TRANSFORMING THE FUTURE

Page 1

THE FUTURE TRANSFORMING

STATE OF AI IN THE ENTERPRISE

ISSUE 53 \ MAY 2023

TO

18 STEPPING INTO THE FUTURE

20 TRANSFORMATIONAL CHANGE

44 PRODUCTS

36 A GARDENING GUIDE TO SOFTWARE ECOSYSTEMS

37 HOW IT DECISION MAKERS AND TRUSTED PARTNERS CAN MAKE A DIFFERENCE 38 DE-RISKING THE

MICROSOFT ANNOUNCES WORK TREND INDEX SPECIAL REPORT AND NEW FEATURES FOR MICROSOFT VIVA

A10 NETWORKS BOOSTS CLOUD DEFENSE WITH FIRST APPLICATION DELIVERY SOLUTION

UAE TO BECOME NEXT SILICON VALLEY, SAY EXPERTS AT MACHINE CAN SEE 2023

PALO ALTO NETWORKS UNVEILS ITS CLOUD NEXTGENERATION FIREWALL FOR MICROSOFT AZURE CUSTOMERS

CONTENTS
6 NEWS
INTERVIEWS 12 3 WAYS AI IS REINVENTING SUPPLY CHAIN MANAGEMENT 26 GETTING MORE CLARITY 28 THE DARK SIDE OF GPT 30 LEARNING NEW TRICKS 34 LOWERING CARBON EMISSIONS
PUBLISHED BY INSIGHT MEDIA & PUBLISHING LLC
18
ENTERPRISE
20
14 PUTTING AI
WORK STATE OF ARTIFICIAL INTELLIGENCE IN THE
CLOUD 40 THE PLANET OF APPS 42 THE CISO MANDATE
VIEWPOINTS 3 CXO INSIGHT ME MAY 2023

FREE ANTIVIRUS

AN IMPENDING STORM

Recently, Geoffrey Hinton, widely considered the godfather of AI, quit Google, warning us computers could soon become smarter than humans and how AI could create false images and texts. Celebrated author Yuval Noah Harari wrote that AI-driven misinformation could change the course of events and threaten the survival of human civilization. Despite all this debate about the potential negative impacts of AI, there is a lot of buzz around generative AI, with new use cases emerging. Reams of newsprint have already been devoted to popular tools such as ChatGPT and DALL-E. It is said that generative AI can potentially learn programming languages and write code; large language models are already being used to design microchips and drugs. While the usual discourse is around the impact of generative AI on visual art and content creation, not many people have paid attention to its impact on IT departments.

Generative AI can transform IT organisations by automating repetitive tasks and assist in problemsolving by providing insights, suggestions, and solutions. IT professionals can use AI-powered tools to troubleshoot issues and diagnose problems.

However, they would need to adapt to these changes, acquiring new competencies and reshaping their roles to harness the benefits of generative AI. Also, as generative AI becomes more sophisticated, IT departments will have to address the ethical considerations of its usage with clearly established guidelines and frameworks. Otherwise, it could become a double-edged sword.

In this edition, we have turned the spotlight on how AI is transforming many industries and driving business value. You will also read about another topic that is now being discussed in technology forums – insider threat. While the focus is always on external threat actors, not many organisations realise that insiders can do more harm than external hackers. While there are some stats available, it is difficult to get an up-to-date one on insider threats because most incidents go underreported or have sensitivity surrounding insider-related breaches. We’ve spoken to industry thought leaders about the measures you should be taking to prevent, detect and respond to insider threats.

Enjoy reading.

EDITORIAL
Published by Publication licensed by Sharjah Media City @Copyright 2023 Insight Media and Publishing Managing Editor Jeevan Thankappan jeevant@insightmediame.com +97156 - 4156425 Sales Director Merle Carrasco merlec@insightmediame.com +97155 - 1181730 Operations Director Rajeesh Nair rajeeshm@insightmediame.com +97155 - 9383094 While the publisher has made
of
in
magazine,
Production Head James Tharian jamest@insightmediame.com +97156 - 4945966 Administration Manager Fahida Afaf Bangod fahidaa@insightmediame.com +97156 - 5741456 Designer Anup Sathyan 5 CXO INSIGHT ME MAY 2023
all efforts to ensure the accuracy
information
this
they will not be held responsible for any errors

MICROSOFT ANNOUNCES WORK TREND INDEX SPECIAL REPORT AND NEW FEATURES FOR MICROSOFT VIVA

Microsoft announced new features for Microsoft Viva alongside the launch of the latest Work Trend Index Special Report focused on employee engagement.

The newly announced Copilot feature, which was introduced in Microsoft 365 to help individuals drive efficiency and productivity, will now extend to Microsoft Viva to help business leaders in the region build more engaged, collaborative workforces. In Viva Goals, Copilot can provide recommended goals from a planning or strategy document, while Copilot in Viva Engage can help leaders draft employee communications. In Viva Topics, Copilot will help users can get up to speed faster on a specific topic by generating a summary and offering answers based on multiple documents related to the topic. Microsoft is also bringing Glint into Viva to provide a survey tool for organisations to measure and improve engagement by seeking and acting on employee feedback. The new Viva Glint will help leaders summarise thousands of employee survey comments and provide leaders a fresh way to explore feedback by asking questions in natural language. Microsoft will also integrate Viva Glint and Viva Insights to provide leaders the ability to correlate aggregated employee engagement data with behavioural data, enabling them to

uncover new insights about what may be driving engagement up or down within their teams.

“In today’s ever-evolving workplace, it’s essential to have tools that enable business leaders to better understand and engage their workforce,” said Ahmad El Dandachi, Enterprise Commercial Lead for Microsoft in the UAE. “With the introduction of Copilot and Glint in Microsoft Viva, professionals will be able to unlock new capabilities, providing more clarity on priorities, enriching connections, and uncovering insights. We are thrilled to continue to innovate and provide solutions that help businesses thrive in today’s rapidly changing environment.”

In keeping with its mission of empowering organisations across the region do more with less, Microsoft has also released the Work Trend Index Special Report, which demonstrates why employee engagement matters to the bottom line and how next-generation AI can help. The report analysed surveys of more than three million employees at over 200 companies across industries and looked at the combined stock price movement of these companies throughout 2022, revealing several key findings.

The report showed that organisations that focused on employee engagement perform twice as well financially as

LEXAR TO UNVEIL NEXT-GENERATION MEMORY SOLUTIONS AT GITEX AFRICA 2023

Lexar will be showcasing its nextgeneration product portfolio at GITEX Africa 2023, one of the most important events in the African technology industry. The event will be held from May 31st to June 2nd, 2023 in Marrakech, and Lexar will be exhibiting at their stand on Central Aisle, Booth 4C-35.

“Lexar has been a trusted global brand of memory solutions for more than 25 years. Our participation at GITEX Africa 2023, is a part of our long-term strategic vision, to meet the growing demand for technology across the continent. The company is actively present in Morocco, as the country is certainly playing a crucial role to assist and support Africa’s

compared to those that deprioritise it. The report also demonstrated that clear communication and goal setting are key to unlocking employee engagement. Further insights revealed that at the least engaged organisations surveyed, nearly one in four employees are not sure what they should focus on. On the other hand, employees at highly engaged organisations are 46 percent more likely to see their organisations as strong communicators, 37 percent more likely to express confidence in leadership, and 16 percent more likely to be clear on what to focus on than employees at the least engaged organisations.

Lastly, the report showed that leaders need a feedback flywheel, which is a continuous loop of data that is gathered, analysed, and acted upon to sustain engagement. Employees at highly engaged organisations are 40 percent more likely to have confidence that their feedback will lead to action, and they are 56 percent more likely to say that their organisations continually improve processes.

NEWS
Ahmad El Dandachi, Microsoft
6 CXO INSIGHT ME MAY 2023

A10 NETWORKS BOOSTS CLOUD DEFENSE WITH FIRST APPLICATION DELIVERY SOLUTION

The last decade of digital transformation has turned most organisations today into true digital businesses. But the effectiveness and economics of cloud operating models have become top concerns. How to best secure, optimise, and automate hybrid cloud environments in the most effective manner is a significant challenge. To solve this problem, A10 Networks is announcing a combined solution of the Thunder Application Delivery Controller (ADC) and the new A10 Next-Generation Web Application Firewall (WAF), powered by Fastly, to enable automated, multi-layered security, and resilience.

As organisations seek to establish an efficient and effective cloud operating model, the combined technology enables a highly performant security solution at a strategic application ingress point that reduces false positives and automates security, empowering agility and effectiveness. The end solution ultimately helps deliver better cloud economics and business outcomes.

Improving the Security and Resiliency of Hybrid Cloud

The company is adding the A10 Next-Gen WAF, powered by Fastly, to its solution portfolio as an integrated add-on to its A10 Thunder ADC solution. Together, the A10 Thunder ADC and A10 NextGen WAF implementation provides a single solution to enhance web defenses

rapidly expanding digital economy,” said Fissal Oubida, General Manager – Middle East, Africa, CIS and Indian subcontinent, Lexar.

GITEX Africa 2023 is a perfect opportunity for Lexar to showcase its award-winning portfolio designed to specifically meet the unique needs of African consumers that are focused on quality, performance, and reliability. Lexar’s state-of-the-art photography, videography, and gaming portfolio of memory and storage solutions, which

across software and hardware appliances installed in hybrid cloud environments. The solution can be deployed across multiple form factors, including virtual machines and hardware appliances.

Thunder ADC, in addition to providing advanced availability options, can perform DDoS protection, authentication, and protocol checks at scale. The integrated A10 Next-Gen WAF provides deep web application security services. As the solution sits at the primary application ingress point, a single deployment can efficiently front-end one, hundreds, or thousands of applications without the need for individual server end-point deployments. This enables faster time to market with secure application deployments.

“A10 Networks provides highperformance application delivery and security, and its solution is a natural fit for our next-gen WAF to help provide mutual customers with deep web application security for hybrid cloud environments. This is the first software and hardware application delivery controller implementation for Fastly, which expands our addressable market and provides A10 with the most advanced WAF technology for its customers,” said Emily Friedberg, group vice president, global partnerships at Fastly.

Protect Applications While Keeping Overhead and Disruption Low

The A10 Thunder ADC and A10 NextGen WAF combine to provide a series of

includes, SDXC, SDHC, microSD, CFExpress cards, card readers, DRAMs, internal SSDs, portable SSDs, and USB flash drives.

“We foresee many opportunities for Lexar, as there is an increasingly rapid technology adoption and growing demand by the urban African population. We are looking forward to developing strategic engagements, building connections, and meeting with key stakeholders from the African tech ecosystem,” concluded Oubida.

capabilities that outpace traditional standalone or existing web application firewalls. These include:

Layered Defense – Counters modern web threats, and includes OWASP Top 10 mitigation, DDoS protection, authentication, and TLS/SSL decryption.

Simplification via Consolidation –

Converges under Thunder ADC as a fully integrated single appliance solution that is optimised with advanced load balancing, ADC caching, and the Fastly cloud service; customers have a single point of support with A10.

Ease of Use – No learning period for IT teams with near-zero false positives; almost 90 percent of Fastly users run in blocking mode, ensuring only bad traffic is stopped.

Lower Costs – Provides superior protection with little or no tuning; uses a combination of thresholding, along with Fastly’s proprietary Network Learning Exchange (NLX) and SmartParse technology, to reduce false positives, for highly effective automated detection and blocking.

Reduced Risk – Protects against modern attack vectors like account takeover (ATO), enumeration, and DDoS; integrates with popular DevOps and SIEM tools, making it a great fit for enterprise DevSecOps teams.

“When selecting a partner to deliver superior web application firewall security for our hybrid cloud solutions, Fastly was an obvious choice. It has been a Gartner Peer Insights Customers’ Choice for Cloud Web Application and API Protection (WAAP) for the last five years. Our combined solution will help customers ensure security and resiliency while reducing the operational overhead for security teams,” said Mikko Disini, VP of product line management at A10 Networks.

Mikko Disini, A10Networks
7 CXO INSIGHT ME MAY 2023

UAE TO BECOME NEXT SILICON VALLEY, SAY EXPERTS AT MACHINE CAN SEE 2023

with their mandates defined,” he added.

The fact that the UAE is the only country with a state-level Ministry of AI is a testament to its commitment to supporting the progress of AI technology.

The one-day summit was hosted under the aegis of the UAE Ministry for Artificial Intelligence, Digital Economy and Remote Work Applications, Dubai’s Department of Economy and Tourism, and Dubai Future Labs, an initiative of the Dubai Future Foundation, exploring current advancements of AI, its applications, and its future in the UAE and the rest of the world.

Dubai can ace the race of the world’s cities aspiring to become the next Silicon Valley, said a group of experts from around the world who assembled at the Museum of the Future in Dubai, visualising this city as a place with the capability to envision, imagine and bring things to reality.

Speaking at a panel discussion titled “Government, Business and Science” at the ‘Machines Can See 2023’ summit, the experts conversed about the future of Artificial Intelligence (AI) in the UAE and its potential to become the next Silicon Valley.

Exploring the seamless possibilities of AI, policymakers from the public sector, businesses, and academia opined that Dubai and the UAE are rapidly becoming a hub of advanced technologies, particularly in AI.

“We are privileged to have hosted the ‘Machines Can See 2023’ summit in the UAE. The name ‘Dub.ai’ reflects the UAE’s supportive environment for innovation and AI advancement for humanity’s benefit. We brought some of the brightest minds in the field to the prestigious Museum of the Future, sharing their powerful vision and knowledge,” said Alexander Khanin, founder, and director of Polynome, which organised the summit.

“All cities around the world aspire to become the next Silicon Valley. However, to become that, a city needs to consider the factors contributing to the innovation ecosystem: a combination of talent, capital, private sector engagement and commercialisation,” said Sharif El-Badawi, CEO of Dubai Future District Fund, during the discussion.

Elaborating on what more it would take for the UAE to become Silicon Valley, El-Badawi said, “It is possible by finding a way to commercialise research and innovations in science and technology to create a successful ecosystem similar to Silicon Valley. The government, academia, and corporates also play important roles in creating an environment conducive to innovation,” he added.

“As the UAE has successfully attracted talent, its next focus should be on knowledge creation and building technical capabilities. This is the next wave happening in the nation. Our efforts will unlock the potential within Dubai’s Government-related entities to create value-add tracks for technologists building in the region,” remarked El-Badawi.

