ISSUE 34 \ SEPTEMBER 2021
PUTTING SECURITY FIRST How a Zero Trust security framework reduces risks for the enterprise Sebastien Pavie
Vice President for Data Protection products, Middle East, Africa and Southern Europe at Thales
CONTENTS
44
14
PRODUCTS
HOW A ZERO TRUST SECURITY FRAMEWORK REDUCES RISKS FOR THE ENTERPRISE
PUTTING SECURITY FIRST
12
26
12 RAISING THE BAR
PATH TO 30 THE RESPONSIBLE AI
DECODING 18 INNOVATION 20 HOW TO WIN
WAY 34 ATONEW DATA
NAVIGATING 24 THE DATA DELUGE
HOW AI CAN BUILD 38 CYBERSECURITY RESILIENCE
WITH AUTOMATION
26 DEFINING THE FUTURE PUBLISHED BY INSIGHT MEDIA & PUBLISHING LLC
HYBRID WORKING HIDING 36 ISINSIDER THREATS?
SAVING THE PLANET 40 WITH TECHNOLOGY
6
NEWS
MAJID AL FUTTAIM UNVEILS WOMEN CODERS PROGRAM MICROSOFT AND ACCENTURE JV AVANADE DEBUTS IN THE UAE ETIHAD AIRWAYS LEVERAGES MICROSOFT AI TO AUTOMATE FINANCE PROCESSES
SEPTEMBER 2021
CXO INSIGHT ME
3
EDITORIAL
IS THE WORST OVER?
L
ife is almost back to normal now, and Dubai is all set to kick off the world expo next month and welcome millions of visitors from across the world safely and responsibly. The fair is expected to revitalise the economy and attract local and foreign investment. This would also be a perfect opportunity to showcase our fightback against Covid-19 and how businesses have tackled disruptions with a resilient mindset. As we start to navigate the post-pandemic world, we all need to take a step back for a moment and ask some key questions. During the last 18 months or so, technology has become a crucial component of any business model. We have seen digital transformation accelerate at a scorching pace across almost all verticals. This pandemic has forced companies of all sizes to invest in innovation to manage the situation better. Now the
question is whether we can afford to push the pause button, or do we need to accelerate further for a far more digital economy? And what does the new normal mean for CIOs? What is for sure is that the business landscape has changed, and CIOs have to think like entrepreneurs; they have to rethink their priorities and quickly transition to the new normal. Tech leaders have to find a way to embrace disruptive technologies despite flat to shrinking IT budgets and make application and infrastructure modernisation a priority. In this age of cost optimisation, CIOs and CTOs are under pressure to demonstrate the business value of every technology dollar. Navigating a fast-evolving digital landscape would require them to go back to drawing boards and look at technologies such as cloud, automation, and AI to spur business growth and innovation and develop new business models, products, and services.
Published by
Managing Editor Jeevan Thankappan jeevant@insightmediame.com +97156 - 4156425
Sales Director Merle Carrasco merlec@insightmediame.com +97155 - 1181730
Operations Director Rajeesh Nair rajeeshm@insightmediame.com +97155 - 9383094
Publication licensed by Sharjah Media City @Copyright 2021 Insight Media and Publishing
Production Head James Tharian jamest@insightmediame.com +97156 - 4945966
Administration Manager Fahida Afaf Bangod fahidaa@insightmediame.com +97156 - 5741456
Designer Anup Sathyan
While the publisher has made all efforts to ensure the accuracy of information in this magazine, they will not be held responsible for any errors
SEPTEMBER 2021
CXO INSIGHT ME
5
NEWS
MAJID AL FUTTAIM UNVEILS WOMEN CODERS PROGRAM
M
ajid Al Futtaim has announced the launch of a coding program designed specifically for women – and the private sector’s first of its kind for the region. The announcement is in line with the government led initiative, ‘Projects of the 50’, aiming to attract 100 coders every day to the UAE’s workforce and attain the highest percentage of female coders per capita in the world in the next five years. Following the launch of the UAE’s National Programme for Coders in July, which aspires to develop talent, expertise and innovation in the field of coding,
Majid Al Futtaim will provide a prominent platform for women in tech to make their mark on the industry. Aimed at training 5,000 women over the next five years, the program will target university students, recent graduates and career women, as well as upskilling MAFers. Early focus will be to create a dedicated tech community for interactive knowledge sharing in collaboration with the UAE Government, industry and academia, which will include outreach to universities across the Emirate to spark interest in tech subjects and encourage women to enter the sector at a greater pace. This program, in combination with other company-wide initiatives, will ensure Majid Al Futtaim achieves its goal to employ more than 35 percent women in advanced technologies and digital roles by 2023. Alain Bejjani, Chief Executive Officer, Majid Al Futtaim Holding said, “There are numerous invisible barriers that discourage women from pursuing a career in the digital space which has a knock-on effect, further widening
the skills and gender gap. Research suggests that women make up only 28 per cent of the global tech sector’s workforce and with the industry booming, now is the time to change this trajectory. The technology sector has tremendous opportunity for gender parity, and by creating the first corporate-led coding program for women in the UAE, we are committed to developing and nurturing the untapped potential that exists locally.” Majid Al Futtaim will roll out several initiatives to encourage women to take up tech subjects, providing opportunities for upskilling, and support them to secure senior positions within business. The Majid Al Futtaim School of Analytics and Technology will run bespoke coding modules and programs for women outside the business’ ecosystem as well as internship opportunities, career guidance and mentorship. In addition, the company will offer freelancing and continue to enhance its flexible work options.
in the United Arab Emirates represents the 26th country location in the company’s expanding global footprint. Leveraging its global delivery network, technical depth and Microsoft-focused capabilities, Avanade will work with Accenture to jointly help clients in the UAE create exceptional experiences, build operational resilience and reimagine new business models. Adriano Neves, Avanade’s United Arab Emirates regional lead, said, “As organizations renew for the future, we want to make a positive impact in the region by helping our clients solve
complex business problems that are unique to their industries and realize their business goals faster on the Microsoft platform.” Nadya Abdulla Kamali, Accenture’s Country Managing Director for the UAE, said, “We are thrilled to welcome Avanade to the United Arab Emirates. With our combined service capabilities, global scale and joint solution development on the Microsoft platform, we look forward to helping our clients drive an end-to-end digital transformation of their businesses.” Sayed Hashish, General Manager, Microsoft UAE added, “Our partnership with Accenture through Avanade has grown tremendously, and the launch of Avanade in the United Arab Emirates marks another milestone for our successful collaboration. Together with Avanade and Accenture, we will continue to empower every person and organization in the UAE to achieve more.”
MICROSOFT AND ACCENTURE JV AVANADE DEBUTS IN THE UAE Avanade has announced the launch of its business in the United Arab Emirates (UAE), with offices in Dubai and Abu Dhabi. Adriano Neves, Avanade’s Sales, Industry and Client Relationships Lead in Brazil, has been appointed to lead the company’s newest entity and will relocate from São Paulo to Dubai. Established by Accenture and Microsoft in 2000, Avanade today has 49,000 professionals globally focused on the Microsoft ecosystem providing technology and consulting expertise to help clients from across industries including financial services, oil and gas, and citizen services. Avanade’s presence 6
CXO INSIGHT ME
SEPTEMBER 2021
SITECORE ACQUIRES REFLEKTION
Steve Tzikakis, CEO, Sitecore
S
itecore has announced the acquisition of San Mateobased Reflektion, an AIpowered digital search platform that understands and predicts patterns, context, and needs in order to convert shoppers into
buyers. The combination of Sitecore and Reflektion enables Sitecore to engage, educate, and empower shoppers to make purchase decisions faster – increasing buyer confidence, long-term revenue, and overall customer satisfaction and loyalty. The acquisition – a continuation of Sitecore’s ongoing $1.2 billion growth plan – will help marketers solve the information overload that is characteristic of traditional search solutions, which leaves customers unable to find and select the right product. 93% of all online experiences start with search, making it an integral part of the customer buying journey, and Reflektion elevates search into a conversational, guided experience that provides more personal, accessible and tailored answers for the customer. Reflektion’s platform can be leveraged across all aspects of the Sitecore digital experience platform, from transforming product data into understandable consumer-friendly language to
understanding shopper intent, behavior, and product preferences. “Search is about more than just entering words into a box and hoping for the right results – it is the cornerstone of a digital experience. With Reflektion, a brand can add various types of search including personalized search, preview search, conversational search, and voice search,” said Steve Tzikakis, CEO, Sitecore. “This reduces customers’ effort and anxiety to find exactly what they need – with more convenience and speed – and leads to increased customer satisfaction with more conversions and revenue. Acquiring Reflektion reinforces Sitecore’s position as the leader in digital experience technologies that meets customers in the moment with more relevant, intuitive, and human experiences.” Reflektion includes complimentary Commerce, AI, and personalization capabilities that, alongside Sitecore’s acquisition of Four51, Boxever, and Moosend, offer even more power to seamlessly deliver targeted intelligent, personalized and real-time information across channels.
MEEZA PARTNERS WITH COMMVAULT TO PUSH CLOUD ADOPTION Commvault has expanded its partnership with MEEZA, an endto-end managed IT services and solutions provider based in Qatar, as the country gears up for the transformation of its IT sector. Together, Commvault and MEEZA are furthering Qatar’s vision to become a smarter digital nation and driving the sustainable economic Agenda set forward by Qatar’s Vision 2030. The country is driving investments in the digital sector to build a knowledge-based economy, with technology giants such as Cisco, HPE and Microsoft, also expanding their cloud service offerings to Qatar. MEEZA, a Qatar Foundation joint venture, aims to accelerate the adoption of cloud growth of the country
and the region through the provision of world-class Managed IT Services and Solutions. To that end, this partnership has commenced a live cloud service – Backup-as-a-Service – available to all of our clients at the date of this publishing, as part of MEEZA’s growing Cloud portfolio. MEEZA’s offerings include Managed IT services, Data Centre Services, Cloud Services and IT Security Services, in addition to expertise in Smart Cities Solutions field. As part of an effort to digitally transform its business, MEEZA’s IT team selected Commvault to deliver advanced, flexible data protection for all workloads. Faisal Al Kuwari, MEEZA CTO said, “Our partnership with Commvault aims to bring the best IT and Intelligent Data Services to our operations. Businesses
Faisal Al Kuwari, MEEZA CTO
in Qatar and the region can expect to benefit from these solutions that will channel greater opportunities, power agility and scalability, and with enhanced service levels. We are pleased to have Commvault on board as our partner to take MEEZA’s mission further.”
SEPTEMBER 2021
CXO INSIGHT ME
7
NEWS
RUBRIK ANNOUNCES STRATEGIC PARTNERSHIP WITH MICROSOFT
R
ubrik has announced a strategic agreement with Microsoft that includes a Microsoft equity investment in Rubrik to drive go-to-market activities and co-engineering projects to deliver integrated Zero Trust data protection solutions built on Microsoft Azure. This work will address rising customer needs to protect against surging ransomware attacks, which are growing 150% annually. Together, Rubrik and Microsoft will provide Microsoft 365 and hybrid cloud data protection and integrated cloud services on Microsoft Azure. Rubrik is addressing the most pressing data challenges for enterprises: rapid recovery from ransomware, automation of data operations, and the transition of data to the cloud. The Rubrik and Microsoft collaboration brings these offerings to the next level, providing Zero Trust data protection for hybrid cloud
environments spanning data center, edge and cloud, including Microsoft 365. Rubrik data management was designed for the cloud from day one. As part of this collaboration, customers and partners gain additional data protection, so that critical Microsoft 365 data is secure, easily discoverable, and always accessible in the case of a malicious attack, ransomware attack, accidental deletion, or corruption. Rubrik also offers additional support and protection for Microsoft 365 including instant search and restore and policy-based management at scale. Additionally, Rubrik and Microsoft provide long-term archival of Microsoft 365 data for the purposes of regulatory compliance. “As the pioneer of Zero Trust Data Management, Rubrik is helping the world’s leading organizations manage their data and recover from ransomware,” said Bipul Sinha, Cofounder and CEO of Rubrik. “Together
HELP AG NAMED AS F5 GOLD PARTNER IN SAUDI ARABIA Help AG has announced that it has achieved the F5 Gold Partner status, enabling it to significantly expand its value-added distribution reach in the Kingdom of Saudi Arabia. F5’s Unity+ Partner Program has been specifically designed to address the evolution of the market, F5 as a business, and partner business models. The programme offers a clear path to success for serving customers with F5’s best-in-class portfolio of products. “We are thrilled to become an F5 Gold Partner, as the enhanced partnership will bring huge value and benefits to our clients across the Middle East, particularly in Saudi Arabia. Leveraging F5’s comprehensive portfolio, we will provide all-inclusive 8
CXO INSIGHT ME
SEPTEMBER 2021
Stephan Berner, Chief Executive Officer of Help AG
and integrated multi-cloud application services, information security solutions, and professional advisory services to all business sectors,” said Stephan Berner, Chief Executive Officer of Help AG. Berner further highlighted that the company is in its strongest position yet to help organisations in every sector substantively realise their digital transformation ambitions. “This
with Microsoft, we are delivering tightly integrated data protection while accelerating and simplifying our customer’s journey to the cloud.” “Customers, across industries, are migrating to the cloud to drive business transformation and realize growth,” said Nick Parker, Corporate Vice President, Global Partner Solutions, Microsoft. “End-to-end application and data management is critical to business success, and we believe that integrating Rubrik’s Zero Trust Data Management solutions with Microsoft Azure and Microsoft 365 will make it easy for customers to advance their Zero Trust journey and increase their digital resilience.”
includes the ability to safely flex to whatever cloud scenario is needed for the job, including virtual machines, container-native, SaaS, and purposebuilt hardware,” he said. Nasser El Abdouli, Director of Channel Sales for the Middle East, Turkey, and Africa at F5, said, “Help AG has the track record, expertise and infrastructure to powerfully boost our go-to-market strength in Saudi Arabia. More than ever, we are helping our customers to create, secure, and operate applications that deliver extraordinary digital experiences. Fueled by automation and AI-driven insights, these applications will naturally adapt based on their changing environment—so companies can focus on their core business, boost speed to market, improve operations, and build trust with their customers. Help AG will be central to delivering our solutions and services at scale across the Kingdom.”
