HARNESS THE POWER OF A SECURE, CLOUD-FIRST NETWORK EXPERIENCE
» EDITORIAL
EMBRACING TRANSFORMATION These are times of unprecedented adoption of new technologies. Perhaps we are still only just getting started on the journey. The desirable outcomes for most would be to build resilient, agile organizations that have no ceiling when it comes to reaching out to new markets and customers and with new products that are always pushing the envelope. Indeed, the availability of advanced technologies enable companies to drive efficiencies into their processes. One of them is Digital Twins. As a digital replica of the physical entities, it is useful in several industries to simulate processes and do virtual trials to know the efficacy of any transformation initiatives in advance. It also helps monitor and manage various physical assets in a factory for instance. Similarly, the availability of plug and play low code and no code platforms allow companies to accelerate their digital transformation journeys. Digital Workplace suites with ease of use and automation features are being offered by several leading vendors that can be quite handy for companies with ambitions of digital acceleration. While no code platforms suit companies that may not have any qualified technical resources in house, low code platforms will suit companies that are looking for some customization to enhance the digital experience across their platform. Within the domain of Cybersecurity, in the quest to secure digital transformation, the focus is on solutions that allow for complete visibility across the diverse IT infrastructure and assets in real time and help remediate threats anywhere. The cover story in this issue looks at the approaches of some of the key vendors who are playing their part in reimagining cybersecurity. On that note, at this year’s in-person GISEC edition, the region’s leading expo for cybersecurity, one will get have a snapshot awareness of the trends that are shaping up the domain of cybersecurity. In focus will be issues such as state-sponsored attacks, insider threats, ransomware, malware, DDOS and phishing attacks, as well as the increasing importance of AI, 5G and cloud in cybersecurity.
R. Narayan
......................................................
Pooja Panjwani Assistant Project Manager
Co-Founder & MD
saumyadeep@leapmediallc.com Mob: +971-54-4458401 Sunil Kumar Designer
PUBLISHED BY - Leap Media Solutions LLC
...................................
narayan@leapmediallc.com Mob: +971-55-7802403
SAUMYADEEP HALDER
............................................................
Co-Founder & Editor in Chief
MALLIKA REGO Co-Founder & Director Client Solutions
mallika@leapmediallc.com Mob: +971-50-2489676
...............................................................
RAMAN NARAYAN
...................................
Editor in Chief, CXO DX
Nihal Shetty Webmaster
REGISTERED OFFICE: Office 10, Sharjah Media City | www.cxodx.com MAY 2021 / CXO DX
3
» CONTENTS CIO OUTLOOK
20 » SEAMLESSLY ENABLING THE WORKFORCE
Jayakumar Mohanachandran, Group CIO at Easa Saleh AL Gurg discusses the group’s seamless transition towards enabling employees to work from anywhere.
30 » DIGITAL TRANSFORMATION IS ALL ABOUT TRUST Edwin Weijdema, Global Technologist, Product Strategy, Veeam writes that one of the major trust issues organisations have regarding new technology is whether or not it is secure and if their data will be safe and protected
FEATURE
16 COVER FEATURE
16 » REIMAGINING CYBERSECURITY The evolving threat landscape offers daunting challenges and faced with the need to keep a distributed and remote workforce secure, new approaches to cybersecurity have emerged
20 » DELIVERING COMPREHENSIVE PROTECTION
Mindfire Technologies is one of the key players helping enterprise customers address their need for securing their infrastructure
INSIGHT
26 » EMPOWERING DEVOPS Karthik Krishnaswamy, Director of Product Marketing for NGINX at F5s about Self-service Application delivery
NEWS INSIGHT
28 » WHY THE REGION’S IT TEAMS NEED HELP WITH 11 » CYBERSECURITY CHALCOMPLEXITY LENGES AND OPPORTUNITIES David Noël, regional VP at ApFOR HEALTHCARE INDUSTRY pDynamics points the need for a full-stack observability
Digital Twins can ignite industrial innovation through optimized business processes, value efficiencies and improved staff productivity, says Dr. Tariq Aslam, Head of MEA, AVEVA
REGULARS
14 » ACCELERATING TO THE CLOUD
CXO DX / MAY 2021
34 » DIGITAL TWINS ARE THE SECRET WEAPONS OF MASS TRANSFORMATION
BKrupa Srivatsan, Director of Product Marketing at Infoblox says there is an increased risk of compromise when it comes to IoT
INTERVIEW
4
Three Forces are driving the new Cloud shift writes Andrew Brinded, Senior Vice President EMEA Sales, Nutanix
35 » THE NEED FOR DNS SECURITY IN IOT ENVIRONMENTS
12 » RANSOMWARE RECOVERY COST IN THE UAE IS US $517,961 IN 2021
Joerg Jung, EVP EMEA at Infor, and Amel Gardner, VP and GM, MEA discuss Infor’s focus on the region and the cloud
32 » WHAT’S DRIVING THE ACCELERATED CLOUD ADOPTION?
28
06 » NEWS 36 » TECHSHOW 38 » TRENDS & STATS
» NEWS
VMWARE UNVEILS ANYWHERE WORKSPACE
Among its benefits is the functionality to manage multi-modal employee experience creating stronger, more focused, and more resilient businesses.” VMware Anywhere Workspace empowers today’s anywhere workforce by removing the friction that can exist between IT systems and employees. This creates better experiences and broader, more effective security. All with less cost and operational overhead.
Sanjay Poonen
Chief operating Officer, Customer Operations, VMware VMware announced VMware Anywhere Workspace, a solution designed to help companies deliver better and more secure experiences to their employees no matter where they are in the world. “Work is what you do, not where you do it. As businesses reimagine where and how teams collaborate and innovate, they must do more than transform. They must reform their mindset to create a digital-first culture that puts employee experience first,” said Sanjay Poonen, chief operating officer, customer operations, VMware. “We developed VMware Anywhere Workspace with this new way of working in mind. It will play an important role in
VMware Anywhere Workspace sets the foundation and a vision for how to enable the future of work. It helps customers: • Manage multi-modal employee experience anywhere so employees can work smarter and be more productive. It gives them access to a great user experience and consistent performance on any device, from any location, over any network. Plus, it improves the way in which IT can deliver services to users. • Secure the distributed edge with broader and more effective security. This lets any user access any app from any device. VMware’s Zero Trust approach combines network security to the edge with endpoint security and management. • Automate the workspace so that IT is not only more simple, responsive, and efficient, but more modern too. This lets businesses focus on the outcomes they want instead of the tasks they need to do. All powered by intelligent management of workflows, compliance, and performance.
MOBILITY MEA NAMED IN 2021 GARTNER MAGIC QUADRANT FOR MANAGED MOBILITY SERVICES Becomes only one of the 15 MMS providers globally acknowledged by Gartner
Mobility MEA, a leading systems integrator, enterprise managed mobility service provider and the region’s leading digital transformation partner becomes the first ever company from the MEA region to secure a place in Gartner 2021 Magic Quadrant for Managed Mobility Services (MMS), Global. Mobility MEA is one of the 15 MMS providers globally acknowledged by Gartner and named based on ability to execute and completeness of vision.
Besides UAE, Mobility MEA covers 12 additional countries in the MEA region including Bahrain, Egypt, Jordan, Lebanon, Kenya, Kuwait, Morocco, Nigeria, Oman, Pakistan, Saudi Arabia and South Africa through its network of 16 partners. Moreover, the company manages over 2 million mobile devices across the region, majority of which are in MEA, with a number of customers across Europe and Latin America as well.
“Becoming the first MEA company to be featured in the report is a proud moment for us and achieving such a marvelous feat within just a few years of existence comes as a well-earned acknowledgment for all the innovations and hard work that we have been able to do. We feel truly privileged to be recognised by Gartner and sharing space with top global organizations acknowledged in the report ”, commented Mustafa Rana, Chief Executive Officer of Mobility MEA.
“We believe Gartner’s inclusion of Mobility MEA in the Magic Quadrant for MMS, Global, is a validation of Mobility MEA’s vision of being the top regional organization to deliver consistent, complete range and high-quality managed mobility services solutions to both public and private sector customers with their digital transformation initiatives” stated Rana. “Our vendor and MNO partners have been looking for an organization that can help them both scale and that they can rely on
6
CXO DX / MAY 2021
Mustafa Rana
Chief Executive Officer, Mobility MEA with the knowledge, relationships, and expertise to support their mobile endpoints and employees via an extensive range of Managed Mobility Services portfolio”, he further commented.
» NEWS
DELL TECHNOLOGIES FINALIZES VMWARE SPIN-OFF A commercial agreement will preserve the companies’ approaches to the co-development of critical solutions and alignment on sales and marketing activities Dell Technologies has announced the planned spin-off of its 81% equity ownership interest in VMware . The transaction will result in two standalone companies positioned for growth in the data era. The transaction is expected to close during the fourth quarter of calendar 2021, subject to certain conditions, including receipt of a favorable IRS private letter ruling and an opinion that the transaction will qualify as generally tax-free for Dell Technologies shareholders for U.S. federal income tax purposes. Dell Technologies and VMware will enter into a commercial agreement that will preserve the companies’ unique and differentiated approaches to the co-development of critical solutions and alignment on sales and marketing activities. VMware will continue to use Dell Financial
Services to help its customers finance their digital transformations. “By spinning off VMware, we expect to drive additional growth opportunities for Dell Technologies as well as VMware, and unlock significant value for stakeholders,” said Michael Dell, chairman and chief executive officer, Dell Technologies. “Both companies will remain important partners, providing Dell Technologies with a differentiated advantage in how we bring solutions to customers. At the same time, Dell Technologies will continue to modernize its core infrastructure and PC businesses and embrace new opportunities through an open ecosystem to grow in hybrid and private cloud, edge and telecom.” Upon completion of the spin-off, Michael
Michael Dell
Chairman & CEO, Dell Technologies Dell will remain chairman and chief executive officer of Dell Technologies, as well as chairman of the VMware board. Zane Rowe will remain interim CEO of VMware, and the VMware board of directors will remain unchanged.
