ISSUE 43 \ JUNE 2022
FORCE MULTIPLIER Why AI is the future of cybersecurity
Your PARTNER in PROTECTING YOU from Cyber-Attacks FVC is a value added distributor (VAD) that provides tangible solutions across essential areas of enterprise computing: unified communications, unified collaboration, audio-visual, infrastructure and information security.
Email : info@fvc.com | Tel : +971 44 294 944 | Website : fvc.com
CONTENTS
44
16
PRODUCTS
WHY AI IS THE FUTURE OF CYBERSECURITY
FORCE MULTIPLIER
12
20
12
A NEW BREED OF SECURITY
THE RIGHT 30 MAKING CONNECTIONS
14
CENTRE OF INNOVATIONS
34 LAW IN THE DIGITAL ERA
AI IS A GAME CHANGER 22 WHY 36 THE NEW MANDATE FOR CYBERSECURITY
24
A NEW AGE OF CYBERSECURITY
26 CELEBRATING CYBERSECURITY EXCELLENCE
PUBLISHED BY INSIGHT MEDIA & PUBLISHING LLC
DEALING WITH 40 DATA PROTECTION
42
CHANGING THE GAME
6
NEWS
AJMAN DEPARTMENT OF FINANCE LEVERAGES ORACLE CLOUD APPLICATIONS TAQA ARABIA, KYNDRYL TO MODERNISE ENERGY DISTRIBUTION IN EGYPT LOOKOUT ACQUIRES SAFERPASS TO ADDRESS IDENTITY THEFT THREAT
JUNE 2022
CXO INSIGHT ME
3
Connect to more...
https://me.dlink.com
EDITORIAL
AI IN CYBERSECURITY
I
s there any limit to what AI can do today? This giant technological leap is transforming virtually every industry, creating intelligent business processes and smarter services. To state the obvious, AI is not just one technology, but, as Accenture puts it, ‘a constellation of different technologies working together to enable machines to sense, act and learn with human-like levels of intelligence.’ AI is heralded as the most significant technology this year, and Gartner estimates the global AI software market to reach a whopping $62 billion in 2022. Many off-the-shelf packaged AI software products are available in the market, and enterprises are rolling out AI projects with resounding success and strong RoI. Though AI is being used in many industries, its most strong use cases are in the realm of cybersecurity. In the face of a rapidly evolving threat landscape and the proliferation of devices, AI is an indispensable tool for CISOs in detecting threats and responding more effectively.
AI systems are capable of processing large amounts of data and can be trained to detect malware and recognize patterns. This is a boon for already stretched security teams struggling to keep up with the tsunami of threats every day. However, I think AI’s true potential in cybersecurity is yet to be harnessed, as creating a transformative AI system is resource-intensive and still out of reach for many. On the flip side, democratizing AI can potentially be a double-edged sword, as is the case with any general-purpose technology. Though AI is touted to be the knight in shining armour in the fight against cyber crimes, it is important to remember that bad guys also have access to the same tools they could use to launch even more sophisticated attacks. In this issue, we have also turned the spotlight on another hot technology, which seemingly has become essential to the region’s digital transformation initiatives – the Internet of Things. Not surprisingly, AI has a crucial role in IoT applications, and combining these two hot technologies promises to reshape industries.
Published by
Managing Editor Jeevan Thankappan jeevant@insightmediame.com +97156 - 4156425
Sales Director Merle Carrasco merlec@insightmediame.com +97155 - 1181730
Operations Director Rajeesh Nair rajeeshm@insightmediame.com +97155 - 9383094
Publication licensed by Sharjah Media City @Copyright 2022 Insight Media and Publishing
Production Head James Tharian jamest@insightmediame.com +97156 - 4945966
Administration Manager Fahida Afaf Bangod fahidaa@insightmediame.com +97156 - 5741456
Designer Anup Sathyan
While the publisher has made all efforts to ensure the accuracy of information in this magazine, they will not be held responsible for any errors
JUNE 2022
CXO INSIGHT ME
5
NEWS
are vital in today’s era. Our decision reflects the proactiveness of the Department of Finance to adopt initiatives that contribute to improving the quality and efficiency of work, in line with the vision and directives of the wise leadership of our emirate”. Ajman’s DoF has adopted an innovationbased strategy that focuses on positioning the emirate as a major contributor to the progress of the UAE. In 2019, the department has launched Ajman Pay, a smart digital payment platform designed to reinvent payment and government revenue collection in a fully secure and inventive manner. True to its commitment to adopting the latest advancements in technologies, Oracle Fusion Cloud Applications is its latest step towards
the embracement of the new technology. “In its digital transformation process, the Department of Finance places a high priority on cloud solutions to meet the accelerating work requirements and the evolving needs of government agencies in the emirate. We are confident that our adoption of Oracle cloud applications will enable us to bring modern innovations to the Ajman government and local authorities by accelerating business progress through innovative technologies,” said Abdul Ghaffar Al Khaja, Director of Accounts Department at Ajman’s Department of Finance. As one of the leading software companies in the world, Oracle will help improve Ajman DoF’s operational efficiency and customer engagement. “The Ajman Department of Finance is reinventing its operations as it tackles increasingly complex responsibilities and rapidly-changing performance expectations,” said Rahul Misra, Vice President of Business Applications, Gulf and South Africa, Oracle. “With innovations added every 90 days, Oracle Fusion Applications will help one of the UAE’s most digitally progressive local governments optimise their operations and better serve their staff and constituents.”
improve efficiency, transformation and grow their businesses. TCTx is one of the first Metaverse companies from Dubai, building the Digital Twin of the world. After securing the initial approval from the government, Dubai Digital, TCTx is creating the biggest Sustainable Smart City that will provide everything a business enterprise needs to perform in a virtual world in which users can interact with other users. TCTx aspires to become pioneers in digital transformation with immersive experiences in the future. They have partnered with a group of innovative individuals and entities who are exceptionally passionate about emerging Web 3.0 technologies offering a portfolio of a wide range of services everything a smart city needs such as a Home, Office, Building, Workspace, Sharing space, Hotels, Restaurants, Supermarkets, Hospitals, Fashion, Movies, Sports, Technology and Security. Today, companies developing
Metaverse are focused on building new innovations and features to enable users to interact with each other efficiently and effectively in the digital world. Shefiq Abdulla, Chief of Avatars, TCTx said, “We are excited to start our journey and bring our Telephony business to a new level in the Metaverse! As a leader in web 3.0 and Metaverse transition in the MENA, we empower businesses in the region towards their ultra-digitalization goals. We want to contribute to building Dubai as the most significant digital economy in the world. We want Dubai and UAE to be the Silicon Valley of MENA.” “We are very excited to announce our soft launch on 28th June on the birthday of Elon Musk, the biggest ambassador of decentralised technology, and the main launch on 15th July on the birthday of our leader, HH Sheikh Mohammed Bin Rashid Al Maktoum. Due to the rapid development of exceptional technologies all companies should be ready for the new digital revolution in web 3.0.”
AJMAN DEPARTMENT OF FINANCE LEVERAGES ORACLE CLOUD APPLICATIONS
A
jman’s Department of Finance (DoF) has partnered with Oracle to adopt a cloud-based resource management system that enables more efficient finance, supply chain and HR functions across the organisation. In line with Ajman’s vision of economic competitiveness, Ajman’s DoF’s migration to Oracle Fusion Cloud Applications– a suite of standards-based technology that enables businesses to streamline processes in a single platform – presents increased productivity, reduced costs, improved controls, optimised supply chain management and an enhanced HR function which will positively impact the employee experience. The upgrade is part of the emirate’s commitment to further improve operations and services and promote the digital transformation of the emirate using the latest smart applications. Ahmad Salem Madhani, Executive Director for Institutional Support at the Ajman Department of Finance, said, “The latest digital developments and technologies
TELEPHONY COMMUNICATIONS TECHNOLOGIES LAUNCHES TCTX
Shefiq Abdulla, TCTx
TCTx is the Metaverse arm of Telephony Communication Technologies, one of the early adopters of Web 3.0 technologies in MENA where customers will be able to access a wide range of solutions in Digital, Blockchain, FinTech, Xaas, ICT, Mobility, Telco, and Managed Services to 6
CXO INSIGHT ME
JUNE 2022
TAQA ARABIA, KYNDRYL TO MODERNISE ENERGY DISTRIBUTION IN EGYPT
T
AQA Arabia, the Egypt-based utility and energy distribution leader, has announced its continued collaboration with Kyndryl to support its digital transformation and better serve the daily energy needs of more than 1.7 million customers across Egypt. Kyndryl will now provide TAQA Arabia with cloud hosting and cloud managed application services for its enterprise resource planning (ERP) environment, SAP S/4HANA. Through its four main platforms and different subsidiary companies, TAQA Arabia delivers more than 7.3 billion cubic meters of natural gas and more than 1350 megawatt of electrical capacities and serves customers across Egypt through a network of 110 retail oil and compressed natural gas (CNG) stations. SAP S/4HANA plays a pivotal role in enabling these operations, including support for plant maintenance activities, production planning, project management and sales and distribution in addition to company-wide human resources and financial accounting. Due to the mission-
critical nature of these workloads, TAQA began its work with Kyndryl in 2017 to help ensure secure, uninterrupted operations and real-time business intelligence from its SAP S/4HANA software environment. As part of this latest renewal of work, TAQA Arabia will rely on Kyndryl, an SAP partner, to host its data-intensive SAP solutions on a hyperscale cloud infrastructure to help ensure high levels of security and availability, enhanced application performance and the flexibility to meet evolving business needs. With Kyndryl hosting its ERP environment in the cloud, TAQA Arabia has the option of integrating emerging technologies, such as AI and Internet of Things (IoT), at any time. Kyndryl also provides TAQA Arabia with end-to-end management of its SAP software environment in the cloud and round-the-clock support to address data backup, recovery, security, performance and more. Consequently, the company’s employees are freed up to focus on more strategic initiatives and deliver more value to customers.
CISCO ANNOUNCES APPDYNAMICS CLOUD Cisco has announced the launch of AppDynamics Cloud at the company’s networking and security event Cisco Live. AppDynamics Cloud enables delivery of exceptional digital experiences by correlating telemetry data from across any cloud environment at massive scale. It leverages cloud-native observability to remediate application performance issues with business context and insightsdriven actions. AppDynamics Cloud maximises business outcomes and customer experiences by continuously optimising cloud-native applications. It accelerates detection and resolution of performance issues, before they impact the business or the brand, with intelligent operations. Investment protection is derived from continuous data integrations with OpenTelemetry standards and
technology partnerships with cloud solutions and providers. The platform enables collaboration across teams including DevOps, site reliability engineers (SREs), and other key business stakeholders to achieve common benchmarks like service-level objectives (SLOs) and organisational KPIs. While many organisations still run their mission-critical and revenuegenerating systems with traditional applications, modern business apps are increasingly built using DevOps initiatives and must support distributed architectures and services. This pandemic-accelerated trend has spawned an end-to-end experience revolution among consumers and end users, and hybrid work is contributing exponential momentum. AppDynamics Cloud seamlessly
“Trust is fundamental to initiate and maintain relationships. Over the years, the Kyndryl team has proved to us that they are an extended part of the TAQA Arabia family, with our success at the forefront of everything that they do for us,” said Hazem El Gaishy, TAQA Arabia’s Chief Information Officer. “We are pleased to renew our collaboration with Kyndryl to drive forward our longer-term transformation goals.” “As TAQA Arabia continues to evolve its business, we’re working hand in hand to support its digital transformation strategy and help the company better serve the needs of its customers,” said Mahmoud Badawi, Managing Director of Kyndryl Egypt. “Together, we have overcome challenges and celebrated many milestones over the years, and we are proud to continue our strong collaboration as we build on the progress achieved together thus far.”
ingests the deluge of metrics, events, logs, and traces (MELT) generated in this environment—including network, databases, storage, containers, security, and cloud services—to make sense of the current state of the entire IT stack all the way to the end user. Actions can then be taken to optimise costs, maximise transaction revenue, and secure user and organisational data. Current AppDynamics customers can upgrade to AppDynamics Cloud and leverage their existing application performance monitoring (APM) agents, or feed both solutions concurrently. AppDynamics Cloud supports cloud-native, managed Kubernetes environments on Amazon Web Services (AWS), with future expansion to Microsoft Azure, Google Cloud Platform, and other cloud providers. AppDynamics Cloud commercial availability starts June 28.
