June issue 2022 by Enterprise IT World

@entitworld

@enterpriseitworld

RS 20

PA G E S 3 6

V O LU M E 0 7

ISSUE 03

WWW.ENTERPRISEITWORLD.COM

FOR THE CIOs. BY THE CIOs. JUNE 2022

ZERO TRUST

AJIT PILLAI

Regional Director - APAC Morphisec

GAINS MOMENTUM AMONGST INDIAN ENTERPRISES Many companies are adopting zero trust to strengthen the security posture.

P - 16

AVINASH DHARMADHIKARI

CISO, Persistent Systems

FAIZ SHAIKH

Co-Founder and CISO, Digital Software Labs

BIJENDER MISHRA

CISO, Alkem Laboratories

EDITOR’S LETTER There is always a chance of failure but as there is a saying “failure is the steppingstone for the big success.” So, the whole idea is what are you going to achieve. If you fear executing big ideas, then your objective of achieving something for yourself and for your organization is not met with. Technology is moving very fast, and time is passing by like quicksand. If you wait for others to implement and you can learn from them is Ok but there is no point that you can prove a point. If you implement something which is beyond the imagination of the management is actually the point you proved. Today many organizations and individuals are after creating their own metaverse, which is a big step ahead. Retail and real estates sectors are going after NFT and block chain to see all the transaction is done securely. This has picked up in rest of the world. Can you create project like this to give a better experience to your organization and your employees? You need to think beyond the traditional way of thinking and present that to the management and try your best to execute it. Keep in mind there would be stumbling blocks. There would resistance from inside. There would be truncated skilled manpower.

WHAT WE NEED TO GROW IN THIS AGE?

Hello Friends.

Today to be successful in the game, you need to be well aware of what is the happening around you and updated about the latest and best of the technology. One needs to keep the goal in mind than keeping the next target in mind. Most of the technology leaders are looking at what project to be done and how to fix the gaps in the system. This approach is quite transitional. Rather the leaders to sit quietly and set a goal for himself/ herself as to how and what value he is going to add to the entire ecosystem and the organization he is serving. He needs to present a vision paper in front of the management or board through the competent authority after understanding the vision of the organization. He needs to align his tech vision clearly with the business strategy of the organization. Often IT leaders speak about that but when it comes to actual execution they forget to do so. It is not their fault but there are constraints for them due to lack of budget allocation, paucity of skilled manpower to support him and someone from the top who can support him if he fails.

NEXT MONTH SPECIAL

S A N J AY M O H A PAT R A S A N J AY @ A C C E N T I N F O M E D I A . C O M

COVER STORY

SUPPLEMENT

INDUSTRY 4.0

QUOTES FROM TOP CIOS

The next issue is dedicated to the Industry 4.0. We would like to take feedback from the CIOs and OEMs and create our judgment on the same.

PLUS

Interviews and Case Studies

Catch interviews, guest articles and case studies of recent applications from the Industry stakeholders, IT/ITES Vendors and IT leaders and CIOs from the Enterprise IT World CIO Community.

The supplement story of the magazine would have relevant quotes from the top CIOs in India.

Send in your inputs to sanjay@accentinfomedia.com JUNE 2022

ENTERPRISE IT WORLD

CONTENTS VOLUME 07

ISSUE 03

JUNE 2022

W W W. E N T E R P R I S E I T W O R L D . C O M 1

FOR THE CIOs. BY THE CIOs.

Publisher: Sanjib Mohapatra Chief Editor: Sanjay Mohapatra Managing Editor: Anisha Nayar Dhawan Sub Editor: Kumari Ambika Art Director: Shadab Khan Web Designer: Sangeet Technical Writer: Manas Ranjan Lead Visualizer: DPR Choudhary MARKETING Senior Marketing Manager: Vaishali Shukla SALES CONTACTS Delhi 6/102, Kaushalya Park, Hauz Khas New Delhi-110016 Phone: 91-11-41055458 E-mail: info@accentinfomedia.com

COVER STORY

EDITORIAL OFFICE

16 ZERO TRUST GAINS MOMENTUM AMONGST INDIAN ENTERPRISES

Delhi: 6/103, (GF) Kaushalya Park, New Delhi-110016, Phone: 91-11-41657670 / 46151993 info@ accentinfomedia.com

Many companies are adopting zero trust to strengthen the security posture.

INTERVIEW: /20 Endpoint Protector by CoSoSys is an advanced Data Loss Prevention (DLP) solution.

Printed, Published and Owned by Sanjib Mohapatra Place of Publication: 6/103, (GF) Kaushalya Park, Hauz Khas New Delhi-110016

MORE INSIDE

Printed at Karan Printers, F-29/2, 1st floor, Okhla Industrial Area, Phase-2, New Delhi 110020, India. All rights reserved. No part of this publication can be reproduced without the prior written permission from the publisher. Subscription: Rs.200 (12 issues) All payments favouring: Accent Info Media Pvt. Ltd.

Editorial~~~~~~~~~~~~~~~~~~~~~~~~~~ 03 News~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 06

22 REMOTE WORK

Phone: 91-11-46151993 / 41055458

SECURITY

30 CXO INTERVIEW

32 SECURITY

SIMONE NARDI

KRIS LOVEJOY

ABHAY SOLAPURKAR

SUNDAR BALASUBRAMANIAN

“92% of APAC CFOs Agree Allowing Employees to Work From Any Location”

“Kyndryl, Veritas Enter Global Partnership to Help Address Cybersecurity Threats”

“Our goal is to simplify and economically democratize access to SSE solutions”

“Security Consolidation and the Part Played by A Viral Pandemic”

ENTERPRISE IT WORLD

JUNE 2022

ITWORLD

ROUND UP

SANS to Host Interactive Summer Training in Saudi Arabia

B Y S A N J AY @ A C C E N T I N FO M E D I A . C O M

SANS Institute, the global leader in cybersecurity training and certifications, has announced the SANS Summer Dunes 2022 training program, to be held in person at the Crowne Plaza Riyadh RDC Hotel & Convention Centre, from June 18 to June 23, 2022. During SANS Summer Dunes 2022, participants will benefit from immersive training to mitigate even the most complex cyber-attacks using actionable digital forensic acquisition tactics taught by industry-level professionals. “You can’t protect the unknown,” says Ned Baltagi, Managing Director, Middle East and Africa at SANS Institute. “Cybercrime on computer systems and within business networks must be anticipated by all enterprises. Analysts that can examine fraud, insider threats, industrial espionage, employee misuse, and computer intrusions have never been in more demand. Corporations, governments, and law enforcement agencies are increasingly relying on 6

ENTERPRISE IT WORLD

JUNE 2022

experienced forensics specialists to conduct investigations, recover essential information from computers, and, most importantly, get to the source of the crime. SANS is educating the next batch of the world’s greatest digital forensic professionals, incident responders, and media exploitation experts capable of piecing together what happened on computer systems second by second to assist in the resolution of these cases.” The courses offered at SANS Summer Dunes are FOR500: Windows Forensic Analysis, conducted in person, by Lee Whitfield and FOR498: Battlefield Forensics & Data Acquisition, also in person, by Kevin Ripa. Both are active cybersecurity practitioners and certified instructors at SANS Institute. Understanding forensic capabilities is a core component of information security.

D ATA BRIEF

Marketing budgets have climbed to 9.5% of total company revenue in 2022, an increase from 6.4% in 2021, according to Gartner, Inc.

Source: Gartner

NEWS BRIEF // IT WORLD

Accenture Accelerates Data-Driven Decision Making for Lupin

Accenture deployed a digital platform based on SAP S/4HANA®, providing decision makers with real-time visibility into integrated data from multiple sources including supply chain, people and sales networks spread across 100+ countries and its fifteen manufacturing and research facilities in India, United States of America, Brazil and Mexico. The consolidated view of global business operations and performance has enabled informed decision-making. SAP Fiori apps have also helped enhance the user experience for Lupin employees with simple and easy-to access data models and analytical reports. Sreeji Gopinathan, CIO, Lupin, said, “Lupin is committed to providing affordable healthcare to people across the world, and our data-driven digital platform will play a crucial role in this mission,” “Through our collaboration with Accenture, we will unlock

CIO

the value of enterprise data in order to increase efficiencies and accelerate innovation across all our functions and processes, including manufacturing, testing, supply chain, and finance and accounting.” Sameer Amte, lead for Accenture’s Life Sciences practice in India, said, “As Indian multinational pharmaceutical companies look at navigating supply chain disruptions and gaining a stronger foothold in the global economy, digital transformation will play a key role in advancing competitiveness by running more efficient business processes, improving research and development capabilities, and creating better customer experiences. With our deep industry experience and technology capabilities, we are helping Lupin become an intelligent enterprise by enabling data-driven decisions that will help accelerate product innovation and enable faster access to market.”

Coforge Partners with Estes Express Lines: Announces a New Go-To-Market for the Transportation & Logistics Industry

Coforge Limited partnership with Estes Express Lines (Estes), the largest privately held freight carrier in North America. With this partnership, Coforge will bring agile, next-generation solutions to the transportation & logistics industry. The go-to-market launch will initially focus on a platform-powered application specifically created to address multi-dimension pricing plans required to generate the optimal freight rates for shippers and brokers who depend on carriers like Estes to move freight of all kinds around the world. The global freight handling market has experienced a number of “first time ever” milestones over the last several years which have accelerated the demand for nimble technology, giving carriers the ability to address market opportunities and challenges swiftly, with less dependence on IT resources.

EVENTS

03-04 JUN, 2022

13-14 JUN, 2022

01 AUG, 2022

World Conference on Science Engineering and Technology

World Conference on Science Engineering and Technology (WCSET)

International Conference on Recent Advances in Engineering, Technology and Science (ICRAETS)

LOCATION: DUBAI

VENUE: CYBERTECH GLOBAL UAE LOCATION: DUBAI

LOCATION: SHARJAH

JUNE 2022

ENTERPRISE IT WORLD

NEWS BRIEF // IT WORLD

SAP signs MoU with Delhi Skill and Entrepreneurship University to Empower India’s Youth in Future Skills

S/HE SAID IT

ROGAN MOORE

CHIEF DIGITAL AND INFORMATION OFFICER LIVEKINDLY

“Being a data-led organization is absolutely imperative to our success.”

“As leader you have to modify your style with different team members to have right impact on performance.” SAP has joined hands with the Delhi Skill and Entrepreneurship University (DSEU) with the signing of an MoU focused on development of the youth skilling ecosystem through course and curriculum development in areas of emerging technologies. Through this initiative, DSEU will focus on broadening the reach for its short-term programs through the linkage to ‘Code Unnati’ – the flagship CSR initiative of SAP with the objective of imparting future skills and workforce readiness among the students. Further, SAP shall enable deserving and meritorious students the opportunities of internship. The overarching objective is to build career pathways for youth. Starting this academic year, a six-month training programme will be hosted at six DSEU colleges with a curriculum designed for Computer Science, IT, Electronics, Electrical,

QUICK BYTE ON

B.C.A. and M.C.A students and will focus on core deep technologies fundamentals, SAP specific modular training modules like HANA, ABAP, workforce readiness and soft skills. A total of 500 students will join each cohort with a pedagogy focused on labs- and project-based learning. Ms. Sindhu Gangadharan, SVP & MD, SAP Labs India and Head, SAP User Enablement shared, “India has a unique opportunity to become the global talent hub for future skills and drive deeper impact for our societies, organizations and global communities. SAP’s partnership with Delhi Skills and Entrepreneurship University (DSEU) is an effort in this direction to empower India’s youth with the future skills required to catalyze the next decade of growth and innovation to help the world run better and improve people’s lives.”