ETIHAD AIRWAYS LEVERAGES MICROSOFT AI TO AUTOMATE FINANCE PROCESSES
E
tihad Airways has recently announced the launch of the next phase of digital transformation for its finance division, which will leverage Microsoft AI to automate its bank-reconciliation process. The move will address the increasing demand for improvement in productivity and operational effectiveness in the post-COVID era. Etihad is set to make significant gains on efficiency by implementing the solution, as well as reducing the risk of human errors given the large number transactions and manual reconciliation tasks currently in scope. “The pandemic has created more demand for digital transformation.
However, the ability to execute on this has really rested on having the right people and technology partners in place – this is where Etihad has been exceptionally well positioned,” said Adam Boukadida, Chief Financial Officer, Etihad Aviation Group. This latest initiative follows Etihad’s successful deployment of Microsoft AI capabilities to support automated payment inspection earlier this year and is part of a continued partnership between the two entities in driving the adoption of AI across the company. “It’s only recently that AI tools have come into the hands of finance professionals in both a cost-effective and practical way. It’s exciting to see
how core processes such as bank reconciliations, payment controls and cash forecasting, can be super-charged as a result,” said Bhavesh Shivshanker, Head of Financial Operations, Etihad Aviation Group. “Bank reconciliations are a tedious and labour-intensive process in most global organisations and we are excited about the ability to automate this through the use of technology. Our longstanding partnership with Microsoft has made it easier for us to initiate our automation plan to enhance efficiency, expand costreduction and optimise operations,” said Frank Meyer, Chief Digital Officer, Etihad Aviation Group.
SEPTEMBER 2021
CXO INSIGHT ME
9
NEWS
CAPITAL BANK PARTNERS WITH PROVEN SOLUTION TO DEPLOY HUMANOID ROBOT
bank in Jordan incorporates an AIenabled robot across its key branches to further customer experience. “We are proud that Capital Bank has chosen Proven Solution to help accelerate its digital transformation initiatives. As the first bank in Jordan to implement our robotics management
platform, Capital Bank is transforming its banking operations to enhance customer experience. Our team has worked hard on this project, which goes beyond streamlining administrative tasks to increase the level of service quality for customers. We are excited to see Capital Bank embrace our technologies and are honoured to facilitate this experience for their customers,” said Zaid Al Mashari, Group CEO of Proven Arabia. The steep rise in the implementation of robotics software across several industries and its consequent success has acted as a catalyst for this partnership. With the project, Proven Solution and Capital Bank will tap into the potential of AI-enabled robotics solutions to aid an array of banking verticals which will subsequently drive core business objectives. Pepper, armed with PRoMS technology, will assist customers by providing support and information related to banking services. The multilingual feature of Pepper will allow customers to access assistance in both English and Arabic.
advancing research and development efforts, overseeing the VMware Engineering Services team, the Design/ UX team and the company’s ESG commitments. “It is with great pleasure that we welcome Kit into the position
of CTO at VMware. Kit’s passion, proven technological savvy and excellent leadership capabilities will be instrumental in advancing our innovation engine and research and development efforts,” said Raghu Raghuram, CEO at VMware.
P
roven Solution has announced that Jordanian financial institution Capital Bank has chosen the firm to advance its digital innovation and footprints in the banking industry. Proven Solution primarily offers solutions powered by Artificial Intelligence (AI), robotics, and virtual and augmented reality. With this project, the tech company will be rolling out its robot management system, PRoMS (an inhouse, advanced tech solution), to drive customer success, improve customer experience, and elevate banking operations across several verticals. For Capital Bank, the project aims to build a reliable, failsafe banking system for its customers by leveraging the PRoMS software offered by Proven Solution. This includes deploying Pepper, a social humanoid robot, as part of its retail banking team. This association also marks the first time a
Zaid Al Mashari, Group CEO of Proven Arabia
VMWARE APPOINTS NEW CTO VMware has announced that Kit Colbert has been named VMware’s next Chief Technology Officer (CTO). Colbert joined VMware in 2003 as the technical lead behind the creation, development and delivery of the vMotion and Storage vMotion features in VMware vSphere. Throughout his tenure at VMware, he served in multiple roles, including VMware’s Cloud CTO, General Manager of VMware’s Cloud-Native Apps business, CTO for VMware’s End-User Computing Business, and as the lead architect for the VMware vRealize Operations Suite. As part of his new role, Colbert will shape the technical vision for the company, and the transformation to a cloud and subscription-centric R&D organization. His oversight includes 10
CXO INSIGHT ME
SEPTEMBER 2021
AVEVA, ARAMCO TO ACHIEVE SUSTAINABILITY GOALS THROUGH DIGITALISATION
A
ramco and AVEVA have announced their intention to form a strategic alliance. Focused on driving sustainability in the region through digital transformation, the partnership will help enable AVEVA to establish their largest digital hub, with an R&D capability, in the Middle East, headquartered in Saudi Arabia. This partnership will represent a significant investment for AVEVA which is also looking to create up to 300 high skill new jobs in the Kingdom by 2030. Ahmad Al-Sa’adi, Senior Vice President of Technical Services, Aramco, said “One of the key pillars for realizing the Kingdom’s Vision 2030 is Digital Transformation. Digital technologies have the potential to accelerate the transformation of the industrial sector and drive it towards
more efficient and sustainable operations. “Establishing partnerships with leaders in industrial digital software, such as AVEVA, is one of the main elements in our digital transformation strategy and we believe will help us realize our mission of leveraging digital solutions to deliver tomorrow’s energy more sustainably, efficiently, and safely. The regional hub that would be established by AVEVA would contribute to Aramco’s ‘In Kingdom Total Value Add’ (IKTVA) programgoals and will facilitate Saudi Arabia’s path to realizing the benefits of a digital economy.” This partnership is designed to foster a working relationship between the two companies in the deployment of various digital technologies including Artificial Intelligence (AI), Machine
Learning (ML), and Data Management. AVEVA and Aramco aim to work together to unlock the benefits of these technologies in line with the Kingdom’s move towards industrial sustainability. One of the key focus areas of the partnership would be to utilize digital technologies to support the development and implementation of blue hydrogen and decarbonization facilities in Saudi Arabia in line with the Kingdom’s energy transition strategy. Another area in which the companies intend to work together is in the implementation of cuttingedge predictive analytics technology across Aramco’s operating facilities. This would be one of the largest deployments of such technology in the region and the main goal is to further improve the reliability, performance, and safety of Aramco’s operation.
SEPTEMBER 2021
CXO INSIGHT ME
11
ADVERTORIAL
RAISING THE BAR SASCHA GIESE, HEAD GEEK AT SOLARWINDS, EXPLAINS HOW THE COMPANY IS HELPING ITS CUSTOMERS MEET THE EXPECTATIONS FOR IT PERFORMANCE AND AVAILABILITY
C
an you share with us SolarWinds’ overall regional product portfolio, its target end-user community, and the principal use cases that SolarWinds supports? SolarWinds is a leading vendor for IT management and monitoring solutions. Our products have the individual IT professional in mind, and because their job can be quite stressful, we want to put the right tools in their hands to help them solve modern IT problems. We deal with all elements and layers in IT: the network, applications, on-premises or cloud infrastructure, and all sizes and forms of businesses. IT problems are 12
CXO INSIGHT ME
SEPTEMBER 2021
always the same, independent of what business you’re actually in. Supporting IT professionals with their daily tasks is a great way for any organisation to see quick results in cost reduction, as less resources are spent on time-consuming or repetitive tasks. How does SolarWinds engage with end customers in the Middle East? Is it through dedicated and specialised channel partners in the region, OEM relationships, two-tier traditional channels structure? The Middle East is a particularly interesting region. First, a lot of the technical infrastructure is new compared to Europe or the U.S., which means there’s less
legacy tech to maintain. Furthermore, the vendor landscape is more open, and we see a good mix of different tech in many companies, which is a challenge we happily accept as our tools are equally open and vendor-agnostic. The speed of change is remarkable, too. SolarWinds has been active in the Middle East for many years now, and we built great relationships with many long-term customers. In fact, one of the top ten SolarWinds deployments sits in the region. We’re proud to help our local customers to grow and will continue to work with them and our regional partners, who together with the SolarWinds technical support team, provide service in language around the globe, including the Middle East region.
We run the traditional two-tier channel structure with two major distributors in the Middle East. Both are “value-added distributors,” and they employ many SolarWinds Certified Professionals (SCPs) to help their local resellers with excellent technical knowledge. As a vendor, we also enjoy events like GITEX—these events let us get in touch with our customers directly, helping us get a better feel for local needs and how the industry is changing in the Middle East. For example, two years ago at GITEX, we heard the reliability—and sometimes even availability—of internet connectivity for enterprises was a problem. Now, this is a thing of the past, as the local ISPs have already improved the situation. In addition, massive investments into technology are happening right now, like the rollout of 5G and an increase in regional data centres. These investments have already paid off and have had a significant impact on multiple industries. E-commerce rose from next to nothing to a major revenue driver for the region’s economy within just a few years. This transformation isn’t going to stop soon, as many ME organisations started discovering international markets and are seeing exponential growth. We’ll continue to help them on their journey. Would you please describe the relationship of SolarWinds with the IT industry, especially leading software and cybersecurity vendors, and the IT organisation? We’ve been in the business for more than 20 years, and we’re well known in the industry. In fact, almost every IT professional on the planet has already used one or more of our tools in their career. We’re in touch with the IT community on multiple layers. First, there’s THWACK, our own online tech community of more than 150,000 registered members, to keep a finger on the pulse of IT professionals, so we know what they need. THWACK is a platform for IT professionals to learn, share knowledge, and unwind. Furthermore, we’ve been in strategic or technological partnerships with many other vendors for years. Our connections within the industry put us in quite a unique position.
Each year, we survey IT professionals in different positions and industries from all over the globe. We run a different theme each year, and for 2021, the theme was “Building a Secure Future.” The results provide great indications regarding where the industry’s going, what trends and challenges exist, and more importantly, how organisations intend to overcome these challenges. All the latest results are available at https:// it-trends.solarwinds.com. What is SolarWinds Secure by Design service? What are the benefits and use cases in the region? What is the go-to-market strategy? Secure by Design isn’t a specific service or product. Instead, it means we used this opportunity to reflect on our own security practices and found opportunities to enhance our posture and policies. We focused on our internal environment and our product development process to ensure the security and integrity of the products we deliver. These transformative efforts on the journey towards becoming Secure by Design will require tremendous focus on security programs, policies, teams, and culture. What’s been the impact of the SolarWinds breach on the IT organisation, IT industry, OEM alliances, and what is the way forward from those consequences? It has shown us the risk of supply chain
attacks. To address the industrywide ramifications of the SUNBURST cyberattack and help strengthen its own security posture going forward, SolarWinds has introduced an initiative to become Secure by Design. Under this approach, SolarWinds is focused on further securing its internal environment, enhancing its product development environment, and ensuring the security and integrity of the products it delivers as it seeks to evolve into an industry-leading secure software development company. The learnings resulting from the SUNBURST investigation have also presented an opportunity for SolarWinds to lead an industry-wide effort around transparency and collaboration and for SolarWinds to develop a new model for secure software environments, development processes, and products. What is the future roadmap of SolarWinds products and services, using AI, ML, analytics, IoT, dashboards, and the cloud? Our vision is an even higher integration of silos than we see now. Though individual parts of IT are getting easier to use with each technical innovation, the increasing number of those individual parts makes it more complicated to keep everything under control. We’re already using machine learning in some of our products, and this is definitely the path to follow. As the underlying IT architecture evolves, so do our products. Integration and consolidation are high on our agenda, and we’re keeping up with the latest tech to help our customers solve their problems, whatever they are. For example, our community asked for more help with their databases. It’s a complex problem starting with a lack of expertise, as dealing with databases is no small feat. Even experienced DBAs find themselves confronted with various database vendors and various locations, and the applications their businesses depend on need to talk to all these individual elements. It’s not easy. Therefore, we heavily invested into our database monitoring and management portfolio, and we still have a few more ideas. Maybe we can share a little bit at the next GITEX in October, and we hope to see you around!
SEPTEMBER 2021
CXO INSIGHT ME
13
COVER STORY
PUTTING SECURITY FIRST SEBASTIEN PAVIE, VICE PRESIDENT FOR DATA PROTECTION PRODUCTS, MIDDLE EAST, AFRICA AND SOUTHERN EUROPE AT THALES, EXPLAINS WHY WE NEED THE ZERO TRUST SECURITY MODEL TO PREVENT CYBERCRIMES.
