CXO DX December 2022

Page 1

REWIND 2022

Almost every year leaves a significant imprint and 2022 has been no different. This year saw some recovery after almost two years spent in the shadow of the pandemic and yet the Russia Ukraine war was a major source of worry for global markets, with no immediate solution still in sight. The Covid threat isn’t entirely over and hence caution would be the watchword as we step into the new year.

Disruptive technologies continue to surprise us although use cases need to be developed and the scope widened for the application of these technologies to benefit us more. AI continues to penetrate every sphere of human endeavour, from commerce to healthcare to education to security and more. Yet, it does looks like these are, but early steps and we are yet to witness the truly giant leap our world takes when AI technologies become more evolved and pervasive. There is a strong buzz around Generative AI for instance that helps create new content using complex ML models and is expected transform several industries.

The Metaverse that conjures up a parallel digital world experience with avatars or digital twins, is a trend that has caught our fascination over the year. But significant use cases haven’t been figured out yet although this is looked at as the future of the internet. Dubai’s ambitious metaverse strategy, which aims to create 40,000 jobs and add $4 billion to the emirate's economy, could help drive some pioneering Metaverse initiatives.

And while these trends continue to evolve, multi cloud adoption should continue to accelerate as organisations try to mix and match cloud service providers for their different requirements. With greater cloud adoption, organizations will have increased scalability and flexibility to be more innovative. Alongside this, there will also be a greater focus on cybersecurity to ensure all vulnerabilities are addressed more than adequately.

SAUMYADEEP

3 DECEMBER 2022 / CXO DX » EDITORIAL
Editor in Chief, CXO DX
BY - Leap Media Solutions LLC REGISTERED OFFICE: Office 10, Sharjah Media City | www.cxodx.com
PUBLISHED
& Editor in Chief
Kumar Designer
Shetty Webmaster
RAMAN NARAYAN Co-Founder
narayan@leapmediallc.com Mob: +971-55-7802403 Sunil
Nihal
Solutions
MALLIKA REGO Co-Founder & Director Client
mallika@leapmediallc.com Mob: +971-50-2489676
HALDER
& MD
Co-Founder
saumyadeep@leapmediallc.com Mob: +971-54-4458401

Bachir Moussa, Regional Sales Director, MEAR, Nozomi Networks discusses OT

20 » VISIBILITY FOR BETTER SECURITY

Maher Jadallah, Senior Director MENA, Tenable discusses the company’s focus on vulnerability management

26 » THE RANSOMWARE REALITY CHECK FOR SMALL -MEDIUM BUSINESSES

Muhammad Yahya Patel, Security Evangelist at Check Point Software Technologies writes that SMBs should focus on improving resilience

» WHAT’S NEXT FOR CYBERSECURITY

Amr Alashaal, Regional VP - ME at A10 Networks discusses how botnet

24 » THE BORDERLESS ENTERPRISE: HOW DO YOU KEEP IT STABLE AND SECURE?

Mohammed Al Moneer, Regional Director, META at Infoblox discusses how to reap the benefits of borderless enterprise while keeping your network secure

25 » DIGITAL INVESTMENT IS AN ESSENTIAL ENABLER

Thierry Nicault, Salesforce Area Vice President - UAE, Middle East writes that as disruption persists, digital investment will drive efficiency and profitability

Greg Day, VP & EMEA Field CISO, Cybereason makes nine cybersecurity Predictions for 2023 30

» THE IMPORTANCE OF DEVSECOPS

Kevin Jones, Senior Product Manager for NGINX at F5 discusses the importance of DevSecOps

ABLE SUCCESS

Sherifa Hady, VP Channel, EMEA at Aruba discusses why a solid NaaS offering should be reassuring to customers

» THE DATA GUARDIAN’S GUIDE TO SELECTING A SOVEREIGN CLOUD

Joe Baguley, VP & CTO, EMEA, VMware writes that there’s no one size fits all solution

4 CXO DX / DECEMBER 2022 16 » CLAIMING THE FUTURE Organizations have stepped up their adoption of new technol-
continued
of digital transformation 19 » ENHANCING OT SECURITY
ogies in
pursuit
security
12 » VISION FOR CONNECTED INDUSTRIAL ECOSYSTEMS REVEALED AT AVEVA WORLD 13 » IMPROVING SUSTAINABILITY IN DATACENTRES 14 » DEMOCRATISATION OF IT DRIVES INNOVATION, FINDS STUDY 06 » NEWS 36 » TECHSHOW 38 » TRENDS & STATS » CONTENTS COVER STORY COLUMN INTERVIEW NEWS INSIGHT NEWS FEATURE REGULARS 16 24 22 » THE RISE OF BOTNET AND
focus
DDOS ATTACKS
32 » NAAS:
and DDoS attacks work
PULLING THE LEVERS TOWARDS SUSTAIN-
34
28

NOZOMI NETWORKS DELIVERS HARDWARE AND SOFTWARE AS A SERVICE SOLUTION FOR OT & IOT SECURITY

Nozomi OnePass accelerates deployments and gives customers a more cost-efficient way to license and deploy Nozomi Networks solutions at scale

Nozomi Networks, the leader in OT and IoT security has once again innovated the way industrial and ICS cybersecurity solutions are adopted. With the introduction of OnePass, the industry’s first completely integrated hardware and software as a service model for OT and IoT security, customers can purchase and deploy solutions that meet them where they are today, with the flexibility to easily evolve with ever changing needs tomorrow.

Nozomi OnePass offers a single subscription to all Nozomi Networks solutions, including hardware, software (including add-on subscriptions).

“Visibility is essential for defending facilities against today’s challenging cyber environment. Security teams can’t wait for drawn out capex evaluations to gain the insight they need to defend their operations,” said Sid Snitkin, ARC Advisory Group

Vice President of Cybersecurity Advisory Services. “ARC applauds Nozomi Networks for offering OnePass as a means to simplify investment decisions and accelerate protection of critical infrastructure.”

“The ‘as a services model’ is the platform consumption model of the future for many industries, including OT,” said Nozomi Networks Co-founder and CPO Andrea Carcano. “By combining the industry’s first SaaS-based OT and IoT security solution with the industry’s first HWaaS offering, OnePass gives customers a flexible option to license, deploy and scale Nozomi Networks solutions over time.”

OnePass takes the planning and the risk out of the hardware design and eliminates the need to worry about hardware maintenance, asset management, and replacement expenses. At the time of quote, customers receive a hardware

allocation to cover the scale and complexity of their environment, which can later be used to order specific hardware appliances as deployment requirements are better understood.

REALITY, METAVERSE AND ‘REIMAGINATION’ AT GESS 2022

MICROSOFT TALKS MIXED

Company demonstrated latest education-focused technologies, such as HoloLens and Reading Progress, a free tool built into Microsoft Teams that supports and tracks reading fluency

future. Additionally, our platforms, products, and services strongly support digital transformation in the classroom, including the increasing popularity of distance learning. Minecraft: Education Edition now offers more than 600 standards-aligned lessons. And innovations such as Reading Progress allow teachers to spend more of their time with students and less time crunching numbers.”

Microsoft attended the GESS 2022 education technology conference in Dubai, where the company introduced delegates to the latest innovations that support the digital transformation of teaching and learning.

“Microsoft has long been deeply immersed in the world of education,” said Ahmed Ameen Ashour, Education Director, Microsoft UAE. “We are strong advocates for life-long learning, and we have been an important voice in urging governments to turn their attention to skilling as the number-one prerequisite for a sustainable

The company showcased its HoloLens mixed-reality headset at its stand. Visitors also caught a glimpse of Reading Progress, a free tool built into Microsoft Teams that supports and tracks reading fluency in classroom settings. Students record their reading on camera and submit it to teachers who assess and return work, all while data is automatically collected and presented as insights for all stakeholders. Earlier this year, two Qatar-based schools launched a pilot scheme for English and Arabic lessons using Reading Progress.

Minecraft: Education Edition was also on display at the company’s GESS 2022 stand. The Microsoft-owned gaming ecosystem, which in recent years has become an indispensable teaching tool for classrooms across the region, now has features that support collaboration, assessment, coding, and more.

6 CXO DX / DECEMBER 2022
» NEWS
Andrea Carcano Co-founder and CPO, Nozomi Networks

FINESSE LAUNCHES 1CXO SERVICE FOR SECURE DIGITAL TRANSFORMATION

The new offering includes a set of six Centers of Excellence designed for businesses

Post-pandemic, the digital transformation agenda for most organizations has accelerated like never before. There is an imperative need to work across departments and include them in the fabric of digital transformation. Along with this transformation comes the need to look at compliance, risk, and security for the entire ecosystem and not just IT infrastructure.

To help organizations weather these storms of uncertainty, Finesse has launched 1CXO service (CXOaaS). 1CxO is a set of six Centers of Excellence designed for businesses in these dynamic times. The suite consists of-

• Information Security Office

• Data Privacy Office

• Regulatory Office

• Digital Transformation Office

• Customer Experience Office

• Chief Information Office

Each office is led by an experienced lead-

er who works with an in-house team of SMEs. Each Center of Excellence provides services to multiple customers, on a retainer model. Customers pay for 1CXO only for service days rendered, so it proves to be cost effective.

The flexibility of 1CXO to structure itself around a customer’s requirement makes it applicable to Large as well as SMB customers. Based on the deliverables for a client, a team of SMEs can be picked from across the six Centers of Excellence. 1CxO will play a very important role in shaping and driving the transformation and digitalization strategy including working across different lines of business to deliver a Business and Customer centric Digital Transformation.

Arti Gupta, Chief Digital Transformation Officer of Finesse Europe adds, “In last few years while implementing Digital Transformation solutions, we have seen

many organizations struggle with change management. We believe our 1CXO service will be of immense value to organizations as it gives them a steady availability to an expert with a bird’s eye view of the organization, no internal biases, and with vast experience delivering similar projects across industries, and all this at a reasonable value.”

PURE STORAGE EXPANDS AS-A-SERVICE MODEL

The full suite of Portworx offerings can be consumed as a fully managed service by users of Amazon EKS, RedHat OpenShift, and any other Kubernetes services

Pure Storage has announced a new fully managed service for Portworx Enterprise to bring a Kubernetes-ready data plane to every developer that works on containerized applications. With Portworx Enterprise 3.0, the underlying platform for this new fully managed service, DevOps teams can run mission-critical Kubernetes apps in production with elastic scalability and unmatched data availability. Now the full suite of Portworx offerings can be consumed as a fully managed service by users of Amazon EKS, RedHat OpenShift, and any other Kubernetes services (fully managed or upstream distributions).

“The mission of Portworx has always been to help platform engineering teams offer to their developers an enterprise-grade Kubernetes-ready data platform with speed, simplicity, and scale. By delivering the fully managed

service for the Portworx platform, the #1 Kubernetes data platform, we are bringing the cloud experience, on any storage infrastructure, to the fingertips of any developer who wants to work with Kubernetes apps in

production.” – Murli Thirumale, VP & GM, Cloud Native Business Unit, Pure Storage.

The fully managed service provides ease of use and faster deployment of Kubernetes data on any cloud or on-premises storage, enabling DevOps and platform teams to operate and scale containerized apps into production in seconds, versus weeks or months. The fully managed service will offer a no install, easy to use, and easy to manage experience to users with no container expertise required, making Day 0 and Day 2 operations for Kubernetes clusters simple with a few clicks.

With the 3.0 release of Portworx Enterprise, Portworx continues to push the boundaries of performance and reliability for containerized workloads in a unified data platform for file, block, and object storage.