MINDWARE SIGNS DISTRIBUTION AGREEMENT WITH ORACLE IN 14 COUNTRIES The distributor will employ a dedicated team of professionals fully certified on Oracle’s technologies It has a very strong Cloud vision and is helping organizations drive forward their digital strategies by developing integrated Cloud technologies, offering both choice and flexibility and making the customer’s transition to Cloud-based IT environments easier.”
Mindware has been appointed a Value-Added Distributor (VAD) for Oracle in 14 countries across the Gulf, Levant and North Africa regions. As per the agreement, Mindware will market and distribute Oracle’s entire portfolio of market leading solutions including databases, applications, storage, servers, and Cloud technologies to empower and accelerate modern businesses. Mindware is a member of Oracle PartnerNetwork (OPN). Providing an insight into the relationship, Philippe Jarre, CEO at Mindware Group said, “As one of the region’s leading value-added distributors, we are constantly looking to bolster our vendor portfolio and provide new and exciting technologies to the market through our channel ecosystem; technologies that advance the digital transformation aspirations of regional enterprises. Oracle is a global tech innovator that has been a leader in database software for
“We are excited about the collaboration and are confident of the rapid uptake of Oracle’s solutions by regional organizations, especially in today’s context where Cloud computing is gaining momentum with the shift to remote working,” he added.
Philippe Jarre
CEO, Mindware Group more than three decades. Oracle has been steadily expanding this leadership to the entire technology stack through relentless product development and strategic acquisitions of best-of-breed technology vendors.
The distributor will employ a dedicated team of professionals fully certified on Oracle’s technologies to ensure that they both practice and preach such extensive knowledge across all of the vendor’s products and solutions. This team will work closely with Oracle to deliver exceptional value to partners and to their end customers. MAY 2021 / CXO DX
7
» NEWS
CISCO APPDYNAMICS EXPANDS SAAS OFFERING
The addition of five new locations brings the total number of AppDynamics global SaaS locations to nine. Cisco AppDynamics, the industry leading Business Observability platform, has announced the expansion of its Softwareas-a-Service (SaaS) offering through five strategic new locations, enabling fast, secure and reliable access to the AppDynamics Business Observability platform. Built on Amazon Web Services (AWS), new locations in Cape Town (South Africa), Hong Kong (China), London (England), São Paulo (Brazil) and Singapore will provide regional customers and partners with access to full-stack observability solutions that are secure, scalable and adhere to their local data residency regulations, enabling companies to deliver a superior digital experience
increasingly high pressures to innovate and scale digital services and migrating to a SaaS approach comes with strong considerations. Challenges with implementing SaaS services due to evolving data residency laws and regulations, as well as latency via cloud services that can exist based on proximity to SaaS locations, are areas of concern when considering a SaaS approach. However, modern CIOs recognize the urgent need for a secure, reliable and scalable SaaS solution to support their rapid digital transformation efforts and meet the ever-increasing user demand for flawless digital experience.
Vipul Shah
Chief Product Officer, AppDynamics
Recent research from Gartner indicates that almost 70 percent of organizations using cloud services today plan to increase their cloud spend in the wake of the disruption caused by COVID-19.
vice president, Gartner. “The ability to use on-demand, scalable cloud models to achieve cost efficiency and business continuity is providing the impetus for organizations to rapidly accelerate their digital business transformation plans.”
“The pandemic validated cloud’s value proposition,” said Sid Nag, research
As technologists lead their company’s response to the pandemic, many are facing
The addition of five new locations offers a solution to enterprises concerned with potential data sovereignty and governance requirements, and provides access for customers all around the globe. With points of presence already in place in Portland (US), Frankfurt (Germany), Mumbai (India) and Sydney (Australia), AppDynamics claims it now has more SaaS support than any other vendor in the market.
STARLINK SIGNS DISTRIBUTION AGREEMENT WITH BMC
BMC aims to help customers power their businesses through software to become Autonomous Digital Enterprises
StarLink, a leading Value-added Distributor (VAD) in the META region, today announced a collaboration with BMC Software, a global leader in software solutions for the Autonomous Digital Enterprise, as a BMC Distribution Partner for BMC IT software solutions and services in the MENA region. Together, both companies have agreed to embark on this expansion journey by capitalising on StarLink’s strengths and expertise – its extensive channel network, a robust customer installed-base across multiple business verticals, mainly Banking, Financial Services, and Insurance (BFSI), government, oil and gas, telecom, and the highly skilled on-the-ground Sales and Technical teams. StarLink undertakes to promote and distribute the entire BMC IT software and services solutions portfolio. BMC aims to become the key strategic partner to customers to help them reinvent and power their businesses through software to become Autonomous Digital Enterprises (ADEs). An ADE is defined by BMC as the future state of business, one which comprises intelligent, interconnected, technology-enabled, value-creating systems that operate with minimal human involvement across every facet of a business and its ecosystem of partners, allowing valuable human resources to focus on innovation.
8
CXO DX / MAY 2021
Nidal Othman, CEO, StarLink said, “It’s high time businesses accelerate their digital transformation journey in its true sense for operational excellence and to remain competitive. With BMC’s unmatched experience in IT Management, we are bringing in a robust range of AI-powered on-prem, cloud and hybrid IT solutions to enable enterprises to become agile and efficient with their service management, automation, and operations.
» NEWS
D-LINK UNVEILS NEW LINEUP OF VIGILANCE SERIES SURVEILLANCE CAMERA SOLUTIONS The vendor wants partners to address the rising regional demand in IP-based Video Surveillance Systems With its recent launch of new surveillance solutions, D-Link Middle East wants its regional channel partners to leverage the growing demand for IP-based video surveillance systems. D-Link has recently released its new lineup of Vigilance Series Surveillance Camera Solutions including a network video recorder and six outdoor surveillance cameras. These solutions are expected to address the growing demand for advanced surveillance solutions. The latest analysis from Emergen Research shows the global video surveillance market is expected to reach USD $86.53 billion by 2027. It reveals that the primary factor driving this growth includes the increase in installation of video surveillance systems in commercial infrastructure, public places and residential areas as they offer enhanced efficiency and convenience for real-time
monitoring. The increased focus on digitalization by customers, reinforced over the past year, has resulted in the rise of AI and ML solutions deployment, which have further increased the demand for video surveillance. Sakkeer Hussain, Director, Sales and Marketing, D-Link Middle East, commented, “The Middle East is one of the fastest growing markets for the video surveillance segment. Over the last couple of years, we have observed a significant demand for IP video surveillance systems from regional government, transportation and commercial offices sectors. Integrating advanced video analytics, AI and ML technologies will be key components for IP video surveillance solutions going forward. This will further drive the regional demand and open new opportunities for channel partners."
Sakkeer Hussain
Director, Sales & Marketing, D-Link, ME “Channel partners must stay on top of the latest trends in this sector and keep an eye out for unique opportunities that they can optimize. Customers will prefer specialized partners with the right technical as well as market knowledge to help them implement and optimize these solutions effectively to manage the explosion of data from their increasingly digital businesses.”
CYBERKNIGHT TO OFFER SASE SOLUTIONS FROM LOOKOUT Solution combines Mobile endpoint security, ZTNA and CASB To address customer challenges related to cloud security including cloud access, discovery, monitoring, data protection, policy enforcement and compliance, CyberKnight has signed a partnership agreement with Lookout, an integrated endpoint-to-cloud security company to distribute its products in Bahrain, Kuwait, Oman, Qatar, Saudi Arabia and the United Arab Emirates. The Lookout Secure Access Service Edge (SASE) solution delivers the market’s leading approach to integrated Mobile Endpoint Security, Zero Trust Network Access (ZTNA), and Cloud Access Security Broker (CASB). Lookout Mobile Endpoint Security Lookout was named a leader for the third year in a row in the 2020 IDC MarketScape for Worldwide Mobile Threat Management Software, and a
to the company’s product portfolio through its March 2021 acquisition of CipherCloud, was named an overall Leader in the KuppingerCole Market Compass: CASB 2021, and positioned as a visionary in the 2020 Magic Quadrant for CASB by Gartner.
Wael Jaber
VP Technology & Services, CyberKnight
representative vendor for the fifth year in a row in the 2021 Gartner Market Guide for Mobile Threat Defense. Lookout CASB, the newest addition
"Undoubtedly, the cloud is an expanding threat vector and organizations of all sizes require a robust security platform to mitigate the risks of data loss and exposure. With Lookout, CyberKnight is now able to offer organizations enterprise-class visibility and protection across their cloud environments. We have joined forces with the industry expert in SASE specifically to eliminate data privacy, security and sovereignty risks that can often derail cloud projects, especially in the Middle East,” commented Wael Jaber, VP Technology & Services, CyberKnight. MAY 2021 / CXO DX
9
» NEWS
RANSOMWARE WAS A MAJOR DISRUPTOR IN 2020 “The State of Email Security” report finds 86% suffered disruption or financial loss due to cyber preparedness shortcomings full 86% of respondents indicated their companies had experienced a business disruption, financial loss or other setback in 2020 due to a lack of cyber preparedness. Respondents identified ransomware as the chief culprit behind these disruptions. Other insights include:
Josh Douglas
Vice President, Threat Intelligence
“The State of Email Security” report from Mimecast shows enterprises faced unprecedented cybersecurity risk in 2020 from increasing attack volume, the pandemic-driven digital transformation of work, and generally deficient cyber preparedness and training. A
• 78% in the UAE indicated they had been impacted by ransomware in 2020, a massive increase from 66% of companies reporting such disruption in last year’s “The State of Email Security” report. • Companies impacted by ransomware lost an average of six working days to system downtime, with 29% of the companies in the UAE saying downtime lasted one week or more. • 43% of ransomware victims paid threat actor ransom demands, but only 44% of those were able to recover their data. More than half (56%) never saw their data again, despite paying the ransom.
