EC-MEA December 2021 by GEC Media Group

Vulnerability around Log4j

Channel Partners Conclave and Awards

PA G E S 8 8 VOLUME O9 | ISSUE 03 DECEMBER 2021 W W W. E C - M E A . C O M

The World

CIO 200

Roadshow Organised by Global CIO Forum, over 200 global CIOs congregated on 5,6 December at Ajman, UAE.

Power and protect life online. akamai.com/lifeonline

MEA

D E C E M B E R 2 0 21

MANAGING DIRECTOR TUSHAR SAHOO TUSHAR@GECMEDIAGROUP.COM

End of the year maelstrom

EDITOR ARUN SHANKAR ARUN@GECMEDIAGROUP.COM CEO RONAK SAMANTARAY RONAK@GECMEDIAGROUP.COM

ARUN SHANKAR, EDITOR A R U N @ G E C M E D I A G R O U P. C O M

The middle of this month was shaken by the announcement from US based Cybersecurity and Infrastructure Security Agency, about a vulnerability in an open-source library used to register login credentials. Used extensively across most Internet facing web sites, the Log4j Remote Code Execution Vulnerability bears distant similarities to the year 2000 reset button, that emerged in the late nineties, in terms of doomsday labelling. The Y2K bug was everywhere in the nineties, threatening to bring down nations and critical infrastructure, but it lay buried deep within routines and sub routines. With years to do the Y2K corrections, the end of the world never happened at the start of this millennium. Says Tenable’s Amit Yoran, the Log4j Remote Code Execution Vulnerability is the single biggest, most critical vulnerability of the last decade. When all of the research is done, we may in fact learn that it is the single biggest vulnerability in the history of modern computing. This kind of vulnerability is a reminder that organisations must develop mature cybersecurity programmes to understand cyber risk in a dynamic world. Global and regional CIOs and CISOs, are now hard at work remediating and patching this library. We hope they are ahead of threat actors and are able to mitigate and neutralize the impact. Turn to our Special Report on the various actions recommended by top industry executives. The last quarter of the year has been a bull run for the economies of the GCC region. The benefits of months of large-scale vaccinations and strict enforcement of healthcare protocol allowed the countries of GCC to follow, a more or less uniform approach towards normalization and recovery of business and social operations, from October onwards. GEC Media Group successfully completed its ambitious and in-person, The World CIO 200 Roadshow finale and its inaugural Channel Partner Conclave and Awards. Turn these pages to see our event photo features and you can also browse our albums on Flickr. As channel partners revamp their skills and sales models to take advantage of the demand for digital transformation and understand how to align with cloud platforms, we look at how one channel partner is negotiating the headwinds. Says Michael Halas at MAGNOOS, post pandemic, we have been noticing an even bigger wave towards AI, automation, big data, analytics. Halas points out that, competitive advantage comes by understanding the biggest asset, which is data and by taking advantage of the benefits of applying automation. Every time MAGNOOS engages in a project, the requirement gathering, and analysis phase takes the longest time of the project. The best practice in these areas, is to allow consultants to guide end users by embracing the step-by-step approach. What a year it has been, and in some ways even more meteoric and heroic than 2020, as humankind struggled to put its life in shape. From everyone here in GEC Media Group, thank you for your support and best wishes and good luck for 2022. ë

GLOBAL HEAD, CONTENT AND STRATEGIC ALLIANCES ANUSHREE DIXIT ANUSHREE@GECMEDIAGROUP.COM GROUP SALES HEAD RICHA S RICHA@GECMEDIAGROUP.COM EVENTS EXECUTIVE GURLEEN ROOPRAI GURLEEN@GECMDIAGROUP.COM JENNEFER LORRAINE MENDOZA JENNEFER@GECMDIAGROUP.COM SALES AND ADVERTISING RONAK SAMANTARAY RONAK@GECMEDIAGROUP.COM PH: + 971 555 120 490 PRODUCTION, CIRCULATION, SUBSCRIPTIONS INFO@GECMEDIAGROUP.COM DESIGNER AJAY ARYA ASSISTANT DESIGNER RAHUL ARYA DESIGNED BY

SUBSCRIPTIONS INFO@GECMEDIAGROUP.COM SOCIAL MARKETING & DIGITAL COMMUNICATION YASOBANT MISHRA YASOBANT@GECMEDIAGROUP.COM PRINTED BY Al Ghurair Printing & Publishing LLC. Masafi Compound, Satwa, P.O.Box: 5613, Dubai, UAE # 203 , 2nd Floor G2 Circular Building , Dubai Production City (IMPZ) Phone : +971 4 564 8684 31 FOXTAIL LAN, MONMOUTH JUNCTION, NJ - 08852 UNITED STATES OF AMERICA PHONE NO: + 1 732 794 5918 A PUBLICATION LICENSED BY International Media Production Zone, Dubai, UAE @copyright 2013 Accent Infomedia. All rights reserved. while the publishers have made every effort to ensure the accuracyof all information in this magazine, they will not be held responsible for any errors therein.

Explore the unseen on Flickr

https://www.flickr.com/photos/193973040@N03/albums

MEA

D E C E M B E R 2 0 21

CONTENTS DECEMBER 2021

VOLUME 09

ISSUE 03

18-25

42-65

EVENTS

COVER STORY

GEC Media Group completes inaugural Channel Partners Conclave and Awards with keynotes, expert panels

36-40

SPECIAL REPORT

Industry offers guidance on vulnerabilities around Log4j library

66-68

CHANNEL STREET

200+ CIOS AND IT EXECUTIVES ATTEND GLOBAL CIO FORUM’S WORLD CIO SUMMIT IN AJMAN

Michael Halas: Post pandemic, we have been noticing an even bigger wave towards AI, automation, big data, analytics

INNOVATION

EDITOR’S PAGE

27-30

CHANNEL

Nadia Zamouri: Diversity can help to reduce skills shortages

72-74

REAL LIFE 70-71

INNOVATION

13-17

EVENTS

31-35

SECURITY

Rahul Bhageeradhan: Delivering the power of applications to business

75-78

PRODUCTS

IGOAI 79-81

ANALYST CORNER

82-83

GUEST COLUMN

Unified national framework to be followed by every enterprise

84-85 07 VIEWPOINT Managing risks and performance at the Edge

09 VIEWPOINT Conversational automation and call centres

11 VIEWPOINT Industrial channel partners can generate value in manufacturing

GUEST COLUMN

Processing video analytics at the network’s edge

EXECUTIVE MOVEMENTS

D E C E M B E R 2 0 21

MEA

VIEWPOINT

MANAGING RISKS AND PERFORMANCE AT THE EDGE Two things matter, the systems you run at the edge, and the network that connects them together, and to your core systems.

espite being a relatively new technology term, edge computing has already established itself. It has not taken long for businesses to understand the benefits of locating their compute services right where applications are running. Speed is the obvious one. Software works faster and so can do more when it does not have to reach back to a datacentre located hundreds, even thousands, of miles away. But not everyone is an advocate. For years, businesses have been taught that IT security is about centralising operations. Anything at the edge feels intuitively risky. More devices mean a larger attack surface; and though each may be mini environments, none are isolated. At some point they will need to send data and information back to their datacentres, and vice-versa. That means nodes and connections, and that creates openings to exploit. So how do businesses reconcile these risks of edge computing with the irrefutable benefits? The answer is to approach security as part of a holistic edge strategy, and not in opposition to it. In other words, bake security into your architecture from the start, and the edge is merely an extension of your environment, as secure and resilient as the centre. Security that enables, rather than compromises. Two things matter—the systems you run at the edge; and the network that connects them together, and to your core systems. Consistency is key to both. Standard security protocols and processes make everything easier to manage, and so safer. But the best edge devices tend to be built with a very specific task in mind, and so often come from multiple vendors. Deploying them is eclecticism by design, the opposite of standardisation. Step forward the hybrid cloud, to serve as the common platform on which to build your edge stack as an extension of your core infrastructure. It is here where security standards are set; OS security, ID and access controls, vulnerability management and data encryption, to name a few. And all consistent with the container and Kubernetes toolkits employed to maintain innovation at the edge. Next comes securing the network. Increasingly businesses are using third-party SD-WAN technology to manage their expanding networks. They should offload their network security to these Managed Security Service Provider, MSSP experts, who are building increasingly sophisti-

LUCY KERNER, Director, Security Global Strategy and Evangelism, Red Hat.

SASE tackles edge security at scale by integrating SD-WAN and security into a cloud service

cated SASE, Secure Access Service Edge solutions. SASE tackles edge security at scale by integrating SD-WAN and security into a cloud service, in partnership with various security vendors. It debunks the misconception that edge computing means relinquishing central control, instead allowing security teams to look across their entire network from a single pane of glass. From this central console every aspect of security policy, threat prevention and attack remediation can be defined, monitored and executed. Consistency is coupled with automation to enhance a posture further. It transforms edge security from a dislocated, perimeter activity to a core tenet of a strategy. Businesses should see these two aspects—the secure hybrid cloud and the secure network—as parallel priorit ë

D E C E M B E R 2 0 21

MEA

AUTHORIZED VALUE ADDED DISTRIBUTOR FOR

StorIT Distribution fzco P.O.Box 17417, Clover Bay Tower, Business Bay & Jafza 15, Jebel Ali Freezone, Dubai, United Arab Emirates Tel: +971.4.8819690 | 21 Fax: +971.4.887.1637 | Email: info@storit.ae | www.storit.ae D E C E M B E R 20 MEA

VIEWPOINT

CONVERSATIONAL AUTOMATION AND CALL CENTRES Conversational automation uses conversational AI, RPA, and workflow automation to bridge humans and machines, and back office and front office operations.

ustomer experience, CX as we know it has changed forever. As a result of the pandemic, companies have had to prioritise their employees’ well-being by seeking out new ways to work, in addition to meeting their customers’ evolving needs. This has unsurprisingly led to a growing interest in digital CX solutions and their accelerated adoption rate. Although there is a growing number of innovative digital CX solutions in the market, there are several common key elements upon which a company’s success hinges. One of them is automation, which applies as much to contact centre transformation as it does to supporting, even enhancing, business operations and transactions. This is where conversational automation can help, taking on the more complex processes to highlight the human factor. Conversational automation uses conversational AI, RPA, and workflow automation to bridge humans and machines, and back office and front office operations throughout the customer conversation and across digital and voice channels. While there has been an increasing number of companies recognising the importance of automation for the delivery of superior CX, most have barely scratched the surface in terms of making their contact centres ready for the future. They continue to rely on a traditional, solely human-centric delivery model, having only piloted a handful of automation solutions in silos. By sticking to this model, they potentially hinder progress and performance, while putting their workforce, particularly their contact centre agents, in a vulnerable position. That said, there are many other reasons as to why companies do not adopt digital CX solutions like conversational automation in their contact centres. These companies run into multiple challenges that inhibit their transformation efforts, such as: l Lack of insight into the potential of a unified intelligent conversation automation architecture l Legacy systems and processes that are difficult to overhaul due to the absence of a change mindset or culture l Lack of resources and skillsets to deploy the new technology Although these are legitimate concerns, the risks of sticking to a human-centric delivery model are substantial. By leveraging in contact

RAVI SARAOGI, Co-founder and President, Uniphore APAC.

Most continue to rely on a traditional, human-centric delivery models

centres, companies can significantly improve how they perform on key operational metrics, such as average handle time, total resolution time, accuracy and first call resolution. It can also supercharge CX by driving quicker resolutions, improving the way companies connect with their customers radically. To create a conversationally intelligent contact centre, companies need to plan for the seamless implementation and execution of underlying digital capabilities. Issues such as integrability with current systems and data security will need to be considered. Organisational readiness looks at a company’s execution strategy across the board, covering everything from stakeholder buy-in to internal awareness and availability of talent to thrive in a new environment. An openness to evolve, as an individual and as a unit, is also crucial for companies to truly embrace transformation on all levels. At the end of the day, contact centres of the future will continue to be driven by a close collaboration between humans and machines. With conversational automation set to play a pivotal role in companies of the future, those that want to stay ahead of the curve will not only have to be prepared in today’s new normal, but also and most importantly, take appropriate action. ë

D E C E M B E R 2 0 21

MEA

Faster, Denser, and More Scalable Than Ever Help your customers discover a better way to scale their enterprises and safeguard critical data with Seagate Systems—now available at an exceptional price. Our innovative and easily integrated platforms create a seamless enterprise storage experience. With maximum capacity and unparalleled performance, this is data done right.

Why Choose Seagate Systems? margins high, we’re offering 30% off the manufacturer’s suggested retail pricing (MSRP) for all our value-added resellers (VAR). Between competitive pricing, high-capacity drives, and end-to-end system integration, Seagate Systems offer best-in-class value for you and your customers.

3005 Controller — Entry 100K IOPS

600K IOPS 1ms latency

3.5GB/s sequential read throughput

7GB/s sequential read throughput

3.5GB/s sequential write throughput

5.5GB/s sequential write throughput

16GB cache per system

32GB cache per system

4 ports per system: iSCI (1Gb/10Gb), Fibre Channel

8 ports per system: SAS, iSCI (1Gb/10Gb), Fiber Channel

HDDs

HDDs and SSDs

Questions? Reach out to your account team.

5005 Controller — High

MEA

D E C E M B E R 2 0 21

Bibin George Sales Representative MENA (Enterprise and Systems), Seagate Technology bibin.jacob@seagate.com +971-50-6818529

Arnab Majumder Product Line Sales Manager, – Enterprise Storage, ASBIS Middle East FZE arnab.majumder@asbisme.ae +971-58-5611076

,–

VIEWPOINT

INDUSTRIAL CHANNEL PARTNERS CAN GENERATE VALUE IN MANUFACTURING Industrial channel partners providing transformation for manufacturing enterprises must be able to provide a full range of operational and value-add services.

istributed control systems have come a long way from their beginnings in the 1960s. But many of today’s legacy systems, which exist in plants all over the world, are yet to take advantage of digital platforms such as the cloud to leverage data and generate predictive business insights. What’s more, the manufacturing worker model has reached an inflection point. Those workers who have spent decades with manufacturing equipment, control, and process systems will be reaching retirement stage and are being replaced by younger, less experienced but more digitally savvy workers. Industrial software vendors working in manufacturing process automation are now using this turning point in the market to bring in the next generation of digital platforms to automate processes, improve operational efficiency, and generate business insights. Many of the legacy manufacturing production systems still in use, contain traditional HMI-SCADA interface systems, that rely on deep process understanding. These are not likely to be suitable for the incoming generation of digital savvy workers. As HMI-SCADA systems have evolved, leading vendors are focused on user-experience and now provide centralised visualisation and situational awareness to operators in a manufacturing environment. The HMI helps the manufacturing shop floor operator understand plant operations in real time, increasing their visibility into what is happening around them, and aids decisions to adjust the working of any machines and processes. These HMI dashboards that are more intuitive, have user friendly interfaces, rely on digital data transparency, provide business insights for decision making, will be more intuitive to use for incoming generation of digital savvy workers. The way digital transformation works in a manufacturing plant is to capture industrial data through HMI-SCADA systems, integrate it further with data attributes from other systems to add context, add to the data platform or historian, and then use analytics for predictive business insights and forecasting. Such solutions create a democratisation of tools throughout the manufacturing plant, improvement in operational performance, reduction of operational costs, transformation of mindset amongst employees, and a

KERRY GRIMES, Head of Global Partners, AVEVA.

Workers who have spent decades with equipment, control, and process systems are reaching retirement stage culture of continuous improvement. Another driver that is boosting the movement of industrial enterprises towards digital solutions is the Software as a Service subscription-based licensing model. The transition from perpetual licensing to subscription has lowered the barriers for adoption of digital solutions, in the form of much lower first-year costs and expenses being funded as operating costs rather than capital expenditures. Industrial channel partners providing digital transformation solutions for manufacturing enterprises must be able to provide a full range of operational and value-add services. Typical services provided by the industrial software channel partner include design consulting, integration with hardware, automation, security, and support services. However, for the enterprise end user the ability of the channel partner to build a software layer that integrates all the data, and converts their data into business insights, specific to their business, is also a critical and important differentiator. Manufacturing enterprises will always have their unique data requirements, and the ability of the industrial channel partner to build this customised software service layer, will determine their position in the vendor-partner-customer value chain. ë

D E C E M B E R 2 0 21

MEA

D E C E M B E R 2 0 21

EVENTS

Darwinbox and Global CIO Forum organised a virtual summit titled: Accelerating business outcomes with talent management on 13th December 2021.

Darwinbox holds virtual summit on digital solutions for talent management Global CIO Forum in association with Darwinbox organised a virtual summit on Accelerating business outcomes with Talent Management on 13th December 2021. The virtual summit focused on how the world of work is recovering and learning to adapt. Every sector of business has been heavily impacted with the new normal and human resource technology is no exception. Although work does seem haywire as of now, in hindsight, the pandemic did accelerate the digital transformation processes with respect to meeting talent management needs. Now, for organisations to speed up the path to growth after all the disruption that came along, it is obvious that leaders will need to re-imagine the workplace and prioritise human resource technology to manage their hybrid workforce, ensure collaboration, build a strong culture, and enable positive employee experiences. The event was joined by Ashok Kapoor, Managing Director, Organisation Pivot; Vijayshankar Ananthanarayanan, Vice President and Global Head, Transformation at Darwinbox; and Prathyusha Raviprolu, Senior HCM Solutions Consultant at Darwinbox. Speaking at the event, Ashok Kapoor, Managing Director, Organisation Pivot talked about the new normal and entire change in the work culture and said, “When we look back on what is going on today. The

human resource landscape is certainly undergone a drastic shape, next generation technologies that helps facilities work in remote mode have gone to being something often experiment prepandemic to becoming essential for survival. These technologies and disruptive digital innovation have been coming across in my view may have a long-lasting impact beyond the pandemic.” Vijayshankar Ananthanarayanan, Vice President and Global Head, Transformation at Darwinbox talked about the latest trends and said, “Now, the legacy system were not able to match the need for speed and the need for the new age feature set that the pandemic sudden through up in terms of remote working and everything that came with so as we reflected on the way the pandemic has played out and we tried to do some trend spotting for the future.” Prathyusha Raviprolu, Senior HCM Solutions Consultant at Darwinbox completed a detailed walk-through of the main features of Darwinbox’s talent management solution. The event was concluded with a question-and-answer session moderated by Arun Shankar, Editor, GEC Media Group with speakers including Ashok Kapoor, Vijayshankar Ananthanarayanan, and Prathyusha Raviprolu.