JUNE 2022
CXO INSIGHT ME
7
NEWS
5 has announced enhancements to F5 Distributed Cloud Services to help customers safeguard and deliver the digital experiences that have become vital to everyday life in the ways we interact, seek out entertainment, and purchase goods and services. Introduced earlier this year, F5 Distributed Cloud Services provide a SaaS-based, platform-driven approach to secure the essential elements of connected experiences through a comprehensive set of web, mobile app, and API protections. This announcement expands these capabilities with new solutions that support additional platforms, defend against common attacks, and provide customers with more control over modern application architectures. “Many organisations have found that by adding or expanding digital services
for users, they may have inadvertently increased the attack surface for any number of emerging threats,” said Haiyan Song, EVP and GM, Security & Distributed Cloud Product Group, F5. Some security enhancements to F5 Distributed Cloud Services include: • Distributed Cloud Bot Defense Connector for BIG-IP – With continuing integration efforts stemming from the Shape Security acquisition, Distributed Cloud Bot Defense capabilities have been added to F5’s flagship platform, both as a native module in current BIG-IP version 17 software and via an iApp for previous versions. Distributed Cloud Bot Defense collects rich client-side signals, transmits this telemetry to
its data system, uses AI to detect bot retooling, and immediately deploys rule updates for real-time detection to help organisations stay ahead of attackers. • Distributed Cloud Bot Defense Connector for Salesforce Commerce Cloud – Increasing the reach of its security solutions to further support popular e-commerce platforms, F5 has natively integrated Distributed Cloud Bot Defense for Salesforce Commerce Cloud (SFCC). • Distributed Cloud Client-Side Defense – F5 offers a free product to address the growing risks of thirdparty digital supply chain attacks. This self-service mitigation solution provides signature-based Magecart detection and alerts by maintaining details related to previous attacks, enabling organisations to immediately block otherwise damaging threats with one simple click. The solution also now features simplified onboarding and satisfies the new PCI DSS 4.0 requirement (6.4.3 and 11).
STC GROUP AND ALIBABA ESTABLISH ALI BABA CLOUD IN SAUDI ARABIA
to SAR 894 million , and the new company will benefit from the distinguished position of stc Group in the services and technology solutions sector and will employ the best talent and expertise to support the local capabilities of the Kingdom and enable it to enhance digital development and build an advanced ecosystem capable of meeting the future needs of the Kingdom. Alibaba, one of the best providers of cloud computing services and solutions in the world, will offer a wide range of cloud computing services and solutions, a step that will enable local companies and institutions to digitise their businesses, employ the technologies of the Fourth Industrial Revolution, raise work standards and enhance Businesses. In line with the Kingdom’s efforts to enhance economic diversification and stimulate investment opportunities in the cloud computing sector, the new company will contribute to providing quality jobs, transferring knowledge and expertise to the Kingdom, and ensuring a safe work environment for entrepreneurs in the region
stc’s investment with Alibaba for cloud computing services, in cloud computing solutions in Riyadh, reflects the company’s future vision and its great role in pushing digital transformation efforts in the Kingdom of Saudi Arabia, and its commitment to forging strong partnerships with leading technology companies around the world in line with the Kingdom’s 2030 vision to attract foreign and international investments into the Kingdom, creating a secure environment for entrepreneurs, and enhancing information security by protecting data internally in the Kingdom. The establishment of the company specialised in cloud computing services and solutions in Saudi Arabia will contribute to developing the Kingdom’s digital infrastructure and preparing it to provide the latest digital data storage services and solutions and ensure its protection and security, which will enhance the Kingdom’s ability to provide cloud computing services to global companies.
F5 ANNOUNCES ENHANCEMENTS FOR F5 DISTRIBUTED CLOUD SERVICES
F
stc Group has announced the establishment of ‘Alibaba cloud’ in Riyadh, KSA, for high-capacity cloud services in partnership with the Chinese technology giant Alibaba Group, eWTP Arabia for Technical Innovation Ltd., the Saudi Company for Artificial Intelligence (SCAI). and the Saudi Information Technology Company (SITE). The establishment of the new company in the Saudi capital, Riyadh, came in response to the significant increase in demand for cloud computing services and solutions in the region. The company will provide advanced cloud computing services to companies operating in the Kingdom of Saudi Arabia, ensuring that they employ the highest standards of security and protection. The new company’s capital will amount 8
CXO INSIGHT ME
JUNE 2022
LOOKOUT ACQUIRES SAFERPASS TO ADDRESS IDENTITY THEFT THREAT
L
ookout has acquired SaferPass, an innovative Password Management company that provides secure online identity solutions for both consumers and businesses. By adding Password Management technology to its suite of security solutions, Lookout is expanding on its mission to deliver proactive protection and safeguard customer data for individuals and businesses. SaferPass delivers a robust, innovative solution for identity and password management to both consumers and businesses, enabling users to securely manage their passwords, banking and other sensitive information across devices. The SaferPass solution provides an encrypted digital vault that stores secure login information used to access services through mobile apps and web browsers. In addition to keeping a user’s identity, credentials and sensitive data safe, the
Jim Dolce, Lookout
product helps create strong, unique passwords through a password generator tool that ensures the individual is not using the same password in multiple places and that their password has not been compromised in a previous breach. “We are pleased to welcome the SaferPass team to Lookout, and excited to combine our respective solutions to deliver better value to consumers and businesses alike,” said Jim Dolce, Lookout
CEO. “Today, every password owned by an employee is a potential access point to organisations both small and large. At the same time, large scale data breaches have leaked billions of consumer emails and passwords on the dark web, putting individuals at risk of identity theft and financial fraud. The SaferPass team shares our vision for providing seamless security solutions that address all access points and protect personal and corporate data wherever it may reside. This is an exciting next step in Lookout’s evolution.” The acquisition of SaferPass broadens the Lookout portfolio of security solutions and expands the opportunity for its carrier ecosystem and channel partners – it also expands Lookout’s footprint in Central Europe through its new location in Bratislava, Slovakia. SaferPass will now operate under the Lookout brand and leadership and the SaferPass team will be fully integrated into the Lookout organisation. The financial terms of this transaction have not been disclosed.
AVEVA ANNOUNCES NEW ENTERPRISE VISUALISATION SOLUTIONS AVEVA has announced two new industry templates for customers to accelerate the deployment Rashesh Mody, AVEVA of enterprise visualisation. The AVEVA Unified Operations Center for Water and AVEVA Unified Operations Center for Renewables solutions underline the company’s continuous efforts in supporting global customers’ sustainability initiatives and objectives. AVEVA Unified Operations Center solutions for water and renewable power enable customers to leverage deep insight and operational guidance from many geographically dispersed assets, delivering enterprise visualisation that accelerates their business goals and contributes to their net-zero targets. Rashesh Mody, Senior Vice President, Monitoring and Control Business Unit,
AVEVA, said, “Our enterprise visualisation category offerings will enable ESG strategies for industrial companies and empower them to reduce their carbon footprint through real-time insights. AVEVA Unified Operations Center provides enhanced awareness and guides enterprise users in better understanding their global operations and responding to internal and external events that can promote sustainable outcomes. Depending on the industry, customers can unearth value from their data that was previously inaccessible, by improving visibility at higher decision-making levels, while providing organization-wide context alongside other types of information within a single application.” Enterprise visualisation solutions such as AVEVA Unified Operations Center help teams and users tasked with organisation-wide responsibilities. They make content available through a single pane-of-glass environment,
where data from Operations Technology (OT), Information Technology (IT), and Engineering Technology (ET) converge to provide actionable information in context for industrial operations. Frequently deployed as intelligent operations centers, these systems promote greater operational awareness and improved crisis response, integration, and collaboration across functional departments, and enable the sharing of information and coordination of daily activities and processes. With the new integrations, companies in the water and renewable power sectors can now enjoy the benefits of integrated and enhanced visibility, enabling deeper insights for quick and accurate decisionmaking to drive sustainability. The solutions enable increased agility allowing teams to make decisions in parallel to each other, expediting responses to performance events and drive reductions in energy consumption and production through optimisation opportunities.
JUNE 2022
CXO INSIGHT ME
9
NEWS
BD AND BURJEEL MEDICAL CITY ANNOUNCE STRATEGIC PARTNERSHIP
I
n a joint effort to accelerate the UAE’s vision for a world-class healthcare system, the Dubai Branch of BD (Becton, Dickinson and Company), and VPS Healthcare’s Burjeel Medical City (BMC) have announced a strategic partnership that will enable both organisations to accelerate innovation and deliver healthcare excellence in the country. “This partnership is a cornerstone of our combined efforts to help advance UAE’s healthcare system,” said Maher Elhassan, Vice President & General Manager, BD Middle East, North Africa & Turkey. “The continued emphasis on patient safety inspires us to invest more into innovative collaborations to deliver safety and care to both patients and healthcare workers, rapid diagnosis, antimicrobial resistance as well as training of medical practitioners. Together, we will advance the world of
health and positively impact patient lives.” The collaboration between BD and Burjeel Medcial City will create valuable opportunities to offer the healthcare provider with cutting-edge MedTech innovations in pursuit of offering improved safety and care for patients and healthcare workers in the UAE. In addition to medtech solutions, this joint effort will enhance safety practices and measures through providing trainings to enable a better understanding of advanced solutions and safety procedures. John Sunil, CEO, Burjeel Group stated “As a leading healthcare network in UAE, we understand how laboratories play a vital role in delivering patient care. The Burjeel Medical City’s Central Lab is equipped with total lab automation, allowing us to connect all our sites across the U.A.E. with a capacity of nearly 10 million tests per year.
Our collaboration with BD is yet another important step in our pursuit of constantly delivering healthcare excellence and improving patient outcomes. This partnership will enable us to detect emerging antimicrobial resistance, rapidly implement infection control procedures, initiate appropriate antibiotic therapies for treating these infections and improving patient management . Burjeel Medical City is constantly investing and establishing new partnerships to identify cutting-edge medical technologies and innovations that can help us deliver world-class healthcare to the people of the UAE.”
under the same management UI and single-policy framework, eliminating breaks in visibility and gaps in security posture while delivering on the promise of Juniper’s Connected Security strategy. “The biggest challenge with SASE solutions today is that they require organisations to abandon existing technology investments that are working for them, forcing them to start from scratch and rebuild Zero Trust principles into a new architecture,” said Samantha Madrid, Group VP of Security Business & Strategy, Juniper Networks. “Now, with the addition of CASB and DLP, Juniper addresses these
concerns with a full-stack SASE suite of capabilities that are flexibly adopted and deployed while extending Zero Trust principles already implemented across the network to the cloud.” Juniper delivers CASB and DLP to secure SaaS applications and help prevent unwanted access, malware delivery and distribution, and data exfiltration. Both capabilities are part of Juniper’s Secure Edge cloud-delivered security solution managed by Security Director Cloud, which secures remote users and on-premises users alike. It easily manages Zero Trust and SASE architectures through one management portal using a single-policy framework. The addition of CASB and DLP to Secure Edge builds upon Juniper’s highly compelling experience. Juniper Secure Edge provides full-stack SSE capabilities, including Firewall-as-a-Service (FWaaS) and Secure Web Gateway (SWG), in a single software stack, now with CASB and DLP, all managed by Security Director Cloud.
JUNIPER NETWORKS ANNOUNCES NEW CAPABILITIES FOR SASE OFFERING Juniper Networks has announced the expansion of its SASE offering with the addition of Cloud Access Security Broker (CASB) and advanced Data Loss Prevention (DLP) capabilities to its Juniper Secure Edge solution. When combined with Juniper’s unique SD-WAN solution driven by Mist AI, Juniper is the first in the market to offer a full-stack SASE solution with visibility into both the edge and the data center. By building on its Secure Edge solution, the firm provides customers with a highly secure and an operationally efficient way to adopt a SASE architecture, regardless of where they are in their SASE journey. Additionally, customers can connect their SASE architecture at the edge to their Zero Trust data center architecture 10
CXO INSIGHT ME
JUNE 2022
VIEWPOINT
A NEW BREED OF SECURITY DMITRII ROSHCHENKO, SENIOR CYBERSECURITY ARCHITECT AT AXON TECHNOLOGIES, ON WHY SECURITY ENGINEERING AND ARCHITECTURE MATTER
I
n order to respond to this question, we need to introduce a typical company scenario that runs a business to understand what are the challenges and the solutions that are going to solve the problems. In this age of digital transformation, being fully connected to the internet is fundamental for companies to receive orders, communicate with their customers and suppliers, promote their business, pay invoices, check their bank accounts, and so on… The larger the company, the more it depends on digital transformation, hence increasing its exposure to both external/ internal threats. In terms of cybersecurity, below are some official statistics that represent the threat scenarios companies face nowadays: In this scenario, the organisations’ IT managers entrust the cybersecurity industry which offers solutions and products that are designed to mitigate specific risks. Selecting the right set of products and solutions to meet their requirements, often represents an additional challenge.
