ISSUE 14 \ NOVEMBER 2019
IN PURSUITOF
EXCELLENCE HOW AL NABOODAH GROUP ENTERPRISES CIO TRANSFORMED IT OPERATIONS WITH A PRIVATE CLOUD INFRASTRUCTURE
CONTENTS
12
49 PRODUCTS
AL NABOODAH GROUP ENTERPRISES ROLLED OUT A PRIVATE CLOUD TO ACHIEVE SPEED AND AGILITY. THE GROUP CIO MARIO FOSTER TELLS US HOW HE TRANSFORMED IT IN HIS QUEST TO CONTRIBUTE TO THE BUSINESS GROWTH.
FINDING THE
RIGHT MIX 6 NEWS
10 10 16 18 22 24
BUILT TO PROTECT
28
BEYOND THE BLOCKCHAIN HYPE
A SMARTER APPROACH MASTERING THE ART OF AUTOMATION A DIFFERENT LEAGUE 3 WAYS TO HARNESS AI ACROSS FIELD SERVICES MANAGEMENT
PUBLISHED BY INSIGHT MEDIA & PUBLISHING LLC
16 30 34 36 38 42
EMBRACING THE CLOUD JOURNEY THE FUTURE OF WORK THE REAL WEAK SPOT TAKING CONTROL HOW TO GET A HANDLE ON VULNERABILITY MANAGEMENT
ABU DHABI CROWN PRINCE INTRODUCES NEW ADVANCED TECHNOLOGY FIRM EDGE HYPERLOOP STUDY REVEALS $4B INCREASE IN SAUDI GDP BY 2030 ETIHAD ADOPTS MICROSOFT OFFICE 365 TO BUILD A MODERN WORKPLACE
NOVEMBER 2019
CXO INSIGHT ME
3
EDITORIAL
EASY PICKINGS
L
ast month, we hosted a roundtable event to discuss the state of cloud adoption in the region. After speaking to CIOs from a wide range of verticals, including government, banking, and healthcare, I was quite surprised to learn that cloud is finally having its moment in the region. The fact that hyperscalers have a local presence now has instilled confidence, and the number of companies looking to move their whole IT stack to the cloud is quite high. Also, the increased competition has resulted in a price war, and the users have a lot more choice now – from mega cloud providers to local service providers. Has the cloud era truly dawned upon us now? Maybe not because there are still some issues that need to be ironed out by the industry. When the cloud hype was cranked up to maximum, one of its biggest selling points was cost. However, now many users have realized the cloud is not always exactly cheaper, and it is time the cloud industry stopped marketing cost efficiency as the leading
Published by
Publication licensed by Sharjah Media City @Copyright 2019 Insight Media and Publishing
Managing Editor Jeevan Thankappan jeevant@insightmediame.com +97156 - 4156425
factor. Instead, what the cloud providers need to focus is on the kind of operational efficiencies and flexibility it offers to users, and it is almost always better than an on-prem alternative. In this month, we have featured two CIOs who are using the cloud to cater to the needs of their businesses. One is Mario Foster, CIO of Al Naboodah Group, who has adopted a private cloud, wringing the maximum value from his company’s data centre investments. He tells us the private cloud offers nearly all the same benefits of the public cloud, and cautions his peers to read the fine print before jumping on to the public cloud bandwagon. In another example, RDK Group has adopted a cloud-first approach, eliminating technical debt. If you are a CIO driving digital transformation of your business, I think you are left with no choice but to adopt a cloud-first strategy because the traditional IT approach of leveraging yesterday’s infrastructure just doesn’t cut it anymore.
Sales Director Merle Carrasco merlec@insightmediame.com +97155 - 1181730
Production Head James Tharian jamest@insightmediame.com +97156 - 4945966
Operations Director Rajeesh Nair rajeeshm@insightmediame.com +97155 - 9383094
Administration Manager Fahida Afaf Bangod fahidaa@insightmediame.com +97156 - 5741456
While the publisher has made all efforts to ensure the accuracy of information in this magazine, they will not be held responsible for any errors
NOVEMBER 2019
CXO INSIGHT ME
5
NEWS
ABU DHABI CROWN PRINCE INTRODUCES NEW ADVANCED TECHNOLOGY FIRM EDGE
H
is Highness Sheikh Mohamed bin Zayed Al Nahyan, Crown Prince of Abu Dhabi and Deputy Supreme Commander of the UAE Armed Forces has inaugurated EDGE, a company set to reposition the UAE as a notable global player in advanced technology. With the digital era creating unprecedented challenges and opportunities, EDGE is positioned to disrupt capabilities across a wide breadth of industries. Starting with break-through innovations in the high investment defence sector, and with a priority on national security, EDGE is consolidating more than 25 entities, including subsidiaries from the Emirates Defence Industries Company (EDIC), Emirates Advanced Investments Group (EAIG), Tawazun Holding, and other independent organisations. His Excellency Faisal Al Bannai, CEO and Managing Director, EDGE said, “EDGE will invest extensively across R&D, working closely with front-line operators to design and deploy practical solutions that address real world challenges.” He added, “The solution to address hybrid warfare, lies at the convergence of innovations from the commercial world and the military industry. Established
with a core mandate to disrupt an antiquated military industry generally stifled by red tape, EDGE is set to bring products to market faster and at more cost-effective price points.” Al Bannai has been appointed to lead EDGE, based on his start-up background and proven track record in leveraging emerging technologies to expand business opportunities at home and abroad. In contributing to innovation and advanced technology growth, EDGE will develop deeper partnerships with world-leading industry OEMs and defence contractors, the SME sector and academia alike. It will also be attracting elite industry experts and talent from around the globe, to help on a wide spectrum of modern product development, ranging from ideation to building cross domain capabilities over its five core business clusters: Platforms & Systems, Missiles & Weapons, Cyber Defence, Electronic Warfare &
Intelligence, and Mission Support. The company said it is set to implement advanced technologies such as autonomous capabilities, cyberphysical systems, the Internet of Things, advanced propulsion systems, robotics and smart materials, with a focus on artificial intelligence across all its products and services. His Excellency Tareq Abdul Raheem Al Hosani, Chief Executive Officer of Tawazun Economic Council (the UAE’s Defence Enabler) said, “We are invested in managing the uncertainty that technology brings by adapting our focus and capabilities towards a sustainable defence and security industry. EDGE will help us transform our domestic capabilities, while growing our engagements on defence and security exports.” In 2018, the UAE topped the Global Innovation Index for the Arab world. EDGE aims to help the UAE to retain and expand that foremost position.
SAUDI ARABIA’S NATIONAL PAYMENT SERVICE PROVIDER SELECTS ORACLE EXADATA Saudi Payment’s SADAD, the national electronic bill presentment and payment service provider for the Kingdom of Saudi Arabia has chosen Oracle solutions to implement a robust payment security system, develop digital economy ready services and drive cost efficiencies. “SADAD payment system is a vital catalyst for driving Saudi Arabia’s digital economy in line with Saudi Vision 2030, and we are focused on delivering seamless and secure payment services to consumers in the country in order to
6
CXO INSIGHT ME
NOVEMBER 2019
reach our goal of cashless society,” said Abdulaziz AlAfaleg VP Operations & Shared Services, Saudi Payments. “Our investment in Oracle ExaData solutions will help us deploy multiple level security capabilities, significantly reduce our CAPEX, increase agility and deploy extra resources on demand based on high workload scenarios.” As part of this implementation, SADAD will implement Oracle ExaData at customer solution that will also help the organisation achieve faster time to value; regulation control; data privacy
and governance, and tight integration with their network security. “Digital payments are now a vital aspect of everyday economic transactions in Saudi Arabia and SADAD is at the heart of these payment systems”, said Fahad Al Turief, Country Leader – Saudi Arabia, Oracle. “SADAD is now preparing to usher in a new highly secure and intuitive payments era in Saudi Arabia and with Oracle ExaData at Customer’s next gen computing capabilities, SADAD will be able to deliver unprecedented innovation within their own data centre.”
HYPERLOOP STUDY REVEALS $4B INCREASE IN SAUDI GDP BY 2030 Virgin Hyperloop One (VHO), global hyperloop company, has announced the results of a strategic study commissioned to build the world’s first extended test and certification hyperloop track in the Kingdom of Saudi Arabia. The study also set out plans for an R&D centre and manufacturing facility to support the development of the groundbreaking hyperloop technology. In line with Saudi Vision 2030, the Kingdom’s diversification and development strategy, the VHO project is expected to significantly support a number of the economic and social pillars of the country’s 2030 Vision, including the expansion of transportation, the development of urban infrastructure and the growth of a technology enabled modern economy. Sultan Ahmed bin Sulayem, Group Chairman and CEO of DP World and Chairman of Virgin Hyperloop One, said, “The study highlights that hyperloop is
more than a high-speed connectivity for passengers and cargo. The findings have shown a positive alignment between the project and Saudi Arabia’s ambitious national economic and social development agenda. With this in mind, we are delighted to highlight this vision at the Future Investment Initiative and continue our talks with a multitude of stakeholders.” The Virgin Hyperloop One Center of Excellence (CoE), if approved, could break ground in King Abdullah Economic City (KAEC) in 2020 and include an integrated test track, as well as explore the feasibility of creating a manufacturing center and operating facility that will propel the Kingdom to the forefront of hyperloop
development worldwide. The report also illustrated how the CoE will drive domestic value by adding to the creation of more than 124,000 high-tech local jobs, supporting the technology sector by incorporating advances in robotics and AI and driving an estimated $4billion increase in KSA GDP by 2030. The study further provides analysis on the economic impact of the CoE and wider VHO development in the Kingdom, focusing specifically on the growth of hyperloop supply chains and the acceleration of innovation clusters across the Kingdom. Assessing short and long-term metrics, the study looked at the role of a manufacturing center and the local and global supply chains required to facilitate industrial development of this nature within KAEC. Jay Walder, CEO, Virgin Hyperloop One, said, “With Virgin Hyperloop One’s technology we are transforming inspiration into practical innovation. We have developed patented technology and are building a strong network of public and private partners committed to making hyperloop the catalyst of a transportation revolution in years to come.”
VMWARE EXPANDS REACH OF VMWARE CLOUD ON AWS VMware has announced a new multitenancy service for VMware Cloud on AWS that will make it even more attractive and available to customers of all sizes through managed service providers (MSPs). VMware also announced a tech preview of Project Path which will help cloud providers and MSPs adopt new business models that will help generate new value, revenue and improved margins to their cloud businesses. According to 451 Research, the vast majority of enterprises are going toward an integrated hybrid IT environment, with 57 percent of organisations moving toward an integrated on-premises/offpremises hybrid IT environment. IDC research finds that 62 percent of public cloud IaaS users surveyed use multiple IaaS providers. Many enterprises are pursuing a strategy that brings together native public cloud services and a
consistent hybrid cloud environment into a single cloud strategy. In response to this shift in customers’ cloud strategies, cloud providers, too, are evolving their own multi-cloud journey. VMware is innovating to support partners’ diverse business models. “VMware’s strategy is to offer partners consistent cloud infrastructure and operations that support their customers’ multi-cloud strategies, and enable them to simultaneously employ both asset-heavy and asset-light business models,” said Rajeev Bhardwaj, VP of products, Cloud Provider Software Business Unit, VMware. “For the first time, VMware Cloud on AWS will support multi-tenancy through the new VMware Cloud Director service, enabling MSPs to more quickly and easily create full software-defined data centers in the AWS cloud for small- and medium-sized enterprises. With Project
Path, partners will be able to accelerate their delivery of both VMware-based and native public cloud services, to more efficiently support customer operations across clouds, and better meet customer needs by deploying applications to whichever cloud best suits their business or IT requirements.” The new VMware Cloud Director service is a SaaS version of the VMware vCloud Director service-delivery platform. With multi-tenant capabilities, MSPs will be able to easily share a pool of VMware Cloud on AWS capacity across multiple tenants. This will reduce providers’ overall costs while providing the flexibility to right-size VMware Cloud on AWS environments for midmarket enterprise customers. Initially, the VMware Cloud Director service will support VMware Cloud on AWS and will evolve to operate and manage other VMware-based clouds.
NOVEMBER 2019
CXO INSIGHT ME
7
NEWS
ETIHAD ADOPTS MICROSOFT OFFICE 365 TO BUILD A MODERN WORKPLACE
M
icrosoft has announced that Etihad Airways, the national airline of the United Arab Emirates, has adopted Office 365 to boost collaboration and scale productivity, which will further empower its employees to achieve more. Etihad’s 20,000 employees, from more than 150 different countries, fly to over 80 destinations from its hub in Abu Dhabi and serve 18 million passengers annually. Chief among Etihad’s digital goals are the automation of processes and the empowerment of employees through collaboration and communication platforms. “Etihad is proud of creating a unique travel experience for our guests while empowering our employees to be effective innovators,” said Mike Papamichael, Vice President Technology and Innovation, Etihad Aviation Group. “To provide the best service, you need to not only have the best people in
place, but the best tools to help them collaborate and make decisions in real time. We are pleased to partner with Microsoft towards this goal.” Yammer now forms the heart of Etihad’s employees’ social network and acts as a collaboration tool and a platform for sharing company-wide news in real time. Adopting Office 365 with its power platforms has helped Etihad with a 30% growth in their process optimisation target. In alignment with Etihad’s optimisation targets across departments and subsidiaries, Microsoft
Power Platform – which brings together Power BI, PowerApps, and Flow – has been leveraged to enhance the company’s business processes, freeing up employees to commit time to more innovative activities. More than 260 live applications across Etihad’s business units now rely on the new platform to optimise operations. And some 17,000 Etihad Business Users now keep in touch with co-workers and customers through Exchange Online, Yammer, and Microsoft Teams. Etihad is also using Enterprise Mobility Suite (EMS) and especially InTune to secure access from mobile devices and provide the flexibility to be connected from anywhere, any device, at any time. “Etihad’s adoption of Office 365 to boost collaboration is the perfect illustration of the power of digital transformation to engage, empower, optimise and reinvent,” said Sayed Hashish, GM Microsoft UAE.
