Chief Business Officer of stc, Omer Alnomany, CEO of Solutions by stc and Mr. Christian Klein, CEO of SAP. Ahmed Al-Faifi, SVP & MD of ME North of SAP commented, “stc is
among Saudi Arabia’s most forwardthinking organisations, and together, we will leverage our resources to deliver innovative business models and application of technology. Our shared customers will benefit from increased efficiencies and cost savings that result from digital transformation solutions.”
FEBRUARY 2022
CXO INSIGHT ME
7
NEWS
SOLARWINDS DATABASE PRODUCTS NOW ON AZURE MARKETPLACE
S
olarWinds has announced its database performance monitoring products— SolarWinds Database Performance Analyzer (DPA), SolarWinds SQL Sentry, and SolarWinds Database Insights for SQL Server—are now available as fullytransactable solutions in the Microsoft Azure Marketplace, an online store providing applications and services for use on Azure. Organisations can now fulfill their license subscriptions for SolarWinds database performance management products with their Azure consumption commitment benefit under their Microsoft Azure Consumption Commitment (MACC). “We have a singular focus on helping our customers and organisations around the world accelerate business transformation, and one way we’re accomplishing this is through our participation in the MACC-transactable program,” said Rohini Kasturi, Chief Product Officer,
8
CXO INSIGHT ME
FEBRUARY 2022
SolarWinds. “Through the program, SolarWinds is a preferred vendor for governed marketplace spend. Users with committed Azure spend can use those funds to purchase our database performance monitoring products directly without the typical procurement cycles, giving them quick and streamlined access to some of the broadest and most secure database coverage available in the industry.” Organisations that take advantage of the offer can simplify the purchase, deployment, management, and renewal of SolarWinds database products to receive the in-depth performance and environmental data teams need to optimise the performance of Microsoft SQL Server and other leading database platforms running on-premises, in the cloud, or in hybrid environments. SolarWinds database performance management solutions provide intelligent recommendations based on best practices for faster troubleshooting to help accelerate
data delivery while controlling costs. The cross-platform solutions help data pros manage complexities and provide them with the visibility needed to proactively optimise the performance of databases—to mitigate the risk of business interruptions, regardless of where the databases run. SolarWinds database performance management products available through MACC include: • Database Performance AnalyzeR Database management software built for performance monitoring, analysis, and tuning with support for multiple database platforms. • SQL Sentry - Database performance monitoring for the Microsoft Data Platform, with fast root cause analysis and visibility across the Microsoft data estate. • Database Insights for SQL Server - A package of both DPA and SQL Sentry that provides broad coverage with detailed database and system metrics for Microsoft SQL Server databaserelated Microsoft Services and other leading database platforms, to help solve and optimise performance for the largest environments.
CISCO UNVEILS INNOVATIONS TO HELP BUSINESSES SUPPORT HYBRID WORK
C
isco has announced new innovations that make it easier for organisations to support hybrid work models with people working from home, in the office, or anywhere. Businesses of all sizes are adjusting to the major digital transitions that have reshaped IT plans and operations over the past two years, spanning hybrid cloud to connect private and public clouds, AI (Artificial Intelligence) and ML (Machine Learning) for the adoption of IoT, and hybrid work to connect everyone and everything securely. Hybrid work success is not simply the ability to support a remote workforce. It is the ability to adapt to change as it happens, and that starts with the network.
“Hybrid work doesn’t work without the network,” said Todd Nightingale, Executive Vice President and General Manager, Enterprise Networking and Cloud, Cisco. “The capabilities of the network empower the capabilities of the workforce. The more performance, agility, and flexibility built into networks, the stronger the workforce. Our new wireless networking solutions together with the new Catalyst switches powered by Silicon One enable hybrid work productivity and agility by connecting everyone and everything from everywhere.” New wireless networking and access innovations announced include: • Wi-Fi 6E (Catalyst 9136 and Meraki MR57): Wi-Fi 6E technology expands capacity to exceed gigabit performance. The new Cisco Wi-Fi 6E products from Catalyst and Meraki are the industry’s first high-end 6E access points that address the most demanding hybrid business environments. • Cisco Private 5G: Cisco’s Private 5G managed service delivered together with global service provider and technology partners, offers a wireless experience that is simple to start, intuitive to
PRINCE SULTAN UNIVERSITY AND VMWARE PARTNER TO LAUNCH INNOVATION CENTER Prince Sultan University (PSU) and VMware have signed a Memorandum of Understanding (MoU) to launch an Innovation Center equipped with VMware software and resources to give students, researchers, and businesses hands-on experience with transformative digital solutions for app modernisation, cloud, networking, security, and digital workspace. The MoU was signed under the patronage of H.E. Abdullah Alswaha, Minister of Communications and Information Technology, Saudi Arabia. The Innovation Center, which is expected to start operating in the first half of the year, will help foster a culture of learning and build real-world information and communications technology (ICT) skills, while providing a valuable resource to research projects underway at PSU by
(L-R) Saif Mashat and Dr. Ahmed Yamani
expanding access to VMware’s solutions. The Innovation Center will also be used to demonstrate the benefits of VMware’s solutions to local customers and partners, with the aim of helping accelerate digital transformation amongst the local business community. Dr. Ahmed Yamani, president of PSU, said, “The Innovation Center is intended
operate, and trusted for digital transitions to hybrid work and IoT. • Catalyst 9000X Switches: New Catalyst 9000X models extend the family and deliver the backbone that provides the speed, bandwidth capacity, and scale needed to support 100G/400G network access for transitions to hybrid work in the campus and extending the branch with zero trust security and power efficiency. • Introduction of Cisco Silicon One to the Catalyst Switching Portfolio: Cisco Silicon One, originally deployed in web scale and service provider networks, continues to prove its capabilities and programming flexibility to support networking innovation across enterprise networks. The new Catalyst 9500X and 9600X Series switches are powered by the Cisco Silicon One Q200.
to spur innovation, research, and learning at the university, and amongst local businesses and partners that are interested in embracing a cloud-first approach. By helping a diverse range of people and organisations gain experience with VMware’s solutions, the Innovation Center will play an important role in furthering Saudi Arabia’s digitisation agenda in line with Vision 2030.” The Innovation Center will be equipped with the full range of VMware’s solutions and will showcase disruptive technologies like edge computing, artificial intelligence, blockchain, machine learning and Kubernetes. By experiencing these technologies, it will help users to build digital foundations and embrace the next wave of innovation. VMware is dedicated to empowering educators in Saudi Arabia. In June 2021, PSU and VMware started discussions to build a Regional VMware IT Academy to support youth digital skills development in line with the aims of Saudi Vision 2030.
FEBRUARY 2022
CXO INSIGHT ME
9
NEWS
SANS INSTITUTE ANNOUNCES INTERACTIVE TRAINING PROGRAM IN SAUDI ARABIA
S
ANS Institute has announced the SANS Secure Middle East 2022 training program, to be held in-person at the Crowne Plaza Riyadh RDC Hotel & Convention Centre, from March 19 to March 31, 2022. At SANS Secure Middle East 2022, participants will develop and master essential information security skills and techniques needed to secure critical information and technology assets, whether on-premise or in the cloud. “The Kingdom of Saudi Arabia (KSA) ranks second to the US as a global leader in cybersecurity, yet due to the increase in digitalisation and an accelerated digital transformation spurred by the pandemic, we can see that the cyberattack landscape in Saudi continues to grow,” said Ned Baltagi, Managing Director, Middle East and Africa at SANS Institute. In Saudi Arabia, according to a recent VMWare report, a survey of 252 Saudis indicated 84 percent stated cyberattacks
had increased due to remote working conditions, reinforcing the need for more accessible security information and upskilling practices. “At SANS we encourage students to develop dynamic and proactive security strategies built on a foundation of Detection, Response, and Prevention,” continues Baltagi. “Events such as SANS Secure Middle East 2022 is an opportunity for professionals to enhance their approaches and revitalise their confidence in managing and leading security teams, ultimately becoming all-rounder experts in cybersecurity.” This interactive event will be delivered by industry-leading professionals and has a mix of in-person training and live online streams for the offered courses. Participants will have a comprehensive experience supported by content that is aligned with GIAC certifications, that will equip them with the knowledge and practical skills that are vital in protecting
organisations, detecting anomalies and stopping intrusions ahead of time. The in-person modules are Ned Baltagi, SANS Institute conducted by renowned cybersecurity experts, namely, Ian Reynolds for SEC401: Security Essentials: Network, Endpoint, and Cloud; Jason Jordaan for FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics; Brian Ventura for MGT512: Security Leadership Essentials For Managers; and Mark Williams for MGT514: Security Strategic Planning, Policy, and Leadership. For In-Person Live Stream training and Live Online classes, Bryce Galbraith will lead SEC504: Hacker Tools, Techniques, and Incident Handling; Jason Jordaan for FOR500: Windows Forensic Analysis; Justin Searle for ICS410: ICS/SCADA Security Essentials; and David Szili for FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response.
they transform their networks, modernise applications, and now to help adopt zero trust security architectures,” said Gary Alterson, Vice President of Security Services for Rackspace Technology. “We are partnering to evolve our service models with Rackspace Elastic Engineering support for Cloudflare Zero Trust to meet the demands of our customers for expert guidance on zero trust cloud architectures.” The Rackspace Technology Elastic Engineering for Security service provides consultative services to help businesses of all sizes around the globe gain access to Rackspace Technology security experts who are available on-demand to
help businesses customise, optimise, and manage their Cloudflare security platform. By adding Cloudflare Zero Trust into our Rackspace Security Service portfolio, Rackspace Technology can provide customers with a modernised SASE architecture that can grow rapidly with direct alignment to our customers’ strategic cloud initiatives. Broad adoption of zero trust architectures is taking place across the world, as a critical component to secure cloud architectures. In fact, a recent Rackspace Technology Survey of Global IT Leaders revealed 49% of organizations believe that adoption of zero trust security practices can help tackle their most prevalent cybersecurity challenges with network, platform, and web application attacks. Rackspace Technology is a key worldwide Cloudflare System Integrator and Accredited Managed Services Partner, providing expert services and always-on support (24x7x365) for the Cloudflare platform.
RACKSPACE TECHNOLOGY EXPANDS STRATEGIC PARTNERSHIP WITH CLOUDFLARE Rackspace Technology has announced an expanded strategic partnership with Cloudflare to offer expert services for Cloudflare Zero Trust, to help businesses reach their cloud-centric goals faster, support remote workers, and provide a Secure Access Service Edge (SASE) for their cloud applications, data, users, and devices. Rackspace Technology is offering managed services for Cloudflare Zero Trust through the Rackspace Elastic Engineering for Security portfolio which is available to customers globally. “We want to forge partnerships that really bring best-in-class cloud solutions to our customers. Our cloud-first delivery model supports businesses globally as 10
CXO INSIGHT ME
FEBRUARY 2022
NEW NUTANIX PRODUCT PORTFOLIO EASES PATH TO HYBRID MULTICLOUD
N
utanix has announced the global availability of its simplified product portfolio to align with rapidly evolving customer requirements. According to the firm, the Nutanix Cloud Platform delivers a consistent operating model across all types of clouds: public, private, and hybrid. With this launch, the company has further streamlined customers’ digital transformations by delivering an easyto-consume set of solutions. In addition to making it easier for customers to execute on their hybrid multicloud strategies, the new portfolio removes the complexity often associated with enabling a full range of hybrid cloud services across multiple environments. This is achieved by simplifying packaging, metering, and pricing to enable customers to plan for changing needs more easily, including workload expansions, cloud preferences, tech refreshes, and more. Customers can further accelerate their cloud journey by taking advantage of Nutanix validated designs and deployment best practices for common use cases.
