Cyber Magazine - May 2023

Innovators are paving the way for a more resilient, sustainable and efficient future. The rules have changed. It’s time for DISRUPTION.

Tech LIVE Virtual returns to highlight the innovators changing the industry through expert keynote speakers, interactive fireside and panel discussions. This exclusive 1-day virtual event will bring together the greatest voices in the industry for an essential deep dive into the future of Technology, AI and Cyber.

Brought to you by BizClik, Technology, AI and Cyber Magazines, the event will shine a light on essential topics such as the AI revolution, quantum computing, the virtual workplace, technology’s place in sustainability and much more.

It’s time for DISRUPTION.

Sponsorship Opportunities

Position your business as a pioneer in Technology and showcase your values, products and services at Tech LIVE Virtual.

This is your chance to share your innovations with the technology community by making an impact in front of fellow decision-makers and influencers as well as accessing potential partners via an active and engaged audience.

See you on the 8th June 2023.

Ways to Work With us

We produce Digital Content for Digital People across 20+ Global Brands, reaching over 15M Executives

Digital Magazines

Websites

Newsletters

Industry Data & Demand Generation

Webinars: Creation & Promotion

White Papers & Research Reports

Lists: Top 10s & Top 100s

Events: Virtual & In-Person

Work with us

PROOFREADER

CHIEF

ADVERT

THOMAS

DREW

JOSEPH

SALLY

JINGXI

PRODUCTION

GEORGIA

DANIELA

PRODUCTION

KIERAN

SENIOR

MARIA

CHARLIE

YEVHENIIA

LEAD

REBEKAH

PROJECT DIRECTORS

MEDIA

MANAGING DIRECTOR

Flexibility key to retaining talent after the Great Resignation

According to ISACA’s State of Cybersecurity report, organisations are struggling more than ever with hiring and retaining qualified cybersecurity professionals

With organisations struggling more than ever with hiring and retaining qualified cybersecurity professionals, a flexible approach is key to tackling the cyber skills gap.

According to ISACA, almost two-thirds (63%) of organisations currently have unfilled cybersecurity positions, up 8% from 2021. Meanwhile, 62% report that their cybersecurity teams are understaffed, and one in five (20%) said it takes more than six months to find qualified cybersecurity candidates for open positions.

With demand for security teams constantly high, research has also suggested that cybersecurity teams will be least impacted by staffing cuts in 2023, despite looming recession concerns, with C-suite executives viewing cybersecurity as an essential, valuable asset that is a strategic priority.

While the majority of tech firms expect to make layoffs this year, just 10% of organisations told (ISC)² they are likely to cut jobs in cybersecurity compared to other business areas, highlighting the continuing importance of high-quality security teams.

marcus.law@bizclikmedia.com

“Research has suggested that cybersecurity teams will be least impacted by staffing cuts in 2023, despite looming recession concern”

UP FRONT

COMPANY REPORTS

24 SAP

Innovating to secure the world's largest private cloud

52 CLOUD TRANSFORMATION

Transformation to the cloud helping airline group soar to its goals

82 SAP

SAP'S Sam Castro on AI and risk resilience in manufacturing

Fluent Order Managements drives real-time business and customer benefits

Jamie Cairns, Chief Strategy Officer at Fluent Commerce, on how its order management platform enhances operational efficiency and customer experience.

Fluent Commerce is a global software company focused on distributed order management. Its cloud-native platform, Fluent Order Management, provides accurate and near real-time inventory data visibility, order orchestration, fulfilment optimisation, instore pick and pack, customer service, and reporting to transform fulfilment into a competitive advantage.

As Jamie Cairns, Chief Strategy Officer at Fluent Commerce explains, the process of managing orders begins with inventory data. “Being able to unify a view of inventory and then syndicating that inventory data out across a range of different channels lets you improve the customer experience,” Cairns comments.

That, in turn, has a range of different operational efficiency benefits, reducing costs by reducing split shipments, cancelled orders, and customer service calls.

As Cairns describes, order management represents an opportunity for retailers and B2B organisations to harness inventory data to provide real-world benefits. One of their recent innovations, Fluent Big Inventory, is about unifying in near real-time those inventory sources, enabling all systems to become inventory aware.

“It is not just about enhancing the order fulfilment process, which is typically what has been the domain of an order management system,” Cairns explains. “It’s about making inventory data available to other systems, like search, as well and ultimately being able to personalise search results based on inventory.” With changing customer preferences in recent years,

brands have had to adapt quickly. As Cairns explains, Fluent Order Management not only provides a robust software-as-a-service platform, but at a lower total cost so businesses can move quickly and meet customer expectations efficiently.

During the COVID-19 pandemic when stores were closed, Fluent Order Management enabled businesses to adapt quickly. “Stores still had inventory and there were huge spikes in online demand,” Cairns explains. “Our customers were able to adapt in a matter of a day to completely change their fulfilment workflows.

“Digital agility is essential,” he concludes. “We are not trying to predict what the future is, but to provide a toolset that allows you to adapt as the future evolves.”

BIG PICTURE

Concerns about chatbots’ use of data Italy

Since its launch late last year, ChatGPT may have experienced a meteoric rise, but, in March, it was temporarily banned in Italy over data security concerns.

The country launched an investigation into OpenAI after a cybersecurity breach led to people being shown excerpts of other users’ ChatGPT conversations and their financial information.

With millions of monthly users, ChatGPT – like other large language models – is trained on vast quantities of information available on the internet.

"We actively work to reduce personal data in training our AI systems like ChatGPT, because we want our AI to learn about the world, not about private individuals," OpenAI said in a statement.

But the Italian watchdog cited concerns about how the chatbot processed information in its statement: "We expect all companies active in the EU to respect EU data protection rules. The enforcement of the General Data Protection Regulation is the responsibility of EU data protection authorities," a European Commission spokesperson said.

DEFENDING AGAINST THE UNSEEN: George Kurtz

CROWDSTRIKE’S

As digitalisation and migration to the cloud grow ever-pervasive, safeguarding against threat and loss remains an imminent priority for businesses. With recent predictions estimating a momentous 90% reduction in financial costs if companies adopt a cybersecurity network architecture, the benefits cannot be overstated.

Enter, CrowdStrike. With a market cap of $31bn, industry-leading cybersecurity company CrowdStrike provides cutting-edge endpoint protection, threat intelligence, and services designed for the next generation.

The brain behind CrowdStrike

A highly-renowned figure in the security industry, George Kurtz is recognised globally as an expert in security, an accomplished author, entrepreneur, and speaker. With over three decades of experience in the field, he has demonstrated exceptional skills in driving revenue growth and scaling organisations worldwide. His entrepreneurial background and aptitude for commercialising emerging technologies have propelled him to introduce innovative products to the market throughout his career.

Kurtz has held several high-ranking positions at McAfee, a $2.5bn security firm, including Worldwide Chief Technology Officer and GM, and Executive Vice President of Enterprise.

Throughout his illustrious career spanning over three decades, Kurtz has remained at the forefront of cutting-edge developments in cybersecurity, relentlessly working towards making the digital world a safer place.

“I launched my first company, Found Stone, in the vulnerability management space. I sold that to McAfee in 2004 and spent seven years at McAfee. And McAfee really sent me on a journey for CrowdStrike, because it was there that I saw the challenges, the endpoint market, and that the industry was focused on detecting malware rather than preventing breaches. And they were doing it in a way that looked like Siebel, not Salesforce.

So I thought there was a better way to create a foundational platform company like Salesforce and Workday or ServiceNow, but there was no platform company for security. And that’s what I started at CrowdStrike,” Kurtz explained in a CrowdStrike blog post.

Stopping Breaches with CrowdStrike: “Fast. Easy. Effective.”

cybersecurity software market by prioritising prevention over detection or response. By gathering more information about an attack, the organisation improves their ability to prevent similar attacks from occurring in the future. This approach is particularly advantageous in preparing for potential attacks before they happen.

Kurtz spearheaded this speed-focused business model, believing that this was the key factor that was missing from the cybersecurity landscape when he first created the company.

“Speed is a critical element when we talk about breakout time and how long it takes to exploit these machines. And it’s probably about an hour and thirty this year

versus four hours last year. So somebody gets on a machine, you don’t have a lot of time to be able to identify and prevent that. And again, I think we do a great job with our ransomware prevention and detection on the endpoint itself, but you want to have full visibility across other systems that are not just standpoints,” Kurtz explains.

Looking ahead

With the company recently surpassing $2bn in annual revenue just 18 months after reaching $1bn, the company is doing better than ever.

CrowdStrike is expanding beyond cybersecurity and venturing into the broader IT industry by leveraging data analytics. Kurtz has expressed the aspiration for CrowdStrike to become a significant contender in areas such as data observability and IT operations in the broader IT landscape.

When asked about the advice he would give his younger self, Kurtz expressed: “I would say it’s going to be a great journey, and it’s not about the destination; it’s really about the journey, enjoy it. And I would also just reinforce: stay the course.”

Looking to the future, CrowdStrike is emphasising its foundational nature rather than just being a point product. With 21 distinct offerings, the platform consolidates various technologies to decrease costs, simplify processes, and improve outcomes by preventing breaches. However, the benefits of the company’s Humio acquisition go beyond preventing breaches and include optimising IT systems to enhance customer interactions and satisfaction. The company's core focus is on security, but with acquisitions like Humio, they are expanding into related areas that make sense and reach beyond security.

DR NIKOLAY GAUBITCH

DR NIKOLAY GAUBITCH SPEAKS TO CYBER MAGAZINE ON THE ROLE AI HAS IN COMBATTING VOICE FRAUD

From transforming a customer’s call centre experience to reimagining how they interact with smart devices, Pindrop helps people use their voice to connect to, enter, and unlock their world quickly and securely.

As Director of Research, the core of Dr Nikolay Gaubitch’s work is the development of new technologies to push the frontiers of voice security.

“However, I also interact with customers directly, to understand their specific needs and pain points in order to ensure that they get the most out of our technology,” he explains. ”This has given me the unique combination of insight of the fraud and authentication challenges in various industry verticals and an in-depth understanding of the technology that addresses these challenges.”

AI and combatting fraud

When it comes to combatting voice/ telephony fraud, AI has a key role to play.

The perceived anonymity of the voice channel makes it attractive to fraudsters who not only seek to conceal their identity but aim to impersonate that of their victims too. “Where in the past you might have met with your local bank manager, nowadays it is rare for a call centre agent to have any familiarity with callers, making it tempting and easy for a fraudster to step into a customer’s shoes,” Gaubitch says.

“Exploiting telephony requires a lower level of technical expertise than cybercrime targeting online channels. Moreover, call agents are first and foremost focused on providing a positive customer experience to their dozens of callers a day. Their job is not to identify potential fraudsters.

“The clear attraction of the telephony channel for fraudsters has led to the innovative developments of tools that utilise AI and Machine Learning (ML) to rapidly assess the caller’s voice, device, and behaviour, identifying any subtle signs that indicate a potential fraudster.

“The same technology can be used to provide an additional layer of authentication instead of or in addition to traditional questions like KBAs (Knowledge Based Authentication). KBAs don’t actually confirm the caller’s identity, merely that they know the answer to a handful of pre-set questions, such as the street you grew up on or your mother’s maiden name. In today’s digital world, a fraudster can find the answers to these questions relatively easily via social media, for example.”

Pindrop incorporating new technologies

In contrast to machines, humans are not capable of consistently picking up on the unique identifiers distinguishing legitimate calls from fraudulent ones. Not only is this because many of these identifiers are simply inaudible or unrecognisable to the human ear, but the sheer number of calls handled by call centre agents each day makes it a logistic impossibility to accurately vet every single call.

“You can’t make a connection without knowing who someone is, and call centre agents cannot treat every customer as a potential fraudster,” Gaubitch explains. “Therefore, stopping fraudsters in their tracks must not compromise on a meaningful experience between customer and agent, and this is where the role of AI and ML technology becomes imperative. Not only does AI and ML technology help the customer with their authentication process, but it also provides the agent with the assurance that who they are speaking with is a legitimate customer.

“This way the call centre can provide an enhanced customer experience focused entirely on providing a personable, trusting, high-standard service, rather than being on high-alert for signs of deceit.

“Nowadays, it's rare for a call centre agent to have any familiarity with callers, making it tempting and easy for a fraudster to step into a customer’s shoes”

“As the digital world continues to evolve, it is important to incorporate new technologies to ensure dependable security. For example, recent media attention has highlighted fraudsters honing their skills and capabilities to create increasingly realistic deepfakes and looking to voice synthesis as a potential new technique. Whilst not new, these techniques have historically remained less well-known to the public because of the limited real-word applications available today; however, testament to the news, they will only increase in popularity as they become more convincing. It is therefore vital that businesses be aware of not only these advancing techniques but other potential technologies that criminals can take advantage of, and adopt the appropriate technology to combat them.”

The future of Pindrop

“Pindrop’s mission is to provide security, identity and intelligence on every voice, and as voice comes to play an increasingly larger part in how we interact with technology, this mission will only expand,” comments Gaubitch. “Imagine your daily routine, how many instances can you think of where interaction through voice would make your life easier? A car boot that opened at your command, or a television that recommended age-appropriate shows depending on the person speaking, for example. Voice is not only replacing passwords and PINs, but can start to replace endless other devices with the power of voice identity and voice security, presenting endless new opportunities for businesses and the human beings they serve. The future of Pindrop is all about using voice to open worlds for our customers.”

INNOVATING TO SECURE THE WORLD’S LARGEST PRIVATE CLOUD

he use of the cloud has truly taken off in recent years, but as cloud computing increases, so too do security threats. For companies such as SAP, which operates a private cloud, protecting the data of their customers is absolutely critical.

