@entitworld
@enterpriseitworld
@enterpriseitworld
R S 2 0 | PA G E S 4 0 | V O LU M E 0 4 | I S S U E 0 4
WWW.ENTERPRISEITWORLD.COM
FOR THE CIOs. BY THE CIOs. JUNE 2019
BLOCKCHAIN BEYOND BITCOIN Blockchain is perhaps one of the most unconventional new age Technologies out there. The sooner it is brought out of the shadow of Bitcoin and its potentialities explored, the faster the enterprises will benefit from the multiple applications of the distributed ledger technology. /20
MODI 2.0:
THE RETURN OF NARENDRA MODI ...p32
ECOMMERCE INDIA’S E-COMMERCE
MARKET
TO GROW MORE THAN FOUR FOLDS ...p26
EDITOR’S LETTER
INTERIM BUDGET TO PUSH DIGITAL INDIA For the Indian INCs the next five years are going very crucial. They are either going to
grow very fast or there would be frustration across the lines. It is not that there is no next-gen technology available in the country but it is the intent to implement it in right place. The intent of the governemnt to bring right policy around ease of doing business will matter a lot. Enterprises have absolute faith on the new government that it would create right path to migrate best of the technology into the country. Either there will be enough in terms of tax holidays for the global innovators or there will be enough to nurture domestic innovation. When we refer to policy, it is about creating information act like European GDPR in India to create dictate for the domestic enterprises to build or outsource requirements to the third party service providers within India. This is of course a pretty old discussion, which is popping up from time to time. Recently Reserve Bank of India created a ruling that all data related to payments including cross border data should be saved in India. Industry of course equivocally supports this terming it as progressive step. Similar to this, this government has to bring policies for each section. Now the first interim budget is going to be very crucial for the enterprises. It can be a real precursor of the government’s
COVER STORY
NEXT MONTH SPECIAL
ROBOTICS AND OPPORTUNITY OF GROWTH
The next issue is dedicated to robotics technology. India would see a lot of robotics implementatin in various sectors Therefore, we would like to take feedback from the CIOs and vendors and create our judgment on future robotics india.
intent and desire to support the Indian Incs. The industry pundits have great faith on this budget. The finance sector is of expectation that this government would bright more financially inclusiveness and empowerement. Similarly, the manufacturing sector would like to see this government create more manufacturing inclusive India. IT & ITES would like to see India being technology inclusive. Similarly, the education sector would like to see this government drives the country towards more education inclusiveness. So every sector would like to see India being progressive in their respective sectors. However, as a technology spokesperson, we would like to see India being technology inclusive country where digital transformation becomes the mantra of every organization. There should be next-gen technologies such as IoT, AI, ML, Robotics influencing the key sectors like Manufacturing, BFSI, healthcare, retail, etc. So, clearly this government with a vision of Digital India would like come upto the expectation of the enterprises. They would definitely present the budget as a precursor of reformation on digital innovation and policy creation that would push enterprises and SMEs to embrace technologies like IoT, AI, ML, Robotics, etc. As said earlier this budget’s thrust would lie in improving infrastructure that supports disruptive technologies and enable new and niche companies align with India’s ‘Digital India’. Finally, before I signup I would like to apprise everyone that we are starting our 4 City CISO events from July 19 in Bangalore and it would cover cities including Delhi, Mumba and Kolkata. Similarly, we would organise our flagship event CIO500 in the month of September in NCR. So watchout and be part of this.
S A N J AY M O H A PAT R A S A N J AY @ A C C E N T I N F O M E D I A . C O M
SUPPLEMENT
OIL & GAS MARKET GROWTH
The supplement story of the magazine would be on Oil & Gas industry, which is going through a lot of innovation.
PLUS
Interviews and Case Studies
Catch interviews, guest articles and case studies of recent applications from the Industry stakeholders, IT/ITES Vendors and IT leaders and CIOs from the Enterprise IT World CIO Community.
Send in your inputs to sanjay@accentinfomedia.com JUNE 2019 ENTERPRISE IT WORLD
3
CONTENTS V O L U M E 0 4 | I S S U E 0 4 | JUNE 2019 | W W W . E N T E R P R I S E I T W O R L D . C O M
FOR THE CIOs. BY THE CIOs.
Publisher: Sanjib Mohapatra Chief Editor: Sanjay Mohapatra Managing Editor: Anisha Nayar Dhawan Sub Editor: Pooja Jain / Sailza Kumari Designer: Ajay Arya Assistant Designer: Rahul Arya Web Designer: Vijay Bakshi, Sangeet Technical Writer: Manas Ranjan Lead Visualizer: DPR Choudhary MARKETING Marketing Manager: Nidhi Shail nidhi@accentinfomedia.com SALES CONTACTS Delhi 6/102, Kaushalya Park, Hauz Khas
COVER STORY
New Delhi-110016
20 BLOCKCHAIN BEYOND BITCOIN
Phone: 91-11-41055458 E-mail: info@accentinfomedia.com
Blockchain is perhaps one of the most unconventional new age Technologies out there. The sooner it is brought out of the shadow of Bitcoin and its potentialities explored, the faster the enterprises will benefit from the multiple applications of the distributed ledger technology.
MORE INSIDE
MODI 2.0: /33
“Return of Narendra Modi”
18 ORACLE
AKSHAY AGGARWAL
“The Evolution of Oracle with Cloud”
4
Editorial~ ~~~~~~~~~~~~~~~~~~~~~~~~~ 03 News~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 06
26 ESDS SOFTWARE SOLUTION
RANJIT METRANI
“India’s e-commerce market TO grow more than four folds”
ENTERPRISE IT WORLD JUNE 2019
EDITORIAL OFFICE Delhi: 6/103, (GF) Kaushalya Park, New Delhi-110016, Phone: 91-11-41657670 / 46151993 info@accentinfomedia.com
Printed, Published and Owned by Sanjib Mohapatra Place of Publication: 6/103, (GF) Kaushalya Park, Hauz Khas New Delhi-110016
Phone: 91-11-46151993 / 41055458
Printed at Karan Printers, F-29/2, 1st floor, Okhla Industrial Area, Phase-2, New Delhi 110020, India. All rights reserved. No part of this publication can be reproduced without the prior written permission from the publisher. Subscription: Rs.200 (12 issues) All payments favouring: Accent Info Media Pvt. Ltd.
30 30 36
28 SONICWALL DEBASISH MUKHERJEER
“SonicWall spearheading organizational Cyber Security”
BRITISH TELECOM
RADWARE
RACHNA TYAGI
NIKHIL TANEJA
“Un-chaining the Telecom with Blockchain”
“Native Data Breach: Anatomy of a Cloud”
ITWORLD
ROUND UP
Microsoft Hybrid Came Up With New Paths Cloud with Dell EMC B Y S A N J AY @ A C C E N T I N FO M E D I A . C O M
Microsoft recently hosted its annual Windows Server Summit. One of the major themes was “Innovations in Microsoft Hybrid Strategy: a deep dive into Microsoft’s hyper-converged technologies and how to add hybrid services from Azure.” Microsoft Azure Stack HCI is a hyper-converged Windows Server 2019 cluster that uses validated hardware to run virtualized workloads on premises, optionally connecting to Azure services for cloudbased backup, site recovery and more. Dell EMC’s Azure-dedicated portfolio today includes support for both Azure Stack and Azure Stack HCI. Azure Stack allows users to consistently build and run cloud
6
ENTERPRISE IT WORLD JUNE 2019
applications anywhere across the Azure ecosystem, using the Azure Portal with Azure IaaS and PaaS services. With Azure Stack HCI, a BYO on-prem private cloud solution, users can run virtualized workloads in a familiar and flexible way – but with the efficiency of Dell EMC hyper-converged infrastructure – and connect to Azure public for hybrid scenarios such as cloud backup and cloud-based monitoring. Dell EMC customers are using Azure Cloud Services to modernize core IT capabilities and to extend on premise data center capabilities with Azure cloud-based services.
D ATA BRIEFING
Indian e-pharma market to touch US$2.7 billion by 2023. Source: - EY
ITWORLD // NEWS BRIEF
Fortinet Delivers SD-Branch Solution to Extend Security to the WAN and Access Edge
Fortinet has announced its Secure SD-Branch solution, the industry’s most comprehensive branch offering to secure the WAN and access edge and enable security-driven networking for distributed enterprises. Fortinet’s Secure SD-Branch solution extends the Fortinet Security Fabric and the benefits of SD-WAN to network access, converging WAN and security into an integrated platform. This convergence increases security and visibility while reducing complexity, improving performance and agility, and lowering overall IT costs at the edges of the network. Fortinet’s Secure SD-Branch solution is
CIO
comprised of the FortiGate Next-Generation Firewall, FortiNAC Network Access Control and FortiSwitch and FortiAP Access Points. The solution secures two key areas like Network Edge protection and Device Edge protection. FortiGate’s next-generation firewall security is extended through the access layer with FortiSwitch and FortiAP. This offers consolidation through convergence of security and network access and is a unique architecture ideal for Secure SD-Branch deployments. FortiNAC network access controller provides automatic discovery, classification and security of IoT devices as they enter the network.
VMware Cloud delivers the hybrid cloud, unifies multi-cloud management and operations and forms the foundation for building modern apps At 2019 VMware Cloud Briefing, Vmware highlighted customers Bossa Studios, Rosendin Electric, Stagecoach, Trend Micro, and Zipwhip and how they are addressing their hybrid cloud, multi-cloud and modern apps strategies with VMware Cloud on AWS, CloudHealth by VMware, VMware Secure State, and Wavefront by VMware. These companies have seen massive adoption of cloud to power applications during the last decade. “Our customers are bringing together the worlds of hybrid and native public cloud into a single, comprehensive strategy,” said Kit Colbert, CTO of VMware Cloud, VMware. “Today, VMware has one of the most proven, most widely deployed portfolios and playing a leading role in driving the next generation of the cloud. We have the unique opportunity to accelerate customers’ cloud journeys by delivering the hybrid cloud, unifying the multi-cloud and building a foundation for modern apps.”
EVENTS
03 JULY 2019
11 JULY 2019
16 JULY 2019
19 JULY 2019
IOT AND AI SUMMIT
SDN & NFV SUMMIT
CYBER SECURITY & HYBRID IDENTITY MANAGEMENT SEMINAR
INDIAN IOT SYMPOSIUM
Bengaluru The summit provides networking opportunities in the telecom, infrastructure and pharmaceutical industry.
8
Global organizations extend Cloud Journey with VMware
ENTERPRISE IT WORLD JUNE 2019
Mumbai This summit is a platform to learn about new innovations which are improving the scalability, performance, and architecture of cloud solutions
Chennai The seminar will provide the attendees with the opportunity to learn how to manage, monitor & audit their Active Directory environment and secure their IT infrastructure from potential threats.
Chennai The conference will focus on the areas of control, communications, industrial robot, industrial cloud, smart sensors and actuators, informatics and security.
ITWORLD // NEWS BRIEF
Check Point Software brings in New Security Analytics Solution
S/HE SAID IT
KUNAL AMAN
HEAD- MARKETING, SAS INDIA
“As AI solutions mature and become more accessible, retail and e-Commerce players will find themselves embracing AI and ML algorithms not just as part of their overall tech strategy but also as part of their business strategy.”