The company has built an enterpriseready, unified cloud platform with its market leading HCI (hyperconverged infrastructure) solution as the foundation. The new, simplified portfolio includes: • Nutanix Cloud Infrastructure (NCI) provides a complete software solution including virtual compute, storage and networking for virtual machines and containers, that can be deployed in private data centers on the hardware of your choice or in public clouds with built-in resilience, self-healing, performance, disaster recovery capabilities, and security. Running NCI on public cloud, Nutanix Cloud Clusters (NC2), enables customers to accelerate their journey to hybrid cloud for agility, elasticity, and application modernisation while maintaining the operational efficiency of a unified cloud environment with common management and policies across clouds. Key use cases include cloud bursting, disaster recovery, and datacenter lift and shift. • Nutanix Cloud Manager (NCM) brings simplicity and ease of use to building and managing cloud
deployments by driving consistent governance across private and public clouds, helping customers accelerate their cloud journey. NCM delivers intelligent operations including monitoring, insights, and automated remediation making it easier for enterprises to deploy, operate, and manage their applications. • Nutanix Unified Storage (NUS) delivers distributed and software defined storage for multiple protocols (volumes, files, objects) to support a variety of workloads deployed anywhere – private, public, or hybrid cloud – with license portability in between. A single point of management for all storage resources eliminates complexity of multiple interfaces and enables non-storage experts to handle most day-to-day storage and data management tasks. Intelligent analytics integrated into the solution provide data visibility and deep insights for governance and security of data. • Nutanix Database Service (NDB) simplifies database management across hybrid multicloud environments for database engines like PostgreSQL, MySQL, Microsoft SQL Server, and Oracle Database, with powerful automation for provisioning, scaling, patching, protection, and cloning of database instances. NDB helps customers deliver Database-as-a-Service (DBaaS) and easy-to-use self-service database experience on-premises and public cloud to their developers for both new and existing databases. • Nutanix End User Computing Solutions deliver virtual apps and desktops to users worldwide from public, private, and hybrid cloud infrastructure. They provide a per-user licensing option for NCI that simplifies capacity planning by matching the infrastructure cost model to that of the end user computing platform. They also include a simple, fast, and flexible Desktop-as-a-Service (DaaS) platform that can run end user workloads on NCI, on public clouds or on hybrid clouds.
FEBRUARY 2022
CXO INSIGHT ME
11
VIEWPOINT
SECURING THE EDGE JOHN MADDISON, EVP PRODUCTS AND SOLUTIONS AT FORTINET, WRITES ABOUT THE NEED FOR A ZERO TRUST EDGE STRATEGY
T
oday’s hybrid workers require access to distributed applications deployed in the datacenter, multi-cloud environments, and SaaS locations. Digital acceleration involves adopting and implementing new technologies and practices to improve business agility and employee productivity. But it is also redefining the network edge— especially in today’s Work-fromAnywhere world where users move between on-premises locations, interconnected branch locations, home offices, and temporary locations during travel—thereby expanding the attack surface and exposing the business to new, advanced threats. Unfortunately, most traditional network architectures were built using disparate and statically deployed point products that provide implicit access to all applications. However, such an approach is no longer effective at providing secure access to critical resources at scale, especially as users, devices, and applications are in constant motion. And the inevitable rerouting of traffic to fixed security points for inspection severely impacts user experience, especially when those tools cannot adequately examine encrypted application, data, and video streams. Far too often, the default response in many organizations has been to bypass security to not impact critical business operations. And the result has been disastrous, with ransomware, phishing, botnet, and other criminal activity now at an alltime high.
12
CXO INSIGHT ME
FEBRUARY 2022
network infrastructure, including connectivity, while providing explicit access to applications based on user identity and context.
What’s needed is a secure Digital Acceleration strategy that ensures that new technologies can be adopted and new, highly dynamic edges can be established without compromising the protection of critical data or the security of users and devices. Zerotrust is based on the principle that every device or user is potentially compromised, and therefore every access request must be authorised and continuously verify. And even then, users and devices can only access those resources required to do their job and nothing more. This same approach is now being applied to the remote edges of the network, a strategy known as the “Zero Trust Edge.” This new zero-trust approach to securing the expanding edges of today’s networks helps ensure that Security-Driven Networking – the critical convergence of security and networking – is everywhere. This enables security to seamlessly adapt to dynamic changes to the underlying
Security-Driven Networking from Fortinet Forrester recently described a solution they have dubbed the “All-In-One Zero Trust Edge” in the Now Tech Report published in December 2021. In that report, they described the future of next-generation networking infrastructure as bringing together networking and security in any combination of cloud, software, and hardware components, securely interweaving users, data, and resources using essential zero-trust principles. Fortinet is recognised in this report. We believe that’s because we uniquely bring together all components needed to converge networking and security and can then deploy them on premises and in the cloud, including SD-WAN, NGFW and ZTNA. This ensures that we can deliver consistent convergence and zero implicit trust everywhere. We call this Security-Driven Networking. Fortinet’s Security-Driven Networking approach starts with FortiOS-based innovations, including our on-premises SD-WAN and nextgeneration firewall secure access solutions, which also includes built-in ZTNA. It continues in the cloud with Fortinet’s cloud-based secure web gateway, CASB, and ZTNA solutions for remote users. What is a Zero Trust Edge Solution? Fortinet’s Security-Driven Networking
4
ZTNA Everywhere: Finally, Zero Trust Network Access (ZTNA) is essential for securing access to the critical applications and resources today’s hybrid workforce demands. However, protecting a hybrid workforce that may be in the office one day, working from home the next, and traveling another requires a ZTNA solution that is available everywhere users or devices are located. Unlike traditional VPN, ZTNA provides explicit access to users per application based on identity and context. Fortinet is the only vendor with a ZTNA solution designed to protect access from any edge, not just a few edges.
innovations deliver the industry’s most complete Zero Trust Edge solution:
1
SD-WAN: Providing better path and user-experience to applications and services using SD-WAN is foundational for any Zero Trust Edge solution. Fortinet was the first vendor to blend advanced security and connectivity into a unified solution. Our Secure SDWAN solution securely interconnects all offices to every datacenter, multicloud, and SaaS environment. And in addition to reliable connectivity and cloud on-ramp, it includes a full suite of advanced security, enables dynamic segmentation to prevent lateral threat movement for East-West protection, and maintains superior user experience through digital experience monitoring.
2
Hybrid Convergence of Networking and Security: Zero Trust Edge must also support today’s highly dynamic networks. Legacy security solutions struggle to provide consistent policy distribution, orchestration, and enforcement when the underlying network is in constant motion.
Integrating security and networking into a unified system is essential for deploying consistent security everywhere, both for on-premises and remote users. Fortinet is the only vendor to deliver networking and security convergence powered by the same operating system (FortiOS) to offer seamless policy distribution and orchestration. We also provide the industry’s highest security performance using our purpose-built security ASICs, enabling the inspection of encrypted traffic, including streaming video, without impacting user experience.
3
Secure Remote Access: Clouddelivered security that securely connects all remote users is essential to any Zero Trust Edge solution. Comprehensive web security from the cloud must provide multiple layers of defense with AI-driven web filtering, video filtering, DNS filtering, IP Reputation, Anti-botnet service including the ability to address data loss prevention and protect mobile users with in-line CASB integration.
Fortinet’s Security-driven Networking Approach to Zero Trust Edge Fortinet’s innovative approach to Zero Trust Edge converges enterprise-class security and networking everywhere across the network. This unique ability ensures secure access to critical applications and resources, whether users are on-premises or accessing resources through the cloud. Our Security-Driven Networking approach— including our unique combination of exclusive purpose-built ASICs, clouddelivered security solutions, and integrated networking capabilities— enables superior user experience combined with coordinated threat protection for every network edge. Zero Trust Edge resolves one of the most enduring challenges facing today’s IT teams: extending enterprise-grade security and granular access control to remote workers. Fortinet’s Security-Driven Networking approach provides a unique solution to overcoming user experience, siloed and disconnected networking/security technologies, and implicit trust challenges that create obstacles for today’s organizations serious about digital acceleration and implementing an effective—and secure—work from anywhere strategy.
FEBRUARY 2022
CXO INSIGHT ME
13
COVER STORY
14
CXO INSIGHT ME
FEBRUARY 2022
SHAPING T THE FUTURE GRANT WEAVER, IT DIRECTOR, AMERICAN SCHOOL OF DUBAI, EXPLAINS HOW THE INSTITUTION REVAMPED AND BUILT A ROBUST NETWORKING FOUNDATION TO POWER DIGITAL LEARNING AND DELIVER SEAMLESS CONNECTED EXPERIENCES FOR STUDENTS AND STAFF ALIKE.
oday most students are digital natives and expect ubiquitous technology from their learning environments. As a result, schools and universities must simultaneously support many students, staff, and guest devices to enable digital learning successfully. This means a robust and secure network infrastructure that can handle a high amount of traffic at any given time is vital. The American School of Dubai (ASD) is a not-for-profit institution providing academic excellence for an international community of PreK-12 students. The institution decided that it needed to revamp its network
FEBRUARY 2022
CXO INSIGHT ME
15
COVER STORY
ASD’S IT STAFF NOW HAS COMPLETE CONTROL AND VISIBILITY ON ALL ACTIVITIES THROUGH A CENTRALISED NETWORK MANAGEMENT SOLUTION. THE NEW SOLUTIONS ALSO ELIMINATE NETWORK ACCESS ISSUES AND DELAYS – ENABLING STUDENTS AND STAFF TO ACCESS RESOURCES WITHOUT ANY LAGS. framework and bring in advanced technologies to help students and staff have optimal experiences. Networks are the IT backbone of any corporate, and it is the same for a school. ASD enjoys a long-standing and rewarding relationship with Extreme Networks. So, the vendor was the obvious choice to help bring in scalability, enhanced security, high performance and availability, better connectivity, and increased visibility to ASD’s busy network infrastructure. Grant Weaver, IT Director, American School of Dubai, says, “When we started building the network a decade ago, it was easy to buy any product or solution. However, the after-sales support, which is very important, often fell drastically short. Looking ahead, we knew we would have to transform our core edge switching and wireless to keep up with the increasing digitalisation demands from our students and staff. “We were looking for a long-term relationship and reached out to 16
CXO INSIGHT ME
JANUARY 2022
Extreme Networks for our immediate needs as well as charted out a 10year plan. Today they have exceeded our expectations from that initial discussion. It’s rare to get the opportunity to plan an IT roadmap for the next decade and successfully realize it.” Weaver explains that the vendor understands how a school network differs from a corporate one and customises their offerings to meet ASD’s unique needs. “For example, when the bell rings at the end of a class, the network utilisation drops to almost zero. The kids shuffle around, and they go to their next class, and when the bell rings again, there is an immediate spike as they log on and access their school materials. We can see this jump in our graphs and charts. It is not a steady flow throughout the day as it would be in corporate networks. Our network needs to be robust enough and can absorb these hits as a multitude of devices simultaneously registers. “This was a point that we discussed with Extreme Networks early on, and the company has delivered satisfyingly and served us well in this regard,” he says. The school has recently upgraded its network with Extreme Wi-Fi 6 and ExtremeCloud IQ solutions. It will now be able to better meet their digital goals and gain network automation, security, and valuable insights. ASD’s IT staff now has complete control and visibility on all activities through a centralised network management solution. The new solutions also eliminate network access issues and delays – enabling students and staff to access resources without any lags. Extreme’s solutions also delivered advanced Network Access Control (NAC) to ASD. Weaver says, “We have had a rock-solid NAC thanks to Extreme Networks’ solutions. We simultaneously refreshed our wireless and edge and moved from Extreme’s first-generation X450
access switch to X450-G2. What was exceptional about Extreme Networks NAC was that it allowed us to define and manage security policies centrally. We could also easily adhere to access control across wireless or wired through automatic port authentication based on MAC address. This has been a great feature. We also get notified if unrecognised devices log on to the network. Another aspect that differentiates school networks from corporate ones is the risks involved. For typical organisations, bad actors often raise concerns such as security breaches. Whereas for schools, on top of the usual security issues, there are also risks of students accessing or downloading resources without authorisation that could disrupt the network. “We probably have a more utilised NAC than a lot of other business environments. Some of these students are brilliant and intrigued by cybersecurity. We now have them white hat for us instead of black hat against us. Even though they are not doing corporate espionage or running ransomware, it can still be very disruptive which is why strong network access control is necessary,” the IT Director adds. ASD exclusively uses Apple devices, and according to Weaver, Extreme is configured in such a way that they are abreast with the latest technologies and works closely with Apple. “This is why their solutions work perfectly right from day one within our infrastructures. “It’s been fascinating to work with Extreme Networks and watch it grow impressively. Our partnership with them has also allowed us to grow as a school at the same time. Their solutions will continue to help us future-proof our infrastructure and power a new connected and interactive learning experience for students and staff,” Weaver concludes.
