NAVIGATING THE WAVES OF CHANGE

NAVIGATING THE WAVES OF CHANGE

NAVIGATING THE WAVES OF CHANGE

22 THE PATH TO RESILIENT DIGITAL FUTURE

28 SECURING THE FUTURE

44 PRODUCTS

HELP AG LAUNCHES INTEGRATED CYBER DEFENSE PLATFORM

CISCO TO SET UP EDGE DATA CENTRE IN SAUDI GOOGLE CLOUD OPENS NEW CLOUD REGION IN DOHA

FINESSE JOINS

SECUREWORKS GLOBAL PARTNER PROGRAMME

UNLEASHING DIGITAL PRODUCTIVITY AND EMPOWERING VERTICAL INDUSTRIES

A MATTER OF CHOICE

Organisations in the region are adopting multi-cloud strategies to unlock the full potential of their IT infrastructure and fast-track digital transformation initiatives. Multi-cloud adoption is driven by a myriad of factors – vendor flexibility, scalability, and improved performance.

Another advantage that works in favour of multicloud is security; organisations can implement security measures and controls across multiple cloud environments, mitigating risks related to data breaches and unauthorised access. It also helps them meet compliance requirements by leveraging cloud providers with specialized certifications and compliance frameworks.

Though cloud computing has revolutionised the way organisations operate and innovate, cost overruns have become a persistent challenge, causing some enterprises to reconsider their cloud migration strategies. A multi-cloud strategy enables enterprises to optimise costs by taking advantage of competitive pricing models offered by different cloud providers. This allows them to cherry-pick the most cost-effective options for specific workloads and take advantage of discounts and tailored SLAs.

Be that as it may, multi-cloud has its share of challenges. CIOs must ensure seamless interoperability and consistent management across multi-cloud environments to avoid silos. Embracing multi-cloud also requires skilled resources who can design, deploy and manage complex cloud architectures.

In this edition, we have turned the spotlight on another trend taking the world of security by storm. DevSecOps, which combines development, security, and operations, strives to create a robust software development and delivery process that dovetails the principles of agility, automation, and collaboration. This approach helps organisations shift left, proactively address security concerns, reduce the risk of data breaches and cyber-attacks, and build trust with their customers by delivering secure and reliable software products.

Besides enhanced security outcomes, DevSecOps can also reduce costs related to remediating vulnerabilities. A recent study by the Ponemon Institute estimates enterprises that integrated security practices into their DevOps process saved an average of $1.70 million per year.

It is time to get DevSecOps on your radar if you haven’t already done so.

made all efforts to ensure the accuracy of information in this magazine, they will not be held responsible for any errors

HELP AG LAUNCHES INTEGRATED CYBER DEFENSE PLATFORM

In a first for the regional cybersecurity industry, Help AG, the cybersecurity arm of e& enterprise and the Middle East’s trusted security advisor, has announced the launch of UNIFY – the Integrated Cyber Defense Platform unifying the customer experience across all Help AG services. Serving as the single touchpoint for Help AG’s Managed Security Services (MSS) customers, the modernised state-of-the-art UNIFY platform provides automation at scale, omnichannel collaboration, and unified visibility into customers’ complete cybersecurity portfolio.

Today’s security teams face challenges related to complexity and consistency, as the implementation of point products creates silos in the customer’s environment.  Additionally, as threats become increasingly numerous, persistent, and sophisticated, manual alert triage is no longer sufficient; instead, contextualizing all data points into a single action thread is vital to a comprehensive defense against threats.

Constantly innovating to stay ahead of customer needs, Help AG is bringing UNIFY to the regional market as the first consolidated platform unifying the pivotal capabilities of visibility,

IFS ACQUIRES POKA

IFS announces it has signed a definitive agreement to purchase Poka, the Quebec based provider of a connected worker platform. Poka enables factory and field workers to be more efficient across all aspects of their jobs from training and development to troubleshooting. This capability enables businesses to measure productivity across machinery and operators globally and therefore provides a clear insight into profitability. Poka also provides actionable insights for companies to stay compliant and provide safer working conditions as part of their ESG goals.

collaboration, orchestration, and intelligent automation across all cyber defense services. As the foundation for the Help AG cyber defense service offering, UNIFY brings together people, processes and technologies in a next-generation platform delivering consistent, high-quality services and a seamless customer experience.

Commenting on the launch, Stephan Berner, Chief Executive Officer at Help AG, said: “The future of cybersecurity is service-centric, and Help AG has long been at the helm of this evolution –

from the launch of our Managed Cyber Defense offering in 2015, to the launch of Help AG as a Service in 2021, and now with Help AG UNIFY, which represents our service-centric business evolution 3.0. As a solution to fragmented and overly complex security infrastructures, the UNIFY platform provides an exceptional consolidation of diverse security controls, powered by intelligent automation. This reinforces our outcomebased approach to service delivery with the ultimate goal of delivering added value to our customers.”

Over the past decades companies have invested trillions of dollars enabling back office workers to do their jobs. With the massive focus on efficiency, industry 4.0 and the merging of the physical and digital worlds to drive automation, companies are now looking to enable factory and field workers to work smarter, safer and more efficiently.

The acquisition puts IFS at the nexus of this trend as it now combines its ERP / FSM / EAM technology with Poka and extends its value all the way to the actual user empowering them at every step.

Founded in 2014 by Alexandre Leclerc and Antoine Bisson – the company has customers in 55 countries which include brands such as Nestlé, Tetra Pak, Mars, Bosch, RioTinto, Coty, Alcoa, Hitachi Energy, Mahle, and more. For companies such as these, recent global events have created a heightened degree of complexity, and uncertainty in labor availability as well as impacted supply chains and raw material sourcing. To address these business challenges, organisations are doubling down on their efforts to achieve faster digital transformation. At the heart of this renewed focus is the need to empower their own employees making the Connected Worker a key focus.

CISCO TO SET UP EDGE DATA CENTRE IN SAUDI

Cisco announced plans to establish a data center for cloud-delivered security in the Kingdom of Saudi Arabia (KSA) to help customers protect their users, infrastructure, and investments against threat actors. The announcement is part of Cisco’s continued effort to empower organisations locally and in the region with flexible security services and data protection for devices, remote users, and distributed locations.

The new data center will play a critical role in delivering agile, highly resilient, high-capacity secure access closer to users in KSA. It will support Cisco’s cloud services including its new Secure Service Edge (SSE) solution, Cisco Secure Access. Most organisations rely on a complex web of point products that weren’t designed to support today’s highly distributed environment, and users need to navigate inconsistent access experiences and reauthenticate throughout the day—disrupting productivity. With Cisco Secure Access, decisions about how users connect to the Internet, Software as a Service (SaaS) and private applications are automated, removing that complexity and helping increase productivity.

TMF

The announcement reaffirms Cisco’s commitment to a hybrid architecture to rapidly extend its global reach for customers. In KSA, organisations will experience the benefits of Cisco’s co-located edge data center with the scalability of public cloud. The data center will be carrier-neutral, and available on any Internet Service Provider (ISP) in Saudi Arabia. Cisco intends for the data center to have service availability by mid-2024.

GROUP ACQUIRES PROVEN’S BPO SERVICES

TMF Group announced the acquisition of the Business Process Outsourcing (BPO), corporate services, corporate immigration and visa services divisions of PROVEN, a business outsourcing organisation in the Middle East.

Since its establishment in 2009, PROVEN has been at the forefront of enabling businesses to operate seamlessly in Saudi Arabia and other Middle Eastern regions, including the United Arab Emirates, Bahrain, Egypt, and Kuwait. It has since expanded to cater to international markets while maintaining its reputation as a trusted partner for organisations looking to streamline their operations.

The acquisition represents a significant step in TMF Group’s expansion as the KSA economy is the largest in the Middle East and the eighteenth largest in the world. With a decade of experience, PROVEN’s team brings a wealth of expertise, advanced technology, and a modern service delivery model to help their partners achieve maximum value creation. This strategic acquisition enables PROVEN to support inbound business from TMF Group’s 125 offices globally while expanding its corporate services value chain. TMF Group will benefit from integrating PROVEN’s regional corporate services businesses into its existing global infrastructure.

“Today’s announcement reconfirms Cisco’s alignment to provide advanced cloud security protection and services to the Saudi community. It builds on Cisco’s long-standing commitment to our customers and reflects our continued support for digital transformation, by using the power of technologies to create a secured thriving digital economy in Saudi Arabia,” Salman Faqeeh, Managing Director of Cisco in Saudi Arabia commented.

As a result, TMF Group will open a new, permanent office in Riyadh, and build on the existing KSA clients currently served by TMF Group’s Dubai office.

On announcing this acquisition, TMF Group’s Head of EMEA Frank Welman commented: “PROVEN has demonstrated significant success in the region and this acquisition represents a milestone in TMF Group’s expansion strategy. The Kingdom of Saudi Arabia is a jurisdiction full of potential and this transaction will enable us to add high-quality service capabilities to TMF Group’s portfolio in the Middle East, where we already have a reputable presence in Qatar and the United Arab Emirates. We look forward to welcoming 57 of PROVEN’s talented employees to the TMF Group’s MEA team after the transaction closes.”

GOOGLE CLOUD OPENS NEW CLOUD REGION IN DOHA

Google Cloud has announced the opening of its Doha cloud region at an official launch event attended by ministers from the Qatari Cabinet and executives from leading Qatari businesses, with the cooperation of the Ministry of Communications and Information Technology (MCIT) and Qatar Free Zone Authority (QFZ). The new cloud region will meet growing demand for cloud services in Qatar and the Middle East region and support Qatar’s National Vision 2030 that aims to transform the country into a digital economy through innovation and digital transformation.

According to research commissioned by Google Cloud and conducted by Access Partnership, the new Doha cloud region is expected to drive increased economic activity and is estimated to contribute a cumulative 18.9 billion USD in higher gross economic output to the economy of Qatar between 2023 and 2030 and support the creation of 25,000 jobs in 2030 alone. This new cloud region is the latest significant investment made by Google Cloud in Qatar, following the recent opening of

a country office and virtual center of excellence (CoE) in Msheireb. The series of investments in infrastructure and resources demonstrates Google Cloud’s continued commitment to playing a pivotal role in advancing Qatar’s digital future and technological capabilities.

MCIT and the Qatari government have helped enable the growth of cloud across the government through the adoption of cloud policies, which facilitated Google Cloud’s market entry. His Excellency Mohammed bin Ali Al Mannai, Minister of Communications and Information Technology, said: “The launch of the first Google Cloud region in Qatar fits into

MORO HUB PARTNERS WITH VEEAM

Moro Hub, a subsidiary of Digital DEWA, the digital arm of Dubai Electricity and Water Authority (PJSC), announced that the company joined the ProPartner program of Veeam. As Veeam Cloud & Service Provider (VCSP) partner, Moro Hub clients will have access to reliable, enterprise-grade Backup as a Service (BaaS) and Disaster Recovery as a Service (DRaaS).

The partnership was signed by Mohammad Bin Sulaiman, CEO of Moro Hub and Vasily Vaganov, Regional Vice President of North-Eastern EMEA at Veeam. In accordance with the agreement, Moro Hub will be able to offer its customers Veeam-powered solutions and services to deliver cloud data management, hosted at

Moro Hub’s carbon neutral data centres, one of which was recently certified as the world’s largest solar-powered green data centre by Guinness World Records, as part of Moro Hub’s commitment to accelerate the sustainability journey in the UAE.

“Moro Hub has always been at the forefront of providing clients with digital solutions that help make their operations seamless. Our association with Veeam aims to enable private and public enterprises with data resiliency. Veeam’s pay-as-you-grow model is not only going to be an instrumental force in helping organisations scale their business flexibly, but also offer customers unparalleled data visibility,” said Mohammad Bin Sulaiman, CEO of Moro Hub.

our comprehensive vision to achieve the desired goals of Qatar National Vision 2030, including the establishment of a strong digital infrastructure with internationally agreed standards and policies that will lead us all towards a more efficient economy based on digitalisation and technology to facilitate quality of life and provide convenient solutions for various sectors. The new cloud region will contribute to giving impetus to economic and productivity growth, and will allow various government and private companies and institutions within Qatar the opportunity to achieve significant efficiency gains by adopting flexible features in dealing with digital technology.”

Being a part of the Veeam ProPartner program will enable Moro Hub to provide its clients with powerful and cost-efficient modern data protection that minimises downtimes, and data loss through the Veeam Data Platform that covers cloud, virtual and physical workloads with remote backup services managed at scale, uncompromising data security and a cost-effective Disaster Recovery as a Service (DRaaS).

“We are pleased to partner with Moro Hub, a leader in digital transformation. Over the years, Moro Hub has demonstrated proficient knowledge in the industry, and we are confident that this partnership will enable our joint customers to achieve Cloud Data Management, resulting in additional growth of their overall profitability and value,” said Vasily Vaganov, Regional Vice President of North-Eastern EMEA at Veeam.

