ISSUE 26 \ DECEMBER 2020
CHARTING NEW WATERS Gulftainer accelerates the digital transformation journey with innovative technologies
Help Desk Application
Network
Server
Active Directory
Analytics
Desktop and Mobile
IT Security
Cloud
Service Management | Identity and Access Management Security Information and Event Management | IT Operations Management Unified Endpoint Management and Security | Advanced IT Analytics
www.manageengine.com
MEET US AT
HALL 7, B-20
CONTENTS
52
12
PRODUCTS
GULFTAINER ACCELERATES THE DIGITAL TRANSFORMATION JOURNEY WITH INNOVATIVE TECHNOLOGIES
CHARTING NEW WATERS
16
38
A 16 POWERING CONNECTED FUTURE 18 FLYING INTO
GITEX 2020: 30 WHO, WHAT, WHY
20 OF NEWTHERULES GAME
TO PROTECT 43 HOW AGAINST RANSOMWARE
THE FUTURE
CYBERSECURITY TRENDS 38 TOP TO WATCH FOR IN 2021
WHAT IS 22 IN STORE?
WHY YOU NEED A SMART 45 VENDOR STRATEGY
24
50
OVERCOMING THE PANDEMIC
PUBLISHED BY INSIGHT MEDIA & PUBLISHING LLC
WINNING AT VULNERABILITY MANAGEMENT
6
NEWS
CONTACTLESS PAYMENT ECOSYSTEM EMPAY LAUNCHES IN DUBAI AVAYA TO MAKE EVERY EXPERIENCE MATTER AT GITEX 2020 CARDING AND DATA LEAKAGE ON THE RISE IN THE MIDDLE EAST: HELP AG
DECEMBER 2020
CXO INSIGHT ME
3
Ask for IBM Public Cloud
EDITORIAL
OPEN FOR BUSINESS
I
n its 40th edition, GITEX will have many firsts to its credit. It is going to be the first live, in-person trade show since the deadly coronavirus outbreak. The organisers have pulled out all the stops to ensure this mega event will adhere to the government authorities’ safety rules and regulations. DWTC, which is certified with the Bureau Veritas SafeGuard Label, will monitor crowd density in real-time in addition to enforcing the standard Covid-19 protocols for sanitisation and social distancing.
countries heralds the beginning of a new era, and is expected to open up a plethora of opportunities, especially in technology. Israel is known as a hub of technology innovation, and the Gulf states, which have followed in the footsteps of the UAE, will have access to the know-how in the cyber and hi-tech sectors. The trade between the UAE and Israel is projected to reach $4 billion in the next three to five years, and you could expect some big deals to be forged at the show between the two economic powerhouses.
This will also be the first time GITEX and GISEC will run in parallel under the same roof, allowing visitors to explore pre-and post-pandemic technologies. I am personally more excited because of the arrival of the first ever Israeli technology delegation to the country with GITEX playing host to the UAE-Israel Future Digital Economy Summit featuring a lineup of ministers and innovation leaders from both countries. The normalisation of relationship between the two
It is also heartening to see that the technology vendor community has thrown its weight behind the show even during times like this, with 1200 plus exhibitors showcasing disruptive technologies around AI, blockchain, wearables, IoT and cybersecurity. To capture the essence of this global tech movement, we will also be on the ground to bring you all the latest updates and breaking news from the show. We would love to see all our readers there; come and see us in Hall 3.
Published by
Managing Editor Jeevan Thankappan jeevant@insightmediame.com +97156 - 4156425
Sales Director Merle Carrasco merlec@insightmediame.com +97155 - 1181730
Operations Director Rajeesh Nair rajeeshm@insightmediame.com +97155 - 9383094
Publication licensed by Sharjah Media City @Copyright 2020 Insight Media and Publishing
Production Head James Tharian jamest@insightmediame.com +97156 - 4945966
Administration Manager Fahida Afaf Bangod fahidaa@insightmediame.com +97156 - 5741456
Designer Anup Sathyan
While the publisher has made all efforts to ensure the accuracy of information in this magazine, they will not be held responsible for any errors
DECEMBER 2020
CXO INSIGHT ME
5
NEWS
CONTACTLESS PAYMENT ECOSYSTEM EMPAY LAUNCHES IN DUBAI
T
he Emirates Payment Services has announced the launch of Empay, the world’s first contactless instant credit lifestyle payment ecosystem. Empay, designed and developed within the UAE’s Smart Government program framework, is a payment application for secure and cashless transactions. Empay is also the region’s first national contactless mobile payment app developed for the UAE residents
from all walks of life. Empay provides multiple payment modes for people to use as per their convenience and lifestyle requirements. Empay is a culmination of government and private sector service payments including a wide variety of payments and lifestyle services such as Dubai Economic Department License Renewal, all types of bill payments, food ordering from restaurants, education fee payments, international remittance, P2P (Peer-to peer) micro payments and much more. UAE residents can download the free super app from the Google Play Store or iOS App Store and register in just two minutes, and avail a Mastercard powered digital card within the app. The next-gen mobile solution is set to revolutionise customer experience by enabling them to conduct their financial transactions in a simple, fast, smart, and secure way.
AVAYA TO MAKE EVERY EXPERIENCE MATTER AT GITEX 2020 Avaya has announced its participation at the 2020 edition of GITEX Technology Week, where the company will demonstrate solutions that address post-pandemic business challenges and prepare organisations for the new world of work. Avaya’s presence at GITEX Technology Week, the only in-person global technology exhibition of 2020, will be supplemented with a large footprint on GITEX Unlimited, a digital platform that enables remote visitors to experience the event from the comfort of their homes and offices. Under the theme ‘Every Experience Matters’, the technologies on display are based on Avaya’s multi-cloud application ecosystem that delivers effortless, seamless, and context-driven experiences across all touchpoints for customers and the employees who serve them. “The world is very much adapting 6
CXO INSIGHT ME
DECEMBER 2020
to new business models – a fact made obvious by GITEX Technology Week’s decision to adopt a hybrid approach for its 2020 edition. COVID-19 has accelerated digital transformation by several years, and amid that shift, it’s become clear that increased focus needs to be placed on delivering incredible experiences across every touchpoint. We’ll be at GITEX to demonstrate how every experience matters, felt by a customer or employee and whether it’s online or in-person. And that prioritizing those experiences is the key to business success in the new future of work,” said Nidal Abou-Ltaif, President, Avaya International.
MORE THAN 1 BILLION PEOPLE TO HAVE 5G COVERAGE BY 2020 END: REPORT Ericsson projects that four out of every ten mobile subscriptions in 2026 will be 5G. This forecast is included in the latest edition of the Ericsson Mobility Report. Current 5G uptake in subscriptions and population coverage confirms the technology as deploying the fastest of any generation of mobile connectivity. The report estimates that by the end of 2020, more than 1 billion people – 15 percent of the world’s population – will live in an area that has 5G coverage rolled out. In 2026, 60 percent of the world’s population will have access to 5G coverage, with 5G subscriptions forecast to reach 3.5 billion. Ericsson has raised its yearend 2020 estimate for global 5G subscriptions to 220 million, as service providers continue to build out their networks. The increase is largely due to fast uptake in China, reaching 11 percent of its mobile subscription base. This is driven by a national strategic focus, intense competition between service providers, as well as increasingly affordable 5G smartphones from several vendors. North America is expected to end the year with around 4 percent of its mobile subscriptions being 5G. Commercialization is now moving at a rapid pace and by 2026, Ericsson forecasts that 80 percent of North American mobile subscriptions will be 5G, the highest level of any region in the world. Europe will end the year with around one percent 5G subscriptions in the region. During the year, a number of countries have delayed their auctions of the radio spectrum needed to support 5G deployment.
DU POWERS DUBAI CIVIL DEFENSE WITH BLOCKCHAIN
d
u, from Emirates Integrated Telecommunications Company (EITC), has announced a significant strategic partnership with Dubai Civil Defense to automate business processes, data exchange and full payments settlement in addition of the integration with unified business registry network for all free zones in the UAE. The collaborative partnership will see the two parties take full advantage of the readymade Blockchain Edge platform and contribute to the vision of H.H. Sheikh Mohammed bin Rashid Al Maktoum, Prime Minister and Vice President of the UAE and Ruler of Dubai, to ensure Dubai becomes the happiest city in the world. du Blockchain Edge provides seamless digital experiences and solutions, guaranteeing scalability and empowering individuals, enterprises, and government entities to contribute to the UAE’s knowledge-based journey which supports the UAE Blockchain Strategy 2021, as well as the Dubai Paperless Strategy. Farid Faraidooni, Chief New Business and Innovation Officer, du, said, “Today’s agreement will strengthen
our commitment to support the UAE government departments to deliver sustained success by taking full advantage of burgeoning blockchain technology. Dubai Civil Defense is dedicated to serving Dubai residents and empowering a better quality of life for all and we welcome the enrichments to the UAE’s digital transformation expected to come as a direct result of this collaboration.” Jamal Al Mahiri, Brigadier at Dubai Civil Defense said, “With today’s
agreement, and with the availability of the platform through du Blockchain Edge, we are one step closer to realising our leadership’s vision for smart government that adopts advanced technologies to enhance efficiencies for a happier, smarter, and more digitally-enabled Dubai. We are confident that this project will consolidate Dubai’s reputation as a global smart economy leader in line with UAE government digital transformation strategy .”
CARDING AND DATA LEAKAGE ON THE RISE IN THE MIDDLE EAST: HELP AG As virtual footprints of organisations have continued to expand multi-fold during the coronavirus pandemic, instances of carding, data exposure, and hacktivism have escalated to become the highest rated digital risk categories in 2020, impacting almost all major industry verticals in the Middle East region, the first ever Digital Risk Protection report by Help AG, the cyber security arm of Etisalat Digital, has revealed. Help AG’s security analysts saw a 500% jump in risk alerts for carding from January to June 2020 compared to the same period in 2019. Carding refers to the trafficking of credit cards, bank accounts, and other personal information online. During the initial
months of COVID-19, Help AG’s security analysts also witnessed a staggering 3X (183%) jump in threat alerts related to data exposure. Another key finding is a nearly 50% increase in hacktivism risk alerts following analysis of monitored hacker groups’ advertisements on social networks (hacktivist profiles and groups), media (local, sectorial, and syndicalist), petition and signature platforms, information sharing platforms and manifestos (pastes). Hacktivism is an open challenge among cybercriminals to take down a normal business by causing disruption. The top impacted sectors include healthcare, government, aviation, logistics, retail, and energy and utilities.
“The impact of the pandemic is very clear as we compare risk alerts with the corresponding number of alerts in 2019 in our first ever Digital Risk Protection report,” Stephan Berner, Chief Executive Officer at Help AG, said.
DECEMBER 2020
CXO INSIGHT ME
7
NEWS
DIFC FINTECH HIVE SIGNS PACT WITH FINTECH-AVIV
D
IFC FinTech Hive, part of Dubai International Financial Centre (DIFC), has signed a landmark agreement with Israel’s FinTech-Aviv. FinTech Aviv was established in 2014 and serves the needs of the Israeli FinTech ecosystem and counts more than 6,000 startups and 300 research and development centres as members. The agreement is the first of its kind for the UAE and Israel, and strengthens DIFC’s position as MEASA’s number
one FinTech hub and one of the world’s top 10 FinTech hubs. The agreement announced today will enable DIFC to further support the UAE in facilitating economic growth from the technology and innovation sectors. Both parties will work together on events, knowledge sharing, talent development and facilitating mutual introductions and referrals for firms keen to expand in each respective jurisdictions. The agreement follows the signing of the Abraham Accords Peace Agreement: Treaty of Peace, Diplomatic Relations and Full Normalisation between the United Arab Emirates and the State of Israel on 15 September 2020. Since DIFC’s FinTech Hive launched in January 2017, the hub has grown to become a leading centre of innovation globally. More than 50 per cent of all FinTech businesses in the GCC now
operate from DIFC. The first half of 2020 witnessed DIFC FinTech Hive triple in size with the opening of a larger space in Gate Avenue supporting startups, scale-ups and entrepreneurs. Raja Al Mazrouei, Executive Vice President of DIFC FinTech Hive said: “Like Dubai, Israel is well regarded for its approach to innovation and embracing FinTech so it is important to collaborate now to share knowledge and develop the sector further. We are pleased to have partnered with FinTechAviv as we can achieve great things together. DIFC is now home to more than 240 FinTech related firms and the opportunities for growth are endless.” Nir Netzer, the Chairman of FinTechAviv said: “In this unprecedented time of reaching out to promote peace in the middle east, we’re honored to initiate this unique collaboration in order to facilitate the export of Israeli technologies to new markets.
Amazon is leveraging its 20+ years of global technology innovation to create more efficient processes for customers and associates in the UAE. Global technologies seamlessly enhance the delivery process from sort centers and delivery stations to associate journeys, resulting in a smooth customer experience. These best in class tools help create a safe and efficient work environment for associates. For example, Amazon’s advanced logistics systems and
technology delivery app helps drivers optimize their delivery route providing a seamless road experience. Prashant Saran, Director of Operations for Amazon Middle East and North Africa (MENA), said, “Amazon’s investment in strengthening operations reflects our long-term commitment to delivering a world-class customer experience for our customers and partners in the UAE. We feel a deep responsibility to the communities where we operate, and the creation of thousands of new jobs will benefit the entire country. Our goal is to ensure that customers across the country are able to get what they want from the comfort of their home while prioritising the health and safety of our associates, partners, and customers.”
AMAZON DOUBLES DOWN ON INVESTMENTS IN THE UAE Amazon announced that it has invested in strengthening its operations in the UAE to ensure a smarter, faster, and more consistent experience for its customers and sellers. Spread across three key pillars: delivery infrastructure, job creation, and technology, the capital investments are well-timed for peak shopping season. Amazon increased its storage capacity by over 45% across its fulfillment network and opened a state-of-the-art new delivery station in the UAE, creating more than 2,000 permanent and seasonal jobs. The company now has more than 2.4 million cubic feet of storage capacity across its network and third-party partners. 8
CXO INSIGHT ME
DECEMBER 2020
ETISALAT TAKES MAJOR LEAP TOWARDS AUTONOMOUS NETWORK
E
tisalat has deployed the first end-to-end multi-vendor DWDM Transport network orchestration in the Europe,
Middle East and Africa (EMEA) region with software from Blue Planet, a division of Ciena, forging a path to create one of the world’s most adaptive and self-optimising networks. Blue Planet’s intelligent automation software supports in accelerating Etisalat’s digital transformation journey in line with UAE’s vision to create a more competitive digital economy. Haitham Abdulrazzak, Chief Technology Officer, Etisalat, said, “Etisalat as a global leader in many technologies and innovations continuously aims to enhance its leadership, position, network efficiency and provide superior customer experience, and a ‘zero-touch network target’ is a tool to achieve this. Transport network is in the
heart of all autonomous networks, and the deployment of Blue Planet solution is a major step in our strategy to create more agile on demand adaptive networks.” The Blue Planet software has been designed to support Etisalat’s specific intelligent automation requirements and has been implemented in close collaboration with Etisalat. By reducing manual operations and automating order-to-service processes, Blue Planet supports Etisalat to further reduce the time it takes to introduce new services by 70 to 90 percent. This efficiency is achieved via the Blue Planet Multi Domain Service Orchestration (MDSO) at the Transport DWDM Network level, which is integrated with Etisalat’s existing OSS inventory and automation systems to execute closed loop automation. Blue Planet also provides automated fiber diversity by integrating with a GIS system, while orchestrating service provisioning across the multi-vendor and multi-domain WDM network.