Level-up your marketing game with Toggll Marketing Services for businesses of all sizes
DEMAND GENERATION WEBSITE DESIGN & DEVELOPMENT
Scan to get your FREE Digital Brand Audit now! www.toggll.com/levelup
MOBILE APP DEVELOPMENT WHATSAPP CHATBOTS VIRTUAL EVENTS DIGITAL ADVERTISING SOCIAL MEDIA MARKETING CORPORATE VIDEOS CASE STUDY DEVELOPMENT CUSTOMER SURVEYS CUSTOMER EXPERIENCE STRATEGY
VIEWPOINT
A PRIMER ON DEVSECOPS GREGG OSTROWSKI, EXECUTIVE CTO, APPDYNAMICS, ON HOW DEVSECOPS CAN ESTABLISH SECURITY TEAMS AS CX INNOVATORS
I
n 2022, people across the UAE will continue to carry out many of their daily life activities online via digital services and applications. Everything about an application — from its performance, to its use or the handling of its data — will come under much scrutiny. AppDynamics’ recent App Attention Index established that 69% of UAE consumers hold brands accountable for poor application performance. And 73% say that brands have one chance to impress them or they will lose them forever if their digital service does not perform well. In this digital era, software relies on cloud-based and distributed service, but it also means an ever-expanding
18
CXO INSIGHT ME
FEBRUARY 2022
security perimeter. Customers are understandably wary of entrusting their personal and financial details to brands, so they need to find ways of keeping their platform safe while delivering the very minimum of intrusive security requirements for their users at the front end. Not an afterthought Today, security as an add-on is no longer the most effective method from the agile-development and compliance standpoints. The development cycle must include security as an integral element, meaning DevOps and security teams must work together to secure the IT stack while enhancing digital
offerings. Our report — Agents of Transformation 2021: the rise of full-stack observability — found that 96% of IT professionals recognise the negative consequences of not using systems that provide insights into the full IT estate, incorporating performance as well as security. On the journey that security and UX teams take together, security professionals need to contribute their own insights to the experience of users. Having left the siloed past behind, UX and security can consider how to lessen the inconvenience of protection measures, implementing tighter controls that keep users safe while being non-intrusive. Too many pop-ups
will spoil a CX quickly, for example. A balance must be found. In a competitive region, UAE companies eager to keep innovating will, unfortunately, see security professionals as standing in the way of progress. This too will change if the security team plays a more active role in enhancing CX. In the UAE, our research shows that almost all consumers (95%) consider digital services to be a critical part of their daily lives, but as a result, 74% will assume the application is to blame for any issue they encounter. High performance, 24-hour availability and flawless security are the bare minimums expected by today’s digital consumers. No room for error There is no shortage of cautionary tales to illustrate the damage that can be done to a brand’s reputation in the event of a data breach. Loyalties waver and customers churn, often never to return. This leaves no room for error in the new collaboration between application design and security teams. End users, as a rule, should not be the ones to discover bugs. But if the unification of security and DevOps is handled with care, the results can include both better CX and better security response capabilities. Increased trust is always good for a brand. DevOps has established itself as the best framework for agile development. Now security personnel have joined developers and operations teams to optimise the time to market by incorporating security from the start of the development process. Welcome to DevSecOps, where security issues are easier to fix as they are discovered during the debugging process. Now there is less chance that an end user will find a bug and report it to the world before teams have an opportunity to fix it. Security that is integrated into each layer also prevents the need for expensive and arduous fixes. A recent ESG Research report revealed 78% of enterprises that leveraged DevSecOps had faster time-to-market (TTM).
IN A COMPETITIVE REGION, UAE COMPANIES EAGER TO KEEP INNOVATING WILL, UNFORTUNATELY, SEE SECURITY PROFESSIONALS AS STANDING IN THE WAY OF PROGRESS. THIS TOO WILL CHANGE IF THE SECURITY TEAM PLAYS A MORE ACTIVE ROLE IN ENHANCING CX. Full-stack observability on the rise But mature DevSecOps does not happen in isolation. Uniting the security team with DevOps will only work if all contributors have a comprehensive view of the entire technology stack. A full-stack observability platform shows an organisation the processes and
interdependencies within architecture that can affect the security and performance of its applications and their supporting layers. Along with the silos of the past, DevSecOps needs to get rid of the various department-specific tools that came with those siloes. And their data needs to be warehoused to provide a single view of the digital estate. The DevSecOps team will, as a result, plan its launches and iterations using a common baseline of knowledge. This accelerates development cycles and reduces downtime. Performance and security data, including real-time alerts and vulnerabilities, is available to developers and their operations and security colleagues. What follows are secure experiences that delight consumers and ensure their return. 2022 will be a period of hot competition for the region, in which companies will vie for the attention and approval of more and more online customers. DevSecOps is the ultimate collaboration, bringing together everything that those customers care about — “Dev” for the experience, “Sec” for the safety, and “Ops” for the performance. Companies that get this mix right will enjoy greater loyalty and trust and become leaders in the experience economy.
FEBRUARY 2022
CXO INSIGHT ME
19
FEATURE
GOING CLOUD-NATIVE STEPS FOR MAKING A SUCCESSFUL TRANSITION TO CLOUD-NATIVE APPS.
20
CXO INSIGHT ME
FEBRUARY 2022
Ayman Al Shaikh
C
loud-native refers to a modern approach to developing and running software applications, taking advantage of the dynamic nature of cloud computing. Cloud-native entails various techniques and tools, and according to the Cloud Native Computing Foundation, containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach. IDC says organisations adopting cloudnative development need to implement platform as a service, cultivate developer familiarity with cloud-native technologies, deepen their adoption of DevOps, and create a developer-centric culture within their organisation. What are the top cloud-native trends to watch out for in 2022? “By leveraging cloud-native architectures to build and run applications, organisations can bring ideas from the drawing-board to production faster and accordingly, respond to customer needs more quickly,” says Kapil Arora, MultiPractice Leader, Kyndryl Middle East & Africa. As businesses adopted more virtual ways of working and delivery of digital services due to the COVID-19 pandemic, the need for shifting workloads to the cloud to leverage the resiliency and
Kapil Arora
WHEN IT COMES TO APPLICATIONS, A CLOUDNATIVE PLATFORM PROVIDES AUTOMATED SCALABILITY, FASTER DEPLOYMENT TIME, RIGHT-SIZED CAPACITY, IMPROVED RELIABILITY, AND RAPID RECOVERY TIMES THROUGH SELF-HEALING AT A SIGNIFICANTLY LOWER COST OF SETTING UP AND MANAGING THE UNDERLYING IT INFRASTRUCTURE. global accessibility it has to offer has also increased. It will continue to grow in 2022 and over the years. Further, cloud computing continues to advance greatly and evolve with exciting new use cases aiming to solve newer business problems. Hence, we’ll continue to see the rapid increase in cloud adoption also involving modernisation of applications towards more of a cloud-native platform, he says.
Most organisations are at some point on their digital transformation journey and cloud-native computing will play a part in that, says Ayman Al Shaikh, Director, CEMEA Customer Success Leader, Red Hat. He says as enterprises build more AI applications, they will want to connect this with their cloud-native computing. “Organisations are maturing on their cloud-native development journey and starting to onboard most of their applications into container platforms or develop their new applications as microservices in a cloud-native environment.” Khaled AlShami, Infor’s vice president for solution consulting in MEA, says another important trend we are likely to see is further specialisation of cloudbased solutions. “As more organisations from different sectors explore the advantages of the cloud, we will see a greater need for differentiation and specialisation of cloud services. This is perhaps not surprising – different industries have very different ICT needs, and this applies to the cloud too.” Cloud-native vs. on-prem architectures Going cloud-native has many distinct advantages over traditional application development models. When it comes to applications, a cloud-native platform provides automated scalability, faster deployment time, right-sized capacity, improved reliability, and rapid recovery times through self-healing at a significantly lower cost of setting up and managing the underlying IT infrastructure. “Additionally, cloud-native platforms have greater level of flexibility compared to that of a traditional platform which relies heavily on physical servers. Necessary scalability on cloud-native apps is achieved by breaking down its functions into microservices which eventually allows better management of individual service,” says Arora. Cloud-native apps are also cloud agnostic which enables them to
FEBRUARY 2022
CXO INSIGHT ME
21
FEATURE
“Considering its advantages and amidst the enthusiasm of going cloudnative, the challenges can easily get overlooked especially when one migrates from monolithic, legacy applications set to a cloud-native strategy. Therefore, early identification and addressing them during the cloudnative adoption and migration strategy is key to overcome such challenges,” says Arora from Kyndryl. Some of the key challenges that might arise when cloud-native technologies are used include:
Khaled AlShami
run in a highly distributed manner, maintaining independence while allocating resources based on the application needs. According to Arora, deployment Deployment is rapid and provides organisations with greater agility, resilience, and portability across cloud environments. This enables organisations to benefit from improved development-to-production cycle times, compared to traditional onprem architecture, which is relatively less flexible and requires greater investments in both CapEx towards the physical servers and skills to develop and manage. To get the most out of the cloud, applications should be cloud-native, says Al Shaikh from Red Hat. “However, most large enterprises have a legacy application backlog, so the question for them is how to modernise and integrate the new with the old. Many large enterprises struggle with DevOps, which inhibits their ability to become cloud-native. The solution is tools that are simpler to use and easier paths to becoming cloud-native, such as using container platforms.” AlShami from Infor adds that cloudnative provides true agility, making it easier for organisations to quickly set up new divisions or branches, break off business units, or merge with partners. 22
CXO INSIGHT ME
FEBRUARY 2022
Paulo Pereira
DEPENDING UPON THE SERVICES OR NATIVE APIS THAT ONE CONSUMES FROM A CLOUD PROVIDER, THERE COULD BE AN INCREASE OF THREATS DUE TO BECOMING TOO DEPENDENT ON A PARTICULAR CLOUD PROVIDER OR A SERVICE THAT IS NATIVE TO THAT CLOUD ITSELF. Cloud solutions also give business users tools to help them do their job, often from any place, anytime. In addition, remote connectivity is simplified – without risking security. The key challenges Cloud-native apps are inherently more complex, and enterprises looking to embrace this model need to avoid some common pitfalls and understand the requirements.
