CXO Insight Middle East - Leading change - February 2021 by cxoinsightme

ISSUE 28 \ FEBRUARY 2021

LEADING CHANGE Inside GEMS Education’s transformative journey to become a digital leader

Rise above run-of-the-mill cloud solutions for IT management.

Give your business the ManageEngine advantage.

Corp.

CONTENTS

PRODUCTS

INSIDE GEMS EDUCATION’S TRANSFORMATIVE JOURNEY TO BECOME A DIGITAL LEADER

LEADING CHANGE

COUNTERING 12 CYBER THREATS 18 UNLEASHING THE

OF 30 AHEAD THE CURVE

22 CONSTRUCTION GAME CHANGERS

IMPLICATIONS OF 34 SECURITY THE HYBRID WORKFORCE

UP 24 GEARING FOR A NEW ERA

SIDE 36 OFTHETHEDARKCLOUD

THE 28 CREATING VIRTUAL REALM

ADAPTING TO A POST40 PANDEMIC WORLD

PROMISE OF 5G

PUBLISHED BY INSIGHT MEDIA & PUBLISHING LLC

TO PREVENT 32 HWAYS CYBER ATTACKS

NEWS

SAUDI RAILWAY COMPANY MODERNISES DATA INFRASTRUCTURE WITH ORACLE CLOUD GO SMART SOLUTIONS TAPS IBM CLOUD TO ACCELERATE HYBRID CLOUD STRATEGIES ARTIFICIAL INTELLIGENCE HELPS AFRICAN FARMERS FIGHT LOCUSTS

FEBRUARY 2021

CXO INSIGHT ME

PROFESSIONAL IP SURVEILLANCE SOLUTIONS

WARRA

Your Security... In Your Hands

SIRA AP

PR O VED

KEY FEATURES • Easy & Pro Series Range • IP Cameras & NVRs • Deep Video Compression • Superior Quality • Video Analytics • Centralized Management • Starlight & Super Starlight Monitor Your Premises From Anywhere IP Guard Viewer Mobile App

Connect to more...

EDITORIAL

THE 5G CONUNDRUM

G is all the rage now. And it is here a lot faster than we imagined. According to Huawei, more than 140 commercial 5G networks have already been deployed in 59 countries, and 5G has become a core part of production process in more than 20 industries including manufacturing, healthcare, logistics and education. There is no doubt 5G is all set to change the world in ways we can’t even imagine, and businesses should start preparing for it. Like any other new tech, there is a flip side to 5G as well – it presents new challenges to cybersecurity and privacy. A recent whitepaper from Booz Allen Hamilton says 5G ecosystem will open up new opportunities for malicious threat actors. The report states though 5G will forge connections between devices and the digital world, it also translates to new vulnerabilities. The consulting firm says government and private sector must recognise and address these risks early in the network development process.

In this context, 5G would require a completely new approach to cybersecurity. Unlike previous generation of cellular technologies, 5G will enable many mission-critical use cases in verticals such as healthcare and autonomous vehicles. Here, vulnerabilities in 5G networks could prove costly and sometimes may even impact human lives. 5G networks are also vulnerable to denial- of-service attacks and GSMA says hacking 5G could become as simple as hacking the web. As the number of low-cost devices that connect to 5G expands, this new generation wireless technology will indeed challenge many of our traditional assumptions about network and applications security. The ever-expanding attack surface means that enterprises looking to adopt this exciting new technology will require to take a holistic view and ensure that security is built into each component of the whole ecosystem. It is indeed an opportunity to build a much more resilient and secure digital backbone, which is what today’s digital transformation deployments require.

Published by

Managing Editor Jeevan Thankappan jeevant@insightmediame.com +97156 - 4156425

Sales Director Merle Carrasco merlec@insightmediame.com +97155 - 1181730

Operations Director Rajeesh Nair rajeeshm@insightmediame.com +97155 - 9383094

Production Head James Tharian jamest@insightmediame.com +97156 - 4945966

Administration Manager Fahida Afaf Bangod fahidaa@insightmediame.com +97156 - 5741456

Designer Anup Sathyan

While the publisher has made all efforts to ensure the accuracy of information in this magazine, they will not be held responsible for any errors

FEBRUARY 2021

CXO INSIGHT ME

NEWS

SAUDI RAILWAY COMPANY MODERNISES DATA INFRASTRUCTURE WITH ORACLE CLOUD

audi Railway Company (SAR), has initiated a major digital transformation with Oracle Cloud Infrastructure (OCI) to enhance business agility, create a robust cybersecurity infrastructure, automate core ticketing system and reduce costs. “At Saudi Railway Company (SAR), we are on a mission to deliver distinctively high quality and reliable railway transportation services to meet the expectation of our customers, while also acting as a major catalyst for Saudi Arabia’s economic growth,” Sami Alawfi, IT Director at Saudi Railway Company (SAR) said. “SAR is rapidly expanding operations, and in order to support this growth, we need to set up a robust disaster recovery system that complements a

fully automated and paperless ticketing system. This project will help achieve our goals while ensuring full compliance with the security guidelines for a productive cooperation with our global partners,” added Alawfi. Under this initiative, Saudi Railway Company (SAR) will also implement

GO SMART SOLUTIONS TAPS IBM CLOUD TO ACCELERATE HYBRID CLOUD STRATEGIES

IBM has announced that Go Smart Solutions, a software development company in Saudi Arabia, has selected IBM Cloud to transform its operations. The transition also aims to help Go Smart Solutions’ customers accelerate their digital transformation and expedite their hybrid cloud strategies. Founded in Riyadh, Saudi Arabia, Go Smart Solutions serves customers locally as well as in the UAE, Lebanon 6

CXO INSIGHT ME

FEBRUARY 2021

and the United Kingdom. As part of its transformation strategy, the company recently migrated its production environment to IBM’s public cloud to meet its critical need for infrastructure performance and enterprise-grade security, support business growth and provide an enhanced and uninterrupted experience to its customers. By hosting its production environment on IBM Cloud, Go Smart Solutions is now able to provide its customers with digital solutions as a service with a cloudbased subscription model, enabling businesses to opt for the services they require, as needed. Increased regulatory and compliance requirements are driving the need for improved security and resiliency as companies continue to shift workloads to the cloud. Through its cloud adoption, Go Smart Solutions now benefits from the industry’s most secure and open cloud platform.

Oracle Analytics Cloud and Oracle Autonomous Data Warehouse. Besides reducing vital total cost of ownership (TCO), the implementation will also empower SAR’ leadership to access real time performance data with unique data insights to enable faster and more accurate decision making. “SAR is a national asset, and its performance is vital for the country’s economic success. With the unmatched capabilities of our secondgeneration cloud infrastructure, that is powered with machine learning and Artificial Intelligence, SAR will be able to rapidly scale operations, innovate more and create a fully automated and truly modern IT infrastructure,” said Fahad Al Turief, Country Leader, Saudi Arabia, Oracle.

The IBM Cloud offers sophisticated encryption capabilities such as “keep your own key” and confidential computing – so that not even IBM can access clients’ data. Go Smart Solutions also benefits from enhanced business continuity and uninterrupted operations. It is also able to rapidly meet its computing resource demands, without having to invest in additional hardware or physical infrastructure. IBM Cloud also offers access to higher value technologies, including artificial intelligence (AI) and Internet of Things (IoT). “Companies of all sizes and industries are in their digital transformation journey. The pandemic accelerated these journeys and what we would see happening in five to six years will now happen in less than two,” said Hossam Seif El-Din, General Manager, IBM Middle East and Pakistan. “Through IBM Cloud, Go Smart Solutions is able to reshape its operations to differentiate itself from the competition and serve its customers and their agendas in a fast, uninterrupted and secure manner.”

Shahebaz Khan, General Manager for the UAE, Visa, said, “While there had been a sudden surge in eCommerce and digital payments in 2020 due to the impact of COVID-19, our report suggests that these trends will continue to prevail in 2021, even as the vaccines become more widely available in the country and the wider region. In addition, we believe 2021 will place greater attention on security and fraud, and trial of more emerging digital commerce tools that can help SMBs in the UAE thrive.” The report highlighted that digital-first mindsets will help power business forward and win consumer mindshare in 2021:

MOST CONSUMERS USED CONTACTLESS PAYMENTS IN THE LAST THREE MONTHS: VISA

s the one-year mark of the Covid-19 pandemic approaches, more consumers continue to tap their cards in-store and click to pay online, as the businesses that serve them embrace digital payments more rapidly than ever before. The third edition of Visa’s global research study, “Visa Back to Business Study – 2021 Outlook,” conducted in Brazil, Canada, Germany, Hong Kong,

Ireland, Russia, Singapore, United Arab Emirates (UAE) and United States, found that both the continued SMB shift towards digital commerce and changing consumer payments habits show few signs of reversal as the calendar advances into 2021. According to the study, by the end of 2020, nearly all (97%, compared to the global average of 83%) of SMBs surveyed in UAE had embraced new forms of digital technology to meet changing consumer behaviors. Looking ahead to 2021, SMBs are assessing what other payment technologies are critical to meeting today’s consumer expectations, with results led by security and fraud protection (54%) and allowing instalments for online payments (49%, compared to 35% globally, the most of all markets surveyed).

The Road to Recovery for SMBs in 2021 • Contactless Payments Are Here To Stay: The global rise of contactless payment offerings in 2020 spurred by challenges including consumers looking for safer ways to pay amidst the pandemic, is showing no signs of slowing down in the New Year. In fact, in June 2020 44% of UAE’s SMBs surveyed were offering contactless payment for the first time – now, the same proportion (44%) say they are doing it more often, and of those, 73% plan to continue doing it over the next three months. Over 4 in 5 (86%, compared to 74% globally, the most of all markets surveyed) SMBs surveyed expect consumers to continue preferring contactless payments even after a vaccine is widely available. • SMBs Meet Consumers Where They Are: SMBs have steadily increased their efforts to meet consumers where they are now: online. In the UAE, 97% of SMB owners have made updates to their operations in the past three months to meet these new demands for digital payments, up from 94% in summer 2020 when the first Visa Back to Business Study was released. • The Fight Against Fraud: At 94%, SMBs in the UAE are the second most likely of all markets surveyed after Hong Kong (96%) to have encountered customer concerns about fraud over their new use of technology (compared to 70% globally), presenting an obstacle to maintaining positive engagement with their customers. Recognising the significance of and responding to a potential fraud attack will continue to be critical in 2021 as the shift to digital sales continues to increase.

FEBRUARY 2021

CXO INSIGHT ME

NEWS

BAHRAIN’S NATIONWIDE 5G ROLL-OUT TO SPARK NEXT-GEN TECH OPPORTUNITIES

ahrain has achieved full national 5G coverage, according to Bahrain’s Ministry of Transportation and Telecommunications, as two of three mobile operators have achieved full coverage to the Kingdom’s population, sparking a new wave of opportunities for streaming, gaming and supply chain technologies. Bahrain has long been considered a strategic base for tech firms to launch data-driven services in the Gulf region, with Amazon Web Services launching the region’s first hyper-scale data centre in the Kingdom last year. All of the Middle East nation’s 1.5 million population are now able to access the high-speed service, and investment

ARTIFICIAL INTELLIGENCE HELPS AFRICAN FARMERS FIGHT LOCUSTS A free tool that will help farmers and pastoralists across Africa to predict and control locust behaviour has been launched. Kuzi—the Swahili name for the wattled starling, a bird renowned for eating locusts—is an AI-powered tool that generates a real-time heatmap of locusts across Africa, shows all potential migration routes, and gives a real-time locust breeding index. Using satellite data, soil sensor data, ground meteorological observation, and machine learning, Kuzi can predict the breeding, occurrence and migration routes of desert locusts across the horn 8

CXO INSIGHT ME

FEBRUARY 2021

experts hope that the roll-out will attract other heavyweight tech firms in the postCOVID era, as companies look to make full use of the wide promise of next generation technologies across a wide variety of applications. Bahrain’s telecoms sector attracted some BHD 787 million in investments (more than 2 billion US dollars) between 2009 and 2019. In line with ambitious economic diversification efforts, the Kingdom’s ICT sector now accounts for nearly three per cent of national GDP. Rapid progress on 5G is also being made across the region as the Gulf digitises. H.E. Engineer Kamal bin Ahmed Mohamed, Bahrain’s Minister of Transportation and Telecommunications said, “We are continually striving to ensure that the Kingdom of Bahrain maintains its position among global leaders in this crucial sector. This includes ensuring availability and deployment of commercial 5G services and enhancing readiness for next generation ICT services such as the Internet of Things and

Machine-to-Machine communications.” He said that this important milestone is also testament to its strength as a regional and global ICT leader. Moreover, it is a clear indication that the country’s ongoing national digital transformation and Bahrain’s Economic Vision 2030 strategies are on track. “Both prioritise strong ICT infrastructure to support the growth of our digital economy while enhancing Bahrain’s readiness to harness innovation.” He added, “We are confident that our potential to generate, use, and ultimately export innovation will be pivotal for the growth and diversification of our economy towards high value-added sectors such as content development and Artificial Intelligence (AI). Rapid access to information is essential to innovation, particularly for next-generation services. In this way, 5G is a crucial step in Bahrain’s ongoing transition from net consumer to net producer of technological innovation.” Researchers estimate that there will be more than 1 billion 5G connections by 2023, and Bahrain’s nationwide roll-out places the Kingdom at the forefront of this global technological advancement for both B2B and B2C applications.

of African and Eastern African countries, and uses deep learning to identify the formation of locust swarms. Kuzi then sends farmers and pastoralists free SMS alerts 2-3 months in advance of when locusts are highly likely to attack farms and livestock in their areas. Without preventative measures, a swarm of 80 million locusts can consume food equivalent to that eaten by 35,000 people a day, devastating food stocks for vulnerable communities. Putting in place early detection and control measures, which are critical in desert locust management, will offer farmers and pastoralists a vital tool in the fight against world hunger and food insecurity. Alerts are currently available for

Ethiopia, Somalia, Kenya, and Uganda, in the regional languages of Kiswahili, Somali and Amharic, spoken by over 200 million people across Eastern Africa. John Oroko, CEO of Kuzi’s creator, Selina Wamucii, said, “A new wave of locust upsurge now threatens millions across Eastern and Southern Africa, exacerbating food insecurity for already vulnerable communities, amidst the challenges of the COVID-19 pandemic. We have a responsibility to develop and deploy locally bred solutions that address these challenges faced by our vulnerable rural communities.” The free tool is currently available to users in Somali, Ethiopia, Kenya, and Uganda with plans to roll out to cover the rest of Africa. Farmers can sign up for the free SMS alerts with any mobile device, with or without an internet connection, capture the GPS location of their farm, and they are good to go, without any charges.