Check Point has released CloudGuard Log. ic, a solution which delivers cloud-native threat protection and security intelligence. Using CloudGuard Log.ic, customers can now see every data flow and audit trail in today’s elastic cloud environments, and make sense of cloud data and activities to expedite forensic investigation processes. CloudGuard Log.ic effectively detects cloud anomalies, blocks threats and intrusions, and delivers context-rich visualization to enable thorough investigations into security incidents in public cloud infrastructures such as AWS. Log.ic joins Check Point’s CloudGuard family of cloud security products. An upcoming cloud security survey conducted for Check Point by CyberSecurity Insiders found that the biggest operational
QUICK BYTE ON
cloud security headaches IT organizations struggle with are compliance (34%) and lack of visibility into infrastructure security (33%). While a majority of organizations say their cloud instances have not been hacked (54%), an alarming 25% did not know whether they had been breached or not. Fifteen percent of organizations confirmed they had experienced at least one cloud security incident. At the heart of CloudGuard Log.ic is an enrichment engine that collates data from a variety of sources including VPC Flow Logs and AWS CloudTrail, to build contextual awareness of security in public cloud environments. CloudGuard Log.ic can also integrate with third-party SIEM solutions, such as Splunk and ArcSight.
“It has become impossible for security teams to understand — let alone manage — security effectively in today’s multi-cloud, hybrid environments.” GIDI COHEN FO U N D E R A N D C E O , S K Y B O X S E C U R I T Y
SECURITY
Nearly 60% of threats shared at least one domain indicating the majority of botnets leverage established infrastructure, reveals Fortinet Report. The latest quarterly Global Threat Landscape Report by Fortinet reveals that cybercriminals continue to evolve the sophistication of their attack methods, from tailored ransomware and custom coding for some attacks, to living-offthe-land (LoTL) or sharing infrastructure to maximize their opportunities.
10 ENTERPRISE IT WORLD JUNE 2019
NEWS BRIEF // IT WORLD
Atos and Virtru partner to offer a data security solution for Digital workplace
Barracuda launches Firewall Insights, extends its leadership in Secure SD-WAN Barracuda has announced the introduction of Barracuda Firewall Insights. Firewall Insights is an advanced security analytics platform that ingests, aggregates, and analyzes data automatically from any Barracuda CloudGen Firewall deployed in an organization’s network, including public cloud deployments. To keep their organizations secure and connected, IT professionals need to continuously assess the effectiveEXECUTIVE
ness of their security measures and WAN performance. But with so much data coming from so many places in a variety of formats, this can be a time-consuming, manual process. Barracuda Firewall Insights automates these challenging tasks. With Barracuda Firewall Insights, customers have access to Actionable insights for the entire network, Automated capabilities and Customizable reports.
Atos has announced a strategic partnership with Virtru. The partnership will provide global organizations with a joint encryption solution for Digital Workplace, protecting customer data across cloud-based platforms. This solution combines Atos hardware encryption with Virtru’s encryption software and is aimed at organizations which are looking for easy-to-use data encryption solutions to protect data in both cloud and hybrid environments. Virtru’s solution, the Trusted Data Format (TDF) is an opensource data protection standard. Designed to protect customers’ most sensitive data, the TDF protects the privacy of email, files and data – both at rest and when shared with third parties. The TDF provides persistent protection and granular control for emails, files and other data types related to the workplace environment. The Atos Trustway Proteccio Hardware Security Module (HSM) [2] safeguards and manages digital keys – with the highest level of certification, for ultimate security. User experience is completely unaffected by the extra layer of security and the HSM simplifies auditing processes. Depending on the customer’s strategy, Atos delivers those hardware security modules either on customer’s premises or “as a service” from Atos secured datacenters.
MOVEMENT
Naveen Gulati joins GirnarSoft as CIO
SUSE appoints Brent Schroeder as the new Global Chief Technology Officer
Forcepoint Names Shayne Higdon as Chief Operating Officer
Nutanix Appoints Balakrishnan Anantharaman as VP and MD Sales
John Maeda appointed as Chief Experience Officer by Publicis Sapient
iValue Appoints Jagannathan K Aas Head of Technology and Services
Neeraj Kumar Named Beam Suntory’s Managing Director, India JUNE 2019 ENTERPRISE IT WORLD
11
ITWORLD // NEWS BRIEF
BOOK
SHELF
Title Blockchain Revolution
GLOBAL UPDATE
BY
DON TAPSCOTT AND ALEX TAPSCOTT
ACTICO signs DMI Finance as its first Indian customer for the Machine Learning offering
PRICE
RS. 354.00 (PAPERBACK) WHERE:
AMAZON.IN
About The Book
ACTICO has announced DMI Finance as its first Indian customer for its new product, ACTICO Machine Learning. DMI Finance has been working with the platform since April 2018 to enable real time decisions across the lending lifecycle – from credit scoring and decisioning to loan disbursals. DMI Finance has also made an investment in ACTICO Machine Learning to apply intelligent technologies to optimize and automate decision-making processes at scale. “We Are Thrilled To Deepen Our Association With DMI. The Machine Learning
Capability Of Our Platform Provides A Vital Toolkit For Banks, NBFCs As Well As For The New Age Fintech Companies To Unearth Insights From Ever-Increasing Quantities Of Data. We Strongly Believe That, In The Future, A Combination Of Human Intelligence And Data Insights Will Help Firms Take Optimum Decisions And This Will Continue To Be The Guiding Philosophy For Our Product Development Endeavours,” said Ajit Shah, Managing Director- APAC, Middle East and Africa, ACTICO.
The book talks about how the technology behind Bitcoin is changing Money, Business and the World.
Key Feature The book reveals how this game-changing technology will shape the future of the world economy, dramatically improving everything from healthcare records to online voting and from insurance claims to artist royalty payments.
Vodafone Idea Partners with CtrlS for Digital Transformation Vodafone Idea Business Services (VIBS) and CtrlS have entered into a strategic partnership. The collaboration is first-of-its-kind and will allow VIBS and CtrlS to bring together an enriched portfolio of innovative and differentiated products and services. The partnership will enable customers to successfully embark on a digital transformation journey powered by technologies such as Cloud, colocation, managed security services and managed cloud services. It will kick start their 12 ENTERPRISE IT WORLD JUNE 2019
digital transformational journey by reducing operational cost, providing on demand scalability, and increasing business agility. “We Are Extremely Delighted To Collaborate With Vodafone Idea And Strengthen Their Current Portfolio Of Service Offerings. Vodafone Idea And CtrlS Joint Value Proposition Stands As The Most Comprehensive, Formidable And Integrated Offering In The Country Today,” said Sridhar Pinnapureddy, Founder and CEO, CtrlS Datacenters.
NEWS BRIEF // IT WORLD
Skybox Security Introduces Suite 10
DIGEST
VSkybox Security is bringing in Skybox Security Suite 10. This latest product version further strengthens Skybox capabilities to simplify enterprise security management processes that oversee mass-scale, hybrid networks. Skybox 10 brings an intuitive, customizable user experience to simplify management of vulnerabilities, security policies, firewalls and changes from a central solution. Cloud and operational technology (OT) security insights are integrated seamlessly for uniform risk management across hybrid networks. Intelligent automation brings harmony and efficiency to multi-vendor environments, integrating data and yielding contextual insight. Customers can also use the new REST API to leverage Skybox intelligence in other tools and processes, increasing their ROI. Skybox 10 also includes several new integrations including Splunk, ElasticSearch and ServiceNow, as well as Twistlock which provides visibility to the security of containers in cloud-native applications.
ICEWARP’S UNIFIED COMMUNICATION SOLUTION FOR FEDBANK FINANCIAL SERVICES With more than 800+ customers across the country, IceWarp is constantly hustling to change the face of the Indian Market. In a span of 4 years, IceWarp has successfully joined forces with a number of small, medium and enterprise level businesses to entirely change the concept of how their teams share information online. This all-in-one email collaboration platform has now effectively teamed up with Fedbank Financial Services Ltd (Fedfina), a subsidiary of the Federal Bank Ltd. to provide them with a Unified Communication Solution. Previously equipped with a non-updated version of on-cloud local vendor Email Server, Fedfina faced many challenges wherein archived data had to be taken offline within every 6 months. A constant requirement of migrating the existing data left no room for improvement in their then Mail Server. Absence of solutions for Collaboration and Communications; and Group Chat solutions for the broadcasting of messages brought in limitations leading to stunted growth of the business.
Ness Digital Engineering Acquires Sovereign CRM Ness Digital Engineering, a portfolio company of The Rohatyn Group (TRG), has acquired Sovereign CRM, a rapidly-growing Salesforce consultancy that specializes in the architecture, implementation, customization and integration of a broad suite of Salesforce products. Sovereign CRM will further expand the capabilities of Ness’s Cloud & Platform Engineering Practice to capitalize on rapidly increasing demand for Salesforce expertise globally. Sovereign CRM is a leader in architecture and design for leveraging Salesforce products, including building new solution accelerators that help customers quickly move into production with Salesforce solutions. The company is a Salesforce consulting partner that has earned more than 70 Salesforce certifications. Sovereign CRM provides consulting services around CPQ, Sales Cloud, Community Cloud, Service Cloud, etc.
Cisco Unleashes the Capabilities of the New Network Cisco is revolutionizing the role of network professionals and software developers to drive technology innovation and accelerate business. As Cisco reinvents the future of networking, DevNet (Cisco’s developer program) is bringing together software developers and certified network professionals into one community to enable unparalleled collaboration and best practice sharing and to pioneer new levels of automation capabilities. In addition, Cisco is introducing an industry-
changing expansion of its professional certification program that embraces both the network professional and software developer and adding a new community-based developer center to accelerate adoption and success with network automation. Cisco’s intent-based networking has led to a fundamental shift in the role networks play in business and changes how networking is done. The role of the networking professional has changed as it moves away from manual, time intensive tasks and into the world where IT, DevOps and application and cloud developers work together.
ALIBABA INNOVATION INITIATIVES BUSINESS GROUP Reiterating its commitment to India market, Alibaba Innovation Initiatives Business Group, in a significant move, has appointed Huaiyuan Yang as Vice President of UCWeb Global Business. Yang will be responsible for overseas business of UCWeb, including India and Indonesia. In his new role, Yang will be closely involved with UC Browser’s operations, product development and news feed for global markets. Yang will spearhead UC’s content strategy for 2019 – including short videos and snackable content. Short-video content has seen a massive surge on UC Browser with over 3.6 crore short-videos aggregated last year. Early this year, UC launched the WeShare channel on UC Browser. It is an all-in-one platform for localized, entertaining content including short videos, memes, GIFs and more. With an aim to offer localised products to the Indian user, UC has also announced updates to UC Browser Mini and UC Browser Turbo. UC Browser Mini is designed to meet the needs of users who are more likely to install small memory apps and is the best choice to follow the short videos. Users can get abundant funny videos from UC Show based on their interest.
JUNE 2019 ENTERPRISE IT WORLD
13
ITWORLD // NEWS BRIEF
MANAGEMENT
MANTRA
“Employees who believe that management is concerned about them as a whole person, not just an employee, are more productive, more satisfied, more fulfilled. Satisfied employees mean satisfied customers, which leads to profitability.” — Anne M. Mulcahy, Former Chairperson and CEO, Xerox
BT deploys Juniper Networks’ solutions
Corporation
LogMeIn Launches AI-Powered Bold360 Suite
LogMeIn has introduced the new Bold360 family of products, enabling businesses around the world to create next-level CX wherever the customer needs it most. Bold360 Advise and Acquire join the flagship Bold360 Customer engagement platform to deliver purpose-built AIpowered solutions that help organizations deliver impactful customer experiences from the very first engagement throughout the customer lifecycle. The new Bold360 offers more streamlined integration between proactive sales, customer service and agent assistance, extending the impact of Artificial Intelligence from the web and call center through
to the front lines so both customers and employees are better supported. “Customer Experience Isn’t Just About Post-Sale Support. Companies Have An Opportunity To Make A Lasting Impression At Every Point In The Customer Journey. We’re Expanding Bold360 To Deliver The Technologies Needed To Humanize Every Interaction And Create A Seamless Experience Across Channels – Both Digital And Physical. This New Suite Of Solutions Helps Bring The Best Of AI Powered Bots And Live Agents To All The Places Customers Need It Most,” said Paddy Srinivasan, GM, Customer Engagement & Support Solutions at LogMeIn.