7 DECEMBER 2022 / CXO DX
» NEWS
Arti Gupta Chief Digital Transformation Officer of Finesse Europe Murli Thirumale VP & GM, Cloud Native Business Unit, Pure Storage

COHESITY ANNOUNCES DATAHAWK , A SINGLE SAAS SECURITY OFFERING

DataHawk Combines Cyber Vaulting, Threat Intelligence and Scanning, and ML-Powered Data Classification for Powerful Protection Against Today’s and Tomorrow’s Cyberattacks

Cohesity, a leader in data security and management, announced Cohesity DataHawk, a data security software as a service (SaaS) solution that is focused on helping customers protect, detect, and recover from cyber and ransomware attacks. DataHawk combines three critical security capabilities into one SaaS solution: threat protection via scans for attack indicators and malware; ML-based data classification that provides high accuracy in identifying and detecting sensitive or critical data; and award winning cyber vaulting via Cohesity FortKnox.

With this data-centric approach, DataHawk enables organizations to easily protect, detect, and recover from ransomware or other cyberattacks. Another benefit that customers will realize with DataHawk is a growing list of integrations with today’s leading cyber security vendors that are helping IT and security build a modern automated security operations center (SOC).

“Over-stretched IT and security teams are constantly trying to manage a sea of infrastructure while working night and day to stay ahead of bad actors,” said Mohit Aron, founder and chief technology and product officer, Cohesity. “The key to keeping businesses running is minimizing the impact of a potential breach, bringing data security directly into the operational workflow, securing data at the source, and restoring critical workloads rapidly — while enabling IT and security teams to spend time on other business-critical tasks. This is what DataHawk is all about.”

“Minimizing the impact of cyberattacks and ransomware is essential for keeping business operations running optimally. This requires classifying the data that matters most to the organization, as well as quickly identifying attack indicators and rapidly restoring workloads,” said Jennifer Glenn, Research Director for Information and Data Security at IDC. “Integrating data classification and recovery

capabilities via a SaaS platform, such as DataHawk from Cohesity, can help reduce the workload on IT and security teams and help them stay ahead of cyber attackers.”

RAQMIYAT PARTNERS WITH IVALUA

agement. This partnership is to enable the eProcurement digitalization of an increasing number of organizations in the Middle East, whose digitalization efforts continue to be largely driven by the need to comply with guidelines set by local governments.

Raqmiyat, a leading system integrator and digital enabler, announced a partnership with Ivalua, a global leader in spend man-

Ivalua enables a global and diversified customer base to effectively manage spend and suppliers on a single platform. Thanks to the automation, transparency and seamless collaboration tools offered by Ivalua’s unified, cloud-based spend management platform, customers can improve profitability, drive innovation, improve ESG performance, and reduce risk. Bahaa Eddine Al Indary, General Manager at Raqmiyat said, “We’re very happy with our strategic partnership with Ivalua. They offer best-of-breed capabilities at

every step of the source-to-pay process, empowering procurement leaders to increase efficiency, manage risk and compliance, optimize cash flow, and improve supplier collaboration, all from on a single platform. I’m sure that Ivalua will be a game-changing value addition in our offering for procurement businesses."

“We are delighted to partner with Raqmiyat and continue to successfully expand Ivalua’s partner ecosystem in the Middle East. Thanks to its access to the local market, specialist knowledge, and technical expertise, Raqmiyat will support and enhance our efforts to provide value to our clients and address new customer target groups,” commented Mr. Alexander Rembecki, Alliances Director DACH, CEE, and ME at Ivalua.

8 CXO DX / DECEMBER 2022 » NEWS
UAE-based System Integrator and Digital Enabler will be a partner for Ivalua’s eProcurement solution in the United Arab Emirates and Saudi Arabia Bahaa Eddine Al Indary General Manager, Raqmiyat Mohit Aron founder and chief technology and product officer, Cohesity

OMNIX SIGNS STRATEGIC PARTNERSHIP AGREEMENT WITH VIACT FOR GCC

Partnership to foster digitalization and boost safety in the Architecture, Engineering and Construction (AEC) & Oil & Gas industry

AI company, to foster digitalization and boost safety in the Architecture, Engineering and Construction (AEC) & Oil & Gas Industry across the Gulf Cooperation Council (GCC) region. According to the agreement, Omnix will become the master distributor of viAct’s products and services across the UAE, Saud Arabia, Qatar, Kuwait, Oman and Bahrain.

Omnix International has a long-standing legacy of over 35 years as an industry-leading provider of solutions in digital infrastructure, digital transformation in the AEC industry, computer-aided engineering, and cybersecurity, cloud computing, Autodesk trainings and BIM consultancy services in the GCC region and across the world.

across the fast-growing Middle East region. With our team’s diverse experience and knowledge of products, solutions, and services in the region coupled with viAct’s expertise in automated monitoring powered by video analytics, the ability to digitally derive data-driven decisions in the entire workflow will be a key driver and business enabler to transform the industrial landscape, especially the AEC and Oil & Gas industry,” said Simran Bagga, Vice President, Omnix Engineering & Foundation Technologies.

Omnix, an end-to-end digital solutions and services pioneer, announced that it has signed a strategic partnership agreement with viAct, a leading ESG-focused

“Our strategic partnership with viAct will provide an ingenious dimension for accelerating the digital transformation journey

viAct, since its very inception, has been striving to make jobsites safer, efficient and sustainable. It has engaged itself in constant and rigours R&D to develop and improve its proprietary scenario-based AI to offer smart and innovative AI solutions that leverage the power of industrial grade video analytics to cater to various safety needs of different industries like construction and oil & gas.

VeeamON TOUR IN RIYADH HIGHLIGHTS MODERN DATA PROTECTION

The event underlined the need for organizations to adopt a modern data protection strategy to help gain competitive advantage from digitization

Veeam Software, the leader in Modern Data Protection, hosted 200 registered attendees, customers, partners and industry experts at its VeeamON Tour in Riyadh, Saudi Arabia recently. The event at Al Ammariyah Hills Resort connected leading IT experts and visionaries throughout the region to share and learn about the hottest topics in the market, including Modern Data Protection, ransomware, native cloud and Kubernetes.

Mohamad Rizk, Regional Director, Middle East & CIS at Veeam Software who presented the keynote address entitled ‘The Future to Modern Data Protection’ said, “Veeam provides a single platform for all data environments. VeeamON Tour Riyadh has been an excellent forum to showcase all our innovations that will help customers drive business efficiency and agility, protect their data, and ensure that they are well prepared for the next stage of their digital transformation.”

VeeamON Tour attendees were given a demonstration of Veeam’s latest technologies including:

• Veeam Backup & Replication v12 - the latest version of the award-winning backup solution that is at the epicenter of the future

of modern data protection. New capabilities introduced with V12 will include:

o Backups going direct to object storage and cloud-based agents are also available as cloud-accelerated features

o A new Veeam Backup & Replication plug-in for Kasten by Veeam K10 V5.0 provides visibility and management for Kubernetes data protection.

• Veeam Backup for Microsoft 365 v7

10 CXO DX / DECEMBER 2022 » NEWS
Simran Bagga Vice President, Omnix Engineering & Foundation Technologies

SAP LAUNCHES NEW LOW-CODE OFFERING

SAP Build enables users to integrate systems; monitor, analyze, and automate processes; and build applications

SAP announced the launch of SAP Build, a powerful new low-code offering to unleash the power of business users. SAP Build empowers SAP users with minimal technical expertise to create and augment enterprise applications, automate processes, and design business sites with dragand-drop simplicity.

Launched during SAP TechEd conference being held this week in Las Vegas, US, SAP Build draws on the unique depth and breadth of the SAP Business Technology Platform (BTP). The aim is to put SAP’s world-class enterprise technology in the hands of business users, giving them direct access to the end-to-end processes, data and context they need to make smarter decisions and drive innovation quickly. Introducing SAP Build in the Middle East, Zakaria Haltout, Managing Director, SAP UAE, said, “We believe this will be a game changer for business users in the region. With SAP Build, our customers will be able to extract maximum knowledge

from their technology investments, shorten time-to-value for new applications and future-proof their businesses. As countries in the region continue to pursue their rapid digital transformation goals, there is a need for business experts at all levels to become more involved in developing technology solutions. This will ensure that companies’ digital goals are fully aligned with their business goals, and that their technology solutions are tailored to suit the needs of their specific company and industry as well as our region’s unique market conditions.”

With SAP Build, business users have the full power of SAP BTP and business application data from SAP at their fingertips. Users can easily integrate systems; intelligently monitor, analyze, and automate processes; and build applications for the last mile of innovation – all without moving their data into an external system. With SAP Signavio solutions natively integrated, SAP Build users also get in-

VECTRA UNVEILS

depth visibility into all their processes, so they know where to focus to achieve the greatest impact as they innovate and automate.

GLOBAL MDR SERVICES

Security AI-driven Attack Signal Intelligence to automate threat detection, triage and prioritization for SOC teams

Vectra AI, the leader in Security AI-driven hybrid cloud threat detection and response, announced Vectra MDR global managed detection and response (MDR) services. Vectra MDR delivers the 24/7/365 cybersecurity skills needed to detect, investigate, and respond to threats where Vectra MDR analysts and customer security analysts work together inside the Vectra Threat Detection and Response platform to hunt, detect, prioritize, investigate and respond to attacks in progress. Whether customers choose to augment or outsource their security operations, Vectra’s shared responsibility model ensures constant communication and collaboration between Vectra MDR analysts and customer analysts.

Vectra MDR harnesses Security AI-driven Attack Signal Intelligence to automate threat detection, triage and prioritization for SOC teams thus reducing alert noise,

false positives and analyst burnout. With Vectra MDR services powered by Attack Signal Intelligence, customer security

teams have complete visibility and context for how an attack progresses through the cyber kill chain — ultimately stopping them from becoming breaches.

“With the scale and sophistication of cyberthreats on the rise, security teams are burdened with overwhelming alert noise and inadequate threat signals while attempting to defend expanding hybrid cloud attack surfaces,” said Kevin Kennedy, Senior Vice President of Products at Vectra. “Vectra MDR provides security teams with the resources they need to stop attacks 24/7/365 whether they just need our security analyst expertise to augment their security operations teams or to completely outsource detection and response. Vectra MDR along with Attack Signal Intelligence gives security teams both the threat signal needed to stop attacks and the resources and expertise required to stay ahead of attacks in today’s SOCs.”

11 DECEMBER 2022 / CXO DX » NEWS
Kevin Zakaria Haltout Managing Director, SAP UAE

VISION FOR CONNECTED INDUSTRIAL ECOSYSTEMS REVEALED AT AVEVA WORLD

Leading industry experts highlight how software innovation is connecting data, building industrial ecosystems that empower teams and “transform value chains into agile, profitable and sustainable networks” across multiple sectors

AVEVA, a global leader in industrial software driving innovation and sustainability, showcases how industrial organizations are using real-time data to connect teams, empower them with data-led insights that speed up decision-making and unlock business value.

The flagship event, AVEVA World in San Francisco, has brought together more than 2,500 customers, partners, and industry exponents, many of whom are collaboratively leading digital transformation efforts to create new business models and accelerate sustainability, profitability and higher-value work.

“We are witnessing the birth of an industrial universe that is completely connected, enabling a new kind of collaboration across colleagues, suppliers, partners, and customers,” said Peter Herweck, CEO at AVEVA. “Taking a data-centric approach empowers teams by connecting different players across the entire industrial ecosystem. This in turn transforms value chains into agile, profitable, sustainable networks. It is what we at AVEVA mean by the new, connected industrial economy.”

A recent survey, commissioned by AVEVA, of 650 senior international business executives across the chemicals, manufacturing, and power industries in North America, Europe, and the Middle East, found that 87% said they plan to increase their organization’s investment in industrial digital solutions over the next 12months. Herweck added: “When you bring your data together and apply analytics so that you can visualize it in context, you unlock new ways of working. We are seeing leading companies like Shell and Worley breaking down data silos, building digital twins to deepen collaboration, drive trans-

parency, and deliver actionable insights that enable their teams to work in a smarter and more connected way.”