NISBAH CAPITAL BECOMES FIRST ME CORPORATE BAKER ON TEZOS BLOCKCHAIN

isbah Capital, the blockchain subsidiary of Saudi Arabia-based Taibah Valley, has announced that it will join the Tezos ecosystem as a corporate baker, the first in the Middle East region, and has added the Tezos blockchain to its blockchain lab projects as part of its initiative to create the biggest blockchain community in the MENA region to support commercialised applications, counselling, mentoring and researching in the areas related to blockchain and cryptocurrency. In addition, through its subsidiary, Nisbah Capital, Taibah Valley has also become the first corporate entity in the Kingdom to participate in the Tezos ecosystem as a corporate baker, meaning that it will now validate transactions (blocks) and add them

to the Tezos blockchain. This move follows an announcement in 2020 by EDF Group subsidiary, Exaion, which became a corporate baker in October. Participating in the ecosystem as a baker not only strengthens the decentralisation of the Tezos ecosystem but also reinforces its credibility and paves the way for future institutional adoption in the MENA region. Becoming a Tezos baker is seen by Taibah Valley as part of supporting the technology and the communities that are interested in cryptocurrency. Raghad Abdulghani, Technical Specialist at Taibah Valley, said, “By becoming a Tezos

TWITTER SELECTS AWS AS STRATEGIC PROVIDER TO SERVE TIMELINES Amazon Web Services, Inc. (AWS), an Amazon.com, company, has announced that Twitter has selected AWS to provide global cloud infrastructure to deliver Twitter timelines. Under the multi-year deal, Twitter will leverage AWS’s proven infrastructure and portfolio of services to support delivery of millions of daily Tweets. This expansion onto AWS marks the first time that Twitter is leveraging the public cloud to scale their real-time service. The company will rely on the breadth and depth of AWS, including capabilities in compute, containers, storage, and security, to reliably deliver the real-time service with the lowest latency, while continuing to develop and deploy new features to improve how people use Twitter. The new agreement builds on the companies’ more than decade-long collaboration, where AWS continues to provide Twitter with storage, compute, database, and content delivery services to

support its distribution of images, videos and ad content. Millions of people and organisations use Twitter to share and react to what’s happening and what people are talking about right now, and the firm will leverage AWS infrastructure and services to continue improving performance and security for them. Twitter and AWS will create an architecture that extends the social media firm’s on-premises infrastructure to enable them to seamlessly run and scale the real-time service globally, increase its reliability using AWS’s faulttolerant infrastructure, and rapidly move new features into production around the world. The company will take advantage of AWS Graviton2-based instances on Amazon Elastic Compute Cloud (Amazon EC2) to power its cloud-based workloads, and use AWS container services to develop and deploy new features and applications consistently across its hybrid infrastructure. In addition, the social media giant will continue to use AWS services such as Amazon CloudFront (AWS’s fast content delivery network service that securely delivers data,

baker, we see an opportunity to spread the knowledge about cryptocurrencies and how they work, and to attract different companies to recognise the potential in the MENA region. In addition, we believe that baking will help build the future of the Tezos blockchain in the region.” Waleed Rassuli from Tezos Gulf, added, “This collaboration with Taibah Valley will be a major driver to stimulate the adoption of decentralised blockchain technologies in the Middle East. Given the increasing number of corporate bakers in the Tezos ecosystem, we think that having one in the Middle East will give local blockchain projects in this region a boost.” Taibah Valley was established by 2008 with the mission of investing and supporting projects with real economic value and positive impact for Saudi Arabia and the MEA region. Its areas of focus are blockchain, Internet of Things and Artificial intelligence.

videos, applications, and APIs with low latency and high transfer speeds to customers globally) and Amazon DynamoDB (AWS’s key-value database that delivers single-digit millisecond performance at any scale). “We are excited to work with AWS to expand the infrastructure Twitter uses to serve the public conversation as we grow globally,” said Parag Agrawal, Chief Technology Officer, Twitter. “The collaboration with AWS will improve performance for people who use Twitter by enabling us to serve Tweets from data centres closer to our customers at the same time as we leverage the Arm-based architecture of AWS Graviton2 instances. In addition to helping us scale our infrastructure, this work with AWS enables us to ship features faster as we apply AWS’s diverse and growing portfolio of services.” “Twitter’s decision to rely on AWS infrastructure and services for its real-time workloads will help them instantly scale their global footprint up and down without ever compromising the experience for people who use Twitter,” said Matt Garman, Vice President, Sales and Marketing at Amazon Web Services, Inc. “By using AWS container services to create a seamless hybrid onpremises and cloud environment, Twitter can innovate and deliver new experiences quickly and cost-effectively.”

FEBRUARY 2021

CXO INSIGHT ME

NEWS

AMMAN STOCK EXCHANGE DEPLOYS NUTANIX HYPERCONVERGED CLOUD PLATFORM

utanix has announced that Amman Stock Exchange Company (ASE) has successfully deployed Nutanix’s hyperconverged infrastructure-based Cloud Platform. The solution, which was expertly implemented by PROTECH, has eliminated hardware maintenance fees of over USD35,000 annually and significantly reduced operating expenses due to lower data center energy consumption and space requirements. It has also enhanced the performance of mission-critical applications such as ASE’s website, resulting in improvements in enduser satisfaction and reduction in IT helpdesk complaints. It also delivers high availability and makes zero RTO (recovery time objectives) and RPO (recovery point objectives) possible as Virtual Machines (VMs) can be effortlessly migrated between primary and disaster recovery sites. As ASE hosts the trading platform

CXO INSIGHT ME

FEBRUARY 2021

for the country of Jordan, IT is an integral part of its overall organisational strategy. With their trading platform and auxiliary systems running on legacy hardware, which was originally installed in 2010, the IT team faced several performance and maintenance challenges, along with the looming threat of disruption to their operations due to aging IT infrastructure. As years progressed, the team found it increasingly difficult to procure spare parts, and upgrades were starting to become increasingly complicated and expensive. Every upgrade to the latest firmware involved replacing a lot of hardware – from servers and storage to network switches. The hardware maintenance contracts alone were costing ASE over USD35,000 annually. To overcome the challenges it was facing due to its environment, ASE decided to implement a virtual environment based on Nutanix’s Cloud Platform. Critical applications that run on Nutanix include all the auxiliary systems

for ASE’s trading platform as well as the website and its associated database. End users of these applications include brokerage firms, public shareholding companies, data vendors, investors, and the Jordan Capital Market (JCM). Eng. Fadi Sodah, Director, Information & Communications Technology at Amman Stock Exchange said, “Nutanix proved to be the best option from both the technical as well as financial perspectives. VM migration was seamless and the entire implementation was completed without issue within just two weeks.” The solution immediately addressed the maintenance, expansion and upgrade issues ASE previously faced with its IT infrastructure. Nutanix has enabled ASE to consolidate its compute, storage, and networking into an all-in-one platform that is easily controlled and monitored via a single dashboard. Sodah highlighted that the solution’s self-healing, patching, data protection, replication, policy enforcement, and event logging features have been especially beneficial to his organisation. “Trading is a high pressure business, and the stakes are high. If the ticker on our website has even a second’s worth of delay, we receive complaints. Real-time processing is key and even milliseconds of latency is unacceptable,” explained Sodah. Sharing an example of how the migration to Nutanix has mitigated such latency issues he said, “We observed poor performance in applications like our website and some internal apps, and troubleshooting revealed that this was due to slowness in the read/write function of our other hyperconverged solution. When we moved to Nutanix, we saw an immediate and impactful improvement in performance.” While the ease of management and cost savings that his IT team now enjoy are no doubt highlights of the deployment, it is perhaps this enhancement of end-user experiences that ASE values most.

CYBEREASON, INTEL DRIVE NEW RANSOMWARE PROTECTIONS FOR BUSINESS

ybereason has announced a partnership to adopt new Intel Hardware Shield protections for Ransomware available on the 11th Gen Intel Core vPro mobile platforms. The company said its multi-layered protection, in collaboration with Intel Threat Detection Technology, will enable full-stack visibility to uncover ransomware attacks. The solution represents the first instance where PC hardware plays a direct role in ransomware cyber defense to better protect enterprise endpoints from costly attacks, and underscores both companies’ commitment to empowering defenders by reversing the adversary advantage. Ransomware continues to evade traditional anti-malware defenses,

highlighting the need for a new approach to protecting the enterprise from costly attacks, system downtime, Lior Div, Cybereason and reputational damage. Cybereason’s superior prevention, detection and response capabilities combined with Intel Hardware Shield protects enterprise customers from ransomware while improving overall security performance. “This collaboration with Intel to add CPU based threat detection bolsters our long history and industry-leading capabilities in detecting and eradicating ransomware. The combination of bestof-class hardware, software, and security know-how provides defenders with full-stack visibility critical to ending the era of double extortion that is currently costing organisations hundreds of millions each year,” said Lior Div, CEO and Co-Founder, Cybereason. Cybereason expects to announce

COGNIZANT TO ACQUIRE LINIUM Cognizant has announced that it has agreed to acquire Linium, a cloud transformation consultancy group specialising in the ServiceNow platform and solutions for smart digital enterprise workflows. Linium, operating as the ServiceNow business unit of Ness Digital Engineering, a privately-held portfolio company of The Rohatyn Group, helps Fortune 100 clients and others leverage cloud technology to improve operational efficiency and user experience. Completing this transaction will further accelerate Cognizant’s cloud strategy, marking the company’s seventh cloudrelated acquisition since January 2020, and continued investment in expanding capabilities in the strategic focus areas of cloud, data and artificial intelligence, digital engineering, and Internet of Things. Including Linium, Cognizant has announced approximately $1.4 billion in acquisitions over the past 12 months in these areas.

“Linium’s specialized ServiceNow focus broadens Cognizant’s enterprise service management capabilities while complementing our own longstanding ServiceNow alliance,” said Malcolm Frank, President, Digital Business and Technology, Cognizant. “Creating more agile workflows in the cloud is a priority for our clients, and together with Linium, we can now provide world-class, enterprise-wide ServiceNow expertise to customise workflows for customers and employees. We look forward to Linium’s team joining Cognizant.” “We are excited to join forces with Cognizant,” said Joe Burke, Co-Founder, Linium. “ServiceNow continues to gain market relevance, and by combining Linium’s skills and knowledge with Cognizant’s scale and rich expertise in cloud, digital engineering, automation, and other pivotal technologies, we will be well-positioned to capitalise on the market opportunities ahead.”

market availability during the first half of 2021. Additional value that Intel and Cybereason are bringing to the market are as below: • CPU Threat Detection—Enables enterprise customers to go beyond signature and file-based techniques by leveraging CPU-based behavioural prevention of ransomware. • Full-Stack Visibility—Eliminates blind spots to expose ransomware as it avoids detection in memory or hides in virtual machines while differentiating legitimate data encryption processes for business purposes. • Unleash Machine Learning for Better Security—Enterprises can accelerate performance-intensive machine-learning security algorithms by offloading to the Intel integrated graphics controller to boost capacity to analyse more data and do more security scans. • Accelerate Endpoint Prevention, Detection & Response—Enterprises can bolster the performance of their security agent processing for better user experiences.

Since ServiceNow was established in 2004, Linium has delivered more than 3,500 successful engagements Malcolm Frank, Cognizant for digital platform development, customisation, and management services. Linium holds more than 300 ServiceNow certifications, and its dedicated teams focus on client engagements across a variety of industries including telecom, insurance, and technology. More than a third of Linium’s clients are Fortune 100 companies. Upon the close of the acquisition, Linium’s approximately 150 professionals will join Cognizant’s global ServiceNow practice. Headquartered in Albany, New York, Linium also has operations in Canada, India, and the UK. Cognizant’s acquisition of Linium is expected to close in the first quarter of 2021. Financial details were not disclosed.

FEBRUARY 2021

CXO INSIGHT ME

VIEWPOINT

COUNTERING CYBER THREATS STEVE RIVERS, TECHNICAL DIRECTOR AT THREATQUOTIENT, ON UNDERSTANDING KNOWN ADVERSARY TACTICS AND TECHNIQUES

n the last few years, the MITRE ATT&CK framework has been key to many organisations combating cyber threats. Essentially the framework is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations of cyberattacks. The objective of the framework is to create a comprehensive list of known adversary tactics and techniques used during a cyberattack. Open to government, education, and commercial businesses, it allows the collection of a wide and exhaustive range of attack stages and sequences. The mapping of the framework data, summarised as threat information, is ultimately one of the main activities 12

CXO INSIGHT ME

FEBRUARY 2021

that an IT security department will undertake. There are two ways that the data can be used by organisations for threat intelligence; they can be either consumers or producers. Consumers will be using the data already created to improve threat intelligence decision-making. A consumer will usually start by narrowing the threat landscape to specific groups of cybercriminals or threat actors. This allows the organisation to understand which threat actors are targeting their data, assets, or resources. To further narrow the threat landscape, previous attacks on similar organisations will be investigated and the groups suspected of being involved in these attacks will be identified.