Juniper Networks will be delivering British Telecommunications’ Network Cloud infrastructure initiative. This deployment will pave the way for BT’s Network Cloud roll-out – and also enable a more flexible, virtualized network infrastructure that can deliver the technology requirements of various lines of business for BT from a single platform. BT will also use this platform to create new and exciting converged services bringing mobile, Wi-Fi, and fixed network services together. Furthermore, with the implementation of the Network Cloud infrastructure, BT will be able to combine a range of currently discrete network functions and deploy them on a cloud infrastructure that is built to a common framework and shared across the organization, throughout the UK and globally. These include services across BT’s voice, mobile core and radio/access, global services, ISP, TV and IT services, as well as a host of internal applications, thereby cutting operational expenditure and significantly simplifying operations throughout the organization.
Sophos Acquires Rook Security Sophos is creating re-sellable MDR services by combining Rook Security’s threat detection, investigation and response capabilities with its recently acquired DarkBytes technology platform. As a channel-first, channel-best security provider, Sophos will deliver the new MDR services through its network of approximately 47,000 channel partners worldwide. “Rook Security Provides Managed Detection And Response Services To Detect And Eliminate Cyber Threats. Through Threat Hunting And Data Analytics, Rook Security’s Experts Rapidly Detect And Mitigate Active Attacks. We Are 14 ENTERPRISE IT WORLD JUNE 2019
Excited To Bring Our Experts And Service Delivery Innovation To Sophos, A Global Leader In Next-Generation Cybersecurity. Together, We Can Implement Faster, More Effective Threat Detection And Response Capabilities To Better Protect Businesses, ” said J.J. Thompson, founder and CEO, Rook Security. Sophos plans to align its synchronized security technology and product portfolio with Rook Security’s 24/7 services for MDR customers. Rook Security experts will also be able to review these customer security postures to ensure optimal policy configurations for Sophos products across estates.
NEWS BRIEF // IT WORLD
Intel CPU Vulnerabilities could be used in MDS Attacks
A new class of Intel CPU vulnerabilities has recently been published by Intel. Known as speculative execution side-channel vulnerabilities, they affect almost every Intel processor produced since 2011 – this includes a great number of servers, laptops, and smartphones. Crucially, its virtual
machines on the public cloud are also impacted by these vulnerabilities. The Intel CPU vulnerabilities — dubbed as MDS attacks (microarchitectural data sampling) — almost all involve the speculative execution design feature found in all modern processors. The vulnerabilities could leak arbitrary data from different CPU internal buffers: line fill buffers, load ports or store buffers. They include - CVE-2018-12126 a.k.a. Fallout attack. It’s “just” an information disclosure vulnerability at the MSBDS (microarchitectural store buffer data sampling). Fallout is rated as medium severity, with CVSS score of 6.5, as it requires local access and privileges. CVE-2018-12130 aka Zombieload or RIDL (rogue in-flight data load): Again, this is “just” an information disclosure vulnerability at the MFBDS (microarchitectural fill buffer data sampling). It’s also rated medium severity, with CVSS score of 6.5. CVE-2018-12127: Part of the RIDL class of attacks, this vulnerability exists in the MLPDS (microarchitectural load port data sampling). CVE2019-11091: Also part of the RIDL class of attacks, it exists in the MDSUM (microarchitectural data sampling uncacheable memory). It’s an information disclosure vulnerability, rated low severity with CVSS score of 3.8.
Blackberry Upgraded Its Features To Share Organizational Frameworks BlackBerry announced new features and capabilities for its BlackBerry Enterprise Mobility Suite that provides the trust and interoperability organizations need to share and secure data beyond the boundaries of their enterprise. Advancements in mobile technology have created a hyperconnected workforce where highly-sensitive information and data are shared both inside and outside organizational frameworks. The latest updates to BlackBerry Enterprise Mobility Suite will help to securely connect both business and consumer applications, allowing employees to instantly collaborate with peers and customers for improved productivity and competitive success. New features and capabilities of the BlackBerry Enterprise Mobility Suite – aimed at extending the modern desktop and creating seamless workflows and content sharing include BlackBerry Workspaces Content Connector for Dropbox, BlackBerry Dynamics on Chromebook, BlackBerry Work with TITUS Data Classification and BlackBerry UEM Corporate Owned Managed Profile (COMP) activation for Android Enterprise.
iVALUE Gets Into USD 100 Million Club
iValue InfoSolutions added another milestone to its kitty getting into the USD 100 Million Club. iValue crossed its net worth over USD 100 million recording YoY growth of 53% CAGR. The key contributors for this growth
have been Government, BFSI, ITeS, Telecom and Manufacturing verticals. iValue has been recording its growth at 3X times the market growth rates, gaining market share for the 10th consecutive year. This tremendous growth is being attributed to iValue’s distinctive go-to-market strategy as well as their strong OEM-focused solution approach which entails a singular robust vertical-focused design. iValue is focussed on providing global sustainable innovative solutions and had achieved a
YOY growth of 77% in FY 2018. iValue’s emphasis will be to deliver a measurable impact for clients by aligning, customizing and optimizing offerings for business across all verticals and sizes through OEM, consultants and channel partners. The major contributors for this growth include leading-edge technologies like Data Protection and Management solutions, Application and Network performance and optimization solutions, threat protection and Prevention solutions, and Web/email protection solutions including Data Leak Prevention. JUNE 2019 ENTERPRISE IT WORLD
15
ANY ANISHA NAYAR DHAWAN AND POOJA JAIN
CIO TALK // INDIA GYLCOLS LIMITED
A T U L
G O V I L
Chief Transformation Officer, India Gylcols Limited
“No two or three companies or locations within the company are alike, likewise within an enterprise, not everybody would align to the same goal. So, Change Management becomes a big challenge.”
16 ENTERPRISE IT WORLD JUNE 2019
INDIA GYLCOLS LIMITED // CIO TALK
WORKING TOWARDS A SMOOTH TECHNOLOGY ADOPTION
Deploying Technology is not an easy process. Even though you might theoretically be aware of all the ways deploying a particular technology will add value to your business, there are a lot of challenges that need to be overcome for the transition to take place. How has Technology helped you transform your business when the working environment across your manufacturing units at multiple locations is different? Technology has added value to our entire setup. A couple of years back we were only using the core ERP or the basic BI tools. In 2019, we see technologies like Blockchain, RPA, AI, etc. They are proliferating at the shop floor itself. Last year we did a pilot with a leading consulting organisation, which was built around creating a digital twin, which was modelling a part of the plant digitally. So that through regression and correlation equations we can actually predict what can go wrong.
In terms of efficiency in operations, we have re-done a Performance Management System, which was earlier completely manual. Now we have automated it completely. Now the filling of appraisal forms and reviews doesn’t take much time. Whereas earlier the compilation itself took months sometimes. With this our cycle time has gone down and it has increased productivity. But certainly from a process standpoint, one, it brings in that degree of control. Second, it brings in a degree of transparency. And most importantly, it also brings a single version of growth across all systems. So that’s something that is important. What is the level of automation in your company when it comes to operations across the shop floor and what is the human involvement in the shopfloor? There are three critical aspects in Shopfloor Man-
agement which are important - Production Management, Quality Management and Inventory Management. From the Production Management standpoint, we have the state-of-the-art of TCS and Scada systems across all our plants, so that’s something which is an advantage to us because the plants are largely and fairly automated. However, when talking about inventory management, we have started our journey. Like in one of our plants we have created compete bar code based track and trace system. In the other system, we are setting up a complete state-of-the-art warehouse. That’s something which is under the ordering right now. Maybe the next six months that should take shape as well. On Quality, we have still to start our journey because that’s something which is exclusively being done through the standalone Quality management equipment which is there in the laboratories, but we are still to connect it to a central system. But that’s the roadmap. What are the unique challenges faced by your team when it comes to adding value to the business? No two or three companies or locations within the company are alike, likewise within an enterprise, not everybody would align to the same goal. So, Change Management becomes a big challenge. And then you have to also see that a process which has been running for maybe 10-15 years, you can’t just redo it only because the technology is available to do it in a new way. It doesn’t really help because on the ground you may have people who historically align to doing things in a particular way and making them change and, or to think differently, becomes a big challenge. Sometimes you will find within enterprise also, multiple
departments would be at a different rate of adoption. So, you have to factor that role. Maybe one department is more passionate or more in tuned to adopt new age technologies. There will be some other who may be reluctant or even sometimes resistant to adopt the new initiative. Another area internal to our Technology team and Transformation team is the degree and the speed at which changes are happening in the last few years. It is overwhelming. You have to figure out your challenges and what issues you are facing. And in some cases you have to actually educate the domain heads that this is the technology which is available and get into a dialogue about what problems can this technology solve. Earlier there was a notion that you have a business problem and you have to try to solve the problem using technology. Now with the current state, especially with technologies like RPA, companies and domain heads could not even imagine what an RPA can do. So in such cases you have to actually sit with them and create an immersive experience that this is the technology, these are the solutions or prospective issues it can handle, so that they can then think through and conceptualize use cases within the enterprise. And you cannot just do it all alone. You have to partner with your domain heads and other business heads. The discussions with the CXOs, Marketing heads, Procurement head, R&D head, that engagement has to happen because only then you will be able to use technology in the most effective fashion. I think one other aspect which is important is the Skill set from the enterprise standpoint and also from the partner’s standpoint. The CIOs and partner companies talk about these new age technologies in forums and panel discussions. But when you actually start working on it, you will find there are very few companies and individuals who have done real work on the ground. So, that’s one reality. Another is from a skill set within the enterprise, so as much as we may try to emulate a Facebook or an Apple or a Netflix or a Google, thinking that these companies have done so much using technology. That if I do this the Google way, I might be the best, but that doesn’t work. Because you will have to start with your own set up. Where are you today? What are the opportunities? How do you prioritize your various challenges and opportunities you have? Because you also would have limited bandwidth, both in terms of skillset and the budgets as well. So, I think from a challenge standpoint internally, what I see is that the skills to actually drive these technologies is also critical. And then you have to also figure out from a security aspect, how secure the solutions from these technologies can be. JUNE 2019 ENTERPRISE IT WORLD
17
INTERVIEW // ORACLE SECURITY
A K S H A Y
A G G A R W A L
India Country Head and Information Security, Oracle
“We provide what we call Trust Fabric, which embraces both your on-premise as well as your Cloud systems.”