Security and observability – cloudnative applications are typically decomposed into individual microservices and this decomposition of business logic results in a rather complex distributed system. Additionally, these microservices need to communicate with each other over a network for the application to function. This whole ecosystem makes cloud-native applications to be inherently more complex. It makes them rather harder to secure considering there are more logical pieces to protect. It also makes it harder to monitor because guaranteeing application health also requires monitoring relationships between the services, not just the services themselves. Cloud hyperscaler lock-in: Depending upon the services or native APIs that one consumes from a cloud provider, there could be an increase of threats due to becoming too dependent on a particular cloud provider or a service that is native to that cloud itself. Paulo Pereira, Senior Director, Systems Engineering – Emerging Markets at Nutanix, sums up: “The secret to making a cloud initiative successful is to make sure that the technology stack is based on the same fundamental design principles which allow the free movement of workloads between private and public clouds. Any approach which undermines a path to easily return the workload on-prem or into a different cloud is guaranteed to cause problems during the migration and in the future.”
VIEWPOINT
THE EMERGENCE OF MACHINE LEARNING OPERATIONS NABIL ABBAS, PRINCIPAL AT BOOZ ALLEN HAMILTON, MENA, SAYS MLOPS HELP ORGANISATIONS SCALE AI FOR THE FUTURE
O
ver the past few years, Artificial Intelligence [AI] and Machine Learning [ML] have emerged as effective solutions to several global challenges. Amidst COVID-19, which drove businesses and governments to accelerate the digitisation of services, the influence of AI and ML has grown even more significant. The International Data Corporation [IDC] estimates global spending on AI to grow from $50.1 billion in 2020 to over $110 billion in 2024. AI spend across the Middle East, Turkey and Africa (META) region is expected to grow to $1.2 billion, an increase of 24.7 per cent from last year. As the world prepares for a postCOVID new normal, the outlook for AI
24
CXO INSIGHT ME
FEBRUARY 2022
appears more promising than ever. According to a survey by the AI Journal, 72 per cent of business leaders across the globe are positive about the role AI will play in the coming years. Most surveyed executives believe that AI will enable their organisations to achieve significant efficiencies and bring about innovative business models, products, and services, unlocking limitless opportunities. AI adoption is fast gaining ground in the GCC as governments pursue ambitious innovation and cost reduction targets. For example, the UAE aims to be the world leader in AI by 2031, with AI applications expanding across priority sectors, including healthcare, transportation, education, space, and
technology. Saudi Arabia, ranked first in the Arab world and 22nd globally on the global AI Index in 2020, aims to accelerate AI development in critical sectors as means to support its economic diversification agenda. The kingdom is pushing ahead swiftly with the world’s first citizen robot and a $500 billion NEOM smart city, powered by AI. Qatar continues to drive AI adoption in both public and private sectors as part of its National AI Strategy, enabling the Qatar National Vision 2030. In fact, the AI market across the Middle East and Africa is estimated to exceed $500 million in 2022, almost doubling in size relative to 2019 estimates. The impact of such a rapid
AN EXAMPLE OF THE CHALLENGES THAT ANALYTICAL ML FACES IN REAL LIFE IS MODEL DRIFT, WHICH CAN HAPPEN DUE TO CHANGES IN DATA AND RELATIONSHIPS BETWEEN INPUTS AND OUTPUTS. MODEL DRIFT LEADS TO RAPID DEGRADATION OF MODEL PERFORMANCE AND CAN IMPACT BUSINESS PROCESSES IN A PROFOUND WAY.
growth rate cannot be ignored. AI, and specifically its most prevalent type / enabler ML, is changing the way organisations approach problemsolving, decision-making, product development, and service provisioning. The capabilities of the technology have evolved exponentially over the past 10 years, thanks in large part to the sophistication and pervasiveness of pattern recognition algorithms,
known as neural networks, advances in graphics processing units (GPUs), and decreasing cost of data storage. This progression has transformed computers from tools to trusted partners. However, much of the power of ML is still isolated in small groups of specialised data scientists using these tools to solve specific problems within their respective organisations. This analyst-led use of ML, generally referred to as Analytical ML, is useful for better informed decision making on clearly defined, static use cases, using controlled data inputs. However, its usefulness in delivering consistent, reliable results is challenged in the real world where use cases are dynamic and data inputs are complex and varying. An example of the challenges that Analytical ML faces in real life is model drift, which can happen due to changes in data and relationships between inputs and outputs. Model drift leads to rapid degradation of model performance and can impact business processes in a profound way. MLOps is a standard set of practices for Machine Learning Operations
that organisations can use at scale to actualise the power of AI and deliver trusted, machine-led decisions in real time. With it, complementary processes, skillsets, and technologies work together to make AI algorithms effective and useful in real world environments by offering continuous lifecycle management of ML models development, monitoring, governance, and security. MLOps emulates the proven DevOps and DataOps models, which successfully merged the fields of software development and operations, and data technologies and operations pipelines in organisations. The below figure details how MLOps relates to other fields in the DevOps movement, and the role that each field plays in an organisation’s digital operations. As deployment of ML models becomes more mainstream, focus will shift from Analytical ML [human-driven decisions] to Operational ML [machinemade decisions], i.e., machine learning operationalised and subsequently updated through MLOps to enable and sustain desired model performance in real life situations. The Booz Allen report on MLOps aims to distill crucial information about fast-moving innovations to help build technology acumen from vantage points. Key takeaways for organisations include: • Transition from demonstrating ML-enabled use cases to launching ML-products managed from the customer perspective and working on continuously improving them • Tailor and implement an integrated MLOps operating model with clear governance and operating processes, a focused set of meaningful KPIs, and end-to-end automation • Invest in attracting and developing AI / ML talent, fostering an agile, collaborative culture • Strive for a flexible technology architecture to enable ML product adaptation and improvement at the right speed and scale
FEBRUARY 2022
CXO INSIGHT ME
25
FEATURE
THE FUTURE OF
BLOCKCHAIN IS BLOCKCHAIN FINALLY BEGINNING TO DELIVER ON ITS PROMISE?
M
ost people think of blockchain as the platform behind Bitcoin or cryptocurrencies. Having reached a crescendo of hype, this transformative technology has failed to fulfill its promise of transforming businesses. Industry experts attribute this to the fact that most enterprises lack the expertise and clear roadmap to harness the power of this disruptive technology. Gartner says 90 percent of blockchain projects fail because of the budding nature of the technology, which makes it hard for enterprises to identify 26
CXO INSIGHT ME
FEBRUARY 2022
high-value use cases. Additionally, the vendor ecosystem is fragmented and off-the-shelf blockchain solutions are almost non-existent. What are some of the top blockchain trends to watch out for this year? “High energy consumption is one of the key hindrances to adopting blockchain technology,” says Ola Lind, director of FTFT Capital. “The primary blockchain trend in 2022 will be greener blockchains and the use of less energy-intensive blockchain network architecture. In addition, many new solutions like carbon offsetting are being developed, and
the plan to switch to proof-of-stake consensus by Ethereum in 2022 is in the pipeline.” He adds blockchain applications in Metaverse are another top blockchain trend in 2022. The Metaverse is a shared, virtual world that offers immersive experiences. Blockchain is projected to operate several platforms on Metaverse with NFTs and cryptocurrencies to fuel the new digital economy in 2022. In 2022, experts also expect a surge in the development of standards and interoperability capabilities, which should facilitate the communication
Bas Lemmens
of several blockchains. Cross-chain technology is one such new technology that aims to enable the movement of value and information across multiple blockchain networks. Waleed Rassuli, Head of Tezos Gulf, says to increase adoption, especially at the institutional level, blockchains will need to increase their scalability. “So we need to reach faster transaction and lower cost. It will certainly be one of the avenues where we will see blockchain development. This along with gaming and DAOs (decentralised autonomous organisation) is going to drive the blockchain trends this year.” According to Forbes, DAOs is a collective organisation owned and managed by its members, with all of them having a voice. Many analysts and industry insiders affirm that this type of organisation is becoming prominent, potentially replacing some traditional companies. Bas Lemmens, GM EMEA at Chainalysis, believes more countries will endorse crypto over the next year. “In the UAE, we have already seen free zones in Abu Dhabi and Dubai introduce frameworks that promote entrepreneurship in the crypto space and Ahmed bin Sulayem, executive chairman and chief of the DMCC, has even projected that there will be “well over” 1,000 crypto businesses in the UAE by the end of this year. Undoubtedly, this will have a positive
Waleed Rassuli
Ola Lind
effect on job creation and other forms of value for regional economies.” He says we can also expect to see a diversification of products and content on blockchains. NFTs are perhaps the best example of this, given how much attention and investment they attracted through 2021. In fact, in the UAE, ownership of NFTs has been found to be twice the global average, according to finder.com. Through 2022, we can expect NFTs to show even greater potential, from enabling the purchase of digital art to trading positions, physical property, tickets, and a slew of additional digital entitlements. Though interest is growing in this distributed ledger technology, there is still some confusion around what blockchain can and can’t do. Blockchain can be applied to any industry, says Rassuli from Tezos. “But the two areas we have seen the most traction in the Middle East has been the payments/remittance sector and the tokenisation segment. “Tokenisation of assets is the second most popular use of blockchain. The projects we are currently working with will enable more people around the world to invest in local real estate in smaller chunks or digitise preferred equity in a hotel and residential complex from anywhere in the world. Tokenisation not only provides investors wider access but gives fundraisers access to a wider audience
because they are able to break down the investment sizes and thus mitigating risks or providing access to a newer type of investor.” Lind from FTFT Capital says the retail industry has embraced blockchain technology. Blockchain technology facilitates supply chain monitoring and offers merchants and customers more detailed information about purchasing products. Retail banking uses blockchain technology to control fraud, identify customers, cross-border payment security (especially for online retailers), and evaluate risk based on consumer data. Additionally, retailers adopting this technology accept cryptocurrency payments from their customers. Blockchain technology is being applied in transactions in exchanges. As a result, money transfers through blockchain technology are affordable and fast. It is particularly true for international transactions. “Furthermore, blockchain technology is utilised to check medicines’ legitimacy, expiration dates, and other critical information in the healthcare industry. Medical insurance companies may validate healthcare services directly from patients using blockchainenabled electronic medical records. The possibility of advancing personalised medicine through artificial intelligence and blockchain is being researched,” he sums up.