D E C E M B E R 2 0 21

MEA

EVENTS

GCC Council, IGOAI organised an in-person event on court and law affairs on 26 November.

GCC COUNCIL, IGOAI ORGANISE EVENT ON

AI IN NATIONAL COURTS AND LAW

GCC Council, International Group of Artificial Intelligence – IGOAI in association with Global CIO Forum organised an in-person event on International Conference on Artificial Intelligence in Court and Law Affairs on 26th November 2021. The conference focused on the use of artificial intelligence in court and law affairs which is becoming a talk in the town. Artificial intelligence belongs to technology that emulates human tasks, often using machine learning as the process to learn from data how to compete with these tasks. The hybrid event was joined by leading leaders including Dr Jassim Haji, President, IGOAI Community; Dr Idoia Salazar, Co-founder and President, OdiseIA; Dr Lorenzo Cotino Hueso, Professor of Constitutional Law at the University of Valencia; Badr Boussabat, President of Artificial Intelligence TOGETHER, Artificial intelligence Expert; Gael BOVEN, Attorney and co-founder, Art Can Die and international forum 4Blockchainers; Jorge Sebastiao, Co-Founder Global Blockchain Organisation; Ahmed Saleh AlBalooshi, CEO Fintech IT Service was the moderator of the event and Dalal Buhumeida was the master of ceremony. Artificial intelligence’s progress in court and law affairs have high expectations. At the same time, the powers of artificial intelligence have been rising so strongly that it is no longer obvious that artificial intelligence applications help in promoting a good society; in fact, they are sometimes harmful. International Conference on Artificial Intelligence in Court and Law Affairs aimed to bring together leading academic scientists, researchers, and research scholars to exchange and share their experiences and research results on all aspects of Artificial Intelligence, Law and Legal Practice. His Excellency Dr Nayef Falah Mubarak Al-Hajraf, General Secretary of the Gulf Cooperation Council and Dr Jassim Haji, President, IGOAI Community opened the conference with their welcome note.

MEA

D E C E M B E R 2 0 21

EVENTS

Dr Idoia Salazar, Co-founder and President, OdiseIA.

DO YOU PREFER TO BE JUDGED IN COURT BY A ROBOT OR A REGULAR HUMAN? Dr Idoia Salazar, Co-founder and President, OdiseIA talked about artificial intelligence and machine learning and said, “People do not know the difference between an artificial intelligence system and a robot really. It is quite confusing for everyone. This technology has some popularity that makes us confuse. One of these is for example machines taking decisions. Before artificial intelligence, there were only humans who were making decisions. Now days we think that machines are taking those decisions.” “There is another question that we must ask ourselves that can a machine be ethical, can a machine be bias or the one that stay bias are humans. Another very important thing that is happening now days that these technologies go so fast. Today we are thinking about something and tomorrow we must think about different things. We must prepare ourselves all the time.”

Dr Lorenzo Cotino Hueso, Professor of Constitutional Law at the University of Valencia.

ARTIFICIAL INTELLIGENCE USES IN JUSTICE AND HOW TO DO IT LEGALLY Dr Lorenzo Cotino Hueso, Professor of Constitutional Law at the University of Valencia addressed the session and said, “I would like to stress that in the European Union we got a lot of problems to admit these kinds of Robotic Judges in the most advance sense. But we have a proposal for an artificial intelligence role. It is presented in this year and for the first time in writing for future law, the possibility of Robotic Judges, the possibility of universities like in the case of United States that it will be used in criminal purposes and predative cases.

D E C E M B E R 2 0 21

MEA

EVENTS

Badr Boussabat, President of AI TOGETHER, Artificial Intelligence Expert.

MAKING JUSTICE EVEN MORE HUMAN THANKS TO ARTIFICIAL INTELLIGENCE Badr Boussabat, President of AI TOGETHER, Artificial Intelligence Expert said, “Judges will interpret more because Artificial Intelligence will give space to resolve. It will help judges to understand cases. Also, you will get higher responsibility because decision making will have a greater value. Current studies say that we will create more jobs and lately, World Economic Forum Research says that we will create more than 80 Million jobs and we will replace all these 60 Million jobs. So, if we compute it is very easy to understand that there is future for judges, there is future for human logic reasoning and Artificial Intelligence will help us to better build a new world.”

Gael Boven, Attorney and Co-founder, Art Can Die and International Forum 4Blockchainers.

ARTIFICIAL INTELLIGENCE RESHAPES THE WORLD OF JUSTICE Gael Boven, Attorney and Co-founder, Art Can Die and international forum 4Blockchainers, “We are using AI tools every day. Even maybe 10 minutes before sitting on alarms, having recommendations on Spotify or Netflix, suggestions on smartphones are AI and this is why AI is defined by its father Mr John McCarthy in simple definition as Science and Engineering of building intelligent machines in the sense that you are creating machines that can duplicate, the triplicate human condition.” “If you take one other aspect which is called machine learning which is really interesting because machine learning gives the ability to a machine to learn from experience. That is something that is really human. That is the gift we have received from God to learn from experience, to have finally a common sense.”

MEA

D E C E M B E R 2 0 21

EVENTS

Jorge Sebastiao, Co-Founder of Global Blockchain Organisation.

FUTURE OF DIGITAL TRANSFORMATION Jorge Sebastiao, Co-Founder Global Blockchain Organisation highlighted artificial intelligence, Bots and blockchain and said, “We are talking about changing the way you do things that means we are going to introduce elements of technology in a process that are going to disrupt the way you have been doing business. The way you have been doing law. So maybe you have been doing this for 50 years, for hundreds of years.” “So, today this disruption is massive and needs to be addressed because no matter how much planning you do and people like Mike Tyson planning every day, when you get hit you never know where the hit is going to come from. So, it is not about having a plan, it is about adjustments to the plans because you are living in a highly dynamic and decentralised environment of today. Everything today happens with the speed of light because everything is based on technology, networking and data and all of these elements are affecting our lives including the lawyer’s lives in a much more disruptive way.”

The conference was concluded with an interactive Question and Answer session with Dr Idoia Salazar, Dr Lorenzo Cotino Hueso, Badr Boussabat, Gael BOVEN, and Jorge Sebastiao and all the speakers were honoured with a token of appreciation at the International Conference on Artificial Intelligence in Court and Law Affairs summit.

D E C E M B E R 2 0 21

MEA

EVENTS

GEC MEDIA GROUP COMPLETES INAUGURAL CHANNEL PARTNERS CONCLAVE AND AWARDS Channel Partners Conclave and Awards, an in-person, regional channel event, brought out by Brand Voize in association with Zarks Media and GEC Media Group, was held at Rixos Premium, JBR in Dubai on 9th December 2021. The in-person event was attended by 100+ Value Added Resellers, System Integrators, and Distributors. The focus of CPCA 2021 event was to bring channel partners up to steam in multiple areas including the latest digital technologies, regional economic trends, tools for channel partners to build their solutions stacks, value additions, cross-sells, loyalty and many more. The CPCA 2021 event partners were D-link, TP link, Dubai Computer Group, Enabler, ASBIS, Channel post, and Enterprise Channels. The regional channel event was inaugurated by Ronak Samantaray, CEO, Global CIO Forum and Arun Shankar, Editor, GEC Media Group with their welcome notes and short overview of the pains and gains of the regional channel industry. The CPCA event witnessed the participation of top channel executives and keynote speakers including Syama Mariam Jilani, Associate Director, Howden Specialty; Shahnawaz Sheikh, Vice President Business Strategy for AmiViz; Nehul Goradia, Co-Founder and Principal Enabler at Enabler ONE; Harrison Albert, Director, D-Link Middle East and Africa; Uzheer Yousuf, Account Manager SMB, TP-Link MEA; and Harsh Bhandari, Business Development Manager, Solutions division at ASBIS.

MEA

D E C E M B E R 2 0 21

EVENTS

The mega-regional in-person channel event also conducted two panel discussions on the topic Channel and the new normal, which included whether the pandemic has contributed to the business of channel positively or negatively and the impact of supply situation and rise in demand effecting the margins of the channel. This discussion was moderated by Arun Shankar, Chief Editor, GEC Media Group with panelists including Dharmendra L. Sawlani Director, Smile Computers LLC and President, Dubai Computer Group; Nehul Goradia, Co-Founder and Principal Enabler at Enabler ONE; and Dr Shailendra Rughwani, Group Managing Director at Experts Computer. Another panel discussion held on Is Channel cloud-ready covered how cloud is growing in the region and its likely impact on channel business and how can channel gain from the cloud and ensure business continuity in these evolving times. The session was moderated by Basil Ayass, Education and Healthcare Regional Lead for MEA at Google Cloud with panelists Nadim Nakkash, Director, Partner Organisation – Middle East, Turkey and North Africa METNA, Vmware; SM Hussaini, CEO, Almoayyed Computers Middle East; Muneeb Anjum, Founder and Chief Executive Officer for AHAD; and Kinda Baydoun, Regional Manager Channel and Distribution, Veeam. The event was concluded with an award ceremony that include top MENA distributor award, top MENA system integrator award, top MENA resellers and var award, top MENA training institutes awards, most innovative vendor partner programme, and most innovative system integrator project. The winner of top reseller category includes Dimension Data, Seven Emirates Computers, Dakat Computer Trading LLC, Ardl AL Ghadeer, Solid Solutions, AL Noori, Musallam, 01 Computers, Al Ershad, Super Tech, Promise Computer, Magnum Connect, Xcell Computers, Global Computers, Arcad World Computer system, Computer care, Capmu Age, IT Park, Majid IT, EDRC Global Computers, Bright Apollo Computer Trading, Supertech Computer Trading, Earth Gate Trading, Blue Bell Computer, Accent Gulf Computer, and Microstate Technology. The winner of top system Integrator category includes NETCO Networks Security Solutions, AHAD Information Technology, Finesse FZ, Almoayyed Computers Middle East, and MMA Infosec. The winner of top distributor category includes Spire Solution, ASBIS, Redington, Trigon, SecureNet, Bulwark Technologies, and Mindware. The winner of top vendor winner category includes Westen Digital, D-Link, Dell Technologies, Toshiba, and Logitech.

D E C E M B E R 2 0 21

MEA

EVENTS

WINNERS

MEA

D E C E M B E R 2 0 21

EVENTS

D E C E M B E R 2 0 21

MEA

EVENTS

MEA

D E C E M B E R 2 0 21

EVENTS

D E C E M B E R 2 0 21

MEA

D E C E M B E R 2 0 21

MEA

D E C E M B E R 2 0 21

CHANNEL

(Left to right) Muffazzal Kajiji Head of Mashreq Gold.; Anand Prabhudesai, Co-Founder, Turtlemint; Dhirendra Mahyavanshi, Co-founder Turtlemint.

Mashreq partners with India based Turtlemint to reduce insurance proposal creation time by 150+% Mashreq has partnered with Turtlemint, a leading insurance distribution platform based out of India, to create a unified and seamless platform for the bank’s insurance customers. The platform will digitally interact with all the insurance providers in Mashreq’s network through APIs built for MashreqPad and consumed by providers. The new proposition will enable information transparency and empower Mashreq’s customers to access the right advice and make an informed choice while buying insurance products. Mashreq bank operates under an open architecture model offering life insurance products to its customers through 4 of the largest providers in the region.

The unified platform built by Turtlemint will enable insurance specialists and relationship managers to seamlessly access the required information and customise proposals for clients. This is expected to reduce the proposal creation time by more than 150%. Several other benefits offered by the platform range from providing a single view of quotes across life insurance categories and sharing multiple quotes of insurers directly with customers to creating a ‘Need Analysis’ for customers and offering customised solutions. An alliance that has already earned itself the distinction of being the first of its kind in the region, is all set to create benchmarks in customer service by optimally leveraging the

right digital tools. This first of a kind alliance exemplifies Mashreq’s commitment to creating intuitive and seamless investment journeys for its customers. Further, it is yet another example of how Turtlemint is optimally leveraging technology to solve for the challenges in insurance distribution and envisage multiple use cases for the already created insurance platform. Further, the regulatory landscape in the UAE is changing as the regulator calls for a more efficient, transparent, and seamless financial ecosystem. Turtlemint’s offerings holistically meet the demands of the new regulations by empowering advisors with the right set of tools that can help them guide clients towards the most suitable insurance solutions. It also fulfils the transparency requirements by enabling the disclosure of risks and costs and helps in creating reports that holistically meet the relevant compliance mandates. These have always been key focus areas for Turtlemint and the change in regulation is a welcome step towards creating a seamless and secure insurance ecosystem in the UAE. In the backdrop of such a landscape, Turtlemint, with its technology first philosophy and commitment to transparency and ethical dealings, is well positioned to partner with financial institutions in the region.

SecureLink and NetSPI partner to provide Cybersecurity Testing Services for MEA SecureLink, the subsidiary of StarLink signed a distribution agreement with NetSPI, a vendor in Enterprise Security Testing and Attack Surface Management, for the MEA region. Pioneers in penetration testing, NetSPI is changing the pen testing scenario to make it easier for enterprises to track trends and improve their vulnerability management program. The Technical Assessments include Web Application Penetration Testing, Mobile Application Penetration Testing, Source Code Review, Infrastructure Vulnerability Assessment, Red Teaming, and Breach and Attack Simulation.

(Left to right) Aaron Shilts President and CEO at NetSPI; Manish Pardeshi, Director, Cybersecurity Practices, SecureLink.

Through this partnership, NetSPI can capitalise on SecureLink’s consultancy, sales, and marketing expertise, utilise the direct connect with decision-makers in their extensive customer base to create and convert opportunities for Cybersecurity Testing Services provided by NetSPI as well as take advantage of the years of trust built by SecureLink in this region.

D E C E M B E R 2 0 21

MEA

CHANNEL

OutSystems partners with EBLA for go to market across GCC starting with Kuwait OutSystems, has partnered with EBLA Computer Consultancy Company to develop a go-to-market strategy for EBLA’s clients across the GCC - with Kuwait enablement as its starting point. The partnership will allow both companies to accelerate their joint GTM activities in Kuwait and Qatar, cater to the transformation goals of EBLA’s customers and prospects, and speed up the development and deployment of cutting-edge and mission-critical applications. “EBLA is an important addition to the OutSystems partner ecosystem in the Middle East. We are extremely thrilled that this partnership will accelerate our efforts to support the growth of the region alongside our mutual goal to support our customers’ digital transformation initiatives,” said Rodrigo Castelo, Vice President Middle East and Africa at OutSystems. OutSystems is a worldwide leader that provides a low-code platform to develop, maintain, and operate custom enterprise-class solutions, supporting end-to-end digital transformation. EBLA always aims to establish partnerships with leading international players providing the latest technologies. It also noted OutSystems innovation in the use of emerging technologies, such as AI and machine

learning, as well as its focus on components and reusability, which enables higher developer productivity in a low-code environment. Enterprises of all sizes are moving towards the adoption of modern application development platforms because of the increasing demand for software automation and innovative applications, and the ease of developing web and mobile apps while keeping overheads low. According to ResearchAndMarkets.com, the low-code development platform market size is expected to see a growth rate of 44.4%, from $4.32 billion in 2017 to $27.23 billion by 2022. The joint venture with OutSystems will make EBLA one of the first movers towards modern application development technologies in Kuwait. Traditional development methods used during implementation take more time and usually require an army of developers, ultimately increasing costs, especially when changes are required. While EBLA has undertaken several digital transformative initiatives for their existing customers and prospects, the need to adopt a modern application development platform was inevitable. As a result, its move towards the OutSystems modern application platform

RODRIGO CASTELO, Vice President Middle East and Africa at OutSystems.

will reduce time and cost through automation and provide added value to its clients. EBLA expects to enhance its project delivery speed by up to eight times with this alliance while significantly reducing dependency on deep technical skills. Following are some other areas where the company will see real value. l The ability to provide breakthrough digital transformation solutions to the government sector. l A rapid increase in time-to-market of projects and change requests. l Increased customer satisfaction and higher retention rates. l The ability to deliver more projects without increasing team size resulting in lower costs and an increase in revenue.

Cisco announces new Enterprise Agreement making it easier for partners, customers to buy and sell At their 26th annual Partner Summit conference, Cisco announced a new Enterprise Agreement to make it easier for partners and customers to buy, sell, and manage Cisco software and services. The single contract increases access to Cisco’s portfolio and solutions, offering predictable costs, choicer, and greater flexibility for organisations looking to accelerate their digital transformation. “Cisco’s new Enterprise Agreement gives our customers and partners a powerful, simple, and extremely flexible way to buy and consume our great software products,” said Reem Asaad, Vice President, Cisco Middle East and Africa. “Our incredible partner ecosystem has already built a multi-billiondollar software business but we’re clearly just getting started. Innovations like the ability to shift investments across the portfolio will help

MEA

us better serve our customers, push further into our business transformation, and drive higher profitability for our partners.” Less Admin. More Results The new Cisco Enterprise Agreement is a cornerstone of Cisco’s ongoing transformation and commitment to supporting partner profitability, as well as streamlining the customer experience. Since their introduction more than 10,000 customers have purchased software and services via the Cisco Enterprise Agreement. The new Cisco EA will bring three key benefits to customers and partners: Simplified Cross-Portfolio Access As organisations adopt more innovative technologies, they face the challenge of managing various licensing agreements. Cisco’s new EA simplifies the experience with: l One set of terms and conditions across

D E C E M B E R 2 0 21

REEM ASAAD, Vice President, Cisco Middle East and Africa.

five portfolios Applications Infrastructure, Networking Infrastructure, Collaboration, Security, and Services.

CHANNEL

UAE University offers training and certification as authorised training partner for Certnexus United Arab Emirates University, UAEU, the first and foremost comprehensive national university in the United Arab Emirates announces the addition of in-demand emerging technology certifications and microcredentials to their curriculum thanks to their new partnership with global certification body CertNexus. As both public and private sectors navigate within the fourth industrial revolution, multivendor and open-source solutions are the norm to provide best in class results. Whether it is employing artificial intelligence or data science to grow a business, implementing a high-value innovation using an internet of things solution, or maintaining secure access to protect customer data through security protocols, it is the people responsible for maintaining and implementing the solutions

that provide the greatest value and highest risk to an organisation. As technology becomes the de facto solution across all industries, the need for skills standardisation is more crucial than ever. CertNexus is committed to providing certification programs that ensure students have best-in-class skill sets to match an organisations business critical technology solution. CertNexus’ certification programs in artificial intelligence, machine learning, data science, IoT and cyber security broaden data, developer, IT, and security professional’s knowledge and empower individuals on how to apply an ethical filter across these data driven technologies, by validating skills using globally recognised curriculum and high stakes examinations. CertNexus micro-credentials provide non-

technical business leaders, project managers, and compliance personnel the necessary knowledge to make informed decisions and lead projects. Whether providing introductory information, a deeper dive in specialised area, or compliance training, micro-credentials are right-sized for the need – validating focused knowledge. Accordingly, the Continuing Education Centre has been providing excellent training and education for Emirati youth to keep pace with the most important global innovations. The Continuing Education Centre at the UAEU has partnered with CertNexus, which offers a variety of emerging technologies in the form of various courses in artificial intelligence, cybersecurity, and the Internet of Things. At the end of each course, an accredited international certificate is presented.