After identifying the relevant adversaries, the security department can use the data set to view the tactics, techniques, and procedures (TTPs) of these groups. The next step is to establish a prioritised list of detection and prevention capabilities that the Security Operations team must put in place. This process uses data already created by other MITRE teams, and is highly recommended for smaller teams. Augmenting your data A recommendation for many organisations using the MITRE framework is to layer threat information over and above any existing data. This enables further insights and knowledge share across multiple industries and businesses. To achieve this organisations must give analysts the time and training required to analyse available incident response reports (both closed and open source, internal and external) to extract the correct data and match it with ATT&CK metrics. In practice, this means reading these reports thoroughly, highlighting tools, techniques, tactics, and group names, and extracting the data to further feed the information the team has about the suspected attackers.

If the value and benefits of collecting this data can be clearly communicated to stakeholders, this helps to justify the additional effort and potential costs associated with implementing new tools that facilitate collection. While achieving the collection of the required data sources is already an important milestone, it is only the first step in the process. Once the data has been collected and sent to a threat repository, the next step is to find a suitable analysis tool. MITRE facilitates this step for many hacker techniques with its prebuilt Cyber Analytics Repository (CAR) and even provides open source analysis options such as the BZAR-project, which includes a set of Zeek/Bro scripts for detecting some ATT&CK techniques.

To assist the augmentation of data, the makers of MITRE are developing a new Threat Report Attacks Mapper (TRAM) tool, which helps analysts to partially automate this process. The additional information should improve decision making once the analysis of the attackers’ TTPs has been passed through the organisation’s “context filter”. Internal mapping While the use of the ATT&CK matrix for Cyber Threat Intelligence mapping focuses on external threats, the next logical step is to look at internal threats. First, all techniques need to be listed with information on how security departments identify, detect, and contain them. Extracting this information is an excellent way for security departments to better understand their own ability to defend and prioritise. The first step in this process is the programmatic extraction of data source information. There are several ways to do this using the APIs provided by MITRE or other open source tools on GitHub. Once completed, comparing the data sources that the security experts have access to and the groups of users and systems that also have access to those data sources can reveal important gaps in coverage and visibility. For example, if the threat information they have collected indicates hacking techniques that target scheduled tasks, a particular group may be behind them. The security experts are then able to determine whether they can detect this technique. The data sources listed in the technique-file and process monitoring, process command line parameters, and Windows event logs provide this answer. Closing knowledge gaps If none of these data sources are available to the security department, or if they are only available on a subset of the network, that is the first problem that needs to be fixed. It doesn’t matter

MITRE FACILITATES THIS STEP FOR MANY HACKER TECHNIQUES WITH ITS PREBUILT CYBER ANALYTICS REPOSITORY (CAR) AND EVEN PROVIDES OPEN SOURCE ANALYSIS OPTIONS SUCH AS THE BZAR-PROJECT, WHICH INCLUDES A SET OF ZEEK/BRO SCRIPTS FOR DETECTING SOME ATT&CK TECHNIQUES. whether they capture these new data sources through built-in operating system logging or by adding new security tools (network monitoring, network discovery and response [NDR], host-based IDS/IPS, endpoint discovery and response [EDR], etc.). It is simply important that identification of the most significant missing data has taken place.

Having the best possible resources to hand With information collected from the right sources security departments can identify priorities for attack groups and techniques that can be used against their own organisation. They can also supplement this information with their own internal data. This provides the security department with the best possible knowledge of what techniques and tactics the attackers have and are likely to use against the organisation. After assessing the threat level, the security experts can then use the integrated data source information to get an idea of the potential defence capabilities. Where key information is missing, they must work together to collect the data and implement analysis for these techniques. Tools such as ATT&CK Navigator can facilitate the visualisation of requirements. Open source and other vendors of security appliances and software can help accelerate the process of matching the required data against the data they collect and run against the analyses. The final step is to test and continuously review the MITRE ATT&CK framework, which is enriched with the threat intelligence information.

FEBRUARY 2021

CXO INSIGHT ME

COVER STORY

LEADING CHANGE GEMS EDUCATION’S GROUP CHIEF DISRUPTION OFFICER, KRISHNAN GOPI, SHARES INSIGHTS INTO THE TECHNOLOGY DISRUPTION JOURNEY THAT HAS EMPOWERED ONE OF THE WORLD’S LARGEST K-12 PRIVATE EDUCATION PROVIDERS TO LEAD THE WAY IN THE NEW NORMAL.

CXO INSIGHT ME

FEBRUARY 2021

nnovation has been the most critical ingredient for any company that desires to differentiate in its journey towards becoming a digital enterprise. This desire pushes organisations to adopt new technologies and transform their business models. Today, the need of the hour is to not only embrace innovation but also actively pursue disruptive innovation. By definition, disruptive innovation helps create new markets and new business values. Increasingly companies across verticals are realising that disruption cannot be a concept that they leave to chance. It is pertinent for firms to chart out future business continuity strategies keeping in mind the evolving nature of the industry and market circumstances. How can they make disruption and innovation intrinsic to the fabric of their organisation culture? How can they constantly churn out better business outcomes while simultaneously leaving a mark in their vertical? These are a couple of the questions that a Chief Disruption Officer (CDO) always has on his mind. The CDO, one of the latest entrants in the C-Suite, is increasingly becoming a highly sought-after role across most verticals, including education. While existing CxOs lead the business growth and operations of today, the Chief Disruption Officer prepares the business for tomorrow. The Chief Disruption Officer is responsible for foreseeing disruptive solutions that will alter the industry landscape to drive better outcomes to the bottom line. A successful CDO is one who is specialised in running large scale disruption/ digital / transformation projects. He or she should be a techno-functional expert, an effective change agent, an out-ofthe-box thinker, an agile guru with an ability to anticipate and predict global patterns and be an effective communicator capable of resolving conflicts between IT and business.

Founded in 1959, GEMS Education, one of the world’s largest K-12 private education providers, has embarked on a Technology Disruption Journey to create agile, scalable, and futureready technology capabilities for the education needs of today and tomorrow. Group Chief Disruption Officer of GEMS Education, Krishnan Gopi says, “In the new normal, organisations must find ways to be the disruptor and not get disrupted by understanding what can pose a survival challenge to their business model. Organisations that do not embrace disruption risk finding themselves on the list of giants who have fallen. It is here that the role of a CDO gains relevance.” Krish adds that “CDOs are strategically placed in a company to take bold decisions and rally support from all. They not only launch the organisation on its disruptive trajectory but also help it fundamentally evolve.” Understanding that technology holds the key to the future of education, and Krish and his team have embarked on a three-year technology disruption journey which is now in the third phase. The CDO explains that the journey consists of executing multiple strategic technology initiatives segmented across three key areas in phased manners – ‘Fix the Fundamentals (FY18-19)’, ‘Strengthen the Building Blocks (FY19-20)’ and finally ‘Accelerate Disruption and Incremental Value Creation (FY 20-21)’. As part of this journey, GEMS Education has developed its own IP suite of products and solutions which includes: Phoenix, an end-to-end school management platform; Classroom, an advanced learning management system; HSE, a health and safety and child safeguarding system; Connect, an enterprise mobility platform; Pulse, an education CRM; GEMS Garage, a digital re-purposing platform; AppStore, a unified view of education apps; and GEMS Alumni, a platform to connect alumni of GEMS schools.

KRISH SHARES HIS ADVICE FOR COMPANIES GOING THROUGH A SIMILAR DIGITAL TRANSFORMATION JOURNEY: • NOT changing is not an option – Digital adoption has been accelerating and will continue to do so at an exponential rate, transforming organisations. In order to avoid the risk of being out of business, it is important to begin now. • DO THE RIGHT THINGS – It is important for companies to understand their digital maturity and target objectives before embarking on a transformation journey. They must carefully balance between modernising their existing business and evaluating options of creating an entirely new digital business model. It’s not about ‘one size fits all’. • DO IT RIGHT – The key to gaining competitive advantage is investing in the right skilled resources, process and technology. Wherever required, it is important to develop strategic partnerships to access the necessary assets, skills and capabilities for enhanced synergy levels. • There is no ‘Big Bang’ approach – Short-term wins are the building blocks to success. Organisations that follow an incremental and continual improvement process are more likely to reap the benefits of a successful transformation. • Digital transformation isn’t a project; it’s a journey – A successful transformation does not mean digital investments alone. It’s also a cultural and mindset change that requires organisations to continually challenge the status quo. Leaders need to be fully aware of this reality.

“The successful execution of FY18-20 initiatives has resulted in significant efficiency increases (automated 13K+ man-days), customer experience enhancements, huge cost optimisation, standardisation, technology consolidation, control improvements, and secured data and IT assets,”

FEBRUARY 2021

CXO INSIGHT ME

COVER STORY

KEY MANDATES ON A CDO’S AGENDA:

Krish explains. “In the third phase of our disruption journey, we will further augment the capabilities developed in the previous phases.” At the onset of the pandemic and subsequent lockdowns last year, educational institutions across the country had their work cut out for them – to move to a completely online model. According to Krish, this transition would have been extremely challenging for any school. “When the regulators decided to move from traditional to online learning, we were one of the very few school groups that were ready to go. Remote learning may have taken many schools by surprise. While most of our competitors regionally and across the globe struggled and took months to get ready for the new normal, GEMS Education began from

CXO INSIGHT ME

FEBRUARY 2021

a position of strength. This is thanks to sustained investments in technology in the prior years and also because we were already continuously training our teachers towards this possible future.” Therefore, the biggest challenge that GEMS Education faced was not about implementing the solutions, instead it was managing change among the different stakeholders – students, parents and teachers – to adapt to the new normal. “To enable a successful change management, we extensively trialled remote learning sessions, with dedicated teachers at home testing online platforms with students. We also set up a centralised helpdesk to respond to parents’ and students’ queries, and provide appropriate technical support during the remote

learning period,” says Krish. The company also established a quality assurance programme to monitor on a weekly basis the remote learning sessions taking place in each school, measured through digital learning progress parameters such as quality of learning, quality of remote provision, student engagement and parent satisfaction levels. “In addition, we worked closely with the regional telecom operators, the UAE’s Ministry of Education and Telecommunications Regulatory Authority (TRA) to whitelist collaboration apps such as Teams, Zoom and Google Meet, for voice / video calling features to enable seamless online delivery of lessons.” Thanks to its relentless companywide efforts, the education institution successfully delivered over 28 million collective remote learning sessions during the lockdown period, with 96% student satisfaction. Krish says, “Our exemplary response in learning continuity has been recognised by Dubai’s Knowledge and Human Development Authority (KHDA), who rated our remote learning programme as the top-tier ‘Developed’ in the distance learning evaluation across Dubai.” As per an independent survey, conducted by LEK, a British management consulting firm, GEMS Education’s remote learning programme displayed a higher level of satisfaction (95% of parents said they were satisfied / very satisfied, equating to 15% more satisfied parents as compared to the average UAE school). According to GEMS Education’s CDO, the future holds “truly exciting and groundbreaking EdTech initiatives, including but not limited to establishing advanced online tutoring platforms, developing intelligent AI-driven virtual avatars for enhanced teaching and learning outcomes, building an advanced adaptive learning platform driven by cognitive AI solutions, introducing a versatile mixed reality-based platform for an immersive learning experience, and creating a unified blockchain-based credentialing system.”

Questions? Reach out to your account team.