W
hat has been the impact of this pandemic on cybersecurity? The rapid acceleration of digital transformation and remote working brought on by Covid-19, together with the proliferation of disruptive technologies, have made traditional boundaries of corporate networks disappear. Moreover, businesses no longer have sole control over a closed network, as the pandemic has shifted people from offices into dispersed environments. As a result, organisations have had to increase their reliance on cloud platforms. Many are combining different methods across public, private, hybrid cloud, and on-premises solutions. This has made multicloud an increasingly essential part of everyday operations for many businesses in one form or another. These rapidly changing and fragile ecosystems represent a real security challenge for businesses, as threat actors look to expose the vulnerabilities of distributed workforces operating in remote environments. Legacy security policies and practices based on trust have now been rendered obsolete. As a result, organisations should increasingly be looking at adopting a Zero Trust approach to their security operations. Now more than ever, the ability to access data from any location and on any device is a top priority for enterprises. However, using a traditional castleand-moat security concept, people are unidentifiable and trusted once inside corporate networks – with the power to access sensitive data. Unfortunately, too many networks and applications run on an “assumed trust” system, which hackers can take advantage of with disastrous consequences. 14
CXO INSIGHT ME
SEPTEMBER 2021
How can users get started with Zero Trust security? A Zero Trust model is based on the tenet “Never Trust, Always Verify” and views trust as a vulnerability – any user or device looking to access confidential data cannot and should not be trusted by default. Zero Trust is not a specific technology, rather a strategic, initiative-based security system that requires strict and continuous identity verification and control of data in the cloud to minimise trust zones. With more companies now making a move to the cloud alongside the shift to homeworking, organisations are going to be exposed to new threats that go beyond their current or previous security strategies. Zero Trust helps businesses to maintain a high level of security remotely, without the need for a physical location to authenticate access. Thus, allowing organisations to grow securely in the cloud and adapt to the remote and dispersed environments in which we now operate. This precedent also goes beyond individual organisations; the impact can be felt far wider. Recent high-profile cyber-attacks, such as the Colonial Pipeline cyber-attack, have reaffirmed the lack of resilience to security threats many industries still face. This incident was a strong reminder of the potential benefits of Zero Trust in mitigating the effects of ransomware, as the entry point was a legacy VPN. With Zero Trust it might have been possible to stop the attackers from navigating inside the network, whereas with a VPN once attackers are ‘through the door’ they’re already in a very strong position. Accomplishing the principle surrounding Zero Trust is not without its challenges. Businesses will have to evolve their previously established perimeter security policies into location-agnostic ones.
A significant challenge to achieving Zero Trust is finding solutions that cover identities and data end-to-end. SafeNet Trusted Access, Thales’s cloud-based access management and authentication service, is a strong starting point for effective Zero Trust security implementation. Enforcing access decisions dynamically at the application access point, irrespective of where the user resides and the device they are using. However, the biggest challenge for businesses is understanding that achieving Zero Trust is an ongoing journey that has multiple steps. Though there are some foundational technology capabilities that are a must, organisations tend to equate Zero Trust to implementing a single capability. There is no ‘silver-bullet’ when it comes to achieving a Zero Trust security model. Individual enterprises will need to adapt their strategies based on their specific businesses needs and constraints. Thus, choosing the appropriate strategies and technologies that match the specific needs of their business. How are you helping your customers in the Middle East protect their sensitive data across on-prem and cloud environments? Complexity is the enemy of data security. It continues to make organisations vulnerable to attack because it is the top barrier to protect organisations’ most valuable asset – data, especially sensitive data. This complexity comes in many forms, from the ways that data is created, shared and accessed to the various information technology systems where it is stored, analysed, and secured. Structured and unstructured data is produced and amassed today at unprecedented levels everywhere: in
email, applications, collaboration tools, chatbots and is stored in the cloud and on-premises. This sprawl, along with cloud adoption, indeed makes security more complex – especially when employees sometimes act on behalf of business continuity, not on behalf of data security. The complexities involved with protecting data can create network weaknesses and poor security habits that bad actors can easily exploit. Last year some of the worst breaches involved server and database exposure because IT couldn’t see or find data they possessed. A cyberattacker only has to be successful
once, but IT security teams have to be successful every hour of every day, and it is often complexity that keeps them from protecting an organisation’s data. The fact is, a distributed workforce means more data is migrating to the cloud, and companies are using multiple IaaS and PaaS environments and hundreds of SaaS applications. Organisations must be able to safely rely on the cloud because its significance will only continue to increase. Breaking down the complexity barrier created in this environment will give businesses a clearer view of all of their data so they can better control and protect it. When IT security teams are forced
to piecemeal together various security tools to try to keep all their bases covered – frequently in response to a security incident – this further exacerbates complexity. This approach needs to change, and it can. The world’s brightest software engineers and network architects understand that the complexity barrier must be removed so that IT security teams can support employees who need to get their jobs done, no matter where they’re working or what the latest threats are. Providing common developer or industry-standard APIs and a broad ecosystem of partner integrations helps these engineers quickly adjust to these new complexities. As noted above, sensitive data sprawl across the enterprise, the cloud and beyond. Typically, IT security has limited visibility into where their data resides. Some recent studies have shown that only 54% of organisations know where all of their sensitive data is stored and 52% of all data within organisations remains unclassified. And even when organisations protect their sensitive data in the cloud, nearly half of it is not encrypted. While we can’t know what the future holds in the current environment, we do know that employees need to be able to work from anywhere, and digital transformation strategies must continue if businesses are to innovate and deliver new services. At the end of the day, IT teams need a data security solution that folds in all the tools they need – and without the complexity that creates vulnerability. The evolving business landscape calls for simplified data security, especially as new challenges emerge. Thales’s CipherTrust Data Security Platform ensures organisations have a clearer view of all their data so it can be discovered, protected and controlled wherever it resides. Why is it important for enterprises to develop enterprise-wide encryption strategies? Key management – the processing, management and storage of keys for who can decrypt and access protected information – is an often-overlooked, and yet critical element of encryption. Many organisations left that part up to their vendors or stored them inconsistently
SEPTEMBER 2021
CXO INSIGHT ME
15
COVER STORY across their IT infrastructure in both hardware and software. This lack of centralised control can jeopardise the integrity of encryption. In fact, the management of the keys is more important than the encryption itself, because if something happens to the keys, entire sets of data can be stolen or lost, and there’s nothing you can do about it. The fact that major cloud heavyweights are diving into this technology is a sign that key management is being taken more seriously. And rightly so. The ability to demonstrate control of data is critical to meeting compliance mandates. But how do you really own your data if you do not have total control and ownership of the keys? With every passing day, an increasing number of organisations are migrating their sensitive data and business applications to the cloud for operational flexibilities, cost efficiencies, and quick scalability. To avoid vendor lock-in on a single cloud service provider (CSP), like Microsoft Azure, AWS, Oracle Cloud, and IBM Cloud, many organisations are opting to work with multiple CSPs in a multi-cloud environment. As an increasing amount of critical data gets stored in the cloud, the prospect of cyber-attacks and data breaches rises exponentially. While most CSPs offer native data protection features, the “Shared Responsibility Model” dictates that the ultimate onus of safeguarding business and customers’ sensitive data rests with organisations. While there is a shared responsibility to secure data in the cloud, there is no shared liability. The impact of potential security incidents jeopardising sensitive data remains the responsibility of the company. It is the company’s responsibility to ensure compliance with the relevant privacy regulations such as the GDPR, the Schrems II ruling, PCI-DSS, HIPAA or CCPA. While organisations are increasingly investing in perimeter security mechanisms, they fail to adequately invest in encryption technologies that act as the critical line of defence in the event of a cyber-attack. This is evident through the ever-increasing incidents of sophisticated cyber-attacks that result in data breaches costing organisations billions in losses. To minimise the impact of potential security incidents and to optimise sensitive 16
CXO INSIGHT ME
SEPTEMBER 2021
data protection, security and privacy regulations like GDPR, PCI-DSS, HIPAA or CCPA mandate the adoption of encryption. However, merely encrypting sensitive data in the cloud is not sufficient. The Cloud Security Alliance recommends as an industry best practice for storing information in the cloud to put the customer in control of both the key management and the encryption process. Effectively managing the key lifecycle and being crypto-agile is paramount for establishing trust in the confidentiality, integrity, and availability of your data. What are the barriers to multicloud data protection? When it comes to cloud security and efficient key management, the 2021 Thales Data Threat Report reveals five major pain points organisations face today that prevent them from taking full advantage of the potentials offered by cloud platforms. Lack of visibility into security and encryption practices. With CSPs providing limited visibility and access to encryption practices and schemes, organisations’ risk management teams are reluctant to allow the storage of sensitive and missioncritical data in the cloud due to high impact in case of a data breach. Meeting compliance requirements. Security and privacy regulations mandate the use of state-of-the-art practices for securing the confidentiality and integrity of personal and sensitive data, requiring agility and strong control over key management. Lack of such controls entails big regulatory penalties. Managing encryption keys across multiple cloud environments. Organisations are embracing multi-cloud strategies to avoid vendor lock-in. The use of cloud-native encryption and key management solutions is a barrier to multi-cloud adoption. Custodianship of encryption keys. When organisations elect to use cloud-native encryption services, the corresponding keys are being managed by the providers. Not having direct control on the keys presents potential risks and vulnerabilities in the case of a security or cryptographic incident. Managing, monitoring, and deploying multiple cloud-native security tools. Since cloud-native key management services offer limited ability to automate
the lifecycle of encryption keys, especially across multiple subscriptions, organisations are forced to implement labour-intensive, error-prone manual key management processes to meet their security requirements. Lack of proper security and key management practices in a multicloud environment will only increase the organisation’s attack surface, with cybercriminals eager to take advantage of it as they get smarter and more sophisticated. Luckily, there are many industry best practices, such as Bring Your Own Key (BYOK), Bring Your Own Encryption (BYOE) and centralised and automated key lifecycle management that can optimise data protection in the cloud. How are you leveraging AI and Big Data? Artificial Intelligence (AI) can be the best weapon in a company’s cybersecurity arsenal and, thus, it is becoming increasingly integral to information security. However, AI is not placed solely in the hands of the good. Malicious actors can and will adopt AI and machine learning (ML) technologies faster than the good security leaders can. The use of malicious AI and ML will create new challenges for all businesses wishing to safeguard their most precious asset, data. Data security is not the only challenge businesses must face. Privacy should also concern business leaders for a handful of reasons, especially in the wake of cybercriminals taking advantage of COVID-19 to hack organisations and monetise stolen identities. In addition, consumers are deeply concerned with how their data is collected and used, including new COVID-19 contact tracing apps. A barrage of news about data breaches, government surveillance, corporate misconduct, deep fakes, and biases has soured consumer sentiment on current data practices. It has diminished the level of trust people place on new technologies. In this rapidly changing environment, regulators and national or transnational authorities strive to protect consumer rights and business innovation by framing strategies and policies towards excellence and trust.
INTERVIEW
DECODING INNOVATION SURESH SAMBANDAM, CEO OF KISSFLOW, EXPLAINS HOW LOW CODE/NO-CODE PLATFORMS BOOST DIGITAL TRANSFORMATION
W
hat can you tell us about your company? Kissflow has a bit of a long history. We were pioneers in the low code/no-code space, and we launched in 2012 as a no-code platform for workflows. We were one of the first companies to launch at the Google I/O event because they had never allowed third-party products to be launched before. We got to our first 100 customers in 2013, and we succeeded in penetrating 160 countries. Now, we have around more than a million users, including 50 Fortune 500 companies using our software. In fact, we are in a unique position in the Middle East with some really big enterprise customers. This includes the global FMCG company Reckitt Benckiser, which has more than 10,000 licenses of Kissflow, and the multinational food company Danone. Another reason why the Middle East is very strategic for us is because we have many oil and gas companies that use Kissflow. These are names like McDermott, Total Oil, Abraj Energy, and even one division of Saudi Aramco. So that is why we started operations in the region with Dubai as the HQ, and we have some key people coming on board now. What has been the impact of this pandemic on your business? Do you see increased demand for your solutions because of remote working? The impact has been twofold. First, initially, we feared that there would be a loss in productivity due to remote working, but our productivity actually went up by 15-20 percent. In terms of business, there was a little bit of panic in the first six months since the outbreak of this pandemic. But soon 18
CXO INSIGHT ME
SEPTEMBER 2021
way of doing that is to bring your business users who understand the domain and your technology people who know how to translate their vision together to build working applications. This is the paradigm shift that IT needs to embrace. So if I am a CIO in the retail sector, one way to differentiate from the competition is to embrace a modern way of approaching digital transformation, bringing IT and business together to transform operations. And this is where the world is going now, and you need low code/no-code to achieve this.
after, people realised that they needed to embrace this new normal and digital transformation initiative. As a result, in the second half of the pandemic, we registered a 20 percent growth in business compared to the same period last year. Now, companies want to automate their business processes and move to digital operations. And because we are in digital workplace and low code/nocode space, this situation is ideal for us. So we have actually benefited from this pandemic because we sell primarily to large enterprises looking to automate their processes. How can CIOs embrace innovation and disruptive technologies when they are faced with budget constraints? The answer is they need to look at modern, non-classical approaches to innovation. For example, the classical approach to IT innovation is to conceive a project, engage an IT services company to build the solution for you, and then go through six months to one-year deployment cycle. But, the non-classical
The premise of any low code/no-code platform is creating software quickly. Is it a good idea to rush software development? I would say quickness is not the value proposition. The fundamental value proposition of a low code, nocode platform is ongoing change management. The challenge is you develop software, deploy it, and then suddenly the business environment changes. You are left with no choice but to approach a software company, and they will ask you for a change request, which costs money. It can be chaotic. That’s the real problem low code/ no-code solves. Although initially, the accelerated time to market aspect might look attractive, the real value of the low code/ no-code platform is that it is resilient to ongoing business rule changes. And how your software can continuously accommodate those changes because you are not hard coding it into a program. When you have a no-code, low code environment, everything is visual; you want to change something, you go back to the drag and drop environment and make those changes with the push of a button.
