ISSUE 13 \ OCTOBER 2019
PREPARED FOR THE
FUTURE AW ROSTAMANI CIO SEBASTIAN SAMUEL IS HARNESSING THE POWER OF DIGITAL INNOVATION TO FUEL BUSINESS GROWTH.
CONTENTS
57 PRODUCTS
14 HOW AW ROSTAMANI IT CHIEF IS DRIVING DIGITAL BUSINESS BTRANSFORMATION
PREPARED FOR THE
FUTURE 6 NEWS
12 12 16 22 26 28 34
PAGING DR.AI THE CLOUD CONUNDRUM IN A DIGITAL STATE OF MIND GOODBYE PC, HELLO DAAS PLANNING FOR FAILURE WHY YOU NEED AI TO FIGHT RANSOMWARE
PUBLISHED BY INSIGHT MEDIA & PUBLISHING LLC
18 40 42 44 50
DATA CENTRE TRANSFORMATION POWER TO THE PEOPLE MULTI-CLOUD’S MULTICULTURISM WHAT TO EXPECT AT GITEX TECHNOLOGY WEEK 2019
HELP AG, PROOFPOINT PARTNER TO DELIVER PEOPLE-CENTRIC CYBERSECURITY SALESFORCE SUSTAINABILITY CLOUD TO HELP CUSTOMERS DRIVE CLIMATE ACTION CLOUD-NATIVE BREACHES UNLIKE TYPICAL MALWARE ATTACKS: MCAFEE REPORT
OCTOBER 2019
CXO INSIGHT ME
3
EDITORIAL
THE SHOW GOES ON
I
t’s that time of the year – when Dubai literally becomes the tech capital of the world for five days. For me, this is going to be my 15th edition of Gitex Technology Week, and I consider myself lucky to have gotten an opportunity to chronicle the evolution and growth of the high-tech industry in this region. Not surprisingly, this year’s show is going to be all about artificial intelligence, robotics, 5G, blockchain with a healthy dose of cybersecurity. What I am really looking forward is to experience first-hand some exciting use cases of these new technologies. The arrival of 5G, coupled with the advancements in AI, promises to unlock value and realise Dubai’s vision to become the world’s smartest city by 2021. The UAE is the only country in the world to have set up a national AI strategy, and we have already seen some interesting products coming out of Smart Dubai’s AI lab. The AI-powered smart city assistant Rashid is a case in point.
Published by
Publication licensed by Sharjah Media City @Copyright 2019 Insight Media and Publishing
Managing Editor Jeevan Thankappan jeevant@insightmediame.com +97156 - 4156425
Imbibing the Zeitgeist of the time, we have featured some of the transformative success stories from the region in this edition. These are tales of business transformation and how some forwardthinking enterprises are already disrupting their industries with the power of digital technologies. Long gone are the days when the Middle East lagged in technology adoption, and I am privy to the plans of some really smart IT leaders who are driving the digital transformation of their enterprises and addressing technical debt. Also in this issue, you’d read about what some of the leading tech vendors are planning to showcase at Gitex. We hope this helps you to explore all that the show has to offer and have a tryst with the latest and greatest in technology. See you there.
Sales Director Merle Carrasco merlec@insightmediame.com +97155 - 1181730
Production Head James Tharian jamest@insightmediame.com +97156 - 4945966
Operations Director Rajeesh Nair rajeeshm@insightmediame.com +97155 - 9383094
Administration Manager Fahida Afaf Bangod fahidaa@insightmediame.com +97156 - 5741456
While the publisher has made all efforts to ensure the accuracy of information in this magazine, they will not be held responsible for any errors
OCTOBER 2019
CXO INSIGHT ME
5
NEWS
HELP AG, PROOFPOINT PARTNER TO DELIVER PEOPLE-CENTRIC CYBERSECURITY
H
elp AG and Proofpoint have entered into partnership to deliver people-centric cybersecurity solutions covering key user-focused threat vectors including email, social media and mobile devices. The new agreement with Proofpoint advances Help AG’s strategy of broadening its cybersecurity managed services offering to include the protection of people, however and wherever they work. In its recent Human Factor Report, Proofpoint identified that more than 99% of cyberattacks rely on human interaction to work — making individual users a critical line of defence. “Attacks have pivoted from the network to endpoints because social engineering attacks are not only easier to execute, but also more successful, making them highly profitable. The rapidly changing dynamics of the Middle East workforce – with more employees working remotely and on-the-go than ever before – introduces a new set of security complexities and risks. However, this mobility is key to the modern workforce’s ability to excel. That’s why at Help AG, we’re partnering
Stephan Berner, Help AG
with Proofpoint to adapt cybersecurity to new business requirements, giving organizations the ability to empower their employees without sacrificing protection,” said Stephan Berner, CEO at Help AG. This emphasis on securing businesses without imposing restrictions is reflected in the flexibility of Proofpoint’s deployment models. The vendor’s solutions offer the same industry-leading level of protection in both cloud and
on-premise environments. As a result, Middle East businesses currently in the critical transition phase can realise their cloud ambitions without introducing risks in the interim. Furthermore, to help its customers protect their people, data and brand, Proofpoint has established technology alliances with leading security vendors which are also long-standing Help AG partners. This gives Help AG the ability to build on its customer relationships by extending on and enhancing their existing investments to deliver truly integrated end-to-end protection. As part of its go-to-market strategy with Proofpoint, Help AG will also focus on the company’s security awareness offering. Berner explained that ‘effective security awareness training turns an organisation’s end users into a strong last line of defence against cyberattacks’. The vendor offers a huge library of interactive cybersecurity training modules, videos, posters, images, and articles — all with consistent, actionable messaging suitable for global organisations.
INFOR ANNOUNCES GENERAL AVAILABILITY OF COLEMAN AI PLATFORM Global leader in business cloud software Infor has announced the general availability (GA) of its Infor Coleman AI (Artificial Intelligence) Platform for embedded machine learning models. The platform provides the speed, repeatability and personalisation needed for enterprises to fully operationalise AI – and it serves as a key building block for Infor’s Intelligent CloudSuite. With the Infor Coleman AI Platform, enterprises can take advantage of industry-specific starter packs (templates) to accelerate development of repeatable big data, machine learningbased AI projects. These templates are highly personalised and tailored to specific customer data and usage patterns. Further, they are designed for use by “citizen developers,” who don’t need extensive data modeling skills. When combined with Infor OS (Operating Service), enterprises
6
CXO INSIGHT ME
OCTOBER 2019
can simplify and speed up the entire implementation process — giving them the ability to roll out complete, production AI projects in less than six weeks. Infor OS is a cloud operating service designed to bring business processes and AI together and offer operational insights that were never accessible to a business before. Through its Infor Coleman AI Platform and Infor OS, Infor delivers
Jonathan Wood, Infor
the Intelligent CloudSuite, a complete solution to automate, anticipate, predict and inform. This gives enterprise customers the business insights they need, when they need them. Jonathan Wood, General Manager, Middle East & Africa, Infor, said, “With other solutions, you have to figure out how to use AI with a multitude of other technologies. We bring an enterprise AI ensemble together in a single platform — through which we can provide a complete Intelligent CloudSuite.” In addition, Wood said, “the Infor Coleman AI Platform is unique in that it is designed specifically for business users and is built upon a foundation of industry-specific data. At any given moment, it can help with executing tasks and recommending next-best sales offers, or predicting maintenance issues and adjusting production schedules accordingly.”
NEWS
SALESFORCE SUSTAINABILITY CLOUD TO HELP CUSTOMERS DRIVE CLIMATE ACTION
S
alesforce, the global player in CRM, has announced Salesforce Sustainability Cloud, a carbon accounting product for businesses to drive climate action that will accelerate the world’s efforts towards carbon neutrality, said the firm. With the new product, businesses now have a trusted sustainability platform that gives them a 360-degree view of their environmental impact and provides data-driven insights to make changes the planet will notice. The company is committed to delivering a sustainable, low-carbon future and supports the United Nations Sustainable Development Goals, which help frame the company’s global strategy and technology innovations. Salesforce Sustainability Cloud enables businesses to quickly track, analyse and report reliable environmental data to help them reduce their carbon emissions. A company’s
carbon data is easily surfaced in Einstein Analytics, which creates dynamic reports and dashboards—both for audit purposes and for executive engagement—with insights that empower businesses to drive climate action programs at scale.
Suzanne DiBianca, Salesforce
“We’ve always believed business is the greatest platform for change. Addressing climate change with speed and at scale is critical to see a turning point by 2020,” said Suzanne DiBianca, Chief Impact Officer and EVP of Corporate Relations at Salesforce. “Businesses must work together to be the greatest force for climate transformation the world has ever seen.” “We created Salesforce Sustainability Cloud to help our customers easily generate trusted investor-grade data to inform their climate action programs,” said Patrick Flynn, Vice President of Sustainability at Salesforce. “Climate change is the biggest, most important and most complex challenge humans have ever faced, and we all have a role to play based on our resources to deliver a healthier planet for future generations.” The new product is expected to become generally available in December 2019.
DUBAI POLICE INKS SOLUTION DEVELOPMENT PARTNERSHIP WITH DJI Global player in civilian drones and aerial imaging technology DJI has announced a Solution Development Partnership with Dubai Police to test and deploy DJI drone technology as a tool to aid its public safety professionals. The agreement marks the drone manufacturer’s first partnership with a police agency in the United Arab Emirates and will provide the Dubai Police with access to new drone technologies, training and support to promote safety and security in the nation’s largest city.
8
CXO INSIGHT ME
OCTOBER 2019
“We are pleased to partner with Dubai Police to help them take advantage of DJI’s industry leading drone technology, such as the Mavic 2 Enterprise Dual which is purpose-built for the public safety sector,” said Romeo Durscher, Director of Public Safety Integration at DJI. “This partnership gives Dubai Police access to DJI’s newest drone technology and fosters the exchange of experiences and knowledge that will help DJI continue to develop its portfolio for public safety agencies around the world and help
them gain more value from the lifesaving potential of drone technology.” Under the agreement, Dubai Police will have custom access to DJI’s lineup of hardware and software solutions including DJI drones, the DJI Flight Simulator for pilot training, DJI FlightHub for drone fleet management and mission planning, as well as DJI AeroScope to help aid in the identification and remediation of unauthorised drone activity. “This partnership is set to boost cooperation, exchange experiences, share information and knowledge between both sides in the field of unmanned aerial systems,” said H.E Major General Abdullah Khalifa Al Marri, Commander in Chief of Dubai Police. “It reflects the keenness of Dubai Police to bring Drones into the different police sectors, which helps promote safety and security in the city by utilising the latest tools and systems.”
NEWS
CLOUD-NATIVE BREACHES UNLIKE TYPICAL MALWARE ATTACKS: MCAFEE REPORT
M
cAfee has released CloudNative: The Infrastructureas-a-Service Adoption and Risk Report, covering new research on Infrastructure-as-a-Service (IaaS) incidents in the cloud. According to the survey, 99 percent of IaaS misconfigurations are undetected— indicating awareness around the most common entry point to new “CloudNative Breaches” (CNB) is extremely low. “In the rush toward IaaS adoption, many organisations overlook the shared responsibility model for the cloud and assume that security is taken care of completely by the cloud provider,” said Rajiv Gupta, Senior Vice President, Cloud Security, McAfee. “However, the security of what customers put in the
10
CXO INSIGHT ME
OCTOBER 2019
cloud, most importantly sensitive data, is their responsibility. To defend against the new era of Cloud-Native Breaches, organisations need to use security tools
Rajiv Gupta, McAfee
that are cloud-native, purpose-built for cloud security and address their portion of the shared responsibility model.” IaaS breaches don’t look like your typical malware incident, instead leveraging native features of cloud infrastructure to land the attack, expand to adjacent cloud instances, and exfiltrate sensitive data. In most cases they “land” by exploiting configuration errors in how the cloud environment was set up. This research sheds light on the need for security tools to keep up with IaaS-native issues, especially the ability to continuously audit IaaS deployments for initial misconfiguration and configuration drift over time. The report also revealed a disconnect between practitioners and heads of businesses. It showed that 90 percent of companies have experienced some security issue in IaaS, misconfiguration or otherwise.
VIEWPOINT
PAGING DR. AI THE HEALTHCARE INDUSTRY WANTS TO USE ARTIFICIAL INTELLIGENCE PRIMARILY FOR BETTER DIAGNOSES AND THERAPIES. BUT FURTHER FIELDS ARE EMERGING – AND WITH THEM NEW CHALLENGES, WRITES FADI KANAFANI, MIDDLE EAST MANAGING DIRECTOR AND GM AT NETAPP.