Bibin George Sales Representative MENA (Enterprise and Systems), Seagate Technology bibin.jacob@seagate.com +971-50-6818529

Najeem Thajudeen Product Line Sales Manager, ASBIS Middle East FZE najeem.thajudeen@asbisme.ae +971 55 311 7020

FEATURE

UNLEASHING THE PROMISE OF 5G THE IMPENDING ARRIVAL OF 5G OPENS UP A HAVEN OF OPPORTUNITIES WITH SMART CAPABILITIES FOR ENTERPRISES.

s the frenetic pace of 5G networks buildout continues in the Middle East, many enterprises are looking to tap this new generation of cellular technology to deliver reliable and secure communications and fuel digital transformation initiatives. Unlike the previous generation of mobile technologies that consumers drove, the 5G market is expected to find favour in the enterprise division first. According to a GSMA Intelligence report, 5G networks are expected to reach one billion connected by 2023, and that number is tipped to double by the end of 2025. The report adds 5G networks present massive transformative opportunities for industrial application, from manufacturing and logistics to energy,

CXO INSIGHT ME

FEBRUARY 2021

healthcare, education, defence and transportation. With the arrival of 5G spanning across several countries, what will that offer? “We can expect faster download and upload speeds, more services and features, cloud-based solutions and lower connect and latency times for new time-critical applications – like remote surgery, driverless cars and more. With Mobile Network Operators (MNOs) already building networks in many of the world’s cities, 5G is moving at pace. However, there is something else in this new generation of mobile and wireless that will bring change in the marketplace in years to come – private 5G networks using shared spectrum,” says Professor Robert Stewart, Electronic and Electrical Engineering at the University of Strathclyde. The business embraces 5G for

different reasons than the consumer, says Zoran Lazarević Chief Technology Officer at Ericsson Middle East & Africa.“If we look at historical patterns, we see a consistent theme that mobile network generations shrink distances and barriers for businesses, and make connecting people in drastically different locations as easy as the touch of a button. By shrinking the business world to new levels, we can unlock values on both the cost and the revenue side. 5G has the potential to take the world faster and further than any previous network generation due to new network capabilities.” Azz-Eddine Mansouri, General Manager at Ciena Middle East, agrees that 5G is set to fuel many technology use cases, including critical IoT where 5G services are needed to handle important operations reliably and consistently. For example, remote healthcare, smart grid automation, traffic safety and control, as well as industrial application and control. He says now more than ever, network connectivity plays a key role in helping the world navigate and overcome the challenge of this global pandemic. “We can, therefore, expect an increasing reliance on scalable, reliable broadband to make the most of new technologies that support digitisation, through the proliferation of 5G.” Enterprises in physical industries have been lagging in terms of ICT spending

Ali Amer

in comparison with digital industries. A recent Nokia Bell Labs Consulting study predicts that we will be witnessing a “Big Inversion” in the ratio of ICT spending between physical and digital industries in the post-COVID era. “The main driver goes beyond profitability and growth to cover the sustainability of the enterprises in the physical industries. The ICT investments will target a broad spectrum of technologies, collectively termed as 5G+, where 5G is the foundation that enables multiple key technologies such as cloud, Internet of Things (IoT), and Artificial Intelligence (AI)/Machine Learning (ML),” says Muneer Zuhdi, Head of Consulting,

Ayhem Alzaaim

Azz-Eddine Mansouri

Nokia Bell Labs – MEA. The initial rollout of 5G networks has mainly targeted consumers, but we will start seeing a shift in terms of targeting industrial zones and enterprises to enable the digitisation of their operation. Globally, governments are also expected to release more spectrum in recognition of the importance of 5G as a key enabler for industrial automation, he adds. 5G and digital transformation Industry experts say 5G will become a catalyst for digital transformation in enterprises and spur the adoption of transformative technologies. “5G is known for its transformational potential for IoT use cases including virtual reality, autonomous driving, etc. 5G will deliver on three technology pillars through which distinct new services can be managed: Enhance Mobile Broadband (eMBB) for high throughput data transfer; massive IoT (mMTC) to connect large numbers of simple devices; and ultra-reliable low-latency communication (uRLLC) networks to reliably support missioncritical applications,” says Mohammed Faraj, Vice President for Digital Energy & Secure Power in Saudi Arabia, Schneider Electric. He says with these three pillars and when combined with edge computing, 5G will be the preferred technology for applications that need the highest speed and reliability. This includes

Faiq Khan

Industry 4.0 applications like RPA (Robotic Process Automation), robotic “extensions” for surgery, police, and military, holograms with virtual reality and immersive applications. 5G can also be used in high definition video dependent applications like in stadiums, automated warehouses, and shipyards. Ali Amer, Managing Director, Service Provider Sales, Cisco Middle East and Africa, echoes a similar opinion: “There is no doubt that 5G is transforming the possibilities of digital transformation at rapid pace and scale. 5G will enable enterprises to mobilise their workforces, extend automation, and support new applications through higher data rates and increased network capacity.” The pandemic, he says, has highlighted how businesses across all domains, whether in manufacturing, healthcare or education, can no longer take digitisation for granted or view it as a ‘nice-to-have’. Advanced connectivity is essential to surviving in today’s digitally-dependent world, and the benefits are also clear to see, in terms of how technologies such as 5G can stimulate new areas of growth. Ayhem Alzaaim, CEMEA manager, Telco, Red Hat, says 5G also plays an important role in supporting the performance requirements for cloud-native applications, which is where software innovation is leading enterprises. “Cloud-native apps will perform faster, be developed faster

FEBRUARY 2021

CXO INSIGHT ME

FEATURE

Mohammad Faraj

and brought to market faster; 5G connectivity will help provide the needed infrastructure.” Another trend is the emergence of 5G private networks that can cater to the specific needs of industry verticals. “With the advent of 5G, we already saw the strong interest of the enterprises for dedicated/private networks to meet the demands of industry digitalisation. We can expect that this trend will accelerate in 2021 and with advanced network capabilities, as 5G network slicing, the communications service providers (CSPs) will be able to efficiently meet industry demands,” says Lazarević from Ericsson. Stewart from the University of Strathclyde says with the advancement of enterprise 5G, the strong importance of private networks for the enterprise will continue to increase. He cites a study conducted by ABU research, which says the demand for private network deployments will see a surge, in particular within energy production. Industries such as mining, oil and gas will generate private network revenues of $32.38 billion by 2030, representing half of the $64 billion overall private network revenues. Amer from Cisco explains why 5G networks can offer enterprises more inventive ways to connect: “Private LTE and 5G networks deliver 20

CXO INSIGHT ME

FEBRUARY 2021

Muneer Zuhdi

reduced latency for low delay-centric applications such as industrial automation (2ms), autonomous operations and high-definition video surveillance. Private LTE and 5G networks have been designed for Increased mobility – offering highspeed access and increased mobile roaming with security – for this reason, we expect to see continued expansion of 5G networks.” Zuhdi from Nokia Bell Labs points out Industry 4.0 is already being powered by private wireless networks with carrier-grade 4G that will migrate to 5G to satisfy the different enterprise use case requirements for industries. A

Robert Stewart

Zoran Lazarević

latency as low as one millisecond, 6X9 reliability, and throughput in excess of 1Gbps will all be key enablers for heavy machinery teleoperation, collaborative robots (Cobots), and Automated Guided Vehicles (AGVs). This will encourage industries to accelerate the adoption of private 5G networks. According to Faiq Khan, managing director, East Europe, Asia and Africa at Infovista, the technology to deliver private enterprise networks using 5G is already here but the main issue is finding a compelling business model that provides more benefits over existing WIFI alternatives. As such, the early adopters will be within greenfield deployments and more challenging sites such as shopping centres, large campus, ports, and extractive industries such as mining. One of the main considerations is the speed at which 5G infrastructure can be deployed to deliver these new capabilities. “Several operators are now turning to advanced network planning and design software to help speed this process up – including more focus on indoor planning using intelligent tools to aid faster rollouts. This need for automation also extends to monitoring which is critical to ensure quality of service remains high – even as operators now face having to simultaneously manage 4 generations (2G, 3G, 4G and 5G) of network architectures,” he concludes.

VIEWPOINT

CONSTRUCTION GAME CHANGERS KENNY INGRAM, IFS VICE PRESIDENT, ENGINEERING, CONSTRUCTION & INFRASTRUCTURE ON HOW SERVICE, OFFSITE AND TECHNOLOGY DISRUPT THE STATUS QUO FOR CONSTRUCTION COMPANIES

ith the number of construction projects dwindling as a result of the pandemic, many companies are reimagining their business models to secure their future. While how to increase productivity remains one of the major hurdles that the industry needs to overcome, construction and engineering companies must also look to servitisation to attract new business. Even if it may appear to some as a question of identity, the provision of service will in reality be a question of survival for many businesses. Even though the outlook is harsh, there is evidence that many companies are using the current lull to arm themselves with tools that will enable them to hit the ground running when the tide turns. In fact, a recent IFS study revealed that 70 percent of businesses have increased or maintained digital transformation spend, despite the Covid-19 pandemic. In the engineering, construction and infrastructure sector, this figure is more than 75 percent. Given the unpredictability of 2020, we are facing a new year whose challenges and opportunities are equally difficult 22

CXO INSIGHT ME

FEBRUARY 2021

to pin down. Despite the uncertainties, however, I have summarised a few trends that I believe will color 2021 and beyond: Service turns cornerstone as builders approach total asset lifecycle responsibility As a result of the disruptions of 2020, the construction industry is intensifying its focus on securing stable and robust revenue streams. This has led many companies to transform themselves from traditional construction companies to asset lifecycle service providers, able to provide through-life service, facilities management, and maintenance to their clients. The upshot is a strengthened emphasis on total lifecycle cost rather than the traditional, one-and-done build cost. One of the major implications is the profound shift in focus among the companies building the assets. As they will be increasingly expected to assume cradle-to-grave service responsibility for each asset they build, they will need to focus on asset quality, longevity, and ease of maintenance. Put more provocatively, now that the asset is the construction company’s problem, it will need to be designed for quick and easy repair and maintenance.

As customers are more and more interested in buying outcomes rather than brick-and-mortar assets—for example, hospital beds rather than the building that houses them— construction companies will need to get used to providing an all-encompassing service offering. A majority of stakeholders in the construction and engineering space are still doing business through two separate contracts—one to build and one for service. In 2021, however, I predict that we will see a decisive increase in the number of construction companies transitioning to a single contract that spans the entire lifecycle of the asset while regulating its output or availability. The effect on companies’ business models will be profound as they will need to extend their planning horizons significantly to ensure long-term profitability. Even if they have competent staff to attempt this transformation, it is likely many construction companies will initially struggle to establish bestpractice in service processes that will ensure delivery of new-to-them concepts such as customer engagement, servicelevel agreements (SLAs), and field service scheduling and optimisation. One

of the ways companies will solve this is to look at enterprise software designed to power the transformational journey from construction-only to through-life service provision. Offsite construction drives need to standardise materials and processes Offsite construction, also known as prefabrication, is a trend that has been gaining momentum across the industry. Whereas construction companies used to build a house using materials shipped to the site, many companies are today moving the actual construction to factory-like, indoor environments where tradespeople and contractors build components or modules that are shipped to and assembled on the building site. One of a vast number of examples of this trend is leading engineering firm Babcock, who delivered prefabricated components to the Heathrow Terminal 5 project. As the construction companies are tasked to manage increasingly complex logistics for each build, we will see a significant uptick in companies focusing on implementing supply chain management best practices. The vast majority of traditional construction companies will admit to having very little experience in working with things like parts numbers and inventory. The supply chain-centric work processes of a company like Amazon will not reflect the current reality of their businesses. Yet, this is the vocabulary they will need to learn (very quickly) in order to effectively and profitably manage the logistics challenge of getting hundreds or even thousands of prefabricated components to one or more construction sites—at the right time and in the right order. I predict the construction industry will see accelerated investments in business software capable of imposing order on a supply chain-driven transformation that would otherwise spin rapidly out of control. Companies will increasingly turn to a manufacturing ethos as they get used to the idea of building standardised components with serialised part numbers that can be used in multiple projects, as opposed to costly, customised solutions. In other words, 2021 will be the year

when the inexorable march of offsite construction compels traditional construction companies to evolve and get to grip with the urgent need for standardisation, both in terms of materials and work processes. 5D BIM comes of age as early movers eye 6D By now, most people with an interest in the construction and engineering sector know what Building Information Modeling (BIM) is and what its major benefits are. As a standalone technology for three-dimensional design, it has had a huge impact on how complex assets are being developed and built. Many industry stakeholders are currently talking about 4D BIM, which also takes the time and scheduling aspect into account, basically giving companies a video simulation of how and in what order an asset should be constructed. What is not a very mature concept, however, is the combination of BIM with enterprise resource planning (ERP) software, which is arguably where most crucial business data is stored. This lack of sophistication is odd, given the enormous potential in connecting the two. What I am referring to here is what is being hailed as 5D BIM. With the fifth dimension being money, I predict that the challenges of 2020 will provide added incentive for companies looking to bridge the gap between BIM and ERP. The question an increasing number of construction companies will ask is how

to take a BIM model and turn it into a cost estimate and then track the actual costs back to the BIM objects. Edging out the traditional bill of quantities, companies are today being asked to bid against a BIM model, a cumbersome process that normally involves a myriad of manual calculations and measurements. As 5D BIM comes to the fore, I predict that, in 2021, construction companies will start demanding automated tools for transferring BIM models straight into the estimate module of their ERP software. Companies will expect standard integrations that will enable a free flow of data between the different systems. What will be needed are integrations that let the bid teams sort and structure the data by type of component, separate them into packages of work, and automatically price each package. Early-moving companies that are already implementing or trialing 5D BIM/ ERP integrations will use their head start to investigate the sixth dimension of BIM: maintenance. At this stage of the maturity cycle, the visualisation element of BIM takes a subordinate role to the free flow of information throughout the lifecycle of the asset—from design to build to maintenance. While still a few years out, I predict a rapid progression to 5D and 6D BIM. Onwards and upwards Even under ideal market conditions, construction is a demanding industry in which complex networks of projects and project delivery must be navigated effectively. I remain convinced that one of the best ways to ensure business value and resilience is the long-term investment in sensible technology that is fit for purpose. For all its unpredictability, I believe that 2021 will be a year of opportunity in the construction, engineering and infrastructure sectors. But just as luck favors the bold, I also believe that capitalising on these opportunities will require strategic fortitude and a clear vision of how servitisation and technology could and should coalesce into new and more intelligent ways of working.