12
CXO INSIGHT ME
JUNE 2022
Many organisations rely on their Enterprise Architecture and Engineering departments, which are focused on aligning with the business’s vision, but frequently they consider security an element of complexity that limits the company’s functionalities and capabilities. Wrongly, many times rather than embedding the security in the solution by Enterprise Architecture and Engineering departments using a holistic approach, they are an enforcement of rules and compliance that aim exclusively to satisfy a checkbox list requirement. To avoid the tick in the box effect, any mature organisation must approach the security problems leveraging the support from the Security Architecture and Engineering departments. “Security architecture and engineering are disciplines that use a set of frameworks, standards and best practices used to assess, design, implement, integrate, monitor, and dispose of security infrastructures declined in terms of people, processes,
and technologies in order to safeguard confidentiality, integrity, and availability of information” To better understand why they matter, we are going to define their responsibilities. Security Engineering Security engineering is the process of identifying the tools and methods needed to implement and build systems to remain dependable in case of an attack or threat and to align with the architectural high-level design of a company’s security infrastructure. One of the most important aspects of security engineering is communication with the stakeholders to define their protection needs and concerns in order to develop methods and processes capable of translating business objectives into technical requirements. When it comes to implementation, many points are to be taken into consideration: • Reviewing the security architecture plan. • Defining the systems and technology
to be deployed in accordance with the allocated budget. • Planning the deployment and its effect on the production during and after completion. • Applying security configurations and best practices. • Demonstrating based on evidence reasoning, that the security needs for the systems have been met. To a company, security engineering is essential and means ensuring the proper continuity of a business while having a solid structure and monitoring process ready to defend against both internal and external attacks. Security Architecture The business and their cybersecurity grow together. Companies typically create cybersecurity departments from a group of systems information that was good to implement but did not have a complete vision of cybersecurity and, as a result, cybersecurity systems were not complete or redundant and did not cover all security risks. A cybersecurity architect represents the link between business mission, risk, and engineering. They identify the gaps between the current cybersecurity posture and future state cybersecurity requirements for the business. Who are the cybersecurity architects and what are they doing? • Cybersecurity Architects are highlevel leaders supervising security teams considering regulatory, law, and compliance requirements supporting the organisation for creating securityrelated policies and procedures. • Cybersecurity architects are responsible for creating and maintaining corporate security
infrastructure and ensuring that it functions as designed. • Cybersecurity architects are corporate leaders that use the hacker mindset, predicting cybercriminals that are looking for vulnerabilities to exploit in order to design and/or implement controls that will eliminate or reduce that risk. • They have strong experience in IT products, implementations, and operations. Why do security engineering and architecture matter? Cybersecurity global spending had the record year 2021, exceeding $262.4B, but this does not mean that businesses are optimally secured. Cybersecurity is not only about people and technologies, but it also includes processes. Just a few years ago, security processes were built on top of industry solutions, which led to additional financial losses and spending, since processes were not initially built from a security perspective. Applying security controls to a running production might be time-consuming and costly since it
causes multiple business interruptions. Nowadays, security is becoming fundamental to the business rather than complimentary and there’s a new term for this process: Security Architecture. It is crucial for security architecture to strike the right balance between business and security. Architectural design should boast the security posture of an organisation while making sure the business processes also run smoothly. Looking at the market offer, it’s easy to get lost between a myriad of products, the majority of them are expensive, and none of them covers the security of an enterprise end to end. Cybersecurity Architects and Engineers need to collaborate with the entire organisation in order to create a synergy between thousands of products, evaluating a large spectrum of features, costs, technical compatibility assuring that the security controls and safeguards have been implemented to reduce the risk to an acceptable level. What will be next? It is a fact that having a well-designed security architecture gives organisations a foundation on which to build their defenses to reduce security breaches. Security engineers will receive a core set of technologies that they are well versed in administering and maintaining. In parallel, time the organisation will have a working process that will give the confidence that the funds invested are not spent and are actually supporting improve and secure the business. This will be a big undertaking to ensure the best results in terms of security and risk reduction. A specialist will be required to draw and walk organisations through the full process.
JUNE 2022
CXO INSIGHT ME
13
INTERVIEW
CENTRE OF INNOVATIONS ETTIENE VAN DER WATT, REGIONAL DIRECTOR, MIDDLE EAST AND AFRICA AND RUDIE OPPERMAN, REGIONAL MANAGER, ENGINEERING & TRAINING, MIDDLE EAST & AFRICA AT AXIS COMMUNICATIONS, ELABORATE ON THE RECENTLY LAUNCHED AXIS EXPERIENCE CENTER (AEC) IN THE MIDDLE EAST AND AFRICA (MEA) REGION.
A
xis Communications has recently introduced its first Axis Experience Center (AEC) in the Middle East and Africa (MEA) region. Based in Dubai, UAE, the AEC allows visitors to have a hands-on immersive experience with the company’s extensive portfolio of network and security solutions. We speak to the surveillance services provider’s Regional Director for MEA Ettiene van der Watt, (EW) and Regional Manager, Engineering & Training for MEA Africa Rudie Opperman (RO), for more details. Can you elaborate on the new AEC and how is it a differentiator for the company? RO: This is the first AEC of this nature in the UAE. It was built on the same design philosophy as all the ones we have across the globe, including in cities such as New York, London, Hong Kong, and Munich. We are excited to now expand to MEA and give regional customers an opportunity to acquaint themselves with our portfolio. We will continue with this framework of AECs and focus on further expansion as it gives us a platform to talk about all our intelligent devices and solutions. When customers come to the AEC and see a demonstration of how our solutions can improve their business, they understand the full extent of the value Axis Communications can provide. They can make informed 14
CXO INSIGHT ME
JUNE 2022
Rudie Opperman
decisions and feel more confident of their investments. In this regard, the AEC will set us apart in the market. What are the technologies that we can find at the AEC? RO: From security, video, and audio technologies to everything based on IP communications, we can integrate any
solution to ensure operational efficiency for customers. There are many diverse use cases, and we are casting a wide net. We will customize offerings based on which vertical customer we are talking to. Thanks to our open nature, our products can co-exist with many other devices, so Axis devices can be implemented across verticals.
What is Axis Communications’ focus going forward? EW: Technology is moving faster than education levels. There is a gap between understanding a new technology and skillsets required to implement it successfully. This is why education is an important element for us in the region. If we are able to close the gap and pull those partners and customers a bit closer to our world, they will understand better the great potential of new technologies. We have become a trusted advisor for customers, they see us as a technology partner and as a thought-leader in the space. How has surveillance tech evolved and adapted to the current demands in physical spaces? EW: Axis Communications has been ahead of the curve in terms of introducing new technologies. Our journey on IP and IoT has been tremendous. Over the years we have evolved to become an industrial IoT provider. So, partners and customers who are part of our world and our community will always be introduced to avant-garde technologies, platforms, and new ways of working. Sometimes, we are ready and have solutions before the industry even considers it. As a thought-leader in the space, it is important for us to set the bar and look beyond where we are today. It is also our responsibility to help our ecosystem to migrate to the new platforms, devices, and technologies. Today the industry is heading towards metadata, AI, edge capabilities, and so on. All of these are huge areas of opportunities for us as well. RO: Traditionally, it has been onprem server intelligence, and we have always focused on intelligence on the edge. With our latest application platform custom-designed systemon-chip (SoC) ARTPEC, we have made it easier for developers to port the existing code to our devices.
Traditionally they would have done this on a server or in cloud. It becomes much easier and faster. We are seeing a hybrid implementation as the way forward, where intelligence could be spread across different platforms from the cloud to the edge.
RO: This is one of the opportunities for the AEC as well. We can use this environment and space as a platform for education. We will be launching several initiatives on a regular basis to promote education and close the talent gap.
Ettiene van der Watt
JUNE 2022
CXO INSIGHT ME
15
COVER STORY
FORCE MULTIPLIER WHY AI IS THE FUTURE OF CYBERSECURITY
A
rtificial intelligence is changing the cybersecurity landscape by helping companies cut through the noise, detect attacks, and speed up response times. The combination of human insight and AI allows enterprises to make sense of massive volumes of security data and find potential problems. With AI, enterprises can solve myriad problems, including skills shortage and false positives, and implement a robust incident response plan that spans people, processes and technology. In other words, AI has emerged as an imperative to meet today’s complex cybersecurity requirements and minimise human error. 16
CXO INSIGHT ME
JUNE 2022
Emad Haffar, Head of Technical experts at Kaspersky, says while cybersecurity heavily relies on human effort, we now see AI owning specific tasks and performing them more effectively than us. Most importantly, AI is addressing some processes and aspects of cybersecurity that have become pain points for the industry. He cites some scenarios that can be mitigated with AI: Cybersecurity professionals experience decision fatigue because of the high influx of alerts. Using AI within cybersecurity can allow IT teams to manage more of these threats effectively through automation. AI-based cybersecurity tools can also support IT teams that are smaller in
Emad Haffar
Talal Shaikh
Aliasgar Dohadwala
strength. While this staff will need to keep up with the cutting-edge areas of AI and machine learning, cost and time savings will come alongside the smaller staffing requirements. Talal Shaikh, Associate Professor, Director of Undergraduate Studies for the School of Mathematical and Computer Sciences, Heriot-Watt University Dubai, echoes a similar opinion: “AI and machine learning can help enterprises improve their security defence and response through sophisticated methods. AI makes this possible not only by speed and accuracy but also by building models of behaviour that allow for real-time detection and analysis of potential security threats. AI can identify anomalies that may indicate cyber threats through the behavioural analysis methodologies. AI can analyse baseline behaviour of user accounts, endpoints, and servers and identify unusual patterns. This can help protect organisations even before vulnerabilities are reported. Once potential cyber threats are detected, AI can respond autonomously to data breaches in real-time without human intervention if required.” According to Aliasgar Dohadwala, CEO of Visiontech Systems, the cybersecurity industry has successfully adopted AIbased techniques to handle the massive threat landscape. “Organisations look for threat detection, mitigation and prevention efforts while leveraging AI/
ML in SIEM and SOAR solutions. The only way organisations can reap the benefits of AI/ML in their security posture is to adopt a cyber defense system capable of handling the diversity of tools, products, and solutions. However, the adoption of AI in cybersecurity still depends on technology vendors working together to develop a more autonomous system to enhance decision making and evolve into a robust AI security system,” he says. Taj El-khayat, Managing Director for Growth Markets at Vectra AI, says AI drives the classification of algorithms used for detecting malware, spam, and malicious traffic between systems or user behaviours, even connecting signals from disparate systems. This delivers faster and improved security insights, more efficient and automated operations, and reductions in human error or oversight. “Commonly, the use of AI/ML rests in voluminous pattern analysis for investigation and complex hunting where algorithms do not change much. It analyzes and correlates distinct characteristics of multi-sourced data to identify anomalies, zero-days, or potential breaches. Advanced AI tools further calculate risk with each detection and effectively prioritise and triage threats discovered. In some cases, it can be used to drive automated actions to remediate security issues quickly, and effect system baselines
Taj El-khayat
above what legacy signature-based methods can achieve,” he adds. AI-powered automation Many organisations are also turning to AI/ML-powered tools to automate many security functions. Giuseppe Brizio, CISO EMEA, Qualys, says AI cybersecurity can complement cybersecurity experts by automating and taking the significant workload off them. AI is already very much present around us and like during the industrial revolution where “muscles were replaced by machines”, during the AI revolution, “brains are replaced by AI” at least for the processing of large volumes of data requiring fast analysis capabilities. “AI models can detect but also predict potential security threats, vulnerabilities, and malicious activities in order to intervene before damage is done. It’s predicted that AI-human working environments will be 50-50 by 2025. For instance, the scale of connected objects, mobile devices and network traffic is growing exponentially in this fast-evolving digital economy and consequently the “detect, analyze, respond and recover” activities have to be much quicker, more effective and efficient than ever before. This is only possible by combining the power of security automation and AI,” he says. Brian Chappell, chief security strategist, EMEA & APAC, BeyondTrust,
JUNE 2022
CXO INSIGHT ME
17
COVER STORY
Giuseppe Brizio
Brian Chappell
Yossi Naar 18
CXO INSIGHT ME
JUNE 2022
points out that User and Entity Behaviour Analysis (UEBA) is the first area where we are starting to rely on ML models to take automated actions when anomalous activity is detected. For example, a large data transfer out of the organisation, by a user who would not normally do such a thing, can be temporarily blocked until a human can review the situation and adjust the response. “This isn’t likely to result in significant company impact if it’s a false positive and the risk of allowing the transfer with later analysis is too high, thus fits an appropriate security model. That said, triggering alerts for human analysis or approval is still the more common response when unusual activity is detected as most responses will result in activity being blocked. Stopping people being productive is going to result in the clarion call to have the control removed, or severely reduced, which isn’t going to improve the security of the organisation,” he says. Can AI based systems create too many false positives? In Heriot-Watt’s Shaikh’s opinion, when dealing with technologies such as AI, mistakes such as false positives are unavoidable. It is always important to remember that AI systems are built by experts, therefore they are subject to algorithmic bias which might affect AI decision-making. RiskSense, a risk-based vulnerability management platform, examined several AI algorithms against the national vulnerability database in 2019 and reported between 25 and 30% false positive and false negative rates. With a better understanding of software risk, data modeling and mathematical modeling, experts can ensure that AI systems are free from bias. This is the only way to remove false positives and false negatives from AI systems. However, this will be an inevitable development with more frequent use and understanding of AI and technologies in general. Yossi Naar, Co-founder and Chief Visionary Officer, Cybereason, says it really depends on the system, the use
case, and the tuning of the system. Some problem domains are less suited for AI-based solutions with existing technology and data. Others work incredibly well. False positives continue to be a big problem in security and more so in AI-based security because these systems tend to observe more of the data, so even a low falsepositive rate can be a problem when processing petabytes of data. “Overall, it’s a hard problem and the levels of false positives ultimately come down to the specific implementation,”he says. Can AI replace human security analysts? No, not now or even in the near future, says Haffar from Kaspersky. Human intervention will always be needed and is essential. You can adopt AI-based solutions, but you will always require human effort to monitor and control the process. Simply because AI based cybersecurity solutions can perform certain tasks they are designed for, but the tasks are formulated by humans. Even in the detection stage, a human analyst can understand exactly what malware is up to. Even when assessing a threat, historic records or samples created by humans and AI work in tandem, ensuring successful detection. El Khayat from Vectra says a shift in the human-in-the-loop model has occurred with the application of AI towards spotting concerning patterns in complex activities seen in data center and hybrid environments, augmenting or removing manual and legacy rulebased approaches. This has facilitated automatic responses to an increasing volume of attacks and heightening awareness of attacker methods. “We must not think of AI as merely a means to remove humans. It should be viewed as the means to improve upon the human experience — enlightening security professionals, driving efficiencies and arriving at outcomes with less human effort; all while being amenable to feedback that increases effectiveness over time,” he sums up.