Roland Costea, the Global Chief Security Officer for SAP’s Enterprise Cloud Services, is responsible for running the Global Cybersecurity Program and Strategy for SAP’s Private Cloud.

“SAP is the coolest software company that your friends have never heard of,” he explains. “It puts a phone in every pocket but it's not Apple or Samsung, it puts shoes on the feet of the world, but it's not Nike or Adidas, it gives the world wings, but it's not Red Bull or Boeing.”

SAP’s Enterprise Cloud Services portfolio empowers customers to run a modern, intelligent ERP system in the cloud, enabling them to become cost-effective and sustainable intelligent enterprises.

One aspect of this portfolio is RISE with SAP, a business transformation-as-a-service platform that enables every company to become an intelligent and sustainable enterprise. “This is practically the vehicle to deliver SAP's Intelligent Enterprise Vision,” Costea adds. “It brings together the solutions and services you need, in one package, regardless of where your business stands now or where you want it to go.”

With Enterprise Cloud Services growing exponentially in recent years, SAP is innovating and moving with speed to stay one step ahead of security threats

RISE with SAP enables businesses on their transformation journey

Launched in January 2021, RISE with SAP helps companies seize the advantages of cloud computing in their mission-critical, core systems.

needs for true business transformation is simplicity,” describes Costea. “That means having only one company which is responsible for service-level agreements, operations and issue handling. That comes with the benefit of best-of-breed cloud infrastructure providing a native cloud landscape powered by SAP and our hyperscaler partners.”

is with them on each step of their road to an intelligent enterprise, migrating from the

ROLAND COSTEA

TITLE: GLOBAL CISO - ENTERPRISE CLOUD SERVICES

LOCATION: GERMANY

Roland Costea is a Security Executive and the CISO for SAP Enterprise Cloud Services. He is a high performing security business leader who plays a key role in driving the digital transformation of SAP’s customers into a secured intelligent enterprise using the private cloud. Throughout his career of almost 20 years, Roland lead to success different security business units in companies like Microsoft, IBM, Cognizant or Genpact and he secured and developed the first private cloud in Romania in 2010 when few people were actually talking about cloud.

Wherever your data comes from, wherever it needs to go, Cribl gives you the freedom and flexibility to make choices instead of compromises. You can collect, reduce, enrich, normalise, and route data from any source to any destination to best support your business goals, with Cribl.

"CRIBL GIVES US

OUR DATA HIGHWAYS." OBSERVABILITY

INTO AND THE POWER OF CONTROL, FLEXIBILITY

HOW CRIBL IS UNLOCKING THE VALUE OF ALL OBSERVABILITY DATA

With its platform enabling more choice and control over telemetry data, Cribl is helping SAP Enterprise Cloud Services accelerate its security initiatives

Cribl is on a mission to unlock the value of all observability data so that organisations can provide optimal and secure experiences for their customers.

As Ledion Bitincka, Cribl’s Co-founder and CTO explains, the main problems Cribl addresses in the market originate from an explosion in observability data. “According to Gartner, the amount of data is growing roughly by 25% every year, meaning that in about five years, organisations will have two-and-a-half times the amount of data that they’re dealing with today.”

Cribl’s flagship product in the market, Cribl Stream, is a vendor-agnostic observability pipeline. “It allows organisations to collect and gather this observability, security, and telemetry data and route it at scale in the best format to wherever it makes sense, for alerting, analysis or compliance purposes,” Bitincka says.

Roland Costea, the Global Chief Security Officer for SAP’s Enterprise Cloud Services is responsible for running the organisation’s overall global cybersecurity programme. “One thing that represents our overall cybersecurity strategy is speed: accelerating our end-to-end security processes and services,” he explains. “We also need control and visibility into our own datasets, so that we are able to make intelligent decisions. What excites me most about Cribl’s platform is that it gives us the control, the flexibility, and the power of observability into our own data flows.”

SAP is helping organisations modernise their business processes and become intelligent enterprises. “We are helping our customers to protect their core SAP workloads,” Costea adds. “With Cribl, we are able to spend less time on repetitive processes that can be automated, so that we can free up more time for innovation. When we innovate, we can better deliver on our customer needs, build better solutions, better partnerships, and be there every step of the way to help our customers achieve their goals.”

For more information visit cribl.io

That makes them more resilient, profitable, and sustainable by adopting best practice processes and industry next-generation practices.”

With SAP’s Enterprise Cloud Services continually growing, when it comes to securing the RISE with SAP platform innovation is essential.

“Enterprise Cloud Services growth has been impressive in the last two years, and we look forward to continued growth,” Costea comments. As a result, this growth means onboarding top customers from all industries with the strongest security requirements.

“ We collect and process tens of terabytes of data per day, and that amount of data flows over some big highways in the city of SAP”

ROLAND COSTEA GLOBAL CISO - ENTERPRISE CLOUD SERVICES SAP

“With that in mind,” he adds, “we need to innovate in the automation space in order to become more efficient and faster in processing big amounts of data, in creating detections, in tuning them, in making sure all the security controls are enforced at the deployment level and at the same time offering the visibility and transparency all these customers need.”

Securing RISE with SAP

When it comes to securing RISE with SAP, Security Engineering, Detection, Monitoring and SOAR each play a key role. SAP’s Security Information and Event Management system

is the core of the organisation’s Security Operation Centre, with Costea’s team working with one of the top software security providers to create the platform for SAP’s cloud. “In addition, SOAR components are integrated with our SIEM in order to support our security operations in the most efficient way,” he adds. “But that still is not enough.”

Central to Costea’s approach to security is speed. From that perspective, his team faced five main challenges.

“First,” he explains, “we needed the ability to easily manage data normalisation and enrichment to ensure the security triage

FROM THREATS TO DETECTIONS IN MINUTES

"Anvilogic is an innovator in the security space"

Roland Costea CISO - ECS, Executive at SAP

SAP automates detection engineering & hunting with Anvilogic

Anvilogic’s AI-driven platform for threat detection & hunting, unifies security operations to increase visibility & helps to find and combat threats faster

Cybersecurity company, Anvilogic, has a mission to democratise and unify detection engineering and hunting, empowering Security Operations Centre (SOC) teams to better protect organisations from cybersecurity threats with greater efficiency and effectiveness.

“We automate cybersecurity operations, particularly detection, engineering and hunting and investigations,” explains Karthik Kannan, Anvilogic’s Founder and CEO. “By automating the process of observing key capabilities of the enterprise, mapping them on frameworks like MITRE ATT&CK, we can then automatically provide insights and recommendations for what detections need to be put into place and automate that process,” explains Kannan. “From there, we progress into completely AI-led analysis of signals so that we can find revealing patterns for which there may have not been detections at all in the first place.”

As Roland Costea, the Global Chief Security Officer for Enterprise Cloud Services at SAP, explains, Anvilogic enables SAP to move quickly from threat research to building, deploying and then improving the detection process.

By including automation and AI in the security process, Anvilogic is helping SAP be more efficient and optimised, ultimately enabling it to respond faster to threats.

“Anvilogic is an innovator in this space and we are extremely happy with the partnership that will allow us to not only solve and improve ourselves, but also to have a unique approach to protect the private cloud and, ultimately, the data of the most important companies in the world,” Costea comments.

“I really like to work with innovative startup companies,” he concludes. “This brings the excitement that together, we can share insights to help develop the roadmap and how to continue to grow the Anvilogic platform. All of this can not only help SAP, but also help the whole world to address threat detection, investigation, hunting, and triage in a better optimised and, in the end, quicker way.”

team has the proper context and details to make quick decisions.

“Second, we needed a way to consistently measure our ability to detect priority threats across the MITRE ATT&CK framework in real-time and ensure we have a proper understanding of where and how we need to improve.

“Third,” Costea adds, “we had to streamline how detections are managed, deployed, and version controlled, while also improving the time to deploy them.

“Fourth, we had to improve our triage and analysis capabilities by understanding correlation relationships fast. And fifth, we use several tools in our Detection Lifecycle, and we were looking for a way to centralise everything.”

That, Costea adds, is where SAP’s work with the automated threat detection platform Anvilogic comes in, “which helps us to address these five challenges.”

A focus on zero trust

The rapid adoption of cloud services in recent years brings a new focus on Zero Trust principles. Organisations can no longer trust perimeter security alone with an “implicit trust” granted to assets or user accounts based solely on their physical or network location.

Most cyberattacks and data breaches come as the result of a stolen identity, and while more and more corporations are using identity protection solutions, this type of protection is not built into the architecture. Zero trust is designed to solve these shortcomings.

“SAP applications are business-critical applications for many enterprises and all of them think about two main use cases in regard to zero trust: to make connections between SAP solutions zero-trust compliant,

Experience Your SAP S/4HANA Transformation, Secured

Accelerate your SAP S/4HANA transformation with Zscaler’s Zero Trust Exchange. Our security cloud defends against sophisticated threats while ensuring a frictionless experience, propelling your business to innovate and grow at lightning speed. Experience the transformative power of zero trust with Zscaler.

Learn more about Zscaler for SAP S/4HANA today and start your zero trust journey here: Visit Zscaler or the SAP Store

and to facilitate more secure user access and accelerate migration to cloud solutions from SAP,” Costea explains.

“We work with Zscaler for RISE with SAP S/4HANA Cloud, public or private editions and SAP S/4HANA Cloud, private edition.”

The need for data observability

As Costea explains, when it comes to SAP’s security strategy speed alone is not enough: “We also need to have control and visibility into our own datasets so that we make intelligent decisions.”

Central to this is SAP’s collaboration with observability pipeline Cribl.

“We collect and process tens of terabytes of data per day, and that amount of data flows over some big highways in the city of SAP, and Cribl gives us the control over the lights, over the crossroads, over when do I want to close a highway or not. Because the private cloud is an extension of our customer's network, they feel like we are part of their network, and they want to have a bit more visibility into what this cloud service delivers for them from a security perspective,” Costea explains. “As a result, we decided to create specific data flows for customers interested in getting their log service in a controlled way, with the correct architecture built around what we call Customer Data Landing Zones. Speeding onboarding, enrichment, normalisation and masking features provide us with clean, relevant data on which to build better alerts and have data ready to accelerate incident investigation and response.”

Autonomous

Purple

Teaming.

The highway to cyber resilience.

Your best defence is offensive intelligence. CODA Footprint enables SOC teams to proactively identify exploitable cyber killchains and collaborate internally to disarm them in real-time.

Autonomous Application Exploit Engine as a service

Finding vulnerabilities and managing them in an environment that is already filled with new, emerging, and evolving threats can be overwhelming. The sheer volume of available patches that must be deployed each month is already massive and it continues to grow.

“In the context of SAP Private Cloud, the customer still keeps the ownership and responsibility to secure the application layer,” Costea describes. “That means on one side that the customer needs to cooperate with us in approving specific downtime windows, and on the other hand that they have a role in analysing product-related patches released by the SAP Product Development Teams.”

One of SAP’s new services, RAVEN, which will be launched as a pilot end of 2023, has a component developed with CODA that will allow customers to make decisions with speed and accuracy when it comes to managing risk.

As Costea explains, the service will deliver hyper-contextualised risk signals to customers, allowing them to take the correct and timely decisions when it comes to managing risk across their SAP cloud environments.

“Our goal at SAP is to build solid processes, leveraging bleeding-edge technology in order to help our customers reduce their real cyber risk exposure to nearly zero,” he adds. “And we know this requires continuous effort from all parties involved.”

AI and ML present new risks in the security landscape

The deployment of emerging technologies such as AI and ML are becoming increasingly common in automating and streamlining various processes. However, as Costea explains, these technologies present new risks, as they may become targets for attackers. “New vulnerabilities or zero-day exploits may be identified in these systems,

which must be considered,” he comments. “Another area of concern is the security of the Internet of Things, which has gained momentum in the market in recent years”.

As companies continue to adopt container-based architectures, container security, and Kubernetes-based security in the cloud are also emerging as important topics on the cybersecurity agenda.

“Overall,” Costea adds, “it is important to remain vigilant and proactive in identifying and addressing potential risks associated with these new technologies.

Quantum computing is another emerging trend that presents significant challenges to cybersecurity, with its potential to operate at much faster speeds than current technology meaning that current encryption methods may be compromised. “Encryption algorithms that were once deemed secure may become vulnerable in a matter of days, weeks, or months, rather than years,” Costea concludes. “These challenges require the industry’s attention in the coming years to maintain the security of sensitive data and systems.”

“Our goal at SAP is to build solid processes, leveraging bleeding-edge technology in order to help our customers reduce their real cyber risk exposure to nearly zero”

ROLAND COSTEA GLOBAL CISO - ENTERPRISE CLOUD SERVICES SAP

AI AND BIOMETRICS KEY TO BUILDING TRUST IN A DIGITAL WORLD

With use of biometrics continuing to rise, identity verification software is increasingly using AI to help keep consumers safe and secure

In today’s digital world, passwords are simply not secure enough. According to Verizon’s 2022 Data Breach Investigations Report, stolen password credentials were involved in 61% of all company data breaches last year. In fact, with bots capable of attempting over 100 billion password combinations per second, the average eight-character password can be cracked in as little as 12 minutes.

Researchers from Stanford University and Tessian, Psychology of Human Error 2022, found that approximately 88% of all data breaches are caused by an employee mistake. As a result, it is evident that traditional authentication methods must be replaced with the latest biometric technology, such as specialised hardware sensors in mobile phones, fingerprint detectors, unique facial recognition cameras (3D), or iris recognition.

Biometric technology has become increasingly popular in recent years, especially with the advent of two-factor authentication for online banking. The global biometric market's revenue reached US$43bn in 2022 and is projected to hit US$83bn by 2027.

Biometrics provide increased levels of assurance to providers that a person is real by verifying a tangible, real-world trait as both something the user has and something the user is. “The use of passwords for user validation is heavily reliant on limited human memory capacity,” says Amanda Widdowson, Head of Human Factors Capability at Thales UK.