PA U L A TO L L I V E R , C O R P O R AT E V P AND CIO, INTEL

SECURITY

Security Consolidation and the Part Played by A Viral Pandemic “With cyber-attacks against corporate networks increasing 50% year-over-year, it has become clear that the past year has seen a dual pandemic, a biological and a cyber one. As the World Economic Forum warned us: “We should prepare for a COVID-like global cyber pandemic that will spread faster and further than a biological virus, with an equal or greater economic impact.”To defend against an expanding attack surface, security teams are increasingly adopting new cyber security products to protect networks, cloud infrastructure, IoT devices, as well as users and access. However, stitching together different products from multiple vendors may create security gaps and operational overhead.” JUNE 2022

ENTERPRISE IT WORLD

ITWORLD // NEWS BRIEF

Crestron Collaborates with Zoom to Organize Zoom Rooms Experience Day

Optimizing operational efficiency is a top business priority, say 73 per cent of decision-makers in APAC study Aruba, announced the findings to a study it commissioned to evaluate the impact of high-performance networking and security solutions on connected and smart high-tech manufacturing operations. The study by Forrester Consulting found three in four manufacturers in Asia Pacific prioritizing innovation and automation for greater operational efficiency and resilience over the past 12 months. The study, High-Tech Manufacturing Begins with High-Performance Networking and Security Solutions surveyed more than 270 business and IT decision-makers from high-tech

EXECUTIVE

manufacturers in Australia, India, Japan, Malaysia, South Korea, Taiwan, and Thailand in the first quarter of 2022. It found that edge solutions, IoT applications, and networks were essential to driving innovation for 63 per cent of respondents, with 61 per cent indicating they had optimized manufacturing processes with automation and robots. Meanwhile, 69 per cent of respondents said they were either piloting or already using cloud-managed networking and security solutions to benefit from improved flexibility, scalability, and defense capabilities.

Crestron Electronics, a global leader in seamless conferencing products and hardware innovations teamed up with Zoom Video Communications, Inc. to organize Zoom Rooms Experience Day on June 15. The event was organized with the aim of elevating employee and customer engagement and addressing the challenges present at the workspace. The Zoom Rooms Experience Day featured a walkthrough experience of Crestron’s hardware innovations and Zoom Rooms powered by Zoom’s platform. Both Zoom and Creston, each pioneer in their respective areas of expertise, are working to bring video collaboration into any space seamlessly. Their combined offerings are designed in a way to elevate employee and customer engagement for organizations across varied sizes and industries. This collaboration offers the participants a journey that will allow them to: · Discuss their workspace challenges · Consult the Crestron team on hardware options · Discuss with Zoom experts on the right solution for their business · Deep dive into Zoom Rooms’ functions and features · Speak with Zoom and Crestron teams for the right solution for their customers.

MOVEMENT

Shashank Bajpai joins CredAble as CISO

Dr. Mukesh Mehta Joins Monarch Networth Capital as Group CTO-CISO

Ashish Khanna Joins Evalueserve India as CISO

Arcserve Expands Senior Leadership in Asia Pacific

10 ENTERPRISE IT WORLD

JUNE 2022

Srinivasan Mahalingam Joins C-Square Info Solutions as CISO

NEWS BRIEF // IT WORLD

BOOK

SHELF

The Power of A Positive Attitude: Your Road To Success

GLOBAL UPDATE

Thales Launches Data Protection Solution for DevSecOps Teams Thales introduces the CipherTrust Data Security Platform Community Edition bringing the #1 Key Management and Encryption platform to developers and DevSecOps teams Thales has announced the CipherTrust Platform Community Edition, enabling DevSecOps teams to deploy data protection controls into multi-cloud applications in minutes instead of weeks. The CipherTrust Platform is the world’s most broadly deployed encryption and key management solution for data protection applications. IT teams around the world use it to protect sensitive data assets. The CipherTrust Platform Community Edition is a version of the CipherTrust Platform targeted to developers and DevSecOps teams to evaluate and integrate the solution into their workflows and build pipelines. Thales has reduced the friction required to implement data protection technology and provides an easier path for organisations to scale from development to production. Seamlessly go to production Starting with the CipherTrust Platform Community Edition, developers and

DevSecOps teams can be sure to be implementing an enterprise-grade solution that, when ready to scale or go into production, can seamlessly be upgraded to the CipherTrust Enterprise platform. The Community Edition includes most of the features of the CipherTrust Enterprise platform and is well suited for small or development-type infrastructures. It consists of a free-forever version of CipherTrust Manager and two CipherTrust connectors, CipherTrust Transparent Encryption for Kubernetes and CipherTrust Data Protection Gateway. Simplify centralised key management and encryption Protecting keys and certificates associated with applications and containers allows DevSecOps teams to manage a crucial element of an organisation’s security strategy. With the Community Edition, developers can centralise key management and encryption policies across multi-cloud applications. When the solution requires a secure root of trust upgrading to the CipherTrust Enterprise Platform enables access to a FIPS 140-2 Level 3 certified Thales’ Luna Hardware Security Modules.

ROGER FRITZ

PRICE

RS. 99.00 (PAPERBACK) WHERE

AMAZON.IN

About The Book Have you ever wondered how your attitude can influence your Success and failure? Have you ever considered the power of saying ‘I Can’, ‘I must’, ‘I will’? “I am not saying a positive attitude can make you successful. I am saying a positive attitude will make you successful.”

About the Author Dr. Fritz was a prolific author of over 63 books on management development and personnel motivation/self-help. He produced over 25 audio albums, and edited three video training series. Six corporations have tapped his broad experience as a member of their Board of Directors.

India to Auction 5G spectrum next month India is all set to host its first ever auction of 5G spectrum in July. The government is putting 72GHz of 5G frequencies for sale and it could yield Rs 4.5 lakh crore at base prices. As per the government representatives, the auction of spectrum is going to happen for 20 years across nine bands ranging from 600 MHz to 26 GHz at prices recommended by the telecom regulator. The government with the advice from TRAI had tried a pricing model from 2018 but this time the price looks to be 40% less though the telcos have been asking for a 90% reduction from 2018. The cabinet has also allowed enterprises to

directly obtain spectrum from the Department of Telecommunications (DoT) for setting up private captive 5G networks. This is of course will help Industry in expanding its digital strategy with strong integration of cloud, AI ML and IOT, etc. Ramesh Natarajan, Chief Executive Officer, Redington India Ltd., said: “The Government of India’s decision to commence 5G spectrum auction from July will set in motion a new phase of growth, innovation and transformation of businesses across various industry sectors. It will unleash new use-cases for enterprises, telecom as well as the end consumers, strengthen last mile

connectivity and fuel the economic progress of India. 5G is going to boost the demand for the right infrastructure and expertise to support its deployment, implementation and application. We, at Redington India, are well positioned to cater to these demands and requirements through our strong capabilities in distribution, supply chain and technology solution.”

JUNE 2022

ENTERPRISE IT WORLD

ITWORLD // NEWS BRIEF

EnableX and Sattva Connect collaborate to accelerate digital transformation of Yoga through Video API EnableX, has collaborated with Sattva Connect, an online yoga platform that inspires transformation, self-realization, and healing. On the eve of International Yoga Day, Sattva Connect is using EnableX’s Video platform for a real-time, holistic, yoga session with over 600 enthusiasts simultaneously joining from across the world. With its origin in Rishikesh, India, Sattva Connect has followers from all over the world who share their mutual love for yoga and yogic practices. It believes in yogic wisdom and technologies to elevate consciousness in order to transform lives. As a part of International Yoga Day celebrations and to connect with the ever-growing and committed yoga community, Sattva Connect plans to host a series of exciting virtual yoga sessions on EnableX’s Video Platform EnableX offers an engaging technology platform that boosts interactions between the host and audience irrespective of the scale of the virtual event. The former will be using EnableX CPaaS capabilities for a synchronic and real-time communication with its community of teachers and students world-wide.

Union Bank of India unveils Cyber Security Mascot to create Cyber Security Awareness Union Bank of India announced a unique initiative, first of its kind in the Cyber Security Domain by creating & adopting the concept of Cyber Security Mascots to promote Cyber Security awareness amongst its Staff and Customers towards building robust Cyber safe Bank. The Cyber Security Mascots, named U SursKsha (Female Mascot) and UrsKshak (Male Mascot) were unveiled by Ms. A. Manimekhalai, MD&CEO, Union Bank of India at Mumbai. Union Bank of India has taken this proactive step towards meeting the guidelines of Ministry of Home Affairs, Govt. of India to observe 1st Wednesday of every month as ‘Cyber Jaagrookta (Awareness) Diwas’ with special emphasis on capacity building of employees to deal with the challenges of Cyber-crimes. This Cyber Security Mascot will act as an enabler to spread Digital awareness amongst Bank’s customers to protect them against the dangers of the Cyber world.

QualityKiosk Recognized as the Best Customer Experience Provider at the MEA Finance Banking Technology Summit and Awards 2022 QualityKiosk Technologies, one of the largest independent digital assurance solutions providers in the world, was awarded the Best Customer Experience Provider title at the MEAFinance Banking Technology Summit and Awards 2022 held on 19May at the Armani Hotel, Burj Khalifa, Dubai. The award recognized QualityKiosk for its innovative and extensive customer experience solutions that have enabled banks to enhance customer satisfaction and delight customers with day-to-day banking experiences. The awards ceremony, organized by the MEA Finance Magazine, recognized technology vendors and financial institutions that leveraged the power of innovation 12 ENTERPRISE IT WORLD

JUNE 2022

to deliver seamless end-user experiences and set new benchmarks to heighten the competitive industry environment. A panel of judges comprising leading industry experts, analysts, and commentators, evaluated hundreds of entries based on achievements, range of clients, relevant developments, and achievements from the past year to identify winners across 45 different categories. The awards ceremony, organized by the MEA Finance Magazine, recognized technology vendors and financial institutions that leveraged the power of innovation to deliver seamless end-user experiences and set new benchmarks to heighten the competitive industry environment.

DIGEST FINLAND LAUNCHES FAST TRACK LINE FOR INDIAN TECH TALENT AND WELCOMES MORE APPLICANTS TO NEW POSITIONS Finland has been received more than 1,000 applications from India’s tech talent to join its vibrant start up and technology scene, which attracts global tech-savvy talent. But there is still an opportunity to apply, as Finland extends a warm invitation to Indian talent to join its close-knit community in ‘the happiest country in the world’. The Find Your Finnish Future campaign is now urging talented individuals to submit applications. If successful, the new ‘fast-track’ schemecould see them living their best lives within two weeks’ of a job offer from tech businesses in Finland. Finland’s recruitment initiative to attract the brightest from India’s tech community has already received more than 1,200 applications for roles through the scheme. KYNDRYL, VERITAS ENTER GLOBAL PARTNERSHIP TO HELP ADDRESS CYBERSECURITY THREATS Kyndryl and Veritas Technologies today announced a global partnership to help enterprises protect and recover their critical data across multi-cloud environments. As per the agreement, Kyndryl will deliver Veritas’ industry-leading data management portfolio to enterprise customers as a fully managed service, “Protection and Cyber Resiliency, Powered by Veritas.” “Veritas and Kyndryl share a commitment to help enterprises manage their growing data estates as they transition to the cloud. OPENTEXT POWERS THE INFORMATION ADVANTAGE WITH CLOUD EDITIONS 22.2 OpenText announced Cloud Editions 22.2 (CE 22.2) featuring new capabilities and innovations that enable businesses to be agile, responsive, and resilient in a time when disruption is accelerating. As a global leader in information management, OpenText is powering and protecting businesses to achieve information advantage by being intelligent, connected, and responsible Businesses need to be prepared for the next wave of disruption,” said Mark J. Barrenechea, OpenText CEO & CTO. “Understanding that information is exponential and seizing this opportunity to address bigger issues such as sustainability, talent, compliance, supply chain disruption, and new rules of customer engagement with an information advantage is key. Digital fabrics are at the core of everything we do at OpenText.

