@entitworld
@enterpriseitworld
@enterpriseitworld
R S 2 0 | PA G E S 3 6 | V O LU M E 0 5 | I S S U E 0 2
WWW.ENTERPRISEITWORLD.COM
FOR THE CIOs. BY THE CIOs. APRIL 2020
19
HOW
COVID WORKING REVOLUTION LED A REMOTE
As those of us privileged, today sit in the safety and comfort of our homes, we are not just keeping the those around us safe, but are also participating in a remote working revolution. Where most companies in India have previously shunned remote working citing reasons like low productivity, the same companies are today forced to work from home to survive. As the technology leaders enable this transition, Indian companies are exploring uncharted territories and if one might say, making much process. P/20
TECHNOLOGY EVOLUTION HAS LED TO INCREASINGLY SOPHISTICATED SECURITY THREATS: VMWARE
INTERVIEW P-30 SECURITY
EDITOR’S LETTER
ENHANCE SKILL SETS AND WORK ON AUTOMATION
Hello Friends.
Covid 19 Pandemic has brought everyone to grinding halt. CIOs with their battery of workers are forced to work from home. Many sectors have just stopped functioning. Hospitality, aviation, manufacturing, retail, tourism, entertainment etc. are on the forefront. Every individual is under virtual house arrest by the orders of the government. The pandemic has completely devastated the old economy. No one, in fact, knows where the economy is heading. The IMF blog post says that this is a truly global crisis as no country is spared. Countries reliant on tourism, travel, hospitality, and entertainment for their growth are experiencing particularly large disruptions. Emerging market and developing economies face additional challenges with unprecedented reversals in capital flows as global risk appetite wanes, and currency pressures, while coping with weaker health systems, and more limited fiscal space to provide support. Moreover, several economies entered this crisis in a vulnerable state with sluggish growth and high debt levels. Kristalina Georgieva, Managing Director, IMG, in a press statement said, “We have reassessed the
COVER STORY
NEXT MONTH SPECIAL
INDUSTRY 4.0
The next issue is dedicated to Industry 4.0. We would like to take feedback from the CIOs and Vendors and create our judgment on the same.
prospects for growth for 2020 and 2021. It is now clear that we have entered a recession as bad or worse than in 2009. We do project recovery in 2021,” Georgieva also prophesized that a key concern about a long-lasting impact of the sudden stop of the world economy is the risk of a wave of bankruptcies and layoffs that not only can undermine the recovery. It also can erode the fabric of our societies. India falls under all predicted pandemic impact of IMF. At the same time, World Bank, which is more concerned about developing countries including India says that beyond the health impacts from the COVID-19 pandemic, they are expecting a major global recession. Group President Malpass, in a press statement said,“Our estimates suggest a much deeper global downturn than the Great Recession, given the declines in production, investment, employment and trade.” In a news report by Business Standard, Tata Power, Piramal Enterprises, and TVS group units are among over 320 firms have sought the moratorium on repayment of loans and RBI’s regulatory package is expected to give a breather to the entities, including financial sector players, to assess the impact of disruptions, and then chalk out a strategy to deal with the extended downturn. At the moment, government priority is to strike a balance between contentment of virus spread and smooth-running economy. In the situation, the senior leadership need to be positive and work on keeping their infrastructure safe from the hackers and provide continued support to the work from home people. This is also time that they learn new skillsets and help the management with innovative ideas to reduce cost and enhance automation.
S A N J AY M O H A PAT R A S A N J AY @ A C C E N T I N F O M E D I A . C O M
SUPPLEMENT
QUOTES FROM TOP CIOS The supplement story of the magazine would have relevant quotes from the top CIOs in India.
PLUS
Interviews and Case Studies
Catch interviews, guest articles and case studies of recent applications from the Industry stakeholders, IT/ITES Vendors and IT leaders and CIOs from the Enterprise IT World CIO Community.
Send in your inputs to sanjay@accentinfomedia.com 4
ENTERPRISE IT WORLD APRIL 2020
CONTENTS V O L U M E 0 5 | I S S U E 0 2 | APRIL 2020 | W W W . E N T E R P R I S E I T W O R L D . C O M
FOR THE CIOs. BY THE CIOs.
Publisher: Sanjib Mohapatra Chief Editor: Sanjay Mohapatra Managing Editor: Anisha Nayar Dhawan Sub Editor: Pooja Jain, Nidhi Shail Designer: Ajay Arya Assistant Designer: Shadab Khan, Rahul Arya Web Designer: Vijay Bakshi, Sangeet Technical Writer: Manas Ranjan Lead Visualizer: DPR Choudhary MARKETING Marketing Manager: Vaishali Shukla SALES CONTACTS
COVER STORY
20
Delhi 6/102, Kaushalya Park, Hauz Khas New Delhi-110016 Phone: 91-11-41055458 E-mail: info@accentinfomedia.com
HOW COVID19 LED A REMOTE WORKING REVOLUTION?
As those of us privileged, today sit in the safety and comfort of our homes, we are not just keeping the those around us safe, but are also participating in a remote working revolution. Where most companies in India have previously shunned remote working citing reasons like low productivity, the same companies are today forced to work from home to survive. As the technology leaders enable this transition, Indian companies are exploring uncharted territories and if one might say, making much process.
GUEST ARTICLE : /16 Protecting Your Company During COVID-19: Guidance for CIOs and CISOs
26 TRANSITIONING TO A MASS REMOTE WORKFORCE – WE MUST VERIFY BEFORE TRUSTING EOIN CARROLL
“Principal Engineer, Sr. Security Researcher, Advanced Threat Research, McAfee.”
EDITORIAL OFFICE Delhi: 6/103, (GF) Kaushalya Park, New Delhi-110016, Phone: 91-11-41657670 / 46151993 info@ accentinfomedia.com
Printed, Published and Owned by Sanjib Mohapatra Place of Publication: 6/103, (GF) Kaushalya Park, Hauz Khas New Delhi-110016
MORE INSIDE Editorial~ ~~~~~~~~~~~~~~~~~~~~~~~~~ 04 News~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 06
MOHIT ROCHLANI
“Director – Operations and IT, IndiaFirst Life Insurance Company Limited..”
Printed at Karan Printers, F-29/2, 1st floor, Okhla Industrial Area, Phase-2, New Delhi 110020, India. All rights reserved. No part of this publication can be reproduced without the prior written permission from the publisher. Subscription: Rs.200 (12 issues) All payments favouring: Accent Info Media Pvt. Ltd.
30
28 CHALLENGES, SUCCESS AND LEARNINGS FROM THE ONGOING COVID-19
Phone: 91-11-46151993 / 41055458
32
TECHNOLOGY EVOLUTION HAS LED TO INCREASINGLY SOPHISTICATED SECURITY THREATS: VMWARE
HOW ARE CISOS ENSURING THAT COVID 19 DOES NOT AFFECT ASSETS?
PRAJIT NAIR
VISHANT PAI
“Director Sales- End User Computing, VMware India.”
“Head – GRC and CISO, Yotta Infrastructure Solutions.” APRIL 2020 ENTERPRISE IT WORLD
5
ITWORLD
ROUND UP
3i Infotech’s ‘Remote Worker’ Enables Business Continuity B Y S A N J AY @ A C C E N T I N FO M E D I A . C O M
3i Infotech Limited has launched Remote Worker as a Service, as part of its Altiray Services. This VPN-as-aService is a unified secure access gateway that facilitates remote working from anywhere and anytime by hosting any on-premise server or application. It also enables organizations to move to the cloud with ease, and embrace Bring Your Own Device (BYOD) and mobility in a hybrid IT environment. ‘Remote-Worker as a Service’ solution from 3i Infotech simplifies access to the customer’s central infrastructure and applications without the worry of cumbersome configurations and needless time delays. It creates a seamless, safe and secure end-to-end socket layer connection in combination with secure 6
ENTERPRISE IT WORLD APRIL 2020
mobile access (SMA) to ensure security without any installation at the client’s end, thereby enabling remote users to connect to internal network resources over the Internet using an encrypted connection. It also helps to control all mobile devices of an organization’s network and provides a cost-effective single sign-on (SSO) to any application on the network or in the cloud from a single URL. While preventing unauthorized access to corporate applications, Remote Worker also facilitates employees to upload and share files securely. 3i Infotech’s existing customers are using this Remote Worker solution to connect to their product suite seamlessly from any location and from any device.
D ATA BRIEFING
74% CFOs Intend to Shift Some Employees to Remote Work Permanently
Source: Gartner
ITWORLD // NEWS BRIEF
Tech Mahindra and IBM to Help Their Clients Modernize Operations Leveraging Cloud
Tech Mahindra is collaborating with IBM to help businesses transform their operations and accelerate their hybrid cloud strategies. Tech Mahindra will help clients migrate core business applications to the IBM public cloud using IBM Cloud Paks. As part of this relationship, IBM and Tech Mahindra will establish innovation centers designed to help address complex business problems across industries, including telecommunication, manufacturing, financial services, insurance, retail and healthcare. The first center is planned to open in Bengaluru, India, later this year and specialize in transformation solutions built with IBM Cloud Paks, enterprise-ready containerized software
CIO
solutions running on Red Hat OpenShift. Tech Mahindra currently plans to open additional centers throughout North America and the United Kingdom in 2020. Pawan Sharma, President & Global Head of Strategic Initiatives at Tech Mahindra, said “The collaboration with IBM will help us accelerate the development of cloud-based applications for our customers and build multicloud data management solutions on the industry-leading hybrid platform. The commitment to building Innovation Centers aligns with our TechMNxt charter, an initiative that leverages emerging technology to solve real-world business problems for customers.”
edge computing, hybrid cloud, Kubernetes and the Red Hat Enterprise Linux Roadmap
This conference is dedicated to conversations on edge computing, hybrid cloud, Kubernetes and the Red Hat Enterprise Linux Roadmap RED HAT SUMMIT 2020 VIRTUAL EXPERIENCE
ENTERPRISE IT WORLD APRIL 2020
JK Technosoft made it possible to go-live with implementation of supply chain solution for ImpelPro SCM Solutions on Microsoft Dynamics NAV platform, while working remotely from the confinements of their home spaces. Despite all challenges, the company managed to get the Microsoft Dynamics NAV solution using the remote available collaboration technologies and its remote project governance framework. NAV is a dynamic software solution in terms of vendor price management, customer price, inventory valuation, inventory planning with strong audit trail functionality and works seamlessly on modules such as Finance, Fixed Asset, Sales, Purchase and Inventory. Aloke Paskar, President & CEO, JK Technosoft said, “WFH is a new normal in India and companies are skeptical as to whether their partners can execute critical programs. ImpelPro SCM Solutions and JKT together took this challenge, used the available collaboration technologies to manage teams and schedules for a successful implementation. ImpelPro and JKT have shown that good communication, governance and use of collaboration tools can overcome challenges of WFH in India, and get things done on time successfully.”