SPIRE SOLUTIONS LAUNCHES BIG DATA AND DATA ANALYTICS BUSINESS UNIT The new Busines Unit will forge partnerships with niche vendors specialized in data science, AI, and data monetization The world has moved towards digital economies driven by data and artificial intelligence (AI). Both public and private sector organizations have started relying heavily on the power of data and the intelligence that can be derived from it to transform their service/business and make better decisions. Data is set to grow faster than ever with 1.7 MB of data currently being created every second for every human being on the planet (as per Forbes). It’s estimated there will be 50 billion intelligently connected devices globally in five years, all developed to collect, analyze, and share data. As per Market Research, the Middle East & African AI, Big Data Analytics & Cyber Security Market value was USD 11.78 billion in 2020, and it is expected to reach USD 28.36 billion by 2026. Yet, reliable
10
CXO DX / MAY 2021
Mohieddin Kharnoub
Chief Revenue Officer, Spire Solutions
and scalable data solutions, services, and consultants are far and few in the region. To address this gap and help resolve big
“The ransomware epidemic continues to rage, and the approaches to and results of remediation vary wildly. Many companies are choosing to pay ransoms rather than risking extensive business downtime and expensive consulting fees to conduct self-remediation – but this introduces its own set of risks, including threat actors not holding up their end of the bargain. Paying ransom also makes companies an attractive target for subsequent attacks, since they’ve demonstrated they’re willing to pay,” said Josh Douglas, Vice President of Threat Intelligence. Additional threat trends include: • A 64% YoY increase in threat volume. • An increase in email usage in seven out of 10 companies • 40% of survey respondents noted they saw an increase in email spoofing activity. • In the UAE, 88% said they are concerned about the risks posed by archived conversations from collaboration tools compared to the 71% globally.
data and data analytics challenges, the region’s leading value-added distributor Spire Solutions is launching its Big Data and Data Analytics business unit. The Business Unit will be led by a fully qualified team with over a decade’s experience in the data spectrum and empowered by strong partnerships with niche vendors specialized in data science, AI, and data monetization. Mohieddin Kharnoub, Chief Revenue Officer at Spire Solutions said “We are excited for launching our Big Data and Data Analytics unit which help our customers in their end-to-end data journey. Right from solving complex data engineering scenarios to building modern-day AI-driven analytics solutions, our goal is to make data matter and monetize it.” Spire will soon be announcing its collaboration and strategic alignment with leading data technologies and run a series of awareness sessions for the benefit of business and technology decision-makers across the Middle East & Africa.
» NEWS
CYBERSECURITY CHALLENGES AND OPPORTUNITIES FOR HEALTHCARE INDUSTRY Data breaches and network outages are a real and growing cost for the industry Infoblox has unveiled new research into the cybersecurity and network infrastructure challenges faced by decision-makers in the healthcare industry. One year into the COVID-19 pandemic, the report reveals major challenges this critical industry faced as healthcare IT workers scrambled to secure protected health information (PHI) and the infrastructure against the pandemic’s complex cybersecurity and networking challenges. Based on responses from nearly 800 healthcare IT decision-makers in North America, Latin America, Europe and the Asia-Pacific region, key survey findings include: • Data breaches and network outages are a real and growing cost for the industry: Nearly half (43%) of respondents estimated the costs of data breaches would exceed $2 million and more than one-third (34%) said the same for network outages. • The healthcare Industry is a target: Over half of respondents (52%) suffered a data breach in the past year. • Attackers are focusing on the cloud: Cloud vulnerabilities and misconfigurations, IoT attacks and data manipulation are the most expected cyberthreats the industry faces in the next 12 months, each cited by nearly 20% of respondents. • Cloud networks remain vulnerable:53% of respondents experienced data breaches in cloud networks, the biggest attack vector from the past year. • Knowledge is half the battle: Respondents cited network monitoring (71% of respondents) and threat intelligence (61%) as the most effective mitigation tactics against the threats they faced in 2020.
Anthony James
VP, Product Marketing, Infoblox
ments, raising the stakes for the industry as it adapts cloud-first technologies in response to the shutdown’s remote work mandate.”
The survey also found that financial losses from network outages tend to be only marginally lower than those from data breaches, demonstrating that losses from normal business interruptions can be as damaging as those from hacks. Respondents universally recognized that the costs of prevention were lower than the significant direct and indirect costs of these events (for example, fines, equipment replacement, victim remediation, loss of reputation and customer losses).
“Fortunately, the industry recognizes the need—and value— of prevention when it comes to protecting this critical data and understands that DNS is one of the most cost-effective ways to secure their networks from a variety of malicious threats before they infiltrate the network,” James continued. “BloxOne Threat Defense can securely extend a customer’s network into the cloud and leverages insights from DNS traffic, as well as other threat intelligence feeds and mitigation tools to provide defense-in-depth for on-premises and remote network architectures.”
“The coronavirus pandemic continues to highlight the unique cybersecurity needs of the healthcare industry, even as it has increased the number of threats these organizations face,” said Anthony James, VP of Product Marketing, Infoblox. “PHI is both highly prized by cyber criminals and strictly regulated by govern-
“And as health care organizations continue to transform their workplaces into the cloud, BloxOne DDI can provide foundational cloud-managed network services to enable them to simplify network management and automate critical tasks as best suits the team,” James added. MAY 2021 / CXO DX
11
» NEWS INSIGHT
RANSOMWARE RECOVERY COST IN THE UAE IS US $517,961 IN 2021, SAYS SOPHOS SURVEY Attackers move from larger scale, generic, automated attacks to more targeted attacks “The State of Ransomware 2021,” a global survey from Sophos reveals that the average total cost of recovery from a ransomware attack has more than doubled in a year, increasing from $761,106 in 2020 to $1.85 million in 2021. The average ransom paid is $170,404. The global findings also show that only 8% of organizations managed to get back all of their data after paying a ransom, with 29% getting back no more than half of their data. The survey polled 5,400 IT decision makers in mid-sized organizations in 30 countries across Europe, the Americas, Asia-Pacific and Central Asia, the Middle East, and Africa.While the number of organizations that experienced a ransomware attack fell from 51% of respondents surveyed in 2020 to 37% in 2021, in the UAE, 38% of respondents mentioned a ransomware attack in the last one year, down from 49% in 2020. Globally, fewer organizations suffered data encryption as the result of a significant attack (54% in 2021 compared to 73% in 2020), while in the UAE it dropped to 50%, down from 78% in 2020. The new survey results reveal worrying upward trends, particularly in terms of the impact of a ransomware attack. “The apparent decline in the number of organizations being hit by ransomware is good news, but it is tempered by the fact that this is likely to reflect, at least in part, changes in attacker behaviors,” said Chester Wisniewski, principal research scientist, Sophos. “We’ve seen attackers move from larger scale, generic, automated attacks to more targeted attacks that include human hands-on-keyboard hacking. While the overall number of attacks is lower as a result, our experience shows that the potential for damage from these more advanced and complex targeted attacks is much higher. Such attacks are also harder to recover from, and we see this reflected in the survey in the doubling of overall remediation costs.” The main findings of the State of Ransomware 2021 global survey include: The average cost of remediating a ransomware attack more than doubled in the last 12 months. Globally, remediation costs, including business downtime, lost orders, operational costs, and more, grew from an average of $761,106 in 2020 to $1.85 million in 2021. This means that the average cost of recovering from a ransomware attack is now 10 times the size of the ransom payment, on average. In the UAE, the average cost of remediating a ransomware attack US$517,961in 2021, compared to $696,305 in 2020. Globally, the number of organizations that paid the ransom increased from 26% in 2020 to 32% in 2021, although fewer than one in 10 (8%) managed to get back all of their data. In the Middle East, 28% of the organizations hit by ransomware paid a ransom. More than half (54%) of respondents believe cyberattacks are now too advanced for their IT team to handle on their own
12
CXO DX / MAY 2021
Extortion without encryption is on the rise. A small, but important 7% said that their data was not encrypted, but they were held to ransom anyway, possibly because the attackers had managed to steal their information. In 2020, this figure was 3%. Sophos recommends the following six best practices to help defend against ransomware and related cyberattacks: • Assume you will be hit. Ransomware remains highly prevalent. No sector, country or organization size is immune from the risk. It’s better to be prepared, but not hit, rather than the other way round • Make backups and keep a copy offline. Backups are the main method organizations surveyed used to recover their data after an attack. Opt for the industry standard approach of 3:2:1 (three sets of backups, using two different media, one of which is kept offline) • Deploy layered protection. As more ransomware attacks also involve extortion, it is more important than ever to keep adversaries out in the first place. Use layered protection to block attackers at as many points as possible across an estate • Combine human experts and anti-ransomware technology. The key to stopping ransomware is defense in depth that combines dedicated anti-ransomware technology and human-led threat hunting. If you don’t have the skills in house, look at enlisting the support of a specialist cybersecurity company – Security Operation Centers (SOCs) are now realistic options for organizations of all sizes • Don’t pay the ransom. If you do decide to pay, bear in mind that the adversaries will restore, on average, only two-thirds of your files • Have a malware recovery plan. Organizations that fall victim to an attack often realize they could have avoided significant financial loss and disruption, if they had an incident response plan in place
Advanced Load Balancer for Any Data Center or Cloud
Avi Networks (NSX LAB) Modern Load Balancing and Application Services Comprehensive Application Services Platform With automation across heterogeneous infrastructure
Address: Concord Tower, Dubai Media City PO Box 125997, Dubai, United Arab Emirates
Call: +971 (4) 4549878 Mail: info@MobilityMEA.com Website: mobilitymea.com
» INTERVIEW
ACCELERATING TO THE CLOUD Infor is a global leader in business cloud software specialized by industry. Joerg Jung, Executive Vice President EMEA at Infor, and Amel Gardner, VP and GM, MEA discuss Infor’s focus on the cloud and growth in the region The move to the cloud has been a key driver, for both our existing customers and new customers. The cloud adoption has seen an acceleration because of the pandemic. However, I notice that the Cloud is one of the most mis-used terms in the industry. There are companies like us that perceives themselves to be among the leaders, with multi-tenant, SaaS only focus and then at the other extreme there are providers of single tenant, hosted systems, managed services, which I believe arent a true cloud offering. Everyone calls themselves a cloud provider, making it quite confusing for the customers to decide who has a real cloud offering and who has, what I would refer to as a ‘fake cloud offering’. From that point of view, I see significant acceleration with people wanting a true multi-tenant SaaS solution in the market. As far as I can see, in the markets we serve, we are the only vendor offering only multi-tenant SaaS solution. This makes us successful.
