CXO Insight Middle East - Fast track to success - September 2020 by cxoinsightme

ISSUE 23 \ SEPTEMBER 2020

FAST TRACK TO SUCCESS How digital transformation is driving customer experience at Lulu Group

TRUST A PARTNER WITH 20+ YEARS OF EXPERIENCE IN MICROSOFT TECHNOLOGY

en.sulava.com

gulf@sulava.com

CONTENTS

PRODUCTS

HOW DIGITAL TRANSFORMATION IS DRIVING CUSTOMER EXPERIENCE AT LULU GROUP

FAST TRACK TO SUCCESS

16 RISE OF EDGE 16 THE COMPUTING 18 CELEBRATING DIGITAL INNOVATION

A CONNECTED 20 WORLD PROTECTING REMOTE 24 WORKERS

UPGRADING LANS THE SMART WAY

PUBLISHED BY INSIGHT MEDIA & PUBLISHING LLC

NEWS

COMPLEXITY IS 28 WHY THE WORST ENEMY OF CYBERSECURITY

GETTING SMART ABOUT DATA

SECURITY 32 CULTIVATING CULTURE THE EVOLVING ROLE 34 OF THE CIO IN 2020

36 THE MACOS SECURITY GUIDE

SHEIKH MOHAMMED SANCTIONS UAE ACTION PLAN ON DIGITAL ECONOMY DIGITAL DEWA, GROUP 42 TO BOOST AI AND CLOUD INNOVATION IN THE UAE SAUDI HOSPITAL ENHANCES INTEGRATED CLINICAL INFORMATION SYSTEM

SEPTEMBER 2020

CXO INSIGHT ME

Any workload, any scale, all the time Designed for easy deployment and manageability in scale-out clusters, the Lenovo ThinkAgile HX Series combines Nutanix software with Lenovoâ&#x20AC;&#x2122;s highly reliable and scalable servers. These appliances ship fully integrated, tested, and configured so that you can dramatically accelerate your time to value and reduce your infrastructure maintenance.

Simplify Your IT Infrastructure

Deliver Greater Reliability

Services and Support

ThinkAgile HX Series

Scan the QR code for more information:

ÂŠ Lenovo 2020. Lenovo, the Lenovo logo, System x, ThinkServer, ThinkSystem, ThinkAgile are trademarks or registered trademarks of Lenovo. Other company products and service names may be trademarks or service marks of others. Intel, the Intel logo, Xeon, and Xeon Inside are trademarks or registered trademarks of Intel Corporation in the U.S. and/or other countries.

EDITORIAL

DIGITALLY MINDED

his month, we hosted our inaugural edition of ICT Leadership Awards for Saudi Arabia and Egypt, two of the biggest IT markets in the MENA region. Six months ago, none of us could have imagined that the format of this event would be virtual, but we are happy to report that virtual conference and awards can be every bit as successful as live events. The only missing element was an orchestra, but that is beside the point. We have picked 20 outstanding projects from a pool of more than 100 shortlisted entries, and our team noticed one common theme across all these winning projects – digital transformation. Not surprisingly, verticals such as healthcare, government, and banks led the pack among winners, where digital innovation is thriving partly due to this pandemic’s nature. These organisations have embraced digital technologies to restart and grow their businesses after lockdown, and all over the world, digital has become the difference between market leaders and trailers.

This trend is no different in the Middle East, where the adoption of technologies such as automation, cloud, IoT, and cybersecurity is growing at a rapid clip, especially among SMEs. In fact, I don’t think any organisation would want to go back to traditional technology infrastructure once things go back to normal because a clear link has been established between digital transformation and revenue growth. As we have seen in the case of our ICT Leadership Awards winners, digital transformation has helped them to reduce operational costs, optimise business processes, and helped deliver better customer services. In this edition, we have a feature on one of these transformational technologies – IoT. Covid-19 has spurred a surge in IoT adoption, especially in home automation, healthcare, and supply chain industries, and far-reaching changes are coming our way. IoT platform vendors are coming up with innovations and it is one of the technologies you should bet on to overcome the business disruptions this year and beyond.

Published by

Managing Editor Jeevan Thankappan jeevant@insightmediame.com +97156 - 4156425

Sales Director Merle Carrasco merlec@insightmediame.com +97155 - 1181730

Operations Director Rajeesh Nair rajeeshm@insightmediame.com +97155 - 9383094

Production Head James Tharian jamest@insightmediame.com +97156 - 4945966

Administration Manager Fahida Afaf Bangod fahidaa@insightmediame.com +97156 - 5741456

Designer Anup Sathyan

While the publisher has made all efforts to ensure the accuracy of information in this magazine, they will not be held responsible for any errors

SEPTEMBER 2020

CXO INSIGHT ME

NEWS

SHEIKH MOHAMMED SANCTIONS UAE ACTION PLAN ON DIGITAL ECONOMY

reviewing the future working plans of the UAE Government in the areas of Artificial Intelligence, AI, the digital economy and teleworking applications, which was introduced as part of the new structure of the UAE Cabinet announced in July and under the new government development plans for the post-COVID-19 era, especially in light of the growing strategic role of the digital economy, smart technology and teleworking in managing businesses in many sectors and fully organising supply chains, both locally and internationally.

His Highness Sheikh Mohammed noted that the contribution of the digital economy to the country’s GDP in 2019 accounted for 4.3 percent, noting that a minister of state was appointed to increase this figure. “The digital economy has proven its efficiency, and the world’s need for it is very obvious during the global health crisis. The digital economy does not need large establishments and significant financial resources. However, it requires minds, ideas and imagination. The future will involve many changes in health, education and trade, and we must be ready,” he said. During the discussion, Omar bin Sultan Al Olama, Minister of State for Artificial Intelligence, Digital Economy and Remote Work Applications, briefed Sheikh Mohammed on a comprehensive plan that focuses on providing tools and infrastructure to support the UAE’s leadership in anticipating and preparing for global changes. Future plans for the digital economy sector will focus on developing financial cooperation, the freelance economy, digital markets, and digital content.

The partnership with Group 42 enables Digital DEWA companies – Moro Hub, InfraX and DigitalX – to introduce and implement digital and data transformation initiatives. It aims to foster new services around AI and enhance innovations across Digital DEWA’s service portfolio. HE Saeed Mohammed Al Tayer, said, “The partnership with G42 will strengthen Digital DEWA offerings, as they can now extensively collaborate on technological endeavours, to co-create services in the clean energy and IoT, leverage AI-led solutions for government entities and enterprises across different sectors as well as explore the commercial and operational feasibility of such opportunities.” The new services will be hosted on Moro Hub and G42 cloud infrastructure to ensure data security and superior customer experience. The services will be managed in Moro Hub’s Smart Cities Command and Control Centre, offering 24/7 support to future clients.

Peng Xiao said, “We are thrilled to team up with Digital DEWA and play a key role in the digital transformation objectives and initiatives of the country. Our expertise in the fields of AI, Big Data Analytics and cloud computing, combined with our specialised industrial know-how, allow us to develop progressive and holistic solutions to problems in every sector, empowering businesses to transition to digital environments effortlessly. The UAE government is committed to the digital growth and development of the nation, and we are proud to contribute to this goal in every way possible.” Regional clients can look forward to new service innovations addressing several market segments such as AI Research & Development, Cloud and Data Centre services, Industrial solutions, AI Video Analytics as a Service, Healthcare solutions such as COVID-19 detection and diagnostic devices, technical support, professional and other digital services.

uring a meeting with the ‘Artificial Intelligence, Digital Economy and Teleworking Applications Team’, this week, His Highness Sheikh Mohammed bin Rashid Al Maktoum, Vice President, Prime Minister and Ruler of Dubai, has sanctioned the UAE’s action plan on AI and digital economy, according to a report in WAM. Sheikh Mohammed said, “Our priorities are the development of the digital economy that will contribute to our national economy, reinforce the country’s smart infrastructure, ensure our digital readiness and maintain the continuity of business of the UAE Government under all circumstances.” “The digital economy is a key driver in the growth and development of many new national economic sectors, and will help reinforce our competitiveness in the global market and future economy.” His Highness Sheikh Mohammed bin Rashid made this statement while

DIGITAL DEWA, GROUP 42 TO BOOST AI AND CLOUD INNOVATION IN THE UAE

In the presence of HE Saeed Mohammed Al Tayer, MD & CEO of Dubai Electricity and Water Authority (DEWA), and Peng Xiao, CEO of Group 42, Digital DEWA – the digital arm of DEWA, announced a strategic partnership with Group 42 (G42), an Abu Dhabi based leading Artificial Intelligence (AI) and cloud computing company. 6

CXO INSIGHT ME

SEPTEMBER 2020

SAUDI HOSPITAL ENHANCES INTEGRATED CLINICAL INFORMATION SYSTEM

ing Faisal Specialist Hospital & Research Centre (KFSH&RC) has collaborated with Cerner during the COVID-19 pandemic to fully upgrade its Integrated Clinical Information System (ICIS) to the latest available Cerner software version. The conversion of this code upgrade broke new ground by being supported entirely by virtual means. KFSH&RC manages three facilities in the Kingdom of Saudi Arabia and plays the role of a tertiary health care provider for specialised medicine services such as oncology, cardiology, transplants and fertility, with approximately one million outpatient visits each year. This strategic upgrade will enable the hospital to continue innovating care delivery and hospital operations. In addition, it has yielded significant enhancements in the system performance of KFSH&RC’s ICIS with the Cerner Millennium electronic health record.

“This pandemic has forcefully disrupted the day-to-day operations of healthcare organisations and put pressure on all providers to create novel ways in keeping patients at the centre of health care. Physical distancing and staff safety combined with the value realisation and impact this upgrade would have on KFSH&RC’s healthcare delivery model forced us to rise to the challenge,” said Osama Al Swailem, MD, MA, Chief Information Officer of KFSH&RC. “We had confidence that our healthcare IT staff, clinical department leaders and Cerner would come up with an innovative approach in getting our system upgraded with minimal downtime.” “This virtual upgrade has exposed the KFSH&RC informatics staff to a new delivery model,” Al Swailem explained. “In addition to the hardware and software enhancements we had with the upgrade, this project aimed at continually enhancing the patient and caregiver experiences,

ADEK ANNOUNCES ‘42 ABU DHABI’ CODING SCHOOL The Abu Dhabi Department of Education and Knowledge (ADEK) has announced the UAE capital will open the first GCC campus of the internationally renowned 42 Network of coding and computer programming schools early next year. A major enabler in Abu Dhabi’s strategic vision to create a diverse and inclusive education infrastructure that empowers and enables a future-ready workforce, 42 Abu Dhabi will welcome students in February 2021. The new campus is an initiative of Ghadan 21, Abu Dhabi’s three-year government accelerators programme that aims to fast-track the emirate’s economic transformation through investments in the economy, knowledge, and community to support business, innovation, and people. The purpose-built 42 Abu Dhabi campus will offer a revolutionary approach to divergent and gamified learning in the heart of the UAE capital’s historic Mina Zayed warehouses district.

42 Abu Dhabi will follow the tuitionfree model of coding and programming education pioneered by French billionaire Xavier Niel, who founded the Network’s inaugural campus in Paris, École 42, in 2013. In only seven years, the expanding 42 Network of schools has grown to over 20 globally. 42 Abu Dhabi, the first of its kind in the GCC, will accommodate up to 750 students once fully operational. Her Excellency Sara Musallam, Chairman, ADEK, said, “By making coding and codethinking accessible to people of all levels and abilities, 42 Abu Dhabi embodies the emirate’s vision for a tech-enabled business ecosystem and contributes to our leaders’

increasing safety, reducing cost and the elimination of manual processes . I have challenged all that were involved in continuing this innovative way of thinking to help define the new-norm in healthcare.” The upgrade has introduced more than 500 software enhancements. Moreover, the KFSH&RC roadmap projects will significantly increase the availability of valuable data for analytics, such as chemotherapy timings, oncology protocol compliance, transplants survival rates, medication administration information through bar coding and integration with supply chain systems. This will empower KFSH&RC to further personalise care plans and proactively manage the health of its patients.

vision to build a secure and confident society that is competitive, sustainable and open.” Operating a project-based, problem-based and peer-to-peer learning methodology endorsed by global tech luminaries including Evan Spiegel, Co-Founder & CEO of Snapchat, Jack Dorsey, Co-Founder & CEO of Twitter, Keyvon Beykpour, Co-Founder & CEO of Periscope, and Brian Chesky, CoFounder & CEO of Airbnb, amongst others, 42 Abu Dhabi students will learn at their own pace and develop through collaboration and creativity. Candidates interested in applying to 42 Abu Dhabi, must be 18 years old and above, and can register at www.42AbuDhabi.ae to conduct an online pre-selection assessment which evaluates cognitive capacity via logic and memory tests. Successful pre-selection candidates are then invited to ‘The Piscine’, an immersive month-long program testing motivation, endurance, and commitment. Successful candidates will be invited to join the inaugural cohort of 42 Abu Dhabi after all ‘The Piscine’ assessments are completed.

