ISSUE 42 \ MAY 2022
AN OPEN APPROACH How Red Hat is helping organisations in the Middle East with their digital transformation journeys
CONTENTS
44
14
PRODUCTS
HOW RED HAT IS HELPING ORGANISATIONS IN THE MIDDLE EAST WITH THEIR DIGITAL TRANSFORMATION JOURNEYS
AN OPEN APPROACH
12 12
HOW THE CONSTRUCTION INDUSTRY CAN OUTPERFORM ITSELF
14
SUPERCHARGING DIGITAL TRANSFORMATION
16 18
38
6
NEWS
24 THE ART OF DATA SCIENCE 27
DRIVING INNOVATION
BUILDING THE FUTURE
CAPABILITIES 30 CRITICAL OF A MODERN DLP
CLOUDFLARE ANNOUNCES FIRST INTEGRATED SERVERLESS DATABASE
GETTING AN EDGE
36
NAVIGATING YOUR SASE JOURNEY
LENOVO LAUNCHES SMARTER IT SUSTAINABILITY WITH CO2 OFFSET SERVICE
BUNDERSTANDING WHY 38 DIGITAL TRANSFORMATION
FORTINET: CYBERSECURITY SKILLS GAP CONTRIBUTED TO 80 PERCENT OF BREACHES
22 CHARTING A NEW COURSE PUBLISHED BY INSIGHT MEDIA & PUBLISHING LLC
PROJECTS FAIL
MAY 2022
CXO INSIGHT ME
3
EDITORIAL
TRANSFORMING CYBERSECURITY
T
he term digital transformation has become part of the business lexicon now. There is a huge appetite for new digital technologies, and no doubt, technological innovations have redefined business models and processes, especially in the last couple of years. However, in this feeding frenzy, cybersecurity is often neglected. Digital transformation without cybersecurity transformation is a recipe for disaster. Many enterprises in the region don’t have a clear picture of their current risk posture while the attack surface continues to expand.
For decades, this has been the Holy Grail of the industry but it seems to be within reach as long as you can bake cybersecurity into your business strategy from the ground up. However, this is not the sole purview of CISOs - it needs to be driven top-down by CEOs and boards. It is time for business leaders to realise cybersecurity can be a competitive differentiator, and the only way to create business resiliency is through minimising cybersecurity risks. And this is not going to be possible without redesigning cybersecurity to gain clear visibility into all aspects of your digital footprint and its potential threats and vulnerabilities.
Balancing security with business objectives is never easy, and Accenture calls firms that can strike the right balance as cyber champions. These organisations “experience the fewest significant attacks, have a speeder response to detection and remediation, and are better able to protect themselves from loss of data.” In other words, cyber champions align cybersecurity with the business strategy.
Our second edition of the Cyber Strategists conference will feature eye-opening discussions on the various facets of cyber resilience. We are bringing thought leaders from the industry to discuss ways to bridge the gaps and bring cybersecurity and business together. So join us on 18th May to find out how you get your organisation’s security function to keep pace with innovations and confidently adopt new technologies that power your strategic business goals.
Published by
Managing Editor Jeevan Thankappan jeevant@insightmediame.com +97156 - 4156425
Sales Director Merle Carrasco merlec@insightmediame.com +97155 - 1181730
Operations Director Rajeesh Nair rajeeshm@insightmediame.com +97155 - 9383094
Publication licensed by Sharjah Media City @Copyright 2022 Insight Media and Publishing
Production Head James Tharian jamest@insightmediame.com +97156 - 4945966
Administration Manager Fahida Afaf Bangod fahidaa@insightmediame.com +97156 - 5741456
Designer Anup Sathyan
While the publisher has made all efforts to ensure the accuracy of information in this magazine, they will not be held responsible for any errors
MAY 2022
CXO INSIGHT ME
5
NEWS
offer instant access to one of the most widely deployed database technologies in the world, SQLite, directly from Cloudflare Workers. By combining Cloudflare’s serverless development platform with instant databases, developers can build rich, databasebacked applications without ever worrying about deploying or managing a database.
“The hardest part about serverless isn’t actually the code, it’s the storage. Today we’re announcing our first serverless database which we expect will quickly become one of the largest databases in the world,” said Matthew Prince, Co-Founder and CEO of Cloudflare. “Cloudflare D1 is built on Cloudflare’s global network, which we believe will allow us to offer one of the largest and most performant serverless databases on the market so no business needs to be bogged down by the cost and complexity of managing their storage.” Unlike other databases on the market, Cloudflare D1 will use Cloudflare’s global network to optimise a businesses’ database by locating it as close as possible to their customers, providing the fastest possible experience to users. Additionally, by pairing storage solutions with Cloudflare’s serverless compute platform, Cloudflare is streamlining the developer experience for building full stack applications.
one of several United Nations Climate Action projects. As one of the first PC manufacturers to bring this type of carbon compensation service to the IT industry, Lenovo developed CO2 Offset Service as a solution for its customers to help them meet their own environmental goals. However, it is just part of the company’s broader Environmental, Social, Governance (ESG) strategy and ambitions. Recognizing the toll that human activities are taking on our planet, Lenovo has outlined its commitment to become net-zero by 2050 and pledged to positively impacting 15 million lives through philanthropic programmes and partnerships by 2025. Region-wide, visionary governments have instilled various initiatives as they work towards a more sustainable future. The UAE has a number of federal and municipal policies in place that establish clear goals for the country to shape its future in a more sustainable way. Among the UAE’s environmental projects include the UAE Vision 2021,
the UAE Centennial 2071, and the UAE Energy Strategy 2050, which sets a 50% clean energy objective for the country. Several sustainable development goals have already been defined in the UAE, and they act as a guiding concept for most new initiatives including Lenovo’s expansion of the CO2 Offset Service. Mohammed Hilili, General Manager, Gulf, Lenovo, said, “Lenovo recognises the importance of the global effort to mitigate climate change, having set our own science-based emissions reduction objectives. The launch of our CO2 Offset Service was always meant to assist our customers in their own sustainability efforts, and we’re proud to now be able to offer that assistance to our customers. Recent developments in the UAE include the launch of four pioneering national initiatives to ensure the sustainability of water resources, a program to attract young people to be part of local and global green initiatives and, financing clean energy projects and becoming the first Gulf nation to commit to net zero emissions by 2050.”
CLOUDFLARE ANNOUNCES FIRST INTEGRATED SERVERLESS DATABASE
C
loudflare, the security, performance, and reliability company helping to build a better Internet, has announced Cloudflare D1, a simple and instant serverless database. Cloudflare D1 will enable developers to start building database-backed applications using Cloudflare Workers with just a few clicks. Data will be stored close to where their users are, providing lightning fast performance without any of the complexities of installing or managing a traditional database. Everything from the apps in your phone to SaaS applications for the enterprise to frameworks like Ruby on Rails use databases for storage. And SQL is the dominant language used to query and update those databases, large and small. Cloudflare’s D1 will
LENOVO LAUNCHES SMARTER IT SUSTAINABILITY WITH CO2 OFFSET SERVICE
Lenovo has announced the Middle East launch of its CO2 Offset Service to its consumer PC portfolio. Available on all, Think commercial PCs, Lenovo Legion and Yoga PCs for consumer and commercial customers, the Lenovo CO2 Offset Service gives consumers a simple and transparent way to offset carbon emissions and help the environment by supporting 6
CXO INSIGHT ME
MAY 2022
FORTINET: CYBERSECURITY SKILLS GAP CONTRIBUTED TO 80 PERCENT OF BREACHES
F
ortinet has released its 2022 Cybersecurity Skills Gap Report. The new global report reveals that the cybersecurity skills shortage continues to have multiple challenges and repercussions for organisations, including the occurrence of security breaches and subsequently loss of money. As a result, the skills gap remains a top concern for C-level executives and is increasingly becoming a board-level priority. The report also suggests ways the skills gap can be addressed, such as through training and certifications to increase employees’ education. Sandra Wheatley, SVP Marketing, Threat Intelligence and Influencer Communications at Fortinet said, “According to the Fortinet report
released today, the skills gap isn’t just a talent shortage challenge, but it’s also severely impacting business, making it a top concern for executive leaders worldwide. Through Fortinet’s Training Advancement Agenda (TAA) and Training Institute programs, we are committed to tackling the challenges revealed in the report through various initiatives, including programs focused on cybersecurity certifications and recruiting more women into cyber. As part of this commitment, Fortinet has pledged to train 1 million professionals to increase cyber skills and awareness and make a dent in the skills gap by 2026.” According to (ISC)2’s 2021 Cyber Workforce Report, the global
cybersecurity workforce needs to grow 65 percent to effectively defend organisations’ critical assets. While the number of professionals needed to fill the gap has decreased from 3.12 million down to 2.72 million in the past year, this is still a significant void that leaves organisations vulnerable. Fortinet’s report demonstrates multiple risks resulting from the cybersecurity skills gap. Most notably, 8 in 10 organisations surveyed have suffered at least one breach they could attribute to a lack of cybersecurity skills or awareness. The survey also showed that globally 64 percent of organizations experienced breaches that resulted in loss of revenue, recovery costs and/or fines. Given the increasing costs of breaches on organisations’ profits and reputation, cybersecurity is becoming more of a board level priority. Globally, 88 percent of organisations that have a board of directors reported that their board asks questions specifically about cybersecurity. And 76 percent of organisations have a board of directors who has recommended increases in IT and cybersecurity headcount.
SUGARCRM PARTNERS WITH REDINGTON GULF
SugarCRM, has annnounced a strategic distribution partnership with Redington Gulf, whereby Redington will distribute the full SugarCRM AI-driven solution portfolio for sales, marketing and customer service to businesses in the Middle East.
Redington will help Sugar extend its CRM platform to businesses across the region through its extensive network of 34,000 resellers and over 70 sales offices around the world, with over 15,000 customers in the Middle East alone. Redington gains access to Sugar’s portfolio of AI-driven solutions that make the hard things easier for sales, marketing, and customer service professionals. Sugar also offers choice for cloud and on-premises solutions so customers can select the best option for their business. This is a key benefit as most other CRM providers offer their solutions exclusively in the cloud, making them unviable for customers in the Middle East. With this partnership, SugarCRM continues its global expansion with a
growing footprint and commitment in the region. “Redington is a respected player in the Middle East, and the partnership provides us with a substantial opportunity to reach prospects, customers and opportunities through an established channel. This is a significant step to fuel Sugar’s platform growth across the region,” explains James Frampton, Senior Vice President and General Manager, EMEA at SugarCRM. “Working together, Sugar and Redington will be a dominant force to address the unmet needs of midmarket organizations in the Middle East seeking a modern AI-driven CRM platform to improve customer engagement and boost business growth by delivering a high-definition customer experience,” Frampton adds.
MAY 2022
CXO INSIGHT ME
7
NEWS
RIVERBED REBRANDS TO DELIVER UNIFIED OBSERVABILITY
R
iverbed has launched a broad strategy to bring industryleading unified observability to customers worldwide and accelerate growth. Front and center in the company’s strategy is the development of an expanded unified observability portfolio, which will unify data, insights and actions to solve one of the industry’s most daunting problems: how to provide seamless digital experiences that are high performing and secure in a hybrid world of highly distributed users and applications, exploding data and soaring IT complexity.
SANS ANNOUNCES IMMERSIVE SKILLS TRAINING PROGRAMME IN QATAR
SANS Institute has announced its upcoming in-person training program, SANS ICS410 Doha May 2022, from Saturday, May 28 – Thursday, June 2, 2022, at the InterContinental Doha. Taught by real-world practitioners, 8
CXO INSIGHT ME
MAY 2022
Riverbed also launched a new brand identity, including the introduction of Alluvio by Riverbed (for Unified Observability), reflecting the evolution of the company and technology, and strong market momentum as evidenced by over 30% year-over-year bookings growth for its visibility and observability solutions in the last three quarters. “This marks an exciting new chapter for Riverbed,” said Dan Smoot, Riverbed president and CEO. “We’re capitalising on our trusted brand, the dynamic growth, and market momentum for our visibility solutions to position Riverbed as a dominant leader in the rapidly growing observability market. Through our vision to deliver a highly innovative, differentiated SaaS-based Unified Observability portfolio, we will meet
an urgent customer need and disrupt the market. We are focused on helping our customers transform massive amounts of data into actionable insights, so they can drive enterprise performance and deliver exceptional digital experiences.”
the course aims to train those cyber workforces supporting and defending industrial control systems in keeping the operational environment safe, secure, and resilient against current and emerging cyber threats.“Due to dynamic nature of industrial control systems, many engineers are unaware of the characteristics and risks of various devices. Furthermore, IT support staff that supply communications pathways and network defenses may not necessarily understand the operational drivers and constraints of the systems. With our ICS410 training, SANS intends to assist traditional IT personnel in the region in completely comprehending the design principles that underpin control systems, as well as how to support those systems in a way that ensures availability and integrity,” said Ned Baltagi, Managing Director, Middle East and Africa at SANS Institute. Led in person by Stephen Mathezer, SANS ICS410 features the ICS410: ICS/SCADA Security Essentials course. This provides a foundational set of skills and core security principles necessary for the range of
tasks that are involved in supporting control systems on a daily basis. Participants will benefit from learning experiences in hands-on, virtual lab to control system attack surfaces, methods, and tools, and develop incident-response skills in a control system environment. “The purpose of this course is also to emphasize the need for control system engineers and operators to understand their role in cybersecurity. This begins with ensuring that a control system is developed and engineered with cybersecurity in mind, and that cybersecurity is prioritized alongside system reliability throughout the system’s lifecycle,” Baltagi concluded. The timings for SANS ICS410 are between 8:30 AM and 5:00 PM AST, including breaks. Additionally, participants are eligible to join an exclusive NetWars Tournament with purchase of the course. NetWars is a suite of hands-on, interactive learning scenarios that give students the opportunity to practice their newfound cybersecurity techniques and gain risk-free, practical experience in monitored environments.