EVENTS
28– 29 APR 2020
8
JK Technosoft Implements SCM Solution Remotely
30 APR 2020
5 MAY 202027 FEB 2020 Managing Cloud-Native Security Solutions
The Embassy of Israel, COAI & India Mobile Congress present a special webinar on innovations in the new era where a number of companies from Israel will showcase their latest solutions in the emerging technology space. This is a unique opportunity for companies from the telecom and allied sectors to become first movers for adoption of these latest solutions & to collaborate with these companies.
to Protect Remote Access A platform for
IOT, 5G, Cloud and More on
INNOVATION IN THE NEW ERA
Bengaluru
In this webinar, Skybox and Zscaler will discourses onwith IT a review how they’re collaborating Disaster Recovery, one-of-a-kind product integration. The Response & integration ensuresEmergency that enterprises can secure their remote Crisisusers Management and through Zscaler’s cloud networkSecurity. and Information can consistently manage security policies, rule changes and compliance requirements across their hybrid cloud environments with Skybox. BUSINESS & MANAGING CLOUD-NATIVE IT RESILIENCE SECURITY SOLUTIONS TO SUMMIT PROTECT REMOTE ACCESS
NEWS BRIEF // IT WORLD
Verizon Business to Acquire BlueJeans
S/HE SAID IT
ADITI PURI BATRA
COUNTRY MANAGER, INTUIT QUICKBOOKS INDIA
“Small and micro businesses play an important role in the larger supply chain and thus their health is imperative to kick-start the industry when the lockdown eases.”
Verizon Business has entered into a definitive agreement to acquire BlueJeans Network, a trusted enterprise-grade video conferencing and event platform. The acquisition expands Verizon’s immersive unified communications portfolio. BlueJeans’ cloud-based video service currently serves a wide variety of business segments from small organizations to some of the world’s largest multinational brands, and has played a significant part in continuing those companies’ operations during the ongoing work-from-home surge. The transaction will combine BlueJeans’ simple, smart and trusted meeting platform with Verizon’s unified communications as a service business immediately. Customers will benefit from a BlueJeans enterprisegrade video experience on Verizon’s highperformance global networks. In addition, QUICK BYTE ON
the platform will be deeply integrated into Verizon’s 5G product roadmap, providing secure and real-time engagement solutions for high growth areas such as telemedicine, distance learning and field service work. “As the way we work continues to change, it is absolutely critical for businesses and public sector customers to have access to a comprehensive suite of offerings that are enterprise ready, secure, frictionless and that integrate with existing tools,” said Tami Erwin, CEO of Verizon Business. “Collaboration and communications have become top of the agenda for businesses of all sizes and in all sectors in recent months. We are excited to combine the power of BlueJeans’ video platform with Verizon Business’ connectivity networks, platforms and solutions to meet our customers’ needs.”
“At a time like this, corporates must stay strong and support the talent pool in various ways possible.” V I D YA L A X M A N D I R E CTO R , T E S C O T E C H N O LO G Y
SECURITY
Misconfiguration as number one risk to Cloud Environments: Trend Micro According to Trend Micro’s research into cloud security, which highlights human error and complex deployments reveals that misconfigurations are the primary cause of cloud security issues. In fact, Trend Micro Cloud One – Conformity identifies 230 million misconfigurations on average each day, proving this risk is prevalent and widespread.
APRIL 2020 ENTERPRISE IT WORLD
9
ITWORLD // NEWS BRIEF
NAKIVO Launches Backup For Oracle RMAN With Its v9.3 Release
British 5G Towers Burned Down Due to Coronavirus Conspiracy Theories 5G phone masts are being set alight in the UK, after online conspiracy theories misleadingly links the cell towers to the coronavirus pandemic, as reported by The Verge. The BBC reported that at least three 5G towers were burned recently, and police and fire services were called to extinguish the flames. These rumors and conspiracy theories that linked the roll out of 5G and the spread of Covid 19 emerged primarily through social media networks. Members on Facebook and Nextdoor repeated false and misleading claims that 5G is suppos-
EXECUTIVE
edly harmful. One theory claims that the novel coronavirus originated in Wuhan because the Chinese city had recently been rolling out 5G. It’s now supposedly spread to other cities that are also using 5G. These false conspiracy theories neglect to mention that a highly contagious virus would naturally spread more in densely populated cities with access to 5G, and that the coronavirus pandemic has hit counties like Iran and Japan where 5G isn’t in use yet, reported The Verge.
NAKIVO Backup & Replication v9.3 is now generally available. The latest release of NAKIVO Backup & Replication includes backup for Oracle RMAN. That means, now, it allows you to manage database protection from a single pane of glass. With a centralized control of Oracle RMAN backup and recovery, the efficiency and protection increases manifold. MAKIVO Inc. Is a fast-growing global software company specialized in protecting virtualized, physical, and cloud environments flawlessly. Its latest version provides native protection of Oracle databases via RMAN. With the addition of support for Oracle RMAN, NAKIVO Backup & Replication strengthens its list of enterprise-class features. As a matter of fact, backup for Oracle RMAN feature offers businesses of all sizes an improved control of their Oracle data protection. NAKIVO Backup & Replication v9.3 helps NAKIVO customers back up their IT infrastructure including Oracle databases and restore them from a single pane of glass. In fact, Oracle RMAN backup jobs can easily be initiated through an intuitive web interface. These jobs can be monitored to completion and verified anywhere, at any time. There are advanced scheduling options in NAKIVO Backup & Replication v9.3 to optimize Oracle RMAN backup routines thus ensuring a rigorous protection of all the critical databases. In addition, customers are able to restore entire Oracle databases to a paticular point in time without compromising with productivity and operational performance. Backup for Oracle RMAN is not only simple but is designed so well that it can be mastered by user with any level of Oracle expertise.
MOVEMENT
Acuver Consulting has appointed Manjunath B S as new Chief Technology Officer
Digital Transformation Leader, Vipul Anand joins Praxis Advisory Network
Bjorn Engelhardt has joined as Vice President of APAC sales, Forcepoint
Talib Yousry is the new Senior Director of Channels and Alliances for APAC, Forcepoint
Nick Savvides has joined as Senior Director of Strategic Business for APAC, Forcepoint
Rahul Arora joins McAfee India as Sales Director, India and SAARC
10 ENTERPRISE IT WORLD APRIL 2020
NEWS BRIEF // IT WORLD
BOOK
GLOBAL UPDATE
ABB-NASSCOM to Develop Competency Standards for New-Age Technology Jobs in India
SHELF
Business Continuity and Risk Management: Essentials of Organizational Resilience
BY
KURT J. ENGEMANN AND DOUGLAS M. HENDERSON
PRICE
RS. 10,263.00
WHERE:
AMAZON.IN
In a major push for skill development in the technology industry, ABB, in association with NASSCOM has developed a standardized qualification criterion for two IoT-related job roles – IoT Network Communications and IoT Cyber Security. This first of its kind industry collaboration will facilitate the much-needed uniformity and formalization by aiding the hiring and evaluation of these high-skilled jobs across the sector. The Qualification Packs (QPs) define the competency standards that will provide a framework for academic institutions to design their course curriculum
to better conform to industry hiring standards. These standardized assessments will lead to the creation of skilled and certified talent for IoT from which the industry can hire the right talent for new-age jobs, thereby reducing the cost of hiring and increasing the time for productivity. The QPs will be promoted across the industry for the purpose of hiring, promotions and curating learning & development (L&D) programs, thereby laying the foundation for standardized employment practices for skilled jobs in the IT-ITeS industry.
About The Book Covering both Business Continuity and Risk Management and how these two bodies of knowledge and practice interface, the book is a state-of-the-art textbook designed to be easily understandable.
Key Feature From years of experience teaching and consulting in Business Continuity and Risk, Kurt J. Engemann and Douglas M. Henderson explain everything clearly without extra words or extraneous philosophy.
HPE and Industry Partners Simplify 5G Rollout HPE brings Open Distributed Infrastructure Management initiative, a new open source program that will simplify the management of large-scale geographically distributed physical infrastructure deployments. HPE will also introduce an Open Distributed Infrastructure Management Resource Aggregator that is aligned with the initiative which will help resolve the complexity that telcos face in rolling out 5G networks across thousands of sites equipped with IT infrastructure from multiple vendors and different generations of technology. This new initiative underlines HPE’s commitment to
accelerating industry alignment through open source innovation. HPE’s 5G portfolio promises to unleash the potential of 5G at the network core, at the edge, and in the enterprise. This initiative is being launched in collaboration with Intel and with support from key industry leaders including AMI, Apstra, Red Hat, Tech Mahindra and World Wide Technology. HPE alongside Intel plans to initiate an open source project under the Linux Foundation to further develop the initiative in conjunction with ecosystem partners to enable end-to-end automated management of networks. APRIL 2020 ENTERPRISE IT WORLD
11
ITWORLD // NEWS BRIEF
IPsoft Brings Automation to Legal Documents IPsoft has rolled out ContractPodAi to support its document management. IPsoft is working with ContractPodAi to empower its global workforce with an innovative contract management solution. As a fast-moving and highly innovative company, IPsoft looked to migrate from document management to a records-based approach for contract management. To do so, the company required a contract lifecycle management system that is reliable, robust and graphically intuitive, as well as a solution that could easily analyze and track contract data. What’s more, the solution needed to be simple to use for attorneys and legal staff in order to alleviate the workload on legal teams and drive company-wide adoption. “When searching for a contract management solution, we looked for an innovative company with expertise in adapting to the needs of the market and customer,” said Jerry Levine, global general counsel and corporate secretary, IPsoft. “With ContractPodAi, we have the reassurance that our challenges are solved quickly with an easy-to-use solution.”
Nutanix-Udacity to Offer Hybrid Cloud Nanodegree Program Nutanix has partnered with Udacity, the global online learning platform, resulting in a new Hybrid Cloud Nanodegree program. This program will enhance learning opportunities in the emerging cloud technologies market that are essential for organizations to upscale their IT infrastructure. As part of the collaboration, Nutanix will also sponsor 5,000 scholarships to help IT professionals advance their knowledge with this initiative. Although hybrid cloud technology continues to grow and evolve, educational opportunities in this field remain at a standstill. In Nutanix’s recent Enterprise Cloud Index survey, 85% of respondents said that hybrid cloud is the ideal operating model. However, 32% of respondents reported a lack of in-house hybrid cloud skills. To fill this educational gap, Udacity and Nutanix have collaborated closely to develop a Nanodegree program that will advance the knowledge of seasoned IT professionals.