Joerg Jung
Executive Vice President, EMEA, Infor
Discuss the outlook from a global and regional perspective for Infor, especially in the context of the move to the cloud among Businesses? JJ: From an EMEA perspective, we aim to be the leader in the domains of our focus and also the fastest growing. Being the fastest growing cloud company, we want to quintuple our cloud Business in the next five years. To grow our cloud Business five-fold, it means we would need to see a growth of 40% every quarter. I would add that if you can grow at 40%, you can also claim to be the fastest growing. At the moment, things have been looking up for us. We had a fantastic year last year and we continued the momentum forward in the first quarter this year.
14
CXO DX / MAY 2021
AG: In the first quarter of the year, we doubled our cloud booking. Half of the booking came from new customers. We are aiming for double or even triple growth, following the same EMEA trajectory that JJ mentioned about. That is because the timing couldn’t have been better with ERP cloud market growing in double digits and so many industries in the middle of transformation initiatives. The mid-market segment is leading in the market in terms of growth and we believe we will be able to achieve our growth goals. How does Infor offer its Multi-tenant cloud offering and where is it hosted? JJ: We want to be a true cloud provider providing multi-tenant SaaS, a deliberate choice we made a few years ago and we wanted to be industry specific- serving key verticals. We don’t want to be focusing on all industries but in the industries we serve, we want to be the leader. If you want to be a true multi-tenant SaaS provider, then we couldn’t give the option to choose the hyperscaler. I would argue it would be impossible to have a truly multi-tenant SaaS solution if you could choose to run it on any hyperscale provider in the world. In that case, it is just a hosted system, a managed service offering and you are only buying infrastructure, perhaps buying it cheaper because they buy a lot of infrastructure and then resell it to you vis-a-vis if you buy
» INTERVIEW
the infrastructure on your own and don’t have the volume to avail a cheaper pricing. It is a good proposition money wise for customers but it has nothing to do with a real multi-tenant cloud solution. We made a call that it will be just one strategic partner and we chose AWS. AWS is our global partner of choice and we are one of the largest customers of AWS. We have populated our solutions out of AWS data centres around the world and therefore customers have a choice where they would want the solution to be based out of, whether the Middle East, Europe etc. The tricky question for global companies is to decide where to have their cloud hosted. The logical choice would be to choose a location where a majority of your customers are. There are couple of things to demystify. Can we trust the cloud with our data? The question is valid when you are talking of a single tenant cloud and you may be better with having the data on premise but would that be quite safe as well? The most secure solution is a multi-tenant SaaS. As the solution provider, we have no access to the customer data. There are also technologies we can offer, whereby the data is still in your own country whereas the data centre isn’t. This will be an expensive proposition though. AG: From the customers who have chosen the cloud solution with us, they haven’t had an issue with the location of the data hosting. So we have been hosting their data in our datacenter based out of Frankfurt. As we grow in the region, going ahead, there maybe such possible requirements from the government sector for local hosting of data. We are working closely with AWS with respect to their Bahrain data centre. In future, we may look to keep the data closer to the customer, by hosting in Saudi, Bahrain or UAE. Has the pandemic unwittingly driven the cloud adoption or has it impacted customer investments? JJ: It is fair to say that due to covid, there were companies that did not do any investments because they were insecure. So there has been a lot of investments held back from that point of view in the region. Still companies have accelerated the adoption of the cloud because things happened- overnight all projects needed to be done remotely and there wasn’t an option to do otherwise. We had hundreds of projects going live during the pandemic with completely 100% remote managed. This trend is here to stay, will not go away and it will be a hybrid kind of work model in future. Do you continue to have a focus on on-premise focus as well or is the focus entirely towards cloud? JJ: We still have a lot of existing customers running our solution on premise and we will continue to support them for many years to come. For new customers though, it is cloud only option. We will never sell on premise solutions to a new customer because it no longer makes sense. All innovation is happening in the cloud.
Amel Gardner
VP and GM, MEA, Infor
Has the channel been happy with the move to the cloud? JJ: Not all in the channel may have been happy but some of them are for sure. We need to understand, that for many partners, the on-premise model was the major part of their Businessdoing with opportunities for customizations, maintenance, other services etc. Those partners who haven’t made the transition to the cloud will suffer in future. The new world order will encourage partners who embrace the cloud and look at the opportunities that exist. For instance, there are customizations that can still be done in a multi-tenant SaaS solution. You need to still be able to give customers the extensibility, similar to customization and this is an opportunity for the partners focused in the cloud business. In the real-world scenario, 60% customers use solutions out of the box, another 30% is pure customer specific configurations and the remaining 10% is where the extensibility part comes in that is built around the uniqueness of the customer Business. AG: We are having this discussion with our partners at the moment. 50% of our Business is through the channel. So we can only be successful with our objectives for our cloud Business if we are able to bring in our partners. There was a lot of resistance before but post Covid, it has been easier to convince them. They are keen to transform. Customers have moved on and partners need to move with them. We will be on-boarding only partners who have the focus on the cloud. MAY 2021 / CXO DX
15
» COVER FEATURE
REIMAGINING
CYBERSECURITY The ever-evolving threat landscape offers daunting challenges and faced with the need to keep a distributed and remote workforce secure, new approaches to cybersecurity have emerged
T
he pandemic has played a significant hand in driving digital transformation as companies needed to have their workforce working on remote basis at a short notice. As the work from home trend gained momentum, the security issues as well came to the fore. With the cloud adoption that enabled remote working, now showing impressive sustained rates of growth, the traditional network perimeter has dissolved.
While even before the pandemic, the trends were moving steadily towards a borderless network, the pace has quickened in the past year, at the same instance bringing to the fore the need to also adopt new approaches to ensuring cybersecurity. An exponential growth in the total addressable attack surface can only be expected with so many more devices coming online, perhaps with
16
CXO DX / MAY 2021
more vulnerabilities, due to work from home trends, thus allowing more opportunities for cyber criminals. Maher Jadallah, Senior Director - Middle East & North Africa, Tenable says, “The pandemic forced organizations to change working practices to adhere to work from home mandates, in some cases overnight. Employees were allowed to work at home, in some cases using personal devices that may be unsecured. The acceleration of digital transformation and remote work models over the past year has resulted in a surge of cybercrime. Attackers thrive during times of uncertainty and there’s plenty for them to target at the moment. This remote working “hybrid” model is likely to continue for the foreseeable, with some organizations considering this change permanently. The shift to a remote, distributed workforce
has led to a higher volume of critical and confidential information being transmitted electronically. Security leaders must ensure that their strategies are in lockstep with business priorities and can effectively communicate the security program to business asset owners.” It is not a surprise that the “stay at home” working environment has been definitely more prone to cyber risks as, in general, the intrinsic cybersecurity and the users’ level of attention to cyber threats are lower whilst the vulnerabilities and the sources of distractions are definitely higher. The threat surface will only continue to grow and various types of attacks including Phishing and Ransomware will continue to proliferate. Hadi Jaafarawi, Managing Director, Middle East at Qualys says, “In an environment
» COVER FEATURE most significant threats given the potential impact on business organizations and governmental institutions but also private organizations and individuals. Cybercriminals often illicitly obtain user logins and credentials through spearphishing, before taking control and deploying ransomware on their targets by encrypting data or exfiltrating it. Recovering from ransomware is extremely difficult unless comprehensive backups are in place,” adds Hadi. The Insider threat is also not to be underestimated. Hadi elaborates that as we head into a post-pandemic world, there will be a rebalance of the remote workforces with people coming back to the office but the proportion won’t be as prior to the pandemic.