SEPTEMBER 2020

CXO INSIGHT ME

NEWS

ETIHAD ESCO JOINS MORO HUB’S SMART CITIES COMMAND AND CONTROL CENTRE

is Excellency Saeed Mohammed Al Tayer, MD & CEO of Dubai Electricity and Water Authority (DEWA), has witnessed the signing of an agreement between Etihad Energy Services Company (Etihad ESCO), a wholly-owned subsidiary of DEWA and Moro Hub (Data Integrated Solutions), a wholly-owned subsidiary of DEWA to join MORO’s newly launched Smart Cities Command and Control Centre. Etihad ESCO will now benefit from Moro Hub’s world class digital, cloud and secured services while bringing its expertise in measurement and

verification, energy monitoring and management and facility management. As a Dubai 10X enabler, Moro Hub’s Smart Cities Command and Control Centre provides services in Intelligent IoT Platforms, Cyber Security and Managed Services to support the Government and Enterprise customers in their digital transformation journey. The agreement was signed by Mohamed Bin Sulaiman, CEO of Moro Hub and Ali Al Jassim, CEO of Etihad Energy Services (Etihad ESCO). HE Saeed Mohammed Al Tayer, said, “We work according to the vision of His Highness Sheikh Mohammed bin Rashid Al Maktoum, Vice President and Prime Minister of the UAE and Ruler of Dubai, to make Dubai the city of the future. We congratulate Etihad ESCO on joining Moro hub’s integrated Smart Cities Command and Control Centre. Now Etihad ESCO will have complete access to all the advantages of the command and control centre without compromising on data security and

business continuity. This collaboration is in alignment with Dubai 10X initiatives and UAE’s Sustainable Development Goals.” HE Al Tayer added, “Through the UAE’s Green Agenda, the country aims to catalyse regional and global cooperation for a green economy transformation. This aligns with our mission at Etihad ESCO, to make Dubai built environment a leading example of energy efficiency for the region and the world and make the city one of the most sustainable globally. In this regard, Moro Hub’s Smart Cities Command and Control Centre is a perfect platform that could offer us innovative digital capabilities to meet our objectives. We are thrilled to be a part of this growing ecosystem.” Under this agreement, Etihad ESCO will accelerate their businesses and management services powered by emerging smart technologies to facilitate valuable savings. Moro Hub’s cutting-edge Smart Cities Command and Control Centre enables Government and Enterprise clients to fast track the adoption of new-age digital technologies such as IoT, Cyber Security, Cloud and more. The centre allows digital leaders to make well-informed decisions based on data-driven analysis.

and cause software or hardware damage. With enterprises adding more and more connected devices to their networks, vulnerabilities like those outlined in SentinelLabs’ research are concerning as every connection to the enterprise network is a potential vulnerability. “IoT can pose a significant threat to enterprise security because, while anything you connect to your network is a potential point of ingress, not everyone considers that IoT devices contain unintended vendor-created backdoors” said Sternberg. “Many organisations don’t design smart thermostats or refrigerators with security in mind. However, even mundane devices

such as this can be open to attackers, making it critical to understand exactly how many devices you have connected to your network and to harden every endpoint.” SentinelLabs identified two vulnerabilities that enabled account takeover; a flaw in the “forgot your password” function and a takeover of the debug email account. Two additional vulnerabilities relating to endpoint APIs were also identified. Due to these flaws, SentinelLabs researchers were able to compromise remote servers used as proxies for configuring smart devices and worked with HDL Automation on patch solutions. If attackers were simply interested in causing chaos, they could do physical damage by raising the temperature in a server room, disabling security cameras, or disabling sensors designed to detect leaks or voltage surges. The four new-found IoT vulnerabilities highlight the sensitivity and cost of IoT cyberattacks in impacting our digital way of life.

SENTINELONE UNEARTHS IOT VULNERABILITIES SentinelOne has announced that Barak Sternberg, SentinelLabs security researcher, has identified four unique vulnerabilities in HDL Automation smart devices. The vulnerabilities exposed thousands of HDL devices to remote control by adversaries, leading to possible network intrusion, secret exfiltration, and even ransomware attacks. SentinelOne alerted HDL to the issues via the responsible disclosure process, and the vulnerabilities have been patched. IoT devices are ubiquitous in the home and the workplace, connecting lights, air conditioning, and even heat-sensors to home or corporate networks. IoT devices are also potential security weak points that attackers target to exploit internal network configurations, change arbitrary controllers, 8

CXO INSIGHT ME

SEPTEMBER 2020

MOST BUSINESSES SAY CLOUD IS A PRIORITY IN THE COVID-19 SHUTDOWN: REPORT IT challenges when transitioning to remote work. • Threat mitigation and network visibility remain the top security concerns for the remote work environment. 68% say better threat detection and or mitigation technologies would enable more remote work for their organisations. Specifically, respondents are looking for better visibility into devices on the corporate network (65%), cloud applications workers are using (61%), and compromised devices (46%). • Security incidents are rising. Half of the surveyed businesses are seeing more cyber-attacks—with the biggest jumps in China and Australia—while just a quarter are seeing fewer. • Companies are reversing policies to allow the use of personal applications to foster collaboration. 63% of companies are allowing workers to connect with each other using applications like WhatsApp, Zoom, and Houseparty. • Companies are using cloud security tools, particularly from the DDI family (DNS, DHCP, IP Address Management), to secure the borderless enterprise. 59% of companies plan on making additional investments in DNS to secure their expanded networks.

Kanaiya Vasani, Infoblox

nfoblox and Zogby Analytics have unveiled a research into the ongoing IT challenges posed by the COVID-19 shutdown. Half a year into the shutdown, companies are still playing catch up to optimise their remote work experience. Based on 1,077 responses from the US, the UK, Germany, the Netherlands, Spain, China, Japan, Australia, and Singapore, key survey findings show that: • The borderless enterprise is here to stay. More than 90% of decision-makers consider digital transformation and cloud-managed

services a priority. The percentage of companies with a majority of employees working remotely more than tripled from 21% before the shutdown to 70% after. 40% of companies, twice the pre-COVID-19 rate, are permanently keeping a majority of workers remote. • Organisations are still building out their IT infrastructure and security controls to optimise remote work. Organisations say distributing sanctioned devices (35%), building network infrastructure (35%), and securing the network (29%) are top

“While most organisations can now accommodate the basics of remote work, this report highlights the need for more security controls,” said Kanaiya Vasani, Executive Vice President, Products and Corporate Development at Infoblox. “To meet that need, a majority of surveyed companies are turning to DNS to rapidly stand up a foundational layer of security for employees working from home. “Using a hybrid DNS security solution like BloxOne Threat Defense, enterprises can create a ubiquitous layer of visibility and security across their expanded infrastructure.”

SEPTEMBER 2020

CXO INSIGHT ME

NEWS

NEW DIPLOMA TO ENHANCE SKILLS OF SMART CITY EXPERIENCE SPECIALISTS

forms part of the new phase of Dubai’s Happiness Agenda, which His Highness Sheikh Hamdan bin Mohammed bin Rashid Al Maktoum, Crown Prince of Dubai and Chairman of The Executive Council of Dubai announced in December 2019. The launch of the latest phase of the Happiness Agenda aims at improving people’s experiences in the smart city of Dubai, and emphasises the role of Smart City Experience Specialists as a key component of the way successful smart cities function. “As the government entity tasked with driving Dubai’s transformation into a full-fledged smart city of the future, Smart Dubai is committed to supporting the education sector in its efforts to create new specialisations and programmes that

that are needed to build successful smart cities,” said Younus Al Nasser, Assistant Director General, Smart Dubai and CEO, Dubai Data Establishment, noting that the new Professional Diploma was designed with this exact objective in mind. The Professional Diploma consists of four modules and a capstone project, where all of the Diploma’s learnings and takeaways are applied towards a reallife project. The first module is Digital Technologies, which covers the basics of key emerging technologies, such as Artificial Intelligence, AI, and Blockchain, and also covers dynamic service integration and information security. The second module, Design Basics, follows with insight into primary topics in design methodology such as design thinking, information architecture, user interface, and content design. The third module is Research Methods and offers a practical review of important research methods, while the fourth module, Service Design, brings all the threads together to create high quality digital services towards and exceptional experience, and covers the difference between product and service design, as well as the difference between digital and analogue services. In this way, the Diploma ensures that future digital services will be offered keeping in mind the manner digital services are designed and meant to be delivered.

represents Pure’s largest acquisition to date and the company’s deeper expansion into the fast-growing market for multi-cloud data services to support Kubernetes and containers. “As forward-thinking enterprises adopt cloud native strategies to advance their business, we are thrilled to have the Portworx team and their groundbreaking technology joining us at Pure to expand our success in delivering multi-cloud data services for Kubernetes,” said Charles Giancarlo, Chairman and CEO, Pure Storage. “This acquisition marks a significant milestone in expanding our Modern Data Experience to cover traditional and cloud native applications alike.”

Portworx is the Kubernetes Data Services Platform most used by Global 2000 companies to provide persistent storage, high availability, data protection, data security, and cloud mobility for containers deployed in hybrid cloud architectures. By combining Portworx container data services with Pure’s industry-leading data platforms and Pure Service Orchestrator software, Pure will provide a comprehensive suite of data services that can be deployed in-cloud, on bare metal, or on enterprise arrays, all natively orchestrated in Kubernetes. With Portworx, Pure delivers the industry’s most complete platform for every stage of the cloud native journey.

mart Dubai has launched a Professional Diploma to enhance the skills of the city’s ‘Smart City Experience Specialists’, according to a report by WAM. The new diploma will introduce best practices to improve the design and quality of experiencing current digital services and help create new ones to drive Dubai’s digital transformation and build a smarter city. Students can expect to learn the use of current and emerging technologies, which will be the foundation of the course. It will help accelerate innovation, and directly contribute to continued improvements of the economy, the environment and the quality of life in Dubai, said the report. The first of its kind in the region, the Professional Diploma is offered online by Smart Dubai in collaboration with the University of Dubai and the Dubai Institute of Design and Innovation, DIDI. It is accredited by the Knowledge and Human Development Authority, KHDA, and brings together 35 Smart City Experience Specialists from 27 government, semigovernment and private sector entities. Taking place from the first week of September until the first week of November 2020, the Professional Diploma

PURE STORAGE TO ACQUIRE PORTWORX

Pure Storage has announced that it has entered into a definitive agreement to acquire Portworx, the Kubernetes data services platform, for approximately $370 million in cash. This deal 10

CXO INSIGHT ME

SEPTEMBER 2020

Younus Al Nasser

Ask for IBM Public Cloud

COVER STORY

FAST TRACK TO SUCCESS LULU GROUP INTERNATIONAL HAS RECENTLY MOVED ITS SAP HANA ENVIRONMENT TO IBM INFRASTRUCTURE AS PART OF ITS TECHNOLOGY MODERNISATION DRIVE. PIYUSH CHOWHAN, GROUP CIO, EXPLAINS HOW THE RETAIL GIANT PLANS TO DIGITALLY TRANSFORM TO MEET THE FLEXIBILITY AND PERFORMANCE ITS BUSINESS DEMANDS.

CXO INSIGHT ME

SEPTEMBER 2020

hat is Lulu’s blueprint for digital transformation? One of the things we want to do is to transform and be more customer-centric. Our digital strategy is centred around how we can engage with our customers better. We were predominantly a brickand-mortar retailer, and now the focus is on giving our customers an omnichannel experience. I don’t want to emphasise only e-commerce because that is just one part of the ecosystem we want to build. We are also looking at how to capitalise on data to drive business growth. We have many customers walking into our stores, we supply merchandise from 22 odd countries, so there is a lot of data being generated across the supply chain, stores, and warehouses. We want to use this data for more meaningful insights and reduce costs. We have more than 190 stores and our business strategy is to expand in a major way in Saudi Arabia, Egypt, the Far East, and India. To support this growth strategy, we are now working on technology modernisation, which will be underpinned by the transition to the cloud and more scalable and resilient solutions. Do you see an accelerated shift towards e-commerce in the region? Unfortunately, in the GCC countries, digital commerce penetration was lower than any other geography. However, because of Covid-19, there has been a sudden spike in digital commerce. And while some of it might be temporary, the projected e-commerce growth that would have otherwise happened in 2025 may be realised as early as 2023. We want to make sure we ready for this, but we don’t want to be a pure-play e-commerce player because our strength is in physical stores. Our strategy is to merge online and offline journeys and offer a seamless omnichannel experience to the customer. Why did the group decide to move to IBM Power Systems? We were one of the early adopters of SAP HANA, our core application, and

we have brought in a lot of innovation working alongside SAP. Ever since 2005, we have gone through two rounds of a refresh, and we are almost three-times bigger since the last upgrade in 2014. Running one of the largest SAP implementations in the region is not an easy job, especially in retail, where the customer behaviour is very dynamic. We required much more powerful, flexible, and scalable systems that are ready for the future as part of our technology landscape. We did a thorough evaluation and reached out to our peers all over the world to understand where technology is moving in terms of core infrastructure. We had two choices one was to look at the cloud, which we realised is not feasible at the moment for the kind of workloads we have. So it was a conscious decision to host this in our own data centre. The main points of our evaluation criteria

WE WANTED TO TIE UP WITH A VENDOR WITH A DEEP INTEREST IN CREATING ECOSYSTEMS AND PLATFORMS BECAUSE YOU CAN’T RUN ONE OF THE LARGEST SAP INSTANCES ON A MEDIOCRE SYSTEM. IT NEEDS TO BE RELIABLE, AND MORE IMPORTANTLY, MODULAR. AFTER SOME VERY DESCRIPTIVE AND QUANTITATIVE ASSESSMENT, WE ZEROED IN ON IBM AS OUR PARTNER.

were - How resilient and scalable are the systems? Have they been proven in the landscape out there? And how futuristic is the underlying technology? We wanted to tie up with a vendor with a deep interest in creating ecosystems and platforms because you can’t run one of the largest SAP instances on a mediocre system. It needs to be reliable, and more importantly, modular. After some very descriptive and quantitative assessment, we zeroed in on IBM as our partner. We migrated from x86 platforms to IBM infrastructure. Right now, we have 16TB of SAP HANA workloads running on it, and we may double the capacity over the next few years based on our expansion plan. As I mentioned earlier, part of our digital transformation journey is to create data points and consolidate all hard data from core ERP, supply chain, and store systems on to this platform and make it accessible to the business. We will also extend it to future-proof, cloud-ready data lakes over the next couple of months. How long did it take to migrate? The whole migration took us around three months and was carried out in a tremendous collaborative manner with our partners. You have to keep in mind the fact that we placed the order just before the pandemic broke out, and the conditions were challenging because these are not out-of-box systems but custom-made. We also moved to the latest version of storage, which has a sophisticated virtualisation layer on top, and this helped us consolidate all our storage. Moving all workloads from old systems to the new one was a bit like changing parts of an aeroplane while it is in motion. We made sure that the core ERP system downtime was kept at a bare minimum with the help of parallel systems, and the transition was smooth without any glitches. A migration like this requires collaboration between application

SEPTEMBER 2020

CXO INSIGHT ME

COVER STORY

and infrastructure teams. How did you manage to do that during this pandemic? That is where digital resilience comes into play. Digital workforce transformation means how you react to different situations, and we proved ourselves in having done that. We were able to work with a diverse set of people spread globally. We take pride in the fact that we have deep application experience in SAP and HANA platforms. A lot of heavy lifting was done by our team here, and I am immensely proud that we could pull this off despite all the challenges. Have you been to reduce your infrastructure footprint as a result of this shift? We were able to reduce the server footprint in the data centre, and also consolidate storage requirement onto modern storage infrastructure. The management of SAP workloads and storage is so much easier now, and we can do it with fewer people. However, the most significant advantage is our ability to scale up and down. To give you an example, during the lockdown, we had to import three times more volume to ensure the food security of the country, and our system had to scale up very quickly. We are living in an increasingly volatile world, and our ability to venture into unchartered waters will depend on how quickly we can scale up or scale 14