Global organizations – including Brisbane Catholic Education, BN Vital, Cofense, Nebraska Medicine, Preferred Mutual, and Tyler Independent School District – are leveraging VMWare’s digital workspace platform, VMware Workspace ONE, to meet rapidly evolving business continuity needs while providing a productive, engaging digital employee experience. The company has also announced the general availability of several Workspace ONE capabilities aimed at addressing critical employee experience use
12 ENTERPRISE IT WORLD APRIL 2020
cases – accelerating successful onboarding, building new ways of working for all, and supporting a remote-first workforce. “At a time when business is far from usual, companies are leaning on our digital workspace solutions to enable their employees to work remotely, maintain productivity, increase connectivity, and provide more secure access to applications regardless of the endpoint,” said Shankar Iyer, senior vice president and general manager, End-User Computing, VMware. “And, we’re constantly evolving our solutions to improve all aspects of an employee’s digital experience – from recruitment to retirement – to help companies win and keep the best talent.”
DIGEST WIPRO, AZIM PREMJI FOUNDATION COMMIT RS 1125 CRORE TO TACKLE COVID-19 CRISIS Wipro Ltd, Wipro Enterprises Ltd and Azim Premji Foundation, have together committed Rs 1125 crore towards tackling the unprecedented health and humanitarian crisis arising from the COVID19 pandemic outbreak. These resources will help enable the dedicated medical and service fraternity in the frontline of the battle against the pandemic and in mitigating its wide-ranging human impact, particularly on the most disadvantaged of our society. Integrated action will be taken for a comprehensive on-the-ground response in specific geographies, focused on immediate humanitarian aid, and augmentation of healthcare capacity, including containing the COVID-19 outbreak and treating those affected by it. These responses will be carefully coordinated with relevant government institutions and would be executed by the Azim Premji Foundation’s 1600-person team, in collaboration with many of its over 350 strong civil society partners, who have a deep presence across the country. These efforts will fully leverage the technology expertise, sourcing systems, infrastructure, and distribution reach of Wipro. IIT ROORKEE DEVELOPS A UNIQUE SURVEILLANCE SYSTEM TO TACKLE COVID-19 To augment surveillance of COVID suspects, Dr. Kamal Jain, Professor, Department of Civil Engineering, IIT Roorkee, has developed a unique tracking mobile application which is endowed with state of- the art features. The app can track individuals and do geofencing around them. The system will get an alert, if geofencing is violated by the quarantined person. In case GPS data is not received, the location will be obtained automatically through the triangulation of mobile towers. If the internet is not working, the location will be received through SMS. If the application gets off, an alert will be received immediately. The location of the person can be received by sending an SMS to the device. It allows the sharing of quarantined persons/places photographs on a google map, uploading geotag image to a server. Furthermore, administrators can view all reports on a map. If installed on the affected person, it can provide a history of all people in his vicinity for a defined period.
NEWS BRIEF // IT WORLD
MANAGEMENT
MANTRA
“Very simply, your organization’s crisis plan is incomplete without a comprehensive digital strategy.” Jane Jordan-Meier
Lenovo Delivers Smarter Edge to Cloud Infrastructure Solutions to Unlock Data Insights
Xerox Walks Away From $35 Billion Acquisition of HP Inc
Xerox Holdings Corp. has dropped its fivemonth hostile bid to acquire larger rival HP Inc. because the COVID-19 health crisis undermined the copier maker’s ability to pull off the debt-laden merger, the company said in statement. Xerox was to acquire rival, HP Inc, at a hostile bid of $35 billion, which the latter claimed as an undervaluation. “Xerox needs to prioritise the health and safety of its employees, customers, partners and affiliates over and above all other
considerations, including its proposal to acquire HP,” said John Visentin, Chief Executive Officer, Xerox. “We believe it is prudent to postpone releases of additional presentations, interviews with media and meetings with HP shareholders so we can focus our time and resources on protecting Xerox’s various stakeholders from the pandemic,” Visentin said.
Lenovo DCG expands its portfolio of IT infrastructure solutions. For enterprises building end-to-end applications that leverage Azure, the new Lenovo ThinkAgile MX1021 and ThinkSystem DM7100 provide validated solutions for cloud tiering. “At a time when the speed and agility of processes critically impacts your daily business operations, our customers demand more powerful, secure and flexible solutions”, said Kamran Amini, Vice President and General Manager of Server, Storage and Software Defined Infrastructure at Lenovo DCG. “Lenovo’s technology architecture is purpose-built to deliver real-time, valuable insights from edge to core to cloud, enabling a new era of intelligence where customers can fully realize the potential of the data at their disposal.” Lenovo ThinkAgile MX1021 utilizes Microsoft Azure Stack HCI solutions to enable enterprises to move compute to the edge and act on the data where it’s created. For retailers looking to reduce inventory losses, customer sentiment analysis data can be analyzed real time at the edge. In manufacturing, edge servers can collect sensor data, enabling real-time monitoring to increase efficiency and productivity of manufacturing plants.
Nutanix Brings Invisible Infrastructure to Big Data and Analytics
Nutanix has extended the Nutanix platform with new features for big data and analytics applications, as well as unstructured data storage. These capabilities, part of Nutanix Objects 2.0,
include the ability to manage object data across multiple Nutanix clusters for achieving massive scale, increased object storage capacity per node, and formal Splunk SmartStore certification. The enhancements add to a cloud platform that is already optimized for big data applications, to deliver performance and incredible scale, while also reducing cost by maximizing existing, unused resources. Big data workloads demand cloud environments that can efficiently manage extremely large volumes of unstructured data, as well as deliver
the high performance necessary to analyze the data in real-time to extract business insight. With companies reliant on business data to create personalized customer experiences, IT teams often struggle with siloes, complexity, and operational inefficiencies. Options currently available do not offer secure, end-to-end solutions to run big data applications that can easily scale.
APRIL 2020 ENTERPRISE IT WORLD
13
ITWORLD // NEWS BRIEF
HPE Supports Growing Demand for Remote Workforce Rollouts in Wake of COVID-19 Impact
Limelight Adds New Serverless Computing Capability To Leading Edge Services Platform Now developers can easily deploy their code across Limelight’s global edge platform with EdgeFunctions, a new distributed serverless computing capability. After extensive development and completion of its alpha testing program, Limelight Networks, Inc. has announced that EdgeFunctions is in field trials with several customers with planned general availability in Q2. With serverless architecture, developers don’t have to worry about the underlying infrastructure such as provisioning and managing servers or runtimes which can be costly and time consuming. Instead, they’re able to concentrate on writing and deploying code to create or enhance user application experiences.
EdgeFunctions allows developers to run their code in Limelight edge locations, taking advantage of Limelight’s global footprint and scale. Functions are globally available and run in the same locations as Limelight’s Content Delivery Network (CDN) — closest to where content requests are received — which ensures the lowest possible latency for code execution and delivers optimal user experiences. An API-first approach to serverless computing with support for Node.js, Python and Go frees developers to focus on innovation and integration with their content workflows.
Hewlett Packard Enterprise has taken up a series of initiatives to help customers and support business continuity in the wake of COVID-19. Recognizing the growing need to deploy or scale remote workforce infrastructure to meet stay-at-home and social distancing policies, HPE is releasing a more powerful virtual desktop infrastructure (VDI) solution, and offering flexible financing terms and new pre-configured solutions to increase flexibility and accelerate delivery for customers. HPE’s range of VDI solutions, advisory services and financing enable customers to rapidly design and tailor their VDI rollouts to meet users’ needs, keep their network secure and conserve capital. Available now, HPE Financial Services is offering new, innovative financial and asset lifecycle options including short-term rentals and 90-day payment deferrals on VDI solutions. HPE VDI solutions are also available as-a-Service through HPE Greenlake to support customers who require financial flexibility in their remote workforce roll out. HPE is also offering new, pre-configured VDI solutions to support small, medium and enterprise customers. Built on either HPE ProLiant or HPE Synergy servers, these solutions can start as small as 80 users and scale to over 2,000 remote workers and are designed for Citrix and VMware environments.
IBM Offers ‘Watson Assistant for Citizens’ for Reliable Responses to COVID-19 Ques IBM is helping government agencies, healthcare organizations and academic institutions throughout the world use AI to put trusted data and information into the hands of their citizens. With a flood of information requests from citizens, wait times in many areas to receive answers can exceed two hours. Available for no charge for at least 90 days and available to the client’s citizens online, IBM Watson Assistant for Citizens on the IBM public cloud, brings together Watson Assistant, Natural Language Processing capabilities from IBM
14 ENTERPRISE IT WORLD APRIL 2020
Research, and state-of-art enterprise AI search capabilities with Watson Discovery, to understand and respond to common questions about COVID-19. “While helping government agencies and healthcare institutions use AI to get critical information out to their citizens remains a high priority right now, the current environment has made it clear that every business in every industry should find ways to digitally engage with their clients and employees,” said Rob Thomas, General Manager, IBM Data & AI.
NEWS BRIEF // IT WORLD
Italian National Institute of Statistics Maintains Operations with Citrix
As COVID-19 continues to spread around the globe, business is anything but usual, particularly in Italy where coronavirus is taking a catastrophic toll. With the majority of the country in lock down, business has essentially shut down. Yet there is still a need to provide critical data to support the decisions of policy makers as they work to manage the crisis and eventually open things back up. The Italian National Institute of Statistics (ISTAT) provides much of this data. And leveraging remote work solutions from Citrix Systems, Inc. it has been able to continue doing so while keeping its employees, and the country, safe. “The COVID-19 outbreak has created extraordinary obstacles for our country and our focus is on providing data that our policymakers and citizens can use to make informed decisions and bring things under control,” said Massimo Fedeli CIO, ISTAT.
“With Citrix, we can create remote work environments that provide our employees with secure, reliable access to the systems and applications they need to deliver this data from the safety of their homes.” A pioneer in remote work, ISTAT first embraced the concept in 2005 and has since accelerated its adoption through the development and execution of “smart working policies.” ISTAT has long used Citrix Virtual Apps and Desktops to deliver digital workspaces through which employees can access the tools they need to do their jobs from wherever they happen to be and IT can dynamically apply security policies based on a user’s behavior and environment to ensure their applications, information and devices are safe. So when COVID-19 hit and remote work became a mandate, not an option, the organization was ready, as 600 users were already doing smart working on the Citrix platform.