NEWS BRIEF // IT WORLD

MANAGEMENT

MANTRA

“Businesses have to shift from selling products to selling outcomes.” Tien Tzuo, CEO of Zuora

Cloud data breaches and cloud complexity on the rise, reveals Thales

The 2022 Thales Cloud Security Report, conducted by 451 Research, part of S&P Global Market Intelligence, reports that even though cloud and notably multicloud adoption remains on the rise, 37% of respondents from India have experienced a cloud-based data breach or failed audit in the past 12 months, up from the previous year (33%)[1]. Despite security concerns, cloud adoption however continues to grow across India and the globe. In 2021, organisations worldwide were using an average amount of 110 software as a service (SaaS) applications[2], compared with just eight in 2015, showcasing a startlingly rapid increase.

There has been a notable expansion in the use of multiple Infrastructure as a service (IaaS) providers, with almost three-quarters (72%) of businesses globally using multiple IaaS providers, up from 57% the year before. The use of multiple providers has almost doubled in the last year, with one in five (20%) of global respondents reporting using three or more providers. Despite their increasing prevalence and use, businesses share common concerns about the increasing complexity of cloud services with 40% of IT professionals from India agreeing that it is more complex to manage privacy and data protection in the cloud. Additionally, the journey to the cloud is also becoming more complex, with the percentage of respondents reporting that they’re expecting to lift and shift, the simplest of migration tactics, dropping from 55% in 2021 to 24% currently. This stands true for respondents in India as well with the figure standing at 23% presently. Security Challenges of Multi-cloud Complexity With increasing complexity comes an even greater need for robust cybersecurity. When asked what percentage of their sensitive data is stored in the cloud, 46% of respondents in India said between 21-60%.

Brisbane Airport Selects Cim To Help Improve Operational Efficiency And Sustainability

CIM, the world leading building analytics SaaS platform helping Australian companies achieve net zero emissions, today announced its partnership with Brisbane Airport Corporation (BAC), the operator of Brisbane Airport. As part of a commitment to reducing their environmental impact and improving operational efficiency, BAC has selected CIM to provide building operations monitoring across their Domestic Terminal. The announcement comes after Queensland experienced a bumper period for tourism with record increases in visitor figures through April and May. The Easter break proved a turning point, with Brisbane Airport recording its busiest day in two years. This promising spike in traffic brings operational challenges. Airports are highly complex environments with a vast amount of technology and equipment for onsite teams to manage. CIM’s platform harnesses building analytics, machine learning, and artificial intelligence to deliver immediate insights into building operational performance.

Dell Technologies launches 5 new AMD-powered G15 laptops for unrivalled gaming performance Dell Technologies continues to celebrate India’s gamers and their increasing enthusiasm for taking gaming to the next level with the launch of its all-new Dell G15 AMD edition (5525). Fired by the next-gen AMD Ryzen™ 6000 H series processors, the new range encompasses all the necessary I/O ports, innovative thermal systems, the latest NVIDIA® GeForce RTX™ GPUs, and a chassis that exudes stylish gaming. The G15 5525 comes in 5 different configuration options that are best suited for a gamer’s needs. Anand Subramanya, Director, Product

Marketing, Consumer and Small Business, Dell Technologies, India, said, “The Dell G15 AMD edition is conceived and designed in line with the unique needs of a gamer that wants to advance their skills. From cutting-edge CPUs to powerful discrete graphics cards and sophisticated thermals, we aim to create an immersive and lifelike gaming experience, every time!” ● Perpetual high performance: With nextgen AMD Ryzen™ processors up to 6800H R7 and optimized settings, gamers can revel in powerful and consistent high-end performance during

every gaming session. Like its siblings, the G15 AMD version comes with an Alienware-inspired thermal design featuring optimal cooling, thanks to dual air-intake, ultra-thin fan blades[i], copper pipes, and four strategically-placed vents ● Uninterrupted immersion: With discrete graphics up to NVIDIA® GeForce RTX™ 3060 and a new optional FHD 165Hz display panel with a 2-sided narrow bezel, users get smooth, uninterrupted gameplay and vivid visuals, making it easy to fully immerse in the game.

JUNE 2022

ENTERPRISE IT WORLD

ITWORLD // NEWS BRIEF

Attacker Dwell Time Increased by 36%, Sophos’ Active Adversary Playbook 2022 Reveals

Re-Inventing Business with Application Modernization Application modernization initiatives witnessed rapid uptake to achieve business continuity during disruptions caused by Covid pandemic. Business embarked on digital delivery of services, re-designed internal systems and processes to offer new services and tweaked existing services to launch new business models, even as they worked towards enabling employees to work remotely in a secure manner. “Our challenges are typical to any growing organization with business requirements so dynamic that IT landscape has to always be a step ahead to catch up with the changing business landscape, and so digitization is a business priority in Delhivery and the expectations from IT is huge.”

playing a role in business outcomes. But new technologies require an enabling environment to operate and traditional IT environment is not conducive to support new initiatives. Organizations are fervently adopting modernization strategies to tap the information, data and assets trapped in siloed and legacy environments, and transport that into modern hyper-scaling environments offered by public Cloud. This is helping organizations to embark on gamechanging strategies that are built on a foundation of agile and responsive systems, where decision making based on informed insights and products and services are enhanced with continuous improvements. The external business environment is extremely dynamic and tech-savvy Gaurav Pandey, Head-IT of Delhivery As things open up and businesses entrepreneurs are raising the game by operate in a new normal of hybrid disrupting the status quo with new work environment, the role of new business models leveraging Cloud, technologies such as Cloud, mobile, open-source technologies and APIs. IoT, AI, automation are increasingly

Sophos, released the “Active Adversary Playbook 2022,” detailing attacker behaviors that Sophos’ Rapid Response team saw in the wild in 2021. The findings show a 36% increase in dwell time, with a median intruder dwell time of 15 days in 2021 versus 11 days in 2020. The report also reveals the impact of ProxyShell vulnerabilities in Microsoft Exchange, which Sophos believes some Initial Access Brokers (IABs) leveraged to breach networks and then sell that access to other attackers. John Shier, senior security advisor at Sophos, said, “The world of cybercrime has become incredibly diverse and specialized. IABs have developed a cottage cybercrime industry by breaching a target, doing exploratory reconnaissance or installing a backdoor, and then selling the turn-key access to ransomware gangs for their own attacks,” “In this increasingly dynamic, specialty-based cyberthreat landscape, it can be hard for organizations to keep up with the ever-changing tools and approaches attackers use. It is vital that defenders understand what to look for at every stage of the attack chain, so they can detect and neutralize attacks as fast as possible.” Sophos’ research also shows that intruder dwell time was longer in smaller organizations’ environments. Attackers lingered for approximately 51 days in organizations with up to 250 employees, while they typically spent 20 days in organizations with 3,000 to 5,000 employees.

Tenable Research Reveals “Do-It-Yourself” Ransomware Kits Have Created Thriving Cottage Industry of Cybercrime The shift to the subscription economy has created a new norm in the as-a-service world. And it’s not just Netflix and Spotify that have adopted this business model. New research from Tenable®, found that one of the main reasons ransomware has prospered is due to the advent of ransomware-as-a-service (RaaS), which has catapulted ransomware from a fledgling threat into a force to be reckoned with. The service model has significantly lowered the barrier of entry, allowing cybercriminals who lack the technical skills to commoditize ransomware. Affiliates who earn between 70%-90% of 14 ENTERPRISE IT WORLD

JUNE 2022

the ransom payment, are charged with the task of doing the dirty work to gain access to networks through tried and true methods such as spearphishing, deploying brute force attacks on remote desktop protocol (RDP) systems, exploiting unpatched or zero-day vulnerabilities and purchasing stolen credentials from the dark web. Affiliates may also work with IABs, which are individuals or groups that have already gained access to networks and are selling access to the highest bidder. Their fees range on average from $303 for control panel access to as much as $9,874 for RDP access.

The research found that ransomware’s current dominance is directly linked to the emergence of a technique known as double extortion. The tactic, pioneered by the Maze ransomware group, involves stealing sensitive data from victims and threatening to publish these files on leak websites, while also encrypting the data so that the victim cannot access it. Ransomware groups have recently added a variety of other extortion techniques to their repertoire, including launching DDoS attacks to contacting customers of their victims, making it even more challenging for defenders.

SHIVAAMI // GUEST COLUMN

SHIVAAMI

FUTURE OF WORK – THE NEED FOR CLOUD SECURITY TO HAVE BEHAVIOURAL-BASED APPROACH

BY SANJAY@ACCENTINFOMEDIA.COM

Tech-based approach is no longer enough There are several moving parts that facilitate today’s cloud security challenges, but one stands out in particular – human error.

PUNIT THAKKAR

CEO & MD, SHIVAAMI CLOUD SOLUTION

“Cloud providers are under a lot of pressure to add new services and increase uptime as they are

notable to understand whether the investment made in security to protect their customers.”

According to a report published this year, 27% of companies have had a security incident in their public cloud infrastructure. Cloud providers are under a lot of pressure to add new services and increase uptime as they are notable to understand whether the investment made in security to protect their customers’ assets is at a proper level. Tech-based approach is no longer enough There are several moving parts that facilitate today’s cloud security challenges, but one stands out in particular – human error. It isn’t due to a lack of standards, policies, or procedures, nor is it due to a lack of technical controls. The expected oversights, unsurprising incidents and predictable breaches will continue to occur in Cloud infrastructure. Network hosts, web applications and web service endpoints can all be attacked by virtually anyone on the internet, even in commoditized cloud environments that are assumed to be secure. The enterprises may not be aware of it, particularly if cloud vendors lack the visibility and control required for detection and response. How to overcome and minimize damages resulting by human error? Customers must better employ behavioural analytics with a focus on human trends, patterns, activities and habits to ensure cloud security for the enterprise as online information access behaviour is changing at light speed. User Behaviour Analytics (UBA) solutions analyse patterns of human behaviour and use algorithms and statistical analysis to identify meaningful anomalies that may indicate potential threats. It’s preferable to be proactive rather than reactive in this situation by users testing the cloud environments if allowed to. It is good to atleast request for a copy of the

vendors’ most recent security audit and security assessment reports. Behavioural analytics can be used by businesses to create and lay out a standard baseline of expected standard data usage activity. Only then it is possible to set the trap for abnormalities that could indicate malicious intent or a mistake and take up the necessary steps as needed. It’s always a good idea to verify by asking tough questions about the flaws. Only by using such a defensible approach it is possible to successfully address the cloud security challenges that might occur in the future. Cyber security will increasingly require a blended approach of technological safeguards and a focus on the human touch, as it continues to be an extremely complex and multi-layered problem caused by humans. Each of these vulnerabilities has one thing in common i.e. observable and correctable human behaviour. As a result, the cloud security landscape must now become more behavioural-based. Cyber security will increasingly require a blended approach of technological safeguards and a focus on the human touch, as it continues to be an extremely complex and multi-layered problem caused by humans. Cloud security landscape must now become more behaviouralbased. According to corporate policy and regulatory requirements, 57% of organizations find it difficult to properly protect data in multi-cloud environments. As different environments have different built-in security controls and tools, it’s difficult to achieve consistent protection. With vulnerabilities present and threats waiting to pounce, cloud security challenges are everywhere.