CXO INSIGHT ME

SEPTEMBER 2020

out systems without any friction, and resiliency towards diverse workloads. Are you able to do real-time data analytics now? One of the paradigm shifts we want is to move away from batch processing to real-time analytics to shape the customer experience. Now we can capture and process data in real-time from in-store transactions. The key to success in retail is to be data-centric. We will keep improving our data management and churn hard data to create more insights for business teams and create better customer satisfaction. We see increased cloud usage due to Covid-19. Are you looking at a cloud consumption model, or will you selfmanage? Cloud is going to be an important part of our journey. However, it has to be a choice that needs to be made on its merit, and I say this for multiple reasons. One is that the cloud is not ready for mission-critical workloads. We did a thorough cost-benefit analysis working with all the major cloud players in the region and realised that the cloud is not the right choice for us. If you don’t have cloud-native apps, then you don’t get the benefit at all. You will fail if you lift and shift monolithic applications to cloud environments, and it can prove to

WE WERE ABLE TO REDUCE THE SERVER FOOTPRINT IN THE DATA CENTRE, AND ALSO CONSOLIDATE STORAGE REQUIREMENT ONTO MODERN STORAGE INFRASTRUCTURE. THE MANAGEMENT OF SAP WORKLOADS AND STORAGE IS SO MUCH EASIER NOW, AND WE CAN DO IT WITH FEWER PEOPLE. HOWEVER, THE MOST SIGNIFICANT ADVANTAGE IS OUR ABILITY TO SCALE UP AND DOWN. be very costly. This is why we are going to follow a hybrid model – we are going to run our monolithic apps on-premise, and all new-gen applications, which are cloud-and mobile-first, will be hosted in the cloud. Has this pandemic made you rethink some of your tech investment plans and priorities? Not much. One thing that we see during this pandemic is that the pace of digital investments has accelerated. Cloud, automation and customer engagement technologies based on AI and ML were there before COVID too. But it is no longer a choice for organisations now; it has become a must-have to grow business. In our case, because the customer transition towards digital commerce is happening at a rapid clip now, we are reacting to the trend by adding more fulfilment centres, delivery fleet, etc. Now, we have a world-class platform that allows us to focus more on the e-commerce ecosystem.

FEATURE

THE RISE OF EDGE COMPUTING MOVING PROCESSING POWER AND STORAGE TO THE EDGE OF ENTERPRISE NETWORKS IS SAID TO BE THE FUTURE OF ENTERPRISE TECHNOLOGY. HOW CAN YOU DETERMINE IF IT IS THE RIGHT CHOICE FOR YOU? HERE ARE SOME KEY QUESTIONS TO ASK BEFORE YOU START.

he concept of edge computing, hailed by many as transformational tech architecture, is rather simple. It is all about distributing computing power beyond the data centre to where the action is. In other words, processing data closer to the edge of the network where data is being generated instead of a centralised data centre. Frost & Sullivan predicts 90 percent of industrial enterprises will use edge computing by 2022, and the multiaccess edge computing market is expected to reach $7.23 billion by 2024. Some industry analysts believe edge computing will eventually replace 16

CXO INSIGHT ME

SEPTEMBER 2020

traditional cloud computing, but the consensus is that two approaches can be complementary. What is driving the need for edge computing? Walid Yehia, Senior Director, Presales for MERAT - Dell Technologies, says the proliferation of IoT devices is generating massive amounts of data, with no signs of slowing any time soon. â&#x20AC;&#x153;The ability to store, move and process this data can provide tremendous opportunities for businesses, but can also become challenging if not managed properly. Edge computing can help solve this problem by processing data closer to the source and mitigating the risk

of exceeding network capacity and overloading networks. This is essential as it plays a fundamental role in continued IoT and 5G adoption, along with new applications that require realtime computing power.â&#x20AC;? He argues edge computing can also greatly reduce latency and enhance performance. With ongoing demand for faster service delivery and data analytics, organisations will increasingly push their data processing to edge networks, resulting in less centralised infrastructure and creating a wealth of possibilities for businesses. Charbel Khneisser, Regional Presales Director, MENA at Riverbed, says until recently, the convention has been

Walid Yehia

Charbel Khneisser

Nabil Khalil

to consolidate data into centralised locations and this approach has worked very well. However, there has been a greater need for data to be available anywhere and at any time, with little to no impact on user experience. This leaves no room for latency, which is why edge computing is gaining popularity. Nabil Khalil, Executive Vice-President of R&M Middle East, Turkey and Africa, believes IoT, 5G, and mobility have begun to cause an exponential growth of IP traffic while requiring ultra-low latency even in remote places. The hyperscale data centres that service providers and enterprises have been investing in today will not be able to fully cover the new network, computing and storage requirements of the coming years. He thinks organisations therefore need to extend computing power to the edge of their network to support their large, central data centres. There are many ways to implement edge in the enterprise, and CIOs must evaluate if it is really needed as part of their computing strategy to achieve performance and cost reductions. According to Yehia, edge deployments can be diverse based on enterprise requirements and industry trends, but all fall under a common umbrella. By moving away from a centralised approach to infrastructure, edge computing can be implemented by distributing workloads and moving some computing and storage to edge locations where they may run

best, especially in the case of remote locations or for applications that need real-time processing. The analytics and actionable intelligence that can be derived from real-time analysis at endpoints will ultimately empower agile and proactive business practices in an increasingly connected world. Khneisser adds that edge computing aims to deliver low latency to end users by shortening the distance between where the data is available and the end-users’ location. “Given this requirement, when designing edge computing architectures, emphasis should be placed on the end-user. To understand their requirements, you first need visibility into how applications perform on their devices, the issues they potentially face and their overall experience,” he advises. Though at the moment edge is being primarily driven by IoT, the growing availability of 5G is also expected to create new cases for the technology beyond just manufacturing. According to Forrester, the biggest benefits organisations seek from edge computing include flexibility to handle present and future artificial intelligence demands and the fact that computing at the edge avoids network latency and allows faster responses. Following this are use cases generated due to a need for edge computing to conduct complex processing that the cloud can’t support, fueled by the proliferation of connected devices.

Khalil says the low-latency, hyper-interactivity and decentral intelligence offered by edge will play a role in numerous other applications in the digitalised world. These include industrial manufacture, industrial Ethernet and robotics, 5G and video communication, smart grids, as well as blockchain, AI and AR applications. Edge computing can support all these tasks by shortening the path between the acquisition, collection, analysis, and feedback of intelligence to the networks. Yahia from Dell highlights retail as one vertical that could stand to benefit from edge, with its focus on innovative customer experiences. The use-cases are many, including facial recognition for personalised advertising, AIpowered surveillance for security, retail shrinkage prevention, and augmentedreality mirrors in fitting rooms that would need close computing power. “Healthcare also has a lot of potential, where remote surgeries, patient monitoring, and telemedicine could be facilitated more seamlessly. Smart cities also stand to advantage from edge, from faster autonomous vehicle support to smart traffic management. Additionally, for communication service providers (CSPs), edge computing remains to be a compelling area of infrastructure investment, with its benefits of reduced latency, improved throughput, better security, and isolation,” he concludes.

SEPTEMBER 2020

CXO INSIGHT ME

EVENT

CELEBRATING DIGITAL INNOVATION CXO MIDDLE EAST ORGANISED ICT LEADERSHIP AWARDS 2020, HIGHLIGHTING DIGITAL BUSINESS EXCELLENCE SPECIFICALLY FROM SAUDI ARABIA AND EGYPT MARKETS.

CXO INSIGHT ME

SEPTEMBER 2020

Yasser Elmashad

he live virtual event recognised IT leaders and organisations who have effortlessly transitioned their operations into remote models and offered deep insights from reputed speakers and panelists. The Middle East is bubbling cauldron of innovation. The pace of digital transformation in the region is accelerating in the wake of the pandemic with the rapid adoption of digital technologies such as AI, blockchain, and cloud computing, layered with cybersecurity. Basil Ayass, an industry veteran, was the MC for the event and welcomed the live attendees. “Six months ago, none of us could have imagine how this global pandemic would turn our world upside down, changing the way we live, work, do business and socialise. The pandemic is forcing many companies to speed up their digital transformation initiatives and leverage innovation to grow their businesses again,” he said. “Today, we are honouring companies in Saudi and Egypt whose practice of ICT has led to substantial benefits and weathered business disruption during these difficult times.” In his keynote address, Yasser Elmashad, Cyber Security Specialist from F5 reiterated the need to revamp current cybersecurity strategies to take into account evolving trends. “Traditional network perimeter security is not relevant any more to today’s modern environment. Businesses across verticals must look at adopting Zero Trust as an approach,” he said.

Riyad Al Rasheed

Rajalakshmi Srinivasan

Elmashad added that today all applications must be protected and not just the mission critical ones. He went on to explain how F5 can help with its unique offerings in a customer’s digital journey. Next, a thought-provoking discussion titled ‘Emerging from the crisis-How the pandemic is forcing a rethink in technology roadmaps’ kept attendees glued to their devices. The panel featured esteemed speakers Rajalakshmi Srinivasan, Director, Product Management, Site24x7, Riyad Al Rasheed, Country Manager, Saudi Arabia, Rubrik and Zaki Krayem, Sales Manager Financial Sector, Fortinet and was moderated by CXO Insight Middle East Managing Editor Jeevan Thankappan. The panelists discussed current trends such as increased demand for remote communication and collaboration tools, acceleration towards cloud environments, securing beyond the network perimeters, importance of data and its protection, criticality of backup and recovery plans among several other key topics. The panelists concurred that for companies to thrive in the new normal they have to rethink their current strategies, quicken their digital plans and always have cybersecurity as top priority. The last leg of the virtual event was the much-awaited live awards ceremony where 20 winners from Saudi Arabia and Egypt were applauded for most innovative ICT projects. The winners were chosen from a pool of more than 100 shortlisted entries after a careful assessment by CXO Insight’s editorial team.

Zaki Krayem

ICT LEADERSHIP AWARDS WINNERS Mir Dawar Ali ACWA Power Tarek El-Sherif Al Ahli Bank of Kuwait – Egypt Mansour Nasser Al Rashaid Alinma Bank Tanseer Kunjan Almarai Company Tharwat Soliman Audio Technology Sherif El-Gendy Central Bank of Egypt Dina Alaa Children’s Cancer Hospital Abbas Barakati Cloud Solution Syed Fakruddin Albeez Dar Al Arkan Oussama Zein E.A. Juffali & Brothers ISC & CoE Akram Al-Agil Jarir Bookstore Fahad bin Dayel King Faisal Specialist Hospital & Research Centre Khalid Alodhaibi Medical Services DirectorateMinistry of Defense KSA Adel Abo Elnour Ministry of Housing and Development, Egypt Tariq Kayyali Pharma Pharmaceutical Industries Yasser Sharaf Raya Contact Center Abdullah Ghazi AlAttas, SAMACO Automotive Sulayman Alsugair Saudi Electricity Company Nouf Aljalaud Saudi Ground Services Abdulrahman Mutrib Seera Group

SEPTEMBER 2020

CXO INSIGHT ME

FEATURE

A CONNECTED WORLD IoT HAS BECOME CENTRAL TO ENTERPRISE TECHNOLOGY ROADMAPS WITH GROWING EXPECTATIONS. HOWEVER, IT HAS ITS FAIR SHARE OF CHALLENGES. HERE IS WHAT YOU NEED TO KNOW.

uring this pandemic, digital technologies have been key to keep business running, and IoT is playing an important role in the fight against Covid-19. It has enabled many new use cases in healthcare and is being used widely in supply chain tracking, contactless payments and remote access. The ability to communicate data without manual intervention and automate business processes makes IoT an ideal platform for 20

CXO INSIGHT ME

SEPTEMBER 2020

organisations to adapt to the new normal. Covid-19 has proven to be a key driver for digital transformation in 2020. Companies have realised the need to be fully digital by having, for example, online channels, automated processes, better integration, and getting real value from existing and new data. “IoT is a special use case part of the overall digital transformation journey, which got more attention due to the current pandemic’s nature. Many customers

seeking a safer workplace started considering deploying IoT solutions i.e., remote worker monitoring, safe distance monitoring, smart buttons for workers & patient monitoring, etc.,” says Feras Juma, IOT & Integration Solutions Manager, Software AG. He says Software AG has witnessed a surge in requests from its clients for IoT, mainly focused around those specific Covid-19 use cases, which is a great indicator that companies started to consider IoT in general as a key strategic area in their roadmap.