THE EVOLUTION OF ORACLE WITH CLOUD
BY SANJAY@ACCENTINFOMEDIA.COM
Oracle has had quite a journey. From being a Database Organization to being a force to reckon with in the Cloud and Security domain, Oracle has evolved. How has Oracle evolved from a simple Database Organization to being what it is today? Classically, Oracle has been a very strong database organization. Slowly Oracle navigated its way into the enterprise application (ERP) side and got good success on the application side. We realized that you need a technology platform because a lot of people wanted to innovate beyond what you can do in your applications because applications are out of the box. So the providers set for functionalities. But the moment you say, I want to innovate and bring in some bit of differentiation from my competition; you need a technology 18 ENTERPRISE IT WORLD JUNE 2019
stack which can provide you all the flexibility to do integration, to develop mobile applications, web application, web portals and those kinds of things. That’s how Oracle got into more and more things. And then, security always was important. It was actually a security project that oracle was doing for the Department of Defense. That is how Oracle came into being. We are the custodian for data, we make sure that we put in all the checks and balances for ensuring that data is secured at all times. So, irrespective of where the data is located, security is paramount. What is Oracle’s relationship with its customers?
Today, Oracle has thousands of production. It becomes difficult for us also to visualize how customer sees us because we help customers in so many different ways. But one thing Oracle has been consistently working towards is making sure that they meet their solutions for the enterprise. So, they have always been an enterprise organization providing IT solutions for large enterprises. We have been very good at that because we know what the expectation is. Large enterprises need solutions which can scale, are highly secure and manageable, which can run in a distributed as well as centralize fashion globally in multiple data centers of customers.
ORACLE SECURITY // INTERVIEW
So, the enterprises’ needs are different from that of the SMB customers. An SMB customer care about say, ‘Can you give me this function? If you can do that, give me a CRM system, my work is done’. They don’t look at scalability because it is not the need of the hour for them. But for enterprises, they would say, ‘I need it on all the operating systems. I want compatibility with all the other systems, which I am running in my environment’. So that’s the good thing about Oracle, that we understand the intricacies of what the enterprise needs. What has Oracle’s journey with Cloud been like? What we are seeing for the past five to 10 years is that enterprises are slowly moving towards the Cloud. Oracle had to step back and look at what should be the right strategy for them to move into the Cloud. When you have thousands of products running day in and day out for customers in their data centers and you are supporting them, you suddenly cannot decide that now I will make them available in the Cloud. A lot of vendors decided to move those systems which are running on premise into the Cloud without doing any changes. But that was not a scalable model because Cloud needed a very different thought process in terms of how systems should run. They should be Cloud native. They should be very thin because the enterprise systems are very heavy. Something where you can bring in all the flexibilities of the Cloud, both in terms of usage as well as in terms of pricing. Beyond a point you cannot leverage your own premise stack to do the same thing. So, Oracle took the decision that they want to launch everything in the Cloud and whatever they had in on-premise, they would like to have a replica of that in the Cloud. But they want to develop that from scratch because it doesn’t make sense otherwise. So, that is what we are doing. We are seeing success in the application space where our applications are all available in the Cloud, whether you talk about ERP, HCM, supply chain management or customer experience, all of them are there in the Cloud. Now that doesn’t mean we do not provide an on-premise model. Where does Security come into play? The biggest concern that we see and where people are very conscious, especially enterprises while moving to the Cloud is Security. They do not want to do any anything critical in the Cloud unless they are absolutely sure that the vendor whose solution they are using, is ensuring that
their data which is going into the Cloud, is secure and taken care of. The way I have been securing it in a cocoon in my data center, you as a vendor is able to take care of it in the same manner or even better. Now I would say that’s a blessing for the customers because, we can address security because of the fact that we know it and we are a large organization which knows intricacies about so many different customers, we are able to put in the security measures in a way like no other and we are able to give them a transition to the Cloud. Now having said all of this, as I said, Security is extremely important. All of the CIOs and CISOs we talk to their decisions are completely based on how secure our systems are. So, we provide what we call Trust Fabric, which embraces both your on-premise as well as your Cloud systems. Because if your security is only bound to a particular environment and doesn’t take care of the other one, then there can be gaps. Some of the technologies that we provide in this space is Identity Management. We provide the complete stack around Identity Governance as well as Access Management. Whether you run an application or system in the Cloud or in-premise, we can manage the identity and we can provide a seamless access to all these systems using a single sign-on based technology. So, how are you assessing the risk associated to the requests which are coming in and now that your systems are in both places, trust fabric approach should work on both sides and make sure that I assess the level of trust of that particular person in real time and provide you access according to that based on a two factor authentication or multifactor authentication. So, security is becoming a very different problem altogether because now we are trying to address customers who have systems running on premise and they have systems running in Cloud or multiple Clouds. Knowing how much risk is there in any transaction is extremely important. Hence, the importance of data leakage prevention while using your Cloud solutions. Because people are doing all sorts of things in the Cloud. There are sanctioned applications and unsanctioned applications in the enterprise. And people are working on both sides in parallel. So assessing the risk associated around the data leakage and making sure that you stop the people at the right time from doing those activities, is something we definitely look at. What is your Portfolio for Security Solutions? We provide security and different layers. So for database we have data security solutions. Things like encryption. We provide that for the database
and make sure that anything in transit or at rest is completely encrypted. We have masking solutions which can ensure that if you are moving data from one environment to another, you are able to mask it so that even if people get access to it, they are not able to misuse it. We have solutions for privilege Access Management for database specifically. Because what we feel is a lot of times people provide complete access to their database administrators and they have all the access to the database and to the database transactions which are getting stored. Even all the financial transaction information is in the hands of the database administrators. So we have a system called Database Vault. This actually stops providing any additional access to the database administrators. And thereby database administrators can do it’s administration work, but cannot look at the transactions, which reduces the possibility of insider threat by stopping these privileged users from moving ahead. We also offer Database Activity Monitoring to see, you know what kind of activity is happening within the database. Our Cloud security solution, CASB assesses the user behavior. And based on the risk generated by our CASB solution, it instructs the identity and access management solution to provide access accordingly. In terms of Innovation, last year Oracle came up with an Autonomous model. The customers can do only so much to take care of security of their data in the Cloud. We as the leader in the database space provide security in an autonomous fashion. We provide security by default, which means you don’t have to worry about security of your system at any point of time. You just use the system, the encryption of it, the masking of it, how backup is taken, the security patches, everything is completely AI based. It completely takes away the pains that people had in terms of upgrading and making sure that systems are up and running. And all of this is done in real time. There is no downtime at all. So, with autonomous offering that we have come up with, we are providing autonomous security, which is like auto secure and auto patching. All of that is done by itself without any downtime. There is something called a shared responsibility, that when customers are going in for Cloud solutions, just the way the service provider has a responsibility to provide all the security measures around that, the usage of the Cloud and the Security, for that is the responsibility of the end company. JUNE 2019 ENTERPRISE IT WORLD
19
COVER STORY // BLOCKCHAIN
20 ENTERPRISE IT WORLD JUNE 2019
BLOCKCHAIN // COVER STORY
BLOCKCHAIN BEYOND BITCOIN Blockchain is perhaps one of the most unconventional new age Technologies out there. The sooner it is brought out of the shadow of Bitcoin and its potentialities explored, the faster the enterprises will benefit from the multiple applications of the distributed ledger technology.
B
BY POOJA JAIN POOJA@ACCENTINFOMEDIA.COM
itcoin marks the introduction of Blockchain in the mainstream technology applications. A decade ago, when Satoshi Nakamoto released the whitepaper, ‘Bitcoin: A Peer-to-Peer Electronic Cash System’, that was the first time the world heard of Blockchain. Today Blockchain is well on its way to being recognized in its right, and not just as the Technology powering cryptocurrency. According to a report by Statista, the worldwide spending on blockchain solutions is expected to grow from 1.5 billion in 2018 to an estimated 11.7 billion by 2022. And this includes all industries, from Finance to Agriculture and Logistics to Healthcare.
JUNE 2019 ENTERPRISE IT WORLD
21
COVER STORY // BLOCKCHAIN
FAISAL HUSAIN, CO-FOUNDER AND CEO, SYNECHRON
“Only when banks, insurers, supply chain, and energy companies begin to bring together these, different initiatives
ROHIT MAHESHWARI, HEAD OF PRODUCTS AND STRATEGY, SUBEX
“With the 5G becoming mainstream, Blockchain will play a critical role in managing, the immense growth
of digital partnerships for securing the transactions and billing information.”
BLOCKCHAIN REAL TIME USE CASES To paint a clearer picture, the applications of Blockchain are not just a theoretical piece to be implemented in far future. A lot of organizations and governments all over the world are enthusiastically turning to Blockchain based systems. Walmart, for instance, has been working with IBM to implement Blockchain for Supply Chain Management. The digital ledger technology is being used to keep a track of shipments from the suppliers, so that all information related to the products can be accessed immediately when required, and by doing so reduce the risk of food spoilage or contamination. Microsoft, in partnership with Accenture and Avanade, has been working on developing a Blockchain based database for Decentralized Identify Documentation. This is believed to help 1.1 billion people around the world to manage their personal data and ensure privacy and safety across the digital space, while simultaneously offering a solution to those without any legal forms of ID. While this is happening internationally, India is doing its bit to be a part of the ongoing Blockchain Revolution. In what is believed to be the world’s largest 22 ENTERPRISE IT WORLD JUNE 2019
use case of Blockchain solution in the Telecom Space, Vodafone Idea, Reliance Jio and Bharti Airtel are deploying the Blockchain Technology to offer respite to the mobile phone users from unsolicited commercial communication, pesky calls and messages. Analysts believe that over a billion subscribers will be impacted by the TRAI regulation. While Vodafone Idea is partnering with Tanla Solutions, Reliance Jio is seeking the expertise of Tech Mahindra to facilitate the transition. Bharti Airtel, on the other hand, has tied up with IBM.
GOVERNMENT’S ROLE IN THE WIDESCALE ADOPTION OF BLOCKCHAIN The fact that a lot of governments across the world are adopting the Blockchain Technology is strengthening the enterprise’s trust in the technology. The South Korean Government is exploring the potential of Blockchain to enhance the reliability of the online voting system. This will not just serve to prevent the falsification of votes but will also make the data more visibly accessible to the public and the candidates alike. The Australian National Transport Insurance (NTI) is deploying Blockchain to track the movement of livestock as it moves to the consumers.
across industries will we start to see the full power and potential of blockchain network creation at work.”
This will allow them to improve the integrity of the Supply Chain of food in the country and ensure the safety of the food. To leverage the Blockchain revolution, the government of Telangana is developing a conducive ecosystem for Blockchain in the state. With the aim to making Hyderabad one of the top 10 Blockchain cities in the world, the government is creating a physical area within the city, called ‘Blockchain District’ for the Blockchain Technology companies to research and innovate with industry collaboration. The Telangana Blockchain Policy Draft released earlier this year, states that, “The Blockchain District will house all major blockchain technology companies, will have a huge incubator and a world-class facility for promoting research, innovation and industry collaboration. This one of its kind initiatives will aim to put all blockchain companies based out of Hyderabad at a strategically advantageous position globally.” The perks of being in the Blockchain District for the start-ups and other organizations, not just constitute of an exposure to the Blockchain centric innovation in the market. In addition to that, they will also be offered financial aid, by means of grants and subsidies, as they explore the potentialities of the technology.