Start Today

SIRIONLABS, EMPOWERING TRUE COLLABORATION AND PARTNERSHIP

Ajay Agrawal, CEO & Co-Founder of SirionLabs, discusses their fruitful partnership with Vodafone and how CLM enables smarter contracting enterprise-wide.

USER WILL REQUIRE MANY PASSWORDS FOR PERSONAL AND PROFESSIONAL APPLICATIONS AND WEBSITES”

Ajay Agrawal, CEO & Co-Founder of SirionLabs, shares how the alignment of values and the power of CLM have made for an effective partnership with Vodafone. “We believe in the power of cost savings and superior customer experience, and therein lies the synergy between our organisations. What started out as a post-signature value realisation exercise back in 2016 has since grown into a full suite CLM solution encompassing customised pre-signature features to cater to local markets spread over more than 40 countries. Nothing gives me greater happiness than a customer who has been able to gain increased visibility and get a tighter grip over their contracts.”

ranging from missed commitments or complaints to disputes or disagreements. Automation also reaps many benefits and has enabled Vodafone to cut costs in contract management and supplier governance by more than 60%, reducing manual effort by almost 50% and generating further savings through reduced headcount cost. Post signature activities have also become smoother and a lot more efficient, with one enterprise contract repository across all suppliers and managing them according to their footprint.”

According to Mitek: “Most user’s passwords, PINs, and personal identifying information have likely been compromised with a data breach, meaning billions of accounts can be accessed by fraudsters who retain the answers to traditional authentication methods.”

By leveraging AI and extracting valuable data, SirionLabs’ CLM solution empowers collaboration and continued cooperation and partnership long after contracts have been signed.

The role of AI in biometric authentication

“Vodafone has today around 2000 strategic supplier contracts managed through SirionLabs, which oversee a spend of close to 6 billion euros annually. Through our initial discussions, we saw great potential in addressing Vodafone’s commercial engagements, tracking and realising value at scale through a myriad of systems that were retrofitted to suit existing infrastructure.”

“A typical user will require many passwords for personal and professional applications and websites. There is a risk that people will use the same, easy-to-remember password for several applications, so if one is compromised, the rest are too. Biometric technologies may be a better solution because they eliminate reliance on human memory. Fingerprint and facial recognition systems are common on smartphones, but could be better utilised in commercial computer equipment and applications.”

“Our four-way automated invoice matching solution has contributed to Vodafone’s bottom line, enabling them to save hundreds of millions of dollars. It has also reduced the friction in their supplier landscape,

As Adam Desmond, Sales Director EMEA at OCR Labs, told Cyber Magazine last year, identity verification software technologies are using AI to enable consumers to safely and securely transact online using their mobile devices.

Agrawal explains, “Collaboration is essential to any partnership. That is really the heart and soul of any SirionLabs project. Unlike many conventional contract management systems that create, store, and maybe extract information from contracts, SirionLabs is unique because it allows both contracting parties to have continued access to the system, even after the contract is signed, while giving a single, consolidated view of data, further enhanced by rich dashboards and insights which help make quick business decisions. The purpose of that continued access is true collaboration across multiple business functions.”

“Face biometrics can determine a match between our selfie and a document,” he comments. “But what it can’t do is distinguish between a live person and someone trying to trick a biometric system into thinking it sees a live person.

“A TYPICAL

RICARDO AMPER

TITLE: FOUNDER & CEO

COMPANY: INCODE

INDUSTRY: IDENTITY VERIFICATION

LOCATION: CALIFORNIA

Founded by Amper in 2015, Incode is the onetrust company reinventing the way humans authenticate and verify their identity online to powe a world of trust. Incode’s products are being used by some of the world’s largest financial institutions, governments, marketplaces, hotels, and hospitals.

“This is where AI-powered liveness detection comes into play, which ensures the integrity of a biometric match by distinguishing both ID and liveness via AI. The technology uses facial recognition to determine if a biometric sample is being captured from a living subject who is present at the point of capture; in other words, a real, live person behind the screen. The AI can simultaneously complete the equivalent of hundreds of forensic check permutations in a matter of seconds.”

Already a familiar sight in technology from smartphones to laptops, biometric capabilities are increasingly embedded in everyday life. As Ricardo Amper, CEO of digital identity company Incode, explains,

the goal is to reinvent the way people authenticate and verify their identity online.

“Our product research and development is geared towards accelerating its adoption across a wide variety of industries,” he explains. “With one identity everywhere, Incode will be fulfilling its mission of creating trust by reinventing the way people authenticate and verify their identity online.

“We have engineered a complete set of features including world-class facial recognition technology that is able to recognise when someone is sending a fake photo, video or wearing a mask,” Amper

EXECUTIVE BIO

AMANDA WIDDOWSON

TITLE: HEAD OF HUMAN FACTORS CAPABILITY

COMPANY: THALES UK

INDUSTRY: CYBERSECURITY

LOCATION: UNITED KINGDOM

Past President Chartered Institute of Ergonomics and Human Factors. Serving on the Executive Board. Chair of Board of Trustees. Previously, Professional head of human factors/ergonomics for Tube Lines, (later London Underground), managing a team of human factors professionals of various levels of experience.

adds. “It can clean up a blurry ID document so it can be read and assessed. Ultimately, our mission is to create one identity everywhere, speeding up authentication in a secure and compliant way, whilst giving businesses the tools they need to provide a convenient, swift, and seamless way of processing payments and other data transactions.”

Biometrics critical to building trust

With online fraud on the rise, advanced technologies are critical for businesses to build trust with customers and mitigate risks, comments Desmond. “Biometric authentication is leading the charge in the

growing fight against identity fraud. Banks are already using AI-powered facial biometrics in conjunction with liveness detection to verify faces and documents, as well as ensuring fraudsters aren’t bypassing screening processes with photos of a printed image, for example.

“But voice technology offers the next level up in powerful and convenient biometrics, with a critical role to play in improving anti-fraud defences. In fact, when combined with face biometrics, voice is one hundred times more powerful than face alone. In our experience, the combination of both voice and face biometrics makes the verification process

almost impenetrable by fraudsters, offering multiple layers of protection – liveness and recognition of both face and voice.” With constant advancements being made in the technology industry, specifically in the biometrics industry, the possibilities of how biometrics will affect our lives seem

endless, Amper comments. “To an extent, it is dependent on how much we want biometrics to impact our lives as biometrics can be used in all areas of life when it comes to authentication and identification.

“But trust is crucial for its success; the impact that biometrics can have can be substantially limited if there is a lack of trust in how the technology is used,” he concludes. “Users need to be sure that their data is being used for the purpose it was given and nothing else. This trust is hard to come by, but if gained, then there will be no limit to the impact biometrics can have on our lives.”

“VOICE TECHNOLOGY OFFERS THE NEXT LEVEL UP IN POWERFUL AND CONVENIENT BIOMETRICS, WITH A CRITICAL ROLE TO PLAY IN IMPROVING ANTI-FRAUD DEFENCES”

ADAM DESMOND SALES DIRECTOR EMEA, OCR LABS

TRANSFORMATION TO THE CLOUD HELPING AIRLINE GROUP SOAR TO ITS GOALS

Customers are always the centre of attention at the Lufthansa Group. The aviation company aims at providing its passengers with perfect service and making flying in all its facets a sustainably positive experience. Against this background, the goal is to assess the company’s offers and products along the entire travel chain on a continuous basis with the aim of optimising them.

Customer orientation and a focus on quality are the Lufthansa Group’s strategic cornerstones. Regular surveys and a continuous dialogue with passengers help the group learn as much as possible about customer needs and to include them in the development of innovative offers.

Significant investments in a modern and efficient fleet, more comfort on board, numerous product innovations, and digital offers ensure that flying is becoming more and more attractive and sustainable for the Lufthansa Group’s customers with the ambitious climate target of being carbonneutral by 2050.

LUFTHANSA GROUP’S DIGITAL TRANSFORMATION IS ENABLING THE GROUP TO PROVIDE A SEAMLESS DIGITAL EXPERIENCE FOR CUSTOMERS AND ACHIEVE ITS SUSTAINABILITY GOALS

As the world increasingly leverages the power of modern technologies, Ankur Rastogi, Group Head, IT Application Management, Transition and Cloud Migration at Lufthansa Group, explains, the organisation’s aim is to be the most digital and the most innovative aviation group in the world.

“Digital transformation is embedded in our business strategy,” he comments. “And our cloud strategy forms a key pillar in our digital strategy. The philosophy behind our cloud strategy is cloud-first, but not cloud-only.

“Cloud is not just an infrastructure agenda. It is a platform that should be a key pillar in your digital transformation story”

ANKUR RASTOGI GROUP HEAD – IT APPLICATION MANAGEMENT, TRANSITION & CLOUD MIGRATION; SENIOR DIRECTOR, LUFTHANSA GROUP

“In simple terms, it means that any new solution that we buy or build has to be cloud native. We are not going to invest in products that are designed for legacy environments.”

Central cloud team

As part of his responsibilities, Rastogi heads Lufthansa’s group-wide central cloud team, which is responsible for creating, maintaining, and updating the organisation’s cloud strategy. Lufthansa Group’s cloud transformation was not just about migrating one application from an on-prem data centre to the cloud, he explains.

ANKUR RASTOGI

TITLE: GROUP HEAD – IT APPLICATION MANAGEMENT, TRANSITION & CLOUD MIGRATION; SENIOR DIRECTOR

COMPANY: LUFTHANSA GROUP

EXECUTIVE BIO

Ankur Rastogi completed his Engineering in electronics and communication and MBA with specialisation in Information Management. He comes with 20+ years of strong international and multi-cultural experience in IT and management consulting across different domains and regions (Europe, India, and Africa). He has handled a variety of leadership roles across different disciplines in global organisations like Lufthansa, Oracle, HP Enterprises, and QS Advisory. In his current role at Lufthansa Group, he is the Group-wide process owner for IT Transition and Operations responsible for processes, platforms, partners and practices around IT test and quality management, and application management. As part of Lufthansa’s digital transformation initiatives, he is heading the Central Cloud team, which is responsible for cloud adoption and migration of the entire application portfolio to cloud across the Group.

PROtransformation

Relentlessly transforming business to move the world forward.

Learn more

The Heart of Progress

Kyndryl’s Senior Partner Walter Huber talks cloud options

Kyndryl’s Walter Huber is the Vice President & Senior Partner for the Lufthansa account, which means, within Kyndryl, he’s Mr Lufthansa 24/7

Walter Huber is the Vice President and Kyndryl’s Senior Partner for the Lufthansa account, which means he is also known as ‘Mr Lufthansa’ within Kyndryl. Founded in 2021, Kyndryl was once a division of the IBM Corporation, called Global Technology Services.

“We design, build, manage and modernise mission critical infrastructures that keeps the world economy going,” Huber explains.

Kyndryl supports Lufthansa as it shifts to the cloud.

As a trusted partner, Kyndryl manages the foundations of Lufthansa Group cloud system. Having successfully transitioned workloads into the cloud for Lufthansa, Kyndryl is doing more than simply migrating workloads and then running it. “Focusing on the

customer, we can advise which cloud environment is best for which workload – and then accompany the transformation journey.”

Keeping the customer at the centre

The Kyndryl story is about growth and creating value for their customers.

“We are working closely with Lufthansa and its business units to understand what is driving them and understand what they must change going forward to be the most digital and innovative airline group. Putting the customer in the centre of all of that is extremely critical for us, and it’s one of the core values of Kyndryl.”

Another value is to maintain customer focus. Kyndryl does this by aligning itself to the way

the customer is organised and how that customer makes its business decisions.

After an almost 10-year partnership with Lufthansa, Kyndryl sees an ongoing evolution for their continued work together.

“We will continue to drive that relationship with our customer,” he says. “We will continue to work with Lufthansa to take advantage of the capabilities we can offer, using the Kyndryl Vital approach that allows us to find new solutions and the Kyndryl Bridge that allows us to plug in new technologies and new systems into a network managed by us.”

ANKUR

“Our cloud strategy is based on the philosophy of cloud-first, but not cloud-only”

“We are migrating thousands of applications residing in multiple data centres,” Rastogi adds. “In a cloud transformation journey, there are multiple stakeholders: application manager, infrastructure team, enterprise architecture team, security team, operations team, licence management and the procurement team.”

“Our central cloud team is bringing all of these stakeholders together towards a common goal, ensuring that they are all working towards the same target objectives and that they're following the same guidelines.”

For managing cloud adoption and transformation at Lufthansa, the central cloud team had to establish a number of guiding principles across aspects related to technical, time and financial considerations.

“The first factor we considered was how we wanted to use the cloud,” Rastogi says. “We would like to use the cloud the way it's designed. It should be possible to use the cloud on a self-service, on-demand and payper-use, or metered, basis.”

“We also want to use the cloud as natively as possible, meaning our implementation preference is Software-as-a-Service, followed by Platform-as-a-Service, and only in the last case, Infrastructureas-a-Service, or lift and shift migration approach. The business continuity and security requirements are directly considered in the design phase.”

As Rastogi explains, there are also guidelines related to time, to fit in with application life cycles and contractual timelines, as well as financial guidelines. “You could spend a lot of effort redesigning or modernising your complete application,” he says, “but at the same time, there has to be a business case behind it. So time versus cost is always a risk-reward that you have to keep in mind.”

Making or breaking the cloud journey

There are many aspects that organisations should keep in mind that could make or break a cloud journey; the first of which is having the right strategy. “There are modern data centres that can meet many of your requirements, but there has to be a good reason why you're migrating to the cloud. Cloud can be a key pillar behind your digital transformation story,” comments Rastogi.