JUNE 2022

ENTERPRISE IT WORLD

COVER STORY // ZERO TRUST

ZERO TRUST

GAINS MOMENTUM AMONGST INDIAN ENTERPRISES Many companies are adopting zero trust to strengthen the security posture. BY SANJAY@ACCENTINFOMEDIA.COM

16 ENTERPRISE IT WORLD

JUNE 2022

ZERO TRUST // COVER STORY

ndia is facing an unprecedented increase in cyberattacks—in the first three months of 2022, India witnessed 18 million cyberattacks and threats, an average of 200,000 attacks every day, according to US based cyber security firm, Norton. What is worrying is that India Inc badly needs a refresh of the cyber security approaches and technologies currently being employed. According to a study by Cisco 37% of the cyber security technologies used by companies in India are considered outdated by cyber security and privacy professionals working in these organizations. The cyber security trends in India are in tandem with global experiences and this is evident in the Gartner 2021 CIO agenda survey which indicates cybersecurity as the top priority for new spending amongst 61% of CIOs. As more organizations leverage cloud computing, the traditional network security perimeter has all but vanished, and security teams are finding it difficult to identify who and what should be trusted to allow access to the networks. Perimeter network security focuses on keeping attackers out of the network but this traditional approach is vulnerable to users and devices inside the network. According to Forrester Research, an estimated 80% of breaches involve privileged access abuse. Such violations include highly visible supply chain breaches at Solar Winds, Microsoft Exchange, and Colonial Pipeline which have brought zero trust into the spotlight. VPNs which were traditionally employed to grant remote access today are cumbersome and do not provide the level of security anymore. Zero Trust is an approach to secure the entire infrastructure with a range of strategies that are designed for breach. Nobody is trusted automatically, even after clearing the perimeter—instead all identities are verified, minimum access is granted based on context, and activities are monitored to make sure controls are working as expected. “Limiting access as much as possible while verifying anything given access is at the heart of zero trust. This approach can be applied in all facets of cybersecurity so that attacks must overcome repeated obstacles and evade constant scrutiny,” Ajit Pillai, Regional Director -APAC, Morphisec. The increasing use of people inside the perimeter via phishing, vulnerable email attachments and poisoned URLs means that more often the attack effectively begins from inside the safe space. Zero trust approach addresses this concern

rejecting the assumption that the inside of your perimeter is a safe space to an assumption that nobody within or outside the environment can be trusted. As restricted corporate networks become more vulnerable to cyberattacks and remote access becomes the norm rather than the exception, the once tried-and-tested security methods have been losing relevance. “Amidst this, the zero-trust approach to security, which reduces the risk of data exfiltration, provides protection against a wide range of threats and offers users a smooth and secure experience. Zero trust is seeing increased adoption particularly in an environment that is no longer limited to the confines of the traditional office network,” says Avinash Dharmadhikari, Chief Information Security Officer at Persistent Systems. Zero Trust Approaches Gaining Momentum According to Cisco’s “Security Outcomes Study Volume 2, zero-trust approaches have penetrated well into Indian organizations with nearly nine in 10 (89 per cent) respondents in India said the company is investing in a ‘Zero Trust’ strategy, with 44 per cent making steady progress in adoption and 45 per cent are at a mature state of implementing it. Says Bijender Mishra, CISO, Alkem Laboratories Ltd, “We were the first pharma company in India, implemented ZT and it helped us to reduce business and organizational risk; better control access to Cloud and container environments; and achieve continuous compliance requirements.” Adds Avinash, “We are gradually moving towards zero trust. As a software development firm doing a full zero trust implementation comes with unique challenges but it is an evolving process and we have to carry along all stakeholders.” The rapidly evolving IT landscape with Cloudfirst and mobile-first approach along with the pandemic that required organizations to extend the corporation to the homes of employees expanded the surface area of attack. This created complex IT environments that are spread across corporate data centers, co-location centers and public Cloud enlarging the space for defenders to protect. As more organizations do more computing outside their perimeter in the cloud, security teams find it increasingly difficult to trust or identify who and what should be allowed or trusted with access to their networks. “Zero Trust simply starts on the principles of trusting no one and least privilege, thereby

JUNE 2022

ENTERPRISE IT WORLD

COVER STORY // ZERO TRUST

FAIZ SHAIKH CO-FOUNDER AND CISO, DIGITAL SOFTWARE LABS

“Zero Trust simply operates on the principles of trusting no one and least privilege, thereby it enforces AVINASH DHARMADHIKARI CISO, PERSISTENT SYSTEMS

“The zero-trust approach to security reduces the risk of data exfiltration, provides protection against a wide

range of threats and offers users a smooth and secure experience. Zero trust is seeing increased adoption particularly in an environment that is no longer limited to the confines of the traditional office network.”

it enforces something beyond standards and frameworks. Even if any organization gets breached, logically the attacker would use privilege escalation in the next step but zero trust is designed to prevent the next step for any attacker,” says Faiz Shaikh, Co-Founder and CISO, Digital Software Labs. Given the complexity of the technology environment specifically as public Cloud comes into play, old approaches of securing the perimeter are no longer sufficient and organizations have to find new ways of enhancing security systems with new approaches such as least privilege access or zero-trust which require every user and device to be authorized and authenticated at each layer. All companies need to move security forward to ensure that they can rapidly identify threats and quickly respond. Zero trust frameworks, when implemented well, can help to protect organizations from unauthorized access to networks, applications, and data. Granular access to resources ensures more control within the network and restricts the damage a breach can cause. User and device authentication is a key pillar of organizational security and all users, both inside and outside the network, must be validated at 18 ENTERPRISE IT WORLD

JUNE 2022

each layer for higher security. The environment is continuously monitored via tools that provide high level of visibility into who is accessing what. In case of breach, the system sends an alert and resolution is quickly achieved with log tracing. “Once in place, the Zero trust model better secures the company, especially from in-network lateral threats that could manifest under a different security model. It entails strong management of users inside the network, multi-factor authentication or even moving beyond passwords with biometrics, and categorization of users—all of which strengthens the security system of the organization,” says Bijender. Primary elements of a zero-trust security architecture The Zero Trust model requires multiple security controls throughout an IT environment to protect and manage identities, devices, networks, applications, and data. The single largest aspect of a Zero Trust architecture is the concept of identity and this includes establishing identity (authentication) and the assignment of privileges to the identity (authorisation). Zero Trust, as the name indicates, focuses on verifying and validating identity rather than blindly trusting prior authentication and

something beyond standards and frameworks. Even if any organization gets breached, logically the attacker would use privilege escalation in the next step but zero trust is designed to prevent the next step for any attacker.”

authorisation. Speaking about zero-trust implementation, Bijender, says, “Adding security parameters to existing applications to make them zero trust-aware is not always feasible. Odds are your existing applications have no facilities today to accommodate zero trust. Therefore, depending on what kind of custom applications you have will dictate whether or not you can adopt zero trust to those processes, and potentially determine the effort and cost required. This is especially true when applications are not microperimeter-compatible, or where no API is exposed to support the required automation.” While there are many starting points on the path to zero trust, all roads still lead to identity, with privileged access controls being the lowesthanging fruit. With an identity-centric zero-trust approach, organizations can ensure least privilege access by verifying who or what is requesting access, the context of the request, the risk to the access environment, and just-in-time/just enough privilege elevation. Zero Trust views every attempt to access the network as a threat. While traditional security often requires nothing more than a single password to gain access, multi-factor authentication (MFA) requires users to enter a code sent to a separate device, such as a mobile phone, to verify they are in fact who they claim to be. The objective is to prevent unauthorized access to data and services and make control and enforcement

ZERO TRUST // COVER STORY

AJIT PILLAI REGIONAL DIRECTOR - APAC, MORPHISEC

“Limiting access as much as possible while verifying anything given access

is at the heart of zero trust. This approach can be applied in all facets of cybersecurity so that attacks must overcome repeated obstacles and evade constant scrutiny.”

BIJENDER MISHRA CISO, ALKEM LABORATORIES

“Adding security parameters to existing applications to make them zero trust-aware is not always feasible.

Odds are your existing applications have no facilities to accommodate zero trust. Therefore, depending on the kind of custom applications will dictate whether or not you can adopt zero trust to those processes, and potentially determine the effort and cost required.” as granular as possible. Privileged Access Management (PAM) capabilities such as verifying identities, MFA, and enforcing least privilege makes zero trust a robust security model. Referring to the NIST 800-207 recommendations, Avinash Dharmadhikari, CISO, Persistent Systems, emphasizes continuous verification to always verify access, all the time, for all resources. The second thing is to limit the “blast radius” and minimize impact if an external or insider breach does occur. And thirdly, automate context collection and response so you can incorporate behavioural data and get context from the entire IT stack (identity, endpoint, workload, etc.) for the most accurate response. Balancing Zero Trust with Business Priorities Zero Trust is not a technology, it’s an architecture and as such is made up of many components, most of which are not dependent on each other. The implementation cannot be achieved via a big-bang approach, rather it is a journey with manageable steps that must be taken one at time. A key challenge of zero trust implementation is that it must be delicately balanced with business priorities for effective outcomes. Otherwise, it can slow down business processes and affect produc-

tivity which in turn will lead to greater challenges as employees start finding ways to circumventing the security system. As zero-trust models rely on a vast network of strictly defined permissions, effective implementation require a large amount of administrative responsibilities. Businesses and companies are in a dynamic mode and people are often moving into new roles or changing locations and keeping the permissions accurate and up to date requires ongoing input and considerable management effort. Even as things change inside the organization, people require continuous and consistent access to sensitive data and information to work, communicate and collaborate and so access controls must be updated each time to ensure the correct people have access to specific information. “Zero-trust models rely on a vast network of strictly defined permissions, but companies are always evolving. People move into new roles and change locations. Access controls must be updated each time to ensure the correct people have access to specific information. Keeping the permissions accurate and up to date requires ongoing input.” says Avinash. Further, Dharmadhikari states that this can

become problematic if controls aren’t updated immediately as unauthorized parties could gain access to sensitive information. For instance, an employee that has been fired and can still access internal information, is a vulnerable state for the organization as the employee can turn rogue and expose data. “Employee need to be monitored more closely and access must be granted according to the profile of the user. Today’s work environment includes not only different kinds of users, but several types of devices and different devices may have their own properties and communication protocols which must be monitored and secured specific to their type,” says Bijender. The process of delivering Zero Trust is also going to unlock many of the regulatory compliances, or at least the cybersecurity aspects of them, that companies have to address now or in the future. When you are implementing an architecture assembled from foundational cybersecurity practices, that foundation provides the base for more than just the architecture itself. The Outlook Embracing zero-trust puts cyber security in the front and center of organizational strategy. Business operations are closely integrated with technology systems and these systems are under constant attack from threat vectors. Organizations must shift the mindset from “How do we implement this and secure it?” to “How do we securely implement this?” Given that businesses operate in a dynamic environment, the security posture also needs to evolve and adapt continuously to mitigate cyber security risks and enhance business resilience. JUNE 2022

ENTERPRISE IT WORLD

Q&A // COSOSYS

ENDPOINT PROTECTOR BY COSOSYS IS AN ADVANCED DATA LOSS PREVENTION (DLP) SOLUTION Mr. Filip Cotfas, talks about the importance of DLP Solutions.

“Endpoint Protector by CoSoSys is an advanced Data Loss Prevention (DLP) solution that puts an end to data leaks and data theft

while offering control of portable storage devices and ensuring compliance with data protection regulations.”