WHAT PROBLEMS IS BLOCKCHAIN SOLVING? The Blockchain is a peer-to-peer network of data stored in a decentralized manner. There is no regulatory body that oversees the information stored on the Blockchain, hence there is no requirement for verification from a third party. The authentication comes from the users of the
BLOCKCHAIN // COVER STORY
particular chain in question that unanimously upload the new information and add it to their individual records. The entire network gets a copy of the same transaction to add on to their network, which means that there can be no tampering of the information possible once a block has been added to the chain. Neither the time stamp or the details of the transaction can be edited or deleted, thereby making the records authentic and secure. “One of the biggest misconceptions about blockchain is its seeming lack of cybersecurity. It is presumed that the decentralized nature of blockchain makes transactions vulnerable to breaches. However, the transaction data is stored as hashes on blockchain and converts it into a string of numbers. This one-way cryptography allows the data to remain tamper proof,” says Faisal Husain, Co-founder and CEO, Synechron. This not just enhances the transparency of the records, but also increases the reliability. The absence of a central regulatory body additionally contributes to the elimination of the middlemen, which results in faster operations and lower costs. “Firms can also leverage Blockchain to empower customers and drive digital transformations by providing an exceptional experience to their end customers. This also fulfils the unaddressed needs which can be addresses via a combination of platforms, system Integration and professional services consulting,” says Kalyan Bodetti, CTO and Cloud Solutions Architect, Amstar Technologies.
WHY SHOULD CIOS PAY ATTENTION TO BLOCKCHAIN? The World Economic Forum has predicted that Blockchain could account for as much as 10% of global GDP by 2025. This will be a result of largescale participation from the enterprises. Hence, it falls upon the CIOs to befriend Blockchain and implement it in the organization to the best of its advantage. “A CIO from our expertise always looks for solutions which provide Rapid Deployment, Low Total Cost of Ownership and should come with instant scalability with no hurdles and should have the Best in class security. These may sound insignificant, but these are the major challenges that prove to be an obstacle to the CIO at work,” says Kalyan Bodetti, CTO and Cloud Solutions Architect, Amstar Technologies. As a Distributed Ledger Technology, Blockchain offers a solution to the questions of Security, Transparency and Costs. It helps with middlemen intervention, data breaches, corruption, and tampering of financial ledgers. “Enterprises are now adopting business models based on decentralized structures, and the CIO
KALYAN BODETTI, CTO AND CLOUD SOLUTIONS ARCHITECT, AMSTAR TECHNOLOGIES.
“Excluding IT, Blockchain applications areas can be used in IoT, RPO and Strategic HR,
Real Estate and Construction sector, Accounting, Voting, Energy supply, Peer-to-peer global payments, defence and even Quality Assurance mechanisms.”
is expected to see the future and ensure the right technology is deployed in the business. A CIO is required to navigate through the ever-evolving technology landscape and become a technology evangelist that understands how to apply technology to solve business problems. He or she must be a storyteller as well as able to communicate how a new technology like blockchain will help solve shared network challenges such as data reconciliation and security, automation in areas such as payment transfers, traceability of transactions and auditability by removing the middleman,” says Faisal Husain, Co-founder and CEO, Synechron. This makes it apparent that Blockchain as a technology is rapidly penetrating all verticals and hugely benefitting the organizations who adopt it. Presumably, it is only the Bitcoin aspect of Blockchain that the governments are apprehensive about. While the US, EU and Canada, are open to Bitcoin transactions; countries like China, Russia an India are against legalizing Bitcoin transactions.
BLOCKCHAIN AND BITCOIN IN INDIA The Indian Government is apprehensive about Cryptocurrency. While cryptocurrency exchanges are (as of now) recognized as legal by the government of India, the currency, does not enjoy the status of the legal tender. But the Indian banks have reportedly been barred by the Reserve Bank of India from serving cryptocurrency firms and exchanges. According to the draft entitled, ‘Banning of
Cryptocurrency and Regulation of Official Digital Currency Bill 2019’, anybody in India dealing in cryptocurrencies will be sent to jail for 10 years. This attempt to systematically prohibit the use to cryptocurrency in the country, comes as a huge setback to the multiple cryptocurrency trading platforms in India. There are also suggestions of introducing an official digital currency of India, the Digital Rupee. And eliminating the private cryptocurrency exchanges will not only regulate a national standard but also serve to eliminate the competition. The next couple of years are crucial as they will mark which way the government sways when it comes to the state of cryptocurrency exchanges in the country.
A LONG WAY TO GO Though Blockchain has travelled far in just a decade, it still has a long way to go before it can be globally adopted by all organizations barring any exceptions. Research and Innovation are the ways to go on. “It will take some more time for blockchain to really started addressing the CIO challenges, still there are bottlenecks that has to be addressed like Legacy systems and processes, finding right set of resources, optimizing investment in PoCs, performance limitation and regulatory guidelines,” says Rohit Maheshwari, Head of Products and Strategy, Subex. Following in the footsteps of the Internet of Things and Artificial Intelligence, Blockchain is the just another new age technology set to revolutionize the way business is done. JUNE 2019 ENTERPRISE IT WORLD 23
TIMELINE // BLOCKCHAIN
A BRIEF HISTORY
2008
An unknown ‘Satoshi Nakamoto’ released the whitepaper, ‘Bitcoin: A Peer to Peer Electronic Cash System’. The document outlines how to build a digital currency that is secure and transparent without a bank or central body.
2009
Satoshi Nakamoto launches Bitcoin in January as an alternative to the current financial system and centres of power. He mined the first block of the Blockchain.
2010
Bitcoin Market, the world’s first cryptocurrency exchange is set up.
2014
2013
Mt. Gox, one of the largest Bitcoin exchanges of the time, files for bankruptcy after their customer bitcoins are stolen by hackers.
2015
Ethereum was launched.
24 ENTERPRISE IT WORLD JUNE 2019
World’s first Bitcoin ATM unveiled in San Diego, California.
2015
Antshares, the first public Chinese Blockchain is released.
BLOCKCHAIN // TIMELINE
Y OF BLOCKCHAIN 2010
The Bitcoin Pizza Guy, Lazlo Hanyecz, makes the first real world payment in Bitcoins (BTC).
2010
The cryptocurrency exchange, Mt. Gox, launches. Bitcoin’s market cap (total value) reaches $2bn.
2011
2011
The first searches for the term ‘blockchain’ start appearing on Google.
2016
Google joins IBM, Amazon and Microsoft in testing blockchain services with clients.
Silk Road, an online marketplace is launched in February. Anonymous users buy and sell (mostly illegal) goods in Bitcoin. The cryptocurrency takes the brunt of the bad press.
2018
Walmart, runs a trial with IBM to track and verify the source of food on the blockchain.
2019
Indian Telecom companies explore Blockchain to regulate spam calls.
JUNE 2019 ENTERPRISE IT WORLD 25
ECOMMERCE // ESDS
BY SANJAY@ACCENTINFOMEDIA.COM
R A N J I T
M E T R A N I
VP & Chief Revenue Officer, ESDS Software Solution
“E-commerce is an ever-evolving, fast-moving, competitive sector, and companies that fail to adapt, fail to survive. As
technology has grown to offer organizations. more opportunities to market themselves to prospective consumers, so too have e-commerce heads been forced to make a greater number of decisions on vendor partnerships.” 26 ENTERPRISE IT WORLD JUNE 2019
ESDS // ECOMMERCE
INDIA’S E-COMMERCE MARKET TO GROW MORE THAN FOUR FOLDS With the evolution of Technology, the mainstream marketplace is shifting on to the digital sphere. To thrive in the increasing competition, organizations need to adapt and innovate. What is the market size of eCommerce in India? The Indian e-commerce industry has been on an upward growth trajectory. India’s e-commerce market has the potential to grow more than four folds to US$ 150 billion by 2022 supported by rising incomes and surge in internet users. Much growth of the industry has been triggered by increasing internet and smartphone penetration E-commerce and consumer internet companies in India received more than US$ 7 billion in private equity and venture capital in 2018. A young demographic profile, rising internet penetration, and relative better economic performance are the key drivers of this sector. Since 2014, the Government of India has announced various initiatives namely, Digital India, Make in India, Start-up India, Skill India, and Innovation Fund. The Government of India’s policies and regulatory frameworks such as 100 percent foreign direct investment (FDI) in B2B e-commerce and 100 percent FDI under automatic route under the market place model of B2C e-commerce are expected to further propel growth in the sectors. In order to increase the participation of foreign players in the e-commerce field, the Indian Government hiked the limit of foreign direct investment (FDI) in the E-commerce marketplace model for up to 100 percent. In February 2019, the Government of India released the Draft National e-Commerce Policy, which encourages FDI in the marketplace model of e-commerce. Further, it states that the FDI policy for the e-commerce sector has been developed to ensure a level playing field for all participants. The heavy investment of the Government of India in rolling out the fiber network for 5G will help boost e-commerce in India. What are the technologies that you are adapting to? E-Commerce companies are born on cloud and we were are instrumental in enabling the entire ecosystem for e-commerce companies to function efficiently. ESDS offers a wide variety of solutions
that prove beneficial for e-commerce companies. E-commerce generates a tremendous amount of consumer data, all this data goes through our BI tools and Analytics platform to provide valuable insights and enables a better understanding of the consumer behaviors and help create anefficient more profitable marketing strategy by targeting the right customers the right way.Consumer analytics plays a very vital role in how businesses maintain their market share and emerge successful in their ventures. The end goal here is to create a unified and connected user experience across platforms no matter where or how a customer reaches out to the company.Our AI-powered Chat-bots at present are able to create a seamless user experience and we are aligning our technologies to better suit the e-commerce ecosystem. What are the new technological trends in the e-commerce market? The most influential trend right now in the industry is the use of Artificial Intelligence and Machine Learning, which again builds its entire strategy around providing a seamless customer experience. The growth in the online retail industry has had a cascading effect on the growth of various technologies.RFID and GPS technology have proven significant to IOT, enabling uninterrupted more efficient Inventory and Supply Chain Management. Blockchain is redefining alternative payment methods. Blockchain transactions take place on a single network, reducing or outright eliminating the need for intermediaries. Transaction speeds are limited only by the speed of the network and by the speed at which new blocks can be generated. Another advantage for customers is that Blockchain-based currencies do not expose personally identifiable information. Blockchain work well for payment processing because they balance speed and privacy. Technology adoption trends vary from business to business. For e.g., if we talk about Fintech like PayTm orFreechargeit is about secure and fast money transactions whereas companies like bookmyshow or Swiggy depend on AI and Analytics. Technology adoption will depend on the companies enable
their customers. ESDS offers a unique proposition with its vertical scaling cloud platform that is capable of enabling all platforms in the e-commerce industry considering the wide range of solution we offer. What are the challenges that you are facing in the implementation? Besides the major e-commerce giants like Amazon, FlipKart most e-commerce companies are Startups and the start small with limited funding and even when there is funding available most of these companies end up spending a majority of its funding on hiring workforce, much more workforce than required to show expansion instead of investing in technologies. Technology is now so pervasive that it has become integral to the business strategy of any corporation. They should allocate funds based on the relevance of the technology to the business in the immediate, short, medium, and long term.Top management, through their periodic reviews of budgets, can take stock of the recommendations made by the technicians and revise the company’s financial disbursement appropriately. This can minimize the wastage of funds while optimizing productivity. Any other information that you would like to share? E-commerce is an ever-evolving, fast-moving, competitive sector, and companies that fail to adapt, fail to survive. As technology has grown to offer organizations more opportunities to market themselves to prospective consumers, so too have e-commerce heads been forced to make a greater number of decisions on vendor partnerships. The sustained growth in digital technologies will continue to drive adaptation opportunities, and, more than ever, e-commerce companies will be forced to make choices that go beyond email, e-commerce and search platform relationships. The e-commerce industry has been directly influencing the micro, small & medium enterprises (MSME) in India by providing means of financing, technology, and training and has a favorable effect on other industries as well. JUNE 2019 ENTERPRISE IT WORLD 27
SECURITY // SONICWALL
D E B A S I S H M U K H E R J E E R Country Director, India & SAARC, SonicWall
“We at SonicWall have been partnering with businesses to build secure enterprises with our solutions that focus on preventive approach rather than remedial.”