D E C E M B E R 2 0 21

MEA

CHANNEL

CyberKnight to distribute BlueCat’s Adaptive DNS in the Middle East Across industries, cloud continues to be one of the fastest-growing segments of IT spend. Yet, according to Gartner, as cloud computing rapidly proliferates enterprise IT, through 2024, organisations will need to focus on cloud optimisation to become more efficient and cost-effective. As enterprises lean further into their hybrid and multi-cloud strategies, challenges associated with DNS, DHCP, and IP address management create complexities in the form of IP utilisation issues, downtime, compliance infractions, and data loss. As pressure mounts on enterprises to modernise their digital foundations, IT teams report spending 30% of their time fulfilling DNS-related tickets, and only 26% on strategic initiatives. For more than 20 years, BlueCat has been transforming the biggest, most complex business networks around with the world with secure, fast, and flexible Adaptive DNS. BlueCat’s DDI platform centralises the three critical services to create a multiplier effect on

VIVEK GUPTA, Co-Founder and COO at CyberKnight.

an IT teams’ ability to help their organisation increase the resilience of critical infrastructure, leverage DNS data to reduce risk, embrace hybrid cloud, and drive rapid change through automation. Adaptive DNS is dynamic, open, secure, scalable, and automated, helping businesses thrive in hybrid and multi-cloud complexity.

AVEVA appoints AITS as AVEVA Select partner distributor for Gulf region AVEVA, a global vendor in industrial software, driving digital transformation and sustainability, announced that AITS, Advanced Integrated Tech Solution, a provider of innovative technologies for the fourth industrial revolution, has become an AVEVA Select partner for the Gulf region, under a new name AVEVA Select Gulf. Being an AVEVA Select partner allows AITS to deliver AVEVA’s full portfolio of leading-edge industrial software solutions to regional customers that will help them become more sustainable and profitable. As AVEVA’s partner for the Gulf region, AITS has won major contracts across industries over the past four years. These include successful implementations for the Utilities sector as well as deploying Unified Operations Centre, AVEVA’s command-and-control solution for operators, for Water Wastewater, Roads Management, Oil and Gas operations and Smart City projects in the region. The coveted AVEVA Select Partner designation allows distributors to enable customers simplify design, optimise production, and maximise performance. By leveraging the

MEA

breadth of the AVEVA software portfolio, AVEVA Select partners can take advantage of programs designed to suit every product and solution specialisation in the engineering and industrial segments. The AVEVA Select Program offers an effective way for partners to penetrate new markets and build upon existing solutions and local relationships. The AVEVA Select partnership has accelerated the value that AVEVA Select Gulf can provide, empowering their customers and partners to optimise engineering, operations, and asset performance. A common digital thread across all enterprise pillars is enabling a new level of Performance Intelligence using bedrock technologies from Artificial Intelligence AI, Industrial Internet of Things IIoT, big data to the cloud and hybrid solutions. As an authorised AVEVA Select partner, AVEVA Select Gulf can leverage AVEVA’s comprehensive software portfolio, enabling them to help organisations accelerate their digital transformation journeys. With AVEVA’s Engineering solutions, they can assist customers in efficiently delivering capital projects on

D E C E M B E R 2 0 21

ABDALLAH ABDALLAH, Managing Director, AVEVA Select Gulf.

time and within budget. The AVEVA Operations suite eliminates supply chain value leaks while improving operational efficiency and enhancing collaboration. AVEVA Select Gulf can also empower customers and partners to balance operating expenses and risk to optimise performance with AVEVA Asset Performance Management.

SECURITY

48% of children in UAE used smartphones for remote learning finds Kaspersky To provide all their children with the devices they needed for online classes, almost half the families 41% with two or more children had to buy or rent additional devices. It’s interesting to note that 48% of the children in the United Arab Emirates used smartphones for remote learning. Three out of four children 71% experienced technical difficulties connecting to online lessons regularly or periodically. The majority 88% got help from their parents to get their devices working. However, 16% of students resolved technical issues on their own. Three out of four children experienced technical difficulties connecting to online lessons regularly or periodically. The majority 88% got help from their parents to get their devices working. However, 16% of students resolved technical issues on their own. To keep up with lessons, a lot of students had to install additional programs on their devices. For example, 60% started using new video conferencing services, and 48% downloaded interactive simulators and other educational programs. Some parents 26% found it neces-

sary to start using a security solution. Still the demand for digital tools inevitably increased, the educational sector continues to attract the attention of cybercriminals on the Internet. According to Kaspersky research, the most popular lure used to be Zoom. This is not surprising given that Zoom is the most popular platform for virtual meetings, with more than 300 million daily meeting participants. The second most popular was Moodle, followed by Google Meet. The number of users that encountered threats disguised as popular online learning; video conference platforms increased for all but one platform — Google Classroom. To keep your child safe online, regardless of what they’re doing – playing, studying or chatting with friends – Kaspersky offers the Kaspersky Safe Kids solution. It lets parents know exactly how long their child spends online, and also protects them from inappropriate content. In addition, parents can view their child’s current location, which can come in very handy if the child comes home from school alone.

ANDREY SIDENKO, Head of Kaspersky’s Online Child Safety Department.

Customers of 67% top retailers in UAE exposed to email fraud indicates Proofpoint research 70 companies. As per another survey by Proofpoint released a research which identifies that eight out of the top nine online retailers in the UAE have a Domain-based Message Authentication, Reporting and Conformance record in place. However, only three out of the nine 33% retailers have the strictest and recommended levels of DMARC protection in place, which allows them to identify and block fraudulent emails. This leaves customers of 67% of the top retailers in the country exposed to email frauds. As retailers gear for high online sales volumes, it is imperative for them to ensure their customers are safeguarded against potential cybersecurity threats. Cybercriminals traditionally resort to domain spoofing by posing as well-known brands and send out emails from supposedly legitimate sender addresses to trick the customers. These emails are designed

EMILE ABOU SALEH, Regional Director, Middle East and Africa for Proofpoint.

to make the customers share personal details which can then be used to commit frauds. With a DMARC policy in place, retailers can protect employees, customers, and partners from cybercriminals. The UAE-based retailers, however, rank better in comparison to global retailers across the Forbes Global 2000, which comprises

Proofpoint, 30% 21 out of 70 of the Forbes Global 2000 retailers have no DMARC record and are exposed to email fraud and domain impersonation. Moreover, while 70% of the retailers in Forbes Global 2000 have achieved some level of DMARC implementation, only 20% 14 out of 70 retailers have achieved the highest level of protection and are proactively blocking fraudulent emails from reaching customers, partners, vendors, and employees. The research comes at a time of increased demand for online shopping in the UAE, with the market size of the e-commerce industry in the UAE expected to grow from seven billion US dollars in 2020 to reach 17 billion US dollars by 2025, after the adjustments for the effect of the COVID-19 pandemic on e-commerce, according to Statista.

D E C E M B E R 2 0 21

MEA

SECURITY

Global Microsoft Azure customers gain access to expanded Vectra AI threat detection and response Microsoft Azure customers worldwide now gain access to the expanded Vectra AI threat detection and response platform for Azure Sentinel to take advantage of the scalability, reliability, and agility of Azure to shape business strategies. Vectra AI announced the availability of Vectra Detect in the Microsoft Azure Marketplace, an online store providing applications and services for use on Microsoft Azure. Vectra customers can now take advantage of the scalability, high availability, and security of Azure, with streamlined deployment and management. Vectra creates security-derived, AI-driven threat detection and response that delivers key Zero Trust capabilities for Microsoft 365 and Microsoft Azure customers. A member of the Microsoft Intelligent Security Association, Vectra created and integrated custom workbooks in Azure Sentinel to streamline incident response across the platform’s

RANDY SCHIRMAN, VP of Service Delivery at Vectra AI.

ecosystem of tools and enable security analysts and SOC teams to prioritise their investigation and remediation efforts more efficiently. Vectra

also partners with Microsoft on its Zero Trust security framework. The Vectra Detect built-in web interface enables security analysts to efficiently prioritise their investigations starting with the most critical, provides an overview of all accounts and hosts exhibiting suspicious behaviour, identifies campaigns involving multiple hosts, and is enabled to break down individual detections for further investigation. Vectra Detect Workbooks for Azure Sentinel offer customers a range of benefits including: l Automated incidents in Azure Sentinel based on configurable threat and certainty score thresholds from Vectra l Forensic analysis on incidents to identify and pinpoint the devices, accounts, and attackers involved in any given situation l Vectra detections direct to enterprise Azure Sentinel workbooks for the immediate attention of SOC teams

Organisations should consider integrating third-party solutions to strengthen email security says Barracuda Barracuda Networks furthered its commitment to deliver email security solutions which are easy to buy, deploy, and use with the announcement of three new email protection plans which scale to meet customers’ evolving threat protection needs. Barracuda’s comprehensive solutions combine gateway and API-based AI technology to detect and remediate threats and reduce the risk that a malicious attack succeeds by immediately and automatically eliminating the user’s ability to view or launch flagged emails. Recent attacks have shown that Office 365 native security alone has gaps and that third-party solutions are required to ensure customers are fully protected. According to Gartner, Microsoft Defender for Office 365 MSDO offers a wide set of email security capabilities, but due to the rise in business email compromises, account takeovers and other sophisticated attacks, many times some malicious emails are actually missed by MSDO, and in fact by any other email gateway solutions.

MEA

Therefore, organisations should strongly consider integrating third-party solutions to strengthen their email security capabilities. Aside from traditional gateway solutions, security and risk management leaders should evaluate API-based solutions to act as an additional layer of protection. With Barracuda, customers receive an integrated and validated suite of capabilities to protect their people and business which includes: l Threat prevention: Prevent attacks from getting through by combining email-gateway defences, API-based inbox defence, and web security. l Post-delivery detection and response: Identify and limit the impact of any threats that reach users with automated response and user security awareness training. l Data protection: Ensure compliance and stay productive during downtime. Back up important Office 365 email and data to recover easily from malware attacks or lost data.

D E C E M B E R 2 0 21

DON MACLENNAN, SVP, Engineering AND Product Management, Email Protection, Barracuda.

Automated workflows: Easily create custom workflows to completely automate incident response. l SIEM, SOAR, XDR integrations: Publicfacing APIs for integrating with third-party platforms to enable seamless and consistent response to security events. l BarracudaData Inspector: Data classification capabilities to help find sensitive data such as Personal Identifiable Information PII and malware. l

SECURITY

Nozomi Networks announces updates in Vantage, cloud-based OT IoT network security solution Nozomi Networks announced new updates in Vantage, the first cloud-based OT IoT network security solution that equips security professionals and industrial operators with actionable, AI-driven insights to manage risk and speed precise remediation. The new enhancements help eliminate “alert fatigue” by narrowing down the hundreds of notifications security teams have to parse to determine the severity of vulnerabilities. According to Ponemon Research, 52% of organisations say they are at a disadvantage in responding to vulnerabilities because they use a manual process and 72% say difficulty in prioritising vulnerabilities contributes to patch delays. ESG Research finds 34% of cyber security professionals reported their biggest vulnerability management challenge is prioritising which vulnerabilities to remediate. In this latest upgrade, Nozomi Networks continues to expand vulnerability management automation and intelligence with new prioritisation metrics for vulnerability assessments. New Vantage features include: PRIORITISED VULNERABILITY MANAGEMENT l

With the new vulnerability dashboard,

operators can quickly visualise all the OT and IoT vulnerabilities in the network, prioritise which vulnerabilities pose the greatest risk, and assess the level of effort to address the issues network-wide. Vantage provides: l Actionable insights on remediation steps, patches, and upgrades. l Built-in analytics scores that highlight which corrections will have the biggest impact on risk reduction, as well as identify which may be more labour-intensive. In addition to the Vantage vulnerability management process, Vantage leverages an AI-driven threat detection engine that analyses endpoint and network configurations, traffic flows, and network packet contents to provide the deepest and most sophisticated insights for OT networks in the industry.

ANDREA CARCANO, Co-Founder and Chief Product Officer at Nozomi Networks.

specific threats, simplifying and accelerating operational response. l Can be customised to specify workflows for each alert and to address individual customer environments and workflows. l Can be shared between organisations.

CUSTOMISED PLAYBOOKS FOR PRECISE RESPONSE

In addition to customising alerts for specific threats and vulnerabilities, now security professionals have the option to supplement these notifications with custom playbooks designed to guide response plans for each alert. These playbooks: l Precisely guide remediation steps for

STREAMLINED OPERATIONS

With Vantage, security professionals can quickly manage multiple hundreds or thousands of sites with limited resources. l The SaaS-based solution is easy to deploy and runs in the cloud, providing near zero-cost setup and ongoing maintenance.

93% UAE businesses concerned about ransomware attack this holiday season finds Cybereason Cybereason, published a global study of 1,200+ security professionals at organisations that have previously suffered a successful ransomware attack on a holiday or weekend. The study highlights the disconnect between organisational risk and preparedness. The report, titled Organisations at Risk: Ransomware Attackers Don’t Take Holidays, found that the vast majority of security professionals in the UAE 93% expressed high concern about imminent ransomware attacks. In spite of this concern, there seems to be a disconnect between the risk ransomware poses to organisations during these off-hour periods and their preparedness — in terms of personnel and technology — to respond, moving into the holiday season.

This has unfortunately meant that often times cybersecurity professionals have had to put off personal engagements and weekend plans in order to respond to the attacks — 90% of UAE respondents indicated they have missed a holiday or weekend activity because of a ransomware attack.

LIOR DIV, CEO and co-founder, Cybereason.

TECHNOLOGY ISSUES

THE HUMAN ELEMENT

An indicator of the disconnect between the perceived risk and preparedness is that 39% of respondents in the UAE attributed the previous successful holiday ransomware attack to not having the right cybersecurity coverage plan or because the company was only operating a skeleton crew.

On the technology front, 65% of UAE respondents 16% higher than the global average said a ransomware attack against their organisation was successful because they did not have the right security solutions in place. Most concerning was the fact that just 44% reported having an Endpoint Detection and Response EDR solution in place. As EDR is a foundational building block of a robust cybersecurity posture, this is particularly alarming.

D E C E M B E R 2 0 21

MEA

SECURITY

Proofpoint observes weekly campaigns targeting foreign policy experts, NGOs from DRC state actor Throughout 2021, Proofpoint has tracked ongoing credential theft campaigns from TA406, an actor associated with the Democratic People’s Republic of Korea DPRK. Our analysts have tracked TA406 campaigns targeting customers since 2018, but the threat actor’s campaigns remained low in volume until the beginning of January 2021. From January through June 2021, Proofpoint observed almost weekly campaigns targeting foreign policy experts, journalists and

nongovernmental organisations NGOs. l Throughout 2021, the North Korea-aligned threat actor TA406 conducted frequent credential theft campaigns targeting research, education, government, media and other organisations. l Proofpoint considers TA406 to be one of several actors that make up the activity publicly tracked as Kimsuky, Thallium and Konni Group. l TA406 doesn’t usually employ malware

Kaspersky observes Lazarus group attacking defence industry using MATA malware framework Advanced persistent threat actors continuously advance their ways of working. While some choose to remain consistent in their strategy, others adopt new techniques, tactics and procedures. In Q3, Kaspersky’s researchers witnessed Lazarus, a highly prolific advanced threat actor, developing supply chain attack capabilities and using their multi-platform MATA framework for cyber-espionage goals. This and other APT trends from across

MEA

the world are revealed in Kaspersky’s latest quarterly threat intelligence summary. Lazarus is one of the world’s most active threat actors and has been active since at least 2009. This APT group has been behind large-scale cyber-espionage and ransomware campaigns and has been spotted attacking the defence industry and the cryptocurrency market. Having a variety of advanced tools at their disposal, they seem to have chosen to apply

D E C E M B E R 2 0 21

in campaigns. However, two notable 2021 campaigns attributed to this group attempted to distribute malware that could be used for information gathering. l TA406 engages in espionage, cybercrime and sextortion. In this report, we describe in detail many of the campaigns and behaviours associated with an actor operating on behalf of the North Korean government: TA406. We begin by explaining how TA406 is associated with Kimsuky, a threat actor name broadly tracked by the threat intelligence community. We then elaborate on how Proofpoint tracks the activity of TA406 as three separate threat actors—TA406, TA408 and TA427. Also, we detail the differences between these actors, based on Proofpoint’s visibility. This report also examines campaign timing and targeting by TA406, and it provides a look into how TA406 conducts phishing campaigns, including the tools and services used. TA406 employs both malware and credential harvesting in espionage and information-gathering campaigns. This report details several examples of each, including different types of credential collection and two implants used by TA406 that haven’t been discussed before in open-source reporting.

them to new goals. In June 2021, Kaspersky researchers observed the Lazarus group attacking the defence industry using the MATA malware framework, which can target three operating systems – Windows, Linux and macOS. Historically, Lazarus has used MATA to attack various industries for cybercrime purposes, such as stealing customer databases and spreading ransomware. However, this time our researchers tracked Lazarus using MATA for cyber-espionage purposes. The actor delivered a Trojanised version of an application known to be used by their victim of choice – a well-known Lazarus characteristic. Notably, this is not the first time the Lazarus group has attacked the defence industry: their previous ThreatNeedle campaign was carried out in a similar fashion in mid-2020. Lazarus has also been spotted building supply chain attack capabilities with an updated Death Note cluster, which consists of a slightly updated variant of BLINDINGCAN, malware previously reported by the US Cybersecurity and Infrastructure Security Agency CISA.

SECURITY

20% of ransomware intrusions responded by Mandiant attributed to FIN12

KIMBERLY GOODY, Director of Financial Crime Analysis at Mandiant.