BY AMBIKA@ACCENTINFOMEDIA.COM

How do you view the increasing need for DLP solutions in India across verticals? Over the past years, there has been a big increase in security awareness. Many companies decided to implement a Data Loss Prevention solution either proactively, or because they had a security incident recently. Please provide a synopsis of your full product line. In terms of data security, what is your most popular solution? Endpoint Protector by CoSoSys is an advanced Data Loss Prevention (DLP) solution that puts an end to data leaks and data theft while offering control of portable storage devices and ensuring compliance with data protection regulations. It is designed to protect confidential data against insider threats while maintaining productivity and making work more convenient, secure, and enjoyable. An enterprise-grade DLP software, Endpoint Protector is an ideal choice for companies running on multi-OS networks. What has been the biggest challenge for you this year? 20 ENTERPRISE IT WORLD

JUNE 2022

FILIP COTFAS, CHANNEL MANAGER, COSOSYS

The biggest challenge for me was not being able to travel for face-to-face meetings, like before the pandemic. How does your data loss prevention (DLP) solution solve complex data security challenges? What are your most important promises to your customers? One of the biggest challenges enterprises face when it comes to data protection is compliance. Data transparency is a key element of any compliance effort; enterprise DLP solutions help find, monitor and control sensitive information on company networks and reduce the chances of a disastrous data leak. By deploying DLP solutions, enterprises can reduce the risks of internal threats. As enterprises expand, the amount of data they collect grows exponentially. From customer information and intellectual property to employee data and financial records, companies accumulate highly sensitive information. This brings with it increasingly complex challenges that enterprises must address in the development of their data protection strategies. Endpoint Protector Enterprise comes several extra benefits, enabling enterprises to continu-

ously identify, monitor, and control the data that they need to protect, wherever they are. Which market works stronger for you Tier 1 Markets or the Tier 2 and Tier 3 Cities? And Why? Tier 1, based on our experience most of the companies that are looking for DLP are in tier 1, recently noticed an increase in the requests from tiers 2 and 3 as well. Describe your channel partner initiatives for educating your partners on your advanced solutions? We have a thorough onboarding process that covers both the sales and tech sides. On top of that, we also have free sales and technical training sessions organized for our channel partners, on a quarterly basis. For each new release of our DLP solution, we have dedicated channel newsletters and we also (if the release is very important) organize on-spot webinars to explain both technical and sales advantages that it brings. To access the complete article log on to: www.enterpriseitworld.com

ACC // Q&A

CLOUD COMPUTING AND BIG DATA ANALYTICS ARE DRIVING TECHN OLOGY LANDSCAPE TRANSFORMATION Security crucial while implementing cloud computing solutions.

“In the coming years, we will continue to witness an increase in the adoption of cloud services

BY AMBIKA@ACCENTINFOMEDIA.COM

and their fast growth. There will be an increase in leveraging hybrid cloud strategy and multi-cloud environments.”

What are the key offerings of Applied Cloud Computing and what business needs are they addressing? Applied Cloud Computing (ACC) is helping financial institutions, media, healthcare, manufacturing, and other industries in cloud adoption. Founded in 2014, in Thane, Maharashtra, by Nilesh Satpute, ACC specializes in Digital or Technology Transformation, Cloud Computing, App modernization, Big Data & Analytics Cloud Security, and Product Development. The organization is working at transforming business processes, rationalizing product portfolios, strategizing business assets, complying with regulations, managing risks, and maximizing customer satisfaction. The organization’s expert team members are dedicated to supporting customers to achieve their business goals by leveraging the agility of cloud solutions. ACC also has developed several products to its credit. These include Ottohm – Enterprise Video and OTT Platform, Atlas API – API Management and Development Platform, Atlas CLM – Cloud Life Cycle Management, Atlas HCM – HR Digital Onboarding and Employee Management, Atlas ITSM – Vendor Onboarding and Service Management and Smart Contracts – Contract Automation and Management.

ROGIN RAPPAI,

CUSTOMER ACQUISITION AND STRATEGY APPLIED CLOUD COMPUTING (ACC)

What are the current trends in the Cloud Services industry? How has the Covid 19 pandemic impacted the industry? With the onset of the Covid-19 pandemic, there has been an increase in online business transactions, a rise in remote working culture, and online learning, all contributing to the growth of the Cloud Services market. In the coming years, we will continue to witness an increase in the adoption of cloud services and their fast growth. There will be an increase in leveraging hybrid cloud strategy and multi-cloud environments. Cloud will play a key role in the delivery of AI services. Edge Computing, a more sophisticated technology than Cloud Computing will become the focus of businesses to improve efficiency and decrease latency. The advantages of Serverless architecture will be leveraged more to reduce costs. Cloud Security will take centre stage with the expanding attack surface. What has been the biggest challenge for you this year? Finding the right candidates for our requirements has been the main challenge for us this year.

There is a shortage of skilled professionals with the knowledge and qualifications that are required for some of our projects. However, we worked at cultivating our own resources and trained our team members both with relevant technical and soft skills. Big Data Analytics has been growing steadily. What factors are driving this high growth? This complex process of analyzing huge volumes of data to uncover hidden patterns and derive customer preferences and market trends, delivering insights enabling organizations to make informed decisions, constitutes Big Data Analytics. According to Fortune Business Insights, the big data analytics market is projected to grow from US$231.43 billion in 2021 to US$549.73 in 2028 at a CAGR of 13.2% during the forecast period. Key growth factors that are driving the growth can be attributed to the increase in data generation due to the high usage of smartphones, the increase in e-commerce and social media platforms, and e-mails from multiple sources. To access the complete article log on to: www.enterpriseitworld.com

JUNE 2022

ENTERPRISE IT WORLD

REMOTE WORK // GLOBALIZATION PARTNERS

92% OF APAC CFOS AGREE ALLOWING EMPLOYEES TO WORK FROM ANY LOCATION

BY SANJAY@ACCENTINFOMEDIA.COM

CFO research that reveals more than seven out of ten CFOs around the world (72%) are concerned about wages rising to stay competitive.

SIMONE NARDI

CHIEF FINANCIAL OFFICER, GLOBALIZATION PARTNERS

“Expanding into new markets to find both talent and opportunity provides a path forward for continued growth at reduced cost and risk.”

22 ENTERPRISE IT WORLD

JUNE 2022

Globalization Partners (G-P), the leading Global Employment Platform that makes it fast, simple, and compliant for companies to hire anyone, anywhere, today announced CFO research that reveals more than seven out of ten CFOs around the world (72%) are concerned about wages rising to stay competitive. Other top challenges for worldwide CFOs include supply chain disruption (29%), talent shortages (23%), and global affairs (18%).

Survey results show that, even though there are concerns, CFOs remain surprisingly bullish on growth. In APAC, more than three in four (77%) of CFOs feel their long-term plans will stem around expansion into new countries. In challenging

times, CFOs look to determine how they can do things differently and as a result, new ideas about future growth emerge,” said Simone Nardi, Globalization Partners’ Chief Financial Officer. “Expanding into new markets to find both talent and opportunity provides a path forward for continued growth at reduced cost and risk.” In terms of global expansion plans in the next 12-18 months, APAC CFOs said their top expansion territories are Asia-Pacific region (64%), United Kingdom (16%), European Union (5%), The Middle East and Africa (5%) and North American region (3%). In APAC, 82% of CFOs say holding on to talent is a top concern. CFOs in APAC are navigating the uncertainty by offering more flexibility, such as remote-first and hybrid work. In addition: ● More than half of APAC CFOs (56%) say that their retention strategy over the next 12-18 months will be expanding benefits, including flexible working arrangements ● More than 9 out of ten APAC CFOs (92%) agree that allowing employees to work in locations of their choice rather than having to backfill a position is the preferred talent strategy for key stakeholders ● Half of APAC CFOs (49%) say their companies’ talent strategy is based on a hybrid workplace “The opportunity for global expansion is more interesting now than ever,” says Nardi. “And now is the time to think differently about how adversity in one market or region may mean opportunity in another and how this type of fresh perspective can help in building a stronger company.”

MONGODB // DB

DEV ITTYCHERIA

PRESIDENT & CEO, MONGODB

“Our vision is to offer a developer data platform that provides a modern and

elegant developer experience, enables broad support for a wide variety of use cases, and delivers the performance and scale needed to address the most demanding requirements.”

BY SANJAY@ACCENTINFOMEDIA.COM

MongoDB unveiled its Developer Data Platform vision with a series of new groundbreaking capabilities at MongoDB’s annual conference, MongoDB World at the Javits Center in New York City. With these announcements, MongoDB is empowering development teams to innovate faster by addressing a wider set of use cases, servicing more of the data lifecycle, optimising for modern architectures, and implementing the most sophisticated levels of data encryption, all within a single integrated developer data platform. “Hundreds of millions of new applications will be developed over the coming years that deliver compelling customer experiences, enable new capabilities to transform businesses, and increase operational efficiency via more sophisticated automation – and these applications all require a highly scalable, cloud-native, globally distributed data platform,” said Dev Ittycheria, President & CEO of MongoDB. “Our vision is to offer a developer data platform that provides a modern and elegant developer experience, enables broad support for a wide variety of use cases, and delivers the performance and scale needed to address the most demanding requirements.” Addressing a wider spectrum of use cases MongoDB has extended its compelling and unique approach of working with data beyond operational and transactional use cases to serve search and analytics use cases, all within a unified platform. These enhancements allow teams to accomplish more while preserving a consistent developer experience and reducing the complexity of the data infrastructure required to support modern applications. ■ MongoDB announced a number of

MONGODB

FUTURE OF WORK – THE NEED FOR CLOUD SECURITY TO HAVE BEHAVIOURAL- BASED APPROACH Company introduces a unified set of new capabilities in Atlas to address the growing data needs of developers to build modern applications. capabilities that make it easier for developers to build in-app analytics and power richer application experiences. Column store indexing, available later this year, will enable users to create and maintain a purpose-built index that dramatically speeds up many common analytical queries without requiring any changes to the document structure or having to move data to another system. Furthermore, analytics nodes can now be scaled separately, allowing teams to independently tune the performance of their operational and analytical queries without overor under-provisioning. ■ MongoDB time series collections make it easier, faster, and lower cost to build applications that monitor physical systems, track assets, or deal with financial data. In the upcoming MongoDB 6.0 release, time series collections will support secondary indexes on measurements, and feature read performance improvements and optimiza-

tions for sorting time-based data more quickly. ■ Atlas Search is the fastest and easiest way to build relevance-based search capabilities into applications. Now, with Search Facets, developers are able to rapidly build search experiences that allow end users to more seamlessly browse, narrow down or refine their results by different dimensions. Servicing more of the data lifecycle MongoDB announced new products and capabilities that enable development teams to better analyse, transform, and move their data in Atlas while reducing reliance on batch processes and ETL jobs that can create delays, limit productivity, and increase costs.

To access the complete article log on to: www.enterpriseitworld.com

JUNE 2022

ENTERPRISE IT WORLD 23

IX // DE-CIX INTERNATIONAL

DE-CIX INTERNATIONAL

4 REASONS WHY REGIONAL INTERNET EXCHANGES WILL LEAD TO ECONOMIC GROWTH Establishing a regional Internet Exchange will not only achieve that, but in addition offer tremendous growth opportunities for cities and their economies.