FEBRUARY 2021

CXO INSIGHT ME

FEATURE

GEARING UP FOR A NEW ERA

WHY CLOUD-NATIVE IS THE FUTURE OF APPLICATION MODERNISATION

imple stated, cloudnative computing means building applications and services specifically for cloud environments. According to Cloud Native Computing Foundation’s definition, cloud-native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach. 24

CXO INSIGHT ME

FEBRUARY 2021

451 Research defines cloud native software as ‘applications designed from the ground up to take advantage of cloud computing architectures and automated environments, and to leverage API driven provisioning, auto scaling, and other operational functions’ In today’s digital world, where applications have become increasingly complex with no scope for downtime, cloud-native systems offer speed and agility coupled with resiliency by leveraging cloud service delivery model. Though it may still be early

days for cloud-native architecture, it is already driving transformative changes in many industries. Industry pundits say the concept of cloud-native is here to stay and is essential to creating a roadmap to success in digital businesses. Explaining what is driving the shift toward cloud-native approach, David Noël, regional vice president, Southern Europe, Middle East & Africa at AppDynamics, says while new cloud technologies have brought flexibility and digital innovation to businesses, they have also led to

more complex, distributed application architectures and configurations. This maked it challenging for operators to understand what happened where and why when problems arise, and for developers to get the information they need to understand and improve their applications. Additionally, businesses are facing ongoing pressure to lower costs and further develop efficient cloud management and implementation strategy. “The demand for new applications continues to grow at an accelerated pace. In fact, IDC observed that organisations, on average, have 127 applications in their portfolio and intend to grow their application portfolio nearly 40% over the next five years. These applications are required by the business to help improve operational efficiency and customer experience and drive innovation across the organisation. Optimising these mission-critical applications is crucial if a business wants to remain competitive. One way to do this is through a cloud-native approach to application development,” he says. Mohammed Retmi - Head of Regional Domains, Middle East & Africa - Orange Business Services, says from an economic point of view, cloud native technologies enable organisations to realise the true value of cloud by scaling and developing applications in much shorter timelines than were previously possible. According to him, cloud-native is changing the way organisations think about how they develop and deploy applications. “Cloud-native computing is cloud agnostic and enables organisations to scale up and down according to capacity needs. It gives organisations more control over the applications they build, so instead of having one large structure, cloudnative allows for smaller structures that are much simpler to manage and adapt,” he says. Walid Issa, Senior Manager Pre-Sales and Solutions Engineering Middle East and Africa, NetApp, says in addition to availability, scalability, and agility of cloud resources when compared to on-

David Noël

IN TODAY’S DIGITAL WORLD, WHERE APPLICATIONS HAVE BECOME INCREASINGLY COMPLEX WITH NO SCOPE FOR DOWNTIME, CLOUDNATIVE SYSTEMS OFFER SPEED AND AGILITY COUPLED WITH RESILIENCY BY LEVERAGING CLOUD SERVICE DELIVERY MODEL. THOUGH IT MAY STILL BE EARLY DAYS FOR CLOUDNATIVE ARCHITECTURE, IT IS ALREADY DRIVING TRANSFORMATIVE CHANGES IN MANY INDUSTRIES.

premises deployments and effective compliance and security management, this approach will help enterprises shift the focus from underlying infrastructure and platforms to application innovation and availability of hybrid architectures to leverage services and capabilities like containers and microservices.

Mohammed Retmi

What is in it for you? Many top public cloud service providers have started evangelising the idea and now the cloud-native landscape boasts of many top tier tech vendors. Noël from AppDynamics says cloudnative application development allows organisations to capitalise on the full power of the cloud by delivering faster time to market, increased scalability, improved flexibility, and better consumer experiences — all while reducing cost. It enables organisations to develop and deploy applications quicker. Cost savings and efficiency have initially been the main drivers for using cloud-native methods, but more recently, the impetus has been the need for increased speed and agility. “The cloud’s innate qualities make it perfectly suited to the flexible working practices of the modern workforce,” says Charbel Khneisser, Regional Director - Technical Sales, META at Riverbed. “For example, cloud infrastructure can be quickly and reliably scaled up or down according to the business capacity and needs. As such, cloud native businesses are inherently better at responding to uncertainty and change. For example, the increased demand caused by the mass shift to remote working in response to the COVID-19 lockdown was easier to deal with when having a cloud-based infrastructure.” According to 451 Research, the

FEBRUARY 2021

CXO INSIGHT ME

FEATURE

Charbel Khneisser

Chris Pope

adoption of cloud native is ‘driven by the speed, automation, efficiency, scalability and portability it can bring to the modern enterprise’. 451 Research also sees cloud-native as supportive and complementary to several other adjacent trends, including artificial intelligence (AI), the Internet of Things (IoT) workloads and edge computing. “Deploying an application in the cloud originally designed to run in a traditional data centre (as part of a so-called ‘lift and shift’ approach) is not enough in today’s increasingly digitised world, especially where speed to market has become a 26

CXO INSIGHT ME

FEBRUARY 2021

451 RESEARCH ALSO SEES CLOUD-NATIVE AS SUPPORTIVE AND COMPLEMENTARY TO SEVERAL OTHER ADJACENT TRENDS, INCLUDING ARTIFICIAL INTELLIGENCE (AI), THE INTERNET OF THINGS (IOT) WORKLOADS AND EDGE COMPUTING.

key differentiator. The quicker an enterprise can conceive, create and roll out a solution or service, the more value it has. Cloud-native’s flexibility and scalability make it much easier to experiment in the cloud, supporting the ‘fail fast, learn fast’ methodology,” says Retmi from Orange Business Services. Issa from NetApp shares another strategic advantage of cloud-native computing: “Cloud-native approach will help enterprises focus on application innovation. For example, running applications and processes in software containers as an isolated unit of application deployment, and as a mechanism to achieve high levels of resource isolation will improve overall developer experience, fosters code and component reuse and simplify operations for cloud native applications.” Also, cloud- native architecture can be dynamically managed by a central orchestrated process that can help enterprises improve machine efficiency and resource utilisation while reducing

the cost associated with maintenance and operations, he says. Going cloud-native is the next step in the cloud journey but the journey needs energy and commitment, both in financial terms and human resources, says Retmi from Orange Business Services. Many enterprises find this a significant challenge. According to a survey by the Cloud Native Computing Foundation (CNCF), 43% of enterprises flagged cultural change within development teams as one of the top issues in switching to these new development methods. Many are also finding training a challenge. “Adopting these new technologies requires a marked change in mindset to work. Going cloud-native begins with a complete re-think of traditional IT structures and processes that provide the very foundations of productivity. Often, enterprises take the first steps to cloud-native only to trip because of an idea fixed in legacy application environments,” says Retmi. Chris Pope, VP Innovation, ServiceNow, says many challenges to adopting cloud-native relate to people, process and culture. Experience is key along with having the right knowledge and skills to make the right informed decisions. “Lifting and shifting existing platforms and solutions does not reap the benefits. Rethinking and rearchitecting is a key decision to be made, to ensure you can leverage all the capabilities available to you in the cloud. Many organisations still work in slow release cycles or with a slow pace of change. Innovation requires the ability to be able to adapt and adopt, releasing quickly and often to ensure you keep up with the market,” he says. A cloud-native business reacts differently to market demands. Before any enterprise embarks on a cloudnative journey, it must accept that there will be disruption and change. Enterprises that can grasp the concept of rapid experimentation will reap the many benefits of cloud-native.

VIEWPOINT

CREATING THE VIRTUAL REALM VINCENT HIGGINS, GLOBAL DIRECTOR/GENERAL MANAGER, HONEYWELL’S WORKFORCE COMPETENCY SOLUTIONS, EXPLAINS HOW ADVANCED DIGITAL TWIN TECHNOLOGY HELPS CLOSE TODAY’S INDUSTRIAL SKILLS GAP

n today’s demanding industrial environment, there is an urgent need for training that truly helps workers acquire knowledge and develop new skills they can perform on the job. According to industry data, more than a quarter of plant incidents occur because workers lack competence. Many situations require a fast response based on an accurate understanding of equipment in the appropriate context. Unfortunately, the current business environment has severely restricted the ability to perform classroom instruction at most industrial sites. Knowledge transfer 28

CXO INSIGHT ME

FEBRUARY 2021

between seasoned employees and new hires has become increasingly difficult. Faced with increasingly complex technology and an experienced workforce nearing retirement, plants need robust training solutions that accurately depict real-world environments. Due to the challenges caused by the current strained environment, the need for technology in conducting business has taken on new importance. In the recent 22nd Annual Global CEO Survey by PricewaterhouseCoopers, the results showed that the Middle East is anxious when it comes to the progression

of technology. Three quarters of the CEOs in the region regard ‘the speed of technological change’ as a business threat. Meanwhile, the report stated that VR and AR have the potential to add $4 billion to the UAE economy by 2030, highlight not only the technology’s importance but also its urgent need. Evolution of training simulators Manufacturers have long utilised Operator Training Simulator (OTS) systems to train

process operators in large-scale industrial applications. These simulators are used for instruction on a wide range of operational procedures, imparting fundamental process understanding and maintaining and improving occupational skills in a safe environment. Modern OTS solutions combine dynamic process simulations, emulated control systems and replicated interfaces to recreate the look, feel and behavior of the actual plant. They provide an effective means for optimising processes and gaining operational experience. In recent decades, OTS systems have employed digital twin technology to replicate physical processes and assets within a virtual environment. This approach provides the closest possible virtual image of a real control system, serving as a simulation model of reality with all components, their characteristics, functionalities and parameters. Digital twins developed by process experts can help retain and transfer valuable expertise to a newer control room and field operators. There is an increasing shortage of incoming skilled talent in the industry, which in turn creates an increasing need for technology to act as a knowledgetransfer tool. With the latest Immersive Field Simulator (IFS) and a digital twin, knowledge can be retained with the confidence that it will be imparted in a safe environment and effective manner. Deloitte recently reported that VR training not only helped employees learn more quickly, but those same employees learned more information and retained higher percentages of what they learned – for an extended period of time. Additionally, IFS represents an exciting digital approach to training, which attracts young minds that are looking to move away from rigid industries and into industries that are ahead in digitalisation. Taking an immersive approach For many years, control room personnel had comprehensive training programs, while field workers relied on hands-on instruction to learn their job functions. This situation has evolved with new immersive simulation technology

enabling teams of field operators and technicians to interact via virtual walkietalkies and achieve a training experience similar to their counterparts working at control room consoles. The IFS provides a virtual reality (VR)/ mixed (MR)-based training solution, which helps better train today’s industrial workforce. The IFS can be used to extend console operator simulator training to field operators for credible, realistic and immersive collaborative training experiences. This solution enables operating companies to increase their worker competency while enhancing safety, so they can maximise their plant performance. According to a recent PricewaterhouseCoopers study, VR learning is four times faster than traditional classroom instruction and four times more focused than e-learning. It also inspires 300% greater confidence in trainees doing their jobs in the real world. The codification of training with sight and sound makes VR learning much closer to hands-on “practice by doing” than existing e-learning techniques. In another very recent report by Mursion and Future Workplace, more than 72% of learning and development leaders across industries are expected to have tried VR for soft skills training at their organisation by 2022. This is more than double the current 35% currently deploying VR skills simulations. Leading automation suppliers like Honeywell have offered operator training simulators to replicate the functions and activities of an industrial control room setting. However, this training-based control room was not connected to the actual production operation but rather was tied to a digital twin of the process and assets. With the IFS, the same digital twin has now been paired with a digital twin of the 3D world—essentially the plant itself with details such as handrails, ladders and stairs, as well as individual assets such pumps, compressors and pipes. The replications are linked to a mathematical process model so that an action such as turning a valve in the virtual world also changes the variables in the back-end digital twin of the process. These functions

are subsequently connected to the control room training simulator. Putting the technology to work In the same way pilots practice takeoffs and landings with a flight simulator, an immersive training simulator offers a smooth, virtual walkthrough to familiarise workers with the operations they’ll encounter in their day-to-day jobs. It includes avatars that represent virtual team members. This approach helps to greatly improve skill retention versus traditional training methods and significantly reduces the length of technical training. Immersive field simulation is a preferable method of training for today’s digital-native workforce, which is taking over many complex job responsibilities on the plant floor. Traditional classroom and e-learning techniques are often ineffective with the new generation of workers. In a study by the National Training Laboratory, retention rates for VR learning were around 75% and help fill the skills gap between experienced employees who are retiring in large numbers and younger workers who must gain know-how in a wide range of critical operations. Going forward, new digital twin solutions will be developed to address asset performance management and relate the health and performance of crucial assets to the 3D digital twin that exists today. Conclusion The drive for higher efficiency and greater safety in an ever-more-stringent regulatory environment is causing plant owners to consider new ways to enhance training of their personnel. Unlike equipment assets, people are mobile and are the key enabler of plant’s safety and productivity. Their skills vary by individual with each one learning and retaining knowledge differently. A new generation of Immersive Field Simulator incorporates virtual reality to provide plant operators and field technicians with a detailed, accurate training environment. This solution helps improve training times beyond traditional classroombased learning and minimises situations that can result in operational downtime.