SONICWALL SPEARHEADING ORGANIZATIONAL CYBER SECURITY BY SANJAY@ACCENTINFOMEDIA.COM
At a time when risk to cyber security is on an all time high, enterprises need a good solutions provider to help them keep their organization secure in all ways.
What are the current technological challenges faced by the CISOs from a security point of view? While we are advancing technologically, the challenges also continue to grow for CISOs. Often 28 ENTERPRISE IT WORLD JUNE 2019
overlooked issues usually stem from within the organisation. The key challenges faced within an organisation is often due to the concept of BYOD and connected devices. These challenges can be enumerated as:
• Increased data seepage: A mobile device is the weakest link in a network that is prone to attack. • Increased malware risk: Unknowingly, employees can install malware on their per-
SONICWALL // SECURITY
sonal devices that can spread to the network of the organization. This increases the risk of cyber-attacks • Exposed to higher vulnerabilities: If employees download unsafe applications or operate on public networks, corporate data may be compromised through exposure to unknown attacks • Combined personal data with corporate data: External parties can access lost devices containing personal and corporate data, which may lead to cyber threats. What are the solutions that SonicWall offers to face cyber threats and challenges to security? We at SonicWall have been partnering with businesses to build secure enterprises with our solutions that focus on preventive approach rather than remedial. For instance, with machine learning, we can detect those malwares at an early stage which have never been seen before and use advanced cyber security solutions that can mitigate the threats. We’ve also aware that SMBs are one of the segments most targeted by cybercriminals. SonicWall security solutions help protect such businesses from ransomware, encrypted threats and zero-day attacks, and can be customized to meet the needs of specific security or business objectives. Considering external and internal parameters, we have developed effective breach detection and prevention solutions. Some of the more recent ones include: • SonicWall Capture Client 2.0: This gives organizations active control of endpoint health with advanced endpoint detection and response (EDR) capabilities. Administrators will be able to track threat origins and intended destination, kill and quarantine as necessary and roll back endpoints to a last-known healthy state in the event of an infection. External USB devices can pose a serious threat to network security, potentially delivering malware, ransomware and viruses to vulnerable endpoints. SonicWall’s Capture Client Device Control helps organizations reduce their attack surface by locking out unknown or suspicious devices. • SonicWall Cloud App Security 2.0: To identify and mitigate malicious malware or files stored in SaaS solutions, such as OneDrive and SharePoint, SonicWall Cloud App Security 2.0 integrates with the Capture ATP sandbox service, which includes patent-pending Real-Time Deep Memory Inspection (RTDMI™) technology. The new features extend SonicWall real-time
automated breach detection and prevention capabilities into sanctioned SaaS environments and monitor user-to-cloud and cloud-to-cloud traffic to identify unapproved cloud applications. • SonicWall’s new SOHO 250 and TZ350 series: Designed for small, mid-sized and distributed enterprise organizations with remote locations, the SOHO 250 and TZ350 integrate essential networking features and industryvalidated high security effectiveness to protect data and connected devices, including IoT, with a low total cost of ownership. The new firewall range combines high-speed threat prevention and software-defined wide area networking (SD-WAN) technology with an extensive range of networking and wireless features, plus simplified deployment and centralized management capabilities. What kind of a budget do you suggest CISOs should allocate to meet their Cyber Security requirements? It is a mistakenly believed that information security does not directly contribute to the revenue of a firm. Hence, most C-levels tend to consider it as a cost rather than an investment that will give a good ROI. To allocate budgets from an IT security perspective is being myopic.The error in judgement here is that when there is a cyberattack the loss to the business far outweighs the cost. These attacks have the potential to bring businesses to a halt besides impacting their brand equity. According to Industry estimates, enterprises spend up to 75% of their security budget on prevention technologies alone, leaving only a quarter over for other categories. Given that enterprises these days are adopting Edge computing, the need of the hour is to strengthen the aspect of data-security. There are many alternative areas of security that can be budgeted for. The key 3 target buckets can be classified as under: • Interference – Firewalls, antivirus, intrusion interference systems (IPS), advanced malware protection solutions, cloud-based email filtering solutions and a lot of square measure all thoughtabout interference technology. • Detection and response – These solutions facilitate, determine and pack up a threat once it’s infected a network. In different words, once AN attack or malware makes it past preventative defenses, these products facilitate IT to find out about the threat and amend it. • Business continuity and disaster recovery (BC/DR) – This bucket includes services and technologies that facilitate and recover IT systems and knowledge required to continue a business
after the occurrence of a cyber-attack. Backup product or services, virtual and cloud-based hosting solutions, and even cyber insurance qualify as BC/DR pay. How is data protected in transit between the vendor and the client as well as between the vendor and the end-user? How is data protected at rest on servers and backup media? SonicWall is working on a solution to provide an additional layer of protection for their customers that will block man-in-the-middle attacks even from vulnerable unpatched clients. This will be delivered in a future SonicOS update. For instance, In Active mode, the Data connection is almost always on TCP port 20 though some vendors (eg. FileZilla) are known to use a random >1023 TCP port. After the Control connection is established, the client sends a PORT command to the server. Basically this command tells the server to which IP address and port number (> 1023) the server must connect back for the data connection. After accepting the Port command, the server will then establish the data connection from its local data port 20 (the IANA assigned default port number) to the IP address and port number learned from the PORT command. Such data connections made by the server to the client are separate inbound connections since the client does not make the data connection but instead only tells the port to which the server must connect. To be SonicWall specific, if a client is with us and the server is on the WAN side of the SonicWall, this inbound data connection would be dropped. Our solution to overcome this problem - of Active mode client connections from behind the SonicWall to an FTP server on the WAN - is to scan FTP traffic using DPI and dynamically open the port specified in the PORT command to allow the server to connect back to the client. In such scenarios, if the default LAN to WAN Default Allow rule is in place, no ports need be opened in the SonicWall. If the default LAN to WAN has been modified and is not open for all, then TCP port 21 requires to be explicitly opened in SonicWall.
JUNE 2019 ENTERPRISE IT WORLD 29
GUEST COLUMN // RACHNA TYAGI OF BT
“Blockchain may be able to deliver a broad variety of applications across the telecom industry,
and the technology has the potential to significantly impact CSPs operating models.”
AUTHORED BY
RACHNA TYAGI,
Senior Leader – Technology Projects, BT (British Telecom), Gurgaon.
UN-CHAINING THE TELECOM WITH BLOCKCHAIN
BY SANJAY@ACCENTINFOMEDIA.COM
Blockchain is a revolutionary technology that has the potential to impact all industries. Rachna Tyagi examines how Blockchain can un-chain the telecom industry.
B
Blockchain is an incorruptible digital ledger of economic transactions that can be programmed to record not just financial transactions but virtually everything of value. Blockchain is a DLT concept (Distributed Ledger Concept). The distributed ledger database is spread across several nodes (devices) on a peerto-peer network, where each replicates and saves 30 ENTERPRISE IT WORLD JUNE 2019
lot about the decentralized aspect of it. What makes this so appealing is that it makes the blockchain impervious to censorship, tampering, or corruption. Because it uses a peer-to-peer network, copies of the ledger are stored in many different locations, and unless you manage to track down every single one of them (Bitcoin is estimated to have over 35,000 nodes in its P2P network), you can’t destroy it. As well, because so many different, independent nodes are keeping track of the ledger, modifying it in an untrustworthy way won’t go very far because all the other nodes will disagree with that transaction and won’t add it to the ledger. This is a huge part of why so many people believe blockchain technology is the future of currency, and why it is being adopted in industries other than cryptocurrency.
BENEFITS: an identical copy of the ledger and updates itself independently.It gives an open, decentralized network to use. Powered by consensus algorithms every involved party gets a fair distribution and secure transactions. Security is accomplished through cryptographic keys and signatures. Why is Decentralization so important? For enthusiasts of blockchain, you will hear a
1. A blockchain’s ‘enabled’ trust improves coordination between various partners, due to a shared view of transactions and liabilities. This in turn permits the elimination of third parties, resulting in cost savings. 2. Facilitates a single view of data instead of the need for consolidation across various disparate systems. Also allows for reliable audit trails due to the history of all transactions being available in the ledger.
RACHNA TYAGI OF BT // GUEST COLUMN
3. Implementation of smart contracts in roaming and other cases allows for near-instantaneous charging, thus leading to improved revenue assurance and fraud reduction. 4. Potential to facilitate new business models for revenue generation for Communication Service Provider who are looking for new avenues to increase both top and bottom lines. 5. A blockchain can act as the ledger that enables, for example, an M2M economy to prosper based on the common platform available, in which M2M transactions can be recorded. It can thus act as the enabler for an IoT ecosystem. 6. Improved Security – One of the biggest pain points of the CTO is around system and data security. Security is one of the core propositions of a blockchain-enabled system, and hence very relevant to a CTO.