IVO IVANOV

CEO, DE-CIX INTERNATIONAL

“The digital economy has become the backbone economic growth for the future, and no sector can afford o not to be on the path to digitalization. This is why the development of local digital infrastructure is crucial to strengthening the local economy and thus creating a better quality of life for citizens.”

n today’s digital business world, especially when it comes to business processes, interconnection requirements are increasing in parallel with the growth in digital and cloud-based services. According to a study conducted by the OECD, the global Covid19 pandemic has accelerated the need for stable, fast, and efficient Internet for millions of employees and employers who already take advantage of the option of working from home and are more likely to do so in the future. These employees

24 ENTERPRISE IT WORLD

JUNE 2022

DE-CIX INTERNATIONAL // IX

Local Interconnection improves the connectivity and performance of digital applications In our digital age, most companies need high-performance and secure interconnection to do business. Establishing a regional Internet Exchange will not only achieve that, but in addition offer tremendous growth opportunities for cities and their economies. Local IXs reduce latency between connected enterprises and enhance the speed of connectivity because data is not forced to travel further to be exchanged in larger digital hubs. Local interconnection also increases resilience, and leads to a more stable network. This provides better performance overall for applications such as cloud computing, VoIP connections, video conferencing and online collaboration. The applications on which our digital future will be based will require extremely low latency. Smart IoT and critical applications that require real-time responses, such as autonomous driving, require latencies in the 1-3 millisecond range and will therefore need to

be performed within a range of 50-80 km from the user. This means that connectivity between the data centers where this data is processed and stored needs the shortest path to where the data is consumed. In turn, this allows companies in the region to interconnect with each other at the lowest possible latency. In order to max out and future-proof the growth potential of economic areas and second/third-tier cities away from major metropolitan hubs, in addition to good broadband infrastructure, data centers are needed that act as the core of regional networking. These data centers can provide access to a distributed Internet Exchange or interconnection platform, which offers various interconnection services for Internet service providers (ISPs) and enterprise networks. Connectivity to clouds and content improves growth potential According to the World Bank, more than 80% of global GDP is now generated in cities. Encouraging migration to your region through making it attractive to citizens is decisive for building the local economy. Current trends, however, favor working from out of the home office. In a recent survey conducted by Paulsen and Audience Audit, many Americans said they would consider moving to a rural or suburban home. For 67% of respondents, however, one factor would be the deciding one: Internet access. Investments in this area are not only profitable, but also make a positive contribution to regional economic development and the remote workforce who is dependent on this. More specifically, local businesses will be able to accelerate and grow their business potential through direct connectivity to clouds, content and enterprise-grade applications such as Microsoft 365, and skilled workers are more likely to migrate to cities with good connectivity. How can this be achieved? A regional IX not only facilitates local data exchange, but is ideally also connected to larger IXs in major, (inter)national hubs, where many of the global players can be found, such as AWS, Microsoft, and Google. Shorter, direct pathways to clouds and digital resources increase security and performance. This results in an increase in the overall quality of the Internet, making a region more attractive for people escaping major hubs, while at the same time attracting new business investments. Cities and regions with a highly developed digital economy are more competitive The digital economy has become the backbone of economic growth for the future, and no sector can afford not to be on the path to digitalization. This is why the development of local digital

infrastructure is crucial to strengthening the local economy and thus creating a better quality of life for citizens. According to a study by the Leibniz Centre for European Economic Research (ZEW), cities with a highly developed digital economy are more competitive and grow faster than their more analog peers. The researchers were also able to prove that not only the region in question benefits from a good broadband infrastructure, but also neighboring, less well-connected regions. Therefore, as each region individually fortifies its own connectivity and digital infrastructure, the flow-on effects will be felt more broadly. This is the proof that, by working in concert, cities and regions can create something greater than simply working alone. The establishment of regional IX infrastructure can thus support national rollout strategies, helping bring more and more of a country’s population online with high-performance connectivity, able to participate in digital economies across city, state, and national borders. Regional Internet Exchanges create business opportunities for network operators and data centers A regional Internet Exchange is not only a defining competitive advantage for the city in question, but also a major business opportunity for the infrastructure players housing it. Therefore, ISPs, city carriers, and regional data center operators can benefit from being involved in establishing and/or operating an IX. If they do not have the in-house interconnection knowhow to do this themselves, they can develop their interconnection business in partnership with an existing expert, such as DE-CIX. The DE-CIX as a Service (DaaS) program, for example, offers professionally managed IXs, built to the partners’ desired dimensions. The IX can be shipped to the doorstep as “DE-CIX in a Box”, based on DECIX’s award-winning Apollon technology and offering DE-CIX’s multi-service interconnection platform. A regional Internet Exchange offers various interconnection services for local carriers or data center operators – which they can sell on to their local enterprise customers. The IX will also attract more businesses to the region, which are potential customers for the infrastructure providers. These can offer modern interconnection services such as direct connection to global hyperscale clouds – directly on site via a regional data center. The result: A wellfunctioning distributed ecosystem with great economic potential as part of the local digital economy.

To access the complete article log on to: www.enterpriseitworld.com

JUNE 2022

ENTERPRISE IT WORLD 25

BY SANJAY@ACCENTINFOMEDIA.COM

depend on video calls, stable VPN connections, and fast access to work-related material. Because of the importance of digital applications to businesses and people, every millisecond counts. This is where latency, the time it takes for data to travel to its destination for processing and back again, plays a major role. High latency causes the lag we experience, for example, when we encounter performance problems on video conferencing software. All digital applications used in offices, the manufacturing sector, and all other industries today are extremely latency sensitive, as they need to deliver high performance without delays to guarantee a better digital experience. Big cities, with their large populations and strong economies, tend to lead the way in offering good quality connectivity. To ensure that regional connectivity is as good that available in major hubs, data needs to travel efficiently and avoid long distances. An expansion of local interconnection is therefore necessary to meet the demands of businesses and people in regional locations. Regions outside of the major metropolitan hubs need to invest in local digital infrastructure, such as expanding high-speed broadband networks and establishing Internet Exchanges, to maximize the potential for success, achieve low-latency connectivity, and ultimately better serve their citizens. Ivo Ivanov, CEO of DE-CIX International, has identified four benefits of interconnection infrastructure in the form of regional Internet Exchanges (IXs), contributing to a positive development of regional digital economies.

DIGITIZATION // ZENSEACT

eeamSoftware announced thatZenseact is using Veeam Availability Suite and Kasten K10 by Veeam for reliable data backup, protection and disaster recovery solutions and to streamline their containerized development processes, giving them a competitive edge in a very fast-paced, innovative industry. Based in Sweden with a team of employees from more than 55 countries, Zenseact creates ground-breaking automotive software with the ultimate goal of developing self-driving software that enables customers to feel safe and relaxed. Originating from Volvo Cars and Zenuity, Zenseact is at the forefront of the market for autonomous vehicle software with a safety-first mindset. To retain its position at the leading edge, the company maintains a rapid pace of innovation, driven by data-intensive IT. Zenseact must be able to recover data quickly and effectively in the event of a disaster, making backup processes crucial for the company to operate without interruptions or operations delays. Zenseact relies on Veeam Availability Suite as its backup, recovery and monitoring solution to protect approximately 400 mission-critical virtual machines (VMs) across its IT environment. “We selected Veeam Availability Suite for its rich feature set, flexibility and scalability. The solution aligns with our agile mindset and best practices,” said Johan Jansson, Scrum Master and Service Owner at Zenseact. “Veeam enables us to move fast to deliver new capabilities to our customers – because we know we can always roll our systems back quickly and easily.” The company began moving workloads from VMs to containers to reduce overhead and free up time and resources for development and innovation. Zenseact evaluated five different data protection solutions for containerized workloads and ultimately selected Kasten K10 – a cloud native backup and recovery solution for Kubernetes data and applications – to provide both freedom of choice and safety to their developers, so they may perform to their full potential while keeping risk of data loss low. “According to the Veeam Data Protection Trends Report 2022, 56% of organizations currently run containers in production or plan to in the next 12 months,” said Danny Allan, CTO at Veeam. “Zenseact is an industry leader in rapidly transforming their business and moving their workloads from VMs to containers. As a long-time user of Veeam technology to ensure that data is protected end-to-end across their IT environment, adding Kasten by Veeam K10 which is purpose-built for Kubernetes, is the ideal data protection solution for their containerized 26 ENTERPRISE IT WORLD

JUNE 2022

ZENSEACT

ZENSEACT IS MOVING WORKLOADS FROM VMS TO CONTAINERS POWERED BY VEEAM AND KASTEN K10 BY VEEAM Automotive software company saves 150 hours per month on backup management and reduces risk by providing future-proof, reliable backup capabilities.

JOHAN JANSSON

DANNY ALLAN

SCRUM MASTER & SERVICE OWNER: COMPUTE ZENSEACT

CHIEF TECHNOLOGY OFFICER VEEAM SOFTWARE

workloads and to ensure Zenseact’s environment is fully protected.” “Together, Kasten K10 and Veeam Availability Suite are supporting our strategic transition to containerized workloads,” said Jansson. “We’re committed to using the solutions long term and feel confident they will evolve alongside us. Already, we’ve seen the positive impact on upcoming functionality.” The Zenseact team hit the ground running with Kasten K10, quickly becoming familiar with the interface and setting up backup policy automation for containers to cut the risk of a data-loss incident and delaying the product development process. Today, the company’s 500 developers can automatically include backups when they set up

a new project and easily make changes at a later date, giving developers flexibility while keeping management simple. By combining Kasten K10 and Veeam Availability Suite, Zenseact prevents the IT team from being a bottleneck when it comes to backups. Both developers and IT specialists at Zenseact save 150 hours per month on backup management thanks to Veeam and Kasten K10 technology, enabling them to work more productively. “Kasten becoming part of Veeam is a great advantage for us,” Jansson said. “As we work towards our ambition of safe, accessible self-driving cars, we’re using Veeam and Kasten technology to ensure our developers always have the data they need for innovation.”

KYNDRYL // SECURITY

KRIS LOVEJOY GLOBAL SECURITY AND RESILIENCY PRACTICE LEADER, KYNDRYL

“Kyndryl will serve as Veritas’ Platinum Services Partner, enabling deployment, migration, and delivery of Veritas managed services. By

leveraging Veritas’ market-leading innovation in data management together with Kyndryl’s industryleading services portfolio, we can empower the world’s largest enterprises to manage and protect their data at the edge, on-premises and in the cloud.”

KYNDRYL

KYNDRYL, VERITAS ENTER GLOBAL PARTNERSHIP TO HELP ADDRESS CYBERSECURITY THREATS

BY SANJAY@ACCENTINFOMEDIA.COM

Veritas and Kyndryl share a commitment to help enterprises manage their growing data estates as they transition to the cloud. Kyndryl and Veritas Technologies today announced a global partnership to help enterprises protect and recover their critical data across multi-cloud environments. As per the agreement, Kyndryl will deliver Veritas’ industry-leading data management portfolio to enterprise customers as a fully managed service, “Protection and Cyber Resiliency, Powered by Veritas.” “Veritas and Kyndryl share a commitment to help enterprises manage their growing data estates as they transition to the cloud. Today,

Kyndryl is building a partnership with Veritas to help some of the world’s largest organizations completely transform their approach to data protection,” said Kris Lovejoy, Global Security and Resiliency Practice Leader at Kyndryl. “We plan to leverage the value of Veritas Technologies to help organizations manage their data in the most efficient way to enable digital transformation.” “Our partnership with Kyndryl addresses the biggest challenges facing the enterprise today, such as the persistent threat of cyberattacks, including ransomware and the increasing

complexity of managing extraordinary data growth across multi-cloud environments,” said Mike Walkey, SVP of Global Channels & Strategic Alliances at Veritas. “Kyndryl will serve as Veritas’ Platinum Services Partner, enabling deployment, migration, and delivery of Veritas managed services. By leveraging Veritas’ market-leading innovation in data management together with Kyndryl’s industry-leading services portfolio, we can empower the world’s largest enterprises to manage and protect their data at the edge, on-premises and in the cloud.” Mike added. The partnership with Veritas extends Kyndryl’s framework of cyber resiliency services and solutions, including Security Assurance Services, Zero Trust Services, Security Operations and Response, and Incident Recovery Services. The partnership with Veritas extends Kyndryl’s framework of cyber resiliency services and solutions, including: Security Assurance Services: Security, Strategy & Risk Management, Offensive Security Testing, and Compliance Management Zero Trust Services: Identity & Access Management, Endpoint Security, Network Security, Application & Workload Security, Data Protection & Privacy, and Analytics, Automation & Orchestration.