Khalifa AlQama, Director of Dubai Future Labs, Dubai Future Foundation, said technology is the most crucial enabler. “The most critical aspect is the business value brought by having all the localised infrastructure, which can enable AI adoption as an enterprise. We have established an AI ecosystem, a localised service stack to assist organisations in modernising data. We need to assist organisations on the ground to modernise their data best and prepare the data for the AI.”

“Organisations can modernise their data, which is more of a problem than AI itself. If you can address that problem, AI will probably have the right food to eat in general, the expected outcomes. Each vertical has its appetite, be it banking, finance, healthcare, education, or the government, which always takes the lead

This year, the summit deliberated on the future of computer vision and machine learning with the foremost experts in 3D computer vision, deep learning, generative AI, Augmented Reality (AR), Virtual Reality (VR) and so on.

The summit featured a diverse range of presentations and panel discussions from experts like Hao Li, Associate Professor at the Mohamed bin Zayed University of AI; Marc Pollefeys, Director of the Microsoft Mixed Reality and AI Lab, Professor at ETH Zürich; Philip Torr, Professor at Oxford University, Co-Founder at Aistetic Oxsight, and Chief Scientist at FiveAI; Bernard S. Ghanem, Professor at King Abdullah University of Science and Technology; Fernando de la Torre, Professor at Carnegie Mellon University; Serge Belongie, Professor at the University of Copenhagen; Daniel Cremers, Professor at the Technical University of Munich, Director and Co-Founder at Artisense; Manohar Paluri, Senior Director at META; Dr Abrar Abdulnabi, Head of AI at Saal.ai; Kamran Ashan, Senior Director AI and Smart Data at Etisalat; Ms. Sameera Fernandes, Global Educationist and Director – Corporate Affairs & Sustainability, Century Financial; and Alexei Posternak, Managing Partner at INTEMA.

The ‘Machines Can See’ summit was organised by Polynome Events and received support from governmental and academic organisations such as Destination Alliance, the Ministry of State for Artificial Intelligence, Digital Economy and Remote Work Office, Khalifa University, Mohamed Bin Zayed University of Artificial Intelligence, Dubai Future Foundation as well as sponsors, including INTEMA technological accelerator, YanGo and Century Financial.

NEWS
Alexander Khanin at the Machines Can See Summit
8 CXO INSIGHT ME MAY 2023

PALO ALTO NETWORKS UNVEILS ITS CLOUD NEXT-GENERATION FIREWALL FOR MICROSOFT AZURE CUSTOMERS

Palo Alto Networks announced it is bringing its industry-leading ML-Powered Next-Generation Firewall (NGFW) to Microsoft Azure as a fully managed Azure-native ISV service. Cloud NGFW for Azure offers a comprehensive security solution with industry-leading capabilities such as Advanced Threat Prevention, Advanced URL Filtering, WildFire and DNS Security. Powered by AI and ML, it can stop known, unknown and zero-day threats, enabling customers to safely and more quickly migrate their applications to Azure.

As an Azure-native ISV Service by Palo Alto Networks, Cloud NGFW for Azure is fast and painless to procure and deploy from the Azure portal. Additionally, the service is fully managed by Palo Alto Networks, so customers don’t need to worry about scaling, resilience and software updates. Cloud NGFW for Azure also integrates with Azure Virtual WAN deployments, enabling customers to protect traffic across their entire network.

“Enterprises are keen to move to the cloud quickly without compromising their on-prem security standards,” said Anand Oswal, senior vice president of Network Security at Palo Alto Networks. “With Cloud NGFW for Azure, an ML-powered NGFW delivered as an Azure-native ISV service, organisations can confidently migrate to the cloud and run applications at cloud speed and scale while maintaining robust security. This solution provides enterprises with the agility they need to compete in today’s fast-paced business environment, while ensuring that their cloud applications are secure and protected by industry-leading technology.”

“At Microsoft, we are dedicated to ensuring that Microsoft Azure is the most trusted and secure cloud platform. With the preview release of the Palo Alto Networks Cloud NGFW (Next-Generation Firewall) for Azure, we are pleased to expand our ecosystem of native ISV solutions and provide customers and developers with more options to meet their security needs. This collaboration between Palo Alto Networks and Microsoft combines the scalability and reliability of

Azure with Palo Alto Networks expertise to help safeguard our customers against the latest threats,” said Julia Liuson, president, Microsoft Developer Division at Microsoft.

With Cloud NGFW for Azure, customers benefit from:

Palo Alto Networks Best-in-Class Security: Unparalleled security features thanks to its industry-leading machine learning (ML) powered NGFW. Cloud NGFW for Azure uses AI and ML to detect and stop known, unknown and zero-day threats, enabling customers to stay a step ahead of sophisticated adversaries. This advanced technology has allowed Palo Alto Networks to block nearly 5 billion events each day, demonstrating the effectiveness of this solution in providing robust security to customers.

Ease of Use: Cloud NGFW for Azure is designed to be incredibly easy to use, thanks to its Azure-native ISV Service architecture. This enables customers to procure and deploy the solution directly from the Azure portal in just a few minutes, providing instant protections against cyberthreats. The solution is also painless to operate as Palo Alto Networks takes care of scaling, resilience and software updates. Furthermore, Cloud NGFW for Azure integrates seamlessly with Azure Virtual WAN deployments, enabling customers to protect traffic across their entire network. This integration provides customers with the agility and flexibility they need to manage their cloud security while focusing on their core business objectives.

Consistent Security and Management from On-Prem to Cloud: The integration of Panorama with Cloud NGFW for Azure offers a host of benefits to customers. Firstly, it enables seamless security policy extension from on-premises to Azure, simplifying operations and reducing administrative workload and total cost of ownership. More importantly, this integration enforces the same high standards of security in the cloud, ensuring that customers’ cloud environments are secure and protected against cyberthreats. Additionally, the integration provides centralised visibility, providing valuable insights into the threats on their network from on-premises environments to any cloud. This enables customers to manage their security policies through their existing Panorama console, streamlining management and allowing their cloud teams to focus on application migration and new application development.

“We’ve set up network security for hundreds of customers over the years and deploying and managing in the cloud can be a complex process. Palo Alto Networks Cloud NGFW for Azure takes away that complexity,” said Rob Maas, lead architect, ON2IT. “The simplicity of the deployment process and management gives our managed SOC the ability to focus on security for our customers instead of the infrastructure. All while maintaining Palo Alto Networks world-class security.”

“We continue to see enterprises rapidly moving their applications to the cloud, with many choosing Microsoft Azure as their primary cloud provider. We also see organisations making good use of their existing in-house network security expertise, maintaining consistency between security policies for cloud and on-premises, and optimising management activities.

Palo Alto Networks’ release of Cloud NGFW for Azure touches on all of these points by offering a cloud-native managed version of their well-known firewalling capabilities, with the benefit of integration into the Panorama management framework,” said Fernando Montenegro, senior principal analyst at Omdia.

Anand Oswal, PaloAlto Networks
9 CXO INSIGHT ME MAY 2023

GARTNER ANNOUNCES THE TOP 10 GOVERNMENT TECHNOLOGY TRENDS FOR 2023

adaptive security to broader digital innovation, transformation, national security and resilience objectives.

Cloud-Based Legacy Modernisation

CIOs must prepare for widespread AI use by ensuring data is available at points of decision and by establishing effective governance principles.

Data Sharing as a Programme

Gartner identified the top 10 government technology trends for 2023 that can guide public sector leaders in accelerating transformation as they prepare for postdigital government and a relentless focus on mission objectives.

“Not only is the current global turmoil and technological disruption putting pressure on governments to find a balance between digital opportunities and risks, it also presents solid opportunities to shape the next generation of digital government,” said Arthur Mickoleit, Director Analyst at Gartner. “Government CIOs must demonstrate their digital investments aren’t just tactical in nature as they continue to improve service delivery and core mission impacts.”

Government CIOs should consider the impact of the following technology trends on their organisations and apply insights to make a case for investments to improve business capabilities, achieve leadership priorities and create a more future-ready government organisation.

Adaptive Security

Gartner predicts that by 2025, 75% of government CIOs will be directly responsible for security outside of IT, including operational and missioncritical technology environments. The convergence of enterprise data, privacy, supply chain, cyber-physical systems (CPS) and cloud requires an integrated security approach. CIOs should link

Leading governments are under pressure to break down legacy, siloed systems and data stores to modernise IT infrastructure and applications to ensure more resilient government services. CIOs can use adaptive sourcing strategies to identify areas where “asa-service” delivery models augment internal resources and address business priorities. Gartner predicts over 75% of governments will operate more than half of workloads using hyperscale cloud service providers by 2025.

Sovereign Cloud

Global uncertainty, as well as concerns over data privacy and potential government overreach, are resulting in greater demand for sovereign clouds. Governments are increasingly seeking to limit exposure of data and infrastructure by external jurisdictions and foreign government access. Gartner predicts over 35% of government legacy applications will be replaced by solutions developed on low-code application platforms and maintained by fusion teams by 2025.

Hyperautomation

According to Gartner, 60% of government organisations will prioritise business process automation by 2026, up from 35% in 2022. Hyperautomation initiatives support business and IT processes in government to deliver connected and seamless citizen services. CIOs must align automation initiatives with current priorities to pursue digital transformation, while also optimising operational costs.

AI for Decision Intelligence

By 2024, Gartner predicts 60% of government AI and data analytics investments will directly impact real-time operational decisions and outcomes. AI for decision intelligence provides governments with rapid, accurate and early decision-making capabilities at scale.

Data sharing as an ad hoc effort among agencies and departments is no longer sufficient given the demands to drive value from data and analytics. By the end of 2023, Gartner predicts 50% of government organisations will establish formal accountability structures for data sharing, including standards for data structure, quality and timeliness. CIOs should focus on value-added and mission objectives when developing data-sharing initiatives.

Total Experience (TX)

By 2026, government total experience (TX) approaches will reduce process ambiguity by 90%, while increasing satisfaction metrics for both customer experience (CX) and employee experience (EX) by 50%. TX creates synergies and coherence among traditionally siloed disjointed CX, EX, multi-experience (MX) and user experience (UX) disciplines in support of government transformation. CIOs can reduce experience friction points by mapping, visualising and redesigning citizen and employee journeys.

Digital Identity Ecosystems

Gartner predicts over a third of national governments will offer citizens mobile-based identity wallets by 2024. Governments are facing new responsibilities in emerging digital identity ecosystems, with expectations to ensure trust, innovation and adoption across sectors and borders. To achieve this, governments must make high-assurance digital identity easy to obtain and relevant for diverse target groups of end users and service providers.

Case Management as a Service (CMaaS)

The integration of government services depends on designing and developing case management solutions as composable products and services that can be shared across the programmes, verticals and levels of government. Gartner predicts that by 2024, agencies using composable case management will implement new

NEWS
10 CXO INSIGHT ME MAY 2023
Arthur Mickoleit, Gartner

Unlock next-level travel experiences and rewards for your customers.

Today’s banking customers want loyalty experiences that elevate every journey. That’s why the original and leading global lounge programme—LoungeKeyTM, brought to you by Collinson—ranks highest in customer enjoyment.

With LoungeKey you can unlock market-leading access to 1,300 airport lounges and premium experiences at more than 650 airports, across 148 countries.

Check out our LoungeKey Banking Hub to learn how the global leading lounge experiences programme can:

keep your card top of wallet for travellers with unique Access on Payment Card and Co-Brand features

delight your customers with luxury experiences, ranging from spas and sleeping pods to restaurants and gaming lounges give your customers seamless airport experiences, no matter where they travel to increase customer value and acquisition.

• Visit our LoungeKey Banking Hub to unlock the benefits of the world’s favourite digital travel companion for your customers.

• • •
from
LoungeKey Banking Hub

3 WAYS AI IS REINVENTING SUPPLY CHAIN MANAGEMENT

WITH AI, ENTERPRISES NOW HAVE BETTER TOOLS TO BECOME MORE FOCUSED ON ACHIEVING THE MOST OPTIMAL OUTCOME. IT IS TIME TO TRAIN YOUR WORKFORCE FOR IT, WRITES KEVIN MILLER, CHIEF TECHNOLOGY OFFICER AT IFS

If there is one major takeaway from the last several years in business, it is that disruptions are, and will continue to be, commonplace – so companies need to be ready for it. They can only survive this level of uncertainty by using every tool at their disposal. Fortunately, smart technology has matured enough to be a viable tool in their arsenal.

With the proper AI configurations, business leaders can finally have full visibility into their organisations in realtime. As they try to use that information to streamline and optimize their operations, they will also need to address the talent gap currently affecting organisations across the economy. There is no easy solution to it, but once the smart technology is firmly integrated in the workflow and employees are sufficiently trained to use the smart technology, businesses will be well prepared to weather the next major shock.

1.

requires breaking down silos within an organisation’s tech stacks and embedding the new technologies into the operation of the company. If AI is built into supply chain performance through integrating weather prediction into the process, it’s able to help preempt possible disruptions due to the weather. Weather events are becoming increasingly more common and disruptive to the supply chain process. Nowadays, running on standard lead times doesn’t work anymore – it’s too tight, meaning that timelines are completely disrupted when a notable weather event happens.

With AI that can use historical weather trends along with meteorological readings, businesses can measure the probability of lead times being disrupted by a weather event. If there’s a high probability, businesses can then change their plans to prepare for the forecast, which can even happen automatically given an AI with the capability to make changes directly ordering and shipping instructions.

The moral? You can’t stop a hurricane from happening, but the better you can

anticipate and plan around it, the better your performance will be when it happens.

2. Leveraging Predictive Asset Management

Predictive maintenance is becoming increasingly popular as companies adopt new AI and ERP tools. Predictive asset management (PAM) is a form of asset performance management (APM) that uses IoT data to improve asset reliability, lower maintenance costs, and better understand asset performance. APM ensures that assets are able to perform at optimal levels, increasing their reliability and availability and driving the use of IoTsourced data.

PAM lowers costs and reduces the necessary time associated with maintenance by streamlining the work order process. Once it ingests an alarm signal or fault code from a piece of equipment that has gone down, the AI analyzes previous work for that type of equipment and that particular signal code. Based on the history of repair trips for the code and machine, AI then

VIEWPOINT
Pre-empting Weather Disruptions Leaving behind legacy technologies in the era of digital transformation
12 CXO INSIGHT ME MAY 2023

determines the correct spare parts and tools necessary to complete the repair and can note it down on the work order, thereby eliminating the need for a preliminary diagnostic trip to the equipment and the time needed to order the parts.