NEWS
AVEVA LAUNCHES TEAMWORK
A
VEVA has announced the launch of the new AVEVA Teamwork, a fully integrated cloud-based application built specifically for industrial workers to facilitate continuous learning and improvement. It is designed to connect plant workforces with core digital systems and unlock visibility into operations. Whether providing training videos, digital logbook or answering a call for help AVEVA Teamwork will help solve many of the challenges associated with traditional training and knowledge transfer methods which can consume weeks and even months to get frontline workers up to speed on the essential skills needed to run today’s complex industrial operations. AVEVA has partnered with Poka, the most comprehensive connected worker platform, to bring the AVEVA Teamwork application to market. It
will offer the connected worker a more integrated experience within the larger AVEVA Connect, cloud platform. With the AVEVA Teamwork application, plant workers will be able to use tablets to scan QR codes strategically placed throughout the plant, giving them instant access to standard work instructions, troubleshooting solutions, equipment KPIs and more. They will also be able to
MICRO FOCUS APPOINTS NEW REGIONAL LEADERSHIP IN EMERGING MARKETS Micro Focus has appointed Anas Jwaied to the role of Vice President and General Manager for Emerging Markets. The region constitutes a conglomerate of over 70 countries spanning Middle East & Africa (MEA), Central & Eastern Europe (CEE), Israel, Russia, and Brazil. Jwaied’s appointment to the position comes after a four-year successful tenure as Managing Director for the MEA region at Micro Focus. “It is my honour and privilege to continue my work with Micro Focus as the new Vice President and General Manager for Emerging Markets. I am excited to work with a team that has seen such unbridled success in the region, and I am eager to support our partners and customers as they progress in their 10
CXO INSIGHT ME
DECEMBER 2020
post important production updates and send out calls for assistance in the form of text, photos or videos to communicate with one another in real-time to resolve issues and identify improvements directly from their daily routines. “AVEVA Teamwork brings yet another cloud inspired innovation to our growing software portfolio which will enable organisations to capture experienced worker knowledge and create sustainable video-based learning content, thereby reducing training time and costs for new operators by up to 50%,” said Rashesh Mody, Senior Vice President, Monitoring And Control Business Unit, AVEVA. “Industrial workers will now have the benefit of being able to learn continuously, on-the-job, while also contributing to collective knowledge and best practices, and likewise industrial organisations also now have the knowledge and tools they need to drive continuous improvement in productivity, waste, quality and safety.”
digital transformation journeys through these times of the new normal,” said Jwaied. Jwaied brings over 25 years of experience in leadership positions and has managed diverse teams across Europe, Middle East and Africa (EMEA) within the technology sector. Having held prior executive positions at Hewlett Packard and Hewlett Packard Enterprise, he transitioned with the 2016 spin merger (of HPE and Micro Focus) to the role of Managing Director for Micro Focus MEA. Throughout his career, Jwaied has supported an array of corporate enterprises, commercial, small, and medium businesses in their digital transformation efforts. He has developed a particular interest and in-depth knowledge of Go-ToMarket strategies, including planning, and driving medium and long-term sustainable growth plans.
Make sure your open APIs are closed to attackers. Imperva’s cloud web application and API protection can help.
imperva.com
COVER STORY
12
CXO INSIGHT ME
DECEMBER 2020
CHARTING NEW WATERS VINAY SHARMA, GROUP IT DIRECTOR, GULFTAINER, EXPLAINS HOW THE GLOBAL PORT AND SHIPPING OPERATOR SPEARHEADS INNOVATION THROUGH DIGITAL TECHNOLOGIES TO CREATE COMPETITIVE ADVANTAGE AND ENHANCE CUSTOMER EXPERIENCES.
O
rganisations across different industries are increasingly adopting digital transformation technologies to leverage the numerous benefits they bring to the table as well as to stay ahead of the game in the technology- and cloud-led era. Digital transformation is becoming a mandate at management levels in verticals, such as the maritime transport industry. Port management, shipping, and logistics companies are exploring innovative ways to enhance supply chains and automate overall operations through emerging and advanced technologies. Established in 1976, Gulftainer, an independently owned UAE-headquartered global port operator, manages 15 ports and logistics in six countries around the world. Understanding the importance of digital technologies to gain a competitive edge as well as for business continuity, Gulftainer had begun its digital transformation journey over the past few years. Today the company has a well-sketched plan for adopting digital solutions across the organisation. “We have a three-staged transformation strategy,” explains Vinay Sharma, Group IT Director, Gulftainer. “In the first stage, we had focused on standardization and consolidating our core systems and infrastructures, to lay robust platforms for taking digital transformations to the next levels.” To illustrate further, the port operator has implemented SAP S4 HANA as the core ERP system, a state-of-the-art Terminal Operating System (TOS), and a number of off-the-shelf solutions in its operational areas by adopting industry best-practices and processes.
“As part of our strategy, we have set up global models for quick deployment to our global operation in an agile way,” says Sharma. “In the second phase, we are executing a pipeline of initiatives focused on creating differentiators, which then leads us into the next phase where we create innovations and out-of-the-box solutions to establish excellence in various aspects of our operations.” According to Vinay, with customer expectations evolving at a fast pace, it is important for companies such as Gultainer to deliver its services not only in cost-effective manners but also innovatively, ensuring there is a genuine value-add. Fortunately, the company anticipated the changing market trends and designed a plan to offer its customer true digital innovation and go beyond just ticking boxes. “Digital transformation is not just about deploying new technologies but also about creating value for both internal and external stakeholders,” adds Sharma. “Like other industries, ports and logistics vertical is transforming into a more integrated supply chain mode providing end-to-end services. At Gultainer, technology innovations to meet customer expectations, real-time information, and ease of doing business are key priorities for us.” The beginning of this year brought on unexpected challenges in the form of a global pandemic. Supply chain issues and delays, safety hazards, maintenance challenges, and so on were some of the critical areas that port management companies had to address urgently during the COVID-19 lockdowns and subsequent consequences.
DECEMBER 2020
CXO INSIGHT ME
13
COVER STORY
AS PART OF THE SENIOR MANAGEMENT AT GULFTAINER, SHARMA SAYS THAT THE C-LEVEL EXECUTIVES OF THE COMPANY UNDERSTAND THAT TECHNOLOGY IS THE KEY DRIVER FOR THE BUSINESS.
BETTING ON THE FUTURE The technologies Gulftainer is investing in are: 1. Artificial Intelligence (AI) and Autonomous Drones Gulftainer aims to fully automate operations and utilise predicted analysis including autonomous inspections and drone-based deliveries. 2. Internet of Things (IoT) and Robo-Doctors Gulftainer aims to focus on autonomous monitoring of critical equipment using IoT and smart sensing technology to reduce maintenance costs and downtime and invest in automated ‘Robdoctors’ to detect and fix anomalies at greater speed and accuracy. 3. Big Data & Advanced Analytics The company will use predictive analysis on historical/real-time data using AI, ML to eliminate supply chain inefficiencies/ bottlenecks. It will also apply simulation / emulations/ What-If-Analysis/ scenarios based planning and real-time digital boardroom for informed decisions. 4. Blockchain Solutions The port operator will optimise blockchain technology as it will revolutionise data exchange processes and drastically reduce shipping transit time/ cost with higher transparency. 5. Idea Forum – Bring Your Own Idea Gulftainer has introduced an open track that will offer the opportunity to startups to incorporate out-of-the-box ideas to disrupt ports, logistics and global trade industry.
14
CXO INSIGHT ME
DECEMBER 2020
“This mandated us to refine our strategy. We undertook new initiatives for this year and formulated a sound digital transformation strategy till 2025 with a core focus on sustainable innovations,” explains Sharma. “For us, employees’ safety and customer services are paramount in operating efficiently during this pandemic time.” Gulftainer has enabled work-fromhome models for most of its office staff and enhanced safety procedures for its terminal staff to ensure employees are presented with safe working environments. “For our customers, we have launched new e-services to prioritise the delivery of consignments, actively encouraging them to use new secured digital channels that promote remote transactions and support COVID-19 safety measures undertaken by the government.” With the company finding itself in the third phase of its digital transformation strategy and focusing on sustainable innovations, Gulftainer has introduced a ‘The Future of Ports Challenge’ in association with Silicon Valley company OneValley. “Staying ahead in the adoption of technology is the key driver for any business. ‘The Future of Ports Challenge’ aims to identify pathbreaking, highly disruptive technologies that could redefine the supply chain and logistics industry. Our partner for this program OneValley, is helping us to identify innovative solution providers,” says Sharma. Through this initiative, Gulftainer aims to discover innovative solutions
around IoT, machine learning, drones, blockchain, Big Data, and analytics to future proof its business. Sharma adds. “We want to spearhead the next phase of innovations in our industry through this initiative. We will explore how these technologies can be applied to our ports and enhance our service delivery. RPA is also one of the key areas that we have identified that can tremendously help us automate our core functions to enhance customer experiences.” Over the course of next year, we will see the global port operator scaling its business to new levels and strengthening its supply chain process, including warehousing, transportation, freight forwarding and other components. Gulftainer will also be introducing innovation programs internally within the firm in the new year. Towards this, the company has formed an innovation board to drive idea-sharing and entrepreneur culture across the organisation. “This will give competitive advantages to Gulftainer in the way we operate and provide services to our customers. It will also create opportunities for new revenue streams and innovative services,” explains Sharma. “It also needs to be a cultural transformation when we are accelerating our digital goals. It is important to involve employees from bottom up to get different ideas and also reward them in some form or the other. We will also add external industry thought leader to the team. This will help us to be proactive rather than reactive in terms of learning and knowing markets trends and latest technologies.” As part of the senior management at Gulftainer, Sharma says that the C-level executives of the company understand that technology is the key driver for the business. “This enables us to deliver integrated services in a cost-effective, transparent, and reliable manner. We are well ahead in understanding the importance of digital transformation and have embarked upon various initiatives to create differentiators within the industry and to ensure business continuity in the years to come,” he concludes.”
Thrive in the Cloud. Upgrade to NetApp. Choose a Simple, Reliable, and Innovative Cloud Future.
FEATURE
POWERING A CONNECTED FUTURE HOW TO BRING THE CONNECTED ENTERPRISE TO LIFE AND MAKE SMARTER DECISIONS.
I
n this age of digitally-enabled business, organisations have to connect people, processes, and technologies seamlessly to deliver a better customer experience. The connected enterprise strategy is essential to accelerate the digital transformation journey and create costeffective business processes. What is a connected enterprise? How does it give your business a competitive edge? Finally, how do you build a connected enterprise? “In today’s digital environment, every organisation is heavily investing in disruptive technologies such as IoT, AI, machine learning, analytics and various other automation technologies. Use of these technologies enable them to stay connected with every stakeholder— customers, employees, various line of businesses such as HR, IT, operations and finance, as well as various other physical and virtual environment,” says Manish Ranjan, Program Manager for Software & Cloud at IDC Middle East, Turkey and Africa. Connected enterprise implements IoT, sensors, and various connected devices to collect various data, analyses them using advance analytics, AI and 16
CXO INSIGHT ME
DECEMBER 2020
machine learning (ML) and gain greater business to improve its productivity and achieve greater customer experience. A connected enterprise is able to converge information technology (IT) and operation technology (OT) to streamline its operations, processes and optimise its resources, he says. According to Vijay Jaswal, CTO, Middle East and Turkey, Software AG, a connected enterprise can be defined where people, data, and devices are connected in a manner that facilitates the enterprise to run at optimum operational efficiency levels and provide excellent customer service. “Having said that, a truly connected enterprise is not the one that operates seamlessly within the system. An enterprise that integrates harmoniously not only within itself, but the connected ecosystem in totality is a truly connected enterprise,” he says. A connected enterprise has data at its core and leverages that data to improve business processes, enhance productivity, cut operational expenditures and increase revenue and customer satisfaction. “It can also use that data to enhance the work environment for improved employee well-being and
output. Connected enterprises gain intelligence from data collected and turn that intelligence into meaningful actions in order to get ahead of the competition,” says Prem Rodrigues, director for the Middle East, Africa & India/SAARC at Siemon. Building blocks The Internet of Things (IoT) plays a fundamental role in building a connected enterprise as it facilitates the connection of billions of ‘datagenerating’ systems and devices. Gartner predicted that 50 billion devices will be connected to the IoT by 2020. “A majority of these devices will be industrial equipment and machinery such as jet engines, vending machines, health monitoring systems, and other industry-specific devices. Therefore, it is imperative to calibrate enterprises around this impending reality,” says Jaswal from Software AG. He adds the varied groups of people as a part of the ecosystem are most vital building blocks of any connected enterprise. These could range from customers, employees or partners to name a few. Different function responsibilities may involve
Manish Ranjan
Vijay Jaswal
Prem Rodrigues
information to be culled out from different applications and presented in a combined fashion. The ability of these different groups to access and present information in a swift and timely manner is vital in a digital playing field. Rodrigues from Siemon comments that deploying the right IT infrastructure is key to building a connected enterprise. That infrastructure needs to enable network convergence, meaning that systems and devices no longer have to rely on disparate infrastructures but instead leverage a unified network that enables IP-based communication and the exchange of data. He adds: “For organisations to gain the most from the data collected, IT infrastructures must allow for quick and efficient transmission of data for processing, analysing and storage. Effectively moving today’s larger sets of complex data requires high performance data centre infrastructures with reliable, low-latency, high bandwidth connections. At the same time these infrastructures must be scalable to accommodate the continued growth in data and bandwidth demand.”
and data to data and and one enterprise to another enterprise., Governing the information is key and so is deadline management. If you use an automation tool to do that, an enterprise can get proactive warnings about when a process is about to breach a timeline that could affect the happiness of a customer,” says Jaswal. Ranjan agrees that the integration of front office and back office is extremely important, especially to manage customer relationship more effectively. Customer touchpoints are always connected with front-office which generates a lot of critical data. A lack of integration with back-office creates data-silos and organisations fail to utilise those critical data to address customers’ grievances/ feedbacks and struggle to gain a better customer experience and improve their productivity. Apart from this, a better integration improves the unified view of their customers, brings greater control over various processes across LoBs, enhances efficiency and automation and improves productivity, he says. Even if you have all the core elements in place, creating a connected enterprise is easier said than done. In addition to complex processes, very few companies have the skills and resources to achieve the level of integration the connected enterprise warrants. “Organisations must identify what business benefits they want to achieve while transforming themselves into a
connected enterprise and then select the specific use case,” says Ranjan from IDC. “Evaluation of existing IT infrastructure also becomes critical as many organisations still run on legacy systems, which not only makes it difficult to integrate with various other systems but also creates departmental silos as well as data silos which also becomes a challenge. Lack of necessary data analytics skills is also a prominent challenge before organisations which aspire to become a connected enterprise.” Rodrigues says there is a range of different challenges that companies might face, ranging from strategic ones for example identifying what exactly the business needs, all the way down to more technical challenges such as adopting the right infrastructure for data collection, ensuring compatibility and interoperability of different systems, having a common integration platform in place and the right skillset for data analytics. Data security and privacy issues will also have to be taken into account. Jaswal says organisations shouldn’t boil the ocean to transform their business. “The big bang approach is common, and one that is not required; instead, a phased approach is what merits. The ideal is to look at key customer-facing processes and connections or the primary processes first, followed by the internal systems, the secondary and the tertiary systems etc.”