A
doctor enters symptoms into a computer, IBM Watson diagnoses the disease and lists the necessary therapy. This happened in 2016, when the supercomputer detected a rare case of leukaemia in a Japanese patient. The computer-assisted diagnosis made headlines worldwide. Watson combines artificial intelligence (AI) and sophisticated analytical software. The supercomputer uses search engines and sophisticated systems for the
12
CXO INSIGHT ME
OCTOBER 2019
complex analysis of texts, studies, databases and patient files. Other AI systems find tumours on CT/MRI scans, detect skin cancer in dermatology and lung diseases on X-rays. It is argued that AI-based diagnoses are available much faster and more accurate than those of human specialists. Such an application can analyse more CT/MRT and other reference data than a doctor will ever see in his entire career. Optimists are already envisioning a future where the entire current medical knowledge can be called up in
every doctor’s office. In future, the family physician will use the results provided by an AI system as a second opinion. But to make this future possible, we’ll have to face difficult, hard to understand interrelations. A panel of experts operates within their own defined ruleset and knowledge, so it works transparently, but it doesn’t necessarily recognise patterns in multiple X-ray images and can’t learn at the same rate an AI can. AI applications using neural networks have a lot of advantages here. They form the core of machine learning (ML), the most important AI discipline today. Information processing in neuronal networks resembles brain activity. A neuron is modeled as a function (algorithm), including input, parameters and output. Photos, texts, numbers, videos or audio files are used as data input. These train the model to independently recognise patterns, deliver better results, and ultimately evaluate unknown data. During learning, the prioritisation of parameters and thus the links in the system change - in the end, it is no longer verifiable how a result came about. This circumstance does not have a negative effect as long as quality assurance is carried out, for which there are no binding rules so far.
Thirst for knowledge and further peculiarities That’s the framework for companies in the health sector that have gained initial experience with AI. Based on these criteria and a company size of 500 or more employees, the data management specialist NetApp selected the participants for a survey in August 2018. It surveyed 120 executives, including CDOs, department heads, and project managers from the healthcare, automotive, finance, and manufacturing industries. It offers valuable insights in current AI practices in the healthcare industry and at the same time reveals differences to the three other focus industries. This allows to identify data protection that delays or prevents AI projects. Half of the surveyed healthcare companies are
Findings and recommendations for treatment
struggling with this exact issue. But despite the handling of patient data, this rate is the lowest in an industry comparison, while the manufacturing industry is the most sceptical with 67 percent. The medical sector is at the forefront when it comes to evaluating AI projects, with 37 percent of healthcare companies in this phase. However, medical companies lag behind in planning, testing and implementation. The financial industry has an implementation rate of 23 percent. The automotive industry is united in the fact that 43 percent of its representatives use AI most frequently for product development and research. The survey also reveals findings that concern the health sector exclusively. In a lot of cases the supervisor determines the course of the project, but at the same time does not recognise the purpose of the AI deployment. This opinion was put on record by 37 percent of those questioned. Currently, medical companies are primarily aiming at better diagnosis, as the application ranking shows: early detection of epidemics / illnesses (63 percent) is ahead of predictive maintenance of medical equipment (60 percent) and care and nursing of patients by networked robots (40 percent).
This view into the medical AI practice allows the following conclusions: In the future, AI technology will play out its potential even more strongly in improving diagnoses and therapies and advance the use of technology in other areas. To this end, it is necessary to share responsibility for AI projects and strengthen AI competence across hierarchies. This would help eliminate existing and future misunderstanding between management and employees. However, those responsible in this process must keep a close eye on quality assurance as it plays an at least equally important role. A patient trusts his doctor, who in turn would have to trust the AI, whose results are not always reproducible. A potential conflict. One approach would be to leave an approved medical device that uses neural networks in its original condition. Otherwise, it depends on the skills of the medical staff whether they make the AI system better or worse in image recognition. If a physician trusts his AI, the technology interprets CT, MRI or echography data much faster and more precisely, which leads to better diagnosis and therapy. The decisionmaking process would be drastically shortened because no second expert would have to evaluate the findings in case the clinical pictures were unclear. Doctors could spend more time with patients. Solving the question of trust and quality assurance will increase efficiency, which is imperative in view of the lack of doctors in rural areas or waiting times for specialists. However, critics can be reassured about the ethical debate that still needs to be conducted: AI becomes at most an assistant doctor, the responsibility remains with the specialist staff.
OCTOBER 2019
CXO INSIGHT ME
13
COVER STORY
PREPARED FOR THE
FUTURE SEBASTIAN SAMUEL, CIO OF AW ROSTAMANI, TALKS ABOUT SUCCESSFULLY SCALING DIGITAL INNOVATION TO DRIVE BUSINESS GROWTH AND DELIVER VALUE TO CUSTOMERS.
14
CXO INSIGHT ME
OCTOBER 2019
What does digital transformation mean to you? e are a family-owned conglomerate involved in multiple lines of businesses. These range from real estate and retail to automotive, logistics, and transportation. Digital transformation can be different for different business units. Rather than define it individually for each business unit, we see digital transformation as nothing but business transformation - future-proofing the business and taking it to the next level. In this game, you need the whole C-suite to be with you. You need the support and engagement of your CEO, CFO, CHRO, board members, line-ofbusiness managers, and partners to manage the execution of the digital transformation. Our IT organisation works hand in hand with the business units, right from strategy formation to execution to delivery. We use the Balanced Scorecard to align company activities with strategies and monitor the progress. Once scorecards and strategy maps are defined for each business unit, we work with almost 21 business units as IT; we participate in their strategy review meetings to understand their business ambitions and then we advise them on the kind of IT projects we can take up to support these goals. How does one transform IT from a cost centre into a true business enabler? I don’t like IT to be termed as a cost centre. Especially, when most of the business enablement happens through technology-driven models, IT must be at the forefront. In fact, all our initiatives are focused on two aspects that I prefer to describe as the numerator and the denominator respectively. First, on the numerator side, we focus on how to accelerate revenue growth, how to improve margins, how to acquire more customers, and retain
W
existing ones. We always promote those initiatives within the group. Second, on the denominator side, the focus is on optimising the cost of operations, managing resources in a better manner, and improving internal efficiencies. Instead of being a cost centreoriented IT organisation, we are more into enabling the business through improvement of customer satisfaction, customer acquisition and retention, and optimising cost. I believe that is the true definition of business enablement. You are actively taking on business strategy responsibilities, and at the same time, you have to keep the lights on. How do you balance both roles? It swings based on seasons and need of the hour. We have to keep the lights on, and at the same time, continuously work towards identifying new growth opportunities, innovation and making sure our business is ahead of competition. We always have two modes of IT working within the same organisation. One camp is continuously building new capabilities and innovation, and other one maintains a stable environment once it is productionalised. Gartner coined this as bimodal IT, and I am a big fan of this concept of balancing the need to innovate with maintaining legacy systems to keep the business running.
OUR OBJECTIVE IS TO BECOME COMPLETELY SERVER-LESS BY 2022. OUR INFRASTRUCTURE IS MOVING 100 PERCENT TO THE CLOUD, AND OUR SOFTWARE ADOPTION POLICY IS CLOUDFIRST AND MOBILE-FIRST. WE ALSO ADOPT QUITE A LOT OF SPECIALISED BEST-OF-BREED APPLICATIONS.
Even the business has to be bimodal to drive digital transformation. If you don’t have that mindset, you will always be viewed as a run-andmaintain organisation. Which are the new technologies you are exploring? We are exploring the whole array of new digital technologies such as cloud, chatbots, blockchain, Data Science and mobile. We have been on the cloud journey since 2011, and in fact, we were one of the early adopters of Oracle talent management system in the region. Now we run almost 20 plus cloud services from ten different countries, which means our IT infrastructure is distributed across many geographies, and there is no perimeter. In fact, we have all three different flavours of cloud. We use Oracle ERP, which has gone live in a hybrid cloud environment. Our production runs on-prem while test and development and DR are on the cloud. This gives us almost two-three times more speed and good resiliency in terms of infrastructure. Our objective is to become completely server-less by 2022. Our infrastructure is moving 100 percent to the cloud, and our software adoption policy is cloud-first and mobile-first. We also adopt quite a lot of specialised best-of-breed applications. One of the advantages of the cloud is that it allows you to move in different velocities. For example, your sales and marketing need continuous innovation, and new technologies are emerging daily. Your HR probably needs a change every two-three years and finance every five to ten years. With one single monolithic ERP, you can’t drive innovation that meets the different needs of business units. Therefore, we decided to slowly decouple from a single ERP to bestof-breed cloud solutions while also ensuring that we integrate well because it’s a very important aspect of the cloud journey.
SEPTEMBER AUGUST 2019
CXO INSIGHT ME
15
COVER STORY
Do you see any use cases of AI and ML within AWR? It was all noise in the past, but it is becoming a reality now. The UAE is one of the first countries in the world to set up a ministry dedicated to Artificial Intelligence; and we have aligned ourselves to the national vision for AI. We have started a separate department in IT called decision technologies to make sure that we use analytics, data science, AI and ML to improve our internal processes and enrich customer experience. However, due to our fast cloud adoption, data fragmentation was an issue. In order to address this challenge, we have created an application neutral data landscape to which we bring in data from all different cloud applications for analysis and machine learning. 16
CXO INSIGHT ME
OCTOBER 2019
Blockchain also has some interesting use cases for some of our business sectors, and we already have some proof-of-concepts underway. What is your greatest career achievement? I am motivated to succeed by the core values of AWR - passion, integrity, commitment, adding value and never being satisfied. Anything is possible when you are dedicated to upholding these values. Personally, I don’t believe in milestones. I am passionate about coming to AWR every day and exploring new things to improve our business. More than that, what I really value is my team. During my long tenure here, I have been able to set up and maintain a very focused and committed team and I feel proud about that achievement.
WE DECIDED TO SLOWLY DECOUPLE FROM A SINGLE ERP TO BEST-OF-BREED CLOUD SOLUTIONS WHILE ALSO ENSURING THAT WE INTEGRATE WELL BECAUSE IT’S A VERY IMPORTANT ASPECT OF THE CLOUD JOURNEY.
FEATURE
THE CLOUD CONUNDRUM HOW TO CRAFT A SUCCESSFUL STRATEGY TO NAVIGATE THE MULTI-CLOUD MAZE.
F
or a growing number of organisations, adopting a multi-cloud strategy has become an integral part of their digital transformation initiatives, which allows them to adopt best-of-breed technologies and avoid vendor lock-in. According to Gartner, most adopters of the public cloud services use multiple providers. In fact, in a recent Gartner survey of the public cloud users, 81% of respondents said they are working with two or more providers. “Digital reinvention is at an inflection point as businesses enter the next
18
CXO INSIGHT ME
OCTOBER 2019
Tamer Elsawy
chapter of their cloud journey. Most enterprises today are approximately 20 percent into their transition to the cloud. In this first chapter of their cloud journey, businesses made great strides in reducing costs, boosting productivity and revitalizing their customer-facing innovation programs. Chapter two, however, is about shifting mission-critical workloads to the cloud and optimizing everything from supply chains to core banking systems,” says Tamer Elsawy, director, cloud & cognitive software, IBM Middle East & Pakistan. The challenge is that most of our clients already use up to 15 different
Aaron White
clouds – on prem, public and private. Clients moving to chapter two of their cloud journey need to embrace a hybrid multi-cloud approach that allows them to manage multiple clouds from multiple vendors with consistent management and security protocols, using open source technology, he adds. “The reasons behind companies moving to a multi-cloud strategy aren’t hard to fathom. In essence, companies are both switching on to the benefits of the public cloud – on-demand scalability, pay per use economics and so on - and, at the same time, becoming wise to the fact that not all clouds are the same. Indeed, putting all their application eggs in one basket might be counterproductive,” says Aaron White, Middle East regional director at Nutanix.