Coupled with IoT, where the equipment is able to feed the AI this information directly, predictive asset monitoring is a game changer for anybody who works with the equipment such as field service technicians.

3. Optimising Data

In order to achieve all of the promises of AI and predictive maintenance, collecting the right data is critical. The primary method for companies that design, build, deploy and service assets that might make use of AI in their supply chains or asset maintenance, sources this data from sensors on equipment in the field or data coming from the production floor. With the ability to incorporate quality filters into the process, businesses can cut down on costs and prevent someone from having to go out in person by using data directly from the source.

This data is the key insight to what’s really happening with those assets. If businesses are constantly monitoring the surrounding conditions, they may even be able to predict that maintenance should happen before or after it is regularly scheduled. For instance, if you see that the equipment’s temperature is rising before it’s scheduled for maintenance, you can address it before the temperature gets too high and the machine goes offline, which would result in a much bigger interruption. Information directly from the asset makes this predictive aspect of the data usage, and the resulting outcome, all that much better.

Smart machines take smart people to work

At IFS, we are seeing a ramp up in investment among manufacturers and field service providers in data science, creating new job roles. A recent survey commissioned by IFS revealed that nearly a third of businesses cite

technological superiority as the most significant differentiator, a figure that has tripled since 2018. It clearly shows the unrelenting desire from businesses to take advantage of all the benefits that smart technology provides.

While the appetite for deploying advanced technology has only increased, the supply of skilled workers needed to navigate such deployment has failed to keep up with demand. In fact, according to the same IFS survey, nearly 50% of businesses reported that they struggle to meet service level agreements – 37% attributed it to inadequate tech support. Moreover, for manufacturers, the issue of skills shortage has never been more clear, with 44% citing the shortage of skilled labor and turnover a top concern for them, while a further 40% said user adoption of new technology and 29% pointed toward the increased complexity of assets as their top concerns.

Having the right people is as important as having the right equipment to do the job. Reskilling and upskilling existing employees can be a good place to start – especially as attracting the right talent becomes more challenging with a growing labor shortage across the broader economy. By retaining and retraining existing employees for new roles, companies keep the

WHILE THE APPETITE FOR DEPLOYING ADVANCED TECHNOLOGY HAS ONLY INCREASED, THE SUPPLY OF SKILLED WORKERS NEEDED TO NAVIGATE SUCH DEPLOYMENT HAS FAILED TO KEEP UP WITH DEMAND. IN FACT, ACCORDING TO THE SAME IFS SURVEY, NEARLY 50% OF BUSINESSES REPORTED THAT THEY STRUGGLE TO MEET SERVICE LEVEL AGREEMENTS – 37% ATTRIBUTED IT TO INADEQUATE TECH SUPPORT.

institutional knowledge key to a welloiled machine and save the costs associated with layoffs. It also builds a perception of a healthy company, which is key to attracting further customers and investments, let alone boosting employee morale.

Starting an apprenticeship program could also help. Learning hands-on while on the job allows companies to train people specifically to their standards. Workers who graduated from apprenticeship programs are also more likely to stay, helping companies retain trained skilled talent. It is also an affordable path for people to “earn and learn”, gaining the skills required for the new, tech-enabled roles.

It takes more than one solution to addressing the labor problem, people and technology are two sides of the same coin. With AI and the innovations it brings, enterprises now have better tools to become more focused on achieving the most optimal outcome. Whereas smart technology has matured enough for real-world deployment, labor remains the last piece of the puzzle. Businesses will need to start tackling the labor problem so as to have the right workforce to realize the promises of technological advancements. For any organisation to be successful, it requires both advanced technology and well-trained people to make use of such technology.

13 CXO INSIGHT ME MAY 2023

PUTTING AI TO WORK

STATE OF ARTIFICIAL INTELLIGENCE IN THE ENTERPRISE

Artificial intelligence (AI) continues to evolve rapidly, transforming businesses across various industries. AI is being used to optimize business processes and to automate routine tasks. Enterprises in the region are starting to roll out AI-based applications built from the ground up to meet specific business needs. As AI progresses, organizations embracing and leveraging these technologies effectively will have a competitive advantage in their respective industries.

According to a recent report by PwC, the potential contribution of AI to the global economy is expected to peak at almost $16 trillion by 2030. The Middle East is expected to accrue 2% of the total global benefits of AI in 2030. This is equivalent to $320 billion or about 11% of its GDP.

“The next few years can expect further development of sophisticated models of AI applications in the Middle East, driven by government bodies and agencies. For example, the UAE is aiming to be amongst world leaders by 2030, as

its government’s recently launched AI strategy promotes increased reliance on AI in services, sectors, and infrastructure projects and the expansion of AI use across sectors like education, energy, transportation, space, and technology, and more,” says Dr Neamat El Gayar, Programme Director of the MSc in Artificial Intelligence at Heriot-Watt University Dubai.

The impact of AI on businesses today is substantial. AI is at the heart of data analytics, automation, application/platform modernisation,

COVER STORY
Ramprakash Ramamoorthy Rob McGreevy
14 CXO INSIGHT ME MAY 2023
Vijay Jaswal

and collaboration. And Middle East and Africa (MEA) are at the forefront of AI adoption. According to IDC’s Worldwide Artificial Intelligence Spending Guide, the MEA region will see the world’s fastest AI spending growth through 2026 at a compound annual growth rate (CAGR) of 29.7% over the 2022–2026 period, reaching $6.4 billion in 2026. Banking, retail, and federal/central government will be the MEA region’s biggest spenders on AI in 2023.

Manish Ranjan, Senior Research Manager for Software, Cloud and IT Services for IDC MEA, says organisations across public and private sectors are increasingly investing in AI, data analytics and business intelligence solutions in order to strengthen and expand their customer experiences, build digital capabilities, and drive innovation. Augmented customer service agents, fraud analysis and investigation, augmented threat intelligence and prevention systems, and sales process recommendation and augmentation are the key business use cases where organizations are investing more in the market.

He adds with the emergence of low code, no code, there will be accelerated adoption of AI-embedded applications and platforms which will reduce the time-to-market for businesses and drive the innovation in an agile environment. It significantly reduces the complexities of the development process, minimises the cost, and allows businesses to automate processes and increase productivity using AI tools.

Among the current AI trends, the most talked about is conversational AI, which is being used in chatbots, virtual assistants and voice-controlled devices. With generative AI becoming far more accessible, the obvious question is around how it can be leveraged to drive business value.

“Some industries, such as healthcare, are exploring use cases with significant transformative potential. From drug discovery and development, to clinical trials and drug manufacturing, leaders in the sector are demonstrating intent to leverage the power of AI to aid the next phase of growth. Of course, the development of such applications can be highly complex and will require specialised skill sets. So, it is an interesting space to watch and successes here are likely to inspire other industries to follow suit,” says Nick Curran, Head of Endava Middle East and North Africa.

Ramprakash Ramamoorthy, Director of AI research, ManageEngine, echoes a similar opinion: “Generative AI has the potential to significantly enhance content creation and comprehension, leading to substantial advancements in fields such as EdTech, customer service, sales, and marketing. By automating the generation of diverse and engaging content, AI can revolutionise the way information is presented and consumed. “

In the realm of EdTech, this could result in more personalised learning experiences and improved knowledge retention. In customer support, AI can facilitate more efficient and accurate assistance while in sales and marketing,

it can enable the development of highly targeted and effective campaigns. Overall, the integration of generative AI in these areas is expected to yield substantial improvements in both the user experience and outcomes.

“At ManageEngine, we specialise in building tools for IT operations management (ITOM). ITOM systems and software are often highly structured and deterministic, which may not require AI’s creative or generative capabilities. The high precision and accuracy required in ITOM, especially from the security and monitoring angle, may make it difficult for generative AI models to produce reliable results,” says Ramamoorthy.

Though generative AI has been around for decades, the big recent change is the creation of massive, large language model called GPT-3 (and more recently 3.5 and 4).

“That’s the big difference. But that alone won’t change industries in a major way. You also need to be able to blend that “brain” (where it knows nothing beyond the date it was trained) with upto-date industrial data through additional AI to make sense of it all in context. This is the game changer and will add massive value to most all industries,” says Rob McGreevy, Chief Product Officer, AVEVA.

However, he says this is not ChatGPT. This is the large language model “brain” being combined with both industrial data and fit-for-purpose AI (such as a neural net) to provide game-changing value that can be tailored to the industrial world. This will play a significant role in helping move AI from task-based to objective-driven.

Manish Ranjan Neamat Elgayar
15 CXO INSIGHT ME MAY 2023
Nick Curran

Ranjan from IDC says the impact of generative AI is mostly witnessed in product development or product design, software development, customer engagement, marketing and sales processes. However, there are growing concerns too, especially around data security, governance of intellectual property (IP) rights, and ability of organizations to filter out unauthenticated information. Organizations must enforce a concrete data governance and security measures to ensure that the benefits of generative AI are harnessed, while also safeguarding against potential risks.

Will low code, no code accelerate the democratisation of AI?

Yes, low code/no code capabilities will absolutely accelerate the democratization of AI, says Vijay Jaswal, Chief Technology Officer, APJ&MEA, IFS. This will largely be accomplished by allowing regular users (without deep technical knowledge) to create additional value in the application through the ability to add new functionality (new fields, new logic, new screens, etc.).

Additionally, users will be able to model new AI scenarios through the use of low code/no code tools. Historically, even nominal system changes required deep and specific technical knowledge. This often lead to long development cycles, extensive testing requirements and created ‘version lock’ so customers were unable to upgrade or update the software without costly projects.

Low code/no code tools and platforms allow ‘citizen developers’ to extensively tailor their solution without costly and/ or knowledge constrained resources. These changes can be tested and applied much more quickly, and without locking the customer into a specific version of the software. This will evolve into users or super users also being able to augment AI algorithms to better suit their business and technology needs, says Jaswal.

The impact will be somewhat circular, says McGreevy from AVEVA. “For example, low code/no code will certainly help accelerate AI democratization by allowing it to be developed and accessed much faster and easier.

However, AI will also help democratize access to low code/no code capabilities using generative AI that leverages the new large language models to write code based on a user’s text descriptions and requirements. The resulting

software could be new implementations of AI that are easily accessible as independent executable code. This could soon advance to AI being able to proliferate and democratize itself,” he sums up.

WHAT THE EXPERTS SAY

“GENERATIVE AI WILL ABSOLUTELY DISRUPT BUSINESSES ACROSS ALL INDUSTRIES. WE STAND IN A MOMENT AS TRANSFORMATIONAL AS SEARCH IN 1994 OR THE ADVENT OF THE MOBILE APP STORE IN 2008. THIS WILL BE A “BEFORE AND AFTER” MOMENT WHICH MARKS A TECHNOLOGICAL AND SOCIETAL SHIFT, AND FOR KIDS THAT ARE GOING TO GROW UP HAVING NEVER KNOWN LIFE WITHOUT IT — THEY WILL NEVER UNDERSTAND THE CONCEPT OF CLICKING LINKS ON A PAGE OF SEARCH RESULTS AND SCANNING A WEBPAGE FOR THE ANSWER TO A QUESTION.

“UNLIKE PREVIOUS INTELLIGENCE AND AUTOMATION CAPABILITIES, GENERATIVE AI CAN AUTOMATE JUST ABOUT ANYTHING! PREVIOUSLY, WE STRIVED TO AUTOMATE THE LOW-VALUE, REPETITIVE TASKS IN OUR DAY BUT NOW WE EXPECT AI TO PLAY AN INTEGRAL ROLE IN ALMOST ALL ASPECTS OF BUSINESS. FROM PUBLIC SECTOR TO CONSUMER GOODS, AI WILL BE ENHANCING, ACCELERATING, AUTOMATING, DRIVING EFFICIENCIES, CREATING IDEAS — AND NEW JOBS AND WAYS OF WORKING.

“AS ECONOMIC VOLATILITY MAKES COMPANIES REASSESS THE VALUE OF THEIR AI INITIATIVES, AND THE ENTERPRISE PLATFORMS SUPPORTING THEM, WE’LL SEE COMPANIES LOOK TO EXPERTS TO FOCUS ON BUILDING REALISTIC, LASTING, AND SCALABLE IMPACT. ANY ECONOMIC DOWNTURN MAY TRIM DATA TEAMS, AND, AS WITH ANY TECHNOLOGY, AI HAS TO BECOME A PRODUCTIVITY MULTIPLIER QUICKLY TO PROVE ITS VALUE. THE BEST WAY TO DO THAT IS TO CHOOSE NOT TO DO CERTAIN THINGS. AI-DRIVEN SURVIVAL AND SUCCESS MAY COME DOWN TO ENSURING YOU DON’T SELECT THE WRONG USE CASES, AS DOING SO MIGHT BREAK STAKEHOLDER SUPPORT FOR AI IN THE ORGANIZATION.

“WE WILL SEE REUSE BECOME ABOUT AVOIDING THE COSTS OF THE MOST EXPENSIVE KINDS OF AI MODELS. WHILE THE COST-EFFECTIVENESS OF THE CLOUD IS ENTICING, THE APPETITE FOR DATA FROM THE MOST SOPHISTICATED AI MODELS IS INCREASING MUCH FASTER THAN CLOUD COSTS ARE DECREASING. THIS MEANS THE MOST IMPRESSIVE AI MODELS AVAILABLE TODAY CAN ONLY BE BUILT BY A HANDFUL OF VERY LARGE COMPANIES. SO IF YOU ARE NOT A MULTINATIONAL TECH GIANT, IT’S TIME TO THINK SERIOUSLY ABOUT WHETHER SOMETHING LIKE CUSTOM-BUILT IMAGE RECOGNITION AI IS ACTUALLY THE CORE OF YOUR BUSINESS, OR WHETHER YOU CAN BORROW SOMEONE ELSE’S TO START WITH, SAVING 99% OF THE COST AND DELIVERING VALUE SOONER THAN LATER.”

Sid Bhatia, Regional Vice President & General Manager, Middle East & Turkey at Dataiku.

COVER STORY
16 CXO INSIGHT ME MAY 2023

STEPPING INTO THE FUTURE

RAJAN KRISHNAN, GROUP VICE PRESIDENT, PRODUCT DEVELOPMENT, ORACLE, TELLS US HOW THE COMPANY IS ACCELERATING DIGITAL INNOVATION WITH ITS AIINFUSED CLOUD APPLICATIONS.