Hadi Jaafarawi
Managing Director, ME, Qualys
where fast 5G connectivity is getting to be the norm and the number of IoT devices is constantly growing, the “stay at home” environment has a greater attack surface with connected objects such as home assistants, smart TVs, connected fridges, automated heating/cooling equipment, baby monitors and home security systems. Hackers with the intention of compromising networks, will look for insecure or misconfigured connected objects to break through, cause damage and steal information.” Furthermore, for parents with young children, it can be quite difficult to balance professional and family needs, resulting in a lot of juggling between the two and consequently less attention being paid to what might be a phishing email or a social engineering call. “Phishing and spearphishing remain the most common methods used by hackers to steal personal information or user credentials in order to gain access to the home and company networks for distributing malicious content. Phishing campaigns perpetrated via email (90+% of the cases) but also through SMS, social media, instant messaging systems etc. are nowadays extremely sophisticated and convincing, often replicating legitimate messages from real and well-known senders. Ransomware has become one of the
“Remote and mobile workforces will continue to exist and in addition to “stay at home” locations there will be “co-working spaces” where the network might not be as secured as in the office but also “shoulder surfing” threat could be encountered by unintentionally exposing sensitive and private information.” Kalle Bjorn, Sr Director, Systems Engineering - Middle East, Fortinet shares similar concerns as he elaborates, “Remote work has become the new paradigm where the current health environment requires employees to complete work-related tasks through remote internet connections. With the new working culture, the cyber threat landscape has become highly unpredictable. Security teams today have been spread increasingly thin, often face multiple threats on multiple fronts. Things like ransomware, sophisticated malware, and phishing attacks are targeting vulnerabilities in the core network, home offices, IoT devices, cloud networks, DevOps environments, and the digital supply chain. But perhaps the most challenging of what threat hunters face are zero day attacks. Because they exploit unknown vulnerabilities or use previously unknown methods, they can be very difficult to detect before it’s too late” For all reasons mentioned earlier, indeed the exploit vulnerabilities have risen in parallel with the rise of remote work. Many sectors including the healthcare industry has seen a significant increase in ransomware attacks.
Maher Jadallah
Senior Director - MiENA, Tenable
Kalle add, “Analysts with Black Book Research are even forecasting such attacks in this sector to triple in 2021. Similarly, FortiGuard Labs’ research suggests that web browsers and IoT devices, in particular, will continue to be popular targets. Attackers have also targeted the technology that facilitates vaccine rollout, scheduling platforms that include personal information.” With the hybrid work model likely to continue in the longer term, companies are likely to continue focusing on enhancing solutions that secure the distributed remote workforce. Abdullrazaq Zahran, Security Engineering Manager - METNA at Vectra AI says, “In the past year, it is obvious that the need for remote working drove digital transformation to support Business continuity. On the other hand, it also created a security gap as well because the attack surface itself is now more scattered and exposed to attackers and attack vectors. This is where the ZTN (zero trust network) approach comes in. Further, the move to work from home looks set to continue and has encouraged the whole world to rethink the way we all work. While the companies have invested to support their employees who are working remotely, it will also encourage them to continue the trend. Going ahead, while MAY 2021 / CXO DX
17
» COVER FEATURE scape is a key challenge for organizations going ahead. There needs to solutions in place that are up to the challenge and can scan threats effectively well in time.
Abdullrazaq Zahran
Security Engineering Manager METNA, Vectra AI
there will be more offerings to support remote workers, there will be also be new offerings on the security front as well to support the ZTN approach.”
Enabling complete visibility
Given the expanded perimeter, organisations should look for solutions that afford complete and live visibility into the entirety of the attack surface — be they IT or OT, traditional on-prem or in the cloud — as the first step toward reducing overall cyber risk. Maher says, “Digital transformation has led to an explosion of new technologies, connected devices and computing platforms. From IT to Cloud to IoT to OT, this complex computing landscape is the modern cyber attack surface. The tools and processes of yesterday — built and designed for the old era of IT when the cyber attack surface was a static laptop, desktop or on-premises server — are being used to solve today’s problems. The digital era requires a new approach to achieve broad visibility across the modern attack surface and provide deep insights to help security teams, executives and boards of directors prioritize and measure cyber risk.” Securing data across a diverse IT land-
18
CXO DX / MAY 2021
“If providing access to data, make sure you have a mechanism to control that access and secure data in transit. As the workforce may not be using company-owned devices, it’s worth investing in an assessment solution that can check the security posture of all devices, regardless of ownership, connecting to the corporate network. Identify any with exploited vulnerabilities and either patch or remediate the risk - this could mean stopping the device connecting until it's been updated,” Maher adds,” adds Maher. For instance, Tenable focuses on Cyber Exposure Management, which is an emerging discipline that helps organizations see, predict and act to address risk across the entire attack surface. Cyber Exposure Management is built on the foundations of risk-based vulnerability management and its best practices introduce a common risk-focused and metric-based language that everyone understands— from security and IT Ops to executive leadership and key stakeholders. Tenable also offers Adaptive Assessment among its various other offerings, providing an active scanning of the network. Tenable is focused on enabling its customers to see every asset and vulnerability across their entire modern attack surface, predict the vulnerabilities that will be leveraged in an attack on the assets that matter to the business and guide our customers on where they need to act to address risk Maher elaborates, “An organization’s attack surface is a complex and interconnected network of IT, cloud, operational technologies (OT), web apps and container assets that constantly changes. Different asset types require different approaches to gain deep insight into security issues. Tenable Adaptive Assessment provides a wide variety of sensor technologies optimized for an organization’s unique environment. Whether it’s active scanning of the IT network, active querying of OT assets or frictionless assessment using third-party telemetry data, security teams can deploy what they need in a single platform for unified visibility.”
As an exhibitor at this year’s GISEC, its experts will be offering demonstrations of its complete Cyber Exposure platform. “From our booth, SS3-D1, our experts will be on hand to discuss what paths attacks typically take, and how organizations can strengthen their defences to deflect them. Another key focus will be how the powerful combination of risk-based vulnerability management and Active Directory security solutions can prevent threat actors from getting a toe-hold in the corporate environment, stopping attacks before they can begin,” says Maher. Solutions that can provide a complete visibility at all times across the entire stack of IT infrastructure from the cloud to the diverse endpoints based wherever are the need of the hour. The Qualys Cloud for instance helps monitor and manage all the IT assets across the entire IT hybrid environment which is made of Multi-Cloud but also of On-premise, Containers, SaaS, Mobility, OT (Operational Technology) etc. Hadi elaborates, “The power of the Qualys Cloud Platform is in its ability to provide Visibility, Prevention, Remediation, Detection and Response capabilities in one natively cloud-based and integrated security and compliance solution. So, it starts with a large set of sensors (e.g. cloud agent, cloud connectors, scanners etc.) able to provide visibility on IT assets throughout the IT hybrid environment and that’s not just from time to time, it’s all the time and in real time.” The Prevention capability allows organizations to identify vulnerabilities, mis-configurations etc. which could be exploited and evaluate the threats via riskbased approach in order to prioritize and apply Remediation through patching or going a step further to DevOps (i.e. shifting left) for ensuring security by design. The Detection and Response capabilities are paramount in order to swiftly detect a breach, understanding the context in which it took place and then enable rapid and effective response by quarantining and sanitizing the concerned IT assets. Along with the Cloud, Qualys also offers its multi-vector EDR solution that now includes integrated anti-malware detection capabilities, providing additional real-time protection against the latest threats.
» COVER FEATURE Hadi says, “For remote workforce, the Endpoint (e.g. laptop, desktop, tablets, smartphone etc.) protection but also malware detection and response are essential to secure company data and minimize risks of getting company systems compromised and related data stolen. EDR (Endpoint Detection and Response) is an emerging technology that addresses the need for continuous monitoring and response to advanced threats.” The new release of Qualys EDR brings together the inevitable convergence of the “shield” Endpoint Protection Products (EPP) with the “sword” Endpoint Detection & Response (EDR) to deliver comprehensive protection against known and unknown threats. Once deployed, the new anti-malware component protects the endpoint against all kinds of malware (such as viruses, spyware and trojans, ransomware), network attacks and phishing. At this year’s GISEC, Qualys will be showcasing its VMDR, EDR, File Integrity Monitoring a well as CyberSecurity Asset Management. Vectra, a leader in network threat detection and response (NDR), offers cloud capabilities to track and link accounts and data in hybrid environments. Its NDR solution can detect and stop threats across the entire network, tying together attacker activities and progression between cloud, hybrid, and on-premise networks. It has also announced a deep product integration with Zscaler Private Access (ZPA) to provide end-to-end access visibility and protection from remote workers to business-critical applications. Abdulrazaq adds, “ZTA approach focuses on continuous monitoring. We give a unified platform with a complete view across the threat surface from one unified view. Vectra AI now offers an extended endpoint detection and response (EDR) native integration support in the Cognito platform. By unifying the NDR and EDR experience in a single UI, users get fast, simple, turnkey integrations that offer comprehensive security coverage across the enterprise, IoT devices, hybrid cloud, and cloud native applications.” Vectra now offers additional support for VMware Carbon Black EDR, VMware
Carbon Black Cloud, Sentinel One Singularity, and FireEye Endpoint Security to its extensive list of native EDR integration partners, including CrowdStrike and Microsoft Defender for Endpoint. The vendor is also an exhibitor at this year’s GISEC.