Morey Haber, CTO & CISO, BeyondTrust, shares a similar opinion: “We have seen an acceleration in adoption of IoT due to COVID-19 but that has been driven by changing consumer buying behavior to accommodate the new work-fromhome and e-learning environments, rather than directly by companies and traditional office environment use cases.” He continues to say that companies are seeing an acceleration in cloud technologies and the adoption of SaaS solutions in order to support employees at home. In addition, employees working from home are purchasing more IoT technology to modernise their homes and home offices to provide a more complete and rewarding remote working experience. This includes everything from digital personal assistants to help with calendaring and reminders to cameras and security systems that are internet connected to secure their homes. Ammar Enaya, regional director – Middle East, Turkey & North Africa (METNA) at Vectra, says IoT solutions are now mainstream and whilst there may be several new use cases driven by COVID-19 related changes, the exponential growth in IoT — and associated smart devices and industrial automation — is driven by a broader set of factors including the significant efficiency gains and new value creation opportunities these technologies afford. Trends to watch In a report published last year, McKinsey notes that IoT is a business opportunity, not just a tech opportunity. The research firm points out that IoT is seen as a technology challenge, and IoT efforts are driven by CIOs. “But we see time and again that maximising the economic impact of an IoT effort requires a broad set of changes to business practices as well,” the report says. Over the next 12 months, industry experts predict an accelerated adoption of IoT in healthcare more than

Feras Juma

LEGACY DEVICES CAN POSE A CHALLENGE IN ATTAINING ADEQUATE IOT SECURITY. WITH 85% OF THESE INTERCONNECTED OUTDATED DEVICES HAVING LIMITED UPDATE AND PATCHING CAPABILITIES, INADEQUATE SECURITY PRACTICES CAN QUICKLY UNDERMINE THEIR VALUE BY ERODING THE TRUST AND SAFETY OF END-USERS. any other vertical. “Many connected devices are now available in the market to monitor and analyse healthrelated data. Due to the pandemic, the workload of healthcare systems has increased around the world, and healthcare providers are looking to telemedicine as a way of providing outpatient care during the crisis. Adoption of IoT in telemedicine, such as remote patient monitoring and

Morey Haber

5G enabled medical robots to scan human temperature, deliver drugs, and disinfect hospitals wards, will be implemented in the new normal of healthcare,” says Sébastien Pavie, Regional Vice President for Cloud Protection and Licensing activities at Thales. Another key trend is the growing role of AI in IoT applications and deployments, and many expect these two powerful technologies to merge. IoT has many core pillars, and analytics is one of them, according to Juma from Software AG. There are different type of analytics; visual, streaming, and predictive ‘AI’. AI plays an important role across many use cases within the industrial domain. For example, predictive maintenance where you need to monitor the health of running machines like compressors, and predict a future failure in order to avoid a production line downtime which can lead to a huge operational cost. Having an IoT platform that can facilitate the execution of a predictive model -anomaly detection model while monitoring real-time machine data would deliver a great business value, he points out. IoT alone is a simple technology based on a minimalistic approach to an operating system and interface. It is essentially a network-enabled “toaster.” Haber from BeyondTrust says the brains and AI technology come from

SEPTEMBER 2020

CXO INSIGHT ME

FEATURE

Ammar Enaya

the cloud and requires computing and correlation power. Without the cloud, IoT can only perform the minimal functions it has programmed in. For example, turning on a light. However, for devices like a digital personal assistant (Alexa, Siri, Cortana, Nest, etc.), the cloud provides the necessary AI in order for it to function and even anticipate our questions. “While this merger is not directly on the IoT device, I do expect more functions to be distributed to IoT devices themselves in the future to solve common use cases that do not need internet access. Nest Thermostats using Eco Mode and Learning Modes are a good example of this hybrid approach,” Haber adds. IoT security issues As we adapt to the new normal and IoT becomes a more significant part of our daily lives, hackers will also be probing IoT products for vulnerabilities. IoT devices are often targeted because of the valuable data they hold, says Pavie from Thales. Legacy devices can pose a challenge in attaining adequate IoT security. With 85% of these interconnected outdated devices having limited update and patching capabilities, inadequate security practices can quickly undermine their value by eroding the trust and safety of end-users. IoT devices can also be used as a gateway into a 22

CXO INSIGHT ME

SEPTEMBER 2020

Sébastien Pavie

Giuseppe Brizio

company’s network, enabling hackers to unlock the door to the kingdom of the company’s secrets, or simply wreak havoc by taking over the devices themselves, he adds. “IoT, with 30 billion connected devices in 2020 and a projection over 60 billion by the end of 2025, is at the intersection between the digital and the real world, and therefore very appealing for hackers, malware and ransomware. To prevent unauthorised access to connected devices, it’s paramount to change the manufacturer’s default password as soon as the device is received and then protect and manage credentials according to related security best practices,” says Giuseppe Brizio, CISO EMEA, Qualys. Ennaya from Vectra says we have to acknowledge that IoT designers have a chequered history of building secure devices. As IT and OT networks increasingly become connected, there is a greater need for detecting hidden threat behaviours inside networks, before cyberattacks have a chance to spy, spread and steal. “It’s a phenomenon we’ve seen in Vectra’s own analysis from inside operators of critical national infrastructure. For example, attackers have tested and mapped-out attacks against energy and utility networks for years. These slow, quiet reconnaissance missions involve observing operator

behaviours and building a unique plan of attack,” he says. He cites the example of an attack that shut down Ukraine’s power grid in 2015 was reportedly planned many months in advance by skilled and sophisticated cybercriminals. This underscores the importance of identifying hidden attackers inside enterprise IT networks before they cause damage to the industrial control systems (ICS) and steal information related to the critical infrastructure. These threat behaviours reveal that carefully orchestrated attack campaigns occur over many months. Juma from Software AG advises CISOs to consider IoT security end to end, across the whole spectrum, from devices, to network, to associated gateways & relays, to the platform and all the way to the IoT application itself that consumes and presents the IoT data. “For example, devices should be secured physically, and transmit their data securely over the network with unique device credentials along with proper data encryption in place. On the northbound side, applications need to communicate with the IoT platform again securely (using authentication, and also SSL certificates for advanced security and data encryption). In summary, you shouldn’t compromise on security, and you have to look at your IoT data flow end to end, not just on your devices connectivity end.”

VIEWPOINT

PROTECTING REMOTE WORKERS NED BALTAGI, MANAGING DIRECTOR, MIDDLE EAST & AFRICA AT SANS INSTITUTE ADVISES ORGANIZATIONS THAT THIS IS THE TIME TO ADD A BIT OF COOLNESS AND FUN INTO TECHNOLOGY AND HELP WORKERS BECOME MORE COMFORTABLE WITH BASIC CYBERSECURITY AND TECHNOLOGY BEST PRACTICES.

uman behavior towards cybersecurity practices or today’s greatest challenge - managing the risk of the pandemic, varies by individuals. Yet every social action or organisational behavior has a consequence. By monitoring human activity and reinforcing positive actions to adopt safe cybersecurity practices or following safepandemic practices, organisations and human communities can benefit. Designing applications that reward an individual with points and badges and displays them publicly can help mobilise positive movement. Gamifications can help improve the level of compliance towards following basic cybersecurity best practices in an organisation, the same way as they can influence communities to shun risky post pandemic behavior. Organisations criticise the lack of availability of technology skills and especially those of cybersecurity expertise. Yet both human resources heads in organisations and information technology heads do not realise that a lot can be achieved in their business by educating and motivating the workforce to adopt best practices of cybersecurity. Many employees in the workforce can also be inspired to train themselves in cybersecurity skills to manage the basic administration of their devices and networks. With remote workforces becoming part of the post-pandemic workplace there is a human resource requirement to relook at the level of basic technology skills across the hybrid workforce. However, a gamification approach may be required to add an active 24

CXO INSIGHT ME

SEPTEMBER 2020

element of interest around this activity. Here are some basic tips on what administrators can do to kick start a cool and gamified approach towards technology: #1 Personal information across Internet. It is essential that remote workers maintain a clean record on the Internet. The postpandemic phase has seen a disproportionate level of stress and readjustment and this may continue in the months ahead. But venting strong feelings and thoughts across multiple social media sites may just start working against remote workers and their teams. Threat actors are looking for such displays of personal information including family names, assets and other information, shared under duress, that can be used in phishing attacks. #2 Break and fix technology and devices. One of the fastest ways for remote workers to get comfortable and experienced is to allow them to build up software tools and use them to test the technologies at their remote workplace. Instruct remote workers how to spend hands-on time with technology, engage with technology, break it and then fix-it. There are a lot of amazing free tools and resources available online for remote teams to work and play with. Some are more easier to use than the other, and you do have to make sure you know where to find them. But open source tools are a great way of expanding your tool kit and skill set.

#3 Build the technology lab at home. If remote workers are at home let them feel comfortable to build a lab at home. Encourage teams to be curious about technology, allowing them to make mistakes. The more mistakes they make, the more they are learning. And more technology learning helps to boost better understanding of cyber security best practices. #4 Share technology experiences. Get remote workers and teams to share their experiences. If you want to physically protect a building, you need to understand doors, windows, and structure. For information security, remote workers need to understand the basics of computer networking. Understanding how computers function and communicate is the first step in defending them from cyberattacks. #5 Finding a mentor. An experienced worker who is ready to engage with remote teams, can boost the confidence levels of remote workers who may find themselves without support at odd hours of the day or night. With remote workers dispersed across the country and the globe, while working under the same work deadlines as they would in conventional offices, lack of face to face access to co-workers is often a huge demotivation. Informal mentorship can help plug such gaps and help to retain confidence in the organisation’s technology set up across remote workers and remote teams. On a final note, every remote worker has their favorite device, app or feature. Use that as a starting point for them to explore, learn, share and move forward. Conforming to and understanding the organisation’s cybersecurity best practices may just become an easy ride for them as they plunge into technologies that help them to work better and better. #6 Expand your skillset with CTFs and Ranges Capture the Flag events are not only a great way to interact with your peers and likeminded individuals, they are also a great way to learn and apply new skills in a real-life situation. Playing either on your own or with your team and really help you hone your skills.

VIEWPOINT

UPGRADING LANS THE SMART WAY

ARAFAT YOUSEF, MANAGING DIRECTOR – MIDDLE EAST & AFRICA, NEXANS DATA NETWORK SOLUTIONS, ON HOW TO ENSURE YOUR LAN IS FUTURE READY WHILE RETAINING FLEXIBILITY

reviously separate systems and platforms are increasingly converging, and at the same time bandwidth requirements are growing fast, driven by cloud applications, IoT, Wi-Fi 6 and more. This calls for future-ready LANs, capable of supporting several generations of technology. However, upgrading a LAN can be challenging for a variety of reasons. The network impacts a wide range of users and the overall company IT infrastructure, while supporting many different functions - from VOIP and Cloud applications to wireless access and security. Scope for downtime is limited. What do you need to bear in mind when (re-) designing or expanding an enterprise or facility network? How might FTTO help solve some of the issues? Providing power, bandwidth and flexibility while, reducing cost There are several technology-related challenges to take into account, related to fast-growing bandwidth required for new applications, powering large numbers of distributed devices, and network flexibility, largely driven by convergence of previously disparate systems. Furthermore, upgrading office IT infrastructure also brings quite a few physical and logistical challenges architectural limitations, for example in listed buildings, or the changing functions of departments or entire buildings. As WiFi6 makes more advanced applications possible, the LAN needs to provide ubiquitous capacity, with plenty of bandwidth reserves, to the Wireless Access Point. After all, as more

devices share wireless bandwidth it becomes increasingly diluted, possibly even to the point of becoming unusable. With the fast increase of connected LED lighting, sensor technology, and IP-equipped devices, Power over Ethernet is becoming a necessity. Providing current over Ethernet cabling allows devices to be installed and moved around without having to worry whether there’s an electrical outlet close by. Power delivered through new generations of PoE is more than six times the level of the initial PoE standard. Without the right cable design, this may significantly increase heat buildup inside cable bundles. Often, a building will impose limitations to where cable can run. Older buildings may have protected status, and often spaces are simply too confined, or have cramped conduits and cable racks twisting at sharp angles. With fibre cables, the required bending can present significant problems. As the functions of spaces in a building change over the years, it is vital that extensive rebuilding isn’t required each time, and data transmission and power capacity can simply be re-routed. The number of people in a building may increase or decrease and new applications may be introduced over time. From a technical perspective, that means you’ll need to ensure you can deliver enough bandwidth for even the most demanding requirements, as well as a growing number

of mobile devices. Labour costs can also add up, especially when cabling has to be spliced on site, additional power outlets need to be introduced, or technical rooms have to be created. Consider Fibre To The Office A Fibre To The Office (FTTO) solution can help with the challenges described, avoiding the need to provide power outlets for individual devices, while ensuring vast bandwidth reserves as well as flexibility and providing the ability to scale up easily and cost-effectively. Fibre is laid up from the central switch to a connection point in the office or workplace. Here, a dedicated Ethernet switch ensures intelligent media conversion from copper to fibre. Gigabit speeds can be realised while at the same time PoE is supported. Copper cables supporting PoE over standard RJ45 interfaces allow a single network cable to be used to provide data connection as well as electric power. Whenever building layout changes, devices can simply be re-patched or added. They are immediately powered up and connected to the network. No floor distributor is required, which saves a considerable amount of space per floor. Thick cable bundles are avoided, thanks to the use of pre-terminated fibre, optimised for fast and easy installation. Heat buildup and flammability are also avoided in this way, as well as by smart cable design. Of course, as networks increase in size, or configurations change, keeping track of network configuration becomes increasingly difficult and every new connection is a potential point of failure. Cost and time investments are also reduced by automated monitoring, control and asset management and high bandwidth reserves and redundancy. Total Cost of Ownership can be optimised, while growth and energy consumption are balanced. There’s no one-size-fits all solution, as the challenges and potential benefits in each location are different, but our experts are always happy to discuss your specific situation and any requirements you may have!

SEPTEMBER 2020

CXO INSIGHT ME

INTERVIEW

A NEW THINKING LENOVO HAS RECENTLY UNVEILED A NEW STUDY, WHICH FOUND THAT ORGANISATIONS ARE PLACING BUSINESS AND SHAREHOLDER GOALS ABOVE EMPLOYEE NEEDS WHEN ADOPTING NEW TECHNOLOGIES. THE RESEARCH, CONDUCTED AMONG 1,000 IT MANAGERS ACROSS EMEA, FOUND THAT JUST 6% OF IT MANAGERS CONSIDER USERS AS THEIR TOP PRIORITY WHEN MAKING TECHNOLOGY INVESTMENTS. THIS APPROACH TO IT ADOPTION IS ULTIMATELY LEADING TO PRODUCTIVITY BEING STIFLED.

hen businesses implement new technologies without considering the human impact, many employees become overwhelmed due to the complexity and pace of change, with 47% of IT managers reporting that users struggle to embrace new software. With all industries having to adapt to the ‘next normal’ and take stock of their responsibility – to employees, to the environment and to the wider world – Lenovo encourages businesses to place the needs of their people at the heart of IT decisions. Dr Chris Cooper – General Manager Middle East and Africa at Lenovo Data Centre Group, talks about why businesses should consider the human impact when implementing new technologies Why do CIOs and their leadership teams need more than just a passing understanding of human-centric approach to tech implementations? The cost of businesses not thinking human is that technology that should be empowering, is instead inhibiting progress. This often results in many employees being overwhelmed by the volume, pace of change and complexity of new technologies, stifling productivity both of employees, and the tech itself. The potential of

CXO INSIGHT ME

SEPTEMBER 2020

emerging technologies such as AI, IoT and Blockchain is huge, promising greater innovation and improved productivity. But without considering how their adoption impacts employees, this potential will remain unfulfilled. It is not just CIO’s who need to start thinking human. The whole IT industry has a part to play in helping technology reach its true potential through improved interoperability, greater use

THE PRESSURES ON EVERY C-LEVEL EXECS IN ALL INDUSTRIES IS CHANGING – IT’S ONE OF ENHANCED FLEXIBILITY AND THE ABILITY TO RESPOND IN WAYS THAT THEY POSSIBLY NEVER CONSIDERED BEFORE. THIS MEANS THEY ARE BEING FORCED TO LOOK AT NEW WAYS OF ACCOMPLISHING THEIR GOALS AND ADAPTING TO CHANGE.

of standards, and more user analysis and automation, so that the balance we see today between both inhibitive and enabling technology, swings towards more human-centric technology in the future. How can you use tech for employeecentric strategy? By first asking the right people the right questions, before adopting new technologies. Rather than “how much does this cost?”, the focus should be on “does this tech have the right features, functions and benefits for the user?” But it is also about ensuring that the training, supply chain, change and communication management, leadership KPIs, organisational strategy and policy, and the post analysis of a technology rollout are all aligned with a people-first ethos. It is not just about how easy it is to use, but whether it will solve challenges, rather than create them, and can be universally adopted in an intuitive and inclusive way for both employees and customers. Which new technologies will drive up the value of employee technologies like digital workspaces? It is important to recognise that the digital workplace/space is a constant, continuing effort, rather than a final state. Many of today’s tech, will help

to shape virtual work including edge, AI, IoT etc. because each has its own benefit and value. The key, however, will be the interconnectedness of all these technologies. That is why Lenovo’s mission is to be a leader and enabler of intelligent transformation in order to deliver this type of ‘Smarter Technology For All. In your opinion, which technologies will shape the new normal? Those that are ‘Smarter’. This means that they are always connected, seamless, agile, flexible, easy to collaborate, adaptive to your needs, reliable and with quality performance and with enhanced security and privacy. Are you seeing any change in the CIO priorities now? The pressures on every C-level Execs in all industries is changing – it’s one of enhanced flexibility and the ability to respond in ways that they possibly never considered before. This means they are being forced to look at new ways of accomplishing their goals and adapting to change. Digital Transformation investments have become key initiatives in this journey of adaption. The need to have more flexible ways of managing the needs of infrastructures and applications has driven in increase in the reliance on Cloud offerings and proven a healthy opportunity for the hyperscalers already invested in the countries. Increasingly more focus is now placed on the promise of Edge and IoT offerings as the markets recognise the shift in data generation and processing outside the traditional datacentres. The vast growth in newly connected devices is having a major play here.