CASE STUDY
SEEING WHAT MATTERS KINGDOM OF BAHRAIN’S INFORMATION & EGOVERNMENT AUTHORITY RAPIDLY EXPANDS GOVERNMENT SERVICES WITH APPDYNAMICS
G
overnments run on data and, for the Kingdom of Bahrain, most of that data runs through the Information & eGovernment Authority (iGA). The iGA acts as a service provider for all of Bahrain’s government agencies and government services for healthcare, education, traffic and immigration. The iGA ensures the maintenance of all critical systems, delivers 20
CXO INSIGHT ME
JUNE 2022
statistics, processes payments, and provides user authentications and authorisations. The Kingdom of Bahrain has led the way in early digital adoption for government services, providing an impressive model for governments around the world to emulate. Despite this, the rapid migration online driven by the COVID-19 crisis presented a major challenge for the country’s
Information & eGovernment Authority (iGA) team. “Our IT environment is changing rapidly. During migration of systems, we need full monitoring support to catch bugs and misconfigurations up front,” says iGA Acting Chief of Government Systems Control Abdulrahman Mattar. “We also have a lot of integrations and dependencies between systems and require end-
to-end visibility to ensure they’re working properly. From development and production through the end user experience, we want to continuously improve our services.” Manually investigating application incidents across a sprawling environment made it challenging to resolve them quickly and prevent unplanned downtime. Because millions of residences and citizens depend on the services that iGA supports, the Authority sought a solution to help them proactively identify potential issues, reduce mean time to resolution (MTTR), and take preventive measures to protect against future service interruptions. The Information & eGovernment Authority (iGA) began using AppDynamics application performance monitoring (APM) in 2017 in conjunction with implementation of a new immigration management system. Prior to incorporating AppDynamics into its daily operations, the Authority had to manually investigate and rectify application performance and availability issues, resulting in as many as three service interruptions each day. But by the time they made the shift to fully digital amid the pandemic, that many outages became an unsustainable situation, as virtually every citizen needed to use services online instead of in person. Mattar says that the complexity of the government’s environment made even a single interruption a potentially
Key Benefits • Optimised performance of government services for residences, citizens and visitors by reducing downtime and accelerating root cause analysis • Reduced top-priority incidents by more than 80% over 12 months • Improved cross-team collaboration and communication
major event. One application might tie into as many as a dozen others and negatively impact some or all of them — a huge problem where systems as important as the immigration platform and other essential services are concerned. “AppDynamics helped us address every issue in the newly developed system and everything we have digitised,” Mattar says. “Now that we have visibility across every application and the other applications it integrates with, we can pinpoint exactly where a problem is and rapidly determine how to fix it. We’ve eliminated virtually all downtime issues.” With AppDynamics, the iGA team could evolve well beyond simply investigating incidents and outages as they happened. The full-stack observability capabilities provided an in- depth view into the dependencies causing performance issues across more than 35 integrated applications, helping to effectively map and visualize performance for faster resolution. “In the past, we were very reactive, which impacted Bahrainis’ ability to access and use critical services,” Mattar explains. “AppDynamics helped us become more proactive in our approach, allowing us to accelerate root cause analysis and redesign many
applications to eliminate unnecessary dependencies and break points.” iGA is responsible for a substantial number of essential services the public depends on, and AppDynamics has been instrumental in helping the team collaborate to deliver them in a seamless and reliable manner. “With AppDynamics, we’ve reduced incidents by about 80%. MTTR and application downtime have been significantly reduced too,” Mattar shares. “These performance optimizations allow us to focus less on whether an application is working and more on providing an exceptional user experience — especially when services are in high demand.” Once the iGA team started using AppDynamics, they could respond more quickly to performance hits and rapidly reallocate resources, resulting in fewer service performance degradations and improved end user satisfaction. For example, when the Government of Bahrain announces school and university test results twice a year, tens of thousands of users need to access a national portal simultaneously, thus iGA reallocates resources proactively based on AppDynamics trend baseline. “Even as we ramped up more applications and provided additional services, AppDynamics helped us continue to reduce incidents,” says Mattar. “Before we experienced a severe outage about once a month. Now we’ve had just two over the past year.” Mattar says that AppDynamics has completely reshaped how the Authority approaches and manages its IT performance. “AppDynamics has become an essential tool for us to observe, react to and manage any and every change that might affect application performance,” he says. “It has helped establish our whole department as a strategic leader while providing the capabilities we need to consistently deliver the experiences and services our citizens demand — and will continue to do so for years to come.”
JUNE 2022
CXO INSIGHT ME
21
INTERVIEW
WHY AI IS A GAME CHANGER FOR CYBERSECURITY SHEIK ABIDEEN, REGIONAL SALES DIRECTOR – META AT SECURONIX, ON WHY AI IS THE FUTURE OF CYBERSECURITY. Artificial Intelligence’ strongly suggests that strengthening cybersecurity defenses with AI is urgent for modern enterprises. Some of the report’s key takeaways include: • Three out of four surveyed executives say that AI/ML allows their organization to respond faster to breaches. • 69% of organisations think AI/ML is necessary to respond to cyberattacks. • Three in five firms say that using AI improves the accuracy and efficiency of cyber analysts.
H
ow can AI be used to improve cybersecurity? Artificial intelligence in the cybersecurity market is projected to reach $38.2 billion by 2026 from $8.8 billion in 2019, according to Markets and Markets. Due to digital transformation, there is a massive increase in the variety and the volume of data generated today. On-prem, cloud, IoT, and social media, dark web environments have only added to the complexities for the alreadystretched security teams. Security analysts cannot analyse or investigate events at the wire speed, resulting in missed attacks and breaches. Analysing and improving cybersecurity posture is not a human-scale problem anymore. Due to this reason, companies are investing more and more in AI and machine learning technologies. AIbased security solutions are the only way an organisation can keep up with the changes and remain effective in combating modern threats. Capgemini Research Institute analysed the role of AI in cybersecurity. Their report titled ‘Reinventing Cybersecurity with
22
CXO INSIGHT ME
JUNE 2022
The integration of AI in cybersecurity is becoming indispensable for organisations. However, the main roadblocks that slow down its adoption and deployment are talent acquisition, data complexity, and employing proper AI tools. According to IBM, one of the most critical barriers to AI deployment is the lack of talent. About 37% of organisations emphasized the difficulty of finding people with the appropriate level of AI expertise and knowledge. Is AI driving cybersecurity automation? The answer is a big yes. AI is accelerating the adoption of automation in the cyber security space. Areas where AI/ML is already in use include: • User and Entity Behaviour Analytics • Autonomous Threat hunting • SOAR (Security Orchestration, Automation, and Response) • Next-Gen SIEM and Security Analytics • Network Threat detection and response automation • XDR • Breach and Attack Simulation • Identity Risk Analytics • Threat Intelligence curation
Can AI replace human security analysts? The answer is no; however, AI will drastically change the work cyber engineers will be doing in the future. Another technology that is coming up repeatedly in today’s conversation is RPA (Robotic Process Automation). RPA and ML are two distinct but overlapping technology areas. To be very clear, RPA is a subset of AI, and it can be used to assist AI with simple tasks. With the successful integration of ML with the RPA technology, companies can replace human analysts with routine activities. For example, SOAR (Security Orchestration, Automation, and Response) is one such technology in use today. Due to this reason, several technology innovators are investing heavily in ML and RPA technologies together. Another factor driving AI adoption is the skills gap in cybersecurity. A Cyber Security Workforce Study from the International Information System Security Certification Consortium predicts a shortfall of 1.8 million in the cyber workforce by 2022. While this can feel like impending doom and gloom for the industry, AI, or artificial intelligence, can help quell the concerns while empowering existing cyber workers. AI and the human workforce are not in conflict with one another in this field; in fact, they complement each other. While AI may be great for processing large amounts of data or replacing autonomous manual tasks, it will never be able to replace a security analyst’s insights or understanding of the field. Nevertheless, the future is bright for AI and humans to work in tandem at the front lines of cyber defense.
INTERVIEW
A WORLD OF POSSIBILITIES WALID GOMAA, ACTING CHIEF EXECUTIVE OFFICER AT OMNIX INTERNATIONAL, EXPLAINS WHY DIGITAL TWINS TECHNOLOGY, WHEN DONE RIGHT, HAS THE POTENTIAL TO RESHAPE BUSINESS STRATEGIES AND TRANSFORM INDUSTRIES.
W
hat are the key trends shaping the digital twin’s market? Digital twin by definition is a replica of a product, process or service. The concept entails mapping a physical asset onto a digital platform. Any technology that can help to capture data in real-time, consolidate & process data and then analyze data will have a great impact on the adoption of the digital twin. Technologies like IoT, 5G, 3D printers, 3D scanners, big data (data lakes), computing, AI/ML, and robotics will allow flexibly built, real-time sensed, and deeply learned digital twins deployments for a variety of purposes. What kind of problems can be solved by digital twins? There are many areas where digital twins can add value. Take predictive maintenance as an example, by getting real-time data feed from systems, businesses can proactively identify and predict real-time problems. This will help businesses to schedule predictive maintenance ahead of failure or solve a real-time problem. This will lead to improved efficiency and minimise downtime which will have a direct impact on the profitability of the operations. In healthcare services, sensorgenerated data can be used to track a variety of health indicators and generate key insights which will help in enhancing citizens’ wellbeing. In the construction business and with the advancement in 3D digital twin technology, building information modeling (BIM) and virtual design and construction (VDC) are being driven
and provides real feedback with a two-way flow of information to produce predictions and simulations for realtime data gathering. Simulation typically studies one process, which makes the digital twin considerably richer for study. In summary, simulations can help in understanding what may happen in the real world, while digital twins compare and assess what may happen alongside what is happening.
to another level. Now, a 3D digital twin is being used throughout the entire lifecycle of properties – from preconstruction all the way through to maintenance and operation. This will help to keep a construction project on time & on budget and eliminates risk & complexity. In the automotive industry, the digital twin can be used to improve vehicle performance and increase the efficiency surrounding their production. There are many other problems that can be addressed in different areas like urban planning, aircraft production, and power-generation equipment. What is the difference between simulations and digital twins? Digital Twins and simulations both utilise similar digital models to replicate products and processes but have some key differences. A digital twin creates a virtual environment able to study several simulations, multiple processes,
What are some of the new use cases of digital twins? Companies across sectors and application areas utilise digital twins to improve planning and decision-making, including manufacturing, supply chain, automotive, aerospace, infrastructure (smart cities), oil & gas, and healthcare. In healthcare, creating a digital twin of a hospital, operational strategies, capacities, staffing, and care models helps healthcare providers examine the operational performance of the organisation. Also, healthcare providers and pharma companies can use digital twins to model the genome code, physiological characteristics, and lifestyle of patients so that healthcare companies can provide personalised care such as unique drugs for each patient. In aerospace, with digital twins, engineers can use predictive analytics to foresee any future problem involving the airframes, engine, or other components to ensure the safety of the people onboard. In supply chain, logistics companies can analyze how different packaging conditions can affect product delivery with the help of digital twins.
JUNE 2022
CXO INSIGHT ME
23
VIEWPOINT
A NEW AGE OF CYBERSECURITY BRIAN PINNOCK, CYBERSECURITY EXPERT AT MIMECAST, WRITES AI CAN BE A POWERFUL TOOL IN MIDDLE EAST’S CYBER DEFENCES
T
echnologies such as artificial intelligence (AI), machine learning, the Internet of Things and quantum computing are expected to unlock unprecedented levels of computing power. These so-called Fourth Industrial Revolution (4IR) technologies will power the future economy and bring new levels of efficiency and automation to businesses and consumers. AI in particular holds enormous promise for organisations battling a scourge of cyberattacks. Over the past few years cyberattacks have been growing in volume and sophistication. The latest data from Mimecast’s State of Email Security 2022 report found that 90% of companies in Saudi Arabia, and 94% in the UAE, were the target of an email-related phishing attack in the past year. Three-quarters (76%) of UAE companies also fell 24
CXO INSIGHT ME
JUNE 2022
victim to a ransomware attack, with six in ten organisations in Saudi Arabia reporting the same. AI adoption gaining ground To protect against such attacks, companies are increasingly looking to unlock the benefits of new technologies. The market for AI tools for cybersecurity alone is expected to grow by $19-billion between 2021 and 2025. Adoption of AI as a cyber resilience tool is growing among companies in the Middle East. While a third (34%) of companies in Saudi Arabia currently make use of AI or machine learning (or a combination of both), half of the survey respondents said they have plans to adopt AI in the next year. In the UAE, AI adoption is greater, with nearly half (46%) of organisations already using a combination of AI and machine learning.