Roadblocks For a successful connected enterprise strategy, it is also important to align front and back-office functions to achieve better customer experience and identify areas that require attention. “Connecting front and back office is the same as connecting people to data
DECEMBER 2020
CXO INSIGHT ME
17
INTERVIEW
FLYING INTO THE FUTURE PASCAL BUCHNER, ITS DIRECTOR & CIO, IATA, TALKS ABOUT THE MOST PRESSING ISSUES AFFECTING CYBERSECURITY IN AVIATION.
W
hat is the nature of cybersecurity challenges in the aviation sector? Is it the same as other industries? It is not the same. An aircraft’s integrity is even more critical because you are subject to regulations or what we call airworthiness. The biggest challenge we’d to address two years ago was the arrival of e-enabled aircrafts with lots of operational technologies, and we had to guarantee the same level of safety as what we have today. Now, the introduction of new planes is slowing down due to the pandemic. At present, one of the concerns is the protection of passengers’ data privacy, especially with the presence of medical staff to allow people to board aircrafts. We have to make sure that regulators will not penalise airlines in the event of a data breach. However, this is a temporary risk as a result of Covid-19, and the long-term risk is to maintain the integrity of aircraft and address any interference from bad actors; it is not just the command and control system, but you have to ensure all the feeds coming into an aircraft from sources such as traffic management systems are protected. The regulators are increasing cybersecurity obligations that airlines must comply with. For example, in Europe, IACA is working on a cybersecurity regulation that will be mandatory by 2023. Do you have a framework to assess the cybersecurity posture of an aviation organisation? There are a couple of cybersecurity frameworks, and one that is mandatory is from ICAO, which is the organisation that governs civil aviation authorities in every country. Another advanced guidance is the CAF (cyber assessment framework for aviation) from the UK Civil
18
CXO INSIGHT ME
DECEMBER 2020
– IATA for airlines and ACI for airports – provide guidance to our members on what they need to do to improve their security posture. We will validate or give accreditation to service providers to implement the framework for smaller airports and airlines without the required resources. We will also provide training to our members to develop awareness around what they have to implement.
Aviation Authority. We are working with ACI, ICAO, and IATA on the cybersecurity best practices, and all of us advocate the same thing – you need to have a 360 approach to cybersecurity and address all aspects of it, including people, culture, leadership, and open and transparent communication about vulnerabilities. When it comes to cybersecurity frameworks, the aviation and automotive industries lead the space because of all the automation we have in vehicles now. Is it going to be one single standard framework for cybersecurity? Yes, because you have to include the whole supply chain. Airlines can’t implement something without airports and air traffic management doing the same thing. If one level is weaker, it will lead to vulnerabilities. Isn’t cybersecurity a big challenge for smaller airports? It is a challenge not just for smaller airports but airlines as well. When you are a major airline with a large fleet and significant resources, your cybersecurity maturity is higher than a smaller airline with less than ten aircraft. This is why we both
The pace of digital transformation in the aviation sector has accelerated. Is cybersecurity keeping pace? We are lagging because bad actors are always ahead of us; it is a catchup business. They have better communication and are more innovative, but we are closing the gap. Finally, we are starting to understand them, and we have realised that the main challenge before us is communication and information sharing. Now, we have the structure to share sensitive information to understand what the threats are and ways to mitigate them. Do you work closely with the security research community? We are advocating that we have to be more open to the research community, and our vision is to manage cybersecurity with transparency. It is true that our industry is sensitive about bad press, and in the past, there have been some instances where things have been blown out of proportion by the research community. We’d found vulnerabilities thanks to researchers, but they were not critical or couldn’t have been exploited. But, what we saw in the press was totally different, with some researchers claiming it could be used and weaponised. It was science fiction. We are open to working with researchers, but they will have to come to us when they find a vulnerability and give us some to fix it before going to press.
READ THE REPORT: www.skyboxsecurity.com/security-transformation
INTERVIEW
NEW RULES OF THE GAME RICH MCBEE, THE NEWLY-APPOINTED PRESIDENT AND CEO OF RIVERBED, TALKS ABOUT THE FUTURE OF WORK AND HOW BUSINESSES CAN PIVOT TO EMBRACE THE NEW NORMAL.
Y
ou have been with Riverbed for more than a year now as the CEO. What attracted you to this opportunity? When I came to Riverbed, it was a company that was kind of an iconic brand, which lost a little bit of focus. When I came in, one of the things that we did was an assessment of the company to understand what we are good at? Network performance was clearly the foundation of the company, and visibility was the next piece. When I came to the company, I said, “This is a company that I can help and add some focus.” And we’ve done that. Our strategy now has four pillars, and it’s about being the leader in performance and visibility. The four pillars are WAN optimisation, which is really the cornerstone of the company, and our acceleration package, which is about not only optimising networks, but also applications. Then the network performance management is our third pillar, and SD-WAN the fourth pillar. Things that happened when I was at Mitel were very similar. It was a premise-based company that had been around forever, and it needed a little bit of refresh or a refocusing. And we did that with the company and refocused it. It had a large installed base that was moving to the cloud, very much like Riverbed. And we made that journey, and we’ve bridged those things. One of the hardest things to do is to transition 20
CXO INSIGHT ME
DECEMBER 2020
from an older technology to the new technology and get your engineering to work 80% on the new stuff and 20% on the old. And we’re on that journey right now as a company. Are you seeing any big shift in the technology priorities of your clients now as a result of the pandemic? It’s been really interesting. When you take a general workforce, about 350 million people were working from home or anywhere. And that shift was over 1.1 billion overnight within three weeks. It made many companies stop and think about, “Okay, where are my people? What are they doing? How productive are they? How’s our business performing?” In a very short period, nobody would have thought that they could have done this. I have my entire workforce working from home today. Nine months ago, if you had said that, I’d have said that’s a business case problem that you’re never going to see. I would have liked to have a lot of workers from home, but that’s something that you have never seen. And then instantaneously, it happened, and businesses made it work. Maybe some of these barriers that we always thought of in the past aren’t as big as we thought they were. Today, a lot of CEOs and CIOs to have daily conversations about, “How can we enhance our business?” “What’s the next level of productivity I can drive to my employees because I’m going to have a bunch of them working from home?” I’ve talked with a lot of
different people and they’re actually working more today from home than they work in the office. There’s no more commute. It doesn’t mean that we’re not fatigued, but people are saying, “Look, I used to work 10 hours a day. I’m finding out that I’m working 12 or 13 hours a day. I’m on Zoom all the time. But I don’t have a commute anymore. I haven’t done traveling. I’m not spending six hours on an airplane and going to a hotel.” All that time is filled up with productive work. Do you think remote work is now going to be the new normal? Yes, and what’s going to happen is this. Let’s just use some numbers, 350 million people working from home, and COVID hits, it goes to 1.1 billion. I’m pretty comfortable with the idea that 650 million will probably still be working from home in some kind of remote environment. But I think what’s going to happen is the work environment’s going to change. Let me give you an example of an office with a large footprint, let’s say 40,000 meters of space. We’re going to cut that down to 10. That space is now going to become a collaboration space where the marketing teams are going to come in, and they’re going to work Monday morning, from 8 AM till noon. And then they’re going to go work from anywhere or work from home, and they’ll come back the next Monday. Engineering teams with agile development processes need to meet
maybe every third day. They don’t need to be in the office all the time. A lot of people really like the flexibility of that kind of work environment. That’s a huge cultural shift, but the COVID-19 era has proved to us that it can be done. So I think that the workspace of the future is going to be radically different. We had been working even pre COVID-19 on a program that was for workers to work from anywhere. And anywhere actually turned out to be the home when the pandemic hit. It was kind of fortuitous that literally three weeks before all of this kind of came about, we had been working on the product on one of our client accelerators. We took our entire engineering home for a day and everybody had to work from home using their computers and using our software to help accelerate. And it worked out perfectly. I think in the near future, work is going to be a little bit more flexible and workspace more collaborative. One study that we have done said that today about 55% of all meetings were done in person pre-COVID. In the future, the estimate is about 25% of meetings are
going to be done in person. And the remainder can be done via Zoom, via Teams, via WebEx, or any other kind of video capability. Now we are talking about a hybrid workforce model. What will be the impact of this on IT? A lot of the younger workforce has family and they have got children playing, streaming gaming on the same bandwidth that mom and dad are trying to do video conference or work. So there is a huge impact on IT. If you think about the IT organisation or the IT professional, it first comes down to, “Where are my people? Do I have them connected? What is their productivity?” And they’re going to run into a productivity issue if they can’t have the in-office work experience from their remote location. And I say remote location because that could be a coffee shop as much as it could be their home. This means you’ve got to get the performance up. You’ve got to make sure that it’s secure. And then you got to make sure that they’re actually productive. The IT professionals are really going to have to work on that and understand
what are the productivity tools they could use to give an in-office experience at home. And I’ve always said that the bigger the company, the more complex their network. And the more complex the network, that’s good for Riverbed because that’s what we do. One of the things we have seen in the last eight months is an accelerated adoption of cloud-based applications. Do you have a solution for accelerating cloud-based applications? Yes. Every product that we have, even our traditional SteelHeads, have now been virtualised to run in a cloud environment. Everything is moving to the cloud because it’s a fast way to get things up and running. Usually it’s pretty standardised, so it’s simpler than maybe deploying a lot of hardware and all that kind of stuff. When you think about our four pillars, every one of the pillars has a cloud-based solution because that’s what customers are doing. We have both a SaaS accelerator and a client accelerator that sits on the desktop to speed up applications, whether on the cloud, hybrid, or a premise-based environment.
DECEMBER 2020
CXO INSIGHT ME
21
FEATURE
WHAT IS IN STORE?
HERE ARE THE TOP TECHNOLOGY TRENDS FOR RETAIL IN THE COMING YEAR
T
he coronavirus crisis has had a disruptive impact on the retail sector. With consumer confidence very low and consumers staying mostly out of stores, many retailers, especially with a large physical footprint, have been forced to go out of business. The pandemic has accelerated the shift from brick-andmortar to online retailing, and the research firm IDC predicts retail technology investments will continue to reflect digital transformation efforts, as retailers reserved the capital for technology investments by reducing spending on store opening and remodels. The Middle East & North Africa (MENA) region has shown the fastest growth for ecommerce compared with other regions around the world, with the United Arab Emirates (UAE) at the hub of the action. According to a report from Visa Middle East, the UAE is the most advanced eCommerce market in the MENA region and sales in the UAE are projected to grow by an average of 23% annually. Digital technologies will no doubt be more important than ever for retailers to offer a seamless experience to customers. There are many technology trends, which 22
CXO INSIGHT ME
DECEMBER 2020
are already taking shape that retail CIOs will have to tackle in 2021. Are retail IT organisations prepared for a tectonic shift in business operations, address disruptions in the supply chain, and support both e-commerce and in-store fulfillment? “Certain industries have leapfrogged their pace of digital transformation, and retail is one of them. With the growing use of emerging technologies, the retail industry has been able to modernise their service delivery model, accelerate automation in process and operation,” says Manish Ranjan, Program Manager for Software and Cloud at IDC Middle East, Turkey and Africa. The retail industry witnessed an explosion in the e-commerce platform where various retail organisations used cloud-based solutions, AI/ML and analytics to have data-driven customer strategies. By leveraging RPA, AI, and intelligent process automation (IPA) to automate back-office and front-office, retail organisations strived to achieve operational rationalisation. Various organisations also invested in modernising their overall supply chain during the current pandemic by revamping their distribution and
delivery system through warehouse automation and strategic delivery partnerships, says Ranjan. “In a fiercely competitive field, where e-shoppers can switch to a competitor with a single click, e-tail firms realise that their digital presence is now an integral part of their brand — they must ensure a digital experience that is slick, reliable, and engaging. As such, the applications that feed user experiences are no longer backroom tools, but vital operational components,” says David Noël, regional vice president, Southern Europe, Middle East & Africa at AppDynamics. He adds retail IT teams need to be familiar with the baseline metrics used to measure the performance of their applications and websites. “It is important to take a fresh look, as they may have changed from last year. It is useful if you can configure your environment to auto-scale itself to cope with surges in user engagement. Also, take time to account for user behaviours. For example, casual browsers have a different impact on your resources than those searching for a specific product.” According to Avinash Gujje, Practice Head – Infrastructure, Cloud Box
David Noël
Technologies, artificial intelligence is the future of the industry where it is going to change the way business is done. “Now more than ever, we see that Augmented Reality and Virtual Reality are trending solutions which are being adopted by some of the retail giants. It helps keep pace with the way consumers are shopping and provides a platform for greater consumer engagement and elevating the shopping experience. It is also being used to drive sales and maximise ROI. “Other areas that will give retail industry and boost will be robotics, drones and selfservice technology.” While digitisation of the retail industry is the most ubiquitous retail trend, RedSeer Consulting sees two interesting new technology trends that are making headway. The first one is quick commerce, a hyperlocal play that has seen mass adoption, especially for essentials such as groceries and medicines. “The other one is c-commerce, which is chat-based selling that is slowly and steadily gaining traction across a myriad of sectors across retail. With more consumers shopping online, there is a need to enhance the customer experience across the value chain, which is possible through c-commerce,” says Sandeep Ganediwalla, Managing Partner, RedSeer Consulting. How Covid-19 accelerated digital transformation in retail Zinnov, a global management and consulting firm, has recently released the finding of
Avinash Gujje
its study titled, ‘digital engineering in retail,’ which estimates that the retail sector alone has invested in three years’ worth of digital transformation within a span of six months at the height of the pandemic. “Digital adoption has taken a giant leap during these Covid-19 times across businesses and is playing a major role in how they operate across departments. From logistics to consumer behaviour, to in-store management, the very fabric of retail operations has changed. Without a doubt it has given a major boost to digital transformation adoption and implementation globally,” says Gujje from Cloud Box Technologies. Ranjan from IDC shares a similar opinion: “The retail industry is going through a massive transformation due to Covid-19. The pandemic caused accelerated adoption of e-commerce and evolution of omni-channel business model. This major shift is further driven by rising consumers demand for a wider range of omnichannel fulfillment capabilities for online orders such as home delivery, instore purchase, and store pickup options.” He says various local and small retailers who never had an online presence invested in their digital platform by launching their mobile apps and online retail platforms. Various retailers have already invested in “click-and-collect” contactless omnichannel services platforms. Ganediwalla from RedSeer says postCOVID, it was a sink or swim situation for retailers. “Either you adapt to the
Sandeep Ganediwalla
new situation by pivoting your business model or face the possibility of failure. As consumers shifted to online channels to meet their demands, so did retailers. This meant that traditionally offline retailers who may not have considered digitisation as a core strategy at the time, started to take the plunge to go online.” Post-pandemic lessons for success in 2021 What new approaches should retailers take to beat the downturn and sustain long term growth? “In my opinion, there are two aspects to how the retail industry will work towards surviving the downturn and creating opportunities for the future. From the business model point of view, there will be a lot of caution while reinvesting in the commercial growth and they will make very strong efforts to restructure their costs, where financial stability and streamlining their expenses will be important,” says Gujje from Cloud Box Technologies. On the other hand, across the board, the retail sector will have to focus on understanding the effectiveness of technology and begin to invest in viable solutions that will help them achieve operational efficiency, maintain customer retention and spruce up customer service. From e-commerce and the use of advanced POS systems to machine learning and robotics, the list is large and retailers will have to rework their business solutions while moving into the future, he sums up.