BEE’AH ADDS NEW ELECTRIC MOBILE WASTE COLLECTION UNITS Bee’ah, the Middle East’s sustainability pioneer, and Tandeef, Bee’ah’s waste collection and management division, have added Ducati electric mobile waste collection units to their existing fleet, to further enhance operations while continuously promoting Bee’ah’s sustainability agenda. Developed by Ducati Energia, part of the Italian company, Ducati Group, the one-seater vehicle is capable of handling almost 200 kilograms of weight, including the driver, and can reach a speed of 50 kilometers per hour. Charging stations for the EVs will be installed at residential areas in Sharjah. The ‘shed style’ charging stations are fully integrated in a network that connects the energy provider with the electric vehicles and comply with the highest European standards. They are also equipped with radio-frequency identification (RFID) technology, in 8
CXO INSIGHT ME
NOVEMBER 2019
addition to a remote connection linked to the central office, to monitor the fleet and its operation. The electric vehicle (EV), which is the first of its kind in the UAE, is the most recent addition to the Bee’ah’s existing line of electric vehicles. The deployment of the electric mobile waste collection units coincides with Bee’ah’s strategy to make its entire fleet environmentally friendly and to enhance the company’s waste management services to ensure a sustainable environment in Sharjah
and the UAE. At present, Bee’ah has an overall fleet of 1,200 vehicles, which are controlled by a smart fleet management system that helps to optimise consumption of resources and operations. The efficiency of electric mobile waste collection units also contributes to the improvement of workplace standards and safe practices by limiting the number of employees working manually under direct sunlight. With health and wellbeing being at the heart of Tandeef’s operations, this latest addition to the fleet is another step forward for the company’s vision to improve the quality of life for all UAE residents. HE Khaled Al Huraimel, Bee’ah Group CEO, said, “Bee’ah is aiming to make its entire fleet run on clean energy over the next few years.
GLOBAL AI SUMMIT SET TO TAKE PLACE IN SAUDI ARABIA
S
audi Arabia has officially announced the Global AI Summit, a new global-level platform to promote the development of artificial intelligence (AI) and related technologies. The Global AI Summit will take place in Riyadh on 30th-31st March 2020 and will be the leading international forum to advance AI and create knowledge sharing and interchange among global AI experts. The Summit will also highlight Saudi Arabia’s ambitions to become a leader in AI technology, and drive discussions and partnerships between local and international stakeholders in the AI field. The event will be a focus for discussion on AI, its importance, applications and impact on societies, economies and politics.
The Global AI Summit was announced on the sidelines of the Foreign Investment Initiative (FII 2019) during a talk given by HE Dr. Abdullah Bin Sharaf Alghamdi, President of Saudi Data and Artificial Intelligence Authority (SDAIA). Dr. Abdullah said, “The Global AI Summit will become an international platform to discuss changes in the industry and to understand how AI technology can be utilised for the benefit of all.” The Saudi Data and Artificial intelligence Authority was established by Royal decree in August 2019, to become the main government entity to facilitate and enable the adoption of AI in the Kingdom, particularly in relation to achieving the Vision 2030 goals. The Summit will include a full program
of keynote sessions from thought leaders in the field of AI and related disciplines, along with plenary sessions and breakouts to create the world’s most active forum for discussion and interaction around AI. The focus will be on enabling a global conversation, and creating dialogue centered on the adoption of AI and how participating countries and enterprises can become leaders in deploying AI in practical applications in key vertical sectors and innovative new deployments. The event also aims to drive knowledge exchange and create new partnerships between companies, academic institutions and innovators in artificial intelligence. The Summit will be complemented by an exhibition and AI Experience Zone that will allow attendees to experience AI in action and explore different deployments and use cases for the technology.
NOVEMBER 2019
CXO INSIGHT ME
9
VIEWPOINT
BUILT TO PROTECT HAIDER PASHA, CHIEF SECURITY OFFICER FOR EMERGING MARKETS AT PALO ALTO NETWORKS, ON HOW TO BUILD NEXT GENERATION SOCS.
F
or organisations that have already built an effective security operations center (SOC) and have been running it for several years, the question is: How can you get even greater value and improve your return on investment? As cyber threats grow, SOCs are becoming ever more resource hungry. Finding highly-trained security analysts is getting tricky with a shortage of qualified staff. Meanwhile, attackers are growing ever more sophisticated. For organisations, this means they must turn to automation to improve the performance of their SOCs.
10
CXO INSIGHT ME
NOVEMBER 2019
Start the Automation Journey In traditional SOCs, analysts spend way too much time dealing with known threats and too little time hunting down new threats and fending off targeted attacks. With some smart automation to take care of the repetitive tasks, SOC analysts can free up time to work on the more fruitful, intelligence–led side of cybersecurity. There are three levels of threats that SOCs typically address. The easiest are the known threats such as malware, worms and viruses that may have been around for years. These can be dealt with easily by the SOC as there are plenty of tried and tested patches to fend them off.
Then come the slightly more challenging malware and zero-day attacks which are becoming more frequent. The SOC can resolve these without too much difficulty by following best practice guidelines. At the other of the spectrum are the most sophisticated threats. These are targeted attacks where a determined criminal group or even a nation state is prepared to patiently coordinate an attack on an organization over several weeks or months. These targeted attacks are where most of the focus needs to be for the SOC. But in the traditional SOC setting, security analysts fail to differentiate between these different types of attacks. They tend to spend too much time dealing with the former and not enough on the latter. SOC analysts deal with threats by following the processes laid out in a playbook which tells them about the steps they must take to neutralise an attack. This can become quite
in processing high volumes of threat intelligence from automated prevention capabilities such as firewalls and endpoint protection programs. Sometimes organizations turn off these capabilities as they can slow down their networks. But this can leave them exposed to threats. Each program interferes with the smooth running of the network. If all the programs are running at once, this can seriously slow down operations. Switching them off speeds up the network. But when these prevention programs are up and running, an even greater headache ensues. They produce reams of threat data from across the network which needs analysing manually. SOCs can quickly become overwhelmed by the sheer volume of alerts they process. The knee-jerk reaction of most companies is to keep on adding more analysts to the SOC to deal with the growing number of alerts. However, a more effective way to deal with this data overload is to integrate all those prevention programs together so they feed data into a central dashboard. This mechanical. They go through the same four or five steps without differentiating between unsophisticated and serious attacks. A targeted attack often occurs in multiple stages. It might start with a spear phishing expedition – sending emails from a known address to trick a user into clicking on a link and downloading malware. These emails are used to gain access to a network to do initial reconnaissance before a sustained attack takes place. A SOC analyst typically follows the same playbook rules for addressing this as with less sophisticated attacks. They need to automate the easy stuff and spend more time on the challenging tasks of dealing with targeted attacks and threat hunting.
When in Doubt, Use the SOC Playbook One reason that SOCs struggle to differentiate between different types of attack is because of the difficulty
will centrally sort the threats into those which are easily handled – and can be dealt with by automated systems – and those that need human intervention. You may be wondering about the best way to automate away low-level threats. This can be accomplished by taking the processes laid out in the SOC playbook. For instance, if a cyber threat is discovered targeting a bank, a security vendor will typically send out an alert warning to similar sized banks. On receiving the alert, their SOC analysts will search through their network to find files with similar characteristics to the threat. If they find one, they resolve it, probably with a patch.
Free Up Your SOC Analysts But with a next generation SOC, this threat intelligence is automated. A vendor discovering a possible threat sends the information to the client company’s SOC. The next generation SOC automatically scans the company’s computer network to see if the offending file has entered the system. If it identifies an infection with the file, it takes that device off the network, notifies the SOC analyst, and opens a ticket to deal with that threat. This should all happen within seconds of discovering the threat, rather than the hours it takes a traditional SOC to achieve this. Automation of playbooks is straightforward – and key to creating a next generation SOC. It allows machines to take over laborious manual processes. The next-generation SOC analyst should be freed from low-level work to focus on monitoring threats before they arise and identifying and dealing with targeted attacks. If you think the cost of running the SOC is increasing without a corresponding boost to security protection, ask your CISO how the SOC can be automated to increase its effectiveness. Offer your support in building a next-generation SOC which takes automation and cyber protection to the next level. Then you’ll really get your money’s worth for your organization.
NOVEMBER 2019
CXO INSIGHT ME
11
COVER STORY
FINDING THE
RIGHT MIX AL NABOODAH GROUP ENTERPRISES ROLLED OUT A PRIVATE CLOUD TO ACHIEVE SPEED AND AGILITY. THE GROUP CIO MARIO FOSTER TELLS US HOW HE TRANSFORMED IT IN HIS QUEST TO CONTRIBUTE TO THE BUSINESS GROWTH.
12
CXO INSIGHT ME
NOVEMBER 2019
Do you have a digital transformation strategy, and how do you define it? e have two main groups within Al Naboodah Group Enterprises – commercial and construction. Our digital strategy is centred around the commercial business. What DX means to me is making business processes smoother, delivering our services to customers through multiple channels, and changing the way we do business. At the end of the day, digital transformation is about utilising technology for the benefit of the business. For instance, when I talk about RPA, it will add value to the business and improve operational efficiencies, and at the same time, make it easier for our customers to do business with us.
W
What is the primary driver of your cloud strategy? Efficiency. Removing unnecessary steps in order to streamline IT processes will lead to increased IT productivity, which, in turn, will help us cater to user requirements faster. We are indirectly increasing business efficiency and supporting business growth by improving employee productivity. By doing so, we will enhance the customer experience by fulfilling the customer’s needs faster. What are your priorities when it comes to public and private clouds? In our case, we implemented a private cloud solution from Nutanix three years ago, when we made a five-year IT hardware investment in the form of a new top-of-the-line data centre. When we evaluated the options and did a comparison between private and public clouds, latency and cost were an issue with the latter, which is why we decided to go with a private cloud solution. Even though our priority is the private cloud, we do have a few SaaS solutions running on the public cloud. We use Oracle Hyperion for the
whole group’s consolidated financial reporting, budgeting, and forecasting. Likewise, the CDK dealer management system for our HarleyDavidson business in Sharjah and the Northern Emirates. We also have a cloud ERP for our Vietnam business hosted on Microsoft Azure. We chose the public cloud for these areas mainly because we don’t have in-house technical expertise, and it made more sense to have those services delivered to our business in a SaaS format. Our DRaaS is another example of public cloud utilisation. Going forward, we are planning to move more workloads into the public environment, but we will take baby steps first because we have already invested in a private cloud infrastructure from Nutanix and it is doing a great job. Do you feel more confident about the public cloud now that we have some of the mega cloud providers such as AWS and Microsoft set up locally? Absolutely, especially with the latest additions of the two Microsoft cloud data centres in the UAE and AWS in Bahrain, which in my opinion, will be a game-changer for the region. Many organisations were either hesitant to move to the public cloud due to internet connectivity latency issues for some of the latency-sensitive applications, or they had some local regulations preventing them from doing so. However, now they don’t face some of those hurdles anymore.
THE MOST COMMON AND SAFEST MODEL HAS PROVEN TO BE THE HYBRID CLOUD MODEL, SIMILAR TO THE APPROACH WE ARE TAKING. BEFORE DECIDING TO MOVE TO THE CLOUD, COMPANIES MUST ALSO TAKE INTO CONSIDERATION THE REFRESHMENT TIME FOR THEIR HARDWARE.
Does the move to the cloud have to be a huge transformation? Is it a good idea to start with a single project and become comfortable? In my opinion, there is no single solution that fits all organisations, and there are many factors to be taken into consideration. You need to ask the following questions: Have you made a recent investment in an on-prem data centre? Is your business only local, or across the region and the world? Do you have capable IT team members who are prepared and knowledgeable enough to administer your IT setup on the cloud? Are you a startup or an established large company? The most common and safest model has proven to be the hybrid cloud model, similar to the approach we are taking. Before deciding to move to the cloud, companies must also take into consideration the refreshment time for their hardware. For example, we have made a five-year upfront investment in our private cloud Date Centre, so it doesn’t make any sense financially and operationally to move our IT environment to the public cloud at this time. We will wait until the next hardware refreshment cycle and then evaluate our options. You have to keep in mind that moving to the public cloud can be a more expensive proposition in many scenarios, and even the cloud vendors know this fact. How do you prepare for cultural resistance and manage expectations? The end-users do not care whether they are receiving services from the public cloud, private cloud, or an on-premise set up. It doesn’t matter to them as long as services and applications are delivered with high quality and availability, and are accessible through different mobile platforms. If your public cloud provider can offer all of that, I don’t believe that there will be any major cultural resistance. The resistance might sometimes actually come when you have downtime from your public cloud provider, and the challenge would be
SEPTEMBER AUGUST 2019
CXO INSIGHT ME
13
COVER STORY
I SEE THE CULTURAL CHALLENGE COMING MORE FROM WITHIN THE IT TEAMS THEMSELVES, WHERE THE ROLES AND RESPONSIBILITIES CHANGE A LOT WHEN MOVING FROM A TYPICAL ON-PREMISE DC SETUP TO A PUBLIC CLOUD. HOWEVER, THIS CAN BE EASIER IF YOU GRADUALLY MOVE TO THE PUBLIC CLOUD, AND ORGANISATIONS WILL ALWAYS STILL HAVE SOME APPLICATIONS KEPT ONPREMISE. THIS IS AT LEAST WHAT I HAVE HEARD FROM MANY REGIONAL CIOS. Are you using container technology and microservices? We are using microservices as part of our mobile apps development and integration requirements. As for container technology, we are not using it at the moment, but our private cloud system from Nutanix supports it, and we might be exploring it sometime next year.
to explain to your employees that IT team cannot do much in this case as it depends entirely on the public cloud service provider. One other key challenge that must be made clear to all employees from day one is the fact that even though the public cloud has many advantages to businesses, there are many limitations as well. For example, the public cloud offers limited options when it comes to application customisation, and users have limited control over version upgrade timing. You may also face uncontrolled regular preventive maintenance downtime 14
CXO INSIGHT ME
NOVEMBER 2019
that is not planned as per your business schedule, and sometimes, SLAs from the cloud provider would be inferior to what the business’s internal IT team used to offer. I see the cultural challenge coming more from within the IT teams themselves, where the roles and responsibilities change a lot when moving from a typical on-premise DC setup to a public cloud. However, this can be easier if you gradually move to the public cloud, and organisations will always still have some applications kept on-premise. This is at least what I have heard from many regional CIOs.