109.5K+

The Lufthansa Group has approximately 109,509 employees (31st Dec 2022)

“The second aspect is setting up the right structure in place,” he adds. “For instance, if there is a need for a central cloud team, generally referred to in the industry as the cloud centre of excellence. Similarly, one needs to decide if the journey is performed on a centralised basis or on a decentralised basis.”

“Third is the governance part, which includes technical, security, and process

Unmatched Core to Experience Transformation

LTIMindtree is a new kind of technology consulting firm. We help businesses transform – from core to experience – to thrive in the marketplace of the future. With a unique blend of the engineering DNA with the experience DNA, LTIMindtree helps businesses get to the future, faster.

www.ltimindtree.com

How LTIMindtree are shaping global cloud development

Since beginning its journey with Lufthansa Group in 2017, technology consulting firm LTIMindtree has positioned itself as one of the group’s key partners

A new kind of technology consulting firm, LTIMindtree helps businesses transform – from core to experience – to thrive in the marketplace of the future.

Headquartered in Mumbai, India, LTIMindtree has nearly 90,000 IT professionals and works for about 700 clients worldwide.

Today, LTIMindtree is working with all subsidiaries of the Lufthansa Group. But, as Klaus Seifert, Regional Vice President and Head of Germany, explains, the journey started in 2017 with a highly successful data and analytics project.

“The project was about developing a predictive analytics system to properly forecast the demand and optimise the seat pricing for the airline,” Seifert comments.

From there the relationship between Lufthansa Group and LTIMindtree has evolved, with the consulting firm helping Lufthansa Cargo on its cloud journey and later on taking over cloud operations for the AirPlus and Sky Chefs part of the group.

As with countless businesses affected by the COVID-19 pandemic, LTIMindtree was also able to help Lufthansa Group come up with new solutions to scale the business.

“One part of Lufthansa was running extremely well, the cargo side,” Seifert explains. “But the travel side went down. We helped Lufthansa to downscale on one side and become more agile on the other side, where new solutions were needed to cope with demand. That really brought us together in a partnership.”

“At LTIMindtree, we have a long history in travel, transportation and hospitality,” concludes Seifert. “At the same time, our focus on the client experience, customer experience, data analytics, and the cloud journeys are positioning us well as a future strategic partner to advise Lufthansa for their strategies in the cloud, and also for their development of migration strategies.”

€32.77mn

guidelines, as well as a lot of things related to the set up and running of a cloud community within the organisation.”

However, most importantly, Rastogi says, is the concept of change management in the organisation’s journey to the cloud.

“Many people treat cloud as purely a data centre replacement, and hence they try to incorporate the same processes and controls from the data centre world into the cloud,” he says. “But cloud adoption is a paradigm shift. It's not just the replacement of an infrastructure platform.”

As Rastogi explains, business-oriented solutions can be directly built in the cloud. “The cloud can be used as a self-service platform, meaning people can directly go into the cloud

Lufthansa’s cloud journey is helping group soar to its goals

Lufthansa Group’s goal is to become the most digital aviation group

Microsoft supports this transformational journey providing leading Cloud platforms and solutions to Lufthansa empowering their employees and business units to achieve more like the One Data Platform project that enables Lufthansa to assist passengers with personalized services before, during, and after their flight.

portal and provision not just an infrastructure environment but their complete end-to-end solution,” he says. “So many processes that were set, many controls that were in place can get obsolete or need some sort of adaptation. And this is what I call change management. It requires a mindset change.”

The end goals of Lufthansa’s digital journey

As Rastogi lays out, Lufthansa's core mission is to connect people, cultures, and economies in a sustainable way. The organisation has made substantial investments in digital transformation projects, with the end goal to offer the most seamless and the bestconnected travel experiences for customers.

“We start by offering an enhanced user experience, which is personalised,” he comments. “It also means that we can offer a homogeneous experience to passengers, no matter which of our airlines they fly or which of our touchpoints they use to interact with us.”

“We have introduced digital self-service solutions for bookings, rebooking refunds and claim management, handling irregular situations and so on,” he adds. “In the long run, we are trying to create an overall marketplace where personalised solutions can be offered to customers based on their individual needs.”

“The cloud allows us to use resources more efficiently and in a more optimised manner”

Lufthansa Group’s digital journey is also having a significant contribution to meeting the organisation’s sustainability goals. The group is one of the leading players and is setting the agenda when it comes to sustainability, with the target to be net carbon neutral by 2050.

“We are constantly renewing our fleet with more modern, efficient aircraft, which are also more fuel efficient, and more energy efficient,” Rastogi comments. “We are continuously investing in research and implementation of sustainable aviation fuels. We have established the Cleantech Hub, a platform that is driving more than 80 projects in this space. And to our own customers, we are continuously offering more and more sustainable products on our digital platforms.”

“Digital initiatives contribute a lot to sustainability. If I take the cloud as an example, the cloud allows us to use resources more efficiently and in a more optimised manner.”

As Rastogi explains, Lufthansa Group works hand-in-hand with cloud providers who also have very ambitious goals in regard to sustainability, with more fuel-efficient and more energy-efficient data centres.

“The best part I like about cloud is it offers a lot of transparency in various sustainability dimensions, especially in terms of what kind of services you consume and how it directly translates into carbon footprints,” he comments. “So that generates a lot of interesting and useful information.”

“Don’t adopt cloud just because everyone is doing so. Like for any transformation programme, there should be a reason and it is important to answer the question ‘why’ seriously”

This information can further be used to build decision-making algorithms helping Lufthansa Group optimise various parameters within the business domains, from aircraft turnaround time, network scheduling and planning to passenger management. “In my opinion,” Rastogi adds, “every time you make an improvement in efficiency, you're indirectly contributing to sustainability goals.”

Taking a multi-vendor approach to partnerships

Partners are critical for successful outcomes, as Rastogi explains. For every task, a thorough analysis is undertaken to decide if it should be done in-house or should be outsourced. A strategic decision was to employ a multivendor approach.

“In each partner category whether it is cloud, managed service, migration or operations partners — we did a proper due diligence and followed a thorough selection process,” Rastogi says.

For Lufthansa Group, a decision was made to go with a multi-cloud and a hybrid cloud approach. “In our cloud ecosystem, we work quite closely with Microsoft, which is one of our primary landing zones,” Rastogi comments. “Many applications are already in or are in the process of being migrated to Azure. When it comes to managed services, we work with CGI and Kyndryl who are managing the foundations of our cloud ecosystem,” Rastogi adds. “For cloud migration and application operations and management, we work very closely with CGI and Mindtree.”

“Cloud adoption is a paradigm shift. Business-oriented solutions can be directly built in the cloud”

Cloud strategies and risk management

Talk of risk management or security or compliance might initially seem daunting in the cloud, but as Rastogi explains, many aspects that might apply to any IT project also apply to the cloud.

“Cloud providers themselves spend a lot in avoidance of any vulnerabilities,” he comments. “However the overall end-to-end

risk management is a shared responsibility. We need to set up our own organisations and controls over and above the measures provided by the cloud providers.”

As Rastogi explains, measures that would be implemented on a typical IT lifecycle apply to the cloud as well, for instance generating awareness, building the right checks and balances, introducing policies

“Structure the journey to cloud and the organisational setup properly. Hire the right skills and choose the right partners”

ANKUR RASTOGI GROUP HEAD – IT APPLICATION MANAGEMENT, TRANSITION & CLOUD MIGRATION; SENIOR DIRECTOR, LUFTHANSA GROUP

like multifactor authentication, password and encryption policies, configuring and securing infrastructure and networks by implementing the right kind of architecture, firewalls, network security groups and load balancers.

“Another interesting aspect with cloud is the evergreen approach,” he comments. “Cloud does not support legacy technologies or older versions of

operating systems and databases. So the cloud is forcing us to continuously upgrade our applications to the latest versions and constantly patch them.”

Continued heavy investment in digital transformation projects

As Rastogi describes, the future at Lufthansa Group will see continued heavy investment into digital transformation projects, balancing the objectives of innovation transformation and operational stability.

“Through digital transformation projects, we are trying to improve our customer satisfaction, and make their overall travel experience simpler and as individualistic as possible. We are trying to offer a seamless and connected experience.”

“We are building up a marketplace environment with different ancillaries and different products, which are personalised,” Rastogi adds. “These will leverage the data and insights that we capture and offer solutions to our customers that fulfil their needs.”

At the same time, along with customerfacing projects, the group is also investing in a number of projects internally, such as solutions to improve employee collaboration and employee experiences.

“We are constantly modernising our application portfolio and our infrastructure portfolio,” Rastogi concludes. “We have projects that are focused on improving our cyber-defence capabilities. In all of these projects, whether in the digital area, innovation area, or modernisation of our application stack, the cloud continues to be a key pillar.”

APPLICATION SECURITY KEY TO COMBATING VULNERABILITIES

TO VULNERABILITIES

As technology continues to advance and businesses become increasingly reliant on digital platforms, application security (AppSec) vulnerabilities are on the rise. The impact of these vulnerabilities can be devastating, resulting in data breaches, financial losses, and reputational damage.

According to VMware, application security describes security measures at the application level that aim to prevent data or code within the app from being stolen or hijacked. It encompasses the security considerations that happen during application development and design, but it also involves systems and approaches to protect apps after they get deployed.

Companies are increasing their investments in AppSec, with overall spending predicted to hit US$7.503bn this year, a 24.7% increase from the previous year.

According to Snyk, AppSec best practices can help uncover vulnerabilities before attackers can use them to breach networks and data. The issue is widespread: according to Snyk’s 2021 State of Cloud Native Application Security report, over 56% of organisations experienced a misconfiguration or known unpatched vulnerability incident involving their cloud-native applications. While not all of these vulnerabilities present a major security risk, hackers themselves evaluate vulnerabilities to find which ones present a plausible method for penetration.

With app vulnerabilities on the rise, companies are increasing their investments in AppSec, with overall spending predicted to hit US$7.5bn this year

LAW

Enabling

educators. Empowering students. Explore how we accelerate student discovery, learning and innovation with our Digital Education 3D Experience.

As Kev Breen, Director of Cyber Threat Research at Immersive Labs, explains, AppSec vulnerabilities are on the rise. “Attackers consistently look for new ways to exploit applications, and even the smallest of vulnerabilities can lead to a full-blown data breach,” he says.

“Yet, executives’ focus on rapidly shipping new products to market means that cybersecurity is not always the top priority, potentially exposing companies to millions in lost revenue and damaged brand reputations.”

Rise in mobile apps leading to vulnerabilities

The proliferation of mobile applications has also contributed to the rise of application security vulnerabilities. Many mobile apps are developed without proper security controls, making them vulnerable to attacks. This puts sensitive data such as user credentials, payment information, and personal information at risk.

According to online protection leader McAfee’s annual Consumer Mobile Threat Report, issued in February to coincide with the Mobile World Congress (MWC) in Barcelona, malicious apps usually fall into

KEV BREEN

TITLE: DIRECTOR OF CYBER

THREAT RESEARCH

COMPANY: IMMERSIVE LABS

LOCATION: UNITED KINGDOM

EXECUTIVE BIO

As the Director of Cyber Threat Research at ImmersiveLabs, I spend my time researching new and emerging threats and vulnerabilities. Then we create practical hands-on environments to test Red and Blue team skills against these threats.

EXECUTIVE BIO

STEVE GROBMAN

TITLE: CTO

COMPANY: MCAFEE

LOCATION: UNITED STATES

Senior vice president and chief technology officer at McAfee. Sets the technical strategy and direction to create technologies that protect smart, connected computing devices and infrastructure worldwide. Leads McAfee’s development of next generation cyber-defense and data science technologies, and threat and vulnerability research.

a few categories that are popular, easy to use, and appear harmless. Although some malicious apps offer legitimate functionality, just because a free app works does not mean it lacks ulterior motives.

“Our mobile devices are an essential part of our daily lives now more than ever. They allow us to access a wealth of information and entertainment and provide the freedom to be productive from almost anywhere,” says Steve Grobman, Chief Technology Officer, McAfee. “Unfortunately, they also provide cybercriminals with greater access to potential victims.”

Cybercriminals frequently employ encryption to conceal their malicious code from reviewers, or they insert a delay to prevent the app's malicious intent from appearing until after it has been published in the app store.

With OpenAI's AI image generator, DALL-E 2, a wave of AI-based mobile applications that create artistic images based on photos emerged. While some of these apps are genuine, others may be malicious apps seeking to exploit recent AI trends.

6.2% of threats that McAfee identified on Google during 2022 were in the

‘Communication’ category, mainly malware masquerading as SMS apps. But even legitimate communication apps can create an opportunity for scammers. They will use fraudulent messages to trick consumers into clicking on a malicious link, trying to get them to share login credentials, account numbers, or personal information.

Though these messages sometimes contain spelling or grammar errors, or use odd phrasing, the emergence of AI tools like ChatGPT can help scammers clean up their spelling and grammar mistakes, making it tougher to spot scam messages by mistakes in the content. The severity of these communication threats is also evident in the volume of adults (66%) who have been messaged by a stranger on social media, with 55% asked to transfer money.

A total of 23% of threats that McAfee identified were in the "Tools" app category. Work-related apps for mobile devices are great productivity boosters – categories like PDF editors, VPNs, messaging managers, document scanners, battery boosters, and memory cleaners.

These types of apps are targeted for malware because people expect the app to require permissions on their phones. Asking for permissions to storage, messaging, calendars, contacts, location, and even system settings is not unusual and enables scammers to retrieve all sorts of work-related information.

9% of threats that McAfee identified were games from app categories such as casual, arcade, and action. Malicious apps often target things that children and teens like, such as gaming, making videos, and managing social media. The most common types of threats detected within the gaming category in 2022 was aggressive adware – apps that display excessive advertisements while using the app and even when you're not using it.