SEPTEMBER 2020

CXO INSIGHT ME

VIEWPOINT

WHY COMPLEXITY IS THE WORST ENEMY OF CYBERSECURITY MULTI-VENDOR SECURITY ENVIRONMENTS AND AN UNMANAGEABLE NUMBER OF SECURITY ALERTS ARE CAUSING CYBERSECURITY FATIGUE IN IT SECURITY SPECIALISTS, AND HARMING ORGANIZATION’S ABILITY TO PROTECT THEMSELVES, WRITES FADY YOUNES, CYBERSECURITY DIRECTOR, MIDDLE EAST & AFRICA, CISCO

eeping up with cybersecurity is one of the biggest challenges facing CIOs today. Managing cybersecurity, and your organisation is safe from the latest threats requires investment in skilled resources and time. Managing cybersecurity is made more difficult by the need to support a complex environment of multiple security products from multiple

CXO INSIGHT ME

SEPTEMBER 2020

vendors. Today’s businesses need to protect many different aspects of their operations, and getting the best protection for each can require deploying best-of-breed solutions from different vendors. Typically, businesses have addressed new threats by adding another solution to their network, whether that solution can integrate with the existing IT environment or not. Managing multiple security solutions, with multiple sets of alerts, and

ensuring there are no gaps in coverage, is a major challenge for CISOs. In Cisco’s sixth annual CISO Benchmark Report, released in February this year, most organisations reported that they found managing a multi-vendor environment to be challenging, with 28% saying it was “very challenging”. Just 17% of respondents said it is easy to manage a multi-vendor environment down from 26% in 2017.

The report found that while the majority of organisations (86%) are using between 1 and 20 different security technologies, 13% said they are using over 20, and 4% of companies report using a staggering 50 or more different security solutions. Managing so many different vendors is not just a burden on time and resources for the IT department, but can also become a factor in reducing the effectiveness of cybersecurity protection as well. Dealing with integration issues and a high volume of security alerts can distract security engineers from tackling other challenges they face, such as public cloud issues, mobile device management and dealing with patching and update cycles in a timely fashion. Failure to integrate multiple security solutions can also leave gaps in coverage, or create a situation where the IT team doesn’t properly understand what protection a particular solution is providing or how it works, impacting visibility and awareness into the true security state of the network. An overly-complex IT environment has also been identified as a factor in ‘cybersecurity fatigue’. Forty-two percent of respondents to the CISO Benchmark report said they are suffering from cybersecurity fatigue, defined as virtually giving up on proactively defending against malicious actor. Ninety-six percent of those who reported suffering cybersecurity fatigue cited managing a multi-vendor environment as being a cause of their burnout. It is easy to see how complex environments can easily overwhelm the IT team. From 2017 to 2020, the percentage of respondents reporting that they receive over 100,000 security alerts per day rose from 11% to 17%. Only around one-third (36%) say they get less than 5,000 alerts per day. High volume of alerts is clearly a factor in cybersecurity fatigue, with 93% of sufferers saying they get over 5,000 alerts per day. Addressing these overly-complex security environments is essential for

MANAGING SO MANY DIFFERENT VENDORS IS NOT JUST A BURDEN ON TIME AND RESOURCES FOR THE IT DEPARTMENT, BUT CAN ALSO BECOME A FACTOR IN REDUCING THE EFFECTIVENESS OF CYBERSECURITY PROTECTION AS WELL.

IT departments that want to take back control of their security environments. One of the key trends highlighted by the CISO benchmark is vendor consolidation – since 2017, the number of CISOs saying they are using 20 or less vendors has increased by 7%, and there has been a 6% decrease in those saying they use 21-50 solutions. Reducing the number of vendors can bring clarity to the security environment and help ease the burden on the IT team. Another strategy for gaining more control over your security landscape is automation. CISOs are looking to

automate security processes such as asset discovery, vulnerability remediation, detecting anomalous activity, and especially managing the volume of alerts and updates. Human intervention is still required to set up and monitor automated processes, but it clearly offers a solution – 77% of respondents to our CISO Benchmark study said that they are planning to increase automation to simplify and speed up response times in their security ecosystems. To really manage the complexity of IT environments with multiple vendors, CISOs are looking for solutions that can integrate, automate and consolidate their entire estate into one manageable whole. Cisco’s SecureX platform is one such solution, an open, scalable, cloudbased platform, that integrates security solutions from multiple vendors, and enables organisations to add in best-inclass functionalities direct from Cisco to meet new threats and requirements. A single platform with integrated threat and security management gives the security team full visibility into their IT environment across network, endpoint, cloud and applications, and allows them to work smarter by automating and prioritising security alerts, to reduce the impact of cyber fatigue. By integrating all of its security solutions under one platform, including solutions from multiple vendors, a business can preserve IT investment, at the same time as gaining a better understanding of any duplication or unused capabilities, allowing them to eliminate redundancies and optimise usage of existing solutions and further streamline the environment. Security challenges are not going to get any less complex, but with the right strategic approach, security environments do not have to become more complex. Removing the burden of complicated multi-vendor security environments can reduce cyber fatigue, and give the CISO the time to work smarter, streamline defense and focus on prevention as well as detection and remediation.

SEPTEMBER 2020

CXO INSIGHT ME

FEATURE

GETTING SMART ABOUT DATA WHAT IS DRIVING THE USE OF DATA SCIENCE IN BUSINESS, AND WHY IT MATTERS.

ata science is rapidly becoming one of the hottest fields in IT today. Using data – both structured and unstructured – to make decisions and improve business outcomes makes data science a compelling value proposition for IT decisionmakers. The data science platform market is expected to grow to $140.9 billion by 2024. IDC predicts the global revenues for Big Data and business analytics solutions – just one share of the larger data science and analytics market – will reach 274.3 billion in 2022. Organisations, regardless of size, can reap rich dividends from wellmanaged data science initiatives. Data science business value has been proven across industries and lines of business in terms of boosting revenue, reducing operational inefficiencies, and minimising organisations’ risk exposure. Data science has demonstrated quick return on investments in areas such as customer experience, risk and compliance, and operational efficiency, says Tamer Elsawy, Director, IBM Cloud & Cognitive Software. “Data science can help sales and marketing teams to optimise their interactions with customers by offering an omnichannel and more personalised experience at every customer lifecycle. This can help the business to acquire more customers, maximise revenue from existing customers through up/cross-selling 30

CXO INSIGHT ME

SEPTEMBER 2020

DATA SCIENCE CAN HELP SALES AND MARKETING TEAMS TO OPTIMISE THEIR INTERACTIONS WITH CUSTOMERS BY OFFERING AN OMNICHANNEL AND MORE PERSONALISED EXPERIENCE AT EVERY CUSTOMER LIFECYCLE. and to maximise customer lifetime by predicting churn and proposing optimal retention strategies. The business benefits include maximising campaign response rates and increase the share of wallet,” he says. Data science can also help reduce organisation exposure to different types of risk, including operational, financial, strategic and compliance risk. Industries such as financial services have been addressing this typically using rule-based systems, according to Elsawy. Dr Abrar Ulla, Director of Postgraduate Studies, School of Mathematical and Computer Sciences, Heriot-Watt University Dubai, can

see why data science would continue to be a top investment priority in the coming years. “Data has become fuel for businesses. Companies require data to function, grow and improve their businesses. With the emergence of new technologies, there has been continuous growth in data creation relating to different business activities and interactions. This led to the emergence of new concepts, including Big Data, data analytics and data visualisation. Businesses are focused on optimising data science for competitive advantage. Data helps you better understand your business and customers to optimise the business process and profitability. It leads to informed and data-driven decision making to improve business function,” he says. Ramprakash Ramamoorthy, Product Manager, ManageEngine Labs, points out business models are built around data in the consumer world, and

Tamer Elsawy

Dr Abrar Ulla

now the enterprise world is catching up to build revenue models around data. “There has been a strong push for digitisation over the last decade, and enterprises have been collecting essential data. It’s natural that they would want to use the collected data to their competitive advantage, and that is why there’s so much buzz around data science.” Difference between data science and analytics Though used interchangeably very often, data science and data analytics are unique fields. “While there is some overlap between data science and data analytics, they fundamentally address two different problems. Data science looks at a problem space and identifies the questions that need to be asked; this may be done using many sources of data and techniques, which may include data analytics. Having identified the question, data analytics focuses on providing the answer using the statistical analysis of data sets. As such, despite their similarities, the two disciplines are fundamentally very different but with a common dependency on vast amounts of data,” says Patrick Smith, EMEA Field CTO at Pure Storage. Elsawy further demystifies the difference between the two disciplines: “On the one hand, data analytics help business analyst to

Ramprakash Ramamoorthy

Patrick Smith

answer questions on what happened in the past and why it happened. It’s commonly known as descriptive and diagnostic analytics. The techniques include reporting, dashboarding, business intelligence tools and OLAP analysis. “On the other hand, data science helps business users to answer questions on what will happen in the future and what we should do about it. We’re talking here about predictive and prescriptive analytics.” Like any other field in IT, there are some common mistakes to avoid in data science operations. Along with the quality and volume, you have to make sure that you are collecting the right data. The common expression of garbage in, garbage out in computer science applies to data science as well. Ramamoorthy from ManageEngine says a lot of times, the data you used to train your algorithm can be inherently biased and can potentially be very selective on gender, race, religion, and more. It is important for your data scientist to debias your data by removing inappropriate markers that can bias the outcome, such as a loan eligibility detection algorithm that rejects a loan application due to an insignificant factor while other important markers, based on bank’s policy guidelines, are good, he says. Ulla from Heriot-Watt says data privacy has been an ongoing issue

with many applications, including data science. It is important to understand and comply with data privacy requirements. Compromise of data privacy could lead to penalties and sometimes closure of business. He warns against picking the wrong tools to visualise. “Many data science experts focus on learning the technical aspects of the analysis, instead of using different visualisation techniques which can help them derive the key insights quicker.” The other common mistake is that organisations tend to underestimate the challenges related to data governance, according to Elsawy from IBM. “As a matter of fact, there’s no AI without IA (Information Architecture). In order to rely on the data science outputs, businesses need to understand their data and to trust their data. A critical phase in every data science project is data assessment and data quality scoring to identify problems such as missing values, inconsistencies, duplications, noisy data, etc. and have the right tools to resolve and curate these data issues. This phase typically constitutes 80% of a data science project time; however, having the right platform for data governance, data cleansing, data refinery, etc. is seen as a wise investment helping to reduce significantly this time and gain productivity and model quality,” he sums up.

SEPTEMBER 2020

CXO INSIGHT ME

VIEWPOINT

CULTIVATING SECURITY CULTURE ESTEBAN HERNANDEZ, SPECIALIST SOLUTIONS ARCHITECT, SECURITY, AMAZON WEB SERVICES (AWS), ON HOW TO BUILD A RESILIENT CULTURE OF SECURITY.

ecurity has evolved from the sole responsibility of one team to that of the entire organisation. It must become a part of an organisationâ&#x20AC;&#x2122;s culture with every employee embracing security and using it as a positive framework for behaviour, building technology, and decisionmaking. After all, an optimistic, proactive, 32

CXO INSIGHT ME

SEPTEMBER 2020

approach is vital to build an organisation where security enables the whole business to move faster and stay safe. Creating a culture of security is the future, but what does it look like in practice and how can organisations ensure they are following effective guiding principles to keep them on track? What can you do today to promote a positive security culture?

What does a culture of security look like? A positive security culture is one where the security team works collaboratively with the rest of the business. If we assume that people want to do the right thing then we should make the secure option the easiest option. This goes beyond looking at the technology, to looking

at the people who use it, and the organisation’s culture. Traditionally organisations treated security as a gate to pass or something that was bolted on at the end of a project. It was the responsibility of people with security in their job title. By contrast, successful businesses think of security and resilience positively, as fundamental to a company’s culture, and as a concern for all enterprise executives, managers, and employees. This approach ensures security is central to all daily business processes, increasing resilience and improving the organisation’s ability to respond if there is an issue. Guiding principles To create a culture of security, businesses must follow ten key principles, five of which we will outline in this blog:

Education: This means keeping your workforce skilled up on the available technology, seeking advice from security specialists, and working to understand security policies and rules. Doing so maximizes every employees’ ability to be the first line of defence in their company’s security programme, cutting down the chance of simple errors that could result in a security issue. It also includes setting the expectations for the whole business, be it security configuration that should be implemented by application developers or the patching responsibilities of product owners.