Yasser Zeineldin
Yasser Zeineldin, CEO of eHosting DataFort, agrees: “A single cloud approach works well for small businesses and start-ups. However, an enterprise’s different business units have diverse requirements and workloads, which cannot be met by a single cloud model. A multi-cloud approach offers organizations a number of benefits from low costs, unlimited scalability, agility, and improving disaster recovery and security. By working with multiple cloud services providers, enterprises can lessen their dependence on a single provider and can also avoid vendor lockins, data center outages, and bandwidth issues. Compliance regulations and data sovereignty requirements have also led companies to implement the multi-cloud approach.” Chris Pope, VP Innovation, ServiceNow, says benefits from a multi-cloud or multi-vendor strategy can be realized in multiple ways, and not just solely cost. “It provides the ability to find the best in class providers, for the tasks or workloads required. This ensures you get the best of both worlds, with a diverse set of offerings but also ensures that you can align fit for use or purpose services to those you seek. It provides a high level of agility and flexibility, and also robust resilience in that should an issue or event occur, you can move to another provider, or even geographic area, away from service disruptions.” Jeff Ogden, GM - Middle East & India, Mimecast, says apart from cost
and flexibility, one of the substantial benefits of a multi-cloud strategy is increased security. “Organisations’ tendencies to rely exclusively on single cloud service providers for day-to-day operations have exposed them to undue risk. With services such as Office 365, organisations are not only putting all their eggs in one basket: they are putting all their eggs in the same basket that everyone else. Criminals know they have only one lock to pick to gain access, so they focus their attention on these cloud services because of the potentially large payoff.” Before taking the plunge, orgnisations need to follow some industry best practices without which the move to a multi-cloud environment can lead to complexities. Pope from ServiceNow says having a realistic target or end state is a key enabler for a successful strategy. There is no magic wand or silver bullet to say once in the cloud, it’s all going to work just fine. This is just the start of the journey, and it is imperative to ensure that requirements are met continually and evolve over time, for the better. He warns data is a major risk if it starts to be used in an uncontrolled way across multiple clouds. “In the age of privacy and GDPR type regulations, the impact on an organisation that doesn’t have strong data governance controls in place can be far-reaching. Bigger isn’t always better and can lead to spiraling costs. Ensuring the environment is
Chris Pope
Jeff Ogden
OCTOBER 2019
CXO INSIGHT ME
19
FEATURE
Srinivasa Raghavan
right-sized and reviewed regularly will drive optimisation and consolidation opportunities, minimising risk but also unnecessary wastage and cost.” Ogden from Mimecast says organisations should start by mapping out detailed data flows and then testing ‘what if’ scenarios for continuity and resilience. Failing to manage complexity at scale is the biggest risk for a multi-cloud approach. Disparate systems require tight identity and access management, authentication, and encryption controls. Many organisations rely on built-in security by single cloud providers like Office 365, which isn’t always effective against advanced evasive threats. An additional layer of security on any cloud service is necessary for adequate protection against ever-changing threats, he says. Along with due diligence and best practices, organisations would also require new skill sets for adopting multicloud. “This includes understanding the framework requirements and designing the cloud infrastructure, as well as handling cloud migration, cloud governance and management, application deployment, cloud security, cloud cost management, and more. The good part is there are lots of mature tools in the market that can handle cloud environments, and some require minimal training,” says Srinivasa 20
CXO INSIGHT ME
OCTOBER 2019
Raghavan, product manager, Site 24x7, ManageEngine. White from Nutanix adds: “Cloud platforms change the application development lifecycle. To succeed, IT teams may need to become adept at using new, emerging technologies and be able to efficiently manage cloud resources during PoC, test, staging, and production—across multiple different environments. Because hiring people with these skills is a challenge, the organisation may have to re-train existing staff and supplement with consultants and professional services.” Zeineldin from eHDF offers another perspective: “Adopting a multi-cloud strategy comes with its own set of challenges. Managing multi-cloud solutions from different vendors across different cloud environments can be difficult and time-consuming. If not
CLOUD PLATFORMS CHANGE THE APPLICATION DEVELOPMENT LIFECYCLE. TO SUCCEED, IT TEAMS MAY NEED TO BECOME ADEPT AT USING NEW, EMERGING TECHNOLOGIES AND BE ABLE TO EFFICIENTLY MANAGE CLOUD RESOURCES DURING POC, TEST, STAGING, AND PRODUCTION—ACROSS MULTIPLE DIFFERENT ENVIRONMENTS. BECAUSE HIRING PEOPLE WITH THESE SKILLS IS A CHALLENGE, THE ORGANIZATION MAY HAVE TO RETRAIN EXISTING STAFF AND SUPPLEMENT WITH CONSULTANTS AND PROFESSIONAL SERVICES.
monitored and managed properly, it can lead to several operational issues. Many regional organizations are signing on managed cloud services providers to assist them with their multi-cloud solutions, where they will manage issues with interoperability, infrastructure, network, storage, backup management and monitoring, security and other challenges.” Though one of the selling points of the cloud is cost reduction, users moving to multi-cloud environments have to keep an eye on costs; if you are not careful about the cost of managing multi-cloud environments, it can easily spiral out of control. Pope from ServiceNow says elimination of waste is a key concern for many workloads that are oversized or under-utilized can make costs rise and spiral. Transparency of costs, alignment to requirements, and who is using what should put accountability back on the owners of applications or resources, highlighting where costs are occurring. “Providing a single portal or store experience will ensure that there is only one way to go, to request, procure and deploy (using automation) cloud resources, ensuring full traceability and process governance.” In agreement, White from Nutanix says cloud services are priced differently from the simple fixedprice models of the traditional data centre. “Budgeting and managing costs in the public cloud is still a worry for many businesses, and there are plenty of horror stories about companies that have been saddled with huge and unexpected costs. With a well-designed cloud architecture, and a comprehensive, multi-cloud management plan, you can not only keep private and public cloud costs under control, but you can also optimize your spending and completely avoid bill shock. You should consider dynamically provisioning and decommissioning system resources based on parameters such as workload, user traffic, etc,” he sums up.
INTERVIEW
22
CXO INSIGHT ME
OCTOBER 2019
IN A DIGITAL STATE OF MIND OPERATIONAL SINCE 1975, SHARJAH ISLAMIC BANK IS ONE OF THE LEADING BANKS IN THE REGION AND IS THE FIRST BANK IN THE WORLD TO CONVERT FROM A CONVENTIONAL BANK TO AN ISLAMIC BANK. IT’S A FULL-SERVICE BANK THAT CATERS TO RETAIL, CORPORATES AND WEALTH MANAGEMENT THROUGH A WIDE ARRAY OF DELIVERY CHANNELS. SALEEM AHMED, SENIOR VICE PRESIDENT AND HEAD OF INFORMATION TECHNOLOGY, TALKS ABOUT HOW DIGITAL TRANSFORMATION IS REINVENTING THE BANKING INDUSTRY AND SIB’S PLANS TO MEET THE HEIGHTENED EXPECTATIONS OF ITS CUSTOMERS.
How are you planning to digitally transform to change the way you operate and engage with customers? Established banks are faced with the challenge of digital disruption as well as many new digital entrants in the industry. We are ready to face these challenges, and we have a very prudent strategy when it comes to IT investments. There is a lot of noise around technologies such as AI, ML, and blockchain. We are evaluating these technologies to assess if there are any real valid use cases. We have adopted a best-of-breed approach and invested in leading-edge IT solutions. For example, our database runs on Oracle’s Exadata machine, and we are one of the few banks in the GCC to have that. Our recovery point objective is almost zero, which means even if our production data centre goes down, we won’t suffer from any data loss. We have the best middleware from IBM, and we are operating more than 320 web services catering to various channels. Another key pillar of our IT strategy is agility, which is important for speed-tomarket. A case in point is Samsung Pay. We were the first Islamic bank in the world to adopt Samsung Pay and seventh in the UAE to support Apple Pay. We were also the first bank to adopt the UAE Central Bank’s instant remittance system.
To further enhance our agility, we have invested in IBM Watson. This helps us leverage predictive analytics to gain insights into customer behaviour and generate tailored marketing campaigns and promotions. In today’s digital world, data is key, and we have the cleanest data, which gives us an edge and helps us meet regulatory compliance. All of our asset classes and products are in one core baking platform, and we were
CLOUD HAS A LOT OF PROMISE ON PAPER. IF YOU LOOK AT THE SELLING POINTS OF THE CLOUD – YOU DON’T NEED TO INVEST ANYTHING UPFRONT AND ONECLICK DEPLOYMENT – MANY OF THESE ADVANTAGES ARE REAL, AND MANY INDUSTRIES ARE LEVERAGING THAT. HOWEVER, WHEN IT COMES TO THE BANKING INDUSTRY, WE ARE GOVERNED BY CENTRAL BANK REGULATIONS, WHICH STIPULATE THAT WE CAN’T STORE CONFIDENTIAL DATA OUTSIDE THE GEOGRAPHY.
among the fastest core banking platform implementations in this geography – we did it in less than three years. How are you tackling the new challenges in the wake of digital transformation? We are addressing new challenges with new initiatives. We are revamping our customer-facing channels, including the internet and mobile banking. I will give you an example of our mobile banking app. Unlike some other banks that have two different apps, we have only one mobile app, with which new customers can on-board themselves using Emirates ID or UAE Pass. We don’t just stop there; we have to serve the customer quickly, and all our back-end processes are geared up to meet that challenge. We are learning from the best practices in the industry and implementing them. Of course, there are some regulatory compliance hurdles, and we are aware of that. We are investing in one of the most modern ATM fleets in the industry because we believe ATMs will continue to be an interface and integral part of customer self-service strategy to reduce footfalls in branches. At the same time, we are transforming our branches to engage with the customer
OCTOBER 2019
CXO INSIGHT ME
23
INTERVIEW
in a better fashion. The idea is to free our tellers and get customer service officers to serve our customers for all non-cash transactions. We are also investing in our IVR systems and website. I believe our website can be a source of sales, and as part of this strategy, we are investing in a content management system that will allow us to unify all these channels. How do you stay abreast of the trends in your industry? I represent UAE Banking Federation’s digital committee, and I am the UBF nominee in Arab Monetary Fund’s regional fintech working group, which is trying to find solutions for challenges related to digital on-boarding, KYC, and credit analytics. We are also learning from the experiences of other countries. For example, Bahrain is doing some fantastic work, and it is the only country in this part of the world that has mandated banks to be open banking compliant. I am also part of Smart Dubai’s banking working group, where we are involved in the UAE Pass and blockchain initiatives to speed up the whole KYC process across the country. How will blockchain impact financial services? There are many use cases for blockchain, and we have seen banks in other countries such as India, Switzerland, and the US
24
CXO INSIGHT ME
OCTOBER 2019
adopt this distributed ledger technology. We have seen some initiatives in our region as well, but I believe blockchain is going to gain traction only when there are participations. We are watching these trends closely, and we are planning to find a unique proposition for the bank to play a big role in blockchain-driven product for the hospitality and leisure sector. The Sharjah government is one of your stakeholders. How closely do you work with the government? When it comes to e-governance, the UAE government is leading in the world index, and we are working very closely with the Sharjah Government on this front. The Sharjah department of finance has an ERP system that caters to more than 75 government entities, and we interface directly with them to automate the whole payment process. Again, we are one of the only three banks in the region that possess this ability to interface with any ERP system. As the holding bank, we process the payroll for Sharjah government entities, and we are now moving to the next stage of providing them with a corporate treasury platform. As part of our CSR initiatives, we are also working with universities such as University of Sharjah and the American University of Sharjah to provide them with a solution to improve parent and student experience and automate their processes.
Banks have typically struggled to adopt cloud services. What are the hurdles you face? Cloud has a lot of promise on paper. If you look at the selling points of the cloud – you don’t need to invest anything upfront and one-click deployment – many of these advantages are real, and many industries are leveraging that. However, when it comes to the banking industry, we are governed by Central Bank regulations, which stipulate that we can’t store confidential data outside the geography. This is why many of the big players such as AWS, Microsoft, and Oracle have set up their cloud data centres in the region. We are taking a cautious approach to the cloud on two levels. We have moved our our performance management system and front-end digital sales platform to the cloud. But, when it comes to real financial data, we have to consider security and data integrity. The second aspect we have to consider is the TCO spread across seven years. The cloud works on an annual subscription model, and if you compare it with a sevenyear on-prem model, you would be paying more. Many people don’t realise that. Having said that, we are seeking cloud use cases, and we are planning to move our CRM and financial consolidation and reporting to the cloud. How about the challenge from digital upstarts? The dominance of traditional financial services firms is set to be challenged by digital-only startups such as Revolut and Monso. I would say, in the future, the trend of digital banks is going to accelerate, and they have the advantage of being nimble and not burdened by some of the regulatory compliance. However, I don’t think that will be the case in our region where the culture is far more conservative. It is a double-edged sword. Will, a customer, put his money in a digital-only bank? Therein lies the opportunity for banks like us to transform ourselves in the digital world, and be customer-centric. If you can be nimble and provide engaging user experiences, I don’t think customers would want to change their banks.