DECEMBER 2020
CXO INSIGHT ME
23
VIEWPOINT
OVERCOMING THE PANDEMIC SIMON BENNETT, CTO, EMEA, RACKSPACE TECHNOLOGY, LISTS KEY STEPS EVERY BUSINESS MUST TAKE TO TACKLE THE CORONAVIRUS CRISIS.
W
e’re experiencing a tectonic shift in working practices witnessed by any living generation, with all industries simultaneously having to learn and adapt to serving their customers with a remote workforce. Technology has been instrumental in most organisations’ business continuity throughout this period, yet it hasn’t been easy sailing. This unprecedented situation uncovered and accentuated a number of challenges that IT teams will need to overcome to continue supporting their businesses over the coming months. Whilst lockdown 2.0 took place across EMEA, business leaders needed to adjust to a more permanent period of uncertainty than anyone could have expected and quickly overcome these issues - most of which are not quick fixes. The biggest, according to research commissioned by Rackspace Technology, were a need for business continuity programmes; a lack of adaptability to change; a lack of preparedness for different working arrangements; and not having enough employees with the right skills. The pressure is now on for organisations to overcome these obstacles with longer-term strategies. So how can this be done? Improving adaptability to better prepare for the unknown The biggest challenge that EMEA businesses uncovered during the
24
CXO INSIGHT ME
DECEMBER 2020
pandemic was a need for business continuity programmes (44%), whilst they reported the second as being a lack of adaptability to change (34%). This reflects the findings from Leesman, which previously cited the UK as amongst the least prepared countries to deal with a mass home-working strategy. Most organisations are having to shift their operations beyond recognition as a result of the pandemic and its mid-term
impact on their operations. For many, this means completely reformulating their business continuity plans to prepare for the next wave of the unknown as well as establishing adaptable processes that can support the business in navigating the evolving situation. The cloud underpins many businesses’ ability to continue operating services virtually and to support their entire workforce remotely. Those that had
migrated to the cloud, or had already started the migration prior to or at the beginning of lockdown, found that the shift to cloud turned out to be critical to enabling remote workforces. For example, a UK public sector organisation, the Central and North West London NHS Foundation Trust’s (CNWL) revealed it may have not been able to support patients without its migration to the cloud, as most healthcare was in-person. However, the Trust has now been able to adapt to provide many of their services remotely, for example with the use of online tests and video calls. As a result of these reported benefits of the cloud to remote working, we’re seeing many companies increasing their investments in the cloud services that underpin their ability to scale up and down, deliver better online experience, and support their entire workforce to work productively from home. Whilst the majority of businesses (67%) were already either in progress or planning to move to a multi or hybrid cloud model in 2020, and 74% had started or planned to develop cloud-based solutions, the pandemic has given rise to three quarters (73% and 76% respectively) bringing their projects forward. Will remote working, work tomorrow? IT leaders also felt that the pandemic had exposed their lack of preparedness for different working arrangements (28%). Nearly six months after the coronavirus upended our traditional working practices, businesses across the world are grappling to turn their temporary fixes into more sustainable processes that will support many employees that expect to work from home for the foreseeable future. This means employing the right technology solutions to ensure workers can be as productive and efficient at home as they are in the office.. Whether that means migrating to the cloud to ensure easy access to tools and documents from remote locations, or implementing collaboration tools that enable quicker, easier, and simpler communication between employees but
at the same time remaining secure. But it’s important that this challenge isn’t just viewed in the context of a technical fix. Businesses will also need to reassess processes and ensure employee benefits packages reflect a remote working structure. For example, this may involve providing the right physical set-up to ensure people can work comfortably, or launching wellness programmes to support the emotional and mental health of their employees.
Identifying where new skills can help you thrive Technology is, and will continue to be, a key driver in helping businesses adapt to what lies ahead. But as many accelerate transformation projects to help them take advantage of its benefits today, many have uncovered that they lack the right skills. In fact, 28% of EMEA businesses reported that the COVID-19 crisis highlighted their workforce doesn’t have the right skillsets. To overcome this, organisations first need to identify which skills they are missing that their business model relies on. It is then vital that employees are up- and re-skilled appropriately to fill these critical skills gaps. This will likely involve launching tailored training programmes that not only provide employees with the necessary learning, but that can be completed from the home environment. But training and reskilling can take time, and - particularly in a pandemic - time is of the essence. Organisations should therefore also take advantage of working with third parties to help plug their skills gaps and elevate their teams’ capabilities as quickly as possible, to ensure they can deliver the critical transformation needed to survive these difficult times.
TECHNOLOGY IS, AND WILL CONTINUE TO BE, A KEY DRIVER IN HELPING BUSINESSES ADAPT TO WHAT LIES AHEAD. BUT AS MANY ACCELERATE TRANSFORMATION PROJECTS TO HELP THEM TAKE ADVANTAGE OF ITS BENEFITS TODAY, MANY HAVE UNCOVERED THAT THEY LACK THE RIGHT SKILLS.
The right technology and people to cope with future disruption At the start of the pandemic, organisations had to act fast with quick, tactical responses to the unexpected disruption, to ensure they could continue to function as a business. This in turn uncovered areas that needed attention, whether it was the business continuity plans they had in place- or lack thereof – or the lack of skills they had to implement the long-term solutions needed to cope with ongoing disruption. As a result, the next phase for organisations will be addressing these immediate issues to build both agility and resiliency into the business, which will help them overcome the challenges presented by any future unexpected events – COVID-19 or otherwise.
DECEMBER 2020
CXO INSIGHT ME
25
EVENT
PROTECTING ALL PATHS TO DATA IN ASSOCIATION WITH IMPERVA, CXO INSIGHT ME BROUGHT TOGETHER A SELECT GROUP OF CIOS AND CISOS IN THE REGION TO SHARE KNOWLEDGE AROUND BEST PRACTICES FOR APPLICATION AND DATA SECURITY
O
ne of the global pandemic consequences is a record-breaking rise in cybercrime, targeting your organisation’s most precious asset - data. With IT environments getting highly distributed, and employees working from home, organisations in the Middle East are forced to rethink their security strategies. It is important more than ever for IT and security leaders to understand the risk posture of their organisation, under a totally new set of circumstances. The roundtable discussion, which attracted IT and security leaders from the GCC countries, brought to the fore some of the daunting challenges around application and data security. The event was kicked off by Terry Ray, SVP Strategy for Finance and Healthcare, and an Imperva Fellow, who said data is the most important resource on the planet. “Most people think of Imperva as either an application security or data security company, but the truth is we protect both. In 2019, attackers exfiltrated 11.3 billion records by targeting applications and APIs. In reality, we lost around 15 billion records because the other four billion were stolen from databases. We find that enterprises are struggling to identify malicious data access and distinguish between the right type and the wrong type of user.” He stated that modern requirements for data security have grown beyond traditional database activity monitoring. “There are two types of threats to data – insider 26
CXO INSIGHT ME
DECEMBER 2020
and external and most organisations struggle with the latter. If you already have a WAF, the question you need to ask is if it is turned on and blocking everything that you can stop? How fast can you mitigate DDoS attacks?” He added that digital transformation has upended how security works. “While organisations are transforming and modernising applications, you have more assets that connect to a database, which means you need to have security and visibility around them. Securing applications and data modernisations is a rapidly changing target, and the fragmented technology ecosystem is complex to secure.” Ray listed three critical challenges that users face today when it comes to data security: “Do you have the ability to monitor and protect everything in your environment? Can you increase the value of the data you are collecting and make it more usable? How can you reduce the overall TCO of your security and compliance programme?” Talking about his company’s track record and what sets us apart from its competitors, Ray said Imperva blocks more than 22 billion attacks every month. “Most people use application security for monitoring but not for blocking, and that is not the case with Imperva. With the help of some specific technologies such as dynamic profiling, Imperva’s products can identify good and bad behaviour accurately. We have built technologies that give you the flexibility to decide what works best for your environment.” Ray also pointed out some of the
unique capabilities of Imperva around edge security, which is the company’s SaaS-based offering for both WAF protection and DDoS mitigation. “We have embedded CDN in our anti-DDoS solution, and the big value for our customers is that it all sits in a single stack. What this means is that where we have a PoP, we have everything. If something bad happens, we don’t have to push you over to another PoP to do mitigation; we do everything in-country. We have 50 PoPs worldwide, including one in Dubai, and we are expanding that infrastructure. Our value proposition is that because everything stays in one location, it gives us the ability to have the lowest SLAs for application-layer DDoS – in less than three seconds. Our nearest competitor does this in 45 minutes.” He went on add that modern-day threats have evolved beyond web application firewalls, which have been around since the late 90s. Application security is more than just WAF. In addition to applications, organisations are looking to protect APIs, manage bot traffic, and prevent data thefts from client-side attacks. Our security technologies have also evolved, along with threats, he said. Participating in the discussion, Morgan Jay, Assistant VP, EMEA South and Middle East, Imperva, said the Middle East a very important region for the company. “It’s one of the fastest-growing regions globally. We have doubled our resources this year, and we are expanding here. We have recently acquired a database security company called jSonar, which has a sweet spot in the Middle East.”
InfoScale Software-Defined Storage can reduce your cost while boosting performance, scalability & availability. Highly available, enterprise-proven storage virtualization software A software-defined infrastructure built for the largest, most demanding organizations that can’t compromise on performance and availability. InfoScale easily spans physical, virtual and cloud.
These businesses rely on Veritas InfoScale for Availability.
10/10 10 of the top 10
Financial institutions
11/12 11 of the top 12 Investment banks
10/10 10 of the top 10 Telco companies
10/10 10 of the top 10
Healthcare organizations
Feature Highlights of Infoscale: • Scale easily and cost-effectively as needed with hardware-independent storage. • Deliver mission-critical levels of availability and performance while simultaneously providing more agile and streamlined data and workload mobility. • Save time and money by extending your storage environment to the cloud. • Help ensure high-performance and availability for your mission critical apps in the cloud or on-premises.
INTERVIEW
STAYING ON TOP SANJEEV WALIA, FOUNDER AND PRESIDENT OF SPIRE SOLUTIONS, TALKS ABOUT THE VAD’S PARTICIPATION AT GISEC THIS YEAR AND MARKET OUTLOOK FOR 2021.
T
ell us about Spire Solutions and the nature of its business. Spire Solutions is Middle East and Africa’s leading value-added distributor (VAD), exclusively representing some of the world’s most capable vendors offering niche cybersecurity solutions and services. Driven by a strong dedication to customer success, Spire Solutions has built a reputation of being the preferred security partner to CISOs in the region. For our technology partners, Spire Solutions has always been a force multiplier in the region and will continue to be regardless of where the technology company is in its lifecycle. Since 2008, we have served over 1,000 government and enterprise customers, introduced over 50 niche cybersecurity vendors to the region and built a channel of 500 plus partners and resellers. What is COVID-19’s impact on the cyber security industry and particularly your business? COVID-19 has disrupted the entire world adversely, and its impact is felt 28
CXO INSIGHT ME
DECEMBER 2020
across all industries, including the cybersecurity industry. Threat actors have been exploiting the pandemic to target government entities and private sector organisations in various ways. From phishing campaigns on unsuspecting individuals to sophisticated targeted attacks, different tactics, techniques, and procedures are being used to launch cyber-attacks. We have been working extra hard over the last six to eight months to ensure that we are assisting our customers in proactively detecting, mitigating and responding to risks, threats and attacks, while they focus on continuity and availability of their core businesses. Spire Solutions has been associated with GISEC for a very long time. What is your opinion on the show and its importance to the region? Since its inception, we have supported GISEC and see it as a melting pot for the regional cybersecurity industry. GISEC is a highly effective platform for us to continue our ongoing discussions with customers and showcase our new capabilities; provide visibility and market access to vendors in our portfolio; reconnect with partners across the region; and nurture existing relationships while also building new ones. Given that GISEC is hybrid this year, we look forward to leveraging both the physical and virtual platforms to continue helping the region with its cybersecurity efforts. What can we expect from Spire Solutions during the five days of GISEC? What’s new? We are showcasing multiple
cybersecurity technologies this year and have lined up a fantastic list of thought leaders to share knowledge during various conference sessions on the main stage and X labs. Several of our technology partners are showcasing for the first time at GISEC so the participants can expect lots of thoughtprovoking discussions, presentations, and demos. Our goal is to help CISOs automate vulnerability and risk management; lay the foundation for ZERO trust; visualise their SOC with 3D; drive sec-ops with threat intel; encrypt their crown jewels and build quantum resilience; proactively hunt for threats across networks and endpoints; and enhance their respective organisations’ overall security posture, continuously. What is your focus for 2021, and what can the region look forward to? With increased adoption of remote work and rapid transformations enabled by digitisation, cloud migration, internet of things (IoT), artificial intelligence (AI), machine learning (ML), fintech, blockchain, mobile apps, smart devices and social media penetration, we foresee that cyber criminals and threat actors will be having a field day. Therefore, our focus – rather a mantra – will be to continue helping customers understand their security blind spots and solving regional cyber security challenges proactively. From understanding current and emerging cybersecurity risks and challenges to solving them with practical solutions and services, we will ensure that our customers and partners find maximum value from their engagement with us.
OFFICIAL DISTRIBUTION PARTNER
MEET US AT STAND NO. H1 - B1, Hall 1
Main Stage Speakers
Sunil Gupta Co-Founder & CEO QNu Labs
Guy Bejerano Founder & CEO SafeBreach
Wallon Walusayi CEO and Co-Founder 3Data
Nadim Khater Director Professional Services Digital Shadows
Manja Kuchel Sr. Product Marketing Manager SolarWinds
Nasar Sadiq Sr. Regional Manager, MEA Rapid7
X - Labs Speakers
Sahir Hidayatullah CEO Smokescreen
Laith Alkhouri CEO CTI-ME
Basel Shahin Regional Sales Director, META Corelight
Rami Refaat Senior Product Manager Spire Solutions
Miles Tappin VP, EMEA Threat Connect
Siddhartha Murthinty Chief Solutions Architect Spire Solutions
Syed Ashfaq Ahmed Head, Encryption BU Spire Solutions
EVENT
GITEX 2020:
WHO, WHAT, WHY HERE IS A SNEAK PEEK OF WHAT SOME OF THE BIGGEST NAMES IN THE INDUSTRY WILL BE SHOWCASING AT THE REGION’S BIGGEST TECH TRADE SHOW.