Application Security 101 - What you need to know in 8 minutes

“It’s important to make sure that kids’ phones are either restricted from downloading new apps, or that they’re informed and capable of questioning suspicious apps and identifying fraudulent ones,” says McAfee.

The need for upskilling

To safeguard companies, application development teams need to upskill their people, prepare for rapidly evolving vulnerabilities, and prove their readiness to confront them.

“Despite the marketing hype, AppSec software and classroom-based training exercises alone fail to meet the mark,” comments Breen. “While AppSec software can provide a first line of defence, it can’t measure preparedness. Likewise, making teams take online cyber-security quizzes or get a one-time certificate is woefully inadequate for developing the skills necessary to thwart emerging threats.

“Today, a new people-centric approach to team learning and preparedness called Cyber Workforce Resilience is paving the

way for better security. The future of AppSec will include sophisticated tools that simulate real-world threat situations, allow teams to practise effective security protocols without fear of breaking their code, and help enterprises benchmark capabilities across the entire SDLC.”

As Breen concludes, cyber resilience for organisations will increasingly be expanded to the entire workforce. “Savvy enterprises are already implementing such tools to protect their end-users, reputations, and revenues,” he says, “while proving their preparedness to senior leadership teams and their boards.”

KEV BREEN DIRECTOR OF CYBER THREAT RESEARCH, IMMERSIVE LABS

“

While AppSec software can provide a first line of defence, it can’t measure preparedness”

SAP’s Sam Castro on AI and risk resilience in manufacturing

SAP’s Sam Castro is a solution manager for Digital Manufacturing. He tells us about AI, risk resilience and supply chain sustainability

SAP is a global software provider and a leader for enterprise business process software, including solutions to manage supply chains. SAP provides technologies, supports the cloud and cloud platform environments, as well as artificial intelligence/machine learning (AI/ML) libraries, robotic process automation (RPA) and in-memory technology for high-end computers. SAP’s solutions for manufacturing execution and insights are part of a portfolio of products for supply chain management and leverages these technologies.

“We're an enterprise business software and a technologies company,” says Sam Castro Senior Director, Solution Management, LoB Digital Manufacturing.

Castro is a Senior Director at SAP and a part of the line of business manufacturing solution management team. The line of business covers the 27 manufacturing industries for which SAP provides software solutions.

“All of those industrial companies have needs around operations visibility, control and reporting,” Castro explains. “The different industries have different targets that they're after. Some are heavier on the asset side, some of them are heavier on product quality and yields, others are all about logistics and moving products around on-time through the supply chain.”

SAP is met with a diverse set of requirements and needs from its customers. Solution management takes these industry needs and applies them to market direction and invests them in the portfolio.

“We provide guidance on where to focus and the emphasis for development, and that strategy big picture where we want to take the products,” Castro explains.

In college, Castro completed a Bachelor's in computer engineering and a Master's in computer science at the Rochester Institute of Technology (RIT).

“I came from the hardware bridge to the software bridge very naturally after graduating,” says Castro. “I was dropped into the manufacturing floor because that is exactly where the hardware automation side bridges over into the software.”

He was faced with a great deal of information and digital signals from the automation layer and was tasked to turn it into information — how does SAP make that translation?

“I started at the very lowest level and moved my way through Lighthammer Software, which was acquired by SAP back in July 2005,” says Castro. “I worked my way through SAP into the role that I'm in today.”

“Being a sustainable enterprise means that you're an efficient enterprise”

SAM CASTRO SENIOR DIRECTOR, SOLUTION MANAGEMENT, LOB DIGITAL MANUFACTURING, SAP

Don’t be surprised.

Today’s supply chain comes with constant uncertainty. So how are you preparing for whatever comes next?

Discover how Deloitte can help you enable a built-to-evolve digital supply chain that allows you to pivot quickly no matter what surprises the future brings.

Learn more about our Kinetic Supply Chain offerings for embedding flexible capabilities, intelligent insights, and sustainability from end to end.

Contact SAP@deloitte.com to get the conversation started.

Built for impact

Getting ahead of change with a disruption-ready digital supply chain

Digitally driven business is an imperative in today’s uncertain landscape, but to thrive organizations will need digital supply chains that can anticipate disruption and evolve in lockstep with change all while prioritizing sustainability and responsible practices.

At Deloitte, such capabilities are part of our vision for the Kinetic Supply Chain a built-to-evolve supply chain enabled by a clean-core ERP, intelligent technologies, responsive cloud solutions, and an inclusive ecosystem of capabilities. Kinetic Supply Chain capabilities can allow you to see issues and opportunities before they arise and to take action sooner.

Envisioning the future

Ultimately, it’s about flexibility which can be elusive for many organizations. While optimizing supply chains over the years, some companies may have gained efficiencies without gaining the flexibility that they need in today’s environment. For example, they may have gotten down to one or two key suppliers instead of 20,

but they may not have the ability to sense the need for new suppliers, in the event of a regional fuel or material shortage, for example. They also may lack the ability to seamlessly and quickly integrate any new suppliers into their digital ecosystem. And at the same time, they may lack visibility into what those suppliers will mean for their carbon footprint, their sustainability goals, and their impact on the planet.

With a Kinetic Supply Chain covering planning, procurement, distribution, and operations you can proactively address many of those challenges and become “disruption ready.” More than a vision, the Kinetic Supply Chain is real, and you can see it in action at The Smart Factory @ Wichita At this full-fledged manufacturing facility, housed in a net-zero-impact building, Deloitte, SAP, and others are collaborating to solve real business needs and understand what it takes to build and scale flexible digital supply chains. Contact SAP@deloitte.com to schedule a visit or to get more insights on enabling a built-to-evolve digital supply chain.

SAP’s Sam Castro on AI and risk resilience in manufacturing

Risk resilience and sustainability in the supply chain

When you talk about risk resilience at SAP, it’s about how to handle the real world, not setting up a plan and adhering to it day in and day out.

“You would like it to be like clockwork, for sure,” says Castro. “Where everything always aligns and meshes the way that it's supposed to all the time, every second. But we know that's not always the case.”

Weather events, pandemics, labour shortages or large sporting events can cause supply chain issues. For Castro, resiliency is the byproduct of having to have to handle these off-topic or out-of-sync scenarios and the ability to detect that you're out of sync

“Here are the enablers of AI and ML type algorithms that you can use and put together how you see fit”

SAM CASTRO SENIOR DIRECTOR, SOLUTION MANAGEMENT, LOB DIGITAL MANUFACTURING, SAP

with the original plan and react to it in a coordinated manner.

“The faster you can do that, the faster you can correct that problem,” says Castro. “Then you’re able to identify how often those deviations occur — that frequency of occurrence, that is your opportunity.”

Being able to quantify that opportunity and understand what those little deviations actually add up to, and how that impacts the business financially, is one of the key topics around what customers will hear about resiliency from SAP, says Castro.

“Sustainability is an overlay to that, sustainability is a byproduct of efficiency,” says Castro. “Being a sustainable enterprise means that you're an efficient enterprise.

EXECUTIVE BIO

SAM CASTRO

TITLE: GLOBAL VICE PRESIDENT, CENTRE OF EXCELLENCE

INDUSTRY: MANUFACTURING

LOCATION: PENNSYLVANIA, US

Sam Castro joined SAP in July of 2005 with the acquisition of a small company called Lighthammer. He was responsible for implementation consulting, field enablement, custom development, and training for the core products (Illuminator, Xacute, UDS, CMS). These products have since evolved into the core SAP Connected Manufacturing products (Mfg. Integration & Intelligence or MII and Plant connectivity or PCo) that you see today.

Sam is now part of SAP LoB Manufacturing Solution Management group, which is directly responsible for strategy, direction, and customer adoption of all of the manufacturing products at SAP. He is specifically responsible for Industrial Analytics, that is SAP MII, Digital Manufacturing for insights, and Digital Manufacturing for execution, and he is the solution owner for Process MES products. In this role, he is actively working on mid- and long-term features and deliverables and how they are positioned with the broader SAP portfolio; he also provides guidance for product development investment.

If things are running effectively, things are running safely, and in a very energy-friendly manner as well.”

Castro views the impact of the cloud on manufacturing as a positive one.

“There are benefits for the IT team from a maintenance perspective and a continuous update and management of that software package,” he explains.

Cloud users are not dealing out of sync or outdated documentation, they’re not dealing with security issues that creep into the environment over time. Updates and patches are handled in real-time by the cloud hosting and software provider, that SaaS provider in the cloud environment. Castro views offloading that burden from the manufacturing layer and the IT teams that support them centrally and locally as a big deal for organisations and businesses.

“It keeps that barrier to entry for managing efficient production and tracking off of those teams, and it puts it firmly on the shoulders of the software provider. What does that mean for the business? It means that the end users aren't working with stale software. You're not working with software that has a UI from 15 years ago. You're not working with an ad-hoc analytical environment that used to be cool but now uses plug-ins and stuff that your browser doesn't support and ultimately causes it to have problems,” Castro explains.

As businesses are not dealing with these issues from the end user perspective, they're able to take advantage of a very modern, easy to consume and use software experience and focus on their core business functions.

“Despite not directly interacting with it, the work around you is what's driving that environment for you,” says Castro. “You're not putting that burden of three or four extra clicks on somebody, this is just software that's being driven from digital signals; from

integration, automation, and the tasks that the operator is performing.”

This newer approach to software design is how SAP leverages the industry investment companies have made and it is what's ultimately reducing the impact that end users have on that environment themselves.

How manufacturers can focus on business value versus technology

There are different pillars within organisations, which have their own priorities. CEOs, CIOs, CTOs and CFOs are all working together and have overlapping needs that drive different business cases. But they need to have the right information at the top layer to make the right decision for the lowest layers within the organisation. This doesn't happen unless there is a framework in place for the distribution

and analysis of the data that is generated, from the very edges of the manufacturing and supply chain processes to the shop floor.

“If you don't have a way for that information to work its way up to the top, organisations

really struggle to understand where the priority needs to be,” says Castro.

For manufacturers to focus on business value versus technology, Castro believes that they need to intelligently manage profitability and investments. As a result of that additional profitability, they also need to protect that inflow of money and profitable behaviour for the company.

“Is that a CapEx investment? Is it an OPEX investment? Is it better granularity on product quality and an emphasis on quality for certain products or certain areas within a process that are very tricky and cumbersome?” asks Castro. “Maybe it's a new product that you're introducing and as a result, that process isn't fully stable yet. What is the emphasis in how

“Sustainability is an overlay to that, sustainability is a byproduct of efficiency”

SAM CASTRO SENIOR DIRECTOR, SOLUTION MANAGEMENT, LOB DIGITAL MANUFACTURING, SAP

much we put into that project to stabilise it? Those are the goals that are very coveted from the C-suite down, but they really are reliant from all edges of the supply chain and having that information roll all the way up.”

Enterprise-led manufacturing follows in tune with this exactly.

“The enterprise has to provide guidance to the manufacturing and supply chain teams as a whole,” says Castro. Where they want to see improvements and how much they're willing to invest in those improvements, what's it worth? How do you build that community up?”

To understand the role that manufacturing plays in an organisation’s reinvestment strategy, you must first understand where it matches up with other locales in the manufacturing environment.

112.6K+ employees worldwide (Sept. 30, 2022)

160 number of countries

22K+ partner companies

245mn+ Subscribers in SAP’s cloud-based user base

“Manufacturing isn't just a single-faceted environment. It's often made up of plants that have been around for a long time, some that were built up by your own organisation, some that came into the organisation through acquisition,” says Castro. “So you see different heritages and mentalities. They have this communal approach for how the plant manager wants to lead that group in the business forward.”

SAP’s AI standardisation journey

At SAP, being able to take advantage of AI standardisation in a universal way is important.

“You can take and apply these very technical algorithms in order to get information off them. Here's the technology, here are the enablers of data, here are the enablers of AI- and ML-type algorithms that you can use and put together how you see fit,” says Castro. “Then that carries over into

the application side, which says, we know we have these technologies, we know that this data is being generated from our transacting processes, so we have our own structured analytics pieces and now we can use these structures to drive our own models to influence our execution process.”

SAP has global partners, as well as local partners, who rely on its technology. When Castro talks about partnerships, he does not put one partner over another.

“We try to keep the community as open as possible,” he says. “We try not to promote one partner over another, because they're all very important to us.”

The openness of SAP and the openness of its software is for its customers to take advantage of, but also for their partners to put their own industry expertise behind.

“It is what gives SAP the power that we have to leverage in our own technologies to leverage partner-led innovation using those technologies to intelligently power our applications.”

“ You want it to be like clockwork, where everything always aligns. But we know that that's not always the case”

SAM CASTRO SENIOR DIRECTOR, SOLUTION MANAGEMENT, LOB DIGITAL MANUFACTURING, SAP

Flexibility key to retaining talent after Great Resignation

Organisations must be flexible to retain valuable talent, but with remote workers increasing pressure on security teams, proper training is essential

The Great Resignation is plaguing industries across the board – but it’s especially challenging within in-demand fields like cybersecurity. According to ISACA’s State of Cybersecurity report for 2022, organisations are struggling more than ever with hiring and retaining qualified cybersecurity professionals as well as managing skills gaps.

As in past years, filling cybersecurity roles and retaining talent continues to be a challenge for many enterprises. Almost two-thirds (63%) of respondents indicate they have unfilled cybersecurity positions, up 8% from 2021. Meanwhile, 62% report that their cybersecurity teams are understaffed. One in five said it takes more than six months to find qualified cybersecurity candidates for open positions.

“The Great Resignation is compounding the long-standing hiring and retention challenges the cybersecurity community has been facing for years, and systemic changes are critical,” says Jonathan Brandt, ISACA Director, Professional

Get reliable network coverage and security protection, fast.