Are there any lessons you have learned that could be shared with your peers? Spend more time evaluating new technologies rather than just quickly following what others are doing; what fits one organisation perfectly might not fit yours at all. Only pick what adds real value to your business. Read between the lines and review public Cloud agreements very carefully. Experience tells me that the devil is in the small details, especially the part related to scaling down conditions. If you do decide to move to the public cloud, never move in a ‘one big bang’ approach, and keep in mind that returning to the on-premise model, for whatever reason, will not be an easy option.
CASE STUDY
A SMARTER APPROACH
WITH A CLOUD-FIRST STRATEGY, RDK GROUP’S CIO HAS STREAMLINED BUSINESS PROCESSES IN A SHORT SPAN OF TIME TO DELIVER SPEED AND AGILITY IN ADDITION TO MASSIVE COST SAVINGS IN OPERATIONS.
A
bu Dhabi-based RDK Group is a diversified business group with interests in real estate, construction, facilities management, hospitality, and engineering. When Mohammad Shahzad took charge as the CIO of the group, his
16
CXO INSIGHT ME
NOVEMBER 2019
mandate from senior management was clear: implement an IT system to streamline and automate all key business processes. However, the challenge was a daunting one; he had to build it from the group up on a war footing. “The group made many unsuccessful attempts previous to implement an
IT architecture. When I was promoted as the CIO from one of the group companies, there was no system in place, and everything was done manually. As a result, the business was suffering from operational inefficiencies. For example, we had no ERP or a real estate management system, which meant there was no real-time data available to see purchase trends or to track inventory. Likewise, different departments kept their own set of data, and the accounting system was being utilized only partially. This led to losses in terms of time and money,” says Shahzad. Picking up the gauntlet, Shahzad got to work by meeting different business unit leaders and formulated a blueprint to bring the group companies to an integrated system with automated processes. “We created an RFP and invited different vendors to see the right fit for us. After evaluating different offerings, we zeroed in on an integrated solution in the cloud because there was no time to implement anything on-premises. We have now adopted a cloud-first strategy across all group companies.” The first to move to the cloud was communications systems in the form of Microsoft Office 365, which allows employees to communicate and collaborate quickly. “After this, we adopted a cloud ERP system, which we rolled out in a record time of eight months. This helped us to speed up
Mohammad Shahzad, RDK Group’s CIO
time to market and optimize costs,” The cloud ERP solution deployed at the RDK group is from Focus Softnet. It encompasses all business modules related to real estate and facilities management, including finance, HR, sales, inventory, procurement, Document Management System (DMS), and legal. Following this, RDK’s IT team connected the ERP system to a mobile application, enabling real-time data entry by field personnel, resulting in the elimination of paperwork and human errors. “As a result of this implementation, we have been able to reduce monthly financial closing from 20 days to three days and payroll from 15 days to two days. Also, we have implemented a central data warehouse with a single source of truth so that everyone in our organisation uses the same data to make business decisions. I’d say the biggest benefit is that our employees have become more productive now, leading to customer satisfaction.” He says there were other tangible benefits as well, such as increased revenue. “We now know in real-time, which of our properties are vacant, and
WE NOW KNOW IN REALTIME, WHICH OF OUR PROPERTIES ARE VACANT, AND THIS ANALYTICAL DATA IS PRESENTED THROUGH MANAGEMENT DASHBOARDS. EARLIER, THERE WAS NO INTEGRATION BETWEEN OPERATIONS AND FINANCIALS. WE HAVE AN EFFECTIVE REVENUE COLLECTION TRACKING AND MONITORING IN PLACE BY RECONCILING EXPECTED INCOME VS. PENDING DUES. ALSO, WE HAVE BEEN ABLE TO REDUCE THE WHOLE PROCUREMENT PROCESS LEAD TIME FROM 20 DAYS TO FIVE DAYS, WHICH IS DONE THROUGH THE SYSTEM, ELIMINATING MANUAL PROCESS.
this analytical data is presented through management dashboards. Earlier, there was no integration between operations and financials. We have an effective revenue collection tracking and monitoring in place by reconciling expected income vs. pending dues. Also, we have been able to reduce the whole procurement process lead time from 20 days to five days, which is done through the system, eliminating manual process.” The decision to adopt the cloud has saved RDK close to half a million dirhams in costs. Apart from the time factor, Shahzad says one of the reasons to go down the cloud route was the distributed nature of the company’s workforce. Similarly, in the hospitality vertical, RDK has deployed a best-in-class system encompassing Oracle’s Opera property management system and Infor on the cloud in less than three months to enhance the guest experience. “This has increased efficiency and productivity of our front-end and back-office employees by streamlining sales, purchase, F&B management, and reservation systems. It also increased guest happiness scope by 40 percent and reduced overall operational costs by 30 percent,” says Shahzad. Currently, Shahzad’s team is in the middle of a centralisation and consolidation drive to dovetail key business applications of four hotels owned by the group, including finance, reservation, F&B, and HR systems, which is expected to reduce costs by 35% and increase collaboration. Going forward, Shahzad is exploring the potential of new technologies such as AI, blockchain, and IoT. “We see IoT especially has many use cases when it comes to energy consumption and building management. It would help us to be optimal and be environmentally friendly. On the blockchain front, we have also partnered with Darico to tokenise our real estate business and offer crypto mortgages to buyers so that they can make monthly payments through virtual currencies.”
NOVEMBER 2019
CXO INSIGHT ME
17
FEATURE
MASTERING THE ART OF
AUTOMATION IT AUTOMATION PROMISES DECISIVE COMPETITIVE ADVANTAGE TO ORGANISATIONS. HOWEVER, REALIZING ITS BENEFITS REQUIRES MORE THAN TECHNOLOGY AND TOOLS.
T Mahmoud El Kordy
18
CXO INSIGHT ME
NOVEMBER 2019
he purported goal of automation is linking different systems with the use of software to drive the complexity out of IT environments and create self-governing and self-healing processes and tasks. It replaces manual work and has become a necessity for speed and consistency with the rise of cloud services and virtualised data centres. From DevOps to RPA, automation encompasses a large category of technologies, and if implemented currently, enterprises can save money and time, ultimately
resulting in a big improvement in operational efficiencies For CIOs looking to automate processes and systems, it is important to have a well-defined strategy in place and avoid some of the common mistakes to reap its dividends. “There are several drivers for IT automation on any CIO agenda, which include cost reduction, better utilization of assets and improved performance, agility, and scalability through orchestration,” says Mahmoud El Kordy, Business Unit Executive - Middle East and Pakistan, IBM Systems. A welllaid automation strategy should address
these imperatives, and every CIO should prioritize these goals as they directly affect the overall IT operations and, in turn, business processes. A successful automation strategy must cover its purpose of cost reduction through better utilization of skills, platforms and processes.” According to Paulo Pereira, director of systems engineering at Nutani, the most effective strategy for scaling DevOps and automation should focus on structural solutions that build a community of automation on low and high levels in the organization. In a large organization, each team can start to automate processes internally. For example, VM creation can be automated as a starting point within the server team. Security teams can automate security policy deployment. So as a next step when automating the endto-end process (creation of VM and applying security policy), the individual processes are ready and make the integration very easy between the system admin and security. “Another key point to successful automation is to understand the target process, streamline this process, and
then automate it. It’s very important to deep dive into each process, look at the workflows and the impacted teams and groups by this process. This reduces the risk of failure. Applying the suitable technology is important, but the technology alone is not enough without the process understanding to build reliable automation,” he adds. Offering another perspective, Fadi Kanafani, Middle East managing director and GM of NetApp, says, “As organisations continue to virtualize and create private and hybrid cloud environments, they are turning to automation and integrated management solutions to help them manage their growing, changing, and evolving environments. Current trends show that managing data growth and data center modernization (updates to create highly virtualized and automated facilities) are top priorities for many CIOs today. Having a strategy in place will let organizations get started on the path to operational efficiency by automating common, repeatable storage processes with consistent best practices and processes.” The industry pundits say ‘a big bang’ approach to IT automation may lead to disappointing results and advice CIOs to look for specific use cases before reaching a critical mass.
Adam Bujak, Global Head of the Intelligent Automation Offer, Capgemini, says it’s important to understand the three levels of automation that can be implemented across your organization. It includes the automation of business processes such as finance, HR, and supply chain with the aid of RPA and AI; IT service automation, which typically means automating access management or software distribution; and IT task automation to maintain daily operations. He adds: “Another important factor is to understand how the plethora of automation technologies can process unstructured data with the help of building blocks from the field of artificial intelligence (AI), to untap even greater potential and value, especially when conventional automation of this kind of data reaches its limits. “As machine learning and AI continue to find their way into IT service management on a large scale, IT organisations are now increasingly becoming business partners for the design of operational processes in digitalized enterprises. However, this increasingly requires the use of new technologies and close interaction with business departments.” Implementing automation without a strategy for change management
Paulo Pereira
Fadi Kanafani
NOVEMBER 2019
CXO INSIGHT ME
19
FEATURE
and understanding of its impact on the workplace can also backfire. “A strong understanding of the existing system and progressive design are critical to every organisation’s IT automation journey to achieve its strategy. This design leads to various stages of the journey, including implementation, migration, process and performance optimisation and testing before the final mission is accomplished. A strong change management process is a critical fuel in this journey to ensure the right level
Adam Bujak
20
CXO INSIGHT ME
NOVEMBER 2019
of understanding of the existing IT landscape,” says El Kordy. Pereira from Nutanix says having a strong change management strategy in place is very important for regulatory and compliance requirements, especially in the financial and healthcare sectors. However, change management can be a double-edged sword in automation, causing very complex and bureaucratic workflows, and usually implementing these control requirements are beyond the influence of leadership and practitioners within an organisation. “While we agree that no individual should have end-to-end control over a process, but a lightweight and secure framework should be implemented to avoid stalling automation workflows. A very important aspect of automation and DevOps is knowledge and information flow between teams, instead of just focusing on the control. It’s important to have continuous feedback and metrics flowing across the different teams to identify issues early in the cycle,” he adds. What are some of the other common IT automation mistakes to avoid? Automation is a journey that needs to be aligned with the business, says Bujak from Capgemini. “Build your internal automation and AI capabilities to evolve, leverage scale, and increase IT business
value. Don’t be tempted by quick wins through deploying automation in siloed units that are fragmented and difficult to scale. Always start as an enterprise rollout. Experience and added value representations can be tested over a MVP or prototype. Consider automation as an operational asset – business stakeholders and support from IT, subject matter experts, and IT process efficiency experts are important.” El Kordy from IBM says companies need an overarching, clearly defined strategy before embarking on the IT automation journey. “Every business has tasks that range from the simple and repetitive to the complex and unique, and you can usefully apply automation in virtually all types of work. A common mistake is to miss the holistic view and not have an end to end automation strategy. Automation is one of the foundation layers for digital transformation. If Infrastructure and management platform are not selected with the full picture in mind it may result in undesirable results.” Selecting the right IT partner is another essential factor in successfully deploying IT automation. A partner that can envisage, advise, and provide end to end solutions will ensure the deployment of a successful automation project, he sums up.
INTERVIEW
A DIFFERENT LEAGUE JORGE DINARES, PRESIDENT OF INTERNATIONAL SALES AT MICRO FOCUS ON WHY COMPANIES NEED TO RE-EVALUATE THEIR TECHNOLOGY STRATEGIES TO DRIVE CUSTOMER EXPERIENCE IN THE DIGITAL AGE. It’s been more than two years since you have launched operations here under the Micro Focus brand. Are you happy with the business growth in this region? e are very happy with the progress we have made in emerging markets, especially here in the UAE. I have met many regional customers who are interested to know what is next, our roadmap and where we are going to invest more. We have had the opportunity to launch our RPA solution and demonstrate it at our annual customer event here, which generated a great deal of interest.
W
How are you helping your customers to accelerate their digital transformation initiatives? Let me tell you how we see it – today, technology is enabling new business models in many industries. We have seen what happened with Uber, Airbnb, and we will see many more of those digital businesses coming up. All the companies are under pressure to rethink their current business models, and the only way they can do that is to understand how to use technology to do things differently. You have to be more efficient and move closer to the customer to deliver new services and a great user experience. That is the real context of digital transformation, and it might be easier for startups to do that. However, 99 percent of the companies competing in the market today have been around for many years, and they are operating legacy technologies. How can you help those companies manage that and at the same time, and give them capabilities 22
CXO INSIGHT ME
NOVEMBER 2019
to integrate new technologies and applications to enable a new paradigm in business? That is where we play very well. We have developed expertise in helping customers to integrate new technologies into their current environments without having to throw away anything. We help them drive maximum mileage out of the assets they already have because they can’t afford to rip and replace everything. How do you help customers maintain their legacy systems and yet adopt all new technologies? I will give you an example of our customers who use mainframe, and 95 percent of the banks today still use these systems to process the kind of volume they have. Some of them want to decommission those applications and move to a different environment. We help them move to distributed systems or cloud environments and in the process, deliver savings in the range of 70-80 percent in terms of operational maintenance. They can use these
savings to fund innovation, and we are working with mega cloud providers such as AWS and Microsoft Azure for this. And if some customers want to continue to use mainframe systems and modernize application delivery, we offer them tools to implement Agile and DevOps. When it comes to hybrid IT, we have many customers who want to create an environment for managing all their applications, regardless of where they are – be it on-premise, public cloud, or hybrid cloud. They want to move their workloads to the cloud and roll it back if they are not happy with the performance without any hiccups. We have a framework of solutions that allows our customers to do that. For us, digital transformation is a journey, not a destination. Are you leveraging AI and ML within your product portfolio? We have four pillars of business – DevOps, hybrid IT management, security, and predictive analytics. Within advanced analytics space, we have a product called Vertica, which leverages AI and ML, and companies such as Uber are using it. This used to be a separate business unit, and a couple of years ago, we integrated this technology into all our key product lines so that users have more capabilities to take advantage of Big Data and ML. Do you support containerisation and microservices? We have already implemented container technologies such as Docker and Kubernetes in most of our products in the IT management and security space, which allows our customers to build and manage applications independent of the environment. We are planning to extend it to all of our products. How about SecOps? We have one of the most comprehensive DevOps portfolios in the market, and we are integrating security. For end-users, a big area of focus is around application security. They want to secure all of their applications wherever they are deployed, but not a lot of effort has been made in that direction.