INDUSTRY APPLICATION The practical consequence is for the first time, a way for one Internet user to transfer a unique piece of digital property to another Internet user, such that the transfer is guaranteed to be safe and secure, everyone knows that the transfer has taken place, and nobody can challenge the legitimacy of the transfer. Starting off with simple cryptocurrencies like Bitcoin it has now expanded to the new level of aspects. Industries such as banking, healthcare, insurance, supply chain and telecommunication can increase their efficiency using this new technology. How Can the Blockchain Upgrade The Traditional Telecommunication Industries? For the last years, traditional telecommunication industries are facing hard times due to the commoditization of the services and consequently lower revenue and profitability rates. To address new era customer needs, upgrades are a must. To better compete with other companies and to increase the overall revenue, it’s necessary to utilize any new technology. That being said, this sector is already on the verge of a great reformation, moving slowly toward to total digitization and virtualization. That’s why adding blockchain into the whole scheme may open up future doors of opportunities. Blockchain may be able to deliver a broad variety of applications across the telecom industry, and the technology has the potential to significantly impact CSPs operating models. There are several areas in which blockchain can help telecommunication operators to build new value: Preventing Fraudulence
Telecoms suffer significantly because of fraudulence schemes every year. It’s one of the biggest reasons for reduced revenues. According to a survey, 38.1 billion dollars get lost due to fraudulent schemes. To prevent this, companies can use the security level of the blockchain ledger. To deal with identity fraud, companies can use the blockchain to verify every individual’s identity. Not only that, but they could also, link their devices to the identity on the network. There is already a similar project in the process; however, the new system is a bit different. In this scene, if somehow the identity gets compromised, it will only affect intermediate devices linked to it, not the overall network. Another big problem is the roaming fraud. This will get sorted out using permissioned blockchain instead of a public one. Every operator that allows roaming can connect to that environment. So, if an individual meets specific rules, then a smart contract can be executed to settle the costs. Managing Identity of Users Any telecommunication company can add an identity management system with their already existing features. Managing identity would allow them to help users manage their Id’s across, applications, devices, and organizations with only one single password. As the authentication process in a properly implemented of blockchain is reliable and flawless, using this scheme would be so much easier. A user will contain a master key, and with that, he/ she be able to verify their identity in any digital presence. This can be an excellent opportunity for the telecommunication organizations to grow and spread their realm. A few examples would be Marriage certificates, driver’s license, passports, etc. In fact, there are already some projects in process in the ID2020 project. The intentions are simple, to give 1.1 billion people a secure and reliable identity management system. IoT Factors IoT factors include security in the data transmission and provide a secure channel among sensors and machine. Telecommunication deals with sensitive information all the time. However, data getting leaked is a typical scenario for them. It’s one of the basic DDoS attacks. That’s why implementing a blockchain network getaway in the project could give the machines a trusted environment where they can communicate with each other. This digital control will make IoT more scalable by verifying and connecting two data centers. So, no rouge devices can hack into the system from
now on. However, only using blockchain won’t solve the issue. Collaborating with new technologies and merging all of them would give a much safer environment. 5G 5G technology implementation is another example to potentially benefit from the blockchain to streamline processes. To realize the 5G promise of ubiquitous access across various networks, CSPs will need to handle heterogeneous access nodes and diverse access mechanisms. Mobile Payment Now with digitization, people are able to pay bills using their mobile phones. However, this new feature has some significant flaws and that’s giving a hacker a chance to scheme innocent people and take their money. Telecom organizations can use blockchain technology to streamline this process and get rid of any third party intruders. Generic Challenges Naturally, every new technology comes with its share of challenges and blockchain is not an exception to that. Any company would have to deal with its scalability issue,internode performance issue& Hacking. Key vulnerabilities are mentioned below. The 51% rule (attacks) Susceptibility to 51% attacks is inherent to most cryptocurrencies. That’s because most are based on blockchains that use proof of work as their protocol for verifying transactions. In this process, also known as mining, nodes spend vast amounts of computing power to prove themselves trustworthy enough to add information about new transactions to the database. A miner who somehow gains control of a majority of the network’s mining power can defraud other users by sending them payments and then creating an alternative version of the blockchain in which the payments never happened. This new version is called a fork. The attacker, who controls most of the mining power, can make the fork the authoritative version of the chain and proceed to spend the same cryptocurrency again. One thing driving this trend, he says, has been the rise of so-called hash-rate marketplaces, which attackers can use to rent computing power for attacks. “Exchanges will ultimately need to be much more restrictive when selecting which cryptocurrencies to support,”. Smart-contract bugs A smart contract is a computer program that runs on a blockchain network. It can be used to automate the movement of cryptocurrency JUNE 2019 ENTERPRISE IT WORLD
31
GUEST COLUMN // RACHNA TYAGI OF BT
according to prescribed rules and conditions. This has many potential uses, such as facilitating real legal contracts or complicated financial transactions. Another use—the case of interest here—is to create a voting mechanism by which all the investors in a venture capital fund can collectively decide how to allocate the money. Decentralized Autonomous Organization (DAO), was set up in 2016 using the blockchain system called Ethereum. Shortly thereafter, an attacker stole more than $60 million worth of cryptocurrency by exploiting an unforeseen flaw in a smart contract that governed the DAO. In essence, the flaw allowed the hacker to keep requesting money from accounts without the system registering that the money had already been withdrawn. As the hack illustrated, a bug in a live smart contract can create a unique sort of emergency. In traditional software, a bug can be fixed with a patch. In the blockchain world, it’s not so simple. Because transactions on a blockchain cannot be undone. There are fixes, of a sort. Though they can’t be patched, some contracts can be “upgraded” by deploying additional smart contracts to interact with them. Developers can also build centralized kill switches into a network to stop all activity once a hack is detected. But for users whose money has already been stolen, it will be too late. The only way to retrieve the money is, effectively, to rewrite history—to go back to the point on the blockchain before the attack happened, create a fork to a new blockchain, and have everyone on the network agree to use that one instead. That’s what Ethereum’s developers chose to do. Most of the community switched to the new chain, which we now know as Ethereum. A smaller group of holdouts stuck with the original chain, which became Ethereum Classic. Nevertheless, hundreds of valuable Ethereum smart contracts were already vulnerable to this so-called reentrancy bug, according to Victor Fang, cofounder and CEO of blockchain security firm AnChain.ai. Tens of thousands of contracts may contain some other kind of vulnerability, according to research conducted last year. And the very nature of public blockchains means that if a smart-contract bug exists, hackers will find it, since the source code is often visible on the blockchain. Buggy contracts, especially those holding thousands or millions of dollars, have attracted hackers just as advanced as the kind who attack banks or governments. In August, AnChain identified five Ethereum addresses behind an extremely sophisticated attack that exploited a 32 ENTERPRISE IT WORLD JUNE 2019
contract flaw in a popular gambling game to steal $4 million. Can the hackers be defeated? 1) AnChain.ai is one of several recent startups created to address the blockchain hacking threat. It uses artificial intelligence to monitor transactions and detect suspicious activity, and it can scan smart-contract code for known vulnerabilities. 2) Other companies, including Tsankov’sChainSecurity, are developing auditing services based on an established computer science technique called formal verification. The goal is to prove mathematically that a contract’s code will actually do what its creators intended. These auditing tools, which have begun to emerge in the past year or so, have allowed smart-contract creators to eliminate many of the bugs that had been “low-hanging fruit,” says Tsankov. But the process can be expensive and time consuming. 3) It may also be possible to use additional smart contracts to set up blockchain-based “bug bounties.” These would encourage people to report flaws in return for a cryptocurrency reward, says Philip Daian, a researcher at Cornell University’s Initiative for Cryptocurrencies and Contracts. 4) BT- The U.K.’s largest internet and telecoms provider has been awarded a patent for a proposed cybersecurity measure aimed at protecting blockchains. In the patent, awarded on Oct. 31, British Telecommunications PLC (BT) outlined a method designed to prevent malicious attacks on blockchains-outlining a way to limit who can commit transactions to the system through user-specific profiles. The blockchain’s underlying code would then be able to automatically reject transactions which do not match the predescribed accounts. One example use case outlined by the patent includes “majority control attacks” (also called “51 percent attacks”), where a hostile force with more than 50 percent of the total computing power tries to control a blockchain network. According to the patent: “Despite the architecture of blockchain systems, malicious attacks present a threat to the security and reliability of blockchains.” When an attack is detected, the system will automatically stop conducting transactions, preventing even a majority attack from being effective, according to the patent. The patent further cites include distributed denial-of-service (DDoS) attacks, which are designed to completely overwhelm a miner with an excessive number of transaction requests.
BT does not address how it would deal with such attacks, however it does state that “it would be advantageous to provide a mechanism for detecting and mitigating threats to blockchain environments.” While the patent discusses the method of verifying transactions through the energy-intensive mining process employed by digital currencies like bitcoin, BT notes that the process is unrelated to the patented system. Ending Note The challenge here is not a technology anymore, but a business will and consensus which need to materialize between operators.CSPs would do well to work together to enable the full realization of the benefits, just as many of the global financial institutions are currently doing (e.g. in the R3 Consortium). Working in a silo will limit the potential of blockchain,as disintermediation, robustness, and the need for trust at the intersection of many stakeholders drives real value. Organizations such as the GSMA, which represents the interests of many mobile CSPs globally, could equally take a more active role in exploring and promoting blockchain use cases in the industry. Companies such as Orange and Verizon, amongst others, have already invested in startups in the blockchain area to explore the synergies and potential use cases. Many more players are researching potential use cases in-house. It is time for everyone to agree on a unified approach to enable meaningful realization of benefits. Blockchain technology comes with a lot of scope for telecom organizations. However, they would have to make some massive changes to thoroughly estimate and add it to the whole equation. CEO relevance – Embracing blockchain will compel the CEO to comprehensively rethink the CSP’s strategy with regard to various stakeholders, since new business models could thoroughly disrupt the existing telcom value chain. CFO relevance – Chief Financial Officers at CSPs are looking for possible avenues for reducing costs and improving the bottom line in a highly regulated and competitive market.Blockchain has the potential to help facilitate just that. CMO relevance – Chief Marketing Officers would primarily benefit from the ability to introduce new offers to the market at a faster rate than previously possible, enabled by the modularity of a smart contract.
NARENDRA MODI 2.0
MODI2.0: THERETURN OF NARENDRA MODI With Modi coming back, who is an ardent advocate of India becoming more digital, the country will surely see new policies come to light which will help India achieve that goal. India is sorely in need of a government that will support new technologies being introduced and will provide the back work for the tech giants to get their innovations off ground.
N
rendra Modi’s government which is known for its pro-business image has helped lure foreign investors such as Amazon, Walmart and Mastercard investing billions of dollars in investments which also leads to ramping up the hiring process. India is also the biggest market by users for companies like Facebook Inc, and its subsidiary WhatsApp. In 2017, the Modi government came under fire for formulating policies that appeared to favour patriotic fever ahead of the elections. Global firms remained concerned about the lack of policy stability and this message had the global investors worried. After Modi’s win, many foreign companies in India hoped the government will avoid sudden policy changes on investment and regulation which cost them dearly and urged the government for an industry-wide consultation that permits time to prepare. Prem Watsa, Chairman of Canadian diversified investment firm Fairfax Financial said, “Protectionism concerns are small hurdles you have to go through however, there will be more business-friendly policies and more private enterprises coming into India.” Ever since Modi pushed for electronic payments in 2016, the global payments companies have benefitted immensely and are looking forward for more friendly policies from the government. Last year, however, firms such as Mastercard and Visa were asked to store more of their data in India to allow “unfettered supervisory access”, a change which prompted WhatsApp to delay plans for their payment service. Modi’s government which is also known to draft laws to clamp similar data norms on the entire sector has a lot riding on the technology sector. But