FINESSE JOINS SECUREWORKS GLOBAL PARTNER PROGRAMME

Finesse has joined the Secureworks Global Partner Programme to help customers strengthen their security posture against cyber threats.

Organisations of all sizes are battling an ever-increasing number of cyber threats on multiple fronts while also navigating a cyber talent and skills crisis. They need to be able to scale their internal resources and access a diverse range of skills to be able to understand, identify and mitigate cyber risks. To help customers tackle the challenges they face today, as well as flex to meet future needs, Finesse will leverage Secureworks TaegisTM SaaS platform to prevent, detect and respond to threats, wherever data moves into, out of and through customer environments.

Finesse will support customers with the Secureworks cybersecurity platform Taegis and a suite of integrated solutions and services. Finesse works with banking and financial services, energy, education, healthcare, public sector and retail organisations across the GCC. As part of its digital transformation services, it offers cybersecurity initiatives to support the growing need in the region to protect digital infrastructure.

CLOUDFLARE PARTNERS WITH DATABRICKS

Sunil Paul, co-founder and MD of Finesse said, “We are pleased to partner with Secureworks to provide our clients with a 24/7 threat detection and protection. In the era of digitalisation, cybersecurity has become a critical component of any business transformation. By utilising Secureworks cybersecurity expertise, we will be able to deliver greater value to our clients and navigate the complex cybersecurity landscape. We are also grateful to Wendy,

live data. With Cloudflare and Databricks, joint customers can eliminate the complexity and dynamic costs that stand in the way of the full potential of multicloud analytics and AI initiatives.

CEO of Secureworks for her presence during the signing of the partnership between Finesse and Secureworks.”

Secureworks protects organisations by providing battle-tested, best-in-class cybersecurity solutions that reduce risk, optimise IT and security investments, and fill talent gaps. It delivers solutions by security experts for security experts to prevent, detect, and respond to continuously evolving and diversifying threats and vulnerabilities.

Cloudflare announced a partnership with Databricks, the data and AI company, to enable organisations to safely, simply, and affordably share and collaborate on

“Without an open standard for secure data exchange across organisations, companies find it highly time-consuming to collaborate, requiring export, replication and maintenance of data across many software platforms,” said Matei Zaharia, Co-Founder and CTO at Databricks. “Delta Sharing provides the first open protocol for sharing data across diverse computing platforms, clouds and regions. Today’s announcement shows just how much demand there is for this in the industry, with Cloudflare joining the ecosystem. We are excited about how this will push open interchange forward and help all of our customers collaborate more easily.”

Databricks is driven by the mission to help data teams solve the world’s toughest problems, and enabling organisations to safely share and collaborate on data is critical to achieving that mission. However many organisations still struggle to share data across clouds, customers, teams, and with partners — they often use restrictive platforms and face maintenance burdens, exorbitant egress costs, and a lack of security. This becomes especially costly for organisations seeking to leverage AI, who are constantly moving massive training data sets across different clouds in search of GPUs, racking up massive egress fees in the process. Databricks’ Delta Sharing, the industry’s first open protocol for secure data sharing, makes it simple to share data across teams, and with other organisations, regardless of which computing platforms they use.

UNLEASHING DIGITAL PRODUCTIVITY AND EMPOWERING VERTICAL INDUSTRIES

let us rethink that AI is not a set of tools, but a set of systems with which we can coxqllaborate.” Professor Sachsenmeier said, “The rapid development and vast application of large model AI brings great opportunities.”

However, in the industrial applications, AI is facing differentiated demands from complicated scenarios. The answer can be found in a Huawei Pre-Trained Model White Paper that was officially released in the earlier session of the TechWave Summit. Large models use massive general data and industry data training, which improves the generalisation capability and universality of the model. Pre-trained models on massive datasets with large-scale deep neural networks can effectively reduce the cost of computing resources of AI.

Under the theme of ‘AI for Industries’, Huawei Cloud held the TechWave Summit Middle East & Central Asia 2023 recently in Almaty, Kazakhstan, bringing together leading Huawei Cloud experts, customers and partners to explore how AI, powered by the latest advances in Cloud, is driving new value and accelerating the digital economy.

During the TechWave Summit which was held on the side-lines of the Huawei Middle East & Central Asia (ME&CA) Tech Carnival 2023, the company’s flagship annual event, which took place in Kazakhstan for the first time, Huawei Cloud launched a range of new AI solutions, released a Pre-Trained Models White Paper and announced a new Huawei Cloud Stack (HCS) to accelerate the intelligent upgrade across governments and industries for Middle East and Central Asia.

At the event, Frank Dai, President of Huawei Cloud Middle East & Central Asia, highlighted Huawei’s first moveradvantage in industry digitalisation. “We believe AI for Industries will be the next big tipping point. Huawei Cloud offers pre-trained Pangu models with hundreds of billions of parameters to help drive industrial-scale AI development so that AI’s power can truly be unleashed across industries.”

To further explore the application of AI across industries, Huawei Cloud held an AI roundtable together with Prof. Peter Sachsenmeier (Fellow of German National Academy of Science and Engineering), industry experts, and leading companies to share and discuss the latest AI trends, best practices of AI applications, the impact of large models on AI adoption, and how to accelerate AI adoption in the Middle East and Central Asia.

Professor Peter Sachsenmeier, industrial strategist and Fellow of German National Academy of Science and Engineering shared his insights of AI’s promising potential of accelerating the digital transformation of industries. He said: “All industries are facing the challenges from inevitable trend of digital transformation.” Professor Sachsenmeier emphasised that the very goal of digital transformation is to relief workers in traditional industries from repetitive, labor-intensive tasks, and to improve working environment as well as general efficiency.

“We all agree on the potential of AI. It is comparable to the acceleration when browsers made the internet widely accessible. Traditional tech is mostly about drafting, revising, editing. AI, by contrast, can find patterns we cannot see, is able to provide analysis, predictions, suggestions on its own. So,

Dr. Zhu Shenggao, the Vice President of Huawei Cloud Middle East & Central Asia AI Business shared Huawei’s solutions to address the complexity of the industrial application of AI with the help of pre-trained models. “AI has entered into core production systems and has started creating greater value, the penetration rate of the AI industry accelerates and will reach 20% in 2026.” Dr. Zhu told the participants of the roundtable, “This is why Huawei Cloud puts forward AI for Industries strategies. The large industry model is the key to solve the traditional AI workshop and help our industries to give them the powerful tools to solve the different scenarios.”

Taking the Pangu series of AI models for example, using hundreds of billions of parameters, the pre-trained Pangu models are proven effective in more than 100 cases of over 10 vertical industries. One year after its debut in 2021, the Pangu Model has been adapted in coal mines, electric power, cement, finance and national cloud. In recent years, Huawei Cloud has developed more than 1,000 AI projects. Over 30% of AI projects have entered the core production system, bringing an extra 18% profitability to customers in general.

In Middle East and Central Asia, Huawei Cloud will focus on in-depth digital transformation, accelerate cloud native and service innovation, and build the best services for business to continuously create value for customers and partners.

ADAPTING SOLUTIONS FOR CHALLENGING TIMES

WITH A RECESSION LOOMING AT A TIME WHEN HYBRID WORK IS STILL THE NORM, BUSINESSES NEED A TRANSFORMATIVE APPROACH TO MAINTAINING VALUE AND STAYING IN THE GAME. ROB MCGREEVY, CHIEF

OFFERS THREE WAYS IIAAS IS TRANSFORMING BUSINESS OPERATIONS

You’d be right to think the business operations landscape is evolving faster than ever before.

On one hand, the global economy faces recessionary headwinds that could affect business this year and next. In addition, regulatory changes and consumer demands are pressuring us to make operational changes to mitigate the worst effects of climate change. Fluctuating energy prices, supply chain disruptions, volatile prices and local talent shortages are additional systemic issues.

On the other hand, businesses are grappling with several fundamental shifts in the way we work. Hybrid models are now a reality. Companies now use more enterprise data than ever before, in varying forms and from multiple endpoints. Sharing this data with internal and external teams is crucial to supporting the best possible decisions and delivering value in a fast-paced and dynamic operating environment.

Simply staying in place is harder than ever before.

It’s no wonder businesses are turning to the cloud – and cloud-enabled tools such as Industrial Intelligence as a Service (IIaaS) – to tackle these challenges.

The majority of executives at global companies with a minimum annual revenue of $50 million see augmenting their existing industrial engineering and operations workflows with cloud capabilities as essential, according to 2022 Wakefield Research data. The pollster surveyed 650 executives in the chemicals, manufacturing, and power sectors across North America, Europe, and the Middle East. More than three in five respondents said cloud computing (63%) and analytics and artificial intelligence (62%) were among their top priority areas for investment over the next 12 months.

IIaaS enables remote and cross-site teams the ability to see and securely share real-time data and analytics together with the right colleagues anywhere. Tangible results accrue in the form of businesses agility and resilience from maximised IT resources, increased operational efficiency, expanded workforce connectivity, and perhaps most importantly, sustainability gains. Use IT systems

more efficiently to improve margins

With new IIaaS models, companies benefit from greater scalability and flexibility, while improving operational efficiency and cutting unnecessary costs. The cloud’s game-changing quality is the way it supports economies of scale, which in turn improves sustainability.

Companies don’t need to run vast, on-premise data centers anymore. Staff can simply work off cloud-based mega-data servers. These systems often run off renewable energy sources and are optimised for energy-efficient operations. Additionally, you only pay for what you use, minimising hardware and storage, and cutting both financial and environmental impacts without compromising security.

In action: Commonwealth Fusion Systems, a Massachusetts Institute of Technology spin-off, uses a SaaS application to connect its existing remote workforce and minimise its IT maintenance and software-upgrade overheads. As a result, project time has been reduced and IT overheads and delays eliminated.

Promotecross-border collaboration and increase productivity

As an infrastructural platform, IIaaS supports the creation of a single digital source of truth that spans the enterprise. With the same data insights available to workers wherever they are – even at home in a different country – collaboration becomes easier and quicker, in turn raising efficiency and productivity. For example, when engineers create and collaborate around an accurate model of a plant, the need for design rework is reduced, leading to quicker results while reducing material waste.

In action: Aker Carbon Capture helps help hard-to-abate industries fight climate change. But with engineers in multiple time zones needing to work on the same carbon capture facility concurrently, a cloud-based solution to support collaboration and avoid rework became a necessity. After implementing just such a unified engineering solution, Aker CC experienced improved operational efficiency with a 50% reduction in time to market.

Scan data to improve sustainability metrics

Businesses now have more data available to support decisions. However, the norm is to silo that data at the point of collection, which limits its extractable

value. By contrast, if those silos are broken and the data shared across the organisation – and perhaps even with trusted partners – the entire ecosystem unlocks valuable new insights that drive greater efficiency and sustainability.

Adding digital twin technology – a cloud-based virtual replica of a plant or process – further enables you to run models based on AI and machine learning (ML) on this data to analyze different scenarios and choose the best possible outcomes. With IIaaS, creating, maintaining and scaling a digital twin for your global business has never been easier.

In action: Energy multinational BP deployed a cloud-based solution to simplify and standardise its downstream oil and gas business. In a dynamic market, real-time information supports accurate models so refinery processes can be optimized, and margins improved. With the new software, model runtimes have dropped from seven hours to three minutes, while feedstock purchase decisions that formerly required two days are now made in two hours.

Establish competitive advantages in the digital-first economy

As we have seen, IIaaS is already supporting value delivery for industrial businesses by way of efficiency and productivity insights, routes to business innovation and enhanced agility, and lower energy and resource use. The technology will drive significant transformation in every industry, sector, and domain over the next five years.

From a big-picture perspective, McKinsey estimates that there is $3 trillion of EBITDA value at stake from cloud adoption for Forbes Global 2000 companies. The evaluation is based on cost-optimisation levers and valueoriented business use cases.

The companies that leverage cloud applications to improve their value chains are likely to establish a competitive advantage in the emerging digital-first economy.

AS WE HAVE SEEN, IIAAS IS ALREADY SUPPORTING VALUE DELIVERY FOR INDUSTRIAL BUSINESSES BY WAY OF EFFICIENCY AND PRODUCTIVITY INSIGHTS, ROUTES TO BUSINESS INNOVATION AND ENHANCED AGILITY, AND LOWER ENERGY AND RESOURCE USE.

NAVIGATING THE WAVES OF CHANGE

IN THIS COVER STORY, WE DELVE INTO THE DIGITAL TRANSFORMATION JOURNEY OF ZAKHER MARINE INTERNATIONAL, A LEADING PROVIDER OF OFFSHORE SOLUTIONS.

Digital transformation is a crucial phase for all organisations as the imperatives of technology adoption become more imminent each year. Every industry is at a different stage of transformation owing to aspects of business complexity, customer experience, and industry regulations. In the international marine industry, the stir for transformation is also gaining pace with smart shipping, integrated systems, enhanced connectivity, voyage data monitoring, IT/OT integration, and greater emphasis on emissions goals across the sector. This has led to an intense focus on leveraging technology to bring automation for greater data-driven insights within global maritime operations.