Hygiene: good security hygiene is vital to preventing basic mistakes turning into security threats. As such, employees must understand the dangers of poor security practices, such as sharing user accounts and passwords. Meanwhile, businesses need to ensure the access systems they have in place facilitate secure practices. For instance, AWS services offer temporary credentials that can last minutes or hours, after which they will no longer allow system access. This tightens control over service access, reducing

the likelihood of unintended access to business data.

Learning from issues in a no-blame way: there will always be issues with humans and the software they build. The important thing to do is learn from the issues and take action. Creating a culture where root cause analysis is done objectively and without blame helps create the ability for an organisation to learn. Don’t ask whether the person made a mistake, but instead ask what could be done to ensure that the right choice is made next time. You also want to have a culture where people are comfortable raising security issues because they know they will be supported by the security team.

Meet your people where they are: working with your developers will help you understand the processes they go through to build and release software. This will help security to understand where they can enable developers to make good security choices, or inherit capability so they can focus on business logic. For example integrating your cloud platform with your corporate identity provider

DON’T ASK WHETHER THE PERSON MADE A MISTAKE, BUT INSTEAD ASK WHAT COULD BE DONE TO ENSURE THAT THE RIGHT CHOICE IS MADE NEXT TIME. YOU ALSO WANT TO HAVE A CULTURE WHERE PEOPLE ARE COMFORTABLE RAISING SECURITY ISSUES BECAUSE THEY KNOW THEY WILL BE SUPPORTED BY THE SECURITY TEAM.

and making sure that developers can create permissions within understood guardrails helps remove security as a gate. Providing automated checks that run in pipelines can give early feedback to developers to help them build to the desired security posture.

Metrics and monitoring: being able to measure your security posture and give people access to data is good way of communicating and understanding where the high performing parts of your organisation are. If you can identify teams doing well or building innovative solutions you can expand their use across the business. Telling people what they are being measured against and giving them tracking tools promotes a culture of ownership which reinforces the positive security approach. A culture of security will significantly improve an organisation’s’ security posture by becoming the framework through which all employees behave, build technology, and make decisions. However, for it to be a success, companies need to take a structured approach to introducing the framework. A culture of security is based on education, hygiene, threat modelling, and all employees working together as a unified team. Do this and your organisation will improve its security posture, set you above the competition, and keep your data safe. Look out for more tips on building a culture of security to come.

SEPTEMBER 2020

CXO INSIGHT ME

VIEWPOINT

THE EVOLVING ROLE OF THE CIO IN 2020 SAAD CHAUDHRY, EXECUTIVE PARTNER, GARTNER, AND MANDIP DULAY, FOUNDER OF THE COO NETWORK, SHARE INSIGHTS ON THE EVOLUTION OF THE CIO AND HOW THE NOTION OF BUSINESS AS USUAL IN IT OPERATIONS IS A THING OF THE PAST

he boardroom composition will continue to shift in order to embrace the emerging business trends, with Chief Technology and Innovation Officers (CTO) taking the lead on driving digital-enabled growth, whilst considering other agile elements which increase organisational revenue. Such roles were previously under the remit of the COO; and will now drive additional challenge for the COO to continue 34

CXO INSIGHT ME

SEPTEMBER 2020

remaining the second-in-command. That said, the role of the CIO is also challenged. Your CIO is dead. The transactional CIO, whom you once knew, is a thing of the past and COVID-19 fired the last shot. Transactional CIOs were forged when all that was required of them was to oversee system implementations and upgrades. Today matters are different. More and more CEO’s want to focus on digitally fueled growth and revenues, versus expanding

their physical corporate structures, and this changes the game for CIOs and COOs alike. According to a recent survey conducted by Gartner, 67% of executive board level respondents consider digital disruption to be among their top business priorities. However, it’s not just the leadership expectations that are growing; the tech that CIOs were used to dealing with has changed as well. Technologies such as blockchain,

IoT, AI, advanced analytics, edge computing, immersive experiences, autonomous services, digital twinning, have taken center stage. Where we were once gradually seeing a drive towards digital transformation from a business perspective, now, in the time of the Pandemic, it has become a necessity. Before the Pandemic, we had been noticing both the COOs and the CIOs evolving towards their digital futures on two separate paths. The typical “Business Service Provider” COO was evolving towards a “Productiser” COO of the future, while the transactional “Systems Provider” CIO of the past was moving towards a “Moderniser” CIO of the future. This metamorphosis, however, was interrupted by the Pandemic. The Pandemic forced both the CIO and COO roles to ramp up their digital evolution, converging their focuses rapidly on using technology for business and revenue growth. And so the new digital leader does not only need to have a solid grasp of the tech landscape, but also the business operations. So, how do you get here? How does an organisation begin thinking about leadership talent for this brave new world? Well, an organisation’s approach or profile for digital leadership talent depends on two key influencing factors: Factor 1: Understanding the degree to which technology investments and products are tying directly into your business growth and revenue. When criticality of Information & Technology to your business model is low, I&T acts as an enabler to the business capabilities being delivered by the enterprise. Therefore, Investment in emerging technologies ends up being low. In such a case, I&T is not a core part of the way the company operates or derives revenue, nor is it embedded in its products or services. It is, however, core to delivering efficiency. On the other hand, when the pervasiveness of I&T within the business model is high, it is embedded in the customer experience, products and services, and is used for enterprise operations. In this case, I&T is central to

revenue generation for the enterprise, its industry, and the ecosystem. Businesses on this end of the spectrum tend to invest significantly more in emerging technologies. Factor 2: The approach to talent (future leaders) at the organisation in general. “Talent Approach” is the way an organisation seeks to hire and grow their leaders. On one end of the spectrum is the traditional approach; where a company seeks to hire employees early in their career and grow and develop them internally to meet the ongoing needs of the business as it changes. A “cradle to grave” hiring approach including the use of high potential candidate lists and clear promotion paths, among others. In this case, I&T leadership is often contained within the IT department which reports into the CIO or head of IT. Enterprises commonly upskill and train workers to address talent gaps, using university partnerships and source locally to fill positions. On the other end of the spectrum, the nontraditional approach is when a company uses a broad range of technologies and approaches to acquire, augment or replace human talent. For example, taking advantage of the “gig economy” or replacing workforce with robotics or artificial intelligence to deliver repeatable business capabilities. This approach is often coupled with a leadership team that has technology embedded in the DNA of all executives, and a CIO deeply involved in corporate strategy, often reporting directly to the CEO. By understanding these two factors and their scales, you can map out the profile that your organisation would have, in terms of their digital leadership over the course of the next several years. Lastly, while we have plenty of research and data to understand where the path leads, there is an important element to consider for the future digital leader: their leadership personality. Here, the COOs have a leg-up, for they have been sharpening their corporate and political skill sets over the ages, while the

CIOs have just recently begun to think of themselves as true corporate executives. The skill sets in this arena involve the ability to balance the use of power, manipulation, and conflict. There is certainly an opportunity for both the CIOs and COOs to evolve to be the digital leaders their organisations will need. And both these roles have strengths and weaknesses attached to them historically, based on their past cycles of evolution, that they can draw on. That being said, the metamorphosis will now accelerate, due to the pandemic-induced haste, and the executives that emerge as the future digital leaders will undoubtedly be those that are able to strike a balance across the board in all the aforementioned factors.

SEPTEMBER 2020

CXO INSIGHT ME

VIEWPOINT

THE macOS

SECURITY GUIDE KARL LANKFORD, DIRECTOR – SOLUTIONS ENGINEERING, BEYONDTRUST, ON THE BEST PRACTICES FOR SECURING MACOS IN THE ENTERPRISE

ight from its inception in 1974 in Ajman, UAE, Speed House Group has been serving the construction industry across the Middle East and North Africa. The company provides turnkey solutions and services in civil, infrastructure and contracting, modular buildings, container conversion, interior fit-outs and furniture, kitchen and bathroom pods, GRP/GRC, and lubricant trading. Commencing with just 50 employees, the company has grown its workforce to over 1200 today and boasts more than 500 customers across five continents distributed over 27 countries. Mac endpoints are no longer ‘niche’ in the enterprise. The likelihood of receiving a silver, unibody laptop on your first day at work is higher today than ever before. In fact, a recently published Parallels survey reported that 55.7% of small to medium-sized enterprises (SMEs) now use or permit the use of Macs. Consequently, the attention of IT organisations, long enjoyed by Windows, is now being cast towards macOS. macOS Security Becomes a Priority The increased enterprise deployment of macOS is being equally enjoyed by malware authors and threat actors looking to exploit Mac security oversights across the enterprise. While organizations tend to invest ample human and financial resources in securing their Wintel environments, this same diligence is often not applied equally across macOS environments. Often, large security gaps are inadvertently created in the interest of 36

CXO INSIGHT ME

SEPTEMBER 2020

TODAY, MAC ENDPOINTS REQUIRE THE SAME LEVEL OF SECURITY SCRUTINY AS WINDOWS ENDPOINTS. IN MANY CASES, MACOS DEVICES ARE JUST AS INTERCONNECTED TO INTERNAL RESOURCES, INFRASTRUCTURE, AND CLOUD-BASED RESOURCES AS THEIR WINDOWS COUNTERPARTS. THUS, MAC ENDPOINTS DEMAND ENTERPRISE-CLASS PROTECTION.

deploying Mac devices quickly, especially to VIP users who may overrule concerns regarding security. The uptick in macOS security-related tools, features, and high-profile macOS endpoint security incidents over the last few years has reflected this. Apple has continued to focus more on security. This is evidenced by their development or enhancement of native OS tools, such as System Integrity Protection (SIP), Gatekeeper, read-only system volumes, and their effort to kick developers out of the kernel (the “Endpoint Security System Extension”) in recent years. Many macOS sysadmins are painfully aware of security and privacy changes made in Catalina. Apple’s macOS Catalina enforced granular permission sets on third-party software for things like file system access, screen sharing, etc., which often require administrative privileges to approve. Challenges and Shortfalls of macOS Privilege Management One of the most basic security tenets now being applied is in the approach businesses must take to macOS privileged access management. While there are architecture-specific nuances to any attack chain, the basics remain the same. Unless an attacker can exploit a privilege escalation vulnerability, malware looks to gain persistence. This ideally accomplished through access to a privileged user or a vulnerability in a privileged application plugin or framework. Ultimately, the same attack surface born by uncontrolled privileged access

in the Windows space applies to macOS. The importance of managing privileged access on a macOS device is also gaining parity with that of Windows devices in compliance frameworks. To address the wave of macOS devices entering the enterprise, many organisations have built adhoc privileged access “solutions”. However, these in-house solutions are almost never architected to the robustness needed for the macOS privileged security problem. macOS populations are no longer isolated islands within any given organisation. Today, Mac endpoints require the same level of security scrutiny as Windows endpoints. In many cases, macOS devices are just as interconnected to internal resources, infrastructure, and cloudbased resources as their Windows counterparts. Thus, Mac endpoints demand enterprise-class protection. Today, few organisations are addressing these security problems with comprehensive, defense-in-depth strategies that include privileged account management in any meaningful way. On the other hand, risky security practices that invite malware infections, hacker assaults, and insider threats proliferate. Here’s a short list of prevalent macOS security malpractices: • Creating a single admin password across all devices (risky, but surprisingly common) • Allowing users to request ‘temporary’ administrator rights • Tools such as MakeMeAnAdmin can be made available for users to selfservice their own privilege elevation, potentially for hours or days at a time. The Service Desk may or may not be involved; in many cases users are able to access these tools themselves! • Giving users access to a secondary privileged account, or elevating their primary identity to an administrator As we strive to implement scalable solutions to these macOS privileged access challenges, it’s critical to evaluate any potential solution with the following criteria:

• Supports true least privilege for all user types, including highly technical users and even remote users • User-friendly and frictionless to the workflow to ensure adoption is high • Easy for the Service Desk to manage, and does not introduce the same burden it is meant to alleviate • Out-of-the-box functionality with minimal ongoing management means even ultra-lean macOS IT teams can deploy it rapidly • Provides detailed audit records and reporting, and can zero in on the who, what, when, and where of sessions Holistically Addressing Privileged Access Security for macOS Environments Many of the challenges faced by homegrown privilege management solutions are that they require users to be on an internal network to support exceptions. Enterprise-class privileged access management (PAM) solutions give users the flexibility to request one-off access from the service desk, even while disconnected from the internal network, or be granted auto-approved, but audited, access to better support technical or executive-type users and their needs. Organisations that want to effectively tackle their macOS privileged access problems should look to implement the following: 1. A comprehensive password management solution that randomizes ‘break-glass’ administrator passwords 2. An endpoint-based solution that allows for granular access to macOS privileges from the safety of a standard user account. Secure credential management of privileged accounts is crucial to minimizing your endpoint attack surface and providing a ‘backup’ admin account in case all else fails. However, endpoint privilege management (EPM) is what empowers your users to perform approved, privileged tasks without requiring administrator rights in the first place. Each of these solutions are also components of the

industry-leading privileged access management platforms. For developers, the PAM tool must be comprehensive enough to accommodate their complex software needs, while minimising any resource utilisation that would degrade performance. This includes granular control and auditing of sudo commands, Homebrew usage, installation and uninstallation of software, privileged functions within compilers such as Xcode, and the myriad of other privileged functions that exist within macOS. Ideally, an effective endpoint privilege management solution should minimize the need for an actual administrator account to ever exist. Most importantly, these solutions should empower your macOS IT staff to support rapid, successful deployments using out-of-the-box configurations. A sysadmin has more than enough on their plate. They do not want to dedicate their days managing a single solution; these tools must start simple and stay simple. Mac endpoint privileged access risks will continue to endure as hard problems to solve for any organization given the limited native tools provided by their chosen operating system. This is compounded by the common misconception that native tool sets provide adequate privileged access controls. Products running on macOS are no different. However, through thoughtful planning and the investment in enterprise-class Privileged Access Management solutions early in the adoption of a macOS environment, drastically mitigating the risk of privileged access and meeting an expanding list of compliance requirements is well within reach. My strong recommendation is to address privileged access security concerns early, as some users may be resistant to any change, no matter how slight. Do this right to get ahead of the curve—not just in terms of risk reduction, but in achieving compliance, in keeping your users happy and productive, in reducing costs associated with servicing macOS devices, and in making sure that macOS in the enterprise has a sustainable future.