Mandiant has released a comprehensive report detailing FIN12, an aggressive, financially motivated threat group behind prolific ransomware attacks since October 2018. Almost 20% of the ransomware intrusions Mandiant has responded to in the past year were attributed to FIN12. FIN12 is unique among many tracked ransomware-focused actors today because they do not typically engage in multi-faceted extortion and have disproportionately impacted the healthcare sector. They are also the first group promoted by Mandiant to a named FIN or financially motivated threat group who specialises in a specific phase of the attack lifecycle—ransomware deployment—while relying on other threat actors for gaining initial access to victims. This specialisation reflects the current ransomware ecosystem, which is comprised of various loosely affiliated actors partnering together, but not exclusively with one another. FIN12 victim organisations have been overwhelmingly located in North America; however, there is some evidence that FIN12’s regional targeting has been expanding. Since the first half of 2021, they have targeted twice as many organisations outside North America. These organisations have been based in several countries, including the United Arab Emirates. The group’s targeting appears to be relatively industry agnostic, but the group has disproportionately impacted healthcare organisations even in the midst of the COVID-19 pandemic. Almost 20% of observed victims have been in the healthcare industry and many of these organisations operate healthcare facilities. The remaining victims have operated in a broad range of sectors, including but not limited to business services, education, financial, government, manufacturing, retail, and technology. The average annual revenue of observed FIN12 victim organisations was more than $6 billion and almost all the organisations made more than $300 million, based on data compiled from ZoomInfo. This number could be inflated by a few extreme outliers and collection bias; however, FIN12 generally appears to target larger organisations than the average ransomware affiliate. Throughout FIN12’s lifespan, the group has relied upon multiple different threat clusters for malware distribution and the initial compromise stage of their operations. FIN12 has likely established close partnerships with these initial access providers; in most incidents where the initial intrusion was identified, FIN12 activity was observed on the same day as the initial access campaign. Most notably, FIN12 shares a close working relationship with the operators of TRICKBOT and BAZARLOADER. Beyond leveraging accesses obtained via these malware families, FIN12 has used overlapping toolsets and services, including backdoors, droppers, and codesigning certificates. Despite clear patterns across their intrusions, FIN12’s post-compromise TTPs have evolved over time. This type of slow evolution is to be expected of any threat group that maintains operational coherence during a period of months or years. These shifts are likely due to various intersecting factors such as the threat actors learning more about their craft, developing new tools and community relationships, or changes in a threat group’s membership over time. Some of the most important developments in FIN12’s post-compromise TTPs have included changes in the way they’ve relied on TRICKBOT, patterns in their use of post-exploitation frameworks, and the ways in which they’ve obfuscated their BEACON payloads. Mandiant suspects that FIN12 is likely comprised of Russian-speaking actors who may be located in countries in the Commonwealth of Independent States CIS. FIN12 has not been observed to have targeted CIS-based organisations and identified partners, and all currently identified RYUK users have spoken Russian. Additionally, GRIMAGENT malware, which Mandiant has only observed in FIN12 incidents to date, contains Russian-language file resources including graphical components containing Russian text.

D E C E M B E R 2 0 21

MEA

SPECIAL REPORT

INDUSTRY OFFERS GUIDANCE ON VULNERABILITIES AROUND LOG4J LIBRARY A vulnerability with the highest possible severity of 10, impacting opensource Java logging library Log4j, was disclosed on GitHub on 09 December.

(Left to right) Amit Yoran, Chairman and CEO, Tenable; Jonathan Tanner, Senior Security Researcher, Barracuda; Yonatan Striem-Amit, CTO and Co-Founder, Cybereason; Danny Kim, Principal Architect, Virsec; John Hultquist, VP Intelligence Analysis, Mandiant; Johannes B Ullrich, Dean of Research, SANS.edu; Sean Gallagher, Senior Threat Researcher, Sophos.

vulnerability impacting Log4j versions 2.0 through 2.14.1 was disclosed on the project’s GitHub on December 9, 2021. The flaw has been dubbed Log4Shell and has the highest possible severity rating of

10. Log4j is an open-source Java logging library that is widely used in a range of software applications and services around the world. The vulnerability can allow threat actors to take control of any Java-based, internet-facing server and engage in remote code

MEA

D E C E M B E R 2 0 21

execution attacks. Most login screens in the world typically audit failed login attempts, meaning that virtually every authenticated page using Log4j is vulnerable. Browser search bars are also often logged and expose systems to this flaw. Exploiting the flaw is fairly trivial. An attacker can exploit the vulnerability by simply sending a malicious code string that gets logged by Log4j. At that point, the exploit will allow the attacker to load arbitrary Java code and take control of the server.

SPECIAL REPORT

AMIT YORAN, Chairman and CEO, Tenable. THIS IS THE SINGLE BIGGEST VULNERABILITY IN THE HISTORY OF MODERN COMPUTING The Log4j Remote Code Execution Vulnerability is the single biggest, most critical vulnerability of the last decade. When all of the research is done, we may in fact learn that it is the single biggest vulnerability in the history of modern computing. This kind of vulnerability is a reminder that organisations must develop mature cybersecurity programmes to understand cyber risk in a dynamic world. We encourage organisations to update their security controls, assume they have been compromised and activate existing incident response plans. The number one priority now is to work with your in-house information security and engineering teams or partner with an organisation that conducts incident response to identify the impact to your organisation.

CISA’S VULNERABILITY GUIDANCE ON APACHE LOG4J

Widespread use simply increases the likelihood that vulnerabilities will be found, not necessarily the likelihood that they will exist

US based Cybersecurity and Infrastructure Security Agency, CISA and its partners, through the Joint Cyber Défense Collaborative, are responding to active, widespread exploitation of a critical remote code execution vulnerability in Apache’s Log4j software library, versions 2.0-beta9 to 2.14.1, known as Log4Shell and Logjam. Log4j is very broadly used in a variety of consumer and enterprise services, websites, and applications—as well as in operational technology products—to log security and performance information. An unauthenticated remote actor could exploit this vulnerability to take control of an affected system. Apache released Log4j version 2.15.0 in a security update to address this vulnerability. However, in order for the vulnerability to be remediated in products and services that use affected versions of Log4j, the maintainers of those products and services must implement this security update. Users of such products and services should refer to the vendors of these products, services for security updates. Given the severity of the vulnerability and the likelihood of an increase in exploitation by sophisticated cyber threat actors, CISA urges vendors and users to take the following actions. This RCE vulnerability—affecting Apache’s Log4j library, exists in the action the Java Naming and Directory Interface takes to resolve variables. Affected versions of Log4j contain JNDI features—such as message lookup substitution—that do not protect against adversary-controlled Lightweight Directory Access Protocol, LDAP and other JNDI related endpoints. An adversary can exploit this vulnerability by submitting a specially crafted request to a vulnerable system that causes that system to execute arbitrary code. The request allows the adversary to take full control over the system. The adversary can then steal information, launch ransomware, or conduct other malicious activity.

D E C E M B E R 2 0 21

MEA

SPECIAL REPORT

JONATHAN TANNER, Senior Security Researcher, Barracuda. CHECKING FOR VULNERABILITY AND RISKS FROM UNSUCCESSFUL REMEDIATION The first thing to check is whether any version of log4j prior to 2.15.0 is being used, including from dependencies. Maven and Gradle both have ways to print the entire dependency tree for a project, which will allow for determining whether or not a vulnerable version of log4j is being used. Even with version 2.15.0 or greater, it should also be verified that the format MsgNoLookups system property is not set to true since this version is only not vulnerable because it set the default value of this from true to false. In some versions of log4j, this property can simply be set to false manually to mitigate the vulnerability. If the application does not require LDAP as part of its legitimate usage, it is also possible to block all LDAP traffic with a Firewall or Web Application Filter to prevent remote code from being reached should the vulnerability be exploited. These, however, only check whether or not log4j is capable of utilising this RCE vulnerability. Whether or not a system is truly vulnerable to an attack is a much more complicated issue without a single test the likes of which vulnerabilities like HeartBleed had. In order to exploit this vulnerability, an attacker would need to perform a log injection attack. Finding these is a much more complex process, but essentially anywhere that input from a user or potential attacker is logged may be vulnerable to this exploit. Thus, testing for an actual RCE would require trying to find a way to make a JNDI LDAP request within the logs from the user context itself, example through the web site or API if the potentially affected application is a web application. Since this vulnerability allows for Remote Code Execution, the risks are pretty high in the event that a vulnerability exists. An attacker could potentially gain a foothold into the network and from there try to access critical resources and data. Being a very popular open-source library, the occurrences of vulnerable applications was certainly higher as a result. In general, any software can be vulnerable to attacks and often popular open-source software will have a large ecosystem looking for and patching security threats. Thus, while open-source software gains the majority of the headlines when major security flaws are found, this does not mean that it is proportionately less secure and in fact is more likely much more secure than propriety code or less popular libraries. Widespread use simply increases the likelihood that vulnerabilities will be found, not necessarily the likelihood that they will exist. When looking for open-source libraries, organisations should seek out large, reputable, well-maintained projects like log4j for

MEA

D E C E M B E R 2 0 21

the reasons listed above. Obviously, vulnerabilities may still exist, but the community is more likely to find and patch these vulnerabilities, as well as check that code seems free of bugs that could create vulnerabilities in the first place, than with smaller projects. Even for those with applications not vulnerable to CVE-2021-44228 or not even using log4j for logging, this vulnerability is definitely a wake-up call that log injection is a potential method that attackers might use. It would be worthwhile to check that any user input being logged is properly sanitised in any application, regardless of what logging system or even programming language is being used. While other forms of injection are much more prevalent and focused on, log injection is still a form of injection attack and thus falls under the OWASP Top 10 vulnerabilities.

YONATAN STRIEM-AMIT, CTO and Co-Founder, Cybereason. CYBEREASON RELEASES VACCINE TO PREVENT EXPLOITATION OF APACHE LOG4SHELL VULNERABILITY Cybereason researchers have developed and released a vaccine for the Log4Shell vulnerability. The vaccine is now freely available on GitHub. It is a relatively simple fix that requires only basic Java skills to implement and is freely available to any organisation. Cybereason previously announced that none of the company’s products or services were impacted by the vulnerability. We recommend patching affected systems as soon as possible. For systems that cannot be updated or at least not updated immediately, Cybereason researchers have discovered a way to disable the vulnerability. Logout4Shell is a vaccine to protect against exploits targeting the Log4Shell flaw. You can permanently close the vulnerability by causing the server to save a configuration file, but that is a more difficult proposition. The simplest solution is to set up a server that will download and then run a class that changes the server’s configuration to not load things anymore. Organisations and security professionals are scrambling to update Log4j to patch the bug, while attackers are actively scanning the Internet for affected systems. There are already tools developed to automatically attempt to exploit the bug. You should still update your Apache systems to permanently remediate the vulnerability, but patching takes time, and some systems may not be able to be updated immediately—or at all. The recommended guidance is to upgrade as soon as possible to Apache log4j-2.1.50.rc2. All prior 2.x versions are vulnerable. This fix will disable the vulnerability and allow you to remain protected while you assess and update your servers.

SPECIAL REPORT

DANNY KIM, Principal Architect, Virsec. APPLICATIONS AND DOWNSTREAM BEHAVIOURS MUST BE MONITORED AT ALL TIMES On the heels of the log4j vulnerability, security practitioners were reminded how severely a RCE vulnerability can devastate an enterprise. Even more so, a vulnerability found in third-party software that an enterprise does not control leaves their security practitioners unable to properly secure their environments. A recent CVE from Microsoft regarding their iSNS server is another example of a RCE vulnerability found in third-party software. This vulnerability allows a user with a specially crafted input to execute arbitrary code on the host. The seemingly endless number of vulnerabilities found is a tell-tale sign that software will never be perfect, but with adequate runtime protection and application controls can be safeguarded against itself to ensure it never behaves outside of its intended limits. Successful RCE vulnerabilities rely not only on the vulnerability to gain access, but also on available downstream actions to carry out an attack - the log4j and iSNS vulnerability are the exact same way. Applications and their downstream behaviours must be monitored at all times to ensure it does not break from its expected execution.

NICHOLAS LUEDTKE, Principal Analyst, Mandiant. THE IMPACT RANGES FROM VERY BAD TO SLIGHTLY LESS BAD Log4j is a library that is built into the logging functionality of a very large part of the Internet. It is embedded and used by a ton of software that run websites, clouds, security services, games. Because logs are important for security, debugging, and audit trails, it is very common for some part of user-controlled data to go directly into log files. Those two aspects coupled by the trivial nature of exploitation of this vulnerability make it very serious. Attackers only need to find a vector by which they can cause a crafted string to be inserted into a logfile of a vulnerable system. Once they have achieved that, the impacts to an enterprise can be wide. Obviously, they could gain a foothold on the victim’s network; that foothold may be privileged if the product that was compromised was an administrative or security component. They can also leak environment variables from the compromised systems which can lead credentials being leaked if they are stored

An adversary can exploit this vulnerability by submitting a specially crafted request that causes the system to execute arbitrary code in an environment variable. Additionally, because of the embedded nature of this library into other software, as a consumer, it is very difficult to tell what products you have in your environment that might be using it. If you cannot do that first task quickly or completely, mitigation becomes very difficult. The impacts from this one varies on what system is doing the logging and what permissions that system has, but they range from very bad to slightly less bad.

JOHN HULTQUIST, VP Intelligence Analysis, Mandiant. We have seen Chinese and Iranian state actors leveraging this vulnerability, and we anticipate other state actors are doing so as well or preparing to. We believe these actors will work quickly to create footholds in desirable networks for follow on activity which may last for some time. In some cases, they will work from a wish list of targets that existed long before this vulnerability was public knowledge. In other cases, desirable targets may be selected after broad targeting. The Iranian actors who we have associated with this vulnerability are particularly aggressive, having taken part in ransomware operations that may be primarily carried out for disruptive purposes rather than financial gain. They are also tied to more traditional cyber espionage.

This vulnerability can be everywhere

D E C E M B E R 2 0 21

MEA

SPECIAL REPORT

JOHANNES B ULLRICH, Dean of Research, SANS.edu THIS IS NOT A PROBLEM WITH APACHE, THE APACHE SOFTWARE FOUNDATION MAINTAINS LOG4J2 On December 9th, LunaSec published a blog post with details regarding a vulnerability in the log4j2 library. This vulnerability became quickly known as log4shell, and CVE-2021-44228 was assigned to it. Let us start with a couple of FAQs: l This is not a problem with Apache. The Apache Software Foundation maintains log4j2. They do a lot of great stuff, not just the webserver. Log4j is not part of the Apache webserver. l Not all software using Java is vulnerable. Only software that includes the log4j2 library is vulnerable. l Any string that is logged via log4j2 could potentially be used to exploit this vulnerability.

SEAN GALLAGHER, Senior Threat Researcher, Sophos. THIS IS NOT A PROBLEM WITH APACHE, THE APACHE SOFTWARE FOUNDATION MAINTAINS LOG4J2 With the exception of crypto mining, there is a lull before the storm in terms of more nefarious activity from the Log4Shell vulnerability. We expect adversaries are likely grabbing as much access to whatever they can get right now with the view to monetize and capitalize on it later on.

MEA

D E C E M B E R 2 0 21

The first thing to check is whether any version of log4j prior to

2.15.0 is being used

The most immediate priority for defenders is to reduce exposure by patching and mitigating all corners of their infrastructure and investigate exposed and potentially compromised systems. This vulnerability can be everywhere. Where systems have been identified as vulnerable, defenders should run an incident response process and monitor for signs of remote access trojans such as C2 call-backs. Secrets stored on exposed systems should also be rotated, particularly if they are exposed in environment variables. Lastly, consider critical thirdparty vendors who may also be at risk. l Sophos is seeing a rapid uptick in attacks exploiting or attempting to exploit this vulnerability, with hundreds of thousands of attempts detected so far. l Crypto mining botnets are among the earliest attack adopters; botnets focus on Linux server platforms, which are particularly exposed to this vulnerability. l Sophos has also seen attempts to extract information from services, including Amazon Web Services keys and other private data. l Sophos observed that attempts to exploit network services start by probing for different types. Around 90% of the probes Sophos detected were focused on the Lightweight Directory Access Protocol. l A smaller number of probes targeted Java’s Remote Interface, but Sophos researchers noted that there seem to be a larger variety of unique RMI-related attempts. l Sophos expects adversaries to intensify and diversify their attack methods and motivations in the coming days and weeks, including the possibility of leveraging for ransomware.

DELL TECHNOLOGIES SERVICES

1 YEAR ONSITE SERVICE after remote diagnosis included. If an issue is covered by Limited Hardware Warranty cannot be resolved remotely, Dell will come to you, usually within 1-2 business days. Support when and where you need it.

24x7 access to Genuine Dell Support. Hassle free. You don’t need to mail in your PC for repairs. Worry free & secure. Your PC stays in your possession. SupportAssist, the smart technology that keeps your PC running like new. LEARN MORE > For Sales Enquiries Contact: Mitsumi Distribution FZCO Tel: +971 4 370 6058 Email: supportae@mitsumidistribution.com Dell Technologies, Dell, EMC, DellEMC, [Inspiron] and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners. Ultrabook, Celeron, Celeron Inside, Core Inside, Intel, Intel Logo, Intel Atom, Intel Atom Inside, Intel Core, Intel Inside, Intel Inside Logo, Intel vPro, Itanium, Itanium Inside, Pentium, Pentium Inside, vPro Inside, Xeon, Xeon Phi, and Xeon Inside are trademarks of Intel D©E2021 CE MInc. BAll Erights R 2reserved. 0 21 Dell Computers (PTY) Ltd. P.O. Box 41 Corporation or its subsidiaries in the U.S. and/or other countries. Microsoft and Windows are registered trademarks of Microsoft Corporation. Dell 71170, Bryanston, 2021, South Africa. E&OE MEA

COVER STORY

200+ CIOs and IT executives attend

Global CIO Forum’s World CIO Summit in Ajman The world CIO 200 Roadshow 2021 culminated its grand finale on 5th & 6th December 2021.

The World CIO 200 Roadshow 2021 culminated with its grand finale on 5th and 6th December. It brought together top global CIO and IT executives and included insightful presentations, technology talks, round table sessions, fireside chat and panel discussions at Topaz Ballroom, Fairmont Ajman in UAE along the theme of #ChangeX. This year, the roadshow has covered 36+ countries and provided a platform to a large number of exhibitors with foremost engaging sessions. Over 4,000 C-Level executives have been recognised in the 2021 edition. The World CIO 200 Summit event partners were Dell Technologies, Mindware, Automation Anywhere, Arcon, Logitech, AWS, Redington, Zero&One, Huawei, Alcatel-Lucent Enterprise, Pure Storage, VAD, Akamai, Veritas, BMB, Exclusive Networks, F5, StorIT, Infoblox, Citrix, Laserfiche, TechnePlus, Spectrum Networks, Infinite Blue, BITS, Paessler, Secure Net, Finesse, PROW at the Forefront and RNS Technology Services. The summitbuilt roadmaps for strategic decision making and identified yardsticks that are the key drivers of growth in the digital world. The World CIO 200 Summit 2021 grand finale was inaugurated by Ronak Samantaray, CEO, Global CIO Forum and Anushree Dixit, Global Head of Content and Strategic Alliances, Global CIO Forum with their welcome address.