VIEWPOINT
3 WAYS TO HARNESS AI ACROSS FIELD SERVICES MANAGEMENT THROUGH DIGITAL TRANSFORMATION, AI CAN HELP UNLOCK EFFICIENCY GAINS ACROSS THE MIDDLE EAST’S FIELD SERVICES MANAGEMENT INDUSTRY, SAYS MEHMOOD KHAN, MANAGING DIRECTOR AND VICEPRESIDENT FOR THE MIDDLE EAST AND SOUTH ASIA AT IFS
When a piece of equipment breaks down, it can take days or weeks to get it fixed, whether because of diagnostic issues, insufficient resources or time-consuming processes. The situation is compounded in the case of far-flung operations, as in the case of an oil rig off the coast of Abu Dhabi or at a telecommunications tower in the remote Saudi desert. But what if the equipment in question was able to flag up a malfunction and trigger a preventive maintenance alert several days before a system failure forced a halt in production? What if it even requested for a technician’s visit, and then queued up an invoice for payment? Beyond that, a little further into the near future, a next-generation system may even be able to automatically plug into a larger network, where it interfaces with human technicians, and as well as a fully automated call centre, self-driving cars, and drone deliveries of parts. This level of automation is the promise of artificial intelligence (AI) in field services management and can be realized through digital transformation, as the GCC’s political and business leaders have already realised. The region’s economies are already moving towards AI and advanced technologies, with an estimated impact of $320 billion by 2030. Indeed, much of the technology is already available, and in some cases, is already being put to work. As such, the impact of AI is already being felt in field services management here and around the world. At present, 24
CXO INSIGHT ME
NOVEMBER 2019
easier and harder than you think. Here are three recommendations to help you get started on the process:
Centralise, connect and future-proof your FSM system This is a necessity for all service firms, wherever they operate. FSM is not meant to be a bolt-on to a CRM. Field service operations are far too complex to cut corners. Your field service management system needs to be the coordinating factor of all touchpoints within your system. Beyond this, it needs to be calibrated to accept whatever the next new technology is, whether it’s a new module built off the system itself or a separate system that integrates with your FSM platform. Smart organisations are taking a cloudfirst approach here, allowing for constant updates and easy integration.
Allow data to flow freely We can talk ad nauseam about the importance of a solid data science team that cleanses and distributes data insights throughout the business, but more important than that, even, is simply ensuring that data is written in a common language and freely accessible, so that, for instance, if work order history needs to be pulled into an AI system connected to routing management, that it can be done quickly and easily.
Invest in the hardware today AI use cases are making their way into a variety of software solutions, augmenting automation and helping to improve service outcomes. However, they remain disconnected from one another. True digital transformation through AI will leverage machine learning across all processes within an organization, automating systems and making repetitive tasks a distant memory, allowing managers, technicians, and dispatchers to focus on customer engagement and the nuanced complexities best suited to humans’ skill sets. But how do the Middle East’s field services companies get to that everything-is-automated stage? Unlocking those efficiency gains is both
The Internet of Things (IoT) will ultimately be the key to successful utilization of many AI systems. In manufacturing, this is an easy sell, but what about HVAC repair, telco, home services, and other systems that, as of today, might not yet be calibrated for IoT? The short answer is, even if you don’t think the technology is there, it is, and if it’s not, it will be in the next five years. It’s imperative that forward-thinking companies stay on top of these advancements as they become available and invest smartly. When AI becomes standard practice, everyone’s going to be sprinting for your customers. If you want to run with them, you have to start by building the road. In AI-focused economies such as the UAE and Saudi Arabia, that’s even more important.
EXPLORING TECHNOLOGY TRENDS TO SHAPE 2020 CHRISTIAN REILLY, VICE PRESIDENT AND CHIEF TECHNOLOGY OFFICER, CITRIX, DISCUSSES TECHNOLOGY TRENDS THAT WILL DOMINATE 2020.
2019 has been an incredible year for technology, we’ve seen an explosion of Software-as-a-Service (SaaS), artificial intelligence, augmented reality, new social platforms and brand-new business models that have changed the face of economies across the globe. Below are the trends that I believe will keep moving into 2020.
Evolution of the CIO Firstly, we’ll see the evolution of the CIO role. For many years, we’ve had CIOs that operated in control of the ‘Department of No’. The new CIO will wear the hat of an innovation officer, much more than an information officer. They will be a change agent at the very core, helping to remove those existing final barriers between IT and the business. They will focus primarily on the ‘why’ of technology, rather than getting bogged down in the ‘how’.
People-centric computing In 2020, our focus will shift towards people-centric computing. This long sought-after balance between user demand and the needs of IT will finally be met by delivering an adaptive workspace, one that learns deeply how an individual prefers to work. One that is productive in nature, and is contextual by delivering the right tools, information, and applications, and drives high levels of productivity. The people-centric computing approach will get technology out of the way, and focus on how an individual wants to work and adapt to that individual throughout the lifecycle of their employment.
Everything-as-a-Service (EaaS) At Citrix, we’ve seen an increase in adoption of SaaS technologies to replace existing on-premises applications. Yet
paradoxically, we see lots of applications still being developed by in-house teams, but in a much different way. The monolithic architectures of applications are a thing of the past, given way to micro-service applications. These of course require brand new development approaches and approaches to operations. The big cloud vendors are slowly creeping into the corporate data center, bringing the promises of delivering “everything as a service” for the new world that we’re rapidly entering.
Hybrid cloud In 2020, we’ll finally concede that hybrid cloud will be the predominant mode going forward. For a decade or more, we’ve argued about public versus private cloud. And while it’s mildly interesting for a Twitter debate, it’s kind of pointless. Because what experience tells us, is that we deploy the right tools to the right cloud at the right time and for the right reasons. The reality is that hybrid cloud, probably even in your own organisations, is the model today. Not every hybrid cloud requires low level network connectivity, or VPN connectivity between multiple points. Every time you acquire a new SaaS application, you’re adding another cloud to your environment. The world is by definition, hybrid cloud.
The end of digital transformation
Employee experience
This year, digital transformation has been all the rage. But businesses can be in a state of digital transformation for years and never get anywhere. It’s time to separate the reality from the hype. We’ve all heard how the promise of digital transformation will change user experience across the globe. Yet, when we engage with our customers it’s very rare that we hear a story about how technology will enable their new business models in the next three to five years. Many enterprises that are stuck with legacy technologies and are piling on more technology for the sake of it without thinking about how that’s affecting emerging business models, are doomed to fail.
In the recent past, many organisations have spent a considerable amount of financial and human resource focusing on the customer experience. Building digital platforms to engage customers and using those digital platforms to retain customers to improve your customer Net Promoter Score. And yet in 2020, we’re going to see a shift away from the customer experience, and much more focus on the employee experience. In some customer conversations Citrix has had globally, it’s very interesting that they’ve said – “Hey, you know, we’ve created this world where our customers now have a much better experience than our own employees.”
NOVEMBER 2019
CXO INSIGHT ME
25
INTERVIEW
REIMAGINING ERP ANDREW KINDER, VP – INDUSTRY AND SOLUTION STRATEGY AND PHIL LEWIS, VP – SOLUTION CONSULTING AT INFOR ON AGILE METHODS AND CLOUD ERP.
Can you take us through some of the major announcements you have made your annual user conference this year? Kinder: One of the overarching themes was around how can we help our customers be more successful in terms of delivering value from the massive investments Infor has made in the past few years. And what we are doing to assist our customers and individuals to be more productive. When I am talking of productivity, it’s not in the traditional way of human productivity, but how productive are we in the use of people, resources, water, energy, and assets. So, one of the big focus areas for us is how to leverage technology to be productive around supply chain, assets, and people. Why should enterprises embrace agile methodology for ERP implementation? Kinder: The agile approach is really about two things. We have to break it down into the product side and services and deployment side. On the product side, we have been working towards agile ERP for many years. If you believe in post-modern ERP, which is what we subscribe to, it means that you are no longer looking at enterprise-wide ERPs that are locked in. We have been practicing breaking that up using API services and making them more interoperable. I think if you are going to have conversations around agile ERP, you have to talk about the cloud, and you have to have those capabilities around local extensibility so that you can build up last-mile functionalities into your applications. And we have been placing our investments in that area for some time now. From a product perspective, we are very well positioned to service agile ERP. 26
CXO INSIGHT ME
NOVEMBER 2019
Now what we have announced at Inforum this year is how do you take that to the next level around deployment. If you think about how ERP systems have normally been implemented, it’s about one to twoyear cycles, and lots of process reengineering and mapping with a big bang at the end. The challenge with that is it tends to be locked, and it is disruptive to business. At Inforum, we have announced our methodology for agile ERP, which focuses on multiple short sprints – get live very quickly, use the implementation accelerators, and then you can evolve from there.
left behind. They have implemented an on-premise ERP, brought in a system integrator to modify applications to make it work for their industry. Then they are stuck on the particular version. And the thought of upgrading to the latest version becomes a high-risk proposition for CIOs. But, when you take that to the cloud and apply the same scenario, by extending applications, it doesn’t take you down the upgrade path. So it gives customers in the cloud a lot more flexibility in terms of how they map out their future applications strategy. Infor is delivering new functionalities, innovations, and capabilities to our cloud customers every month. These customers can advantage of new capabilities without any impact on their businesses, and they are always on the latest version.
What is driving cloud ERP adoption? Lewis: There are several reasons. Many organisations are fed up with being
INFOR IS DELIVERING NEW FUNCTIONALITIES, INNOVATIONS, AND CAPABILITIES TO OUR CLOUD CUSTOMERS EVERY MONTH.
ONE OF THE BIG FOCUS AREAS FOR US IS HOW TO LEVERAGE TECHNOLOGY TO BE PRODUCTIVE AROUND SUPPLY CHAIN, ASSETS, AND PEOPLE.
Is customisation possible when you move ERP to the cloud? Lewis: It certainly is, and we don’t necessarily call it customisation anymore. One of the areas Infor has invested heavily in is our technology platform called Infor OS. You need to think of it more as a digital platform than a technology platform. Built into this platform are all sorts of cutting edge capabilities such as artificial intelligence, machine learning, big data analytics as well as platform as a service. We have a tool in there, which enables us to build new functionalities without changing the source code or modifying applications. So our customers still get the same flexibility they always had in terms of being able to shape the applications to meet their specific requirements. What it means is that they are not stuck on one version, and they are in the cloud with the ability to extend applications as they see fit.
KEEPING YOUR DATA SECURE ON THE CLOUD WHO IS RESPONSIBILITY FOR SECURITY IN THE PUBLIC CLOUD? IN THIS INTERVIEW, STEVE RILEY, RESEARCH DIRECTOR AT GARTNER, TALKS ABOUT WHAT CUSTOMERS MUST DO TO PROTECT THEIR SENSITIVE INFORMATION IN THE PUBLIC CLOUD ENVIRONMENT.
Isn’t the public cloud inherently more secure? It can be. However, just because you take an application that was in your data centre and put it into the public cloud doesn’t mean that it will automatically be secure. In fact, it is easier to be insecure in the cloud if you don’t know what you are doing. Nevertheless, if you do know what you are doing, the cloud can be a much more secure starting point than an on-premise environment. Think about what the IT stack looks like – there are many layers like physical networks, servers, host operating systems, hypervisors, middleware, applications, data, and users. If you own all of that, as you do, if you operate a data centre, you have to secure every bit of it. Now, instead, if you use a public cloud service provider, it becomes their responsibility to secure everything from hypervisor and downward. The business models for cloud reward high levels of service provider rigor to get that stuff right, so that users can concentrate on upper layers to differentiate themselves. Having said that, we do see a lot of cloud security failures. But, it is not the fault of the provider, and it happens because of customers failing to do something. One of the most common failures we see very often has to do with access controls and permissions. In the old days, when you did everything by yourself in your data centre, you operated under this philosophy supported by the tools available to purchase that security existed in the network. When you move to the cloud, you don’t have a network
anymore and shift your mindset away from a secure network of systems to a network of secure systems. In other words, you have to move away from network-based access controls to identity and role-based ones. If you think about the models – IaaS, SaaS, PaaS – you always are responsible for how you secure your data. The most important element to get right in any cloud security strategy is to start with identity and access management, and data governance strategy. If you do those two things right, you will be more secure than most other people in the cloud. Shouldn’t cloud security be a shared responsibility? For a long time, people have been using this phrase of shared responsibility. I
used it when I used to work for Amazon, and I wrote a research note about it when I joined Gartner. When you think about all the slices of IT stack, none of the individual slices are shared; it is either the provider’s responsibility or the customer’s. If I update the research note, I may change it from shared to split responsibility because nothing is really ever shared. Companies continue to transfer allimportant to the cloud. Isn’t that risky business? Gartner’s position is that clouds are secure. But, are you using them securely? That is what we need to focus on. The tier-one cloud providers have demonstrated that they are more than capable of being platforms for the safe and secure storage of workloads and data of all types. It all comes down to how you are managing and governing access. Let me give you the most common example, and it has to do with the way storage objects have an access control list on it. In the infrastructure cloud such as Amazon S3 bucket or Azure blob, when you create the object you are the only one who has access to it. What often happens is that for the sake of experience, the owner of the object will open it to the world because they don’t have time to think about how to write access control appropriately. There is a person out there named Chris Vickery, who runs a consulting firm called UpGuard, and all that he does is to run tools that look for open S3 buckets filled with sensitive information. I don’t think he is doing the world a favour but publicizing the fact that people are making mistakes. And when it comes to SaaS, the default sharing is the opposite of IaaS- it is wide open in G Suite and OneDrive, where the default settings are shared with the world. Earlier this year, I co-wrote a note titled ‘ open shares are your biggest cloud security problem.’ The customer failures that we see often are because of misconfigured access control systems, and customers have to think about what their sharing scope should and set appropriate controls.