AVAYA ENTERS STRATEGIC PARTNERSHIP WITH MICROSOFT
A
vaya and Microsoft have expanded their global partnership by pairing the industry leading Avaya OneCloud portfolio with Microsoft Azure to provide organisations with more options to increase their productivity and customer engagement with unrivaled reliability, agility and scale. Building on the success of Avaya OneCloud Contact Center as a Service (CCaaS) delivered on Azure, Avaya is now expanding its partnership to include the Avaya OneCloud portfolio on Azure, for customers that want maximum flexibility to deploy in a hybrid, public or private cloud environment. “Our strategic partnership with Microsoft is an important milestone in our continued transformation to a cloud business model,” said David Austin, Senior Vice President, Strategy and Alliances, Avaya. “The global scale of Microsoft helps ensure that our joint customers rapidly deploy
Avaya OneCloud solutions in any cloud environment of their choice with speed, agility and cost competitiveness. This represents a tremendous opportunity for customers to accelerate their journey to the cloud, and a tremendous opportunity for Avaya to expand our goto-market reach through the co-selling efforts we have identified with our trusted partner.” “Many of our largest customers have standardized on Avaya communications solutions, and offering Avaya OneCloud on Microsoft Azure gives them an
additional opportunity to benefit from their investments while accelerating their cloud migration,” said Casey McGee, Vice President, Global ISV Partner Sales, Microsoft. “Together, we are working to help customers around the world transform their businesses, and drive digital transformation and implement workload migration initiatives more rapidly. This is a significant opportunity, particularly for Microsoft customers as they move more workloads to Azure.” Avaya OneCloud is an experience platform dedicated to empowering organizations to compose unique, modernized and personal experiences that meet the ever-changing needs of their customers and employees. Organizations can more rapidly introduce new experiences and capabilities to their existing solutions, and empower employees to be more productive while working in new ways, and surprise and delight their customers across every interaction.
VEEAM APPOINTS NEW CHIEF REVENUE OFFICER Veeam Software has appointed John Jester as Chief Revenue Officer (CRO). Jester will lead Veeam’s go-to-market growth strategy and help build upon Veeam’s position as the #1 provider of Modern Data Protection solutions spanning Cloud, Virtual, Physical, Hybrid, SaaS and Kubernetes, said the company. Jester joins Veeam from a successful tenure at Google Cloud where he helped build the go-to-market organisation through his leadership of the Customer Experience organisation; in this role, he drove cloud adoption and business value for customers, supporting Google Cloud’s growth to over $23B ARR. Prior to Google, Jester spent 20 years at Microsoft leading sales organizations and reimagining the GTM across the customer lifecycle. Specific roles included Corporate Vice President of
Worldwide Customer Success, where he established a new organization to drive adoption of Microsoft’s cloud services, Vice President Worldwide Specialist Sales, where he led enterprise sales strategy across the full suite of enterprise cloud services, General Manager UK Enterprise and Partner Group, and General Manager of Global Accounts with responsibility for sales to Microsoft’s top 100 enterprise customers. Throughout his career, Jester has worked closely with partners and sees them as integral to crafting solutions for customers. “I’m extremely excited about the opportunity to join Veeam,” said John Jester, CRO at Veeam. “Businesses are supporting a rapidly changing and increasingly complex IT environment involving the adoption of cloud, as a Service and containers. On top
of that, the frequency and scale of cyberthreats, particularly ransomware, continues to explode. All of this increases the likelihood of severe business interruption. Veeam has demonstrated an industry-leading vision and strategy for Modern Data Protection that delivers the resiliency customers need to move forward with Digital Transformation. I am looking forward to working with the team to help deliver on this vision.”
MAY 2022
CXO INSIGHT ME
9
NEWS
NUTANIX NAMES NEW CFO
growth, capital allocation, and all aspects of human resources. Among her recent accomplishments, she played a leading role in the transaction under which Nutanix received a $750 million investment from Bain Capital in September 2020. Sivaraman brings a combination of extensive finance and technology experience, having previously spent eight years as an investment banker at Goldman Sachs in New York, executing strategic transactions, including IPOs, mergers & acquisitions, and debt financing transactions for software
companies. Sivaraman has an MBA from the Kellogg School of Management at Northwestern University, and an MS in Electrical Engineering from the University of Michigan at Ann Arbor. “Rukmini has a unique understanding of our company and industry, along with proven financial acumen, and I am confident she will thrive in the CFO role,” said Rajiv Ramaswami, President and CEO of Nutanix. “As SVP of FP&A, Rukmini has been instrumental in evaluating and pursuing value-enhancing growth opportunities and overseeing our financial planning. Rukmini’s compelling financial, strategic, operational, human capital and engineering expertise will be a valuable asset as we continue to deliver on our long-term growth and profitability commitments. Rukmini’s appointment also reflects the deep bench of talent we have cultivated at Nutanix. Supported by our talented finance team, we look forward to benefitting from Rukmini’s expertise and insights as we continue to build on our strong financial position and create value for our shareholders.”
meetings hosted on any platform and simply join the meeting with a single “click to join” experience. The Valarea mobile application also provides users the ability to pair their mobile phones to the platform by simply scanning the QR code displayed on screen. The users’ meetings will be displayed on the touch screen and they can join their meeting by tapping the ‘join’ button. KS Parag, Managing Director, FVC, said, “Many organisations have a requirement to join various online video meetings from their meeting spaces. With dedicated solutions like Microsoft Teams Room, Zoom Rooms etc, joining virtual meetings on third party platforms is difficult and lacks the feature rich experience offered by each platform. We are excited to offer Valarea Room to our customers to provide them with a native experience on the platform they join a virtual meeting on. “Utilising each platform’s native desktop application ensures users have the best experience the platforms have
to offer. The mobile application also provides a layer of simplicity users are used to when using the personal mobile devices. Online collaboration sessions with peers and colleagues over distance has become a main requirement. With Valarea Room, users can join online whiteboarding sessions via a browser or mobile device and participate in the discussion from anywhere and on any device.”
N
utanix has announced the appointment of Rukmini Sivaraman as Chief Financial Officer, effective May 1, 2022. Sivaraman will succeed Duston Williams, who is leaving to become CFO of a pre-IPO company in a different space. Williams will remain with Nutanix through April 30, 2022 and work closely with Sivaraman to facilitate a seamless transition. Sivaraman joined Nutanix in 2017 and currently serves as Senior Vice President of Financial Planning & Analysis. In this role, Sivaraman has been responsible for financial and strategic planning, budgeting, capital allocation and business analytics and insights. Sivaraman has held several roles instrumental to the Company’s growth and transformation, including Chief People Officer, and before that Senior Vice President of People and Business Operations, focusing on revenue
FVC, RE MAGO TO OFFER MULTIPLATFORM VIDEO COLLABORATION SOLUTION FVC has partnered with UK-based Re Mago to offer the Valarea multi-platform collaboration solution for meeting rooms to customers and resellers in the Middle East. The Valarea Room solution provides organisations with the ability to join video meetings on any platform including major platforms like Microsoft Teams, Zoom, Cisco Webex, Google Meet and more. With hybrid working becoming the norm, organisations require the ability to join video collaboration meetings on multiple platforms for effective internal and external communication with customers, suppliers and more. Valarea Room provides the ability for users to invite their meeting spaces to video 10
CXO INSIGHT ME
MAY 2022
Cyber Security Solutions Shielding Systems to Safeguard Data
Dubai | Abu Dhabi | #teksalah solutions@teksalah.com | www.teksalah.com
VIEWPOINT
HOW THE CONSTRUCTION INDUSTRY CAN OUTPERFORM ITSELF KENNY INGRAM, VICE PRESIDENT, ENGINEERING, CONSTRUCTION & INFRASTRUCTURE FROM IFS LOOKS AT THREE KEY OPPORTUNITIES THAT ARE NOW POSSIBLE WITH MODERN SOFTWARE INSIDE THE CONSTRUCTION INDUSTRY, INCLUDING NEW SERVICES, MODERN METHODS, AND PROJECT PLANNING.
W
ith 2020 and 2021 playing havoc for so many construction companies, 2022 is the year for the industry to shine. With many central governments firmly setting their recovery plans on infrastructure projects the wheels are already in motion, and this creates a huge opportunity for the entire industry to meet industry demands and stimulate a global bounce back. To do this, though, construction companies will need to focus beyond the here and now, turning their attention to what matters most - their customers and ensuring their long-term future. Delivering services and maintenance Fast and friendly service is more commonly attributed to a waiter in your favorite restaurant than a worker on a
12
CXO INSIGHT ME
MAY 2022
construction site. However, an increasing number of asset owners are seeking to outsource service and maintenance contracts for their assets putting contractors who focus on the entire asset lifecycle at a significant advantage. A survey of construction customers by IFS shows that 25% now include service, maintenance, and facilities management as part of their offering, and this is expected to increase to 50% by 2025. Typically, these contracts are usually awarded to asset management specialists, however given the contract value for service and maintenance can typically be 120% - 200% greater than value of the actual construction contract alone; if service and maintenance is also secured by the same contractor this can not only increase their revenue margins but also provide a more predictable and
reliable revenue stream – which provides a platform for growth, innovation and long-term success. This trend is more commonly called Asset Lifecycle Servitization: The New Business Revenue Model For The Construction Sector - It’s an opportunity for constructors and manufacturers to gain visibility into their future performance and as such significantly grow their business, so it’s no coincidence a recent report by McKinsey estimates that construction sector disrupters could share the industries $265 billion annual profit pool. However, winning these coveted service and maintenance contracts and delivering the full asset lifecycle, requires construction companies to become more customer centric and change their outlook. This starts with a desire to
increase build quality and remain focused on delivering the final asset on time and most importantly on budget. The operating model also makes construction companies design the asset from a total asset lifecycle cost and performance perspective - changing their mindset to think more about what outcome the asset delivers. For many this is a significant change and will require them to support a much wider set of business processes than they have been used to in the past which could include an opportunity to bring in new skilled labor. In short, the next generation of construction contractor will have to see themselves as a Total Asset Lifecycle Service Provider. Modern methods of construction As construction methods continue to evolve, so is the reliance on modern methods of construction. With practices like offsite and modular construction continuing to become a method of choice due to their ability to reduce the construction time and improve quality – all whilst helping to lower costs, and reduce the ECO footprint, it makes sense then that this trend will continue to be a differentiating factor for many. Construction companies must think about standardization of materials and components. They must consider logistics, shipping and storage requirements when designing the asset to make sure it is practical, low cost and ECO friendly. And as part of this respect best practice material and inventory management principles. Finally, constructors need to have a more structured approach to managing and executing construction work packages for erection, installation and construction tasks moving towards a final assembly mindset. A long-term outlook will eventually result in 80% of the work being done offsite and 20% onsite so the winners will be the companies who can optimize this new way of working. Approximately 85% of all construction projects are predicted to use modern methods of construction in some capacity by the end of 2022.
It’s therefore vital that construction companies ensure their business system architecture can support this trend. With many legacy systems unable to support modern methods, advancing construction techniques, logistics and shipping and engineer to order manufacturing processes – a radical rethink is required. In short, the next generation contractor will be a hybrid business – contractor and logistics company and sometimes a manufacturer as well. Integrated project planning In an industry which faces constant disruptions, battles disconnected jobsites and unpredictable environments– planning has never been so important. This has become hugely apparent throughout 2021, with the ongoing challenges around the diminishing labor pool still raging now combining with the equally troubling situation of raw material price increases and lengthening material supply lead times adding an uneasy lack of predictability. Unfortunately, these challenges do not look like they’ll be easing anytime soon. It is therefore crucial that engineering and construction companies who want to grow and deliver projects successfully develop a more integrated planning process that starts from the initial project inception. The industry has traditionally
managed with a reactive fire-fighting approach but the resource constraints that the industry now faces means that this approach is no longer sustainable. Most industries have been driving to become lean by having fewer preferred suppliers and just in time deliveries. The resource shortage challenges are making it a necessity to think more about a “Just in Case” strategy to make sure projects can be delivered on time. The result is that planning excellence is now a MUST HAVE rather than a NICE TO HAVE. Most engineering and construction companies use project planning tools to navigate the planning minefield and the use of these tools is likely to increase – but they’ll need to develop in line with requirements. Many project plans today are too high level, with resource requirements not included or not containing accurate dependency logic and in extreme cases potential risks going unflagged. This is described as the pretty picture approach - a Gantt chart on the wall that depicts project deliverables, ultimately the reality is that each department currently has their own departmental plans, often managed in Excel. The implication of these plans therefore not being in sync with the master project plan can cause inevitable resource shortages, can lead to plant and rental equipment sitting idle incurring unnecessary costs or worst of all projects halting all together. This can’t continue. The new world needs a single master project plan with one version of the truth that integrates with all sub-plans. Only then will different departments like engineering, procurement, plant and equipment, manufacturing and installation and construction all be in sync. 4D BIM scheduling tools also need to be integrated and together provide the capability to generate time phased resource requirements and provide active availability monitoring, not just produce a Gantt chart with a timeline. For most companies this transition requires a shift in mindset, processes and business systems and a move to a more integrated world.
MAY 2022
CXO INSIGHT ME
13
COVER STORY
AN OPEN APPROACH PHILIP ANDREWS, VP- CEMEA AT RED HAT, EXPLAINS WHY ENTERPRISES NEED TO RETHINK THEIR TEAMS, PROCESSES, AND TECHNOLOGIES TO STAY COMPETITIVE IN THE DIGITAL ERA. insight – we have seen transformations that work well and those that struggle. We have the skill sets, technology, and a culture of 28 years in the open-source environment to help our customers build best practices and digital DNA to run the right applications in the right way.