30
CXO INSIGHT ME
DECEMBER 2020
VEEAM
PURE STORAGE At GITEX 2020, Pure Storage will showcase how it delivers a modern data experience so customers can rapidly digitally transform by accessing, managing, analysing and securing their data, no matter where they store it. “We will be showcasing the latest updates to our portfolio, including the second generation of FlashArray//C — one of the fastest-growing products in our portfolio and the first and only enterprise-grade all-QLC flash array. We’ll also show FlashBlade, our Unified Fast File and Object (UFFO) storage platform that is helping customers meet the challenges of today, including the demand for real-time insight, the need to consolidate and re-use data for analytics/AI, and the necessity to provide protection against increasingly prevalent ransomware attacks,” says Assaad El Saadi, regional director – Middle East, Pure Storage. He adds in many ways, GITEX 2020 will be a unique experience for both the Pure Storage team and our customers and partners. “Given COVID-19 concerns, we have taken the decision not to have any Pure Storage experts or products on-site. Instead, our booth will feature several state-of-the-art interactive, touchscreens that customers can navigate to learn more about our solutions. Furthermore, for those attendees that wish to speak to one of our experts, a Zoom conference link will be available between our GITEX booth and the office.”
Veeam will not be launching any new products at GITEX. However, the company will be showcasing its flagship solution – Veeam Availability Suite, a single platform for modernising backup, accelerating hybrid cloud and securing enterprise data. “We are keen to demonstrate Veeam Backup and Replication, as well - the one solution for simple, reliable and flexible protection of ALL enterprise cloud, virtual and physical workloads. Veeam Availability (VAS) v10 which saw general release back in February has more than 150 new features and enhancements, including modern NAS support, Multi-VM Instant Recovery and heightened ransomware protection. VAS v10 includes data protection capabilities that increase availability, portability, and extensibility for Cloud Data Management,” says Claude Schuck, regional manager, Middle East at Veeam Software. Veeam will also be demonstrating its fastest growing product - Veeam Backup for Microsoft Office 365. “Veeam’s solution eliminates the risk of losing access and control over your Office 365 data including Exchange Online, SharePoint Online, OneDrive for Business and Microsoft Teams – so that data is always protected and accessible,” says Schuck.
MANAGEENGINE At GITEX, ManageEngine will focus on the wide range of IT security solutions that it offers for organisations to strengthen their security posture and enhance operational efficiency. Karthik Anandarao, ManageEngine’s Chief Technical Evangelist for the Middle East will be presenting on ‘Cybersecurity threats to Business Digital Transformation’ on Day 3 of the event at X Labs, Hall 1 from 2:20 2:40 PM. “Information security continues to be a top challenge for CIOs and the sudden prevalence of remote work has only made it more difficult, especially for companies who cannot let go of their legacy methods,” said Rajesh Ganesan, vice president at ManageEngine. “The additional challenge brings with it the opportunity for technology leaders to enforce new operating models like the principle of least privilege and Zero Trust remote access, which can deliver both increased productivity and a strong overall security posture for the business. At ManageEngine, we are excited to bring new capabilities across our security product line that will help our customers take on the new age, remote work challenges with assurance.” ManageEngine will use GITEX 2020 to showcase its unified endpoint management tool, Desktop Central; new-gen SIEM solution, Log360, which has UEBA capabilities for proactive threat analytics using AI and ML; and PAM360, which enables enterprises
DECEMBER 2020
CXO INSIGHT ME
31
MAXIMIZE PERFORMANCE & VISIBILITY Any User, Network, App. Anywhere. riverbed.com/mena/
© 2020 Riverbed Technology, Inc. All rights reserved. MSHD-58-112320
EVENT
to establish strict privileged access governance and monitor privileged operations. The company will also highlight Device Control Plus and Application Control Plus, which enforce the principle of least privileges for employees using various devices and applications.
JUNIPER NETWORKS For Juniper Networks, the focus at this year’s Gitex will be on the Juniper AI-Driven Enterprise, which enables organisations of any size to reap the game-changing business and operational benefits of secure multi-cloud-enabled automation and data-driven insight for their WAN, LAN, campus and branch networks. Juniper believes that Artificial Intelligence (AI) will continue to grow in significance in FY21 across the Middle East region. “Visibility and analytics give IT teams the data needed to optimise the enterprise network. This data-driven approach allows IT teams to proactively identify and rapidly fix network performance issues, consistently ensuring the best end-user experience. In fact, a recent independent survey conducted on Juniper’s behalf of a thousand CIOs and CISOs across nine countries (including KSA and UAE) shows that many mission-critical applications are reliant on network performance, even when employees are working remotely,”
says Yarob Sakhnini, Vice President, Sales, Emerging Markets, EMEA, Juniper Networks. He says this trend will work handin-hand with others – notably cloud architectures and automation – to continue transformation of the network of the next decade. “Network agility will be more important to the customer experience than ever before, and the only way to achieve it is to build your network in a modern cloud environment that can match the innovation speed of a business’ digital transformation team.”
EQUINIX This year at GITEX Technology Week, Equinix will introduce its Equinix Cloud Exchange Fabric (ECX Fabric) platform to help digital businesses simplify hybrid multi-cloud deployments and expand their global interconnection opportunities on Platform Equinix ECX Fabric is an advanced interconnection solution that enables seamless, on-demand and direct access to multiple clouds and networks across the globe. By bringing together cloud service providers with enterprises consuming cloud, and enabling them to establish private, high-performance connections, ECX Fabric gives enterprises direct access to the services they need to build sophisticated hybrid cloud solutions. “Despite the challenges of this year, it is a positive sign to see the industry come together from around the world.
Technology has played an instrumental role in driving economic continuity in 2020 and at GITEX we look forward to discovering innovative best practices and showcasing areas in which we continue to make major advances,” says Kamel AlTawil, Managing Director, Middle East and North Africa, Equinix.
NETAPP To ensure the health and safety of its employees, partners, customers and visitors, NetApp will be participating virtually at Gitex this year. “Through our virtual presence, and under the theme ‘Unlock the Best of Cloud’, we will be focusing on the new capabilities of our portfolio and will showcase our solutions in cloud, business continuity, data services, hybrid cloud, artificial intelligence and security. We will also emphasise our data fabric vision as businesses rapidly adopt cloud,” says Fadi Kanafani, Managing Director – Middle East at NetApp. He says among the big trends this year is AI and cloud and edge computing, and it is undeniable that cloud and AI are two technologies revolutionising how businesses store, access, analyze and use their data to gain competitive advantage. “As a cloud-led, data-centric software company with AI-driven solutions, NetApp is strategically placed to address the businesses challenges that businesses have been facing over the
DECEMBER 2020
CXO INSIGHT ME
33
EVENT
past few months – businesses continuity being at the center. In addition, we are showcasing our solutions portfolio that perform across diverse environments and helps organisations build their own data fabric and securely deliver the right data, services and applications to the right people—anytime, anywhere.”
RED HAT Red Hat will be introducing new products and services at this year’s GITEX, namely 5G, edge computing, and hybrid cloud technologies. “We aim to engage with as many people and enterprises as possible at the event, discuss the benefits that these innovations promise to provide, and explain the specifics behind how scaling computing resources, minimising costs, and generating revenue will become simultaneous realities. Global hyperscale cloud providers now have a strong presence across the regional landscape. Therefore, GITEX 2020 provides yet another opportunity for us at Red Hat to demonstrate the impact we can have across the broader technology community. The event is a gateway for us to continue being a catalyst in communities of customers, contributors, and partners, creating technology the open source way,” says Adrian Pickering, regional general manager, EMEA, Red Hat. He says trade shows such as GITEX are invaluable due to the benefits it
34
CXO INSIGHT ME
DECEMBER 2020
provides. “For instance, GITEX is the region’s largest consumer computer and electronics trade show, exhibition, and conference. As such, the event provides us with a unique platform to interact with new and existing clients, share ideas and perspectives with leading industry personnel, and engage with representatives from public and private sector enterprises. Moreover, it enables us to showcase the transformative power of our products and solutions, as well as reach out to a vast audience and demonstrate the possibilities and potential that accompany open source.”
consumer protection product,” says Amir Kanaan, General Manager in the Middle East, Kaspersky He says GITEX gives the company a platform to showcase it wide range of products as well as raise awareness about cybersecurity. “During this year at GITEX, we aim to shed some light on advanced targeted attacks that target businesses. We will use our time at the show to demonstrate to organisations how to regularly conduct security assessments of their IT infrastructure and implement patch management procedures.”
ENTRUST
KASPERSKY At GITEX this year, Kaspersky will be showcasing its full suite of products and services that encompass what it calls the ‘Expert Framework’. “Built to tailor to the technical expertise of every company, it starts with the Security Foundations, where our offering will block the maximum possible number of threats automatically. From there we move to Advanced Defence, focusing on advanced detection and a fast response to those complex threats missed by preventive protection. And finally, our Integrated Cybersecurity Approach, for clients that are ready for APT-level attacks, those with a high level of expertise, advanced threat intelligence capabilities and continuous threat hunting. And of course, our full suite of
At GITEX, Entrust will be revealing the results of its 2020 Middle East Encryption Trends Study that shows how leading organisations are applying their encryption strategies, with detailed insights into the use cases that are growing the fastest. The company will also demonstrate its recently launched Sigma DS4 printer, which enables banks and retailers to easily and instantly issue the most secure financial cards in the world. “GITEX presents a prominent international platform that brings together leading global figures from the tech sector and beyond to discuss and exchange ideas. For us, it is an ideal opportunity for governments, companies, and individuals to get a closer look at international trends and explore best practices and success stories in the
CYBERSECURITY EVOLVED PREDICT. ADAPT. SYNCHRONIZE.
Sophos Firewall XG Firewall
Sophos Endpoint Sophos Central
Intercept X
• Secure remote workers
• Artificial intelligence
• Free remote-access VPN
• Anti-ransomware
• Cloud management
• EDR and MDR
• Unmatched protection
• Exploit prevention
Learn more: www.sophos.com IT-security solutions for Endpoint | Network| Mobile | Server | Email | Cloud
EVENT
sector,” says Kieran Harnon, Regional Vice President EMEA, Entrust. At a time when digital transformation is squarely in the spotlight as means of enabling a more flexible workforce, an event like GITEX enables providers to showcase innovations and advancements that can help deliver the ‘new normal’ we are living through, he adds.
SOFTWARE AG At the show, Software AG will focus on strategies and technologies to escalate digital transformation and outline enterprise-wide transformations. For the first time, the company will showcase a hybrid opportunity to connect with stakeholders. Unique demonstrations and activities for visitors such as gaming zones will integrate the imperatives for an effective transformation journey. Additionally, deep-dive sessions through the launch of digital interaction stations and a digital clinic led by global experts at Software AG, will be held for in-depth discussions, demonstrations and technical learnings on industry solutions and Software AG platforms. “As the world continues to reel from the impact of the pandemic, Dubai has once again exhibited resilience and continues to create tremendous opportunities for businesses to drive growth”, says Rami Kichli, Vice-President, Gulf and Levant at Software AG. “As the first in-person tech event of the year, our presence as a tech
36
CXO INSIGHT ME
DECEMBER 2020
vendor is paramount to meet with business leaders, visionaries, government officials and the larger ecosystem with an influx of latest solutions success stories that bolster digitally empowered economies.”
LENOVO DCG Lenovo DCG’s presence at GITEX 2020 will showcase a variety of innovations that will help organisations embark on and accelerate their digital transformation journeys. “We will be displaying our ‘HPC/ AI-embedded platform’ solution that has an array of benefits for companies, such as enhancing social distancing
ESET
by automatically calculating distance between individuals and reporting on violations; ‘vision sentry’ that analyzes video streams transmitted by drones, ultimately identifying and counting people and vehicles; and finally, the ‘safe workplace’ that automatically checks whether protective equipment is worn. Moreover, we will showcase a drone that transmits the data stream to the ground via a digital radio channel,” says Dr. Chris Cooper, Director and General Manager, Lenovo Data Centre Group MEA. He continues: “We will also reveal the breadth of purpose-built edge computing solutions that bring compute performance, security, and manageability right where the customers need it for real-time analytics and AI.”
ESET will showcase a series of recently launched products, which would include ESET Cloud Office Security, ESET Remote workforce offer, and ESET Targeted Attack Protection. Expressing his excitement, Demes Strouthos, General Manager, ESET Middle East said: “We’re looking forward to the show as it will be first live in-person event of that scale in the UAE. ESET has been part of Gitex for past several years and it has always provided us to be the perfect platform to showcase our solutions to the enterprises in the region that can benefit from the adoption of our products and solutions.” Strouthos further adds, “Innovation and ingenuity have been the hallmarks of our solutions and this year at Gitex we will be launching new products that offers unmatched performance and highest level of security to the users.” Apart from displaying solutions at the Gitex, ESET will also be running series of webinars and online engagements on other virtual platforms during the show to highlight new features and advantage of its new products and solutions. “We will also share our product roadmap for the year 2021 with our partners and customers, so that we can align with their business and cybersecurity strategies for the next year,” says Strouthos.
VIEWPOINT
TOP CYBERSECURITY TRENDS TO WATCH FOR IN 2021 PREDICTIONS FROM MOREY J. HABER, CHIEF TECHNOLOGY OFFICER AND CHIEF INFORMATION SECURITY OFFICER, BRIAN CHAPPELL, DIRECTOR, PRODUCT MANAGEMENT, AND KARL LANKFORD, DIRECTOR, SOLUTIONS ENGINEERING, BEYONDTRUST
B
eyondTrusts’s annual cybersecurity predictions are projections of possibilities we see emerging based on shifts in technology, threat actor habits, and culture. However, sometimes the most impactful trends materialise completely out of left field. We have all been reminded and humbled by this in 2020. COVID-19 has not only upended lives, but truly effected a paradigm shift in how businesses and employees work. This has also had profound ramifications for securing the people and IT assets of enterprises. 38
CXO INSIGHT ME
DECEMBER 2020
So, as we soon turn the rip off burn the page for 2020, we look ahead with hope, but also brace ourselves for the new tricks and wrinkles cyber threat actors are bound to unleash. By anticipating what’s next, we can all be better prepared to reduce security exposures, while helping our businesses compete and thrive. Prediction 1: The Hacking of Time — Network Time Protocol (NTP) and Windows-time-based servers will become a protocol of interest to hackers. These protocols help control the timing of everything transaction-based within an organization. If the timing is off,
everything from licensing servers to batch-based transactions can fail, creating denial of service attacks in key infrastructure on the Internet and within the backend processes of an organisation. Prediction 2: Poisoning of Machine Learning Training Data — As machine learning becomes more widespread within enterprises for making automated decisions, attackers have a new vector to consider. After a threat actor steals a copy of the original training data, they will begin to manipulate the models generated by injecting poisoned data into the training pool, creating a system that has learned something it shouldn’t. This manipulation will have a multiplying effect due to the automatic processing by downstream applications, destroying the integrity of any legitimately processed data. Prediction 3: Weaponized AI, Now Just Another Tool in the Attacker Toolkit — Threat actors will leverage machine learning (ML) to accelerate attacks on networks and systems. ML engines will be trained with data from successful attacks. This will allow the ML to identify patterns in the defenses to quickly pinpoint vulnerabilities that have been found in similar systems/environments. Data from all subsequent attacks will be used to
rather than face paying out on the policy to cover any remedial action, providing attackers with a new stream of income.
continue to train the cyberattack engine. This approach will allow attackers to zero in on entry points in environments far more quickly and stealthily as they will be targeting fewer vulnerabilities with each attack, evading tools that need a volume of activity to identify wrongdoing. Prediction 4: Deepfake Everything — Expect to encounter a new wave of deepfakes that challenges us to believe whether the entity on the other side of an interactive chat window or video call is human or not. For instance, you could soon have interactive sessions with past presidents or even deceased love ones. We will increasingly be in situations, unbeknownst to us, where we are engaged in communication with deepfake technology rather than with a real person. Prediction 5: Cyberattackers Set up Shop at the Network Edge — New attack vectors will target remote workers and remote access pathways. Cybercriminals will continue to wage social engineering attacks and also try to exploit common home devices that can be used to compromise an individual and allow for lateral movement into a business. Social engineering attacks will primarily involve various forms of phishing, including by email, voice, text, instant messaging, and even third-party applications. We foresee remote workers to reign as the number one attack vector for exploitation in 2021. Prediction 6: Data Privacy Implosion — In 2020, the European Union (EU) court system overturned the governance for protection provided by the EUU.S. (United States) “Privacy Shield.” Throughout 2021, businesses will scramble to adapt to this expansion of data privacy regulations and the potential implosion of established policies based on challenges in the court systems. International businesses will have to adapt quickly to reengineer how they process client data. Businesses that operate in multiple states must consider how they manage data per state, process it in a centralized location, and codify how they develop procedures around data deletion and breach notification.