To access the complete article log on to: www.enterpriseitworld.com

JUNE 2022

ENTERPRISE IT WORLD 27

CLOUD // NETCORE CLOUD

RAJESH JAIN

FOUNDER AND MD, NETCORE CLOUD

“To help brands navigate the widening landscape and master the email channel, Netcore Cloud has released the Email Benchmark Report, 2022. It offers a critical

analysis of 100 billion emails sent by our global customers from 20+ major industries. The report presents valuable insights from multiple email metrics that lead to a deep understanding of customer behavior. Brands can now benchmark their email marketing performance against global peers.”

NETCORE

AI-POWERED PERSONALIZATION AND DELIVERY INCREASED EMAIL REACH BY 35% IN 2021: NETCORE CLOUD’S-STUDY OF 100 BILLION EMAILS

BY SANJAY@ACCENTINFOMEDIA.COM

Netcore Cloud report analyzes over 100 billion emails and showcases findings across 22 major industries. Netcore Cloud, announced the release of its Email Benchmark Report 2022. The report analyzes over 100 billion emails and showcases findings across 22 major industries, including BFSI, Retail & eCommerce, Beauty, Food, Entertainment, and Media. It covers the shifts in email marketing & benchmark metrics since the global pandemic and aims to help marketers strengthen their email strategy in 2022. Email marketing has prevailed to be one of the most trusted channels for marketing departments 28 ENTERPRISE IT WORLD

JUNE 2022

to connect and convert customers into loyalists. However, the pandemic and its subsequentchallenges have ushered in a new era of email marketing with giant leaps into interactivity, privacy, and multimedia. In recognition of the growing significance of email in modern marketing and the astounding response to its earlier version, Netcore Cloud has released its second edition of its Email Benchmark Report for 2022. Kalpit Jain, Group CEO, Netcore Cloud, said, “In the last two years of the global pandemic,

email has become the prominent channel for personalized and conversational marketing. The coming years will see AI-powered tools and interactive emails emerge as the most effective components of customer engagement. To help brands navigate the widening landscape and master the email channel, Netcore Cloud has released the Email Benchmark Report, 2022. It offers a critical analysis of 100 billion emails sent by our global customers from 20+ major industries. The report presents valuable insights from multiple email metrics that lead to a deep understanding of customer behavior. Brands can now benchmark their email marketing performance against global peers.” Rajesh Jain, Founder and MD, Netcore Cloud, said, “Today email has evolved from a personal tool to one that helps businesses connect more meaningfully with their customers. As it offers immense value for solving the attention recession problem, eliminating data poverty, reducing Customer Acquisition Cost (CAC), and providing a pathway to profitable growth, we believe marketers need to prioritize email in the days to come.”

TENABLE // SECURITY

SATNAM NARANG SENIOR STAFF RESEARCH ENGINEER, TENABLE

“With RaaS and double extortion, Pandora’s box has been opened, and attackers are finding holes in our current defences and profiting from them. In 2021, double extortion ransomware increased by 117% globally.”

TENABLE

TENABLE RESEARCH REVEALS “DO-IT-YOURSELF” RANSOMWARE KITS HAVE CREATED THRIVING COTTAGE INDUSTRY OF CYBERCRIME

BY SANJAY@ACCENTINFOMEDIA.COM

The service model has significantly lowered the barrier of entry, allowing cybercriminals who lack the technical skills to commoditize ransomware. The shift to the subscription economy has created a new norm in the as-a-service world. And it’s not just Netflix and Spotify that have adopted this business model. New research from Tenable®, found that one of the main reasons ransomware has prospered is due to the advent of ransomware-as-a-service (RaaS), which has catapulted ransomware from a fledgling threat into a force to be reckoned with. The service model has significantly lowered the barrier of entry, allowing cybercriminals who lack the technical skills to

commoditize ransomware. Affiliates who earn between 70%-90% of the ransom payment, are charged with the task of doing the dirty work to gain access to networks through tried and true methods such as spearphishing, deploying brute force attacks on remote desktop protocol (RDP) systems, exploiting unpatched or zero-day vulnerabilities and purchasing stolen credentials from the dark web. Affiliates may also work with IABs, which are individuals or groups that have already gained

access to networks and are selling access to the highest bidder. Their fees range on average from $303 for control panel access to as much as $9,874 for RDP access. The research found that ransomware’s current dominance is directly linked to the emergence of a technique known as double extortion. The tactic, pioneered by the Maze ransomware group, involves stealing sensitive data from victims and threatening to publish these files on leak websites, while also encrypting the data so that the victim cannot access it. Ransomware groups have recently added a variety of other extortion techniques to their repertoire, including launching DDoS attacks to contacting customers of their victims, making it even more challenging for defenders. These tactics are part of the ransomware gangs’ arsenal as a way to place additional pressure on victim organizations. Satnam Narang, senior staff research engineer, Tenable, said, “With RaaS and double extortion, Pandora’s box has been opened, and attackers are finding holes in our current defences and profiting from them. In 2021, double extortion ransomware increased by 117% globally. CERT-In noted that the country witnessed double the ransomware attacks in 2021 compared to 2020, leading to more organizations paying ransoms,” “So long as the ransomware ecosystem continues to thrive, so too will the attacks against organizations and governments. It’s imperative that these entities prepare themselves in advance so they are in the best position possible to defend against and respond to ransomware attacks.” “While ransomware groups get the most notoriety and attention for attacks, these groups come and go. In spite of the turnover, affiliates and IABs remain prominent fixtures in this space and more attention should be given to these two groups in the ecosystem at large.” JUNE 2022

ENTERPRISE IT WORLD 29

Q&A // SKYHIGH SECURITY

under the banner of SSE.

SKYHIGH SECURITY

OUR GOAL IS TO SIMPLIFY AND ECONOMICALLY DEMOCRATIZE ACCESS TO SSE SOLUTIONS

BY SANJAY@ACCENTINFOMEDIA.COM

In a recent interaction, the CCO of Skyhigh Security, Abhay Solapurkar highlights the market needs that the company is addressing in India, future plans, their products, and much more. What specific market need(s) is Skyhigh security addressing considering the cloud security market is teeming with players across sizes? Two things influence how the cloud security market interacts with clients today. The first is about enterprises’ digital transformation as they adopt more cloud services and shift more of their apps to the cloud, and the second is about what has unfolded in recent years with the remote workforce. This is especially true in India, due to the country’s enormous IT sector. In this setting, the basic security model that has worked for decades fails. Previously, it was completely localised, with all personnel in a workplace building and all data in their data centre, which could be surrounded by a high level of protection. Because data is now everywhere, a new sort of security technique is required. Your security must be in the cloud as well, and so this is a relatively new transformation in the security industry. Skyhigh Security focuses particularly on the Security Service Edge (SSE) market within cloud security. We have developed a completely different approach to cloud security. Concentrate on the data if you want to secure it. So, the policy, the enforcement, everything revolves around the data, regardless of where the data resides. This is known as our data-aware approach. When these security capabilities existed on-premises, you could stack several vendors and have all traffic go through this extremely sophisticated vendor and technology stack in the cloud area. That’s prohibitive because there’s a significant penalty for steering your traffic from one vendor cloud to another, and you’d prefer it to only steer it to one 30 ENTERPRISE IT WORLD

JUNE 2022

cloud. Even though Skyhigh Security is a new company, we have strong technical roots. We have a wide range of technology that is over a decade old, and we have been a leader in this cloud journey since before the cloud market ever existed. Many of our products were among the first to hit the market as part of the McAfee Enterprise product range, which also included a large development centre in Bengaluru. How does SSE differ from Secure Access Service Edge (SASE)? Gartner coined the term SASE to describe an architecture that combines software-defined wide-area networks (SD-WANs) with a portfolio of cloud-based security tools – including SWG, CASB, and ZTNA. The goal of SASE is to shift from traditional perimeter protections to identity-based controls that securely connect people with data and applications from any device and location, even when they aren’t on the VPN. For large enterprises, transitioning to a full SASE system is a lengthy process. Gartner also introduced Security Service Edge (SSE) in early 2021 as a single-vendor, cloud-centric converged solution that accelerates digital transformation by securing enterprise access to the web, cloud services, Software-as-a-Service, and private applications. It is regarded as a critical component in constructing cloud and networking security capable of supporting increased performance and expansion. Recognizing that all-or-nothing approaches are impractical at a time of urgency, Gartner proposed splitting the security and SD-WAN components and unifying the former

How did the pandemic change you as a leader? Pandemic has become a game-changer overnight, and some of the generational industry norms have been altered forever. Today, you don’t need your teams to be in the office to provide all kinds of services, and the standard operating norm has become remote/hybrid. The companies will have to adapt and embrace the new beginning. As a leader, one has to focus a lot more on the health, and well-being of the employee and their family. Mental and emotional issues have caused an impact, and as a leader, one needs to lead with a lot more empathy and a high degree of emotional intelligence. As the older norms of governance don’t hold good, trust and employee engagement needs to be handled with a lot more care and love. Employee onboarding must be done a lot more differently, and psychological safety should be a top priority. Leadership is not only about getting results but also about creating a safe, conducive environment for employees to grow, provide feedback, and talk openly about issues impacting their well begin. Leadership in this era requires a different level of finesse, EQ, and ability to lean in, at all levels. Employee connect is also a focus area as folks are working remotely, and we’re only able to connect virtually, so the connection is more important than what was prevalent in the past. Leadership is all about leading with humility and learning to embrace the new era of managing employees remotely and still getting the work done. It is all about the balance between your personal and professional lives, and leaders need to lead to show the path to that fine balance. Can you tell a bit about your business model, market and competition? We have created a one-of-a-kind platform that allows us to grow capabilities and meet the needs of numerous ecosystem partners around the world. So, whether the needs are highly controlled or unregulated, we can create for them. We deal directly with customers as well as partners through whom we go to market. We already support 3000 customers worldwide, and our goal is to serve not only huge corporations but also smaller organizations that lack the capacity of larger organizations. Our goal is to simplify and economically democratize access to SSE solutions. Skyhigh Security can also integrate data loss security from cloud to endpoint platforms, so we partner with hyperscalers while also being their significant clients, as we use some of those cloud providers to support our own products. As customers migrate to the cloud, the ability to

SKYHIGH SECURITY // Q&A

A B H AY

S O L A P U R K A R

CHIEF CUSTOMER OFFICER, SKYHIGH SECURITY

“Our overarching goal is to provide best-in-class support services to our esteemed customers and ecosystem partners, enabling them to maximize their investment in the Skyhigh Security product portfolio.”

see where their data is and how to protect it leads to a plethora of value-added services on top of the platform. We have already started engaging with channel partners to have them begin to put services on top of our platform, which will all be formalized over the next quarter. What level of technical support is included in your standard SLA? Our overarching goal is to provide best-in-class support services to our esteemed customers and ecosystem partners, enabling them to maximize their investment in the Skyhigh Security product portfolio. We have designed our support plans to help customers take maximum advantage of our services. At a broad level, we have three care plans: Skyhigh Premium Care Plan, Skyhigh Enterprise Care Plan, and Skyhigh Basic care plan. All products come with the Skyhigh Basic Care Plan, which includes basic deployment, education services, and standard support.