The UAE has also formalised its intention to become a global leader in AI by 2031 with its National Strategy for Artificial Intelligence. This strategy sets out an ambitious path for how the UAE will leverage AI and increase the country’s competitiveness in priority sectors through deployment of AI. In addition, the strategy seeks to see the adoption of AI across government services with the aim of improving lives, and for the country to become a fertile ecosystem for AI and its applications. However, it’s going to be essential that cybersecurity is a key consideration in this strategy, both in terms of securing AI solutions and also ensuring that cybersecurity providers harness the power of AI to support and improve their technologies. But is AI a silver bullet for cybersecurity professionals seeking support with protecting their organisations?
AI use cases growing AI should be an essential component of any organisation’s cybersecurity strategy. But it’s not an answer to every cybersecurity challenge - at least not yet. The same efficiency and automation gains that organisations can get from AI are available to threat actors too. AI is a double-edged sword that can aid organisations and the criminals attempting to breach their defences. Used well, however, AI is a gamechanger for cybersecurity. With the correct support from security teams, AI tools can be trained to help identify sophisticated phishing and social engineering attacks, and defend against the emerging threat of deepfake technology. In recent times, AI has made significant advances in analysing video and audio to identify irregularities more quickly than humans are able to. For example, AI could help combat the rise in deepfake threats by quickly comparing a video or audio message against existing known original footage to detect whether the message was generated by combining and manipulating a number of splicedtogether clips. AI may be susceptible to subversion by attackers, a drawback of the technology that security professionals need to remain vigilant to. Since AI systems are designed to automatically ‘learn’ and adapt to changes in an organisation’s threat landscape, attackers may employ novel tactics to manipulate the algorithm, which can undermine its ability to help protect against attack. A shield against threat actors’ tracking A standout use of AI is its ability to shield users against location and activity tracking. Trackers are usually adopted by marketers to refine how they target their customers. But unfortunately threat actors also use them for nefarious purposes. They employ trackers that are embedded in emails or other software and reveal the user’s IP address, location, and engagement levels with email
these days spend a lot of time away from the office. If a criminal can glean information from the trackers they deploy, they could develop highly convincing social engineering attacks that could trick employees into unsafe actions. AI tools provide muchneeded defence against this form of exploitation.
content, as well as the device’s operating system and the version of the browser they are using. By combining this data with user data gained from data breaches - for example a data breach at a credit union or government department where personal information about the user was leaked - threat actors can develop hugely convincing attacks that could trick even the most cyber aware users. Tools such as Mimecast’s CyberGraph can protect users by limiting threat actors’ intelligence gathering. The tool replaces trackers with proxies that shield a user’s location and engagement levels. This keeps attackers from understanding whether they are targeting the correct user, and limits their ability to gather essential information that is later used in complex social engineering attacks. For example, a criminal may want to break through the cyber defences of a financial institution. They send out an initial random email to an employee with no content, simply to confirm that they’re targeting the correct person and what their location is. The user doesn’t think much of it and deletes the email. However, if that person is traveling for work for example, the cybercriminal would see their destination and could then adapt their attack by mentioning the location to create the impression of authenticity. Similar attacks could target hybrid workers, since many employees
Security awareness needs to remain a priority Despite AI’s power and potential, it is still vitally important that every employee within the organisation is trained to identify and avoid potential cyber risks. Nine out of every ten successful breaches involve some form of human error. In the latest State of Email Security 2022 report, nearly nine in ten (88%) respondents from UAE – and 72% of respondents from Saudi Arabia - believe their company is at risk from inadvertent data leaks by careless or negligent employees. AI solutions can guide users by warning them of email addresses that could potentially be suspicious, based on factors like whether anyone in the organisation has ever engaged with the sender or if the domain is newly created. This helps employees make an informed decision on whether to act on an email. But because it relies on data and is not completely fool proof, regular, effective cyber awareness training is needed to empower employees with knowledge and insight into common attack types, helping them identify potential threats, avoid risky behaviour and report suspicious messages to prevent other end-users from falling victim to similar attacks. Encouragingly, 44% of companies in Saudi Arabia, and 46% of companies in UAE provide ongoing cyber awareness training, well ahead of a global average of 23%. To ensure AI - and every other cybersecurity tool - delivers on its promise to increase the organisation’s cyber resilience, companies should continue to prioritise regular and ongoing cyber awareness training and ensure that people remain part of the solution.
JUNE 2022
CXO INSIGHT ME
25
AWARDS
CELEBRATING CYBERSECURITY EXCELLENCE THE SECOND EDITION OF THE CYBER STRATEGISTS SUMMIT AND AWARDS SPOTLIGHTED CYBERSECURITY INNOVATIONS AND WAYS TO BUILD RESILIENT BUSINESSES.
T
his is a new era for cybersecurity. Changing the traditional mindset, businesses are turning cybersecurity into a competitive advantage today. As a result, every dollar spent on cybersecurity is seen as an investment – not a liability. In today’s digital age, where cybersecurity is more important than ever, the industry needs to collaborate more to develop innovative approaches. Today, cybersecurity is a business issue, not just an IT issue. And all the security leaders have a new mandate – focus on the business and make a strategic difference. Cyber Strategists Summit brought together thought leaders from the industry to spotlight some key cybersecurity trends. The event was kicked off by Jeevan Badigari, CISO of DAMAC Properties, who spoke about the need for cyber hygiene as a foundation to build a secure organization. “The general notion is that a lack of good cyber hygiene is at the heart of most cyber-attacks. Incorporating basic controls can reduce cyber risks by as much as 85 percent. So instead of chasing 26
CXO INSIGHT ME
JUNE 2022
the latest and robust tech, get basics first,” said Badigari. A presentation followed this by Anoop Paudwal, Information Security Manager at Al Nisr Publishing, on how the GRC journey helps achieve information security while reducing operations costs and risks. “You must map processes and identify all technologies and people around them. Understand define operational
technology environments, and ensure the right people are in the right place with the right knowledge. Then, do a failure mode effect analysis for each process, people and technology and understand how a failure can impact the business process,” Paudval said. Vibin Shaju, UAE GM of Trellix, made the day’s final presentation on the critical role of security operations in the modern workplace. “Continuous development, implementation and assurance of cybersecurity initiatives should increase customers’ maturity index over the next 2-3 years,” he said. The event also had a panel discussion on how to enable security transformation featuring: Mohammed Kader, regional security sales manager at Micro Focus; Loubna Imenchal, head of video collaboration for Africa, ME and Central Asia region at Logitech; Rabih Itani, UAE country manager of Vectra AI; Arun Tewary, strategic advisor at Finesse; and Rajeev Dutt, GM of EMEA and APAC at Infinite Blue.
Jasmita Mallik
Tushar Vartak
Sarith Bhavan
Landmark Group
RAK Bank
Mubadala Investment Company
Saqar Al Ali
Jeevan Badigari
Awais Bin Imran
Sharjah Finance Department
DAMAC Properties
Noor Takaful
Sumith Poolappan
Ramakrishnan Natarajan
Anoop Paudval
flydubai
Emirates Hospitals Group
Al Nisr Publishing
JUNE 2022
CXO INSIGHT ME
27
AWARDS
Hariprasad Chede
CyberRes
SolarWinds
National Bank of Fujairah
Best cyber protection vendor
Best network security vendor
Logitech
Vectra
Acronis
Best secure video collaboration vendor
Best AI cybersecurity vendor
Best cloud cyber protection vendor
du Best security team
28
CXO INSIGHT ME
JUNE 2022
du
ColorTokens
Best security team
Best zero trust platform vendor
FEATURE
MAKING THE RIGHT CONNECTIONS AI AND 5G ARE DRIVING THE ADOPTION OF ENTERPRISE IoT, BUT CHALLENGES REMAIN.
T
he pandemic has accelerated the adoption of the Internet of Things, which has been one of the most hyped technologies for many years. With vendors offering fully integrated applications and platforms, IoT spurs many exciting use cases in different industries. According to Gartner, enterprises implementing IoT are increasingly focusing on the business outcomes of the technology, and IoT initiatives are no longer driven by the sole purpose of internal operational improvement. Instead, the research firm says IT and business stakeholders must work together to align IoT projects with 30
CXO INSIGHT ME
JUNE 2022
business objectives for improving revenue and customer experience. What is next for IoT technology? “In 2022, Artificial Intelligence (AI) and Machine learning (ML) applications will continue to feed into IoT technology. We’ll see increased use cases for “AIoT”, the Artificial Intelligence of Things, where ML will enhance data analytics and decision-making for data generated by IoT across a wide range of applications. IoT will also increasingly be found in the supply chain process. As global supply chains become more complex, IoT technologies will be used in asset and inventory management, as well as helping to track products
at every step of the way. Additionally, with widespread deployment of 5G, industrial IoT will also surge, as the reduced latency and quicker speeds will help to connect a large number of machines and devices efficiently,” says Hani Khalaf, Field CTO – IoT and Digital Cities, META, at Dell Technologies The increased focus on the rollout of 5G across the region has undoubtedly been a key enabler for the widespread implementation of IoT devices and in supporting data processing for IoT networks. As 5G adoption grows, IoT is set to take up an increasingly significant role in digitally transforming major
Hani Khalaf
industries around the world, says Lucky La Riccia, Vice President and Head of Digital Services at Ericsson Middle East and Africa. “In industries such as Oil & Gas and manufacturing, IoT can enhance efficiencies in areas of proactive asset maintenance and process automation but also significantly improve worker safety, ensuring the continuity of the industry. Allowing real-time data transfer and diagnostics, we will see IoT offering the means required for enabling flagship 5G uses cases in environmental monitoring and autonomous driving. With more businesses adopting IoT-powered datadriven solutions, it can edge us ever closer to achieving a sustainable social and economic environment,” he says. Nicole Reineke, Vice President of Innovation, Iron Mountain, says we can expect continued growth in IoT implementations as more enterprises and the public sector use IoT to help make more informed decisions, improve operational efficiency, or otherwise drive business value. It’s not just about using new or fun technology. IoT works in synergy with other technologies such as artificial intelligence, machine learning, and edge computing to enable insights and near real-time automation. This, in turn, helps organisations drive innovation and achieve their full potential. “As we consider the expansion of drones and autonomous vehicles, both of which extend sensor and
Lucky La Riccia
WITH NEW EMERGING TECHNOLOGIES LIKE 5G, AI AND IOT, WE CAN LIKELY ACHIEVE EVEN MORE REDUCTIONS IF WE IMPLEMENT THEM CORRECTLY. ALLOWING REAL-TIME DATA TRANSFERS OVER NUMEROUS CONNECTED DEVICES, IOT ENABLES OPERATIONAL EFFICIENCIES AND HELPS CUT ENERGY COSTS, SIGNIFICANTLY REDUCING OUR IMPACT ON THE ENVIRONMENT. data collection capabilities, we see a proliferation of IoT data bringing new levels of geospatial awareness and data-driven decision making. However, the growth in IoT devices brings about increased security threats and cybercrimes, so we will also see a growing focus on ensuring IoT networks
Nicole Reineke
and devices are not vulnerable to cyberattacks,” she adds. Though the technology is maturing rapidly, security concerns linger around IoT implementation. So how can enterprises simplify IoT deployments and address security concerns? “As technology adoption surged in recent years, cyber threats have increased, necessitating a greater focus on cybersecurity. Therefore, it is unsurprising that the global IoT security market is projected to grow to $18.6 billion in 2022 (Statista). As far as security is concerned, efficiency revolves largely around compliance with standards such as GDPR. Most IoT devices and cloud-based solutions are subject to third-part tests and verifications before they’re certified as secure. In fact, bestin-class IoT devices accompany data encryption and code signing, besides the recurring prompts to incorporate strong authentication mechanisms — all irrespective of configurations. When such IoT practices are institutionalised, deployments tend to become simplified,” says Sanjeevv Bhatia, Chairman of SB Group and CEO of Netix Controls. Reineke from Iron Mountain says the great news is that security and privacy awareness has dramatically increased as governance and laws have become commonplace for personal data. Consumers are also increasingly aware of concerns about IoT security and make informed choices about
JUNE 2022
CXO INSIGHT ME
31
FEATURE
Sanjeevv Bhatia
protecting both devices and data. Healthcare providers have to ensure security and privacy for connected devices such as defibrillators, heart monitors, and pacemakers. Manufacturers, who traditionally have kept factory sensors and equipment disconnected from the Internet–and often from the company intranet– are demanding security from their infrastructure and network providers. “As these entities become more connected, they need to adopt Zero Trust architecture, implement a robust cybersecurity strategy, and deploy devices, infrastructure, and software with built-in security,” she says. Feras Juma, IOT & Integration Solutions Manager – Software AG, adds that the first and foremost important step is to understand that an IoT solution is a combination of different components, a consortium of different stakeholders that should work hand in hand to deliver the end-to-end solution. The consortium can consist of device providers, network connectivity providers, and platform providers. IoT and sustainability Besides driving digital transformation, IoT is also enabling many companies to create a more environment-friendly and sustainable world. By 2030, the global population will grow by nearly a billion people. With this growth, our economy will put pressure 32
CXO INSIGHT ME
JUNE 2022
Feras Juma
Susan Peterson Sturm
on planetary boundaries and social systems like never before. Therefore, it is crucial to embed sustainability and ethical practices into the core part of organisations. One way of doing that is through IoT technologies, which can be implemented in numerous ways across industries, says Khalaf from Dell. “One key important application for organisations, is using IoT to reduce energy consumption by optimising systems’ efficiencies through sensor data. IoT can also be used for smart water management, where the usage and quality of water resources and associated equipment, like pipes and pumps, are monitored and controlled. Air quality monitoring through IoT can also be used to detect leaks for industrial plants in far or remote locations. IoT applications, where data is collected by smart agriculture sensors, can also help with smart farming, for which yields are optimised, waste is reduced, and resources, such as water and fertilizers, are used efficiently,” he adds. La Riccia from Ericsson agrees that digital technologies such as IoT solutions have the potential to accelerate the reduction of global emissions by up to 15 percent by 2030. With new emerging technologies like 5G, AI and IoT, we can likely achieve even more reductions if we implement them correctly. Allowing real-time data transfers over numerous connected devices, IoT enables
operational efficiencies and helps cut energy costs, significantly reducing our impact on the environment. In the automotive industry, for example, the synergies that result from collectively and systematically integrating transportation and communication networks—such as telematics, smart city analytics, and traffic management solutions—can quickly lead to efficiencies that reduce emissions, he says. “When it comes to sustainability, heavy industries face growing pressure and stricter industry and financial regulations to bring about a change and provide visibility to current emissions. We believe there’s an enormous impact and value in using technology to help asset-heavy industries become more sustainable. IoT is one of the key enablers to make this transformation a reality by offering powerful tools that extract insights and identify opportunities from the billions of data points collected across a company’s infrastructure,” says by Susan Peterson Sturm, Chief Information and Security Officer, Cognite Through IoT, we envision an industrial world where real-time data and modeling will enable a proactive approach to sustainability, transforming how companies predict, monitor, and curtail activities that have a high environmental impact or are carbon intensive, she sums up.