Prediction 10: Who goes there? Friend or Fake? The Rise of Identity-Centric Security As systems and services move out of the traditional network/data center environment, security leans more heavily on proof of identity. A verified identity could now be the only ‘key’ needed for all access. Attacks on the mechanisms that maintain and secure verified identities will increase through 2021 and beyond.
Prediction 7: Social Media Attack Vectors Thrive in the Era of Social Distancing — Expect attackers to move beyond just targeting individuals through social engineering to targeting businesses as well. Poor authentication and verification practices will allow social media-based attacks to be successful. Malicious QR codes or abbreviated URL’s could also be employed to obfuscate the malicious website. Since the social media controls around posting, verification, and URL redirection are so poorly managed, expect new attacks to flourish. Prediction 8: Cybercriminals Play Puppet Master with Compromised Human Identities — To reduce the cost of an attack and improve profitability, cybercriminals will target individuals directly to gain an initial foothold in the environment by using non-cyber forms of coercion (bribery, extortion, etc.). These attacks will primarily focus on public figures (politicians, actors, activists, executives, etc.). As more of the human target’s sensitive personal data is stolen digitally, the pressure will mount for individuals to carry out nefarious actions or have their data and privacy exposed to the public. Prediction 9: Cyber Insurance becomes Mandatory & Cybercriminals Rejoice — Cybercriminals will target large brands with insurance policies. The insurance policies will pay out to release stolen data
Prediction 11: Most Successful Attacks will be from well-known and Largely Preventable Attack Vectors Lamentably, this prediction proves itself correct year after year. The majority of successful attacks still hinge on exploiting well-known and entirely preventable vulnerabilities. While some of the vulnerabilities may be relatively new, there is usually plenty of time to address them before compromise occurs. If you can’t get on top of your vulnerabilities, layer your security so that attackers find themselves without access to privilege when they do infiltrate your network. An exploitable vulnerability is a problem, but considerably less so when it doesn’t lead to privileged access. Final word Every year we say it, but every year it’s worth saying again: being prepared for what’s ahead makes all the difference between being proactive and reactive. There is copious data showing that those enterprises with more proactive IT security postures prevent more threats, identify potential security issues faster, incur fewer breaches, and minimize damage from attacks more effectively than less prepared organizations. And, one more prediction for 2021: We predict a resurgence in optimism, and we’re throwing some of ours your way, along with a dose of the best intentions and any cybersecurity bits of wisdom imparted from this blog.
DECEMBER 2020
CXO INSIGHT ME
39
VIEWPOINT
STAYING SECURE ALAIN PENEL, REGIONAL VICE PRESIDENT – MIDDLE EAST, FORTINET, ON THE 2021 THREAT LANDSCAPE WHAT CISOS SHOULD FOCUS ON
I
n an era of constant innovation, it is important to be constantly aware of the impact that new technology has on the threat landscape. While IoT devices and multi-cloud environments have proven beneficial, especially in times of increased remote work, CISOs must also understand the risks that such solutions pose to their employees and to their organisation. Over the past 20 years, Fortinet’s team of security researchers has found that while certain aspects of cyberattacks continue to evolve, such as new malware or targeting new elements of the network, the underlying attack patterns, criminal behaviors, and end goals have typically remained the same. In recent years, the team’s predictions have addressed issues such as the evolution of ransomware, attacks targeting converged technologies, and the weaponisation of machine learning (ML) and artificial intelligence (AI). However, while some of these threats have already come and gone, others are only just starting to make an impact.
Cybercriminals Will Continue to Target Edge Environments As digital innovation, the expansion of the network, evolving corporate strategies, and the growing reliance on business applications continue to accelerate, the traditional network perimeter has been replaced by multiple edge environments—each with their own unique set of risks. Cybercriminals are fully aware of these vulnerabilities, as well as the fact that 40
CXO INSIGHT ME
DECEMBER 2020
for far too many organisations, a full security strategy often lags behind network expansion. They also know that organisations often sacrifice security to maximise agility and enhance performance between these interconnected edges. This lack of adequate security measures has led threat actors to allocate significant resources towards targeting and exploiting new edge environments, especially the home office branch and remote workers. Through the weaponisation of 5G and edge computing—and the subsequent deployment of swarm-based attacks— cybercriminals are able to easily target victims while fending off most of the lackluster solutions attempting to fight their attacks. Combining AI and Playbooks to Anticipate Threats As cyberattacks grow more advanced, CISOs should understand the role AI can play in helping their organisations stay a step ahead of their cyber adversaries. In addition to enabling an automated system that can detect threats and attacks before they occur, AI can also be used to document the behaviors of cyber-criminal activity in detail, resulting playbooks that can help identify an attack, anticipate an attacker’s next moves, and circumvent their threat before they can complete their mission or achieve their objectives. As AI and ML systems gain a greater foothold in networks, their ability to build out such playbooks is not far from reality. In fact, basic playbooks
using schemes like the MITRE ATT&CK framework to standardise behaviors and methodologies are already being used by various threat research organisations, including FortiGuard Labs. The Increasing Sophistication of Ransomware One of the most likely outcomes of this will be the continued evolution of ransomware, making it one of the most dangerous and damaging threats facing organisations today. In addition to encrypting data and systems, cybercriminals are now posting data on public servers and threatening to expose organisational leaders unless a ransom is paid, moving extortion and defacement to the digital realm. And while there are now organisations appearing on the darknet with a business model of negotiating ransoms to save victims money, the benefits of this are short-term. And at the
end of the day, the bad guy will almost always get a payday, which will only reinforce their criminal behavior. The Continued Development of Swarm Intelligence Inspired by the collective behavior of biological systems such as ants, bees, or flocks of birds, swarm intelligence is being developed by industry to tackle such tasks as efficiently exploring a new environment by collecting, aggregating, and correlating data in real time, rapidly assembling complex devices, optimising complex problems such as vehicle routing, or tightly coordinating flight maneuvers of a squadron of military jets. As this technology matures, the opportunities for malicious use are endless. The cyber wars of the future will occur in milliseconds, meaning the primary role of humans will be to ensure that their security systems have been fed enough intelligence to not only counter attacks in real-time but also anticipate such attacks so that they do not happen in the first place. To defend their networks against these increasingly sophisticated, and eventually, AI-enabled attacks, security teams must look to adopt AI-enhanced technologies of their own designed to see, anticipate, and counter such threats. Satellite-Based Systems Present New Opportunities for Threat Actors Security implemented after the fact is never as effective as if it were to be interwoven in the fabric of a new network or solution right from the start. This is especially important to remember as our reliance on data and internet links enabled through advanced satellitebased systems continues to grow. And while satellite security concerns have traditionally been nominal because they are extremely remote, this may no longer be enough as satellite-based networks proliferate. By compromising satellite base stations and spreading malware through these networks, attackers potentially gain the ability to potentially
target millions of users. Such attacks will likely start with such tactics distributed denial-of-service (DDoS) attacks, but as communication through satellite systems becomes more common, CISOs should expect more advanced attacks to follow. Looking Ahead to the Role of Quantum Computing The 2020 FortiGuard Labs Threat Predictions report highlights several important concerns, but perhaps the most forward-looking involves quantum computing. While access to quantum computers is beyond the scope of traditional cyber criminals, one of the biggest concerns is the use of such systems by nation-states to break cryptographic keys and algorithms. Experts now expect quantum computers to break elliptical curve cryptography by 2027, and governments everywhere are developing cyber strategies to address such a threat. With this in mind, organisations, like their government counterparts, will need to adopt quantum-resistant computing algorithms wherever cryptography is used to “sign” and protect the integrity of information as soon as they become available. What’s Next for CISOs? The threat landscape will only grow more advanced as time goes by, meaning that it is no longer a matter of if an organisation will be a target of a cyberattack, but instead a matter of when. Which is why, in addition to establishing a proactive and forward-looking defense strategy, CISOs also need to solidify their plans for effective incident response and business continuity. The use of an integrated AI system will enable a security team to defend their networks and respond to attacks before they can leave a mark. But even with the right technology in place, organisations cannot be expected to fend off the full range of modern attacks on their own. To effectively protect their networks, they will also need to: • Subscribe to threat intelligence feeds • Join relevant consortiums
• Proactively share data and strategies with others in their region or industry In addition, organisations must also work with vendors who have established partnerships with public sector institutions, including education and law enforcement. Such publicprivate sector alliances help raise the bar for the detection, response, and prosecution of criminal behavior. And organisations must also play an active role in educating their employees and others to not only engage in safe cyber behaviors, but possibly even consider a career in cybersecurity, helping to close the skills gap while protecting others along the way. Because cybercriminals do not respect political borders, law enforcement organisations have built global command centers closely tied to the public sector, helping them see and respond to cybercrime in real-time. By weaving similar threat intelligence into their security resources and enabling team members to stay abreast of the latest updates, CISOs can build and deploy more effective playbooks that will not only help their own organisations, but by being a good neighbor, also help protect others that could be affected by certain threats. Final Thoughts on Cyberthreat Predictions for 2021 What this latest round of predictions highlights is the fact that cybercriminals will only grow more advanced in their attack methods. During such a time of rapid evolution, it is up to CISOs to stay up to date on the latest threat intelligence as well as understand how the new technologies and network operations their organisations adopt to improve efficiency could have a lasting impact on cybersecurity. By monitoring the threat landscape, partnering with the right vendors, and establishing valuable alliances, these security leaders can better protect their employees while also helping the industry as a whole stay ahead of modern threats.
DECEMBER 2020
CXO INSIGHT ME
41
VIEWPOINT
WHY CONNECTIVITY MATTERS BOOSTING CONNECTIVITY WILL FUEL THE NEW REMOTE EVERYTHING, WRITES AZZ-EDDINE MANSOURI, GENERAL MANAGER AT CIENA MIDDLE EAST
A
t the height of lockdown measures in the UAE, 85% of the country’s workers were working remotely according to a study commissioned by Ciena. With millions of people working from home fully or partially, many students still continuing to study remotely and social lives mostly focused indoors, home broadband has become more important than ever before. With this home-centric life being more prevalent, both in the short-term related to COVID-19 and even longerterm with remote working being more widely adopted as the norm, there is an opportunity for service providers and global internet content providers to adapt to the changing network priorities of businesses, which have been accelerated by the global pandemic. Broadband usage patterns changed overnight When the pandemic hit, workers needed the same level of connectivity in their homes as in their offices. In addition, the way people used the internet at work and at home massively changed, putting more pressure on residential connectivity. To stay in touch with colleagues, workers turned to a variety of collaboration tools, including video conferencing. Indeed the internet has been a true enabler in bringing people together in this new paradigm and for telecom operators the increased appetite for data consumption has led to increased traffic volumes. It’s not just remote working that increased demand on home internet connections. According to the Ciena study, during lockdown, 67% of UAE adults did more video calls to connect with colleagues and loved ones, 78% used social media more often, and 74% watched more TV and movies online. While
42
CXO INSIGHT ME
DECEMBER 2020
this is unsurprising given the restrictions on social activities that were put in place, the increased use of internet-reliant entertainment was putting more demand on home broadband. Adaptable, flexible and automated Many providers were able to shift bandwidth to where it was most needed. Providers that follow the principles of the Adaptive Network were able to do it autonomously, freeing up valuable time and ensuring SLAs were met. In essence, providers with networks that adapt can more seamlessly upgrade their hardware and software to react better to shifts in behaviour and connectivity priorities. To react to the ongoing shift towards flexible, smart and remote working principles, many service providers have already taken steps to prepare for delivering bandwidth where it is needed. For instance, in the UAE, telecom services provider du announced that it has extended its support of the nation’s distance learning initiative by doubling the internet speed at no additional cost for schools and universities across the country, to ensure no disruption of learning through seamless and uninterrupted connectivity. With potentially larger remote workforces, businesses may look to
change how they approach connectivity. Even with employees working remotely, many businesses operate with a combination of hybrid, cloud and onpremise applications, so connectivity is ultimately still needed in offices. Now more than ever, network connectivity plays a key role in helping the world navigate and overcome the challenge of this global pandemic and service providers must be able to offer additional value by delivering flexible connectivity both on-premise and to employees’ homes. Opportunity for providers to offer added value Service providers need to ensure that they are able to deliver connectivity when and where it’s needed the most. Ciena’s research revealed that UAE workers are willing to spend money to get faster, more reliable connectivity at home. Three quarters (75%) have taken steps to improve their home internet since the lockdown came into effect. The most common changes are: purchasing a new wireless/WiFi router (30%), upgrading a broadband package (25%), purchasing a wireless/WiFi extension or booster kit (24%), and using a wired connection (23%). Whether these changes were driven by remote working, learning, social use or a combination of all three, it demonstrates that service providers can win customers based on their ability to deliver reliable and fast connectivity to people at home. This is not new, but it has the potential to be an even more important factor as remote working continues at meaningful levels beyond the pandemic. As we move into a new way of working, there is an exciting opportunity for providers to explore new offerings for businesses to deliver connectivity outside of traditional city centre offices and into people’s homes. Trends like IoT, smart cities, driverless cars and 5G all have different connectivity requirements, from latency to uptime. As we forge ahead into a new world of remote everything, delivering connectivity where it needs to be before it needs to be there will allow providers to deliver enhanced value and set themselves apart from the competition.