FEBRUARY 2021

CXO INSIGHT ME

VIEWPOINT

AHEAD OF THE CURVE NIKOLAI STANKAU, DIRECTOR, BUSINESS DEVELOPMENT, EMEA FINANCIAL SERVICES AT RED HAT, SAYS FINANCIAL SERVICES BRANDS FOSTER A COMMUNITY SPIRIT TO DRIVE INNOVATION

ike most large enterprises today, banks and other financial services companies are striving to become technology businesses. At the same time, CIOs, CTOs and IT managers are under constant pressure to reduce costs and deliver on large transformation projects. The current pandemic situation has left brands having to support remote working on an unprecedented scale, placing greater emphasis on cloud and security. IT departments need to strike a careful balance between cost and delivery. Consequently, more and more financial services organisations are turning to enterprise open source software. According to Red Hat’s own research, 93% of IT leaders from across the financial services industry stated that enterprise open source was important to their respective organisations. A large proportion (83%) also remarked that enterprise open source has been instrumental in allowing them to take full advantage of cloud architectures. This

CXO INSIGHT ME

FEBRUARY 2021

is enabling banks to implement hybrid cloud strategies and develop cloudnative applications. Open source enables organizations to innovate faster and offers a level of flexibility and agility that would have been difficult to achieve if they were solely reliant on proprietary software. Besides adopting enterprise-grade software products and solutions, banks can become leaders in setting technology trends and influencing software development through deeper collaboration with open source communities. This in turn helps to attract and retain the very best developers. The magnification effect From the outside looking in, it might appear that the financial services industry is ahead of the curve. Think of the many online and mobile banking applications and services we take for granted today. The fact of the matter is that most traditional banks are reliant on aging systems that are unable to keep up with the pace of change in the sector. They face an uphill challenge to remain competitive and be at the

forefront of financial services technology. In addition to using enterprise open source from a trusted vendor, major gains can be made by organisations that are prepared to work directly with open source communities, in what’s known as ‘the upstream’. This is where code is developed, in a shared process. From here, the software can be downloaded for free, or, it can be consumed via a trusted open source vendor that hardens the software, securing it, stabilising it, adding lifecycle management and service level support, to make it suitable for use in an enterprise; otherwise known as the ‘downstream’. Upstream communities are the engines of innovation, made up of developers and thinkers, diverse individuals and organisations from around the world, all dedicated to building new software. Collaboration in open source communities is a fluid model that allows banks to contribute directly to the development of new code to help create and refine a particular piece of software. It’s a way of expanding a team many times over; supporting open source projects and

the bank is now an active member of the open source community, regularly contributing new ideas and code to drive projects. This model has ensured the bank is able to build the features it needs to enhance its own product portfolio. A clear demonstration that leveraging global communities is a smart and cost-effective way to drive software development and transform digitally.

contributing perhaps just a few hours of developer time per week and gaining the output of hundreds or thousands more. Creating a magnification effect! In the driving seat Participating in open source is a far cry from buying an-off-the shelf product. It allows an enterprise to play a leading role in product development by nurturing a solution that addresses a specific business requirement. Many organisations from the same sector can work together to get the capabilities they need. That’s fairly groundbreaking in a heavily regulated industry like financial services. It’s also likely the code will become freely available, providing an opportunity for other developers to access it via a set of open APIs. The software is frequently updated and improved by the many developers maintaining it. As well as being the captains of their own destiny, banks and their inhouse developer teams gain added kudos for being involved at the bleeding edge of emerging technology. FINOS (Fintech Open Source Foundation) is one instance of a community that was set up by banks to encourage greater collaboration on open source projects. It started out as Symphony, a messaging and collaboration tool for the banking community conceived on the back of open source software that developers from a prominent investment bank used to create a secure messaging platform. It was then adapted by developers from other banks who went in to add voice and video capabilities. Symphony is now a major business valued at around $1.4bn, and the concept has expanded into what is now FINOS. However, FINOS at the moment focuses largely on software development for investment banks, which limits the impact it can have on other aspects of financial services such as insurance or retail banking. Moving at the speed of innovation Cloud migration and hybrid cloud adoption is central to any major digital transformation project. Banks need the agility and elasticity the cloud gives them

to extend reach into new virtual and geographic markets. The framework known as Kubernetes - one of the fastest growing open source projects in history - enables companies to automate the management of large numbers of containerised applications across a hybrid cloud environment. Linux-based Kubernetes has become the industry standard for container orchestration. In fact, Red Hat has been contributing to the development of Kubernetes since its inception. Given the opportunity, banks should be actively contributing to Kubernetes development. The upstream model gives them the ability to do this. They can marry their own resources with all that the community has to offer to shape Kubernetes-based products and solutions to target their own individual business requirements. It’s a model that promotes continuous development, benefitting the banks themselves and the wider community. Banks are not averse to the upstream model by any means. Real-world examples include a major financial services organisation that joined a community to drive the development of a critical piece of middleware. The bank’s developers worked side-by-side with the open source community to create new software and features for the business process management platform. The community’s involvement allowed them to deliver the project in record time and at a considerably lower cost. Subsequently,

A strategic development So, surely all financial services organisations are signed up to open source communities? Well, not quite. Specialist open source projects like FINOS do exist and there are more examples of community led projects like Symphony out there. However, these open source projects are the exception rather than the rule. Most developers operating in the financial services space are tucked away behind the company firewall. Like banking itself, software development can be a stringent and highly regulated process. It’s time to change this. In today’s fast paced digital economy, the policy of keeping your developers in a closed environment is no longer tenable. If you’re going to continuously innovate then you need to bolster your inhouse teams with the wealth of talent that’s available outside of the firewall. On the flipside, developers flock to organisations that are engaged in upstream development because it gives them exposure to exciting community-led initiatives. There are lots of different ways an organisation can contribute to upstream communities and gain access to a global network of developers. They can invest in a community and support it financially, they can provide technical leadership or advocacy, but the most common model is to contribute code. By doing so banks and financial services organisations can discover, or help to build, software that can be adapted for a specific business need. Enterprise organisations that participate in existing open source projects can stay ahead of the curve, significantly reduce costs and speed up time to market.

FEBRUARY 2021

CXO INSIGHT ME

VIEWPOINT

WAYS TO PREVENT CYBER ATTACKS ANDREAS GLOEGE WHO IS THE VP, NORTH AMERICA SALES ENGINEERING IN ONAPSIS, WRITES HOW TO DEAL WITH THE FULL SPECTRUM OF CYBER THREATS

t’s hard dealing with the full spectrum of cyber threats. The threat landscape is constantly evolving and, to further compound the challenge of defending our enterprises, we continue to roll out new technologies and extend security boundaries into the cloud and Work from Home environments and our digital transformation initiatives. The bottom line here is that threats continue to evolve, and our environments are getting more complex and harder to defend. Early detection and validation of anomalous activity – identify adversary Indicators of Compromise (IOCs) and stop the adversary before significant damage is done. For example, stopping a ransomware attack as systems are being encrypted is too late in the game. At this point, the adversary likely owns your environment and has exfiltrated sensitive data from the environment. We need to detect and block ransomware early on during the initial exploit (the Phishing attempt) and as they begin to move laterally to other systems. Effective cyber hygiene – Fidelis’ Threat Research Team is continually tracking evolving threats and the attackers “go to” techniques continue to be Phishing and social engineering attacks, exploitation of unpatched vulnerabilities in systems, and exploitation of weak logon credentials. The key here is understanding what are your most critical and most exposed assets and then prioritising cyber hygiene efforts against these assets. This must include: • Knowing the terrain you are defending 32

CXO INSIGHT ME

FEBRUARY 2021

(what are your critical data sets, business critical workflows, and avenues of attack and the high risk assets associated with those) • Diligent patching (particularly for those high-risk assets and for systems that support work at home users) • Good account and password management (ensuring employees are using complex, hard to guess passwords backed with two factor authentication where possible) • Robust endpoint protection – with a combination of automated vulnerability management software (such as Desktop Central), the latest software and patches, anti-virus software to catch signature-based threats, and Endpoint Detection and Response (EDR) capabilities to catch the more stealthy attacks. EDR adds additional benefits for remote employees particularly as many of these systems are exposed through insecure home networks, by enabling your security operations team to quarantine a device that misbehaving, remotely diagnose the device to determine if and how it was compromised, return the device to a secure state, and apply global policy updates to all your remote devices to ensure other devices are not compromised in a similar way. Finally, you need to continually reinforce security best practices with your employees to include best practices for detecting and reporting phishing and social engineering attacks. Traditional reactive based defenses are insufficient to protect us against the

full spectrum of cyber threats and need to be augmented with proactive security capabilities, which requires: • Integrated cyber capabilities to give your security operations personnel holistic visibility of the cyber terrain they are defending and the ability to detect, correlate, and investigate anomalous activity occurring throughout your enterprise; • The context provided through an attack framework and threat intelligence to allow your security analysts to understand how anomalous events fit into a broader attack kill chain; • High confidence, integrated, prioritised, and actionable alerts – events independently firing from silo’d security tools just don’t cut it here; and • Automation, analytics, and machine learning to increase the efficiency and effectiveness of your limited security operations personnel to help them find the “needle in the haystack”. It is through these proactive security capabilities that you can move your organisation beyond a preventative and reactive defense posture and truly address the full spectrum of cyber threats targeting your organisation. As an added bonus, it can help address other challenges including alert fatigue, analyst overload, and the impacts of limited cyber personnel.

CYBERSECURITY EVOLVED PREDICT. ADAPT. SYNCHRONIZE.

Sophos Firewall XG Firewall

Sophos Endpoint Sophos Central

Intercept X

• Secure remote workers

• Artificial intelligence

• Free remote-access VPN

• Anti-ransomware

• Cloud management

• EDR and MDR

• Unmatched protection

• Exploit prevention

VIEWPOINT

SECURITY IMPLICATIONS OF THE HYBRID WORKFORCE JONATHAN NGUYEN-DUY, VICE PRESIDENT, GLOBAL FIELD CISO TEAM AT FORTINET, ON HOW TO SECURE A HYBRID WORKFORCE IN 2021.

n 2020, remote work became the norm as organisations worldwide were forced to rapidly shift their operational models. However, even once the COVID-19 pandemic subsides and some employees move back into the office, many others will continue working from home into the future. Indeed, “work” is increasingly viewed as something we do as opposed to a place we commute to and from. With this in mind, security and IT teams must adjust their strategies to manage this new hybrid workforce at scale effectively. Below we highlight the factors that play into the security of these environments, including the cloud, general security infrastructures, and employee cybersecurity awareness. 34

CXO INSIGHT ME

FEBRUARY 2021

Hybrid Work: Why It Isn’t Going Anywhere A hybrid workforce is comprised of remote workers, employees who work on-site, and those who go back and forth between working from home and working on-site. This type of workforce has seen a massive increase in popularity recently due to the COVID-19 pandemic. But while this shift was unplanned in many cases, both employees and employers have seen benefits stem from this setup. Employees like the flexibility it provides, and employers see ways to increase efficiency and reduce on-site costs. Even after the pandemic subsides, we can expect hybrid workforces to continue in popularity. A recent Gallup

poll indicates that 59% of workers would like to continue working remotely in the future. Because of this, it’s more critical than ever to understand the associated security implications and know how to manage them. Security in the Cloud With a hybrid workforce comes the need for employees to access workbased programs and applications from both inside and outside the company’s traditional network perimeter. However, multi-cloud adoption has expanded our notions of an enterprise perimeter. Some companies are finding that a cloud-based architecture, particularly a hybrid cloud approach, requires a new strategy.

Companies will also have to find the new balance between networking, security and the compute needs, especially as it relates to shared responsibilities across the infrastructure, platform and software.

The pandemic created an accelerated timeline for getting a work-from-home infrastructure in place. This led many companies to risk security gaps in favor of getting things up and running. But as businesses look to create a secure and stable hybrid work model moving forward, properly tackling security issues in a cloud environment is paramount. This starts with understanding how things have changed since the advent of the cloud. In this new paradigm, the traditional hub and spoke model in which all traffic goes through a central data center no longer reigns supreme. Indeed the focus on outcomes and experiences means that for digital transformation to work, network, security and application performance must be an integrated, end-to-end solution. Accordingly, many organisations are now adopting application aware, secure softwaredefined wide-area networks (SD-WAN) for optimised WAN performance and secure access server edge (SASE) for cloud-based integration. Shifts in IT Spending As businesses make more long-term transitions to hybrid workforce models, their IT budgets will see significant shifts. Funds that were once designated for a network upgrade are now being harnessed for cloud adoption, collaboration and endpoint security. A more distributed and disaggregated enterprise means greater emphasis on Zero Trust least privilege principles to secure network access.

Changes in General Security Infrastructure Because the threat landscape is much broader with a hybrid workforce, companies are realising their security needs are more complex than they were before. Implementing Zero Trust requires solutions like network access control, endpoint protection and SASE, for example, but it cannot end there – this is where something like the Fortinet Security Fabric comes into play. The Security Fabric makes it easy to cover the broader attack surface and manage security in a broad, integrated and automated fashion. It enables security-driven networking, zero trust access, dynamic cloud security, and AI-driven security operations along with seamless integration with an ecosystem of integrated third-party products. Having the right tools working together is critical for keeping an enterprise protected as its workforce shifts and evolves. That allows a focus on operating technology to manage risks rather than laboring to integrate and automate multiple products from different vendors – hoping it all works under the pressure of an actual incident. This consolidation is most clearly manifested in the evolution form point defense products, to platforms, to security fabrics. The Human Factor in Cybersecurity One of the most significant cybersecurity vulnerabilities in many businesses ends up being the employees themselves. If this was true when we all worked on-site, it is even more the case in a hybrid work environment. Any time an organisation shifts an employee’s workspace and network usage, they may be less adept at identifying phishing attacks, social engineering or other security threats they may encounter. For example, employees new to working remotely will likely have far more interactions with the company’s IT department initially. Because they are inundated with things to download and procedures to complete, a well-worded

phishing attempt might blend in and slip through the cracks. The key to combating the human factor in hybrid workforce cybersecurity is education. The more you can train and teach your employees what to look out for, the better. This can come in the form of phishing simulations or other programs designed to help create a cyber aware hybrid workforce, such as the training courses offered by Fortinet. Security Tools for a Hybrid Workforce In summary, while a hybrid workforce has many security implications, there are also many tools out there designed to keep ever-evolving IT infrastructures safe and secure. These tools include the following: • SD-WAN: Allows for high-speed application performance on edges anywhere within the more extensive corporate network, encompassing multiple devices at home, in the office, or on the road. • Dynamic Cloud Security: With an increased reliance on the cloud, hybrid workforces require dynamic cloud security solutions that protect businesscritical applications and workloads across public, private, and hybrid clouds. • Fortinet Security Fabric: A security platform that enables broad visibility of the entire digital attack surface, integrated solutions, and automated workflows to meet the demands of increasingly complex security ecosystems. • Information Security Awareness: Training offerings for your workforce that help them spot cyberthreats by understanding who the bad actors are behind attacks, what methods are used for attacks, how to protect themselves, and what key cybersecurity terms they should be aware of. Final Thoughts on the Hybrid Workforce Hybrid workforces are here to stay, and with the new IT infrastructures required to facilitate this shift come new security implications. Businesses and organisations can address potential cybersecurity risks with an approach integrating networking and security, as well as tools designed to manage a more complex threat landscape and cybersecurity training for users.