What are you hearing from your customers?

It depends on where I talk to customers. In other parts of the world, it is the efficiency mindset. It’s about cutting costs and doing more with less. In the US, they’ve been talking about recession for more than one and a half years now. It is the same mindset in the UK, where there is inflation and supply chain challenges. There are cost pressures everywhere, and consumer demand is beginning to weaken in those markets. So as a result, the focus is more on the efficiency play. It is a different story here in the Middle East. After the war in Ukraine, and the oil bonanza, the current budget surplus in the GCC was $660 billion. That is causing a growth mindset here. Though efficiency is still important, there’s so much growth in these markets that customers are telling me about innovation; they’re standardizing their back office. By back office, we mean ERP, EPM, and supply chain. The uptake of Oracle Fusion is rapidly increasing in this region; customers are moving from existing on-premise or non-Oracle Applications to our cloud. Fusion Applications include everything from ERP, EPM, and supply chain to CX.

What can you tell us about your supply chain management product’s new AI and automation capabilities?

Within the supply chain, there’s a big focus on AI. We are using the AI engine to predict lead times from suppliers better so that it compares historical delivery times from a supplier for a

specific product. It’s a very fine-grained analysis. If a supplier says eight days, and historically, they’ve given to you in five days, there is no need to wait eight days for the planning period. Similarly, they say eight days and have delivered, historically, in 11 days, the AI engine will tell you to change your production plan. So that is picked up in our supply chain planning module. Another new feature we announced at this Cloud World tour is rebate management, which is useful in some industries like pharmaceuticals and consumer packaged goods, where cash flows both ways from customer to supplier. This process gets complicated very quickly when you have many product lines and rebates, and you need to know which ones are valid or which ones you need to have a complete audit trail for. In large companies, it becomes cumbersome because so many people are working on this. So that whole process has been automated with rebate management. And the third thing within

the supply chain that we have announced is the order-to-cash process. What we have unique to Oracle, which is different from other cloud solutions, is that we have subscription management, order management, configurator, and pricing. And, of course, we have finance. We have stitched this all together so that it’s one seamless flow.

How are you leveraging AI and ML in your product portfolio?

We have been leveraging it for many years on the infrastructure back end with our autonomous database and automated patching for security, etc. On the application side, we are using AI in many areas. One is conversational user experience, which will guide the user through whatever the next step needs to be. That’s called digital assistant, powered by AI. Digital assistants can be used in ERP, supply chain, HCM or CX. Another example in the supply chain is the lead time example that I just gave you, where you have a more accurate version of the lead time. When it comes to HCM, we are using the AI engine within recruiting process, which will predict which candidate is likely to last in a company and build a carrier versus which candidate is likely to leave after one or two years. And then, there is a customer data platform in our user experience called Unity. Unity has pre-built AI and ML models specific to each industry. It’s finetuned for a very large volume of industry data sets to make predictions.

How do you tackle AI bias, especially in HCM?

In HCM, built into our product already are capabilities for diversity, equity, and inclusion. It is built into the product to minimize any bias, whether it’s in the case of hiring or promotions. There’s something called a three-by-three matrix. So as a manager, I will know which of my employees fall into what categories based on their performance rather than other extraneous factors that can bring in bias. It’s objective and based on the data the system tells. And it is foolproof because if somebody needs to do the audit, you have the data backing it up.

INTERVIEW
18 CXO INSIGHT ME MAY 2023

TRANSFORMATIONAL CHANGE

JON AMATO, SENIOR DIRECTOR ANALYST AT GARTNER, TALKS ABOUT THE LATEST TRENDS IN RANSOMWARE

Is ransomware still the biggest attack vector?

It is the biggest that I have seen personally. But my perspective is slightly skewed because one of the things I cover at Gartner is enterprise ransomware defense programs. So everything that comes in ransomware related from my particular group automatically gets routed. So my perspective is somewhat skewed there.

Which are the top ransomware gangs active today?

Tough to say because the names and faces change. Right after the Russian invasion of Ukraine, many ransomware gangs are coming up in Russia. We did see almost a power vacuum there. We saw a significant big shift. And I cannot think that a pattern has coalesced around, but I can point to a particular gang or even a top five that are the big one’s today. This was not the case, even two years ago. But we definitely saw a shockwave effect associated with the Russian war in Ukraine.

Why is it challenging to stop ransomware attacks?

Because ransomware attacks exploit, generally speaking, and they exploit the one thing that we can’t patch. And that is human gullibility. They start with phishing attacks or credential harvesting attacks, right? It may be the ransomware gang, the actors themselves doing this or more commonly would be an initial access broker, where they’re just buying sets of credentials. Ultimately, those credentials were harvested from users who were tricked into giving something they shouldn’t. That is the one vulnerability that you can’t patch - human gullibility.

Ransomware attackers have gotten very good at starting from that point

at monetizing those efforts. They’re incredibly professionalized organizations. Some of the gangs, especially some of the pre-invasion of Ukraine ones, had efficient customer service operations; if you paid them and couldn’t get your stuff back, they would help you. You had customer support to get your stuff back because it was in their interest to do this. They’re incredibly good at monetizing this and will come up with better and more effective techniques. So the answer to your question is why it is challenging to mitigate ransomware breaches because the attackers have a powerful financial motivation to innovate.

Should companies pay the ransom or not?

I cannot recommend that. But I can say that it is a business decision left solely to the C-level executives and most importantly, the legal counsel of the victim organization. This is a decision that needs to be made by them. There are circumstances where it might make business sense to pay, but those will be few and far between. But your legal counsel should have a final go or no go. I will point out that, in the end, you are dealing with criminals. We hear a lot about

double extortion ransomware, where they exfiltrate data and threaten to disclose that data and encrypt data. So that is two different points of pressure. If you pay them, you rely on the honor of these criminal gangs to do the right thing after you have paid them. I think when you’re dealing with criminals, that is naive. So there are a lot of factors that might be some circumstances where it may be the best path forward to pay. But you can’t make that call for any organization in most cases.

Now ransomware gangs are going after backup systems. So how can companies make their backups safe? You start on the front end. The backup system is the most critical part of your infrastructure, which it absolutely is in the case of ransomware. That means carefully monitored, two-factor authentication for console access. That means that any failed logins should be treated as an incident until proven otherwise. That means any configuration changes should be treated as an incident until documented otherwise to backups because you see this a lot. They’ll gain console credentials to backup system and then turn off a bunch of backups and hope nobody notices. So you have to have very careful 24/7 monitoring, as you would with your anti-virus, network intrusion prevention, and firewall alerts. Backup systems are a critical part of an organization’s security infrastructure and should be treated as such and monitored as such.

Is XDR going to be a key tool in the battle against ransomware?

It can be. However, you can have all the tools in the world. But if you’re not monitoring them, you’re not effective. You do not have an effective defense unless you have robust monitoring tools. So XDR can be thought of as a roadmap to improve that accurate monitoring for organisations that do not already have that. And that means XDR, whether managed or in-house, can streamline the monitoring process. And that monitoring process is where a lot of your organisation’s ransomware defense posture will come from.

INTERVIEW
20 CXO INSIGHT ME MAY 2023

Next Generation Industrial Switches

Our award winning family of IE switches just got better thanks to the IE220 Series

10 Gigabit uplink ports gives you the value and versatility your network requires. The ideal speed where high bandwidth backhauling and scalability is required. Coupled with IEEE 802.3bt PoE++ up to 95W to meet the demand for high power of devices connected to the network – this really is built for enduring performance in the harshest of environments, such as those found in outdoor installations. With rich functionality and advanced security features, our switches deliver the performance and reliability demanded by deployments in the age of the Internet of Things.

For more information, please contact one of our Allied Telesis Account Managers today.

Tel: +971 4 454 8740

© 2023 Allied Telesis, Inc. All rights reserved.

MANAGING INSIDER THREAT

BEST PRACTICES ON HOW TO PROTECT YOUR DATA FROM INSIDER THREATS

Insider threat refers to the risk posed to an organisation’s security posture by individuals who have authorised access to its systems or sensitive data. These individuals can be employees, contractors, or partners with legitimate access privileges. While not all insiders pose a threat, the potential consequences of an insider attack can be severe.

According to Ponemon Institute’s 2022 Cost of Insider Threats: Global Report, insider threat incidents have risen 44% over the past two years, with costs per incident up more than a third to $15.38 million.

Researchers also found that cases involving identity exploitation, such as stealing users’ credentials to accessing critical data, have an estimated cost of US$804,997 each and more than doubled over the previous year, making credential theft the costliest incident to remediate.

This is particularly concerning to organisations in the UAE and Saudi Arabia, where Delinea’s 2022 research found that the overwhelming majority (85%) of IT Security Decision

FEATURE
22 CXO INSIGHT ME MAY 2023
Anton Shipulin Nozomi Networks

Makers (ITSDMs) believe they will fall short of protecting privileged identities because they won’t get the support they need. In addition, due to the lack of budget and executive alignment, less than a third (31%) of the regional organisations surveyed have implemented ongoing security policies and processes for privileged access management, such as password rotation or access approvals, timebased or context-based security, or privileged behaviour monitoring such as recording and auditing, leading to an environment where insider threats could massively go unchecked.

“By definition, an Insider threat is an internal persona behaving as a threat actor. Regardless of the techniques they are using, they are not behaving in the best interest of the organization or government, potentially breaking the law, and exfiltrating information they do not have permission to possess,” says Morey Haber, Chief Security Officer, BeyondTrust.

To that end, Insider threats occur for various reasons, he says. This includes aspects of a human persona looking to hurt or gain an advantage against an organization. But, regardless of their intent, it’s the digital aspect of an Insider threat that warrants the most attention.

“Malicious insiders are more dangerous than other cybercriminals because they have direct access to privileged information,” says Ram Vaidyanathan, IT security evangelist, ManageEngine. “They potentially know where the loopholes lie and which systems are unpatched.”

Insider threats are significant for the following reasons. First, the cost of such threats is exorbitantly high. Apart from continuously monitoring system activity and detecting the incident, the costs of response, containment, and remediation add up. Organisations also suffer a dent to their reputation,

which ultimately affects their growth and revenue. Simultaneously, insider threats are becoming more timeconsuming to detect and contain due to a multifold increase to the attack surface. It is vital for organisations now more than ever to strengthen their cybersecurity posture from within, adds Vaidyanathan.

What are the biggest reasons for insider threats?

“I suppose the three primary categories are revenge, greed, and lack of attentiveness,” says Chester Wisniewski, Field CTO, Sophos. “In my experience intentional thefts are most likely to occur when someone is about to quit or has been fired. These variables change immensely depending on the type of business an organisation

too many people access to things not needed for their job roles.”

Sertan Selcuk, VP of Sales, META at OPSWAT, says some of the biggest reasons insider threats occur include a lack of proper security training and awareness, inadequate security processes, and a culture lacking a zerotrust approach.

When employees are not properly trained or made aware of security risks and policies, they may inadvertently engage in actions that could lead to security incidents. Social engineering hacks may be easy to fall victim to, such as clicking on phishing emails, downloading malware, or sharing sensitive information without realizing the risks involved.

may be in. If you are in defence, you may be dealing with bribery or espionage, whereas in technology you may face theft of trade secrets. There are many reasons, but the primary reasons for most of these is that data is usually stored too permissibly allowing

“Training is critical to preventing this but layering on technology such as Proactive Data Loss Prevention (DLP) to redact sensitive information and Deep Content Disarm and Reconstruction (Deep CDR) to sanitize files, can help mitigate these risks,” says Selcuk.

According to CISA’s Insider Threat Mitigation Guide, broadly, insider threats originate from two primary

23 CXO INSIGHT ME MAY 2023
Chester Wisniewski Sophos Giuseppe Brizio CISO EMEA, Qualys

kinds of activity: unintentional and intentional. Unintentional actions can be further broken down into negligent and accidental acts.

“Insiders can expose an organization to a threat by their carelessness. Insiders of this type are generally familiar with security and/or IT policies but choose to ignore them, creating risk to the organization,” says Anton Shipulin, Industrial Cybersecurity Evangelist, Nozomi Networks

He cites examples that include allowing someone to “piggyback” through a secure entrance point, misplacing or losing a portable storage device containing sensitive information, and ignoring messages to install new updates and security patches. Negligent insiders are usually complacent and show an intentional disregard for rules; they exhibit behaviors that can be witnessed and corrected.

Tackling insider threats

Given the serious potential impacts of insider threats, organizations must implement robust security measures, such as access controls, monitoring

systems, employee training, and proactive threat detection mechanisms. Regular security audits and risk assessments can also help identify and mitigate potential insider risks.

“Detecting and identifying potential insider threats requires the right mix of people and tools. People such as employees, friends and peers, are often the ones best placed to identify malicious, suspicious, or inappropriate behaviours. In addition, further insights can be brought by tools able to identify anomalous behaviours by comparing it with usual system utilization patterns,” says Giuseppe Brizio, CISO EMEA, Qualys

He says user awareness and training can also definitely help organizations prevent insider threats by making users aware about the risks and consequences of their actions. Users should gain the know-how to identify and report anomalous activities, adhering to the importance of data security for protecting organisation data assets.

Mohammad Ismail, Regional Director - Middle East, Delinea, says organisations should monitor network

traffic for unusual activity, such as erratic, excessive or off-hours access, unexpected remote connections, and other outbound activities, which are common warning signs, and track data flows. They should also maintain baseline system images and trusted process lists and routinely use them to check system integrity.

Vaidyanathan from ManageEngine says addressing insider threats can be challenging, especially for companies with short-staffed security teams. However, there are certain key measures they can take. They should first identify all the risks posed by insiders. Through an assessment, they should then be able to prioritise these risks.

Wisniewski from Sophos sums up: “Prevention is often difficult. Using document management systems for sensitive information can help. Data leakage prevention (DLP) tools are useful at preventing accidental data leakage, but less effective when the thefts are intentional and conducted by a motivated individual. Endpoint XDR systems and firewalls can both enforce DLP and log access and movement of data. This is very helpful at both prevention and postincident to assist in any forensic work to help unravel what happened. Prevention is often best achieved by simply limiting access to a “need to know” basis and implementing strong controls on the most sensitive data.”