Zakher Marine International’s (ZMI) ICT Director Aditya Kaushik’s journey of digital transformation with the company started last year. ZMI is a leading provider of offshore solutions in the region. It has a strong foundation and operational history in the maritime industry for the last 29 years. Augmenting the current growth trajectory required navigating through the right technology and solutions to improve data insights. This led to the start of a digital transformation journey of identifying areas of automation and digitisation to create a cohesive and integrated information landscape. The aim was to weave a singular thread of information that traversed across the organisation.

Having visionary leadership, experienced operational management teams, robust processes, and a strong culture for health and safety helped in gaining momentum for this transformation. “Having led digital transformation projects in previous organisations across different industries, I was able to carry out a detailed gap assessment of areas where the opportunity for digitisation was imminent, outlining this in a comprehensive digital transformation roadmap. Although a few business systems were established earlier, there was a need for cohesion and data visualisation for the company. Accessing information through multiple systems was at times a challenge due to its scattered and siloed nature,” says Aditya.

The goal of digital transformation at

ZMI was to establish an integrated digital approach throughout the organisation to consolidate various sources of information into a single platform. By doing so, the objective was to create efficiencies in functional areas that could digitise the operational turnarounds and automate supply chain management. “One of the key challenges for the transformation journey in any organisation is the effective mapping of the change processes at the very beginning, which would lead the organisation to understand the overall scope of transformation,” says Aditya.

He sought to implement systems across the business functions that could facilitate comprehensive real-time availability of critical metrics for the decision-making process.

“We have a fleet of vessels and barges that we charter out to different clients. Managing different client expectations and delivering operational efficiency is crucial to our operations. Responding proactively to client requirements and having the flexibility to accommodate any necessary changes is essential. However, reliance on manual processes in some areas can hinder the ability to evaluate the effectiveness of these changes in realtime to assess operational adaptability,” explains Aditya.

By leveraging technology and more dynamic evaluation methods, the company aimed to enhance its ability to meet client expectations, respond promptly to requirements, and continuously improve its services. Digital transformation was also crucial to ZMI to contribute to its sustainability efforts by optimising vessel operations by digitising the monitoring and management of emissions and waste.

“When I joined ZMI, my initial approach was to engage with everyone in the organisation, starting with the vision of the organisation and the growth plans. I aimed to understand the CEO’s vision for the future and gain insights into the transformational goals of the organisation. I then proceeded to interact with different business functions to comprehend their operational methods and the challenges they were currently facing. Rather than identifying “pain points,” I preferred to

focus on their contributions and discover the enhancements they wanted to achieve in their business functions. This approach fostered a more positive and open dialogue as it encouraged people to share information and engage with the transformation,” highlights Aditya.

During his discovery, he recognised that the challenges faced by department heads and functional leaders were similar, as they, too, strove to automate processes that would help access necessary information from their teams to create greater efficiency in decision-making. The reliance on manual processes became an apparent challenge to facilitate prompt access to data.

Aditya firmly believes that “Digital transformation is not just a pursuit of delivering technology; it will only succeed if it is intrinsically aligned with the strategic goals, business functions, and culture of the organisation. It’s important to adapt the transformation frameworks to the company’s unique ethos.” This engaged approach helped Aditya create organisation-wide support for the transformation and deliver key lighthouse projects with the highest impact on the automation process and the digital journey in the first year itself.

“A key challenge in the marine industry is ensuring the availability of the right solutions and resources. While many solutions are suitable for onshore teams, offshore teams require unique criteria prioritising availability in constrained connectivity conditions. Offshore teams need solutions that allow access to key business systems. They need the ability to create requisitions, manage maintenance systems, share data, access policies and procedures, and collaborate seamlessly with onshore teams on limited low bandwidth or even offline. These data transition and storage needs also need to be achieved within a strong cybersecurity framework to ensure data integrity and confidentiality are not at risk,” emphasises the ICT Director.

Digital technologies need to overcome the challenge of enabling remote operations and connectivity. It is crucial to have solutions that can function offline, allowing users to work without a

consistent connection without impacting data integrity or availability. Additionally, the ability to sync data seamlessly and effectively without any loss over low bandwidth VSAT connections is also crucial. This synchronisation is essential to prevent the fragmentation of data across multiple channels, where crucial information can be easily lost or overlooked.

“We also focused on other key operational metrics that are crucial for measuring the performance of the business, such as fleet utilisation, mobilisations, crew management, and other operational areas of fleet management. Furthermore, the consideration of digitising support systems like procurement, warehouse & logistics which provide resources for the fleet was also critical for the transformation. By mapping all these aspects together, we created a comprehensive model that would align with the organisation’s productivity and key performance indicator (KPI)’s. The goal was to ensure that the transformation results went beyond just collecting information but provided valuable insights that could drive significant value for the business,” highlights Aditya.

His objective was to assess the organisation and identify areas for improvement throughout the value chain. This included the outcome of delivering efficient financial and operational metrics at every level. “This understanding further reinforced the need for digital transformation within the organisation. It highlighted the importance of streamlining processes, improving information flow, and empowering teams to make effective decisions based on easily accessible and rich data. By addressing these challenges, we aim to enhance overall operational efficiency and reduce dependency on any manual process in the future,” explains Aditya.

Another challenge was the integration of multiple business systems. “We have a scenario of two critical business systems, one being a cloud-based solution handling finance, HR, and payroll, while the other an industry-specific On-premises solution which focuses on plant maintenance

systems, crewing, and supply chain management. This system operates on a server-client model, allowing offline functionality and data replication between onshore and offshore databases. In our approach to digital transformation, we aim to leverage the strengths of these existing applications rather than starting from scratch and incurring significant financial burdens. Our focus is on effectively integrating these key systems and enhancing the adoption of these applications within the current business environment while extracting maximum value from our technology assets,” says ZMI’s ICT Director.

He adds that his goal was to consolidate processes into two or three core platforms, simplifying the digitisation of every aspect of their business. “Once identified, we assess these platforms’ scalability and growth potential for both onshore and offshore operations. While our business systems are not legacy, they have been in use for a few years, so digital transformation will allow us to adopt the next generation of technology through this transformation. This would include IT/OT integration by leveraging IoT for the offshore monitoring of operations, the use of RPA to improve turnarounds for our partners and vendors, subsequently reducing resource costs, and finally, adopting AI in key areas of customer experience and creating a ‘Workplace for the Future’.”

“At ZMI, our aim is to establish a

culture of innovation and the adoption of technology that is constantly evolving,” says Aditya. “We continue to seek out maritime-specific solutions from companies in similar domains to ensure easy deployment and compliance with maritime regulations. Finding a solution that aligns with our unique requirements becomes a significant discovery process. While this may impose certain limitations, it ensures that the chosen solutions are tailored to the specific needs and requirements of the maritime industry.”

He further adds: “Though we have identified suitable solutions for a few business functions, the adoption and integration with the existing systems would also need to be achieved for a seamless data flow. The integration process would require considerable effort and attention to detail to provide a singular view of information across the value chain. Addressing all these integration challenges is an important aspect of our digital transformation journey.”

This engaged approach with business stakeholders helps deliver successful projects across business functions, creating initial engagement and setting expectations for future enhancements through the digital transformation. It makes this their own journey and gets the stakeholders enthusiastic about future changes. This also helped Aditya establish the necessary impetus for digital transformation within the organisation.

He concludes: “The global maritime industry presents a unique scenario for solution providers and applications, where their products must align with operating challenges and regulations established within the maritime sector. This means that one cannot solely rely on ‘best-ofbreed’ solutions or industry quadrants but must specifically seek out solutions that have demonstrated proof of value within the global maritime industry. By aligning with established practices and leveraging proven solutions, maritime organisations like ours can effectively address cybersecurity concerns and mitigate operational risks while achieving a successful digital transformation and creating functional value for our customers and shareholders.”

FINDING A SOLUTION THAT ALIGNS WITH OUR UNIQUE REQUIREMENTS BECOMES A SIGNIFICANT DISCOVERY PROCESS. WHILE THIS MAY IMPOSE CERTAIN LIMITATIONS, IT ENSURES THAT THE CHOSEN SOLUTIONS ARE TAILORED TO THE SPECIFIC NEEDS AND REQUIREMENTS OF THE MARITIME INDUSTRY.

SYNERGY UNLEASHED

NASIR AL NABHANI, CEO OF SOLUTIONS+, EXPLAINS HOW THE COMPANY IS EMPOWERING ORGANISATIONS WITH STRATEGIC SHARED SERVICES

Can you tell us about the significance of the new brand name?

The new brand name represents the company’s client-centric approach of proactively providing customizable solutions. The new brand is based on a ramping up of in-house capacities with a focus on driving value for its partners by providing worldclass business performance solutions. Solutions+ is also broadening its service offerings to serve as a trusted partner for an expanded client base. The first step in that direction is the company’s expansion into the sports and entertainment space. The ownership of Abu Dhabi Entertainment Company (ADEC) has been transferred to Solutions+. The company is also setting up a sustainability practice. The policy framework for this will be shared soon.

The company is investing in tools and technology to increase process automation and digitize the end-to-end client experience. As a newly rebranded entity, the company will aim to grow, upskill, and empower its workforce, continue to focus on Emiratization and building local capabilities as a national champion. Our people are our strength, and we recognize that we will only be successful in fulfilling our ambition by going the extra mile for our clients.

Are you now targeting non-Mubadala companies?

Under our new strategic direction, we will be broadening our client portfolio. We started this last year and to date, our client portfolio is now 75% Mubadala and 25% nonMubadala companies. We will be looking to increase the share of non-Mubadala business streams and generate greater returns for the company and its shareholders.

Can you share with us your domain expertise?

Solutions+ is a strategic shared services company specializing in providing comprehensive support functions across

various areas within organizations. Our expertise includes:

• Finance and Accounting: We offer a wide range of financial management services, such as bookkeeping, accounts payable/ receivable, payroll processing, financial reporting, budgeting, and financial analysis.

• Human Resources: Our services cover all aspects of human resource management, including talent acquisition, onboarding, employee benefits administration, performance management, training and development, and employee relations.

• IT Services: We provide comprehensive IT support, including helpdesk services, software development, system administration, network management, cybersecurity, and IT infrastructure management.

• Procurement and Supply Chain: Our expertise extends to strategic sourcing, vendor management, procurement process optimization, contract management, supplier relationship management, and logistics.

• Facilities Management: We specialize in managing a company’s physical infrastructure and facilities, including building maintenance, space planning and utilization, asset management, energy and sustainability initiatives, vendor management, health and safety, and space renovation and construction. In these areas, Solutions+ offers tailored solutions to enhance operational efficiency and support the diverse needs of our clients.

What is the market opportunity for shared services?

The market opportunity for shared services lies in its potential to support the building of a knowledge-based economy, enabling a shift away from oil dependency. As per a 2019 study done by Deloitte, shared services spending in 2023 was predicted to hit $6.8 billion.

More recent studies and reports show that key shared services pillars primed to support building a knowledge-based economy are the adoption of cloud computing and the growing use of artificial intelligence. The adoption of cloud technology by the public is expected to add $ 181 billion in economic value to the UAE over the next decade, according to a report. That is equal to 2.5% of the economy. A near 1% increase in cloud adoption by UAE-based organisations will result in a 0.21% or $854.7 million average addition to GDP growth. Artificial Intelligence in the financial sector alone is expected to inject AED 103 billion into the UAE’s economy by 2035.

Are you focusing on AI and ML?

Recent studies reveal that artificial intelligence has the potential to deliver upto $150 billion of real value in GCC countries, representing a tremendous market opportunity.

On our part, we are currently focused on building our artificial intelligence and machine learning capabilities. These are aimed at supporting our clients with increasing their adoption of these innovative technologies that allow organizations to optimize costs and increase efficiencies. One project which stands out is the implementation of a data mesh platform for a client. Being a decentralized approach that enables domain teams to perform cross-domain data analysis on their own, the platform uses artificial intelligence and machine learning to elaborate the data, supporting the stakeholders in the decisionmaking process.

EMPOWERING DIGITAL TRANSFORMATION

of a true differentiator—the Digital Transformation platform.

What are the key features and functionalities of your banking solution? The financial industry is witnessing the emergence of new players that challenge traditional financial institutions’ established dominance. These newcomers seek to disrupt the conventional business models of established institutions. In the face of increased competition and evolving client expectations, financial institutions have compelling reasons to embark on a Digital Transformation journey in order to remain competitive in the digital era.

To address these challenges, we have collaborated with international players to develop two key offerings. Our primary differentiating factor lies in our Digital Transformation platform, which revolutionises the operations of banks and sets them apart from legacy applications.

Our platform encompasses a comprehensive array of features and functionalities,including:

1. Digital Maturity Assessment: MDS SI employs a proprietary methodology to evaluate an institution’s digital maturity. This assessment involves a digital maturity matrix that encompasses five stages defined by digital business capabilities. These stages range from the digital abstraction of legacy infrastructure to the self-automated digital enterprise. This assessment empowers banks to comprehend their current digital position and chart their transformation journey accordingly.