FEBRUARY 2022
CXO INSIGHT ME
27
VIEWPOINT
IS ARTIFICIAL INTELLIGENCE EXPENSIVE? TO MASTER AI AS A REVENUE CATALYST REQUIRES FIRST UNDERSTANDING ITS COSTS, WRITES SID BHATIA, REGIONAL VICE PRESIDENT, MIDDLE EAST & TURKEY, DATAIKU
A
lmost immediately after it became apparent that the world was changing under our feet, AI emerged as an enabler across the region. Suddenly, these technologies were not just being advocated by their vendors, but by analysts who pointed out that AI could help not only with battling the COVID pandemic, but in fomenting slick, robust economic recovery. Each industry could do something concrete to reinvent 28
CXO INSIGHT ME
FEBRUARY 2022
itself in the wake of seismic shifts in customer needs. Analysis of economies across the Middle East and North Africa (MENA) predicts the region will respond dramatically to these arguments. By 2030, artificial intelligence will contribute 13.6% to the GDP of the United Arab Emirates and 12.4% to that of Saudi Arabia. And these are just the frontrunners. The Middle East as a whole is expected to be home to a
US$320 billion AI industry by 2030. The benefits of machine learning and advanced data analytics are now well known, but not everyone is enjoying success with these tools, because not everyone has the optimal migration methodology in place. If ingenuity does not flow quickly from AI investment, costs can outweigh gains before the technology has had a chance to add value. To prevent this, it is advisable to analyze each use case to see which
are well-versed in the formalities of releasing it, then business value can be added more quickly.
will add the greatest benefits in terms of productivity, operational efficiency, customer retention, and so on, and then price each of them to arrive at a costbenefit ratio. Lower cost use cases can be leveraged to build trust in AI, by demonstrating value for each business stakeholder. But management of projects must happen at an umbrella level. Allowing unit heads to run their own projects in isolation can quickly lead to failure. Of course, this enterprise-wide AI approach hinges on being able to accurately analyse costs. So, what are the costs of AI? How can they be separated and examined in isolation? Getting data ready Data is food for AI. If not properly formatted (the industry term is “cleaned”) then your AI will choke. Value generation can only come from effective collation and preparation, which takes time, which represents a cost. Another term for this process is “data wrangling” — further indicating just how difficult and time-consuming this phase of the digital transformation project can be. This is where the umbrella strategy will reap dividends. By taking an enterprise-wide approach to use cases, data can be warehoused on the same basis, meaning the organisation’s data-cleaning phase is implemented
ALLOWING UNIT HEADS TO RUN THEIR OWN PROJECTS IN ISOLATION CAN QUICKLY LEAD TO FAILURE. OF COURSE, THIS ENTERPRISEWIDE AI APPROACH HINGES ON BEING ABLE TO ACCURATELY ANALYSE COSTS. SO, WHAT ARE THE COSTS OF AI? HOW CAN THEY BE SEPARATED AND EXAMINED IN ISOLATION? once, bringing siloed stores together in a uniform fashion rather than having separate data-homogenising projects for each use case. Deploying solutions Moving to production brings several headaches, especially when each project may involve a variety of workflows and stakeholders. Operationalisation, therefore, can contribute greatly to costs, as development cycles spill over from weeks into months. Here, costs emerge not only from labor but from lost revenue because the solution is not in place in a production setting. Solutions to these costs can be found in process optimisation. Consistency in the development lifecycle can serve all use cases. Creating these directives can be thought of like the datacleaning phase. If it is done properly in advance, it no longer arises as a concern in subsequent use cases. When development teams already know how to assemble and package code, and
Acquiring and retaining talent By getting the first two costs under control, the third becomes a more straightforward issue. The region is amid a skills crisis within the types of roles that typically deliver digital transformation. Data scientists and AI specialists are rare and expensive to attract. And while the cost of acquisition may be an externality that organisations cannot control, the retention or loss of such skills is entirely of their own making. By ensuring repetitive tasks like data-cleaning are reduced to oneshot projects, enterprises create roles that are more about solving problems than about chore-like grinds. In this regard, proper resourcing will be a vital component of ensuring that an organisation need only acquire a skillset once, rather than having to spend money and time on repetitive recruitment. Maintaining models and technologies When data changes, the results from existing models may not tally with reality, leading to a potential cost, and such a cost applies (by varying degrees) to each use case. So-called MLOps can be a means of controlling maintenance costs, unifying the task across use cases. At the same time, AI technologies themselves are evolving and attracting different stakeholders to new capabilities. Again, if an organisation has kept its enterprise-wide strategy in place, it can more readily evaluate new business cases. From cost centre to revenue source The region’s innovators will struggle to realise the potential of AI if costs are poorly understood. As smart technologies take an evermore-prominent position among the economic activity of nations, enterprises must look for efficiencies in their implementation. By scaling with due diligence, winners will accrue benefits more reliably and ensure that AI becomes a source of revenue, rather than a drain on investment.
FEBRUARY 2022
CXO INSIGHT ME
29
VIEWPOINT
SEVEN TRENDS THAT CAN HELP MAKE THE MODERN ENTERPRISE MORE SECURE AND AGILE SAJITH KUMAR, GENERAL MANAGER – ENTERPRISE FROM CLOUD BOX TECHNOLOGIES SUMMARIZES POSSIBLE TECHNOLOGY AND STRATEGIC MEASURES IN 2022 THAT CAN HELP TRANSFORM SECURITY FOR THE ENTERPRISE.
F
or the Boards of global and regional organisations, cybersecurity and managing digital transformation alongside, are promising to be amongst the most challenging. While Boards are doing a lot to bridge the gap between themselves and the CISO and the security organisation, here are some other technology and strategic measures that can help make the enterprise more agile and secure.
30
CXO INSIGHT ME
FEBRUARY 2022
Trend #1 The big policy reset What is the biggest and most immediate change required in an organisation’s security policies? It is the fact that majority of its employees are no longer employees but more like remote workers. Or in other words, remote workers are now the workers and remote work is now the organisation’s work. In other words, enterprises need to reset their entire security policies and tools to be
able to manage risks from this new organisational reality. Trend #2 ManaginzHow will security be deployed for the modern hybrid organisation, where workers are switching between multiple modes of working. At times they will be onsite inside the office firewall, at other times mobile and on the move, and at other times working from home. All the while accessing the wireless networks,
With this initiative, CISOs can expect much better information flow with the Board, as well as much deeper conversations about security spending, policies, proactiveness, risks and governance, strategy.
Internet or private VPNs. How will an organisation’s security architecture continuously adjust for its workers as they move across its fabric? Today’s enterprises are being turned inside out with these challenges of managing workers requiring multiple modes and levels of security access. All organisations will need to have a defensive posture and well-defined security policies and risks with regard to onsite, remote and mobile workers. One of the approaches is to develop and deploy a cybersecurity mesh, which enables a distributed enterprise to deploy and extend security where it is required the most. Trend #3 Managing enterprise assets Other than the pandemic, digital transformation is also responsible for connecting industrial, operational, IT assets that are distributed across the fabric of the organisation. These assets could be located at the edge, inside the network, at the core, and even inside other networks. Gateways and middleware are now effectively and efficiently connecting disparate networks inside enterprises that were not feasible a decade ago. To manage all these challenges, security needs to be flexible, agile, scalable and yet robust enough to deliver for workers and protect for the organisation. Trend #4 Just who is an employee? As workers move across the enterprises’ security fabric, their security access levels need to keep changing. More importantly so should their identity-based security, with zerotrust being a dominant requirement. While zero-trust identity access is not new, it gains renewed importance in the face of hybrid worker access as well integration of disparate networks driven by digital transformation. Social engineering to gain identity access is a dominant activity for sophisticated global threat actors. Hence, identity management techniques and practices need to be further elevated in terms of importance.
Along with human identities, we also have machine and robot identities, that are adding additional complexities in the overall identity access management operations. Digital technologies such as robotic process automation are driving automation of processes and each of these automated process or Bots requires a sign-on into the network and application stacks. APIs are another vulnerable hot spot where access is granted to users across multiple applications via APIs. To better manage digital transformation, enterprises need to relook at their end-to-end identity credentials across all humans, Bots, devices. Trend #5 Board improves communication Boards are now alerted to address the challenges thrown up by ransomware, advanced persistent threats, and other supply chain malware that are having disastrous effects on some global businesses. Board members have been in the spotlight for being unable to speak the same language as CISOs and therefore unable to bridge the gaps from top to bottom. Now they are forming dedicated committees headed by security experts and selected board member to bridge the gap and address the challenge.
Trend #6 Proliferation of vendors An ongoing challenge that continues into the next year is the complexity of security tools that are being managed by CISOs and IT managers. Global surveys by research firm Gartner have found that 78% of CISOs are managing 16 or more tools across their cybersecurity vendor portfolio. While 12% of CISOs are managing more than 46 tools. The harsh reality is that cybersecurity organisations have far too many tools, from far too many vendors, leading to complex management routines, continuously high demand on skills and increasing security headcount. Under these circumstances, CISOs need to begin extended vendor consolidation activities, realising that such activities take time and there is no short-term solution while heading in this direction. Another reality check is that reduction of capex spending may not be a direct, realisable benefit, but rather reduction of indirect costs and increase in operational efficiency are more achievable and realisable targets. Trend #7 Testing and validation New tools are being added to the portfolio of solutions that can be used to validate an organisation’s security vulnerabilities. One such area is breach and attack simulations that does continuous testing and validation of security controls and tests the ability to withstand external threats. It also highlights risks to high-value assets such as highly confidential data. Another area that is developing is the ability to protect data while it is being read and used, in comparison to protecting data in motion or at rest. This enhanced security allows secure data processing, secure sharing, and cross border transfers without risks.
FEBRUARY 2022
CXO INSIGHT ME
31
VIEWPOINT
FOSTERING DIGITAL TRANSFORMATION JACOB CHACKO, REGIONAL BUSINESS HEAD, MIDDLE EAST, SAUDI & SOUTH AFRICA (MESA) AT HPE ARUBA, SAYS DELIVERING THE BEST WI-FI EXPERIENCE IS GOING TO BE KEY FOR SMEs TO TAKE THE NEXT STEP IN THEIR DIGITAL TRANSFORMATION JOURNEY
S
mall and medium-sized enterprises, or SMEs as they are more commonly known, are the backbone of any economy. Businesses of this size are one of the largest creators of jobs and are the cornerstone of investment. However, if they fail to optimise their use of technology and digitally transform their workplaces in the coming years, they will struggle to compete in a hyper competitive marketplace. 32
CXO INSIGHT ME
FEBRUARY 2022
According to a report by Aruba, ‘The Hidden Middle: How Medium-Sized Businesses Are Quietly Shaping Our Technological Future’, which surveyed over 2,700 employees across small and medium-sized businesses, it discovered that despite being the most active users of workplace technology, many SME employees are worried about the threat of digital transformation. Two thirds of employees at medium-sized businesses (66%) say their organisation was “at risk of falling behind competitors” if
they don’t keep up with implementation of new technology. However, in order to effectively keep up with the influx of new technology and devices, SMEs need to integrate the correct network infrastructure to support their business. Delivering the best Wi-Fi experience is going to be key for SMEs to take the next step in their digital transformation journey. As we continue to move towards more and more digital methods of conducting business, having a wireless network which is consistent and seamless, no matter how many devices are connected, is essential. Gone are the days when businesses can rely on a traditional home network to underpin their operations. Many SMEs are rethinking their networking requirements in order to remain competitive and are desperately in need of a wireless
experience, comparable to enterprise networks. In order to implement an effective digital transformation strategy, SMEs need to be looking for purposebuilt Wi-Fi solutions that are simple to manage and can effortlessly scale as business needs dictate. Simple, yet reliable A key issue for small business owners is that they just don’t have the time to focus on network solutions in the same way that enterprise-level businesses can. There typically isn’t an IT team who are fixing issues or upgrading solutions in the background, while the rest of the team run the business. The best type of network solution is one that is easy and simple to set up and reliable enough to work without owners having to constantly monitor it. For any SME owners, no matter which field you work in, the main aim is for the Wi-Fi to work without issue for anyone trying to connect to the network. For employees, Wi-Fi is critical, as technology is woven into the everyday operations of most businesses. Fast, reliable connectivity is necessary to serve customers, whether it’s ringing up sales, answering questions or booking appointments. With the explosion of mobile and IoT devices on the market and the growing
trend of ‘flexible working’, users expect to be able to log on to the internet swiftly and securely no matter where they are. Employees want the freedom to work anywhere, rather than be tied down. Wi-Fi is also an expectation while customers shop, eat or wait. If your business is in hospitality, running a boutique hotel for instance, a poor or slow Wi-Fi connection could be the difference between a five-star and fourstar review. Equally in retail, if you’ve implemented a secure and scalable network, you can start to digitize your in-store experience, implementing applications to help customers order or find products. This could help turn an average experience into an amazing one and could increase repeat visitors.
setup, the best SME owners can do is to make guests have to sign in using a password to add that extra bit of security. However, enterprise-grade networks can segment the network to add an extra layer of security, as well as improve overall performance. For instance, one portion of the network could be confined to administrative work, while another could prioritise guest access. This setup ensures that guest traffic stays separate from business-critical traffic or payments, limiting access points for hackers.