VIEWPOINT
ETHERNET SPEED RACE CINDY RYBORZ, MARKETING MANAGER DATA CENTER EMEA AT CORNING OPTICAL COMMUNICATIONS, ON WHY WE NEED TO THINK ABOUT 800G NOW.
D
emand for bandwidth is on the rise, and the reasons are numerous: home offices, streaming offerings for games, music and movies, and data-intensive applications such as ML and AI in industry and the medical sector are just a few examples. These developments pose challenges for data center operators - of hyperscale as well as enterprise and colocation data centers - because in addition to increased capacity requirements, they must also ensure ever lower latencies while meeting climate targets. One way to do this is to make more efficient use of existing switch architectures (High Radix ASICS). For example, 32-port switches offer up to 12,800 Gb/s bandwidth (32 x 400G), and versions for 800G transmissions of up to 25,600 Gb/s are also available. These high-speed ports can be easily divided into smaller bandwidths. This enables more energy-efficient operation while increasing the packing or port density (32 x 400G = 128 x 100G). The need to support low latency, high availability and very high bandwidth applications will continue to grow in the future. The question is not whether data center operators need to upgrade to meet the increasing demand for bandwidth, but when and how. Operators should be prepared and adapt their network design now. After all, with a flexible infrastructure, it is possible to upgrade from 100 to 400 to 800G, for example, with surprisingly few changes. Network design is becoming increasingly complex However, higher data rates also increase the complexity of solutions and offerings. As mentioned at the beginning, it is not necessarily a matter of fully utilizing 800G for each port, but of supporting the bandwidth requirements of the end devices.
Examples of this are Spine-Leaf connections with 4 x 200G or Leaf-Server connections with 400G ports, operated as 8 x 50G ports, which at the same time makes the network more energy efficient. To achieve this, a variety of solutions exist, as well as new transceiver interfaces. LC duplex and MPO/MTP® connectors (12/24 fibers) are the well-known interfaces for transmission speeds of 10, 40 and 100G. For higher data rates such as 400G and 800G and beyond, additional connector faces such as MDC, SN and CS (Very-SmallForm-Factor connectors), as well as MTP/ MPO connectors with 16 fibers in a row have been introduced. For network operators, it is a challenge to keep track and choose the right technology and network components for their needs. Requirements for increasing bandwidths in network expansions also often conflict with a lack of space for additional areas or costs incurred as a result. Network equipment suppliers are therefore constantly working on new solutions to enable more density in the same space and to keep the network design scalable and at the same time as simple as possible. Port breakout applications for more sustainability In addition to better utilisation of the highspeed ports and the associated port density, port breakout applications can also positively influence the power consumption of the network components and transceivers. The power consumption of a 100G duplex transceiver for a QSFP-DD is about
4.5 watts, while a 400G parallel optical transceiver operated in breakout mode as 4 ports with 100G each consumes only 3 watts per port. This equates to savings of up to 30 percent, notwithstanding the additional savings in air conditioning and switch chassis power consumption and their contribution to space savings. Effects on the network infrastructure Scalable use of the backbone or trunk cabling is given when the lowest common multiple serves as the basis. For duplex applications, this would classically correspond to “Factor 4”, i.e. base-8 cabling, on the basis of which -R4 or -R8 transceiver models can be mapped. This type of cabling thus supports both current technologies and future developments. In addition to the selection of a granular, scalable backbone, it is also important to plan sufficient fiber reserves for future upgrades or to implement expansions with the least possible change effort. With sufficient fiber reserve planned, network adjustments can be implemented by replacing a few components: For example, an upgrade from 10G to 40/100G or 400/800G can be implemented by replacing MPO/MTP to LC modules and LC duplex patch cables with MTP adapter panels and MTP patch cables without making any changes to the backbone (fiber plant). Modular fiber housings also allow a mix of different technologies and the integration of new mating faces (very-small-form-factor connectors) with a few simple steps. Options for mapping are also available today: 8-, 12-, 24- and 36-fiber modules. The use of bendinsensitive fiber also helps make the cabling infrastructure durable, reliable and fail-safe. Being prepared pays off Data rates of 400 or 800G are still a long way off for most enterprise data center operators, but bandwidth demand is growing - and fast. Sales of 400G and 800G transceivers are already on the rise. So it pays to be prepared, rather than having to upgrade later under time pressure. Data center operators can make their facilities ready for 400G and 800G now, with just a few changes, to be optimally prepared for the future. Of course, this also applies to Fibre Channel applications.
JUNE 2022
CXO INSIGHT ME
33
VIEWPOINT
LAW IN THE DIGITAL ERA PARNIKA CHATURVEDI, PARTNER, AND DANIEL XU, PARTNER – KING & WOOD MALLESONS, ON THE LEGAL FRAMEWORKS TO SUPPORT DUBAI’S DIGITAL ECONOMY TRANSFORMATION
W
ith the rapid growth of the digital economy and its continued integration into our everyday lives, it has now become more essential than ever to ensure that a secure and reliable ecosystem is available to investors, users and businesses. The Dubai Government has been at the forefront of developing and implementing advanced infrastructure, specialised legislations and judicial systems, which are pivotal to establishing a strong framework to support digital transformation. In recent times, the two key legal developments surrounding the virtual and digital landscape have been: 1. Establishment of the Specialised Court for the Digital Economy as part of the Dubai International Financial Center (“DIFC”) Courts. 2. Promulgation of Dubai Law No 4 of 2022 34
CXO INSIGHT ME
JUNE 2022
on the Regulation of Virtual Assets in the Emirate of Dubai (“Virtual Asset Law”). Specialised Court for the Digital Economy in the DIFC On 14 December 2021, the DIFC Courts announced the launch of a Specialised Court for the Digital Economy (“Digital Economy Court”) to resolve disputes relating to current and emergent technologies, including digital assets, cryptocurrency, big data, blockchain technologies, artificial intelligence, cloud services, unmanned aerial vehicles, 3D printing technologies, and robotics. This specialised judicial tool has been introduced to meet the specific needs of the digital economy sector. The Digital Economy Court will be operated by eminent judicial experts and supported by solid and reliable infrastructure and service providers.
It can further be expected that the Digital Economy Court will complement the existing divisions, including the Technology and Construction Division and the Arbitration Division. The proposed draft Digital Economy Court Rules, which were in the consultation phase until 20 April 2022, provide deep insight into the expected jurisdiction and powers of the Digital Economy Court. Some of the salient features of these draft Rules are: • Granting the Digital Economy Court wide powers and jurisdiction over disputes » The draft Rules provide a nonexhaustive definition of the type of claims that are suitable for determination by the Digital Economy Court. This includes any claims involving issues relating to the digital economy, thereby, creating a real possibility of an
overlap between claims that can be brought into the Digital Economy Court and another division of the DIFC Court. » The draft Rules grant the Court the power to grant interim and final remedies. • Modern and forward thinking » The draft Rules place great emphasis on digital determination of disputes, smart forms and digital procedures. For example, there is a presumption that hearings will be conducted remotely with digital presentation of material, rather than in person. Parnika Chaturvedi
• Fast-track procedure » The draft Rules propose a fasttrack process for claims in which the value does not exceed AED 100,000 or where the parties have agreed to use the fast-track process irrespective of the value of the claim. This fast-track process only allows for a limited route of appeal to the Digital Economy Court on issues of law or procedural irregularity, but there is no appeal to the Court of Appeal. Virtual Asset Law On 28 February 2022, the Emirate of Dubai issued the Virtual Asset Law on the regulation of Virtual Assets and established the Virtual Assets Regulatory Authority (“VARA”). The Virtual Asset Law provides the legal framework to protect and govern the various players involved with virtual assets in Dubai. Dubai is one of the few jurisdictions to have introduced a law to govern virtual assets, which is consistent with the vision of developing Dubai and the UAE as a regional and global destination in the digital space. Applicability The Virtual Asset Law is applicable throughout Dubai (including all free zones and special development areas), except for DIFC. The Virtual Asset Law is not meant to regulate Virtual Assets at a Federal level.
The DIFC regulator, the Dubai Financial Services Authority (DFSA), is working on its own regulation for the virtual asset sector and recently published Consultation Paper 143 on the Regulation of Crypto Assets in the DIFC, which was open for comments until 6 May 2022. Virtual Assets The law provides a very wide definition of Virtual Assets to include cryptocurrencies, tokens, non-fungible tokens, and any other virtual asset determined by VARA. “A digital representation of value that can be digitally traded, transferred or used as an exchange or payment tool or for investment purposes, including Virtual Tokens, and any digital representation of any other value determined by the Authority in this respect”. - Provision of the Virtual Asset Law Regulatory Authority VARA has been established to oversee the development of the business environment for virtual assets in terms of regulation, licensing and governance. This includes preparing rules and regulations and proposing legislation in respect of virtual assets, and acting as a supervisory authority for virtual asset platforms and for the issuance and offering of virtual assets.
Daniel Xu
VARA will be based in the Dubai World Trade Centre (“DWTC”) as an independent entity affiliated with the existing DWTC Authority. Some of the key features of VARA are: • VARA will have legal status and financial and administrative autonomy, with an independent and juridical capacity to protect and regulate the stakeholders in virtual asset services. VARA will also oversee the enforcement of the Virtual Asset Law. • VARA is expected to cooperate and coordinate with other federal agencies, including the UAE Central Bank, to develop general policy. • Any person or legal entity is only allowed to undertake any activities within VARA’s scope following VARA’s authorisation. However, no express prohibition appears to be placed on individuals or entities operating or investing from outside Dubai. The Virtual Asset Law is a positive development in the digital economy space. VARA is expected to issue further implementing regulations in the future. These timely developments including the introduction of innovative and progressive frameworks and judicial tools, are the right steps for Dubai to become the global hub for digital assets and transformation.