NOVEMBER 2019
CXO INSIGHT ME
27
VIEWPOINT
BEYOND THE
BLOCKCHAIN HYPE PHIL ZAMANI, CO-FOUNDER AND CEO AT BLOCKO, REMOVES THE VENEER OF TECHNICAL WIZARDRY AROUND THE DISTRIBUTED LEDGER TECHNOLOGY.
W
henever a significant technology emerges, such as the launch of cloud computing in 2006, we witness an overhype within the industry. The Gartner Hype Cycle maps the journey these technologies take and how they inevitably go through the peak of inflated expectations and then dip into the trough of disillusionment. This overhype is often the result of the market misunderstanding the intricacies of any new technology and the complexities of implementation and integration. As a concept, blockchain is similar to a database used to store the staggering amounts of data generated by industries around the world. However, blockchain has two distinctly unique characteristics; it is ‘shared’ rather than ‘owned’, running via a network of computers without the need for human interaction, making it more autonomous and less prone to 28
CXO INSIGHT ME
NOVEMBER 2019
being hacked, and secondly, as data cannot be tampered with or altered once entered, it can create trust where none exists, in a sprawling ecosystem of companies that have their own competing political and economic interests. It is these key differences that make blockchain an appealing solution in those industries where parties seek to share data in real-time. Blockchain can provide a level of immutability and transaction records that other technologies cannot. We are still early in the journey to adoption of blockchain, but we are already starting to see forward-thinking governments and enterprises waking up to the tremendous utility it offers and exploring how it can be integrated with existing systems to unlock organisations’ full potential. Over the last five years, approximately 5,000 projects around the globe have raised funding to solve specific problems with blockchain, yet only a small handful have managed to move beyond the
hype, beyond the proof-of-concept (POC) stage and into production and implementation. While the appetite to adopt blockchain is evident, the lack of execution know-how is stalling projects, leading many to ask if blockchain solutions are feasible or even possible. The technology blockchain offers lends itself to the digitisation of document recording and sharing, biometrics or fingerprint recognition, as companies can test the trust and interaction of the technology at the most basic level. Many of our advanced use cases started their blockchain journey two or three years ago by testing the capacity with basic customer and identity authentication, before transitioning to more complicated, hybrid system solutions. By trialing multiple iterations in various departments, companies are able to implement more enhanced blockchain solutions in the long run while minimising risk of the unknown.
Our experience has given us the opportunity to deploy and test blockchain solutions across a diverse range of sectors. In the financial services market, for example, blockchain is being adopted to solve complex issues such as remittance, a focus area for industry players. There is an increase in banks looking to digitise the identities of consumers, particularly millennials, through the use of new smart applications or credit cards, using blockchain as a way of reliably automating internal checks and verifications and, in turn, acting as the ultimate gateway for approving access to banking applications. Korean credit card company, Lotte Card, has implemented the first enterprise-scale blockchain system used for real-time financial transactions. The system utilised a relatively new hybrid (private and public) blockchain solution known as Aergo, which was built to handle large-scale applications in business. As an early adopter, the organisation was able to overcome challenges, such as slow identity authentication, lack of secure payments and delayed government biometric data acquisition, by utilising blockchain to provide fast, secure and streamlined payment features. In addition to a better user experience, Lotte Card reduced its security expenditures by 90 per cent through the adoption of blockchain. Not limited to financial enterprises, blockchain technology is innovating industries in which companies rely on sharing documents of various forms with their complicated supply chain. By digitising documents and sharing them via a blockchain, these companies are not only improving efficiencies, reducing the risk of fraud, reducing costs and standardising performance – they are also adding a critical additional layer of trust. Naturally, this also made it easier to add new stakeholders to a complex and interlinked business ecosystem, providing the added benefit of scalability as well. Hyundai Motor Group, which comprises over 54 entities, faced the challenge of different departments storing data across multiple versions of
SAP, ActiveDirectory or Oracle, making data sharing inefficient and insecure. As all files were processed manually, data was vulnerable to inevitable human errors. By applying a blockchainbased distributed file system utilising Aergo, Hyundai was able to provide authentication, verification and file encryption on one blockchain platform, ensuring the integrity of files and removing the risk of a single point failure. This was one of many use cases Hyundai Group established before deploying a blockchain-based token system to unify point systems across Hyundai Card, Hyundai Life, Hyundai Commercial and Hyundai Capital. The group can now ensure guaranteed consistent data structure with real-time syncronised data across multiple blockchains and prevent forgery. With a single unified platform tracking internal transactions across different Hyundai Group departments, Hyundai companies were able to reuse data from other stakeholders and get real-time insights when performing work that spanned across different departments. This is something that has long been a pain point for enterprise companies. While there are many successful uses cases for blockchain technology, those companies looking to adopt blockchain ignore the legal and regulatory challenges at their peril. To navigate this landscape, it is necessary to recognise the two sides of blockchain. Firstly, blockchain does not equal Bitcoin. While blockchain enables peer-to-peer transactions to be recorded throughout a network, Bitcoin is a cryptocurrency that can be exchanged directly without the involvement of banks or financial houses. Blockchain is used for the exchange of cryptocurrencies, but that is not its only application and the regulations surrounding cryptocurrencies, or lack thereof, are not applicable to blockchain for enterprises. The blockchain used for businesses does, however, come with its own set of complex hurdles, such as data governance and privacy. Questions surrounding GDPR compliance and verifying whether automatic contracts
are legally binding are prevalent . Once you have a smart contract on the blockchain, it cannot be tampered with, meaning there needs to be a higher level of auditing in place from both parties in the initial phases, as once it has been executed it cannot be intercepted. For unregulated coins such as Libra, the US governments’ approach to legislation has been to ban the use of the technology until the relevant government entities understand the intricacies and the impact it will have on the market. For governments, enterprises and companies, another set of legislation must be put in place to outline how data can be used and ultimately protected in multi-ecosystem, multi-country supply chains that are still relatively new. While this secondary legislation doesn’t currently exist, we believe that the majority of the legislations currently in place for technology, such as cloud computing, will lend themselves well to blockchain. This however, will take time, education and patience. According to a PWC Global report on blockchain, 45 per cent of respondents to its survey believed trust could delay adoption, which is the hurdle standing in the way of blockchain adoption. We approach that challenge by treating security as a three-tiered concept. Firstly, data security must be established. Secondly, how the data is handled and transferred between parties must be understood. Finally, an in-depth knowledge of operational procedures for the people managing the data must be gained. How secure each of these elements are will depend on the level of sophistication parties select when establishing the blockchain system. Security must be approached in its entirety and the client must be included and educated in the build and implementation for a robust system to be deployed with the highest levels of trust. Like any new concept, blockchain still needs time to mature and, until governments draft new legislation and implement new laws, it is the responsibility of the providers to uphold the levels of integrity needed for the industry to be fully embraced.
NOVEMBER 2019
CXO INSIGHT ME
29
ROUNDTABLE
EMBRACING THE
CLOUD JOURNEY
LAST MONTH, CXO INSIGHT ME HOSTED A CIO ROUNDTABLE DISCUSSION FOR VMWARE TO DISCUSS THE PROS AND CONS OF CLOUD COMPUTING EVERYONE SHOULD KNOW.
F
or CIOs who are planning to move their workloads to the cloud and modernise their apps, there are some key questions they must address first: Will the move to the cloud cost more or less than on-prem environments? Which are the tools they require to keep tabs on hybrid and multi-cloud environments? How can they leverage containers and Kubernetes to reshape how they deploy their enterprise applications? To help IT leaders answer some of these business questions and make critical decisions, CXO Insight ME in association with VMware organised a C-level roundtable discussion on the
30
CXO INSIGHT ME
NOVEMBER 2019
second day of Gitex in Dubai. Setting the stage for the discussion, Joe Baguley, EMEA CTO of VMware, said: “I joined VMware nine years ago, where we were a small company of 6000 people with revenues of two
billion dollars. Today, our revenues are over $10 billion, with nearly 30000 people. Around six years ago, we talked about the ability to run any application on any cloud and deliver it to any device, and ever since, we have been
executing on this strategy. One of the things that is worth highlighting is our platform called Cloud Foundation, which allows you to run virtualized compute, networking, and storage. The real value of it comes in when we get public clouds running on the same platform, giving our customers the freedom to move their workloads wherever they like. “We have been on a relentless drive to get them to adopt this operating system, and the big step was in 2016 when we announced our partnership with AWS. This was closely followed by Microsoft, IBM, Google, and most recently, Oracle. Today, we have 4200 other public clouds around the world running VMware workloads natively. The secret to VMware’s success is what we call elegant operations; it is not about technology per se but the fact that we have introduced an operations model that allows our customers to run and manage applications across multiple platforms and multiple clouds.” Baguley said a big step in the space was the acquisition of Heptio last year, a company founded by the creators of Kubernetes. “We see Kubernetes as the key to the success of both our customers and our platforms going forward. This has come to a head in August this year when we announced Project Pacific to run Kubernetes natively on the vSphere platform and also allow containers to run natively on our hypervisor.” He also highlighted some of the notable acquisitions VMware had made recently, including Pivotal, Carbon Black, and Cloud Health. Tom Axbey, VP and GM of CloudHealth by VMware, who participated in the roundtable, added: “CloudHealth was acquired by VMware a year ago, and we have 7000 customers globally across 183 countries, and $12 billion public clouds spend under management. We realise that everyone is at a different stage in their cloud journey, and where you are at the cloud maturity curve does matter. For CIOs, managing the complexity of the public cloud is not easy, and you have to manage costs, visibility, and on-going governance of cloud applications.”
During the discussion, Abdalla Al Ali, CIO of DMCC, which is planning to move its entire IT environment to the cloud, shared some of the challenges. “We are pushing heavily for the cloud. However, being a government entity, we have regulatory restrictions in terms of hosting confidential customer data. Now, the fact that Azure and Oracle have opened their cloud data centres in the UAE gives us a lot of flexibility, and it has also become more affordable as a result of the increased competition.” Offering a perspective on the banking industry, which also faces the same challenges as government entities, Nitin Bhargava, CTO of Mashreq Bank, said Banking is a heavily regulated industry, and it is difficult for us to leverage some of the latest technologies. We moved our HR system Oracle cloud six years ago, and we also have a private cloud. However, it is very difficult for us to create a hub and spoke model due to very strict data residency laws.” Representing the private sector, Sebastian Samuel, CIO of AWRostamani shared his company’s cloud journey. “We started our journey in 2011 by moving the talent management system to the cloud. From then onwards, we
have been pursuing very aggressive cloud strategy. Whenever we have a new requirement, we look around to see if it is available in SaaS or PaaS model. Adopting the cloud allows to have different innovation cycles for different functions.” Imad Taha, CIO of Belhasa, raised the concern of vendor lock-in the cloud, which was addressed by Baguley. “You have to understand what are they trying to sell you. Over the years, these cloud providers have developed tightly coupled stacks, and you don’t have the flexibility to unpick any piece. Intelligent people are decoupling their applications and building multiple pieces in multiple layers.” Other participants in the roundtable included: Ahmed Auda, regional director of VMware; Rasheed Al-Omari, Principal Business Solutions Strategist - SEMEA, VMware; Venkatesh Mahadevan, CIO of Dubai Investments; Ajay Rathi, IT director of Dubai Healthcare City Authority; Mohammed Roushdy, CIO of Dubai Asset Management; Ali Ghunai, CIO of Canadian Specialist Hospital; Mohammed Aslam, VP of IT architecture at Dubai Islamic Bank; Mohannad Hennawi, head of IT at Naffco; and Abdulla Al Hinai, head of IT at National Bank of Oman.
NOVEMBER 2019
CXO INSIGHT ME
31
VIEWPOINT
HOW ORGANISATIONS CAN SCALE DIGITALLY GENG LIN, CHIEF TECHNOLOGY OFFICER, F5 NETWORKS, SAYS WHILE THE PACE OF DIGITAL TRANSFORMATION IS DIFFERENT FOR EACH COMPANY, THERE ARE IN GENERAL THREE PHASES WHICH ORGANISATIONS GO THROUGH WHEN EMBARKING ON A DIGITAL TRANSFORMATION JOURNEY.