Monitor. Manage. Secure IT. » Over 300,000 customers in 190
countries from SMB to Fortune 500®
» 498 of the Fortune 500 are customers » #1 in Network Management* » 50+ IT management products solarwinds.com
Join SolarWinds at GITEX! Dubai | 17–21 October | Stand H8-A30
NETWORK MANAGEMENT
SYSTEMS MANAGEMENT
* IDC Worldwide Network Management Software Tracker 2H 2020.
SECURITY AND COMPLIANCE
IT SERVICE MANAGEMENT
DATABASE MANAGEMENT
APPLICATION MANAGEMENT
FEATURE
HOW TO WIN WITH AUTOMATION BUSINESS PROCESS AUTOMATION HAS BECOME A BOON FOR COMPANIES LOOKING TO ADAPT AND RESPOND TO THE CHALLENGES INDUCED BY THE PANDEMIC.
T
he automation revolution is sweeping across enterprises in the Middle East, fueled by new technologies such as AI, ML, and robotic process automation. Business process automation might be nothing new, but the Covid-19 crisis has forced many companies to eye automation with renewed vigour to streamline operations. As a result of the massive economic disruption caused by the pandemic, many companies are looking to reduce labor costs, which has triggered a huge demand for automation technologies. Industry experts say the business process automation market is going to witness a huge upswing in demand in the coming years, and a recent MarketsandMarkets report states the global BPA market size is expected to grow from $9.8 billion in 2020 to $19.6 billion by 2026. “Organisations in the Middle East, Turkey, and Africa (META) are increasingly focusing on various automation strategies by leveraging technologies such as RPA, AI, and ML to improve efficiency and achieve better business and operational
20
CXO INSIGHT ME
SEPTEMBER 2021
results. According to latest IDC CIO survey at an overall META level, RPA is ranked fourth among the emerging technologies where organisations across the region are planning to invest in significantly over the next 12 months,” says Manish Ranjan, Senior Program Manager for Software & Cloud at IDC Middle East, Turkey and Africa. Reducing time and effort spent on repetitive, low-value tasks will free employees to focus on more strategic work. With AI/ML being the top investment area, META organisations are clearly aiming to implement more business and process automation to improve efficiency and outcomes. As deployments of AI and cognitive solutions based on machine learning increase, demand for intelligent solutions capable of self-learning and self-healing will rise from organisations looking to enable true digital transformation. Government, banking and finance, resource industries including mining, oil and gas, and utilities, and manufacturing are the leading industry verticals which are embracing business automation, he adds.
Ramprakash Ramamoorthy, Director of Research at ManageEngine, says modern-day technologies like AI have helped achieve new milestones in process automation. In fact, we’re moving beyond process automation and heading towards automation augmented with decisionmaking capabilities. “The world has seen tremendous digital adoption during the pandemic, including an uptick in the number of digital-native or digital-first brands across segments. At this juncture, it only makes sense for digital organisations to use data to their competitive advantage. We are also at a stage where there is increased awareness of what data an individual or business generates, who has access to it, and how it is put to use,” he says. Vaidy Panchabikesan, Regional Sales Director at Kissflow, comments: “Business process automation has been significantly growing and continues to empower employees, especially those who work remotely. As a result, this trend was accelerated by the pandemic and today, BPA technologies and automation strategies have been evolving
Manish Ranjan
Ramprakash Ramamoorthy
Vaidy Panchabikesan
as enterprises target long-term digital transformation.” Due to drastic external changes, organisations have been forced to give up traditional, office-based operations and legacy systems and shift to remote work. Productivity and business continuity pressures have also significantly increased because of this. The post-pandemic world now revolves around online services and cloud-based products and through 2021, the pursuit of delivering better customer experiences continues to drive the businesses towards streamlining operations and embracing new digital processes, he says.
Automation is more of a strategy than just technology implementation, and CIOs now have the opportunity to leverage disruptive technologies to redesign business processes completely. “Business Process Automation has become increasingly important in the quest by today’s enterprises to become digital businesses. The key to any digital transformation strategy is scaling a digital infrastructure footprint in an autonomous way based on end users’ demands. Every service provider or enterprise in the post-COVID-19 world, is looking for ways to implement their infrastructure into an auto-pilot mode
to better focus on delivering services to their customers,” says Kamel Al-Tawil, Managing Director for Middle East and North Africa, Equinix. Nabil Abbas, Principal at Booz Allen Hamilton, MENA, says most business process automation programs are likely to fall short of realising their intended ROI. “The misfortune is rarely attributed to the choice of automation technology or to the design of business processes, and rather it is the outcome of failing to comprehend and/or manage the change introduced by automation and its impact on people. The challenge of coping with change is particularly amplified with
WHAT THE EXPERTS SAY
Businesses continue to struggle for automation to garner ROI. This is because, while data is present, a significant challenge that entities face is of utilising and benefiting from this data in terms of capturing and structuring it in a more clear, concise and organised manner to enable any AI implementation in a close to accurate manner. This challenge mandates automation to shift towards integration to capture data from different sources through IoT or standard integration to create an organised workflow that can best present and use this data efficiently, accelerating insights and actions.
“Organisations are increasingly relying on automation technologies as it allows them to focus on core business functions, optimise operations, reduce costs, simplify and streamline processes, and increase efficiencies. One of the biggest trends in BPA is Robotic Process Automation (RPA) solutions. Customers are increasing their investments in RPA solutions as they look to address challenges such as achieving smoother workflows, delivering efficient services and automating repetitive tasks. Organisations are also turning to AI and machine learning technologies to automate processes. We are seeing increased use cases of RPA across industries such as insurance, banking and finance, healthcare, telcos and government.”
Firas Saifan, managing director, Technology Strategies Middle East
Sakkeer Hussain, director of sales and marketing, D-Link Middle East and Africa
SEPTEMBER 2021
CXO INSIGHT ME
21
FEATURE
Kamel Al-Tawil
Nabil Abbas
Vijay Jaswal 22
CXO INSIGHT ME
SEPTEMBER 2021
technologies such as RPA and CPA, which can and ultimately will reconfigure jobs and their requirements within the organisation. In such cases, the scope of change can be overwhelming to people and have strong implications on organisational culture.” He says the key to an effective automation strategy is, therefore, avoiding a myopic view of change byproduct. For any business process automation program to succeed, significant effort and time should be put into enabling cultural adoption and adaptation across the organisation with a new work mode. Almotaz Salameh, Major Accounts Leader at UiPath, says: “While there is no one-size-fits all recipe for a successful automation journey, we are seeing an emerging framework for adoption that successful companies are leveraging. The first step is to find and prioritise high-value automation opportunities via centralised governance. Secondly, it is important to democratise the generation of automation ideas. One approach is to encourage employees to suggest and build automations themselves – and thus become citizen developers.” For a successful deployment, enterprises should create a hybrid model of adoption that combines top-down and bottom-up approaches. Bringing both centralisation and democratisation of automation into a hybrid approach unlocks what we call the ‘automation flywheel’. The automation Center of Excellence (CoE) sets things in motion by building and distributing automations. Once employees start using them and get used to working with software robots, they will use their in-depth knowledge of the processes to generate automation ideas. With support from their IT department, the more tech savvy of employees can start building those automations themselves, he comments. According to Vijay Jaswal, CTO of Software AG Middle East and Turkey, selecting the correct process is absolutely key. “You have to ensure sufficient analysis has been done on the process to ensure you are not automating a process that is inefficient. Also, it would help if you had a strong executive sponsor and ensure
correct and relevant stakeholders are involved. These should include SMEs as well as the IT team.” How can CIOs determine which business processes can be simplified with automation? Al-Tawil from Equinix says although many businesses have already embarked on their digital journey to tackle the issues brought about by the global pandemic as remote operations, it is critical for digital leaders to take a step back, consider the broader picture and rethink their strategies. “At the end of the day, digital transformation is all about boosting business agility, optimising costs, and improving efficiency through automation. As markets become more global and interconnected, digital leaders need a clear vision of their future to ensure that the optimal digital infrastructure is in place to bring it to life,” he says. Ranjan from IDC says the most important part of an effective automation strategy is to align with the organisational digital transformation initiatives and create a comprehensive and scalable automation plan. Identify the repetitive, mundane, and timeconsuming processes and tasks and work towards creating an agile, employee-friendly environment where these processes can be automated. Organisations need to define the business requirements and relevant use cases, determine what they want to achieve from process automation, and then create an effective implementation plan. Panchabikesan from Kissflow says organisations with more automation have reported to see more value, higher customer satisfaction and enhanced productivity. For beginners, start by automating simple and trivial workflows that are not very crucial to business operations. This way, you can easily track the performance of your processes and gauge improvements. “Typically, structured or IT-focused processes are focused on more when it comes to automation. But it is worth noting that less-structured processes are equally important to ensure overall business success,” he sums up.
Your Surveillance Partner
NOW MOBILE. SKYHAWK APP
for Security Professionals and Surveillance Installers Stay connected on the go, easily build estimates, quickly calculate storage, and locate your nearest reseller.
Download the SkyHawk App today
Now available on:
marketing@asbisme.ae
VIEWPOINT
NAVIGATING THE DATA DELUGE DAVIDE VILLA, BUSINESS DEVELOPMENT DIRECTOR FOR EMEAI AT WESTERN DIGITAL, ON HOW TO ADDRESS DATA STORAGE CHALLENGES IN HEALTHCARE
T
he healthcare industry has been one of the greatest beneficiaries of digital transformation in the last 12 months. Essential remote care services, critical realtime hyper-localised data in tracking pandemic trends, and the rapid rollout of a worldwide vaccine have been facilitated by digitalisation. This growing reliance on digital operations brings with it vast amounts of data – according to IDC in May 2020, more than 59 zettabytes (ZB) of data would be created, captured, copied, and consumed in the world last year alone. This sudden and exponential increased digital demand has meant that the essential data infrastructure that healthcare relies on has come under 24
CXO INSIGHT ME
SEPTEMBER 2021
enormous pressure and must handle critical data and workloads. At the same time, improvements in technology, coupled with the convergence of cutting-edge research and data analytics have created a new opportunity in healthcare. Today’s clinical workloads require storage infrastructure advancements that meet their demands and deliver fast, highquality patient outcomes. The system must be able to quickly access clinical applications, databases and deliver reports in near real-time. With requests from local hospitals, state governments and global groups such as the World Health Organisation (WHO) clamouring for models of data and forecasts, capturing and analysing such large data sets requires a storage infrastructure
that is reliable and scalable at every level. Creating data-driven, sciencebased, actionable plans is not only vital to combatting COVID-19 but also in the prediction of future pandemics. As an industry under mounting pressure, rapidly building its digital services, it is imperative that data is effectively managed and available to be utilised to its greatest effect. Futureproofing infrastructure to make the most of the use of technology such as Artificial Intelligence (AI) will also be a key priority. But what are the challenges facing healthcare with data storage and how can organisations solve them? Storage at the edge and in the core There is no ‘one solution fits all’ to solving data storage challenges in
any industry, and in healthcare, this is certainly no different. The events of the last 12 months and in fact over recent years of digital transformation show there is a burgeoning need for hybrid storage systems to be implemented throughout the industry. In order to cope with the dynamic nature of how data is created in healthcare, the scale that it is needed for analysis, as well as the imperative nature of security, results in a variety of storage challenges and their subsequent solutions. At a local, core level, organisations must have the correct hardware to store and monitor the increasing amounts of patient data. For example, the rise of smart video systems for remote patient monitoring has increased the proliferation of video data that is needed to be managed and stored to care for patients in a safe manner. At a wider regional level, the amount of data being produced is no longer viable to be kept on site at every healthcare premise. The use of edge data centres will be key to ensuring secure and reliable storage of data, while being easily accessible to an industry where emergency access is a necessity. The combination of the edge and private and public cloud environments will continue to be of use to the healthcare industry, as trends and analysis continue to take place at a national and even international level. What cloud storage offers is both the ability to scale quickly as data grows, as well as enabling remote collaboration on data sources across organisations and at different locations. Utilising a hybrid model of cloud and edge storage, along with a robust core data infrastructure, means healthcare and research organisations can invest in solutions that offer the ability to index, preserve, and provide access to large files and vast amounts of data with flexibility and ease. The importance of scalability and real-time visibility The proliferation of healthcare data is only set to increase as more technology is brought into the industry and the
demand for digital services increases. Achieving a dynamically scalable storage architecture to cope with the waves of data will not only provide flexibility in the present, but future proof the infrastructure for years to come. Ensuring the real-time visibility of data has been imperative to organisations in the industry. The COVID-19 pandemic resulted in an immediate demand for large-scale data modelling and visualisation to be able to track spikes in cases. This dramatic increase in data being written and read requires a scalable file storage system to store large data sets, while simultaneously requiring performance for analysis and visualisation. Legacy systems and software may be reliable and user friendly in the short term, but with the vast scale of the data testing their limits, organisations will want to ensure that the total cost of ownership (TCO) remains low, that they can scale cost-effectively and achieve best performance density. Solutions for today: IHME use case Whilst organisations need to be planning for future storage infrastructure challenges, there is current technology at the core that can help alleviate pressure on the growing reliance on data. HDDs are the ideal solution to store the maximum amount of data
offering large capacities, low power and exceptional reliability. NVMe SSDs are optimised for highperformance data analytics thanks to their low latency that enable fast random read and write capabilities. This ultimately translates into faster data analysis on large scale data sets. At the same time, it enables a system to handle spikes of simultaneous access to the data. An example of the effective use of data storage can be found within The Institute for Health Metrics and Evaluation (IHME). The organisation continues to play a key role in the research and analysis of the current pandemic. To respond to these urgent requests, IHME needed to produce large-scale data modelling for forecasts and include daily and cumulative COVID-19 death reports, infection and testing numbers, and social distancing information. Almost overnight, IHME needed massive additional data resources. With a scalable storage solution, IHME gained the ability to rapidly store and analyse large databases from multiple customers, increasing the number of terabytes read, analysed and visualised for agencies and organisations to create data-driven, science-based, actionable plans to combat COVID-19. Effective data storage empowers transformation As healthcare digital transformation projects continue to roll out at speed, it is of paramount importance that data is collected and stored with security, scalability and reliability in mind. In addition, the ability to correlate data with advanced technology such as AI and advanced treatment information and research can help deliver precise diagnoses, evaluations, and medicine to patients while possibly identifying future risk factors and diseases. Whatever the focus of the healthcare organisation in question, data storage is the essential foundation for digital transformation and should be considered carefully, upfront, to ensure the best TCO for its intended use case and application.