A modern network must be able to respond easily, quickly and flexibly to the growing needs of today’s digital business. Must provide visibility & control of applications, users and devices on and off the network and Intelligently direct traffic across the WAN. Be scalable and automate the process to provide new innovative services. Support IoT devices and utilize state-of-the-art technologies such as real-time analytics, ML and AI. And all these must be provided with maximum security and minimum cost.

This is the power that brings the integration of two cloud managed platforms, Cisco Meraki and Cisco Umbrella. This integration is binding together the best of breed in cloud-managed networking and Security. cisco.com

EXECUTIVE BIO

Practices and Innovation. “Flexibility is key. From broadening searches to include candidates without traditional degrees to providing support, training, and flexible schedules that attract and retain qualified talent, organisations can move the needle in strengthening their teams and closing skills gaps.”

The cybersecurity workforce has reached an all-time high, with an estimated 4.7 million professionals, but there’s still a global shortage of 3.4 million workers in this field, according to the 2022 (ISC)2 Cybersecurity Workforce Study. Demand for cybersecurity professionals in the United States continues to outstrip available talent, according to new research, which also demonstrates the profession is fragmenting into specialised

JONATHAN BRANDT

TITLE: DIRECTOR, PROFESSIONAL PRACTICES AND INNOVATION

COMPANY: ISACA

LOCATION: UNITED STATES

As Director of Professional Practices and Innovation, Jonathan Brandt leads development and implementation of ISACA’s content strategy to optimise the product offerings for IT-related professionals and enterprises in the IT, information security, emerging technology, risk, and privacy domains.

roles including penetration testers and threat analysts.

Cybersecurity workforce analytics platform CyberSeek discovered employer demand for cybersecurity staff grew 2.4 times faster than the overall rate for other roles across the US economy.

"Demand for cybersecurity talent has been accelerating for years, and employers are showing no signs of taking their foot off the gas," says Will Markow, Vice President of Applied Research at Lightcast. "That's why it is more important than ever to build robust talent pipelines to ensure a safer digital world. We can't accept leaving holes in our cybersecurity defences simply because we don't have enough trained workers to plug them."

Addressing the cybersecurity skills gap Cybersecurity can be difficult to recruit for because of the constant need for training and vigilance, explains

“New technology can make previous cybersecurity systems less relevant, therefore professionals in the sector must remain up to date on the latest trends and innovation,” he explains. “The job also requires people who can remain composed under pressure, a soft skill that is hard to develop, and hence attracts a premium, once identified.

EXECUTIVE BIO

TITLE: SYSTEMS ENGINEERING DIRECTOR

COMPANY: FORTINET

LOCATION: UNITED KINGDOM

With extensive experience in leading and building regional and global pre-sales/system engineering teams within start-up and leading vendor environments, Fortinet’s Systems Engineering Director, David Spillance, works in all aspects of digital transformation from automation, cloud, machine learning, cybersecurity, and orchestration.

EXECUTIVE BIO

CLAR ROSSO

TITLE: CEO

COMPANY: (ISC)²

LOCATION: UNITED STATES

Clar Rosso has more than two decades of experience helping global professional associations and certifying bodies grow and strengthen member value. As CEO of (ISC)², she is responsible for the overall strategic direction and management of the association.

“Along with the difficulty in recruiting, businesses face challenges in retaining talent and providing continuous training, all of which is adding to the skills shortage. A recent Fortinet report has shown that 52% of leaders believe their employees still lack the necessary knowledge. This can lead to dysfunctional teams that are unprepared to handle sophisticated attacks. Adding to the problem is how some employees, who are in fact knowledgeable in these roles, start to feel burnt out due to excessive workload – in part because the burden cannot be shared by others who are less capable.

“Every business must take stock of what skills they have within their organisation and where their blind spots and key vulnerabilities might be. Only then, will they be aware of the skills they need to address the shortfall.”

the Game of Employee Retention

Remote working means increased pressure on security teams

A report published by cybersecurity provider Hornetsecurity found that a third of companies are not providing any cybersecurity awareness training to remote workers, according to new research, which also revealed almost three-quarters of remote staff have access to critical business data. The study also revealed nearly three-quarters (74%) of remote staff have access to critical data, which is creating more risk for companies in the new hybrid working world.

Despite the current lack of training and employees feeling ill-equipped, almost half (44%) of respondents said their organisation plans to increase the percentage of employees that work remotely.

"The popularity of hybrid work alongside the associated risks means that companies must prioritise training and education to make remote working safe,” says Daniel Hofmann, CEO of Hornetsecurity. "Traditional methods of controlling and securing company data aren't as effective when employees are working in remote locations, with greater responsibility

falling on the individual. Companies must acknowledge the unique risks associated with remote work and activate relevant security management systems, as well as empower employees to deal with a certain level of risk."

Cyber teams to be least impacted by tech staffing cuts

This year has continued from where 2022 left off, with multiple announcements of job cuts from the world’s largest tech companies, including Google, Amazon, Microsoft, Yahoo, and Zoom. But with

cuts set to continue, there are signs that cyber teams may be protected from the storm. The study – How the Cybersecurity Workforce Will Weather a Recession, conducted by the nonprofit cybersecurity association (ISC)² – found that, despite looming recession concerns, cybersecurity teams will be least impacted by staffing cuts in 2023, with C-suite executives viewing cybersecurity as an essential, valuable asset that is a strategic priority.

(ISC)²’s research found a total of 85% of respondents expect layoffs will be necessary at their organisations, but cybersecurity roles are expected to be the least affected by staff reductions, but only 10% of organisations are likely to cut jobs in cybersecurity compared to other business areas.

"The importance placed on cybersecurity professionals, even during uncertain economic times, suggests that top executives understand the critical need for a strong cybersecurity team now more than ever," says Clar Rosso, CEO at (ISC)². "This is not surprising given the upward trend in recent years where a weakening economy combined with political tensions has led to increased cyber threats. A key test for executives in 2023 will be their ability to sustain their commitment toward strengthening their organisations' resilience against evolving cyberthreats amid emerging budgetary pressures."

WILL MARKOW VP OF APPLIED RESEARCH, LIGHTCAS

“ Demand for cybersecurity talent has been accelerating for years and employers are showing no signs of taking their foot off the gas”

IS

SECURING DIGITAL TRANSFORMATION IN THE PHILIPPINES

It has been an eventful 12 months for Victor S. Genuino. Since becoming President and CEO of ePLDT – the leading enabler of digital transformation in the Philippines – on 1 April 2022, he has overseen the company’s own dramatic realignment.

That shift in business focus means an even greater emphasis on data centres, as Genuino doubles-down on the company’s pioneering commitments – they built the first data centre in the Philippines, and are currently adding an 11th to the portfolio.

VITRO Sta. Rosa will have an initial power capacity of 14MW in early 2024, which will increase to 50MW when fully operational, making it the largest and most advanced data centre in the country.

Leveraging on the telecommunication infrastructure of the PLDT Group, ePLDT is best placed to deliver customised ICT services through its suite of multi-cloud and data centre solutions, which in turn enable enterprises in the Philippines to achieve their digital transformation goals.

“It's been a hell of a rollercoaster ride,” says Genuino. “When I entered ePLDT we were into a lot of businesses that had low growth or low margin and it was an opportune time to rationalise these.

“We have to focus on where we think growth is going to come from and, more importantly, offer and provide solutions to customers to make the services of PLDT and ePLDT stickier for them.

The leading enabler of digital transformation in the Philippines, ePLDT is building and securing critical digital infrastructure for a brighter future

“Hence the focus on cloud, cyber security and our data centre business, so it's been a very good year in the sense that we were able to clean house and focus on growth for the next 5 to 10 years.”

Genuino says this shift in priorities gave the organisation clarity of purpose and allowed ePLDT to expand its partner ecosystem, focusing on hyperscalers like Amazon, Google, Microsoft, Palo Alto Networks and the like, as well as establishing partnerships both in the Philippines and the wider region that further enhances ePLDT’s existing multi-cloud capabilities.

PLDT is the dominant telco in the Philippines and behind the wireless brand Smart. They also provide home and enterprise fibre and an international connectivity business serving enterprises, SMEs and the public sector. This background has powered ePLDT to

VICTOR S. GENUINO PRESIDENT AND CEO, ePLDT

“We feel the Philippines will be primed as a regional hub in the next few years”

ePLDT VITRO Cebu

a leading 65% market share in terms of domestic data centre capacity.

“One of the main advantages of ePLDT is our relationship with the PLDT parent,” says Genuino. “Being part of the dominant telco in the Philippines allows us to build substantial infrastructure that will future-proof our operations for years to come.

“We have the largest international submarine cable systems linking the Philippines through the rest of the world to the US, to Japan and through Southeast Asia. And our domestic fibre rollout has reached 1,000,000 square kilometres. We are easily three to four times bigger than the next best player in the market in terms of fibre footprint and connectivity.”

VICTOR S. GENUINO

TITLE: PRESIDENT AND CEO

COMPANY: ePLDT

INDUSTRY: IT & SERVICES

LOCATION: PHILIPPINES

“I've worked professionally for close to 30 years now. I have been involved in both local and international companies and have worked in Hong Kong and Singapore for the likes of Philips Electronics, Siemens Mobile, and Shell Oil. Because of that experience and opportunity, I was able to work for PLDT Global, which is the international arm of the Group based in Hong Kong.

From there I moved to a sister company called Meralco – the biggest electric distribution company in the Philippines – and I worked there for 10 years before moving back to PLDT.

First, I was the head of our digital office in charge of transformation, before being assigned to run ePLDT as

Genuino talks about the importance of public-private partnerships when it comes to building transport infrastructure in the Philippines but also the need for a similar approach to digital infrastructure. He believes that in two years, ePLDT will have the capacity to transport massive amounts of data and traffic to and from the Philippines.

Geopolitical tensions in the region and a moratorium on new data centre builds in Singapore, he says, could force some hyperscalers to look for alternative sites to ensure available capacity for the growing data demands of customer.

“We feel the Philippines will be primed as a regional transit hub in the next few years and we are working very closely with the Government, with the Department of Trade and Industry, to be able to make Philippines

ePLDT is securing digital transformation in the Philippines

VICTOR S. GENUINO PRESIDENT AND CEO, ePLDT

“Being part of the dominant telco (PLDT) in the Philippines allows us to build substantial infrastructure that will future-proof our operations for years to come”

the next hyperscaler hub of Asia,” says Genuino.

“We are also working very closely with the government to ensure that we build out this infrastructure to be able to promote economic inclusiveness. We're working very closely with schools, with executive branches of government, and with SMEs to help fuel their digital transformation.”

65%

Securing the cloud

Alexis Bernardino is cyber security Evangelist/Customer Field CISO at ePLDT, and he says it is not simply a question of if an organisation will experience a breach but when.

“The $1,000,000 question really is, is your organisation ready to respond and recover?” says Bernardino.

Driving digital transformation is all well and good but, as many organisations and governments learn too late, that also means increased risk in terms of cyber security. The COVID-19 pandemic was in some ways a gift to cyber criminals who were only too happy to take advantage of the sudden rush to move business operations to the cloud.

“At ePLDT, how we adapt to this current cyber landscape is by veering away from the conventional ‘preventive, detective, reactive’ cyber security approach and we move the needle to a predictive and responsive mode of proactive cyber.”

We operate on an “assumed breach mode” acting as if we have been already breached. With this strategy, we are already

responding to and mitigating any attacks in our infrastructures. Moreover, the mindset of paranoia and vigilance is being inculcated in the culture of the entire organisation.

Digital transformation is the name of the game in business today, with organisations embarking on a journey of convergence and cloudification, each with their own strategy and approach. However, caution is required,

and Bernardino says organisations should never undermine or downplay security.

“Cyber security is the most critical and crucial component to ensure the success of any digital initiative,” he says.

“Most organisations right now are evolving in the three best practises and trends in the industry today. Number one is convergence, number two is cloudification, and number three is zero trust – and ePLDT is well positioned to provide our customers with expertise with the facilities and the technology.”

Many commentators believe that the role of the Chief Information Security Officer (CISO) has changed significantly since the onset of the pandemic. Long seen as a backroom function or someone the C-suite would only take notice of when there was an IT problem, the role

ALEXIS BERNARDINO CYBER SECURITY EVANGELIST /CUSTOMER FIELD CISO,

“Cybersecurity is the most critical and crucial component to ensure the success of any digital initiative”

has been rebooted for 2023. Now, cyber security (and that means cloud security) is right at the top of the agenda, and CISOs have a new voice within the organisation. Bernardino is quick to agree.

“The role of a CISO has evolved today from a purely operational focus to a business focus,” he says. “The business has demanded somebody with cyber security subject matter expertise and a strong operational background to be in front of the customer –evangelising cyber best practices. It's a very unique skill set and proposition, trying to balance the technical and business aspects of cyber security and how it impacts the bigger picture of digital transformation of any organisation.”

The malasakit difference

Being in front of customers day in, day out, ePLDT hears the actual needs and requirements that they have in the field and, as the leading and powerhouse data centre, multi-cloud and cyber security service provider in the Philippines, ePLDT is guiding its customers and clients as their trusted advisor and business ally.

Cloud can be a crowded and sometimes confusing environment for businesses taking their first steps, and that is why so many organisations in the Philippines turn to a local, trusted solution from one of the country’s most respected brands.

CEO Genuino agrees but thinks there is an extra X-factor that sets ePLDT apart – malasakit.

“When people ask what sets us apart compared to foreign consulting companies and systems integrators that we compete with here on a daily basis in the Philippines, I think it's a Filipino term called malasakit ,” says Genuino.

“It's hard to translate this into English, but it means extra attention and extra care for what the customer needs. It's a combination of care and empathy, and I think that's our advantage. We have been a strong partner of most of these enterprises through some tough times, and what we’re doing now is adding another layer –cementing the partnership.