2. Technical Architecture and Roadmap: We provide an all-encompassing Technical Architecture and Technical Roadmap that outlines the fundamental technical components necessary for navigating the digital journey outlined by the five stages of the digital maturity matrix. This roadmap serves as a strategic guide for banks to modernise their infrastructure and embrace digital technologies.

Can you explain how your solution facilitates seamless integration with existing banking systems and infrastructure?

When implementing a Digital Transformation strategy in the banking sector, it is crucial to have a well-defined plan for integrating with existing systems and infrastructure. We understand the value of legacy systems and emphasise the importance

Our platform serves as the central component of the Technical Architecture, complementing and enhancing the existing infrastructure. Instead of completely replacing legacy applications, we introduce a core Digital Transformation platform that seamlessly integrates with the current systems. As banks progress in their digital journey, specific legacy functions can be gradually migrated to the platform based on their digital requirements. This approach ensures a smooth transition without causing disruptions to critical operations.

How does your solution support multichannel banking, including online, mobile, and branch banking?

Our solution is specifically designed to empower banks by providing comprehensive support for multichannel banking, enabling them to effectively address the evolving needs of their customers. Our portfolio includes a range of digital client touchpoints, ensuring a seamless and convenient banking experience. Some key features of our offering include:

Omnichannel Banking: Our platform leverages the latest technology architectures, such as Microservices and Responsive designs, to provide mobile and internet access. This ensures a consistent and seamless banking experience across various channels.

Self-Automated Branches: Banks can streamline and automate various banking functions within self-automated branches through our Next Generation Software. This enhances operational efficiency and offers increased convenience for both customers and bank staff.

What truly sets us apart is the tight integration of our portfolio across all touchpoints. We prioritise maintaining a consistent interface and user experience across mobile, kiosk, ATM, and internet channels. Additionally, we seamlessly integrate unified Business Rules and Digital Processes across these

IN THIS EXCLUSIVE Q&A, SAMER KANDALAFT, EXECUTIVE VP AT QUANTECH (PART OF MDS SYSTEM INTEGRATION GROUP), SHEDS LIGHT ON HOW THE COMPANY IS DRIVING DIGITAL TRANSFORMATION OF THE BANKING INDUSTRY IN THE REGION.

touchpoints. For example, a client’s request for a checkbook or loan will feed into a single digital process, regardless of whether it originates from an ATM, mobile app, or social media platform. This cohesive integration enables a consistent and personalised experience for customers across channels, reinforcing the competitive advantage of our Digital Transformation platform.

What measures does your solution have in place to ensure regulatory compliance with banking industry standards and regulations?

We recognise the utmost significance of regulatory compliance in the financial industry. Hence, we have taken great care in designing our portfolio to align with industry regulations and standards. Given that different countries may have specific requirements, our Architecture’s digital agility and flexibility enable us to customise our solutions to meet even the most stringent regulatory demands.

Our Digital Transformation platform integrates regulatory compliance frameworks and incorporates robust security measures to protect sensitive data. We collaborate closely with banks to ensure that their digital transformation journey remains fully compliant with all relevant regulations and standards. By doing so, we provide our clients with the confidence and peace of mind necessary to navigate today’s complex regulatory environment.

Can you provide examples of successful implementations of your banking solution?

We have numerous success stories that exemplify the power and impact of our banking solution, showcasing the true potential of our Digital Transformation platform. Allow me to share one notable example that highlights the unique advantage our platform offers.

In a recent project, we collaborated with a bank to provide pre-approved loans to their VIP clients at critical moments. For instance, when a client attempted to make a withdrawal from their current account with insufficient funds, our Digital Transformation

platform automatically offered a preapproved loan that could be instantly approved, enabling the client to complete the withdrawal seamlessly. Similarly, the system would present the same pre-approved loan option if the client encountered insufficient funds while transferring money through their mobile banking. This demonstrates the integration of intelligence within the digital infrastructure through our unified Rule Management Systems.

By harnessing the capabilities of our platform, banks can revolutionise their operations and deliver personalised services to customers in real time. These successful implementations exemplify the true potential of our Digital Transformation platform in driving innovation and enhancing customer experiences.

pace. With fewer established processes, they can be more agile in their operations. Our platform empowers these banks to embrace digital transformation and quickly adapt to the demands of the digital era. It enables them to leapfrog ahead, transforming their operations and competing effectively with larger players.

On the other hand, larger and more established banks can leverage the scalability of our platform. They have the ability to adopt the Digital Transformation strategy across their entire organisation, streamlining their operations, and harnessing the platform’s capabilities to meet the evolving needs of their customers at a larger scale.

Ultimately, the adaptation of our Digital Transformation platform to align with the strategic business objectives of banks of all sizes determines the level of success and competitive advantage they can achieve in the digital landscape.

How does your solution support the digitisation of banking processes and enhance operational efficiency?

The digitisation of banking processes and the enhancement of operational efficiency are two significant benefits offered by our Digital Transformation platform.

How does your solution address the specific needs and challenges of small and medium-sized banks versus larger, more established banks?

Our Digital Transformation platform is specifically designed to cater to the unique needs and challenges faced by banks of varying sizes. Whether they are small and medium-sized banks or larger, more established institutions, our platform’s core components are essential for all banks embarking on a digital journey, regardless of their size. Smaller and medium-sized banks have the advantage of being able to implement digital strategies at a faster

A key component of our platform is the process orchestration tools. These tools enable banks to model their physical processes and transform them into digital processes. By digitising and automating these processes, banks can streamline their operations, reduce manual effort, and eliminate bottlenecks, leading to improved efficiency and cost savings.

Additionally, our platform incorporates Key Performance Indicators (KPIs) at each step of the digital processes. This enables banks to monitor and measure process efficiency, identify areas for improvement, and reengineer processes to achieve better operational efficiency. By collecting and analyzing process data, banks can gain valuable insights into their operations, make data-driven decisions, and continually optimise their processes to drive greater efficiency and effectiveness.

WE HAVE NUMEROUS SUCCESS STORIES THAT EXEMPLIFY THE POWER AND IMPACT OF OUR BANKING SOLUTION, SHOWCASING THE TRUE POTENTIAL OF OUR DIGITAL TRANSFORMATION PLATFORM.

THE PATH TO RESILIENT DIGITAL FUTURE

Multi-cloud has gained significant traction in recent years, with enterprises increasingly recognising the benefits of adopting a multi-cloud strategy to optimise their IT infrastructure and gain a competitive edge.

Besides the flexibility in choosing solutions that align with their specific needs, it allows them to avoid vendor lock-in and ensure access to the latest technologies and competitive pricing.

A study by Rightscale reveals that among enterprises, 84% have a multicloud strategy, while 58% have a hybrid cloud strategy, indicating a combination of both private and public clouds. Gartner predicts that by this year, the

majority of organisations (70%) will adopt a multi-cloud or hybrid cloud approach, recognising the value of leveraging multiple cloud services.

According to Manish Ranjan, Senior Research Manager for Software, Cloud and IT Services for IDC MEA,  the Middle East and Africa (MEA) region has experienced remarkable growth in ‘in-country’ data centre expansions by both global and regional cloud service providers. Leading hyperscalers like AWS, Microsoft, Google, Alibaba, and Oracle have invested in establishing their own cloud data centres in key markets. Additionally, regional telecom operators and data centre service providers have also expanded their cloud infrastructure capabilities. This

growth has fostered the development of the overall cloud ecosystem, including system integrators (SIs), managed cloud service providers, cloud architects, and strategists, in response to the growing demand for cloud services.

“The availability of multiple mature cloud service providers has empowered organisations to make informed decisions, selecting best-of-breed solutions from various cloud providers. This has resulted in increased adoption of multi-cloud and hybrid-cloud scenarios across the region, especially in mature markets such as UAE,” he says.

Ihab Farhoud, Solution Engineering Director – METNA, VMware, highlights the numerous compelling reasons why

IN TODAY’S RAPIDLY EVOLVING DIGITAL LANDSCAPE, ORGANISATIONS ARE EMBRACING MULTI-CLOUD ENVIRONMENTS TO HARNESS THE BENEFITS OF CHOICE, AGILITY, AND SCALABILITY.

enterprises are increasingly adopting a multi-cloud approach. These reasons encompass flexibility, maximising data utilisation, cost optimisation, and addressing geographic or regulatory requirements.

He says flexibility is a key driver for organisations, as they aim to steer clear of vendor lock-in and leverage the advantages of choosing best-of-breed solutions from multiple cloud providers. In today’s business landscape, the ability to swiftly and seamlessly deploy workloads across any cloud platform is crucial. Lengthy contracts with cloud providers that restrict resource consumption can impede agility.

Mohammed Abukhater, VP of Middle East, Turkey & Africa, F5, says, “In our 2023 State of Application Strategy Report, which gathered insights from over 1,000 IT decision makers worldwide and across various industries, two notable observations emerged. Firstly, hybrid and multicloud architectures are becoming increasingly prevalent, despite the challenges associated with their management and security. Secondly, multi-cloud networking is emerging as a promising strategy for effectively addressing and overcoming the complexities and demands of hybrid and multi-cloud environments.”

According to Srinivasa Raghavan,

product manager at ManageEngine, the cloud has proven to be a disruptive force in the IT landscape, breaking down silos and enabling organisations to address critical business challenges more effectively. However, as cloud adoption continues to grow across industries, it brings forth a new set of challenges. These challenges include dependency on specific cloud vendors (vendor lock-in), the complexity of monitoring multi-cloud infrastructures, managing cloud costs, ensuring security and governance, and more.

Omar Akar, Regional Vice President for Middle East & Emerging Africa, Pure Storage, says organisations are drawn to the cloud for its abundant choices, agility, and flexibility. Each cloud provider offers unique services, prompting organisations to adopt specific providers to leverage those offerings. However, as businesses encounter diverse and evolving needs, they often find themselves requiring multiple clouds to meet various requirements. While this multi-cloud approach offers flexibility, it can also lead to silos and challenges in migrating data and applications between clouds.

He adds the operational complexity and risk factors can be managed with the appropriate strategy. A single pane of glass management and monitoring tool with a view on everything, including maintenance, upgrades, capacity, functionality, any potential issues like upgrades or more storage needed, will help support and remove some of the complexity.

Managing multi-cloud

To maximise multi-cloud environments’ benefits and cost optimisation, organisations should adhere to best practices in their management approach, says Avinash Gujje, Practice Head, Cloud Box Technologies .This involves comprehensive planning and

HYBRID AND MULTI-CLOUD ARCHITECTURES ARE BECOMING INCREASINGLY PREVALENT, DESPITE THE CHALLENGES ASSOCIATED WITH THEIR MANAGEMENT AND SECURITY.

strategic development. It is essential to assess organisational requirements, workload dependencies, and regulatory considerations to formulate a welldefined multi-cloud strategy that aligns with business objectives.

“Standardisation and automation are key factors in effectively managing multi-cloud environments. Leveraging cloud management platforms and tools enables centralised control and oversight, facilitating standardised processes. By automating provisioning, deployment, and scaling processes, organisations can improve consistency, reduce manual efforts, and enhance operational efficiency,” he adds.

Security and compliance should be given top priority in managing multi-cloud environments. Gujje from Cloud Box Technologies recommends implementing robust security measures such as data encryption, access controls, and regular audits to ensure comprehensive data protection and regulatory compliance.

Continuous monitoring and optimisation are also crucial for maintaining optimal performance and cost efficiency. By leveraging monitoring tools, organisations can track performance, availability, and cost metrics across their various cloud environments.This enables proactive

identification of potential issues and allows for resource optimisation, resulting in cost savings and improved overall performance.

According to Farhoud from VMware, as organisations have embraced multicloud, they’ve encountered a big spike in complexity, security challenges and a skills shortage. Despite the challenges, organisations have accelerated multi-cloud use. For example, according to research by Vanson Bourne and commissioned by VMware, 97 percent of cloud-smart organisations surveyed say their approach to multi-cloud has improved their revenue growth, and 96 percent say it has improved their profitability.

Challenges

Akar from Pure Storage says that one of the biggest challenges is high or unpredictable costs because organisations have rushed into choosing cloud services or don’t know what they’re using (shadow IT). According to a report from Flexera, organisations as a whole, including enterprises as well as small and mid-sized businesses, are exceeding their cloud budgets by an average of 13%. “Organisations should beware of cloud egress charges where providers charge customers for network usage based on the amount of data transferred out of the cloud - but not into the cloud.”

Farhoud offers another perspective: “Certainly, managing multiple cloud environments can also introduce complexities in terms of integration, security, and governance. Organisations must carefully plan and implement their multi-cloud architectures to ensure effective management and optimisation of resources.”

Maintaining consistent security and compliance standards across cloud platforms is challenging. Organisations must implement comprehensive security measures and identity/ access management solutions to meet regulatory requirements.