Inali Develops Smart Ventilator for COVID-19 Pandemic in Eight Days
As part of its initiatives to answer urgent needs in the COVID-19 pandemic, Dassault Systèmes’ 3DEXPERIENCE Lab supported the Indian startup Inali in the rapid development of a safe, affordable “smart ventilator” that could be quickly manufactured and deployed for emergency use. The development took less than eight days. Inali, a non-profit organization creating assistive health care products, designed and developed the smart ventilator using the 3DEXPERIENCE platform and a collaborative approach with designers and healthcare professionals from the lab’s OPEN COVID-19 online community, as well as with engineering mentors from the 3DEXPERIENCE Lab in India. Using cloud-based digital applications, Inali engaged with this community of experts and innovators in real time – no matter their location – leveraging collective intelligence to rapidly design a 3D model of the smart ventilator, engineer it, simulate its function, and manufacture and validate a prototype. The smart ventilator was designed to identify performance metrics for parameters such as air velocity and air pressure that are needed to function, and adjust its operating parameters accordingly, as well as to identify the appropriate oxygen level for an individual patient and the safety metrics required for reliable and safe use.
NASSCOM FUTURESKILLS LAUNCHES FREE AI LEARNING COURSEWARE With an aim to enhance AI readiness among all individuals in the country, NASSCOM in partnership with MEITY, has launched an on-demand courseware on Artificial Intelligence. This would be under the NASSCOM FutureSkills initiative and will allow individuals to upskill themselves over the course of the next few weeks. NASSCOM FutureSkills has curated deep learning programs for their partner ecosystem that will be available for free on the NASSCOM website for all users. The Foundational Artificial Intelligence course from SkillUp Online, is aligned to the industry’s recommended Foundation AI curriculum (retail
price Rs 6800) free for everyone till May 15, 2020. The Foundational Big Data Analytics course from Digital Vidya, aligned to the industry’s recommended Foundation BDA curriculum will also be soon made available free of cost (retail price Rs 5000). Besides deep skilling, the website will also include microlearning content on AI as quick knowledge bytes. NASSCOM acknowledges the role played by AI and other emerging technologies, as an imperative to build a digitally powered tomorrow. It is essential that the workforce is ready with the required capabilities while dealing with AI to execute functions using the technology a lot more efficiently in the future. APRIL 2020 ENTERPRISE IT WORLD
15
GUEST COLUMN // SECURITY
ROSS MCKERCHAR CISO, SOPHOS
Long terms fixes boil down to a zero trust approach. There is no doubt
this crisis will accelerate the shift towards zero trust architectures.
BY SANJAY@ACCENTINFOMEDIA.COM
There are two areas which are most likely to result in a cybersecurity incident due to the ongoing crisis: remote access and phishing. We’ll cover both in this article and provide a set of prioritized recommendations to expeditiously prevent, or at least mitigate, these critical issues. Remote Access By remote access I’m referring to the myriad ways organizations are allowing their employees to work from home. These range from the obvious “traditional” remote access services, such as VPN and terminal service gateways, as well as cloudnative conferencing and other collaboration tools that organizations everywhere are adopting in a hurry. The key risk is weak authentication of your remote access services. Organizations have been battling for years to ensure services (particularly when internet-facing) are protected by multi-factor authentication (MFA) and only accessible with centrally-managed corporate accounts (typically held in Active Directory, Azure or Okta). Doing this well is a real challenge at the best of times and requires IT staff to have intricate knowledge of SAML, OpenID and various other technologies and standards that support our modern identity management. This is, of course, on top of all the legacy technologies (LDAP, RADIUS, Kerberos, etc…) that are still in place to support authentication in traditional architectures. Throw in a global crisis with IT teams worldwide scrambling to keep 16 ENTERPRISE IT WORLD APRIL 2020
PROTECTING YOUR COMPANY DURING COVID-19: GUIDANCE FOR CIOS AND CISOS Ross McKerchar, CISO, Sophos writes about the two areas which are most likely to result in a cybersecurity incident due to the ongoing crisis: remote access and phishing. services accessible and it’s obvious the complexity of identity federation and MFA claims will not be top of mind. This is perfectly understandable and, in most cases, taking risk to get services online is absolutely the right decision. With business fighting to survive, business continuity and availability should take precedence. The security problems occur for a couple of reasons. Firstly changes being made quickly on the front line may not been seen or understood by leaders in the organization better placed to evaluate the resultant risk. Secondly, even when risk assessments were made, the original premises are probably no longer correct. Furthermore, it’s going
to be very hard for organization to go back to previous working models once employees realise you can work from home very effectively. In short, organizations must not assume they will quickly be able to remove all these risky internet-facing services. They instead need to figure out how to secure them. What should IT and security leaders do? There are long term and short term fixes. Long terms fixes boil down to a zero trust approach. There is no doubt this crisis will accelerate the shift towards zero trust architectures. Unfortunately organizations cannot and should not rush in this
SECURITY // GUEST COLUMN
direction as it requires large IT infrastructure investment and changes to organisational mindset to be executed successfully. Organizations should thus focus their efforts on tactically reducing risk as quickly as possible. Primarily this means ensuring key services as protected with MFA by any means possible. This is best tackled per service. Organizations need to identify which services are most at risk and most valuable to their adversaries. For organizations with on premise infrastructure and traditional perimeter-based security these are likely to be VPNs and other remote access gateways. For organizations with cloud infrastructure, the focus should be their identity provider (most commonly Azure or Okta). As the central point for authentication, simply enabling MFA here will get you the biggest and quickest win, especially as both Azure and Okta have integrated MFA capabilities and integrations with popular 3rd party providers such as Duo. Organizations that haven’t managed to centralise cloud identities will need to look at specific applications and see if they offer their own MFA capabilities. Mail, collaboration, CRM and ERP systems are the obvious places to start. Also consider highly-critical but less widely accessed services such as your security management tools. Making tough trade-offs Even these tactical options are not easy and compromises will need to be made. The exact balance of trade-offs will be different for every organisation but here are some considerations: VPN Capacity If you’re backhauling client traffic to scrub, allowing “Split VPNs” (where clients go direct to the internet) is the quickest way to gain capacity and likely less risky than exposing squishy, insecure internal services directly online. However this does depend on your clients having well-patched browsers and, ideally, endpoint based web-protection. Also be aware that if you have SaaS services relying on clients coming from known corporate IP addresses don’t simply turn off that control – replace it with MFA! Centralized vs de-centralized MFA Attaching MFA to your identity provider allows for a common experience across all applications. This is undoubtably less confusing for staff and easier to rollout. It’s also a much longer route if you don’t have a centralized identity service. Retrofitting federated identity to an existing production app can be really hard so, tactically, it may be easier to enable MFA capabilities from the service provider. This does mean staff will likely have multiple different authentication mechanisms to navigate.
Not ideal but don’t forget they are used to handling this when logging on to non-work applications (internet banking, personal email, etc). Everyone is handling a lot of change right now so they may be more accommodating and resilient than you might expect! SMS-based MFA There’s a lot of very valid concerns about SMSbased MFA. It’s also the simplest and quickest way to get MFA enabled, particularly as staff will likely be familiar with it. SMS-based MFA is still immeasurably better than no MFA. If it’s the fastest route to protecting your business, it’s very likely the right place to start. Just make sure you have a migration plan to something more secure. Passwords If you’re spinning up new services (e.g. videoconferencing) and are unable to setup federated identity, employees are going to need to remember even more passwords. The biggest risk with this is password reuse. You can’t reasonably expect employees to remember dozens of unique passwords. A password manager is the best tool to get around this problem. Unfortunately password managers do take some getting used to and the UX can be very confusing for non-technical staff. In a pickle, writing passwords physically down in a notebook is not the worst thing right now. It may fly in-the-face of conventional wisdom but with everyone at home, the chances of that notebook falling into the hands of an adversary is slim right now. Just try and find a better solution – and change the passwords – before staff start travelling again! Other considerations Beyond MFA there are a couple other related remote-access risks to consider: VPN and Remote access gateway vulnerabilities Patching critical infrastructure probably feels risky right now. Unfortunately in the past few months there have been some very serious vulnerabilities in common remote access equipment. These vulnerabilities are being actively exploited by multiple criminal groups right now. If you have a vulnerable service you need to patch immediately. Just have a backup plan in-case the device fails to patch (especially if you’re unable to get physical access). Endpoint security updates Check your infrastructure to make sure that you are still receiving updates from your endpoint security provider. If you have a cloud-based management, you’re probably ok but if not, it’s essential
that your clients can reach updating services. This requires checking that your VPN allows access to your update server(s) (and that you have capacity). Don’t forget to consider clients that may not regularly connect to the VPN. Phishing attacks Phishing attacks using COVID-19 as a lure are the most visible and immediate cybersecurity risk in the ongoing crisis. Firstly everyone is worried and handling an unprecedented change to their daily lives. High stress situations make everyone hungry for information and less likely to objectively evaluate any message they receive. Secondly, IT departments and service providers are bombarding us all with legitimate messages about changes to services. Combine these issues and it’s unrealistic to expect employees to accurately identify and report all attacks. You need to assume that some will get through and some staff will be duped. Accepting this allows you to focus on being resilient to attacks rather than hoping to avoid them. MFA Good news is that we’ve already covered the most important defence! Credential phishing, whereby the attackers put up a fake login page to trick staff into entering their credentials, is the most common form of phishing. MFA is a great (albeit not always perfect) form of defense against this*. Endpoint and email defenses Your security software has multiple chances at catching a phishing attack. The more chances you give it the better the overall protection. It can refuse to even receive the email as it knows it’s coming from spammer. It can scan the email and all the attachments and URLs in order to block it. Web filtering can block connections to malicious websites or spot a malicious payload on the site. Endpoint software can spot malicious files and behavior should all the previous defenses fail and the employee ends up running something malicious on their system. The better-configured and effective all these defenses are the less likely an attacker will manage to evade everything. Patching Drive-by-downloads are less common nowadays but still a real risk. Patching browsers, mail clients and applications which are regularly used to open attachments will limit the really nasty attacks that rely on minimal user-interaction. Lastly, there are few reasons to be running browser plugins such as Flash, Java, etc. nowadays – disable them if you possibly can, it’s much easier and safer than trying to keep them updated.
APRIL 2020 ENTERPRISE IT WORLD
17
REPORT // SECURITY
AS ECONOMIC STIMULUS PAYMENTS START TO FLOW, CYBER-ATTACKERS WANT TO GET THEIR SHARE TOO Check Point has seen a huge increase in the number of attacks, to an average of 14,000 a day, which is six times the average number of daily attacks when compared to the previous two weeks.