SEPTEMBER 2021
CXO INSIGHT ME
25
FEATURE
DEFINING THE FUTURE
SOFTWARE-DEFINED STORAGE PROMISES TO HELP YOU REALISE BUSINESS VALUE FROM DATA. HERE IS HOW TO GET STARTED.
T
he premise of softwaredefined storage is simple – decouple management software from the underlying hardware, which gives administrators the flexibility to provision and manage storage with automated policies. It enables enterprises to unify all storage assets into a single infrastructure and manage it with a single pane of glass, solving data fragmentation and meeting changing business requirements. No wonder then Gartner predicts 50% of global 26
CXO INSIGHT ME
SEPTEMBER 2021
storage capacity will be deployed as SDS on-premises or in the public cloud by 2024. Charbel Zreiby, Director, Channel Presales – MERAT, Dell Technologies, explains why businesses should choose SDS: “The evolution of storage media has produced a wide array of options, yet many of these current generation storage solutions fall short in their ability to support the needs of nextgeneration applications. From big data, social, mobile and cloud computing to robotics, 3D printing and the Internet of Things, new technologies require
storage media that delivers more speed, flexibility, scalability and capacity. “IT teams are also facing pressure to constrain costs and to get more done with existing resources. Software-defined storage solutions satisfy the requirements for performance, flexibility, scalability, ease of use and cost efficiency by separating the management services (control plane) from the infrastructure (data plane) of storage media while still delivering equivalent and at times better data services vs traditional storage arrays.” Paulo Pereira, Senior Director, Systems Engineering, METI at Nutanix,
as well as standard interfaces and a virtualised data path.” Saifuddin Khwaja, Senior Sales Director at Western Digital, says traditional data centre infrastructure is declining as more spending and workloads go to the cloud and new infrastructure choices. As organisations contend with the never-ending tsunami of data, more and more IT leaders are turning toward cost-effective softwaredefined infrastructure, like SDS or HCI, to manage the complexities of storing, accessing, sharing and protecting data at scale.
says there are multiple benefits of adopting software-defined storage that are pushing more businesses to choose a hardware-neutral approach to storage. Businesses that have adopted SDS enjoy much-needed advantages in everything from costs to scalability. “Because SDS can be used with an x86 server, businesses realize improved flexibility when it comes to selecting IT managers, eliminate vendor lockin challenges, and far more. Without question, SDS is an economical storage option for businesses hoping to reduce their CapEx expenditure,” he says. Ayman Al Shaikh, Director Solutions Architecture, MENA and Pakistan, Red Hat, offers another perspective: “To keep pace with business requirements, organisations need modern storage solutions that are optimised for most types of workloads. Software-defined storage solutions help you work more efficiently, grow faster, and rest easy knowing that your data—from important financial documents to rich media files—is available and stored safely. SDS solutions empower businesses from all verticals, offering them automation, flexibility, scalability, and transparency,
How does SDS work? Software-defined storage virtualises the management of storage requests, not the IT hardware storage boxes. Functions such as replication, automated provisioning, deduplication, and backup can be virtualised. “Unlike traditional network-attached storage (NAS) or storage area network (SAN), software-defined storage enables system optimisation and the ability to update to the latest storage management features without having to purchase additional resources,” says Steven Carlini, Vice President of Innovation and Data Center, Energy Management Business Unit, Schneider Electric. As more businesses begin to decentralise their data processing, moving it closer to where their data is generated via edge computing, storage simplicity and flexibility are critical. Software-defined storage enables a simplified edge deployments with lower-cost storage clusters that are powerful enough to support on-site applications and data, he adds. Khwaja from Western Digital says SDS technology is often deployed using standardised, off-the-shelf hardware that delivers all the features of robust storage arrays at new cost efficiencies through a data plane. However, the advantages of software-defined storage go far beyond economics as it provides organisations with a new level of flexibility. Components can be tuned to fit particular needs; resiliency and
Charbel Zreiby
Paulo Pereira
Ayman Al Shaikh SEPTEMBER 2021
CXO INSIGHT ME
27
FEATURE
Saifuddin Khwaja
Steven Carlini
Walid Issa
28
CXO INSIGHT ME
SEPTEMBER 2021
TO KEEP PACE WITH BUSINESS REQUIREMENTS, ORGANISATIONS NEED MODERN STORAGE SOLUTIONS THAT ARE OPTIMISED FOR MOST TYPES OF WORKLOADS. SOFTWARE-DEFINED STORAGE SOLUTIONS HELP YOU WORK MORE EFFICIENTLY, GROW FASTER, AND REST EASY KNOWING THAT YOUR DATA—FROM IMPORTANT FINANCIAL DOCUMENTS TO RICH MEDIA FILES—IS AVAILABLE AND STORED SAFELY. features are delivered through software rather than hardware; and the system can be far more easily maintained and upgraded through software enhancements. “SDS is defined in two parts: infrastructure and management. Infrastructure SDS is what most of us are familiar with and utilises commodity HW such as x86 servers, JBOD, JBOF, or other and delivers features through software orchestration. Management SDS, on the other hand, controls above hardware but also controls legacy storage products to integrate them into an SDS environment,” he says. Like any other new technology, SDS has its fair share of disadvantages too. Compared with off-the-shelf solutions, new SDS deployment can be cost prohibitive, and it requires solution engineering. Walid Issa, Senior Manager, PreSales and Solutions Engineers Middle East and Africa, NetApp, says software defined storage has many benefits to address the challenges of
today’s data centres; However, some may see it as complex and therefore could increase administration overhead. Data availability and Security may also be a concern. “Therefore, a data recovery and disaster recovery strategy must be designed and implemented properly. So, having the right technology to move and replicate data easily with consistent management across the hybrid cloud environment is key to address these challenges. Also, be able to dynamically add capacity and scale performance to meet changing business needs without administrative complication,” he says. Zreiby from Dell says as SDS systems are Data Service rich that could involve more functionalities, it’s normal that another risk could be human error. On these same lines, new data structures in SDS systems can lead to defects such as physical disk failure due to the complexity of the solutions. However, this can be avoided by setting up an elaborate data protection strategy that includes data recovery and a robust backup plan. Pereira from Nutanix says cuttingedge software is always challenged by legacy apps and the complexity due to compatibility issues with legacy features and slow pace of development when it comes to legacy applications. And while offering flexible licensing model, by separating the software-defined storage from the underlying hardware, customers usually face two different types of license and support, unless the solution is provided as appliance based. “SDS is still maturing to fulfill all needs, and there are many different options to choose from. We are moving into a hybrid world with hybrid tiers, hybrid clouds, and hybrid solutions that take advantage of these new models. With the onslaught of data, growing performance demands and need for unprecedented cost efficiencies comes an essential requirement to understand your storage usage and how you manage both legacy and new systems on-premise and in the cloud,” sums up Khwaja.
VIEWPOINT
THE PATH TO RESPONSIBLE AI SID BHATIA, REGIONAL DIRECTOR – MIDDLE EAST, DATAIKU, ON HOW TO MITIGATE AI RISKS
A
rtificial intelligence (AI) solves real-world problems. We know this. We have seen it. Last year, we saw droves of regional businesses move to the cloud and, once there, realise that scalable, affordable smart technologies were within reach. Proofs of concept quickly followed, as did several success stories. And then, as AI grew in popularity, a concept that had largely been the subject of conversation among tech experts began to go mainstream. That concept is “responsible AI”. Hundreds of billions of dollars in commercial AI revenue is expected to flow to the Middle East by 2030, and contribute heavily to double-digit 30
CXO INSIGHT ME
SEPTEMBER 2021
GDP growth, with the United Arab Emirates (UAE) reaping the most benefits, followed by Saudi Arabia. GCC nations have been pioneers in artificial intelligence and the UAE has been a trendsetter among them. The country was the first in the world to appoint a minister of state for AI and in October 2017 it launched the UAE Strategy for Artificial Intelligence 2031. By the nation’s sixtieth anniversary celebrations, it aims to solve real-world problems that include the elimination of the federal government’s 250 million annual paper transactions. The UAE, like many countries, grasps the potential of smart technologies to supercharge economies and solve environmental and social issues. The
government’s AI strategy may focus on the 190 million people-hours wasted each year or the 1 billion unnecessary kilometers travelled for the sake of physical transactions. But stakeholders and public messaging also regularly refer to responsible AI. Align intent with consequences Responsible AI is a common framework that focuses organisations on the wider implications of their technology experiments. Methodologies and best practices in responsible AI seek to align intent with consequences and ensure that developers of AI solutions never lose sight of their impact beyond the enterprise. Broadly speaking, this requires collaboration among
stakeholders of different backgrounds at every step in the development process, from design to deployment. Just as successful leverage of AI technology requires a culture change, so does the delivery of responsible AI. So, it is more beneficial from a business standpoint to integrate responsible AI from the start. Companies should begin by examining their values and responsibilities. A list of dos and don’ts, communicated clearly to all employees, will help to govern everything that comes after. To make AI work for a business requires that staff at all levels are aware of (for example) what data needs to be collected and how. While training employees in these processes, they can also be introduced to the ethical and legal components of the technologies and all the possible spillovers from their use. Every action they take should be viewed through the lens of the responsibility framework so that they are aware of the legal and moral implications of what they do on behalf of the organisation. The need for transparency Responsible AI systems must be secure, but they also must be transparent. Non-technical people must be given the means to interrogate a result from an AI system, be it an automated action, a recommendation, or an alert. Good governance in the development of such systems will define a set of deliverables at each step that will ensure that products remain transparent. Performance and uptime are just part of the equation. Readily auditable platforms should record data access ― not just timestamps, but the user that accessed it and their reasons for doing so. Decision makers and developers must be empowered with the correct tools and best-practice training to deliver technically sound and audit-ready AI systems. Integrating the elements of responsible AI requires taking astute action at every point in the development pipeline. Constant communication between stakeholders will also be necessary to flag any potential issues
users. Failure to do this in the past has led to some public failures in AI that have diminished confidence in the technology’s ability to fulfil certain use cases.
DECISION MAKERS AND DEVELOPERS MUST BE EMPOWERED WITH THE CORRECT TOOLS AND BESTPRACTICE TRAINING TO DELIVER TECHNICALLY SOUND AND AUDITREADY AI SYSTEMS. INTEGRATING THE ELEMENTS OF RESPONSIBLE AI REQUIRES TAKING ASTUTE ACTION AT EVERY POINT IN THE DEVELOPMENT PIPELINE. so all relevant parties can assess them against the responsibility framework. This is where the correct choice of stakeholders will come into play. Responsible AI comes more naturally to organisations that are prepared to include potential users of the end system in the development process, or at least people who are representative of end
The bias in data For example, the bias that arises from historical data can lead AI systems to churn out unhelpful results. If ― as has happened ― an algorithm screens resumes and returns more male candidates than female, the fact that the algorithm accurately analyzed the history of hiring practices does nothing to improve the value of the result. Responsible AI allows for prejudice in data and amends algorithms and analytics models accordingly. A committee that includes experts on historical prejudices ― or people who have experienced them ― is a stronger decisionmaking team. Also, techniques such as exploratory data analysis (EDA) ― a visualisation approach that can be helpful in identifying underlying structures and biases in data ― can greatly improve the quality of AI products. A general error in the implementation of AI has been siloed development. Different teams work on different projects with different priorities. While this is counterproductive to the implementation of any AI program, it is particularly detrimental to the delivery of responsible AI. Common data sets are a prerequisite of ethical development because, as we have seen, the data itself can be the source of negative outcomes. Uniform, enterprise-wide commitments to transparency, data integrity and other goals are necessary to produce ethical products. Holistic frameworks will guide everyone because they will be designed to apply to all facets of the business, having been formulated by a wide range of stakeholders. Responsible AI is accountable AI. It is ethical, grounded by its potential human impact, and lays bare its inner workings. Get the right team in place, with technical, domain, and legal specialists who pay attention to data quality and listen to wider audiences, and the results will be benchmarks for excellence.