Bob Parker, Senior Vice President at leading analyst firm IDC, said at a media roundtable today: “A rapidly evolving digital economy is unparalleled in depth and scope after being accelerated by the pandemic. Asset-intensive industry segments of the old economy including oil and gas, utilities, base materials such as chemicals, and consumer packaged goods, are under new pressure on operations to be increasingly resilient. This requires higher levels of asset instrumentation and capabilities that use the data gathered to speed up decision-making and innovation. Ultimately, this is leading to the rise of connected industrial ecosystems.”

Companies with higher digital maturity outperform their peers, according to the IDC Global Performance Index1, which includes more than 900 publicly traded

manufacturing companies. Using a base year of 100, those companies that show higher digital maturity enjoy nearly double the revenue (index of 193), which compares to a score of 150 for those with mid-level maturity and 97 for the laggards. Parker said the digital divide will only increase as the world economy becomes digitally dominated over the next 10 years.

AVEVA World has shown how leading companies such as Kellogg, Barry Callebaut, Pfizer, Dominion Energy, and Henn, starting to put in place the building blocks of these connected industrial ecosystems. As the adoption of cloud-based industrial software becomes more widespread, organizations will be able to engage experts within and beyond their enterprise to deliver on innovative capital projects, optimize the operations lifecycle, accelerate decision-making, and reach sustainability targets that drive responsible use of the world's resources.

12 CXO DX / DECEMBER 2022 » NEWS INSIGHT

IMPROVING SUSTAINABILITY IN DATACENTRES

Nutanix sponsored report examines potential impact of datacentre models on energy efficiency and carbon footprint

Nutanix, a leader in hybrid multicloud computing, announced that, in response to the global climate crisis and the recent energy crisis, it has sponsored an in-depth report to help business decision makers not only minimise energy costs but radically cut the carbon footprint of their datacentre assets.

The current energy crisis has led to soaring energy costs across Europe, making energy efficiency and supply a number one priority for CIOs and datacentre providers alike. Events such as COP27 raised awareness of the need for businesses, across the board, to put sustainability and climate protection at the top of the strategic agenda. However, while the majority are keen to do just that, there is little in the way of objective information when it comes to what the options are, the comparative benefits and the inherent risks of different approaches. Particularly when it comes to IT infrastructure and the datacentre, which need to be high on the agenda for organisations’ net zero plans to succeed.

“Datacentres and digital infrastructures as a whole account for a substantial share of worldwide energy consumption with a considerable carbon footprint,” commented Sammy Zoghlami, SVP Nutanix EMEA, “In EMEA alone datacentres consume over 90TWh per year with an emissions level equivalent to roughly 5.9 million vehicles (27 million tonnes CO²e). Action here can have a huge impact on climate change but has to be tempered against the need for businesses to compete effectively in increasingly digital marketplaces. Hence this Nutanix sponsored report which examines in detail how different datacentre technologies compare when businesses examine the pros and cons of looking to achieve their climate neutrality goals.”

Key findings of this report include: ● Alongside automation, innovative

cooling systems and renewable energies, the transformation of traditional 3-Tier architectures towards next generation models - like hyperconverged infrastructures (HCI) - will be key to realising the savings potential in datacentre energy consumption and carbon footprint.

● Measurable benefits could be achieved across a range of organisations from large scale hyperscalers and managed service providers to large enterprises and small businesses.

● In comparison to traditional 3-tier IT platforms, next generation HCI architectures could potentially reduce energy consumption and carbon footprint by roughly 27% per year.

● Across the EMEA region HCI transformation has the potential to reduce

energy consumption by 56.7 TWh and cut emissions by 14.2 million tonnes of CO²e over the period 2022-2025

● By 2025 a full changeover to HCI across UK datacentres could potentially save 8.1 TWh of energy and 1.8 million tonnes of CO²e, roughly the same as taking 400,000 cars off the road

EMEA, VMware

● By 2025 a full changeover to HCI across datacentres in the Middle East & Africa could potentially save 4 TWh of energy and roughly 2.4 million tonnes of CO²e.

● Large-scale co-location datacentres offer a much lower PUE (Power Usage Effectiveness) factor than typical on-premise facilities. Switching these to HCI architectures could potentially boost energy saving towards 30-40%.

● Next-generation co-location datacentres could provide access to renewable energy through long-term Power Purchase Agreements (PPA) and so contribute to an organisation’s climate neutrality goal without having to invest in CO2 certificates.

● Businesses planning the move towards an HCI architecture within their own on-premise datacentres should also evaluate next generation cooling technologies as energy prices rise.

● The datacentre industry has delivered significant energy efficiency improvements over past decades and is now one of the most advanced in terms of both energy efficiency and decarbonisation. Nevertheless, future energy demand will rise substantially and will result in large amounts of carbon dioxide emissions. Innovative technologies, like HCI, could create considerable efficiency potentials and have a strong impact on energy cost savings.

13 DECEMBER 2022 / CXO DX » NEWS INSIGHT
Sammy Zoghlami SVP Nutanix EMEA

Democratisation of IT drives innovation, finds study

IT Teams' Success Is Directly Correlated to the Organisation's Overall Success

ManageEngine, the enterprise IT management division of Zoho Corporation, announced results from its IT at work: 2022 and beyond study. This newly released data, involving IT decision makers (ITDMs) and business decision makers (BDMs), examines the democratisation of IT and the ability of IT teams to influence business decisions in large and enterprise-sized organisations in the UAE. ManageEngine commissioned independent market research agency Vanson Bourne to survey 200 decision-makers across IT and other key business functions from a range of private-sector organisations in the UAE.

According to the study, there is increased collaboration between IT and other teams within organisations, which may have contributed to non-IT employees possessing more knowledge about IT now than they did before 2020. IT structures within organisations are being increasingly decentralised, and non-IT departments now enjoy autonomy when it comes to technology decisions.

However, any concerns over the role of IT teams being diminished are dispelled as the study found that they are pivotal in building tomorrow's enterprises. Around 76% of ITDMs expect IT to play a greater role in setting the organisation’s overall strategy in the next 5 years. This is 11% higher than the global average.

The success of the IT team in playing its role has a significant bearing on the organisation’s success, with over 91% of all re-

spondents pointing to a direct correlation between both. Furthermore, IT professionals are increasingly expected to be innovators, with more than nine in ten (91%) respondents agreeing that IT is more responsible for business innovation than ever before.

"Professionals are keen to gain new perspectives from industry peers in order to stay updated and advance in their career. Through this study, we hope to facilitate the sharing of knowledge among stakeholders in the UAE. These insights also help ManageEngine in its constant endeavour of evolving as a comprehensive and effective IT management platform," says Rajesh Ganesan, president at ManageEngine.

Decentralization of IT is a significant trend being seen and this has accelerated in the past couple of years or so, especially in the wake of the pandemic driven digitalization. Individual departments within organizations seem to be taking their own decision in terms of what applications they need to opt for and they may have separate budgets for IT investments as well.

Rajesh says, “About 44% of respondents claim that they have been able to decentralize their IT structure. The way budgeting used to work, HR would have their own budget, marketing would have their own budget and IT used to have their own budget as well. If HR needed an application or some piece of technology that would come under the IT department, but this is perhaps no

14 CXO DX / DECEMBER 2022
» NEWS FEATURE

longer the case is what interestingly, I hear from a lot of customers that we talk to. Technology budgets are like getting split across different functions. This is one aspect of decentralization. If your HR is a team of 50, so we are already seeing that five people or about 10% to 12% of their workforce are people specialized in only technology, in the sense that they don't deal with people issues anymore. As some of our customers say, even the IT team is getting split and placed inside each function inside the organization.”

There is a case of more autonomy now in decision making as a result of the democratisation of IT.

“We are beginning to see a lot of autonomy in terms of technology decisions. That was not the case before. Earlier, the CIOs and CFOs used to get equally involved. But business functions across organizations are starting to see more and more autonomy in when it comes to technology decisions,” adds Rajesh.

The CIO’s role has moved beyond the role of support functions towards a more strategic role of looking and envisioning how IT can help the organizations grow further through innovations.

“The CIO’s role in an organization is now largely to drive innovation and address larger questions. How do you build differentiation? How do you bring growth? How do you do expansion across geographies? How best do you counter cyber-attacks? How do you stay compliant to all the privacy regulations that are in place these are things that need a lot of expertise that needs a lot of time right? The point here is even though decentralization is happening, so the responsibility of IT inside the organization is increasing as well. They are no longer thinking of only delivering support, delivering services behind the scenes but are now looking to drive innovation,” adds Rajesh.

As for how this shift impacts go to market strategies for technology vendors and partners, Rajesh seems to say that it would need to be on a case by case by case. Every industry may see democratization of IT to varying extents.

He says, “The structures vary widely across verticals and so how we navigate, who do we meet, and what do we pitch, everything differs from vertical to vertical. While all verticals have digital presence, online presence, but their internal structure, how they operate, their culture, their model, would be very different. We are also starting to realize that you cannot have the same model approaching all these verticals.”

Key findings from the study

1. Increased collaboration leading to tech autonomy for nonIT teams.

• The vast majority (90%) of respondents report that collaboration between IT teams and other departments has increased during the past two years.

• More than four-fifths (84%) of respondents agree that non-IT employees in their organisation are more knowledgeable about IT now than they were before 2020.

• Around 44% of organisations have already decentralised their IT structure, with another 49% currently attempting to do so.

• Nearly all (98%) BDMs say their department has autonomy

when it comes to making technology decisions. This autonomy relates to not only purchasing software (64%), and devices (47%), but also to hiring tech talent (62%).

2. Leveraging AI and machine learning (ML) against cyberattacks.

• Around 91% of all respondents say AI and ML technologies will play a significant role in strengthening their organisation's IT security framework.

• Nearly all (95%) BDMs say that their organisation has invested in AI and ML technologies and are doing so for more than one use case, on average. A notable proportion of BDMs report that they are using AI to prevent cyberattacks (52%).

• IT and security teams are held responsible when it comes to defending against cyberattacks. Around 73% of decision makers (both ITDMs and BDMs) say it is the responsibility of IT and security teams to protect organisations.

3. Development of skills and talent retention.

• Two-fifths (41%) of ITDMs in the UAE say they are actively looking for a new job, while pretty much the same number (45%) say they feel less loyal to their current employers than than they were two years ago.

• When it comes to what ITDMs want from their role in the next five years, these were cited as most important: the potential to learn new skills (55%), the ability to step into a more senior role (49%), and the ability to guide change within the organisation (48%).

• Around half of ITDMs say that they would be driven away from their organisation if their pay did not at least stay current with inflation (54%), if there were no potential for advancement/promotion (52%), or a flexible work model (50%), or any of several other existing benefits cited, were taken away.

15 DECEMBER 2022 / CXO DX » NEWS FEATURE
16 CXO DX / DECEMBER 2022 » COVER STORY

CLAIMING THE FUTURE

Organizations have stepped up their adoption of new technologies in continued pursuit of digital transformation

The year 2022 was one of splendid recovery courtesy resilience shown by Businesses and individuals in the aftermath of the pandemic. Digital transformation has been now woven into the strategic roadmap of most organizations, enterprise or SMB and is taking the shape of pioneering initiatives that are finetuning existing Business processes and innovating new ways of doing Business. The workplace has transformed and work from anywhere is an option that can be implemented comfortably.