D
igital transformation can mean a lot of different things. How do you define it? With digital transformation, you are trying to change how you do business by using technology more effectively. There are many critical elements to this, but most importantly, you need people with vision, creativity, and skills to bring in cultural change. You need to be able to build processes and new applications quickly because, generally, digital transformation is supported by new applications that engage with customers, partners, and employees. And you also need a platform on which 14
CXO INSIGHT ME
MAY 2022
these applications can run. So if you have the right people, skill sets, culture, digital processes, and a platform to put it all together, it is what I call digital DNA. How does Red Hat support its customers’ digital transformation initiatives? We are working with many organisations, helping them get the right architecture, culture, vision, and technology and transition from typically large applications, which are slow to change, to building innovative applications that can change at the speed of business. The first thing we bring to the table is
Why do enterprises in the region need to embrace IT modernisation, especially when we don’t have many legacy technologies? The entire world has been driven heavily towards digital transformation because of Covid-19. Many people were thinking about it, and suddenly, because of lockdown, they had to implement digital engagement with their customers because that was the only way. So that kind of innovation level was seen everywhere – it was global. And everybody has a legacy unless you are starting a new business. I think the Middle East is a leader in adopting digital technologies. For example, governments throughout the Middle East have launched many initiatives in the area of digital government to broaden civic engagement and transform governance. Why is a hybrid cloud environment critical to digital transformation? Firstly, you need to build the right digital DNA. This makes it imperative to build applications that can run on-premise, in the private cloud, or public cloud environments because the last thing you want to do is get locked into one single cloud vendor. If you are a global company, not all clouds are available in the physical places you may need them, and also, you may want to have the ability to select to encourage competition between clouds. Besides,
RED HAT ANSIBLE AUTOMATION PLATFORM ALLOWS DEVELOPERS TO SET UP AUTOMATION TO PROVISION, DEPLOY, AND MANAGE COMPUTE INFRASTRUCTURE ACROSS CLOUD, VIRTUAL, AND PHYSICAL ENVIRONMENTS. every country now has data residency laws, so you must use clouds in-country. To ensure your applications are fully portable, you need a hybrid cloud container platform. However, one of the challenges in building cloud-ready scalable applications using technologies such as containers is that each cloud has its version of Kubernetes. This is why you need a platform such as Red Hat Openshift that can run on-prem, private clouds, or multiple public cloud environments, offering you simplified development and release process for applications. Which digital technologies are essential to digital transformation success? There are several critical technologies to make digital transformation a reality. The first is a fully secure, enterpriseclass container platform that allows a path from development to production using on-premise, bare metal, virtualised, private cloud, and multiple public cloud environments. The next element is you need a really clear integration strategy and API management. As you build these containerised applications to work anywhere, you will use services that already come from internal, monolithic
enterprise systems of record or digital services from the cloud.This is why you need API management to extract value from existing data and systems and provide a seamless connection between your digital assets. The third is mobile technology – the target for many transformations is to build applications that can run on smartphones, tablets, and desktops. Therefore, it would be best to have a good strategy around mobile devices and delivery platforms to make your applications readily available. Extending the transformation capabilities further are emerging technologies, specifically AI/ML, robotic process automation, and edge and serverless computing, presenting various new opportunities. What are the differences between OpenShift and Kubernetes? Kubernetes is a container platform. If you want to make that very capable, you have to start adding other applications and build what we call a complete development deployment platform. So OpenShift is Kubernetes, plus probably 80 or 90 applications from the open-source world. We have created the capability to manage the process of taking these applications, building them into a consistent enterpriseclass, scalable, supported platform. If you have a 24/7 operation, you’d want to have something available and supported because you’re building applications that will be running your business. So OpenShift is a superset of Kubernetes with all its fundamental capabilities. However, it is so much more with the ability to do DevOps, deploy programmes to all the development phases, scale, and go across multiple clouds. Those capabilities are built on top of the fundamental basic container platform. Could you tell us more about Ansible, your automation platform? Cloud computing involves IT environments that abstract, pool, and share scalable resources across a network. Automation tools help maintain greater visibility and oversight across these disparate resources. Red Hat
Ansible Automation Platform allows developers to set up automation to provision, deploy, and manage to compute infrastructure across cloud, virtual, and physical environments. In other words, Ansible is a way of building automation to take repetitive tasks out of the data centre for managing infrastructure. It is effectively infrastructure as a code. Typically, you will see very skilled talent deployed in the data centre for repetitive tasks. Ansible removes all that and allows you to free up your resource to focus on high-value and innovative tasks. What is your channel strategy? Red Hat’s business is probably 85 percent channel worldwide, and in my region, which is the Middle East, Eastern Europe, South Africa, and Turkey, we do more than 99 percent of our business through the channel. So we have a lot of different partners – ISVs, cloud partners, solution providers, and global system integrators because our technology is very much like the plumbing you require. So whether it’s a small system of ten servers running something for a smaller company or thousands of servers running an extensive government application – we can work with any of these partners who may need to do that as part of their market approach. How do you ensure your partners have the right skill sets around these new technologies? Red Hat started with big compute partners such as HPE, Dell, and Lenovo as a Linux company. As we started adding to the portfolio, we have developed partner programmes with specific types and grades, such as advanced and premium, and there are levels they have to get to with their training. And we’ve recently announced that our complete training programme will be available completely free to our partners. Comprehensive portal services are also available to the partners for sales and demo training. There is a huge amount of services and support available for the partners of Red Hat.
MAY 2022
CXO INSIGHT ME
15
CASE STUDY
BUILDING THE FUTURE MORO HUB EMBRACES A SUSTAINABLE MULTI-CLOUD STRATEGY AND HELP POWER THE UAE’S SMART GOVERNMENT AND SMART CITY AMBITIONS.
A
s part of 10X, DEWA mobilised its innovation unit to create a new entity called Digital DEWA, which uses innovation in artificial intelligence and digital services to meet the current and future requirements brought about by the 4th industrial revolution. This entity required an innovative, agile data hub, and thus Moro Hub was established in 2018. Forming the backbone of Digital DEWA, Moro Hub was established to fulfil the need for an innovative and agile data centre and to drive digital transformation throughout the UAE and meet the country’s ambitious sustainability goals by helping to reduce IT’s carbon footprint. Moro Hub proudly contributes to the UAE’s future vision. It works alongside other strategic initiatives, including the 16
CXO INSIGHT ME
MAY 2022
Dubai Plan 2021, UAE Centennial 2071, and Dubai 10X, an attempt to position the city as 10 years ahead of the rest of the world. For Moro Hub to deliver its mission, it needed to become an end-to-end service provider, hosting, and delivering sustainable cloud-based services to organisations across the UAE. As well as offering a sustainable cloud-hosting solution, it also wanted to provide cybersecurity services along with managed and professional services. Moro Hub is upgrading the country’s IT infrastructure, and it launched the first Green Data Centre that was the region’s first tier-III, solar-powered data centre in Dubai in October 2020. In May 2021, due to strong demand, Moro Hub announced plans to build a second data centre in Mohammed bin Rashid Al Maktoum Solar
Park. This will be the largest, 100 percent solar-powered, tier-III data centre in the Middle East and Africa, with a capacity of more than 100 megawatts (MW). While Moro Hub’s data centres had the core infrastructure in place, it still needed to develop a modern service catalog. This would allow it to automate manual processes and enable organisations across the UAE to transform their operations. To help move organisations to the cloud, it also needed access to the right expertise to build cloud offerings and services to launch on its cloud platform. Embracing cloud for a service-oriented approach Moro Hub selected VMware to help build a multi-cloud platform to enable its customers, including government
entities, to operate and manage their own clouds and deliver future-oriented services. As well as improving operations across businesses in the UAE, the move also supports the country’s digital transformation ambitions, including a goal for all government services to be accessible from anywhere, at any time, by 2023. SMohammad Bin Sulaiman, Moro Hub’s CEO, says: “After establishing our data centres, we knew that with the right software-defined solution, we would be able to maximise the investment and offer government and enterprises truly compelling services that would open new digital opportunities for them while enhancing their sustainability.” The multi-cloud platform consists of several integrated VMware solutions with the VMware Cloud Provider Platform at the centre. Moro Hub deployed VMware vSphere as its core virtualisation tool, enabling it to deliver developer-ready infrastructure to its customers, while VMware vSAN provides the hyperconverged infrastructure for storage virtualisation, allowing Moro Hub to combine all the elements of a traditional data centre in a virtual environment. Finally, VMware NSX micro-segments the network, improving security. NSX Distributed Firewall (DFW) provides an agent-less firewall for each workload
that inspects every packet in/out of every workload, analysing inbound and outbound traffic to the workload for malicious content. It blocks the unnecessary inbound and outbound traffic between workloads without changing the underlying networking (also known as micro-segmentation), and reduces the attack vectors for ransomware Moro Hub has also deployed VMware Cloud Director, a cloud service delivery platform, allowing it to share and allocate resources across multiple tenants, offer security and self-service, and enable tenants to do their operational work. Moro Hub is also using Container Service Extension (CSE) to offer Kubernetesas-a Service, giving customers the capability to build and deploy cloud-native applications such as e-health and traffic management apps. VMware Professional Services worked with Moro Hub’s senior leadership team to define, create, and implement a competitive cloud services portfolio. A comprehensive catalog was built providing a full self-service experience for Moro Hub’s customers. Tools were created that allow tenants to automate, operate, and manage their own clouds, thus reducing Moro Hub’s operational overhead. Knowledge transfer sessions were executed which have enabled Moro Hub to build new services and operate, manage, and expand its cloud environment. Driving growth and sustainability VMware Cloud Provider Platform enables Moro Hub to expand its cloud services portfolio to offer highly scalable ondemand VMware services with security, compliance, and data sovereignty, creating revenue opportunities for customers and helping them to monetise their services. On-demand-based services will enable government entities and private enterprises to adopt new transformative technologies more quickly such as AI, 5G, and Edge computing. In turn, it will be easier for organisations to launch new applications, use flexible consumption-based billing models, and
offer cloud-based services to customers. By driving the adoption of cloud-based services and enabling organisations to move from a Capex to an Opex model, Moro Hub helps organisations across the UAE to increase their efficiency and agility while reducing unnecessary spend on IT equipment and maintenance. This is empowering organisations to become smart, lean enterprises that are better equipped to respond to market needs. Most importantly, the new solutions are helping the UAE fulfill its goal of developing sustainable smart government and smart city solutions. It gives organisations the flexibility they need to return to growth as the impact of COVID-19 subsides. Meanwhile, access to cloud solutions powered by renewable energy means customers can cut their IT carbon footprint. The reduced need for physical IT infrastructure helps minimise e-waste. “Moro Hub is a true enabler for customers to achieve their digital transformation ambitions and to become more efficient, sustainable, and scalable,” says Sulaiman.“We’ve delivered on our promise to support our customers to create modern, cloud-native applications that help improve lives and support Dubai’s sustainability ambitions.” Moro Hub is well on its way to achieving its vision of becoming the ‘digital services provider of choice’ for governmental and private organisations in the UAE and beyond. It also holds multiple ISO certifications and it is the only cloud service provider in the UAE to be certified by Dubai Electronic Security Center (DESC). Moro Hub earlier also partnered with the Dubai Digital Authority (Previously Smart Dubai Department) for the provision of a Government Information Network (GIN) node at Moro Hub to accelerate the digital transformation initiatives of Dubai Government entities. Looking ahead, Moro Hub plans to continue onboarding new customers and help them to embrace a cloud-first approach to innovation and as a VMware Cloud Verified partner, it also encourages its customers to continue innovating.
MAY 2022
CXO INSIGHT ME
17
FEATURE
GETTING AN EDGE EDGE COMPUTING, WHICH ACCELERATES THE DECENTRALISATION OF IT ENVIRONMENTS, IS QUICKLY EXPANDING ACROSS INDUSTRIES, DRIVEN BY NEW USE CASES.
E
dge computing can help organisations optimise the quality of service (QoS), which is the primary business value that every organisation looks for. According to the latest IDC MEA Datacentre and Infrastructure survey, which was concluded in Jan 2022, almost 30% of CIOs stated that they have adopted edge computing for their current projects. This was merely 6% almost a year before (in IDC MEA Jan 2021 survey) and almost 68% of organisations had no plans. “Adoption of edge computing across the META region is in its infancy, but fast-growing phenomenon as organisations are steadily investing in this technology. To lower transmission 18
CXO INSIGHT ME
MAY 2022
costs, minimise latencies, and make more efficient use of apps, organisations have started to leverage edge computing and are hosting their services closer to the data sources at edge locations,” says Manish Ranjan, Senior Program Manager for Software and Cloud at IDC Middle East, Turkey and Africa. He says use cases in the region are still evolving. Businesses generating an abundance of data and running analytics and AI are challenged with scalability. In addition, assets with limited connectivity require the ability to process data and act even in a disconnected state. To address such challenges, organisations are leveraging the benefits that edge computing offers.
Most organisations either use or plan to use edge computing for production asset management, predictive maintenance, security and surveillance, smart buildings, and fleet management. Gartner estimates that by 2025, 75% of enterprise-generated data will be processed at the edge. The edge generally consists of harsh, unreliable, and unstable environments, but there is still a demand to make mission-critical and time-sensitive decisions at the edge. This requires new approaches and a new level of computing and innovation. “Companies of all sizes require powerful infrastructure solutions to help generate faster insights that inform competitive business strategies,
Manish Ranjan
directly at edge sites,” says Alaa Bawab, General Manager, Lenovo Infrastructure Solutions Group, Middle East and Africa. “As Lenovo we are developing purpose-built edge infrastructure solutions that bring the compute power that is typically found in data center environments to the edge. Edge solutions need to combine versatility, ease of deployment and management, and secure connectivity to account for their edge-of-network location.” Sakkeer Hussain, Director of Sales and Marketing at D-Link Middle East and Africa, says edge computing can play an important role to create enhanced methods for boosting operations, increasing business efficiencies, monitoring safety, increasing performance, automating processes etc. It brings processing capabilities closer to where it is required. Before deploying edge computing, the key parameters that businesses should consider include deciding the level of intelligence that should be integrated into the IoT devices and how these devices will be classified together. It is important to have a clear plan for desired objectives and outcomes. “It is also key to ensure advanced analytics and reporting are integrated into the IoT devices to gain better accuracy for automation. The approach for edge computing can range from onprem, hosted on-prem to managed by ISPs or cloud providers,” he says.
Alaa Bawab
BEFORE DEPLOYING EDGE COMPUTING, THE KEY PARAMETERS THAT BUSINESSES SHOULD CONSIDER INCLUDE DECIDING THE LEVEL OF INTELLIGENCE THAT SHOULD BE INTEGRATED INTO THE IOT DEVICES AND HOW THESE DEVICES WILL BE CLASSIFIED TOGETHER. IT IS IMPORTANT TO HAVE A CLEAR PLAN FOR DESIRED OBJECTIVES AND OUTCOMES. New use cases The demand for edge is generating new use cases, businesses models, and innovative solutions, as edge computing is helping enterprises to address a variety of existing challenges, from costs to latency, across a wide range of IoT applications.