Security built in While there are certainly huge benefits for SMEs to digitally transform their businesses, it also comes with risks. The more you open yourself up to allowing mobile devices to access your network, the more access points hackers have to breach it. Businesses of these sizes are easy targets, due to the lack of security built into their networks. In order to grow your business and protect yourself against breaches, you are going to need an enterprisegrade network with in-built security features designed to segment the network. Many business owners are rightly concerned about letting guests onto their business network. With a traditional home network
Setting yourself up for the future In order to remain competitive in today’s constantly evolving digital world, small businesses need to be deploying innovative and scalable solutions which are comparable to larger organisations to create value, reduce costs, mitigate risks, and build customer confidence. By ensuring you have effectively re-evaluated your networking requirements and have implemented Wi-Fi which you know you can rely on and has the in-built security to protect against common threats, you can start to improve the digital experience for both your employees and/or customers. And when your customers and employees are happy, it lets you focus on what matters most – growing your business.
FEBRUARY 2022
CXO INSIGHT ME
33
VIEWPOINT
WHY THREAT INTELLIGENCE IS VITAL DRAWING PARALLELS TO SUN TZU’S BOOK THE ART OF WAR AND XDR PROCESS, FIRAS GHANEM, REGIONAL DIRECTOR, MIDDLE EAST & PAKISTAN AT THREATQUOTIENT SAYS, THREAT INTELLIGENCE WAS CRITICAL TO SUCCESS ON THE BATTLEFIELD THEN, AND IT IS CRITICAL TO SUCCESS ON THE CYBER BATTLEFIELD TODAY.
M
ilitary general and philosopher Sun Tzu once led the largest armies in the world and authored The Art of War, still considered a masterpiece of tactical warfare and very relevant as we wage our battles against evolving cyberattacks. That’s because even though threat intelligence is a relatively new discipline in our cyber 34
CXO INSIGHT ME
FEBRUARY 2022
defense processes, it has actually been around for more than 2,500 years. Threat intelligence was central to Sun Tzu’s winning strategies and it is foundational to our success today as our security approaches continue to evolve, most recently with Extended Detection and Response (XDR) solutions. Most cybersecurity professionals are familiar with this widely referenced quote by Sun Tzu:
“If you know others and know yourself, you will not be beaten in one hundred battles. If you do not know others but know yourself, you will win one and lose one. If you do not know others and do not know yourself, you will be beaten in every single battle.” According to Sun Tzu, the first step in awareness is information gathering. This includes information about yourself – your assets, priorities,
strengths and vulnerabilities. You must also know your enemy – who and where they are, their size, the types of weapons they use, their motivation, and their tactics and techniques. This information drives basic decisions – is this a threat or not, should we fight or flee, and what actions should we take? Then comes the most important step – calculations. As Sun Tzu said, “The general who wins a battle makes many calculations before and during the battle. The general who loses makes hardly any calculations. This is why many calculations lead to victory and few calculations lead to defeat.” We should not act on the basis of raw data, but rather on information gained by examining the data for relevance, priority and other situational information, which on the battlefield includes terrain and weather conditions. The goal is to apply context to data, so you have the right information at the right place and time. Parallels with The Art of War and the XDR process Relating this process to XDR, we see close parallels. Gathering information from different disparate internal and external sources and domains is the “extended” part. The distribution or dissemination of information across your security infrastructure is the “detection and response” part. Finally, calculations involve converting raw data into relevant intelligence and this is the basis for responding efficiently and effectively to a given situation. To accomplish this, what’s needed is a data-driven security operations platform that allows you to extend capacity to consume and manage data, be it internal or external, structured or unstructured. A lot of valuable data you get from third parties is trapped within their technologies, so the platform must be based on an open architecture, where integrations are broad and deep to
help you unlock that valuable resource as well. Having aggregated and normalised all that data, the platform then must be able to correlate the data and apply context so you can prioritize and filter out noise. Ultimately, you want to be able to operationalize the data and take the right action. So, the platform must translate that curated, prioritized data for export, allowing for data flow across the infrastructure to quickly activate defense technologies and teams. Closing the loop, the platform
also captures and stores data from the response for learning and improvement. And remember, all of this happens at speed and scale, so automation is key — allowing you to act efficiently for comprehensive response. Threat intelligence best practices to enable XDR For organizations considering XDR, or that have already embraced XDR, the following best practices will help you leverage threat intelligence to derive more value. • Use data from all sources: Integration is a core competency to enable XDR because organizations are not starting with a clean slate but have
dozens of technologies, feeds and third-party data sources across departments and teams. Allowing for strong integration and interoperability with all systems and data sources, internal and external, enables you to leverage threat data. Displaying a wealth of contextualized data via a common work surface enables teams to apply it to understand the threats they are facing to reach the goal of extended detection and response across the infrastructure and across all attack vectors. • Use data to focus efforts: Prioritisation should be automated but under the control of the security team. Filtering out noise (false positives and information that is irrelevant) using parameters you set ensures prioritization is based on risk to your organization. Analysts can focus on threats that matter most instead of spending time chasing ghosts. Feedback and results should be continuously captured, stored and used to improve security operations. • Use data to drive response: The most effective way to empower teams is to apply automation to repetitive, low-risk, timeconsuming tasks, and recognize that the need for human analysis remains. Irregular, high-impact, times-sensitive investigations are best led by a human analyst with automation simply augmenting the work. A balance between human and machine ensures that teams always have the best tool for the job, and a data-driven approach to both improves the speed and thoroughness of the work. XDR is gaining a lot of traction. But in order for it to deliver as promised, we need to heed Sun Tzu and start with a data-driven approach. Threat intelligence was critical to success on the battlefield then, and it is critical to success on the cyber battlefield today.
FEBRUARY 2022
CXO INSIGHT ME
35
VIEWPOINT
HOW TO FEND OFF RANSOMWARE CRIMINALS RUNTIME PROTECTION, WHERE ALL RUNTIME ACTIONS ARE MONITORED, IS THE OPTIMAL SOLUTION FOR PROTECTING YOUR BUSINESS FROM CYBERCRIME, WRITES DANNY KIM, PRINCIPAL ARCHITECT AT VIRSEC
A
nother day, another high-profile ransomware attack. That’s how the rolling news of the last year has played out as bad actors exploit new vulnerabilities in remote working infrastructures. There were 2,084 ransomware attacks in the US in the first half of 2021, a staggering 62% increase from the same period in 2020. And those are just the complaints that are reported to the FBI. What’s more, given its relatively low risk and high reward nature, ransomware techniques are often highly successful. With the emergence of cryptocurrencies, cyber criminals can be difficult to trace. Since the COVID 19 pandemic, ransomware has burgeoned into a multibilliondollar industry. Collective global ransomware costs to businesses for 2021 were estimated to exceed $20 billion, with the average breach yielding a ransom of $4.6 million. The truth is cybersecurity incidents involving corporate data being withheld through criminal infiltration or ransomware have been carried out for years. So much so, that any single organisation is often violated more than once. Risks at Software Runtime Ransomware attacks can be executed in a matter of seconds. Malware varieties often gain system access though SQL injection, stealing
36
CXO INSIGHT ME
FEBRUARY 2022
credentials, phishing and other social engineering methods. Once inside, threat actors access data, hijack operations, deploy encryption tools, encrypt data, and, once they have the data, demand a ransom. Such attacks do the most damage when they move from desktops to servers. Inside servers, the malicious code runs at the same time as applications, infiltrating application architecture, data sets, and complete workloads. Enterprise applications in runtime are among the most vulnerable to the threats posed by ransomware malware. Multi-step kill chains, fileless malware and remote code execution are now able to bypass conventional, signaturebased, probabilistic security tools.
Focus on protection, not cure The good news is that continuous innovation has now yielded a breakthrough solution to prevent ransomware malware from running in-memory alongside runtime applications. Protection of runtime applications requires that every action be fully mapped and understood. Such protective solutions should monitor every step of application execution and only permit predetermined actions. This is known as ‘deterministic protection’. These types of innovative solutions do not permit any runtime applications that are not predetermined including malware that is loaded in-memory. The malware routine in-memory will appear as a deviation from the concurrent runtime and will be prevented from execution. By comparison, conventional cybersecurity tools cannot distinguish between expected and deviant behaviour. Such tools also fail to prevent ransomware because they do not have application runtime visibility. Conventional tools often only control, protect and provide visibility before and after application runtime – and not when the application deviates from its intended performance. This breakthrough approach protects the software workload while it is in runtime and prevents ransomware attacks on applications and workloads. It also creates a snapshot of all critical applications, including files, scripts, binaries, container images, libraries, and only allows predetermined processes to execute. No matter which platform is being used by applications, such as cloud, on-premises, containers, hybrid, or air-gapped, runtime application protection ensures pervasive high security levels. This type of deterministic protection promises to temper the present-day threats of ransomware, no matter what level of advanced malware sophistication is being used.