He says, “We are a conglomerate, which means we have different lines of industries, different group companies, under a group. In terms of digitalization, we have been there in driving digital transformation for the last so many years. And this has really helped us in transforming the enterprise even before COVID itself. So, when the pandemic hit us, it was easy for us to pivot and, you know, enable the work from home for everyone and make sure that we are able to provide the users a wonderful experience without any issues. In terms of digitalization as a priority, we always believe that the technology investments play a key role in enabling and securing the future of the enterprises. So, with that, keeping in mind, we always make sure that we invest on the technology right from the beginning. And this is something which we keep on doing. With the group, we have been going through the transformation journey for the last couple of years.

Abdulrahman Khaiwi - Head Of Information Technology, Emirates National Schools says that the pandemic help speed up technology adoption faster than expected and has taught organizations the need to have agility in their technology infrastructure.

“The plans were put ahead of ahead of the pandemic, getting ready for distance learning for all other requirements. When it comes to remote working as well, the pandemic pushed us to be ready within a year. This has made us really put a lot of investment ahead of time, immediately, make sure that we have the solutions and setup all ready. Now, we are prepared to expect the unexpected and for that you need to be really agile. The

time to market concept is really becoming one of the top priority but of course without overlooking the security concerns when it comes to governance, compliance and so on.

Ramalingam Thyagarajan, Senior IT Manager, Sharaf DG says that especially due to COVID and recent trends, there's been an increased impetus into digitalization efforts in the organizations. The adoption of low code no code solutions has seen significant adoption in recent times.

“In retail, the need to engage customers and reach out to them is definitely always there. As in any technology initiative, the initial challenges are in building a business case and a use case that goes along with it. With the challenges come opportunities.

17 DECEMBER 2022 / CXO DX
Jayakumar Mohanachandran, Group Chief Information Officer, Easa Saleh Al Gurg Grou sees Digitalization as a continued priority across diverse industries. Organizations that have been quick to embrace new relevant technologies have been able to tide over the challenges comfortably.
» COVER STORY
Jayakumar Mohanachandran Group Chief Information Officer, Easa Saleh Al Gurg

And in the current scenario, there are a lot of organizations and products that have, geared up to getting people on board as fast as possible. There are low code, no code platforms that are able to, provide solutions at a shorter timeframe than what traditionally used to happen.”

Cloud first and the multi cloud Organizations are now quite comfortable with an accelerated adoption of cloud as a strategy and also embracing the multi cloud as it provides them greater options for scalability and flexibility with their growth objectives.

Jayakumar says, “We are planning to kind of move many of our legacy applications and also maybe our data center also towards the cloud. We want to ensure that we have a secured enterprise. We also want to make sure that we give that customer a better experience, whether it is an internal customer, or it's an external customer, for that matter. Currently, keeping cloud first in mind, we are driving our CRM project and the analytics journey as well among various initiatives.”

He adds, “Currently, we have multi clouds as well. We have platforms from SAP, which is, again, on private cloud. We have AWS as well. Multi cloud gives the flexibility for any organization or for any customer to move in and out without any vendor lock in. And we believe this is a good advantage for any enterprise of our size. We have the flexibility to move in and around. The only area where we are a little more concentrating right now is to make sure that we work with each of the providers in terms of the clauses so that we don't get stuck with an exit clause just in case.”

According to Abdulrahman, moving to multi cloud is among the major decision that enterprises, regardless of their size are facing up to.

He says, “Many organizations are moving towards the multi cloud. Now, it's not only a single cloud hosting or a solution service provider, but the multi cloud, and everybody's moving resources across multi cloud. This comes with big overheads, including security concerns when it comes to compliance and governance. Multi cloud management is not an easy thing is not straightforward, it has lots of requirements that IT team they need to learn to start with. Fortunately, all the major vendors in the market they are adding this management functionality to all their platforms.

Ramalingam says that they have cemented a cloud first strategy over the past few years, before the pandemic but that has accelerated even further.

He says, “We are heavily invested in the cloud, for more than five plus years, we've been working on cloud solutions, both the PaaS based cloud offerings, and SaaS. Whenever there is a new initiative, the first option is to try to go to a cloud first cloud native solution rather than building something on our own. So, from a strategy point of view, yes, we opt for cloud native solutions.”

These and more stories of organizations from diverse industries reveal that adopting relevant cloud solutions and staying ahead on the digital transformation road is the key to growth.

18 CXO DX / DECEMBER 2022 » COVER STORY
Abdulrahman Khaiwi Head Of Information Technology, Emirates National Schools Ramalingam Thyagarajan Senior IT Manager, Sharaf DG

ENHANCING OT SECURITY

on OT security

Tell us about the focus on OT security?

We are an OT cybersecurity company.

Over the last 10 years, there have been changes. There is more of IoT and IT in OT, which allowed us to change with our customers and go after other types of businesses like airports, hospitals, universities, Malls, Railways, Building etc, anything that has some kind of adjacency to operational technologies.

How are your solutions deployed?

In OT, environments, if it's a railway, or if it's a refinery, or whatever, everything becomes IP enabled, then we can just listen in to the IP communications, and then collect all the data. There's nothing that is not IP enabled. Our customer are from all key verticals that are increasingly leveraging IoT platforms and IT to find new efficiencies, effectively address market and user demands, and reduce costs.

How do you see the Middle East as an opportunity for you?

We were the first organization of our kind established here, that was almost five years back. I was the first person on the ground. Middle East accounts for almost 25% of our global market. We have almost 100% market share in all the big oil and gas all the big utilities, airports, trains, you name it, because we were the first and then we have the right partners. So now we're more playing defense than playing offense and everyone's trying to come here and get a slice of the pie.

Tell us about use case scenario for oil and gas sector?

There are two types of use cases. One is the cybersecurity use case and the other is operational use case. So typically, when we go in, we start with cybersecurity. That's when customers realize they need to elevate their cybersecurity posture, right.

Then you can do that for these two kinds of different basic mechanisms. One is if you look at Stuxnet and similar threats, you look at behavior analytics to capture state sponsored zero day threats. That's the one piece the other piece of cybersecurity is looking for traditional threats including ransomware, malware etc. Almost no customers have that and they all know that they need to have detection mechanism in the OT because like they have in IT. That is the first use case.

The second use case is that we go and ask to speak to the operations teams, the people who are responsible for getting onto a pipeline or manufacturing a car in a production line, whatever it is. So the same level of data, same, the same data that we use for security, we can also use to help them with operations. Typically, we start with cybersecurity, but

then we'll get to the operations teams. And once they get involved then it's a smoother journey for the CISO. The use cases for OT teams are more tangible.

Is there more awareness for the need for enhancing OT environments?

More and more customers are waking up to the fact that they have all these OT networks that weren't really aware of or paid any attention to and they need to secure them. If something would happen to them, they would need to shut down operations. What would happen if the left stopped working? What would happen if the heat ventilation or air conditioners cease operating. And those are OT networks. The blend between OT and IT is happening steadily. You don't find a pure OT environment without IoT in it. And you don't find an IoT environment without a little bit of OT.

19 DECEMBER 2022 / CXO DX » INTERVIEW
Bachir Moussa Regional Sales Director, MEAR, Nozomi Networks

VISIBILITY FOR BETTER SECURITY

20 CXO DX / DECEMBER 2022 » INTERVIEW
Maher Jadallah, Senior Director Middle East & North Africa, Tenable discusses the company’s focus on vulnerability management

Discuss focus areas of Tenable?

Tenable in the past was focusing in multiple areas, one of them being vulnerability management, which is very important. We decided to give some attention to the entry point to any organization, which is the identity of the user who is trying to access the services available in that specific network. We added the Active Directory to it. Then we went further into the OT industry, to the cloud and so on. Lately, we announced Tenable One, which is not a product but rather a platform, that helps to give more visibility for the end users.

What does Tenable One offer?

Typically, end users have technologies that are reactive. They have multiple technologies to address multiple threat vectors. And those threats are available on siloed infrastructure Tenable One is an Exposure Management platform that unifies discovery and visibility into all assets and assesses their exposures and vulnerabilities across the entire attack surface for proactive risk management. We have integrated Tenable.ad, which is the Active Directory security, where we check on the threats addressing the Active Directory and misconfigurations. It includes centralized view of all assets, including IT, cloud, Active Directory and Web applications, with the ability to create specific asset tags from a variety of sources and use cases. It checks assets facing the internet whether they're subject to attacks. It then provides a Lumin Exposure View, where we give some sort of benchmarking and rating for your specific industry compared to your peers about cyber exposure and security posture. So, a company CXO can get a high-level view of how their organization is placed compared to peers when it comes to security. If the customer has got some SEC ops and wants to go deeper to see deeper details, they can drill down into the details to get a better understanding of the vulnerability they have.

Has your addressable market expanded beyond the traditional it to the OT space? What is the opportunity you see in the Middle East?

In the past, OT or the companies who are using OT, they used to believe that the OT is totally isolated or encapsulated, or air gapped. We have started to see IT and OT convergence happening these days. The IT staff communicate with the OT team to update their systems, maybe, to get some reports. In some other cases, you see the CISO, who's looking after the security is looking at IT and OT together. And to keep them separated doesn't make sense anymore siloed IT and OT security practices resulted in significant blind spots, thus limiting your ability to detect vulnerabilities and prevent attacks. So we need to have integration between OT and IT security and that's exactly where we're heading today.

What are the Key verticals of focus in the OT space?

Whoever cares about availability, reputation, productivity, data confidentiality, even intellectual property is a typical customer of ours. So if you ask me have you increased your addressable market? I would say yes. Any customer who's using IT, OT is a typical customer of ours. Banking, Oil and gas, Defense are focus areas but as I said earlier, if the data means a lot to customers across different verticals, it means we can address their needs.

As the remediation is done by other solutions, so how do you

how do you what is the synergy in the go to market?

Our solutions have open API, which means they can integrate with so many solutions. As of today, our product can give us a report that shows all the vulnerabilities or the cyber threats facing a specific customer, then we hand them over to the Security OPs team. Then the Security OPs take that result, and maybe pass it to their remediation solution, or maybe pass to their remediation team to take an action or maybe integrate a remediation solution. So we're open for all of those, but we provide all the visibility needed for those remediation solutions or companies to help them address or patch the vulnerabilities.

How are the deployments? Are they all in the soc or delivered via the cloud public cloud?

Tenable One is a cloud based solution while Tenable does have on prem and on cloud offerings. Tenable One is on the cloud because we use a lot of threat intelligence feeds coming from the cloud. In the vulnerability management space or the OT vulnerability management space or the AD vulnerability management space, we have on prem and on Cloud offerings.

Discuss your partner engagement strategy?

We are very much a partner focused company in the region and even globally. So we depend almost 100% on our partners to deliver our because they are our extended arm, they can reach out to all verticals and markets. We are 100% happy with our partner focus. We have our professional services team at the same time, if that's needed, but most of our partners are qualified and they can deliver as well as we can.

21 DECEMBER 2022 / CXO DX » INTERVIEW
Maher Jadallah Senior Director Middle East & North Africa, Tenable

THE RISE OF BOTNET AND DDoS ATTACKS

Amr Alashaal, Regional Vice President - Middle East at A10 Networks discusses how botnet and DDoS attacks work and the most common mechanism for delivering attacks

Distributed Denial of Service (DDoS) attacks have become an ongoing threat for organisations. Using a variety of techniques, a wide range of threat actors from lone hackers, criminal gangs and hacktivists to nation-states are using DDoS attacks to disrupt or disable the performance of target systems. These targets can be small or large businesses, internet service providers, manufacturers, retailers, healthcare providers, schools and universities, or other nation-states. Essentially, any entity with an online presence can become a DDoS target.

Now, here is the why. There are three main reasons why people create botnets: For financial gain by extortion—’pay up or we keep attacking’; to make a point—’stop (or start) doing something or we continue’; or, in the case of nation-state actors, as an espionage or cyber warfare tactic.