FEBRUARY 2021

CXO INSIGHT ME

VIEWPOINT

THE DARK SIDE OF THE CLOUD

AMMAR ENAYA, REGIONAL DIRECTOR – MIDDLE EAST, TURKEY & NORTH AFRICA (METNA) AT VECTRA, ON WHY ACCELERATED CLOUD ADOPTION EXPOSES ORGANISATIONS TO SECURITY RISKS

s our reliance on technology grows exponentially, so does the need for robust cybersecurity to protect users and keep data and business operations safe from hackers. But growth in cybercriminal activity has become a Catch 22 — the more organisations invest in data protection technologies, the more adept cybercriminals become. They change their attack methods and behaviors to blend in with normal traffic to bypass traditional network controls, infiltrate infrastructure and steal credentials. Because of this constant edging forward by both sides, network 36

CXO INSIGHT ME

FEBRUARY 2021

detection and response (NDR) is now an essential line item for every leadership team. Attacks that target software-as-a-service (SaaS) user accounts are now one of the fastestgrowing and most prevalent security issues encountered today. This trend began well before COVID-19 and has accelerated as more organisations make their transformation to the cloud. The trade-offs of working remotely When the labor force transitioned to working from home during the first wave of lockdowns, the move to online collaboration and productivity tools was fast but largely smooth. A by-product of this shift is an increased volume of considerably more sensitive data being shared across multiple

devices. In many instances, that information is now vulnerable. This is because current security approaches can lose visibility as environments expand to the cloud, which is increasingly where users are storing multiple accounts and accessing resources from both sanctioned and unsanctioned devices. When the lines become blurred between work and personal online interaction, exposure to cyber-risks increase dramatically. Beefing up patchy defences Traditionally, organisations have relied on tightly controlled on-premises servers where network security solutions were largely able to protect

data. With many more new devices accessing corporate and cloud networks, traditional solutions have become susceptible to greater risk activity and abuse of data in cloud applications. Today’s reality is that private and trusted networks can no longer be fully protected by legacy security that focuses on using signatures and detecting anomalies alone. Industry analysts and experts agree that NDR is better suited to identifying and stopping attacks across the modern data centre infrastructure. The adoption of NDR has gained huge momentum by correlating attacker behaviors and the progression of threats between cloud, hybrid and onpremise networks. We know that cybercriminals are exploiting a larger attack surface and getting more advanced. As a result, simply fortifying network perimeter security no longer works, especially when it comes stopping astute attackers and speeding up detection. In fact, the notion of a network perimeter no longer exists because users can connect from anywhere. For many organisations, security technology focuses on user behaviors when the focus should be on attacker behaviors. This requires knowledge about what attackers can do on your platforms rather than monitoring approved users and what they’re sharing while looking out for malicious insiders. It is time to flip the narrative and look at the bigger threat — attacker behaviors. Take a lesson from Office 365 Observing Microsoft Office 365 users shows how easy it is for hackers to gain entry into an organisation’s network. The recent Spotlight Report on Office 365 from Vectra collected opt-in data from 4 million Office 365 users worldwide and found that 96 percent of customers exhibited malicious lateral movement behaviors. This means that once a hacker gets access to an Office 365 account, the

backdoor entrance to an enterprise network opens, making it vulnerable to attack. Take Microsoft Power Automate as an example. Formerly Microsoft Flow, it is designed to automate user tasks and save time. Power Automate is enabled by default in Office 365. Unfortunately, Power Automate is a blind spot that creates hazardous security vulnerabilities in Office 365. Research from the

TO PROTECT DATA AND REDUCE CYBER RISK, IT IS VITAL FOR ORGANISATIONS TO ADOPT A PROACTIVE RATHER THAN REACTIVE APPROACH TO CYBERSECURITY. IT CAN RESULT IN A COSTLY MISTAKE TO RELY ON LEGACY NETWORK PERIMETER SECURITY ALONE. TODAY, NDR IS AN ESSENTIAL CORNERSTONE OF CYBERSECURITY BEST PRACTICES.

Spotlight Report on Office 365 shows that 71 percent of customers exhibited suspicious Office 365 Power Automate behaviors. Right now, you can set up a Power Automate script to automatically take all attachments in an email and store them in OneDrive. An attacker could then compromise an account, and use Power Automate to take these documents and exfiltrate them to a Dropbox account. Attackers have been leveraging this feature to assume an account identity and pivot from Office 365 to a device or on-premises. They then can log in as a specific user within Office 365 and start damaging or exfiltrating data or move laterally to find high-value assets to steal. Adapt network security for changing tactics With NDR, organisations can identify what attackers are doing, where they are in their network, and quickly stop attacks before they become data breaches. NDR leverages AI-derived machine learning algorithms to identify early threat behaviours across hybrid, on-premise and cloud. It also automatically detects and prioritises attacks that pose the highest risk to your organisation and triggers a real-time response to quickly mitigate threats. To protect data and reduce cyber risk, it is vital for organisations to adopt a proactive rather than reactive approach to cybersecurity. It can result in a costly mistake to rely on legacy network perimeter security alone. Today, NDR is an essential cornerstone of cybersecurity best practices. As we start to think more about strategic security investments in 2021, it’s timely to consider where the best value and the best line of defence will come from and how organisations can better ensure they are protected. This is especially true as organisations rely increasingly on hybrid, on-premises and cloud platforms for a range of different devices in what it’s expected to be a complex and critical year.

FEBRUARY 2021

CXO INSIGHT ME

VIEWPOINT

UNDERSTANDING

BEC SCAMS EMILE ABOU SALEH, REGIONAL DIRECTOR, MIDDLE EAST & AFRICA AT PROOFPOINT, SAYS AS CYBERCRIMINALS CONTINUE TO CAPITALISE ON THE HUMAN FACTOR, IT IS IMPORTANT TO UNDERSTAND HOW TO PREVENT BEC SCAMS.

usiness Email Compromise (BEC) and Email Account Compromise (EAC) afflict businesses of all sizes across every industry. More money is lost to this type of attack than any other cybercriminal activity. The FBI reported that from June 2016 to June 2019, companies reported $26.2B in losses. And in 2019 alone, BEC scams accounted for more than half of all cybercrime losses—an estimated $1.77B. The average loss per BEC incident in 2019 was $74,723. Additionally, latest UAE CISO Report from Proofpoint shows that 80% of CSOs and CISOs in the UAE suffered at least one cyber attack in 2019, with over half citing multiple incidents. People-centric attacks top the list and among them 15% were originated by BEC attacks. As cybercriminals continue to capitalise on the human factor, it is paramount to understand how this type of attack works and how to prevent it. What Is BEC Supplier Invoicing Fraud BEC supplier invoicing scams are sophisticated and complex schemes to steal money by either presenting

CXO INSIGHT ME

FEBRUARY 2021

a fraudulent invoice as legitimate or by re-routing the payment to a bank account controlled by the attacker. These scams are often the costliest for victim organisations. BEC supplier invoicing fraud can be so successful that even prominent, well-known individuals can fall for them. Similar to gift card scams and payroll diversion scams, supplier invoicing scams rely on social engineering and impersonation to convince the target victim to send money to the attackers. But what sets BEC supplier invoicing scams apart is not just the large dollar amounts often associated with these scams, but also the complex nature of these scams. While gift card scams are relatively simple, using maybe one email targeting one employee, supplier invoicing scams are more byzantine involving compromise and impersonation of trusted vendors and carried out in multiple stages against multiple individuals and organisations. The impersonation can either be at an account level or at the domain level (e.g. domain lookalikes). How BEC Supplier Fraud Works Many of the BEC supplier invoicing attacks Proofpoint has observed indicate that these attacks originate from a legitimate email account that has been compromised. These compromised accounts are highly prized by threat actors. They can conduct extensive reconnaissance and fraudulent emails sent from the compromised account will pass email authentication controls (e.g. DKIM, SPF, DMARC) because they are sent from a legitimate account. Once a legitimate transaction is identified, the threat actor “thread hijacks” an already in-progress email conversation about the transaction. Since the attacker’s message is part of an email thread that the target victim reasonably believes to be legitimate,

IT IS CLEAR THAT ATTACKERS WEAVE TOGETHER IDENTITY DECEPTION, AUTHORITY, AND URGENCY WHILE USING TACTICS LIKE ACCOUNT COMPROMISE AND IMPERSONATION THAT PIVOT ALL TO MAKE A FRAUDULENT BANK ACCOUNT CHANGE REQUEST SEEM LEGITIMATE SO THAT THE TARGET WILL PAY THE INVOICES TO THE THREAT ACTOR’S BANK ACCOUNT.

their message has greater credibility. As such requests for bank account changes due to audit or COVID-19 seem more plausible. This believability and trust are key elements of social engineering. By their very nature, thread hijacking attacks are very difficult, if not impossible for users to identify, making this a threat vector where technology countermeasures are particularly needed and useful. At this stage of the attack, the threat actor pivots to a supplier account impersonation tactic where the attacker inserts an impersonated account in the “reply-to” or “cc” of the email conversation, which can be a lookalike of the supplier domain. The impersonation pivot allows the threat actor to maintain the email conversation with the target when the compromised account is

remediated. In many cases, the email thread continues via the impersonated account. Shifting the conversation to the impersonated account also makes it more difficult for forensics and investigations because you lose the logs in the supplier SEG. Additionally, using both authority and urgency are other common social engineering tactics in BEC attacks. Also notable is that the fraudulent emails are devoid of any malware payload such as an attachment or URL. There are no links or attachments for the victims to click. It is clear that attackers weave together identity deception, authority, and urgency while using tactics like account compromise and impersonation that pivot all to make a fraudulent bank account change request seem legitimate so that the target will pay the invoices to the threat actor’s bank account. Are You Protected? BEC supplier invoicing scams are not sophisticated in their goals or even their tactics. The goal is simple: convince a target victim a fraudulent invoice is legitimate, so they’ll pay it. The tactics primarily focus on spoofing and account compromise: tactics that are not technically sophisticated. However, BEC supplier invoicing fraud weaves these tactics together in creative ways which is why BEC supplier invoicing scams continue to be successful. The end result of these tactics is a multi-layered fraud that is reasonably, highly credible. One of the most important things CISOs can do to help protect against BEC is to understand how prepared your organisation is to combat them. As BEC supplier invoicing fraud relies on social engineering to trick end users, it’s critical to continuously train employees about these types of scams, enabling them to report messages as suspicious and automate their investigation and remediation.

FEBRUARY 2021

CXO INSIGHT ME

VIEWPOINT

ADAPTING TO A POSTPANDEMIC WORLD IN THE POST PANDEMIC WORLD, DIGITAL TRANSFORMATION AND CLOUD ARE NOW MAINSTREAM, WITH ONE DISRUPTIVE, WHILE THE OTHER SUPERBLY COST EFFECTIVE. ROHIT BHARGAVA, PRACTICE HEAD, CLOUD & SECURITY FROM CLOUD BOX TECHNOLOGIES, WRITES ABOUT THIS INTERPLAY OF TECHNOLOGY AND SKILLS.

he pandemic has flipped regional enterprise priorities the other way around. Some projects that were on the drawing board have been accelerated, while others trimmed down or shelved. Regional enterprises are accelerating digital transformation projects, with cloud at the epicenter, looking to achieve a host of new capabilities. These include cost reduction, rapid time to market, creation of new market places, enhanced team collaboration, amongst others. The fast-changing environment of the pandemic is so typical of a competitive digital market place, where scale, speed, simplicity, determine survival and business returns. All technologies go through a roller coaster of highs and lows. They exhibit peaks of rapid adoption as well as slowdowns, triggered by pragmatic evaluation to get the best business benefits out of investments. Digitally advanced organisations develop the ability to manage these highs and lows of adoption. CIOs in these organisations learn the approach of digital dexterity, a new set of skills and capabilities that allow them to manage such challenges. These skills are typically a blend of continuous problem solving, complex decision making, and rapid pattern recognition. Digital dexterity is a new set of attributes and skills that allow CIOs and their teams to operate successfully in a continuously changing digital world. Digital transformation also requires the ability to adjust to challenges both outside and inside the organisation. 40

CXO INSIGHT ME

FEBRUARY 2021

Moving down the path of digital transformation requires organisations to manage multiple disruptive digital technologies in a cohesive and systematic fashion. This enables disruptive technologies to add up and grow exponentially in scale. The way forward is for CIOs to select, use and integrate disruptive technologies, on a continuous basis. Leveraging the cloud Cloud computing helps to reduce the computing cost per user, where large number of users are using the same application workload. In the past, legacy database servers, were much more inefficient in sharing the same application workload with large number of users. Hence, when the user base was smaller, and the ability to share compute and application resources was limited, the cost per user was much higher. Computing was more expensive in the past with legacy servers and database technologies. A simple graph of computing cost per user versus the number of users and the type of technology shows that, as the number of users supported with the same application workload increases, the cost per user reduces. Over the last 30 years we have seen these changes happening through client server architecture, Unix servers, Main Frame servers, Virtual servers, and finally modern day hyper converged servers and finally hyper scalar architecture. The number of users, now supported on cloud application architectures,

using hyper converged and finally hyper scalar architectures built by cloud service providers, can run into millions, tens of millions, and more. The key here is to have a welldesigned, cloud architecture, application workload, scale out across an array of computing resources, to support millions of concurrent users, in real time. By using a cloud platform from cloud service providers, enterprises are outsourcing the requirement of keeping in touch with the latest technologies and best practices. This reduces the pressure on enterprises to continuously invest in technology capital purchases and to continuously recruit skilled technology resources. Cloud therefore reduces the total cost of technology ownership on the longer term and helps the IT organisation demonstrate higher productivity gains. In reality CIOs and business heads inside an organisation may find themselves challenged, with cloud and other technologies, to use the full potential of the digital platforms they are building. The digital platform allows the organisation to build new products, target new customer segments, build new marketplaces and extend and integrate into supplier ecosystems. Digital platforms can transform the complete business model of an organisation and is only limited by the imagination and creativity of the CIO and business heads.