SEPTEMBER 2020

CXO INSIGHT ME

VIEWPOINT

7 STEPS TO REALISING THE VALUE OF MODERN APPS AN APPLICATION’S TIME TO VALUE IS IMMEASURABLE UNTIL IT’S IN THE HANDS OF THE USER, SAYS HASSAN HAMADE, LEAD SOLUTION ARCHITECT, EMEA SDDC ARCHITECTURE, VMWARE

assive disruption might have upended life as we know it, but some things remain constant. The business defines objectives and strategy, and IT delivers this, ultimately creating the applications and services and experiences customers demand and employees need. Being able to modernise applications means being able to deliver them at speed, with reliability and security, whether they’re cloud native or updated legacy, whether they’re in the data center or in a multi cloud environment. Businesses understand that without these services, meeting customer needs is going to be a struggle – a new VMware survey has found that 80% of EMEA application developers and tech leaders believe that, without successfully modernising applications, organisations will not be able to deliver a best-in-class customer experience. In fact, not only do modernised applications support companies to deliver better results, but those enterprises that are high performing are more likely to be the ones developing and delivering new applications and services into the hands of users, at speed. The study reported that two thirds (66%) of new applications make it through to production in highperforming companies, compared to 41% within underperforming organisations, while 70% of application efforts make it to production in the planned timeframe in high-performing organisations, compared with just 41% in underperforming. But being able to support and modernise legacy apps while adopting new cloud native application practices has forced IT to rethink how it delivers 38

CXO INSIGHT ME

SEPTEMBER 2020

them all, and does so securely, in a multi-cloud world. To accelerate the pace of innovation, IT departments need to simplify operations and management. Where do they even start? The beginning point is always about what you need the application to deliver to the business, but that leads to more questions, all of which must be answered in order for IT to know where and how to ‘run all the things’ and the businesses to realise the value of modern applications.

What are the priorities and focus of the digital business? In the analogue era, IT used to talk about the business as the internal customer. But that was a misnomer. Customers have choice, they can move to other providers if they’re not happy with the service. Businesses didn’t have that flexibility; they were stuck with what IT gave them – hostages almost, rather than willing customers. Then technology went mainstream, and business units realised that they had as much access to the latest tech as IT, and sometimes more. So, if IT didn’t deliver, a head of department could go find the resources they needed elsewhere, with all the risks that entails. Now IT has to serve the business like a real customer – understanding their needs, their challenges and their objectives, and demonstrating how IT can support those ambitions. It’s a two-way conversation, whereby business units and infrastructure teams speak a common language and help

each other to understand what they’re both trying to achieve.

What applications need to run? Leading on from that understanding is being clear on what applications are needed, and how that’s going to be supported. It’s a conversation for business units and, indeed, any relevant individual within the organisation – and the resulting decision needs to as much a commercial one as it is technical.

Once that is established, IT teams need to be clear on how they’re going to deliver. Do they have the right team in place? There’s a common misunderstanding from the broader business that a developer can simply ‘develop’ any application – whereas the reality of course is that individuals are trained in specific programming languages and platforms. The challenge is that there’s every likelihood that IT teams are not just going to be focusing on one application, but many, all with different requirements and varying stakeholders. So, ultimately, the applications that need to be prioritised should always meet the needs of the business, while working within the skillsets and parameters of the available development environments.

What platform does the application need to run on? With organisations running a multitude of environments to meet the demands of their applications, each with unique technological requirements, finding the platform isn’t the only challenge. What’s hard is that the development and management is more complex than ever before, with IT and developers navigating traditional apps, cloud- native, SaaS, services and on-prem, for example. Here’s where you need a common ground between IT teams, Lines of Business and developers – where having a single digital platform is critical – to remove the potential for silos springing up, enable the better deployment of resources, and provide a consistent approach to managing applications, infrastructure and business needs together. It’s about creating one, common platform to ‘run all the things’. One, software-defined digital foundation that provides the platform - and choice of where to run IT - to drive business value, create the best environment for developers and help IT effectively manage existing and new technology via any cloud for any application on any device with intrinsic security. One platform that can deliver all apps, enabling developers to use the latest development methodologies and

container technologies for faster time to production. All with consistent management and operations. This is ultimately about enabling businesses to deliver better software faster; to automate the modern app lifecycle, remove barriers to the likes of Kubernetes and container adoption, and even run Kubernetes across clouds. In doing so, the business can position itself to support a new wave of modern apps: democratising Kubernetes to deliver the apps that are transforming business competitiveness.

Where do I want to run them? Businesses have multiple environments for a number of reasons – one of them can be the need to meet regulatory, compliance or customer demands for the geographical storage of data. There might also be a technology reason to keep data and applications as close to the end user as possible – if maximum latency is a nonnegotiable, for instance. Then there’s the issue of data sovereignty, which varies from country to country, and has to be considered when making decisions on application deployment. The question of ‘where’ often breaks down to commercial and technical elements. The answer lies in bringing these considerations together, to move forward with both boxes comprehensively ticked.

How will I deliver them to users? Once the foundations are in place, it’s time to consider how the applications will actually get to the user. This is often overlooked, and yet it’s the whole point of deploying modernised applications – to have users engaging with them and receiving the experience they’ve been looking for. It doesn’t matter whether they’re customers, employees or any other stakeholder – the application’s time to value cannot be realised, or even considered, until it is in the hands of the user. That goes for keeping them updated as well – an employee could have some of the world’s most powerful

applications in the palm of their hand, but by having to manually update each one, their true value won’t be achieved until that’s taken place.

How do I secure them? All of the above is taxing enough; but threats lurk at every stage. Applications, data, infrastructure – it all has to be completely secure. The sophisticated nature of today’s cyber-attacks demands sophisticated responses, which is why building end-to-end security that covers applications, workloads, end points and infrastructure is so critical. It cannot be an afterthought, brought in just before shipping. Only through intrinsically integrating security can IT ensure that everything is secure across any application, any cloud, and any device.

How do I manage all of this? Finally comes the management. Already touched upon in step three, IT teams need to have a way of being able to control all these different elements, at a time when talent and resource are under strain – something that needs to be addressed when one considers that 93% of our research respondents agreed that involving people with varied technical skill sets is an essential part of digital transformation efforts being successful. It needs to be a simplified infrastructure, with consistent operations and a model to build and operate modern applications across multiple environments, whether on-premise or cloud based. It’s quite simple – businesses need to be in the driving seat of being able to build, run, manage, secure and deliver any application – at speed - if they’re to meet the needs of their customers both in today’s turbulent times but also, and critically, as a way of future-readying their business. This puts immense pressure on stretched IT teams, but it is work that has to be undertaken. Those organisations that deploy a single digital foundation, that create an infrastructure that allows for the fast development and deployment of modern applications, will be the ones able to realise the immense value of these new services and offerings, positioning themselves to succeed.

SEPTEMBER 2020

CXO INSIGHT ME

VIEWPOINT

CAN DATA SCIENCE IDENTIFY INSIDER THREATS? AMMAR ENAYA, REGIONAL DIRECTOR – MIDDLE EAST, TURKEY & NORTH AFRICA (METNA) AT VECTRA, HOW DATA SCIENCE AND CYBERSECURITY CAN WORK TOGETHER.

a threat while it’s happening and even before it occurs. The pathology of the insider is very complex. An insider typically takes precautions to evade detection, so how could a software solution reliably identify what is a threat and what is not? The problem of detecting an insider threat before it happens is as difficult and complex to solve as the prediction of human behavior itself. But recent technological advances have shown significant improvements in predicting what was previously considered impossible – human behaviour. Systems like Alexa, Siri and Cortana can predict users’ needs before they even know them.

ccording to a survey by Forrester Research in 2019, 52% of global enterprise network security decision-makers reported that their firms experienced at least one breach of sensitive data during the past 12 months. And nearly half the breaches of sensitive data came at the hands of insiders. Although insider threats represent only a small portion of employees, incidents that involve the theft of intellectual property and customer contact lists add significant costs to business organisations. Security teams typically respond to insider threats by monitoring and logging access. The aim is to at least be able to do forensic analysis when a threat occurs and causes damage, with investigative support from the legal department. Obviously, this approach won’t prevent a threat in any way. Recent updates to monitoring solutions and research programs by the U.S. government are taking a proactive approach to detect

CXO INSIGHT ME

SEPTEMBER 2020

Lots and lots of data This is due in part to the vast amounts of behavioral data that are collected and indexed. Computational resources for analysis have also reached critical mass for large-scale AI applications such as voice recognition, image analysis and machine learning. The term for the predictive analysis of large amounts of behavioural data is data science. Today data science is applied to various problems and areas and could similarly be applied to the insider threat problem. An insider’s behavior is by definition authorised to be on an organisation’s network. But there’s not enough information available to derive an insider’s intention or psychology in real-time. However, as the amount of collected behavioral data increases, more clues are revealed. An initial data science approach involves learning commonly known indicators of insider threat behaviors. These might be authorised behaviours that for some

reason have veered off course. An example is exfiltration behaviors, such as uploading data to a Dropbox account, extensive use of USB sticks or high volumes of downloads from internal servers. These known indicators are specific enough to catch an ongoing attack, but only a limited set of attack types can be detected. To catch future – and unknown – attacks, a second approach focuses on anomalies in observed behavior. An anomaly deviates from what is standard, normal or expected. Data science analyses behavioral information and learns what is normal – that is, normalcy with regard to all observed behavior variations, an individual’s behavior over time or even social behaviors. Once a baseline of normalcy is established, outliers can be identified. Knowing that insider threats are paired with behavioral changes in an individual, anomaly detection will reveal these unusual variations, even in the early stages of a threat. But this improved detection comes with a price: A higher number of false positives. Benign changes in behavior – such as changes in job function or teams or returning to work after a vacation – will trigger high-volumes of detections can be overwhelming. A third and more advanced data science approach generates narratives from the output of the first and second approaches: Combine indicators and anomalies to generate an understandable interpretation of the behaviors inside an organisation. The latter is a tough challenge because it involves creating a truly artificial intelligence. But we are getting there.

VIEWPOINT

HOW TO KEEP HACKERS AT BAY AS ENDPOINTS BECOME OUR NEW PERIMETER, SO MUST MULTI-VECTOR EDR BECOME OUR NEW DEFENCE, SAYS HADI JAAFARAWI, MANAGING DIRECTOR – MIDDLE EAST, QUALYS

he threat landscape is nothing if not adaptable. Its everchanging nature crops up early in every conversation between today’s security professionals, across the Middle East. First it was, “Oh, it’s not just about anti-virus anymore.” And then we had, “Nowadays, it’s not a matter of ‘if’ but ‘when’.” And then on to the differences between cloud security and on-premises security. And everything in between. Every one of these conversations shows the industry waking up to a new norm (because attackers have found ways around defences to the previous norm). The current norm is one of ecosystems. Our corporate networks have evolved to the point that their endpoint devices are now their perimeters. So that is the next buzz phrase for conversation: “the endpoint is the new perimeter”. Our work and personal lives are played out against a digital backdrop. Much of what we do has a digital component — we are woken by our smartphone, check news on a smart device, consult our calendar via another endpoint, consume content, order food, shop, chat, and on, and on, and on. And after you pause for a moment to consider how much more this is true of the COVID-19 age, ask yourself this: how happy must attackers be to see this burgeoning activity on devices that connect to monetisable information inside corporate networks? The rise of the multi-vector attack Endpoint detection and response will now have to evolve, because this expanded attack surface allows bad actors to mount multi-vector campaigns. That means they have a menu of options — or paths — they can take to achieve a breach. They might take advantage of naïve users through

social engineering. They might exploit a software vulnerability. Or they may opt for brute-force attacks. In the multi-vector world, they will adopt a mixture of these options to increase the probability of a successful incursion. And every endpoint is a risk to the whole environment. In multi-vector endpoint detection and response (EDR), we branch out from monitoring and protecting the devices themselves because the endpoint is now just a small part of the risk profile for a network. Monitoring activity at just those surface nodes, in isolation of other readily available data, will lead to false positives (and negatives) and cause alert fatigue, suboptimal prioritisation of threats, and wasteful allocation of resources. Without this new multi-vector approach, it will be much more difficult to automate detection and response functions and free up network admins and security professionals to perform more innovative tasks. And without the ability to scale up security postures to cope with more complex environments, those moving to hybrid working environments across the region — as is happening right now because of the pandemic crisis — will face thornier challenges than are strictly necessary. The importance of visibility So we need to be looking at a range of data points to gain a bird’s-eye view of the activity surrounding a suspect process, so we can properly assess its level of risk. Detecting malware is all very well and good, but a comprehensive inventory of endpoints and

their activity on the network, along with status information on application upgrades, authentication and authorised processes, can go further in assessing the level of risk posed by a given activity and assigning (or not) resources to address it. Clear visibility is vital. Those entrusted with protecting digital estates must be able to see misconfigurations of security processes, antivirus validation, exploitable vulnerabilities, and missing upgrades. They need to be armed with the information and tools that allow them to become threat hunters, sifting out mere pests and zeroing in on sinister predators. Multi-vector EDR gives a global view of the network, leveraging the cloud to unify context vectors such as asset discovery, normalised software inventory, endof-life visibility, vulnerabilities, exploits, misconfigurations, in-depth endpoint telemetry and network reachability. Lightweight “edge” agents commune with powerful cloud-based engines to deliver potent assessment, detection, and response capabilities. Information processing and correlation happen in real time, meaning defence teams are never on the back foot. They are taking proactive measures ahead of possible breaches, rather than performing the lamentable task of cleaning up after data exfiltration has already occurred. Information banquets feed shrewder action The unparalleled visibility within multivector EDR platforms allows teams to go after the most advanced attacks before they do damage, leveraging threat intelligence to automatically flag suspicious activity for investigation. Not only do security professionals get to hunt big game — unquestionably the optimal use of their skills — but they are no longer plagued by “minnow” alerts, because the same information flow that has identified the genuine threat has accurately weeded out lesser ones. The importance of seeing beyond the now-trivial endpoint to a wider vision should now be obvious. Multi-vector EDR allows organisations to build real-time information banquets that feed shrewder actions and resourcing. This, undeniably, is the future, and should be part of all our conversations from now on.