VIEWPOINT
A NEW MANDATE RICHARD VAN WAGENINGEN, SENIOR VICE PRESIDENT IMEAR (INDIRECT, MIDDLE EAST, AFRICA, RUSSIA-CIS), ORANGE BUSINESS SERVICES, SAYS GOING GREEN IS A MUST FOR ENTERPRISES
T
here is no shortage of opinions on whether the recent COP26 climate change conference achieved any of its goals or not. Still, it has made many businesses recognise they have to shift to more sustainable ways of working to meet customers’ demands. It isn’t just consumers concerned about global warming and demanding better practices in terms of environmental issues. All entities in supply chains from suppliers to manufacturers and logistics companies are asking for green credentials. These include the source of raw materials, waste reduction strategies for production, and reduction in carbon footprint. In the past eco-friendly business has been a tick-box exercise for many. The landscape, however, has changed. Increasingly we are seeing greater transparency and in-depth reporting around environmental issues and social governance. ‘Greenwashing’, a term coined by environmentalist Jay Westerveld in 1986, where companies hide behind vague and unsubstantiated claims about ecological credentials no longer work. The chances of being exposed are higher than ever. Green means business growth It isn’t just about public image; it is also about growth. Gartner has gone as far as saying that chief financial officers (CFO) should start embedding corporate sustainability into their investment propositions, or they will find themselves missing out. The analyst firm maintains that environmental, social, and governance (ESG) reporting is more widely monitored than many CFOs realise. Equity investors and asset managers may be visible to the world. Below ground, however, 91%
of banks watch ESG and 24 global credit rating agencies, 71% of fixed income investors, and 90% of insurers, according to the analyst firm. Of course, the benefits of environmental performance are not purely financial. It can help businesses grow by attracting new customers and attracting and retaining talent. With a wide skills shortage, the latter is now a priority. A recent study by Deloitte, for example, found that 44% of Millennials and 49% of Generation Z make choices on the “type of work they are prepared to do” or “organisations they are willing to work for” based on personal ethics. Measuring how successful initiatives are As companies increasingly focus on the environment, they need to develop their metrics more. Effective measurement and monitoring spotlights changes in behaviors and can reduce waste. Metrics allow organisations to track their progress and demonstrate improvements to stakeholders, partners, and customers. Environmental key performance indicators (KPIs) are important here, but they need to use accurate data, align with business objectives, and evolve as the business grows. Environmental KPIs will help companies manage and communicate the links between environmental and financial performance. These include greenhouse gas emissions, pollution of land or water, and resource use such as coal, oil, and forestry. New ways of highlighting audited environmental data are appearing, but there is still a lack of standardisation. The French food group Danone, for example,
has adopted a voluntary carbon adjusted earnings per share initiative created to show the financial cost of carbon emissions on its value chain and allow investors to understand the multinational’s environmental imprint better. Making environmental changes easy to understand Complex metrics and KPIs are acceptable, but I believe that we need to keep it simple to make a change in enterprises that will help protect our planet for future generations. Sustainability in any organisation starts in the office. In Jordan, for example, Orange Business Services has installed solar panels as a smart energy solution. Only 2.5% of the earth’s water is fresh; rapid urbanisation and global warming have made it a scarce commodity. To this end, we are recycling water where we can relieve global water stress. This is where my ‘keep it uncomplicated’ maxim comes in. As I said we are active in saving quality water and working to protect against shortages, so we recycle water where possible. It is much easier for employees to visualise how many bathtubs of water they have helped to recycle than trying to visualise it in cubic meters. Change course before it is too late Organisations have a critical role to play in reversing climate change and protecting biodiversity. Analyzing the environmental impact of your business on the planet may not be globally mandated at the moment. But, it may not be that many years off, so it is wise to take action now.
FEBRUARY 2022
CXO INSIGHT ME
37
VIEWPOINT
THE DEFINITION OF A SUSTAINABLE FUTURE
REEM ASAAD, VICE PRESIDENT OF CISCO MIDDLE EAST AND AFRICA EXPLORES THE CHANGING BUSINESS LANDSCAPE AND HOW CONVERSATIONS AROUND SUSTAINABILITY MUST ALSO EMBED EQUITY AND OPPORTUNITY AT THEIR CORE.
W
ith the sustainability agenda now in the spotlight across virtually every industry, decision makers are tasked with delivering transparency and value to stakeholders. R Edward Freeman, author of The Stakeholder Theory, defined the concept that businesses are driven by purpose and creating value for stakeholders, not just shareholders. Buy-in comes from taking stakeholders with you on your journey of creation and innovation, and ensuring they are invested in joint success. In my experience across a region as vast and diverse as the Middle East and Africa, I have certainly found this to be true. From customers and partners to employees, any group or individual can impact and be impacted by our purpose. At Cisco, we know our responsibilities don’t end with technology. Our purpose is to power an inclusive future for all – to ensure that no one is left behind, that we use our platforms, expertise and ability to create a better world for all of humanity. Global stakeholders at COP26 At last year’s United Nations Climate Conference, COP26, one of the big themes was ‘working together’. It has become apparent that no one country, industry or visionary can effectively combat climate change alone. And while critiques may have expected more affirmative action from world leaders, we must acknowledge not only the progress in areas such as deforestation, fossil fuels, coal and methane; but equally, the fact that government officials and policy makers from nearly
38
CXO INSIGHT ME
FEBRUARY 2022
200 countries actively bought into playing a stakeholder role. Contributing to crucial conversations We know sustainability cannot be a siloed debate that happens behind closed doors, among a select few. It should be an ongoing, active dialogue which includes all. As we’ve seen, those most vulnerable to the impacts of climate change are often the ones without a voice in making change. All stakeholders need to be involved and heard, so that we can act as a collective, for the purpose of our shared goals and responsibilities. In the twin transition to a world that is both digital and green, technology is a key driver. As it turns out, it can also help drive discussions and actions around making that future happen. The COP26 conference leveraged technology to bring attendees together in a historic way. I am very proud of the contribution Cisco made by setting up robust networking and Webex Legislate video conferencing, so that virtual
attendees could speak up alongside onsite attendees in 3,000 discussions, huddle inside conversations, and cast votes from around the globe. With COP27 being hosted in Egypt later this year, attention is already focused on areas such as eco-friendly tourism and transportation, alongside greater efficiencies in the collection and recycling of waste to name but a few initiatives. The region will continue to lead conversations and the call for positive action, showcasing its expertise, enthusiasm and openness to collaborate when COP28 comes to the UAE in 2023. Both COP27 and COP28 will serve as a historic platform on which to elevate many of the dialogues which have already begun and continue to be accelerated during events currently taking place, such as Expo 2020 Dubai. Inclusivity demands access Encouraging the building of an inclusive future aboard a healthy and sustainable planet is crucial. For fighting climate change, like any other challenge, we must frame, diagnose and problem solve with input from diverse sources. We must be inclusive in our definition of stakeholders and use innovative technologies to ensure that everyone has a say. To truly be inclusive, everyone needs access to connectivity, and the technology that empowers us to work together from anywhere. It must be utilised to the best of its, and our ability. That way, we will have a more complete understanding, learning from experts and people affected by climate change, and ultimately, be able to garner greater stakeholder buy-in to drive the success of the projects that we lead together.
REPORT
UNDER SIEGE VMWARE REPORT FINDS CYBERCRIMINALS TARGET LINUX-BASED SYSTEMS WITH RANSOMWARE AND CRYPTOJACKING ATTACKS
A
s the most common cloud operating system, Linux is a core part of digital infrastructure and is quickly becoming an attacker’s ticket into a multi-cloud environment. Current malware countermeasures are mostly focused on addressing Windows-based threats, leaving many public and private cloud deployments vulnerable to attacks that target Linux-based workloads. Vmware has released a threat report titled “Exposing Malware in Linux-Based Multi-Cloud Environments.” Key findings that 40
CXO INSIGHT ME
FEBRUARY 2022
detail how cybercriminals are using malware to target Linux-based operating systems include: • Ransomware is evolving to target host images used to spin workloads in virtualised environments; • 89 percent of cryptojacking attacks use XMRig-related libraries; and • More than half of Cobalt Strike users may be cybercriminals, or at least using Cobalt Strike illicitly. “Cybercriminals are dramatically expanding their scope and adding malware that targets Linux-based
operating systems to their attack toolkit in order to maximise their impact with as little effort as possible,” said Giovanni Vigna, senior director of threat intelligence at VMware. “Rather than infecting an endpoint and then navigating to a higher value target, cybercriminals have discovered that compromising a single server can deliver the massive payoff and access they’re looking for. Attackers view both public and private clouds as high-value targets due to the access they provide to critical infrastructure services and confidential data. Unfortunately, current malware
countermeasures are mostly focused on addressing Windows-based threats, leaving many public and private cloud deployments vulnerable to attacks on Linux-based operating systems.” As malware targeting Linux-based operating systems increases in both volume and complexity amid a rapidly changing threat landscape, organisations must place a greater priority on threat detection. In this report, the VMware Threat Analysis Unit (TAU) analyzed the threats to Linux-based operating systems in multi-cloud environments: ransomware, cryptominers, and remote access tools. Ransomware Targets the Cloud to Inflict Maximum Damage: As one of the leading breach causes for organisations, a successful ransomware attack on a cloud environment can have devastating consequences. Ransomware attacks against cloud deployments are targeted, and are often combined with data exfiltration, implementing a doubleextortion scheme that improves the odds of success. A new development shows that Linux-based ransomware is evolving to target host images used to spin workloads in virtualised environments. Attackers are now looking for the most valuable assets in cloud environments to inflict the maximum amount of damage to the target. Examples include the Defray777 ransomware family, which encrypted host images on ESXi servers, and the DarkSide ransomware family, which crippled Colonial Pipeline’s networks and caused a nationwide gasoline shortage in the U.S. Cryptojacking Attacks Use XMRig to Mine Monero: Cybercriminals looking for an instant monetary reward often target cryptocurrencies using one of two approaches. Cybercriminals either include wallet-stealing functionality in malware or they monetise stolen CPU cycles to successfully mine cryptocurrencies in an attack called cryptojacking. Most cryptojacking attacks focus on mining the Monero currency (or XMR) and VMware
SINCE COBALT STRIKE IS SUCH A UBIQUITOUS THREAT ON WINDOWS, THE EXPANSION OUT TO THE LINUX OPERATING SYSTEM DEMONSTRATES THE DESIRE OF THREAT ACTORS TO USE READILY AVAILABLE TOOLS THAT TARGET AS MANY PLATFORMS AS POSSIBLE. TAU discovered that 89 percent of cryptominers used XMRig-related libraries. For this reason, when XMRigspecific libraries and modules in Linux binaries are identified, it is likely evidence of malicious cryptomining behavior. VMware TAU also observed that defense evasion is the most commonly used technique by Linux-based cryptominers. Unfortunately, because cryptojacking attacks do not completely disrupt the operations of cloud environments like ransomware, they are much more difficult to detect.
Cobalt Strike Is Attackers’ Remote Access Tool of Choice : In order to gain control and persist within an environment, attackers look to install an implant on a compromised system that gives them partial control of the machine. Malware, webshells, and Remote Access Tools (RATs) can all be implants used by attackers in a compromised system to allow for remote access. One of the primary implants used by attackers is Cobalt Strike, a commercial penetration testing and red team tool, and its recent variant of Linux-based Vermilion Strike. Since Cobalt Strike is such a ubiquitous threat on Windows, the expansion out to the Linux operating system demonstrates the desire of threat actors to use readily available tools that target as many platforms as possible. VMware TAU discovered more than 14,000 active Cobalt Strike Team Servers on the Internet between February 2020 and November 2021. The total percentage of cracked and leaked Cobalt Strike customer IDs is 56 percent, meaning that more than half of Cobalt Strike users may be cybercriminals, or at least using Cobalt Strike illicitly. The fact that RATs like Cobalt Strike and Vermilion Strike have become a commodity tool for cybercriminals poses a significant threat to enterprises. “Since we conducted our analysis, even more ransomware families were observed gravitating to Linux-based malware, with the potential for additional attacks that could leverage the Log4j vulnerabilities,” said Brian Baskin, manager of threat research at VMware. “The findings in this report can be used to better understand the nature of Linux-based malware and mitigate the growing threat that ransomware, cryptomining, and RATs have on multi-cloud environments. As attacks targeting the cloud continue to evolve, organisations should adopt a Zero Trust approach to embed security throughout their infrastructure and systematically address the threat vectors that make up their attack surface.”
FEBRUARY 2022
CXO INSIGHT ME
41
VIEWPOINT
ROBOTIC PROCESS AUTOMATION PREDICTIONS FOR 2022 THE UTILISATION OF RPA IS FAST EXPANDING INTO TRADITIONALLY NON-IT DOMAINS, SAYS KHALED ALSHAMI, INFOR’S VICE PRESIDENT FOR SOLUTION CONSULTING IN MEA.
I
n 2022, robotic process automation (RPA) is poised for a breakthrough into the mainstream consciousness. RPA refers to the automation of business processes via software platforms that script and operate pre-defined tasks across a variety of applications. Many repetitive business application tasks can be automated in this manner. RPA can be combined with Artificial Intelligence (AI) to create more advanced automations, with the AI providing the requisite context and selfcorrection to the automated process. The RPA software industry has been experiencing explosive growth. The reasons for this growth are well-known in IT circles. RPA can significantly boost employee productivity, freeing workers from time-consuming and repetitive operations. We are now seeing the awareness and utilisation of RPA expand into traditionally non-IT domains, promoting exponential growth of RPA across the organisation.