VIEWPOINT
HOW TO PROTECT AGAINST RANSOMWARE THE BUSINESS OF RANSOMWARE IS CHANGING – DETECTION AND RESPONSE NEED TO CHANGE TOO, WRITES AMMAR ENAYA, REGIONAL DIRECTOR – MIDDLE EAST, TURKEY & NORTH AFRICA (METNA) AT VECTRA
I
t hasn’t been long since ransomware was an untargeted, opportunistic, verbose, and rapid attack. 2017’s WannaCry and its Server Message Block (SMB) network worm vulnerability EternalBlue propagated its multiple variants spread around the world’s networks at machine speed, impacting over 230,000 hosts in more than 150 counties. While the damage caused by WannaCry was significant, the ransomware operator only pocketed a comparatively low number of bitcoins, currently valued around $621K USD. More recently we’ve seen criminals move from a high-volume, opportunistic approach — or “spray and pray” — to lower volume, targeted ransomware attacks. Instead of monolithic ransomware, or a single piece of software that did everything and was highly automated, today’s ransomware tends to be modular and often obtained from a malicious developer or acquired “as a service”. There’s an organised dark ecosystem for ransomware with component and service supply chains, not dissimilar to the structures and practices we see in the legitimate world. It’s expeditious to change and morph, which makes traditional fingerprinting for signatures less effective. Much of ransomware detection and response has focused on the identification and mitigation of the actual cryptolocking code and its actions. Characteristics of a ransomware attack Cybercriminals will start with open source intelligence gathering and analysis of potential targets. They’ll evaluate a target’s ability to continue operating, along with likely propensity to acquiesce, if successfully penetrated and ransomed. Then, attackers
will estimate a pain threshold price that would result in a payment being made. Initial compromise and penetration of a target may be outsourced, or simply purchased “off the shelf” on the dark web from as little as $300. From the time of the initial infection to the deployment of the ransomware, attackers perform reconnaissance inside a compromised network to discover which systems are critical before stealing and encrypting files. Once organisations are hit by a ransomware outbreak, they find themselves in an all-hands-on-deck emergency: they need to effectively halt the attack’s progress and immediately restore systems, all while business functions are held hostage. Even if an organisation is willing to pay the ransom, there is no guarantee that the encryption key will be provided by the attacker. Without the encryption key, files will have to be restored from a backup, and any changes since the last backup will be lost. How to mitigate and respond to attacks Early spotting and isolating in the attack lifecycle prevent the loss of data. Rapid host isolation should be considered a good practice once an infected device has been identified. Isolation can occur by quarantine of hosts, removal of offending systems from the network, and killing the processes causing propagation. Due to the speed and severity of ransomware attacks, isolation could require the use of automation, like orchestration platforms or native integration with hosts or network enforcement points from detection tools. It is also vital to observe privileged access to know which accounts have access to critical systems. Ransomware
can only run with the privileges of the user or the application from which it is launched. Comprehensive knowledge about the systems and users with access to specific services enables security operations teams to monitor misuse of privileged access and respond when that access is compromised — well before network file encryption occurs. Another strategy to improve detection is to focus on monitoring internal traffic for immutable attacker behaviors. Instead of attempting to detect specific ransomware variants in network flows or executables, focusing on reconnaissance, lateral movement, and file encryption allows you to have a more proactive approach when threat hunting. Stay vigilant and adopt proactive strategies To reduce the impact of contemporary ransomware attacks, we need to pivot to a model based on detecting behaviour rather than detecting specific tools or ransomware used. Such behavior detection is much more effective and requires in-depth analysis of network traffic. With advances in artificial intelligence (AI) augmenting security teams, we’re already seeing the industry shift to identifying attacker behavior in real time. AI can detect subtle indicators of ransomware behaviors at a speed and scale that humans and traditional signature-based tools simply cannot achieve. This enables organisations to prevent widespread damage. When organisations recognise these malicious behaviors early in the attack lifecycle, they can limit the number of files encrypted by ransomware, stop the attack from propagating, and prevent a disastrous business outage. Ransomware will continue to be a potent tool in cybercriminals’ arsenals as they attempt to exploit, coerce, and capitalise on organisations’ valuable digital assets. When you are fighting a ransomware attack, time and contextual understanding are your most precious resources.
DECEMBER 2020
CXO INSIGHT ME
43
Enterprise Business & Digital Transformation | Cybersecurity | Next-Gen ERP | AI/Bot Platform | IT Quality Assurance | Robotic Process Automation | Enterprise Analytics
VIEWPOINT
WHY YOU NEED A SMART VENDOR STRATEGY FINDING THE RIGHT VENDOR IS KEY TO DIGITAL TRANSFORMATION SUCCESS IN IT AND TELECOMS, SAYS ANTONY BOURNE, SENIOR VICE PRESIDENT, INDUSTRIES AND PRODUCT MARKETING AT IFS
F
irms in the IT and telecommunications sectors often deliver services that are at the forefront of technology to their customers and clients. Many of these services will rely on complex and evolving technologies like artificial intelligence, machine learning and virtual reality. It would not seem unreasonable to expect such firms to be highly attuned to the value that digital tools can provide in everyday work. We recently carried out a survey examining firms’ experience of digital transformation across a range of sectors including IT and telecommunications. We also looked at construction, healthcare, energy and utilities, travel and transport, and manufacturing, and we focused on the US, UK, France, Germany, the Nordics and Australia. What we learned threw up some interesting questions for any organisation contemplating a digital transformation project, and interestingly we found that the IT and telecommunications sector is not that different from the others in terms of its experience. The price of failure When a firm enters into a digital transformation project, it has a set of expectations that include time to completion, anticipated return on investment, and some clear understanding of how the project will be implemented and how staff and stakeholders will be involved. In our survey we found that 74% of firms in IT and telecommunications that had engaged in past digital transformation projects felt that they had completed on time, 50% had delivered on budget, and 49% had delivered real results and a return on investment. Of those firms in the sector that experienced project failure, 45% felt it took
between 1 to 2 years to fully recover from the impacts on the business. Globally across all sectors we learned that among companies that experienced timeline overruns there were serious consequences for the business. 40% said budgets were cut in other areas, 35% said other projects were stopped, 32% said headcount was frozen and 31% said it deterred investment in similar projects. For 22% there were job losses. This is concerning. No vendor of digital transformation solutions should be content to its projects fail to meet expectations, nor any of the other consequences that businesses can suffer as a result. We were keen to understand where the problems might lie. Why projects go wrong Something that came out of our research very loud and clear is that the vendor has a critical role to play in ensuring project success. Accepting that it is hardly likely that clients would give themselves a poor rating for project management, we were still intrigued to see that 37% in our survey said poor advice from vendors was a reason for project failure. This topped the list of reasons which also included stakeholders losing confidence in the project (36%), the technology used being outdated (32%),
employees not being engaged in the project (30%), running out of budget (30%), and poor change management (19%). When we drilled into the IT and telecommunications sector we found that the most frequently cited reason for project failure was poor advice from vendors (42%), followed by stakeholders losing confidence in the project (41%), and the use of outdated technology (40%). We can’t, of course, comment on every single experience, but it seems very clear to us that some of what is presenting here is a result of a lack of cultural fit between client and vendor. For example, what is identified as poor advice from the vendor might be the result of inefficient communications. Made to measure, not off the rail Just 38% in the IT and telecommunications sector told us that successful transformation involved engaged and productive stakeholders, a rather low figure, though only one other scored more highly - fast on time delivery at 39%. We also found that 34% in the sector told us that having ethics than align with the business would help them trust vendors more. This points us towards what seems to be the critical factor. The fit between vendor and client must be based on shared ethics, strong communication and trust. Finding the right vendor should involve seeing how they measure up on the first two of those qualities, and from this the third should flow. One factor that can stand in the way of this style of selection is if vendors are chosen by boards on the basis of being widely known names. Another is selection on the basis of cost alone. In the end, what we are talking about here is forming a partnership in which both vendor and client share the same definition of a good outcome, the same understandings of the strategies that will get that outcome, and, vitally, the same ethic around open, ongoing, communication with people at all levels of the client organisation. Our survey found that even in the current economic climate 59% of respondents from the IT and telecommunications sector have plans in place to spend more on digital transformation. We’re hopeful that recognition of the importance of shared ethics, trust and communication will help firms in the sector get the outcomes they desire from digital transformation.
DECEMBER 2020
CXO INSIGHT ME
45
VIEWPOINT
CREATING VALUE WITH INDUSTRIAL DATA ANALYTICS ELLIOTT MIDDLETON, DIRECTOR OF PRODUCT MANAGEMENT, AVEVA, SETS OUT SEVEN STEPS TO DATADRIVEN DECISION MAKING
T
here is a lot of buzz surrounding industrial analytics, artificial intelligence (AI) and machine learning (ML). However, companies are not limited to taking large and costly decisions when it comes to exploring the possibilities. There are smaller, incremental steps that may be taken along the journey of digital transformation. Until recently, more mature process industries have pursued AI and ML initiatives, while others are only using some basic levels of automation. The unrelenting pressure to keep production lines moving, especially at a time when businesses are responding to changes driven by the Covid-19 crisis, means there is little time or headspace to consider implementing new technology. Automating the collection of sensor data, spotting problems and patterns can result in faster troubleshooting and major process improvement for all sizes of operation. It is possible to start with small incremental steps that add immediate value. The journey to adding value through data analytics Here are seven steps to generating incremental value with industrial analytics and ML: 1. Automate data collection from sensors. This is a critical prerequisite. An infrastructure for automated data collection requires multiple sensors to feed through the data that is needed for meaningful analysis. 2. Record measurements from the sensors over time. The challenge for many organisations is collecting the data and making sure that data is captured throughout the process so that the workforce has the option to draw some useful inferences at a later stage. You 46
CXO INSIGHT ME
DECEMBER 2020
may not have an immediately obvious use case but if you start collecting all the data, additional insights are likely to arise. 3. Accelerate Diagnostics: Once you have collected the data, diagnostics can greatly reduce the time required to pinpoint and correct operational problems—and lead you to make process changes that prevent them from happening again in the future. 4. Make the Data More Accessible: As the key efficiency metrics are better understood, it is important to make them readily available to a broader group within the operational staff, so they can independently monitor and react to potential problems earlier. Many sites use a large screen display showing a dashboard of live metrics or an automated email report. Others take it a step further and deliver alerts to mobile devices. 5. Add alarm history to the process history to give more context and significance to the data. Traditionally, data historians just record sensor values, they don’t record the alarm state. But combining sensor and alarm data makes it easier to understand the potential impacts on quality, safety, cost or the environment. 6. Add Operational Context: In some applications, differences in recipes, equipment, or personnel can further complicate identifying root causes or improvement opportunities: was the yield lower because it is a different product, operator, or production line? By including information about this kind of operational context, you can begin to consider these other factors in your analysis. 7. Add machine learning: Making this
detailed information available to people has tremendous value, but it still requires them to actually spend time looking at it. Although it can’t do everything, in many cases, you can automate that analysis process so that it is continuously analyzed. Some systems have unsupervised machine learning (ML) capabilities: simply provide the data and the system will look for and report anomalies. This style of ML has the significant advantage of simplicity: no expertise required. Other applications warrant investment in process and technology expertise to add supervised ML, commonly as early failure predictions. 8. Compare like for like: Building on process analytics successes at individual sites, many organisations advance to analysis and comparison across their fleet. The more homogeneous the sites, the more direct the comparisons can be, but few industries actually have “cookie cutter” plants. So, before making these comparisons, there must be some effort to normalise information—whether that is standardising on “m3/day” vs. “liter/ minute” or agreeing on how to calculate Overall Equipment Efficiency (OEE). In global businesses, with multiple operations and multiple sites, being able to do peer to peer comparison – in a standardised manner - is a real value add. Previously, this would have been a task of overwhelming complexity and cost for smaller businesses. Now, with the cloud, this type of comparison is much more accessible and achievable. Eating the elephant Tackling sensor data analytics automation can feel overwhelming, but there is no need to eat the elephant in one sitting. It is quite possible to take single, exploratory steps on this journey as the need arises and the budget is available. You might stop for a while, having implemented one step, and see how it works out for you. Most of the incremental steps can be self-service and don’t need external expertise. The journey to getting value from applying AI and ML to sensor data starts with a single step. As the benefits start to accrue, cost savings will mount and productivity will rise, demonstrating clear business value from intelligent sensor data analytics. It will become a no-brainer to progress further along the route to optimum data-driven decision making.
6 DECEM - 10B E R D U B AI W O R LD TRADE CENTRE
T H E O N L Y G LO B A L TECH SHOW IN 2020 LIVE, IN - PERSON F E E L T H E B U S I N E S S A N D P E O P L E P O W E R AT G I T E X ’ S 4 0 TH A N N I V E R S A R Y E D I T I O N
Five extraordinary days to make up for a year of missed opportunities in 5G, AI, Future Mobility, Cloud, Blockchain, Fintech and more. Plus, 280 hours of conference learning across technology mega-trends. Dubai World Trade Centre is committed to deliver a Safe, Smart & Seamless experience. Important Notice: As a new health & safety measure, admission is strictly by advance online registration only. No tickets sales at the show. GITEX.COM | #GITEX2020
INTERVIEW
GETTING DATA RIGHT DARRAGH FEGAN, GULF AND SAUDI SENIOR MARKETING MANAGER AT VERITAS, TALKS ABOUT WHY AN EFFECTIVE DATA MANAGEMENT AND PROTECTION STRATEGY IS MORE IMPORTANT THAN EVER NOW.
H
ow can CIOs master the complexity of multi-cloud environments? Once an organisation has decided to migrate data and applications to the cloud, understanding what data you have and where it lives inside your infrastructure is the first step. Having this visibility will greatly assist in any migration. Whether organisations are moving one cluster of applications or an entire data centre, another consideration is speed and uptime. Applications aren’t built for modern portability, and the complexity and dispersed nature of the underlying infrastructure can pose potential problems. Ensuring availability and avoiding downtime is critical. After a successful migration, it’s time to make the most of your new environment. However, there are always risks. It is an organisations own responsibility to protect their data in the cloud and not the cloud providers. Protecting and recovering data from a single interface is of paramount importance. Finally, while the original end goal may now be complete, an organisation’s cloud journey is just the beginning. Regardless of what they have already accomplished, there will always be the “next” project. The environment should support the current and future projects allowing one to ideate and move into future projects with ease. Doing so means having an open setup with workload portability so you can easily migrate, move on and adopt the next greatest thing. How has backup and recovery planning changed during the pandemic? Organisation have higher expectations of the brands they do business with during challenging times. These include solutions
they can trust, a brand purpose that aligns to their values, and an experience that is second to none. As part of a digital transformation strategy, organisations look for single platforms they can trust and that do more for them rather than multiple point products that do less. Digital transformation, and especially cloud adoption, has accelerated due to the global pandemic. The newly published Veritas 2020 Ransomware Resilience study determined that as this shift accelerates, resiliency planning has not kept pace, creating a significant resiliency gap. There are several reasons, but the key one, is that while enterprises have found the cloud to be an easy-to-adopt platform for running applications and information storage, they’ve found it much more difficult to implement a platform for resiliency. There is an urgent need for enterprises to close this resiliency gap by accelerating their resiliency planning to keep pace with today’s speed and increasing complexity of IT. What are some of the key steps enterprise must take to protect against ransomware attacks? Ransomware attacks are an increasingly prevalent threat. It is imperative for enterprises to focus more on recovery
while simultaneously mitigating threats preemptively. As we see daily, despite measure in place to prevent malware, ransomware can strike anywhere an organisations data lives, and this includes the cloud. If an attack is successful and the backup and recovery systems aren’t robust enough often there is no choice but to pay the ransom in the hope of getting the data back. The Veritas 2020 Ransomware Resilience study showed an astonishing 42% of IT leaders said their companies had suffered ransomware attacks. Worryingly, two-thirds of respondents said it would take longer than five days to fully recover. Veritas recommends that enterprises should consider adopting more robust methods of ransomware attack mitigation. These include: Enterprises should review their resiliency strategy to ensure that it is predictable and based on real-time visibility, monitoring and recovery automation; companies should follow a “3-2-1” backup approach: a minimum of three copies of their data, in two disparate locations, with at least one offsite; ideally, enterprises should test their DR plan once per month; and IT teams should stay current with security patches and new releases with security updates. It is also important that enterprises should implement in-transit encryption to protect data from being compromised on the network, and IT teams should use immutable and indelible storage technology to prevent ransomware from encrypting or deleting backups. We recommend implementing role-based access control and limit access to only required functionality for individuals and personas. What are the key data storage trends to watch out for in 2021? As mentioned, the shift to cloud has accelerated and this will continue into 2021. Another trend is 5G being adopted. We will experience data transfer speeds ten times faster than 4G. This will result in more AI, internet of things, robotics, AR all being transformed for mass consumption. The inevitable result will be exponential data growth requiring more storage and a greater need to manage and protect this data.