abrupt changes, which are now common for Modi government, to rules on foreign investment in e-commerce has stoked an alarm at firms such as Amazon which saw its operations briefly disrupted back in February. Similarly, months after, Walmart also faced disruptions after it had invested $16 billion in Flipkart. ‘Digital India’ catch-phrase which has been resounding in the country for the past five years has certainly caught the attention of business in India and overseas, which also helps to highlight the technological investment which can be made in the Indian subcontinent. Executives belief that the coming five years should see policies being effectively implemented and the hopes for technology infusing into governance should also materialise. The first term of Modi’s government saw the plans materialise for India to become a global technological hub. The country also embraced foreign investment which resulted in a vibrant technology sector characterised by international and Indian players which also included small and medium enterprises. But this is now all at stake. In the final year of his first term, the Prime Minister made moves which saw foreign companies being hesitant to invest in the country. Now that the government is back for its second term, policy makers should bear in mind the technological advancement pace which India had started on. A new area of concern was provided by the Ministry of Electronics and Information Technology’s (MeitY’s) draft for cross-sector data protection bill, which some argue is harsher than EU’s General Data Protection Regulation (GDPR) which involves risks for deterring investment, innovation without making the data safe. The bill talks about excessive restrictions on cross-border data flows, limited grounds for data processing, criminal liability, huge government powers to use personal data and much
more. But if one were to compare this bill with the Department of Promotion and Internal Trade’s (DPIIT’S) draft regarding the e-commerce policy which talks about data protection obligations and is also directly inconsistent with the MeitY’s draft. The draft e-commerce policy made by DPIIT also suggests that successful companies should share their data with Indian companies in order for them to grow. And yet, India continues to grow. With the country voting again for Prime Minister Narendra Modi to come back for a second term, the technology and startup sectors are anticipating quick implementations of policies which were in sync with the ‘Digital India’ mandate, as comments from several chief executives of business and startups operating in the country show. Suman Reddy, MD, Pegasystems India, said, “The government, through a range of forward-looking policies has a track record being a catalyst to the IT sector in India. This growth has, in turn increased the industry’s share in the country’s GDP. The results give us hope that the groundwork laid during the previous regime will translate to an improved policy environment and faster industry growth over the next 5 years. Every player in the industry is looking to operate in a competitive environment, find market opportunities to grow, and create jobs. Companies have seen the fruits of a favorable business climate created and are working towards the united goal of creating a trillion dollars of economic value through the digital economy by 2025. They
also look forward to adequate levels of protection to maintain India’s competitive advantage over other regional tech hubs and respect the interest of consumers using their services. What we look forward to from the next phase of India’s governance: • Extend the success of various initiatives and
JUNE 2019 ENTERPRISE IT WORLD 33
NARENDRA MODI 2.0
policies already introduced, like Digital India and Startup India. • A balanced interests of the customers and enterprises, in terms of data governance, data storage, support for startups in emerging technologies. • Further clarity on AI innovation focus by the government through regulations and initiatives as the global AI race heats up. • Fair operating environment for startups and SMEs to scale, expand globally, and raise investments. • Improving clarity around key regulations necessary for large tech centres to operate, expand and contribute to the national economy.” Kishan Jain, Director, Goldmedal Electricals said “The rapid proliferation of new technologies such as internet of things, artificial intelligence, connected devices & home automation, have provided FMEG companies tremendous opportunities to grow, flourish and expand into newer industry segments. Additionally, the past few years have seen the Government of India having a keen focus on the promotion of energy efficient solutions such as LED lighting. With the current Government all set for a second term in office, we hope that this trend continues as it would give further fillip not only to the manufacture of such products but also to the Government’s ‘Make in India’ and ‘Smart Cities’ initiative.” Jitendra Chaturvedi, Director and Co-founder, Batooni Mobile Advertising said, “The government had started smoothening the tax issues in startup funding. Continuation of the regime will hopefully hasten the change in the procedures and laws helping startup funding. BJP’s known penchant for advertising is very good news for adtech start-ups.” Bhavin Turakhia, CEO, Zeta & Flock says, “In the last four years, Indian B2B startups have more than tripled. Our country is now taking giant strides towards becoming one of the fastest growing startup hubs globally. To make this a reality and accelerate their growth, the new Government of India must put in place measures such as training hubs for entrepreneurs across India to ease flow of capital, regulatory compliance and more. Further, these hubs must act as one-stop knowledge, research and development centers so that startups can focus more on innovation and less on processes. Thus, acting as a catalyst or emerging startups across sectors.” Satyam Kumar, CEO & Co-Founder, LoanTap Financial Technologies Pvt. Ltd says, “Currently, a start-up needs to follow number of compliance laid down by various regulatory bodies as well as there is a knowledge gap because of multiple points of contact. While they are definitely neces-
34 ENTERPRISE IT WORLD JUNE 2019
sary, they are onerous and costly to comply with. Compliance is expected with regards to Labour Law, MSME Registration, Investment, MCA Compliance as well as ones related to individual sectors. There should also be consideration on hefty penalty in cases of non-compliance. Expectation from Government is to make process simpler to comply with – A single clearance window – which ensures end to end solution or procedure to be followed by a start-up that enables pro-active compliance as well as helps to avoid unnecessary costs.” Javed Tapia, Founder, Slonkit says, “The current government has given a fillip to startups with initiatives such as Start-Up India which enables self-certification, rebate in filing patents, income tax exemptions, easier public procurement norms etc. I think the new government should further enhance the vibrant start-up ecosystem wherein startups can collaborate seamlessly and share knowledge and technical expertise. This will help India to leverage it’s entrepreneurial potential and become a hotbed of unicorn start-ups across different sectors.” Ankur Pahwa, Partner and National Leader – E-Commerce and Consumer Internet, EY India, said, “As the new government steps-in, among key policy interventions, the e-commerce policy needs some urgent attention as it can propel investments, job and wealth creation to boost overall economic growth. The e-commerce policy also need to take into account the view of impacted stakeholders and provide sufficient runway for implementation. Furthermore, incentives to companies exploring ‘deep-tech’ such as AI, ML, IoT, etc., will bring in more efficiency in the system and ultimately improving customer experiences. India remains the world’s second largest start-up nation and clearly the government has had the right intent to boost start-ups in the country to foster innovation and job creation, while protecting both investors and entrepreneurs. While measures have been taken to provide relaxation from Angel Tax, there are still some unfulfilled expectations linked to its simplification when looked at from a longterm lens. More attention is needed to protect entrepreneurs; at the same time enable promoters and investors to raise capital through differential voting rights. While the government has made considerable and commendable headway in ease of doing business, further steps linked to easing of norms will fuel the start-up ecosystem.” K R Naik, Chairman, DIGISOL Systems Ltd., said, “We have seen enormous growth opportunities in the past five years with the introduction of schemes like ‘Make In India’, ‘Digital India’ and ‘Smart Cities’. With the continuation of the
regime, we hope to see a new wave of transformation in the IT Networking Industry. We are excited about the opportunities coming in the next few years as supportive government regulations will help accelerate the business growth and would support companies like us who have been manufacturing products in India.” Keshab Panda, CEO & Managing Director, L&T Technology Services said, “This election is a victory for Indian democracy and the people’s
NARENDRA MODI 2.0
mandate. A stable and clear majority is always beneficial to business and international trade and commerce. As India builds up on its global position of being a leader in new-age innovations, it is the right time to leverage the country’s unique capabilities to serve as a best-in-class ER&D services destination. We can expect to see growing demand for technology expertise in several critical areas such as smart cities, connected healthcare and Electric Vehicle technologies,
backed by the Government’s active policy framework. We foresee technology companies coming out with digital engineering solutions catering to all of these in the coming years.” There is hope that the new government will get back on the track to hasten the adoption of policies for digitization of the country. The expectation is that this will encourage the government to be more transparent and to build India into a strong ecosystem in which technology driven businesses
are thriving. The talk around technology has been critical for the past two years in the country as the government is drafting bills which will lead to
control of Internet content, store critical date within the country. As policymakers consider their next steps on these and other technological issues, they should opt for a reasonable approach that meets valid regulatory objectives which ensuring that investment and innovation are flourishing.
JUNE 2019 ENTERPRISE IT WORLD 35
CLOUD // ANATOMY OF A CLOUD
36 ENTERPRISE IT WORLD JUNE 2019
ANATOMY OF A CLOUD // CLOUD
AUTHORED BY
N I K H I L
T A N E J A
Managing Director-India, SAARC & Middle East, Radware
NATIVE DATA BREACH: ANATOMY OF A CLOUD Case study of a real-life example of a cloud-native data breach, how it evolved and how it possibly could have been avoided.
BY SANJAY@ACCENTINFOMEDIA.COM
T
he company is a photo-sharing social media application, with over 20 million users. It stores over 1PB of user data within Amazon Web Services (AWS), and in 2018, it was the victim of a massive data breach that exposed nearly 20 million user records. This is how it happened. Step 1: Compromising a legitimate user. Frequently, the first step in a data breach is that an attacker compromises the credentials of a legitimate user. In this incident, an attacker used a spear-phishing attack to obtain an administrative user’s credentials to the company’s environment. Step 2: Fortifying access. After compromising a legitimate user, a hacker frequently takes steps to fortify access to the environment, independent of the compromised user. In this case, the attacker connected to the company’s cloud environment through an IP address registered in a foreign country and created API access keys with full administrative access. Step 3: Reconnaissance. Once inside, an attacker then needs to map out what permissions are granted and what actions this role allows. Step 4: Exploitation. Once the available permissions in the account have been determined, the attacker can proceed to exploit them. Among other activities, the attacker duplicated the master user database and exposed it to the outside world with public permissions. Step 5: Exfiltration. Finally, with customer information at hand, the attacker copied the data outside of the network, gaining access to over 20 million user records that contained personal user information.
LESSONS LEARNED Your Permissions Equal Your Threat Surface: Leveraging public cloud environments means that resources that used to be hosted inside your organization’s perimeter are now outside where they are no longer under the control of system administrators and can be accessed from anywhere in the world. Workload security, therefore, is defined by the people who can access those workloads and the permissions they have. In effect, your permissions equal your attack surface.
Excessive Permissions Are the No. 1 Threat: Cloud environments make it very easy to spin up new resources and grant wide-ranging permissions but very difficult to keep track of who has them. Such excessive permissions are frequently mischaracterized as misconfigurations but are actually the result of permission misuse or abuse. Therefore, protecting against those excessive permissions becomes the No. 1 priority for securing publicly hosted cloud workloads. Cloud Attacks Follow Typical Progression: Although each data breach incident may develop differently, a cloud-native attack breach frequently follows a typical progression of a legitimate user account compromise, account reconnaissance, privilege escalation, resource exploitation and data exfiltration
WHAT COULD HAVE BEEN DONE DIFFERENTLY? Protect Access Credentials: Your next data breach is a password away. Securing your cloud account credentials — as much as possible — is critical to ensuring that they don’t fall into the wrong hands. Limit Permissions: Frequently, cloud user accounts are granted many permissions that they don’t need or never use. Exploiting the gap between granted permissions and used permissions is a common move by hackers. In the aforementioned example, the attacker used the accounts’ permissions to create new administrative-access API keys, spin up new databases, reset the database master password and expose it to the outside world. Limiting permissions to only what the user needs helps ensure that, even if the account is compromised, the damage an attacker can do is limited. Alert of Suspicious Activities: Since cloudnative data breaches frequently have a common progression, there are certain account activities — such as port scanning, invoking previously used APIs and granting public permissions — which can be identified. Alerting against such malicious behavior indicators (MBIs) can help prevent a data breach before it occurs. Automate Response Procedures: Finally, once malicious activity has been identified, fast response is paramount. Automating response mechanisms can help block malicious activity the moment it is detected and stop the breach from reaching its end goal. JUNE 2019 ENTERPRISE IT WORLD 37
THE STUFF // PRODUCTS & SERVICES
CIO TOYS ALARIS E1000 SERIES SCANNER The Alaris E1000 Series Scanner is recognized for its one-touch scanning of up to nine different jobs; ability to scan and send documents to email, cloud and other applications and its wide range of imaging features. Packing all the intelligence of a larger device into a streamlined, desktop scanner, the Alaris E1000 Series Scanners are ideal for small office/home office environments, reception areas and workgroups. The two models in the range feature an 80-sheet automatic document feeder (ADF), the largest in their class, and offer exceptional media handling capabilities. The devices scan a variety of paper sizes and weights. Alaris integrated flatbeds further expand the scanners’ capability and they are backed by a three-year warranty.
POLY POLYCOM STUDIO
B Y S A N J AY @ A C C E N T I N FO M E D I A . C O M
Plantronics’ new plug-and-play video bar, Polycom Studio brings premium performance to huddle spaces. Polycom Studio delivers business-class audio and video capabilities in an easy-to-use USB video bar. With Studio, teams can experience a new level of meeting engagement, with automatic camera tracking that zooms in on the conference participant who is speaking. This easy-to-use USB video bar takes the frustration out of the typical huddle room video conference and replaces it with user-friendly experiences.
38 ENTERPRISE IT WORLD JUNE 2019
RNI NO: DEL ENG/ 2017/ 69906 Postal Reg. No.: DL-SW-01 / 4200 / 17-19
Date of Publication: 28 of Every Month Date of Posting: 1 & 2 of Every Month
Experience capabilities beyond SD-WAN with
ARUBA SD-BRANCH Aruba Software Defined Branch (SD-Branch) combines best-in-class wired and wireless branch infrastructure with remote management orchestration, analytics-driven security framework and state of the art SD-WAN capabilities Learn more at: www.arubanetworks.com/in-sd-branch For more details contact: +91 9606811117 | shipras@hpe.com Copyright Š 2019. Aruba, a Hewlett Packard Enterprise company. All right reserved.