Sakkeer Hussain
Ahmed Eid, Director of Presales, MERAT, Dell Technologies, says by providing better performance and near real-time experience, edge computing is proving to be valuable for analytics and machine learning, allowing it to have transformative potential for many industries and areas. “Smart cities are generating many new use-cases for edge, from faster autonomous vehicle support to smart households and traffic management. There are also various new and continuously developing use-cases in different industries. For example, remote monitoring and predictive maintenance in manufacturing are gaining pace. Facial recognition for personalised advertising, and AIpowered surveillance for security are also advancing in the retail industry. For healthcare, remote surgeries, patient monitoring, and telemedicine are being facilitated more seamlessly,” he adds. Edge computing is also rapidly gaining currency in many fields including manufacturing, healthcare, retail and utilities. “Chain retailers increasingly use data to offer new services, improve in-store experiences, and keep operations running smoothly. But most stores aren’t equipped with large amounts of computing power. And for pharmacies that keep patient records, data security is a paramount concern. Edge for retail could mean anything from a store
MAY 2022
CXO INSIGHT ME
19
FEATURE
Ahmed Eid
manager who uses AI tools for staff scheduling, a pharmacist with a tablet who can visit patients in their homes, or restaurant workers prepping mobile orders ahead of the lunch rush,” says Adrian Pickering, Regional GM of Red Hat MENA. Prem Rodrigues, Director for the Middle East, Africa & India/SAARC at Siemon, says many new consumer and industrial technologies will benefit from edge computing and edge data centres, including fifth-generation (5G) networks, Internet of things (IoT) and Industrial Internet of things (IIoT) devices, autonomous vehicles, virtual and augmented reality, artificial intelligence and machine learning, data analytics, and video streaming and surveillance. “5G mobile networks will offer very high bandwidth (up to 20 Gbps) and low latency (less than one millisecond). Edge data centers will need to be installed at the bases of 5G towers to improve localised service to mobile customers,” he says. The security challenges Though edge computing offers many benefits to businesses, it also comes with increased cybersecurity risks. “With ransomware, data breaches, and cybersecurity attacks on the rise, almost no technology is free from risk, and thus cybersecurity measures must be put in place for edge. Taking the case 20
CXO INSIGHT ME
MAY 2022
Adrian Pickering
WHILE EDGE ENVIRONMENTS WILL NOT DIFFER TOO MUCH FROM TRADITIONAL CENTRALISED DATA CENTRES IN TERMS OF ESSENTIAL INFRASTRUCTURE COMPONENTS, THE EDGE FACILITY WILL COME WITH ITS OWN SET OF UNIQUE CHALLENGES. of edge computing, every edge device can be seen as a point of entry. This calls for the need to build in protection for data at the edge, with a plan that includes maintaining business and service continuity despite one or more edge sites being compromised,” says Eid from Dell Technologies. Pickering from Red Hat says to overcome this challenge, organisations need to have controls and policies in place to ensure systems are
Prem Rodrigues
maintaining a proper security posture, even when deploying applications in remote locations. According to Gartner, internet-connected devices on enterprise networks can be hacked in as little as three minutes, and breaches may take six months or more to discover. “Companies will need the ability to set policy that ensures that software is updated properly and that data security measures are put in place to prevent vulnerabilities.” Common pitfalls to avoid While edge environments will not differ too much from traditional centralised data centres in terms of essential infrastructure components, the edge facility will come with its own set of unique challenges. Rodrigues from Siemon says the careful choice of IT infrastructure remains critical, with high-density cabling options, pre-assembled cabinets and infrastructure management tools key to ensuring reliable operation in support of growing and more demanding networks. “There are some unique challenges that are posed by the deployment environment of edge solutions, ranging from harsh operating conditions and limited power availability in remote outdoor locations, to ‘indoor’ challenges like limited space or the need for quiet operations,” Bawab from Lenovo sums up.
We Are
Exclusive Networks Specialist in trusted digital infrastructure
The most relevant partners and technology ecosystem
Highly skilled people and disruptive culture
Complete global coverage and scale
Creating partner value through a Services 1st ideology
Constantly innovating, forever relevant ‘distribution services provider’
www.exclusive-networks.com
INTERVIEW
CHARTING A NEW COURSE IN AN EXCLUSIVE INTERVIEW, BRYAN PALMA, CEO OF TRELLIX, TELLS US HOW THIS NEW CYBERSECURITY GIANT PLANS TO TAKE THE XDR MARKET BY STORM.
W
hat does your brand name mean? When we were bringing two companies -McAfee and FireEye – together, we wanted to make sure we had a new brand and a new identity because we would do something different in the market. So we looked at what the existing branding across security looks like, and we found there were a lot of swords and shields and military-type analogies. That felt old to me because today, the threats are so dynamic. We’ve got nation-states involved in attacking corporations. The threats are constantly morphing and changing. So we thought this concept of living security seems more appropriate for today’s world - something that’s adaptable, organic, and changes and moves as you need it to. And that led us to think about the word trellis, an infrastructure that supports plants and trees. So we then changed that to Trellix.
ingest CASB and SWG as part of our XDR suite. But we also do that with over 600 other security technologies.
How do you define XDR? First of all, we don’t think about XDR as a specific product; we think about it as architecture. Today, collectively as McAfee and FireEye, we have a robust XDR portfolio. In my personal opinion, to call yourself an XDR player, you have to have an endpoint. We have two endpoints from FireEye AND McAfee sides that we are bringing together, and both perform EDR. And then you have to have security operation capabilities. We have that with a tool on the FireEye side called Helix. We also have a more traditional SIEM that we will leverage when integrated into our cloud-first security operations tool.
Will you continue to work with Mandiant now that they have been acquired by Google? We have a very close relationship with Mandiant. Their CEO, Kevin Mandia, and I have a personal relationship. And we also have a multi-year business relationship with them, where we share telemetry, and they share threat intelligence. This
Is that Skyhigh Security, which was spun off recently? That’s actually different. It is a CASB, and the secure web gateway is part of the Skyhigh business, which is focused on the security service edge market. We’re primarily focused on XDR. However, we 22
CXO INSIGHT ME
MAY 2022
How do you plan to differentiate in the XDR market? For starters, you got to have underlying XDR technology. If you don’t have an endpoint or a security operations console, I’m not sure you call yourself XDR. There are a lot of people doing that. We’ve got one of the most robust XDR platforms out there. So we’re going to continue to do a couple of things. We’re going to continue to innovate, especially when it comes to machine learning and data analytics. We think that’s a key piece. Second, we’re going to continue to automate and help security operations centres and analysts get more efficient and cut through the noise. Third, we will continue to be open and ingest from across the security landscape.
relationship is going to continue to thrive and get stronger under Google. Is it a good idea to automate security? I don’t think it’s the only thing you can do. Many people think machine learning and automation can solve all these challenges we face now. I just don’t believe that I believe it’s a combination of getting more efficient through automation or getting better intelligence through automation. But you’re also always going to need people involved. So the question is, can you reduce the resources you need through automation? What role would your Threat Labs play in the new company? The Threat Labs is very critical to us. It’s an area you’ll hear a lot more from us. Historically, we haven’t had as big a microphone as we should have. We’ve been hesitant to break the news around vulnerabilities or malware. You’ll see us change that. But more fundamentally, we have over a billion sensors out in the market. We bring all that data back in, and we use that content to help power our products. Again, back to your questions about how we differentiate ourselves as an XDR vendor. We have some of the best telemetry in the business. And we’ll let that continue to power our Labs and our platforms. Are you seeing any new threat vectors? We know 90% of threats originate in email it’s still very effective. We see a lot of business email compromise and impersonation-type attacks. We’re seeing them on email and also on mobile in the form of text. So that’s a very real problem. Ransomware continues to be a problem across the industry, especially for small and mid-sized businesses. We’re seeing what we’re now calling pseudo ransomware, which is not looking to collect a ransom, but wiping and destroying data. The big one is called HermeticWiper, which we found in Ukraine.
INTERVIEW
THRIVING ON CHANGE RICK RUIZ, PRESIDENT OF STRATEGIC MARKETS AT KYNDRYL, EXPLAINS WHY THE IBM SPIN-OFF IS BULLISH ABOUT THE MIDDLE EAST REGION.
H
ow do you plan to drive growth in the Middle East market? We’re here because there’s so much transformation and innovation going on in this part of the world. We see the cloud taking off here, specifically the hybrid cloud. Every customer I meet talks about two things - cloud and modernisation. It’s even more pronounced here. What is Kyndryl’s advantage? So I like to think it’s two things. We’re a startup. But we’re a startup with 90,000 people and 4000 plus customers and decades and decades of experience in delivering mission-critical applications. As our chairman said, we are ready to support the hearts and lungs of the world’s vital infrastructure. So it is that scale and expertise coupled with our freedom of action that sets us apart. We were part of IBM, and of course, we were biased towards IBM. Now what we are biased toward is the needs of our customers. You are building an ecosystem by forging partnerships with tech powerhouses such as Microsoft, AWS, VMware, etc. Can you share us with the strategy behind this? Yeah, so it’s to go from predominantly an IBM portfolio to a portfolio that includes the full spectrum of solutions by forming strategic alliances with tech giants. You’ll see us start to integrate both our capabilities and their capabilities more together. The other thing you’re going to see us do is to improve our people’s skills. I’m very proud of the fact that we’ve increased the certification levels of our people manifold. It’s one of those unique things where it’s a win-win situation. It’s a win for our employees because they put their skills to improve their value, and they’re more involved and engaged. It’s
$500 billion, and before the IBM spin-off, it was about half of that. We are moving into new areas like data and AI and hyperscalers, where we weren’t allowed to play before.
a win-win for our customers because we bring more value to them. Especially here in the Middle East, we want to build up the capabilities of the people who live here or work here. We want to build up that capability by bringing in expertise from around the world. The IT services market is already a bit crowded. How do you plan to stand out? There are a lot of worthy competitors out there. What works in our favour are two things. Number one is we bring that speed and agility coupled with the scale. I think that gives us an advantage over some of the bigger ones. In addition, we’ve doubled the total addressable marketplace with what we’re going to go after. My division alone as an enterprise has capabilities in over 50 countries. So when we’re talking with a customer and if they need help in Turkey, Egypt, Saudi, or the UAE, we can deliver that because we have a presence. And also, some of the global partnerships we’re forming are unique, and not everybody has that strategy. What is your addressable market? Our total addressable market is around
How do you plan to transform your service delivery model? In two ways. One is the skills- we are very people-intensive and capitalize on almost 90,000 employees worldwide. So it’s to scale them up and give them the tools and capabilities. The second is that we’re introducing more automation to our customers. This means freeing up our people so that instead of handling very mundane tasks, they can now upscale and move into the hot areas for our customers. So that’s where we see our ability to deliver uniquely versus many other companies. Are you targeting any particular industry sectors here? Yeah, we haven’t targeted a specific industry or sector. But we are very strong in financial services institutions, telecom, and transportation. We also have a lot of presence in the mining, industrial and retail sectors. Most of the needs of our customers in these areas are not specific to the industry. However, we will bring industry specialisation as we move into the new areas. But that’s probably down the road a little bit. Which one is growing fast among your six core technology practices? Cloud is growing fast all around. In every county, you see different stages in different growth. Here in the Middle East, we see a lot of cloud adoption. But, what is really starting to pick up is data and AI because customers have collected all this data, and now they want to do something with it. And the things I hear from our customers are cloud, digitization, and modernisation.
MAY 2022
CXO INSIGHT ME
23
FEATURE
THE ART OF DATA SCIENCE HOW DATA SCIENCE CAN POWER YOUR BUSINESS
F
or the uninitiated, data science is the process of gleaning business insights from structured and unstructured. It collects, analyses, and interprets large volumes of data, using various methods ranging from statistical analysis to machine learning, to improve business operations, reduce costs and enhance customer experience. Though the term has been in use for decades, there is a sudden surge in demand for data science platforms as enterprises continue to amass enormous volumes of data in both structured and unstructured formats. This has created opportunities to transform data into value by gaining actionable insights into business challenges. “The abundance of big data originating from web applications, mobile, and Internet of Things (IoT) has brought opportunities and challenges for business. Companies have the opportunity to get insights from this data to optimise processes, foster
24
CXO INSIGHT ME
MAY 2022
innovation, and create new business opportunities,” says Hadj Batatia, Director of B.Sc. Data Sciences, Mathematical and Computer Sciences, Heriot-Watt University Dubai He says the science behind working with data is becoming more accessible. Until recently, limited numbers of people graduating from some universities were able to master the needed mathematics, statistics, and computational models; but they were coming from different programmes, making knowledge sharing and cooperation difficult. Today, universities offer integrated data science programmes; various tools, platforms and technologies are available on the cloud. On-line courses ad onthe-job training are offered to re-skill employees. These factors lead to the democratisation of data science, with the aim of allowing companies of any size to benefit from this revolution. Celal Kavuklu, Customer Advisory Director for Middle East and Africa at
SAS, says the need to operationalise and realise the value of data science is now booming, underpinned by the need to manage and deploy models effectively. “Gartner reported that less than 40% of models created, with the intention of productionalising them, are ever put into production. Bain & Company reported that 70% of enterprises view analytics as a critical strategy, but less than 10% of enterprises are realising the benefits. Managing all models, no matter the language, in one place is key. This allows organisations to take advantage of automation to create repeatable deployment processes and monitor models once they’re in production to ensure the highest level of performance is maintained.” What is the difference between data science and AI/ML? Data science and AI are frequently used interchangeably. Data science is the discipline that aims at scaling machine
Dr. Hadj Batatia
Celal Kavuklu
Sid Bhatia
learning to deal with big data in order to solve real business problems. This new and fast-developing discipline creates methods, tools and techniques for this purpose. Data science brings together mathematics, statistics, machine learning, and computer science. “A way to understand the work of data scientists is to compare with software engineers who start from an information problem, design a solution, scale and manage projects, and develop and operate software. Data scientists also start from a business problem. They design data collection technologies and strategies, transform and analyze data, develop and validate data models, and integrate solutions within company information systems or industrial systems,” says Batatia. Sid Bhatia, Regional Vice President & General Manager for Middle East & Turkey at Dataiku, adds: “When it comes to defining data science, which is frequently lumped together with machine learning, it is described as a field that uses processes, scientific methodologies, algorithms, and systems to gain knowledge and insights across structured and unstructured data. Moreover, data science definitions vary widely based on business function and role — different people across an organisation might have bespoke definitions for what makes good data science. It might be tangible business impact for data leaders, while for people
like data scientists or engineers, it might be more detailed and nuanced — like the quality or accuracy of the mode.” Kavuklu from SAS says data science uses AI, and most AI projects today rely on multiple data science technologies. “So we’re talking about two broad fields that have a lot in common, and it may be difficult to set clear boundaries between them.”
The choice of the language to use in a data science project depends on many factors, including the team’s familiarity with either technology and the use case to be implemented,” says Bhatia from Dataiku. Batatia says data collection and management make use of NoSQL technologies with specific programming and query languages. Data cleaning and preparation can use simple spreadsheet tools when data has low volume. But when data is big, usually Python is used to write transformation pipelines. R is the best choice for statistical modelling when analysts want to uncover patterns and correlation. When developing predictive machine learning models, data scientists often resort to Python due to the large user community, the availability of libraries and frameworks, and the ease of development. System integration usually require more structured languages to enforce maintainability, reusability, interoperability, and other quality factors. Kavuklu argues users should be allowed to choose their language of choice, the language they have spent years becoming experts and highly efficient in. “Being able to provide users with a technology that allows them to use a language of choice, or even dip between one and another will allow them to be as efficient and create the most performant data science models they can. A key part of this is allowing data scientists to collaborate and work in the way they prefer,” he sums up.
Top data science programming languages A data science project involves a workflow of activities including data collection and management, data cleaning and preparation, data analysis and visualisation, data modelling and validation, and model integration and exploitation. Each of these stages requires different and complementary technologies and languages. The world of data science is awash with many programming languages, including PyTorch, TensorFlow, Python and R. Of these, the last two are more prevalent in data science projects. “Both Python and R are suited for data science tasks — from data analysis and data wrangling all the way to model development and automation. Both languages are supported by large communities and are continuously extending their libraries and tools. While R is mainly used for statistical analysis, Python provides a more general approach to data wrangling and machine learning.