SEPTEMBER 2021
CXO INSIGHT ME
31
BLOG
THE VALUE OF A CIO IN THE GLOBAL CORPORATE LEADERSHIP ROLE TERENCE SATHYANARAYAN, CEO OF PULSE IS, EXPLAINS THE GROWING IMPORTANCE OF THE CIO ROLE IN FORTUNE GLOBAL 500 COMPANIES
A
s digital transformation efforts progress, alongside organisational transformations, the role of the CIO demands to clear roadblocks that hinder business success. This requires CIOs to minimise technical debt. Ever heard of “technical debt”? It’s expediting a piece of functionality or project which can later be refactored. Unfortunately, this decreases the agility of the project and can sometimes hinder the business. “Technical debt” is sometimes intentional; the demand from the business for speed forces a trade-off between perfect outcomes and short timelines, making this one of the most crucial impediments that have to be avoided. And who is expected to make this magic happen? CIOs, of course. Another key priority is preventing stumbling blocks from a client perspective. Up until now, we’ve been discussing how technology has the upper hand in today’s world and how technology has become a lifestyle for most of us. It is CIOs who are burdened with the pressure to find positive ways to respond to this technical jump. However, as customers, we are sometimes posed with slow response times, performance issues, data hiccups, bumpy user experiences, and outdated interfaces. As a CIO, it is up to you to ensure an effortless customer experience which is the foundation of business progression. All this, keeping cost in mind. Recruiting or training an efficient IT team should be on top of the 32
CXO INSIGHT ME
SEPTEMBER 2021
transformational CIO agenda. Technology has been growing, and so is its obsession; people find ways to incorporate technology in every part of their lives. Microservices make versatility, speed of delivery, and maintainability possible. When embedded in apps, AI delivers the multi experiences (chatbots, predictions, AR and VR, voice) that attract and retain customers and users. The challenge to every CIO is finding or training developers and data scientists who can deliver intelligent apps and systems that develop your business and focus on making a profit. It is also imperative for CIOs to maintain a secure business network. The most prominent CIO challenge and primary accountability is the health of the business’ network. Without a robust network, digitisation efforts falter. Only with a sturdy network will the CIO achieve the organisation’s credibility and the responsibility of a leader. Now, let’s talk about the importance of a CIO in a Fortune Global 500 company. Since 2001, there has been a significant change in the geographical distribution of the companies in the Global 500 rankings. The number of North American-based companies decreased from 215 in 2001 to 143 in 2017 and the contribution of Asianbased companies increased from 116 in 2001 to 197 in 2017. These companies span over most industries like retail, petroleum, energy, Internet services, to automobiles and cover sectors in aerospace, constructions, healthcare,
media, telecommunications, and transportation, to name a few. Each one of them has its CIO leading its transformation initiatives. With the pace of technology accelerating exponentially, CIOs are called to be more versatile, demonstrating a blend of skills. Not only do CIOs manage technical projects but they also innovate business models to help the organization maneuver through a technological outburst. If we trace back to the 1980s when the role of CIO emerged as a job title, their job roles were specific and distinctive. However, with all these advancements and alterations, CIOs have needed to diversify their work methodology. By now, we know that CIOs are charged with working cross-functional efforts that demand collaboration and a more comprehensive leadership skill set, including powerful emotional intelligence. Thus driving business outcomes through the exploitation of the latest technologies while maintaining a legacy infrastructure to have a balance between ‘business as usual’ and ‘ seamless customer experiences.” In today’s uncertain economic environment, CIOs are privileged with their ability to optimise systems horizontally and contribute to the needs of the global organisation from both a technical and a business perspective.
https://cxoinsightme.com/ictleadershipawards/2021/
Conrad Hotel, Dubai 17 OCTOBER 2021 The Middle East is a bubbling cauldron of tech innovation. The pace of digital transformation in the region is accelerating in the wake of the pandemic with the rapid adoption of digital technologies. ICT Leadership Awards 2021, taking place on 17th October 2021, will recognise companies and individuals in the Middle East whose ICT practice has led to innovation and business resiliency during this pandemic. Chosen by CXO Insight Middle East editors, we will spotlight organisations that are making smart business decisions with emerging technologies and the whole ecosystem that is fueling the growth of the ICT sector in the region. Be part of this awards programme that celebrates technology leaders from a broad range of organisations for their exemplary leadership and innovative approaches and tools and platforms these visionaries are tapping into to solve their business problems. For the first time, we will also be recognising the achievements of B2B technology marketing managers who have made significant contributions to the success of their businesses and helped their brands to rise above the noise in a fast-paced market.
VIEWPOINT
A NEW WAY TO DATA RAVI NAIK, CIO AT SEAGATE TECHNOLOGY, ON DATA GRAVITY AND ITS IMPACT ON DATA STORAGE INFRASTRUCTURE
D
ata gravity affects the entire IT infrastructure; it should be a major consideration when planning data management strategies. It’s important to ensure that no single data set exerts an uncontrollable force on the rest of the IT and application ecosystem. Data is now an essential asset to businesses in every vertical, just as physical capital and intellectual property are. Data growth, with ever-increasing quantities of both structured and 34
CXO INSIGHT ME
SEPTEMBER 2021
unstructured data, will continue at unprecedented rates in the coming years. Meanwhile, data sprawl — the increasing degree to which business data no longer resides in one location but is scattered across data centers and geographies — adds complexity to the challenges of managing data’s growth, movement, and activation. Enterprises must implement a strategy to efficiently manage mass data across cloud, edge, and endpoint environments. And it’s more critical than ever to
develop a conscious and calculated strategy when designing data storage infrastructure at scale. What worked for terabytes doesn’t work for petabytes. As enterprises aim to overcome the cost and complexity of storing, moving, and activating data at scale, they should seek better economics, less friction, and a simpler experience — simple, open, limitless, and built for the data-driven, distributed enterprise. The concept of data gravity is an important element to consider in these efforts. According to the new Seagate-sponsored report from IDC, Future-proofing Storage: Modernising Infrastructure for Data Growth Across Hybrid, Edge and Cloud Ecosystems, as storage associated with massive data sets continues to grow, so will its gravitational force on other elements within the IT universe. Generally speaking, data gravity is a consequence of data’s volume and level of activation. Basic physics provides a suitable analogy: a body with greater mass has a greater gravitational effect on the bodies surrounding it. “Workloads with the largest volumes of stored data exhibit the largest mass within their ‘universe,’ attracting applications, services, and other infrastructure resources into their orbit,” according to the IDC report. A large and active dataset will, by virtue of its complexity and importance, necessarily affect the location and treatment of the smaller datasets that need to interact with it. So, data gravity reflects data lifecycle dynamics and must help inform IT architecture decisions. Consider two datasets: one is 1 petabyte, and the other is 1 gigabyte. In order to integrate the two sets, it is more efficient to move the smaller dataset to the location of the larger dataset. As a result, the storage system with the 1-petabyte set now stores the 1 gigabyte set as well. Because large datasets will “attract” other smaller datasets, large databases tend to accrete data, further increasing their overall data gravity. Managing, analysing and activating data also relies on applications and services, whether those are provided by a private or public cloud vendor or
an on-prem data management team. Applications collect and generate data, as well as consume, analyse, and aggregate it; a lot of work has to happen on the data. Naturally, the more massive a data set grows, the harder it is to make use of that data unless it is close to the applications and services that help to manage or activate the data. So applications and services are often moved close to the data sets, or are kept near the data sets. From on-premises data centres, to public clouds and edge computing, data gravity is a property that spans the entire IT infrastructure. But according to the IDC report, such massive data sets can become like black holes, “trapping stored data, applications, and services in a single location, unless IT environments are architected to allow the migration and management of stored data, along with the applications and services that rely on it, regardless of operational location.” Because data gravity can affect an entire IT infrastructure, it should be a major design consideration when planning data management strategies. An important goal in designing a data ecosystem, according to IDC, is to “ensure that no single data set exerts an uncontrollable force on the rest of the IT and application ecosystem.” Ensuring Applications Have Access to Data, Regardless of Location IT architecture strategy should put mass storage and data movement at its centre.
This begins with optimising data location. A data-centred architecture brings applications, services and user interaction closer to the location where data resides, rather than relying on time-consuming and often costly long-distance transfers of mass data to and from centralised service providers. IDC notes that “one way to mitigate the impact of data gravity is to ensure that stored data is co-located adjacent to applications regardless of location.” This model can be accomplished by leveraging colocated data centers that bring together multiple private and public cloud service providers, allowing enterprises to pair their mass data storage with best-ofbreed solutions for applications, computing, and networking needs. The key goal of a data-centered architecture is data accessibility. Accessibility increases ease-of-use and smooth operations of a data pipeline and can impact future business innovation, improving the ability to generate metadata and new datasets, enabling search and discovery of the data, and further empowering data scientists to deploy said data for machine learning and AI. But putting data at the center of IT architecture can also positively impact application performance optimization, issues of transfer latency, access and egress charges, and security and compliance needs. The overall reliability and durability of the data is also an important benefit. Reliability is the ability to access data when needed, and durability is the ability to preserve data over extended periods of time. Put Data at the Centre of IT Strategy Altogether, these considerations have large implications for enterprise data management planning — from defining an overall IT strategy to formulating a business initiative. Planning out the necessary workloads and jobs means accounting for data gravity. Key questions to ask include: What is the volume of data being generated or consumed? What is the distribution of data across datacenter, private clouds, public clouds, edge devices, and remote
and branch offices? What is the velocity of the data being transmitted across the entire IT ecosystem? Addressing these considerations will increase the efficiency of the data infrastructure and can reduce costly data pipeline issues down the line. IDC advises in its report, “Don’t let a single workload or operational location dictate the movement of storage or data resources.” Because data has gravity, data infrastructure must be designed to prevent massive data sets or large individual workloads from exerting a dominant gravitational pull on storage resources, with architecture that efficiently moves storage, compute, or application resources as needed. This means always maintaining awareness about which datasets are being pulled where, what is the most efficient path to move the data, and what helps those workloads run the best. This can also mean automating the movement of data to reduce storage costs, or moving lower-performing datasets that are not immediately or actively needed. Automated metadata management is also worth considering. This can enable search and discovery across data stores, increasing data accessibility. Putting these ideas into action means deploying data architecture, infrastructure and management processes that are adaptive. While an organisation may have a good idea of what its data gravity considerations are today, they may not be the same five years from now. “Not every enterprise manages multiple massive data sets, but many already do,” IDC notes in the report. “And, given the pace of digitisation of business and the importance placed on the value of enterprise data and data gathering, many organisations will find themselves managing massive data sets in the near future.” It’s important that every data management system can change to accommodate new data requirements. Data management and the data architecture to support it must be agile, and able to adapt to shifting business needs and emerging technology opportunities.
SEPTEMBER 2021
CXO INSIGHT ME
35
VIEWPOINT
IS HYBRID WORKING HIDING INSIDER THREATS? EMILE ABOU SALEH – REGIONAL DIRECTOR FOR MIDDLE EAST & AFRICA AT PROOFPOINT, ON THE SECURITY CHALLENGES OF HYBRID WORKING.
I
nsider threats are nothing new. Unfortunately, the cybersecurity landscape is littered with cautionary tales of businesses that have fallen victim to attacks from within. In recent years, however, insider incidents have increased rapidly, up by almost 50% between 2018 and 2020. And the consequences can be severe. Insider attacks are estimated to cost businesses around $11.45 million per year. While many organisations are waking up to the threat posed by insiders, the modern workplace makes prevention increasingly difficult. As many of us are now wellaccustomed to remote and hybrid working, it is unlikely that we will ever return to the norms of the office environment. The resulting reliance on cloud setups, changing work hours and behaviour, and a lack of visibility make insider threats, whether malicious or negligent, much harder to defend against. So much so, Forrester estimates that in 2021, one-third of all cyberattacks will be insider driven. Up from 25% currently. In the UAE and KSA, 29% and 34% respectively of CISOs surveyed by Proofpoint expect to face an insider threat attack in the next year, making it one of the main concerns for security leaders in the region. Faced with this growing threat, the case for a comprehensive Insider Threat Management (ITM) solution is indisputable. Now more than ever, organisations must implement robust ITM programmes, combining tools, technology, process, and, perhaps most importantly, people. Traditional cyber defences are perimeters, built to protect from the outside in. Insider threats require a defence capable of protecting your data, networks, and systems in a perimeter-less environment. This requires a different approach, with tailored tools, strategies, and awareness
36
CXO INSIGHT ME
SEPTEMBER 2021
training – a fact that worrying numbers of organisations continue to overlook. To make matters worse, insider threats come in many forms. From those intentionally seeking to do your organisation harm to those doing so by accident. And others who aren’t really “insiders” at all. In any case, insider threats are notoriously difficult to detect and defend against. Negligent insiders with no motive may display few warning signs. Malicious attackers, meanwhile, will go to great lengths to cover their tracks and avoid arousing suspicion. Add to this a relatively new way of working, a disparate workforce, and many more points of attack, and the challenge facing cybersecurity teams becomes abundantly clear. In fact, 62% percent of Saudi CISOs and 66% of UAE CISOs agree that remote working has made their organisation more vulnerable to targeted cyberattacks. Hybrid environments not only increase the risk of insider threats occurring, but without a comprehensive ITM programme in place, they also make them much harder to detect when they do. Though many organisations are now accustomed to hybrid working, it still remains a relatively recent development. Cybersecurity teams are still learning about the telemetry of their logs, with users accessing networks from various locations
and devices, and at times that may once have been considered unusual, making trends much harder to spot Most organisations also now have many more access points, vastly increasing the potential attack surface. Then there is the social and psychological impact of flexible and hybrid environments. Outside of the office, users may be more inclined to veer from best practice just to “get things done”. Whether this means using personal machines for convenience or corporate machines for personal tasks, writing down passwords, or improperly accessing systems and data. Working from outside the office also brings its fair share of distractions, from daily chores to home comforts. All of which can make users more prone to simple yet costly mistakes. While those with a sinister intent may feel they can operate more freely outside of the corporate atmosphere. Effectively detecting and deterring insider threats in the modern workplace may be difficult, but it is by no means impossible. The solution is a comprehensive ITM programme, combining controls, process, and people. This starts by building a dedicated insider threat monitoring practice tasked with monitoring and investigating suspicious activity. A people-centric ITM programme requires specific resources such as monitoring tools capable of detecting data exfiltration, privilege abuse, application misuse, unauthorised access, and risky and anomalous behaviours. Allow this team to develop and deploy clear best practice policies for hybrid working, covering system and network access, user privileges, password hygiene, unauthorised applications, BYOD, data protection, and more. Finally, the cornerstone of any robust ITM programme is knowing who is accessing what data – when, why and through which platform. This contextual intelligence can help to establish motives and intent which is key to spotting early warning signs of insider threats. Users must also be equipped with the knowledge to protect themselves and your organisation. This is only possible through ongoing and adaptive security awareness training. Training should go beyond multiplechoice tests and basic security hygiene, focusing on the importance of behaviour.