This article will analyse how these botnet and DDoS attacks work and the most common mechanism for delivering attacks using collections of remotely controlled, compromised services or devices.

What is a Botnet?

The bots that make up a botnet can include computers, smartphones, virtualised machines, and a wide range of Internet of Things (IoT) devices such as IP cameras, smart TVs, routers, and even children’s toys i.e., anything with an internet connection. In particular, IoT vulnerabilities and misconfigurations are extremely common in the consumer market, making IoT botnets, which can comprise millions of hijacked devices, very easy for hackers to create.

Despite the warnings about IoT vulnerabilities and well-understood fixes to improve their security, basic defences such as requiring effective passwords and not allowing default logins are still ignored. Vendors failing to provide updates to address se-

curity problems, or device owners failing to apply updates, also creates another source of IoT vulnerabilities.

Hijacking devices for a botnet involves identifying devices with security vulnerabilities that allow them to be infected with “botware”. But these infected devices are just the first step.

There seems to be confusion about what constitutes a botnet. While the most obvious part of a botnet is the collection of devices it includes, the defining component is the existence of a command and control (C&C) system that controls what the network of bots does. By communicating with the botnet C&C system through the newly installed botware, each compromised device forms a network of bots. These bots are then controlled by commands sent from a “botmaster” or “botherder”.

What Do Botnets Do?

Botnets are used for four main purposes and, generally, a botnet can be switched as a whole or in parts between any of these functions.

1. Spam and Phishing

Bots enable spammers to avoid the problem of their own IP addresses getting blacklisted and, even if some bots get blacklisted, they can create thousands of backup IPs to use. Targeted botnet spam is used for phishing for identity theft. By generating huge amounts of spam email messages inviting recipients to visit promotional websites, websites impersonating banks and other financial institutions, and fake competitions, scammers try to harvest personal information such as bank account details, credit card data, and website logins.

2. Pay-per-Click Fraud

To increase website advertising revenues, botnets are used to hijack the pay-per-click advertising model by faking user in -

22 CXO DX / DECEMBER 2022
» COLUMN

teraction. Because of the distributed nature of the click sources, it’s hard for advertising networks to identify click fraud.

3. Cryptomining

An IoT botnet is the perfect platform for cryptomining. By running the algorithms that mine cryptocurrencies on tens of thousands of bots, hackers steal computer power from the device owners, creating significant revenue without the usual costs of mining, like electricity.

4. DDoS Attacks-as-a-Service

DDoS attacks are easily launched using botnets and, as with botnet-generated spam, the bots’ distributed nature makes it difficult for organisations to filter out DDoS traffic. Botnets can execute any kind of DDoS attack and even launch multiple attack types simultaneously.

A relatively new hacker business is DDoS-as-a-Service. On certain websites across both the Dark Web and regular web, individuals can buy DDoS attacks for as little as $5 per hour, with price scaling based on the attack’s scale and duration.

Botnet Command and Control

The latest botnet command and control communications are based on peer-to-peer (P2P) connections. In this model, compromised devices discover each other by scanning IP address ranges for specific port and protocol services and sharing lists of known peers and commands with any identified botnet members. This type of highly distributed mesh networking is more complicated to create but also much harder to disrupt.

The Future of Botnet and DDoS Attacks and How to Respond Botnets are here to stay. Given the exponential growth of poorly-secured IoT devices that can be co-opted into an IoT botnet, as well as the growing population of vulnerable computers, botnet attacks have become endemic. As a cyber warfare tool, botnet and DDoS attacks have been observed in use in the Russian/Ukraine conflict.

All IT teams should prepare to deal with a botnet and DDoS attack. The first step is to realise that no online property or service is too big, or too small, to be attacked.

Secondly, organisations should plan for increased bandwidth ideally on an as-needed basis. The ability to scale up an internet connection will make it harder for a botnet and DDoS attack to saturate access and isolate an organisation from the internet. This elastic provisioning strategy also applies to the adoption of cloud services, rather than relying than on-premises or single data centre services.

Thirdly, organisations should consider using or expanding their content delivery network (CDN) to increase client-side

delivery bandwidth. The use of multiple CDNs also increases resilience to DDoS attacks.

Finally, businesses should strengthen everything. Strategically deploying hardware and software DDoS mitigation services throughout organisational infrastructure is key to reducing the potential impact of a botnet and DDoS attack.

23 DECEMBER 2022 / CXO DX
Amr Alashaal Regional Vice President - Middle East, A10 Networks
» COLUMN
"There seems to be confusion about what constitutes a botnet. While the most obvious part of a botnet is the collection of devices it includes, the defining component is the existence of a command and control (C&C) system that controls what the network of bots does."

THE BORDERLESS ENTERPRISE: HOW

DO YOU KEEP IT STABLE AND SECURE?

Mohammed Al-Moneer, Regional Director, META at Infoblox discusses how you can reap the benefits of borderless enterprise while keeping your network stable without opening your doors wide to attackers

network. A network based on one central point cannot keep up with the demand for direct cloud access at the edges of the organization.

A major problem is that many organizations still rely on separate servers that manage DNS and DHCP for each location separately. Why is that a problem? Because fast, reliable services are essential for modern cloud networks. And local management of DNS and DHCP servers leads to a host of problems in a “borderless” enterprise, including higher costs, higher latency, human error, and slower performance.

able? In traditional networks, many tools are used side by side, leading to delays, compatibility issues, and complexity. This makes management complicated and time-consuming. By moving DDI management to the cloud, you can centrally manage your enterprise with greater flexibility, reliability, and automation than traditional on-premises DDI solutions. In addition, cloud-based DDI reduces latency by ensuring that traffic from all locations connects directly to the cloud through the closest point of presence. This makes cloud applications such as Microsoft Office 365 work faster. This means that all employees can access cloud apps and data as quickly as when they are in the office.

The cloud pushes the boundaries of the traditional office environment and enables the enterprise without boundaries. New technological developments around SaaS, IoT, SD-WAN and IPv6 are pushing smart organizations even faster to the cloud, to increase efficiency and better support users and locations, wherever they are.

The increasing use of public, private and hybrid cloud networks within enterprises is becoming increasingly challenging, and security is a concern. How can you reap the benefits of borderless enterprise while keeping your network stable without opening your doors wide to attackers?

Traditional network models cannot efficiently handle the complexity level of cloud networks. These models typically require network traffic from all locations to be routed through a centralized data centre to access the cloud, leading to bottlenecks. In a cloud-first world, the data centre is no longer the centre of gravity of your organization. The most important nodes are located at the edges of the

Move network management to the cloud DDI services play a central role in every interaction within your network. They keep your company network running and are involved in all digital actions, services, applications and data regardless of location. The DNS protocol uses several methods to translate domain names into numerical IP addresses. The DHCP protocol dynamically assigns IP addresses to endpoints connected to the network so that network administrators do not have to manually configure these settings. And IPAM manages the assignment of IP addresses within the organization.

For many organizations, cloud-based DDI management is a flexible and cost-effective alternative to (or complements) on-premises, server-based DNS and DHCP solutions. By using lighter virtual or physical devices in remote locations, essential services can be centrally managed in the cloud. You no longer have to configure devices locally or perform complex services on location. This leads to reduced hardware and operating costs.

But how does network management in the cloud make your network more reli-

Full and central DDI visibility not only provides a more controlled and efficient management experience for your network team, but also increased security. The visibility of network traffic is an absolute precondition for security professionals to do their job well. You can't protect what you can't see. And when your network is fragmented, security holes are more likely to occur. The advantage of central, cloudbased DDI is that you can monitor activity anywhere in the network and act quickly when suspicious actions occur.

Traditional networks are not equipped to meet the needs of organizations as they no longer house all their apps and services in one data centre. Organizations are accelerating their digital transformation to respond to changing consumer demands and the needs of remote workers. It is therefore more important than ever to ensure that employees can access the company network, data and applications from anywhere and on any device. With cloud-based DDI management, organizations can provide secure and stable access to any remote business user and no longer have to rely on slow, fragmented systems.

24 CXO DX / DECEMBER 2022
Mohammed Al-Moneer Regional Director, META, Infoblox
» COLUMN

DIGITAL INVESTMENT IS AN ESSENTIAL ENABLER

efficiency and profitability

Unprecedented headwinds over the past two years - pandemic, war, labour and supply chain challenges, inflation - are making it much more expensive to run a business. Under pressure to reduce costs and increase efficiency, many companies are turning to automation and cloud technology to drive immediate value across all departments.

Parallels between the start of the pandemic and this new phase of global uncertainty are striking. Companies which accelerated their digital transformation during the public health crisis were able to pivot quickly and come out stronger. The same applies today.

According to Accenture research, ‘Leader’ businesses doubled down on their tech investment during 2020 and 2021. As a result they are now growing five times faster than ‘Laggard’ businesses. It also found that a new group of ‘Leapfrogger’ businesses. Those that targeted over twice as many processes for digital transformation during the pandemic, are now growing four times faster than Laggards and closing the gap on Leaders.

In today’s high-cost environment, leaning into digital investment is an essential enabler for driving efficiency and profitability, whilst boosting innovation and ensuring competitive advantage. Success now means connecting with customers in new, simpler and more cost effective ways. It means consolidating and reducing complexity and automating workflows across their technology stack.

Rising Automation

According to Statista, worldwide spending on the two primary types of business automation, robotic process automation and intelligent process automation, is expected to hit $19.3 billion this year, up from $13.6 billion two years ago. The impact is profound, affecting the way we work and serve customers.

AI and machine-learning are being used

by major global manufacturers and retailers to rethink supply chain management, to effectively manage rising supplier prices, and to determine how best to meet customer purchasing preferences. Companies need to create incredible customer experiences across every interaction to stay competitive. For retailers, this means infusing digital across the entire physical and virtual shopping journey.

From setting up self-service technologies to reduce the cost of customer support, to driving productivity for a sales or marketing team to get better at measuring ROI, we can expect to see greater focus on data, analytics, and AI as economic turbulence continues.

Only by working on one trusted platform in real time — giving every employee a single shared view of the customer - can organizations expect to drive higher levels of productivity and customer loyalty at a lower overall cost to serve.

Across the public sector from vaccine distribution management to call center operations, governments and citizens have seen first-hand the power of what technology can do for them: delivering high quality digital services, driving efficiencies and cost-effectiveness.

According to a global Salesforce survey of 600 CIOs and IT decision makers, the vast majority (91%) of respondents report that demand for automation from business teams has increased over the last two years. Specifically, the highest demand for automation came from four departments: Research and development (39%), Administrative/operations (38%), Customer service (33%), Marketing (26%)]

Automation is also playing a major role in workforce engagement, reducing time spent on repetitive tasks and empowering workers to focus on more strategic activity. Collaborative technologies are reimagining how teams work together, organize their people, and deliver greater customer experiences in this digital-first and workfrom-anywhere world.

Building Better Resilience

In the digital economy, the businesses that adapt to changes quickest will thrive. As disruption continues, CEOs who previously delegated their digital strategy want to take direct leadership today. From business performance, employee skills preparedness, societal equity to climate change, technology is fundamental to driving efficiencies and smarter implementation in all these areas.

Although we cannot predict the future, we can be strategic and build better resilience. We must rethink our approach to efficiency at every level, in every department. We must commit to continuous innovation to solve customers’ problems, ensuring seamless service from anywhere, and adapting to customers’ changing priorities. This in turn will provide opportunities for success in the long term.