Gujje from CBT says to address these challenges, careful planning, skilled personnel, effective tools, and robust governance frameworks are necessary for seamless operations and maximising the benefits of multi-cloud environments.

Ranjan from IDC sums up: “As multi-cloud and hybrid-cloud environments continue to mature, CIOs and IT leaders are expected to further invest in unified cloud management tools. They will also form partnerships with global and local system integrators (SIs) and service providers to simplify and streamline multi-cloud deployments while optimising configuration, control, and optimisation efforts.”

LIMITLESS POSSIBILITIES

LENOVO HAS RECENTLY ENTERED INTO A PARTNERSHIP WITH AL HATHBOOR BIKAL.AI AND SHARJAH RESEARCH TECHNOLOGY AND INNOVATION PARK (SRTIP) TO PROVIDE HPC AND AI-AS-A-SERVICE SOLUTIONS TO BOTH PUBLIC AND PRIVATE ORGANISATIONS. IN THIS INTERVIEW WITH ALAA BAWAB, GENERAL MANAGER - META, AND ASHLEY WOODBRIDGE, CTO OF INFRASTRUCTURE SOLUTIONS GROUP AT LENOVO, WE EXPLORE THE WAYS IN WHICH THIS COLLABORATION WILL CONTRIBUTE TO TRANSFORMATIVE ADVANCEMENTS IN CITIZEN WELFARE AND HEALTHCARE WITHIN THE REGION.

Is this part of your strategy to offer everything as a service?

Alaa: HPC and AI-as-a-service is the way to go. We are one of the main players in that space. And I’m very proud to say that we have taken the pole position regarding HPC offerings in general as a technology. This is based on a study that was done by a third-party analyst firm, which put together around 500 criteria elements to evaluate HPC environments. We scored the highest. As a result, ISVs that deliver solutions to different verticals are interested in being certified and operating on top of our platform. So coming back to our partnership with Al Hathboor Bikal.ai and SRTIP, it is important to understand the uniqueness of the offering because we’re delivering HPC and AI capability on a managed services platform. We’re using the TruScale platform capabilities that Lenovo offers. This gives you the flexibility to pay as you go and only utilise the capacity you require for specific tasks; you can scale up and down as per the requirements. This

is the solution that we’re putting together as a consortium.

Is this the first HPCaaS in the region?

Alaa: Certainly, and it is also important to highlight that this region, especially the UAE, is leading in technology transformation and adoption of innovative approaches towards smart city and citizen safety, etc. Our platform is well-positioned to address these use cases and other objectives.

Are you targeting users who can’t afford traditional HPC systems with this offering?

Ashley: I would say it’s more of a democratisation of AI. As you know, we probably can’t talk about AI and HPC without talking about chatGPT. If you look at the estimates, they probably spent $4 million every month to train the model. So we have seen the capabilities that come out of these large language models, moving us toward general AI. But that’s only available for some. What we see in the market when we talk to our customers,

and startups is they have great ideas to solve humanity’s big problems, whether in public safety or genetic research for diseases. So getting smart students and startups access to the capacity, performance, and power of HPC clusters is very important. Now, offering HPC- as-a -service is a great way to do that; you can do your research training model and use the full capacity of the HPC cluster without making that five-year upfront investment.

How transparent is the cost element?

Alaa: It is as transparent as it can get because you can start with a very small foundation in this environment and truly build as you go and be charged for only what you utilise. As I said earlier, you can increase the capacity and the compute requirement needed for a specific task. And you can put it back to where you were earlier when that task has been executed successfully and you don’t need it anymore. So we have a very costeffective setup, and it is also important

to highlight the sustainability element that comes into play. We use liquid cooling technologies for the entire infrastructure to reduce power requirements and become truly green.

Ashley: Further to that point, if you look at most HPC projects, 40% of the lifetime cost of the project is the energy required to power the system and cooling. By moving to direct water cooling and reducing that cost, the benefits get passed on to the end customer. And the second point is for AI and HPC projects, data is the gravity. In the region, there has yet to be an ability to pay as you go, HPCas-a-service. Traditionally, agencies in our region seeking HPC resources had to rely on European providers, incurring high costs for international data transfers. However, with our data sovereign HPC-as-a-service capability, local data remains secure and processing is conducted within the region. This not only enhances security but also eliminates expensive data transfer costs.

Consequently, bright ideas no longer require massive budgets to

drive groundbreaking discoveries, as seen with the recent advancements in COVID-related mRNA vaccine research facilitated by HPC.

You provide ready-to-deploy AI solutions. What kind of use cases do you see emerging for these?

Alaa: So given where we will be hosted as a data centre, the obvious one will be around education and R & D. So HPC is required for all universities when they do R & D in different topics and subjects. And from an AI standpoint, now we’re talking about generative AI, computer vision, and machine learning; all of these requre even further data centre and compute capabilities, which are supported by this platform. Some of the use cases as I mentioned earlier concern citizen welfare and city security; others are in retail, healthcare, etc.

To summarise, our HPC and AI-as-aservice offering empowers users with accessible and sustainable computing capabilities. By removing financial barriers, providing transparent cost structures, and ensuring data sovereignty, we enable researchers, startups, and organisations to embark on ambitious projects, solving humanity’s grand challenges. With versatile AI solutions across multiple sectors, we contribute to a future where AI-driven innovations benefit everyone.

IN THE REGION, THERE HAS YET TO BE AN ABILITY TO PAY AS YOU GO, HPC-AS-A-SERVICE. TRADITIONALLY, AGENCIES IN OUR REGION SEEKING HPC RESOURCES HAD TO RELY ON EUROPEAN PROVIDERS.

SECURING THE FUTURE

HOW TO EMBRACE THE POWER OF DEVSECOPS

DevSecOps, the integration of security practices into the DevOps methodology, plays a pivotal role in the success of enterprises for several key reasons. Incorporating security measures from the outset enables early detection and mitigation of vulnerabilities in software and infrastructure.

Moreover, DevSecOps promotes collaboration among development, operations, and security teams,

fostering a culture of security awareness and accountability throughout the organisation.

According to Mike Fraser, VP & Field CTO of DevSecOps at Sophos, the ultimate goal of DevSecOps is achieving an “ITas-code” state, where security and operations are defined in code, ensuring consistent and secure deployments.

Tamer Odeh, Regional Sales Director at SentinelOne, highlights the importance of integrating security

testing and analysis at every stage of the development process to detect and prevent security vulnerabilities early on.

“It also means automating some security gates to keep the DevOps workflow from slowing down. Selecting the right tools to continuously integrate security, like agreeing on an integrated development environment (IDE) with security features, can help meet these goals. The emphasis on automation and continuous integration and delivery (CI/CD) in DevSecOps, enables rapid

and frequent software releases that meet the highest security and quality standards. However, effective DevOps security requires more than just new tools—it builds on the cultural changes of DevOps to integrate the work of security teams sooner rather than later,” he says.

James Harvey, CTO Advisor EMEA at Cisco AppDynamics, explains that the evolution of DevSecOps from DevOps was driven by the recognition that the traditional DevOps model did not adequately address security concerns. Rather than retrofitting security into the build, DevSecOps emerged as a solution to integrate security management earlier in the development process.

According to Harvey, with the DevSecOps approach, application security begins at the very beginning of the build process, ensuring that applications are secure against cyberattacks even before they reach the end user. Moreover, this approach ensures continuous security throughout application updates.

There is now a widespread realisation among organisations that adopting a DevSecOps approach is the most effective way to navigate the escalating cybersecurity risks while maintaining development speed. Recent research conducted by Cisco AppDynamics

revealed that 82% of technologists in the UAE consider DevSecOps critical in effectively protecting against multistaged security attacks targeting the entire application stack. Consequently, it comes as no surprise that 49% of organisations in the UAE have already embraced DevSecOps, with an additional 48% contemplating making the shift.

How does DevSecOps differ from traditional software development?

According to Eric Johnson, Senior Instructor at SANS Institute, traditional development workflows follow a gated and siloed approach, where development work is handed off to operations and security teams. This method, used in Waterfall and Agile development methodologies, creates a clear separation of duties among teams. However, this reactive approach only allows for security checks at specific points in time, often leading to the discovery of vulnerabilities too late in the workflow.

Jason Mitchell, SVP of Engineering at Delinea, emphasises that DevSecOps practices are rapidly becoming a necessity. In the context of SaaS API development, it is crucial to continuously update processes to accommodate new tools and ideas. Traditionally, software changes would be bundled together, followed by QA tests and periodic pen-testing.

“However, with the advent of fastmoving teams that release updates multiple times a day, the integration of security, automated tests, and delivery pipelines has become essential to ensure code security and quality. Organisations that fail to adopt these practices find themselves unable to keep up with the pace of development, and they may face security breaches resulting in financial penalties, loss of trust, and damage to their brand reputation,” he adds.

Fraser from Sophos says DevSecOps emphasises automation, which leads to solutions that are easily deployable and repeatable, enabling others to consume automation for specific use cases,

THE EMPHASIS ON AUTOMATION AND CONTINUOUS INTEGRATION AND DELIVERY (CI/CD) IN DEVSECOPS, ENABLES RAPID AND FREQUENT SOFTWARE RELEASES THAT MEET THE HIGHEST SECURITY AND QUALITY STANDARDS.

including compliance, infrastructure deployment, cloud security, and even response actions to active threats. Through automation, engineers across tech teams can produce repeatable solutions that can be consumed by other teams, promoting shared responsibility for security within the DevSecOps lifecycle. This drives collaboration among development, security, and operations teams and increases operational efficiencies while enabling quicker response to threats with security baked-in across the DevSecOps lifecycle.

Common pitfalls to avoid While there is almost universal appetite for DevSecOps, the Cisco AppDynamics research uncovers a number of challenges that technologists are encountering as they look to make the transition to this new way of working.

The first challenge that organisations face is the lack of skills and knowledge in managing application security against evolving and sophisticated threats. Many technologists do not feel fully confident in their abilities to address the application security threats their organisation currently encounters. The shift towards a DevSecOps approach necessitates technologists, whether in DevOps, ITOps, or SecOps roles, to expand their skill sets and effectively collaborate as part of an integrated application team. Security professionals must acquire new skills and a deeper understanding of application development, while developers need to enhance their knowledge of security.

Harvey from Cisco AppDynamics highlights the second challenge, which is resistance to change. DevSecOps requires a significant cultural shift within IT departments. Technologists must overcome skepticism and suspicion towards other IT functions and embrace transparency in their work. They need to adopt new processes and structures that foster collaboration, mutual understanding, and recognition. IT leaders play a crucial role in emphasising the benefits of DevSecOps, not only in terms of

enhancing the organisation’s security posture but also in relieving the pressure on technologists.

According to Kalle Björn, Senior Director of Systems Engineering at Fortinet ME, successfully adopting DevSecOps requires investments in technology and automation. Still, it should also prioritise awareness and training. Technology alone is not enough; organisations must educate their employees on the importance of collaboration, continuous delivery, and cybersecurity. This involves providing comprehensive training and support to enable employees to carry out their roles effectively.

Björn concludes by shedding light on the challenge of establishing a proper workflow for DevSecOps within the context of a zero-trust approach to security. To support a holistic zerotrust strategy, application, and data developers need to embrace a “shiftleft” design model approach to security. This requires closer collaboration between security teams and developers, recognising that developers may have less experience with security and require a different approach compared to traditional application development. By fostering this collaboration, organisations can establish an effective DevSecOps workflow that aligns with a robust zero-trust security framework.

THE SHIFT TOWARDS A DEVSECOPS APPROACH NECESSITATES TECHNOLOGISTS, WHETHER IN DEVOPS, ITOPS, OR SECOPS ROLES, TO EXPAND THEIR SKILL SETS AND EFFECTIVELY COLLABORATE AS PART OF AN INTEGRATED APPLICATION TEAM.

Unlock next-level travel experiences and rewards for your customers.

Today’s banking customers want loyalty experiences that elevate every journey. That’s why the original and leading global lounge programme—LoungeKeyTM, brought to you by Collinson—ranks highest in customer enjoyment.

With LoungeKey you can unlock market-leading access to 1,300 airport lounges and premium experiences at more than 650 airports, across 148 countries.

Check out our LoungeKey Banking Hub to learn how the global leading lounge experiences programme can:

keep your card top of wallet for travellers with unique Access on Payment Card and Co-Brand features delight your customers with luxury experiences, ranging from spas and sleeping pods to restaurants and gaming lounges

•

give your customers seamless airport experiences, no matter where they travel to increase customer value and acquisition.

Visit our LoungeKey Banking Hub to unlock the benefits of the world’s favourite digital travel companion for your customers.

BUILDING THE CLOUD FOUNDATION

EMPOWERING TRANSFORMATIONAL CHANGE IN THE DIGITAL ERA

Countries in the Middle East and Central Asia have recognised the role of cloud technology in driving the digital economy; they are actively promoting it as part of their digital transformation strategy. For example, the UAE, Saudi Arabia, and Kuwait have launched initiatives embedded into their national visions to establish cloudfirst policies and actively promote the adoption of cloud technologies.