FEATURE
GOODBYE PC, HELLO DAAS WHAT DESKTOP AS A SERVICE ENTAILS AND WHY IT MATTERS
W
e live in an everythingas-a-service world, and this trend is now reflecting in the way enterprises acquire and management of personal computers. Though the concept of desktop as a service (DaaS) isn’t entirely new, and vendors such as Citrix and VMware have been offering this for a while now. However, the recent announcement by Microsoft around
Virtual Windows Desktop is now being seen as a harbinger of sorts, signaling the end of PC as we know it today. “The PC is not necessarily dying, but it is transforming into just one of many possible access devices. Laptops, Chromebooks, tablets, and smartphones can now all do what used to be only the domain of PCs. What is dying is the approach of having to install an isolated Windows application on every user’s PC. Web applications
Taj El-khayat, Regional Director Middle East & North Africa, Citrix
26
CXO INSIGHT ME
OCTOBER 2019
started this disruption by moving the app to the cloud and using a browser to access it. But Windows applications and complete desktops can now be deployed the same way: central installation in the cloud, with delivery to any device through a browser,” says Paulo Pereira, director, systems engineering – emerging markets and Eastern Europe at Nutanix. Taj El-Khayat, regional director of Middle East and North Africa at Citrix, adds: “As we have entered in the cloud and mobility era, most organisations are dealing with a new generation of end-users who prefer personalized workspaces. Employees today work remotely and use a wide variety of devices, including laptops and mobiles. Because of this, organisations are under pressure to deliver a strong user experience across all devices that give access to applications and data anytime and anywhere – and safely. “We have noticed a rapid shift from the traditional desktop to the digital workspace that allows end-user to access data and application from anywhere. Digital workspace solutions are cost-effective and convenient, freeing IT departments from problems of acquiring, developing, and managing an internal infrastructure. So yes, we are approaching the end of the PC era. “ According to the data from Value Market Research, the global market for DaaS is anticipated to reach $1.5 billion by 2024 with a CAGR of 17%. Why is DaaS attracting renewed interest now? One of the factors driving DaaS market growth is in the increasing adoption of
Paulo Pereira, Nutanix
cloud services and a growing mobile workforce in companies. “IT has become increasingly complex in the last ten years. It used to be that all users connected from desktop PCs now users have many different devices that they want to work from. It used to be that data and enterprise apps were all inside the enterprise, in an on-prem data center – now data and apps are both on-prem and in one or more public clouds,” says Pereira from Nutanix. “It used to be that the bandwidth was limited to an on-prem network with 100 Mbps speeds – now high-bandwidth is available practically everywhere. All of these dramatic changes have made things much more complex for it, and so the need for DaaS is stronger than ever before. Plus the technology needed to deliver a great experience from any device, anywhere is here today. This doesn’t mean that DaaS is for every single use case, but it applies in far more places than it did, even just a few years ago.”
Is it for everyone? Usually, smaller businesses benefit from DaaS and it is hard to find examples of large-scale deployments.
However, El Khayat from Citrix says DaaS is suitable for large deployments as it provides complete hosted desktops for applications and email securely delivered over the web. They’re simple to buy and easy to manage, with no software for IT to maintain. “DaaS providers successfully manage the maintenance, security, upgrades, data backup, and storage. It’s is a good
WE HAVE NOTICED A RAPID SHIFT FROM THE TRADITIONAL DESKTOP TO THE DIGITAL WORKSPACE THAT ALLOWS END-USER TO ACCESS DATA AND APPLICATION FROM ANYWHERE. DIGITAL WORKSPACE SOLUTIONS ARE COST-EFFECTIVE AND CONVENIENT, FREEING IT DEPARTMENTS FROM PROBLEMS OF ACQUIRING, DEVELOPING, AND MANAGING AN INTERNAL INFRASTRUCTURE.
option for organisations that don’t want to invest in and manage their own onpremises VDI, thereby reducing the cost of infrastructure management,” he adds. Pereira from Nutanix shares a similar opinion: “One of the great benefits of DaaS is the flexibility to scale up and down as needed. Whether it is for 10 users or 10,000. Using the vast resources of the public cloud, admins can leverage on-demand access to any number of VMs. Of course, not all DaaS services are alike. The best services were created and built from the ground up for web-scale, with tools that make it easy to manage large sets of users and with one-click integrations that let large organisations plug DaaS into their other cloud or on-prem services.” For users looking to explore the cloud-hosted PCs, it is very important to understand the difference between DaaS and Virtual Desktop Infrastructure (VDI). “With VDI, an organsation deploys virtual desktops from its own onpremises data centers. In-house IT teams are responsible for deploying virtual desktops as well as purchasing, managing, and upgrading the infrastructure while DaaS leverages infrastructure instances in the cloud coupled with services capabilities from the managed services organisation. Organisations that subscribe to a DaaS offering don’t need to manage their own hardware, “ says El Khayat. Pereira adds: “The key difference is the “as-a-service” part. With VDI, the customer is purchasing software licenses for the control plane and it is their responsibility to buy the infrastructure where that software will run and to install, manage, and upgrade it over time. With DaaS, the management overhead associated with the control plane, including all of the infrastructure needed, is provided as a service. This means that customers do not have to install any brokering software, they do not have to manage the backend servers, they do not have to plan for upgrades -- all of these things are provided as part of their DaaS subscription.”
OCTOBER 2019
CXO INSIGHT ME
27
FEATURE
PLANNING FOR FAILURE WHY IT IS IMPORTANT TO HAVE AN INCIDENT RESPONSE PLAN IN PLACE BEFORE YOUR COMPANY IS BREACHED
T
o explain simply, cyber incident response (IR) means a methodology of what should organisations do in the event of a security breach to limit damage and reduce recovery times. Dealing with the aftermath of a security incident often requires the efforts of the entire organisation. A well- crafted IR plan entails which key executives should be notified when a breach occurs and how this information needs to be communicated both within the organisation and externally. 28
CXO INSIGHT ME
OCTOBER 2019
Ryan Trost
“Cyber incident response is a critical discipline within security operations in order to reduce the adversary dwell time within an environment. Primarily to ensure the successful remediation of malicious attacks, but also, to help determine the necessary countermeasures to mitigate future attacks. IR is the ability to identify and track an adversary’s movements through a network by utilising various analytical measures to discover the initial attack vector, patient-0, lateral movement and uncover the adversary’s motives and objectives,”
FEATURE
Manikandan Thangaraj
says Ryan Trost, co-founder and CTO, ThreatQuotient. By studying the adversary and their tactics, techniques, and protocols (TTP) the IR team can make the necessary defensive adjustments to strengthen the organization and to avoid repeating past security lapses. Without a cyber incident response team, an organisation is doomed to constantly repeat previous failures in defending their environment against malicious adversaries, he says. The first step in creating a solid cybersecurity strategy is to assume the worst-case scenario, such as the organisation facing a cyberattack, according to Manikandan Thangaraj, vice president at ManageEngine. “A good security strategy not only looks at ways to proactively detect and prevent attacks; it also documents how the business should react following an attack. An incident response (IR) plan is an important part of any IT security strategy. “ A recent study from IBM exploring organisations’ preparedness in Saudi Arabia and the UAE when it comes to withstanding and recovering from a cyberattacks revealed that approximately third of organisations are still unprepared to respond to cybersecurity incidents, with 31% of respondents indicating they do not have a cybersecurity incident response plan in place. While studies show that companies who can respond quickly and efficiently to contain a cyberattack within 30 days 30
CXO INSIGHT ME
OCTOBER 2019
save over $1 million on the total cost of a data breach on average, shortfalls in proper cybersecurity incident response planning have remained consistent over the past four years of the IBM study. Of the organisations that do have a plan in place, almost half (49%) do not test their plans regularly, leaving them less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack. For organisations with IR plans, it is also equally important to review the security checklist often. “Incident response plans can be highly complex as many get as granular as to define a standard operating procedure (SOP) with parallel workflows. Periodic reviews of incident response plans are important to ensure everybody is familiar with the process, not only on the incident response team but also within the larger security department. These planned IR reviews can range from simply updating
CYBER INCIDENT RESPONSE IS A CRITICAL DISCIPLINE WITHIN SECURITY OPERATIONS IN ORDER TO REDUCE THE ADVERSARY DWELL TIME WITHIN AN ENVIRONMENT. PRIMARILY TO ENSURE THE SUCCESSFUL REMEDIATION OF MALICIOUS ATTACKS, BUT ALSO, TO HELP DETERMINE THE NECESSARY COUNTERMEASURES TO MITIGATE FUTURE ATTACKS. IR IS THE ABILITY TO IDENTIFY AND TRACK AN ADVERSARY’S MOVEMENTS THROUGH A NETWORK BY UTILISING VARIOUS ANALYTICAL MEASURES TO DISCOVER THE INITIAL ATTACK VECTOR, PATIENT-0, LATERAL MOVEMENT AND UNCOVER THE ADVERSARY’S MOTIVES AND OBJECTIVES.
contact information, and elaborate tabletop exercises to “after-action” debrief efforts to review lessons learned based on the results of the attack. Incident response procedures are even more paramount when the security operations team spans multiple shifts, geographic locations, access control or role responsibilities,” says Trost from ThreatQuotient. Thangaraj from ManageEngine agrees with this view. “Creating an incident response plan should not be treated as simply checking an item off a to-do list. Many organisations prepare an IR plan, and then put it away on a shelf. Instead, risk-averse organisations should review their plan regularly, as well as whenever an incident takes place. “Business-critical asset and application inventories change all the time. An IR plan should look at how to restore these assets as quickly as possible. It’s also critical to reflect after each incident and incorporate any findings into the IR plan. The goal should always be to decrease the MTTC.” Should enterprises automate incident response? The answer to this question depends on who you ask. Yes and no, says Trost from ThreatQuotient. The ability to automate incident response efforts from start to finish is a mythical utopia the industry never truly reach because most incidents are never that black and white. Motivated adversaries are too crafty and disciplined for the industry to rely completely on IR automation. “From several of my past experiences against highly motivated, nationstate adversaries, I have learned that an IR team must think outside the box in order to successfully reclaim the network; which is impossible to automate fully. There is room for automation within incident response, but it resides in the earlier steps of incident response that focus on “IR smoke screen tests” as well as, information gathering/ collection efforts including pulling any pertinent application or network logs or querying threat intelligence repositories, he adds.
VIEWPOINT
REACHING FOR THE SKIES WITH SAAS KRUPA SRIVATSAN, DIRECTOR, PRODUCT MARKETING AT INFOBLOX, EXPLAINS HOW CUSTOMERS AND VENDORS CAN TAKE ADVANTAGE OF THE OPPORTUNITIES THAT SAAS OFFERS.
S
aaS (software-as-aservice) is here to stay. This is evident from the widespread adoption of business applications hosted in the cloud such as CRM, payroll processing, collaboration and human resource management software over the last decade. And it is not just business applications these days. Increasingly, networking and security has also moved to the cloud. SaaS is a delivery model where the software is centrally hosted by a vendor and buyers consume the service from the cloud. Whether you are an organisation using applications to run your business or a vendor providing critical software as a service to your customers, there is something for everyone in a SaaS model. What’s in it for consumers of SaaS: • Reduced IT overhead– Organisations consuming services from the cloud do not need to install or maintain expensive hardware or infrastructure on-premises. If consuming security from the cloud, this is a big advantage because now security can be deployed even in locations where no IT expertise is available. • Immediate access to functionality– Customers get access to the SaaS service immediately upon signup without having to wait for shipment and installation of hardware or software. For example, organisations can immediately improve their security posture by signing up for a cloudbased security offering.