25 DECEMBER 2022 / CXO DX
Thierry Nicault, Salesforce Area Vice President - UAE, Middle East writes that as disruption persists, digital investment will drive
» COLUMN

THE RANSOMWARE REALITY CHECK FOR SMBs

Muhammad Yahya Patel, Security Evangelist at Check Point Software Technologies writes that SMs should focus on improving resilience, staring with ensuring the rollout of security patches across all employees and devices as soon as they become available

Ransomware – a threat we’re all becoming increasingly aware of and want to stay far away from. It impacts every sector and attacks are increasing in frequency and sophistication all the time. Yet, few small and medium sized businesses (SMBs) realize they are just as at risk, if not more so than larger enterprises. In fact, in 2022 alone, 61% of all cyberattacks were aimed at small businesses.

Part of the appeal is that SMBs retain a wealth of confidential information from medical records to bank accounts, all of which cybercriminals can either sell or hold for ransom. This can land companies in more trouble than just the initial cost of a ransomware attack, which can be crippling, but they may be subject to additional fines if confidentiality laws are breached. Add to that the loss of customer trust that many SMBs rely on to compete with larger companies, and you get a clearer picture of how devastating an attack can be.

As SMBs continue to embrace a host of new technologies on their digital transformation journeys, this threat is only going to increase. From transitioning to the cloud to the use of SaaS

platforms to facilitate remote access for hybrid working, more devices are now exposed to the internet than ever before. So, how can SMBs increase their cyber resilience to prevent a ransomware attack?

A criminal enterprise with extortionate returns

Across the board, cybercriminals have been upping the ante in terms of both frequency and sophistication of ransomware attacks. Ransomware is favoured by many as it is quick to deploy and offers lucrative returns. In ransomware attacks, criminals gain access to your high value data and encrypt it so that you cannot access it without them supplying the unlock code in return for cash. Sometimes lots of cash, usually in the form of untraceable crypto-currency. In fact, in 2021 it was reported that ransomware attacks globally resulted in businesses handing over a total of $49 million. And let us not forget, we are dealing with criminals here, so there is no guarantee that your data will be unlocked once a ransom has been paid and they may come back for more. Some cybercriminals may even try to raise the stakes by instigating a double or even triple extortion attack, where they leak some of

26 CXO DX / DECEMBER 2022
» COLUMN

the stolen data in order to pile on the pressure or ask for money from the individuals affected.

Easy targets

The shift to remote working has only added fuel to the fire and threat actors are aware of the increased attack surface that SMBs now present, and of the lower cybersecurity budgets they commonly have access to. This makes them an easy target for hackers who can access valuable data without some of the obstacles that are common in larger organizations, many of which have a dedicated cyber security team and more resources to deploy the latest threat detection and prevention technology.

SMBs need to understand that not only are they likely to face a ransomware attack but that the impact of any attack could have a disproportionately greater effect on them compared to larger organizations. In other words, while the financial amount from a ransomware attack may be far greater for a large enterprise, they have the resources to recover while for an SMB this could put them out of business overnight.

How are attacks instigated?

Ransomware is most commonly distributed through phishing emails which rely on catching someone at a busy moment and enticing them to make an ill-judged decision. Hackers will commonly use a trusted brand or spoof the email address of a colleague to give the message credibility. Threat actors will then ask the victim to click on a fraudulent link which can deploy ransomware. Other techniques may involve social engineering, whereby the hacker gathers information about a victim in order to build a relationship with them to obtain their login credentials which the threat actor can then use to launch an attack.

Most smaller businesses will have some form of endpoint protection for their laptops, servers and desktops but often IoT devices like security cameras will not be protected. With more people using their personal mobiles and iPads for work, how many of these have any form of mobile security deployed on them? Not many, with a recent report finding that 80% of all BYOD in a company are not managed.

It only takes one device, whether it’s a mobile phone, tablet, or laptop and only one employee to download a malicious file or click on a fraudulent link and the entire corporate network is up for grabs. Before you know it, ransomware is deployed, you are locked out of your systems; unable to trade, and customer privacy is lost. As a result, it’s important for SMBs to engage with their staff and make them aware of the risk, to reduce the likelihood of falling victim to a scam.

How can SMBs protect themselves?

It all starts with improving resilience. First, all organizations should be on top of security patches and rolling those out across all employees and devices as soon as they become available. Any delay could be a window of opportunity for a cybercriminal. It’s critical that internal processes are improved so that these updates can be done quickly and efficiently. Second, make sure that backups are in no way connected to the main server. Often companies are lulled into a false sense of security because they have

a back-up somewhere, but in many cases, they are saved on the same server as all of their other data, meaning it will all become available during an attack. Instead, organizations should have a completely isolated, off-site network backup so when they are recovering from a ransomware attack, employees can access key files that allow them to continue with day-to-day operations.

As budget can often be an obstacle for SMBs, it should be a priority to reduce the number of solutions in place and consolidate to a single platform or vendor before looking to implement any new technologies. This is because organizations are often reliant on a number of third-party suppliers to protect different areas of their business, adding duplicate defenses unnecessarily. By reducing the number of vendors involved, this will cut down cotal cost of ownership (TCO), reduce the attack surface and provide a unified view of the entire network, so it’s easier to spot any unusual activity.

Period of Change

Ransomware is a growing problem and is showing no signs of slowing down. As a result, SMBs need to be preparing now before an attack occurs. As they begin to plan for this new period of change, it’s important that they don’t treat their cybersecurity strategy as a one-off. It needs to be agile so that it can adapt as the threats change. The methods hackers use are constantly evolving and as such businesses need to be prepared to change their approach at the same rate. It is essential that this becomes a priority for every SMB because any delays can result in a devastating outcome.

27 DECEMBER 2022 / CXO DX
» COLUMN

WHAT’S NEXT FOR CYBERSECURITY

In 2022, ransomware continued to reign king and became one of the most common and dangerous threats facing healthcare organizations and software supply chains. The war on Ukraine created heightened concern over zero-day threats, wreaking havoc for organizations worldwide. The cyber gang Conti with Russian-linked ties managed to disrupt financial operations throughout Costa Rica, and it seems there is no end in sight to the hacking group Lapsus$, which has proven itself to be a formidable threat actor.

So, what’s next for cybersecurity in 2023? Here’s what I expect we’ll see in the year ahead:

Increased cloud credential attacks, unless… The big shift to SaaS has fragmented more than a decade’s worth of work to simplify and consolidate corporate Identity and Access Management (IAM) systems. What’s more, many new SaaS applications don’t integrate with organizations’ existing single sign-on (SSO) solutions, yet organizations continue to accelerate adoption of new SaaS software, even without the security controls of SSO. Con-

28 CXO DX / DECEMBER 2022 » COLUMN

sequently, adversaries will increasingly focus on finding these weaker access points (new SaaS applications) to gain access to corporate and personal data, unless IT and Security departments manage to get IAM back under control.

Deepfakes play a larger role in blended attacks. In recent years, we have seen the increased success of blended attacks that combine social engineering tactics with malicious links, for example. With end users becoming more aware of social engineering, we can expect more sophisticated attackers will increasingly turn to deepfakes to trick end users into clicking on malicious links, downloading infecting files, and the like. It won’t be long before deepfakes become yet another common and core element of the blended attacks being used in the cybercrime kill chain.

The fifth generation of ransomware emerges. A recent report by Cybereason found that 73% of organizations suffered at least one ransomware attack in 2022, compared with just 55% in 2021. As the world reaches saturation of ransomware, adversaries will explore new methods to get money from the same victims. This will be the fifth generation of ransomware.

Lawmakers refocus regulation. In the coming year, regulation in the E.U. will have more of an emphasis on ensuring businesses have truly identified and remediated breaches. This regulatory focus will close the gap between shutting the attack door in the immediate aftermath of an incident and understanding the attack’s impact. In the U.S., regulatory bodies like the SEC are taking a different approach, one that focuses on enhancing cyber risk reporting and board-level governance.

Ransomware will test cloud storage access controls. Cloud storage can give organizations a significant data protection advantage, along with more flexible recovery options. But as ransomware moves from the endpoint to target cloud-only spaces, it creates new risks for organizations, especially those that accelerated cloud adoption during the pandemic and lost sight of where sensitive data lives and who has access to it. This creates weaker credential management, leaving room for ransomware to infiltrate.

Cyberattacks will be transferable between smart devices. The typical cyberattack moves from hacker to device, but 2023 may bring the first cyberattack that jumps between smart devices, including smart cars. We haven’t seen the in-smart environment replication just yet, but with the pace of innovation, a smart car attack could be riding shotgun to the vehicle next to you.

The risk of a significant attack on critical national infrastructure rises. As both direct and indirect cyber warfare domains grow, so too does the potential for a substantial cyberattack, most likely in an area such as the energy space. I see this risk most presently in EMEA, but it’s certainly top of mind among cybersecurity and national defense experts globally.

Burnout will impact cyber resilience. Security teams around the world have been working long hours from home, adapting their organization’s security posture to support all the shifts in key business systems. In an industry that is still facing a massive skills shortage, we shouldn’t be surprised if burnout impacts security teams’ ability to maintain the round-the-clock coverage required to respond to a crisis in a timely fashion.

Security leaders will need to develop new strategies for supply chain threats. The standard due diligence and security assessments that CSOs have performed on third parties is no longer adequate given the escalating frequency and impact of supply chain attacks. Regulations like the E.U. NIS Directive 2.0 and cyber insurance providers are forcing companies to conduct more frequent and dynamic assessments of their supply chain risk and to better control the access third parties have to their networks.

Defenders don’t have to face an uphill fight in the battle to fend off cyberattacks. There is no test to our resolve, our ingenuity, and our defenses. In the new year, the cybersecurity industry as a whole should re-examine its threat posture and adjust its readiness footing by seeking out the right partners and implementing best practices.

29 DECEMBER 2022 / CXO DX » COLUMN

THE IMPORTANCE OF DevSecOps

Kevin

Security has always been one of the most important aspects of information technology, and today many organizations and their developers adopt a security-first mindset when building applications. These principles and actions are often collectively described as ‘DevSecOps’, which encompasses the entire culture and approach of application security. DevSecOps stands for development, security, and operations. It aims to embed a security-first mindset into all aspects of information technology and infrastructure.

One of the newest and most exciting markets in information technology is blockchain, which comes with a giant ecosystem of decentralized protocols and applications that aim to take us into an updated version of the web, what many refer to as web3.

What is web3 and what exactly is a decentralized application?

The term web3 encompasses various concepts that focus on aspects of application architecture and user experience:

• Decentralization

• Openness

• Immutability

• Programmability

• Transparency

These core concepts aim to give users back control of their identity using public key cryptography and grow the adoption of peerto-peer economics through various blockchain mechanics and protocols. Many blockchains and their surrounding protocols can process advanced transactions and manage state using smart contracts that are executed within isolated virtualized environments.

These are then synchronized across all nodes on the network through a mechanism called a consensus algorithm. This is a mechanism that allows users or nodes to coordinate in a distributed setting to ensure that all nodes in the system can agree on a single source of truth, even if some agents fail. Additionally, many blockchains operate in a censorship-resistant way by keeping their protocols open and permissionless.

What does the landscape look like?

There is an inherent risk in a blockchain-based architecture because the backbone to the network is typically powered by a digital, token-based cryptocurrency and usually carries a monetary

at

discusses the importance of DevSecOps in Blockchain, Decentralized Protocols and Applications

value. These tokens are held in addresses, typically stored in externally owned accounts or within smart contracts. And since trust is also distributed with use of public key cryptography, each address on the network is prone to attack.

The balance for each account is distributed across the network on what is known as the public ledger, visible for anyone to see, which leaves an open window for hackers to target specific users or contracts. This makes privacy and anonymity a particularly important aspect for blockchain. Often, humans managing these accounts are either targets of attack or are given too much trust and can act in an illicit way.