FEATURE
24 CXO INSIGHT ME MAY 2023
Ram Vaidyanathan ManageEngine Mohammad Ismail Delinea Sertan Selcuk OPSWAT

GETTING MORE CLARITY

TAJ EL-KHAYAT, AREA VP – SOUTH EMEA, VECTRA AI, ON HOW TO FACE THE CYBER-UNKNOWN IN THE HYBRID CLOUD LABYRINTH.

has found that 72% of security leaders fear an attacker has already infiltrated their environment, but they lack the means to verify if or where this has happened. CISOs and their SOC teams work in a frustrating world of unknowns such as this. As more incidents occur in the cloud, a prevention-first mindset can quickly become a “blindness tolerated” mindset — one that will have attackers hopping with glee. Visibility must be the priority. Our blind defenders cannot do their job unless we heal their eyes. We do this though the implementation of three pillars designed to address three unknowns.

Known unknowns

The UAE cloud computing market is estimated to grow at a CAGR of 38.2% over the next seven years, mainly because of the rise of the hybrid office. This strongly suggests that much of that growth will occur in the building of hybrid cloud environments. Growth stories are always good news, but many come with caveats. And the dark side of the hybrid cloud craze is cyberattacks. It is a tale of more. A spiral of more. More attack surface. More sophisticated methods. More cybersecurity tools. More burnout, more turnover, more talent gaps. More of everything except what the cybersecurity function really

needs: more signal efficacy. We call it Attack Signal Intelligence — the culmination of decades of R&D, of analyzing attacker behaviors and improving AI and ML models to detect said behaviors. Today, while many AI approaches require a lot of human input, Attack Signal Intelligence builds an unsupervised, semantic understanding of the attacker and the individual environment to defend.

Attack Signal Intelligence will be critical in the modern enterprise, which has become irreversibly hybrid in its technology mix. According to IBM Security researchers, 45% of breaches in 2021 happened in the cloud. Vectra

We start with unknown exposure. Governance, risk, and compliance (GRC) leaders may collaborate with cloud security posture management (CSPM) teams on vulnerability detection (misconfigurations, neglected updates, and the like); and they may even think that is enough to prevent attackers from infiltrating the cloud. However, according to a 2021 survey by CheckPoint Software, 75% of successful cyberattacks in the previous year exploited vulnerabilities that were more than two years old, so the current approach may need some tuning.

Once we are done with where an attacker might breach the perimeter, we move on to whether or not they have already breached the perimeter, and if so, where. Unknown compromise is the living nightmare of every CISO,

26 CXO INSIGHT ME MAY 2023 VIEWPOINT

especially given the limitations of today’s point solutions to cover networks, endpoints and everything in between. Throw in cloud elements like IaaS, PaaS, SaaS, and you start to realize just how complex hybrid cloud cybersecurity is. And yet we still often find siloed tools sending a tapestry of telemetry to SOC personnel. Attackers are quite content to hide in the white noise, masked by a snowstorm of false positives and helped along by the fact that their adversaries are suffering from alert fatigue.

The white noise problem also feeds into our third unknown. We may have found the hole in the wall; now we must search for the infiltrator and their payload. Unknown threats — where do we start looking? How do we discover how they are progressing? Defenders and incident response teams can be slowed by point solutions, dashing from pane to pane trying to piece it all together. This can lead to late discovery. And I’ll let your imagination fill in the rest.

Challenges, three

It is time for a change. Hybrid cloud resilience is critical, but we often lack the skills and/or talent to provide it. If we are to find our way to signal clarity and shatter the cycle of more, we must address three challenges. First, our people need our support. They are burnt out or on the road to burnout. They are generally too young to have the requisite experience and they may even not have the right skills to tackle the escalation in threat incursions and their sophistication, or to grasp the intricacies of cloud security.

The second challenge lies in our processes. When IBM Security tells us it takes organizations an average of 10 months to identify and contain a breach, we know we have to implement automation, stat. Less manual tasks and better workflow orchestration will follow. And third, we must address our technology shortfalls, where blind SOCs scramble ineffectually to get a handle on their environments and the threats

they face. Let’s call it the three Vs: visibility, visibility, visibility. If it seems to you as if everything is coming in threes (three pillars, three unknowns, three challenges), then here is another for you — three deliverables that will ensure true Attack Signal Intelligence in a hybrid cloud. The first is attack coverage. SOC teams must consolidate their threat visibility and detection capabilities across their entire hybrid and multi-cloud attack surfaces

— IaaS, PaaS, SaaS, identity, and networks. The second is signal clarity, which calls for SOC teams to know the intrusion point of an attack and where the attacker is moving, so they can prioritize time and resources. This deliverable forms the heart of Attack Signal Intelligence and leverages some of the most advanced AI in the industry. It is this signal clarity that will allows investigators and hunters to get back to doing what they do best — investigating and hunting threats. Finally, intelligent control means having the right context at your fingertips to speed up investigations, automate workflows, and target the response action to disrupt or contain an attack. Invest in the right tools, processes, and playbooks to boost SOC efficiency and effectiveness.

Turn at the wheel

The spiral of more must end, or our hybrid cloud future will be one of stalemate at best. Extrapolating current attack trends leads us to a ridiculous scenario where commerce halts because we spend all our time paying ransoms and cleaning house. There is another way. We can clean up our methods and give Attack Signal Intelligence its overdue turn at the wheel.

27 CXO INSIGHT ME MAY 2023
ATTACKERS ARE QUITE CONTENT TO HIDE IN THE WHITE NOISE, MASKED BY A SNOWSTORM OF FALSE POSITIVES AND HELPED ALONG BY THE FACT THAT THEIR ADVERSARIES ARE SUFFERING FROM ALERT FATIGUE.

THE DARK SIDE OF GPT

GPT TECH COULD SEND THE PHISHING EXPLOSION NUCLEAR, WRITES

TONI EL INATI - RVP SALES, META & CEE, BARRACUDA NETWORKS

massive implications for phishing and other email-based threats such as business email compromise (BEC).

Phishing works on percentages. If you hit enough users with enough messages, sooner or later you will reel in a phish. Scale that up, and it translates to success – a lot of it. There’s a potentially catastrophic flipside for regional businesses. In the UAE, warnings about phishing from agencies as diverse as the TDRA and the Central Bank are already broadcast on an almost monthly basis.

When it comes to cybersecurity, I think that by now it is widely accepted that we humans can be the weakest link. We click on links without due care, open email attachments before stopping to think who the real sender may be, and downloading programs from questionable sources. Phishing is an enduring star in the threat actor’s employ. It can be the preamble to many attacks, including ransomware, and the means by which credentials are stolen, infrastructures infiltrated, and operations crippled.

Even if you have not heard of phishing, you have probably heard of its ultimate victims. Their stories have been splashed across headlines. Also making headlines is the generative pre-trained transformer (GPT) – a type of large

language model (LLM) and a prominent framework for generative artificial intelligence.  GPT is a technology that few outside of the cybersecurity realm would think of as having anything to do with digital compromise. But it may.

GPT models are the neural-networkpowered machine-learning darlings of the day. It seems everybody has something to say about them. Microsoft has a significant stake in OpenAI’s ChatGPT, and while Google’s rival Bard has had what appears to be a less-than-stellar debut, I think we could safely argue that when Alphabet is involved in a new technology, it is unlikely to be a passing fad.

Reeling in phish

One of the unique selling points of GPT is its ability to churn out convincing human-like prose at scale. To a security professional, this is a red flag. It has

In phishing, the goal is to trick the end-user into believing the message, whether email, SMS, WhatsApp, or other, comes from a legitimate actor like a known or trusted brand. With BEC, the emails are carefully crafted and appear to come from the IT helpdesk agent or a boss. GPT can help with that. Assuming access to the right data, it can reverse-engineer details like style and turn of phrase to convince employees that they are dealing with a colleague rather than a credentials thief.

While currently tools exist to sift out machine-generated text from humanwritten messages, we should prepare for a future in which GPT has evolved to the point where these tools are no longer viable. And while currently restrictions are in place to prevent GPT technology from being misused, the darker corners of the Internet may soon put paid to that too. We must also prepare for when cyber threat actors – already known to be leveraging AI in their campaigns – figure out how to use GPT-like models to generate images and videos or to target specific industries.

VIEWPOINT 28 CXO INSIGHT ME MAY 2023

The careless click

Phishing and other email-based attacks get results. And in an underground industry (for that it is what cybercrime has become – an industry) in which the only bottom line is the bottom line, results speak for themselves. If this shadowy community can figure out ways of making emails appear more genuine, it will take it. Often, all the threat actor needs is that one unguarded moment, that careless click, and they are in.

But legitimate companies are possessed of just as much ingenuity as cybercriminals. They can adapt their resilience by following a few pointers on cybersecurity with regard to AI-powered email attacks such as phishing. On the technology side, they can deploy AI-powered email protection. Artificial intelligence is fast becoming a standard defence tool in the security market and solutions are capable of combating cybercriminals’ modern tactics, like account hijacking and BEC. AI is also far better than humans at spotting and monitoring suspicious activity such as logins from unusual locations and the presence of abnormal IP addresses. If a company knows the approximate geography of its employees, it is easy to screen out access attempts from other countries. Another technology that can be helpful is multifactor authentication

(MFA), which provides an additional layer of protection against infiltration if the only other identity measures available are simple usernames and passwords. While authentication codes sent via SMS are not ideal, biometric modes of ID such as thumbprints, retinal scans, and facial recognition can really make the difference. On top of these measures, automated incidentresponse solutions can allow timely purges of inboxes and build a repository of intelligence that makes remediation more efficient in the future.

Employee experience

On the human side, organisations should conduct regular training. The principles of recognition and action for phishing and spear-phishing attacks are straightforward. But these require employees to be vigilant. We talk often of the employee experience; in cybersecurity we want employees with experience – experience that will make them less vulnerable to phishing. Gamification and simulations can help. Users may be more inclined to be mindful of their actions when they have a better understanding of the potential impact. Training sessions like these will also help security teams identify which users are most at risk from social engineering. Next, a thorough review of internal policies. Employees must be informed about what information can and cannot be communicated over email. And advanced data loss prevention (DLP) systems can be united with sound policies to ensure emails with sensitive information cannot be sent.

Planning for the worst

Cybersecurity is all about anticipation. GPT could be a threat, and soon. To weather that threat, we must act now to ensure we understand it and that we have the skills and tools to withstand GPT-powered phishing campaigns should they ever be deployed at scale.

29 CXO INSIGHT ME MAY 2023
ON THE HUMAN SIDE, ORGANISATIONS SHOULD CONDUCT REGULAR TRAINING. THE PRINCIPLES OF RECOGNITION AND ACTION FOR PHISHING AND SPEAR PHISHING ATTACKS ARE STRAIGHTFORWARD. BUT THESE REQUIRE EMPLOYEES TO BE VIGILANT.

LEARNING NEW TRICKS

MARTIN

HOSKEN, CHIEF TECHNOLOGIST, CLOUD SERVICES, VMWARE EMEA, ON HOW BUSINESSES CAN LEARN FROM NEWER START-UPS TO CONTINUOUSLY INNOVATE BY BUILDING MULTI-CLOUD STRATEGIES AND EFFECTIVELY MANAGING DATA.

effect, they are using data to inform their next move, akin to having a full view of their opponent’s hand before launching into market with full confidence knowing they can win.

This idea that all companies have access to the same data but struggle to turn it into actionable insights as they grow, is what formed the thesis of our recent collaboration with Bayes Business School. Here, we revealed nearly three-quarters (70%) of businesses are struggling to unlock the value of their data – directly impacting their ability to innovate. Moreover, 59% believe organisations who are prioritising data-led decision making are stealing market share, with 58% fearing they will fall behind the competition if they do not make better use of their data.

On the face of it, a logistics trucking company (Convoy), a self-charging gadget business (Exeger), and a restaurant food-waste app (Too Good To Go), appear to have very little in common. But what they share is a rapid execution on ideas – growing market share from established players and creating new relationships with customers in the process.

But in the eyes of established businesses in their sector, should these younger organisations even exist? If the idea is so good, with the manpower and budgets to experiment with emerging technologies like cloud,

AI, deep neural networks/deep learning, IoT and machine learning, surely larger enterprises can afford to experiment with ideas, reimagine existing processes and bring to market new customer experiences that surpass anything that new entrants might bring?

Start-ups are known to be greater risk-takers when planning projects and setting their course. It’s understandable – as Don Dodge of Google explained more than ten years ago: “Start-ups play poker, big companies play chess.” But while they are playing a faster game, what also separates them is their ability to use data and insights to turn an idea into a revenue opportunity. In

Making frenemies with data

Despite businesses describing themselves as data-driven and digitalfirst, many large businesses are still struggling to bring ideas to market. New technologies are transforming how data is captured, analysed and used, but they’re also creating new gaps as business leaders learn how to extract value from them.

Start-ups, like Exeger and Convoy are bucking this trend. As a principle, they are open to new methods and ideas and so produce disruptive digital solutions and innovative business models. Importantly, data drives this decisionmaking process. For example, in the

30 CXO INSIGHT ME MAY 2023 VIEWPOINT

case of Convoy – they realised freight resembled the traveling salesman problem (in which the employee is given a list of cities and has to decide the shortest possible route between them), and built software that incorporates shipment criteria with real- time supply and demand data to generate matches with the fewest empty miles at the lowest price.

With that data-driven insight, they have been able to flip the freight business model on its head.

Keeping pace in the innovation race

Every business is fundamentally running the same race whatever the industry and no matter its size: the one to ensure they’re at the forefront of customer experiences, winning business and operating as efficiently as possible. It’s here that having the right cloud for the right app to manage, access and draw insights from data as a company scales is critical, not just for growth but also to create competitive advantages like accelerating the time to market or streamlining operations.

So how does an established business compete against its more nimble, agile, data-driven rivals? We’ve identified four tips to help businesses keep pace in the innovation race:

• Build a multi-cloud strategy to seamlessly manage two or more public clouds, two or more private clouds or a combination of public, sovereign, private and edge clouds over which the company distributes applications and services with all the same tools.

• Use your data in the right way. Companies need to adopt a flexible and scalable digital architecture to consolidate, share and analyse all existing information. This is the basis for

informed decision-making.

• Pursue an evolving portfolio of innovations to explore new opportunities while mitigating risks. With an unpredictable economic environment, rather than plan everything meticulously and focus all their resources into one big idea,

successful organisations are taking a more iterative approach to innovation –adjusting along the way as needed.