According to a recent research report from MarketsandMarkets, the cloud computing market in the Middle East is projected to grow from US$14.2 billion in 2021 to US$31.4 billion by 2026, highlighting a significant growth potential in the region. Undoubtedly, the Middle East is a launchpad for various digital technologies, ranging from the transition from 4G to 5G to advancements in cloud computing and artificial intelligence, with global implications.

In Central Asia, iKS Consulting forecasted the cloud market in Kazakhstan would increase to 72.5 billion tenge within the next five years, with IaaS/ PaaS accounting for the

largest share. Similarly, Uzbekistan has made significant strides in digital infrastructure development. A United Nations report on the global rating of e-government development acknowledges Uzbekistan’s progress, with an 18-position rise in rankings. Additionally, the country has shown improvement by four points in the Global Innovation Index for 2022.

The increasing appetite for cloud services in the region has attracted all major global cloud technology players, including Huawei, which launched its cloud region in the UAE two years ago and is currently setting up another cloud region in Saudi Arabia to accelerate its digital transformation initiatives. Huawei Cloud operates in over 170 countries and regions, offering 240 plus cloud services.

Governments and enterprises in the Middle East and Central Asia recognise the need to digitally transform their operations to keep pace with technological advancements and meet ever-evolving customer expectations. AI, big data, IoT, and cloud computing are foundational technologies driving this transformation, enabling organisations to modernise their infrastructure,

processes, and service delivery models.

While public cloud services are popular and widely used, on-premises cloud infrastructure, built and managed within an organisation’s data centre, has become equally important in driving continuous digital innovation.

This is where Huawei steps in with its Huawei Cloud Stack offering, which shares the same DNA as its public cloud architecture. Catering to the government and enterprise market, it is a reliable full-stack cloud solution deployed in customers’ data centres. Huawei Cloud Stack helps users meet security compliance requirements and perform operations and maintenance on premises. Besides, it can quickly synchronise a wide range of cloud services from the public cloud to ensure continuous innovation.

Currently, Huawei Cloud Stack boasts an extensive selection of over 80 highfrequency and essential cloud services, making it the industry’s widest range of on-premises cloud services. Since its introduction in 2020, Huawei Cloud Stack has already become China’s top on-premises cloud platform, serving more than 5,200 customers, including

800 e-Government clouds and the top five banks in China, in addition to top airports and energy companies.

In the UAE, Ankabut, which provides ICT services to the education sector, runs on Huawei Cloud Stack. The platform’s strong capabilities and abundant cloud services are helping the UAE cement its position as a leader in the education and research fields. Another case in point is the e-Government Project Management Center in Uzbekistan, which has signed an MoU with Huawei to launch a national data centre to accelerate the country’s digital transformation.

Building intelligence

Huawei Cloud Stack stands out from other offerings in the market due to its robust foundation and wide range of capabilities encompassing high reliability, diverse computing power, strong security measures, efficient storage, comprehensive network connectivity, and effective cloud management. Huawei believes these capabilities are crucial for ensuring business continuity, scalability, and security in today’s rapidly changing business landscape.

With its extensive expertise in both cloud solutions and traditional IT infrastructure, Huawei distinguishes itself as the sole cloud vendor capable of supporting disaster recovery without requiring application modifications. It also provides cloud-native disaster recovery solutions. Huawei Cloud Stack offers various options for different business scenarios, including singleDC reliability and geo-redundant disaster solutions. In case of a fault, failover can be swiftly executed within minutes, eliminating the need for manual intervention. Furthermore, Huawei Cloud Stack delivers disaster recovery as a service and supports fine-grained disaster recovery.

Security is another prominent feature of Huawei Cloud Stack. It employs a one-centre and seven-layer defence architecture to assist customers in building a comprehensive end-

to-end security protection system. The security operation’s central intelligence, SecMaster, integrates over 100 detection models and 50 handling scripts. This empowers Huawei Cloud Stack to respond to 95 percent of security events within minutes, transforming security from passive protection to proactive intervention.

Industry know-how

As with any new technology, the foundation of widespread cloud adoption lies in ease of use, while industry-specific solutions play a crucial role in driving this adoption. In segmented industry scenarios, Huawei Cloud Stack has identified common features and standardised hardware, cloud service portfolios, networking, configurations, and applications to simplify deployments and facilitate the sharing of industry expertise. In addition, by collaborating with ecosystem partners, Huawei Cloud Stack validates industry-specific solutions, ensuring that applications are tailored to specific use cases and consistently updated.

Building on its extensive project experience, Huawei Cloud has introduced four scenario-based solutions: national government cloud, national AI cloud, financial cloud, and carrier cloud. These solutions

incorporate pre-integrated and optimised software and hardware, forming reference architectures for specific scenarios. Industry applications within these solutions are thoroughly verified in advance through collaboration with ecosystem partners, enabling largescale replication.

Industry customers are progressing from basic cloud migration to a deeper adoption of cloud technology, which presents numerous unpredictable challenges. To address these challenges, Huawei Cloud has developed over 70 professional services based on years of experience in digital transformation, both internally and across various industries. These professional services encompass high-level design, planning and implementation, cloud support, and auxiliary operations. This replicable professional experience assists customers in navigating the complexities of deep cloud adoption.

Accelerating transformation with rich services

Cloud platforms have become fundamental for businesses seeking innovation in data, AI, and application development. To meet the evergrowing demands of customers, cloud platforms must continuously evolve and improve, providing access to the latest capabilities and technologies.

Huawei Cloud is an advocate and leader in open-source technology worldwide. In 2015, Huawei Cloud participated in establishing CNCF (Cloud Native Computing Foundation), becoming the only founding member from Asia. In addition, Huawei Cloud has invested in and continuously innovated in the cloud native field. In 2020, Huawei Cloud introduced the concept of cloud native 2.0 system, marking a significant milestone. It worked with CNCF and China Academy of Information and Communications Technology to set up an Elite Club to explore innovative technologies and promote the convergence of the cloud native technology ecosystem with various industry ecosystems.

HUAWEI CLOUD STACK OFFERS VARIOUS OPTIONS FOR DIFFERENT BUSINESS SCENARIOS, INCLUDING SINGLE-DC RELIABILITY AND GEO-REDUNDANT DISASTER SOLUTIONS.

IN CASE OF A FAULT, FAILOVER CAN BE SWIFTLY EXECUTED WITHIN MINUTES, ELIMINATING THE NEED FOR MANUAL INTERVENTION.

MASTERING THE SECURITY MAZE

THE RETAIL INDUSTRY, WITH ITS VAST CUSTOMER BASE AND EXTENSIVE DIGITAL PRESENCE, IS INCREASINGLY BECOMING A PRIME TARGET FOR CYBERCRIMINALS. IN THIS INTERVIEW, ASHISH KHANNA, CISO OF SHARAF GROUP, DELVES INTO THE CYBERSECURITY CHALLENGES FACING THE RETAIL SECTOR, AND THE EVOLVING THREAT LANDSCAPE.

What are some of the biggest challenges you face as a CISO?

The pace at which the cybersecurity solutions industry progresses does not align with the speed of advancements within the payment industry. A prime illustration of this disparity can be seen in the utilisation of NFC technology in payments and the absence of B2B encryption in PoS systems. Despite the significant advancements made in the payment industry, it is evident that the security aspect has somewhat lagged. This discrepancy exemplifies how the evolution of both industries is unfolding. As security is a horizontal aspect, cutting across various sectors, it requires equal attention and advancement alongside industry-specific developments.

Are there any challenges that are unique to the retail industry?

The retail industry faces several significant security challenges that demand attention and proactive measures. Two crucial areas of concern are the security of PoS machines and unencrypted NFC communications. These vulnerabilities can leave retailers susceptible to breaches and unauthorised access, potentially compromising sensitive customer data.

Another pressing issue affecting the retail sector is the prevalence of botnets, which can be utilised both positively and negatively. Botnet security is crucial as these can be exploited for malicious purposes, posing risks to retailers’ systems and operations.

Moreover, ransomware has emerged as a serious threat across industries, including retail. Ransomware attacks are not industry-dependent, and they have had a significant impact on the retail sector as well. Ransomware groups continuously evolve their tactics and techniques, necessitating constant vigilance and robust security measures.

The dynamic nature of the retail industry adds further complexity to security considerations. Unlike traditional banking, where breaches can be mitigated during off-peak hours,

retail is now moving to operations on a 24/7 basis. With the shift towards online marketplaces, retailers have a global customer base and are no longer confined to physical brick-and-mortar stores. This expanded reach introduces new vulnerabilities and the need for comprehensive security measures to safeguard customer data and transactions.

Why is it getting so hard to stop ransomware attacks?

The true challenge is not our ability to mitigate ransomware or other risks, but rather in our understanding of how to approach security in a pragmatic manner. It is essential to strike a balance between addressing insecurities and avoiding unnecessary fear-mongering. We must move beyond the notion that securing resources or systems requires confining them to rigid boundaries. Instead, we can allow them the freedom to operate while ensuring they stay on the desired path.

A classic example of this approach is lane-changing alerts in cars. These alerts do not prevent us from driving or hinder any other functions of the vehicle. Instead, they help us stay within our lane, a critical aspect of safe driving. Adopting a similar mindset has proven beneficial throughout my career as a security professional. It is not always necessary to completely halt business operations; rather, we can raise flags and provide

solutions that support both business objectives and security requirements. This is where the true challenge liesfinding the delicate balance that supports both aspects.

At times, it can be a struggle for CISOs to fully grasp this concept. However, once we align security practices with business goals and priorities, we can evolve alongside our businesses. This approach allows us to address security concerns while fostering innovation, supporting growth, and ensuring a harmonious synergy between business operations and robust security measures.

Is security now a boardroom-level topic?

Security has become an imperative topic that demands attention at the boardroom level. As an organisation, we are acutely focused on the security aspects of how we interact with and present ourselves to our customers. This emphasis reflects the commitment of our management to prioritise security. I am fortunate to be part of an organisation that values security as a core business priority.

However, not all organisations share this level of commitment to security. For those organisations, it is imperative that they bring security discussions to the forefront of their boardroom deliberations.

Managing business risks in conjunction with security risks is where you, as a CISO, become the eyes and ears of the management team. Executives at the C-suite level, whether they are CEOs or CFOs, are well aware of their business risks. As a CISO, you serve as the bridge connecting these different components. Cyber risks must be considered not merely as obstacles, but also as enablers of business opportunities.

For example, consider the scenario where a recently launched application faces the threat of being brought down by a cyber attack within just 12 hours. In such a case, both the CEO and CIO would undoubtedly stand alongside the CISO, recognising the potential impact on the business. This example underscores the critical need for security to align with and support the overall business objectives.

THE TRUE CHALLENGE IS NOT OUR ABILITY TO MITIGATE RANSOMWARE OR OTHER RISKS, BUT RATHER IN OUR UNDERSTANDING OF HOW TO APPROACH SECURITY IN A PRAGMATIC MANNE.

KEEPING DIGITAL TRANSFORMATION PROJECTS MOVING

WHILE WE HEAR A LOT ABOUT ORGANISATIONS BEGINNING THEIR DIGITAL TRANSFORMATION JOURNEYS, RANJITH KAIPPADA, MANAGING DIRECTOR AT CLOUD BOX TECHNOLOGIES POINTS OUT A MYRIAD OF INTERNAL FACTORS CAN GRIND THEM TO HALT.

The pandemic spurred an increase of digital transformation initiatives across organisations and industries. And while this heightened awareness and roll out is meant to be appreciated, organisations still face the challenge of successfully completing such initiatives.

Global research organisations have studied completed and stalled digital transformation initiatives from many angles and concluded that the reasons for failure are often non-technical.

CIOs need to be aware of the multiple non-technical reasons that can ground digital transformation initiatives, often for no fault of theirs, and plan to find ways to work around the points of failure described below.

Limited funding

Many finance heads continue to look at technology and IT spending as an operational expense rather than one driving innovation and longer-term strategic benefit. Hence, when a digital transformation initiative is proposed it may be hard for the CIO to gather the total funding to complete the project.

Inability to gather sufficient funds to drive a digital transformation project also arises when financial decision making is siloed and fails

to see and apportion the benefits of digital transformation across the organisation. With such an approach, it may be difficult to justify sufficient funds and may require alternative routes for results.

The way forward is to justify expenditure for digital transformation with the business outcomes delivered. Many times, budgets are available with business heads and may require realignment and reprioritisation of the digital transformation initiative, along the business objectives related to that funding.

Delivery of timely business results and delivery of political benefits if well-articulated, can also help to trigger sufficient levels of investment to mobilise the digital transformation initiative. Finally, CIOs need to be flexible in identifying and realigning with multiple funding opportunities that may exist across the organisation.