** The graph shows urls/filenames/subjects which related to stimulus, money loans, debt, etc
18 ENTERPRISE IT WORLD APRIL 2020
With the coronavirus (Covid-19) pandemic shutting down major parts of the global economy, governments are responding with massive stimulus packages aimed at supporting businesses and individuals. In the U.S. alone, the federal government is rolling out a $2 trillion package of Economic Impact Payments to help give the economy a shot in the arm and prevent a crash. And of course, where there’s money, there will also be criminal activity. Hackers and threat actors want to cash in on the rush to get these vital payments and fill their own pockets at the expense of others. To do this, they are evolving the scam and phishing techniques that they have been using successfully since the start of the pandemic in January. Google recently reported that in just one week from 6 to 13 April, it saw more than 18 million daily malware and phishing emails related to Covid-19 scams – and that’s in addition to the 240 million daily spam messages it sees related to coronavirus. Check Point researchers have found that since January, a variety of domains related to coronavirus-related stimulus or relief packages have been registered globally. A total of 4,305 domains relating to new stimulus/relief packages have been registered: • In March 2020 – a total of2081 new domains were registered (38 malicious; 583 suspicious) • In the first week of April - 473 were registered (18 malicious, 73 suspicious) • Check Point has also seen a major increase in the week starting March 16 during which the American government proposed the stimulus package to taxpayers. The number of new domains registered that week was 3.5 times higher compared to the average of previous weeks These scam websites use the news of the coronavirus (Covid-19)financial incentives, and fears about Coronavirus to try and trick people into using the websites or clicking on links. Users that visit these malicious domains instead of the official Government websites risk having their personal information stolen and exposed, or payment theft and fraud.
SECURITY // REPORT
Coronavirus related cyber-attacks Ninety-four percent of coronavirus-related attacks during the past 2 weeks were phishing attacks, while 3% were mobile attacks (either via dedicated mobile malware or via malicious activity carried out on a mobile device). Check Point defines coronavirus-related attacks as those that involve
• websites with “corona”/”covid” in its domain • files with “Corona” related file names • files that have been distributed with coronavirus-related subjects in their email Check Point has also seen a huge increase in the number of attacks, to an average of 14,000 a day, which is six times the average number of daily attacks when compared to the previous two
weeks. And over the past week from 7th April, the average number of daily attacks increased sharply to 20,000. The graph represents all coronavirus-related attacks that have been detected by Check Point’s different Threat Prevention technologies across networks, endpoints and mobile devices.
BY SANJAY@ACCENTINFOMEDIA.COM
Coronavirus-related malicious domains As Check Point previously reported, since mid-February there has been an escalation in the number of coronavirus-related domains being registered. In the past two weeks (since our last update on April 2), almost 17,000 new coronavirus-related domains had been registered (16,989 to be exact). 2% of those domains were found to be malicious, and another 21% suspicious. In all, there have been 68,000 coronavirus-related domains registered since the beginning of the outbreak in January 2020.
Staying protected against phishing attacks Phishing is the starting point for the majority of cyber-attacks. To stay safe, remember these golden rules: 1. Beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders. 2. Be cautious with files received via email from unknown senders, especially if they prompt for a certain action you would not usually do. 3. Ensure you are ordering goods from an authen-
tic source. One way to do this is NOT to click on promotional links in emails, and instead, Google your desired retailer and click the link from the Google results page. 4. Beware of “special” offers. “An exclusive cure for coronavirus for $150” is usually not a reliable or trustworthy purchase opportunity. At this point of time there is no cure for the coronavirus and even if there was, it definitely would not be offered to you via an email. 5. Make sure you do not reuse passwords between
different applications and accounts. Also, organizations should prevent zero-day attacks with end to end cyber architecture, to block deceptive phishing sites and provide alerts on password reuse in real time. Check Point Infinity is effective because it combines two key ingredients: full convergence across all attack surfaces and all attack vectors, and advanced prevention that can tackle the most sophisticated zero-day phishing and account takeover attacks.
APRIL 2020 ENTERPRISE IT WORLD
19
COVER STORY // BUSINESS MULTI CLOUD CONTINUITY MODEL
HOW COVID19 LED A REMOTE WORKING REVOLUTION As those of us privileged, today sit in the safety and comfort of our homes, we are not just keeping the those around us safe, but are also participating in a remote working revolution. Where most companies in India have previously shunned remote working citing reasons like low productivity, the same companies are today forced to work from home to survive. As the technology leaders enable this transition, Indian companies are exploring uncharted territories and if one might say, making much process. BY POOJA JAIN POOJA@ACCENTINFOMEDIA.COM
20 ENTERPRISE IT WORLD APRIL FEBRUARY 2020 2020
BUSINESS CONTINUITY // COVER STORY
T
hese are unprecedented times indeed. A challenge, a test, a struggle for survival. Both, for the individual and for the community. We have upon us the task to ensure that we don’t just get through it with minimum damage possible, but also that we have something to go back to when this is all over. It is this struggle to survive that is desperately trying to keep the show running. As businesses try to brave the crisis of the Covid 19 pandemic, we have to take a step back to understand what the situation was like in the pre-Covid 19 period, to make sense of how it is now during the national lockdown. Explaining the context of the scenario prior to the lockdown, Sriram, Chief Strategy Officer, iValue InfoSolutions, says, “ITeS companies due to the nature of their business with the customer and delivery team across different continents have working from anywhere baked into business models for
a long time now. Initially, it was predominantly from the various office locations across the world which later got extended to any place, and any device securely with scale. Government and financial institutions evolved to move their citizens and customers to online model over time for enhancing efficiency, transparency, flexibility along with reduction of cost of serving them. Online marketplace companies accentuated the consumption of these services through mobile and web with a larger set of citizens over time. Digital transformation drives by corporates in the last few years also ensured most organizations adopted web/mobile delivery of key applications with DR and BCP plans.” These trends more or less set the backdrop that to a large extent prepared the Indian organizations to work from home in specific cases. But a remote working necessity at this scale is unprecedented and irrespective of how prepared these organiza-
tions were, moving to full time remote working model hasn’t been an easy transition. The COVID-19 outbreak poses unprecedented challenges to businesses, governments, and societies around the world. Companies are reacting in different ways to ensure business continuity. This new ‘Digital Normal’ that has been so suddenly thrust upon us is testing the boundaries of business relationships as financial considerations stretch cooperation to its breaking point. “In India, as per Gartner report 54% of the organizations are not equipped to facilitate their employees WFH. Out of 46% who have so called preparedness; most of them are struggling with poor infrastructure (Dated Technology, Poor Network, Security concerns). Very rare portion of organizations have proper BCP in place (& implemented flawlessly) who can seamlessly WFH. So we India as a rapidly growing nation & emerging technology driven country has lot of catching up
APRIL 2020 ENTERPRISE IT WORLD
21
COVER STORY // BUSINESS CONTINUITY
RAVINDRA KELKAR AREA VICE PRESIDENT, SALES AND SERVICES, INDIAN SUBCONTINENT, CITRIX
“A secure digital workspace can grant seamless access to business apps and data on any device, over any network, AMIT JAOKAR CDO & CISO, NKGSB BANK
“Human Resource is always a topmost priority worldwide in any Business Continuity Plan. Human &
Technology is the combination that works in tandem in any business for day to day operations. In such dreadful situation where Human life is at stake almost every organization across globe has opted to safeguard their Human Resources & have immediately instructed them to Work from Home (WFH).”
to do with respect to Business Continuity Plan, its adoption, & executing it in terms of drills / even essentially in LIVE Scenarios,” explains Amit Jaokar, CDO & CISO, NKGSB Bank. Another issue that demands attention in a discussion on Remote Working is the perpetual debate between off and on-premise models. Through the years as technology has evolved, each model adds a number of pros and cons to its bag, as a result the needle seems to be constantly moving back and forth, never settling. The dilemma of remote working is much the same. While Cloud is coming on as extremely useful for enabling remote work, one cannot forget that just before the pandemic set in, the industry was debating the advantages of moving back to on-premise. Commenting on this Debprotim Roy, Founder & CEO, Canvs says, “In today’s day and age having on-prem tech infrastructure has reasons which have a lot to do with security and regulatory oversight than tech implications. For companies that literally need servers close by like HFT companies, it’s a different case altogether. Otherwise,
22 ENTERPRISE IT WORLD APRIL 2020
for firms that have been on-prem, adapting right now to remote work and hence to the deluge of remote connections is becoming a herculean task. Establishing remote security is tough and challenging. Often, a step in establishing remote security is moving to established cloud-based solutions. For companies that still have concerns around public cloud, there is always the option of private clouds.” “Companies with a multi-cloud model do find it slightly easier but there isn’t much of a difference because, more than cloud, it’s about operations. So, companies with physical operations are more impacted by the lock-down if compared with fully online businesses. For a purely digital company, the on-prem model vs cloud both is almost the same, because for IT services city authorities provide passes and there are other provisions as well. Many on-prem models can be controlled via software, only upgrades won’t be possible but business as usual can be managed, but yes, cloud models have an edge as it removes the hassle of frequently updating systems and is better in terms
hosted on-premises or in a public cloud, thereby providing users with the experience they need. Business continuity has now become the core of digital strategizing for most organizations not just in India but globally too.”
of flexibility, reliability, and security,” says Lalit Keshre, Co-founder and CEO, Groww. At a time when most of us are experiencing perhaps, the worst economical, social, medical, professional, psychological, and in a lot of other senses, disturbing and challenging times, it becomes extremely crucial to stand by each other and support each other in whatever way we can, while ensuring that we ourselves stay afloat. In times like these, supporting your business, partners, and employees acquires new meanings. It is a testimonial to this spirit, that companies are coming forward, together. “Being a software and cloud solution organization, we at Crayon are extending all help possible to our business networks. We are making representations to the largest software publishers to relook the terms of our contracts with them and help businesses by financial concessions during prolonged lockdown. We are making entire gamut of our services around software and cloud available to our customers at attractive techno commercial value propositions. As the workforces are being disrupted, we are helping organizations quickly adopt new working models, by connecting employees and providing special access to solutions that maintain productivity and ensure business continuity. We have created an environment in the cloud where customers can host their desktops and continue working as usual. We have stepped up our capacity to address
BUSINESS CONTINUITY // COVER STORY
ing and governance mechanisms for remote working and ensure that systems and processes are more fine-tuned, thereby creating the right working culture.”