42
CXO INSIGHT ME
FEBRUARY 2022
Non-IT applications of RPA Examples of RPA applications are appearing across the enterprise. This includes smart bots that speed up the processing of external vendors’ invoice approvals; RPA workflows that incorporate AI to automate monthly data collection and metric calculations; and RPA bots automating back-office operations involving compliance, orders processing and customer requests. As automated workflows become more common in business applications, RPA functionality will increasingly be built into commercial software. Recent trends such as Industry 4.0 demonstrate the utility of these tools. RPA as an accelerator of Industry 4.0 Industry 4.0 focuses on the synchronisation of Information Technology (IT) and Operational Technology (OT), forming a cyberphysical continuum, or computer system monitored by computerbased algorithms, incorporating IoT-enabled intelligent devices. As RPA becomes more integrated with Artificial Intelligence (AI) and Machine Learning, the adaption of RPA tools utilising AI will accelerate the effectiveness of Industry 4.0 across the entire value chain. For example, shop-floor processes are still often driven by paperbased tracking. Custom-defined workflows enable users to automate and streamline tracking as new functionality is needed. The results can be used for advanced dashboards and
reporting. As Industry 4.0 adoption gains traction, we will see increased RPA adoption in manufacturing operations. RPA as an enabler of business resilience COVID-19 has caused a series of disruptions, significantly in global supply chain and human resources. In response, firms are increasingly turning to RPA projects to deal with these disruptions and increase resilience in their business process operations. Such large-scale adoption implies growing recognition of the value of RPA among non-IT stakeholders. As we have seen in other areas of digital transformation, widespread adoption of RPA across the enterprise will drive yet another technologydriven shift in the modern workforce. Thomas Friedman, the New York Times bestselling author, and three-time Pulitzer Prize winner, assures us not to be alarmed. “The robots are not destined to take all the jobs”, he writes in his 2016 book, Thank You for Being Late. He predicts a future workforce freed from repetitive and mind-numbing tasks, allowing employees to maximise their creativity. As RPA becomes the norm for firms across the globe, there will be a growing awareness of its potential among nonIT stakeholders. RPA’s resilience and scalability were demonstrated during the onset of COVID-19 disruptions. Industry 4.0 will keep RPA and associated AI functionality at the forefront of organisational change well into the future.
08 March 2022 CONRAD HOTEL, DUBAI
A tribute to the visionaries and pioneers of IT in the Middle East
NOMINATE NOW https://cxoinsightme.com/cxo50/2022/
GOLD PARTNERS ORGANIZER
SILVER PARTNERS
OFFICIAL MEDIA
PRODUCTS
Bang & Olufsen Beoplay Portal Bang & Olufsen today launched a new edition of the award-winning wireless gaming headphones, Beoplay Portal. This edition of Beoplay Portal is now fully compatible with PC and PlayStation consoles, alongside mobile device gaming, which marks a substantial expansion in connectivity across world-leading platforms. The unique offering a dual excellence in gaming and everyday usage which brought Beoplay Portal to market originally still stands strong, whilst the addition of increased connectivity, a new wireless dongle, and improved battery life of up to 42 hours ensures that Portal is the ultimate one-product audio solution, designed for life. Whether gaming on PlayStation, PC or mobile, the new edition of Beoplay Portal now caters to all personal preferences with a rich audio experience and stylish design to match. The array of beamforming microphones isolates and amplifies the user’s voice while cancelling out background noise – creating a Virtual Boom Arm experience that eliminates the need for a physical one. This in turn means that whilst Portal’s gaming uses are unlimited, the headphones can also be worn for everyday listening and activities. This edition of Beoplay Portal offers a significant increase in battery life, providing up to 42 hours of continuous playtime using Bluetooth and Active Noise Cancellation (+18 hours); or 19 hours of wireless playtime with Active Noise Cancellation (+7 hours).
Logitech RightSight 2 Logitech has announced the availability of AI-powered software RightSight 2 that now simultaneously presents both a close-up view of the individual speaker and a view of the entire meeting room during video calls. With RightSight 2 auto-framing technology, farend participants can follow the active speaker while also getting situational context from the group, such as one person gesturing to another or writing on a whiteboard. RightSight 2 combines audio and video intelligence to detect people’s placement in the room and the location of their voices. Speaker View is a new mode that uses the two-camera system in Rally Bar and 44
CXO INSIGHT ME
FEBRUARY 2022
Rally Bar Mini to render a picture-in-picture view* of the active speaker and the whole group. The active speaker is framed using the main camera that pans and zooms smoothly as the speaker changes, while the wide-angle AI Viewfinder frames the room, ensuring remote participants can see and hear all meeting exchanges clearly. IT admins have the flexibility to toggle between Speaker View and Group View (RightSight’s original implementation of autoframing) to best suit their teams.
Fortinet FortiGate 3000F Fortinet has announced the FortiGate 3000F, the latest Next-Generation Firewall (NGFW) powered by Fortinet’s purpose-built NP7 and CP9 security processing units (SPU) to support organisations in building hybrid IT architectures that accelerate digital innovation and fuel business growth. With built-in network and security convergence, dynamic network segmentation, automation, and natively integrated Zero Trust Network Access (ZTNA) capabilities, FortiGate 3000F enables ultra-scalable, security-driven networks that seamlessly converge networking and security without compromising security performance. FortiGate 3000F also offers the highest performance figures in the industry with Security Compute Ratings of up to 6x greater connections per second than competitive offerings. FortiGate 3000F helps secure the datacenter and hybrid IT architectures in the following ways: • Scalability: FortiGate 3000F continues to deliver the most scalability in the industry via purpose-built Fortinet SPUs, including the NP7 and CP9. These are engineered to radically increase the speed, scale, performance, efficiency, and value of Fortinet solutions while greatly improving user experience, reducing footprint, and lowering power requirements. FortiGate 3000F also offers 22x the Security Compute Rating for concurrent firewall sessions when compared to competitive offerings. • Advanced Networking and Explicit Application Control: FortiGate NGFWs come with natively integrated ZTNA access proxy to allow users to access applications and resources from anywhere, at any time, with constant authentication while building and maintaining effective compliance and security
controls. FortiGate NGFWs seamlessly converge and accelerate networking and security and offers industry leading routing capabilities to peer with multiple providers on the WAN (Wide Area Network) side, and interconnect with a wide array of vendors on the LAN (Local Area Network) side. Many Fortinet networks have simplified their operations by replacing routers with a single FortiGate device that offers both networking and security. • Enterprise-Grade Security: With over 565,000 customers, industry-leading Fortinet solutions seamlessly weave networking, security, and essential AI/ML-powered FortiGuard services into a single platform, enabling IT teams to effectively manage internal and external threats, prevent lateral spread and ransomware, and avoid business disruptions and brand damage. FortiGate is the only NGFW in the industry that offers advanced content policies like video filtering to mainstream services like YouTube, Vimeo, and Dailymotion. Enterprises can build flexible policies to allow one or many categories as well as stringent network security controls that can allow or block up to the channel level. With unprecedented SSL inspection (including TLS 1.3) performance, the FortiGate NGFW is the only platform that detects threats hidden in encrypted paths and offers automated threat protection with the least performance degradation. • Automate and Simplify: The Fortinet Fabric Management Center provides single-pane-of-glass management, automation, and orchestration across the Security Fabric, including support for over 470 ecosystem partners, to simplify enterprise-wide workflows. Its open API approach and cross-environment connectors also help simplify and ensure consistent security posture and enforcement across multi-cloud environments.
FEBRUARY 2022
CXO INSIGHT ME
45
REPORT
SHAPING THE POSTPANDEMIC ERA SUNIL PAUL, MD OF FINESSE, ON HOW WILL THE END OF THE PANDEMIC AFFECT THE TECH SECTOR
T
he COVID-19 pandemic has proved to be one of the biggest disruptors of all time. It’s ravaged some of the traditional business models that seemed unshakable and accelerated others that looked like light-years away. At the heart of humanity’s fight against the virus is digital acceleration. The crisis has been a catalyst as people have been forced to act. With terms like lockdown, social distancing, and zero physical contact becoming part of our daily lexicon, companies that set digital goals over three to five years had to scale these down to timeframes of three to six months. A Deloitte study sums this all up aptly: “Through COVID-19, it becomes visible what being digital truly means. It is not just about cool apps but about having a deep solution chain across processes, people, and technology. It’s a fundamental change in the way we work, live and do business.” The Middle East wasn’t immune to the tectonic shifts happening across the globe and has undergone massive changes since the time it went into the initial lockdown in March 2020. The alacrity with which the government and the private sector embraced digitalisation has helped the region tackle the pandemic better than most other countries. Connectivity and internet speed are critical to any digital strategy, and the Middle East telcos ensured blazing speeds during the pandemic. The UAE has consistently been No1 in Speedtest global index for mobile internet speed, with Qatar at No5 and
46
CXO INSIGHT ME
FEBRUARY 2022
Saudi Arabia at No7. The UAE also ranks 13th globally in fixed broadband speed. This robust infrastructure has paved the way for efficient remote working – one of the biggest changes faced by organisations in the last couple of years. But this has also led to companies being increasingly vulnerable to cyber threats. Cybersecurity is one of the industries that has soared in these unprecedented times. A recent research projected the Middle East market size to grow from $15.6 billion in 2020 to $29.9 billion by the end of 2025, at a CAGR of 13.8%. Another industry that has taken wings with the COVID-19 is FinTech, and related branches like payments. An Acquity research showed that the number of FinTech startups in the EMEA region was 3,581 in 2018, and it nearly tripled in the last three years to 9,311 in February 2021. The UAE has also accelerated towards its goal of becoming a cashless society. It has ramifications in several sectors like retail and tourism, with most companies having to adopt secure payment systems. COVID-19 has also hastened the adoption of cloud, artificial intelligence and the use of big data – starting from the world’s fight against the virus – to almost every other facet of life and business. A PWC global survey showed 52% of companies accelerated their AI adoption plans because of the COVID-19 crisis and 86% said that AI is becoming a “mainstream technology” for them. All these developments indicate that
the pandemic has resulted in a huge technology boom over the past two years. Today as the world looks ahead, hopefully towards it being classified as an endemic, will this surge in tech investments begin to decline? The short answer is no. With Gartner predicting that global IT spending will grow 5.1% in 2022 – the end of the pandemic does not mean the end of the technology boom. Many of the changes brought on by the pandemic is likely to last for years to come. Having witnessed a glimpse of how comprehensive digital transformation can power the future and swiftly and confidently grow their operations, organisations will now look at boosting and streamlining the capabilities of their hurried IT investments. This gives an indisputable opportunity to tech solution providers to assist customers in their evolving digital transformation strategies. Customers are no longer looking at surviving the pandemic; they are now seeking counsel on how to deliver better ROIs from their current IT architecture. The future is bright and filled with new opportunities for tech providers, as long as they understand what customers are looking for in the post pandemic world.
Maximize your network’s potential for tomorrow’s users If you're talking, texting, emailing or using the internet, it's likely your communication is made possible by CommScope. It is our passion and commitment to identify the next opportunity and realize a better tomorrow. Learn more at commscope.com NASDAQ: COMM
Copyright 2021 CommScope, Inc. All rights reserved. AD-115611-EN