Breadth of skills

The successful roll out of digital transformation initiatives requires having multiple types of digital skill sets across the organisation. Some of these core skill sets include cloud migration and orchestration, digital architecture and platforms, data analytics, user experience and design, amongst others. Other than technical skills, teams also need to prepare themselves to become agile and flexible, often referred to as digital nimbleness.

The way forward is to build multiple types of digital training programs across the organisation. In addition to training employees with digital skills along their functional job roles, they can also be offered digital skills training outside their functional roles. This will help them to understand the multifunctional and cross siloed approach of digital transformation.

Another important initiative is to build skills in business areas that are the most impacted by digital transformation. Since digital transformation impacts existing job roles and helps to create new ones,

communicating new career paths and skills progression based on experience, are another important part of the internal initiatives.

Technology resources

Post pandemic, all industries, and all organisations, have experienced an increase in the usage of digital technologies. On the flip side, shortage of IT and technology talent can dampen the enthusiasm of most digital transformation initiatives. The reasons for shortage of technology and business subject matter experts in an organisation can range from cultural to siloed thinking of the management.

A short-term approach of building skilled resources in low code type of digital transformation solutions can only go so far. The real benefits for an organisation are gained by developing the complete gamut of skills required to manage digital transformation initiatives of any complexity and scope. The way forward is to build a continuous program of developing digital skills and culture across the organisation that helps in positive roll out of a digital transformation initiative.

Such a continuous program of skills development and enhancement requires management support and a medium to long term vision for improvement and transformation.

Risk averse and resistance to change

In some organisations, the work culture does not reward change of routine and day to day processes and operations. Such organisation cultures are riskaverse and may believe there is no benefit in changing tried and tested work practices. In such organisations change management has to be actively and expertly managed.

There are multiple options for CIOs to manage the way forward. The first is to align with business heads and assess the possible cultural bottlenecks in the progress of digital transformation. Next is to align the progress of digital transformation with business outcomes and benefits. Managing change and the resulting business benefits from the change also needs to be clearly demonstrated and communicated across the organisation.

Siloed teams

Every organisation has its share of inherent silos that have an ongoing impact on processes and decision making. In day-to-day business, over a period of time, siloed ways of working get accepted. However, during digital transformation, teams that have been used to working within department walls and boundaries, find it difficult to change and adapt with the rest of the organisation.

This can have a negative impact on building the digital transformation strategy and its actual implementation and can be particularly destabilising when working across department siloes if there is inadequate preparation to overcome these challenges. The way forward for CIOs is to clearly identify the roles of team members, their ownership in the success of digital transformation roll outs, and accountability and contribution towards success.

IN ADDITION TO TRAINING EMPLOYEES WITH DIGITAL SKILLS ALONG THEIR FUNCTIONAL JOB ROLES, THEY CAN ALSO BE OFFERED DIGITAL SKILLS TRAINING OUTSIDE THEIR FUNCTIONAL ROLES. THIS WILL HELP THEM TO UNDERSTAND THE MULTIFUNCTIONAL AND CROSS SILOED APPROACH OF DIGITAL TRANSFORMATION.

BUILDING INTELLIGENCE

LEGACY BUILDING MANAGEMENT SYSTEMS, ONCE USED TO SUPPORT HEATING AND COOLING, ARE NOW TRANSFORMING INTO DIGITAL SMART BUILDINGS WITH NEW CABLING STANDARDS AND ZONE CABLING ARCHITECTURE SAYS OSAMA ABED, TECHNICAL MANAGER AT NEXANS DATA NETWORK SOLUTIONS.

The Internet of Things is no longer a hype and along with the network edge, improved wireless network platforms and improved access points, offers a wide range of use cases and opportunities for return on investment.

With rapid urbanization a global and regional trend, and the focus on connected and sustainable real estate development, both commercial and consumer, in UAE and Saudi Arabia, an area that is of importance is smart buildings.

According to Mordor Intelligence, the UAE construction market is expected to reach a value of US$134 billion by 2027, with a CAGR of close to 5% over the forecast period 2022-2027. Similarly, the size of the Saudi Arabia construction Market is US$140 billion in the current year and is anticipated to register a CAGR of over 5% during the forecast period.

As private and government investments are directed towards mega-commercial, luxury, hospitality, and lifestyle construction projects across the GCC, a key requirement is to ensure they are future technology ready. With the rapid pace of digital transformation in the consumer and business areas, service providers may need to support a wide range networking platforms and use cases in the future, that building residents demand and expect.

Traditionally, the principal purpose of a legacy building systems was to integrate the requirement of heating and cooling across a particular building. Such legacy systems have been self-contained, not always connected to the Internet, and have been put in place for the benefit of the

owners of the building. Reducing the costs of operation and maintenance used to be their primary purpose in the past.

Today building management systems under the influence of digital transformation are moving towards the next generation of building management systems, typically termed as smart buildings or intelligent buildings.

Smart buildings have a wide range of digital sensors or Internet of Things and digital appliances deployed in their internal networks and support systems. This could include surveillance, face recognition, biometrics, access systems, thermal temperature distribution, energy consumption, network quality, network management, passenger monitoring systems in elevators, as well sensors for indoor air quality, among others. All these helps to build a digital persona of the building.

As an example, Power over Ethernet is now used to support and manage LED

based lighting systems. Using Power over Ethernet, energy for LED lighting systems are delivered through the network, making lighting management an IT function. LED lighting systems can reduce energy consumption by up to 80% delivering the same light intensity.

In addition to energy consumption, LED lighting also has a significant impact on productivity. Productivity improvements are some of the best benefits delivered by smart buildings, and according to McKinsey, the productivity benefits from smart lighting can account for up to 75% of the financial benefit of the intelligent building environment.

While the Internet of Things sits on a future ready network infrastructure system, the life cycles of sensors and devices needs to be extended to match the life cycle of the building and the network. Another important consideration while designing smart buildings is the concept of the Service Concentration Point or SCP. SCPs are designed to around cover 16 sqm and should support 8 to 36 devices.

Smart buildings use a star-wired architecture with cables going from the service distributor to the SCP. SCPs should be deployed permanently in accessible areas and should be not designed on structures which are temporary.

There are several cabling standards to support the build-up of smart buildings. Both CENELEC and ISO are specific to distributed building services, and BICSI has an ICT design for smart buildings. The standards recommend using a zone cabling architecture to prepare for these kinds of deployments.

To summarize, smart buildings converge a wide range of use cases and technology platforms to deliver a better working environment in terms of productivity, health, safety, cost, and sustainability. Internet of Things deployed in smart buildings helps to build digital representations of physical objects, systems, and spaces.

Smart buildings through Internet of Things, digital platforms, and advanced network systems can integrate data from multiple disparate systems. This delivers improved economic, social, and environmental benefits to the tenants and owners of the building.

THE STEPPINGSTONE FOR HYPERAUTOMATION

DEEP VISIBILITY AND UNDERSTANDING OF EVERY BUSINESS AND IT PROCESS INSIDE AN ENTERPRISE IS THE FOUNDATION FOR ROLLING OUT HYPER-AUTOMATION AND CREATING AN AUTOMATED, INTELLIGENT ENTERPRISE, SAYS WALID GOMAA, CEO OF OMNIX INTERNATIONAL.

Just a decade ago, IT and business process decision makers were actively discussing the pros and cons of business and IT process automation. Today, the discussion over the topic is no longer taking place and attention has turned on how to move to the next level of automation, typically termed as hyper-automation. Gartner estimates that 69% of routine work done by managers globally will be automated by 2024.

Automation in the form of using programmed bots to take over repetitive, human intensive tasks, also termed as robotic process automation, has moved forward. The demands today are a process of continuous process discovery, continuous process improvement, and continuous process automation. There is now a relentless push to automate more and more IT and business processes and to improve the level of performance and returns from automation.

To reach these levels of performance, hyper-automation

is using a combination of process mining, Process discovery, Natural Language Processing (NLP), AIpowered OCR in addition to robotic process automation. The end goal is a fully automated, end to end, selfimproving enterprise.

A key minimum condition to achieve these deep levels of successful, end to end automation is complete visibility and understanding of every business and IT process inside the enterprise.

Inside any organization, every business and IT process is the sum of how the workers and systems involved in the process execute their operations. While a business process can be defined by the head of its business, the actual execution by its workers tends to differ. Every worker has their own way of executing their part of the operation and those nuances can seldom be captured by the head on the top of the business operation. The same analogy applies for IT processes.

Moreover, while the starting and ending point of a business process remains the same, the course of the processes can change and does keep changing.

In fact, as organization adopt automation, the first hard-fact of reality that they realize early enough, is that there is no such thing as the perfect process and there is no such state as the continuously static process.

Processes are derived from the needs of a business to deliver based on the internal and external market conditions and the workers who are part of the process. Since these are not fixed nor static, a business process will also not be fixed and static and will keep changing over time.

According to Forrester, 37% of decision-makers report delays to their digital transformation initiatives due to misunderstood processes across the enterprise.

The newly emerging best practice

of process mining now allows enterprises to track every step of their business and IT operations and ensure these are aligned with the requirement of business as it exists today and tomorrow. Productivity of an enterprise is centred around having complete control and visibility into every single business critical process and operation.

Discovering the reality of an organization’s business processes, also termed as process mining is not as big a challenge as it used to be previously. Every business application captures how its processes work and saves this data to be accessed through select tools. How long does a process take; who is involved in the process; and at what stage does a worker enter and exit the process.

Previously, the usage of legacy systems and legacy platforms could not make this rich trove of user data visible and available. Process mining tools built on digital platforms, now provide this transparency. Process mining accesses the digital footprint

of a process across business applications and makes it visible to decision makers and process architects.

By leveraging the event data of a process, process mining can help to indicate which parts of the process are ready for automation and which parts of the process need to be improved and reengineered. Process mining helps to indicate which parts of a process are impacting customer engagement, customer experience, and customer satisfaction. Using process mining, enterprises can enter a loop of continuous improvement, both internally and externally.

Benefits of process mining

These can be summarised as:

• Provides a comprehensive view of enterprise business processes, allowing them to identify inefficiencies, bottlenecks, and opportunities for optimization

• Provides real-time insights into process performance, allowing organizations to quickly identify and address issues as they arise

• Helps to continuously monitor progress of automation and ROI being generated

• Identifies which parts of a process are the most valuable for automation

• Generates business benefits by aligning best practices and automation

• Converts into an audit tool since it saves history of processes before and after automation

According to McKinsey, the opportunity to automate work is $3.6 trillion opportunity. Forrester adds that the opportunity of automation will create 15 million new jobs by 2027. In the regional market, automation is a huge opportunity for specialist partners offering hyper-automation solutions and services for their valuable enterprise customers.

IN FACT, AS ORGANIZATION ADOPT AUTOMATION, THE FIRST HARDFACT OF REALITY THAT THEY REALIZE EARLY ENOUGH, IS THAT THERE IS NO SUCH THING AS THE PERFECT PROCESS AND THERE IS NO SUCH STATE AS THE CONTINUOUSLY STATIC PROCESS.

UNMASKING VULNERABILITIES

ED SKOUDIS, PRESIDENT OF SANS TECHNOLOGY INSTITUTE, EXPLORES THE POWER OF PENETRATION TESTING IN COMBATING AI-POWERED THREAT ACTORS.

Penetration testing is undoubtedly among the most effective methodologies that help determine an organisation’s risk posture. While it’s true that other standard processes like gap assessments, auditing, architecture reviews, and vulnerability management all offer significant value, there’s still no substitute for impactful penetration testing. When done correctly, it signifies where the rubber meets the road – serving as a situational barometer for aligning security defenses with ever-evolving cyber threats and budgetary realities.

At its core, penetration testing falls under the umbrella of ethical hacking, where simulated threat actors attempt to identify and exploit key vulnerabilities within an organisation’s security environment. Gaining this visibility casts a spotlight on the link between cyber and business risk amid rapid increases in AI-powered attacks targeting enterprise networks.

The rise of ChatGPT, for example, has been well-documented as a cybercrime gamechanger, democratising highly advanced tactics, techniques, and procedures (TTPs) so average adversarial threat actors can increase lethality at low costs. Empowering run-of-the-mill hackers to continuously punch above their weight class will only continue to amplify the volume and velocity of attacks, heightening the importance of effective penetration testing programs that help mitigate the severe business impact of breaches. On average, victims lost a record-high $9.4 million per breach in 2022.

Compounding the issue is a pattern of poor security posture across both the public and private sectors. The SANS 2022 Ethical Hacking Survey found that more than three-quarters of respondents indicated “only a few or some” organisations have effective Network Detection and Response (NDR) capabilities in place to stop an attack in real-time. Furthermore, nearly 50% said that most organisations are either moderately or highly incapable of detecting and preventing cloud- and application-specific breaches. It’s clear that much more must be done to swing the balance of power away from adversaries.

Enter penetration testing, which can provide unrivalled contextual awareness for refining cyber defenses, threat remediation, and recovery processes within an overarching risk management architecture. For organisations implementing penetration testing programs at scale, keep the following fundamental tenets top of mind to maximise impact.