AFTAB ULLAH CHIEF OPERATING & DELIVERY OFFICER, BRILLIO
“While in the short-term, remaining focused, calm and human-centric should guide most organizations through the new normal, in the long-term,
the lessons learned from this temporary crisis may present an opportunity for organizations to create a more resilient workforce, with a focus on employee health and well-being enabled through a new perspective on the digital workplace.”
customers’ need to reduce costs by optimizing their infrastructure on premise or on the cloud and come up with better investment planning. On the account of this service our customers are seeing a dramatic shift in their cost,” shares Vikas Bhonsle, CEO, Crayon Software Experts India Private Limited. For organizations that have followed a remote working culture prior to it being mandated by circumstances, the struggle is slightly different. They have protocols and systems in place to ensure seamless operations. The catch is that, though in terms of their internal operations, the lockdown has hardly made any difference it has significantly impacted their relationship with their clients. Being self sufficient in terms of enabling business continuity, they are taking on the mantle of assisting their clients through the transition. Debprotim Roy, Founder & CEO, Canvs shares, “Since we’ve had worked on quite a few fully remote projects till now, thankfully the protocols are in place. Our product managers who talk to clients have now improvised their external documentation infrastructure to keep a track of ongoing progress, meeting notes, calls, ideas,
references and of course, timelines. This has helped clients to be aware of the various statuses of the projects running parallelly without having to even jump on a Zoom call or for that matter send an email. Having such platforms where statuses and messages are synchronously updated helps keeping everyone on the same page and reduces the time lost trying to stay in sync by making calls.” Speaking in favour of the Remote Working Revolution and how it has the potential to re-structure the very fabric of the organizations, Shibu Paul, Vice President - International Sales at Array Networks, says “WFH is likely to be the new normal. Corporates will become more open to remote working and will adapt technologyenabled solutions for seamless working in the post-pandemic era. Employees are bound to leverage tele presence and video conferencing to stay in touch. Remote working will no doubt bring down attrition rates and increase digital productivity. VPN servers will become paramount to a company’s backbone, and their security as the workforce shifts to working from home. Organizations will work on firm monitor-
Challenges Different age groups react differently to remote working. It has a lot to do with how tech savvy the person in question is. While some professionals of the age group above 40 might be extremely handy in their use of technology, other young employees from modest backgrounds who have just entered the job market might be less so. Apart from these exceptions, it is generally observed that people in the age group bellow 40 will have no (or lesser) issues in adopting WFH whereas above 45 will have challenges to get accustomed to it & they will need an assistance every now and then. So, it will fall upon the IT Team to not just enable WFH but also educate those employees who are not well-versed in remote working. Moreover, induction, learning and development training for new joiners becomes difficult as well, since monitoring progress is complicated in the current scenario. Commenting on the unravelling of the security fabric during the pandemic, Amit Jaokar, CDO & CISO, NKGSB Bank says, “Hackers have already started taking advantage of this situation & already many phishing emails have been floated in the name of ‘COVID 19 remedies’, ‘Safeguard against Coronavirus’ thta have resulted in compromising thousands of systems across the globe. As many resources will work from home, that means they will be out of your network & security boundaries; hackers will have their eyes on this & they will try to take advantage of such circumstances. Cyber security teams across the globe have a tough ask. All their preparation will be on stake, Email Security, DLP, SOC, Alter monitoring, IAM, Access control, MDM, Awareness, etc. They will have to be doubly vigilant & extra careful during this period.” The industry is particularly apprehensive about all the additional security threats that companies are now facing due to the remote working scenario. Prashanth G J, CEO, TechnoBind says, “As the innovations are adding to the technology, hackers are getting even more advanced. With each user or a device accessing a network remotely it presents a potential entry point for hackers, it is important to ensure that all user access and devices are protected to the highest possible level to avoid damaging fallout from a cyber breach. In this pandemic situation to ensure the business continuity organizations must need to protect themselves with a holistic, end-to-end security architecture.” He further shares some tips that can help compa-
APRIL 2020 ENTERPRISE IT WORLD 23
COVER STORY // BUSINESS CONTINUITY
SOUSTHAV CHAKRABARTY CEO, AND DIRECTOR, CAPITAL QUOTIENT
For effective collaboration between team members, video meetings need to be conducted, data sharing is needed, a common dashboard of metrics needs to be
AKHIL GUPTA CO-FOUNDER & CTO, NOBROKER.COM
“We are using Slack heavily for tech teams for easy coordination and team calls. Every morning and evening we have team huddles at a fixed time so everyone is updated
on the progress of work. The weekly meeting between various teams have also switched to Slack. We have a lot of call centre employees for whom we have enhanced our integrated contact center solution to enable calls on employee phone instead of computer. Even the incoming customer calls are patched to the personal mobile phones of the calling executives. Each one of our employees can work from home without any hassle, All they are required to have is a good internet connection.”
nies in educating employees on how to secure the company data from cybersecurity attacks. • Employees should be encouraged to log out from the corporate network at the end of every day. • Employees should use complex passwords and should change these passwords frequently • One should change their default settings and passwords to reduce the potential impact on their work of an attack via other connected devices. • Use and regularly update antivirus and antispyware software on every computer used in your business • Employees working remotely should be required
24 ENTERPRISE IT WORLD APRIL 2020
to use multifactor authentication (MFA) to access networks and critical applications • A VPN can be used especially when accessing the internal network to encrypt corporate traffic when using home or public internet • Virtual desktop interface solutions is also a good solution • To avoid risk, one should turn off any filesharing on the work system and ensure home router or Wi-Fi access point has WPA2 security enabled while accessing or working on important documents Finally...
in place and there needs to be a system where one can know what others are working on. This isn’t a simple process. We have been using Slack primarily. It easily integrates with all other enterprise tools that are built for teamwork and productivity (Eg: Gmail, Calendar, Zoom, Asana, etc). Other than that, we stay connected on Whatsapp and Zoom for quick chats and video meetings. We are constantly trying to find the right mix of technology and culture to ensure a collaborative work environment.”
The role and responsibility of a technology leader today is more critical than it has ever been before. The ongoing COVID-19 pandemic has suddenly turned the spotlight on to the CIOs, CTOs, CISOs and the likes, as they now occupy the centre stage facing perhaps what will be the greatest tests in their corporate career. They are now tasked to becoming enablers of business operations in a time of crisis and the caretakers of employee experience. Now more than ever, CIOs have to largely focus on ensuring how employees can be as engaged as possible when working in a remote scenario. They need to ensure that employees have data access,
BUSINESS CONTINUITY // COVER STORY
PRASHANTH G J CEO, TECHNOBIND
“We are in the business of providing cloud computing which we believe is the key to practical business advantages including quick turnaround time and reduced cost. In times
SATISH KUMAR V CEO AT EVERESTIMS TECHNOLOGIES
“The channel community depends upon interaction, information sharing, discussion, demos and a host of interactive elements that form their arsenal. However this has
been halted completely due to the nature of the current pandemic. Realizing their need, IT Companies have rapidly pivoted and focused efforts towards digital solutions that promote business continuity through online/virtual touchpoints and experiences. These span web-sessions, VPN, video conferencing, etc., as the basic lattice. Many have quickly packaged their software into downloadable, trial or subscription versions. This makes it easy for Channels to fulfill a customer request online rather wait for a person or demo to be sent (after the curfew) is over. Many have also nimbly switched to Cloud based subscriptions making it easier for customers to get on-board without having to wait. On the hardware front many companies have quickly offered certain business essentials on rental. Items like laptops, routers, printers and other essential are easily available on rent, thus ensuring that the workforce is fully equipped to work from distant locations.”
productivity technologies and the right collaboration to enable a baseline remote work experience, suggests Ravindra Kelkar, Area Vice President, Sales and Services, Indian Subcontinent, Citrix. Having a business continuity plan in place is
essential to any organization’s success, as this is what comprises the difference between sinking or sailing for them in the face of a crisis. Now that the only way to continue working is to work from home, one certainly hopes that by the
like the current pandemic, these solutions are acting as a savior in terms of continuity of work. We, our customers and their customers, all conveniently continue doing their work from remote locations, without hampering the productivity much. Our team has instituted the knowledge and skills to meet market disruption challenges across Data Storage, Data Backup & Recovery or Cyber Protection, with which they are supporting our customers well.”
time things get back to normal, working remotely will have shed some of the baggage it has gathered over the years. The shift in the digital normal would be towards a hybrid, convenient, evolved and an emotionally productive work atmosphere.
APRIL 2020 ENTERPRISE IT WORLD 25
GUEST COLUMN // REMOTE WORKING
EOIN CARROLL PRINCIPAL ENGINEER, SR. SECURITY RESEARCHER, ADVANCED THREAT RESEARCH, MCAFEE
Strong technical controls are a must to protect telecommuters in
BY SANJAY@ACCENTINFOMEDIA.COM
the current climate and there is also no substitute for employee phishing and social engineering training as a successful phish can negate technical controls.
While not a new practice, the sheer volume of people required to adhere to social distancing best practices means we now have a mass workforce working remotely. Most enterprises and SMBs can support working remotely today but many IT departments are not equipped to scale to the numbers currently required. In this blog we discuss the threats to enterprises and SMBs through this increased remote workforce and how to mitigate the risk. Cybercriminals seek opportunities to achieve their goals and will follow the path of least resistance. The initial access vectors enumerated in MITRE ATT&CK typically used by cyber criminals are phishing or exploitation of vulnerabilities to gain access to an organization, and are used to act on their malicious objectives. Now that employees have migrated to their homes to work remotely, cybercriminals will target the insecurities of consumer systems and networks to gain access to corporations. Targeted ransomware attacks are fueling the increased demand in the underground for compromised corporate networks. If employees access corporate networks from pre-infected unmanaged machines without adequate security measures, it creates a much larger attack surface for cybercriminals. This increases the risk of an organization falling victim to a potential breach and ransomware lockdown. COVID-19 social distancing restrictions came
26 ENTERPRISE IT WORLD APRIL 2020
TRANSITIONING TO A MASS REMOTE WORKFORCE – WE MUST VERIFY BEFORE TRUSTING COVID-19 social distancing restrictions came into effect very rapidly, giving organizations little time to prepare for securely managing their workforce remotely, writes Eoin Carroll. into effect very rapidly, giving organizations little time to prepare for securely managing their workforce remotely. It is important that organizations continue to do business during this tough time, but they must also do it securely to prevent an attack such as ransomware. To protect organizations in this current climate we must approach this from two perspectives: 1. Know your environment and users 2. Know your business and real threats To understand the threats of telecommuting at scale, we must understand the technologies typi-
cally used by remote workers to execute their work and access the organization. Know Your Environment and Users Per figure 1 below, it is important to understand the architecture and technologies being used by your employees within your business environment. This gives you visibility into your potential exposure based on vulnerabilities being actively exploited by threat actors so that you can protect your remote workers and business infrastructure/ assets.