1 7 - 2 1 OC T 2 0 2 1
D U B A I
1 7 -2 0 OC T 2 0 2 1 W O R L D T R A D E
C E N T R E
# G I T E X 2 0 2 1
3000+ companies from 100+ countries, 700+ startups and 450+ leaders live on stage.
Platinum Sponsors
Bronze Sponsors
VIP Majlis Sponsor
5G Innovation Partner
Conference Sponsors
Badge Sponsor
Headline Sponsors XLABS
Oganised by
G I T E X . C O M
T R U LY, T H E WORLD'S BIGGEST TECH SHOW OF THE YEAR
VIEWPOINT
HOW AI CAN BUILD CYBERSECURITY RESILIENCE ANOOP DAS, CYBERSECURITY EXPERT AT MIMECAST, SAYS AI IS A POWERFUL BROOM FOR CLEANING UP CLUTTERED SECURITY ENVIRONMENTS.
T
he stunning growth of the global cybercrime industry is putting strain on organisations and their security teams. Mimecast’s latest State of Email Security Report 2021 found that 45% of organisations in the UAE reported an increase in the sophistication of incoming cyberattacks, while 41% cited a growing volume of attacks. That most organisations are also dealing with the challenge of securing a hybrid workforce, as many staff members continue to work remotely part time, only adds to the challenge. The increasing reliance on email and other business productivity tools is creating new challenges. In fact, three-quarters (75%) of organisations expect an email-borne attack will damage their business this year. Security teams in turn look to deploy new tools and solutions to protect vulnerable users and systems, and this is warranted. The increase in brand impersonation attacks, for example, has made solutions such as DMARC and brand exploit protect tools invaluable to efforts to protect customers from compromise. An (over)abundance of security tools However, the growing number of security tools is also leading to cluttered security environments that can be hard to manage. One study puts the average number of security tools at any given enterprise at 45 others believe it’s closer to 75. What’s interesting is that having more security tools does not necessarily equate to a better security posture. An IBM study found that enterprises using 50 or more security tools ranked themselves 8% lower 38
CXO INSIGHT ME
SEPTEMBER 2021
in their threat detection capabilities and 7% lower in their defence capabilities than their less cluttered peers. The ongoing cybersecurity skills shortage presents a major challenge when it comes to managing security environments. Some analysts estimate that there is a global shortage of three million cybersecurity professionals, at a time when cyber threats have drastically increased in both volume and sophistication. Without the right personnel to manage the technology and ensure that everything is always properly enabled, having dozens of security solutions can cause more trouble than good. Which is why having too many security tools doesn’t necessarily translate into better protection. This may explain the growing adoption of artificial intelligence within security teams. The AI market for cybersecurity is expected to grow from $8.8-billion in 2019 to more than $38-billion by 2026, as the adoption of IoT and connected devices and a growing volume of cyberattacks put pressure on internal teams. Decluttering security environments with AI For most security professionals, security
intelligence is still very much carbon based, not silicon based. In other words, for most security professionals, it’s people and not tech that generate the highest-quality, actionable intelligence into security. However, the volume of threats, the growing number of security tools, the broad range of threat vectors and the impact of the pandemic - specifically the sudden rise in remote work have put immense pressure on security teams. The use of AI makes sense, especially where the organisation’s risk profile, security solutions or skills require augmentation. What do organisations need to bear in mind when determining what role AI could play in supporting security teams? For one, AI is of little use when it is not integrated to the organisation’s broader security ecosystem. Security teams should be able to integrate the findings of the AI tool into their other security tools to provide a unified and automated view of current and emerging threats. Having the AI tool assume some of the complexities of human behaviour also increases its usefulness. For example, machine learning is often effective in detecting highly-directed attacks that may be difficult for traditional rule-based systems to detect. The sheer volume of data that most organisations have to manage also makes it near-impossible for security teams to remain effective without the assistance of algorithms. For example, the new CyberGraph email security tool uses AI to detect sophisticated phishing and impersonation attacks, identifying anomalies and applying machine learning technology to create an identity graph based on relationships and connections between email senders. This provides security teams with an automated tool that alerts employees in real-time about email-borne threats. Setting clear expectations for what returnon-investment you seek for an AI deployment also makes positive outcomes more likely. Implementing an AI tool may require time and resources, which need to be factored in upfront. Although it is no silver bullet, AI can be a powerful tool in helping organisations build greater resilience, and can lend welcome support to under-pressure security teams. However, it is essential that security leaders understand the role and limits of AI upfront, lest it becomes yet another solution cluttering up the security environment.
THE
FUTURE OF THE
AEROSPACE INDUSTRY
14-18 November 2021
Registration Is Now Open!
DWC, Dubai Airshow Site
Follow us on:
|
|
|
Register Today: www.dubaiairshow.aero
| #DubaiAirshow
Experience 5 days of world-class aircraft display | 300+ military delegations | 9 CONFERENCE TRACKS | 50+ hours of content sessions a brand-new Startup Hub – VISTA | Intelligent enhanced networking only at Dubai Airshow 2021
Supported by:
INTERVIEW
SUSTAINABLE CLOUDDRIVEN INNOVATION SUSTAINABLE IT IS A KEY PRIORITY FOR CIOS TODAY. ABDUL RAHMAN AL THEHAIBAN, MANAGING DIRECTOR, TURKEY, MIDDLE EAST & AFRICA, GOOGLE CLOUD, EXPLAINS HOW THE COMPANY IS REDUCING ENVIRONMENTAL IMPACT WITH THE CLEANEST CLOUD IN THE INDUSTRY.
W
hy should CIOs and CTOs care about sustainability? Today, sustainability is a top priority for almost all businesses, and rightly so. Multinational corporations account for 20% of all Global CO2 emissions, and executives want to make an impact in this area. Not only that, but it is clear customers care about sustainability as well. According to research from the National Retail Federation and IBM, 57% of consumers are willing to change their spending habits if it means
40
CXO INSIGHT ME
SEPTEMBER 2021
reducing their environmental impact. Organisations are also increasingly finding that sustainability efforts make business sense. According to a study by the United Nations Global Compact and Accenture, “between 2013-2019, companies with consistently high environmental, social and governance (ESG) performance enjoyed 4.7x higher operating margins and lower volatility than low ESG performers over the same period. Organisations want to support a cleaner, healthier, more sustainable world and look for tools, solutions, and
new technologies to help them. Cloud providers will play a critical role in helping organisations achieve these goals - 75% of global IT leaders say sustainability is important when selecting a cloud provider, with 51% stating it as a major consideration, and an additional 24% stating it is a must-have. What sustainability initiatives are you embracing throughout 2021? Sustainability objectives are, and always have been, central to every area of Google’s operations. In 2007, we were the first major company to
become carbon neutral. Today, we have matched 100% of our electricity consumption with renewable energy purchases on an annual and global basis - what is often referred to as a 100% renewable energy target in the market. We remain the largest annual corporate buyer of renewable energy and the only major cloud provider to purchase enough renewable energy to match our electricity consumption, matching our annual global electricity consumption for the fourth year running in 2021. Moreover, 90% of Google Cloud waste is currently diverted from landfills, and we have achieved a Power Usage Effectiveness (PUE) of 1.10, compared to the global average of 1.58. Through innovations in artificial intelligence and machine learning, our data centers are twice as energy efficient as an average enterprise data centre. We’ve also been able to cut the energy used to cool our data centres by 30%. For necessary energy consumption, our engineers have designed a first-of-its kind system to shift the timing of nonurgent customer compute tasks to when carbon-free power sources are most plentiful, optimising hour-byhour guidelines to increase the level of lower-carbon energy consumed. We’re also introducing data-driven decarbonisation and the deployment of sustainability bonds. We recently announced our most ambitious sustainability goal yet. By 2030, we intend to be the first major company to operate on carbon-free energy, in all locations, at every hour of the day. Of course, this is far more challenging than the traditional approach of matching global annual energy usage with renewable energy, but we’re working on getting this done by 2030. How can customers work with Google Cloud to help realize their own sustainability goals? Cloud technology presents a tremendous opportunity to accelerate meaningful and positive environmental
BY 2030, WE INTEND TO BE THE FIRST MAJOR COMPANY TO OPERATE ON CARBON-FREE ENERGY, IN ALL LOCATIONS, AT EVERY HOUR OF THE DAY. OF COURSE, THIS IS FAR MORE CHALLENGING THAN THE TRADITIONAL APPROACH OF MATCHING GLOBAL ANNUAL ENERGY USAGE WITH RENEWABLE ENERGY, BUT WE’RE WORKING ON GETTING THIS DONE BY 2030. change. Public cloud technology is leading efforts to streamline and decarbonise business processes, but the drive for sustainability within technology is far from over. From reducing the emissions of digital applications and infrastructure to getting smarter about how you source and trace materials, the technologies available on Google Cloud can help organisations achieve their own sustainability goals.
We make sure our customers can use our technology and information to help build their own climate action plans. We work alongside our customers to pinpoint their unique opportunities for becoming increasingly sustainable and how they can use our technologies at every stage of the supply chain. To help our customers decarbonise the electricity consumed by their cloud applications, we share the average hourly Carbon-Free Energy Percentage (CFE%) for most of our Google Cloud regions. In addition, we offer a tool providing this data— a Google Cloud region picker—that helps customers assess key inputs like price, latency to their end-users and carbon footprint as they choose which Google Cloud region to run on. Customers can also use products like BigQuery and Vision AI to manage their data in real-time and glean insights that can help them decarbonise their operations and improve defect detection accuracy, eliminate waste, reduce production time, and increase customer satisfaction. Google Cloud’s partnership with consumer goods brand Unilever is just one example of how organisations can build their own plan. Announced in September last year, the partnership will combine the power of cloud computing, satellite imagery, and AI to build a more complete picture of the ecosystems intersecting with Unilever’s supply chain. In providing a more holistic view of these environments, we hope to raise sustainable sourcing standards and directly support Unilever’s existing work with other technology partners to achieve a deforestation-free supply chain by 2023. As we enter our most ambitious decade yet, collaborative innovation will be at the forefront of our sustainability efforts at Google Cloud. We will work to empower every one of our partners, whether businesses, governments, or individuals, to achieve a more sustainable tomorrow.