MEA

D E C E M B E R 2 0 21

COVER STORY

The first day of the event was joined by the top industry’s leaders including Sandrine El Khodry, Vice president Middle East and Africa, Alcatel Lucent Enterprise; Krishnan Gopi, CEO, TMRW; Venkatesh Mahadevan, CIO, Dubai Investments; Dinesh Chandra, Regional VP and Head of ME, Automation Anywhere; Faisil Syed, Digital Transformation Manager, SEHA Abu Dhabi; Samer Semaan, Channel Manager Middle East, Pure Storage; Loubna IMENCHAL, Vice-President and Head of Logitech for Enterprise business AMECA at Logitech Africa Middle East Turkey Central Asia; and Soheyl Kadjani, SVP and Head of Technology Strategy, Transformation and Fabric First Abu Dhabi Bank. Further, there was another panel discussion on AI Transforming the Future: Promises, Opportunities, and Challenges of Artificial Intelligence with panelists including Dr Jassim Haji, President, Artificial Intelligence Society; Emmanuel R - Co-Director, Global AI Ethics Institute; Aco Momcilovik, Co-Director - Global AI Ethics Institute and Co-Founder - IGOAI Country Advisor : Croatia; Dr Thiago Felipe S. Avanci, Lawyer, Professor of Law, Board Member - CEST, POLI, USP; IGOAI; GAIEI; FISP; Jamal Berrich, Professor and Member of ‘Maison de l’intelligence artificielle’ - Mohammed First University Oujda; Jorge Sebastiao, Co-Founder - Global Blockchain Organisation; Moderator Dr Manal Jalloul - Founder, AI Lab; Certified Instructor and University Ambassador, NVIDIA; Lecturer, American University of Beirut.

D E C E M B E R 2 0 21

MEA

COVER STORY

The second day of the event started with morning yoga and wellness session with Ektaa Sibal, Global Wellness Ambassador - Global CIO Forum and India’s #1 Inner-Self Transformation Specialist. Later, the event was also joined by top keynote speakers including Anil Bhandari, Chief Mentor ANB and Arcon; Adeshola Onadipe, World Peace Ambasaddor; Abidali Neemuchwala, Chairman and CEO, Compass Digital Acquisition Corporation and Venkatesh Mahadevan, CIO, Dubai Investments; Ali El Kontar, Founder and CEO, Zero&One; Setiaji, ICT Department of West Java Province Head of Department; Gaurav Mazumdar, Grammy Nominated Sitarist and Music Composer and Educator; Abidali Neemuchwala, Chairman and CEO, Compass Digital Acquisition Corpotation and Venkatesh Mahadevan, CIO, Dubai Investments; Abdul Rahim; Spectrum Networks; Natalie Hore, Founder, Azraq; Wissam Al Adany, CIO, Ghabbour Auto; Selestin Thomas, Nissan Digital General Manager - Digital Technology and IT Infra; and Ektaa Sibal, Global Wellness Ambassador - Global CIO Forum | India’s #1 Inner-Self Transformation Specialist. The World CIO 200 Roadshow 2021 has four award categories including Legend CIO, Leader CIO, Master CIO, and Next-generation CIO: l Legend CIO: Lifetime achievement awards. l Master CIO: Experience of more than 15-20 years and unparalleled technological experience in a career life span. l Legend CIO: Experience of 10-15 years and multiple domain expertise. l Next-generation CIO: Experience of 5-10 years or less and undertaken mammoth projects in a less span of time. The announced winners of The World CIO 200 Summit Legend category include Yahyah Pandor, Venkatesh Mahadevan, Mamoun Alhomssey, Fahad Deshmukh, Jaleel Rahiman, Mohammed Shakeel Ahmed, Jacob Mathew, Atul Aggarwal, Umesh Moolchandani, Lt. Col

MEA

D E C E M B E R 2 0 21

Dr. Hamad Khalifa Al Nuaimi, Frank Watts, Aditya Kaushik, Mohamed Taleb, Jayesh Maganlal, Naghman Rafique Akhtar, Jayakumar Mohanachandran, Ahmed Ebrahim Alahmad, Vinay Sharma, Shailesh Mani, Damian O’Gara, Abdalla Al Ali, Mubarik Hussain, Manish Bindra, Mario Foster, Walid Elsahar, Madhukar Chaturvedi, Zaheer Kazi, Mustansir Aziz, Dr. Syed Mahsud Ali, Soheyl Kadjani, Mohamed Absar, Ayman Mohammed Alqudsi, Jayakrishnan AK, Suresh Muthuvanath, Aiman Othman, Rawad Bader, Kashif Rana, Pankaj Bajaj, Nitin Bhargava, Aiedh Al-Zahrani, Fayaz Ahamed Badubhai, Omar Al Shaiba, Aslam Rashid Khan, Anup Das, Dr. Kadeeja Mansoor, Anindo Banerjee, Santosh Shetty, Roger Tabbal, Sunando Chaudhuri, Vimal Dev, Himanshu Srivastava, and Jasim Mohamed. The announced winners of The World CIO 200 Summit Leader category include Shah E Room Khan, Muhamed Noufel, Qusai Almeqdadi, Nithin Geo Thomas, Yoosaf Lulu, Yousif Al Ali, Sabin Subramannian, Pragnesh Menon, Marwan Al Ahmad, Sheridan Moodley, Vivek Chandran, Ahmed Mahrous, Sulaiman Alhenaki, Suliman Enizi, Lijeesh Rajan, Shrenik Jain and Mohammed Al-Dhufairi. The announced winners of The World CIO 200 Summit Master category include Shijin Prasad, Sunil Nair, Aliasgar Bohari, Mohammad Shahzad, Himanshu Puri, Fady Sleiman, Adam Docrat, Siddiqui Altaf, Hafeez Sheikh Muhammad, Samit Jha, Saif Al Siksek, Srinivasa Narasimhaiah, Ali Ghunaim, Ayman Medakka, Hasnain Juzer Ali, Radi Karnib, Arul Vigin, Syed Naqvi, Pradeep Nair, Ahmed Shawky, Eyad Kashkash, Ahmed Nabil Mahmoud, Vibin Vijayakumar, Omar Al Marzooqi, Jacobus Coenraad Burger, Asad Mehmood, Ashraf Kittaneh, Ringsun Raghavan Nair, Kanesan Pandi, Omar Bamatrif, Ziyad Saleh, Gigi Mathew Thomas, Robert Araniego, and Krishan Kant Srivastava. The announced winners of The World CIO 200 Summit Next generation category Oliver Chester De Maiwat, Awais Bin Imran, Turki Othman AlDubaykhi, and Mithun Nair.

COVER STORY

D E C E M B E R 2 0 21

MEA

COVER STORY

The World CIO 200 Roadshow 2021 grand finale was also an occasion to release BOTS, the Book of Titans, that features CIOs who have executed exemplary projects during the year. The handbook features 200 CIOs whose projects stood out from huge nominations that came in from 36+ countries. In short, BOTS is not only about the highest-valued projects or projects that involved complex decision making and multiple stakeholders. BOTS 4.0 was launched by the inspire committee of Dr Jassim Haji, President, Artificial Intelligence Society; Emmanuel Goffi, Co-Director Global AI Ethics Institute; Dr Erdal Ozkaya, Management Global CISO Forum; Raymond Comvalius, IT Infrastructure Architect and Trainer; and Abdulaziz A. Aloraij, Chairman of Saudi Developers Society. The World Finalists Presentation Ceremony award winners include Shaker AlOwainati, Khalid Jalal, Hasan Murad, Ali Alaradi, Anas

MEA

D E C E M B E R 2 0 21

Kamaluddin, Mohammed Al Sharqawy, Mohamed Albenjasim, Sohaib Alabdi, Kgomotso Mantu, Wissam Al Adany, Hossam Abbas Barakat, Abdelrahman Kamal, Mohammad Musharraf, Mohamed Hamed, HansJörg Bauer, Emmanuel Morka, Suk-Wah Kwok, Sunil Pandey, Anand Sinha, Hilal Khan, Selestin Thomas, Pratap Patjoshi, Indranil Chatterjee, Setiaji, Ichwan Peryana, Bernard Rono, Bravine Otieno, Sulaiman AlKharashi, Sajid Riaz, Imdath Nazim, Syed Fakruddin Albeez, Mirza R Baig, Dr Maher Aldukheil, Abdul Aziz Al-Oraij, Eng Khaled Alnuaimi, Dr Ayad, Aldaijy, Abdullah Alothman, Praful Thummar, Thangaswamy Jacob, Husain Alnakkas, Dr Anis Mattur, Sanjeev Madavi, Micheal Selva Kumar, Abdul Rahim Ahmad, Syed Asif Shah, M Umar Ilyas, Faisal Anwar, Muhammad Yasir Khan, Aladdin Saqer, Faizal Babu, Saiful Bakhtiar, Mailan Kumar, Khaled Ben Driss, Imen Hbiri, Özcan Ayyildiz, Uday Awasthi, Derrick Loius, Sainath Katkoori, Hasan Isam Naser Muhi,

COVER STORY

Golok Kumar Simli, Anto Pius, Juliana Chua, Dr Deepak Kalambkar, Yahyah Pandor, Fahad Deshmukh, Dr Kadeeja Mansoor, Shijin Prasad, Jaleel Rahiman, Muhamed Noufel, Mohammed Al-Dhufairi, Mohammed Shakeel Ahmed, Jacob Mathew, Sunil Nair, Atul Aggarwal, Santosh Shetty, Umesh Moolchandani, Qusai Almeqdadi, Nithin Geo Thomas, Lt. Col. Dr Hamad Khalifa Al Nuaimi, Oliver Chester De Maiwat, Frank Watts, Aditya Kaushik, Mohamed Taleb, Aliasgar Bohari, Jayesh Maganlal, Mohammad Shahzad, Himanshu Puri, Naghman Rafique Akhtar, Fady Sleiman, Wael El Khatib, Ahmed Ebrahim Alahmad, Faisil Syed, Madhukar Chaturvedi, Adam Docrat, Dr. Syed, Mahsud Ali, Hafeez Sheikh Muhammad, Samit Jha, Saif Al Siksek, Jayakumar Mohanachandran, Vinay Sharma, Shrenik Jain, Shailesh Mani, Damian O’Gara, Ali Ghunaim, Ayman Medakka, Hasnain Juzer Ali, Radi Karnib, Yousif Al Ali, Arul Vigin, Syed, Naqvi, Abdalla Al Ali, Shah e Room Khan, Pradeep Nair, Sabin Subramannian, Mubarik Hussain, Manish Bindra, Ahmed Shawky, Mario Foster, Anindo Banerjee, Venkatesh Mahadevan, Mamoun Alhomssey, Ahmed Nabil Mahmoud, Zaheer Kazi, and Dr Syed Mahsud Ali. DX Inspire 2021 Awards recognised path-breaking organisations that have redefined Digital Transformation to its core and the winners include Gopi Krish, Emmanuel Morka, Praful Thummar, Setiaji, Pratap Patjoshi, Qusai Almeqdadi, Damian O’Gara, Uday Awasthi, Suk-Wah Kwok, Mohamed Absar, Bahmini Mohamed, Albenjasim Transforming, Higher Education and M Umar Ilyas. The Global CIO Forum preferred partner award winners include Automation Anywhere Dell Technologies, SAP, Huawei, and Oracle.

D E C E M B E R 2 0 21

MEA

EVENTS

Break-out sessions at World CIO 200 Summit

A total of four breakout sessions were successfully concluded during The World CIO 200 Summit, supported by Zero&One, Automation Anywhere, Akamai, Aruba HPE.

05 DECEMBER

CLOUD, ELEVATE TO INNOVATE The break-out session titled Cloud, Elevate to Innovate was supported by AWS partner, Zero&One. The speakers included Ali El Kontar, Founder and CEO, Zero&One, who talked about how the hybrid cloud ecosystem is evolving to a point where private cloud and public cloud co-exist with on-premises IT infrastructure. The partial list of attendees includes Sunil Nair, Al Falah University; Pradeep Nair, Diyafah International Education; Manish Bindra, Galadari Brothers; Pragnesh Menon, Middlesex University Dubai, Sheridan Moodley, Masafi; Awais Bin Imran, Noor Takaful; and Mohammed Shahzad, Dubai Development Group.

05 DECEMBER

IMPROVE EMPLOYEE PRODUCTIVITY WITH A CLOUD DELIVERED DIGITAL ASSISTANT FOR EVERYONE The break-out session titled, Improve employee productivity with a Cloud delivered digital assistant for everyone, was supported by Automation Anywhere. The speaker included Dinesh Chandra, Regional Vice-President of Middle East, Automation Anywhere. The partial list of attendees includes Faisil Syed, SEHA Abu Dhabi Health Service; Faizal Babu, Kavungal Thodika, Gulf Drilling International; Praful Thummar, Jazeera Airways; Dr Anis Mattur, Al-Hasawi Group; Micheal Selva Kumar, KD, Golden Tulip Nizwa Hotel; Anto Pius, Aster DM Healthcare.

MEA

D E C E M B E R 2 0 21

EVENTS

06 DECEMBER

WHAT’S NEW AT THE EDGE The break-out session titled What’s new at the Edge was supported by Akamai. The speakers included Lynel Dsouza, Senior Major Account Executive, Akamai and Elie Abouatme, Senior Engagement Manager and Managing Director, Dubai. They talked about how Covid-19 has scaled adoption of digital transformation initiatives. The partial list of attendees includes Lt. Col Dr Hamad Khalifa Al Nuaimi, Abu Dhabi Police GHQ; Hafeez Sheikh Muhammad, Del Monte Foods; Syed Naqvi, Al Hilal Bank; Manish Bindra, Galadari Brothers; Faisil Syed, SEHA Abu Dhabi Health Service; Aditya Kaushik, Adyard Abu Dhabi; Mohammed Shakeel Ahmed, Abu Dhabi Aviation; Hafeez Sheikh, Del Monte Foods.

06 DECEMBER

BEGIN A WAN TRANSFORMATION JOURNEY The break-out session titled Begin a WAN transformation journey was supported by Aruba HPE. The speakers included Yehim Elamsy, Country Manager, Aruba; Harriet De Morton, Business Development Manager for SD WAN for Middle East and South Africa, Aruba; and Shijeesh Sahadevan, SD-WAN Expert for Middle East and South Africa, Aruba. The session was moderated by Arun Shankar, Chief Editor, GEC Media Group. The partial list of attendees includes Hossam Abbas Barakat, Egypt Gas; Abdelrahman Kamal, Banque du Caire; Mohammad Musharraf, Khabeer Group; Mohamed Hamed, Platino Group; Sanjeev Madavi, Khimji Ramdas; Praful Thummar, Jazeera Airways; Dr Anis Mattur, Al-Hasawi Group; Khalid Jalal, GARMCO; Mohammed Al Sharqawy, Arab Shipbuilding and Repair Yard; Mohamed Albenjasim, Bahrain Airport Services; Sohaib Alabdi, University of Bahrain; and Imen Hbiri, RoboCare.

D E C E M B E R 2 0 21

MEA

EVENTS

Dwayne Bravo launches fashion label Djb47 at World CIO 200 finale in Ajman Star cricketer Dwayne Bravo attended the World CIO 200 Grand Finale in Ajman on 5th December 2021.

Star cricketer Dwayne Bravo attended the World CIO 200 Grand Finale in Ajman on 5th December 2021. In an on-site conversation with Ronak Samantray, CEO of GEC Media Group, Dwayne Bravo said, “I always wanted to be a part of the fashion industry. Like music, I am also very passionate about fashion. I really love to dress up according to the latest styles and sport trendy outfits.” Djb47 has been launched in partnership with Singapore-based 3 Big Dogs at the World CIO 200 summit with delegates from 36+ countries hosted in Ajman. In early 2022, Djb47 will open stores in various Indian cities like Delhi, Chennai, Bengaluru, and Mumbai. The all-time leading wicket taker in t20 and the record holder for most championships Dwayne Bravo, who also recently launched his music studio 47 productions, is all set to take his Caribbean streetwear collection, Djb47, into the global markets. The World CIO 200 Summit roadshow remains an opportunity for aspiring entrepreneurs and global executives to launch their businesses and personal brands into regional and global markets.

MEA

D E C E M B E R 2 0 21

EVENTS

The World CIO 200 Summit roadshow remains an opportunity for entrepreneurs to launch their businesses and personal brands into regional and global markets D E C E M B E R 2 0 21

MEA

HIGHLIGHTS OF THE WORLD C

MEA

D E C E M B E R 2 0 21

D CIO 200 SUMMIT - DAY 1

D E C E M B E R 2 0 21

MEA

HIGHLIGHTS OF THE WORLD C

MEA

D E C E M B E R 2 0 21

D CIO 200 SUMMIT - DAY 2

D E C E M B E R 2 0 21

MEA

COVER STORY

Day 1 UAE FINALE

WINNERS

MEA

D E C E M B E R 2 0 21

COVER STORY

D E C E M B E R 2 0 21

MEA

COVER STORY

MEA

D E C E M B E R 2 0 21

COVER STORY

D E C E M B E R 2 0 21

MEA

COVER STORY

MEA

D E C E M B E R 2 0 21

COVER STORY

D E C E M B E R 2 0 21

MEA

COVER STORY

MEA

D E C E M B E R 2 0 21

COVER STORY

Day 2 FINALE

WINNERS

D E C E M B E R 2 0 21

MEA

COVER STORY

MEA

D E C E M B E R 2 0 21

COVER STORY

D E C E M B E R 2 0 21

MEA

CHANNEL STREET

MICHAEL HALAS, Managing Partner, MAGNOOS Information Systems.

“POST PANDEMIC, WE HAVE BEEN NOTICING AN EVEN BIGGER WAVE TOWARDS AI, AUTOMATION, BIG DATA, ANALYTICS,” MICHAEL HALAS, MAGNOOS As a leading reseller and implementation partner of AI, automation, big data, analytics solutions, Michael Halas describes the implementation approach adopted with enterprises.