“With the strength of the PLDT organisation behind us, the infrastructure that we've

ALEXIS BERNARDINO

TITLE: CYBER SECURITY

EVANGELIST/CUSTOMER FIELD CISO

COMPANY: ePLDT

INDUSTRY: IT & SERVICES

LOCATION: PHILIPPINES

“I actually started not in cybersecurity but rather in IP networking, so I'm an electronics and communications engineer by education, and I started my career as a field network engineer. But after a few years in the industry, I started thinking about what the next big thing would be to hit the tech market in the next three to five years, and I decided to shift to cybersecurity.

After that, doors were opened up to a lot of opportunities because cybersecurity skills are in very high demand here in the Philippines. That brought me to my current role as a

created and by hiring the right people to support our growth, I think customers should be able to look at us with a certain level of trust and confidence that we can deliver all of the digital requirements they're looking for.”

That’s one reason why ePLDT won Microsoft Country Partner of the Year Award in 2022, and testament to the hard work that has been put in to build the digital ecosystem, and validating the approach that ePLDT is taking. Awards like this are also important when it comes to attracting and retaining talent as it shows they can compete with the best-of-breed in the Philippines.

Genuino says his aim is for ePLDT to become not only the premier partner of Microsoft and Google, but also of Amazon and Salesforce and the rest of the cloud provider ecosystem.

“We have the capability, we have the infrastructure, and we have the customer relationships, given our 94-year legacy in the Philippines,” he concludes. “I think if you put all of these ingredients together, it makes a very strong position. Customers can look at ePLDT as a one-stop-shop for all their connectivity and cloud transformation requirements.”

“The $1,000,000 question really is, is your organisation ready to respond and recover?”

ALEXIS BERNARDINO CYBER SECURITY EVANGELIST /CUSTOMER FIELD CISO, ePLDT

REAL - TIME A L ERTS

GIVE THE SPEED TO TACKLE SECURITY THREATS

Most cybersecurity leaders say real-time alerting would have helped them with the most severe or disruptive events they have been forced to deal with

n an increasingly digital world, traditional security measures like firewalls and anti-malware software are no longer adequate to prevent sophisticated attacks from skilled cybercriminals. With new threats continuously on the horizon – The World Economic Forum’s latest Cybersecurity Outlook Report found that 43% of business leaders expect a cyber attack to impact their organisation within the next two years – businesses are facing constant security challenges. But threat reporting which is quick and accurate could help deal with the assault.

When it comes to detecting and mitigating threats, speed is crucial. Security programs must be able to detect threats quickly and efficiently so attackers don’t have enough time to root around in sensitive data. Real-time threat alerts are important for organisations to employ when it comes to cybersecurity because they help identify the actual times an incident occurs, the reporting time, and the resolution time accurately. By identifying these times, organisations can become more proactive with their response methods and deal with recurring problems efficiently.

Enabling automation a critical component

The US government’s cyber defence agency, CISA, recently recommended for the first time that companies embrace automated continuous testing to protect against longstanding online threats. The guidance urged businesses to up their defences by continually validating their security programme against known threat behaviours, rather than taking a more gradual approach.

A CISA spokesman said: “Enabling automation is a critical component of every organisation that wishes to address the speed and scale of modern cyber attack. Without orchestrated automated response, it is often not possible to respond to cyber-threat intelligence in a timeframe that enables network defence.”

JASON EDELBOIM

TITLE: PRESIDENT & COO

COMPANY: DATAMINR

LOCATION: NEW YORK

EXECUTIVE BIO

As President and Chief Operating Officer, Jason Edelboim oversees day-to-day operations at Dataminr and leads its go-to-market organisation,

most severe or disruptive events they have been forced to deal with, but more than half say they still don't have real-time alerting solutions in place, according to recently-published research.

However, this appears to be changing and real-time alerts will be significant focus areas in 2023 as the research also discovered these capabilities are seen by stakeholders as the most critical features to be added to risk management platforms.

The research was carried out by Forrester Consulting and commissioned by AI company Dataminr to evaluate the state of enterprise risk management (ERM) at midsize to large enterprises across industries in the North America, Europe,

“Now, more than ever, it is crucial for businesses to have a system in place to discover and manage major physical and cyber risk events”

JASON EDELBOIM PRESIDENT & COO, DATAMINR

Forrester Consulting's Total Economic Impact™ Study of Dataminr Pulse Reveals 5 Key Advantages

and APAC regions. Forrester surveyed 500 risk leaders to inform the commissioned study, titled Constant Disruption Is The New Status Quo, and found that organisations encounter significant organisational, strategic, and technological barriers when implementing an effective ERM strategy.

The study also found that nearly 70% of respondents said their organisations experienced at least two critical risk events in the past year, while over 40% experienced at least three, and nearly 20% suffered six or more incidents.

"Following the unprecedented events of the past three years, this research illustrates that now, more than ever, it is crucial for businesses to have a system in place to

discover and manage major physical and cyber risk events," says Jason Edelboim, President and COO of Dataminr. "These findings have been incredibly valuable to help demonstrate the utility of Dataminr's real-time alerts – ultimately giving clients an earlier line of sight into high-impact events and emerging risks that could impact their organisations."

Plans to increase investment in real-time alerts

The survey found that 70% of respondents believed that optimised, real-time alerting would have helped them significantly or totally reduce the harm of the most serious or disruptive events their organisation

faced last year. More than half (56%) of respondents indicated they don't have realtime alerting solutions in place today, but 62% plan to implement or expand their use of such tools, while 54% plan to increase investment over the next 12 months.

The research found that many risk leaders are taking too narrow a view of the systemic risks their organisations face. Business risk will become more, not less, complicated to manage in the future, and fewer than a third of risk leaders completely agree that risks to their business can come from anywhere. Additionally, the research found that risk strategies have significantly advanced over the past few years but still have a long way to go. Just 36% of respondents have a C-suite champion leading risk management today.

Cybersecurity and real-time alerting capabilities will also be major areas of focus going forward, according to Forrester. Respondents were most likely to cite cyber risk tools and real-time alerting capabilities as the most critical features their next risk management platform must include.

Finally, the report found that successful ERM implementations are driven by aligned leadership, vision and technology. Organisations with highly effective ERM strategies were 27% more likely to have a C-suite leader for ERM, compared to those from lower-maturity organisations. C-suite champions are empowered to work across organisational silos and coordinate with other business leaders.

The survey also found that only 8% of respondents reported that their current ERM strategies are effective or very practical across all five capabilities surveyed, including identifying, evaluating, monitoring, responding to, and communicating about, risk.

Early detection of cybersecurity events a constant challenge

The early detection of cybersecurity events such as attacks is challenging given the constantly evolving threat landscape. According to research published by the Institute of Electrical and Electronics Engineers, even with advanced monitoring, sophisticated attackers can spend more than 100 days in a system before being detected, while an IBM study found that, on average, it took companies close to seven months to detect a breach, and another two months to contain it.

Clearly, it is important for organisations to act. According to Deepwatch’s State of the Modern SOC 2022 research, 85% of security professionals say that they have experienced preventable business impacts as a result of insufficient response procedures, citing staffing issues and security alert

Securely Scaling Animal Care through Cloud

Elanco is a global leader in animal health dedicated to innovating and delivering products and services to prevent and treat disease in farm animals and pets, creating value for farmers, pet owners, veterinarians, stakeholders, and society.

Elanco products and services provide veterinarians, farmers, and pet owners in over 90 countries around the world with a complete approach to animal health. For more than 65 years, Elanco operated as a subsidiary of a US-based pharmaceutical company. In 2018, Elanco announced a corporate separation as part of an IPO.

This was a major event for Elanco, certainly the most significant event in their nearly 70-year history, which enabled them to rebuild the IT ecosystem from the ground up.

“Very rarely does an enterprise organisation get the opportunity to reboot and rebuild IT from the ground up,” says Matthew Bull, Chief Technology and Information Security Officer at Elanco.

“Over the last few years, Elanco IT has been working to unlock the value of modern architecture and technologies, which we believe will act as a differentiator, enabling us to deliver new innovative products and services to our customers around the world.”

After its split from Eli Lilly & Company, Elanco set its eyes on rebooting and rebuilding its entire IT ecosystem. Matthew Bull, CTO and CISO, tells us how

Scaling-up Elanco with automation

Bull says scaling at speed has been a critical part of the process.

“We recognised very early on that our ability to deliver at scale couldn't be accomplished if we were to follow traditional, manual processes. For this reason, we placed a heavy emphasis on automation.”

At Elanco, prioritising automation meant a shift in our focus towards a cloud native architecture following software-defined techniques.

“First, we defined our desired IT engagement model and developer experience. We then built a cloud-agnostic automation stack using technologies from companies such as HashiCorp and Red Hat.

“Cloud can only be cost-effective when the principles of a cloud-native architecture are embedded in everything you design, implement, and support”

MATTHEW BULL CTO AND CISO, ELANCO

“The objective was to deliver a programmatically defined IT ecosystem where services are provisioned, supported and secured as code. This paradigm unlocks speed to value, agility and flexibility when scaling and securing the IT ecosystem for internal and external users.

“We embraced the core principles and techniques of cloud across the value chain, covering research and development, manufacturing, and commercial,” he says.

“The intent was to deliver a standardised, highly repeatable experience facilitated through automation. This approach unlocks autonomy for our product and project teams, whilst enforcing proactive controls to ensure we meet our quality, privacy, security and compliance obligations.”

MATTHEW BULL

TITLE: CTO AND CISO

COMPANY: ELANCO

LOCATION: HOOK, UK

EXECUTIVE BIO

Matthew Bull is the Chief Technology Officer (CTO) and Chief Information Security Officer (CISO) at Elanco.

Educated at Bournemouth University (UK) and Stanford University Graduate School of Business (US).

Accountable for the IT Strategy, Strategic Investments, Architecture, Engineering and Cybersecurity.

Data-Driven Digital Engineering

We are a purpose-driven company that helps clients gain competitive advantage through innovative software solutions.

LED

Elanco’s approach to effective cloud utilisation

Bull reiterates that automation is the key to enabling Elanco to use the cloud effectively. He says if you are trying to operate workloads in the cloud - which by their very nature can be highly dynamic (ephemeral) - you need to have a mechanism that can keep pace, not reliant on traditional service requests.

This is especially true when looking to maximise the strengths of cloud, including continued innovation, cost optimisation and security.

“The automation layer gives us end-to-end visibility, as well as the ability to proactively and reactively manage our workloads, covering spend and our security posture.”

Cloud automation, Bull says, also enables dynamic scaling (up and down).

“Seen from the other side of the coin, if we were attempting to do this manually, not only would we need a lot of human capacity, but realistically we wouldn't have the speed and agility that is being demanded by our business and customers.”

“We recognised very early on that our ability to deliver at scale couldn't be accomplished if we were to follow traditional, manual processes”

MATTHEW BULL CTO AND CISO, ELANCO

Elanco: Securely Scaling Animal Care through Cloud

“We’re keepers of our own destiny”

Cloud is not a destination

Bull points out that the cloud is very different from how Elanco had been operating historically, which predominantly oriented around on-premises-based capabilities.

He says: “When operating on-premises, you are generally managing the end-to-end technology stack. The cloud is very different, including the financial model associated with it.

“I think one of the traps with cloud is to consider it a destination. Instead, it must be

positioned as a shift in philosophy regarding how work gets done, with a focus on the business processes.”

“Cloud can only be cost-effective when the principles of a cloud-native architecture are embedded in everything you design, implement, and support. If you fail to adjust, you are likely to experience spiralling costs, which will quickly erode the wider value proposition and any anticipated return on investment.”

Bull points out that it's a continuous activity embedded with their product and project

teams to ensure they’re managing their cloud workloads effectively - and scaling them appropriately to take advantage of cost-control mechanisms.

“Due to its complex nature, this is an area that requires a lot of focus and pre-planning.

Elanco’s most significant event in their nearly 70-year

history

which enabled them to rebuild the IT ecosystem from the ground up

“Wherever possible, we have built these foundational processes and standards into our automation because ultimately that's the best (maybe only) way to drive adherence at scale.”

From challenges to opportunities Bull says that for him, the most exciting aspect of this transformation is the

opportunity it presents to deliver new value to customers through digital and data business models.

“Initially, as part of the corporate separation, the goal was simply to get to a position where Elanco could operate effectively and securely as a standalone organisation whilst continuing to meet our customers’ expectations.

“Things are not perfect, with processes that must continue to mature, but I feel we achieved the desired outcome and we're very proud of the achievement. The are I get most excited about is the next wave of innovation that these capabilities can now unlock.

“I absolutely think the modern foundations we have established are a market differentiator that presents us with an ability to go after emerging digital and data business models.

“We are now able to move with speed, bringing new capabilities to our customers. It all comes back to the customer and the innovation we can unlock.”

Elanco’s partner ecosystem

Elanco, like many large enterprises, has a broad partner ecosystem.

“Our goal is to try to find partners with complimentary purpose and values,” Bull says. “There are some I would call out that have really helped us on this journey.”

WinWire’s Cloud-expertise

“First and foremost, I would recognise WinWire, an organisation that brings a wealth of application and data expertise

“The next exciting phase for Elanco is to unlock innovation for our customers around the world”

MATTHEW BULL CTO AND CISO, ELANCO

to the table. The sheer scale of the work over the past few years is beyond anything I have experienced in my career. There was a huge amount we needed to learn, and frankly, it would've been unrealistic for our teams to succeed within the aggressively defined timelines.

“We brought in WinWire, and they came with the cloud, application and data expertise we needed.

“The uniqueness of that relationship was WinWire engaged as a partner, focused on the Elanco business outcome, which goes above and beyond a traditional clientvendor relationship.

“WinWire's team operated on the ground, as an embedded part of our product and

project teams. They brought specific expertise, right-sized for the job - expertise that Elanco simply didn't have access to at the time.