SASE to the fore
As primarily a network security vendor, Fortinet has been focusing on SASE (secure access service edge), an emerging framework to enable complete network security protection for its users in the cloud. SASE is now seen as a necessary approach to managing security in the era of a distributed workforce and edge computing. SASE is essentially seen as a network framework that combines WAN capabilities with security functions like secure web gateways, cloud access security brokers, firewalls, and zero-trust network access. Kalle says, “First of all, it’s important for us to understand the core definition of SASE—secure access service edge. It’s all about the convergence of networking and security. If you think about what happened during COVID-19, and now post-pandemic, it’s about users working from anywhere and enabling anytime access from any device. And in this case, SASE as a framework makes sense as we talk about cloud-delivered security. By deploying connectivity and security solutions in the cloud, SASE allows organizations to extend firewalls, secure gateways, and zero-trust access—essentially all cybersecurity fundamentals—to any employee seeking remote access to critical resources, regardless of their location or the device they are using. It has rightly been praised for its simplicity, scalability, and ubiquitous protection.” He adds, “One of the core components of SASE, along with cloud-delivered security, is SD-WAN. At the end of the day, SASE’s outcome for the large or mid-market enterprise is to provide consistent security and the best quality of experience. While cloud-delivered security provides that security to users working from anywhere, SD-WAN actually enables that quality of experience. SASE would be incomplete if it doesn’t have SD-WAN as part of the framework. Finally, it’s important to
Kalle Bjorn
Sr Director, Systems Engineering Middle East, Fortinet
Harish Chib
remember that when you look to impleVice President, mentMiddle a SASE you should Eastframework, & Africa, Sophos look for a solution that converges security and networking — not just stitching them together but having a unified policy so it’s easier for them to transform.” This year at GISEC Fortinet is focusing on emphasizing the strength and benefits of the Fortinet Security Fabric and the Fortinet’s Secure SD-WAN solution which integrates all of the security features organizations need to protect their distributed networks. The vendor is also showcasing the FortiEDR, which helps organizations identify and stop breaches in real-time automatically and efficiently, without overwhelming security teams with a slew of false alarms or disrupting business operations The cybersecurity landscape has been disrupted by the pandemic and has encouraged security vendors to reimagine their approaches, from Zero Trust to SASE to EDR and so on to ensure that the solutions they bring to market can combat the evolving threats of the day and of the future. The focus on targeted cybersecurity investments likewise will be a sensible strategy for companies who want to secure their Business from potential cyberattacks. MAY 2021 / CXO DX
19
» CIO OUTLOOK
SEAMLESSLY ENABLING THE WORKFORCE The Easa Saleh Al Gurg Group (ESAG) is one of UAE’s most eminent family businesses with 27 companies in its portfolio. The Group has partnerships with leading brands across wide ranging industry and consumer sectors. Jayakumar Mohanachandran, Group CIO at Easa Saleh AL Gurg group of companies discusses how the group through its pioneering outlook has been able to make a seamless transition towards enabling employees to work from anywhere.
20
CXO DX / MAY 2021
Please discuss the transformation outlook at the Easa Saleh Al Gurg Group for the year. What do you see as the broad objectives? 2020 has been a great reset for all countries, organizations and individuals. This crisis has forced all organizations to start experimenting how to be more nimble, flexible and resilient. As we speak, we are in the process of defining a digital roadmap for ESAG that clearly articulates the transformation which we would like to execute in the coming years with the below focus areas. • drive agility by rethinking the operating model and automating possible workloads • create a roadmap towards emerging technologies that helps to stay resilient in the future • Deliver meaningful data/information to our businesses by having the right analytics strategy How has the remote / hybrid working model challenged the IT team? Has it been a seamless transition for the entire group? As a group, we have always been a pioneer in adopting many technologies and with that the technology landscape what we had before the pandemic has rightly supported us to enable the entire users to work from anywhere within the first day of lockdown itself. This was a very critical activity that was monitored and performed
» CIO OUTLOOK as a part of the larger Business Continuity Plan and the whole process was pretty seamless except for few minor requirements like enabling access to their independent file share, additional bandwidth provisioning etc. that took a couple of days. Do you believe that large companies and a diversified group of companies need to look at multi-cloud as a viable long-term solution for effective transformation? is a multi-tenant architecture preferred such as in a diversified group of companies that can share the resources? This will always be dependent on the organization wide strategy whereas multi-cloud offers any organization the flexibility to manage the workloads in a more cost-effective manner with better agility and bolstered resilience. This will also help an organization to minimize the overall risk thereby avoiding vendor lock-in. The multi-tenant architecture literally makes computing economically and technologically feasible and the cost advantages of multi-tenant tends to be the make-or-break factor that attracts any enterprise towards the multi-tenant architecture. The other crucial driver for multi-tenant architecture is that it enables high levels of scalability which is again a key requirement for any growing enterprise. Discuss how cybersecurity is looked at as a priority investment these days as the attack surface has multiplied especially due to work from home arrangements? I believe the importance of cyber security has become much more relevant with the rise of pandemic as we have witnessed the huge spike in attacks that happened across regions. Without any doubt, this should be the top most priority for any organization right know as we cannot fight multiple battles at the same time. A remote workforce comes with myriad dangers, with employees relying on their home networks – and sometimes their own devices – to complete tasks. And you better hope they have technical skills, because should they experience any technical issues, there’s only so much your IT team can do to help. If you’re among the organizations giving employees that choice, you must take the time to review whether your remote working practices are suitable. You may have escaped unscathed so far, but it only takes one mistake for disaster to strike. A well-defined IT Security Strategy is required for any enterprise that focuses on • Securing workforce in the new ways of working • Securing customer journey through digital shift • Rethinking supply chain and any third-party risk With software like ERP, the move towards cloud versions has accelerated. Do you see this move as necessary for organizations as vendors invest more in cloud model delivery? Again this will also depend on the organization strategy as not everyone will be ready with the workloads that can be managed in this kind of a migration. With the pandemic emphasizing the importance of remote work, software companies will continue to invest on the Cloud platform which will translate into enterprises scouting for right platforms that suits their workloads. It all depends upon the readiness of the organization and their long term strategy can help to define the roadmap towards cloud. To conclude this in a simple language – If not a cloud first approach, atleast a hybrid cloud model will become imperative for enterprises to ensure business resilience going forward.
Jayakumar Mohanachandran
Group CIO, Easa Saleh AL Gurg Group of Companies
" As a group, we have always been a pioneer in adopting many technologies and with that the technology landscape what we had before the pandemic has rightly supported us to enable the entire users to work from anywhere within the first day of lockdown itself " Elaborate on the IT team at the group and the structure to manage the diversified group? We have completely centralized the IT operations and Group IT is well structured to handle all requirements across the organization. The team is mainly divided into Infrastructure, Applications, along with a focus on Enterprise Architecture and Business Partnership roles. Based on our long term strategy, we have also roles that focus on augmenting the IT security and data analytics portfolios. Do you see IT as a Business enabler? Please elaborate. Historically, many companies viewed IT as a cost center or a necessary support function. In these modern times, companies increasingly see IT as a key differentiator that keeps them ahead of the competition and enables their whole organization to achieve business goals and we are no different. In the modern world, the latter perspective is becoming the norm. Transforming IT into a business enabler is a complex task with lots of moving parts, but at its core, there are three fundamental focus areas: • Transforming IT processes and practices • Optimizing operational costs and resources • Managing the legacy applications and create a modernization strategy MAY 2021 / CXO DX
21
» FEATURE
DELIVERING COMPREHENSIVE PROTECTION Mindfire Technologies, a next generation provider of cybersecurity services is one of the key players in the region helping enterprise customers address their need for securing their infrastructure The accelerated pace of digital transformation and cloud adoption, while delivering numerous advantages, has also witnessed the threat landscape expand considerably. And since the pandemic, cybercriminals have also been evolving their methods to infiltrate networks and breach the obvious and the no so visible vulnerabilities. The expansive threat landscape demands a next generation holistic approach to threat hunting and remediation, which is what Mindfire Technologies, a leading cybersecurity services and managed security services company based in UAE, offers its enterprise and mid-market clients. The company combines business intelligence with industry leading cybersecurity frameworks and maturity models to provide a holistic and realistic approach to secure its clients. Jishant Karunakaran, CEO at Mindfire says, “We deliver enterprise-grade cybersecurity services that are comprehensive, customizable, and address the entire security landscape of our customers. Information security is not a problem which can be addressed with a onetime solution or deployment of a product or multiple products. Recent breaches reported in the cybersecurity arena of leading organizations is not due to lack of security product deployment. This shows that it requires a more comprehensive and holistic approach to manage and mitigate cyberthreats. Successful protection requires an always vigilant approach and requires evolving skillsets to keep up with new threats. This is where an established Cybersecurity partner like Mindfire with a team of skilled professionals, who are deeply focused on cybersecurity can add value and make a critical difference.” One of the core focus areas for the company is in offering Managed security services to its clients. Through its specialized managed services, the solution provider takes away any cybersecurity worries that the customer may have about their IT infrastructure and services, allowing them to focus on their core Business. Jishant elaborates, “Businesses who constantly looks for innovation to add value to their bottom line are increasingly realizing the importance of managed security services. The MSSP can manage security process from an off-site location which also allows businesses to focus on their business with minimal intrusion and obstruction due to security initiatives. The managed service provider would maintain a constant line of communication and seamless reporting to business. A capable MSSP like Mindfire can make sure that enterprise IT is always up to date with the status of security
22
CXO DX / MAY 2021
issues, audits, and maintenance.” There are a wide range of security services being offered by MSSPs today and Mindfire is no exception, with its services ranging from full outsourcing of security programs to specialized services that focus on a specific component of the enterprise’s IT security (such as threat monitoring, data protection, management of network security tools, regulatory compliance, or incident response and forensics). Outsourcing the security services to a capable MSSP allows the enterprise Businesses to realize numerous benefits including cost savings and round the clock monitoring to keep threats at bay. “I firmly believe this is a great approach to Cyber Security operations within the region, and quite likely worldwide. Most organisations are looking at outsourcing options, cloud migrations, mobile workforce solutions, and managed security is just happens to be one of those pillars spanning that entire landscape. As a security organisation we assist in this domain with several different methods and have suitable models for customers of all sizes. We provide subscription based managed security services BOT models, outsourcing options, and many more – depending on the customer requirements, we work as an extension of our customers and are always happy to align and discuss this on a case-by-case basis," adds Jishant. Cyber-attacks evolve at an incredibly fast pace, leading to one new threat after another the cost of an attack could be overwhelming for many organizations. Without the proper security tools and resources, keeping up with evolving threats, addressing threats as they arise, and recovering from incidents detected too late can consume substantial resources. Vijay George Stephenson, VP at Mindfire says, “Complex technical landscape requires multi-skilled resources which may not be possible for many businesses due to the sheer variety of skills required. By outsourcing security, enterprises are often able to realize cost savings by eliminating the need to maintain a fully staffed, full-time, on-site IT security department. Many organizations also turn to MSSPs for faster deployment times and improved time-tovalue on security investments. We offer continuous monitoring, 24 hours a day, 7 days a week, and 365 days a year. Choosing to handle enterprise security in-house, without the help of an MSSP, requires a large investment in manpower and technology.” The solution provider deploys SOCs for their clients and this is a
» FEATURE key area of focus. “We’re always looking for opportunities and great partnerships to make this a seamless and uplifting journey for our customers,” adds Vijay.