MEA

D E C E M B E R 2 0 21

CHANNEL STREET

[EC] As a specialised system integrator in AI, automation, big data and analytics, and other technologies, kindly describe your points of differentiation with other competitors and your core competence? [Michael Halas] MAGNOOS is a value-added reseller and technology implementation specialised boutique company. Our core values are Clarity, Quality, Speed and Accuracy which are followed across all our Sales, Presales and mainly Implementation and Support functions. Competition is mainly trying to capture all opportunities and projects in the market, while MAGNOOS is a very focused, quality driven company. We have managed to MAGnetise and employ the best available talent, locally in each of our operating markets. We use offshore resources wisely, only for scalability reasons and to complement the team members that are serving our customers onsite. MAGNOOS is able to deliver large scale programs, using mission critical AAA rated applications, running across the biggest Banking, Financial Institutions, Insurance, Telecommunication, Government and Retail enterprises in the Middle East.

This methodology allows customers to feel the value and the results, ROI early enough in the journey, in order to justify the investment to the Board

[EC] What are the principal vendor solutions that MAGNOOS is using to build its implementation solutions and platforms? What has been the journey with these vendors in terms of building expertise and competency? [Michael Halas] MAGNOOS has been traditionally using the best of breed available technologies in order to complement them with its own intellectual property and serve the market with customised solutions ready to be deployed across the largest enterprises. MAGNOOS has built solutions in three main journeys. The Digital Service Management and Operations journey is being built on top of BMC Software, the Automation Journey on top of Automation Anywhere, while the Data Management, Analytics, Big Data, AI end to end journey on top of Informatica, Cloudera, Microstrategy and DataRobot. MAGNOOS is a Platinum Partner, having strong expertise and competency, certified locally available resources and centres of excellence across all these principal suppliers.

following the value addition approach while interacting with end customers. Our after sales practice is strong and customer success is our #1 priority. We have built our legacy on top of our reputation and successful implementations, which have resulted in tenths of happy customers. Every time that MAGNOOS engages in a project, programme, the requirement gathering, and analysis phase takes the longest time of the project duration, in order to ensure that the requirements and pain points are all documented and will be properly addressed during project execution and build phase. Once the high-level design and low-level design are being signed off by both customer and MAGNOOS PMO, then we proceed with careful steps to an agile methodology, building the blocks of the solution by using the expertise that we have from the pool of other successful implementations and the lessons learned throughout the decades of experience of our consultants. This methodology allows the customers to feel the value and the results, ROI early enough in the journey, in order to justify the investment to the Board. User Acceptance Testing, UAT plays a vital role in our implementation methodology, since we respect that our solutions most of the times have a cultural impact apart from the technology progression impact to our end customers. After successful completion of UAT phase, we conclude the implementations with the critical Go-Live phase which is always delivered onsite at our customer’s premises by our certified engineers, to ensure business continuity and smooth transition to the new solutions. Post go-live, we are available 24x7 to support the new environments through dedicated L0, L1, L2 and L3 support centres, complemented by our offshore R&D department which takes care of all our innovations, which are developed based on our customer’s continuous comments which provide us with feedback on how to improve and adjust our solutions based on market’s needs.

[EC] What is typical process of implementation that MAGNOOS follows with its end customers?

[EC] In your opinion what are the principal pain points that end users have in the post pandemic phase in the area of AI, automation, big data and analytics and related areas?

[Michael Halas] MAGNOOS is typically

[Michael Halas] In the post pandemic phase,

D E C E M B E R 2 0 21

MEA

CHANNEL STREET

SNAPSHOT • MAGNOOS is a value-added reseller and technology implementation specialised boutique company. • The Digital Service Management and Operations journey is being built on top of BMC Software. • he Automation Journey is being built on top of Automation Anywhere. • The Data Management, Analytics, Big Data, AI is being built on top of Informatica, Cloudera, Microstrategy and DataRobot.

• MAGNOOS is a Platinum Partner having certified locally available resources and centres of excellence across principal suppliers. • Every time MAGNOOS engages in a project, programme, the requirement gathering, and analysis phase takes the longest time of the project. • User Acceptance Testing plays a vital role in our implementation methodology. • Competitive advantage comes by understanding the biggest asset, which is data and by taking advantage of the benefits of applying automation. • The processes must be well defined, the data should be properly integrated by any available structured and unstructured sources. • The best practice in these areas, is to allow consultants to guide end users by embracing the step-by-step approach.

User Acceptance Testing, plays a vital role in our implementation methodology, since we respect that our solutions most of the times have a cultural impact

integrated by any available structured and unstructured sources, a continuous data quality framework must be built, a Data Governance, Business Glossary and Metadata Management framework should be designed, before building the first AI use case. The moment the foundation is built, then the enterprise customers will be able to enjoy the AI and Automation journeys by applying many use cases in a plug-and-play manner.

[EC] Kindly provide details of some use cases and success stories in the region? we have been noticing an even bigger wave and push towards the areas of AI, automation, big data and analytics and related areas. Now, more than ever, enterprises and end users realised that manual efforts and operations, along with error prone human decision making, can no longer sustain. The competitive advantage is coming only by understanding your biggest asset, which is your data and by taking advantage of the benefits of applying automation across the entire business functions. However, these programs most of the times are being run in departmental level and are siloed. Furthermore, end users set high expectations from these programs that cannot be realistically met, since the basic prerequisites, like the quality of the data is not good. MAGNOOS has managed to come up with easily digestible use cases in the areas of RPA, AI and HyperIntelligence which can be simply deployed and demonstrate the value in a matter of weeks and not months, years. We understand that the adoption of AI is the principal pain point of the end users, so we have targeted entry level packages across all sectors.

[EC] What would be your suggestions for best practices for end users in the area of AI, automation, big data and analytics and related areas? [Michael Halas] The best practice and MAGNOOS suggestion in these areas, is to allow consultants to guide end users by embracing the step-bystep approach, rather than the utopic big bang approach which may result in occasional project failures. This step-by-step approach will make sure that all dependencies are met before embarking to the AI and Automation journey. The processes must be well defined, the data should be able to be properly

MEA

D E C E M B E R 2 0 21

[Michael Halas] MAGNOOS has managed to implement some strategic use cases and success stories in the region. With a major health insurance provider, MAGNOOS has been engaging the last decade by assisting with the adoption of the Data Management and Analytics journey from the very first baby steps up to the latest and modern use cases. Data are collected real time from multiple structured and unstructured data sources, data are being cleansed, governed, and consumed by internal and external users in a seamless way. The provider has achieved to obtain a 360-degree view of its customers, suppliers, finance and asset data and is now moving to the level of enhancing the journey by adopting AI. With a major telecommunication provider, many major banking customers and healthcare providers, MAGNOOS has managed to help them adopt Robotic Process Automation, RPA and Digital Workforce at an enterprise level and has re-engineered tens of processes by removing the error prone human intervention, while using robots and artificial intelligence instead. Finally, in many Government entities, MAGNOOS has been working with Service Excellence and Customer Happiness departments to implement its Digital Service Management and Operations solutions. MAGNOOS has delivered a totally revamped Digital Workplace experience to end users across all department internally and has also posted the services to Government’s end users, which are eventually the citizens, resulting in a totally state of the art experience of Smart Services. ë

INNOVATION

DIVERSITY CAN HELP TO REDUCE SKILLS SHORTAGES With today’s shortage of talent in cybersecurity, it is a no brainer for companies to recruit more women and people from diverse backgrounds and cultures.

Nadia Zamouri joined Thycotic over four years ago with the target of establishing a foundation for the company in the META region by building a new local team, raising brand awareness, developing a network of qualified partners and growing the company’s customer base. Having achieved these objectives, her role has evolved into the management of ThycoticCentrify’s largest clients in the region. Supporting and understanding the challenges that regional businesses face on a daily basis are key when working in cybersecurity. Nadia recognises this and firmly believes that being part of that journey and contributing to the long-term strategies of organisations are key components of building long-term partnerships with clients and partners. Passion, determination and persistence! These strengths have always been at the core of Nadia’s personality and have helped her achieve her goals throughout her career. She believes these qualities can help anyone continually improve and accelerate their personal and professional growth. Nadia has always been fortunate enough to work with CEOs and managers that believe in the empowerment of women. The team at her first cybersecurity company, a start-up in the UK, was 98% female. As recently as a year ago, Nadia was the only female member of ThycoticCentrify’s regional team and as an overachiever, earned her promotion to the role of Territory Manager. Prior to ThycoticCentrify, she was interviewed for jobs and was not successful because some organisations believed that a man would be better suited to covering markets like Saudi Arabia. While acknowledging and commending the great strides taken by the UAE government to promote women’s empowerment, Nadia high-

NADIA ZAMOURI, Territory Manager META, ThycoticCentrify.

Women work extremely hard to be the best regardless of gender

lights that certain notions held by members of the cybersecurity industry leave room for improvement. Women work extremely hard to be the best regardless of gender.

Over the last 15 years, the Middle East cybersecurity market has undergone a significant, and beneficial advancement. More women are now employed in commercial, technical and cybersecurity roles such as CISOs, Head of Information Security, and so on. This is inspiring for all who want to join this industry as women are being empowered in the high-tech sector. While women in cybersecurity have been a global movement, it has gained momentum in the Middle East only in the last two years. There is a certain feeling of excitement and pride when you turn up to a meeting and you meet a woman in a prominent leadership role in cybersecurity whether it is a bank, government entity or private enterprise. Nadia feels diversity is key to any organisation that wants to be successful, stating that businesses need to be able to cater to the various cultures and nuances of customer and partner ecosystems. With today’s shortage of talent in the cybersecurity industry, it is a no brainer for companies to recruit more women, and more people from diverse backgrounds and cultures as this brings perspectives and skills to the table. It also allows companies to have a tribe culture where everyone can share their experiences and build teams that work and grow together. There is always something to learn from someone who is from a different background, gender or experience. Nadia’s favourite professional experiences have been working for organisations that leveraged her skills and proficiency in multiple languages including English, German, Arabic and French to build or rebuild their business in emerging markets. ë

D E C E M B E R 2 0 21

MEA

INNOVATION

DELIVERING THE POWER OF APPLICATIONS TO BUSINESS What low code brings is how fast you can automate processes with the power of visual modelling, and where you do not require a steep technology learning curve.

issflow is a well-known company for process automation and low code. Currently, the market has evolved very fast, and everything has to be automated, whether someone applying for a credit card or a company wanting to onboard a new employee. All these are processes that go through different stages. What low code brings to the table is how fast you can automate these processes with the power of visual modelling. Visual modelling ensures you do not have to have a very steep technology learning curve to develop that application and rapidly go live. What Kissflow starts with is to basically look at the customer’s current processes. There are many customers who depend on paperbased processes. Kissflow starts by analysing how processes are currently executed in the organisation. Then the vendor does modelling around that to bring out the maturity. Second is to improve the operational efficiency. Kissflow does the process designing first, that is the starting point. Then using the tool set Kissflow automates these processes and features and delivers to the customer engagement. Typically, low code is seen as heavy on technology competence. One of the things Kissflow does differently is to ensure business is able to adapt to this easily. So, the starting point is always business. Business stakeholders understand their key priorities, what are their key deliverables, and what are their key objectives they want to

MEA

achieve. Kissflow starts with visual modelling which gives a window for business to look at different applications and what they want to do. They will be able to bring the design elements to the whole process, including: l What is the information that needs to be captured? l How intuitive should the user experience be? The entire visual modelling engagement allows business to start building those workflows, and user interface frames. Then once that comes to maturity and the business is aligned with what they want to do and they have visualised this on the tool, then Kissflow allows that technology or specification built by the business to be handed over to IT. IT can then do the heavy plumbing such as integrating with the ERP system whether SAP or Oracle or others and deliver a seamless journey for process automation. When you look at process automation – it is something that cannot be done in an isolated manner. It has to be tightly integrated with different technologies which the customer is using and that is precisely what Kissflow offers. What Kissflow as a platform brings is the power of two. Kissflow is not heavily reliant on IT to deliver these engagements, Kissflow is adding business as an inclusive part of the technology stack. Kissflow starts the journey with business, and then allows IT to have the control at the core which is very important. One of the things Kissflow has done as a

D E C E M B E R 2 0 21

core capability of the platform is simplicity. Be it a business user trying to develop some interfaces – he does not need to have any technology knowledge – so every user experience is intuitive. They can just drag and drop and create the interfaces. And whatever the logical elements need to be written – even that is not complicated. If a business user is capable of using Excel, they will be able to define the logic that is needed. It gives a journey with simplicity that enables businesses to get onboard with this technology very quickly. One of the things Kissflow has monitored in the last couple of years is that IT tends to get overloaded by all the requests from all the business units. So, IT may not be in the position to define priorities. What Kissflow is giving customers is the ability for business to start the journey so that IT is very clear about what business is looking at. Then they can tightly follow the information security aspects. Kissflow as a technology is completely hosted on Google Cloud. So, all the different security measures are already handled but IT can continue to have the control at the core. Kissflow also delivers an employee engagement interface. So that interface does everything – IT driven controls and governance in terms of the role definition and the user definition, what are the security measures to be put in, what is the encryption algorithm – all these things. It is a single intuitive experience. ë

INNOVATION

RAHUL BHAGEERADHAN, Global Director of Digital Architecture, Kissflow.

Business understands their priorities, deliverables, objectives

D E C E M B E R 2 0 21

MEA

REAL LIFE

Vodafone selects VMware as partner to deliver single platform for automation and orchestration As service providers continue to virtualise and containerise network functions, they require a consistent, cloud-native platform for onboarding and managing these workloads across any network and any cloud. Vodafone has selected VMware as its strategic technology partner to deliver a single platform to automate and orchestrate all workloads running on its core networks across Europe, starting with 5G standalone 5G SA. Vodafone previously announced its selection of VMware Telco Cloud Infrastructure as its Network Functions Virtualisation NFV platform. Last year, Vodafone completed the rollout of Telco Cloud Infrastructure across all its European business and 21 markets in total. The company saw gains in productivity as it brought network functions online around 40% more quickly, and cost savings of up to 55%.

Vodafone is now expanding its partnership with VMware to deploy the full VMware Telco Cloud Platform in all European markets. This means that in addition to utilising Telco Cloud Infrastructure for NFV, Vodafone will leverage VMware Tanzu for Telco and VMware Telco Cloud Automation to orchestrate all network functions and services, regardless of vendor, to run its core networks. Vodafone’s continued partnership with VMware supports the company’s technology strategy, Tech 2025. As part of this five-year plan, Vodafone will focus on developing a network platform starting with the rollout of 5G SA that will be then followed by many other digital network features utilising cloud native architecture powered by VMware. These include voice over internet and next generation of videoconferencing and virtual,

JOHAN WIBERGH, Chief Technology Officer, Vodafone.

augmented reality, all orchestrated into the correct network slices according to different customer requirements. Vodafone has already begun the rollout of VMware Telco Cloud Platform in eight markets – Czech Republic, Germany, Hungary, Ireland, Italy, Portugal, Romania, and UK – and will expand to all 11 of its European markets over time.

UAE based brokerage International Securities completes cloud migration supported by CNS Middle East International Securities, the UAE leading stock market and investment brokerage, a subsidiary of International Holding Company, has become the first brokerage firm in the UAE market to be completely transformed into cloud. The project has been delivered completely by CNS while both organisations will continue their partnership for managing the entire cloud platform. CNS Cloud Migration and Managed Services platform, allows businesses to avoid the expense and the complexity of buying, implementing, and managing infrastructure. With an instant state of the art computing infrastructure, clients can scale up and down on demand and achieve distinct IT outcomes with greater security, availability, and speed of delivery at lower cost and optimising their

MEA

(Left to right) Hatem Hariri, Managing Director, CNS Middle East; Ayman Hamed, CEO, International Securities.

performance. International Securities is a brokerage firm headquartered in Abu Dhabi, specialising in equities and derivatives listed on Abu Dhabi Securities Exchange, Dubai Financial Market and NASDAQ Dubai. As such, business continuity is critical. While the undertaking of this project was impressive due to its scale and complexity, what makes it most notable is the seamless and secure transition CNS achieved. A ZERO-downtime and ZERO-latency

D E C E M B E R 2 0 21

promise was given in the early stages of the tender application and realised, thanks to CNS’ team for their unique capabilities to support the project from design stage into successful delivery and the project being live now. With several prominent BFSI names already in their client portfolio, the win will open the doors for the digital innovation partner to expand into a new financial sector and share their successful experience with other brokerage firms in the market.

REAL LIFE

Infor CloudSuite Equipment to support Saudi based AutoWorld’s transformation project SWITCH Infor, the industry cloud company, announced that Al-Jazira Equipment, commercially known as AutoWorld, and part of SEDCO Holding, a pioneer in auto leasing in the Kingdom of Saudi Arabia, has completed its deployment of Infor CloudSuite Equipment and Infor People Solutions to help spearhead its digital transformation supported by Infor Consulting Services and running on Amazon Web Services AWS. Infor CloudSuite Equipment will help support AutoWorld’s new digital transformation project, SWITCH, which is designed to accelerate the digitisation of its business processes, particularly those related to operational leasing and maintenance of its fleet of vehicles, to achieve best practices across the board. AutoWorld will now use Infor’s solution to get an intuitive and streamlined approach to leasing management, such as a singleentry point to manage the complete leasing flow: from quotations through to contract,

vehicle dispatch, return, and invoicing — with built-in support for complex pricing, discount scenarios, bulk leasing, and more. Moreover, AutoWorld will use Infor’s solution to standardise key business functions across its operations in Saudi Arabia with the aim of building a more effective workforce and delivering enhanced customer acquisition and retention. This multi-tenant cloud deployment, running on AWS, is important in Saudi Arabia’s fast-growing auto sector, where the value of the vehicle rental market is expected to reach $641 million in 2023 from $560 million in 2020, according to research from Statista. The auto market is also experiencing significant expansion following the country’s decision in 2018 to allow women to drive. AutoWorld is headquartered in Al-Khobar and has offices throughout Saudi Arabia, covering all major commercial and industrial cities.

TARIQ KHOSHHAL, CEO of AutoWorld.