JUNE 2022
CXO INSIGHT ME
35
VIEWPOINT
THE NEW MANDATE RAM NARAYANAN, COUNTRY MANAGER AT CHECK POINT SOFTWARE TECHNOLOGIES, MIDDLE EAST, ON HOW CYBERSECURITY READINESS PREVENTS SMALL AND MEDIUM BUSINESSES (SMBS) FROM FUELLING SUPPLY CHAIN ATTACKS
S
upply chain attacks aren’t new. If the past couple of years have taught businesses anything, it’s that the impact of supply chain cyber attacks is now, universal, from the fallout of the SolarWinds software breach, to the exposed Apache Log4j vulnerability and Kaseya last year. Unfortunately when such supply chain attacks hit smaller businesses who are usually the suppliers to larger enterprises, their impact is especially prohibitive. For SMBs already feeling the prolonged impact of the pandemic, the added pressure of dealing with sophisticated and frequent cyber attacks in real time, are a heavy burden, as they try to protect their business against financial, legal and reputational damage, as well as their own suppliers and larger clients’ security. It is now more important than ever for SMBs
36
CXO INSIGHT ME
JUNE 2022
to implement strict security hygiene and effective cybersecurity processes to ensure their business is prepared for the event of cyber attacks happening. SMBs as an indirect avenue of cyber attacks The ‘new normal’ opened the door to several new vulnerabilities; cyber attacks globally increased by 50% on average in 2021, compared to 2020. Our Check Point Threat Intelligence report revealed that an organisation in United Arab Emirates is being attacked on average 906 times per week in the last six months. While security breaches are on the rise, the top threats impacting SMBs have remained the same. In Check Point’s Small and Medium Business Security Report from 2020/2021, we revealed phishing, malware, credential theft and
ransomware to be the top four threats impacting these businesses. So, what does this mean for them? The reality is threat actors have taken advantage not only of the nowentrenched remote working model to target organisations, but also the usual limits preventing SMBs from bulking up on their cyber security defences, mainly lack of budget and expertise. SMBs often do not have a dedicated IT or security department, meaning with no in-house security expertise and reduced focus on security patching, these companies are easier to socially engineer and infiltrate. Adding to this, SMBs usually have employees doing multiple roles, and thus a wider access to valuable areas of the business and information is given to them, and so if breached, they pose a threat to multiple areas within
the business. In addition, the business IT infrastructure is often shared for personal use communication as well eg. social media, personal emails allowing easier access to hackers, as the data is often not secured. Threat actors often target SMBs as low hanging fruit for their vital role in supply chains. This is especially so as such attacks wreak havoc on not only one organisation but entire businesses within the supply networks. By leveraging tactics such as phishing, cybercriminals gain access to an organisation to launch a malware attack, steal data and credentials or instigate a ransomware. Take for example, the attack against Target USA where hackers used stolen credentials from an SMB vendor that serviced the HVAC systems in Target stores, to gain access to the retailer’s network and then laterally move to the systems that kept customer payment information. As a result, the global retailer was breached and 40 million credit and debit cards details stolen. The key factor to preventing cyberattacks is threat prevention. With minimal time and lack of cyber expertise or manpower, SMBs must adopt a prevention mindset to minimise potential cyber attacks and threats. Why cybersecurity readiness is paramount for SMBs Beyond the immediate financial impact and reputational blow as a trustworthy, reliable partner, SMBs can also face legal or regulatory repercussions, operational disruption, flow-on costs for system remediation and cyberattack response, customer churn, and the loss of competitive advantage that can make or break a smaller business. In fact, a tarnished reputation as an avenue of attack can be even more detrimental to an SMB organisation, as the loss of trust with a larger organisation could mean a loss of potential business and revenue down the line with them or other new, potential customers. With this in mind, budgetary constraints to keep computers and corporate networks protected should never be an excuse, as keeping sensitive data and
A VIABLE OPTION FOR SMBS IS TO ALSO CONSIDER ENGAGING AN EXPERIENCED MANAGED SECURITY SERVICE PROVIDER (MSSP), WHO WILL HAVE THE SKILLED RESOURCES, UPDATED SECURITY SOFTWARE AND EXPERIENCED EXPERTISE TO MONITOR FOR AND ANALYSE THREATS ON BEHALF OF THE SMB PLAYER. information protected will bring many advantages and benefits to companies. This can range from overall cost savings, compliance with data protection laws, gaining the trust of customers and suppliers, to protecting your documents and information to the maximum by preventing any type of data breach. How SMBs can prevent supply chain attacks By applying stronger cyber defences, SMBs are in a position to provide larger organisations with assurance that larger companies they supply to will not be compromised via the SMB partner or third-party vendor. Whilst there are multiple means to prevent such supply chain attacks, the first step is to have good software capable of covering the entire company, protecting the company’s endpoints and devices, supported by regular backups so that, in the event of a cyberattack, they have the possibility of restoring all the data. Any device that connects to the network can become a security breach, so it is important to secure all endpoints.
It is especially critical for remote or hybrid workforces to avoid security breaches and data compromise. Also, all employees should be trained in cybersecurity so that they themselves become the first barrier to any attempted attack, such as phishing via email or SMS. Keep in mind that prevention is one of the best protection measures available. A viable option for SMBs is to also consider engaging an experienced Managed Security Service Provider (MSSP), who will have the skilled resources, updated security software and experienced expertise to monitor for and analyse threats on behalf of the SMB player. This is especially useful for SMBs who have neither the time nor resources to adequately enforce threat detection and response. Partnering with a cybersecurity expert equipped with best-in-class security and scalable solution such as Check Point Software can put SMBs in good stead to protect against the most sophisticated attacks and generate trust among larger potential players. Ultimately, SMBs seek a simple plug-and-play solution with best-inclass threat protection, given their lack of financial funding and skills. With an effective cybersecurity strategy, SMBs are better placed to demonstrate their credibility as secure partners to larger organisations, opening up more business opportunities.
JUNE 2022
CXO INSIGHT ME
37
REPORT
SECURING THE CLOUD FREDERICK HARRIS, SR. DIRECTOR OF PRODUCT MARKETING, CLOUD SECURITY AT FORTINET, REVEALS KEY FINDINGS OF FORTINET 2022 CLOUD SECURITY REPORT.
T
he COVID-19 pandemic and the shift to workfrom-anywhere has forced organisations to significantly advance their digital acceleration initiatives, resulting in increasingly hybrid IT networks to help deliver better access to applications and data. In many cases, these assets are distributed across data center networks and cloud deployments that are in a constant state of flux. In addition to the added complexity of managing hybrid IT architectures, organisations underwent forced acceleration to the cloud due to external factors such as competitive pressures or supply chain issues. The lack of time to properly plan and coordinate around these efforts has led to security gaps across an expanded attack surface. Now, today’s organisations are scrambling to provide consistent security and policy everywhere to defend against attacks without disrupting business operations. So given this digital acceleration, what is the current state of cloud adoption and cloud security? Fortinet partnered with Cybersecurity Insiders to survey more than 800 cybersecurity professionals from around the world and across industries. The 2022 Cloud Security Report reveals how security executives and practitioners are using the cloud, how their organisations are responding to security threats in the cloud, and the challenges they are facing. Let’s look at some of the highlights from this year’s report. Digital Innovation Accelerates Cloud Adoption Organisations continue to shift workloads to the cloud at a rapid pace to achieve faster time to market, increased responsiveness to customer needs, and 38
CXO INSIGHT ME
JUNE 2022
cost reductions. 39% of respondents have more than half of their workloads in the cloud. Most organisations are selecting either a hybrid-cloud (39%, up from 36% last year) or multi-cloud deployment approach (33%) to integrate multiple services, provide scalability, or ensure business continuity. Seventy-six percent of organisations currently use two or more cloud providers. AWS and Microsoft Azure currently top the list, though Google and Oracle are rapidly increasing their investment and market share. Cloud Adoption Faces Headwinds This year’s Cloud Security Report is set against a backdrop of increasingly brazen and costly ransomware attacks and the major disclosure of a severe zero-day vulnerability in the popular Apache Log4j logging tool, used in many enterprise apps and cloud platforms. It’s not surprising that 95% of organisations are moderately to extremely concerned about cloud security. When Cybersecurity Insiders asked what surprises security professionals
uncovered that hinder cloud adoption, they discovered lack of visibility, high cost, lack of control, and lack of security are the biggest unforeseen factors that slow or stop cloud adoption. These remain to be consistently top inhibitors of cloud when comparing against previous surveys. Addressing these topics is critical to empowering business success. The survey also reveals that the biggest challenges organisations face are not primarily about technology, but people and processes. Lack of qualified staff (40%, up from 37% last year) is the biggest obstacle to faster adoption, followed by legal and regulatory compliance, and data security issues. Internal upskilling as well as external expertise are major game-changers to accelerating cloud success. Breaking Down the Barriers to Cloud Adoption To reduce complexity and increase security effectiveness, visionary organisations are taking advantage of a cybersecurity mesh platform. This composable, collaborative approach helps dramatically reduce the financial impact of security incidents. With threat intelligence directly shared across diverse attack vectors, visibility, management, and automation are simpler, meaning that threats are identified, and mitigated, faster. Ultimately, this reduces complexities, resolves cloud cybersecurity skills and resource gaps, and increases overall security effectiveness. It’s no surprise that over three-quarters (78%) of respondents consider it very or extremely helpful to have a single cloud security platform to protect data consistently and comprehensively across their cloud footprint.
VIEWPOINT
DEALING WITH DATA PROTECTION AHMED EID, DIRECTOR – PRESALES, META, DELL TECHNOLOGIES, SAYS DATA GROWTH, MULTI-CLOUD AND AS A SERVICE MODELS WILL DISRUPT DATA PROTECTION THIS YEAR
Remote Workforce Over the last few years, we’ve transitioned to a more remote workforce. Companies commonly have thousands of employees working remotely, all with network access. As organisations continue to adapt to growing security concerns in hybrid work environments, Dell’s latest study finds that 74% of companies agree that remote work has caused their exposure to data loss from cyber threats to increase. In the year ahead, companies will seek ways to extend data security to remote workers.
W
e are a quarter of the way through 2022, and the profound changes we are seeing in the world at large will only accelerate trends that are driving IT forward in the year ahead. IT continues to adapt to trends like multi-cloud, massive unstructured data growth and the use of as a service models. These are the shifts we expect to see, where ensuring security and protection will be a critical priority in the year ahead: Data Protection It is anyone’s guess when the next cyberattack is going to target your business as highly sophisticated malignant actors can come from all corners. It is time to tighten up, and proactively take steps to protect your business against cyber attackers. Advanced data protection is one tool in the arsenal that can allow rapid recovery from ransomware attacks. In combination with a strong security discipline, including twofactor authentication, network intrusion monitoring, and good hygiene around keeping systems up to date with the latest patches, a company can significantly improve its resilience against attacks. The Need for Air-gapped Cyber Vaults Businesses will continue to deploy strongly secured cyber vaults as a physically or logically air-gapped systems, protected from their larger networks and therefore less vulnerable to attack. These systems provide a high-confidence backup target, enabling rapid restoration of businessprocesses, data and applications should a ransomware attack occur. They combine this with active defenses of their networks and data stores, rapid detection of
40
CXO INSIGHT ME
JUNE 2022
larger IT footprint at edge sites. Here the digital world directly meets the physical world. In the year ahead, customers will increase their use of secure backup solutions, whether distributed to edge sites or centralised, to protect edge generated data. They will also seek ways to extend data security to the edge, and to eliminate vulnerability to network intrusion at edge sites.
intrusion and pro-active response planning to ensure business continuity and privacy of confidential data. As more companies take multi-cloud approaches to storing data, you can also expect them to move critical data away from the attack surface by physically and logically isolating it from access within public clouds through a secure, automated, operational air gap. Data Protection at the Edge Data is increasingly becoming decentralised. According to Gartner, 75% of enterprise-generated data will be created and kept outside a traditional data center or cloud by 2025. Relatively little of that data is coming from humans. It’s generated by machines, sensors and cameras and often it won’t even be brought back to core data centers or clouds. Over the next year, you can expect businesses to seek out holistic ways of securing their data at the edge that originate at the infrastructure layer. While many companies have long had remote sites with data, the enterprise network is expanding to include a much
As a Service Businesses will continue to migrate workloads to as a service models, including everything from application hosting runtimes to underlying compute and storage infrastructure. The security requirements for such infrastructure are just as great as traditionally installed, managed and consumed infrastructure, but with the added complexity that the infrastructure is often located in a shared co-location. Adoption of Multi-cloud Companies will continue to adopt a multi-cloud model in the year ahead. As enterprises look to bring more and more of their applications to public cloud, they’ll also need enterprisegrade solutions and services for their workloads that are integrated with their on-premises infrastructure stacks. A recent Forrester study revealed that 83% of organisations have adopted a multi-cloud approach or plan to within the next 12 months. With that growth, we’ll see an increased reliance on multi-cloud-enabled data protection for virtualised and containerised workloads, databases, and network-attached storage (NAS) file systems.
JUNE 16, 2021
VIRTUAL EVENT
WHAT YOU NEED TO KNOW ABOUT THE FUTURE OF THE DATA CENTRE 7th September 2022
REGISTER NOW https://www.cxoinsightme.com/Cloud-Connect/2022/
ORGANIZER
OFFICIAL MEDIA
INTERVIEW
CHANGING THE GAME MARNE MARTIN, PRESIDENT OF IFS SERVICE MANAGEMENT, ON THE IoT USE CASES IN THE TELECOM INDUSTRY.