Focus on AIOPs
AIOPs is another emerging area where Mindfire has strengthened its focus of late. AIOps is short for artificial intelligence for IT operations. It refers to multi-layered technology platforms that automate and enhance IT operations through analytics and machine learning (ML). Jishant says, “With digital transformation AIOPS platform is something becoming essential to business who are constantly innovating and constantly increasing the digital maturity level of business. Mindfire Technologies partners with Centerity to bring the leading AIOPs platform to the GCC. Centerity’s Secure AIOps platform brings technology health, performance, and security together into one unified dashboard to illuminate operational readiness and any risks to critical business services.” The robust collection of IT, security, and application data provide rich context into an enterprise’s operations. Using machine learning and behavioral analytics, the platform addresses performance issues before businesses are impacted. Dynamic service views and role-based dashboards further ensure that the right stakeholders see the relevant data right when they need it. Mindfire’s approach to security is to find the right balance between human intellect and technology automation. As the company’s overarching vision, Mindfire focuses on managed security services from the perspective of the human element by investing in the best talent and security professionals from a broad array of backgrounds and expertise. “We work closely with strategic vendors with deeply rooted Cyber Security genetics. Covering products and solutions including SIEM, SOAR, Threat Intelligence, EDR/XDR and as rightly mentioned AIOps. From an AIOps perspective, the whole idea is to automate some of the more mundane and repetitive task so that security analysts, and SOC engineers alike can put their efforts on more high value tasks,”adds Vijay.
External Threat Intelligence
Mindfire has also a solution for collecting threat intelligence in real time and combating cyber threats with easy to use modular solutions. This solution from BlueLiv helps detect, and thwarts targeted cyberattacks, detecting sophisticated external threats in real-time. Rejeesh Kumar, Program Manager CyberSecurity at Mindfire says, “We help Identify enemies, learn about preferred attack vectors and patterns, and protect your organization from the outside in, by scanning the dark and deep web continuously. BlueLiv is a modular solution so that you can pick a chose which module is required based of the risk profile of the organization. The modules include Dark web monitoring, Credential Retrieval, Hacktivism, Social media, Domain protection etc. The dark web modules, for exam-
Jishant Karunakaran CEO, Mindfire ple, boost your awareness of what’s going on in the underground, observe malicious activities targeting your organization and proactively prevent the next attacks.” Cybersecurity continues to evolve in the remote work from home and cloud dominated era with a need for new approaches. From SASE, EDR to ZTN, there is a reimagining of the approach to securing a borderless network that has no defined perimeter anymore. Mindfire takes into account these realities in consulting their customers to adopt the right solutions. Jishant says, “In the current perimeter-less and ever-evolving infrastructures we help customers to develop zero trust security principles are one of the core areas in the efforts towards securing an organization’s digital assets. Technologies such as PAM/IAM/ IDaas, SASE and the likes are thereby playing a central role in this paradigm shift. With endpoints being constantly on the move with the current remote workforce – EDR and XDR solution providers are an essential part of IT and Security teams. We take these aspects into considerations into all our engagements and tailor consulting efforts with a strong focus on the future landscape.” With a focus on vulnerability management, the solution provider has several solutions on offer and has tie-ups with leading vendors. Vijay says, “We cover several verticals from this space. We provide VAPT services, patch management solutions, Vulnerability assessment services and a lot more. One of our focus vendors in this space is Acronis, and I would encourage readers to visit our MAY 2021 / CXO DX
23
» FEATURE "Without actually giving away our “secret sauce” of our approach, I’d say the thing that’s really unique about us is our persistence and tenacity – we work relentlessly and endless to secure our customers and tailor engagements as a best-fit mechanism for individual customers. The customer needs and specific requirements are our primary concern, we indent on providing the best possible consultancy services in a sustainable and future focused manner simultaneously being mindful and up-to-date with the current landscape and tech innovation. In a nutshell, we’re constantly on the lookout - including geopolitics, financially motivated cyber criminals, and insider threats spawning form accidental or unintentional disclosure breaching the principles of CIA," says Vijay. The strong areas for the company at the moment include cyber security and consulting services, delivering cloud and information technology and its related professional services. Expansion into more cyber security services is on the horizon.
Vijay George Stephenson VP, Mindfire website at www.mindfireit.com to get a better understanding of our services and vendor solution services.”
The outlook ahead
Cybersecurity investments have seen a big leap forward in the region over the recent past and particularly in the past year or so. There is now heightened awareness among companies of all sizes that cybersecurity needs to be a top priority focus in IT investments. And yet, there is a lot of room for improvement, as Jishant opines.
“We’re quite an agile and nimble organisation, always on our toes for prospective opportunities and growth. Quite obviously, our focus is on Cyber Security - Managed Security Services and Consulting. There are plans of expanding our security portfolio to include some other lucrative and interesting offerings, including but not limited to physical security, IOT, AIOPS, ITOPS and ICS/OT security,” says Jishant. As companies in the region pick up momentum with their digital transformation initiatives and the need for better securing their distributed workforce keeps coming up, Mindfire has seen its Business grow at a fairly healthy pace over the year. With projects from diverse verticals including government sector, the solution provider looks set to see a healthy growth rate in the foreseeable future.
He says, “Security budgets or any budgetary discussion for that matter, for senior executive is always challenging. However, considering recent events and accounting for high profile attacks, successful breaches and publicly available information on cyber risks, this transition and discussion point has certainly been considered with a much broader perspective and will continue to be so in the foreseeable future. So, in short, the outlook is very positive. “ Jishant adds, “There’s still room for growth and will take some additional efforts from consultants and solution providers such as us in working hand-in-hand with customers to accurately demonstrate the long term value and ROI of Cyber Security investment but overall it’s been big leap forward compared to the past. Customers are increasingly becoming aware of the importance of onboarding a trusted managed service partner with deep skills and technology backup. This helps our customers focus on their core business without worrying about cybersecurity risks.” As a consultant and a solutions provider, the company has largely benefitted from its excellent track record and word of mouth references from existing customers. The company intends to build on that goodwill as well as making sure that they retain the confidence of their customers.
24
CXO DX / MAY 2021
Rejeesh Kumar Program Manager Cybersecurity, Mindfire
» INSIGHT
EMPOWERING DEVOPS Self-service Application delivery bridges the divide between developer productivity and infrastructure reliability writes Karthik Krishnaswamy, Director of Product Marketing for NGINX at F5 The modern market demands agility, flexibility, and above all speed. The faster you crank out new applications and features the better – and companies are taking note. According to Allied Market Research, the global DevOps market generated $3.36 billion in 2017 and is expected to reach $9.40 billion by 2023. That equates to a CAGR of 18.7% from 2017 to 2023. While the opportunities ahead are vast, so too are the challenges. Infrastructure teams are now facing a new development centric reality in which they must work at the same pace as development teams to deliver the services and policies required across a complex web of data centers, cloud, and virtualized environments – all without getting in the way.
The Infrastructure Bottlenecks that Developers Dread
The rise of virtualization and containerization has helped infrastructure teams achieve more agility, shifting NetOps and SecOps teams left so they can automate infrastructure as part of the application development lifecycle. Still, infrastructure teams continue to be bottlenecks even as DevOps teams reach new heights.
The reality is that infrastructure is still moving too slowly.
Who wants to wait days – let alone weeks or months – to get moving? No one, and especially not developers driven by market expectations to deliver more and as quickly as possible. As a result, these bottlenecks (and how developers seek to avoid them) can pose serious risks not only to the reliability and security of ap-
26
CXO DX / MAY 2021
plications but to the entire organization.