MAY 2022
CXO INSIGHT ME
25
VIEWPOINT
HOW TECHNOLOGY CAN TRANSFORM RECRUITMENT GARRY TAYLOR, CHIEF TECHNOLOGY OFFICER, THE DATAFLOW GROUP, EXPLAINS HOW DISRUPTIVE TECHNOLOGY IS MITIGATING THE RISKS OF MAKING THE WRONG HIRES
R
ecruitment is an expensive process. And a risky one. While recruiting the right talent should ultimately increase a company’s revenue generation, bad hiring practices are incredibly expensive. As economies around the world recover from the pandemic, many organisations are faced with the challenges of The Great Resignation, adding complexity and urgency to the already critical task of finding, engaging and employing the right people for the growing number of roles they need to fill. In addition to the time it takes to advertise a role, review applications, interview applicants and onboard new hires, organisations incur expenses related to obtaining the relevant visa and work permit, medical insurance and training. Estimates of how much hiring the wrong person costs vary, but it could be as high as 30 per cent of the employee’s salary for the first year, if not more. In critical sectors such as healthcare, beyond the financial cost, risks of the wrong hire extend to patient care, or the lack of competent care, which could result in malpractice or even death. According to the Patient Safety Movement, as many as three million people die globally each year as a result of medical errors. A likely contributing factor to this number is inadequately qualified or trained medical personnel. To mitigate the risks associated with recruitment, especially in the healthcare sector, many governments mandate that practising professionals have licenses awarded which are dependent on credentials and experience. However, determining the accuracy and truthfulness of license applications is a time-consuming and often challenging process. Primary Source Verification (PSV)—the process in which a third party, such as the DataFlow Group, handles license applications and verifies whether the information provided is true—
26
CXO INSIGHT ME
MAY 2022
is helping government bodies and employers find qualified and experienced talent faster and with greater confidence. DataFlow has partnered with several government authorities, which leverage the organisation’s specialised PSV solutions to screen the credentials of healthcare professionals. Applicants upload their application for licenses and provide supporting documents, including education certificates and evidence of past employment, to an online portal. DataFlow then validates this information through its network of over 100,000 issuing authorities across more than 200 countries. To further streamline this process, DataFlow launched TrueProfile.io, a career hub for healthcare professionals. Applicants using this platform only need to verify their data once rather than verifying their credentials every time they change jobs or relocate. Once an applicant’s details have been validated, their data is stored on the Ethereum blockchain, ensuring the verifications are accessible when required while also being completely secure and tamper-proof. The benefits to applicants are clear; they need only complete the verification process once, saving them time and money for future applications. However, benefits extend to authorities who issue licenses and potential employers. They can be confident the data they are receiving is accurate and has been verified by a trusted partner. While increasing confidence in the applications they receive, this system also reduces the number of applications they
will need to review. DataFlow only provides applications in which the applicant meets all of the required criteria, selected by its proprietary technology, so employers can be confident that applicants, at least on paper, are competent and capable of carrying out the role. DataFlow’s PSV and TrueProfile. io also pre-qualify applicants before they have entered the sector, meaning there is a verified talent pool ready to engage with when positions become available. This has the potential to reduce time-to-hire dramatically, further delivering cost savings. Taking a broader view, if patients know their doctors, nurses and healthcare practitioners have been through this rigorous recruitment process in which all of their credentials and experience have been validated, driven by technology and an objective review, confidence in the healthcare sector increases and medical errors decrease. Finding the right talent goes beyond just finding someone capable of doing the job—organisations are also looking for people who are a good cultural fit. Again, technology is being used to provide a more detailed picture of candidates, extending to analysing their online presence. DataFlow’s Digital Footprint Verification scans social media platforms, the web and the dark web to identify applicants’ online behaviour, even identifying and tracking pseudonyms. This background screening process protects hiring organisations from unnecessary exposure to risk, flagging violence, prejudices and extreme tendencies and generating a report that provides both historical and real-time data. While PSV has not yet become fully automated, strides are being taken to eliminate the need for manual human input. While some countries still rely on paper-based records, many institutions are now digitising records, which will enable the seamless flow of information and the faster-automated verification of documents. Further down the line, artificial intelligence (AI) will play an even more prominent role in assessing an applicant’s suitability for a position. In essence, recruitment is based on asking the same questions and completing the same processes, so there is no reason why, given the advances in technology and quantum computing, AI-driven solutions would not be able to process these applications independently of human interaction.
INTERVIEW
DRIVING INNOVATION EMMANUELLE HOSE, GROUP VICE PRESIDENT AND GENERAL MANAGER EMEA, RIMINI STREET, EXPLAINS HOW ENTERPRISES SAVE SIGNIFICANT COSTS AND FREE UP RESOURCES BY SWITCHING A THIRD-PARTY SOFTWARE SUPPORT PROVIDER.
W
hat is your value proposition? Rimini Street is a software support provider. We created an industry that didn’t exist for 16 years by competing with vendors for maintenance. We found a flaw in their services because vendors are very focused on their products, not so much on their users. When you implement ERP, you must customise it - organisations spend a lot of time, energy, and money to customise this application to suit their business needs. That’s how they’re going to innovate and differentiate themselves. What usually happens when you acquire this software from a vendor is that you enter into two agreements. One is around the license, which allows you to use the software perpetually. The second is a maintenance agreement, which entitles you two to things. Number one, you are going to receive product updates from the vendor. And the second one, you’ll have the ability to lock a ticket on the vendor’s portal if you have any problems. What happened over the years is that the ERP has matured. And the vendors have started innovating less and
less in their products. For example, a few years ago, SAP and Oracle announced they were not going to invest in their installed on-prem products but to create a new type of product on the cloud. Users have started seeing that their maintenance costs have been increasing in terms of price every year, but the value has been diminishing. So we said, how about we provide a better service that’d enable these organisations to run any version of the software; we will support all that customisation and integration – basically support their environments the way they wish to run. Oracle and SAP are making about 94% profit margins on maintenance- It’s 50% of their revenue. So we decided to be very disruptive, and we can provide a much better service that is centered around the client for half the price. The software power houses are not organised for support. It’s not their core business, but it is ours. Are you competing with tech giants when it comes to support? The success of our support service has been tremendous because we provide the support that is pertinent to the client. We take time to go directly into their dev and QA environments. We don’t have any inhouse software, and we don’t provide big patches. So our clients are tremendously satisfied with our services – they rated us 4.9 out of five while vendors were at 2.1. That is how it started. But as you know, organisations evolve, so we created three pillars around optimise, evolve, and transform. First, we help our clients optimise their IT platforms, whether on-prem or the cloud. Recently, we have announced support for opensource environments as well. In addition, two years ago, we created the office of the CTO to look at the
IT roadmaps of our clients and how we can help them evolve to the next level. Now, we’ve got solutions around security, analytics and we do a lot of staff augmentation, which is very popular in this region because of the skills gap. How do you support these platforms replacing vendors? We’ve got 1000s of engineers around the globe, and we decided to have a very different model. In the vendor model, you’d have to contact their call centre, and often, you’d have someone junior answering the call; you’d have to battle through to get to someone who can actually help you. What used to happen typically was that clients would go to the vendor portal and try to diagnose their problems. So you pay a fortune for selfservice. We decided not to do that. All our engineers have 10 to 15 years minimum experience on the products we support 24/7 around the globe. If you have a problem, we will call you back within ten minutes. We have created an AI platform to ensure that when a client logs a ticket for us, they will be paired with the right engineers to fix the issue. We work in the client environment so that they have access to the software, source code, security layer, etc. So anyone with an ERP system is a potential customer for you? That’s right. We’ve had meetings with several clients here, and everybody told us, “Vendors have sold us so many things, and we are just starting to realise that we are not even using them. Can you help us use this product better? Can you help us use a product we haven’t implemented yet?” So we work together with our clients so they can maximise the investments they have made in these platforms.
MAY 2022
CXO INSIGHT ME
27
INTERVIEW
UNLOCKING VALUE SOLARWINDS HAS RECENTLY LAUNCHED ITS SOLARWINDS HYBRID CLOUD OBSERVABILITY PLATFORM, OFFERING ORGANISATIONS THE ABILITY TO ACCELERATE THEIR DIGITAL TRANSFORMATION INITIATIVES BY PROVIDING A COMPREHENSIVE AND UNIFIED VIEW OF TODAY’S DISTRIBUTED NETWORK ENVIRONMENTS. ROHINI KASTURI, CHIEF PRODUCT OFFICER, SOLARWINDS, EXPLAINS WHY FULL-STACK OBSERVABILITY IS CRITICAL IN TODAY’S HYBRID IT REALITIES.
W
hy is full-stack observability critical? There are many reasons why observability is essential today: 1. Enterprise IT infrastructure environments are growing in complexity. Most customers are moving from traditional data centres to hybrid clouds or multiclouds, depending on the deployment. 2. Applications are getting modernised with containers and serverless frameworks, with database modernisation happening in parallel. 3. The adoption of cloud services is accelerating, with hyperscalers such as AWS, Azure, and Google providing many cloud-native services that are attractive to customers. If you look at this increasing complexity of infrastructure, applications, data, and cloud services distributed across your on-prem and multi-cloud environments, managing it all in terms of visibility and control can be challenging for IT teams. This is where observability becomes important, as it allows you to monitor what is happening in your full IT stack and correlate the data with AI/ML to gain business insights and map service dependencies.
holistic visualisation and correlated insights into what is happening in your dynamic IT environment. For example, if you are running a financial services business and your service health is 99.99 percent, you can drill down where you are missing the performance or customer experience and identify and resolve issues when you move to full-stack observability. We have more than 300,00 customers, many of whom use our APM and database performance management tools. We want to evolve them into the future world of observability. With the launch of SolarWinds Hybrid Cloud Observability, existing customers can upgrade to monitoring and observability on a single platform.
What is the difference between observability and monitoring? In the world of observability, monitoring becomes a foundation. Your oversight becomes fragmented when you have point products for network and applications monitoring or database performance management. Observability provides
What are the key pillars of observability? As the observability world has evolved from the APM space, many people tend to look at it more from application logs, traces, and metrics perspectives. However, we see observability growing beyond these fundamental pillars to building
28
CXO INSIGHT ME
MAY 2022
physical and logical network topologies and understanding critical components of service dependencies. This will help you understand the performance and behaviour of individual systems and shift from a reactive to proactive IT posture. The first step towards observability is collecting data across infrastructure, network, application, database, and cloud services, leveraging AI and ML to correlate the data and develop insights into what is happening to a business service or systems performance. This cross-correlation of metrics, logs, traces, and topologies will help you predict trends, issues, and anomalies and identify what is really important to your business. What are the key benefits of observability? If you are a CIO or a DevOps leader in a highly complex environment, you wake up every day thinking about business challenges or how your IT organisation performs. Suppose someone can pinpoint to you exactly where your problems are and automatically resolve them or accurately predict service outages. In that case, you don’t have to worry about unplanned downtime affecting your customer experience and business reputation - this is what observability brings to the table for users. First, you start visualising, analysing, and predicting, and then you start automating and remediating issues to ensure service levels across complex and distributed infrastructures. Do you have to monitor everything or only observe what matters? It all depends on customer environments. For example, let’s say you have a financial services business. You have to observe applications, network, database, storage – everything because your service outage or performance degradation could be because your disk IO is low. Or your network latency is high, or your application has multiple tiers distributed across clouds. Therefore, when looking to solve availability and performance issues and give the best experience to your users, it is imperative to look at every aspect. So we are calling it a full-stack; it is a combination of infrastructure apps, databases, and cloud services, and you visualise across various dimensions.
18TH MAY 2022
JW MARRIOTT MARQUIS, BUSINESS BAY
PRESENTING PARTNER
SILVER PARTNERS
SIGNATURE PARTNERS
EVENT PARTNERS
ORGANIZER
OFFICIAL MEDIA
VIEWPOINT
CRITICAL CAPABILITIES OF A MODERN DLP SUNDARAM LAKSHMANAN, CTO AND HEAD OF ENGINEERING, SASE PRODUCTS AT LOOKOUT, EXPLAINS THE IMPORTANCE OF HAVING A MODERN DLP SOLUTION FOR DIGITAL ORGANISATIONS.
I
n some ways, IT teams had a great life in the early 2000s. Data was stored inside data centers and accessed through known ingress and egress points like a castle with a limited number of gates. As a result, organisations had control over exactly whom and what devices could access company data. This is no longer the case. With users accessing cloud applications with whatever networks and devices are at their disposal, those defence mechanisms have become inadequate. To ensure their sensitive data is secure, organisations have to rethink their security model — including the way Data Loss Prevention (DLP) technology is implemented. 30
CXO INSIGHT ME
MAY 2022
While DLP has been around for decades, it has reinvented itself in this remote-first environment which is why I think it is important to understand how modern DLP solutions, integrated into a cloud-delivered platform, can help organisations prevent data breaches, comply with regulations, while providing secure access to remote workers. Why do organisations need a modern DLP solution? Back when network architecture was centred around data centers, monitoring technologies like DLP existed on the edges of corporate perimeters or at the data exchange
points. This worked because there were only a small number of apps and resources and organisations used relatively homogenous endpoints that were corporate-owned or managed. About a decade ago, that castle-andmoat cybersecurity model started to break down. IT had to start accounting for other endpoints that didn’t use Windows such as MacOS, iOS and Android devices. It got even more complicated when corporate data migrated from corporate perimeters to private clouds and softwareas-a-service (SaaS) apps, where each of them had their own unique configurations and security measures.
Now that security requirements have turned inside out, with users, apps and data residing mostly outside data centers, DLP has to expand beyond the perimeter’s edge. And with data moving so quickly, simple user errors or misconfiguration that were once harmless can now cause serious harm to an organisation. Differentiating between modern and traditional DLP solutions One of the most important differences between a modern DLP solution and its traditional counterpart is its ability to understand both the content and the context of a data exchange, which enables an organisation to make smart access decisions that safeguards data without hindering productivity. Know the risk levels of endpoints and users With users and data no longer residing inside perimeters, the context by which data is accessed — such as who is accessing the data, their behavioural patterns and what risks are on the device they’re using — has become critical. In the spirit of Zero Trust, organisations shouldn’t provide any entity access until its risk level has been verified. But to do so efficiently, security teams must write policies that take into account the sensitive nature of the data as well as the risk level of the user and data. A modern DLP has the insight to understand whether an account is compromised, or an insider threat based on a user’s behaviour, or the presence of risk apps on an endpoint. With those telemetry, it would be able to, for example, disable downloading privileges depending on whether the endpoint is managed or not or shut down access altogether if the user or endpoint is deemed high risk. Identify, classify and encrypt data on the fly In addition to context awareness, modern DLP solutions also have more
advanced capabilities to identify and secure sensitive data. For example, an advanced DLP would have optical character recognition (OCR) and exact data match (EDM) to precisely identify data across any document type including image files, which is where data such as passport or credit card information is commonly found. To ensure data doesn’t fall into the wrong hands, organisations also need integrated encryption capabilities to take automated actions. With integrated enterprise digital rights management (E-DRM) as part of a modern DLP, organisations can encrypt data when it moves outside sphere of influence, so that only authorised users have access. Modern DLP is the key to data protection, compliance and productivity Modern DLP enables organisations to set up countless remediation policies based on the merit of the context being accessed and the context by which the exchange occurs. This means DLP is critical both to the productivity of remote workers as well as data protection and staying compliant to regulations. Protect data and remain compliant Whether it’s sensitive intellectual property or data protected by regulatory requirements, organisations need to ensure that data is accessible but secure. A modern, cloud-delivered DLP has the capabilities to efficiently identify the types of data you own across your entire organisation — in data centres, on private clouds or in SaaS apps. It can also enforce policies with varying degrees of granularity by using E-DRM and technologies such as Cloud Access Security Broker (CASB) or Zero Trust Network Access (ZTNA) to block intentional and unintentional insider threats and compromised accounts from leaking or stealing your data.