The Goal-Oriented Mindset

Just over a decade ago, Josh Abraham developed a compelling case for the increased adoption of a goal-oriented approach to penetration testing. He prefaced it with a simple question: What drives the penetration tester? How do they know what they want or what level of access is going to demonstrate the highest risks to the organisation?

The answer was a clear set of predefined goals that didn’t revolve around the tactical processes and technical workflows most associated

with penetration testing at the time. Contrary to popular opinion across cybersecurity circles, identifying surface-level vulnerabilities wasn’t the ethical hacker’s golden goose.

Penetration testing and vulnerability assessments are not two sides of the same coin. While the latter is static and lacking in context, the former is designed to uncover fundamental business risks by manually testing an organisation’s defensive posture to steal data or achieve a level of unauthorised access. The end-game isn’t about identifying the actual vulnerabilities themselves, but rather the doors that those vulnerabilities open – and the business consequences of allowing an adversary to walk through them undetected.

Fast forwarding to today, Abraham’s goal-oriented approach has emerged as a foundational pillar of penetration testing today. For ethical hacking to offer maximised value, there needs to be predefined goals in place structured around an organisation’s most vulnerable areas of business disruption to mirror a worse-case scenario attack. Ethical hackers target those areas to measure the organisation’s level of cyber resilience, revealing how pockets of low-risk vulnerabilities can combine to create an overarching high-risk scenario that puts their business in jeopardy.

For a major TV provider, it could be a ransomware attack that blacks out a nationally televised sports broadcast to cause billions in lost advertising revenue.

For a water treatment plant, it could be a nation-state attack that contaminates an entire city’s water

supply to spawn a public health crisis.

For a federal agency, it could be an insider threat attack that leaks national security intelligence to foreign adversaries for monetary gain.

Regardless of what encompasses that doomsday scenario, penetration testing must start with a firm understanding of where the attacker’s ultimate goalpost lies and how that might harm your business. That is the only real way to discover the right vulnerabilities with the right context for mitigating business risk.

Connecting the Vulnerability Dots

As the lines between cyber and business risk have blurred over the years, penetration testing has emerged as a critical component to proactive risk prioritisation. It enables organisations to generate detailed visibility into risk posture with probability scales and financial forecasts linked to various areas of their security environment. Armed with these high-level insights, CISOs have the foresight to make educated decisions by weighing the business risk of a potential attack against the likelihood that it will actually happen, and then allocating security resources accordingly to boost ROI and strengthen protection.

The distinct illumination and reassurance afforded by penetration testing also help demystify the complexity of the cyber threat landscape, translating cyber risk into actionable business terms that better resonate with the C-Suite and Board. Actual illustrative stories from recent penetration testing engagements make it much easier for cyber resilience leaders to articulate risk in a way that fosters collective buy-in across corporate leadership to ensure security remains a top organisational priority.

It’s important to remember that regardless of a penetration testing program’s effectiveness, grey areas and precarious judgement calls relative to risk prioritisation will always exist. Penetration testing helps ensure CISOs can come to the most informed decision possible. Otherwise, they are taking a

blind shot in the dark at what their real business risks are.

Iron Sharpens Iron

Just as cybersecurity is a team sport, so too is penetration testing. Fundamentally, a penetration testing program applies targeted offense – the same TTPs leveraged by sophisticated threat actors – to guide how organisations should construct their defenses. Penetration testing can also be a precursor to red team exercises. For more mature organisations who already conduct regular penetration testing, red team exercises involve a “red” offensive team, along with threat hunters and SOC analysts as the “blue” defensive team. And just like we all learned in elementary (and cybersecurity) school, fusing both together creates the color purple. The concept of purple teaming is often mischaracterised. It isn’t a singular team of offensive experts and hunters all operating together in unison. Rather, it’s a verb in this context that describes how red and blue sides can collaborate to expand knowledge,

sharpen strategy, and boost operational efficiency. And while it’s less obvious at the surface level, blue can help red just like red helps blue.

Collaborative intelligence sharing, for example, provides further perspective to ethical hackers on how a particular TTP was identified. That way, the red team can adjust their approach for the next attempt to ensure it’s more lethal, which in turn makes the blue team stronger. Consider it like iron sharpening iron –ultimately everybody benefits.

The rate of AI adoption on both sides of cybersecurity’s dividing line won’t be slowing down anytime soon. AIpowered attackers are here to stay, and what we thought we knew about AI-based attacks two weeks ago could very well be irrelevant today. This reality heightens the importance of implementing scalable penetration testing as a core component of the modern CISO’s arsenal. Between purple teaming, risk prioritisation, and welldefined goals, impactful penetration testing and red teaming are the ultimate sources of empowerment for combatting adversarial threat actors.

Kingston Server Premier

Kingston Technology Europe, an affiliate of Kingston Technology Company, has announced the release of its 32GB and 16GB Server Premier DDR5 5600MT/s and 5200MT/s ECC Unbuffered DIMMs and ECC SODIMMs.

Server Premier is Kingston’s industry standard server class memory solution sold by specification for use in white-box systems, and is Intel platform validated and qualified by leading motherboard/system manufacturers. Featuring a locked BOM (Bill of Materials) to provide a consistent brand and revision of primary components (including DRAM, PMIC, SPD hub, thermal sensors, and PCB), all Kingston server memory solutions are 100% tested and undergo a rigorous dynamic burn-in process designed to catch early-life failures at the factory.

In addition to the on-die ECC (ODECC) featured in every DDR5 DRAM chip, these new modules feature extra DRAM to

LG CreateBoard

LG Electronics has announced the launch of the LG CreateBoard series of digital whiteboard solutions (models 86TR3DK, 75TR3DK, 65TR3DK and 55TR3DK) for educational environments. Ideal for digital classrooms, LG CreateBoard boasts a 40-point multi-touch screen that provides smooth, interactive writing and drawing experiences. It also offers seamless collaboration with dedicated digital learning applications, and remote management with an easy-to-use cloud-based solution .

Designed to meet the digital learning needs of today’s students and educators, all the latest LG CreateBoard models are equipped with a 3,840 × 2,160 (UHD) resolution display that provides 40-point multi-touch functionality. The versatile, new products facilitate fun, interactive learning experiences and are ideal for learning games, collaborative activities, and much more.

Among the many convenient features for educators offered by LG’s new learning displays are QR access and Smart Viewing. With QR verification, instructors can easily access their own Google Drive and Microsoft OneDrive on LG CreateBoard and quickly share teaching materials

support the ECC (Error Correction Code) algorithm on enabled Intel and AMD processors, providing enhanced data integrity and stability for mainstream and mobile workstations.

with students without having to print them out. Meanwhile, the Smart Viewing feature makes it possible to display two or more materials on screen, either in separate windows or overlaid in picture-in-picture mode. This function helps students better understand instructions and learning content by allowing them to view multiple documents, videos, or other materials simultaneously.

Project Helix

Dell Technologies and NVIDIA announced a joint initiative to make it easier for businesses to build and use generative AI models on-premises to quickly and securely deliver better customer service, market intelligence, enterprise search and a range of other capabilities.

Project Helix will deliver a series of full-stack solutions with technical expertise and pre-built tools based on Dell and NVIDIA infrastructure and software. It includes a complete blueprint to help enterprises use their proprietary data and more easily deploy generative AI responsibly and accurately.

Project Helix will support the complete generative AI lifecycle –from infrastructure provisioning, modeling, training, fine-tuning, application development and deployment, to deploying inference and streamlining results. The validated designs help enterprises

HPE AI cloud

Hewlett Packard Enterprise has announced it has entered the AI cloud market through the expansion of its HPE GreenLake portfolio to offer large language models for any enterprise, from startups to Fortune 500 companies, to access on-demand in a multi-tenant supercomputing cloud service.

With the introduction of HPE GreenLake for Large Language Models (LLMs), enterprises can privately train, tune, and deploy large-scale AI using a sustainable supercomputing platform that combines HPE’s AI software and market-leading supercomputers.

quickly build on-premises generative AI infrastructure at scale.

Dell PowerEdge servers, such as the PowerEdge XE9680 and PowerEdge R760xa, are optimized to deliver performance for generative AI training and AI inferencing. The combination of Dell servers with NVIDIA® H100 Tensor Core GPUs and NVIDIA Networking form the infrastructure backbone for these workloads. Customers can pair this infrastructure with resilient and scalable unstructured data storage, including Dell PowerScale and Dell ECS Enterprise Object Storage

With all Dell Validated Designs, customers can use the enterprise features of Dell server and storage software, with observability through Dell CloudIQ software. Project Helix also includes NVIDIA AI Enterprise software to provide tools for customers as they move through the AI lifecycle.

HPE GreenLake for LLMs will be delivered in partnership with HPE’s first partner Aleph Alpha, a German AI startup, to provide users with a field-proven and ready-to-use LLM to power use cases requiring text and image processing and analysis.

HPE GreenLake for LLMs is the first in a series of industry and domain-specific AI applications that HPE plans to launch in the future. These applications will include support for climate modeling, healthcare and life sciences, financial services, manufacturing, and transportation.

ARE YOU READY FOR A BREACH?

SUNIL PAUL, MD OF FINESSE, ON WHY BUSINESSES SHOULD BE BREACH-READY IN TODAY’S DIGITAL LANDSCAPE TO MITIGATE RISKS

Organisations must establish dedicated incident response teams, conduct regular training exercises, and create playbooks that outline specific response actions for different incidents. Additionally, organisations should prioritise continuous improvement by analysing post-incident reports and incorporating lessons learned into their IR frameworks.

Is your organisation adequately equipped to confront the increasing number of cyberattacks, which often occur unexpectedly and progress rapidly? Do you have a well-defined plan in place if your defences are breached? Here is a checklist to assess your level of preparedness.

Check – Resilience: When facing a cyberattack, time becomes a significant challenge. Swift detection and response strategies are crucial to cyber resilience and serve as necessary risk mitigation measures.Resilience refers to an organisation’s ability to effectively anticipate, respond to, and recover from cyberattacks and other security incidents. It requires a comprehensive approach that covers technical, procedural, and cultural aspects.

Building resilience involves proactive measures such as comprehensive risk assessments, gathering threat intelligence, and regularly training employees on security awareness.

Check - Incident Response: Incident Response (IR) refers to the immediate actions taken after a security compromise, attack, or breach. It involves well-defined processes and procedures that guide an organisation’s response to and management of security incidents. An efficient IR plan minimises the impact of an attack, reduces recovery time, and safeguards valuable data and assets.

Check – Forensics: Organisations understandably desire to resume their business operations swiftly after an attack. However, if they neglect to thoroughly scan the environment for any lingering signs of post-attack persistence, they expose themselves to the risk of reinfection.

Cyber forensics is crucial in investigating cyberattacks, identifying attackers, and collecting evidence for legal and disciplinary actions. As a core component of incident response capabilities, cyber forensics involves collecting, examining, analysing, and reporting incident data from compromised systems. Robust forensics capabilities are vital for organisations to identify the root causes of an incident, address vulnerabilities, and prevent future attacks.

Investing in specialised training for digital forensics experts, establishing wellequipped forensic labs, and implementing incident response technologies with built-in forensics capabilities are essential to enhance an organisation’s investigative capabilities.

Getting help from outside

Despite growing awareness among organisations of the importance of resilience, incident response, and forensics in the face of cyberattacks, much work still needs to be done. A reactive mindset towards cyber threats hampers resilience, while incident responses are often more ad hoc than well-defined. Challenges in forensics include a lack of skilled personnel and inadequate tools.

It is often said that the first 72 hours of an attack are crucial for minimising the damage, for organisations struggling with limited resources or gaps in their cybersecurity posture or seeking an extra layer of security, partnering with Incident Management and Response (IMR), Managed Detection and Response (MDR), and Security Operations Center (SOC) providers could be a viable option.

These providers leverage their knowledge of the threat landscape to identify emerging threats and vulnerabilities that might go unnoticed by traditional security measures. This allows client organisations to patch vulnerabilities, update security configurations, and strengthen their defences, reducing the risk of future attacks. These providers also utilise advanced threat intelligence tools, machine learning algorithms, and human expertise to proactively monitor an organisation’s network and systems for potential threats and respond to real-time incidents.

Additionally, they conduct regula r security assessments, such as penetration testing and vulnerability scanning, to identify weaknesses in an organisation’s infrastructure.

Dedicated incident response teams that follow industry best practices, such as ISO 27035, can guide organisations through the response process. IMR, MDR, and SOC providers have well-established forensics capabilities, enabling them to conduct thorough investigations into security incidents. By analysing system logs, network traffic, and digital artefacts, they can determine the extent of an attack, identify its root cause, and gather evidence for legal proceedings, if necessary.

By prioritising resilience, incident response, and forensics capabilities, organisations can strengthen their cyber defences and minimise the potential damage caused by cyberattacks in today’s challenging digital world.

FREE ANTIVIRUS