SEPTEMBER 2020

CXO INSIGHT ME

VIEWPOINT

HOW TO CREATE A SUCCESSFUL REMOTE WORK STRATEGY ARA ARAKELIAN, HR MANAGER FOR MIDDLE EAST, TURKEY AND AFRICA AT KASPERSKY ON STRENGTHENING TEAMS AND BRINGING PEOPLE TOGETHER DURING A GLOBAL PANDEMIC

he coronavirus pandemic is changing every aspect of our lives. We are having to adapt to the new norms of selfisolation, remote working, and staying as productive as we were before the pandemic began. However, it is important to understand that the situation we are all in is part of the VUCA environment (volatility, uncertainty, complexity and ambiguity) we have been working at for a long time – is a crisis situation and we have to adapt quickly and make innovative and strategic decisions that will significantly influence our lives and businesses. Implementing remote working is one of the most challenging processes that organisations face today, from both a technical and human standpoint. But with the right strategy in place, the process can be made less painful and more effective. 42

CXO INSIGHT ME

SEPTEMBER 2020

Getting tech-ready With every company moving its employees to remote working as fast as possible, it might feel like we are all participating in some kind of global experiment to test how well prepared we are for such a situation. If it really was an experiment, no one would have ever agreed, but as this is not a test we have to adapt fast. For some companies, like IT ones, the process might be easier, but despite this we are all facing some form of technical issues that have only come to light due to the magnitude and mass nature of the challenge. For example, does everyone has a laptop? Are all security settings for remote work in place on these laptops? Do we need to change our information security policies to enable everyone to work efficiently from home? Another important thing to consider is the adaptation of employees to remote

working, with some people needing additional help and support in using some apps to carry out their roles and communicate with others. No matter what your specific challenges are, to make everything work and ensure a smooth and comfortable transition, a united team and approach is needed. Leading teams during a crisis Working from home can present a big change in the working day, as many employees are not alone but with their whole family. In addition to doing their job, they have to take care of their kids, parents or other elderly relatives. In these circumstances, psychological and emotional stress is the biggest challenge for people, especially the company’s management team. In addition to the stress of re-organising our lives, we’re constantly bombarded

with information about COVID-19 but no one can say when everything will get back to normal. This makes people even more worried about their families, jobs and financial stability, which in turn can lead to burnout and additional stress. We help our employees manage information overload and the feeling of being overwhelmed at this uncertain time. Information from trusted sources is hugely valuable so to ensure that our employees can make sense of the sheer amount of media articles and different kinds of information about COVID-19, we keep them informed of the facts and current situation by organising podcasts with doctors and useful webinars on how to stay safe and healthy at home. This situation demands more flexibility from the company’s leadership team, as it needs to provide the right support for people, to help them combat their fears and mobilise them for action. Emotional intelligence is becoming a key skill in managing organisations and teams in the face of remote working, and the success of companies will depend on the quality of communication with employees. As well as senior management support, we work with team leaders across the company to guide them on how to support their teams and organise work. Indeed, working in teams is one of the key principles of our company and it is critical for us to stay connected and productive no matter what. For some team leaders, the fact that they

cannot see their team and are trying to manage it remotely can become a serious issue. In this situation our main recommendation is to communicate more with your team, put trust in your people, and be a results-driven manager. We all need to go through a transition period and the ability to support and motivate a team, united in their efforts to reach a common goal will be a defining point for an authentic leaders today. However, we also recognise that different teams need different levels of support: our R&D, Anti-Malware Research, Global Research and

order to specifically support this group of employees we’re organising webinars on how to stay productive and efficient, and how to keep the team atmosphere and culture thriving via various online communications channels. Of course, we’re encouraging everyone to be physically active as well, as it is scientifically proven to lower stress levels and help people concentrate better. To do this, we’re working on organising online fitness classes and launching some fitness challenges across our Middle East, Turkey and Africa offices. We also believe in healthy living and we’re planning to send employees a fruit basket to encourage healthier eating.

WORKING FROM HOME CAN PRESENT A BIG CHANGE IN THE WORKING DAY, AS MANY EMPLOYEES ARE NOT ALONE BUT WITH THEIR WHOLE FAMILY. IN ADDITION TO DOING THEIR JOB, THEY HAVE TO TAKE CARE OF THEIR KIDS, PARENTS OR OTHER ELDERLY RELATIVES.

The future of work Although there have been many discussions about remote working in the industry over recent years, the percentage of people working from home is still low. For example, in the US only 5.2% of employees work completely remotely today. However, after the coronavirus pandemic is over we will see a big change in peoples’ mindset regarding working from home – they will understand that it can be as effective as working from the office and brings more benefits in terms of work-life balance. As a result, companies all over the world will have to adjust their policies to include flexible work arrangements as a key benefit to help them stay competitive within the market. It’s important to note that we won’t see a total shift towards remote working as it will still be important for people to come into the office and meet with other team members and clients. The current situation should also positively change the dynamics in teams, as employees will be trusted more on how they organise their working day. There will also be a change in how managers set tasks and manage their staff, as the focus shifts to more human communication and addressing an employee’s needs, which brings us back to the critical importance of supporting emotional needs during this time of crisis and beyond.

Analysis teams, for example, are used to communicating online, so today we mostly support them from a practical point of view, helping them to better organise their workspace at home. We are also seeing a different dynamic in teams including sales, marketing, communications and even HR, because people working in these departments are used to meeting people and building key relationships as part of their role, so face to face communication is crucial. We understand that the adaptation process for them can be more difficult, and in

SEPTEMBER 2020

CXO INSIGHT ME

PRODUCTS

Pure Storage FlashArray//C

INTEL NEXT-GEN MOBILE PC PROCESSORS Intel has announced its next-generation mobile PC processors and the evolution of its broad ecosystem partnerships that are propelling the mobile PC industry forward. New 11th Gen Intel Core processors with Intel Iris X graphics (code-named “Tiger Lake”) are the world’s best processors for thin-and-light laptops with unmatched capabilities for real-world productivity, collaboration, creation, gaming and entertainment across Windows and ChromeOS-based laptops. Leveraging Intel’s new SuperFin process technology, 11th Gen Intel Core processors optimise power efficiency with leading performance and responsiveness while running at significantly higher frequencies versus prior generations. More than 150 designs based on 11th Gen Intel Core processors are expected from partners including Acer, Asus, Dell, Dynabook, HP, Lenovo, LG, MSI, Razer, Samsung and others. Intel also introduced the Intel Evo platform brand for laptop designs verified to the second edition specification and KEIs of the Project Athena innovation program. Based on 11th Gen Intel Core processors with Intel Iris X graphics, devices featuring the Intel Evo badge are verified to be the best laptops for getting things done. More than 20 verified designs are expected this year.

Kingston 128GB USB flash drive

CXO INSIGHT ME

SEPTEMBER 2020

Pure Storage has announced the second generation FlashArray//C, reducing the cost of running capacityoriented workloads so significantly it eliminates the need for legacy hybrid disk arrays, said the firm. The only all-QLC storage array, FlashArray//C is built on Pure’s DirectFlash technology and Purity software platform to deliver enterprise-grade performance and features costeffectively, marking another step towards realising the firm’s vision of bringing flash mainstream for any use case through its entire portfolio of products and solutions. With the second generation of FlashArray//C, Pure is extending its QLC advantage by delivering the first and only enterprise-grade all-QLC flash array – transforming raw QLC into a high-endurance medium while delivering new cost economics that are 30% less than similarly sized hybrid storage arrays on the market today. FlashArray//C is available with 24.7TB and, the industry’s largest, 49TB QLC DirectFlash modules providing the lowest possible total cost of ownership. This makes all-flash accessible for use cases previously relegated to spinning disk or inefficient hybrid solutions, like backup and data protection, test/dev environments, and workload consolidation.

Kingston Digital Europe Co, the Flash memory affiliate of Kingston Technology Company, has announced the availability of the 128GB DataTraveler® 2000 encrypted USB flash drive. DataTraveler 2000 features an alphanumeric keypad that allows users to lock the drive with a word or number combination for an easy-to-use PIN providing an extra layer of protection. For additional security, an auto-lock feature is activated when the drive is removed from the host device if not properly shut down before ejection.

DataTraveler 2000 is FIPS 140-2 Level 3 certified and offers military-grade 256-bit AES hardware-based encryption. Designed with global security IT professionals, smallto-medium businesses and corporate end users in mind, DT2000 is perfect for those who require electronic data protection. Encryption is done on the drive with no trace of the PIN left on the system. The drive is OS independent, making it easily deployable in work environments where multiple devices and operating systems are in use.

Samsung Galaxy Z Fold2 Samsung Electronics has unveiled the next generation of its category-defining foldable device, the Samsung Galaxy Z Fold2. Packed with enhanced refinements and meaningful innovations, the Galaxy Z Fold2 delivers new foldable experiences for those who enjoy being on the cutting edge of technology. With a larger Cover Screen and massive Main Screen, the Galaxy Z Fold2 features a solid design with intuitive new features for a unique mobile experience that offers the versatility that everyday life demands. A 6.2-inch Infinity-O Cover Screen provides maximum usability so users can check email, look up directions, or even watch favourite content without needing to unfold the device every time. When unfolded, the massive 7.6inch Main Screen, with minimised bezels and notch-less Front Camera, immerses users with a 120Hz adaptable refresh rate for smooth scrolling and gameplay. To complete the experience, the Galaxy Z Fold2 comes with the best dynamic sound available on a Galaxy device to date, with enhanced stereo effect and clearer sound provided by high-dynamic dual speakers.

R&M PIME Ribbon R&M has launched its new PRIME Ribbon distribution module in the Middle East. The slide-in module for the fibre optic distributor rack PRIME connects ribbon fibre cables with the flexible and proven PRIME program. With this type of cable, the number of optical fibres in a rack can be increased by 30% to 40%. In comparison to single fibre cables, ribbon fibre cables offer several advantages. They enable a higher number of fibres with the same cable diameter as well as the splicing of 8 or 12 fibres in one working step. With this technology, three to four times more fibres can be laid in a conduit or rack than usual.

The PRIME ribbon distribution modules from R&M occupy a 3/4 height unit in a 19â&#x20AC;ł rack. Their capacity is 96 fibres. In addition to the splice patch variant with LC duplex or SC couplings, R&M offers a pure splice variant for 288 splices. The PRIME ribbon distribution modules are suitable for fibre to the home projects in combination with the PRIME racks. They are used for network expansion in central offices, POPs and street cabinets. Data centres use them to consolidate the fibre optic cabling of meetme rooms and zone distributors. Campus networks and backbones in large buildings are also among the areas of application.

SEPTEMBER 2020

CXO INSIGHT ME

BLOG

REDESIGNING CYBERSECURITY TO EMBRACE DIGITAL TRANSFORMATION SUNIL PAUL, MANAGING DIRECTOR OF FINESSE, HIGHLIGHTS THE IMPORTANCE OF RESTRUCTURING CYBERSECURITY STRATEGIES TO REALIZE DIGITAL TRANSFORMATION PROMISE SECURELY.

rganisations across verticals are fast-tracking their digital agendas by automating their operations to increase efficiencies and offer enhanced customer experiences. With the rise of digital enterprises, cybersecurity has gained prominence and made its way into boardroom discussions. The fact that these boardroom discussions are now happening on video collaboration platforms is proof that cybersecurity strategies need to be redesigned to embrace digital transformation truly. Securing multi-cloud environments Digitalisation is a vital business objective. As part of this plan, organisations today are leveraging multi-cloud strategies to improve IT operations and provide better services to their customers. This means ensuring strong security across clouds, networks, applications, and data is critical for them to achieve the advantages of multi-cloud environments. In line with this, it is imperative that businesses have to put clear protocols for cloud governance and access controls right from the beginning of developing a multi-cloud strategy. It is also essential to make sure every workload in these environments is adequately protected. Business leaders should not be asleep at the wheel when it comes to securing data and workloads in the cloud. However, securing multi-cloud environments is not without challenges. Native security tools offered by cloud providers, while advantageous, are not sufficient to work across clouds. An ideal approach is deploying security tools such as a unified platform security orchestration, automation, and response (SOAR) technology to gain a centralised view and control of the threats and

CXO INSIGHT ME

SEPTEMBER 2020

vulnerabilities across a multi-cloud environment. This will provide security teams with the capability to analyze threat data better and prioritize alerts. Business leaders should understand that cybersecurity needs to be a constant thought, especially as cyber adversaries exploit any circumstance and get more creative in their attacks by the day. Enforcing security by design approaches That being said, it is now more important than ever to ensure cybersecurity is not an afterthought. Believe it or not, most organisations continue to procrastinate on security. This is further seen in a recent report by EY Global Information Security Survey. It revealed that only 36% of organisations admitted that cybersecurity was involved right from a new business initiativeâ&#x20AC;&#x2122;s planning stage. Businesses cannot afford to invest in technology and think of adding the security layer at a later stage. They need to invest in technologies that are embedded with security solutions. Having security by design approach considers cyber risks and security right from any technology implementation impetus and should foster trust at every stage. Moreover, this kind of approach focuses not only on technologies but also on the way an organisation functions. It is important to ensure that everyone within the organisation has a cyber risk-aware mindset. While making this cultural shift is challenging, it is vital for the success of any security strategy; after all, cybersecurity is everyoneâ&#x20AC;&#x2122;s responsibility. Bridging the gap between IT teams and C-level There cannot be any room for disconnects or misalignments between IT security teams and the C-suite when rethinking

security for digital transformation, laying down policies for securing assets, and assessing other risk areas. Bridging this gap is imperative because both parties are unequivocally affected in the event of a cybersecurity breach. Strong communication between the IT team and the C-suite also ensures that investments in security solutions are prioritized. While the C-level executives may not be armed with technical knowledge, they must be aware of the consequences of poor security measures and how it can directly or indirectly impact business profitability. Fortifying the interconnected future Increased digitalisation across verticals is leading to a proliferation of connected devices and technologies. This, in turn, increases the attack surface area offering new playgrounds for cybercriminals. Safeguarding interconnected devices, technology, and networks is the future. Cybersecurity technologies and strategies have to be revamped to take into consideration the millions of devices that are now highly susceptible to cyber breaches. If a perpetrator breaks into a single IoT endpoint, they can effortlessly access corporate networks, hack into sensitive data and create havoc. The threat and severity of cyber-attacks are growing. The COVID-19 pandemic has been a wake-up call for most organisations in terms of evaluating where they are in digital journeys and how prepared they are to tackle cyber threats. Cybersecurity strategies also need to be ever-evolving to stay in tune with ongoing market developments. We have to reassess our present cybersecurity strategies to leverage the complete potential of being digitally transformed.

KEEP ADVERSARIES OFF YOUR ENDPOINTS

Phone: +971-4-8863850 E-mail: info@asbisme.ae www.asbisme.ae

CXO Insight Middle East - Fast track to success - September 2020

Articles inside

UPGRADING LANS THE SMART WAY

CONTENTS

A CONNECTED WORLD

PROTECTING REMOTE WORKERS

NEWS

THE RISE OF EDGE COMPUTING