W
hat are some of the most common IoT use cases in telecom? Some of the most common IoT use cases are first around the move to condition-based maintenance (versus time-based maintenance) and what we call “anticipated” break fix driven from a sensor reading and proactive data monitoring. These use cases are fairly common now, although the ability to drive statistically significant and positive results from the connected asset data is still something that is easier for the manufacturers also providing aftermarket service to do than others. In any event, enabling these use cases are possible and profitable as more effective maintenance
42
CXO INSIGHT ME
JUNE 2022
typically improves profitability by 20-25% versus conventional break fix, as well as it is delivering a much better customer experience. In a more strategic sense, IOT (and a strategy and operational plan for generating value from these connected assets) are necessary to also move to outcomes-based service and where intelligent asset monitoring in its fullest form comes to play to drive also asset longevity, asset uptime, and thinking about how to do better in adverse conditions or even climate-based maintenance and service. As more and more data is also realised and analysed, additional machine learning can be applied to become more predictive
alongside greater artificial intelligence that helps to drive self-learning across the asset, customer and mobile workforce patterns. What will be the impact of 5G in Telecom? It enables us to think truly like a mobile agile world that ubiquitous 5G is not only great for assets that are deployed that we want access to, but it enables us as consumers to be able to enjoy our work and play activities anywhere we are, not only in our home or where Wi-Fi is available. The passion and the vision that we have for mobile telephony where you no longer need cables to a home or business that is
becoming real for the first time with 5G. And that enables us to think about all of the business and activities that we do outside the home in new ways. As someone that focuses so much on how we digitalise our business models and daily activities for business and their end customers, and how we help frontline and field service workers to have more insights and assistance at their fingertips, this is a very exciting time. And for all those that love streaming content, playing games, you are similarly thrilled. Data speeds in the past before 5G weren’t fast enough to drive the differential experience that businesses and consumers would pay for, but 5G enables operators to generate more of a return on their investment in these networks and drive upward Average Revenue Per User (ARPU) related to the additional services they can provide. There is great value in enabling individuals and business to be more agile, more mobile (pun intended) and able to run anywhere in the world since it is also clear that many more workers than ever will be remote or in the “field” than ever before. 5G is huge for industries with heavy or long-lived assets that have high up-time requirements and also for cities, communities and / or other utilities beyond telco that want to become “smart.” All of this suddenly comes to life, gets a kickstart, with 5G. It is great business for the telcos that they have needed infrastructure that they can monetise to a much more diverse group of use cases and business cases because of the speed of the 5G connectivity. But it’s also just advantageous for consumers where they can now effectively take broadband anywhere in the world with the power of 5G. What are the existing challenges related to IoT implementation in Telecom? Modern infrastructure is connected, so IoT implementation in Telecom has fewer challenges. They are also already used to having network monitoring and equipment analytics.
multiplication of the BSS ecosystem requiring 300-500% more radio antennae’s, but 5G will also help to transmit the data, and we know adoption of Artificial Intelligence and Machine Learning is expected to leapfrog over the next three to five years given that much of the data has been under-utilised so far, and more will now be available. Telcos are an immensely data rich environment for asset and consumer data. Time is of the essence to harness this data to make sure that 5G drives ARPU in the ways that telco operators need it to, but also make sure that they use their data, experience and new capabilities to operate their 5G networks in ways that are best of class in terms of asset constructure, maintenance, and repair.
TELCOS HAVE THE ABILITY TO BE A CATALYST AS A DIGITAL ENTERPRISE AND ACTS AS A FACILITATOR OF HOW NOT ONLY THEY BRING IOT DATA TO LIFE IN THEIR OWN NETWORKS, BUT ALSO FOR THOSE THAT ARE USING 5G CONNECTIVITY IN ASSET RICH INDUSTRIES. Having the right analytics on the BSS infrastructure related to driving predictive maintenance, uptime in disparate environmental conditions, asset longevity, that is the continued challenge for many of the telco operators that will take cooperation with software vendors like IFS, the equipment vendors, and the telco operators to solve. 5G will make this work even more critical given the
What do you think will be the future of IoT in telecoms? Telecoms are the enabler of IoT in all industries, but companies within each industry still need to decide what asset information is meaningful and what they plan to do with it to drive the business value that is most impactful to their company performance and the delight of their end customers. Therefore, telco operators have an opportunity to not only be the connectivity vendor, but also leading in terms of value-added services and insights in other verticals to drive uptime and reliability where data insights add value. Telcos have the ability to be a catalyst as a digital enterprise and acts as a facilitator of how not only they bring IoT data to life in their own networks, but also for those that are using 5G connectivity in asset rich industries. This will give the push that is needed for connected assets to become a reality. Telcos have the opportunity to showcase how they are managing their data, implementing AI, Machine Learning, automation, etc. and in the process also build deeper and richer relationships with their business customers (while delighting end customers that are likely also personal telco users as well).
JUNE 2022
CXO INSIGHT ME
43
PRODUCTS
Pure Storage FlashBlade//S Pure Storage has announced the FlashBlade//S family of products with a new modular architecture built on uniquely co-designed hardware and software. The new platform leverages a nearly unlimited scalable metadata architecture, offering more than double the density, performance and power efficiency of previous versions. The platform evolves over time in alignment with customer requirements. With this announcement, Pure revolutionises the market again with FlashBlade//S by introducing a modular architecture that disaggregates compute from capacity. Storage, compute and networking elements can be upgraded flexibly and non-disruptively, delivering a highly configurable and customisable file and object platform to address the broadest set of modern workloads. It can deliver both the highest levels of performance and capacity optimisation with Pure’s proprietary all-QLC architecture without the need for expensive caching solutions. Designed for forward-thinking organisations, FlashBlade//S delivers: • Future-Proofing with Evergreen Subscription: By leveraging the full power of Evergreen subscriptionbased services, customers get unmatched flexibility and non-disruptive upgrades with FlashBlade//S. 44
CXO INSIGHT ME
JUNE 2022
Organisations never have to worry about their storage platform becoming obsolete or disruptive data migrations again. This is further improved with today’s announcement detailing the expanded Evergreen portfolio. • Peace of Mind for Sustainability Demands: As end users are under more pressure to prioritize sustainability, the new FlashBlade//S family helps them deliver on these needs with better performance on key metrics such as capacity per watt, bandwidth per watt, and capacity per rack-unit, resulting in an overall smaller data center footprint. For these reasons Meta chose Pure to power its AI Research SuperCluster (RSC). • Performance at Scale, Simplicity, and Efficiency of Unstructured Data: The new FlashBlade//S family, through closely engineered hardware and Purity//FB 4.0 software, pushes the boundaries of performance, scale and efficiency. FlashBlade//S will also accelerate the pace of innovation and help bring denser and more power efficient technologies to market faster. This enables customers to achieve simplicity, exabyte level scale, and the multidimensional performance required for consolidation of key unstructured data workloads.
Panduit FlexCore Optical Distribution Frame Panduit has launched its new FlexCore Optical Distribution Frame [ODF], a versatile front-access cabling system that provides necessary protection for critical connections. Utilising innovative cable management and simple, intuitive cable routing, the FlexCore ODF simplifies and reduces time for moves, adds, and changes. With standard doors with locks and optional locks for each enclosure, the FlexCore ODF solution enables multi-tiered security that is important for multiple client access. The FlexCore ODF system can manage up to 3,168 fibers per frame, making it easy to create multiple configurations using just three modular building blocks. This flexibility allows for design customisation and scalability while optimising both
product availability and system density. Compared to typical data centre cabinets, FlexCore ODF can reduce floor space in a data centre by 50%*. In addition, with side panels and doors with locks, the FlexCore ODF solution allows the system to be completely enclosed and secure. Panduit FlexCore Optical Distribution Frame offers multiple advantages over existing products: • Highly intuitive cable routing paths remove guesswork and prevents ‘rip and replace’ costs • Innovative cable management and lockable vertical cable manager doors eliminate circuit risk and downtime • Up to 3,168 fibers per frame when using standard 24 fiber cassettes • Data center floor space can be reduced by 50%* • Simplifies and reduces the time for moves, adds, and changes • Multiple form factor (width) cassettes optimise rack space across wider applications • Patch cords consolidated to a single length – freeing up capital locked in maintaining inventory • Multi-layer security with lock capability available at both 4RU enclosure and ODF doors
Axis Network Strobe Siren Axis Communications has announced AXIS D4100-E Network Strobe Siren, which helps deter intruders, ensure on-site safety and improve operational efficiency with the power of light and sound. Integrated through VAPIX, MQTT or SIP, the device comes with various light and sound patterns to ensure the right level of protection for specific environments. Based on the open Axis platform, this fully networked product can be connected to any Axis device, Axis VMS, or to third-party VMS and issue warnings and notifications with strobe lighting and/or siren alarms. For example, it can be used for perimeter protection together with thermal and/ or radar cameras. Or, for improved parking entrance management with a license plate recognition (LPR) camera. It’s possible to create different configurations with white and RGBA color lighting and pre-configured sounds. This highly customizable product can also be connected to an Axis audio solution with live or pre-recorded announcements to step up the level of deterrence. Additionally, thanks to a simple, web-based interface, it’s easy to configure one device and copy and deploy the setup to other devices on the system. Key features include light and sound in one IP-based device, profiles with different priority levels, VAPIX, MQTT and SIP integration, IP66, IK10, NEMA-4X rated casing and 5-year warranty This cost-efficient network device is easy to install, configure, and maintain. It can be powered with PoE so only one cable is needed for both data and power transfer.
JUNE 2022
CXO INSIGHT ME
45
BLOG
THE CRYPTO CRASH
SUNIL PAUL, MD OF FINESSE, ON THE IMPACT OF PLUNGING CRYPTO VALUE ON THE FUTURE OF DIGITAL CURRENCY AND BLOCKCHAIN.
O
n June 13, Bitcoin, considered the blue chip of cryptocurrencies, led the downfall of its peers as it fell over 19 percent in a single day from $25,972 to $20,834. The overall market capitalisation of cryptos went below the $1 trillion mark for the first time since early 2021. Bitcoin makes up almost 44 percent of the total market. Ethereum, which forms the backbone of leading blockchain technologies, followed in the footsteps of Bitcoin and dropped nearly 21 percent from $1,365 to $1,075 before recovering to $1,142. This came less than a week after the collapse of TerraUSD (UST). Algorithmic stablecoin Terra was pegged to the US dollar but has now fallen below 1 cent. Its sister cryptocurrency, Luna, slipped from $120 to become practically worthless. UST has been weighing on cryptocurrencies for some time, but the June 13 horror show came after a steady decline over the past several months after Bitcoin reached its all-time high of $68,990 in November last year. The market cap of cryptocurrencies around that time was slightly above $3 trillion. From establishing its value for the first time in 2010 (two pizzas worth $25 was purchased for 10,000 Bitcoins on May 22) to reaching $1 in 2011 February, and then racing to 68,990 in November 2021, the short history of Bitcoin, and cryptocurrency, has been characterised by its volatility. Of course, wild fluctuations are not new to this asset class (Bitcoin had previously crashed 80 percent in 2018), but the continuous slide since November has become worrisome.
46
CXO INSIGHT ME
JUNE 2022
The big fear for crypto fans is that these decentralised currencies were thought to be impervious to whatever was happening with the stock market and governmental policies. However, these currencies have tracked the rising inflation levels, increasing bank rates by the Fed, and falling stock markets around the world. All these factors have had a clear impact, which has eroded the confidence of most of its investors. The UST crash has led to several small investors losing their savings, and renewed calls that there needs to be some form of governance – especially for stablecoins (which are pegged to some other assets and meant to have stable price) – to prevent such incidents from happening in the future. In an interview to CNBC, Bertrand Perez, CEO of the Web3 Foundation and a former director of the Facebookbacked Diem stablecoin project, said, “The basic rules of the regulation would be that you have a clear reserve with a set of assets that are strong, and that you’re subject to regular audits of those reserves.” The Middle East may not have embraced cryptocurrencies with the alacrity of the US or Europe, but it has garnered enough interest over the past few years. A Knight Frank report last year indicated that almost 25 percent of Middle East millionaires have invested in some form of crypto. A global YouGov survey, titled ‘The Future of Financial Services Report’, showed nearly twothirds of UAE adults are interested in cryptocurrencies – the highest globally. The recent crash would hurt individual investors, but financial institutions and
banks still have a very limited exposure, which should ensure that the impact is minimised. Moreover, with most countries in the region still dependent on oil income, the high price of crude is going to be their shock absorber. The UAE has trodden carefully into the world of blockchain and cryptocurrencies. Earlier this year, it passed its first crypto law and established a regulatory body – Dubai Virtual Assets Regulatory Authority – to oversee the regulation, governance, and licensing of cryptocurrencies, nonfungible tokens and other virtual assets. Many leading global crypto exchanges have moved to the country following the announcement and established their operations here. However, the major recruitment plans these companies had in the region are expected to slow down, at least for the next couple of quarters, as trading volumes go down. Several retail shops and businesses in the country had started accepting cryptocurrencies, with stablecoins like UST becoming very popular. Experts are expecting that process to decline. From the government’s point of view, their association and adoption of blockchain technology are after careful consideration and for the long term. That’s not going to change. Until cryptocurrencies become more matured assets, where they are seen with less suspicion and hence have greater acceptance, such volatility is going to be part of its development.
BRILLIANT OPTICS. AMAZING DESIGN.
THE FUTURE IS IN SIGHT: Increase in video meetings in 20201
400%
11%
Information workers who rarely or never use video in meetings3
Growth of UC meetings with video from 2019 to 20202
274%
71%
Information workers who use video at least once a day3
ADVANTAGES OF RALLY BAR Superior Audio and Video: A video bar engineered for midsize rooms, featuring a motorized PTZ lens, adaptive beamforming mics, support for two
Flexible Deployment Options: Run meetings in appliance mode without a computer for Microsoft Teams, Zoom, GoTo, Pexip, or RingCentral. Or, connect to a computer or laptop and use with any software. Simple Setup and Cable Management: Place on a table or credenza, or add a wall or TV mount for a sleek space-saving set up. Integrated cable management keeps connections tight. Easy to monitor, manage, and support: Stay informed and ahead with metrics like people count. Medium room solution with Logitech Tap for Microsoft Teams Rooms.
@newcommea Authorized Distributors
info@newcomme.com www.newcomme.com