• Partnerships: Employ external specialist providers of technologies, infrastructures, services and skills to ensure the organisation’s digital capabilities stay at the cutting edge. With so much data at hand, and the expected volume to almost double in the next three years, extracting value

is a widening challenge. Businesses that want to get ahead are right to be questioning how that data is stored, managed and accessed across geographies in order to help deliver the business outcomes at the pace required.

Turning complexity into competitive advantage

To become more data-driven, organisations are turning their attention to a world of running multiple clouds, depending on the app or workload. Multi-cloud is now the default in a world where an organisation’s most valuable assets – its apps, data, workforce, and infrastructure - are no longer centralised in physical buildings but distributed anywhere and everywhere. In fact, a multi-cloud strategy must become the de-facto model for digital businesses. It allows businesses to build at scale, and to do so quickly; reducing data, interoperability and cost issues that are more likely to occur if a business gets too dependent on a single cloud environment.

But if they want to have multiple different clouds, how do they manage that seamlessly? They need to take a cloud-smart approach – choosing the right cloud environment for the right application, choosing which applications to re-architect, which to rebuild from scratch and which to lift, shift and modernise. When the right business model proves that you have the right costs control in place, IT is empowered to innovate the business and automate workflows with benefits quickly overweighing the investments.

With this multi-cloud approach in place, enterprises can operate in much the same fashion that start-ups do. Whether you’re a business of 100 or 100,000 all it takes is the courage, effort and understanding to rethink current working practices and make them ready for the digital age. The first step, so crucial to establishing how the business will operate in the future, has to be taken with one question in mind – how we can maximise the data available to ensure we can innovate, at pace and deliver the experiences our customers want.

31 CXO INSIGHT ME MAY 2023
EVERY BUSINESS IS FUNDAMENTALLY RUNNING THE SAME RACE WHATEVER THE INDUSTRY AND NO MATTER ITS SIZE: THE ONE TO ENSURE THEY’RE AT THE FOREFRONT OF CUSTOMER EXPERIENCES, WINNING BUSINESS AND OPERATING AS EFFICIENTLY AS POSSIBLE.

Ttea or food. Yet, little known to many, this island nation is home to a thriving IT industry. For a country trying to crawl its way back out of an economic crisis, the IT industry is earmarked as a strategic one, which surpassed $1.6 billion in exports last year. According to Sri Lanka Association for Software Services Companies (SLASSCOM), the vision is to generate $5 billion in revenue by 2025 and create 2000,000 direct jobs. To realise this, the government is driving initiatives focused on IT infrastructure and penetration and creating a talent pool with a strong education system.

Sri Lanka, ranked as a top outsourcing destination, is also home to the largest R&D cente of the enterprise software vendor IFS, the second largest employer in the country’s IT sector with more than 2,200 employees. This accounts for around 40 percent of IFS’s global staff.

DELIVERING SUCCESS IN THE CLOUD

IFS

IFS has recently celebrated the 25th anniversary of Sri Lankan operations. In addition to R&D, the Sri Lankan arm of IFS provides global consulting services, support, and training. “Our operation in Sri Lanka is an integral part of global IFS, and our work methodology supports distributed software development and collaboration across sites. We focus on a work culture that promotes engagement and nurturing talent,” says IFS Executive Vice President & Chief Operating Officer Ranil Rajapakse, one of the original IFS Sri Lanka employees.

IFS, which university students in Sweden founded, today employs 5500 employees in 50 countries with Euro 820 million in revenue. IFS solutions spanning ERP, EAM, and FSM are predominantly used in asset-intensive industries, and 80 percent of its revenue comes from IFS Cloud, with 57 percent annual recurring revenue.

“What makes IFS Cloud different is that customers can access all of our

solutions from a single product, built on a common platform. You can turn on the capabilities you need today and add more as your business needs change with one common user experience and underlying infrastructure. And we add new capability updates every six months,” says Oliver Pilgerstorfer, CMO, IFS.

Globally, IFS solutions are used by names such as US Navy, and Ericsson, and in Sri Lanka, the company boasts of clients such as Singer and Silvermill Group.

With a reach of over 5.7 million customers and nearly 30% of the country’s population, Singer is Sri Lanka’s market leader in consumer durables, retailing some 60 international brands. With a 145year heritage, the Singer Group also manufactures high-quality refrigerators, washing machines, sewing machines, water pumps and furniture. Singer uses IFS Cloud for areas including commercial credit and sales,

REPORT
RECENTLY HOSTED CXO INSIGHT ME AT ITS GLOBAL INNOVATION HUB IN SRI LANKA, WHERE THE COMPANY IS INVESTING HEAVILY TO TAP INTO THE COUNTRY’S EXCELLENT TECH TALENT.
32 CXO INSIGHT ME MAY 2023

trade operations, financial control, warehousing and distribution across its 13 divisions.

The desiccated coconut manufacturer Silvermill has adopted an extensive suite of enterprise applications from IFS to improve operational efficiency, make better use of its data and increase profitability.

The cloud push

Similar to other vendors of enterprise applications, IFS has also been investing in its cloud strategy while continuously improving its product capabilities with a strong emphasis on specific industries.

“IFS is recognized within the MEA region for its presence in service industries, energy, utilities and resources, aerospace and defense, manufacturing, as well as construction and engineering industries. The company has established a good customer base in Saudi Arabia, UAE, and other Middle Eastern markets. IFS Cloud acts as a central cloud platform, providing customers access to all of its top solutions built on a unified platform,” says Manish Ranjan, Senior Research Manager for Software, Cloud and IT Services for IDC MEA.

25 YEARS OF IFS IN SRI LANKA

Over the last 25 years, the company has generated more than 5,000 employment opportunities for Sri Lankans.

Close to 80% of global product support services and 60% of the global product development of IFS is facilitated out of Colombo.

The organisation is making significant progress in its R&D efforts, particularly with regard to its IFS Cloud portfolio, by incorporating AI, ML, and IoT technologies into its offerings. Its Sri Lanka-based “product development and support hub” plays a crucial role in

In 2022, IFS partnered with Hatch to launch Challenger X, a tech incubation program in Sri Lanka, to foster innovation in the country’s growing tech sector.

IFS Sri Lanka ranked as a top Sri Lankan business entity in Dynamism, Corporate Culture, Innovation, Management Profile, and HR/People Management lists.

The IFS Foundation continues to invest in a series of projects in partnership with local Sri Lankan communities to alleviate poverty.

this transformation. For instance, the IFS Remote Assistance solution, first conceptualized in 2018, was released as part of IFS Cloud 21R1 in 2021. This product leverages video calling capabilities to assist with service and maintenance tasks. In addition, several features and functionalities are built on the cloud, leveraging emerging technologies that get embedded in IFS Cloud every year.

“I believe IFS should maintain its focus on its cloud strategy by integrating emerging technologies and positioning its solutions strategically for specific verticals. This can be achieved by providing additional features and innovative functionalities through its IFS Cloud platform,” says Ranjan.

THE COMPANY HAS ESTABLISHED A GOOD CUSTOMER BASE IN SAUDI ARABIA, UAE, AND OTHER MIDDLE EASTERN MARKETS. IFS CLOUD ACTS AS A CENTRAL CLOUD PLATFORM, PROVIDING CUSTOMERS ACCESS TO ALL OF ITS TOP SOLUTIONS BUILT ON A UNIFIED PLATFORM.
Ranil Rajapakse
33 CXO INSIGHT ME MAY 2023
Oliver Pilgerstorfer

LOWERING CARBON EMISSIONS

Our world is facing huge environmental challenges and it is undeniable that the ICT industry is urgently having to act on climate change and reduce its carbon footprint.

Guidance on how to tackle the CO2challenge is widely available. However, evaluating the sheer number of governing bodies, carbon reduction metrics and accounting schemes out there, can be overwhelming. So, if you want to make a change and start reducing emissions, where do you begin?

A good starting point are the guidelines set out in the Greenhouse Gas Protocol, commonly referred to as the GHG Protocol. It provides a “global standardized framework to measure and manage greenhouse gas (GHG) emissions from private and public sector operations, value chains and mitigation actions” (GHG Protocol Website), the first edition of which launched in 2001. Today, the GHG Protocol is the key global standard for quantifying GHG emissions.

The basic framework of the GHG protocol categorises an organisation’s emissions by ‘Scopes’, precisely Scope 1, 2 and 3. Most organisations that publicly report on their GHG emissions focus on Scope 1 and Scope 2. This is because the required Scope 1 and Scope 2 input data can largely be obtained from internal sources.

Scope 1 emissions are those that directly result of activities at company locations. This includes the use of fossil fuels for heating, the escape of industrial fumes in manufacturing processes, and companyowned fleet vehicles.

Scope 2 covers the indirect emissions resulting from a company’s purchased energy. In other words, it refers to the

emissions from a company’s use of electricity. According to the GHG Protocol, Scope 2 represents more than a third of all global CO2 emissions, so it is a major area of focus in any credible reduction effort.

Elevating environmental commitment to the next level

Although companies that report their carbon footprint on Scope 1 and Scope 2 emission are already taking a very meaningful step in the right direction, reporting on Scope 3 emissions takes their commitment to a whole new level.

This is because Scope 3 takes into account a company’s entire upstream and downstream value chain. ‘Upstream’ refers to the supplier side and the extraction, production, and transport of the raw materials, components, and capital equipment a company purchases from suppliers to produce their product or service.

Just as with upstream emissions, companies also need to record and account for their downstream emissions to establish Scope 3 emissions. These can result from the transport and storage of their product, e.g. at stocking distributors, the redistribution of the product to the end customer, the energy used during

the product’s lifecycle, and end-of-life processing of their product.

Reporting on Scope 3 emissions elevates the GHG to areas outside of the direct control of the reporting company. This can be challenging as it requires them to hold its suppliers and partners accountable to track and report on their own CO2 inventories. However, only if everyone on the value chain pulls in the same direction and supports a common goal, full-scope emissions can be reduced. The more organizations that take action, the faster the environmental impact can be reduced.

How to go from here?

Once emissions have been calculated according to the GHG Protocol’s Scopes, it is time to set targets on how to reduce them. Again, there are various schemes available that can be followed but one important initiative is The Science Based Target Initiative (SBTi) which sets the most widely accepted global targets for reducing carbon emissions. Developed by a number of well-known NGOs and the UN and based on the GHG Protocol reporting metrics, the SBTi aims to limit warming to 1.5°C, halve global greenhouse gas emissions by 2030, and achieve net-zero emissions by 2050.

Siemon is one of the organisations that has formally committed to setting near- and long-term company-wide emission reductions in line with the SBTi initiative and the company encourages its customers and suppliers to reduce GHG emissions and waste through a holistic approach to environmentally responsible product life cycle and supply chain management.

Assessing carbon footprint claims

If a company wants to better understand their partners’ carbon credentials, they are advised to find out if partners are following universal reporting standards, such as the GHG Protocol. At minimum, they should cover both Scope 1 and Scope 2 emissions. If companies then publicly commit to SBTi carbon reduction targets they are proof that they are clearly devoted to building a more sustainable world and are committed to adapting their business model to drive sustainable growth for themselves and their partners.

VIEWPOINT
PREM RODRIGUES, DIRECTOR FOR THE MIDDLE EAST, AFRICA & INDIA/SAARC AT SIEMON, ON HOW THE GHG PROTOCOL PROVIDES GUIDANCE
34 CXO INSIGHT ME MAY 2023

UNLOCKING THE POWER OF CLOUD

The first is frustration over what they call shelfware - unused licenses that were procured in the past but aren’t used. When you move to the cloud, tracking what you’re using inside our organisation becomes much easier. Because it’s transparent to the customer, it is transparent to us. And it’s all in the inventory. The other piece of reduction in costs is moving to consumption-based processing as well. In consumption-based processing, you pay for what you use. You pay for the amount of compute you use. And when you get into situations like AI and things like that, these can be very intensive processes, and we are bringing constant innovation here, such as clustering. The way we cluster GPUs is very different than everybody else. We can run these things much cheaper per query and throughput than anybody else. So I think it’s not just about reducing the cost. It’s about making sure there are no surprises in the bill per month as well because transparency is at the top.

Does Oracle eat its own dog food? And listen to feedback from your customer community before developing new product features and upgrades.

Using your own systems is great feedback. Unsurprisingly, we use our own ERP, HCM, database system for all our developers, source code, and everything. But what may be interesting is that we use our own construction management systems to manage our facilities’ operations worldwide. So as I said, you know about Oracle database, ERP, etc., but what’s not always apparent is that we have these vertical solutions, like construction management. And we use that internally, and all of our contractors and subcontractors working on all our facilities leverage the Oracle construction management cloud. So there is no bit of our own technology that we don’t use internally.

I’ll give you another example of eating our own dog food. Speaking of eating, in our cafeterias worldwide, we run our automated ordering online menu

management and payment systems; our employees internally use the very same systems that our restaurant and food and beverage customers use, including many restaurants right here in Dubai and Abu Dhabi. So anytime that we can use the technology internally, we certainly do.

In terms of getting customer feedback, what is unique is that we get input from business experts. What’s different about the industry applications is that we sell them to business buyers. IT and security buyers are, of course, involved, but the business decides to procure those applications. So the feedback we get is not just about the technology, but it’s about the actual processes and business problems that are being solved. So from that perspective, we have feedback at all levels of the stack.

The number one priority for CIOs now is to reduce the cost of IT operations. So how is Oracle helping them?

I find two main categories when talking to CIOs about technology licenses.

Can you tell us about how Oracle’s support rewards program works?

You can utilise some of your existing onprem support streams as cloud credits when moving to OCI. You can use these universal credits for cloud products across the board.

The other aspect is how we price the industry piece - looking at project-based pricing or outcome-based pricing. For example, if you’re running a clinical trial, the pharmaceutical can pay one price for the entirety of the clinical trial. And sometimes, if the trial takes a little bit longer than it’s supposed to, you have a transparent rate card. So you pay a monthly fee every time it overshoots; there’s no surprise or renegotiation. At the end of that, there’s nothing to do except pay the thing. And with that comes an unlimited number of users, so you don’t have to worry about counting users. Cloud computing is cheaper because you get to retire a lot of the assets and a lot of the hardware you’re using, and at the same time, make sure that all of the pricing and the invoicing are very transparent. It should never be a surprise to the customer.