Empower Productivity In theory, an organisations’ data would be secure if everything was locked down — but that would be detrimental to productivity. To tap into the full potential of cloud apps and mobile devices, organisations need to be able to make smart Zero Trust decisions. By using DLP in conjunction with secure access solutions like CASB, ZTNA and endpoint security, you can give employees access to the data they need without introducing unnecessary risks to your organisation. Modern Data Protection Requires an Integrated Approach In today’s complex hybrid environment, data goes wherever it’s needed. This means organisations need the visibility and control they once had inside their perimeters. A modern DLP that is delivered from the cloud is central to this. But one final thought — DLP shouldn’t be deployed in isolation. To truly secure data in a remote-first world, DLP needs to be integrated into a larger platform that can provide telemetry data about your users and endpoints and have the ability to enforce granular and consistent policies.
MAY 2022
CXO INSIGHT ME
31
VIEWPOINT
CUTTING THROUGH CHAOS HADI JAAFARAWI, MANAGING DIRECTOR – MIDDLE EAST, QUALYS, WRITES CONTEXT XDR IS THE BEST RESPONSE YET TO THE MODERN THREAT LANDSCAPE
R
egional cybersecurity chiefs have their hands full — they are understaffed and they face skills gaps. These are challenges that threat actors don’t face. And the increase in IT complexity, combined with many employees working from home on private networks with personal devices, means it has become a steep challenge to keep sensitive apps and data safe. The Middle East and Africa cybersecurity market hit US$ 1.9 billion in 2020, and is projected to reach US$ 2.9 billion by 2026. The spending surge can be attributed to a staggering increase in cyber
32
CXO INSIGHT ME
MAY 2022
incidents, brought about by the stayat-home work trends that emerged from the pandemic. In late 2020, in the United Arab Emirates, the nation’s cybersecurity chief described a 250% year-on-year increase in attacks as a “cyber pandemic”. Something must be done, and one of the most popular approaches to the much-desired, catch-all cybersecurity platform in the industry today is extended detection and response (XDR), a cloud-native solution capable of peering into every crevice in the technology stack, to detect and respond to incidents in real time.
Interpretations of the form But as with many products in many industries, not all XDR is created equal. There are many interpretations of the form. Here, I will argue that only context-driven XDR can adequately support security analysts in their prioritisation of threats and the reduction of alert fatigue. Because of the regional skills gap in digital security, teams need all the advantages they can get when it comes to identifying and mitigating threats. However, too often the alerts that prompt the hunt offer very little supporting information about the users, assets, and behaviors that
triggered the initial warning. Threat hunters need to know a range of things relating to operating systems, vulnerabilities, and the configuration of assets, as well as an initial assessment of how likely the attack is to succeed. If the attack was already successful, where in the MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework did it fall? If it is ongoing, can it be mitigated by automation, or a junior analyst, or will it take a team of internal or external experts to address? Whether successful or not, it helps analysts to have a rich journal of events leading to the flagged event, including a post-event analysis of business impact. A pyramid of needs Compiling all this information in a timely manner is one of the key challenges for the region’s beleaguered security professionals. Incomplete information from multiple sources can leave analysts struggling to understand their organisation’s risk exposure and asset criticality. Travelling from dashboard to dashboard, they will try their best with what they have to hand, but the time they spend chasing false positives is time spent away from more productive activities, such as addressing genuine threats that pose real risk. The modern SOC has three fundamental needs when it comes to threat assessment. The first is immediacy, where responses can occur at scale in real time. The second, criticality, calls for the understanding of impacts and potential impacts, for the purposes of prioritisation. And third is response, which represents the means to take effective action, such as killing processes and quarantining files. To deliver on this pyramid of needs, XDR solutions must break down security data silos to deliver a unified view of the enterprise
technology stack and the threats it faces. Effective XDR should bring the tapestry of security solutions and functions together in a single platform. In doing so, contextoriented XDR can help to dial out the white noise that varied telemetry creates and present a real-time view
CONTEXT XDR BRINGS TOGETHER AVAILABLE INFORMATION ON RISK POSTURE, ASSET CRITICALITY, AND THE THREATS THEMSELVES TO DELIVER A CLEARER PICTURE. IT LEVERAGES COMPREHENSIVE VULNERABILITY AND EXPLOIT INSIGHTS FOR A THREATENED ASSET’S OS AND FOR THIRD-PARTY APPS.
for the user of the business impact of a given alert. Context, in short, leads to more effective response. Many tentacles Context XDR brings together available information on risk posture, asset criticality, and the threats themselves to deliver a clearer picture. It leverages comprehensive vulnerability and exploit insights for a threatened asset’s OS and for third-party apps. Insights must include misconfigurations and end-of-life (EOL) flags. This uninterrupted vulnerability mapping will provide a more complete picture of the organisation’s risk posture than simple risk-scoring based on how OS-patch statuses relate to common vulnerabilities. Active asset discovery is vital in context XDR. Policy-driven criticality assignments can evolve with an asset’s current state more easily if information on the asset is up to date. The right security and business context can help security teams to prioritise, say, an executive’s laptop or a database server that stores sensitive intellectual property. Everything XDR hopes to accomplish hinges on the quality and availability of the right data at the right time. This is not only true of assets, but of the potential attacks themselves. Threat intelligence on current exploits and attack methods can deliver the actionable insights that can help security teams prevent and mitigate the perils beyond the digital gates. Where possible, XDR solutions should look to data from third-party solutions within the technology stack and combine it with asset risk posture, criticality, and direct threat intelligence to create even higher fidelity in alerts. The future is context XDR — a fullfledged, many-tentacled sentinel with access to every surface and crack in the digital estate. Threat actors may have us outgunned, but with context XDR in our arsenal, the advantage will finally be ours.
MAY 2022
CXO INSIGHT ME
33
VIEWPOINT
DEBUNKING MLOPS MYTHS JAD KHALIFE, SALES ENGINEERING DIRECTOR – MIDDLE EAST, DATAIKU, ON SEVEN COMMON MACHINE LEARNING OPERATIONS MYTHS WE SIMPLY MUST BUST.
M
achines that learn have always been fascinating. But the graduation of machine learning from frontier gimmick to mainstream tool is now complete. The region’s cloud migration seems likely to generate more and more interest in ML. And in an age where businesses increasingly recognise the need for formal workflows and best practices across the IT function, machine-learning operations (MLOps) will play a fundamental role in delivering actionable intelligence to stakeholders. There is a lot of confusion and misunderstanding around MLOps. Standardisation takes time, but for now, we can think of it as a family of best practices geared towards the 34
CXO INSIGHT ME
MAY 2022
efficient and rewarding deployment and maintenance of machinelearning models into production environments. Underneath every misinterpretation of MLOps lie a host of miscalculations driven by memes. So let’s examine the seven main myths that surround MLOps and often lead to disappointment in its implementation.
1
The model is what matters Organisations tend to obsess over the model itself as being the primary, or even the sole, deliverable of an AI-based data project. But modeling is just part of the journey. The vast majority of a project team’s time will be absorbed by data preparation. Tasks include configuration, data collection,
feature extraction, data verification, and the selection of analysis tools and process-management tools, as well as infrastructure and resource considerations.
2
The design environment mirrors the real world A common point of failure for MLOps is the misconception that design environments are (or can be) carbon copies of production environments. Pipelines need to function in both, but often this oversight can break the model as it exits the gate. A design team’s focus on performance at the expense of portability must be tempered, so deployment is streamlined to include all artifacts required in each operating environment.
5
Fixes can be ad hoc Taking a “cross that bridge when we come to it” attitude to broken models implies that in MLOps, model breakdowns are rare. They are not. From data drift to changes in upstream systems, there are many things that can disrupt a model. So, the break-fix lifecycle for MLOps requires a plan. Organisations must have baseline models that can serve as fallbacks, along with predetermined workflows to introduce backups without disrupting downstream services. And audit trails, event logs, and monitoring data from other production systems must be in place to accelerate the fix time.
3
Model lifecycles are straight lines Some MLOps teams treat models with a fire-and-forget approach, but MLOps is not about initial deployment; it is more about maintaining models over time. The design process may only take weeks, but the model will most likely run for years. If its value-add is to remain strong, then the relevance of its insights must be maintained. So, do not expect models to operate in the long term without nurturing. Some organisations may want to build environments where models have multiple versions that can be swapped in and out cleanly, as needed.
4
Accuracy is the number-one metric In this case, the temptation to believe the myth is obvious. Doesn’t ROI naturally emanate from an accurate model? To an extent, the answer is “yes”, but MLOps has many other important metrics. For example, pipeline, service health and data-drift detection are arguably more important in the long run. The data drift — the measurable variation of a dataset over time — between, say, training and production data can be an important indicator of future performance, and so may deserve more attention than current accuracy levels.
6
Production teams don’t need to understand ML models Models cannot just be deployed without contextual knowledge of their design and proposed operation. If MLOps teams try to work this way, decisions by the deployment team that seem technically sound in isolation could induce anomalies in model behavior and even lead to
STAKEHOLDERS MUST REMEMBER THAT MLOPS IS ABOUT MORE THAN MODELS AND RELIES ON STRONG DATA INTEGRITY AND AGILE INFRASTRUCTURE. PROJECT LEADERS MUST RUN A TIGHT SHIP ON DOCUMENTATION AND CROSS-TEAM INFORMATION SHARING.
unwelcome biases in the system. Production teams’ understanding of the underlying behavior and expectations of a model will better equip them in fixing issues and deploying models that behave as expected. For this reason alone, it is recommended that MLOps teams have access to tools that automatically produce rich model documentation.
7
With MLOps, AI governance is redundant MLOps is not a part of AI governance. Yes, the two are related, but they cover many functions that do not overlap, and have entirely different outlooks and priorities when it comes to systems, data, and roles. Both MLOps and AI governance oversee the operation of projects in production environments. But where AI governance is concerned with managing risk and ensuring compliance, MLOps looks after the systems and processes of a digital business, optimising value and uptime. For example, while an AI governance team will use audit trails for assuring senior executives and regulators that the organisation is dotting its Is and crossing its Ts, MLOps will use such data for troubleshooting. Knowledge and action MLOps can certainly deliver value to an organisation that has the capacity and will to become a digital business and can arm its decision-makers with all the real-time actionable insights this implies. But the myths must be overcome. Stakeholders must remember that MLOps is about more than models and relies on strong data integrity and agile infrastructure. Project leaders must run a tight ship on documentation and cross-team information sharing. And they must never forget to operate AI governance and MLOps separately while ensuring they cooperate on scaling AI. For those that bust the myths and get it right, MLOps will add immense value and form the foundation of an enviable powerhouse of knowledge and action.
MAY 2022
CXO INSIGHT ME
35
VIEWPOINT
NAVIGATING YOUR SASE JOURNEY JACOB CHACKO, REGIONAL DIRECTOR, MIDDLE EAST, SAUDI & SOUTH AFRICA AT ARUBA, A HEWLETT PACKARD ENTERPRISE COMPANY, EXPLORES HOW ENTERPRISES AND SERVICE PROVIDERS SHOULD EVALUATE AND ASSESS THE NETWORKING AND SECURITY TECHNOLOGY COMPONENTS OF A MULTI-VENDOR OR SINGLE VENDOR SASE SOLUTION
W
hen we go shopping for new clothes, we often select different brands for shoes, shirts, or trousers. We rarely select a single brand for every clothing item simply because we want the best brand quality for each of those three categories. Similarly, when it comes to technology, why would we not want the best choice for networking and security technology platforms when it comes to SASE? Does one size fit all? SASE is the term Gartner coined to describe the Secure Access Service Edge framework that has emerged to define the convergence of WAN and
36
CXO INSIGHT ME
MAY 2022
network security functions into a single, cloud-delivered model that will support enterprise digital transformation initiatives. One of the key foundations of a SASE framework is a robust SDWAN component. So how should enterprises and service providers evaluate and assess the networking and security technology components of a multi-vendor or single vendor SASE technology vendor solution? The promise of SASE For most enterprises, software-defined wide area networks (SD-WAN) have emerged as the technology of choice
to evolve existing legacy WANs to a network connectivity architecture that is focused on supporting a cloud-first environment – where the majority of business applications are hosted in the cloud rather than the data centre. Advanced SD-WAN solutions can reduce networking complexity, improve application performance, and enable more efficient connectivity between users and applications residing in the cloud. Depending on the solution, they can also be deployed by organisations either as DIY (do it yourself) or as part of a managed SDWAN service from a managed service provider.