• Social engineering

• Poorly managed trust or keys

• Embezzlement and fraud

• Scams

Additionally, the technology footprint of these various blockchain technologies, protocols and decentralized applications is already large and is growing fast. Therefore, it is important to think about the security implications of this fast-growing ecosystem. Anything that is built with a core concept of decentralization has an increased landscape and therefore more attack points that should be carefully analyzed and secured.

Here are a few points that are worth considering when auditing the security of your decentralized applications and technology infrastructure:

• Layer 1 Blockchains (Bitcoin and Ethereum)

• Layer 2 Blockchains (Sidechains and Rollups)

• Smart Contracts

• Compilers

• Software wallets

• Hardware wallets

• Blockchain Clients (Miners and Validators)

• Custodial Exchanges (centralized)

• DeFi Exchanges (decentralized)

• Providers

• Marketplaces (NFTs)

Common attack vectors in smart contracts

When we talk about DevSecOps in the development lifecycle of

30 CXO DX / DECEMBER 2022 » COLUMN

an application, we typically refer to security driven development. This is also commonly known as the act of shifting security left. It is one of the most important aspects of the DevSecOps culture, because it starts with developers thinking about security as code. Since blockchain-based smart contracts can store value and act as a bank, this makes the code within them extra vulnerable to attack and they should be written with strict security in mind.

We have seen several hacks targeting smart contracts and the vulnerabilities usually are focused on exploiting the code. One of the biggest hacks in history took place last year when Poly Network, a cross-chain protocol, reported that an attacker hacked a smart contract, transferring the equivalent of 610 million USD by moving various assets to external wallet addresses controlled by the hacker.

There are many vulnerabilities of smart contract development, but some of the most frequent attacks are:

• Underflow and Overflow - Typically occurs when arithmetic operations cause unsigned integers to reach their maximum byte size, causing the value to ‘wrap around’ and could cause unexpected behavior in the business logic of your application.

• Contract Reentrancy - The action of exploiting a contract by reentering over and over, where the attacker usually withdraws more funds than should be permitted.

• Transaction Front Running - This refers to the process where someone uses technology or market advantage to get prior knowledge of upcoming transactions.

• Poorly managed secrets.

• Poorly implemented access control.

What can you do to level the playing field?

• Build a security-first culture, DevSecOps concepts are a great starting point for organizations looking to build a security culture.

• Perform audits. Audits give a fresh perspective on application logic and operational processes, help expose vulnerabilities in code, and instill trust in users of your application. MythX and Slither are great tools for auditing Ethereum smart contracts.

• Offer bug bounties and perform crowd sourced pen testing. Crowd sourced security is a proven method to help strengthen your security footprint. By placing your company into bug bounty programs and performing penetration testing of your applications and infrastructure you can stay ahead of vulnerabilities and hacks.

• Adopt an open-source strategy. The transparency of your application is important in a technology like blockchain because it allows participants to opt-in based on the verification and audits of your code. Additionally, having components that are opensourced allows for more accountability of your project in a community setting.

• Implement multi-signature for administrative operations. Implementing smart contracts that adopt a multi-signature archi-

tecture for administrative functions like transferring ownership, funds, and other critical operations will provide an extra layer of security for your application.

Conclusion

Blockchain, decentralized applications and the various protocols surrounding them are growing quickly. These new and exciting ways of deploying applications have the potential to disrupt many different industries. However, it is imperative that we focus on a security-first mindset and implement a DevSecOps culture wherever possible.

Further reading

The first step in anyone's journey into blockchain should be to read the associated whitepaper for the protocol you are building on.

• Bitcoin Whitepaper

• Ethereum Whitepaper

Next, study previous hacks and vulnerabilities, even going as far as to try and reproduce the hack in your development environment.

To get a hands-on learning experience for security on Ethereum, I recommend the following capture the flag (CTF) programs in which vulnerabilities or ‘flags’ are hidden in purposefully vulnerable programs or websites to teach fundamentals of security.

• OpenZeppelin: The Ethernaut

• Capture the Ether

31 DECEMBER 2022 / CXO DX
» COLUMN
Kevin Jones Senior Product Manager NGINX, F5

NaaS: PULLING THE LEVERS TOWARDS SUSTAINABLE SUCCESS

terprise

discusses why a solid NaaS offering should reassure customers that an environmental approach to networking is being taken across the entire IT supply chain

While digital transformation has undoubtably helped businesses gain a competitive edge, increase profitability and enrich customer experiences across the globe, we cannot ignore technology’s contribution towards the world’s carbon footprint. As climate change continues to dominate conversations amongst businesses and consumers alike, we need to commit to reducing technology’s environmental impact.

After all, if the IT industry were a country, it would be the fifth biggest emitter of greenhouse gases in the world. What’s more, around fifty million tonnes of electronic-waste (e-waste) is generated globally every year, and this figure only looks set to rise.

Tackling this environmental crisis requires a collaborative effort across the entire technology ecosystem, from vendors to con-

sumers themselves. From a channel perspective, partners must now play a crucial role in helping their customers navigate sustainability challenges. In fact, with environmental considerations increasingly driving many customers’ tech purchasing decisions, channel analyst Canalys recently stated that for partners, “Being able to position sustainability as a part of your IT-as-a-service offers is going to be key to your resale success.” Canalys also confirmed that for partners the environmental accountability of IT investments will be one of customers’ top priorities within the next two to three years.

But what exactly does a sustainable IT-as-a-service offer look like? Network-as-a-Service (NaaS) is a great place to start. Recent research from Aruba has shown a clear appetite for this new network consumption model amongst end-users across EMEA

32 CXO DX / DECEMBER 2022
» COLUMN
Sherifa Hady, Vice President Channel, EMEA at Aruba, a Hewlett Packard En- company

Already recognised by potential customers as a key enabler of financial flexibility and business agility, here’s how NaaS can also pull those all-important sustainability levers.

Optimizing energy consumption

NaaS provides end-customers with innovative and sustainable networks that they can ‘rent’ from the experts on a subscription basis. By partnering with an experienced NaaS vendor, channel companies can combine their unique understanding of their customer’s business with the vendor’s depth and breadth of product and solution knowledge to provide a network configuration that optimizes energy consumption. To further reduce the customer’s carbon footprint, modern network vendors like Aruba also help deliver greener IT by sourcing electricity from renewables and utilizing Artificial Intelligence (AI)/Machine Learning (ML)based models to bring down power consumption.

Of course, a solid and sustainable NaaS offering should be underpinned by an environmental approach to networking across the entire IT supply chain. Channel partners need to reassure their customers they are working with certified sustainable vendors to ensure climate-conscious initiatives are embedded at the very top of the value chain. NaaS players such as HPE GreenLake for Aruba are already working towards their climate goals, with HPE seeing a 53% reduction in operational greenhouse emissions from 2016 levels and a 30x increase in the energy performance of its product portfolio, from its 2016 baseline.

Reusing hardware

Today’s NaaS offerings are increasingly accompanied by IT assed disposition (ITAD) services, a practice built around reusing, recycling or disposing of unwanted IT equipment in a safe and environmentally responsible way. In fact, 77% of businesses view ITAD assistance and e-waste services as an essential element of a NaaS offer according to IDC.

By factoring asset decommissioning strategies into their NaaS offering, channel partners can enable customers to participate in the circular economy, ensuring the life cycle of products is extended for as long as possible and reducing waste to a minimum.

On top of this, with digital transformation pressures rising, purse strings on IT budgets tightening, and technology lifecycles shortening, organizations can add value back to their business through this model of consumption. Upcycling and remarketing idle equipment can give functional assets a second useful life, and in turn provide money back to the business for customers. Choosing pre-owned equipment where appropriate can help to expand budget for innovation projects where new technology is paramount.

Delivering data

As sustainability requirements increase, and with the eyes of the world watching, organizations will be challenged to deliver more sustainability and environmental reporting than ever before. But with networking skills a scarce resource and existing IT teams stretched to capacity trying to deliver against the continued de-

mands of digital transformation, help is desperately needed to deliver back the necessary data.

With NaaS, organizations can again buy in this expertise – and rely on their channel partner to provide them with key metrics around power usage, carbon emissions, and end-of-life disposal.

Conclusion

In recent years, sustainability has soared to the top of the business agenda for most organizations. Channel partners have an important role to play in connecting the dots between sustainable vendors and customers seeking to deliver green IT.

A solid NaaS offering should reassure customers that an environmental approach to networking is being taken across the entire IT supply chain. The subscription-based model delivered through the channel allows customers to enjoy the benefits of sustainable network practices, enables them to reduce the amount of IT equipment needed and operate their existing equipment at higher levels of utilization, offset environmental damage through hardware reuse and technology refreshes, and help report back on their environmental progress.

33 DECEMBER 2022 / CXO DX
» COLUMN
Sherifa Hady Vice President Channel, EMEA at Aruba

THE DATA GUARDIAN’S GUIDE TO SELECTING A SOVEREIGN CLOUD

We’re hearing more and more these days about sovereign cloud. While it is not a new concept it has risen to prominence recently due to a changing geopolitical landscape and new regulations that affect the degree of sovereignty organisations and individuals are able to exercise over their data.

This is because a sovereign cloud provides a smart solution for a growing appreciation of benefits and risks of not having well defined jurisdictional requirements at a territory level pertaining to data. The size of the global government cloud market is expected to reach $71.2 billion by 2027 from $27.6 billion in 2021, according to market research firm Imarc Group. Microsoft recently unveiled Cloud for Sovereignty - a new offering designed to help the public sector comply with regulators' increasingly strict requirements to keep data within a certain geographical area, particularly in Europe.

Holiday season

With all the various perspectives on sovereign cloud and the

sovereignty of data - and its relevance to cloud consumers - being aired publicly across the continent, it is becoming difficult to understand what it all means. This is especially true for those responsible for corporate or public data, when there would appear to be very little in common between the many competing definitions of sovereignty as it pertains to different forms of customer data and how best to address the concerns raised by the likes of GDPR, the US Cloud Act and Schrems II.

To avoid this being a dull technical discourse, we’ll use the analogy of planning family holiday accommodation as a light relief similar to the situation. While seemingly leftfield, there are more similarities than you would think on the surface. Both involve multiple parties, with varying needs and a huge amount of influencing factors. Similarly, a well planned and executed family holiday can make amazing memories, whereas a badly planned holiday can leave permanent scars. In this respect it is not unlike the decision as to where to host one’s valuable corporate or public data.

34 CXO DX / DECEMBER 2022 » COLUMN
Joe Baguley, VP & CTO, EMEA, VMware writes that , there’s no one size fits all
solution and what will work for some, will not work for others when choosing the right sovereign cloud

Three main choices

It’s a situation akin to choosing from a variety of accommodation when going on holiday, notably; the international hotel, the smaller, localised one or a boutique offering. The former is big with lots of support services and comes with a well-known reputation. Its guests consume the basic package of the room, but all other facilities and activities are chargeable individually.

The second option is like the first but more localised. Many of the services, activities, and facilities of the international hotel brand are available at this franchise hotel, but where a local partner company owns the operation and does the overall management. This has some appeal as the services are more localised as are the staff who have received additional training that is more locally relevant in line with regulations and jurisdictions. However, as this is a smaller operation some of the services offered by the international hotel brand are not available, nor are the added advantages of accruing loyalty points or familiarity and greater certainty over service that a large international brand offers.

The final choice is a local boutique hotel that has been operational for many years in a local area, and which provides a very tailored experience. This varies from the first two options in that it works with the guests to create specific packages of activities and services and on balance is more expensive and labour intensive as the hotel makes a real effort to understand their guests and consequently tailor a very relevant package of activities and services. This entity understands all the requirements of operating locally and can offer benefits accordingly.