32
CXO INSIGHT ME
OCTOBER 2019
• Flexible licensing/payment options– SaaS model provides companies an alternative to the traditional capex model where they pay upfront for any hardware needed
SAAS IS A DELIVERY MODEL WHERE THE SOFTWARE IS CENTRALLY HOSTED BY A VENDOR AND BUYERS CONSUME THE SERVICE FROM THE CLOUD. WHETHER YOU ARE AN ORGANISATION USING APPLICATIONS TO RUN YOUR BUSINESS OR A VENDOR PROVIDING CRITICAL SOFTWARE AS A SERVICE TO YOUR CUSTOMERS, THERE IS SOMETHING FOR EVERYONE IN A SAAS MODEL.
and a perpetual software license. By shifting to an OPEX model, they can take advantage of lower upfront costs and more predictable recurring costs thereafter. • Seamless upgrades– Customers don’t need to worry about updates for latest features or patching their software for vulnerabilities. The SaaS provider always has the latest secure code in the cloud. This enables customers to get immediate access to new innovations and features. • Scale as you grow– Organisations don’t have to plan for peak capacity like they do when purchasing infrastructure. They can scale by purchasing higher tiers of the service as they grow. • Extend reach– Since SaaS services are delivered from the cloud, it is possible to extend the usage of the services to beyond the traditional on-premises network. For example, security delivered from the cloud can easily be applied to devices on or off premises which greatly expands the use cases that can be addressed. What’s in it for vendors: • Latest code for all customers– Vendors can allocate resources to provide the latest and greatest to all their customers at the same time, without having to worry about a legacy of old software they may need to support. • Speed of innovation– The speed of innovation is also much greater as vendors can make available new features and functionality to their customers much faster than with a traditional 6-month release cycle for on-premises software. • Better Customer Insight– Companies with SaaS offerings are much closer to the customer than companies with only a traditional model because of more frequent involvement with users of their service. This means they can provide features that the customers actually need based on the feedback loop. Many businesses are in the process of making a shift to consuming services from the cloud because they see greater business value through SaaS.
VIEWPOINT
WHY YOU NEED AI TO FIGHT RANSOMWARE AMMAR ENAYA, REGIONAL DIRECTOR – METNA, VECTRA, ON HOW TO PROTECT YOUR ORGANISATION FROM NETWORK FILE ENCRYPTION ATTACKS
W
hen we think of ransomware, WannaCry is probably the first example that jumps to mind, for obvious reasons—to date, it is one of the most devastating ransomware attacks. WannaCry spread quickly across the globe using opportunistic methods that targeted organisations vulnerable to the Eternal Blue exploit. However, in 2019, ransomware evolved
34
CXO INSIGHT ME
OCTOBER 2019
from opportunistic into targeted attacks that victimise organisations likely to pay a larger ransom to regain access to their files. This made networks—particularly those of cloud service providers―the number one attack vector.
Network file encryption Because the goal in a ransomware attack is to propagate as wide and as quickly as possible, it is desirable for file encryption to occur beyond the local
files. As such, the most effective weapon in carrying out a ransomware attack is the network itself, which is instrumental in enabling the malicious encryption of shared files known as file shares—on network servers. Ransomware scans the network for shared files on servers and computers to which it has access privileges, and then spreads from one computer to many others. In those cases where the infected computer has access to
documents in network shared volumes, with their high capacity data storage, that single host can lock access to documents across several departments in the company. It is standard practice to employ volume sharing protocols such as the Server Message Block (SMB) with networked shares in order to make documents easily accessible to the users. This occurs in both cloud and private data centres. Documents are stored in shared volumes to ensure good backup procedures and for productivity in sharing content for teamwork, especially with a mobile workforce. However, this also makes files more vulnerable to exposure as the shared volumes are reachable from any system in the organisation, which could be an infected system. In a volume sharing system a single infected client host could encrypt a whole networked volume, with a global impact on the organisation business and systems. The files must be recovered from the most recent backup. Regular and frequent backups are a common policy and the main recovery mechanism to a known good state after a ransomware attack. They are easier to implement in scenarios with centralised volumes shared through a network. Upon suffering a ransomware infection, as much work time is lost as was taken to detect the intrusion, because all the documents modified from the previous backup are only in the encrypted volumes.
Detecting & responding to ransomware In the event where the utilised vulnerability is unknown or there hasn’t been enough time to patch, organisations need a method for rapid detection and response. Look for early indicators of a ransomware breach. Because modern ransomware attacks are targeted and modular, attacker dwell-times can be quite lengthy before shared network files are encrypted. From the time of the initial infection to the deployment of the ransomware,
that launches it. Comprehensive knowledge about the systems and users that access specific services will enable security operations teams to monitor misuse of privileged access and respond when that access is compromised―well before network file encryption occurs.
The case for AI
attackers perform reconnaissance inside a compromised network to discover which systems are critical before encrypting files. So, one way to improve detection is to focus on monitoring internal traffic for immutable attacker behaviours like reconnaissance, lateral movement and file encryption, rather than attempting to detect specific ransomware variants in network flows or executables. For response, spotting and isolating early in the attack lifecycle stops the loss of data. Rapid host isolation should be considered good practice once an infected device has been identified. Isolation can occur by quarantine of hosts, removal of offending systems from the network, and killing the processes causing propagation. Due to the speed and severity of ransomware attack, isolation could require the use of automation like automation and orchestration tools and native integration with detection and enforcement points. It is also vital to observe privileged access to know which accounts have access to critical systems. Ransomware can only run with the privileges of the user or the application
Organisations hit by a ransomware outbreak find themselves in an allhands-on-deck emergency that requires comprehensive contextual understanding to effectively halt the attack’s further progress and then restore systems immediately while business functions are held hostage. Even if an organisation is willing to pay the ransom, there is no guarantee that the encryption key will be provided by the attacker. Without the encryption key, files will have to be restored from a backup, and any changes since the last backup will be lost. As such, when ransomware encrypts file shares, attacks become very costly due to resulting scale, operational downtime and data loss. To reduce the impact of future attacks, we need to move to a model of detecting behaviour rather than detecting the specific tool or malware used. Such behaviour detection is much more effective, but it also requires in-depth analysis of network traffic. With advances in artificial intelligence (AI) augmenting security teams, we’re already seeing the industry shift to identifying attacker behaviour in real time. AI can detect subtle indicators of ransomware behaviours at a speed and scale humans and traditional signature-based tools simply cannot achieve. This enables organisations to prevent widespread damage. When organisations recognize these malicious behaviours early in the attack lifecycle, they can limit the number of files encrypted by ransomware, stop the attack from propagating, and prevent a disastrous business outage. When you are fighting a ransomware attack, time and contextual understanding are your most precious resources.
OCTOBER 2019
CXO INSIGHT ME
35
INTERVIEW
WHY IPA IS KEY TO AN EFFECTIVE AUTOMATION STRATEGY ADAM BUJAK, GLOBAL HEAD OF THE INTELLIGENT AUTOMATION OFFER, CAPGEMINI, TALKS ABOUT WHY YOU NEED AI FOR BUSINESS PROCESS AUTOMATION. How do you define IPA? Is it a combination of AI and RPA? t Capgemini, we define intelligent process automation (IPA) as the “golden triangle” of artificial intelligence (AI), robotic process automation (RPA), and smart analytics – combined and aligned with a deep understanding of processes and value creation. We leverage RPA to process structured content and AI for unstructured data. These two technologies deliver a huge amount of data, which can be used to deliver process-related insight. Leveraging predictive or smart analytics enables organizations to make more informed decisions about the way in which they automate their business operations
A
What are some of the substantial benefits of IPA? The main benefits of IPA are delivering an augmented workforce at scale. Combining virtual and human workers delivers more value to organizations by taking the robot out of the human and enabling people to focus on more valuable activities, while enjoying higher reliability and quality from machines. An end-to-end IPA solution should enable a client to seek guidance on starting an automation journey, scale up their operations, and enjoy the benefits of sustainable automation, including augmented operations at scale, increased productivity, enhanced operational efficiency, a humanized customer experience, increased revenue, and enhanced agility across their front, middle, and back office. 36
CXO INSIGHT ME
OCTOBER 2019
To give you an example of some tangible outcomes Capgemini has delivered, in the finance and accounting (F&A) space, we helped a global fastmoving consumer goods company automate its credit-to-cash (C2C) processes, resulting in 95% reduction in transaction processing time, 90% reduction in FTE deployment, and 95% improvement in efficiency. In human resources (HR), we helped a European multi-national aerospace corporation augment its human capital management (HCM) platforms through implementing a next-generation HR platform and automation toolset, resulting in 40% reduction in cost of service, 50% productivity savings, and 45% reduction in vendor spend. And in the supply chain, we helped an international medical device, pharmaceutical, and consumer packaged goods company implement a powerful statistical forecasting engine augmented with machine learning, resulting in 20%
reduction in mid-term forecast error rate, 35% reduction in short-term forecast error rate, and 20% improvement in demand planner productivity. Can the whole process chain be automated? Assuming that an organization has a suitable technology in place to deal with human activities that are to be automated, then the entire process chain can be automated. This is dependent on the currently existing limitations of technology. We also use process discovery to separate out the exceptions, and automate those exceptions where there is a strong business case and return on investment to do so. Why is it important for businesses to have chatbots? Humanized interaction with chatbots enables organizations to address hundreds if not thousands of requests simultaneously, thereby removing the communication bottleneck. Chatbots enables organizations to expand their automation reach though adding a functional and practical interaction solution. This comes back to automating the entire process chain. When you combine the potential of chatbots with AI and RPA, then you can get closer to automating the full flow of business operations. What is key to success with IPA? Organizations need to overcome a range of business, governance, technology, talent, and change management-related challenges to drive intelligent automation at scale. As detailed in a Capgemini Research Institute Report last year, this requires a fundamental change of approach to reimagine the organization, think strategically about change, and recognize the significant opportunity to be gained by operating differently. The key is putting the client at the heart of all their activities to stimulate the erosion of organizational silos around the front, middle and backoffice processes. Done effectively, this can result in the emergence of a new, borderless, highly-automated clientcentric organization.
VIEWPOINT
FOSTERING CONNECTION IN THE DIGITAL AGE KATERINA MANOU, REGUS REGIONAL VICE PRESIDENT, ON HOW MANAGING YOUR REMOTE WORKING TEAM IS EASY WITH THE RIGHT TECHNOLOGY AND VIRTUAL CULTURE.
O
ne of the most disruptive trends to grip industry over the last decade has been the concept of remote working. With the explosive development of high-speed internet, video calling and the creation of apps and software that enable people to collaborate regardless of where they are in the world, the old pillars of working life have begun to crumble. It is now increasingly acceptable, and often desirable, for modern workers to have the flexibility to work remotely. It’s a trend that’s increasing rapidly. A study by IWG found that 70% of global professionals work remotely at least one day a week, while 53% work remotely for at least half of the week. The potential benefits for a company are many, with 91% of remote workers questioned saying they are more productive. Providing the option of remote working is increasingly becoming a means of attracting the very best talent, too, with three-quarters of Millennials surveyed saying they wanted opportunities to work remotely. Another benefit for the company is being able to access a potentially bottomless pool of global talent. Firms are no longer constrained by geography in terms of hiring the staff they need. If the company is based in the UAE but the talent is located in another GCC country, they can still recruit that talent and let them work closer to their own homes without the added issue of relocation costs, or often, not attracting those job applications in the first place. While remote working has flourished in sectors such as the relatively young
called ‘Pygmalion Effect’ means that if a manager has high expectations of their remote workers, they will strive to meet those expectations.
Face-to-face contact Just because the staff is working remotely doesn’t mean they have to be strangers. Video conferencing supported by the kind of highquality, super-fast broadband technology found at co-working spaces like Regus means staff and management can interact face to face as often as deemed necessary. Whether it’s video conferencing and meetings or just a quick catch up about the weekend, seeing each other also helps built a rapport and remind workers that they are part of the team.
Social interaction – even if it’s virtual The team might not be able to get together for team building activities after work, but they can still hang out in the virtual world. This could include things such as online games, virtual coffee breaks or time for a social chat on social media groups. creative and software industries, it can still provide challenges when it comes to more established sectors such as finance, which will have entrenched ways of doing things, often with experienced staff members who, while often having a great deal of experience, may at first struggle to adapt to new ways of working. There is also the challenge for managers unaccustomed to ‘letting go’. Many bosses are so used to being able to visibly supervise their teams that there could be the tendency to assume that, if they’re out of sight, they may not be performing their allotted tasks. But there are ways of allaying those concerns.
Have faith in your team and make your expectations clear. Expectations from above have a strong impact on team performance. The so-
Monitoring progress A manager doesn’t have to be standing over their team’s shoulder to see what they’re working on. There are a plethora of online project management tools now such as Slack, Trello, and HipChat that enable managers to keep track of staff progress on specific projects. Asana and Basecamp also offer integration with Google Drive and Dropbox. Crucially for a mobile workforce, they both have Android and iOS apps, too.
Cloud collaboration The cloud is arguably the greatest boon to remote collaborative work and, by using cloud-based word processors, for example, management and staff are able to interact on the same worksheets and documents while monitoring tracked changes.