The promise of SASE for service providers is to make it easier to deliver a converged or bundled managed networking and security service. But service providers will likely need to revamp their existing siloed (separate security and separate networking) organisational structures to be able to deliver integrated managed networking and security services to enterprise customers, which is really what SASE is all about. This means partnering with their networking and security technology vendors to leverage open APIs, automation, provisioning/deployment integrations and service chaining between security and SD-WAN vendors to help simplify the service integration and an eventual path towards SASE. By adopting a SASE architecture on top of their existing transport services, service providers strive to create a managed networking and security practice that can support their customers’ requirements. This enables service providers to accelerate time-tomarket with new differentiated services. By owning the transport providing the connectivity to the SASE framework, service providers add value to the end-to-end service. Ultimately, the goal of SASE is to deliver a better end user quality of experience and security for cloud-hosted applications. A split approach to deployments Because SASE deployments are in the early stage of the adoption lifecycle, the market will likely see a clear split in approaches. For example, small and medium size enterprises are more likely to be attracted to the all-inone managed SASE offerings, where simplicity and “one-stop shopping” take priority over advanced capabilities. On the other hand, large regional or global enterprises will remain unwilling to compromise on security, reliability, or the quality of user experience. They will adopt a dual-vendor approach, pairing a best of breed SD-WAN technology supporting multi-cloud on-ramp access and advanced WAN-facing capabilities, with a fully-fledged, best of breed clouddelivered security partner delivering secure web gateway (SWG), cloud
IF SERVICE PROVIDERS CAN ESTABLISH THIS INTEGRATION AND A STRONG VENDOR NETWORK, THEY SHOULD BE ABLE TO CONFIGURE, DEPLOY, AND OFFER A SASE SERVICE PROVIDING THEIR CUSTOMERS THE FLEXIBILITY OF CLOUDDELIVERED SECURITY OPTIONS WITHOUT COMPROMISING ON BEST OF BREED TECHNOLOGIES. access security broker (CASB) and zero trust network access (ZTNA) services. We see SASE services being consumed in five main deployment scenarios: • Fully managed through one vendor • Fully managed through multiple vendors • A hybrid model where security is handled in-house • A hybrid model where SASE/SD-WAN is handled in-house • Everything is done in-house (enterprise level) Matching customer demand These scenarios highlight how service providers may be able to offer either managed SD-WAN or managed cloud security services and also support enterprises who implement their own (DIY) SD-WAN or cloud security solution. In support of this, in a recent Ponemon survey, 71% of enterprise respondents would select a best of breed vendor when deploying both SD-WAN and cloud-delivered security for a SASE architecture. Service providers must consider
offering multiple managed options to enterprises who may be at different stages of their SASE journey. Do they offer the best of breed SD-WAN and best of breed cloud security and hope that the integration between the chosen technology vendors works? How easy is it to integrate SD-WAN and cloud security solutions? If service providers can establish this integration and a strong vendor network, they should be able to configure, deploy, and offer a SASE service providing their customers the flexibility of cloud-delivered security options without compromising on best of breed technologies. It also enables service providers to offer a solution for the SASE hybrid scenarios and potentially offer an existing DIY enterprise a migration to a fully managed SASE service. SASE is a journey that is just beginning for most organisations, and service providers have been an integral part of the evolution of networking and security connectivity technology throughout history. Service providers should carefully consider the benefits of leveraging the integration of a best of breed SD-WAN platform together with a best of breed cloud security. Taking this approach for SASE will help service providers mitigate the risk of depending on a single technology vendor to supply all the components of their managed SASE service, and it will continue their role as a trusted advisor to their customers.
MAY 2022
CXO INSIGHT ME
37
VIEWPOINT
UNDERSTANDING WHY DIGITAL TRANSFORMATION PROJECTS FAIL WHILE WE HEAR A LOT ABOUT ORGANISATIONS BEGINNING THEIR DIGITAL TRANSFORMATION JOURNEYS, RANJITH KAIPPADA, MANAGING DIRECTOR AT CLOUD BOX TECHNOLOGIES POINTS OUT A MYRIAD OF INTERNAL FACTORS CAN GRIND THEM TO HALT.
T
he pandemic spurred an increase of digital transformation initiatives across organisations and industries. And while this heightened awareness and roll out is meant to be appreciated, organisations still face the challenge of successfully completing such initiatives. Global research organisations have studied completed and stalled digital transformation initiatives from many angles and concluded that the reasons
38
CXO INSIGHT ME
MAY 2022
for failure are often non-technical. CIOs need to be aware of the multiple non-technical reasons that can ground digital transformation initiatives, often for no fault of theirs, and plan to find ways to work around the points of failure described below. Limited funding Many finance heads continue to look at technology and IT spending as an operational expense rather than one driving innovation and longer-term
strategic benefit. Hence, when a digital transformation initiative is proposed it may be hard for the CIO to gather the total funding to complete the project. Inability to gather sufficient funds to drive a digital transformation project also arises when financial decision making is siloed and fails to see and apportion the benefits of digital transformation across the organisation. With such an approach, it may be difficult to justify sufficient funds and may require alternative routes for results.
The way forward is to justify expenditure for digital transformation with the business outcomes delivered. Many times, budgets are available with business heads and may require realignment and reprioritisation of the digital transformation initiative, along the business objectives related to that funding. Delivery of timely business results and delivery of political benefits if wellarticulated, can also help to trigger sufficient levels of investment to mobilise the digital transformation initiative. Finally, CIOs need to be flexible in identifying and realigning with multiple funding opportunities that may exist across the organisation. Breadth of skills The successful roll out of digital transformation initiatives requires having multiple types of digital skill sets across the organisation. Some of these core skill sets include cloud migration and orchestration, digital architecture and platforms, data analytics, user experience and design, amongst others. Other than technical skills, teams also need to prepare themselves to become agile and flexible, often referred to as digital nimbleness. The way forward is to build multiple types of digital training programs across the organisation. In addition to training employees with digital skills along their functional job roles, they can also be offered digital skills training outside their functional roles. This will help them to understand the multifunctional and cross siloed approach of digital transformation. Another important initiative is to build skills in business areas that are the most impacted by digital transformation. Since digital transformation impacts existing job roles and helps to create new ones, communicating new career paths and skills progression based on experience, are another important part of the internal initiatives. Technology resources Post pandemic, all industries, and all organisations, have experienced an increase in the usage of digital technologies. On the flip side, shortage
THERE ARE MULTIPLE OPTIONS FOR CIOS TO MANAGE THE WAY FORWARD. THE FIRST IS TO ALIGN WITH BUSINESS HEADS AND ASSESS THE POSSIBLE CULTURAL BOTTLENECKS IN THE PROGRESS OF DIGITAL TRANSFORMATION.
of IT and technology talent can dampen the enthusiasm of most digital transformation initiatives. The reasons for shortage of technology and business subject matter experts in an organisation can range from cultural to siloed thinking of the management. A short-term approach of building skilled resources in low code type of digital transformation solutions can only go so far. The real benefits for an organisation are gained by developing the complete gamut of skills required to manage digital transformation initiatives of any complexity and scope.
The way forward is to build a continuous program of developing digital skills and culture across the organisation that helps in positive roll out of a digital transformation initiative. Such a continuous program of skills development and enhancement requires management support and a medium to long term vision for improvement and transformation. Risk averse and resistance to change In some organisations, the work culture does not reward change of routine and day to day processes and operations. Such organisation cultures are riskaverse and may believe there is no benefit in changing tried and tested work practices. In such organisations change management has to be actively and expertly managed. There are multiple options for CIOs to manage the way forward. The first is to align with business heads and assess the possible cultural bottlenecks in the progress of digital transformation. Next is to align the progress of digital transformation with business outcomes and benefits. Managing change and the resulting business benefits from the change also needs to be clearly demonstrated and communicated across the organisation. Siloed teams Every organisation has its share of inherent silos that have an ongoing impact on processes and decision making. In day-to-day business, over a period of time, siloed ways of working get accepted. However, during digital transformation, teams that have been used to working within department walls and boundaries, find it difficult to change and adapt with the rest of the organisation. This can have a negative impact on building the digital transformation strategy and its actual implementation and can be particularly destabilising when working across department siloes if there is inadequate preparation to overcome these challenges. The way forward for CIOs is to clearly identify the roles of team members, their ownership in the success of digital transformation roll outs, and accountability and contribution towards success.
MAY 2022
CXO INSIGHT ME
39
VIEWPOINT
SECURING DATA FROM BREACHES KHALED ALSHAMI, VICE PRESIDENT SOLUTION CONSULTING, MEA, INFOR, INVESTIGATES THE CURRENT THREATS AROUND DATA SECURITY AND HOW REGIONAL ORGANISATIONS CAN EFFECTIVELY DEFEND AGAINST ANY BREACHES.
T
he urgency of data security and privacy can’t be overstated. In 2021, the global average cost of a data breach was $4.24 million, representing a 9.8% increase over 2020. Yet the immediate costs are a trifle when compared to the incalculable, lasting brand, reputation, and business damage that a data security incident causes. Risks associated with information security threats increase minute by minute. Bad actors with malicious intent are continuously evolving their strategies and attempting increasingly creative and sophisticated security breaches. The constant potential threat of cyberattacks and security breaches can be taxing on IT teams and organisations that need vigilance, resources, talent, and educational resources just to stay ahead. The number of potential attackers is also expanding to include not only independent attackers and small groups, but also state-sponsored hacking organisations that are much better organised and funded. These larger groups can afford to devote multiple resources to breaching the defenses of small and large organisations over a long period of time—a level of commitment attackers once reserved only for the most strategic targets. Unless your organisation maintains an environment that prohibits any external Internet access, odds are your corporation has already suffered a successful attack of some type, even if it’s something as simple as the unauthorised release of some personal data. As former Cisco CEO John Chambers once put it, “There are only two kinds of companies: Those that were 40
CXO INSIGHT ME
MAY 2022
Industry-leading cloud service providers invest millions of dollars every year on their internal security measures, including: • Training and tools to analyze existing services • Constant updates to multiple levels of protection (including network- and host-based detection and protection)
hacked and those that don’t yet know they were hacked.” This isn’t your internal IT organisation’s fault. Today’s business environment demands a level of agility and efficiency that requires organisations to open their networks in ways that would have been unimaginable until recently. That openness, while essential for keeping a business competitive, has made the job of maintaining a secure network even more difficult. Defend your company against security breaches and malicious attacks SaaS solutions offer a safe, secure environment to protect an organisation’s digital resources. In a SaaS solution environment, infrastructure and application security are managed by the service provider, whose dedicated resources can continuously monitor systems for security breaches and threats. This, in turn, enables a faster response to any potential problem or identified security risk.
The ability of industry-leading cloud providers to safeguard their customers’ valuable data requires investments and available resources that most organisations cannot afford. Moving to a cloud service can allow an organisation to isolate and protect its internal networks and the valuable data it stores on internal systems. In the current era of end-to-end value chain collaboration, third-party vendors and suppliers often require integration with an organisation’s enterprise resource planning (ERP) system. If that ERP system is hosted in a cloud service, vendors and suppliers will never need to connect to the organisation’s internal network. As a result, multi-tenant cloud customers enjoy less risk because security and uptime are dramatically better when managed by world-class experts. A cloud environment is only as secure as the weakest link in its security chain. Infor Cloud employs a “defense-in-depth” strategy. Multiple layers of overlapping security safeguard customer data through each link of the chain. These security controls are enforced by a team of specialists who continuously monitor and improve Infor Cloud security posture to stay ahead of threats and vulnerabilities.
VIEWPOINT
BUILDING A RESILIENT SECURITY STRATEGY ENTERPRISES TODAY ARE GRAPPLING WITH A HOST OF SECURITY CHALLENGES, BUT ACCORDING TO DAVID BROWN, SECURITY OPERATIONS DIRECTOR, AT AXON TECHNOLOGIES, BY FOCUSING ON BUILDING CYBER HYGIENE AND RESILIENCE, MANY OF THE THREAT CHALLENGES CAN BE OVERCOME.
O
rganisations create security policies and security frameworks to help reduce vulnerabilities and to build a culture of security efficiencies both internally and externally. However, once built the challenge is also to revisit them and update them in areas that help to build resilience and reduce vulnerabilities. Policies and configurations For example, security controls and configurations go through changes throughout their life; sometimes functionality requirements change; there are unpredictable needs; and sometimes there are unauthorised changes. In other words, the need for continuous assessment and review of policies and configurations cannot be overlooked. Whatever the reasons, changes to an organisation’s security policies must follow a systematic change request process. On a planned basis this can include regular quarterly assessments; mapping all valid change requests; changes required in a
fixed window pattern of 30, 90, 180 days with auto-expire or auto revalidation. Any changes made to security policies and configurations, that have not been mapped would then trigger an internal security event. Continuous review of security policies and configurations should not be confused with operational patching cycles. Roundthe-clock, patching routines, and cycles are determined by vendor releases and other threat vulnerability intelligence. Priority for patching routines is based on risk levels as well as those with the shortest time to apply. Attack surfaces Managing the attack surface of an organisation is an important part of its resilience security strategy. An immediate implication of the lack of understanding of an organisation’s attack surface is poor cyber hygiene. Poor cyber hygiene creates doors for initial access and lateral movement of threat actors. On the other hand, a well-understood and managed attack surface helps the organisation to build layered defenses that are proactive and reactive. Baselining Another important activity to build a resilient security strategy is to baseline an organisation’s network and host layers. Information system types can also be used as a baseline and can track growth in capability and capacity. While monitoring baseline activity is often talked about, in practice it is seldom rolled out and maintained, if initiated. From an organisation’s point of view,
baselines are very effective to flag, through automation or human monitoring, when something is not normal. An organisation’s resilient security strategy will be incomplete without an attack surface management program and monitoring of baseline of activity. Continuous improvement A policy of continuously improving the levels of cyber hygiene in an organisation leads to an enhanced level of situational awareness. This enhanced level of situational awareness helps the enterprise to mitigate threats early in the attack lifecycle. For enterprises that build an enhanced level of situational awareness, they are able to reduce the meantime for vulnerabilities appearing on its attack surface. They are also able to prioritise which vulnerabilities to remediate, with well-defined clear actions and controls. Enhanced level of situational awareness also helps to create proactive plans such as incident response and preparedness plans. This plan provides clear actions and remediation paths in a simplified format for non-technical stakeholders and a fully detailed structure for technical stakeholders. Continuous improvement in cyber hygiene helps to build practices for network and system hardening, information assurance, and vulnerability management processes. It also helps to support data classification systems, all of which are secured with a 3-2-1 back schema as a critical component. On the flip side, an enterprise that lacks an understanding of its cyber hygiene practices can only open itself to adversary actions who can finally only achieve their objectives.
MAY 2022
CXO INSIGHT ME
41
VIEWPOINT
THE CHANGING FACE OF TELECOMS ALIX LECONTE, VP FOR SERVICE PROVIDERS (EMEA), F5, ON KEY TRENDS TRANSFORMING THE TELECOMS INDUSTRY. €900 million national cloud hub to upgrade the country’s data storage facilities. These examples are just the tip of the iceberg. There is also a push for data sovereignty beyond Europe’s borders. While acknowledging the need to work with US-based hyperscalers, many governments now want more control over how to secure and manage data from key sectors such as healthcare and public services.