INTERVIEW
AT ORACLE CLOUDWORLD TOUR IN ABU DHABI, WE CAUGHT UP WITH MIKE SICILIA,EXECUTIVE VICE PRESIDENT OF ORACLE GLOBAL INDUSTRIES, TO TALK ABOUT THE COMPANY’S LATEST CLOUD INNOVATIONS.
35 CXO INSIGHT ME MAY 2023

A GARDENING GUIDE TO SOFTWARE ECOSYSTEMS

JENN GILE, HEAD OF PRODUCT MARKETING AT F5 NGINX, ON THE DIFFERENCE BETWEEN MICROSERVICES AND KUBERNETES

Like gardening, software development requires an understanding of how different elements work together to create a beautiful, productive ecosystem. As is the case with any garden, one problematic weed keeps creeping into the conversation: what is the difference between microservices and Kubernetes?

Microservices: the plants in your garden

Plants are the main elements of a garden’s ecosystem. They are the living organisms that comprise your garden and contribute to its beauty and functionality. Similarly, microservices are the main building blocks of modern software applications. They’re the individual services that perform specific functions and work together to create a larger, more complex application.

Like plants, microservices vary in size, shape, and purpose. Some are small and specialized, tasked with one operation. Others are larger, more generalized in their operations, or comprised of a cluster of the smaller components. For example, a strawberry plant is small and only produces strawberries. This is akin to a microservice that only processes credit card transactions (small and specialized). A more generalized plant like cilantro produces not only the leafy greens used in salsa and guacamole, but also the coriander seed. This kind of plant is akin to a service that handles user authentication (a larger and more general process).

Containers: the pots for your microservices

Most plants need to be planted in soil so they can draw nutrients and moisture –leave them bareroot and they’ll die. While it’s perfectly acceptable to put plants straight into the ground, many gardeners

opt for container gardening with pots because it lets them customize the soil, better defend against pests, and move plants around the garden (or inside for the winter). Similarly, you have multiple options for where to put microservices, with the most common aptly being in a container. A containerised microservice includes everything you need to run the app, and it’s easily portable across runtime environments.

Kubernetes: the gardening tools

So we’ve got our microservices (plants) in our containers (pots) but how do we deploy, maintain, and scale them? With tools! Enter Kubernetes. Kubernetes provides many features and addons that make it easier to manage and maintain microservices, and it’s considered the de facto tool for container orchestration. For example, Kubernetes provides automated load balancing, service discovery, and selfhealing capabilities (to take some of the maintenance and monitoring work off the shoulders of your Devs). And when everyone wants your microservices (plants) to produce more? Kubernetes supports automatic scaling and rolling

updates to keep your microservice applications running smoothly.

Microservices without Kubernetes: the “wild garden” option

We’ve established the case for using Kubernetes to manage microservices and prevent applications from growing wild and out of control. But Kubernetes and containers are not always necessary. Depending on the complexity of your application, you might instead choose to use a traditional virtual (or even physical) machine platform, which can still be deployed or provisioned using automation tools. These tools don’t provide the same level of automation and scalability as Kubernetes, but you might be okay with that trade off for less complicated or noncritical apps. Another option is to use serverless computing platforms (such as AWS Lambda) that enable you to run your microservices code in response to events without worrying about the underlying infrastructure.

Not everything in Kubernetes is Microservices

Savvy gardeners know that companion planting – for example, marigolds alongside tomatoes – makes better use of resources and contributes to a healthier garden. Similarly, Kubernetes provides a wide range of features and addons that make it good for more than microservices management. Kubernetes can be used for nonmicroservices apps (such as machine learning models or monoliths). We see a lot of customers using Kubernetes to manage microservices and other applications, with some even deploying virtual machines (VMs) inside Kubernetes! This can be a great option for organizations that are transitioning legacy monolithic apps to a microservicesoriented architecture.

VIEWPOINT
36 CXO INSIGHT ME MAY 2023

IN

The year has begun with the upheavals of 2022 spilling over into 2023, but there is more predictability this year. The looming challenges are more visible than the year gone by. They appear as recessionary markets, skills challenges, rising costs, amongst others.

IT decision makers and their trusted technology partners should jointly assess initiatives to smoothen IT operations and move into a predictable flow, while identifying and eliminating processes that were holding back productivity, in the past. By reducing the impact and presence of weak processes, IT managers can open the space for new processes and improved productivity.

Digital technologies and continuous innovation in platforms allow IT decision makers to reach out and create benefits for their enterprises that were unimaginable just a few years ago. Much depends on the ability of IT decision makers to embrace, experience and test these new platforms.

Here is a checklist of actions that IT decision makers can focus on along with their trusted technology partners for improvement of the IT organisation and the enterprise.

Focus on positive technology adoption

Identify processes, operations, behaviours that have made a positive impact on the enterprise. Assess how technology needs to be further modified to boost these positive improvements, also known as positive habit building. On the flip side identify where actions have not yielded positive benefits and remove technologies associated with those processes and operations.

Space for positive build-up

This will create space for workers to

build on their positive actions and build benefits for the enterprise. This will also create space for IT decision makers and their trusted technology partners to focus on those processes and operations and innovate on the associated technologies. Habit stacks are a good idea to build positive behaviour around successful technology platforms and practices.

Identify previous and possible failures

Now is the time to reflect on mistakes of the past 24 months and anticipate points of failure in the next 18 months. Which projects failed and which partnerships delivered below expectations. Were there any near misses? Are you over stretched in any projects and likely to strain stake holder relationships through delays and failure.

Prevent recurrence through team leaders

List all the worst-case scenarios around the IT organisation and its activities. Also identify those situations that you wish to resolve on your own and those that are best resolved through teams of diverse members. Identify a team lead for the

assigned problem cases, noting that the more diverse the team members the less likelihood of previous bias creeping in. Team leads need to be responsible for preventing the IT organisation from straying down those paths of failure again in future. Accountability may be key to failure prevention here.

Inside and outside the comfort zone IT decision makers need to be more than aware of their comfort zone and whether this is impacting the progress of their IT organisation, business operations and the overall enterprise. To overcome from the past, IT decision makers can identify opportunities that they shelved because of fear of failure, wariness, inhibition or lack of comfort to move forward. By moving into these areas IT decision makers set an example for rest of the team to follow as well as creating huge areas for their own growth, learning and leadership.

Skills and talent challenges

This challenge will never leave IT decision makers and yet there are now more opportunities to overcome than ever before. Work from home, remote working and the pandemic has eroded the barriers between formal and informal employee workers. The line between the two is now blurred. IT decision makers should start with their trusted partners and leverage skills available with them. While scanning the external talent pool of workers for more flexible arrangements of work, it is better to focus on skills rather than credentials and qualifications.

By focussing on some of these soft improvements, IT decision makers and their trusted technology partners can look forward to demonstrating improvements to the IT organisation visible from both inside and outside the enterprise.

SOME WAYS, CHALLENGES APPEARING THIS YEAR ARE NO DIFFERENT FROM PREVIOUS YEARS, ONLY MORE VISIBLE, AND CREATING SPACE FOR IMPROVEMENT SHOULD BE A PRIORITY FOR IT DECISION MAKERS, WRITES RANJITH KAIPPADA, MANAGING DIRECTOR, CLOUD BOX TECHNOLOGIES.
VIEWPOINT
HOW IT DECISION MAKERS AND TRUSTED PARTNERS CAN MAKE A DIFFERENCE

DE-RISKING THE CLOUD

Asset management is one of the most fundamental cybersecurity best practices. Regardless of whether the technology is on-premise, in the cloud, or operating in a hybrid environment, understanding, documenting, monitoring and tracking all your assets is critical. After all, you cannot adequately develop a security strategy against threats if you are unaware that an asset exists and needs protection. In the cloud, even though it may not be your asset or resource, tracking and classifying the system is crucial to ensuring that it does not become a risk from basic security disciplines including vulnerability, patch, log, configuration, and privileged access management.

While this article on asset management could focus on performing an inventory in the cloud, there is a subset inventory trait collected during Cloud Security Asset Management (CSAM) that is critical to protecting against modern cloud attack vectors. It does not focus on the assets themselves but more importantly the identities and, specifically, privileged accounts, that are crucial to the management, protection, operations, and overall cloud security strategy posture. This is then linked to assets to help build an attack chain based on any compromised account and lateral movement through an identity.

As many of you may be aware, privileged accounts are a key part of the cyberattack chain. They are involved in almost every security breach today and are estimated to be as high as 80% by Forrester. Protecting privileged user accounts and, increasingly, machine accounts (non-human accounts including artificial intelligence) is a key priority for every security-conscious organisation. They are also central both to addressing

many regulatory requirements and to enabling zero trust initiatives, since they are the focal point for perimeter-less security models. As an attack vector, privileged account access can enable a threat actor to acquire sensitive information, make system changes, manage resources, install malware (including ransomware) and even override security controls and erase traces of their actions, depending on the type of privileges obtained.

As enterprises become more complex and de-centralised, embrace the cloud, and as more users work from home, the number and diversity of privileged accounts are exponentially expanding. Every cloud asset needs at least one privileged account at some point in its lifecycle for creation, maintenance, and eventual decommissioning. Many of these privileged accounts are proliferating unseen, unmonitored, and unmanaged, presenting dangerous backdoors to the environment for threat actors. Therefore, asset management for identities and their associated accounts is a critical starting point for getting on top of this risk. As such, there are a few recommendations

when collecting this information everyone should be aware of:

The association of accounts to identities is crucial to the ownership of the account, regardless if they are human or machine, to determine the risk of lateral movement between accounts.

Associating identities and accounts to a directory service like Azure AD is fundamental to understanding the lifecycle of the identity. This includes association with identity governance tools if the employee joiner, mover, and leaver process is fully managed.

The discovery process should identify any local accounts in cloud assets as well as identities managing the services and cloud infrastructure itself. This includes discovery in SaaS applications as well, when possible.

The privileges, rights, and permissions should be enumerated and translated into entitlements (when possible) to calculate the risk of any identity in the cloud.

The highest level privileged accounts, root and administrator, should be uniquely identified in the cloud for the risk they represent if abused or compromised and ultimately be placed under privileged access management.

When embracing your digital transformation initiatives, cloud washing or lifting and shifting your services to the cloud is risky without good cloud-based asset management. More importantly, the management of identities and accounts in the cloud will help mitigate the risk of cloud-based attack vectors as the realisation of identity attack vectors is the most prominent form of exploitation in the cloud. Doing the function well, and including the traits discussed above, will help ensure security best practices are being adhered to in this new environment.

VIEWPOINT
MOREY HABER, CHIEF SECURITY OFFICER, BEYONDTRUST, ON THE IMPORTANCE OF IDENTITY AND ACCOUNT MANAGEMENT IN THE CLOUD
38 CXO INSIGHT ME MAY 2023

Unde r t he Hig h Patro nage of H is M ajes t y K ing Mohammed V I

Under the High Patronage of His Majesty King Mohammed VI

31 MAY

31 MAY

O2 JUNE 2023

O2 JUNE 2023

MARRAKECH

Presenting

Presenting

A fri ca ’ s l a r g e st t e c h & s t artu p eve n t

9 O O + 3 O O + 9 5 +

31 MAY

O1 JUNE 2023

MARRAKECH

EXHI B I TO R S & S TA RT UP S

INVES TO R S

CO U NT R IE S

G I TEX AF RI C A wil l u n l o ck t h e l imit l es s opportun i t y of t h e wor l d’ s r i s ing tec h co n ti n e n t , w h e r e t h e mo s t adva n ced c om pa n ies amp l i f y A f r ic a ’ s digi t a l asp i rat io n s a n d t h e best m inds e l evate cul t u r e and s o c i et y

Th e t i me for A fr i ca i s n ow a n d y ou’re in v i ted !

G ITEXAF R IC A . CO M

G I T EX A FR I C A CO M
M A R R A KEC H M A RRAKEC H
31 MAY O1 JUNE 2023
IN S PI R E D B Y O R G ANI S E D B Y Hoste d b y H O S T E D B Y UND E R TH E A UTH O RI T Y O F IN S T I T UTIONA L PA R TN E R S

THE PLANET OF APPS

BRIAN HABIBI, CHIEF CUSTOMER OFFICER, BAYZAT, WRITES ENTERPRISE SUPER APPS ARE THE UNDENIABLE FUTURE OF EMPLOYEE ENGAGEMENT.

What will be the next big thing? Ask a hundred switched-on people and you will likely get some overlap — crypto, GPT chat technology, the Metaverse — but when it arrives, you will know it. When available, figures on adoption trends help provide early insight. A McKinsey study from January, for example, tells a story about the future of the mobile app. It shows that mobile apps are the preferred mode of brand engagement among consumers in the Middle East, with 51% of Saudi Arabia’s respondents, 45% of the UAE’s respondents, and 40% of Egypt’s respondents favouring the app over other channels. The region, along with

Asia-Pacific, is set apart from other territories in its love of the app.

Regarding the app, in the Middle East at least, the “next big thing” jury is in. Today, nine in 10 UAE businesses offer a mobile app, which has led to smartphone screens becoming some of the most prized real-estate for advertisers. In parallel, we are witnessing a revolution in employee engagement. Digital natives have long been proponents of self-service engagement options. But isolated in their homes during COVID lockdowns, younger employees called for the self-service they enjoyed while shopping and relaxing to be replicated by their employers to remotely deliver operational and HR functions.

Function, without Friction

But even as employees cry out for apps, businesses’ DevOps teams understand that to churn out function after function in a deluge of disparate tools might be risky. It could easily overwhelm users. If we consider the typical onboarding process for a moment, we can picture a new employee downloading a corporate app to register on the company’s attendance system. Then during HR’s induction, the new start is informed about the company’s exceptional benefits program, also available through a convenient app. Health insurance? They are covered by the top provider, and here’s the link to the app. Reimbursements? Claims submitted via an app.

VIEWPOINT
40 CXO INSIGHT ME MAY 2023

You can see the problem. Each app may be a top-notch digital experience. But each has its own features, learning curve, workflow, interface nuances, sign-in challenges, and so on. When designing the customer experience, we often talk of meeting the consumer where they are. The same should apply to the employee experience. Clearly mobile is where they are, but we must now focus on leveraging that fact to drive engagement and build the optimal hybrid workplace. We must address the gap between the frictionless and enabling experiences we offer our customers and the restrictive, secondrate digital experiences we offer our employees. If we can close this gap, we stand to gain all the benefits of a highly engaged and enabled workforce — better candidates in the labour market, better retention rates, more consistent motivation, higher productivity, and more frequent innovation.