“They also brought horsepower and an ability to scale up where needed, to drive towards our outcomes and deadlines.”

He says the other piece WinWire brought was helping Elanco implement and buildout the automation stack.

“A big part of our automation stack was the creation of predefined patterns that align with the workloads that we most commonly use across Elanco,” he says. “WinWire completed an application and data dependency exercise to ensure the goal was clearly defined. They then supported the design and delivery of the patterns, treating them as products of their own. Our product and project teams use these patterns as the consistent starting point for all digital/data workloads.”

HashiCorp Terraform

Another of Elanco’s key partners was HashiCorp, who, Bull says, brought a host of forward-looking, open-source technologies to the table.

“We have positioned HashiCorp Terraform as our infrastructure-as-code software tool, standardising how we design and deliver solutions,” Bull says.

“The advantage of Terraform is that it directly enables our Hybrid Multi-Cloud strategy.

“We believe the future is Hybrid MultiCloud, providing a flexible foundation to meet our regulatory and compliance requirements alongside our innovation expectations.

“The challenge, of course, is how do you support and scale Hybrid Multi-Cloud effectively?

“I see tremendous opportunity in our future with a focus on digital and data capabilities”

“That is where Terraform and the associated HashiCorp technologies, which are predominantly cloud-agnostic, have made a big difference.

“Terraform enables us to programmatically define a set of controls built from our policies, directives and standards. These controls can then be provisioned across different hosting environments as needed.”

“Additionally, we're managing a single codebase for each of the automation patterns.

“It brings the ability to support at scale and the obvious benefit of cost optimisation by only building things once and having a consistent skillset.”

“Last but not least,” says Bull, “by ensuring key quality, privacy and security controls are programmatically defined and proactively enforced, Elanco can easily verify the architecture meets all compliance obligations.”

Future opportunity

A standalone Elanco ensures “we are keepers of our own destiny,” says Bull. “The next exciting phase for Elanco is to unlock innovation for our customers around the world.”

“I see tremendous opportunity in our future with a focus on digital and data business models.

“Whether we're looking across pet or farm - both with a unique set of challenges, I think these markets are primed for a digital revolution.

“I'm incredibly excited about Elanco's leadership role within this transformation, and I believe the foundations we've established will act as a competitive advantage for years to come.”

WOMEN IN

WOMEN IN CYBER

Inspiring leaders for companies including Darktrace, Unilever, Oracle, Microsoft, Amazon, Verizon, Secureworks, Code42, Accenture, and Meta Defence Labs

he technology industry is making slow but steady progress in shrinking its gender gap: in 2022, it was reported that the overall workforce had a 6.9% increase in female representation in large companies from 2019 and 19.5% increase in leadership roles. Despite this being incredible growth, it only surmounts to 25.3% of leadership roles being held by women.

Many large tech companies now release annual diversity reports outlining their strategies and performance, which aim to support the diversity growth; a 2020 study by Lenovo and Intel revealed that a majority of professionals across five countries regard a company’s DEI policies and performance as important considerations in their decisions about jobs to pursue and accept.

The women listed below make up that quarter of leadership positions held by women. They are titans in business paving the way for other women, making space at the table for new faces, new ideas, and new growth, often leading to their companies being pioneers in sustainability, technological innovation, and employee development.

is a trusted leader in Cyber. She is currently an NCSC Certified Cyber Advisor, Managing Director, and Co-Founder of Meta Defence Labs Ltd, CE & IASME pool assessor for IASME Consortium and Expert Practitioner for The HiveMind Network. In 2018, she founded She CISO Exec, the sustainable global training and mentoring platform specialising in information security and leadership.

Leader of Security Research and Development Accenture

Lisa O’Connor, who began her career at the National Security Agency, is now the Managing Director of Dublin-based technology giant Accenture, a role she has held for a decade, where she leads Global Security Research and Development at Accenture Labs. She is a Certified Information Systems Security Professional (CISSP) by ISC2; an INFOSEC Analyst; a Cryptologic Engineer, recognised by the NSA; and is a member of the Financial

Data Corporation and Director of Finance at Bell South. Thomas gained her BA in Economics from the University of Virginia and her MBA in Finance from Darla Moore School of Business.

The Cyber Challenge: Innovating Our Way Out | Poppy Gustafsson | TEDxWarwick

2013 and has recently been awarded accolades including Time Magazine's 100 Most Influential Companies in 2021, Fast Company's top 10 most innovative AI companies for 2022, and the AI & Machine Learning Award at the 2022 Go:Tech Awards

Gustafsson was named CEO of the Year at the 2021 Digital Masters Awards and Tech CEO

awarded an honorary degree in Doctor of Science in recognition of “outstanding achievements in the field of Cyber Security”

BOOHOO GROUP

A N D THE COST O F

CY BERSEC I NFRASTRUCTURE

CURI T Y NFRASTRUCTURE

IN

SECURITY EXCELLENCE WITH MANAGING CORPORATE BUDGETS

Founded in the heart of Manchester’s historic textile district in 2006, today Boohoo Group PLC is home to a portfolio of innovative fashion brands targeting style and qualityconscious consumers with up-to-date and inspirational fashion. What started as one brand has grown extensively in the UK and internationally, and today represents a platform of multiple brands servicing customers globally, generating sales in excess of £1bn.

With a total of 13 brands under one group, Boohoo sells its clothing and accessory lines to a wide range of demographics from 18 years old and upwards. “One of the great things about the brand is that it really does cover a lot of ages and a lot of demographics,” explains Dorian Skeete, the group’s Head of Information Security. “Ultimately, we have the ambition to become the number one retail and e-commerce brand in the world.”

A POST-PANDEMIC WORLD, BOOHOO GROUP’S HEAD OF INFORMATION SECURITY, DORIAN SKEETE BALANCES

£1.983bn Group revenue reported in 2022 +14% Increase in revenue from 2021 from £1.745 bn +61% Increase in revenue from 2020 from £1.235 bn

Creating Boohoo Group’s security strategy

Having spent 14 years in roles at the UK government, before consultancy roles including a year at IBM, Skeete has a wide range of experience in the information security field.

Joining Boohoo in June 2022, one of Skeete’s first actions was to create the group’s security strategy, ensuring the delivery of all cybersecurity processes, training programmes, maintenance and growth activities continue to take place at the highest standard.

“One big buzzword for our security strategy at the moment is consolidation,” he explains. “We have quite a complex environment and a number of tech stacks that need protecting in different ways.

“When it came to creating our security strategy, we needed to look at consolidating how we do that, not just in terms of the tooling and technology that we use and the vendors that come with that, but also streamlining our policies and processes and resources to do that across the wider group.”

But as Skeete explains, with 13 brands to think about, achieving this was no easy task. “It wasn’t easy, but it certainly was something that needed to be done,” he comments.

“Don't get me wrong, we're not starting from the bottom, but we certainly do have a journey to navigate in terms of where we are now and where our future state needs to be.”

“ONE BIG BUZZWORD FOR OU R SECURITY STRATEGY AT TH E MOMENT IS CONSOLIDATION ”

The focus on the bottom line

With the focus on the bottom line at the front and centre of every CISO’s mind, especially in a post-pandemic world, continuing to deliver high-quality security programmes while managing a corporate budget is a constant challenge. As Skeete explains, efficiency is key.

“We're all aware of the economic downturn at the moment, the climate that all industries are living in and that brings its own challenges at Boohoo,” he describes. “We don't have a lot of fat to work with, so you have to make sure the resources, the tooling that you are using is used to its utmost, that you're squeezing as much as possible out of all of it.

DORIAN SKEETE

TITLE: HEAD OF INFORMATION SECURITY

COMPANY: BOOHOO GROUP PLC

INDUSTRY: CYBERSECURITY

LOCATION: LONDON, UK

Dorian Skeete is Head of Information Security at Boohoo Group PLC, where he is responsible for Information Security, Data Protection and Privacy across their 13 brands, including household names like Pretty Little Thing, BoohooMAN and Karen Millen. Day to day, Dorian looks after a team of 12, while delivering on a multi-year cybersecurity strategy including advisory for the Boohoo Risk Committee and Board, increasing Information Security capability and professional development of his staff. Prior to Boohoo, Dorian was the IT Security Lead at Advantage Smollan and an Associate Director at Crossword Cybersecurity, while spending his formative years as an RF and Cyber Engineer for the Ministry of Defence.

EXECUTIVE BIO

“One of the ways we do that,” Skeete adds, “is by making sure that our staff are as trained on the tools and the platforms as possible and that we're wasting as little time and effort as possible.”

When it came to creating Boohoo Group’s security strategy, keeping the security team aligned with the business as a whole was key.

“I made sure that the strategy is directly aligned to business objectives,” Skeete explains. “We need to be enabling the business to achieve what it wants to achieve. I know that security has quite a bad rap sometimes of being the department or the capability that always says no, and I want to change that viewpoint, certainly in Boohoo.

“It's not about saying no, but about asking how we can work safely. It's all about teaching that mantra to the staff, who are our key stakeholders around the business, and bringing them on the journey. We have two very good governance structures that we've set up that have representation from the likes of HR and legal to the wider technology group to make sure that we're bringing them on the journey with us.

“It's not about us dictating to them what we think is the best thing to do, but we want it to have a more collaborative approach that we can help guide and transform the business alongside us.”

As Skeete describes, when it comes to the continued delivery of Boohoo’s security programmes, it is crucial to keep the group’s core values in mind.

“A lot of our focus has to be on business as usual, keeping the lights on, making sure revenue's coming in and making sure security is underpinning those core business objectives in terms of making as much money as possible,” Skeete comments.

“But also alongside that is the project work, some of the work streams in the strategy that needs to run in parallel to make sure that we're meeting the goals of continuous improvement as well.

“Doing all of this at scale is certainly not easy,” he explains.

“I've got a diverse, amazing team, multi-skilled in different pillars of information security, but despite that, we do lean on some of the great relationships we have with vendors and suppliers.”

“WE'RE ALL AWARE OF THE ECONOMIC DOWNTURN AT THE MOMENT, THE CLIMATE THAT ALL INDUSTRIES ARE LIVING IN AND THAT BRINGS ITS OWN CHALLENGES AT BOOHOO ”

Partnerships ensuring ongoing success

As Skeete explains, working as a multi-discipline team means it is important for Boohoo Group to work with a range of partners and vendors to ensure continued success.

“Some of our partnerships are relatively new, like in the case of our partnership with SenseOn, but with others we've built up a partnership over a number of years,” he describes. Working collaboratively, in a true partnership, is crucial for Boohoo, ensuring that both sides are singing from the same hymn sheet.

“We don't want this to be just a vendor and customer relationship,” Skeete says. “It really is a partnership and we bring them on the journey with us. Our partners are acutely aware of our strategy, what we're trying to achieve and what their role in achieving that is. This means we're all aligned, and that we're all singing from the same hymn sheet essentially.

“IT'S ALL ABOU T TEACHING THA T MANTRA TO TH E STAFF, WHO AR E OUR KE Y

STAKEHOLDER S AROUND TH E BUSINESS , AN D BRINGING THE M ON THE JOURNE Y ”

DORIAN SKEETE HEAD OF INFORMATION SECURITY, BOOHOO GROUP

“Because we consume lots of different services, that's especially important for us. So for instance, we have a 24/7 security operations centre (SOC) alongside SenseOn. Because of the functions of a SOC, we need to be plugged in and it needs to be a bilateral relationship. We really do push the partnership angle as opposed to just a vendor that we've bought something off of.”

As Skeete explains, Boohoo’s partnerships are vital to the group’s ongoing success.

“To be honest, it would be difficult for the security function to function without them,” he says. “It was something that I was aware of as soon as I joined that partnerships with our external providers are extremely important to the security ecosystem at Boohoo.

“I think one of the other advantages of having that external help and expertise is that not only can we lean on it, but we can use it to help upskill our internal staff so that they can grow in their career and personal development as well. There's lots of great expertise that we have with those partners and they're teaching us things every day. So that's great for my staff.”

Delivery of security strategy

For Skeete and Boohoo Group, the number one priority for the near future is ensuring the business gets through the current economic challenges unscathed, while remaining secure at the same time

“We will also be focused on the delivery of the strategy, the really important work streams that we've got in flight at the moment in terms of implementing some new tooling, gaining consolidation and efficiencies,” Skeete adds. “Looking internally, we will be looking at what processes we can improve. Building up our own information security framework, our own information security risk framework,

feeding that into the new governance levels that we've created and just generally making a much more cybermature organisation.”

Trends such as zero trust are also on the radar for the future, as organisations increasingly face more frequent and sophisticated attacks.

“You can't travel too far without hearing buzzwords like zero trust and that's something that's on our radar too,” Skeete explains. “It seems like every day there is another company that has been hit, either with ransomware or some kind of double-dip data breach. So I see that trend continuing.

Complex security stacks are a thing of the past

Gain efficiency with SenseOn, a new way to consolidate your cyber defence system:

• Deploy a complete cloud native security stack in minutes

• Hyperautomate the investigative process

• Make painful SIEM deployments & spiralling costs a thing of the past

“Ransomware won't just be about encrypting the data that you have,” he adds. “It'll be about extorting companies not only to unencrypt that data, but to stop it from being transmitted and sold to the wider world as well. So I see that being a big thing.”

With generative AI-related threats creating new challenges for security teams, businesses will need to work proactively in future and keep these threats on their radar.

“ChatGPT is a huge buzzword at the moment,” Skeete concludes. “There were initially stories about using it to write malware and so on. I think not just from ChatGPT, but other open source machine learning capabilities, that's got to be

something that's on everyone's radar at the moment and thinking about what we can do to combat that. Malware is such a scalable threat as it is and with AI machine learning, they're only going to add to that.”