I
n recent years, enterprises in every industry sector have been embarked on a digital transformation journey in one way or another. Business enterprises are taking advantage of the proliferation of digital technologies to define new business models or to improve business productivity with existing models. Key digital propellers such as the Internet (as a ubiquitous reachability platform), applications and open source proficiency (as a skill set platform), cloud (as a pervasive computing and data platform), and, of late, AI/ML (as an insight discovery platform) help enterprise businesses to improve business productivity and customer experiences. While the pace of digital transformation varies based on the business and the sector it is in, overall, the journey of digital transformation has three stages. • Task Automation. In this stage, digitalisation leads businesses to turn human-oriented business tasks to various forms of “automation,” which means more applications are introduced or created as part of the business flow. This began with automating well-defined, individual tasks to improve efficiencies. A common example is IVR systems that answer common questions about a product or service but may need to hand off to a human representative. Individual tasks are automated, but not consistently integrated. • Digital Expansion. As businesses start taking advantage of cloudnative infrastructures and driving automation through their own 32
CXO INSIGHT ME
NOVEMBER 2019
software development, it leads to a new generation of applications to support the scaling and further expansion of their digital model. The driver behind this phase is business leaders who become involved in application decisions designed to differentiate or provide unique customer engagement. For example, healthcare providers are increasingly integrating patient records and billing with admission, discharge, and scheduling systems. Automated appointment reminders can then eliminate manual processes. Focusing on end-to-end business process improvement are common themes in this phase. • AI-Assisted Business Augmentation. As businesses further advance on their digital journey and leverage more advanced capabilities in application platforms, business telemetry and data analytics, and ML/AI technologies, businesses will become AI-assisted. This phase opens new areas of business productivity gains that were previously unavailable. For
example, a retailer found that 10% to 20% of its failed login attempts were legitimate users struggling with the validation process. Denying access by default represented a potentially significant revenue loss. Behavioural analysis can be used to distinguish legitimate users from bots attempting to gain access. Technology and analytics have enabled AI-assisted identification of those users to let them in, boosting revenue and improving customer retention. The steady rise in leveraging application, business telemetry and data analytics enables organisations to scale digitally. Adopting an agile development methodology to quickly iterate modifications has shortened the lifecycle of “code to users.” In digital enterprises, the “code” embodies the business flow and the speed of change in “code to users” represents business agility. In this new era of digital economy, applications have become the life blood of the global economy. Every business is becoming an application business and every industry is becoming applicationcentric industry. As IT infrastructure automation and application-driven DevOps processes have been largely established across the industry, we envision that a layer of distributed application services that unifies application infrastructure, telemetry, and analytics services is emerging. The scale, agility, and complexity of digital enterprises demands their applications to have self-awareness and the ability to automatically adjust to operating and business conditions. This will breed a new generation of application services to collect, analyse, and act on the telemetry generated by apps and their infrastructure. These capabilities create new business uses. End-to-end instrumentation from code to customer will enable application services to emit that telemetry and act on insights produced through AI-driven analytics. These distributed application services will help application owners to improve application performance, security, operability, and adaptability without significant development effort.
INTERVIEW
THE FUTURE OF WORK
IAN KHAN, TECHNOLOGY FUTURIST AND CEO & FOUNDER, FUTURACY AND MARK ACKERMAN, REGIONAL DIRECTOR, MIDDLE EAST & AFRICA, SERVICENOW, PAINT A PICTURE OF THE FUTURE OF WORK AND HOW REGIONAL ENTERPRISES CAN LEVERAGE TECHNOLOGY TRENDS TO MAP OUT THEIR GROWTH.
T
oday our lives are governed by technology. From the moment we wake up in the morning to the last thing we do before we go to bed revolves around technology in one way or another. If you thought this was too much to handle and were going on digital detox sprees, then brace yourself for the future. It is only going to become even more pervasive and deeply rooted in our everyday lives.
At ServiceNow’s annual Future of Work event, which took place in Dubai recently, Ian Khan, Technology Futurist and CEO & Founder, Futuracy, reiterated the ubiquitous role technology will have and explained the different trends that will dominate the way we work and live in the future. CXO Insight ME caught up with the Futurist to understand how regional enterprises can prepare for the trends that will shape our tomorrow.
“There is no doubt that technology will continue to seep through every aspect of our lives,” Khan said. “Our relationship with technology has changed drastically over the past few years and today we look at the world through our devices. People have adopted technology to the extent that it was unprecedented – transforming our expectations from life, entertainment, relationships and career.”
IN THE FUTURE, COMPANIES THAT HAVE A PURPOSE BEHIND THEM WON’T BELIEVE IN TASKS ALONE AND WILL LAY EMPHASIS ON THE OUTPUT. THIS IS THE SHIFT THAT HUMANITY HAS TO FOLLOW TO GO FROM THE CURRENT DEFINITION OF WORK TO WHAT IT SHOULD BE. If we saw exceptional levels of technological adoption over the past few years, then it is only going to become even deeper, Khan explained. As we move away from a hardwaredriven world to a software-led one, technology is becoming more prevalent in various sectors. “If you want to fit in this world driven by technology, you have to adapt to the evolving trends and adopt it.” Khan believes we are still in the initial era of adopting to technology. “We are probably 20 years away from what we see in sci-fi movies,” he said. “There’s a 34
CXO INSIGHT ME
NOVEMBER 2019
lot of catching up that we need to do.” So, in such a circumstance, what can regional enterprises do today to help their business and employees thrive in a technology-driven future? According to Khan, the definition of work will change in the time to come. Today most of us define it by the tasks we do instead of the outcomes that are achieved. This is a shift that needs to occur, he said. “In the future, companies that have a purpose behind them won’t believe in tasks alone and will lay emphasis on the output. This is the shift that humanity has to follow to go from the current definition of work to what it should be.” For the moment, technology is keeping us in this sphere, where we are obsessed about completing tasks as fast as possible. But imagine a not too distant future where technology is automating almost 99 percent of tasks. What will then a person do for work? Khan explained that this shift is not going to happen overnight, and it will be a gradual process. “Soon, we will not depend on tasks for an income to live but our understanding and contribution to the world will be on a different level in terms of work,” he said. “We will move away from manual tasks to doing roles that are centred around empathy, critical thinking, being able to judge and so on. Machines will never have these abilities as it runs completely on algorithms.” To be successful in the future, it is imperative that organisations have a clear purpose of what they stand for today. It is not about the products they create or the technologies that they have, but more about their longterm missions and how they can transform the lives of consumers and communities. Khan urged regional businesses to “start investing and developing this kind of a mindset and culture.” “Organisations’ future success depends on attracting the right generation and talent to work for them. Newer generations have been born and raised in a technology forward environment. Therefore, it is important
WE WILL MOVE AWAY FROM MANUAL TASKS TO DOING ROLES THAT ARE CENTRED AROUND EMPATHY, CRITICAL THINKING, BEING ABLE TO JUDGE AND SO ON. MACHINES WILL NEVER HAVE THESE ABILITIES AS IT RUNS COMPLETELY ON ALGORITHMS.
for businesses to focus on the value they can offer and purpose they serve, rather than the tasks they provide. “They have to think bigger. This will have an impact on who will work for them, how they will do it and the entire premise of the definition of work,” he added. He explained that it is important for organisations to support collaborative experiences as this can lead to better outcomes. “Enterprises have to work with other agencies and technology providers to experiment on different things rather than waiting for a solution to be handed to them. This offers an opportunity to create unique solutions for your own firms.” Understanding this, Mark Ackerman, Regional Director, Middle East & Africa, ServiceNow said that the digital workflow company is enabling organisations to focus on outcomes. He said, “We are no longer having a solutions-focused or a features-tofunction discussion. Our conversations with customers are now outcomebased.”
According to Ackerman, one of the challenges that organisations face today, which is keeping them from becoming outcome-based, is that they lack the role of a chief experience officer. “Whose responsibility is it to ensure that the infrastructures, technologies, services and experiences are all in place to be able to deliver the desired outcome? This position is required to monitor experiences at the workplace,” he added. “There is a void in this area in most firms today and it’s because an individual like that will have to work across many different departments. Satisfied and happy employees can deliver better outcomes and be more productive.” The biggest problem that enterprises will face in the future will be around talent shortage, Khan said. “This is why it is also important to invest in employees and continuously offer trainings to help them grow and in turn increase a firm’s business,” he said. Governments such as the UAE are investing today with the establishment of its AI university to teach students for future roles. More governments must undertake such initiatives. Khan added, “Regionally, the UAE is leading the charge on innovation, technology and pushing the limits on what we can be in the future.” Organisations should create growthfocused work environments with technology as the backbone, to enable employees achieve its overall outcomes and transform customers’ lives.
NOVEMBER 2019
CXO INSIGHT ME
35
VIEWPOINT
THE REAL WEAK SPOT VIMAL MANI, HEAD OF INFORMATION SECURITY UNIT OF BANK OF SHARJAH, WRITES ABOUT HOW TO DE-RISK SDLC WITH SECURED DEVELOPMENT MODELS AND TECHNIQUES.
H
ospitals, telecommunications, business establishments, airlines, banks and other countless organisations are driving their day to day operations only with the support of software. In airlines and hospitals, lifecritical functions are where the role of software will be mission critical. None of us would have forgotten the case study of three back to back crashes of Boeing 737 MAX Jet, the root cause of which has been identified as defective software driving these flights. The number of vulnerabilities being identified in such mission critical software is increasing in an alarming rate which can be exploited by hackers easily. Such exploitations can lead to taking control over the host computer if it’s connected via the network or the Internet by the hackers. In past banks in Europe used to send OTPs to their customers’ phones for authorising the various online banking transactions performed by them. By exploiting the vulnerabilities present in the software used by these phones, attackers were able to intercept the messages sent by the banks and crack the OTPs and steal money from the customer’s accounts who don’t know what is really happening with their accounts.
Why Software becomes vulnerable and non-secured Due to the following factors, software developed can become vulnerable for security risks: • Not designing the software to satisfy its requirements for security properties/attributes • Not understanding the security implications of different programming languages, tools, or techniques and how they are used when developing the software • Poor Software Architecture • Lack of Design & Code Reviews • Inherent vulnerabilities exist in the programming language used • Backdoors introduced into the code • Coding Errors and unsafe programming practices • Failure to consider the threat environment and its implications • Use of non-secured legacy technologies
• Non patched code • Not recognizing the need for riskdriven security testing • Lack of adequate non-functional and security testing • Not executing the “due diligence” involved in preparing the software for distribution, to ensure that it doesn’t contain any residual features (debugger commands, comments containing sensitive information [such as information about residual uncorrected defects], etc.) that could make the software vulnerable in deployment. • Insecure Installation • Undocumented features/functions from the live application • Insufficient logging and monitoring How vulnerable software applications can be exploited By leveraging the vulnerabilities exist in software applications hackers can launch the following attacks targeting the vulnerable software applications: • Privilege escalation • Command injection • Introduction of Malicious Code • Denial Of Service • Integrity Violation • Confidentiality Violation
Software Assurance (SwA) What is a Secure Software? Secure software is a software application or its individual component which cannot be intentionally forced to perform malicious functions. That means the software will: Recognise attacks through the inputs it receives and its interactions with other components or users; and avoid or withstand performing malicious functions 36
CXO INSIGHT ME
NOVEMBER 2019
Software Assurance is the level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, and that the software functions in the intended manner3.It’s very essential to have the execution of software assurance activities as part of SDLC which will help in ensuring
the security, reliability and fault tolerant mechanisms of software being built for supporting various mission critical business functions. Software fault tolerant mechanisms will help in improving the reliability factor of software applications. Well planned and executed Software Assurance activities will help in ensuring the following aspects of software developed: • Security - Provides confidence that No exploitable vulnerabilities exist in the software • Reliability - Provides confidence that software has inbuilt fault tolerance mechanisms • Predictable Execution - Provides confidence that software developed when executed will function as intended • Conformance - Provides confidence that software developed conform to business requirements and SDLC processes/standards established in place.
Implementation of Secure Development Models The following are some of the secured software development models that guide the development of secured and reliable software applications which help in achieving the level of Software Assurance desired by clients:
Software Assurance Maturity Model (SAMM) Software Assurance Maturity Model (SAMM) is a framework which helps organizations in formulating and implementing a strategy for assessing the maturity of software development security and improving the same inline to organizational requirements.
Systems Security Engineering Capability Maturity Model (SSE-CMM) The System Security Engineering Capability Maturity Model (SSE-CMM) is a process-oriented methodology used to develop secure systems based on the Software Engineering Capability Maturity Model. The SSE-CMM is organised into processes and maturity
levels. It’s a model developed by SEI CMU, USA.
Building Security In Maturity Model (BSIMM) Building Security In Maturity Model (BSIMM) 7 is a study of existing software security initiatives of various organisations globally. The purpose of BSIMM model is to describe what is happening in software security initiatives, rather than prescribe what “should happen”. By quantifying the practices of many different organisations, BSIMM can describe the common ground shared by many organizations in adopting secured software development methods & techniques.
The Microsoft SDL Microsoft SDL is a collection of SDLC practices used by global Microsoft Corporation internally to build more secure products and services. Microsoft SDL introduces security and privacy considerations throughout SDLC which helps developers in developing highly secure software, addressing security compliance requirements, and reducing development costs in a significant manner.
DevOps/DevSecOps DevOps is an operational framework that supports organisation in delivering reliable software to clients in a consistent and standardized manner through most effective form of automation. Scripts will be heavily used to build organisational memory around software development into automated processes to reduce human error and force consistency in software delivery and deployment. Development, Code maintenance, code validation, deployment, quality assurance and run-time monitoring etc. are getting automated using DevOps framework. DevOps aims to make the release cycles as much as fast as it could be. Implementation of DevOps/ DevSecOps helps financial services firms in leading a culture change in their software development area. As application security becomes a very critical concern for businesses,
it’s crucial that security is built into the foundations of DevOps practices in a seamless manner (DevSecOps). DevSecOps is nothing but the inclusion of security into every task carried out by DevOps driven development teams such as Design, Development, Testing, Pre-Deployment Validation, production deployment and automating these tasks as much as possible.
CLASP (Comprehensive, Lightweight Application Security Process) CLASP is an activity-driven, role-based set of process components guided by formalized best practices. CLASP is designed to help software development teams build security into the early stages of existing and new-start software development life cycles in a structured, repeatable, and measurable way.
SEI Team Software Process (TSP) for Secure Software Development The Software Engineering Institute’s (SEI) Team Software Process (TSP) provides a framework, a set of processes, and disciplined methods for applying software engineering principles at the team and individual level. Software produced with the TSP has one or two orders of magnitude fewer defects than software produced with current practices—that is, 0 to .1 defects per thousand lines of code, as opposed to 1 to 2 defects per thousand lines of code. TSP for Secure Software Development (TSP-Secure) extends the TSP to focus more directly on the security of software applications.
Conclusion Adopting appropriate Secured Secure Development Models/ Techniques, DevSecOps culture in the team environment supported with well-defined Software Assurance mechanisms and periodic assessment of Maturity of Security Implementation in Software Development will help organisations in building reliable and trustworthy software applications preferred by the clients.