SEPTEMBER 2021
CXO INSIGHT ME
41
VIEWPOINT
THE WHY AND HOW OF LINUX PATCHING TAREK NAJA, SOLUTION ARCHITECT – MIDDLE EAST, QUALYS, ON HOW TO KEEP YOUR LINUX SYSTEMS SECURE
S
ince the region’s governments initiated their economicdiversification initiatives, Middle East enterprises have been digitising at a robust pace, putting them squarely in the crosshairs of cybercriminals. But when COVID-19 struck, and businesses and governments flocked to the cloud for its promise of continuity, things got worse. In the UAE, for example, the nation’s
42
CXO INSIGHT ME
SEPTEMBER 2021
top cybersecurity official revealed a 250% increase in attacks from 2019 to 2020. This is what bad actors do. They take advantage of circumstances, any circumstances, to pounce. And what a circumstance the pandemic turned out to be for digital malefactors. To settle quickly into their new homes in the cloud, regional organisations had to accept new, untested ecosystems. Multiple network domains that fell outside the control
of IT, coupled with a mushrooming of Shadow IT, dumped alien environments on the heads of thousands of underresourced tech teams. Among the many bugbears resulting from this technology sprawl was the issue of unpatched vulnerabilities. Their management is a key focus for IT and security professionals tasked with protecting their infrastructures from incursion. In the world of cloud, at a global level, much of this time is taken in
expense (on the part of the bad actors) to leverage. Conversely, a well-known, old, dangerous vulnerability for which a patch exists is a higher priority.
ensuring that Linux-based ecosystems are tended to appropriately. The opensource OS accounts for the lion’s share of public cloud infrastructure (nine of the top 10 public clouds, according to the Linux Foundation). And considering that its kernel is the heart of Android, Linux can also be found in 82% of the world’s smartphones. Not invulnerable While Linux stacks up well against other operating systems for security, it has its vulnerabilities. And these need to be managed. Prompt reaction to known, fixable issues is the hallmark of sound cybersecurity, but because of its non-proprietary nature, Linux does not have a Patch Tuesday. Instead, a global community of vendors, White Hats and freelance coders discovers issues for itself and shares them freely with others. While this open community system is worthy of much praise, it does have some drawbacks. The greatest of these is a far-flung assumption that Linux is secure. While the attack stats show it as a less frequent victim, it would be unwise to assume it is invulnerable. When vulnerabilities are found, they are shared, and the community being what it is — a global family of empirically minded devotees — proofs of concept are required. This means that not only is the vulnerability made public, but so is the playbook on how to exploit it. And everyone knows the same information at the same time, from vendors to cybercriminal cabals. So, the criminals have an advantage. The customisability of Linux has led to many “flavors” that may need their own variant of a patch when one is issued. That means the community is in a race with attackers to develop and release several workarounds before the bad actors can duplicate the exploit. The patch playbook The Linux end-user, therefore, is in dire need of their own patch playbook. And
three basic actions can form a good foundation. Before anything else, build a comprehensive IT asset inventory. Hardware, OS, and applications, listed together with any cloud services and their up-to-date statuses, will allow security and IT teams to visualise their environments. Enterprises that build asset inventories should avoid “tool clutter”. Some may argue that asset discovery is only comprehensive if you use ideally designed tools to identify each kind of asset, but this can lead to precisely the complexity they were trying to avoid, through duplication of work and data across teams. Different tools may classify the same asset in different ways, leading to inaccuracy. Tool clutter is easily dispelled by adopting a single-dashboard system capable of discovery, scan, prioritisation and even remediation. Second begins the triage of issues. Classifications of risk vary widely with industry and enterprise, but teams should be looking at factors such as the age of the vulnerability, whether a fix exists, how common the issue is and what the results of an exploit are likely to be. For example, a vulnerability that is easy to exploit but leaves no vital assets exposed to compromise is probably a low priority, as is a zero-day that involves a lot of manhours and
Race against time Doing this triage well also involves adoption of the right tools, because just as tool clutter can duplicate and mislabel assets, it can lead to slow triage and a laborious patching process (the third step), slowing the very process that is in competition with well-equipped, well-informed cybergangs. While the Linux community has published several tools to overcome this challenge, their need for manual intervention can often dampen their own effectiveness. Again, a single-console solution that scans, prioritises, and remediates is more efficient, and frees up beleaguered teams to concentrate on more analytical and innovative tasks. Dozens of manhours spent trying to determine the most appropriate action for each asset is saved. Add in the capabilities to patch with a single button press and automatically compile up-to-date reports on remediated vulnerabilities, and we arrive at a highly optimised solution. The region leverages a vast range of OS platforms, applications, and clouds to innovate for the next trend or crisis. Designing a workflow that optimises the patching of Windows and Linux and everything in between, as well as internal cloud assets, is vital. Cyber incidents stop innovation in its tracks, so we need to be ready to discover, mediate and prevent digital incursions. An asset inventory that gives a rich overview of the environment; a riskbased assessment of what to address and in what order; and a patching process that is capable of both proactive and reactive operations – these are the pillars of effective patch management. Without them, we leave open the doors, windows, and chimneys of our digital estates. It is a short hop from there to real harm.
SEPTEMBER 2021
CXO INSIGHT ME
43
PRODUCTS
Lenovo ThinkEdge SE70 Lenovo has introduced ThinkEdge SE70, a powerful and flexible artificial intelligence (AI) edge platform for enterprise. The ThinkEdge SE70 is designed to meet the expanding intelligent transformation needs from logistics, transportation and smart cities to retail, healthcare and manufacturing. The new edge solution from Lenovo is created in cooperation with Amazon Web Services (AWS) leveraging AWS Panorama and is powered by the NVIDIA Jetson Xavier NX platform. The ThinkEdge SE70 is purpose built to unlock the power of CV applications for enterprise. A version of the ThinkEdge SE70 will be offered with AWS Panorama Device SDK pre-installed, allowing enterprise customers to transform every-day IP cameras into ‘smart’ cameras that run CV apps at the edge. AWS Panorama enables tasks to be automated that have traditionally required human inspection to improve visibility into potential issues. For example, AWS Panorama can be used to track assets for optimizing operations in facilities and monitoring inventory levels on retail shelves– even in environments with limited internet bandwidth.
Logitech Logi Bolt Logitech has announced the expansion of its enterprise business offerings to include individual work setup solutions in addition to existing, meeting room video conferencing technologies to meet the evolving needs of today’s enterprise IT – from the hybrid workplace to global connectivity – to enhance the overall employee experience. Powering this expansion is the introduction of Logi Bolt, a new high-performance, secure wireless technology offering that provides a solution to key imperatives for enterprise IT – secure wireless connection, robust wireless signal and cross-platform compatibility for mice and keyboards. Logitech is bringing Logi Bolt to the enterprise on a global scale to drive enhanced productivity. 44
CXO INSIGHT ME
SEPTEMBER 2021
The new ThinkEdge AI-capable edge appliance is powered by NVIDIA Jetson Xavier NX, a production ready, highperformance, small form factor, power-efficient system on module that is cloud-managed for enhanced security and ease of training and deploying a variety of AI and machine learning models to the edge. It delivers up to 21 trillion operations/ second (TOPS) of accelerated compute, runs modern neural networks in parallel and processes data from multiple highresolution sensors. Jetson Xavier NX leverages NVIDIA CUDA-X, a comprehensive AI software stack with highly optimised, domain-specific libraries that reduces complexity and speeds time to market.
Logitech engineered Logi Bolt to conquer IT challenges that can emerge whether users occupy the office or work remotely. Other salient features include: • Security: Delivers a secure level of wireless connectivity for wireless peripheral connectivity for Logitech mice and keyboards with Bluetooth Low Energy Security Mode 1, Level 4, when paired with a Logi Bolt USB receiver, also known as Secure Connections Only Mode • Robust Signal: The Logi Bolt USB receivers also provide a strong, reliable, drop off free connection up to 10 meters (33 feet), even in congested wireless environments, with up to eight times lower average latency in many cases than other commonly deployed wireless protocols in congested, noisy enterprise environments. • Great Compatibility: Logi Bolt devices are more universally compatible than most leading peripheral brands on the market. Their connections are reliable, allowing IT managers to efficiently source, purchase and distribute without compatibility or connectivity issues, and they work with just about every operating system and platform, including but not limited to: Windows, macOS, iOS, iPadOS, Linux, Chrome OS and Android. Users can connect via Logi Bolt USB receivers when security and signal strength are paramount, or by using the Bluetooth Low Energy wireless technology installed on the host computer, giving IT managers the flexibility to roll out Logi Bolt wireless mice and keyboards across platforms, functions, and operating systems.
IBM Power Server IBM has announced the new IBM Power E1080 server, the first in a new family of servers based on the new IBM Power10 processor. The new server is designed specifically for hybrid cloud environments. The IBM Power10-equipped E1080 server is engineered to be one of the most secured server platforms and is designed to help clients operate a secured, frictionless hybrid cloud experience across their entire IT infrastructure, said the firm. The new IBM E1080 was designed to introduce several key features including: • Enhancements for hybrid cloud like planned industryfirst, by the minute metering of Red Hat software including Red Hat OpenShift and Red Hat Enterprise Linux, 4.1x greater OpenShift containerized throughput per core vs x86-based servers[i], and architectural consistency and cloud-like flexibility across the entire hybrid cloud environment to drive agility and improve costs without application refactoring. • New hardware-driven performance improvements that deliver up to 50% more performance and scalability than its predecessor the IBM Power E980, while also reducing energy use and carbon footprint of the E980, allowing
customers to do more with less. The E1080 also features four matrix math accelerators per core, enabling 5x faster inference performance as compared to the E980. • New security tools designed for hybrid cloud environments including transparent memory encryption so there is no additional management setup, 4x the encryption engines per core, allowing for 2.5x faster AES encryption as compared to the IBM Power E980, and security software for every level of the system stack. • A robust ecosystem of ISVs, Business Partners, and support to broaden the capabilities of the IBM Power E1080 and how customers can build their hybrid cloud environment, including record-setting performance for SAP applications in an 8-socket system. IBM is also launching a new tiered Power Expert Care service to help clients as they protect their systems against the latest cybersecurity threats while also providing hardware and software coherence and higher systems availability.
D-LINK INDUSTRIAL ACCESS POINT
D-Link has introduced their newest Outdoor Industrial AC1200 Access Point DIS-3650AP and Indoor Industrial Access Point DIS-2650AP. Industry X.0 has been described as the digital reinvention of industries by leveraging advanced digital technologies to drive innovation and growth. With this accelerated rate of technological transformation, organizations require solutions such as D-Link’s industrialgrade access points to improve operational efficiency and facilitate the success of Industry X.0. D-Link’s DIS-3650AP and DIS-2650AP are a vital part of any organisation’s network infrastructure in applications such
as Smart Cities, Smart Transportation, and Smart Factories, as they provide mission-critical connectivity for industrial environments. With dual-band 802.11ac Wave 2 Wi-Fi, the access points deliver superior speeds and throughput up to 1200 Mbps. They support MU-MIMO for better handling of multiple data streams, and Airtime Fairness, Band Steering, and Fast Roaming optimize connectivity for all devices. The DIS-3650AP and DIS-2650AP are also PoE ready and feature WPA2 security for powerful protection. Setup and installation are easy with the included DIN rail mounting kit, and centralized management is convenient with D-Link’s free network management solution Nuclias Connect. Both D-Link industrial access points are built for harsh environments with a wide temperature tolerance. The DIS3650AP is IP-67 rated for robust protection against dust and water, and the DIS-2650AP is IP-30 rated for protection against solid objects. The DIS-2650AP also provides additional features, including a removable 4-contact terminal block that facilitates power supply redundancy. With built-in 2KV surge protection and 15KV ESD protection, the DIS2650AP is compliant with IEC international standards for industrial use.
SEPTEMBER 2021
CXO INSIGHT ME
45
BLOG
BRINGING IN THE EXPERTS
SUNIL PAUL, MD OF FINESSE, ON THE BUSINESS CASE FOR MANAGED SECURITY SERVICES
2
021 has been a busy year for cybersecurity professionals so far. With global security incidents such as the Colonial Pipeline and Kaseya cyber-attacks, as well as the Microsoft Exchange data breach, business leaders are recognising that cybersecurity can no longer take a back seat. As remote work models increasingly become popular and the push towards digital transformation intensifies, customers have their hands full as they step up their environments and workloads to the cloud, train staff to operate with new technologies, and simultaneously ensure productivity and profitability. However, having dedicated personnel and resources to constantly monitor the threat landscape can prove to be an expensive and arduous task. This is where managed security services can come to the rescue. There are several benefits to outsourcing your cybersecurity to a third party, the biggest one being cost savings and unparalleled expertise. In addition, enterprises can save on expenses across different areas such as salaries for dedicated in-house cybersecurity talent, office space, trainings, and so on, which would otherwise require deep pockets. Managed Security Services Providers (MSSPs) offer a competitive edge to customers as they house the latest cybersecurity solutions and technologies with in-depth knowledge about the evolving threat landscape. These unique skillsets allow for
46
CXO INSIGHT ME
SEPTEMBER 2021
early detection of any security vulnerabilities, continuous monitoring, and immediate solutions. With business environments becoming digitally advanced and more connected than ever before, threat actors are having a field day. In fact, a report by research firm Cybersecurity Ventures revealed that cybercrime will cost companies globally an estimated $10.5 trillion annually by 2025, up from $3 trillion in 2015. This would mean enterprises must invest heavily into cybersecurity tech and talent to keep their ships afloat. Offering 24/7 support, MSSPs can help take this load off so that customers can focus on their core business objectives. What’s more – MSSPs can also custom-built cybersecurity solutions catering to a customer’s specific business requirements and budgets. By contracting an MSSP, organisations have access to enterprise-grade holistic cybersecurity hubs. These shared Security Operation Centers (SOC) allow companies of any size to leverage advantages such as flexibility, scalability, relevant skillsets, 24/7 support, and so on, without having to commit significantly financially. There is no debate that MSSPs are the need of the hour in today’s cybersecurity climate. At the onset of the COVID-19 pandemic, the region has experienced an alarming increase in cybercrime. A Kaspersky study reported that in the Middle East alone, there were 2.57 million phishing attacks over a period of just three months
in 2020. According to the security leader, both UAE and Saudi Arabia saw a significant increase in phishing attacks. And it’s not just phishing – from ransomware, malware, DDoS, data breaches to insider threats – the region has been earmarked by cyber perpetrators. Cybersecurity vendor Mimecast’s ‘The State of Email Security’ report revealed that 78% of organisations in the UAE indicated they had been impacted by ransomware in 2020, a big increase from 66% in 2019. Customers are realising that these are not just random figures or statistics with recent news of local entities such as Moorfields Eye Hospital Dubai, confirming cyber-attacks. These reports close to home are further driving organisations to rely on MSSPs for their end-to-end security needs. This is further reinforced in a Kaspersky study earlier this year, which found that around 70 percent of organisations plan to outsource security to an MSSP or an MSP over the next 12 months. Maintaining an effective cybersecurity program can often be a challenging undertaking for any organisation. It also puts immense pressure on security leaders. However, it is important for them to know that they are not alone. Partnering with MSSPs can enable them with the right capabilities, talents, and tools in the continuous battle against cyber threat actors.