Five defining factors

There are clear pros and cons with each and, much like a cloud provider, the key question is which to choose? The answer is not simple and comes with several defining factors, particularly:

● People (staff and booking operators) - Data guardians should be aware that certain tiers of data should ideally only be managed by certain types of individuals. Part of the journey to assessing the type of sovereign cloud a business needs is understanding the type of individuals that should have access to the different classifications of data for which the data guardians are responsible.

● Access (support services) - This is critical in understanding the choice of sovereign cloud and how all associated account and service metadata relating to that customers data, are handled according to which regulatory frameworks, auditing standards and which jurisdictions the sovereign cloud provider are subject to from the perspective of governance, oversight and compliance.

● Process (ease of booking, autonomy in consuming services and providing feedback to the provider) - The systems used to aid the people in carrying out their duties. This is all about the accountability of the sovereign cloud when it comes to how the customer’s data as well as all the associated account and service metadata generated by the provider are managed and potentially leveraged, and by who and where.

● Activities (what you get) - Relates to what people, through access, and leveraging processes can conduct by way of activities

against the data, both customer and account, and service metadata. It speaks to the level of expertise and accountability and training of the staff as well as what they are allowed to do. For example, with children you don't have a generic support staff, you have one trained to work specifically with children. Understanding the data classification and how ideally those data types should be accessed and what levels of management are enabled by what types of personnel using which systems, is critical to selecting the right sovereign cloud.

● Technology (the accommodation structure and ergonomics)The need to have a robust and resilient architecture, located locally within the Jurisdiction, and optimised to reflect the sensitivity and value of the data hosted on the platform whether that is at an individual customer level or more broadly at a data classification level. The facility should be secured and operated at the highest levels of resiliency, but with the data also needing to be always available this creates a need for backups and disaster recovery solutions that exist beyond a single site architecture while remaining wholly within the local jurisdiction.

The right choice, for you

So, if your sovereign cloud provider was holiday accommodation, which would you choose? Like all families, there’s no one size fits all solution and what will work for some, will not work for others. Classifying and understanding a business’s data types is the first step one should take as a data guardian when looking at selecting the right sovereign cloud for your business.

35 DECEMBER 2022 / CXO DX » COLUMN

ALL-IN-ONE PENDANT SPEAKERS

Axis Communications has announced two new multipurpose, easy to integrate, all-inone pendant speakers. Ideal for mounting on high, open ceilings, the visually attractive speakers can be used to make live or prerecorded announcements and to play background music, improving the customer experience and supporting security and safety.

AXIS C1510 Network Pendant Speaker and AXIS C1511 Network Pendant Speaker are all-in-one speakers that make audio announcements smart and easy. The new speakers are particularly well-suited to retail stores, shopping malls, and other environments where design is of importance, blending seamlessly and elegantly into any surroundings. The pendant speakers can be installed in any ceiling, regardless of height, through simple adjustment of the cable length depending on requirements.

The new smart speakers allow customers to mix live or pre-recorded announcements and commercial ads to suit various needs and increase business efficiency, and also play background music to improve the customer experience.

Highlights:

• Built-in audio management software handling zoning, scheduling, and prioritization between content sources

• Based on open standards, both speakers can integrate with video management software (VMS), Voice over IP (VoIP) telephony (using SIP), and with analytics from Axis and our partners

• I/O ports, enabling integration with other systems and devices such as PIR sensors, buttons, strobe lights, and more

• In-built and clearly visible LED which adds visual status information ideal for many different use cases

• Remote health testing through in-built microphone

LATITUDE 7230 RUGGED TABLET

Dell Technologies has announced its newly redesigned tablet, the Latitude 7230 Rugged Extreme. This premium tablet is built for professionals who work in the most extreme environments, delivering substantial field performance and productivity.

The 7230 Rugged Extreme is the lightest 12” fully rugged tablet and was designed for professionals in arduous roles that demand critical reliability. The tablet’s durability and mobility make it a valuable tool to EMS and other first responders. It also has the reliability and security features required to help military and government

officials, such as safely managing highly sensitive information.

There is also a range of new and enhanced accessories that are built to match the ruggedness of the tablet and support its use in a broad range of environments. Among these accessories are a new detachable keyboard, active pen to further enhance screen interactivity, rotating hand and shoulder strap built with durable and cleanable materials, magnetic mount that enables users to attach the tablet to any metallic wall or surface, and a rigid handle that supports ease of mobility that is also reversable according to preference and ergonomics.

36 CXO DX / DECEMBER 2022
» TECHSHOW

INVIXIUM IXM VERTU

Invixium, a premier manufacturer of innovative touchless biometric solutions has launched IXM VERTU, a modern access control reader capable of reading RFID cards along with mobile credentials via BLE or NFC from up to 8 cm away. IXM VERTU is a thoughtfully engineered RFID card and mobile access reader. This modern, elegant solution supports the latest features like mobile credentials along with multiclass card technology. IXM VERTU’s unique balance of security and versatility makes it an incredible choice for businesses of all sizes.

Installation takes mere minutes and configuration is easily completed for Wiegand or OSDP through a configuration app. For clients that already have an access control software solution, IXM VERTU can seamlessly be added to their existing access control system.

VERTU’s rich combination of features is built into a sleek, elegant two-tone enclosure that can be easily mullion mounted in small spaces and door frames, complementing any new or existing décor. Its IK08 impact and IP67 ingress ratings allow IXM VERTU to be installed indoors or outdoors. The durability and appealing design of VERTU make it a great choice for businesses of all sizes and industries.

Highlights:

• Intelligent Mesh & WiFi 6E with access to the new 6 GHz band unleash maximum speeds and reduce interference.

• 5 Gb WAN port makes the most of ISP’s multi-gigabit speeds.

• With 4x** the channels of current WiFi router systems, the 6 GHz band can handle all the traffic from the busiest smart homes using heavy-bandwidth devices all day, every day

• Easy setup and control through the free Linksys app.

• Works with your existing modem

• and internet provider.

• 3-Year Limited Product Warranty.

Highlights:

• The pre-installed Dell TPM 2.0 ControlVault™ also allows for new security features, including an Infrared Camera for Microsoft Windows Hello facial recognition, and optional features like a touch fingerprint reader, a removable SSD for sensitive data, and contacted or contactless smartcard reader.

• The 7230 Rugged Extreme tablet is drop-tested and temperature-tested to withstand the most strenuous circumstances. Other features of the tablet include increased battery life, with up to 20 hours, and durability.

37 DECEMBER 2022 / CXO DX
» TECHSHOW
At 1.27kg, the 7230 Rugged Extreme is a powerful tablet, boosting performance with 12th Gen Intel Core up to i7processors with integrated Iris Xe graphics.
The tablet’s 1200 nits of brightness and glove touch capability ensure viewability in direct sunlight and enables optimal screen interactivity on a 16:10 aspect ratio display.
With 13% more active screen area than the previous generation, it has the largest screen area in a 12” fully rugged tablet.
Equipped with Wi-Fi 6E, the 7230 Rugged Extreme also enables faster and more efficient data sharing.

Worldwide end-user spending on public cloud services is forecast to grow 20.7% to total $591.8 billion in 2023, up from $490.3 billion in 2022, according to the latest forecast from Gartner, Inc. This is higher than the 18.8% growth forecast for 2022.

“Current inflationary pressures and macroeconomic conditions are having a push and pull effect on cloud spending,” said Sid Nag, Vice President Analyst at Gartner. “Cloud computing will continue to be a bastion of safety and innovation, supporting growth during uncertain times due to its agile, elastic and scalable nature.

“Yet, organizations can only spend what they have. Cloud spending could decrease if overall IT budgets shrink, given that cloud continues to be the largest chunk of IT spend and proportionate budget growth.”

Infrastructure-as-a-service (IaaS) is forecast to experience the highest end-user spending growth in 2023 at 29.8%. All segments are expected see growth in 2023. “Cloud migration is not stopping,” said Nag. “IaaS will naturally continue to grow as businesses accelerate IT modernization initiatives to minimize risk and optimize

costs. Moving operations to the cloud also reduces capital expenditures by extending cash outlays over a subscription term, a key benefit in an environment where cash may be critical to maintain operations.”

Gartner expects that PaaS and softwareas-a-service (SaaS) will see the most significant impacts from inflation due to

staffing challenges and the focus on margin protection. However, both segments will still see continued growth, with Gartner forecasting 23.2% growth for PaaS and 16.8% for SaaS in 2023.

“Higher-wage and more skilled staff are required to develop modern SaaS applications, so organizations will be challenged as hiring is reduced to control costs,” said Nag. “But since PaaS can facilitate more efficient and automated code generation for SaaS applications, the rate of PaaS consumption will consequently increase.”

“Despite growth, profitability and competition pressures, cloud spending will continue through perpetual cloud usage,” Nag added. “Once applications and workloads move to the cloud they generally stay there, and subscription models ensure that spending will continue through the term of the contract and most likely well beyond. For these vendors, cloud spending is an annuity – the gift that keeps on giving.”

38 CXO DX / DECEMBER 2022 » TRENDS & STATS
Worldwide Public Cloud End-User Spending to Reach Nearly $600 Billion in 2023 Inflationary Pressures Creating a Push and Pull Effect for Cloud Spending 2021 2022 2023 Cloud Business Process Servic es (BPaaS) 54,952 60,127 65,145 Cloud Applic ation Infras truc ture Servic es (PaaS) 89,910 110,677136,408 Cloud Applic ation Servic es (SaaS) 146,326 167,107195,208 Cloud Managem ent and Security Servic es 28,489 34,143 41,675 Cloud System Infras truc ture Servic es (IaaS) 90,894 115,740150,254 Desktop-as -a-Servic e (DaaS)2,059 2,5393,104 Total Market 412,632 490,333591,794 BPaaS = business process as a service; IaaS = infrastructure as a service; PaaS = platform as a service; SaaS = software as a service Table 1. Worldwide Public Cloud Services End-User Spending Forecast (Millions of U.S. Dollars) Source: Gartner
(October 2022)

Mix

Linksys Hydra Pro 6E unleashes maximum WiFi speeds and supports more than 55 devices at a time. WiFi 6E extends WiFi 6 to a new dedicated 6 GHz band for no interference, up to 4x faster speeds*, and lower latency..

With massive capacity, easy setup and advanced security, the Hydra Pro 6E is an essential upgrade to any business or home that needs the most reliable, interference-free high-speed WiFi.

Ultra-fast multi-gigabit speed. A 5 Gbps WAN (internet) port unlocks your ISPs multi-gigabit speeds across your home or business for video conferencing, large data transfers and more.

Highest device capacity ever. With 4x** the channels of current WiFi router systems, the 6 GHz band can handle all the traffic from the busiest smart homes or businesses all day, every day.

Tri-band dynamic backhaul. Hydra Pro 6E routers can broadcast on three wireless radio bands simultaneously with a combined WiFi speed of 6.6 Gbps.

More WiFi Channels.

Dynamic Frequency Selection (DFS) provides access to more channels, reducing interference from neighbouring networks.

Industry-leading technology. The Qualcomm™ Networking Pro 810 Platform delivers the ultimate WiFi 6E experiencewith wired-like stability & speed.

Easy setup & control. It’s simple to set up and lets you manage your network or prioritise devices from anywhere, all with the free Linksys app.

Linksys.com **4x more channels on 6GHz band as compared to dual-band router on 2.4 & 5 GHz bands excluding DFS channels, determined using 20MHz channels as a reference.
Model# MR7500 1 router covers homes with up to (up to 280 m 2 / 2 floors). 3-4 bedrooms AXE6600 Accumulated speed up to 6.6 Gbps. True tri - band WiFi 6E Mesh router Hydra Pro 6E
New launch
Unleash the power of WiFi 6E.
multi
& match our mesh solutions. 5 Gb internet port Makes the most of premium ISP’s
- gigabit speeds.

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.