NOVEMBER 2019
CXO INSIGHT ME
37
CASE STUDY
TAKING CONTROL AMERICAN UNIVERSITY OF BEIRUT TRANSFORMS ITS MAINTENANCE WITH INFOR ENTERPRISE ASSET MANAGEMENT SOLUTION.
A
s Lebanon’s top-rated university, the American University of Beirut has a proud 150-year history and a reputation for having set a high benchmark in academic excellence. But this success has also seen the university grow in size, scale and complexity: The University now has some 9,000 students, 1,200 instructional faculty members and a campus consisting of 64 buildings spread across an area of 60.9 acres (246,459 square meters), including seven dormitories, computer labs, an archaeological museum, a natural history museum, and one of Lebanon’s few geological collections. The campus also includes AUB Medical Center (AUBMC) – one of the Middle East’s top medical institutions – which treats some 360,000 patients annually. 38
CXO INSIGHT ME
NOVEMBER 2019
While this makes for an impressive roster, it also presents a formidable task for those charged with managing and maintaining the campus and its assets. Indeed, the campus has some 18,000 infrastructure assets, while the 550-bed Medical Center is home to 5,500 types of medical equipment – and logging, monitoring and maintaining these assets is vital for the success of the organization. Back in 2012, the university’s growing number of assets presented a significant challenge, with a lack of visibility of the assets and their value and maintenance requirements making it difficult for the organization’s facilities management team to keep track of and maintain assets in an efficient way. The university decided to take a comprehensive look at its assets with a clear mission to implement asset management by 2013.
The university’s capital assets were being managed on an Oracle platform, which was part of a broader Oracle suite used for many other aspects of the university’s IT systems. AUB business units realised there were some challenges with the Oracle EAM module, including that it had multiple screens and was complex for end users. The IT team and the concerned business units conducted a review of the system and decided to replace it. The team sent requests for information (RFIs) to the major EAM vendors, who visited the university and presented their solutions. Infor EAM stood out from its rivals and appeared to have everything needed for the specific needs of the university and Medical Center. “When our asset management staff tried Infor EAM it was far easier for them than our legacy system, and more convenient
and straightforward for users who are less technical,” said Rabih Haidar, Senior Business Systems Analyst at AUB. Interestingly, AUB had some experience of Infor as it had previously used a version of MP2, but on a small scale. Haidar’s experience of this software and its ease-of-use had already given him a favourable impression of Infor and this was confirmed by the preliminary tests that the team ran on Infor EAM. The AUB team opted for Infor EAM and the solution went live in 2015, covering AUB and AUBMC’s most valuable assets, although AUB continues to add more groups of assets to the system. Infor EAM was able to pull in assets from the legacy Oracle E-business suite, making the process straightforward. Once in the Infor EAM system, the assets became visible to AUB’s servicing department which added additional information to assist with the ongoing maintenance of each asset. The system now captures most of the equipment on campus including physical plant assets that require maintenance, as well as medical assets at AUBMC. The software tracks and helps to maintain all the infrastructure assets including electrical, mechanical, audio video, and all kinds of equipment and installations in the buildings. “We start defining the assets by the building itself and then the rooms, the floors, the physical installations like the chillers, air handling units and all the sanitary assets in the campus and the Medical Center,” Haidar said. “We also maintain the medical equipment like the X-ray and imaging machines. We also capture and track other assets like IP assets, auxiliary assets, housing assets and lab assets.” Prior to installing Infor EAM, the university had a lack of visibility over its assets, particularly maintainable assets and more, and it was also difficult to assess the cost of their maintenance including manpower and third-party utilization. The organization had previously used a number of databases, which added to the complexity. However, with Infor EAM, all of the assets were captured in one place, allowing the
maintenance team to see the assets clearly and without having to swap between databases. “It standardised our asset repository. Now when anyone looks for assets, they look in one place, which is Infor EAM,” Haidar says. “We have a single clear picture of everything. If I want to see what assets are on one floor I can get it. Before I would have to contact different departments that have to handle different assets to capture all of this information.” The system gives users access to all the information they might need to know about AUB and AUBMC’s assets, such as when they need specific maintenance work, replacing or servicing. Infor EAM also gives the maintenance team visibility over spare parts expenditure on specific work. The team has its own stores on campus which have the spare parts used for most of the repairs and maintenance. Infor EAM also allows facility managers at AUB to see exactly which parts are in stock, which helps to manage inventory far more efficiently. “We know what we’re spending on specific spare parts now, and for which departments, which cost centers and we can better charge internally the departmental expenditures,” Haidar adds. “We needed
transparency with the expenses and the internal charging, and that is available now along with clarity on the expenses.” The software also informs the maintenance staff on labour resource time allocated for maintenance tasks, enabling the team to know how long each job is taking and which technician is carrying out which task. “We have visibility and we can research and use our resources better,” Haidar says. Managing assets at the medical center is arguably more complex than in the university due in part to the various accreditations that need to be achieved from organisations such as the JCI (Join Commission International) to monitor and maintain medical assets to the correct standards, and this is something that Infor EAM was able to accommodate seamlessly. “When we maintain medical assets we need to tag them appropriately and schedule the maintenance frequency in compliance with regulations, as the equipment is mission critical and people’s lives may depend on it,” Haidar says. Haidar was also pleased by the response of the staff who use Infor EAM and how quickly and easily they adopted it, a factor which has reduced training time and increased productivity of the staff. “I was astonished by the way the users of Infor EAM were able to digest the new system. It’s easy to use and straightforward. The user interface is intuitive and users can digest it easily with little training,” he says. AUB and AUBMC continue to add assets to their Infor EAM system. With the higher value and mission critical assets already included, Haidar and rest of the team are adding other significant assets, including sports equipment at the campus’s Charles Osler sports center, which has close to 300 pieces of sports equipment to be tracked. After this, the university faculties will start capturing assets in the Faculty of Engineering lab and the Faculty of Health Sciences. “We’re moving by criticality,” Haidar explains. “Everything we add ultimately helps us to improve our efficiency and the service that we offer to students and faculty.”
NOVEMBER 2019
CXO INSIGHT ME
39
VIEWPOINT
THE REALITY OF BLOCKCHAIN DAVID FURLONGER, GARTNER DISTINGUISHED VP AND ANALYST, WRITES ABOUT HOW BLOCKCHAIN WILL EVOLVE UNTIL 2030 AND TODAY’S HYPE VERSUS REALITY.
G
enerally, anyone looking to open a restaurant would need to go to various government agencies to obtain the required certifications. For example, the owners may need a health certification, worker’s comp certification or a liquor license depending on the type of establishment. For each of these certifications, the owner will have to produce essentially the same documentation. In British Columbia, the government for the city of Victoria decided that, as a matter of social good, it would create a blockchain platform to allow access to all of the restauranteur’s information, creating a “restaurant passport” for each owner. Rather than control all the data itself, the Victorian government developed a decentralized system. This means owners now control all of their information and the consent switches to the individual. Not only can the government agency then verify the information, the owner can control who has access to the information and for how long. Additionally, the system is
David Furlonger
40
CXO INSIGHT ME
NOVEMBER 2019
portable, allowing owners to open a restaurant in a different city using the same information. This type of blockchain, called blockchain enhanced, increases efficiencies while continuing to drive economic growth. But where does blockchain fit for other organizations? Victoria’s government had a clear, narrowly defined focus for this proof of concept (POC), but CIOs need to understand what blockchain is, what it could be and, importantly, how to explain the value to the business.
Explore blockchain hype versus reality According to the 2019 CIO Survey, while 60% of CIOs expect some kind of blockchain deployment in the next three years, it’s not a focus; only 5% of CIOs rank it as a game changer for their organization. Most organizations have only explored blockchain on small, narrowly-focused POCs. But top performers are already considering how the technology could be combined with complementary tech such as artificial intelligence (AI) and the Internet of Things (IoT) to create entirely new business models. Even if the technology is not quite advanced enough to launch this initiative now, CIOs should begin exploring these potentials and gathering support from their leadership team. It’s key that CIOs first explain the components of blockchain. True blockchain has five element: Distribution: Blockchain participants are located physically apart from each other and are connected on a network. Each participant operating a full node maintains a complete copy of a ledger that updates with new transactions as they occur.
Encryption: Blockchain uses technologies such as public and private keys to record the data in the blocks securely and semi-anonymously (participants have pseudonyms). The participants can control their identity and other personal information and share only what they need to in a transaction. Immutability: Completed transactions are cryptographically signed, timestamped and sequentially added to the ledger. Records cannot be corrupted or otherwise changed unless the participants agree on the need to do so. Tokenization: Transactions and other interactions in a blockchain involve the secure exchange of value. The value comes in the form of tokens, but can represent anything from financial assets to data to physical assets. Tokens also allow participants to control their personal data, a fundamental driver of blockchain’s business case. Decentralization: Both network information and the rules for how the network operates are maintained by nodes on the distributed network due to a consensus mechanism. In practice, decentralization means that no single entity controls all the computers or the information or dictates the rules. Understanding each of the elements, and how they come together to form a true blockchain, gives CIOs a framework to explain the technology to executives and clear up misconceptions.
Blockchain enabling technologies: 2009-2020 This early phase of blockchain-enabled experiments are built on top of existing systems to reduce cost and friction in private, proprietary activities. They have only limited distribution capabilities to a small number of nodes either within or between enterprises.
Blockchain-inspired solutions: 2016-2023 The current phase of blockchain-inspired solutions are usually designed to address a specific operational issue – most often in terms of inter-organizational process or record keeping inefficiency.
VIEWPOINT
HOW TO GET A HANDLE ON VULNERABILITY MANAGEMENT IF YOU’RE ONLY FOCUSED ON PATCHING, YOU’RE NOT DOING VULNERABILITY MANAGEMENT, WRITES ANTHONY PERRIDGE, VP OF INTERNATIONAL AT THREATQUOTIENT.
W
hen I speak to security professionals about vulnerability management, I find that there is still a lot of confusion in the market. Most people immediately think I’m referring to getting rid of the vulnerabilities in the hardware and software within their network, but vulnerability management encompasses a much broader scope. Vulnerability management is not just vulnerability scanning, the technical task of scanning the network to get a full inventory of all software and 42
CXO INSIGHT ME
NOVEMBER 2019
hardware and precise versions and current vulnerabilities associated with each. Nor is it vulnerability assessment, a project with a defined start and end that includes vulnerability scanning and a report on vulnerabilities identified and recommendations for remediation. Vulnerability management is a holistic approach to vulnerabilities – an ongoing process to better manage your organization’s vulnerabilities for the long run. This practice includes vulnerability assessment which, by definition, includes vulnerability scanning, but also other steps as described in the
SANS white paper, Implementing a Vulnerability Management Process. Just as the process of vulnerability management is broader than you might think, the definition of a vulnerability is as well. A vulnerability is the state of being exposed to the possibility of an attack. The technical vulnerabilities in your network are one component, but there is another important aspect that is often overlooked – the vulnerabilities specific to your company, industry and geography. You can’t only look internally at the state of your assets. You must also look externally at threat actors and the
Having a platform that serves as a central repository allows you to aggregate internal threat and event data with external threat feeds and normalize that data so that it is in a usable format. By augmenting and enriching information from inside your environment with external threat intelligence about indicators, adversaries and their methods, you can map current attacks targeting your company, industry and geography to vulnerabilities in your assets. Intelligence about a campaign that presents an immediate and actual threat to your organization leads to a more accurate assessment of priorities and may cause you to change your current patch plan to prioritize those systems that could be attacked at that moment. The result is intelligencedriven patch management that hardens your processes to thwart the attack. campaigns they are currently launching to get a more complete picture of your vulnerabilities and strengthen your security posture more effectively. In The Art of War, Sun Tzu captured the value of this strategy well when he stated, “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”
Prioritise patching based on the threat As stated above, with respect to vulnerability management, most security organizations tend to focus on patching but because they don’t have the resources to patch everything quickly, they need to figure out what to patch first. To do this security teams typically take a thumbnail approach – they start with critical assets, the servers where their crown jewels are located, and work down to less critical assets. While a good starting point, their prioritization decisions are based only on internal information. As Sun Tzu points out, knowing yourself but not the enemy will yield some victories but also defeats.
IF YOU KNOW THE ENEMY AND KNOW YOURSELF, YOU NEED NOT FEAR THE RESULT OF A HUNDRED BATTLES. IF YOU KNOW YOURSELF BUT NOT THE ENEMY, FOR EVERY VICTORY GAINED YOU WILL ALSO SUFFER DEFEAT. IF YOU KNOW NEITHER THE ENEMY NOR YOURSELF, YOU WILL SUCCUMB IN EVERY BATTLE.
Bridge the visibility gap Unfortunately, the reality is that not every company has 100% visibility into their assets and vulnerabilities, so mapping external threat data to internal indicators to hone a patch plan sometimes has limited value. However, there is still tremendous value in gathering information from global threat feeds and other external intelligence sources to determine if your business is under a specific attack. The MITRE ATT&CK framework is one such source. It dives deep into adversaries and their methodologies so security analysts can use that information to their advantage. Bringing MITRE ATT&CK data into your repository allows you to start from a higher vantage point with information on adversaries and associated tactics, techniques and procedures. You can take a proactive approach, beginning with your organization’s risk profile, mapping those risks to specific adversaries and their tactics, drilling down to techniques those adversaries are using and then investigating if these techniques could be successful or if related data have been identified in the environment. For example, you may be concerned with APT28 and can quickly answer questions including: What techniques do they apply? Have I seen potential indicators of compromise or possible related system events in my organization? Are my endpoint technologies detecting those techniques? With answers to questions like these you can discover real threats, determine specific actions to harden your network and processes, and mitigate risk to your business. A holistic approach to vulnerability management, that includes knowing yourself and your enemy, allows you to go beyond patching. It provides awareness and intelligence to effectively and efficiently mitigate your organization’s risk and position your team to address other high-value activities – like detecting, containing and remediating actual attacks, and even anticipating potential threats.