DECEMBER 2020
CXO INSIGHT ME
49
VIEWPOINT
WINNING AT VULNERABILITY MANAGEMENT ADAM PALMER, CHIEF CYBERSECURITY STRATEGIST, TENABLE, HIGHLIGHTS KEY REASONS WHY IT IS NECESSARY FOR ORGANISATIONS TO EMBRACE RISKBASED VULNERABILITY MANAGEMENT APPROACH.
O
rganisations have embraced cloud-based technologies to support a distributed workforce, particularly during the current health crisis. These new technologies are mixed with traditional IT systems rife with data silos and outdated operational processes. The challenge is that legacy security approaches weren’t designed to handle an attack surface of this size and complexity. And the results are evident as, according to a recent study conducted by Forrester Consulting on behalf of Tenable, 94 percent of global organisations suffered at least one business-impacting cyberattack in the last 12 months. While it might feel insurmountable, the majority of cyberattacks can be traced back to unfixed, yet known vulnerabilities. To put things into perspective, there were 17,313 new vulnerabilities disclosed in 2019 — yet attackers leveraged only a small subset of these for attacks. Security teams need to focus on the vulnerabilities that affect critical assets first, instead of being distracted by those that are unlikely to be exploited nor pose a significant threat to the business’’ ability to function. Here are five reasons organisations should adopt a risk-based approach to vulnerability management (RBVM):
with other key contextual elements, including the criticality of the assets affected, threat and exploit intelligence. Organisations can also conduct an assessment with a view of current and likely future attacker activity. This helps organisations understand the actual business risk posed by each vulnerability.
as traditional on-premises IT environments, to eliminate the blind spots that plague legacy tools. By having visibility into the entire attack surface, security teams can determine which vulnerabilities to prioritise for remediation based on risk – regardless of where they reside in the network.
Don’t Get Distracted Prioritising remediation efforts using the common vulnerability scoring system (CVSS) alone isn’t enough. This is because CVSS is limited to a theoretical view of the risk a vulnerability could potentially introduce, rather than the actual risk it poses to the organisation. CVSS doesn’t take into account whether the vulnerability is being exploited in the wild, or if the vulnerability impacts a business-critical service or system. Risk-based vulnerability management helps organisations understand all vulnerabilities in the context of business risk so that data can be used to prioritise remediation efforts. The ability to do so empowers security teams to move beyond the inherent problems of using CVSS in isolation. Instead, they can address true business risk as opposed to wasting valuable time chasing vulnerabilities that have a low likelihood of being exploited.
Strategic and Purposeful By limiting assessments to assets that fall within the audit scope can cause critical systems to be ignored. Instead, continuously discover and assess the risk associated with all business-critical assets across the attack surface. Security teams should also employ analytics that dynamically assess changes in vulnerability, threat and asset criticality data to determine risks in real-time.
Context Based Decisions Correlate and analyse essential vulnerability characteristics along
See Everything Organisations need to be able to assess modern assets, as well
50
CXO INSIGHT ME
DECEMBER 2020
Keep Disruption To a Minimum By leveraging machine learning and artificial intelligence, to instantaneously digest feeds from various sources, security teams can build a picture of the enterprise that focuses on the business’ critical assets and the actual threat they face. These insights empower security teams to adjust their remediation strategy in near real-time. This proactively addresses the vulnerabilities that pose the most risk to the organisation, while minimising disruptions from new vulnerabilities and zero-day exploits that gain media attention.
THE
FUTURE OF THE
AEROSPACE INDUSTRY
14-18 November 2021
Unparalleled line-up of thoughtprovoking content, aerial displays and game-changing innovations
DWC, Dubai Airshow Site
www.dubaiairshow.aero Book your space today: sales@dubai.aero
Follow us on: #DubaiAirshow
Commerical Aviation | Aircraft Interiors | MRO | Business Aviation | Air Traffic Management Space | Defence & Military | Air Cargo | Emerging Technologies NEW Supported by:
PRODUCTS
Sony FX6 camera
S
ony Middle East & Africa has launched the FX6 (model ILME-FX6V) camera, the latest addition to Sony’s Cinema Line, a series of products that brings the company’s expertise in imaging technology to a broad range of filmmakers and content creators. Sony’s Cinema Line, which also includes the VENICE and FX9 cameras, delivers a coveted filmic look cultivated from extensive experience in digital cinema production, as well as enhanced operability thanks to an innovative body design, extensive durability and intuitive customisability. As part of the Cinema Line, the all-new FX6 incorporates Sony’s core technologies of image sensor, processing engine, and AF (autofocus) performance. FX6 is also compatible with the wide range of Sony E-mount lenses for creative flexibility. The new camera features a 10.2 MP full-frame backilluminated Exmor R CMOS sensor that delivers a 15+ stop wide dynamic range with high sensitivity and low noise. FX6’s base sensitivity is ISO 800 with an enhanced sensitivity setting of ISO 12,800 - expandable to 409,600 - for shooting in low and very low light conditions.
BENQ EYE CARE MONITORS BenQ has rolled out its latest Eye-Care monitors GW2480T and GW2780T along with a Monitor Light ScreenBar. GW2780T is the 27inch edition of its smaller forerunner, GW2480T, the 24-inch monitor, featuring the latest eye-care technologies and height adjustment stand. These monitors are complemented by the BenQ ScreenBar e-Reading Monitor Lamp, which is an intelligent clip-on monitor light with advanced sensors and dimmable features designed for consumers’ viewing comfort. BenQ GW2480T and BenQ GW2780T Eye-Care Monitors are one of the very first monitors that have been designed especially for vision health, including BenQ’s Brightness Intelligence Technology (BI) that automatically scales screen brightness according to the ambient light of the surroundings and enhancing dark areas on the display screen without overexposing bright regions to reduce eyestrain. 52
CXO INSIGHT ME
DECEMBER 2020
HONOR WATCH ES HONOR, has recently launched the HONOR Watch ES with a large HD display, long lasting battery and a diverse library of watch faces. Created to offer bigger space for a more comfortable and clear viewing experience, the HONOR Watch ES features a large 1.64-inch AMOLED display with 280x456 resolution. The watch offers a stunning screen-to-body ratio of 70%, which is on the high end of the entire smartwatch spectrum. Clocking in at 326 PPI pixel density and 16.7 million colors, the HD display assures exceptional readability in a sophisticated and futuristic rectangular case. What’s more, the display is capable of adjusting brightness automatically depending on the user’s ambient light levels. Made to go with your daily grind, the HONOR Watch ES weighs only 21g and measures at 10.7mm in thickness with a 30mm-wide watch frame. The slim and lightweight design, along with the silicon strap and curved edges, brings a high level of comfort for all-day wear. With a long lasting battery, wearers never have to worry about missing a step. Driven by the preferred choice of young people, the HONOR Watch ES offers three vibrant color options – Meteorite Black, Coral Pink and Icelandic White.
Acer projectors Acer has introduced new LED and laser projectors for business and commercial use. These new models include a best-in-class wireless LED 1080p projector with 3,000 lumens of brightness and also high energyefficiency laser projectors that reach 3,100 lumens. The VD6510i is a wireless 3,000 lumens LED 1080p projector that delivers ultra-smooth 1080p 120Hz projections for action movie excitement. 125% coverage of the Rec. 709 color gamut provides excellent color saturation and vivid images, enhanced by 16x sequential display speed that minimizes rainbow effect, while 3,000 ANSI lumens of brightness enables the projector to produce a crystal clear image even for large screens or in a room with the lights on.
Using only 143 watts of power, the Acer XL series (XL1220/XL1320W/XL1520) contain some of the most energy-efficient 3,100 lumens laser projectors in the world. The XL series of projectors are reliable devices that deliver stunning image quality of up to 1080p and are priced for the mainstream market, making them perfect for use in medium-sized meeting rooms.
SEAGATE 18TB SKYHAWK HARD DRIVE Seagate Technology is shipping 18TB SkyHawk Artificial Intelligence drives in volume. SkyHawk AI is the world’s first purpose-built hard drive for artificial intelligence (AI)enabled Surveillance solutions, enabling quicker and smarter decisions. The new drive supports deep learning and machine learning workload streams for Edge applications with ImagePerfectAI. The capacity to retain more data over time is required for deep learning systems to become smarter and more accurate in their predictive analysis, and behavior analysis requires significantly more data than traditional video capture. SkyHawk AI simultaneously sustains 32 AI streams alongside 64 video streams and supports multi-bay NVR and AI-enabled NVR. SkyHawk AI offers a 550TB/year workload rate, more than 3× the workload rate of standard surveillance hard drives in order to manage data deluge in complex video security system environments without sacrificing performance. This drive intelligently adapts between traditional video workloads and video+AI workloads.
Intel NUC M15 Laptop Kit Intel launched the Intel NUC M15 Laptop Kit (formerly code-named “Bishop County”). The NUC M15 brings Intel’s technical expertise to the whitebook market, with the goal of providing Intel’s channel customers with a premium, precision engineered laptop kit. The Intel M15 Laptop Kit includes an 11th Gen Intel Core mobile processor and Intel Iris Xe graphics and is designed to exceed the stringent requirements of the new Intel Evo platform brand. Ultimately, the Intel Evo platform brand is earned by each channel partner, but the M15 offers the right foundation for our channel partners to build an Intel EVO-qualified laptop. The Intel M15 Laptop kit has a sleek, modern design with a premium CNC anodized aluminum chassis that measures just 14.9mm thick and weighs in at 1.65kg. Built with an 11th generation Intel Core processor and Intel Iris Xe graphics, the NUC team has taken advantage of over 50 years of Intel innovation and expertise to create a laptop kit that makes the most of our new CPU architecture.
DECEMBER 2020
CXO INSIGHT ME
53
BLOG
THE RACE TO CURE COVID-19 SUNIL PAUL, MANAGING DIRECTOR OF FINESSE, ON HOW TECHNOLOGY CAN FAST-TRACK COVID-19 VACCINE ADMINISTRATION AND DELIVERY
R
ecently the news of two experimental vaccines that appear to offer a high degree of protection from the novel coronavirus has caught the world’s attention. Biotechnology company Moderna and pharmaceutical corporation Pfizer, in partnership with German biotech firm BioNTech, are the two leading candidates in this race, and both the experimental vaccines are based on genetic technology mRNA. The two vaccines display efficacy rates of above 90% as per the interim findings of its Phase 3 clinical trials. While the two vaccines are diffusing optimism all around and are already under FDA review, efforts by other companies also continue. In fact, at the time of writing this, the UK is the first country to approve the use of PfizerBioNTEch’s COVID-19 vaccine with immediate plans for mass inoculations. This means we can expect not only an approved FDA vaccine but also a global deployment soon. This is a positive and significant step towards developing a new framework of life post the pandemic. Once a vaccine is globally approved and ready for use, the biggest priority will be ensuring it is delivered to the masses, especially the elderly and healthcare workers, as soon as possible. An effective way to efficiently achieve this objective is by leveraging technology. According to Pfizer-BioNTEch, when its vaccine is approved for widespread use, then as many as 50 million doses could be available this year itself, with a capacity for 1.3 billion more to be produced in
54
CXO INSIGHT ME
DECEMBER 2020
the new year. Right from the onset of the pandemic, technology plays a central role, whether for contact tracing, transforming business models overnight to suit the new environment, or now for quick and optimised delivery of vaccines. Currently, the vaccines that are being developed or in the process of approvals are ones that require two doses per person. Imagine carrying out vaccinations of two doses at different intervals of time for every person in the world – the magnitude of the process though intimidating can be enhanced through innovative technologies such as AI, automation, mapping tools, location intelligence, big data, IoT, security, blockchain and so on. The maintenance requirements such as temperature, packaging, storage specifications etc., will vary for different vaccines that will get approved, and it will be a challenge in terms of logistics. The vaccines will also become the most sought-after medicines, which means ensuring its security while being shipped is another concern to keep in mind. Blockchain technologies have the potential to help with supply chain integrity and tracking purposes while also being useful for maintaining vaccine records. Location intelligence and mapping tools can help to identify those with the highest risk of infection, such as nursing homes and health clinics, so that these areas can be prioritized. Different platforms and apps created on cloud and smart technologies, not to mention all the intelligence from the data collected, will also play
a role in expediting the distribution process. For example, in the United States, Operation Warp Speed (OWS), a public–private partnership, led by the Department of Health and Human Services and the DOD, plans to deliver 300 million doses of the COVID-19 vaccine and therapeutics to treat the virus. OWS utilises a data platform called Tiberius from data analytics company Palantir, to analyse and visualise data across the whole operation. The platform, loaded with data from many different sources, assimilates the information regarding manufacturing, clinical trials, supply chain allocation, state and territory planning, delivery and administration and so on, without retaining any personal information within its system. Tiberius offers a unified view of the whole country to help make decisions regarding vaccine distribution optimally. These kinds of technology innovations will help achieve the daunting task of ensuring widespread administration as we step into 2021, which will undoubtedly be the global vaccination year. With the ongoing positive developments on the vaccine front, there is a sense that we might be able to bring back glimpses of our old lives after all. It has never been more critical for the tech community to come together and collaborate to form meaningful alliances to fuel innovations in the fight against COVID-19.
CommScope connectivity powers the smart building. Connectivity is redefining how today’s smart buildings serve the people who live, work and play in them. And CommScope is redefining how in-building connectivity is engineered, deployed and managed. Employees, customers and visitors demand always-on wireless service. Facility operations and security systems increasingly rely on IP-connected Internet of Things devices. No wonder enterprises around the world count on CommScope to deliver reliable, ubiquitous in-building connectivity—making smart buildings smarter, and helping to manage them better. CommScope will be participating virtually in the GITEX Plus platform of the GITEX Technology Week 2020 between the 6th to 10th December.
Contact MEAMarketing@commscope.com or learn more at commscope.com © 2019 CommScope, Inc. All rights reserved. AD-13375-EN