Infor partner SNS implements WMS for Saudi based AlMalki Group stocking Bvlgari, Hermes, Mont Blanc, Cartier Infor and partner SNS, announced that AlMalki Group, has deployed the latest version of Infor WMS warehouse management system. Supporting warehouse operations for the distribution of perfume and cosmetics, watches and jewellery, and fashion and accessory brands, including Bvlgari, Hermes, Mont Blanc, Rimowa, Versace, Tom Ford and Cartier, Infor WMS will increase efficiency, space utilisation and order reliability, while ensuring full traceability from receipt of goods through to shipping. Founded in 1952, AlMalki Group is headquartered in Jeddah, Saudi Arabia, and is one of the region’s largest distributors and retailers of luxury goods. The company employs over 1,600 people and represents more than 105 luxury brands. The company

KHALED ELDAMOURI, Supply Chain and Logistics Director, AlMalki.

relies on efficient and dynamic warehouse operations to support large numbers of outbound orders generated via e-commerce channels. Having used Infor WMS for many

years, the group has now upgraded and expanded the solution to support a more digitalised operation and underpin future growth. Infor WMS version 11.4.1 was selected based on its ability to deliver entirely paperless picking and packing methods to boost productivity, and capture all data, both inbound and outbound, to instil visibility and expedite decision-making and customer service. Put-away strategy, cluster picking, labels, catch data, wave processing and billing functionality were also key to the upgrade. Delivered entirely remotely as a result of COVID restrictions, the project was managed by SNS with integration supported by the AlMalki Group team following go live.

D E C E M B E R 2 0 21

MEA

REAL LIFE

Saudi based SACO and MEDSCAN implement Infor WMS and Infor ION Infor, announced that SACO, a retail and wholesale leader in the KSA region, has deployed Infor WMS warehouse management system with Infor ION, and third-party application, Loftware Labelling. The Infor WMS, which is fully integrated with SACO’s SAP ERP platform using Infor ION, is set to optimise order processing and picking, enhance put-away, and expedite the loading and validation processes. The project was managed by Infor partner SNS, a leading provider of supply chain consultancy and software implementation. Infor WMS will support SACO’s warehouse operations, which are managed by their logistics services provider MEDSCAN,

MEA

D E C E M B E R 2 0 21

following a merger in 2016. MEDSCAN’s innovative and integrated logistics solutions encompass the best professionals, processes and systems to move products more efficiently, and will capitalise on the Infor WMS portal in particular to streamline financials and billing for the retail and wholesale giant. With eight warehouses, high order volumes and SKUs in excess of 40,000, SACO needed a solution to optimise performance across its warehouse management. As well as enhancing its picking processes, the retail and wholesale leader needed to facilitate seamless integration with its ERP platform to ensure a real time view of operations at any given time and expedite decision-making.

PRODUCTS

Key initial use cases include: ON-PREMISES ENTERPRISE DATA CENTRES AND PRIVATE CLOUD

Aruba CX 10000 Series Switch.

Aruba introduces industry’s first Distributed Services Switch to build hybrid clouds Aruba, introduced the industry’s first Distributed Services Switch enabling enterprises to deploy software-defined stateful services where data is created and processed, eliminating legacy appliances and host software needed to build the hybrid clouds demanded by modern applications and IT organisations. The Aruba CX 10000 Series Switch represents a new category of data centre switches that combines best-of-breed Aruba data centre L2, 3 switching with the industry’s only, fully programmable DPU Pensando Elba to deliver stateful software-defined services inline, at scale, with wire-rate performance and orders of magnitude scale and performance improvements over traditional data centre L2, 3 switches at a fraction of their TCO. While data centre networking has evolved over the past decade providing higher performing 25, 100, 400G leaf-spine topologies to address the volume and velocity of emerging application architectures, security and services architectures have not. With the explosive growth of east-west traffic in the data centre, centralised security appliances are proving inefficient, expensive and difficult to manage. Simply put, hair-pinning traffic to an appliance sitting at the data centre edge introduces heavy performance, cost and

operational penalties. This problem is further exacerbated by microservices-based applications, where traffic may not even need to leave a physical host to go from one service to another. This means some application traffic may never be inspected by a hardware firewall, IPS, or other security devices, leaving enterprises vulnerable to attack from within the enterprise itself. The Aruba CX 10000 Series Switch with Pensando provides an entirely new class of switching solution to overcome the limitations of legacy architectures. The Aruba CX 10000 will allow operators to extend industry standard leaf-spine networking with stateful distributed micro segmentation, east-west firewalling, NAT, encryption, and telemetry services – all delivered inline, all the time, on every access port, closer to where critical enterprise applications run. The solution delivers a unique blend of performance, scale and automation for distributing advanced networking and security services where it is impractical and costly to force traffic back and forth across the network to a centralised policy enforcement point. Instead, enterprises can now simply apply these services at the network access layer edge where the applications are running.

Traditional data centre architectures with centralised, hardware-based security appliances are being pushed to their breaking point – imposing performance, agility, and cost burdens that are not sustainable. The Aruba CX 10000 delivers a compelling architecture to distribute advanced services to the data centre edge with unified network and security automation and policy management. This new solution optimises network bandwidth and performance by not having to hair-pin local traffic to a centralised chokepoint, helping improve security posture while limiting appliance sprawl, complexity and cost. CO-LOCATION EDGE – SECURELY INTERCONNECTING CLOUD PROVIDERS

The cost of encrypting access to the public cloud using traditional appliances is Many customers have a compliance mandate to encrypt all access to public cloud resources. The Aruba CX 10000 provides edge routing, line-rate encryption, firewall and NAT, with end-to-end telemetry for public cloud dedicated connections from either on-premises or co-location data centres. This solution radically lowers the total cost of ownership, provides an optimised security architecture and reduces an organisation’s IT blast radius and risk. Aruba ESP Edge Services Platform was designed to unify, automate and secure all network edge services across domains including remote, branch, campus and data centre. The Aruba CX 10000 helps customers expand a Zero Trust Network Architecture deeper into the data centre, to the network-server edge, delivering 800G E-W Stateful Services across every switch port, dramatically scaling and strengthening the security of critical applications and workloads.

D E C E M B E R 2 0 21

MEA

PRODUCTS

Salesforce adds four new capabilities to Field Service to help businesses manage mobile workforce Salesforce introduced four new capabilities for Field Service to help businesses equip their mobile workforce for the future. These features will enable businesses to scale field service resources to handle more complex jobs, customise mobile workflows to improve employee experiences, provide customers with self-service scheduling, and use video to troubleshoot issues in real time. Customers today expect businesses to deliver world-class service whether they’re working with a call centre employee, engaging with a bot, or interacting with an agent in the field. But field service organisations often don’t have the tools, skills, and information to meet these expectations. In fact, 80% of field service professionals say the skills required for their job have changed from just two years ago. Salesforce Field Service was built to manage mobile workforces on the world’s #1 CRM. It offers a complete service offering that connects

PAUL WHITELAM, GM of Field Service Management at Salesforce.

customer data and service experts on one platform. Salesforce Field Service also provides intelligent scheduling, virtual support, and visual assistance to solve problems efficiently and reduce costs. In addition, an integration

with Slack enables swarming capabilities and collaboration with the right experts, based on availability and skills. Today’s additions to Salesforce Field Service include: l Enhanced Scheduling and Optimisation Engine will enable businesses to handle more complex field service jobs that require several steps and technicians. For example, a utility job includes digging a hole for a new electric pole, installing the pole and wires, and adding wiring to nearby structures. Companies will be able to chain these steps together so dispatchers can see complex jobs in their entirety and better manage worker capacity. The enhanced engine will run on Hyperforce, a reimagination of Salesforce’s platform architecture built to deliver the Salesforce Customer 360, including Sales Cloud, Service Cloud, Marketing Cloud, Commerce Cloud, Industries and more, securely and reliably on major public clouds.

Cohesity announces general availability of disaster recovery as a service hosted on AWS After announcing the availability of its backup as a service offering BaaS, Cohesity announced the general availability of its next ‘as a service’ offering – disaster recovery as a service DRaaS. This new offering extends the exceptional disaster recovery DR capabilities provided by Cohesity SiteContinuity and adds the ability to use Amazon Web Services AWS as a recovery location for failover and failback in a Software as a Service SaaS model. This not only provides customers with more choice and flexibility, but also offers the following benefits:

resiliency across a broad range of applications while meeting business requirements. l SIMPLIFY OPERATIONS

Cohesity uniquely combines disaster recovery orchestration, snapshot-based backup, nearsync replication, and seamless failover to the public cloud in a single comprehensive offering – all managed through a single user interface to significantly simplify disaster recovery operations.

MATT WAXMAN, vice president of product management, Cohesity.

l LOWER COSTS AND IMPROVE TIME-TO-VALUE l MINIMISE DOWNTIME AND DATA LOSS

This greatly reduces the risks of potential downtime and data loss with snapshot-based backup and near-sync replication that together help ensure all data is captured and ready to failover in the event of disaster or cyberattack. l MEET SERVICE LEVEL AGREEMENTS SLAS

Customers can easily design recovery plans and assign SLAs – and design it in minutes rather than weeks – to deliver the right level of

MEA

Reduce idle infrastructure by using ondemand pay-as-you-go cloud infrastructure from AWS in the event of a disaster or test drill. Cohesity uniquely supports standard AWS infrastructure, such as Amazon Elastic Compute Cloud Amazon EC2, in a DRaaS model. Customers also can speed up time to value by quickly spinning up a disaster recovery strategy without having to procure additional hardware or physical data centres. Cohesity DRaaS is the next offering from

D E C E M B E R 2 0 21

Cohesity’s comprehensive Data Management as a Service DMaaS portfolio. DMaaS is a portfolio of ‘as a service’ offerings designed to provide organisations with a radically simple way to back up, secure, govern, and analyse their data – all managed directly by Cohesity. This reduces the separate services, solutions, and administrative consoles that organisations have traditionally had to invest in and maintain for data backup, disaster recovery, and other data management use cases.

PRODUCTS

Portworx by Pure Storage announced release of PX-Backup 2.1 for protection of modern applications Portworx by Pure Storage, the Kubernetes Data Services Platform, announced the release of PX-Backup 2.1, its market-leading application and data protection platform for modern applications. Portworx also released new survey data assessing end user perspectives on running stateful applications on Kubernetes. The latest enhancements to PX-Backup provide enterprises with comprehensive data protection, multi-cloud mobility, and improved compliance support for applications running on Kubernetes, regardless of whether they are running on premises or in the cloud. New enhancements include: l Application Portability between clouds: PX-Backup delivers application portability between any cloud or on-premises data centre. With the latest version, customers can back up Kubernetes applications running in one cloud or data centre and restore them in any other. l Improved Compliance via 3-2-1 Backup Rule Support for any storage: The 3-2-1 backup rule is an industry standard for any data protection plan, ensuring recovery from several failure scenarios. With this release,

PX-Backup can now offload backups from CSI snapshots to object storage. Enterprises running Kubernetes apps on Portworx PXStore, any CSI compliant storage service, or cloud-based storage can now use PX-Backup to maintain three copies of data production, snapshots, backup copy across both disk and object storage. This provides flexibility to store data offsite in any cloud, fulfilling the requirements of a 3-2-1 based backup program. l Expanded Recovery with Support for File Shares: In addition to existing capabilities to backup block-based workloads, enterprises can now backup and recovery applications running on read-write-many RWX persistent volumes provisioned as file shares from FlashBlade, Portworx proxy volumes, or any NFS server. l Improved Protection using PX-Secure: PX-Backup users can now leverage both the role-based access controls and encryption services offered in Portworx PX-Secure, gaining an added layer of security support for their modern applications and the ability to reduce management overhead. New Portworx survey reveals Data Mobility

MURLI THIRUMALE, VP and GM, Cloud Native Business Unit, Pure Storage.

and Data Protection as the biggest challenges when managing stateful apps on Kubernetes Kubernetes continues to play a critical role in driving business agility and resilience as enterprises work to modernise their applications and infrastructure. An end user survey fielded among 500 IT professionals found that over half of respondents cited increasing agility 58% and increasing resilience 52% as the biggest drivers behind their team’s decision to build and deploy stateful applications on Kubernetes.

Kissflow automates structured processes and unstructured dynamic cases using single no-code platform Kissflow, a SaaS software company, has rolled out a comprehensive version of its flagship product, Kissflow Workflow. The new enhancements will allow business users to automate and track both structured processes as well as unstructured dynamic cases using a single no-code platform. According to McKinsey, in the UAE, Bahrain, Kuwait, the projected adoption of automation by 2030 is higher than the projected global average of 32%. In today’s dynamic work environment, business users are constantly swamped with ad-hoc and unpredictable processes and tasks, and the number of these processes continues to grow with remote and hybrid work. While the majority of these workflows can be automated, a large number of business users, functional managers, and team leads remain heavily reliant on spreadsheets, as modern alternatives don’t

DINESH VARADHARAJAN, VP of Product Management at Kissflow.

offer the flexibility for them to design their own workflows or are too complex to deploy. For a decade, Kissflow Workflow has empowered thousands of business teams to automate structured processes in a simple way, thus enhancing productivity. The latest version

marks the beginning of a new era of workflow management with capabilities to automate both simple processes as well as complex and dynamic cases in a single platform. Teams and business users can take full control of workflows, no matter how unpredictable use cases are, such as issue tracking, lead pipeline, help desk, and many more. Over 140+ readymade templates are available for business users to set up and launch anything from simple approval requests to complex processes. These drag and drop templates are built for use by HR, sales, IT, finance, procurement, customer support and other functions. The platform also comes with contextual collaboration built into it. The process-based activity feeds make for a collaborative workplace. The advanced plan is priced at $9.99 per user and the fully loaded plan comes at $19 per user.

D E C E M B E R 2 0 21

MEA

PRODUCTS

Cisco previews Webex Hologram combining feature rich meeting functionality with 3D holograms At WebexOne, Cisco unveiled a preview of its next-generation hybrid work collaboration products. Webex Hologram is the industry’s only real-time meeting solution that takes advantage of augmented reality headsets to combine feature rich Webex meeting functionality with immersive 3D holograms. With 64% of employees agreeing that the ability to work remotely directly affects whether they stay or leave a job source: Cisco Hybrid Work Index, organisations will increasingly offer flexible work arrangements. Yet this poses a challenge for teams that require handson collaboration, such as design or training with a physical object. With Webex Hologram’s holographic capabilities, participants can now interact in ways previously possible only in-person. Global COVID-19 pandemic safety protocols have also heightened the need for enterprises to offer immersive virtual meetings. For example, in the healthcare industry when a new surgical device is introduced, physicians, technicians, sales and support teams need to be trained quickly. With Webex Hologram, this training can be handled remotely to save time

MEA

and travel, while providing the ability to see the surgical device from every angle and at its actual size as if a physician were in the room. Additional capabilities of Webex Hologram include:

feedback on the vehicle’s engine and undercarriage. Design renderings of the car and other digital content can also be shared during the immersive experience. MULTI-DIMENSIONAL EXPERIENCE FOR MULTIPLE USERS

l l

IMMERSIVE TECHNOLOGY IN-USE TODAY

Unlike 2D and virtual meeting experiences in the market today, only Webex Hologram enables a feeling of co-presence by delivering photorealistic, real-time holograms of actual people. For participants, this means an experience that’s more engaging and realistic, as opposed to using avatars. This can make all the difference when it comes to training and problem-solving. ABILITY TO SHARE PHYSICAL AND DIGITAL CONTENT

With Webex Hologram, the presenter can share both physical content and digital content that allows users to co-create and truly collaborate. Take an auto manufacturer, for instance. Participants can interact with a physical prototype of a vehicle that’s shared in the AR experience to examine and provide

D E C E M B E R 2 0 21

Support for a 1: many presenter experiences that enables remote participation from multiple users. Each user simultaneously receives a multi-dimensional experience, as opposed to other offerings that limit usage to single angle views. l

HEADSET AGNOSTIC

Webex Hologram is compatible with industryleading AR headsets, such as Magic Leap and Microsoft HoloLens. Webex Hologram will soon further bolster the Webex Suite, enabling remote and hybrid workers to engage in immersive experiences using the AR headset of choice. In the past year, Webex by Cisco has introduced nearly 1,000 new features and devices to market and continues to innovate with emerging technologies.

ANALYST CORNER

Businesses with digital-first strategy moving 4x faster than pre-pandemic levels finds Equinix The latest Global Interconnection Index, an annual market study published by Equinix, reveals that the pandemic has forced economies into digital overdrive, with digital leaders, businesses who were already implementing a digital-first strategy, moving four times faster than pre-pandemic levels. These businesses in Europe, Middle East and African EMEA region have compacted the time to deploy their digital infrastructure to multiple regions, expand to multiple edge locations and integrate multiple clouds—what might have taken two years is now achievable within six months. This accelerated pace of digital transformation is predicted to continue to fuel the rapid growth in interconnection bandwidth. According to the GXI Vol. 5, the EMEA region is expected to grow at a 46% CAGR by 2024, contributing with 5,327 Tbps to make up 25% of the global interconnection bandwidth. This growth is aligned with the increasing demand for the digital infrastructure needed to bring more businesses online, facilitate electronic integration with partners and supply

chains, and reach more people in distributed hybrid work environments. l Close to 30% of enterprise infrastructure deployed in carrier-neutral facilities has moved to the edge, in proximity to points of data consumption. Service Providers are also expanding at the edge, growing their edge infrastructure 2x faster than their core infrastructure, enabling them to support increasing demand from enterprises. l Digital leaders are interconnecting with 10 times as many partners, enabling them to ride the wave of digital transformation and enjoy best-of-breed services from a vast pool of Service Providers and partners. The trend has been tracked across 12 industries and three regions for traditional companies, born in the cloud, Service Providers and even hyperscale providers. l Among industries, the Financial Services sector is expected to deploy more than 50% of Enterprise interconnection bandwidth, with Manufacturing as the second-largest industry. l The Public Sector, Healthcare and Life Sciences, Industrial Services and Transporta-

KAMEL AL-TAWIL, Managing Director for Middle East and North Africa, Equinix.

tion industries are expected to experience the fastest digital infrastructure growth, which is forecast to drive a 48% or more CAGR in interconnection bandwidth from 2020 to 2024 globally. These industries that were previously lagging in interconnection adoption are now leading in interconnection growth rate as a result of the pandemic.

Enterprises will build new software rather than buy software, leading to slower 2022 spending, Gartner Worldwide IT spending is projected to total $4.5 trillion in 2022, an increase of 5.5% from 2021, according to the latest forecast by Gartner. Enterprises will increasingly build new technologies and software, rather than buy and implement them, leading to overall slower spending levels in 2022 compared to 2021. Enterprise software is expected to have the highest growth in 2022 at 11.5% see Table 1, driven by infrastructure software spending continuing to outpace application software spending. Global spending growth on devices reached a peak in 2021 15.1% as remote work, telehealth and remote learning took hold, but Gartner expects 2022 will still show an uptick in enterprises that upgrade devices and or invest in multiple devices to thrive in a hybrid work setting. Gartner’s IT spending forecast methodology relies heavily on rigorous analysis of sales by thousands of vendors across the entire range of IT products and services. Gartner uses primary research techniques, complemented by secondary research sources, to build a comprehensive database of market size data on which to base its forecast.