OCTOBER 2019
CXO INSIGHT ME
37
APPOINTMENTS
MOHAMMED ABUKHATER JOINS F5 AS REGIONAL VICE PRESIDENT
F
5 Networks announced the appointment of Mohammed Abukhater as its new Regional Vice President of Sales for the Middle East and Africa (MEA)
region. An experienced leader working with high-performing sales and channel teams across the GCC and Africa, Abukhater has over 16 years’ industry knowledge in the technology sector. Based in Dubai, he will report directly to David Helfer, Senior Vice President for EMEA Sales. Abukhater joins F5 from FireEye, where he stood out for driving impressive results as their VP for MEA. Over the course of his six plus years at the company, he also held several regional and vertical-specific sales director roles. Prior to that, he was making his mark as a territory sales leader and SE manager at Bluecoat Systems. Abukhater said: “I am delighted to join F5 Networks at such a pivotal moment in the company’s history. All the elements
are in place to take the business to the next level in the Middle East and Africa, including expanding and accelerating our multi-cloud application services, security capabilities and DevOps-related offerings. We already have an exceptional team in place, and the potential of clouddriven, application-centric innovation is creating huge opportunities for both F5 and our customers.”
OPPO NAMES NEW PRESIDENT FOR MEA OPPO, the leading global smartphone brand, has announced the appointment of Ethan Xue as its new President in the Middle East and Africa (MEA). The announcement comes as Andy Shi, Outgoing President of OPPO MEA, assumes his new role as Senior Director of Global Product Marketing at OPPO Headquarters in China where he will oversee OPPO’s all product lines including smartphones and IoT on a global level.
38
CXO INSIGHT ME
OCTOBER 2019
Andy Shi, Outgoing President of OPPO MEA said, “Ethan’s proven track record and customer-centric leadership make him ideal for this role. We believe his expertise and broad experience will play a fundamental role in driving OPPO’s growth strategy and cementing its footprint further in the region.” Ethan joined OPPO in 2012, where he worked with the team to oversee China market. He was subsequently promoted to lead OPPO’s training division, before he became responsible for marketing OPPO products in China. This helped OPPO to maintain its position as one of the top two brands in China. In his new role, Xue will take responsibility for leading product, marketing and sales across the region, guiding strategies and adding impetus to the further development of OPPO in MEA.
HTC APPOINTS NEW CEO HTC has announced the appointment of Yves Maitre as CEO of HTC, effective immediately. Yves joins HTC from Orange, one of the world’s largest telecommunications firms, where he served as EVP of Consumer Equipment and Partnerships, overseeing Orange’s connected technology strategy and business. Yves’s background includes deployment of the world’s largest consumer electronic brands as well as ownership of an entire portfolio of connected and mobile services, and he also served as a member of Orange’s innovation technology group, charged with developing disruptive revenue opportunities. Cher Wang will continue as Chairwoman of the HTC board, in which she will focus on future technologies that align with HTC’s expanding portfolio and vision of VIVE Reality. “When I took over as CEO four years ago, I set out to reinvent HTC as a complete ecosystem company and lay the foundations for the company to flourish across 5G and XR. So, now is the perfect time to hand over the stewardship of HTC to a strong leader to guide us on the next stage of our journey,” said Cher Wang, Chairwoman, HTC. “I am truly delighted that Yves is taking the reins; he has a long association with our company, and he shares our passion for innovation. I firmly believe Yves is the right leader to continue to lead HTC to its full potential.”
VIEWPOINT
BUSINESS EXPECTATIONS DRIVING DATA CENTRE TRANSFORMATION THE DATA CENTRE IS UNDER PRESSURE TO TRANSFORM FROM A MERE RESOURCE OF HARDWARE AND SOFTWARE TO A TRUSTED PARTNER HELPING BUSINESS TO COMPETE IN THE DIGITAL MARKET PLACE, EXPLAINS SACHIN BHARDWAJ, DIRECTOR OF MARKETING AND BUSINESS DEVELOPMENT, EHOSTING DATAFORT.
I
n the past the on-premises, enterprise data centre was the heart of the IT organisation. Today its importance and role is increasingly diluted, if you use its legacy responsibilities as a benchmark. Similar to other operational functions of an organisation, the role of the data centre is rapidly transforming. But that does not mean, its strategic importance for business is diminishing. With the increasing migration of applications to the cloud, through SaaS, PaaS, IaaS, the extent of workloads hosted on premises are also in decline. Gartner predicts that by 2025, 80% of enterprises will have scaled down their traditional data centres. Data residency rules, increasingly distributed global workforce, network latency, Internet of Things, emergence of managed service providers, are some of the drivers for migration of workloads out of the traditional, on-premises data centre, to more suitable options. Historically, the enterprise data centre used to address challenges such as, how do we best build the required infrastructure, in terms of cost, time and performance. Today the demand has transformed to, how do we best place the workload in terms of agility and business benefits. The on-premises legacy data centre is, increasingly shrinking and becoming centralised to manage mission critical workloads, with a higher degree of oversight, control, and responsibility, than is available through externally placed options. 40
CXO INSIGHT ME
OCTOBER 2019
While expectations from the traditional data centre shrink in terms of size of operations and IT spending, the expectations from the modern and digital data centre are rapidly increasing. The primary role of the data centre head is changing from being a builder and manager of data center functions to becoming an enabler and collaborator for business to perform. As business heads increasingly choose to find more agile application and service options outside the IT organisation, by remaining steadfast on their traditional roles, the legacy data centre faces extinction. By transforming to becoming an enabler of business, and playing the role of broker and trusted advisor, the function of the data centre has a purpose in tomorrow’s digital organisations. Transformation of the legacy data centre into tomorrow’s multi-function diversified role requires working on
numerous fronts. First, the on-premises data centre needs to be highly agile and responsive to meet internal demands. It needs to build a hybrid Cloud delivery model, benchmarked using the best industry standards. Second, it needs to attract and retain the best skills to manage internal expectations of delivering on machine language, artificial intelligence, business analytics and insights, amongst others. Third, and most importantly it needs to help business to compete and differentiate in the fast emerging digital marketplace, taking on born in the cloud, pure play start-ups, and other digital juggernauts. The story of the future data centre is no longer about empirical metrics of hardware and software. It is about delivering real services that help business to accomplish their expectations. The future of infrastructure is everywhere and anywhere, and will be business-driven by nature, remarks a Gartner specialist. According to Gartner, to drive success through this transformation, data centre heads can leverage various enablers: • Artificial intelligence: These tools will help the IT organisation to do vastly more with less resources, building suitable models for predictive failures and recovery. • Severless computing: This is also known as function platform as a service, and is an emerging software architecture pattern that reduces the need for infrastructure management and planning. • Network agility: Internal networking specialists must incorporate 5G technologies to enable the organszation to meet modern use cases and the customers digital expectations. • Edge computing: This technology meets the expectations of the resident country and use cases, by bringing the workloads closer to the end customer. • Technology partnerships: The IT organszation must enter into multiple supplier relationships to help scale operations and meet business expectations. The data centre of the past may have been a custodian of infrastructure, but going forward will need to play the role of a provider of leading-edge services for enhanced digital business performance.
VIEWPOINT
POWER TO THE PEOPLE ANDY COUSSINS, SENIOR VICE PRESIDENT AND HEAD OF SALES, INTERNATIONAL, EPICORE SOFTWARE, WRITES ABOUT THE HUMAN IMPACT OF SMART FACTORIES.
From people to processes
W
hen we talk about smart factories we are not only talking about the technology which lies within but the immense value that it can bring to the people working under the factory roof—and beyond. Connected factories allow organizations to dream big, but begin small, by investing in improving key processes first and realising the benefits and ROI before expanding the scope of the project. They enable humans and technology to work together— connected by the Internet of Things—to create more efficient, cost-effective business processes. In many respects, IoT is less about the ‘things’ themselves, and more about connecting people and processes in a multitude of ways to enhance knowledge and insight.
The human touch Any form of digital transformation project must have people at its heart if it is to succeed. Getting the latest equipment and technology is just the start—it’s what it can enable that is where the real benefits lie. There are many ways that smart factories can help organizations serve their customers and employees better. For example, 40 percent of survey respondents felt that smart, connected factories can help provide better experiences for their customers that are purchasing products. With greater visibility into inventory and products on hand, companies can report back to customers more accurately when they can expect to receive their products, resulting in greater customer satisfaction. Smart factories can also help aid proactiveness with customers, 42
CXO INSIGHT ME
from the enhanced experience that IoT technologies can bring, smart and connected factories can help to foster an environment of innovation and development by combining cuttingedge technology with traditional people power.
OCTOBER 2019
identifying rather than reacting to potential problems within the factory or production line. Indeed, a third (32 percent) of respondents felt that smart, connected factories can help deliver better field service to their customers. With greater insights into plant or factory equipment performance, sensors and alerts can be set up to identify equipment that is underperforming. Field technicians can even get dispatched directly, based on data from faulty equipment, so there is no time wasted in processing service requests. Companies can now proactively address issues before they become crises. Whether it is employees learning new skills to help them optimise processes, or consumers benefiting
Whether it’s a factory floor or retail outlet, most industries have systems and processes that support the way they operate. These will involve specific equipment and assets – all of which can be monitored, maintained and optimised as part of the smart and connected factory. Having such technology in place can help drive business growth. The discussion around the smart factory is not just that data should be captured, but what to do with that data once you have it. The ability to analyse the data coming from machines or from various touchpoints around the factory so that it yields actionable insights is critical to making business improvements. It starts with connecting those ‘things’ on the shop floor. And a quarter (74 percent) of those in the industry agree that smart and connected technologies can help improve and streamline internal company processes, from the shop floor, across the organization to the top executive floor. Almost the same number (73 percent) felt strongly that data from connected machines and people will inform decision-making and reduce costs. This is due to the insights being revealed from IoT-linked machines around metrics such as performance, quality, and speed. Ultimately, for most companies the power of being connected is about optimizing operations and achieving the long-standing goals of business: improving efficiency, cutting costs and generating new revenue streams. Linking all of these is the desire to become a best-in-class company and improve customer satisfaction—a crucial differentiator for any business.
VIEWPOINT
MULTI-CLOUD’S NEW MULTICULTURISM TABREZ SURVE, REGIONAL DIRECTOR – GULF, LEVANT & TURKEY, F5 NETWORKS, ASSESSES HOW MULTI-CLOUD IS CHANGING THE APP DEVELOPMENT GAME AND BRINGING PREVIOUSLY SILOED TEAMS CLOSER TOGETHER.
M
ulti-cloud has moved from tentative experiment to a fundamental component of IT strategies. From developers to security teams, workloads are migrating to the cloud in one way or another, whether you know it or not. Significantly, cloud adoption has powered a fundamental shift in how organisations think about app development and delivery. This is particularly evident with SaaS-based cloud models, which give businesses the freedom to choose exactly where cloud operations are deployed while also minimising cost. Working in a multi-cloud context has clearly spurred more agile and holistic ways of doing business. Take for example the increasingly widespread adoption of DevOps, NetOps and SecOps. As app development moves from on premises to cloud infrastructures, businesses must rethink how different functions engage with new approaches to software development. All teams have different requirements and ways of working, so it is critical to strike a balance that delivers results across the board without friction or compromise.
stability, scalability and security. There is always wiggle room for any rapid, lastminute changes related to continuous integration and delivery. DevOps teams should treat the cloud as the new norm and an extension of their network infrastructure. This means fully embracing public cloud native environments to manage application performance within the cloud, as well as leveraging SaaS models to keep costs low and support innovation scalability.
Delighting DevOps
Keeping NetOps happy
A DevOps culture is all about velocity and continuous innovation. The cloud enables developers and DevOps to achieve exactly that by providing a standardised, efficient and centralised platform for testing, deployment and production. It enables a more fluid development process that matches the pace at which DevOps can crank out applications, without sacrificing
The role of NetOps is changing from teams that own and monitor hardware and software assets, to those focused on building a multi-component network ecosystem supporting a variety of business objectives. As more workloads move into the cloud, the pressure is mounting for NetOps teams to rapidly adapt and transition from manual tools and slower processes to more efficient systems
44
CXO INSIGHT ME
OCTOBER 2019
compatible with agile DevOps models. NetOps also face pressure to reach automated parity with app development teams. They will soon become an application development bottleneck if they cannot keep up with continuous application updates. Fortunately, the problem is eased with SaaS cloud services. NetOps can now address specific areas of the business where legacy networks limit innovation, and subsequently target more fluid, digital infrastructures to collaborate better with other teams.
Giving security teams confidence IT operations have KPIs around security and service levels, which can explain their generally more conservative approaches to technology adoption. Given the choice, security teams would operate with zero-trust networks – and rightly so. In fact, a recent F5 survey focusing on DevOps and NetOps behaviours discovered that security in the cloud was an ‘afterthought’ for many developers, as they prioritise speed over security and reliability concerns. It is important to understand that cloud services can work as an extension of security teams, equipping them with the insights and tools required to keep up with the changing threat landscape. They can also ensure the right governance so they can monitor and balance the needs of innovation and control (i.e. via dashboards and reports).