Below the SLA details by Care Plans:

Any niche plans/ambitions in India to become the top player in the

security segment? In February this year, Gartner has recognised Skyhigh Security as the leader in the inaugural Magic Quadrant for Security Service Edge (SSE). We intend to concentrate on that market and improve our expertise in securing cloud workloads. Then we examine our target industries in two ways. There are industries that have a lot of compliance and rules related to their data, and then there are those that don’t. We service a lot of verticals that are extremely regulated, and compliance focused since we focus on data and were one of the first firms to do so, and because we speak their language around data, we can give them the visibility and protection they need in their highly regulated settings. That is why we operate extensively in the financial services, healthcare, and government sectors. Aside from those sectors, there are others that seek to protect their data but may not employ the language of compliance and regulatory framework that we find in the previously stated verticals. As a result, transitioning from heavily regulated businesses to non-regulated industries is easier than the other way around. We also collaborate with and seek to develop our customer base in large, global IT and manufacturing firms. These are the segments that we will concentrate on in India as well because they have a strong presence there. What would be the CISOs takeaway from Skyhigh Security? Indian businesses face the same issues as businesses elsewhere. They are becoming more focused on data and on sharing that data through collaboration among staff, partners, and customers. And they’re doing it mostly in a hybrid work environment, which means that while data is now everywhere, so are employees, customers, and partners. This presents CISOs with a unique issue because they want open flow of data so that everyone may collaborate and work successfully. They still want to be able to protect sensitive data, so when people and data are everywhere, the difficulty becomes managing it all in a secure manner. What remains true is that most breaches are caused by someone connecting to the network and gaining access to the data, rather than by breaking into these systems, and thus protecting the data through the employees’ eyes is vital. CISOs may secure their sensitive data to a degree by adopting a zero-trust posture, having strong email protection capabilities, as well as web access capabilities, and, of course, robust monitoring and visibility on how individuals are utilising SaaS assets.

JUNE 2022

ENTERPRISE IT WORLD

SECURITY // CHECK POINT

CHECK POINT

SECURITY CONSOLIDATION AND THE PART PLAYED BY A VIRAL PANDEMIC Check Point’s Threat Intelligence Report on India reports that an organization in India is being attacked on average 1789 times per week in the last 6 months. Average Weekly Number of Attacks per Organization (January 2020 - September 2021)

WORKING WITH MULTIPLE SECURITY VENDORS POSES CHALLENGES TO MY ORGANIZATION

With cyber-attacks against corporate networks increasing 50% year-over-year, it has become clear that the past year has seen a dual pandemic, a biological and a cyber one. As the World Economic Forum warned us: “We should prepare for a COVID-like global cyber pandemic that will spread faster and further than a biological virus, with an equal or greater economic impact.” To defend against an expanding attack surface, security teams are increasingly adopting new cyber security products to protect networks, cloud infrastructure, IoT devices, as well as users and access. However, stitching together different products from multiple vendors may create security gaps and operational overhead. Read more to learn why moving toward security consolidation can significantly enhance security posture, improve security operational efficiency, and greatly reduce TCO (Total Cost of Ownership). Did the COVID pandemic instigate a cyber pandemic? Both pandemics perform malicious actions on their victims. While a cyber pandemic affects information systems and associated data. Last year, malicious cyberattacks cost $6 trillion USD globally[1] in the form of ransomware, loss of productivity, loss of data, and reputational damage, among others. Similarly, the cost inflicted by the COVID pandemic is measured in trillions of USD to the global economy from lockdowns to supply chain disruptions. Here in India, Check Point’s Threat Intelligence Report on India reports that an organization in India is being attacked on average 1789 times per week in the last 6 months, compared to 1643 attacks per organization in APAC, with 89% of the malicious files delivered via Email in the last 30 days. As the pandemic caused havoc, remote work became the norm for most office employees. McKinsey estimates that there was an increase in the remote workforce by a factor of 4-5x compared to pre-pandemic levels[2]. In a matter of weeks, the surface attack widened dramatically, shattering the security perimeter. This exposed security vulnerabilities on the network, cloud, devices, and access rights, which were exploited by malicious actors to destabilize institutions including hospitals, banks, and governments. Globally, in 2021, Check Point Research reported a 40% increase in cyberattacks with one out of every 61 organizations being impacted by ransomware each week. How to prevent the next pandemic? With the biological pandemic, politics reacted with stricter lockdowns, vaccination, and reenforced the health system with complementary infrastructures including testing centers, quaran-

32 ENTERPRISE IT WORLD

JUNE 2022

CHECK POINT // SECURITY

SUNDAR BALASUBRAMANIAN MANAGING DIRECTOR, INDIA, AND SAARC, CHECK POINT SOFTWARE TECHNOLOGIES

“We should prepare for a COVID-like global cyber pandemic that will spread faster and further than a biological virus, with an equal or greater economic impact.”

that can be applied to other services. This allows an organization to better tailor its service consumption to its actual needs.

tine hotels/centers, and dedicated areas designed for coronavirus patients at hospitals to cope with the number of patients flowing in waves. Similarly, CISOs had to react to the widening attack surface by enforcing security policies and the security infrastructure. CISOs have two options to deal with a widening attack surface. Either one takes a best-of-breed strategy to patchwork the security architecture with multiple vendors, or one consolidates the security architecture with a cyber security suite. The latter approach is recommended as it closes security gaps related to misconfiguration and security policies that do not fully overlap when using multiple vendors. Check Point surveyed over 400 global CISOs to confirm this trend, with 79% of security experts saying that working with multiple security vendors is challenging and 69% agreeing that working with fewer vendors would increase security. Security consolidation – the benefits Reduced Overhead: Managing individual licenses across the organization can consume significant resources as each license needs to be purchased, tracked, and renewed individually. An ELA (Enterprise License Agreement) allows a company to use a single license for all vendor

services that it consumes across the entire organization. Lower Costs: An ELA is a bulk purchase of a vendor’s service for a fixed period. Often, this comes with large discounts compared to individual, per-seat licenses. Decreased Business Impact: With individual licenses, an organization needs to manage each license and may face business disruptions if one slips through the cracks and expires. With an ELA, an organization only needs to manage a single license, decreasing the probability that oversight will cause a disruption to operations. Reduced Waste: With individual license agreements, an organization may inadvertently purchase additional licenses for a product while others go to waste or are only used occasionally. An ELA enables an organization to bundle services and stop spending money on unused services. Predictable Spend: With an ELA, an organization and a vendor agree on a predetermined rate for a vendor’s services for the period of the ELA. This provides a greater degree of predictability than individual user licenses. Service Flexibility: ELAs often include the option to claim credits for underused resources

Check Point Infinity ELA – Defining the modern cybersecurity architecture To meet the demand for security consolidation, Check Point offers an Infinity Enterprise License Agreement (ELA) Suite with a unified management approach to cyber security. Check Point Infinity is a multi-layered approach to cyber security that protects all IT attack surfaces – networks, cloud, endpoints, mobile, and IoT devices – sharing the same threat prevention technologies, management services, and threat intelligence. All under a single umbrella and license agreement. The ELA offers access to Check Point’s 4 product suite pillars: 1. A unified cloud-native security suite – Check Point CloudGuard; 2. Network and data center security – Check Point Quantum; 3. User & Access security – Check Point Harmony; 4. Unified security management – Check Point Infinity. By adopting a consolidated security approach with Check Point Infinity architecture, businesses realize preemptive protection against the most advanced attacks, while achieving on average a 50% increase in operational efficiency and a 20% reduction in security costs. Unlike other consolidated security solutions on the market, Check Point Infinity has a flexible ELA (enterprise license agreement) that can be tailored to individual applications. JUNE 2022

ENTERPRISE IT WORLD 33

M&A // TENABLE

GLEN PENDLEY

CHIEF TECHNOLOGY OFFICER TENABLE

“Very few, if any, organizations truly understand their full digital footprint. One of the most common

but dangerous security lapses is to misconfigure something in the cloud and make it internet-facing. Organizations increasingly have less of a grasp on which of their assets are exposed.”

TENABLE

TENABLE COMPLETES ACQUISITION OF BIT DISCOVERY AND ANNOUNCES TENABLE.ASM FOR EXTERNAL ATTACK SURFACE MANAGEMENT

BY SANJAY@ACCENTINFOMEDIA.COM

Tenable.asm, a new solution that will provide the full capabilities of Bit Discovery’s technology and enable customers to gain a more complete 360degree view of their full attack. Tenable Holdings, has closed its acquisition of Bit Discovery, Inc. (“Bit Discovery”), a leader in external attack surface management (EASM). Tenable will launch Tenable.asm, a new solution that will provide the full capabilities of Bit Discovery’s technology and enable customers to gain a more complete 360-degree view of their full attack surface so they can better understand how attackers could gain access via the internet

34 ENTERPRISE IT WORLD

JUNE 2022

have visibility into and to understand both known and previously unknown internet-facing assets. Modern organizations require continuous monitoring of their complete attack surface and context-aware intelligence on where to prioritize remediation efforts. Tenable.asm will continuously map the entire internet and discover connections to an organization’s internet-facing assets, whether internal or external to their networks, to assess the security posture of their entire external attack surface. When used with the rest of Tenable’s solutions, customers will be able to get the context of potential attack paths from external systems to critical assets throughout their organization providing a comprehensive measure of their overall exposure. Tenable.asm is scheduled to be available for purchase early in the third quarter of 2022. Because the security of internet-facing assets is a top CISO priority and pain point, Tenable is also integrating foundational quarterly attack surface discovery into its existing market-leading cyber exposure solutions at no additional cost to Tenable customers. New capabilities are scheduled to be included in Tenable.io®, Tenable. sc™and Tenable.ep™ early in the third quarter of 2022. A new version of Nessus will also include asset discovery. Glen Pendley, chief technology officer, Tenable, said, “Very few, if any, organizations truly understand their full digital footprint. One of the most common but dangerous security lapses is to misconfigure something in the cloud and make it internet-facing. Organizations increasingly have less of a grasp on which of their assets are exposed,” “Every business or government entity should have advanced capabilities like those found in Tenable.asm, but given the critical security importance of having ASM everywhere, Tenable is making sure that its customers have at least foundational discovery functionality within the solutions they’re already using. This will enable them to spot points of vulnerability that have been completely invisible until now, with the goal of preventing attacks rather than simply managing them.”

and help prioritize remediation steps. Gaining Visibility Into Unseen Risk An organization’s digital footprint extends far beyond its walls as various services, applications and APIs are internet facing or reside on the internet. To avoid new points of security vulnerability and to ensure good organizational risk management, it is critical for organizations to

Bit Discovery provides Tenable customers with: ▪ Discovery of previously unknown internetconnected assets. ▪ Rich context and attribution for domains, sub-domains and other exposed technologies. ▪ Continuous monitoring of the constantly changing external attack surface.

Transforming telecommunications enriching the customer experience atos.net

rh-msd2019-a5-print-ad-pathed-201907.pdf

RNI NO: DEL ENG/ 2017/ 69906 Postal Reg. No.: DL-SW-01 / 4200 / 17-19

1/7/19

12:40 PM

Date of Publication: 15 of Every Month Date of Posting: 1 & 2 of Every Month