REMOTE WORKING // GUEST COLUMN
Trust boundaries, common technologies and use cases in telecommuter deployments Know Your Business and Real Threats Adversary Opportunities Adversaries need an initial access vector to gain a foothold within an organization. They will typically seek out corporate usernames and passwords using techniques enumerated in MITRE ATT&CK, such as phishing or remote exploitation of software vulnerabilities. The telecommuter technology increases the attack surface significantly and is being exploited/researched as evident below: • In 2019, vulnerabilities in Palo Alto Networks, Fortinet, Pulse Secure, and Citrix VPN servers were targeted • Proof-of-concept exploits have been developed for Citrix NetScaler/Application Delivery Controller (ADC), Cisco VPN routers and the Zoho ManageEngine Desktop Central • Fox-IT discovered bypassing of a VPN twofactor authentication • Proof-of-Concept exploits have been developed for vulnerabilities in Telecommuter Applications such as Zoom, Confluence and Slack • There have been vulnerabilities recently dis-
closed in Android and iOS free VPNs • RDP vulnerabilities have been disclosed over the last year such as Dejablue, Bluegate and a proof-of-concept exploit in the case of Bluekeep (wormable) Controls Minimum technical controls for remote worker machines: • Secure configuration and strong passwords to prevent router compromise • Keep all software layers patched, VPNs and telecommuter applications • Do not reuse passwords across personal and work systems • Robust endpoint security software Minimum technical controls for enterprise/SMBs: • Security hygiene best practices • MFA/2FA and logging for VPN accounts • VPN patching • Secure RDP access • Segmentation of critical business assets • Data backups • User and device identity for employees and 3rd parties/suppliers
Policies: • Data loss prevention • Strong passwords • SaaS security • Managed vs unmanaged device access Training: • Phishing and social engineering training based on the current climate context – “verify before trusting” • Keep employees informed of phishing campaigns relative to your environment and business Conclusion Strong technical controls are a must to protect telecommuters in the current climate and there is also no substitute for employee phishing and social engineering training as a successful phish can negate technical controls. Even MFA/2FA can be bypassed in some cases, using advanced phishing techniques, so we must all stay vigilant, starting with ourselves to protect our organizations by adopting a “verify before trusting” approach.
APRIL 2020 ENTERPRISE IT WORLD 27
GUEST COLUMN // INSURANCE SECTOR
CHALLENGES, SUCCESS AND LEARNINGS FROM THE ONGOING COVID-19 Mohit Rochlani, Director – Operations and IT, IndiaFirst Life Insurance Company Limited writes about how insurers are also tackling this situation with respect to specific challenges faced by their customers, employees, suppliers and partners.
BY SANJAY@ACCENTINFOMEDIA.COM
MOHIT ROCHLANI,
Director – Operations and IT, IndiaFirst Life Insurance Company Limited. “The growth and profitability of insurers may be under stress for short term, but the immediate need is to address employee safety, business continuity and enterprise wide risk management concerns.”
Though the impact may not be visible to the extent today, it is definitely there, and I believe nobody will remain untouched. Insurers are also tackling this situation with respect to specific challenges
28 ENTERPRISE IT WORLD APRIL 2020
faced by their customers, employees, suppliers and partners. The growth and profitability of insurers may be under stress for short term, but the immediate need is to address employee safety, business continuity and enterprise wide risk management concerns. Adapting to the new normal is the key. However, there is still hope that the situation will be back to normal sooner than later. All the factors may not be under control but still organisation need to function to its best possible capacity. We at IndiaFirst Life invoked partial BCP in mid-March & then extended it to full BCP during last 10 days of March, which still continues. We had our own set of challenges. Nevertheless, we managed to mitigate most, if not all, with minimal impact on services. We enhanced our WFH solution capacity to four times by additional deployment of required system resources and enhanced the capacity thresholds to maximum. We also invested in a good number of rental enduser devices to extend the WFH solution to maximum number of employees. We did specific changes to access thick clientbased applications remotely without compromising on any information security policy. We managed to keep our call centre operational through specific routing and access. All our internal meetings moved to virtual collaboration solutions which were already available with us. The usage of these tools has been extensive during lockdown period. The sales related applications & enablement tools are already web based and we haven’t faced
issues in relation to access, availability or functionality. However, for customers our focus moved to self-service options, which were tuned to handle additional transactional traffic. We ensured that any and every information required by our customers or distribution channels are available virtually. The last mile connectivity has been a challenge, which has impacted the speed of operations. This challenge is global across all industry and geography. The dependency is on telecom and broadband providers also as their network is under tremendous stress due to the unprecedented situation. Now, the organisations including Insurers will have to make a long-term approach or plan to tackle the impact of Covid-19 on overall economy. It has to be at all levels across processes. The workforce must adapt to virtual platforms and make it part of life. We have to ensure employee engagement through various virtual solutions. This situation also provides an opportunity to look at product innovations specially on protection products. Apart from distribution network, the customer behaviour may also change as the interactions over virtual platforms will increase. New ways of engaging customers will be in demand. Further all the processes & technology must think contactless transactions as well as servicing needs. Above all, the risk management will be in demand and data security measures will increase leading to higher spends on data security. This is “New Normal”, however the definition of “Normal” is still evolving!
CTRLS // INDUSTRY BYTE
C
BY SANJAY@ACCENTINFOMEDIA.COM
CTRLS BUILDS INDIA’S 1ST SOLAR POWERED HYPERSCALE RATED 4 DATA CENTER IN RECORD 120 DAYS
trlS – Asia’s largest Rated-4 Data Center and Managed Services player has completed the construction of its second Hyperscale rated 4 data center in Navi Mumbai recently. The data center with an installed capacity of 24 MW houses 1,800 racks spread across 132,000 square feet with eight zone security. This facility is pegged to be India’s 1st solar powered rated 4 data center. The G+12 Floor Hyperscale data center, which is supposedly Navi Mumbai’s tallest IT facility was constructed in a record time of 120 days. The company is known in the industry for delivery projects at speed. Sridhar Pinnapureddy, Founder and CEO, CtrlS Datacenters, said, “Speed of execution with agility has helped our customers with speed-to-market and seize new opportunities quickly. We have helped banks, insurance and ecommerce companies to migrate their entire onpremise infrastructure to our data center facility in less than 72 hours”. He further added, “At CtrlS, speed is our differentiator, be it speed of deployment or speed of resolution. We delivered the Navi Mumbai facility in about 120 days, this is certainly an industry record”. He concluded by saying” We achieve speed of execution with agile project planning aided by our CORE Infinity operational excellence model thus delivering customer value.” The façade of the data center is covered by solar panels instead of glass on the exterior and thus generating 1 MW of power. CtrlS believes that this is a major step in its journey towards achieving carbon neutrality. The company is also planning solar farms to address its power needs in the future. Speaking on the company’s expansion plans, B.S.Rao, Vice President, CtrlS Datacenters said, “We are adding 5 million square feet of hyperscale data center space in the country comprising of 2 million square feet data center parks each in Navi Mumbai and Hyderabad and a 1 million square feet in Chennai. We are now emerging as World’s largest Rated 4 Hyperscale Data Center provider”. He continued saying, “We are enhancing our capacity to address the potential demand from the anticipated India’s personal data protection (PDP) bill, social media and cloud adoption, rapid deployment of IoT, among others”. CtrlS has emerged as a choice of World’s leading businesses. The company reportedly serves 60 of the Fortune 500 Global MNCs and 108 of the ET 500 companies in India including major cloud, ecommerce, telecom players, banks, insurance, manufacturing, retail, IT/ITeS and services companies. APRIL 2020 ENTERPRISE IT WORLD 29
INTERVIEW // SECURITY
BY SANJAY@ACCENTINFOMEDIA.COM
How will the Corona Virus pandemic and the rushed remote working model, change the face of security? The current situation is ushering in a new world of remote working models which were so far being used partially but are now becoming the new norm. This norm will lead to information security solutions being deployed not just within the corporate boundaries but also individual homes, thereby extending the boundaries of the organization. Phishing remains one of the most common and effective means for an attacker to gain initial access to their victims’ environments. Businesses need to stay ahead of cyber criminals to ensure they remain protected. The need to keep data secure is more urgent than ever. With such an imposing array of threats from both inside and outside, IT leaders might be led to deploy a patchwork of different security solutions to address each threat. A “zero-trust” approach must be applied to all endpoint devices. Although mobility is an important productivity enabler, mobile devices are susceptible to misuse if not protected with strong authentication, validation and role based access to apps and data. In the current pandemic led remote working models this is of critical importance as a mere VPN cannot ensure enterprise security if the home network and device are unprotected. The home device / network can prove to be a gateway to the enterprise for cyber criminals. A highly recommended approach is to implement unified endpoint management, which can help ensure access to all resources from a broad variety of end-user and IoT devices across global networks. Only by deploying a full array of security technologies designed to work together in an integrated framework, can an organization embark on the journey of digital business with confidence. What are the new modes of attacks that hackers are shifting to amid the pandemic? According to a report released by Carbon Black, more than 50% of recent cyber-attacks happened due to Island Hopping. Island hopping is a term used to describe the process of undermining a company’s cyber defenses by going after its vulnerable partner network, rather than launching a direct attack. Infiltrating the smaller and often less secure partner firms allows attackers to gain a foothold in a connected network, and then exploit the relationship between the two companies to gain access to the bigger target’s valuable data. At present, there are three main forms that 30 ENTERPRISE IT WORLD APRIL 2020
P R A J I T
N A I R
Director Sales- End User Computing, VMware India
The current situation is ushering in a new world of remote working models which.
were so far being used partially but are now becoming the new norm. This norm will lead to information security solutions being deployed not just within the corporate boundaries but also individual homes, thereby extending the boundaries of the organization.
island hopping takes, although new forms may manifestthemselves in the future: Network-based island hopping is the most well-known variant, where an attacker leverages a victim’s network to hop’ onto an affiliate network. Attacks on MSPs are an example of this, where cyber criminals have been exploiting weak account credentials to access systems installed by MSPs to launch ransomware attacks. Websites converted into watering holes is another growing island hopping method. Hackers insert malware into a smaller company website often frequented by a large organisation for e.g
the favourite food ordering/supplying partners website or a partner organization website which the large organization employees access. This malware then infects individuals of large organization coming to use that site. Attackers are then able to use that information to get access to the target large organisation. Reverse Business Email Compromise is a new trend, which has been seen in the financial sector. Hackers take over the email server of the victim company and uses email to send malware attacks to a target company from the trusted recipient. Organizations are vulnerable to island hopping
SECURITY // INTERVIEW
TECHNOLOGY EVOLUTION HAS LED TO INCREASINGLY SOPHISTICATED SECURITY THREATS: VMWARE As hackers leverage advanced technology to circumvent traditional firewalls, organizations need to up their security ante to keep their data secure, writes Prajit Nair, Director Sales- End User Computing, VMware India. because it only takes one weak link in the chain of companies they depend on to open up systems to an attack. What is your portfolio of products and solutions offered for a secure remote working model? Unplanned situations and travel restrictions make it nearly impossible to continue “business as usual.” To ensure that one can continue operations normally, organizations need to enable their employees to work remotely while maintaining the same level of productivity, connectivity, and provide for continuous, secure access to applications across endpoints. VMware is well equipped to enable remote workers with flexible device choice and deliver business-critical virtual desktops (VDI) and applications to any corporate-owned or BYO device. We can deliver cost effective solutions like Remote PC which enables corporates to connect their users home PCs/laptops to their corporate physical PCs securely. Companies can also deploy Workspace ONE to enable remote employees to connect throughtheir personal device and empower them with everything they need to be productive. Through the Workspace ONE Hub, employees get immediate access to an entire set of business applications, network share and folders with seamless SSO to
all cloud and data center apps, including Horizon virtual desktops and applications as needed based on job functions. With VMware’s Horizon 7 and Horizon Cloud, IT teams can quickly provision virtual desktops and applications across on-premises, hybrid and multi-cloud environments to enable remote workforce to securely access Windows resources from anywhere. We can enable our Horizon cloud in partnership with providers like Microsoft Azure, VMC (VMware cloud on AWS) and other cloud providers. Our field teams can guide our customers toscale physical or cloud capacity to meet their growing demands in current times. We also offer VeloCloud, which enables remote connectivity, bandwidth and priority. Customers can also accelerate their business application performance through VMware SD-WAN by VeloCloud for both branch and at home users, delivering simple, reliable, better secured, and optimized access to traditional and cloud applications. Another offering is Carbon Black- a cloud security EDR (Endpoint detection and Response) platformthat delivers the entire protective suite of harden, prevent, detect, and respond for endpoints and workloads spread across the globe. What role is AI playing in devising a cybersecurity model?