Better together In today’s software-defined era, cloud adoption can only be positive for business-critical application development. The market not only demands more effective production process, but our application-centric world requires speed and stability of service. It is important to remember that everyone is working towards the same end goal: supporting the continuous delivery of quality applications to market. Collaboration and partnerships are easier to establish when all parties share the platform that delivers the apps and have access to the underlying analytics to refine and shape objectives.
VIEWPOINT
BUILDING ROBUST DIGITAL FOUNDATIONS DAVE RUSSELL, VP OF ENTERPRISE STRATEGY, VEEAM, OUTLINES HOW DATA AVAILABILITY AIDS IN LAYING THE DIGITAL FOUNDATION FOR INTELLIGENT BUSINESSES.
I
n today’s rapidly changing digital landscape, organisations are increasingly facing the need to implement strategies to manage and protect their data, especially when the data growth rate is not slowing down. IDC reported that companies will have 175 ZB of data by 2025, which combined with a highly competitive environment can be the recipe for a business disaster. Building strong digital foundations that focus on data availability will be vital to the future of every organisation. They must implement effective intelligent data management strategies that help them being able to access the right data at the right time and recover it when it’s lost or damaged.
Building A More Intelligent Business Veeam’s 2019 Cloud Data Management report, found that most organisations (73%) are unable to meet users’ demands for uninterrupted access to applications and data, but almost half of reported individuals (44%) see data management as critical to their businesses’ success in the next two years. For data management strategies to be successful, enterprises need to follow four core components that not only encompass the technology but the people and the data-culture of the organisation.
Component 1: The rise of the cloud Cloud Data Management, an intrinsic part of Intelligent Data Management, enables data availability across the business. Whether it is a hybrid, a cloud or a multi-cloud approach, leaders recognise the advantages, from reliability and flexibility to competitive costs and 46
CXO INSIGHT ME
OCTOBER 2019
data security, the cloud allows them to manage and locate data where it will deliver the most value. An organisation can aggregate large amounts of data but if it doesn’t have an efficient way to store it and make it accessible to business users, it will turn against them. Having data that is stored through a reliable and manageable process directly correlates to corporate stability and improves the ability to forecast and make better informed decisions.
Component 2: Your capabilities matter Business leaders reported that they will spend an average of $41 million on deploying technologies to help transform their operations within the next 12 months. However, for technologies such as backup, disaster recovery and data protection to have the expected business impact, organisations need to invest in their talent, giving them the tools and training to nurture their skills to successfully manage new programmes. The digital journey’s outcome is
intrinsically related to the level of technological capabilities of its userbase. Upskilling employee’s digital skills will be vital to the success of the company and should not be overlooked when allocating company resources. After all, it is the people who make a company successful.
Component 3: Make it a datadriven culture A corporate culture should be welcoming to innovation, support the introduction of new technologies and speed the process of digital transformation. As companies move through this transformation, their culture needs to become more data-driven. Businesses already produce huge amounts of data, but it is not about just gathering data anymore, it has to be managed, analyzed and used to inform faster and make more effective decisions. And it is in the hands of the C-level to convey this way of thinking, from top to bottom leadership should demonstrate the business relation and how technology supports the organisation to uncover insights for better services and products.
Component 4: Confidence is key The level of confidence in an organisation’s capability to meet digital challenges naturally increases as the businesses progress on their digital transformation. However, the potential risks increase as well. Addressing the first three components not only gives piece of mind internally but to customers and partners. Investing in robust, scalable and flexible solutions to address mission-critical issues, while allocating resources to improve internal skills will lay that much needed strong digital foundation. Maximising the value of data, has never been as important as today, and as organisations take a leap onto their digital journey and work to become more intelligent businesses, they need to rely and trust their data will be available whenever is needed. Technology, people, new capabilities and a data-driven mentality will help take the steps towards enabling the next-generation of industry disruptors and innovators.
VIEWPOINT
REIMAGINING SECURITY FOR THE DIGITAL WORKPLACE SHANKAR IYER, GENERAL MANAGER, END USER COMPUTING, VMWARE, WRITES ABOUT THE THREE STEPS TO SECURE THE INCREASINGLY COMPLEX END-USER COMPUTING LANDSCAPE.
T
he end user computing landscape has undergone massive shifts as the way employees prefer to work has dramatically changed over the past decade. Consider the notso-distant days of when all employees came into a physical office location daily and logged into a stationary, companyissued computer that was connected to a secure corporate network. Things look very different today. Employees want to use a variety of devices and OS platforms, from almost
48
CXO INSIGHT ME
OCTOBER 2019
anywhere, at any time, and to access all their apps, files, and data. Allowing them to do so has benefits for both employees and employers. Research confirms that providing employees with workstyle flexibility and a positive digital experience is linked to achieving key business outcomes such as competitive position, company growth and employee sentiment. While proven to benefit both employees and the organisations for which they work, this shift presents a challenge for IT as they must enable broader access than
ever before while maintaining the level of control that internal policies require. IT organisations often find themselves in a reactive position and run toward one of these pitfalls: 1. Revert back to blanket, binary security policies that impede on employee experience (e.g., deny access, password overload) 2. Bolt on more security tools, which leads to more complexity. Ironically, these kneejerk reactions meant to further secure an organisation end up putting it at greater risk.
A new approach is required – one that shifts the mindset away from detecting threats by using more tools, that send more alerts, that burn out IT and InfoSec teams. This new approach needs to start with intrinsic security and leverage intelligence, from all sources, to secure users from apps to endpoints to infrastructure. With a destination in mind, let’s consider steps IT teams can take to secure the digital workspace.
A robust digital workspace strategy will include an open ecosystem of trusted security solutions that specialise in thwarting attacks and mitigating risk in areas such as device health assessment, policy setting, patching, compliance monitoring, and more.
Step 1: Manage ‘productsprawl’ with an open platform approach Security threats are increasing both in frequency and cost, as well as focus and sophistication. The CISO’s job has never been more taxing, and the stakes never higher. All too often IT leaders try to address security vulnerabilities by reaching into their pockets, bolting on product after product. In fact, cybersecurity teams use an average of over 80 different security products from 40 different vendors. More security products must mean a more secure organisation, right? Not necessarily. Legacy, stand-alone security tools provide limited visibility for IT and lead to the creation of solution silos across the environment. This ‘product-sprawl’ results in an uncoordinated threat detection and remediation approach that negatively impacts organisations, raising costs due to complexity and the manual tasks associated with trying to secure a digital workspace. Instead of deploying solutions in silos, organisations would be well served to adopt an open platform approach to connect various solutions for improved visibility across the environment. The ideal framework takes advantage of APIs built on a proven digital workspace platform. This is because APIs enable a rich ecosystem of security solutions to communicate with the platform, and ultimately provide the aggregated view administrators want and need to simplify security and management.
how, across what networks, IT stays in control. Then, using last-known good state, logging, and intelligence in the form of analytics, IT has the tools in place to recognise what is different and use that insight to make better decisions about what to do next. Leveraging insights from cloud, threat, user and entity intelligence helps IT become more agile when maintaining baseline configurations and hygiene, decreasing the time IT spends on responding to suspected incidents.
Step 3: Remediate with automation
Step 2: Detect with intelligence With security solutions connected via a single digital workspace platform, threat detection becomes a much simpler task. Combining access, device, and application management via an open platform is just part of the digital workspace security equation. This must be paired with analytics, leveraging a framework of trust across the entire ecosystem and using insights from collected data to make the right security decisions. Prepared enterprises can detect threats using continuous and adaptive monitoring, enabling their IT operations and security teams to find threats on mobile and desktop endpoints and applications. With automated, continuous monitoring and alerting of who is accessing what information, from where, and
An internal VMware study indicated that one-in-ten enterprise customers takes a year or more to complete Windows patches that affect most or all of their endpoints. This gives attackers time to invent exploitation methods, putting the organisation at great risk. IT teams must be able to leverage insights from their environment to confidently pre-define policies, based on root causes, to quickly automate response and recovery for best results. Through automation, IT may choose to quarantine, suspend, or block access to an application or cloud service. After threats are detected, the most prepared enterprises have an effective solution to automate remediation through an engine that can detect behavioral anomalies and initiate an automated policy to block access to sensitive data. Collapse security solution and team silos with an open digital workspace platform. Leverage analytics to proactively detect threats. Automate remediation to speed reaction time and lighten IT’s growing backlog. These are the key ingredients to a winning digital workspace security recipe. When IT teams embrace this modern approach to securing their digital workspace environment, they can more confidently empower employees to be more productive and efficient, benefiting both employees and employers.
OCTOBER 2019
CXO INSIGHT ME
49
GITEX
WHAT TO EXPECT AT
GITEX TECHNOLOGY WEEK 2019 BESIDES INNOVATIONS IN 5G, CONNECTIVITY SOLUTIONS, AI AND ROBOTICS, A MAJOR HIGHLIGHT AT GITEX 2019 WILL BE THERANOS WHISTLEBLOWER TYLER SHULTZ’ PRESENTATION ON EXPLORING ETHICS IN TECHNOLOGY AND ENTREPRENEURSHIP.
G
ITEX Technology Week’s 39th edition will present the region’s biggest-ever 5G showcase, its investorstartup gathering, and a springboard for knowledge-building around AI, robotics and next-generation immersive technology, under the theme of ‘Synergising the Mind and Technology Economy’. These topics will be showcased across 22 halls divided into sectors including 5G, Artificial Intelligence, Future Mobility, GITEX Lifestyle Tech and Smart Cities. Saudi Arabia is the official country partner for GITEX 2019, and will be represented by its smart logistics platform Fasah. Here is sneak preview of what some of the big tech vendors have in store for visitors.
50
CXO INSIGHT ME
OCTOBER 2019
VMWARE VMware will showcase its latest advances in cloud infrastructure, intrinsic security and digital workspace technology at GITEX Technology Week.
GITEX
Aligning with GITEX’s theme of ‘Synergizing the Mind and Technology Economy’, VMware will assist regional customers in establishing a successful digital business built upon a robust digital foundation. As part of its efforts, the company aims to address the pressing challenges faced by organisations dealing with disruptive technologies that are emerging faster than many can contend with. From its stand, VMware will exhibit its latest innovations in the Cloud, along with exploring the opportunities presented by the evolution of 5G. The company will host several demonstrations throughout the event, which will include demos of its integrated digital workspace platform, Workspace One, its End-User Computing (EUC) solutions, as well as its vSAN Assessment module. Ahmed Auda, Managing Director – Middle East, Turkey and North Africa, VMware, said: “The advent of technology-driven innovation is disrupting every market and industry, which creates new opportunities but also brings new challenges. For the last decade, VMware has been a driving force in the successful digital transformation of many public sector and private organisations across a range of industries in the Middle East. Our focus now is to help our customers to unlock the full potential of their digital foundation, capitalising on their operational improvements, while remaining secure in the face of new threats. GITEX gives us the opportunity to not only showcase our solutions but to also show customers first-hand how they can transform their organisation into a digital force to be reckoned with.” VMwarewill be displaying its latest innovations at its Stand B-10 in Hall 7.
“The UAE’s leadership has laid down a clear vision to diversify and develop the country’s economy based on knowledge and innovation, and this is aptly supported with various initiatives like the Fourth Industrial Revolution Strategy”, said Abdul Rahman Al Thehaiban, Senior Vice President – Technology, MEA, and CEE, Oracle. “Digital technologies are at heart of implementing this roadmap and at Oracle, we are committed to continuously expand our infrastructure in the UAE, introduce latest digital innovations and help prepare a digital economy ready workforce to help the country achieve its strategic socioeconomic objectives.” The World’s first Autonomous Cloud operating system; Suite of Cloud Native Artificial Intelligence and Machine Learning embedded intelligent applications; Unique Hybrid Cloud solutions; Enterprise-Grade Digital Assistant Bot, and the World’s fastest Database Machine will highlight Oracle’s presence at GITEX Technology Week 2019. A completely redesigned exhibition area with specially designed interactive pods that are optimized for a quicker, attractive and engaging experience will welcome visitors to the Oracle booth in Hall 5 at GITEX Tech Week 2019.