There is an answer to the app deluge — a single platform of apps, a toolbox of functions, or as Gartner describes it, a digital “Swiss army knife”. This is the super app. Imagine if WhatsApp all of a sudden branched out from messaging and communications to offer payments, e-shopping, and more. This is what Tencent’s WeChat did, and it changed the way more than a billion Chinese

people lived, worked, and played. In the UAE, Careem is emerging as a super app, offering ride-hailing, food delivery, and money transfers.

Service swarm

This is exactly what UAE employees are looking for from their companies. Imagine combining a swarm of HR services — the ones employees use every day — into a single super app that connects HR personnel to each employee. Their work history, contract details, salary, personal information, documents, leave records, performance records, and more will be accessible in a single location because they have supplied that information through a single super app, either directly, or by other engagements such as applying for leave or reimbursements, or simply just by performing their daily tasks.

The super app brings new efficiencies to overworked HR teams beyond having employee information at their fingertips. Constant enquiries about the same thing are replaced by FAQs. Leave, reimbursements, pay-slips, and official letters and emails are automated. And even the employee information that is now so accessible will go way beyond basic, static data. The new digital ecosystem will provide valuable insights

into employee preferences. Leave trends, insurance policy usage, most popular reimbursements — armed with such data, HR can refine policies to fit employee expectations.

On the employee experience side, we find a uniform experience that streamlines workflows and makes people feel like HR is there for them. A consistent look and feel encourages experimentation with app features. One benefit of this exploration is that more employees will be aware of the benefits at their disposal. Often, this is not the case, as packages tend to be opaque and complex. Apps offer a comfortable and accessible way to present the information that matters most to employees.

Workplace of the Future

There is some evidence that such apps are a highway to increased engagement. Bayzat’s own monthly data shows some 2 million user sessions, around 470,000 mobile check-ins, more than 20,000 leave days requested and more than US$72 million in salaries processed. This shows a potential new world on our doorstep — the super app at the centre of a corporate-culture revolution where the employee is the star of the show. If a company felt under pressure to create the Workplace of the Future, where flexibility, personalisation, and inclusiveness were standard, the employee super app would be an excellent first step.

41 CXO INSIGHT ME MAY 2023
THE SUPER APP BRINGS NEW EFFICIENCIES TO OVERWORKED HR TEAMS BEYOND HAVING EMPLOYEE INFORMATION AT THEIR FINGERTIPS. CONSTANT ENQUIRIES ABOUT THE SAME THING ARE REPLACED BY FAQS. LEAVE, REIMBURSEMENTS, PAY-SLIPS, AND OFFICIAL LETTERS AND EMAILS ARE AUTOMATED.

THE CISO MANDATE

The role of a CISO now consists of much more than just risk management and compliance. CISOs are now routinely consulted on business issues because digitized business processes are critical to any enterprise’s success, so cybersecurity is therefore a boardlevel concern. Indeed, cybersecurity is at the heart of most enterprise businesses because of e-commerce and the digital marketplace. For example, e-commerce, whether business-to-business or business-toconsumer transactions all depend on

consistently good user experiences to deliver business outcomes. And this requires consistently good networking, security, and computing performance. Many organizations’ leadership teams recognize the business value of cybersecurity that comes from its ability to enable trusted communications and better user experiences. It’s now clear that enabling responsive computing operations is key to ensuring consistently good user experiences.

In short, today’s CISO’s role is no longer just about protecting the

organisation from cyber threats. The CISO is now a key business enabler and leader, tasked with managing risk and delivering business value. Below are suggestions for how CISOs can help generate better business outcomes for their organizations.

Tip 1: Consolidate to Drive Responsive Operations

There’s widespread agreement that more tools from more vendors is not a viable approach to addressing today’s broad array of cyber risks. Indeed, in most cases, multiple vendor

VIEWPOINT
JONATHAN NGUYEN-DUY, VICE PRESIDENT, GLOBAL FIELD CISO, FORTINET, LISTS OUT TIPS FOR CISOS TO ENABLE BETTER BUSINESS EXPERIENCES AND OUTCOMES
42 CXO INSIGHT ME MAY 2023

relationships with the associated multiple training requirements, license management issues, consumption models, management consoles, and integration requirements, only add greater complexity and costs. Today, most CISOs are rationalizing their legacy investments from several dozen vendors, down to six to eight platforms around which their teams will build the automation for identification, protection, prevention, detection, response, and recovery. Vendor consolidation drives more consistent and responsive networking, security, and computing performance creating better user experiences.

Tip 2: Digital Experience Monitoring for Better Performance

As mentioned above, a key way CISOs can enable the business is by creating exceptional user experiences. A digital experience monitoring (DEM) solution provides IT teams with end-to-end network and application performance monitoring that helps improve digital experiences.

Because of the increase in remote work and the migration of applications to the cloud, many organisations are struggling to identify the root cause of application performance issues and traditional monitoring tools simply aren’t up to the task. This is where a DEM tool can add significant value as it unifies data and helps teams to better understand networking, security, and cloud issues that may create latency in business processes, as well as see compute in terms of the cloud, figuring out CPU usage, and comprehending storage capabilities. Therefore, a good DEM solution can help IT teams spot potential problems at any point—across networking, security, and computing. This provides proactive visibility to mitigate issues that would otherwise lead to performance degradation.

Look for a DEM monitoring platform that gives your operations team good end-to-end performance visibility across networking, security, and computing. A good DEM solution should provide the ability to observe

applications and services, from multiple vantage points, across any network, and even the infrastructure on which the application is hosted. Also look for features that unify and consolidate the monitoring of endpoints, network devices, infrastructure, applications, and cloud services with a single management console.

This capability enables the organization and the CISO to move from being reactive to being more predictive and proactive. Now, they can identify certain times of the day or times in the year when the network is going to need to scale up to enable customers to easily access applications.

Tip 3: Demonstrate the Value of

Security

DEM product usage is something that is happening consistently today because there is now an understanding that user experiences determine business outcomes. DEM solutions provide CISOs with the ability to demonstrate tangible results by showing how performance improvements lead to more brand interactions, e-commerce transactions, and new growth. You can really see this value over time after you’ve implemented solutions such as SD-WAN, zero-trust network access (ZTNA), and secure access service edge (SASE).

With these types of products, CISOs can demonstrate tangible ROI in the

form of fewer failed logins for better help desk productivity, which can be readily monetized. In addition, proactive network management means fewer network disruptions, which means more e-commerce transactions and revenue. Better user experiences can also be measured by better collaboration, or they can measure things over time like what’s the meantime for DevOps, from code conception to launch. These are types of things that CISOs can do today to demonstrate the value of cybersecurity.

After meeting with many CISOs and IT teams early this year, I have found there is universal agreement that it’s all about the user experience. Perhaps it’s best expressed by this popular industry axiom: “The quality of service equals the quality of experience, and the quality of experience equals business outcomes.”

This statement reflects the trend that began during the pandemic. Now, everyone expects to be wowed with every interaction they have with a brand. People are demanding greater levels of customization and personalization, along with better security and privacy. There is an expectation that the data consumers generate be collected, stored, and handled by enterprises in a responsible manner. Of course, the main reason organizations want to hold data responsibly is that they need it to continuously enhance user experiences.

Final Thoughts

CISOs should keep cybersecurity as a main area of concern. However, they should also be working to maintain the quality of experience, the quality of service, and the quality of business outcomes. It’s important to be compliant and have strong risk management, but that can be negated if CISOs don’t deliver the outcomes. It’s all about the results.

Today, for CISOs it’s not just about the security threshold, managing risk, and being compliant with regulations. At the end of the day, CISOs have to enable the business as well.

43 CXO INSIGHT ME MAY 2023

Acer TravelMate laptops

Acer has announced new TravelMate business laptops, all powered by 13th Gen Intel Core vPro processors, and feature 16:10 premium OLED displays, 65 Wh fast charging long battery life, and secured log-in with fingerprint reader or IR camera, coming together to achieve the performance and mobility requirements of today’s hybrid workforce.

Acer TravelMate P6 14

The latest TravelMate P6 14 is the premium business laptop for mobile professionals and executives. Professionals can experience elevated viewing experiences on a large screen surface with a 2.8K OLED (2880x1800) display panel, a 16:10 aspect ratio, and support for 100% coverage of the DCI-P3 color space. Powered by Intel vPro, and an Intel® Evo™ design[1], the high-end business laptop is packed with power as it comes with 13th Gen Intel® Core™ i7 processors[1], 32 GB LPDDR5 memory[1] and a 65 Wh[1] fastcharging battery. Online business meetings and video calls are further enhanced with the laptop’s FHD IR webcam[1], AI-powered noise-reduction technology through Acer PurifiedVoice, and upward-facing speakers with DTS® Audio. A PrivacyPanel feature helps obscure viewing angles beyond 90°to defend against prying eyes. The TravelMate P6 14 laptop also features 2x2 Wi-Fi 6E and 5G connectivity for faster and stronger wireless internet connection needed by mobile professionals.

Kingston Enterprise SSD

Kingston Digital Europe, a flash memory affiliate of Kingston Technology Company, has announced its new DC600M Enterprise SSD. DC600M is optimised for mixed-use workloads with excellent Quality of Service (QoS) to ensure latency and IOPS consistency to hit Service-level agreements. DC600M is 6Gbps SATA 3.0 storage with 3D TLC NAND, suited for use in high-volume rack-mount servers. The drive includes hardware based on-board power loss protection via power loss capacitors to protect data against unexpected power failure reducing the risk of data loss, and ensures the drive successfully re-initialises on the next system power-up.

Acer TravelMate P4 14 and Acer TravelMate P4 Spin 14

The TravelMate P4 14- and 16-inch versions, along with the TravelMate P4 Spin laptops come with next-gen performance powered by 13th Gen Intel Core i7 vPro processors in addition to NVIDIAGeForce RTX 2050 GPUs. The TravelMate P4 14 highlights a lightweight magnesium-alloy chassis and larger screen real estate on a 16:10 thin bezel display with up to 2.2K resolution, showcasing upgraded visuals in a new premium design. Additionally, the convertible TravelMate P4 Spin 14 comes with Corning Gorilla Glass, a touchscreen panel with up to WUXGA resolutions, and a dockable stylus for effortless handwritten note-taking.

With predictable low latencies over a wide range of read and write workloads DC600M is designed for system integrators, hyperscale data centers, and cloud service providers. The DC600M data center SSD is available in 480GB, 960GB, 1920GB, 3840GB, and 7680GB capacities.

PRODUCTS
44 CXO INSIGHT ME MAY 2023
Experience Next-Gen Memor y & Storage Innovations Visit us at : Central Aisle, Booth 4C - 35

MANAGING IOT/ OT CONVERGENCE WITHOUT LOSING YOUR GRIP

SUNIL PAUL, MD OF FINESSE, ON HOW TO TACKLE THE SECURITY RISKS IN THE ERA OF IOT/OT CONVERGENCE

IoT/OT convergence refers to the integration of the Internet of Things (IoT) with Operational Technology (OT) systems. The IoT refers to a network of physical devices, vehicles, home appliances, and other items that are embedded with sensors, software, and connectivity, enabling them to collect and exchange data. OT systems, on the other hand, refers to the hardware and software systems that are used to control and monitor physical processes, such as manufacturing, energy production, transportation, and building automation.

The convergence of IoT and OT systems has been a gradual process over the past few decades, with various milestones and developments along the way.

One important milestone was the emergence of Industrial Internet of Things (IIoT) technologies in the early 2010s. IIoT technologies are specifically designed to integrate with existing OT systems and provide real-time data analytics and monitoring capabilities. This helped to bridge the gap between IT and OT systems and enabled new levels of automation and efficiency in industrial processes.

More recently, the COVID-19 pandemic has highlighted the importance of IoT/OT integration in enabling remote monitoring and control of industrial processes. This has led to increased adoption of IoT/OT systems in many sectors, including manufacturing, healthcare, and transportation.

In manufacturing, for example, IoT/ OT integration is being used to optimise production processes, improve quality

control, and reduce downtime. In transportation, IoT/OT integration is used to optimise logistics and fleet management and improve traffic flow in smart cities. In healthcare, IoT/OT integration is being used to monitor patient health remotely and to improve healthcare delivery.

Advances in sensors, connectivity, and analytics technologies, as well as the development of open standards and platforms that are making it easier to integrate different systems have helped in connecting IoT and OT systems.

With climate change becoming part of mainstream discourse, we can expect to see more and more companies prioritise sustainability and resource efficiency, which opens up more opportumnites for IoT and OT technologies to work together in optimising resource consumption and reducing waste.

However, it is important to carefully manage the integration of IT and OT systems process to protect connected system and its individual parts from vulnerabilities and weaknesses.

Major areas of vulnerability include compatibility issues arising from the use different hardware and software components; increased risk of data breaches since IoT and OT systems often collect sensitive data and most important, cybersecurity risks such as hacking, malware, and phishing attacks which increase manifold when systems are connected.

IoT/OT systems often rely on thirdparty software and services, which can introduce additional cybersecurity vulnerabilities if they are not properly

secured. In many cases, there is a lack of information on the operating software and firmware inside the systems, and they are often not updated with the latest security patches. A classic example would be the WannaCry ransomware attack in 2017, which took advantage of a known vulnerability in Windows XP, which was no longer supported by Microsoft.

IoT and OT systems are often distributed across multiple locations and connected through complex networks, which can make it difficult to monitor and control the systems. This lack of visibility also makes it difficult to detect and respond to attacks on time.

Many IoT/OT systems lack proper security monitoring because these devices were not designed with security at center stage. Moreover, in many cases, OT units are not cybersecurity experts, and cyber teams don’t necessarily understand machinery and devices. OT also imposes its own demands on security systems in terms of protocols and ambient conditions, unlike IT systems that operate in controlled climates.

Addressing the vulnerabilities associated with IoT and OT systems requires a comprehensive and multifaceted approach which should begin with a security strategy that addresses the unique challenges of securing IoT and OT systems as well as the need to manage a diverse array of devices and sensors. Broad strokes include risk assessments, access control, encrypting communications, continuous monitoring and threat detection, employee training, and diligent patch management.

BLOG 46 CXO INSIGHT ME MAY 2023

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.