Solutions like Workspace One along with the Carbon Black integration playa major role in leveraging AI to deliver cutting edge security. VMware’s Workspace One Intelligence platform offers enterprises complete visibility into their digital workspace landscape and helps them gain deep insights that enable data-driven decisions. Companies can then detect and automatically remediate security vulnerabilities at scale with Carbon Black EDR by quickly identifying out-ofcompliance devices, leveraging CVE and threat intelligence, with the latest security patches while automating access control policies based on user behaviour. Another prominent security benefit is the collaborative efforts with third party security vendors through the Workspace ONE Trust Network. This network allows us tocombine insights from VMware Workspace ONE and the common vulnerabilities shared by our Trust partner network to deliver a comprehensive enterprise security approach to protect the users, apps, endpoints and networks. VMware’s Carbon Black offers threat intelligence that helps better protection to our customers and strengthens the cybersecurity by delivering research, solutions, and strategies that help minimize threat impact, decrease attacker dwell time, inhibit lateral movement, and suppress intrusions. Thisactually enables a complete cohesive solution for customers - Workspace OneIntelligence which has analytics built into it with recommendations from other security platform vendors through our Trust Network and finally remediation through our Carbon Black EDR solution. What are the CIO/CISO challenges that you are resolving? As concerns over the scale and impact of the current situation continues to grow, organisations need to carefully consider their actions to best strategizehow they can maintain business operations while ensuring their corporate infrastructure is secure and government advisories are met. The CIO/CISO have vital roles in making sure an organisation can function to its optimal best while pandemic containment measures are being implemented.One of the key challenges we address is delivering consumer simple and enterprise grade secure access to all apps and data on any device through our digital workspace solutions. We are helping CIO/CISOs to quickly scale up on demand with our solutions and offer various options like on-prem, cloud or hybrid models to meet their business objectives. BCP is top of the agenda for CIO/CISO right now and we offer comprehensive solutions to meet those demands.
APRIL 2020 ENTERPRISE IT WORLD
31
CISO TALK // SECURITY
HOW ARE CISOS ENSURING THAT COVID 19 DOES NOT AFFECT ASSETS? As the companies are forced to work from home during the nationwide lockdown, CISOs are taking on the mantle to ensure optimum security at a time when cyberattacks are at an all time high.
VISHANT PAI
HEAD – GRC AND CISO, YOTTA INFRASTRUCTURE SOLUTIONS
“Especially in my opinion, conducting such exercise to understand the user behaviour while all of our employees are working from home offers a unique test case. I would encourage all my
BY SANJAY@ACCENTINFOMEDIA.COM
CISO community to conduct such exercise since “people” are the most vulnerable in Cyberattack surfacet.”
D
ue to Covid 19 Lockdown, things have changed at the organizations’ level and all of a sudden, the CISOs have jumped into a new realm of ‘working from home’. Some were prepared and some were not. However, it has brought in a lot of security challenges and many companies have
32 ENTERPRISE IT WORLD APRIL 2020
been hacked and attacked. Specially, Cognizant Maze Ransomware attack is really bothering as despite a strong protocol of security and dedicated CISO and information security processionals under him, no one can realise their company is being watched and there is some opening for the attackers. So, every large company is today nervous. Although every C – level executive is of
opinion that his company is secure, yet security think tanks of companies are pondering upon how to keep their assets immune. Vishant Pai, Head – GRC and CISO at Yotta Infrastructure Solutions said, “We at Yotta Infrastructure LLP. recently concluded a Phishing simulation exercise.” Phishing simulation is one of the cheapest and effective solution to test the
SECURITY // CISO TALK
MOHIT KALRA
HEAD OF INFORMATION SECURITY, RATTAN INDIA GROUP
“Due to the greater visibility of CISO office, we are also coordinating with business teams, HR, Compliance and IT for a smooth operation, thus acting as
a strategic influencer in Board meetings on the basis of comprehensive Risk Assessment. Detailed BIA with all the stakeholders is helping now in these difficult times, for Business Continuity Management.”
waters during these troubled times. Mohit Kalra, Head of Information Security, Rattan India Group, said, “During Lockdown, we are ensuring secure availability of resources to authorized users, as well as educating them regarding data privacy, latest ransomware and social engineering attacks through online sessions and Infographics emailers and testing their effectiveness frequently.” As the lockdown tenure is extending, it further needs fine tuning of the strategy. Pai said, “The first lock down went to ensure availability. Since our collaboration suite was on cloud, it was easy for us to immediately adopt to work from home. In fact, we successfully conducted virtual onboarding of resources who were offered before lockdown. The second lockdown is more of business as usual.” Pankaj Nagpal, CISO at Romsons Group of Industries, says, “An unplanned and rapid shift to remote working was inadvertently forced companies to relax cybersecurity controls. CIOs and CISOs must work quickly to counter the risks before the criminals capitalize on them.” As per him the following seven steps are priority for any organization to stay safe from the attacks: • Ensure all internet facing services are protected with MFA (SMS-based MFA is better than no MFA)
PANKAJ NAGPAL
CISO, ROMSONS GROUP OF INDUSTRIES
“Criminals are already taking advantage of COVID-19 in their cyberattacks
and remote access and phishing are the two areas most likely to result in a Cybersecurity incident.”
• Patch remote access services – particularly VPN and terminal service gateways. • Monitor phishing reports and get your operations team or MTR service to hunt for associated IOCs. • Check remote clients are still receiving their endpoint security updates. • Ensure your OS, browser, email client and
software commonly used to open attachments is set to update automatically. • Disable browser plugins such as Java, Flash and Acrobat. • Use identity federation to ensure all cloud services are accessed with corporate credentials. So, so far so good!
APRIL 2020 ENTERPRISE IT WORLD 33
EDITOR’S TAKE
INDUSTRY 4.0 AND INDIA B Y S A N JAY M O H A PAT R A S A N JAY @ AC C E N T I N FO M E D I A . C O M
Covid 19 has brought in a lot of learning to the global community of manufacturers. 1. Never put all the eggs in one basket. Meaning: it is too dangerous to have the entire manufacturing in a single geopolitical boundary. 2. Industry 4.0 needs to be pushed strongly. 3. Cheaper place does not mean cheaper yield by the time it reaches to the consumers. There is a consistent endeavor from the large 3rd party manufacturing countries including US, Japan and EU over the past one month. These countries are incentivizing their manufacturers to relocate the manufacturing base out of the China – the manufacturing hot spot for the last decade. These countries are also earmarking billions of dollars of budget to assist them in the relocation. Although this thought was coming to the people for a long time but due to heavily tilted advantage of labor regulation, better skill and better infrastructure, China was always remained a favorite. But over the period Chinese labor cost has been higher compared to other countries – specially India. Secondly, China has better and bigger skilled labor force than any other country. Third: being a communist country, labor management is much better in China. However, this pandemic – Covid 19 have taught the entire manufacturing bosses around the world a big lesson. That despite the advantages, their investment is at risk. There is no taker for their products now. They are incurring huge loss as the 34 ENTERPRISE IT WORLD APRIL 2020
days pass by. On the other hand, Covid 19 has turned the tide in favor of India as it has become a favorite spot for the manufacturing alternative, although there are many other countries that people are counting. But the advantage of India is that it has a decent English-speaking skilled labor force. Its strong software & services background is a bonus. India has a large labor force. Last but not the least India is a democratic country, where press and media is free to criticize the bad acts of the government. So there a strong opportunity for India is to adopt mass scale Industry 4.0. technology and attract the manufacturers. It is not that easy as it sounds. But the advantage and opportunity is that its labor force has migrated to their own states, which means the chances of getting back to the cities will take some time and no one know if they would get back or not. The hardship they have gone through for last one month will remain as an indelible mark in their psyche. These labor force had disowned their traditional agriculture- based activities of the rural India and adopted urban industrial opportunity but this scar in their memory will certainly not permit them to disown their own places anymore. If there would be any migration, it would be of skilled forces. This makes the chances of Industry 4.0 in India much stronger. The cyber-physical systems, or the Internet of Things (IOT) combined with Operation Technology (OT) in the existing manufactur-
ing and future manufacturing facilities can make Industry 4.0 possible and the smart factory a reality. The floor can be managed by a combination of robotics or automation and skilled labor force. The entire process to manufacturing to even last mile interface – until the consumer would be data driven including the demand generation. What we need to look at is a robust cyber security perimeter around the system so that it becomes extremely difficult for the hackers to penetrate. We already are about to implement 5G network, which solves the bandwidth issues. As the global situation evolving, many of India’s skilled IT manpower are waiting to come back from global destinations, who can be asserts for the mass manufacturing vision. Otherwise also, India would attract highly skilled IT workforce living in various diasporas with its changed avatar. Apart from this broadline technical assessments, there is an immediate and fast track requirement of government impetus. The government should immediately start looking at long term manufacturing goals. It can work around better land and electricity pricing and tariffs. Also look at tax holidays for the foreign and domestic manufacturing. It should start incentivizing domestic investment also. Government should start working with banks and other lending agencies to ease lending terms for the manufacturing purpose. The existing Indian industrial estates or corridors can be given a makeover. There are many industries which are sick due to lack of government support can come to the forefront. Mind it: manufacturing is the first line of organizations to absorb our millions of labor force. Finally… The prediction of various European and American organizations about India becoming a superpower in manufacturing is already there. People in various forums were talking about this but the situation was not so conducive as it needed trust to distrust some theories. Now the time has come that India rises to the occasion and adopts Industry 4.0 technologies and obliges the global community. The world needs India; so also its own citizens.
RNI NO: DEL ENG/ 2017/ 69906 Postal Reg. No.: DL-SW-01 / 4200 / 17-19
Date of Publication: 28 of Every Month Date of Posting: 1 & 2 of Every Month