Hybrid cloud and automation will be the key focus of Nutanix’s participation at GITEX this year. Executives from the company will discuss the potential for artificial intelligence and machine learning-based automation to improve the efficiency of modern data centres, as well as demonstrate the latest technologies and innovations for building, running and governing multicloud environments. Aaron White, Regional Director, METI at Nutanix said, “We have come to an inflection point in the Middle East, where enterprises are wholeheartedly embracing hybrid clouds. The earlier concerns regarding data sovereignty are now being allayed with the entry major public cloud providers like Microsoft Azure and Amazon Web Services (AWS) opening up data centres in the region. As both public and private clouds continue to mature, many companies opt for both, leveraging the two cloud environments to meet their diverse enterprise computing needs. Nutanix believes that the future of cloud in the Middle East is undoubtedly hybrid cloud.” Nutanix will have its own dedicated stand, number H7-A30 in Hall 7 at DWTC.
NUTANIX
This year at GITEX Technology Week, ‘Poly’ – formerly Plantronics and Polycom - will showcase robust and human-first end-to-end unified communications (UC) solutions for all types of workspaces. Poly’s exhibition of a comprehensive set of smart endpoints will span across both personal and group
POLY ORACLE Highlighting the impact of latest digital solutions that will help the UAE achieve its National Vision of developing a ‘competitive knowledge economy’ in line with Vision 2021, will be the key focus for Oracle at GITEX Technology Week 2019.
Enterprise cloud computing firm Nutanix will be demonstrating the power of its advanced Enterprise Cloud software platform – developed around the principles of ease, intelligence and resilience at GITEX Technology Week 2019.
OCTOBER 2019
CXO INSIGHT ME
53
GITEX
F5 NETWORKS
UC communications. The company’s exhibition will be held at Booth 40 in Hall 8 at the trade show. Paul Clark, Managing Director, EMEA at Poly, said, “New ways of working and open-plan offices are revolutionising the workspaces beyond comprehension. Every revolution brings about a new set of perils. Technology has saved the day for companies looking to further their reach ahead of the competition. Poly’s customers have offered employees chaos-proof solutions so they can get more done and be happier while doing it, whether they are in a huddle room, on the go or at desks. A noisy contact centre, a large meeting room or even a cloud meeting application thrives when powered with the right UC technology.” During GITEX Technology Week, the firm will be showcasing its key offerings such as G7500, Poly Studio, Poly Trio , Savi family of DECT headsets, Poly Voyager series headsets, Elara Series mobile phone station, recently launched CCX line of Microsoft Teams phones and RealPresence Immersive Studio Flex.
FOCUS SOFTNET At GITEX, the company plans to launch its newly developed Artificial Intelligence (AI) integrated enterprise software solutions in addition to showcasing its complete cloud product portfolio, including its flagship product – Focus 9 powered by Pronghorn server, which is feature-rich and uses in-memory 54
CXO INSIGHT ME
OCTOBER 2019
computing for fast transactions. “We are seeing large scale interest by GCC public sector and private organisations, to reduce investment in human capital, and divert spending into automation of processes. It is for this reason that we have built our AI solutions alongside our enterprise software solutions including our ERP and CRM suites. Focus Softnet customers using cloud-based Focus 9 ERP, can move to a highly efficient AI-driven automated environment, and reap the benefits of a rapid return on investment. For other new businesses wanting to automate their business operations, they can get the benefit of both AI and ERP through our end-to-end product portfolio,” said Ali Hyder, Group CEO of Focus Softnet. As part of it GITEX 2019 plans, the Focus Softnet Group will showcase its flagship ERP – Focus 9 and other solutions such as Focus 8, as well as end-to-end cloud solution portfolio from Centra Hub, including its CRM and HCM suites, and vertical market solutions. Centra’s cloud solution portfolio includes Centra CRM, Centra HCM, Centra REMS, Centra Edu, Centra CAFM, Centra Auto, Centra OA and Centra Projects. Centra Hub will also showcase its vertical market facing applications for Real Estate, Automobile, Project Management, Education, Retail, Professional Services, Courier Management, amongst others. Focus Softnet will be exhibiting at Stand H8-C20 in Hall 8.
F5 Networks’ focus at GITEX Technology Week 2019 will be on how multi-cloud application services and DevOps methodologies can enable digital transformation and growth across the Middle East. The company will also share insight on its latest solution offerings and news, including the recent acquisition of NGINX. “The true value of the modern enterprise resides in its applications and data. We call this Application Capital. Given the Middle East’s growing adoption of cloud computing, we believe that Application Capital is now a key driver for differentiation, innovation and value creation in the region,” said Tabrez Surve, Regional Director, Gulf Levant and Turkey, F5 Networks. GITEX will be the first time F5 and NGINX join forces at a major industry event in the Middle East. Attendees can expect to learn more on how F5 and NGINX together can provide an integrated platform and a unified customer experience for management across the entire app spectrum – from code to customer. The firm will highlight solutions such as F5 Advanced WAF, which protects web applications and APIs from attacks like injections, web attacks, and application layer denial of service (DoS). It will also be showcasing F5 SSL Orchestrator (SSLO) solution. It is a purpose-built solution delivering policybased orchestration and SSL/TLS decryption and encryption for inbound and outbound traffic. F5 Networks will be located in Hall 6, Stand H6-C10.
PRODUCTS
Synology FlashStation Synology has announced the launch of its suite of data management products including FS6400, FS3400, SA3400, and DS620slim in the Middle East and Africa (MEA) region. These new models refine the company’s product portfolio to resolve IT challenges from IO density, storage capacity, and physical dimensions of the server, and are successors to the existing ones with a name change in the product series to better distinguish among high-end rackmount servers. FlashStation FS6400 is armed with dual Intel Xeon Silver 8-core processors, delivering over 240,000 iSCSI 4K random write IOPS and responding to
the demand for higher performance and greater business agility. The new all-flash storage FS6400 is ideal for your virtualised and containerised environments, databases, and webbased applications, building a datacentric architecture that realizes storage acceleration. Powered by Intel 8-core, 2.1 GHz CPU and 16GB ECC RDIMM memory, FlashStation FS3400 delivers more than 137,000 4K random write IOPS, speeding up the responsiveness of your businesscritical applications. Customers can flexibly choose between SAS and SATA drives without vendor lock-in to align with your service deployment, increase storage capacity to up to 72 or 48 drives with two Synology RX2417sas/ RX1217sas, or expand the networking bandwidth through an additional
Motorola dash-board cameras Motorola has launched dash-board cameras in the UAE. The Motorola Dash Cam is engineered to provide users added reassurance on the road. The MDC500GW and MDC300GW have a smart automatic collision detection (G-Sensor) that recognises shocks and records the incident that is then saved and protected. The Motorola Dash Cams are available at Virgin mega store and will soon be available at Sharaf DG, Jumbo and Dubai Duty Free. MDC500GW Dash Cam has 1080p Front camera and 720p rear dash cam with
GPS, Wi-Fi, and a wide 150° angle view. It monitors the entire front or back view of the vehicle and gets the live videos with full HD quality to the built-in 2-inch colour LCD. The 150° field of view captures everything on its radar. The integrated GPS, Wi-Fi capabilities and smart automatic collision detection (G-Sensor) gives customers the added confidence on the road. The Dash Cam is retailing at AED 509. MDC300GW Dash Cam has 1080p HD dash cam with 3-inch display and 2.19MP Sony sensor for clarity and
Philips Ultra-Wide 5K monitor MMD, the display specialist and brand license partner for Philips monitors, has launched the allnew Philips 499P9H Brilliance 32:9 SuperWide curved LCD display. This 49” (48.8” / 124 cm diag.) monitor provides professional users with a treasure trove of performance-enhancing features. Equipped with an expansive 32:9 SuperWide screen and ultra-high resolution, the Philips 499P9H delivers
great graphics on a large format that is the equivalent of two full-size monitors, making it the ideal alternative to a
25/40GbE network interface card. SA3400, the first model in the SA series, serves as the successor of RS18017xs+ with an upgraded CPU from 6 to 8 cores and a 50% performance boost in 4K random read IOPS. Equipped with an 8-core, 2.1 GHz CPU and 16GB ECC RDIMM memory and scalable up to 1,536TB with little to unnoticeable performance degradation, SA3400 provides more than 1 petabyte raw capacity, ideal for video post-production and massive surveillance deployment. Powered by Intel Celeron J3355 2-core processor and 2GB DDR3L memory expandable up to 6GB, DS620slim is a unique, modern-looking 6-bay NAS packed with Synology’s classic capabilities. For modern households and studios looking for extraordinary streaming experience, DS620slim is an ideal choice to deliver 4K video transcoding while matching perfectly with your existing decor.
strong colours. The easy-to-use 3-inch colour display streams videos in 1080P HD quality with a 2.19MP Sony sensor. An outstanding 150° field of view lets you capture the road and its surroundings. With integrated GPS, Wi-Fi capabilities the automatic collision detection sensor (G-Sensor) warns users for lane departures and forward collisions. The Dash Cam is retailing at AED 419.
double 27” Quad HD set-up. Featuring convenient USB-C docking, which offers the benefit of high-speed data transfer and flexible connectivity, as well as a pop-up webcam and environmentallyfriendly design, this monitor has it all. The 499P9H provides 49 stunning inches of workspace, just like having two 27” 16:9 Quad HD displays placed sideby-side. This allows users to spread out, compare documents, or handle multiple files at once without having to stack windows, scroll, or zoom.
OCTOBER 2019
CXO INSIGHT ME
57
BLOG
INSIDE INTELLIGENT PROCESS AUTOMATION SUNIL PAUL, CO-FOUNDER AND COO OF FINESSE, TRACKS THE EVOLUTION OF RPA TO IPA
I
t wasn’t long ago that companies on the digital transformation journey had Robotic Process Automation (RPA) on their checklist as a successful implementation of this business process automation technology held out the promise of more efficient and productive human capital. RPA software basically plugs into existing business software to gather and interpret applications and systems data. Its applications vary from simply delivering automated email responses, to handling other tasks across a business, like transaction processing or data comparison. Joan McGowan, Senior Industry Research Analyst at Celent recently explained how RPA works on the Holland Fintech website: “Codified rules instruct the computer or software to perform human tasks within a process. It does this by either recording what humans do or using codified scripts that are straightforward to construct such as tapping and swiping through an app, copying and pasting content, screen scraping, opening emails and attachments, carrying out checklists, vetting contracts, moving files and folders, or reconciling processes.” Finance and telecom sectors were among the early adopters of RPA as they found it effective at performing low-value activity quickly, reliably and securely. Using RTA to automate manual-repetitive, and time intensive processes like queries, calculations, and maintenance of records and transactions, their staff were free to focus on more value-added work such as product or service innovations. 58
CXO INSIGHT ME
OCTOBER 2019
Other benefits include: Working 24/7, RPA bots eliminate manual processes, increase processing efficiency and decrease processing time. Since the tasks are always processed in the same way, occurrence of inconsistent data in different applications is prevented. At the same time, RPA provides an alternative to outsourcing and offshoring – data is kept in-house, there is less need for ongoing training, and they can provide a higher degree of compliance with internal control frameworks while giving the company more control over quality. RPA also enhances customer service and experience, for example, by reducing the waiting times for processing customer enquiries. A joint study by AT Kearney and Arvato last year found that processes can be performed 20 times faster when the processing is carried out by RPA instead of humans.. RPA implementation also gave a new lease of life to legacy systems and processes. as they sit on top of and integrate into existing systems without interfering with the business logic of the system or the data access layer. However, its capability often remained under-utilised as it was less about rewiring business processes and more about moving data around the company faster with minimal manual intervention. RPA advantage of rule-driven operations can limit its capabilities. RPA’s inability to understand context, when things deviate from what has been recorded, and initiate action based on that circumstance or set of circumstances, is a weak point. And since it does not learn, it cannot adjust if processes change.
Enter IPA or Intelligent Process Automation (IPA), billed as the next stage in the evolution of RPA. IPA uses Artificial Intelligence (AI) technologies to transforms software bots of RPA into context-aware bots that extract, interpret, and unlock knowledge and predictions in business processes. A 2017 McKinsey article noted that “IPA mimics activities carried out by humans and, over time, learns to do them even better. Traditional levers of rule-based automation are augmented with decision-making capabilities thanks to advances in deep learning and cognitive technology.” In addition to RPA, the article noted, the core technologies powering IPA includes Smart Workflow, Machine Learning/Advanced Analytics, Natural-Language Generation and Cognitive Agents. RPA, as a PwC pointed out, is evolving and shaping up to be the precursor for the broader use of artificial intelligence, or IPA. Although IPA takes more effort to deploy than standard RPA, it requires minimal human oversight after launch.