NOVEMBER 2019
CXO INSIGHT ME
43
VIEWPOINT
HOW CIOS CAN PREPARE FOR LIFE ON THE EDGE JACOB CHACKO, REGIONAL BUSINESS HEAD, MIDDLE EAST & SAUDI AT ARUBA, A HEWLETT PACKARD ENTERPRISE COMPANY, DISCUSSES HOW TECHNOLOGY HEADS CAN MANOEUVRE THEIR WAY AROUND EDGE COMPUTING.
I
T teams have been under pressure to introduce a range of new technologies into businesses, across multiple departments and functions. These range from IoT, to AI and machine learning, data processing alongside traditional functional technologies like CRM systems. The network edge represents the culmination of these technologies
44
CXO INSIGHT ME
NOVEMBER 2019
coming together. According to Gartner, edge computing will be a necessary requirement for all digital businesses by 2022. With potentially trillions of dollars being invested in the hope of generating huge economic returns, the argument for paying attention to the Edge opportunity is clear and the window for learning and action is narrowing. The challenge for IT teams is to
lead the pursuit of these edge-based strategies across the business, and manage the edge environments, from user devices to operational technology all with data security as a priority. In the findings of the e-book commissioned by Aruba entitled ‘Opportunity at the Edge: Change, Challenge, and Transformation on the Path to 2025’, many interviewees and
survey respondents highlight the sheer scale of the technology ecosystem that IT must manage in an edge environment. For example, in a university environment, IT now must accommodate and support the range of student devices being used across campus – from laptops to smart speakers – plus IoT-enabled environments such as temperature sensors and security cameras. At the same time, all the university functions from catering to the athletics department are deploying an ever-wider array of technologies at the edge that need to be bound into the network and supported in a secure manner. Innovation, Change and Transformation Advisor Philippe Choné reinforces this point: “Products used to be physical things. Now products come with a layer of software and data and that points to an ecosystem. Product management and strategy, then, needs to involve not only IT partners but also legal compliance.”
Part of the challenge for the C-suite is ensuring leaders have enough understanding and digital literacy to drive and support the IT function to fulfil its crucial emerging role in a business pursuing edge strategy.
Building An Edge-Capable IT Function Across the expert interviews, survey, and secondary research, the issue of upgrading IT capabilities was raised consistently. Emphasis was placed on the need for the C-suite to reassure itself that the IT function fully understands the requirements and challenges of delivering seamless and secure service across tens of thousands of digital touchpoints, with focus on four key issues. First, the management, integration, and security of a highly distributed IT infrastructure spanning from the core of the business via the cloud to the new network edge. Typically, this ecosystem includes users, fixed and mobile edge devices, applications, data, distributed data centres, networks, gateways, on-premises infrastructure, cloud services, infrastructure management processes, security management, and reporting. Key here is flexibility, as most organisations cannot say with certainty
just how many digital touch-points they might create over the next three to five years in an edge environment. Hence the infrastructure strategy needs to allow for the potential for the number of edgeconnected devices to increase by 10X, 100X, or 1000X – placing the spotlight on the scalability and interoperability of the technology choices being made. Second, the collection, storage, management, security, privacy protection, and governance of data becomes a heightened priority as the organisation increasingly reinvents itself around this core asset. Third, the sheer complexity of such environments will drive organisations to make far greater use of smart software applications operating at every level from device monitoring to management of the entire ecosystem. While AI will have a clear role to play, it is critical that every component in the software architecture can be monitored with full traceability of how it made its decisions. This may be a major challenge with many of the current AI applications that cannot explain their reasoning. Fourth, as highlighted earlier, the edge represents a massive increase in potential security risks as every device and network touchpoint becomes a potential point of vulnerability and source of threat. The InfoSec Institute highlights a number of critical risks that need to be managed, including weak device access passwords; insecure communications; data collected and transmitted by devices being largely unencrypted and unauthenticated; physical security risks for individual devices; and poor service visibility, with security teams unaware of the services running on certain devices. The edge clearly represents a massive business opportunity and delivering on it will inevitably mean the C-suite spending progressively greater amounts of time truly understanding the IT capabilities being delivered. Leaders will need to be immersed enough to know if their IT function, its infrastructure, and its key partners are fit for purpose and can provide a robust platform to enable a range of future options.
NOVEMBER 2019
CXO INSIGHT ME
45
VIEWPOINT
TOP 5 ACTIONS FOR CFOS TO HELP PREPARE FOR GROWTH JONATHAN WOOD, GENERAL MANAGER, MIDDLE EAST & AFRICA AT INFOR, EXPLAINS HOW CFOS CAN HELP THEIR ORGANISATIONS BECOME ALIGNED TO A GROWTHFOCUSED FUTURE.
W
hen CFOs adopt innovative technology, they help build organisations that are more agile, profitable, effective, and positioned for growth. Here are the five actions CFOs can take immediately to get started down the right path:
1. Develop one single source of the truth Data is the currency of success. Effective data management translates to big opportunities for companies that are intent on growth. But the key to effective data management is creating one source
of the truth—a central data repository. Everyone needs to work from the same set of information, if your organisation is going to operate as efficiently and effectively as possible. Companies can uncover key insights about their customers and business processes by breaking down data silos and building one single source of the truth. Whether that data comes from a single source, or more likely, multiple disparate sources, it needs to be visible from one place, so it can be trusted as reliable and acted upon by everyone who needs to make decisions.
2. Make that truth available and actionable Data is only useful if the people who need it, both inside and outside your organisation, can access it and act upon it to make faster, more informed decisions. Having the right technology to not only access data from across the organisation but also to provide meaningful insights to stakeholders can help you build a path to growth. Data analytics can perform what-if scenarios that help you cut costs, identify new opportunities with existing customers, and even create new business models and processes. The key here is having the right level of data from across the organisation and the right analytics to take decision-making to the next level.
3. Connect everything—No system can operate in a vacuum Connect all your product, sales, financials, HR, etc. systems and you’re on your way to having the visibility you 46
CXO INSIGHT ME
NOVEMBER 2019
need to grow profitably. Consider adding cloud-based ERP and product systems, which can be among the most crucial and transformative investments a company makes. Because these systems reach into every part of an organisation, from manufacturing and sales, to finance, human resources, and more, they can significantly improve your company’s efficiency and productivity, helping to drive its growth to the next level.
4. Connect everyone True communication and collaboration can deliver great benefits. Just as all your systems need to be connected, so too do your employees and partners along your value chain. Social collaboration tools available from within the applications people use to get their jobs done make it easier to get work done. Users within your organisation and all along your value chain can get information where and when they need it, at their fingertips, without having to break their workflow. The system can capture these interactions, so the information becomes part of the organisation’s knowledge base, helping to drive greater insight and productivity.
5. Make it all available all the time Business happens around the clock, everywhere. CFOs must cloud-enable all their most important systems and ensure that their business can operate from any geography, at any time. Looking beyond the cloud, make sure as many of your core systems as possible are fully mobile-enabled. Whether an executive at the airport needs to look at sales forecasts from their laptop or a production manager on the manufacturing floor needs to check parts inventory from their smartphone, that information needs to be available and actionable–or an opportunity may be lost. By selecting and implementing the right technologies, you can forge a smooth, steady, path to growth.
PRODUCTS
HP Elite Dragonfly Makes UAE Debut HP has introduced the HP Elite Dragonfly, which it claims is the lightest compact business convertible laptop. The laptop, which is a sub-one-kilogram ultralight premium PC, is designed to push work and life boundaries for mobile business professionals. Artfully crafted to stand out in a distinct Dragonfly blue, designed to be powerful, and hardened with security, the HP Elite Dragonfly ushers in a new era of mobility. The HP Elite Dragonfly is the company’s first notebook to include ocean-bound plastics. Its speaker enclosure component is made with 50 percent post-consumer recycled plastic including 5 percent ocean-bound plastics.
Noting that consumers in the UAE are growing increasingly aware of the environmental impacts of the products they are buying, George Rouppas, Head of Personal Systems Category
at HP Middle East, Saudi Arabia & Turkey said, “Sustainability and the creation of a circular economy are hugely important to us. Be it through partnerships with local charities, such as Dubai Cares through which we support educational projects while recycling HP ink cartridges or through the introduction of new products such as the HP Elite Dragonfly, we continue to reinforce our commitment to HP’s global sustainability agenda. The smart choices we are making about the plastic elements in devices play a crucial role in achieving those goals globally.” HP Elite Dragonfly is expected to be available from December, starting at AED 5,499, including VAT.
Nexans Launches Enspace High Density Fibre Panels Nexans, the cables and cabling systems provider, has announced the launch of its High Density patch panels to complete its LANmark-OF ENSPACE range, which already comprises of Ultra High Density panels. The new ENSPACE HD panels are available in 2 versions: 1U with 96LC connections and 2U with 192LC connections. These complement the existing range of ENSPACE UHD panels, which can hold 144LC connections in 1U. The ENSPACE HD panels are designed for server racks or patching zones which don’t require ultra-high density. The ENSPACE HD panels have 2 fixed trays per U. The staggered trays, together
with the open top and bottom of the front of the panel, allow for maximum access to the patch cords to facilitate operations. The label slides easily inside the rear of the front door to document moves, adds and changes. As the panels have no moving parts, patch cords and
trunks can’t get stuck between the trays. The ENSPACE modules can be installed from the front and the rear of the panel without disconnecting already installed trunks or cords. This allows you to add ports without disrupting active channels. The modules are available in 3 types to support different installation and protocol requirements: MTP-LC adaptor modules, LC adaptor modules and MTP adaptor modules. The ENSPACE trunks are fixed at the rear of the panel in cable gland slot holders. These can be installed in various orientations (side, angle, rear) to allow maximum flexibility during installation.
Aruba Announces Services-Rich Switching Portfolio Aruba, a Hewlett Packard Enterprise company’s, Aruba CX Switching Portfolio now includes the Aruba CX 6300 Series fixed configuration and CX 6400 Series modular access, aggregation and core switches, while delivering the latest advancements in the AOS-CX operating system. The new platforms in the Aruba CX Switching Portfolio include the Aruba CX 6300 Series, which is a family of stackable switches that offers flexible growth via a 10-member virtual switching
framework (VSF) and provides built-in 10/25/50 gigabit uplinks to meet the bandwidth needs of today and the future. The Aruba CX 6400 Series modular switches offer both a 5-slot chassis and a 10-slot chassis with a non-blocking fabric that scales from Gigabit POE access to 100G core, allowing customers to standardise on one platform across the enterprise, including hybrid use cases. The new version of AOS-CX introduces rich access features to the OS while extending CX differentiators to the
access layer of the network. These include Aruba Dynamic Segmentation to provide secure, unified policy across wired and wireless down to every user and IoT device, Ethernet VPN (EVPN) over VxLAN for simplified and secure connectivity from enterprises to data centres, and Virtual Switching Extension (VSX) live upgrades for no downtime during maintenance cycles.
NOVEMBER 2019
CXO INSIGHT ME
49
BLOG
3 AREAS THAT CAN GO WRONG FOR STORAGE ADMINISTRATORS NICK JHENG, REGIONAL MANAGER, MIDDLE EAST FROM SYNOLOGY, POINTS OUT THAT FLASH IS NOT PERFECT, STORAGE IS CORRUPTIBLE, AND TOTAL COST OF SOFTWARE OWNERSHIP IS BETTER THAN LICENSING COSTS.
S
imilar to all areas of the information technology industry, storage drives, backup and recovery data management, are also going through cycles of improved innovation. Increasing importance of cloud, software defined management, persistent memory and flash technologies are some of the areas, that data centre administrators need to come to new terms with. Using an approach of total cost of ownership throws up some important conclusions.
Hidden costs of software Licenses for backup and recovery of data are available on a subscription basis and as perpetual licensing. At first glance the cost of subscription licenses or monthly licenses with an annual contract, appear more economical than perpetual licensing. However, over a period of software usage time, various additional costs begin to accumulate, creating a need to look at the overall total cost of ownership. Typically, IT organisations, as they use applications, will tend to buy additional support, maintenance and patches, and upgrade services, each of which has an additional cost. Annual support services are typically in the range of 25% of perpetual licensing fees. Taking VMware as an example, the total cost of ownership is quite different if it is computed using a per CPU per socket basis and per host basis. 50
CXO INSIGHT ME
NOVEMBER 2019
Flash limitations While the rapid read and write capability of a solid-state drives (SSDs) are well known, there are limitations in their longer-term capabilities, and every data center administrator should be aware of this. SSDs work by writing and erasing data to NAND blocks. NAND blocks are the smallest blocks of data storage in an SSD drive and have a limited life span of read-write capabilities. Data in NAND blocks cannot be overwritten and must be erased first. As a result, the performance of SSDs vary over a period and continue to degrade resulting in a limited life span. Algorithms written inside SSDs help to distribute usage of the NAND blocks so that the wear and tear due to the erase function is distributed across the overall material. However, this can only be done in the background and requires a certain percentage of the NAND blocks to be reserved for this back and forth movement of data. This is called over-provisioning of the SSD and includes partitioning and reserving a percentage of good NAND blocks for these operations. Therefore, if the total capacity of the SSD is 1 Terabyte, after setup the administrator may find that the effective storage area inside the SSD is only 950GB. As the usage of the SSD progress, this percentage of usable area continues to reduce, while ensuring that it is available for high performance compute.
Bad sectors and wipe outs Catastrophic data loses are often linked to the increase in bad sectors on a traditional hard disk. Bad sectors get built up on the surface of hard disks when there is wear and tear, collision, over-heating, and file-system errors amongst others. As the number of bad sectors build up, sequential writing and reading of data gets disturbed as alternative available blocks need to be found, while bad sectors are skipped. The process of skipping bad sectors and finding good sectors to write on is called remapping. Hard disks with a higher number of bad sectors will go through longer periods of remapping that will slow down access to data from the hard disk. Continuous remapping and the increase of bad sectors will eventually be followed by a catastrophic data failure of various sorts. Hard disk drives that have developed bad sectors are 10 times more likely to fail than those hard disk drives without bad sectors.