JOHN-DAVID LOVELOCK, Distinguished Research Vice President at Gartner.

D E C E M B E R 2 0 21

MEA

ANALYST CORNER

today, and only half feel assured in addressing regulatory compliance. In relation to data, about half 56% are currently confident in their ability to protect critical data and warehouses. And when it comes to assessing cybersecurity capabilities and needs on a periodic basis, only two in five 45% felt comfortable in this area. THE TALENT AND SKILLS GAPS

44% IT decision makers do not have capability to identify incidents across multi-cloud finds Rackspace Only 48% of organisations feel confident in their understanding of the cybersecurity threat landscape for their business, according to new research from Rackspace Technology. In addition, only three in five 59% Middle East businesses feel confident in their ability to respond to incidents today. Constantly evolving security threats and attack methods, as well as increasing attack opportunities as data volumes, digital operations and remote work continue to grow, are

cited by more than half 55% of the Middle East’s IT leaders as the greatest cybersecurity challenges their organisation is currently facing. In the face of this threat landscape, further concern is raised by the finding that nearly half 44% of IT decision makers don’t have the capability today to identify security incidents across multicloud environments. When it comes to mitigating threats, only 49% of those surveyed feels confident in addressing them

Contributing to or explaining some of the ongoing challenges, more than half 64% of companies are finding it hard to retain and recruit cybersecurity talent, though a similar proportion 61% are confident in their internal initiatives in terms of cybersecurity talent retention. The cybersecurity skills touted as the most important were cloud security 52% and risk management 50%. Despite its importance, a third 37% of companies feel the biggest cybersecurity skills gap is in relation to cloud security. CYBERSECURITY GAPS WITH THIRD-PARTY PROVIDERS

In the face of staffing and skills concerns, more than half of Middle East businesses 62% rely on in-house staff with some external third-party help. A third 34% said they use at least six to ten external partners to provide cybersecurity.

Infoblox conducts research on challenges faced by Communication Service Providers moving to distributed cloud Infoblox announced new research that identifies the challenges Communication Service Providers face in transitioning to distributed cloud models, as well as the use cases for Multi-access edge computing MEC, 5G New Radio NR, and 5G Next Generation Core NGC networks. The report, titled “DNS and the Edge: The Evolution will be distributed” was conducted by Heavy Reading and surveyed communication service providers around the world to understand the role that DNS plays in the evolution of these cloud-based network models. DNS is a critical element to these new network architectures and technologies, enabling devices to access the network securely and reliably. And as 5G NR,

MEA

DILIP PILLAIPAKAM, Vice President and GM of Service Provider Business at Infoblox.

NGC, and MEC technologies enable faster, more distributed networks with significantly more connected devices, DNS will need to be increasingly automated and operate at greater scale and with greater flexibility.

D E C E M B E R 2 0 21

Yet, despite the importance of DNS to the reliable functioning of these networks, the survey found that few CSPs believe that their DNS is currently capable of supporting MEC or 5G NGC. To meet this need, networks will need to leverage the benefits of distributed DNS technology that can enable network managers to meet users where they are—at the network edge Other key findings of the survey include: l CSPs consider DNS to be critical to the adoption of next-generation network technologies like 5G 71%, cloud-based managed security services 66% and MEC 63% l More than one third of CSPs surveyed plan to implement MEC 36%, 5G 35%, and NGC 35% in the next 12-18 months.

ANALYST CORNER

important or extremely important, in most cases, to successful digital initiatives. While 54% of respondents in the UAE indicated improving cybersecurity and reducing security risks are among their largest business and IT investments. COMPANIES ARE DENOUNCING VENDOR LOCK IN

The study found that 71% of respondents in the UAE said workloads being completely portable with no vendor lock-in? is important or extremely important to the success of their digital initiatives. While nearly 64% of respondents in the UAE said vendor lock-in? is a significant obstacle to improving business performance in most or all parts of their cloud estate. PUBLIC CLOUD ADOPTION IS EVOLVING TOWARDS INDUSTRY CLOUDS

HOSSAM SEIF EL-DIN, General Manager of IBM in the Middle East, and Pakistan.

None of the respondents in UAE reported using single private or public cloud in 2021 finds IBM IBM announced results of a global study on cloud transformation, conducted by IBM Institute for Business Value in cooperation with Oxford Economics, that surveyed almost 7,200 C-suite executives across 28 industries and 47 countries, including the United Arab Emirates and Saudi Arabia. According to the findings of the study, there has been a drastic shift in business needs for using cloud for businesses in the United Arab Emirates, as none of respondents in the UAE reported using a single private or public cloud in 2021, down from 43% in 2019 – establishing hybrid cloud as the winning IT architecture of the future.

The findings indicate that the cloud market has entered the hybrid, multicloud era and concerns around vendor lock-in, security, compliance and interoperability remain paramount. Industry-related regulatory compliance is a significant obstacle for 56% of respondents in the UAE, resulting in an uptick of specialised cloud adoption CYBER THREATS ARE AT AN ALL-TIME HIGH

The study found that infrastructure complexity is creating cracked doors that cybercriminals are exploiting, with 80% of respondents in the UAE said data security being embedded throughout the cloud architecture? is

The study found that public cloud adoption is evolving towards specialised clouds capable of increased levels of compliance and data protection – with nearly 56% of respondents in the UAE citing industry-related regulatory compliance as an obstacle to the business performance of their cloud estate. The study revealed that enterprises need to assess how they use the cloud in terms of adoption, velocity, migration, speed, and cost savings opportunity. Other recommendations include: l Focus on security and privacy - determine where your critical workloads reside and scrutinise who and what has access to them. Regularly test that security controls and privacy policies are being adhered to, but also that improperly configured assets and software vulnerabilities are being promptly addressed. l Ask which workloads should move to the cloud – take inventory of the IT environment to successfully determine which workloads and applications will yield the most value in the cloud and which are better suited to stay on-premises. l Make data work for you – analyse workloads using AI driven tools and best practices to determine where and how to put them in the right place for the right reason. l Set a tactical approach – address the technology trade-offs, such as selecting the best approach to modernise specific applications and manage important issues like security, governance, and disaster recovery. l Determine the right team – put a crossdisciplinary team of people to work rethinking how your enterprise creates value for its customers.

D E C E M B E R 2 0 21

MEA

GUEST COLUMN

UNIFIED NATIONAL FRAMEWORK TO BE FOLLOWED BY EVERY ENTERPRISE The UAE’s Information Assurance Standard calls for protection and management, business continuity, disaster recovery, compliance, accreditation.

n 2020, as lockdowns were put in place and workers retreated to their homes in droves, bad actors struck. While economies worldwide spiralled downwards, the volume of cyber-incidents took the opposite trajectory, with digi-criminals taking advantage of isolated users, surges in BYOD, and the incidence of tech sprawl policed by overworked IT teams. These trends were felt acutely in UAE, long a favoured hunting ground among digital predators. According to Etisalat Digital’s cybersecurity team Help AG, Distributed Denial of Service DDoS attacks saw a 183% increase last year in the UAE alone. And in a 2020 survey conducted by KPMG, UAE business stakeholders expressed their pessimism about the 2021 threat landscape. Some 98% had a dreary outlook for the year when it came to overall levels in cybercrime. Almost two thirds 61% were worried about phishing while 42% expressed concern over escalations in ransomware. Indeed, in its State of the Market Report, Help AG also cited regional rises in the dreaded lock-and-extort attacks, warning that DDoS campaigns were often used as distractions while dropping ransomware. According to another study on ransomware, UAE victims said they had paid as much as $1.4 million and 42% had been subjected to total operational shutdowns. To add insult to injury, 90% of those that paid reported being hit again. But the good news for UAE businesses is that the government here has always been proactive on matters of technology, especially when it comes to cyber security, information security and privacy. Keen to protect its digital economy and the businesses that call it home, the UAE has initiated the Information Assurance Regulation as a key element of its National Cybersecurity Strategy NCSS. The Information Assurance Standard calls for a broad range of best practices in protection and management, including business continu-

MEA

ity, disaster recovery, compliance, certification, and accreditation. The end goal is a unified national framework that the government intends to be followed by every enterprise. The standard also calls for increases in the levels of protection in information systems and urges the implementation of risk-based controls. It directs organisations to clearly define the roles and responsibilities of those within their ranks who are charged with overseeing and guaranteeing cybersecurity. In its pages, the UAE Information Assurance Regulation sets out the reasons for adoption of the standards. It is clear that the government recognises that economic activity is oiled by confidence and can seize up in its absence. The standard mentions the benefits of a trusted digital environment for businesses and individuals across the nation, tying those benefits directly to cybersecurity, which the Telecommunications and Digital Government Regulatory Authority the TDRA, author of the standard considers to be the shared responsibility of every organisation and individual. While the TDRA leaves room for collaboration and partnerships between public and private sector organisations, compliance will be largely the domain of each individual enterprise. As with most compliance regulations in the digital space, the UAE government is only pursuing what every sensible business stakeholder should want: resilience. If last year taught us anything, it was the value of preparedness as it relates to continuity. The TDRA’s guidelines are worded in such a way as to be flexible because it knows that each industry and business is different. Predictably, the standard applies to some industries more rigidly than to others, but adoption of the guidelines is in the interest of any business that operates in the digital economy. The TDRA makes this point quite plainly. The IA regulation, while mandatory for some, is

D E C E M B E R 2 0 21

urged for all. One part of the security controls alluded to in the UAE Information Assurance Regulation are those related to communication and network security. In this regard, the standard is timely. As practices such as remote working and distance learning took off in 2020, the modern network became manifestly more complex than at any time since the emergence of cloud computing. In such environments it directs IT stakeholders to reconsider their threat postures. Using the network itself to detect threats before they become breaches and to understand the risk posed by every connected system and user, are key to effectively applying the communication and network security controls. While security engineers have being trying to do this for years, the boost in computing power has finally made it possible for them to tap into the power of Artificial Intelligence AI and Machine Learning ML and tilt the game of threat detection in their favour. The wide availability of AI and ML power paved the way for the evolution towards AI-based Behavioural Network Detection and Response NDR tools that go a long way towards automating the kinds of security controls the TDRA cites. Information transfer, network security management, cloud computing, and incident management and response are all covered in this approach. The power of AI can also be used to score systems, devices, and users according to the risk their behaviour poses another suggested practice in the IA guidelines. AI-based Behavioural NDR tools can be a significant leap towards compliance for UAE enterprises as they align with the government’s vision. If its implementation is spread widely enough, we can quickly achieve the trust and confidence required for innovation and competitive participation in the global digital economy. ë

GUEST COLUMN

RABIH ITANI, Country Manager UAE, Vectra AI.

Compliance will be largely the domain of each individual enterprise

D E C E M B E R 2 0 21

MEA

GUEST COLUMN

PROCESSING VIDEO ANALYTICS AT THE NETWORK’S EDGE The UAE’s Information Assurance Standard calls for protection and management, business continuity, disaster recovery, compliance, accreditation.

RUDIE OPPERMAN, Regional Manager, Engineering and Training, Middle East and Africa, Axis Communications.

MEA

D E C E M B E R 2 0 21

GUEST COLUMN

n the days before analytics existed, there was analogue closed-circuit television or CCTV, and it was up to the individuals monitoring these systems to identify as much as it is possible for a person to do. Then we had IP video, which saw surveillance systems evolve by enabling video transmission over network cable, and IP cameras that could be attached to networks simply and easily. Here, a person could watch a camera feed that is focusing on a parking garage, for example. They could only tell that something suspicious is happening. Not long after, developers realised that by using algorithms, digital video could be analysed automatically, and this became a popular feature of video management software, which now had the ability to pick up movement, identify how many people there were in a particular environment, and even set virtual tripwires. All these analytics happened at the heart of the surveillance system, the network video recorder, or the server. This was very bandwidth heavy, as vast amounts of video needed to be transmitted before it could be analysed. This is where the intelligent edge stepped in, and there was a shift towards more analytics taking place at the edge. This approach has the instant advantage of being able to analyse camera images at the source, without having to send bandwidth-heavy video across the network, instead, sending the results of the analysis to the virtual memory system as lightweight data. The immediate benefits of edge-based analytics are considerable. With analytics taking place within the camera, at the edge of the network, only valuable data needs to be sent to the operator. Analysing video at the source, and as close as possible to where it is captured, means all images being examined are of the

There was a shift towards more analytics taking place at the edge

highest possible quality, with zero degradation caused by compressing images before transferring them. Moreover, edge devices, such as cameras and other sensors, now have more processing power, and have previously undreamed-of analytics capabilities. With analytics built in, cameras today can be taught to automatically detect sounds, activities, objects, and much more, putting real-time data in the security practitioner’s arsenal, and enabling them to make critical, and, importantly, accurate decisions. Not only does intelligent edge analytics turn video information into data, but it also creates metadata. In its essence, metadata is information about data. Take a picture on your smartphone, for example. You will look at it and recognise a sunrise, clouds, or the ocean, but if you drill down into that data, you’ll be able to establish what time or where the picture was taken. Where the benefits come in, is that by harnessing both data and metadata, analysing floods of information becomes far easier and more effective. Edge technology has enabled users to fully harness the benefits of today’s analytics technology in a video and audio surveillance context. The modern chipsets we find today have given these devices a dramatic boost in processing power, enabling analytics to be loaded onto the devices themselves, which significantly lowers the amount of data that needs to be transmitted to cloud servers, and the reduction in bandwidth needs that has resulted from this has democratised analytics, putting it into the hands of those who could never have afforded it 10 years ago. Concurrently, the rise of artificial intelligence (AI), machine learning, and deep learning have has made it easier to train new analytical models, which in turn makes them infinitely more accurate and reliable. In addition, these technologies are upgraded through software and firmware updates, dramatically adding to their relevance and lifespan. There is no longer a need to swap out a whole piece of hardware every time an upgrade is issued. We have now established that the edge devices we have today are smarter, quicker, and more intuitive and powerful, but what does that really mean for us? In terms of surveillance, it means increasingly less dependence on human intervention and a growing reliability on automated solutions. In turn, this translates into a significant reduction in false positives and an

enhanced ability to filter out the noise that was inevitable with audio and video recordings. Devices today can process exponentially more information, thereby generating the metadata we need to effectively categorise and cross-reference data across a business. The sheer volume of information also enables analytics to be more effectively trained for better accuracy, which again, reduces false alarms by allowing a camera to be able to tell the difference between a human transgressor and a neighbourhood cat on the prowl. In addition, it is possible to train intelligent devices to recognise particular noises, such as glass breaking or gunfire, that are real signs a security incident is happening. Even voices that are raised, and aggressive behaviour can be used as triggers, informing security staff that a dangerous or unsafe incident might be taking place, which not only greatly reduces the time taken to respond to such incidents, but potentially prevents them from happening in the first place. Urban parking management is another fantastic application. Network surveillance cameras, even ones already in use in a town or city, can be tweaked through specific analytics applications to not only alert traffic personnel to parking violations, but can show drivers where empty parking spaces are. Detection zones that can be pre-defined could trigger alerts if a vehicle stops where it is not supposed to, such as in a loading zone, or stays somewhere for too long. Alerts could be sent to traffic enforcement to prevent congestion and fine violators. Additional benefits could be realised through the connection of data and systems. One example would be combining payment apps and license plate recognition, enabling parking management systems to settle parking fees automatically. This would be a time saver too, allowing drivers to leave parking garages without having to queue to pay at the machines, and save them annoyance when the machines are out of order. Moreover, by analysing real-time and historical data, it is possible to predict peak times, so parking lot owners can open extra spaces, or let drivers know in advance when it is likely to be full. By adding AI to the analysis, parking management solutions could even predict where drivers have the best chance of finding an open spot when they arrive. ë

D E C E M B E R 2 0 21

MEA

EXECUTIVE MOVEMENTS

EXECUTIVE MOVEMENTS Schneider Electric promotes Waseem Taqqali to lead services across MEA Schneider Electric has appointed Waseem Taqqali as the Vice President Services for the Middle East and Africa. Taqqali, who joined Schneider Electric in 2013, has been promoted from his current role as Vice President Services for the Gulf. An industry veteran with several decades of experience, Taqqali will be tasked with leading one of Schneider Electric’s fastest growing segments and supporting customers with the company’s in-person and online service solutions. A Jordanian national, Taqqali’s experience spans areas such as energy management, technology and sustainability; he previously held roles at Accenture, Masdar, DEWA and ADWEA. Waseem joined Schneider Electric in 2013 as the Building Business VP for the Gulf. In 2016 he took over the Services business in the Gulf and Pakistan Cluster.

SolarWinds appoints Jeff McCullough as VP Worldwide Partner sales to drive global channel business SolarWinds announced the appointment of Jeff McCullough, Vice President, Worldwide Partner sales. In this newly formed role, McCullough will lead the global channel business, partner development, and strategic partnerships. His team will focus on building a Partner program strategy supporting global go-to-market teams, while accelerating the company’s routes to market across existing and new partnerships, including cloud service Partners, global system integrators, distributors, and resellers. McCullough brings over 20 years of experience in IT channel sales and senior management, with a particular focus on enterprise sales, strategic alliances, and business development. He most recently served as Vice President with Park Place Technologies, building and then leading the launch of the company’s new channel program.

JEFF MCCULLOUGH,

Vice President, Worldwide Partner sales.

Infor appoints Monzer Tohme as Senior Sales Director for Middle East and Africa Infor announced it has appointed Monzer Tohme as senior sales director for the Middle East and Africa. Tohme will work to strengthen Infor’s commercial team and help the company consolidate its position as the region’s leading provider of industry-specific cloud solutions, which are helping drive digital transformation in sectors including industrial manufacturing, distribution, healthcare and automotive. Prior to taking on his new role at Infor, Monzer was the cluster lead for Oracle in Central and Eastern Europe, Middle East and Africa region, where he led the strategic direction for cross-functional to drive business growth in the customer experience and business applications portfolio. Monzer has also held senior roles at companies including Microsoft, HP and Epicor. He also previously worked at Infor between 2013-2017 as regional director for India, Middle East and Africa, and has in-depth knowledge of Infor’s entire solution portfolio.

MEA

D E C E M B E R 2 0 21

MEA

D E C E M B E R 2 0 21