VIEWPOINT

TOP THREE

NETWORKING TRENDS MORTEN ILLUM, EMEA VICE PRESIDENT AT ARUBA, A HEWLETT PACKARD ENTERPRISE COMPANY, REVEALS THE TOP THREE TRENDS FOR 2021 – EVOLUTION OF HYBRID WORKPLACE, SD-WAN GOING MAINSTREAM AND CRITICALITY OF EDGE NETWORKING.

e made it through 2020. But now it is time to turn off our out-of-(home) offices and roll up our sleeves once more. As our thoughts turn to what 2021 has in store, here are three key trends that are firmly on my radar this year. The continued evolution of the hybrid workplace It is perhaps no surprise that this is first up. It’s been top of the business agenda for the past year after most organisations found themselves converting almost overnight to a work from home operating model thanks to COVID-19 and only able to welcome back a skeleton in-person staff since. But as vaccination programmes roll out across EMEA and people are allowed to return to the office in far more significant numbers, I believe we will see the emergence of a new type of hybrid workplace. Or more accurately, a hybrid workspace. After all, the definition of a place is “a particular position, point, or area in space” and our future work environment is likely to be anything but fixed. The more significant change, however, is that the new hybrid workspace will be a deliberate one. Of course the redesign of the office as a concept was in play well before COVID-19 turned the world upside down. But for the past year, the hybrid workspace been a reactive one – hybrid by necessity versus by design. As businesses took the time they’ve 42

CXO INSIGHT ME

FEBRUARY 2021

had this year to plan their return in more detail, we can expect to see more fundamental changes starting to shape our office environments. In addition to the necessary health and safety measures, I predict we’ll continue to see less desk space and more meeting room space, for example, as day-today interactions are kept to video conference and the office is reserved for bigger group get-togethers. SD-WAN goes mainstream A quick Google search will show you countless articles proclaiming that this is the year of SD-WAN. Certainly, it was said about both 2019 and 2020, but we really mean it for 2021! Again, one of the key drivers for this has been the pandemic – and the spotlight it has shone on the need to better connect home, branch and cloud environments to deliver a consistent

application experience, whether an employee chooses to log on from the office, home or on the road (imagine!). As businesses look to the coming year, support for a distributed workforce will remain a top priority, making SD-WAN critical to successfully navigating the “new normal.” This acceleration of interest in SD-WAN is something that is coming through loud and clear in conversations with partners and customers. Case and point, on a recent call with a security company, they mentioned that every current customer discussion ends in them being told that the customer has an SD-WAN project underway and that this project needs to be defined before the customer can make any changes to their security policies or vendor of choice. This is just one example, but it certainly points to the fact that SD-WAN is becoming a much broader customer need throughout 2021. Taking the data centre to the Edge The explosion of data has been a running theme throughout my posts for some time now – but as COVID-19 has accelerated the digital transformation of nearly every organisation out there, the amount of data being generated at the Edge has never been higher – or indeed more vulnerable – and the need for businesses to quickly and efficiently collect, secure, process and act on that data has never been more pressing. With the hybrid workplace set to make the situation even more complicated in 2021 with people constantly moving in and out of the office environment, the traditional model of a single data centre located at a company headquarters is no longer fit for purpose. Instead, we will see enterprises starting to transition to a “centres-of-data” networking model – with multiple micro data centres positioned at the Edge to help convert all that data into simplified IT operations, accelerated service delivery, and streamlined IT deployment. The challenges of the past year are by no means over – and the above three trends will certainly keep things interesting in 2021.

The coronavirus crisis has accelerated the adoption of digital technologies in the Middle East. The pandemic has demonstrated the importance of business continuity plans and the need to improve operational efficiencies through digital business. In its third year, CXO 50 Awards seek to recognise IT leaders who have taken the reins during the crisis to shape the new normal. The award is designed to honor innovative and forward-thinking IT executives whose actions have had an impact on their own organisations and the industry they work in. The awards are open to IT executives anywhere in the Middle East and all entrants for CXO 50 Awards will be evaluated by a judging panel comprising industry stalwarts. So, if you are an IT pro who has demonstrated innovative leadership with real-world results we would like to hear from you.

PLATINUM PARTNER ORGANIZER GOLD PARTNERS

SILVER PARTNERS Pantone: Pantone Process Cyan

OFFICIAL MEDIA

PRODUCTS

Motorola 5G smartphone

otorola has launched the most affordable 5G Smartphone in the UAE. Priced at just 999 AED, moto g 5G is the first device in the region to feature a Qualcomm Snapdragon 750G 5G processor – ideal for speed and immersive gaming. The new moto g 5G empowers users to be more productive and immersed in their content, at a time in which high performance connectivity could not be more crucial.Users can download movies in seconds, stream intensive online games with minimal lag and experience crystal clear video conferencing. In addition to delivering on speed and a competitive price point, the moto g 5G also boasts a 48 MP triple camera system, which leverages Quad Pixel technology to deliver sharper and brighter photos in any light condition. Meanwhile, the 8 MP ultra-wide angle lens fits 4x more into the frame, while the dedicated Macro Vision camera delivers 5x zoom functionality, empowering users to take incredible close-up shots. The 16MP main selfie camera has a large 2.0 μm pixel size, ideal for capturing special moments and sharing with loved ones. The moto g 5G also comes with a 5,000 mAh battery, which gives users over 2 days of battery life on a single charge. When in need of a quick recharge, 20W TurboPower charging offering 10 hours of power in just 15 minutes of charging.

HP LATEX HP Inc. has introduced a range of new Latex large format print solutions to help print service providers diversify their offerings and meet more challenging customer needs. After a year of business disruption across the large format industry, the HP Latex 700 and 800 series brings a suite of features that enable PSPs to be more agile, tackle ambitious projects and

CXO INSIGHT ME

FEBRUARY 2021

take on the highest value work. The new portfolio also delivers fast workflows that help businesses hit deadlines, while sharpening their sustainability edge. The new HP Latex range consists of four devices – the HP Latex 700 and 800, and the HP Latex 700W and 800W which offer white ink capability for the first time in this category. It is the whitest white ink available on the

market that does not yellow over time, enabling print businesses to produce neater outlines and add more contrast to darker supports. Meanwhile, updated printheads possessing more nozzles and producing speeds of up to 36 m2/hr (388 ft2/hr) allow the HP Latex 800 and 800W to offer 50% higher productivity levels compared to previous HP models. Print jobs executed on the new 700/800 Series will deliver with vivid colors and finer image and text details, even at faster print speeds. Operationally, HP PrintOS also enables PSPs to monitor and control their print fleet using a cloud-based interface they can use virtually anywhere, anytime. All four devices in the HP Latex 700 and 800 series use the HP Eco Carton – a cartridge made with cardboard material, reducing the amount of plastic used by 80%. HP’s water-based inks are also kinder to the environment.

D-Link Full HD Wi-Fi camera D-Link has presented its latest DCS-8300LHV2 Full HD WiFi Camera with AI-based person detection. This intelligent camera can identify human motion, minimising false alarms and ensuring that users get the alerts that matter. Not only does the DCS-8300LHV2 capture video in Full HD 1080p with a 120-degree field of view, but it also features 360-degree adjustable positioning and 5m night vision so that users see everything, even in the dark. The DCS8300LHV2 provides enhanced sound and motion detection as well as two-way audio with its built-in microphone and speaker so that users can make their presence felt even when they’re not at home. These advanced features make life more convenient for users who want to monitor their home and loved ones and keep them safe. The DCS8300LHV2 joins the growing ecosystem of mydlink smart home devices and works with the free mydlink App for a simple, speedy setup and anytime, anywhere control and monitoring.

Additional features include support for WPA3, Google Assistant and Alexa compatibility, and support for ONVIF Profile S. Quick and easy setup is ensured with its builtin BLE technology, and support for IPv6 means that the DCS-8300LHV2 is compatible with the next generation of internet standards. The DCS-8300LHV2 is currently available for purchase from D-Link resellers and distributors.

HONOR 10X LITE The HONOR 10X Lite provides users with an extraordinary long-lasting battery to keep you powered throughout the day on a single charge. The 5000mAh battery enables up to 59 hours of phone calls, 38 hours of 4G phone calls, 23 hours of video playback, and 79 hours of FM radio output. Packed with a 22.5W SuperCharge, the HONOR 10X Lite enables gaming enthusiasts to fully charge their devices in just 95 minutes. The 2.5W OTG Reverse Charging function even allows you to charge other devices, perfect for topping up your friends’ phones in case their battery is dangerously low. In addition to the long-lasting 5000mAh battery, the HONOR 10X Lite has 128GB of storage which is expandable by up to 512GB when you insert a microSD card, allowing you to store up to 10,000 10MB of photos, 300 episodes of your favorite TV series, 100 lightweight games, and 12,000 e-Books. The HONOR 10X Lite is also NFC-enabled, allowing you to make payments and transfer data between other NFC-equipped devices for a more convenient and smarter life.

FEBRUARY 2021

CXO INSIGHT ME

BLOG

OUT AND ABOUT WITH THE NEW TRAVEL PASS SUNIL PAUL, MD OF FINESSE, ON THE RELEVANCE OF A DIGITAL COVID-19 VACCINE PASSPORT

ecently, Sweden and Denmark revealed plans to introduce digital coronavirus vaccination passports as a measure to control the spread of the pandemic and revive international travel safely. These passports are expected to assert if the holder has been inoculated, has tested negative for the virus or has recovered from it. Although it sounds simple enough, there are a number of different aspects to consider before this becomes the norm. Vaccination certificates are not a novel concept. Several countries in Africa require travellers to produce a proof of vaccination for diseases like yellow fever or polio before entry and these are already policed by international law. However, replicating a similar concept to COVID-19 can prove to be trickier, at least in the early stages. Governments across the world would have to first be on the same page on which of the many vaccines that are currently being developed would be accepted for international travel. Perhaps more than one vaccine will be on the accepted list, considering each country has a different vaccine that is currently being administered to its citizens. Then there is the question of global supply of the accepted vaccine – are there chances that rich countries will hoard it, leaving other countries grounded? As we are in the initial phases of vaccine delivery in most countries, it is yet to be determined once a person is immunised, are there still chances of them transmitting the virus without experiencing any symptoms? Till date, the COVID-19 vaccines currently in use have not

CXO INSIGHT ME

FEBRUARY 2021

been assessed on their ability to prevent transmission, according to experts. So, if a country allows entry for a passenger who presents his digital vaccine passport with all the accurate details of his jabs, there are still chances that the person could be a carrier and bring the virus with him. Besides these issues that need to be ironed out eventually, cybersecurity and data privacy will be other big hurdles that digital travel passports will present. These travel passports must be digital rather than paper documents as the latter can be easily falsified. According to reports, there has been an alarming increase in the number of fake COVID-19 test certificates sold in the black market, especially in countries such as Netherlands, France, Spain and the UK. These kinds of instances compromise the industry’s efforts to reopen air travel. However, digital solutions that house health and personal identification information could raise privacy concerns and increases the risk for data breaches. Keeping the security risks in mind, British cyber tech firm VST Enterprise (VSTE) has recently launched a public ‘fit to fly’ health passport designed for air travel. According to the company, its cross-border platform V-Health Passport does not use bar codes and QR technology. Presently there have been concerns about ‘attagging’ – where hackers can clone QR codes and redirect to other information points or websites. Louis-James Davis, VSTE CEO and inventor of the VCode technology and V-Health Passport, said, the V-Health Passport employs closed loop technology with end-to-end encryption

and has 2.2 quintillion collision free combination codes. These decode based on geo location, time and date, device type and user login to prevent hacking. The digital passport can be downloaded and used together with any form of COVID-19 testing and vaccination. The Gulf region’s biggest carriers – Emirates, Etihad and Qatar Airways – are testing International Air Transport Association’s (IATA) travel pass initiative. The IATA Travel Pass mobile app assists passengers effortlessly and securely to ensure they meet all the travel guidelines from any government for COVID-19 testing or vaccine information. It uses decentralised blockchain technology, which ensures there isn’t a central database that can be breached to access personal information. Working like a social media platform, the app gives users complete control of their data. To have effective digital COVID-19 vaccine passports that can instantly and securely offer a comprehensive overview of a person’s health details, it is important that governments and global airlines standardise the process. There are still many elements that need to be figured out with the types of vaccines and its related impacts before these can be a relevant entry pass. The good news is that today we definitely have all the tools and technologies to make this possible. However, to make these digital vaccine passports a reality in the near future, while simultaneously ensuring its security and standardisation process, will take the collaborated efforts of all the different stakeholders.