N
ew technologies, COVID-19, regulations, and politics are all changing the telecoms industry faster than ever. It can be hard to know where things are headed at times, but here are five major trends that should be on everyone’s radar in 2022. 1 Data Sovereignty Takes Centre Stage Data sovereignty is an increasingly hot topic in the Middle East, and the subject has come to the fore as hyperscalers move into the region. It’s clear that data is fast becoming a sovereign asset that must be carefully protected. Any telco delivering on this front will surely stand out from the crowd. If we look to Europe, we can see that policymakers are doubling down on data sovereignty, which creates a raft of new opportunities. As the continent looks to regain control of its digital destiny, policymakers are turning to telcos for trusted services and infrastructure that reduce hyperscaler dependency. In France, Orange has teamed up with Capgemini to set up Bleu, a new company that will provide “Cloud de Confiance” solutions certified to comply with the French state’s privacy, security, and resiliency requirements. Then there’s Telecom Italia, which is currently bidding for a contract to build a 42
CXO INSIGHT ME
MAY 2022
2 Making Multi-Cloud Networking Work Multi-cloud networking is the logical next step for enterprise IT. Across the world, we’re seeing rising demands for cloud-native technologies that can enhance agility, efficiency, and scalability. At the same time, apps are increasingly composed of micro-services spread across different environments. Implementation is key here. To connect applications in different environments, you need much more than just networking. You also need security and load-balancing to ensure apps are always available and protected. This year, we expect that telcos, and their enterprise customers, will put a premium on solutions that reduce multi-cloud complexity. 3 Major Momentum in Mobile Financial Services Already major providers of money transfers, telcos are also going all in on financial services like micro-credit, insurance, and savings. For example, some telcos are accumulating data to determine credit scores and offer personalized loans with minimal risk. Meanwhile, the burgeoning mobile money ecosystem is empowering hundreds of millions of previously unbanked people to access financial products for the first time. The expansion of the digital financial
services sector makes it a compelling and obvious target for cybercriminals. This means telcos need to markedly improve their security game, including providing advanced protection against DDoS attacks, credential stuffing, and other threats. 4 Keeping Tabs on Cloud-Native Network Functions Telcos are gradually going cloud-native in pursuit of rapid scalability. A traditional mobile core network used to be composed of different functions running on purpose-built hardware. That code is now distributed over a set of virtual network functions (VNFs) or cloud-native network functions (CNFs) with separate and distributed control and data plane functions. As they move to standalone 5G networks, telcos will look to interconnect VNFs and CNFs deployed in different environments and locations. Naturally, this increases the attack surface. Unfortunately, telcos are still figuring out the best way to make their CNFs—and their infrastructure as a whole—fully secured, automated and observable. Against this backdrop, operational simplicity becomes a critical concern. 5 Telecoms in the Public Cloud – Proceed with Caution Cloud-native will be a big buzzword in 2022 (as it was in 2021). And telcos across the world will continue to talk about which workloads they will move into the public cloud. This includes both applications (IT workloads), as well as network functions for specific use cases. Nevertheless, support for core network functions with stateful protocols and large-scale subscriber sessions can prove challenging and present financial obstacles. Although deployment costs for some specific use-cases will continue to fall, a more fundamental question in 2022 is how to manage and secure the flow of the sensitive data. Data sovereignty momentum will certainly require many telcos to use the public cloud judiciously, as policymakers increasingly demand that sensitive datasets remain in country and under strict local control (with clear rules on who can and cannot access it). Ultimately, telcos’ transition to the public cloud could still turn into a rather protracted affair.
VIEWPOINT
PREPARE FOR THE UNEXPECTED GREGG PETERSEN, REGIONAL DIRECTOR - MEA AT COHESITY, ON THE IMPORTANCE OF TESTING YOUR DISASTER RECOVERY PLAN.
D
ata is today’s currency and is a critical component of success in business. However unplanned events (disasters) can put data, processes and operations at risk and might even threaten business continuity. It is imperative that if a disaster strikes, the organisation and its employees still have access to their systems, data and applications. Having a disaster recovery plan is important, but isn’t enough. You can’t rely on a plan if you don’t test it — disaster recovery testing makes all the difference. Disaster recovery (DR) plans – which is an organisation’s methods for responding to and recovering from a major event – play a critical role in helping businesses to cope in a crisis. From natural disasters and human errors, to hardware failures and cyberattacks, a thorough and well-tested DR plan can ensure your organisation is up and running quickly, keeping customers served and revenues flowing. However, while every IT and business leader should now recognise the importance of these plans, research suggests that some are slower on the uptake than others. What’s more, having a DR plan in place is just the starting point. Unless your process is tested regularly and thoroughly, how can you be sure it will work? With increasing numbers of stories about services falling over and not getting back online quickly, the question we ask is simple: is anyone still testing their DR plans? Unfortunately, the answer to that question is ‘nowhere near enough’. IT and business leaders must do better. To ensure their organisations have a trusted route back to recovery, organisations must test the robustness of their DR plans. Regular, full-scale testing is crucial to the
success of a DR plan, especially in today’s hybrid and multi-cloud environment. From sandbox testing to data classification and simulation, here are three ways to help ensure you have a DR plan that works. Testing your DR plans shouldn’t be a crisis in itself – your vendor should offer non-disruptive DR testing. Third-party DR services should be able to draw on a range of virtual equipment to test your plan. Often known as a sandbox test, this procedure makes it possible for your business to undertake full testing without affecting any production servers. That means that even while the test takes place, your operational activities continue as normal. Also make sure your thirty-party tester can give you detailed results from your sandbox. Any tech-based solution for DR planning should use audit trails to reduce operational complexity and streamline compliance requirements. Businesses are under increasing threat from ransomware and other vulnerability exploitations. IBM Security, in its recent annual X-Force Threat Intelligence Index, shows that the Middle East and Africa region was the fourth-most attacked region worldwide, while the most attacked countries in the Middle East and Africa were the United Arab Emirates, Saudi Arabia and South Africa. Data is commonly viewed as the crown jewels of the organisation, but some information is more valuable than other knowledge – and unless you have an effective data-classification strategy, you won’t know which data must be protected at all costs. Organising data into classes is the cornerstone of effective data
management. If you know what use cases your data supports – from security and compliance to customer service and cost optimisation – you’ll know how valuable your information is and the lengths to which you should go to protect it. Your DR plan should take this data classification into account. Your tierbased approach should help ensure business-critical data is not just backed up, but always available. If the worst happens, and your network is down, your DR plan should be designed so that renewed access to this data is prioritised. Reviews of DR plans and tabletop exercises, where people across the business get together to analyse your strategy, will only take you so far. If you really want to know how effective your DR strategy is, then you’re going to have to run a simulation exercise. Rather than simply talking, this simulation creates a worst-case scenario and then role-plays the plan with your IT team. The exercise should also bring in other business stakeholders and thirdparty vendors to create a full view of dependencies and requirements. With the increased frequency and cost of cyberattacks, a robust set of disaster recovery processes combined with proven technology have never been more essential. Organisations should look for ease of use, automation, and the ability to truly control their data recovery and application availability servicelevel agreements. This next-gen data management also offers organisations an essential set of capabilities to take on the disaster recovery challenges businesses are facing today.
MAY 2022
CXO INSIGHT ME
43
PRODUCTS
Zebra TC53/TC58 mobile computing series Zebra Technologies Corporation announced the new TC53/TC58 mobile computing series featuring innovative technologies that help business leaders and IT decision-makers across industries increase operational efficiency, deploy new capabilities to the front line, and reduce costs. Equipped with the latest 5G and Wi-Fi 6E wireless and sensor technologies and the largest, brightest and highest resolution screen in its class, the TC53/TC58 series enables front-line workers in retail, postal/courier and field service organizations to leverage mobile dimensioning, mobile point of sale (mPOS), and connected workforce applications that improve productivity and enhance the customer experience. The TC53/TC58 series features Zebra Dimensioning Certified Mobile Parcel, an industryfirst solution that utilizes an integrated Time of Flight (ToF) depth sensor to capture parcel dimensions and calculate shipping charges on Zebra mobile computers with the press of a button – saving time researching prices or manually
44
CXO INSIGHT ME
MAY 2022
measuring packages. The TC53/TC58 mobile computers are also payment ready with tap-to-pay functionality, providing the freedom to checkout customers from just about anywhere. The versatile devices can also transform into a mobile-driven workstation or a complete fixed or hybrid POS, a two-way push-to-talk (PTT) radio, PBX handset or RFID reader for improved team collaboration and productivity. The purpose-built TC53/TC58 series offers a new, modern design that accommodates a six-inch advanced edge-to-edge display that allows workers to see more information. Zebra’s Intellifocus technology enables users to scan items in hand, across a room or on a top shelf rack further improving worker productivity. The TC53/ TC58 series also features an integrated 16MP camera, the highest resolution in its class, with optional optical image stabilization (OIS) to capture sharp, detailed photographs to document proof of condition and delivery.
OPPO Reno7 Pro 5G The OPPO Reno7 Pro 5G features the iconic OPPO Glow glass on its back cover with the Laser Direct Imaging (LDI) technology for the first time ever in the industry and also boosts the flagship-level 5G performance powered by the MediaTek Dimensity 1200-MAX. Meanwhile, a 12GB+256GB
memory, 4500mAh battery and 65W SUPERVOOCTM guarantee an extraordinary, long-lasting and smooth experience. Tying all of these together, the ColorOS 12 creates a convenient and efficient user experience on the smartphone. With features packed into a sleek and light smartphone, Reno7 Pro 5G is the portrait expert designed to help users get the most out of the 5G era. To deliver even more powerful 5G performance, the Reno7 Pro 5G features the MediaTek Dimensity 1200MAX to support incredible smartphone experiences. Built on a 6nm process, the octa-core SoC includes an ARM Cortex-A78 core operates at up to 3GHz, delivering ultimate computing power with lower power consumption. With MediaTek’s Dimensity 5G Open Resource Architecture brands can enjoy increased flexibility to customize key 5G mobile device features to address different market segments. The open resource architecture gives smartphone brands closerto-metal access to customize features for cameras, displays, graphics, artificial intelligence (AI) processing units (APUs), sensors and connectivity sub-systems within the Dimensity 1200 chipset.
Lenovo Yoga Tab 13 Lenovo has announced the launch of its Yoga Tab 13 in the UAE, delivering a supercharged audio-visual experience in a sleek and elegant form factor. The introduction of the company’s latest premium tablet offering comes during a time in which more consumers are investing in portable devices to enhance the hybrid worlds of work, learning and play. The Lenovo Yoga Tab 13 features a large 13-inch 2K display with 400 nits of brightness and 100 percent sRGB color gamut. The panel is also powered by Dolby Vision® HDR, which delivers ultra-vivid picture quality and detail. As a new Android tablet, the Yoga Tab 13 features Entertainment Space from Google, the new home for free and paid content services. Users can enjoy up to 12 hours of playback (1080p) and use Lenovo’s 30W quick charge to keep powered at all times of the day. With quad JBL speakers, including the two built into the Yoga Tab 13’s innovative soundbar, users can enjoy a captivating listening experience. The audio journey is made more immersive still thanks to Lenovo Premium Audio tuning and Dolby Atmos, alongside a lower audio chamber with up to 450Hz bass performance for cinematic sound that can actually be felt. The Yoga Tab 13 is supported by the performance efficiency of an octa-core processor, the Qualcomm Snapdragon 870 Mobile Platform. This processing power helps to deliver powerful graphics and 8GB LPDDR5 of memory – making the Yoga Tab 13 capable of downloading and running high performance gaming titles in high-resolution, high speed, and low-latency.
MAY 2022
CXO INSIGHT ME
45
BLOG
SHAPING THE FUTURE
SUNIL PAUL, MD OF FINESSSE, ON THE IMPACT OF METAVERSE IN THE MIDDLE EAST
T
he Oxford dictionary categorises Metaverse as a ‘slang’ term, and today it has quickly become part of everyday conversation. Found only in science fiction until a few years ago, virtual representation of reality is now very much real and here to stay and will shape a new world. “A maximalist, interconnected set of experiences straight out of sci-fi – a world known as the metaverse” – with those words, Mark Zuckerberg changed the course of his $550 billion conglomerate of social media companies and gave it a new direction in June last year. “Our overarching goal across all of these initiatives is to help bring the metaverse to life,” he added then. When a company like Facebook – with 2.9 billion users just on one platform – puts most of its eggs in one basket and even changes its name to ‘Meta’, it is bound to catalyse the process that promises to be an integral part of human existence in the very near future. From simply enhancing the experience of gamers and retail customers to cutting-edge applications in medicine and engineering, metaverse will eventually influence all part of our lives. If everything goes as per plan, sectors like education are going to be completely democratised and transformed forever. Any child, having internet access in the remotest part of the world, will be able to join virtual schools without having to wait for the bricks-and-mortar version. A recent Gartner estimate revealed that 25 percent of the population will spend at least one hour a day in
46
CXO INSIGHT ME
MAY 2022
the metaverse by the year 2026 and that 30 percent of organisations will have products to showcase in it. A SkyQuest Technology report expected the metaverse market to grow at a staggering rate of 37.1 and reach a value of USD758 billion by 2027. Put simply, the metaverse will dissolve geographical boundaries and open up economies like never before. A shopper sitting in a remote African country will be able to shop and converse alongside a person based in Dubai in a Tokyo showroom. The shopper can ‘touch and feel’ the products and try it on before making the decision to purchase. Still an unchartered space, Metaverse is a clean canvas waiting for its artists, and the UAE is determined to have a first-mover advantage as the government and businesses embrace this future. Emirates announced last month that it is about to launch NFTs and metaverse experiences for its customers and employees. The airline will also repurpose its Expo 2020 pavilion into a centre for innovation for such future-focused projects. Real estate companies have adopted the concept with remarkable alacrity. Damac Group is investing $100 million to build its own digital cities, while Union Square House is set to launch its first metaverse mansions in the UAE. The government services are not far behind. The Ministry of Health and Prevention (MoHAP) has developed a new metaverse platform, allowing people to access medical care and receive health-related support virtually.
Earlier this month, Virtual Assets Regulatory Authority (VARA), the new virtual assets regulator in Dubai, launched a MetaHQ in ‘The Sandbox’ (a decentralised NFT gaming metaverse that enables non-tech savvy users to create, sell, use, and monetise their own virtual reality NFTs), thus becoming the ‘world’s first regulator to make its debut in the space. The UAE is even using virtual reality technology in helping train security officials in the metaverse. Abu Dhabibased International Security Alliance used various virtual crisis simulations in training exercises, which provided greater flexibility than in-person training. Experts have predicted several challenges for metaverse, including issues on governance, cybersecurity and privacy. More immediately, there are concerns about hardware, internet infrastructure and even a slowdown in adoption timeline because of the microprocessor shortage. Now is the time for tech providers to strike while the iron is hot and invest in resources that will help them have a competitive advantage. Whether the metaverse turns out to be a utopian or dystopian version of our world, remains a matter of debate. But there is no doubt that it will become a big part of human life soon.
Today’s IT agility is built on observability. SolarWinds® Hybrid Cloud Observability helps ensure services and online applications are available, operate cost effectively, and deliver a fantastic and predictable digital experience. » Modernize IT agility » Accelerate cost savings and time to value » Resolve issues faster with deep visibility and context » Improve user experience and service availability » Value across IT Ops, Dev Ops, and security
Learn more about Hybrid Cloud Observability and how we’re re-envisioning the solutions you need to drive business results. Visit solarwinds.com to learn more.