The Shadow IT that Infrastructure Teams Dread
Many DevOps teams seem to be finding that the best path to productivity is using emerging techniques and tools (both open source and proprietary), whether their IT team approves them or not – the “shadow IT” so dreaded by infrastructure teams. For instance, automation tools like Ansible or Terraform make life easier by deploying infrastructure as code. Or maybe a DevOps team starts using a project on GitHub that makes testing or application updates faster and integrates with existing CI/CD tooling. Why do enterprise developers turn to the dark (or at least shadowy) side? It’s because they’re focused on one end goal: releasing code fast. They often lack the context and visibility of the big picture they need in order to recognize the kinds of tool design and implementation weaknesses that can bring down mission critical apps or compromise customer data. That’s the thing about infrastructure – developers may not want to be slowed down by it, but everyone notices when something goes wrong. At the same time, curbing the freedom of developers can impair their ability to move quickly, impacting market competitiveness and revenues. It’s a catch 22 scenario. The market says move faster, but it also says be available, stable, and secure.
Self-Service Empowers DevOps to Run Safely
How can organizations provide develop-
ment teams with the freedom they need while also ensuring that infrastructure teams can do their jobs? Say a company has 30 different development teams working on 50 separate microservices. How do you let them provision services, test and deploy new features, and coordinate security changes on new code without them ending up waiting six weeks to get a green light? That’s where self service comes in. Given their history with DevOps and shadow IT, infrastructure teams might well believe that self service only leads to chaos. When developers are left entirely to their own devices and adopt shadow IT, they sometimes leave a trail of high costs, duplicated effort, inconsistent policies, and incompatible platforms and standards in their wake. In other words, developers are running with scissors. In many organizations, infrastructure teams see it as their responsibility to take away the scissors and make developers walk, and developers end up resenting them for it. To eliminate this friction, infrastructure teams need to adopt a new goal – not to stop developers from running, but to provide different tools that are safe to run with. Infrastructure teams need to offer app delivery and security services that integrate into CI/CD frameworks and work seamlessly with legacy apps and cloud native modern apps. This enables developers to consume infrastructure resources and security policies without ever having to file a ticket.
Three Components Of Self-Service Application Delivery
To provide self service application delivery and security, you need three primary components: a load balancer, a web application firewall (WAF), and a self service portal. All three need to work in concert
» INSIGHT with each other, and be deployed as Infrastructure as Code. Given most developers work on multiple platforms, the components also need to be infrastructure agnostic – deployable across bare metal, virtual machine, and cloud platforms. Infrastructure teams can be heroes instead of villains in the eyes of their DevOps colleagues if they start by providing services and tools that offer top notch developer experiences. Here’s a rundown of the characteristics needed to make these components self serviceable: • Self-Service Component 1: A Lightweight, Software Based Load Balancer. As they roll out new features or deploy new services, application teams need to test code. They may choose to ramp up traffic slowly to the new code (canary testing), test how users react to the new code versus old code (A/B testing), provide zero down time rollover to the new code (blue green deployment), or provide a failover mechanism in case the new code doesn’t work as desired (circuit breaker pattern). All of these testing patterns require a load balancer to direct users and traffic based on the developer’s desired outcome. In a self service environment, application teams configure app specific load balancers themselves in near real time, using a service portal or configuration API instead of filing a ticket with the infrastructure team. No more waiting hours, days, or even weeks to test the efficacy of the new code. The self service load balancer sits in its own dedicated tier behind the primary, network based load balancer. Moreover, each application (or even service or microservice) gets its own dedicated load balancer instance in this tier. This ensures that each configuration change doesn’t need to be regression tested against all other applications. • Self-Service Component 2: An Integrated Web Application Firewall A self service load balancer boosts developer productivity by eliminating processes that slow the release of new code. For the enterprise to minimize risk of exploits in this new code, however, a WAF is needed. But there’s a catch: WAFs are not necessarily easy to configure. In fact, many application teams see WAFs as an impediment they’d rather avoid.
Karthik Krishnaswamy
Director of Product Marketing, NGINX, F5
That’s where an integrated WAF comes in. Just as with the load balancer, enterprises need a lightweight, software based WAF that can sit closer to the app – running near or in the same instance as the software load balancer. Think of each application as a room in a house. A self service load balancer is the door to each of these rooms. The WAF is the lock on that door. In today’s zero trust environment, each door needs its own lock. Enterprises can no longer rely on a single security control for the whole house. The self service WAF is one where security teams can configure each WAF with fine grained security controls that are unobtrusive to the developers’ work. The same CI/CD pipeline and Infrastructure-as-Code automation that enables your canary, A/B, blue green, and circuit breaker patterns can configure necessary security policies to ensure new code is protected against known exploits, denial-of-service attacks, and bot attacks. • Self-Service Component 3: An Application-Centric Portal with RBAC Your lightweight, software based load balancer and WAF perform the heavy
lifting at the data plane. However, to truly operate them in a self service environment you need a way to expose these capabilities via portals and with role based access control (RBAC). This requires additional control and management plane technologies layered atop the data plane. Specifically, a control plane provides additional configuration and orchestration capabilities. This makes your infrastructure self serviceable by enabling new instances of load balancers and WAFs to be spun up and down as needed, as well as being capable of fast configuration changes. All of this needs be exposed via an API so that it can be automated and integrated into CI/CD pipelines. On top of the control plane sits a management plane where you can create your self service portal and enforce RBAC policies. This way specific application teams only see the infrastructure that they have permission to configure. These portals need to be application centric (as opposed to infrastructure centric) so that the teams can focus on the policies, workflow, and traffic management specific to their app. MAY 2021 / CXO DX
27
» INSIGHT
Why the region’s IT teams need help with complexity
David Noël, regional vice president, Southern Europe, Middle East & Africa at AppDynamics writes that as IT complexity accelerates, a full-stack observability will be the answer to resolving it
S
implicity. Polish composer Frédéric Chopin called it "the final achievement". Isaac Newton said it "pleased nature". And Leonardo da Vinci thought of it as "the ultimate sophistication". And while I can’t vouch for if they really did say those things, the sentiments capture our current times perfectly. Here's another one... Steve Jobs (is supposed to have) said "Simple can be harder than complex." Yes, indeed. Technology professionals across the GCC are beset, on all sides, by complexity. When the coronavirus pandemic ran roughshod over our public health and economies, we retreated to our home offices. But keeping those remote working locations connected was vital to business continuity. External immediacies — changing markets, changing lockdown rules, changing business models — could only be simplified as far as “please the customer; equip the employee”. The rest was up to the IT crew. The latest AppDynamics “Agents of Transformation 2021” re-
28
CXO DX / MAY 2021
» INSIGHT port showed that 79% (higher than the global average of 75%) of UAE technology professionals see more complexity in the stack than ever before and 83% (on a par with the global average) describe their job as more complex than it was a year ago. The complexity headache has had significant ramifications for IT teams. 72% of surveyed technologists across the region reported increased levels of conflict with colleagues during 2020 and 90% reported feeling under immense pressure at work. Neither are desirable outcomes.
Drivers of IT complexity Outside the server room, many may think that “IT has always been complicated, so what is the big deal?” But as with other roles, escalation is the important factor. Overnight shifts in priorities and a ballooning schedule of deliverables have led to immense pressure on IT teams. New multi-cloud, hybrid environments have sprung from hasty digital transformation programs. Those networks play host to a slew of consumer devices connecting from as many locations as there are employees. That is complexity writ large. IT must deliver the infrastructure, applications and security that allow employees to function as well as they could at the office and ensure that customers don’t notice that a change has occurred. Back in “IT Central”, technologists must monitor performance and identify issues quickly. But how? The Agents of Transformation 2021 report revealed that 84% (considerably higher than the 78% global average) of UAE IT staff cite this technology sprawl — an expanding patchwork of legacy, hybrid and cloud technologies — as a major contribution to complexity. And then, of course, there is data noise. The scale and speed of transformation has left IT departments drowning in telemetry. Data noise has always been a problem in trying to deliver network performance and security, but in these new environments, things have become rowdier.
IT complexity to persist in post-COVID world None of us are under the illusion that things will return to how we knew it pre-pandemic. Or, if you prefer: this is our new normal. Multi-cloud infrastructure, personal devices, remote working, distance learning — it’s all here to stay. To enable their organizations to stay one step ahead of, or in many cases, to just keep up with, the competition, IT teams must deliver cutting-edge digital capabilities in record time; and they are expected to work first time, every time. So, for IT teams, there is no light at the end of the complexity tunnel. The least we could do is give them a torch so they can feel in control. Let’s start with data noise. How do we cut through it? Well, we give technologists tools that deliver real-time visibility across the entire digital estate — legacy, hybrid, cloud, premises, shadow IT, data — so they can visualize issues and prioritize actions
David Noël
Regional Vice President, Southern Europe, MEA, AppDynamics
and investment to minimize business impact. That is a very powerful torch.
Full-stack observability — the answer to IT complexity Culture changes among IT professionals will also be necessary. New training and approaches, including data-driven decision-making, will be critical. Collaboration is essential. Some 72% of UAE professionals report increased levels of conflict with colleagues during the past year, compared with 63% worldwide. This too must change. This is where full-stack observability comes in. We believe that only through the deepest and broadest views of these new infrastructures can we begin to arm our IT teams with the capabilities to take back control of their IT estates. Around three quarters (76%) of UAE technologists, about the same as the global figure, believe their organization needs to achieve full-stack observability in the next year or risk taking a hit to competitiveness. The same proportion think failure to act will also leave them unable to develop professionally. So, we can see that failure to address complexity does not only impact technologists but the organizations for which they work. Industry-leading digital experiences cannot emanate from platforms that are little understood and barely controlled. That impacts customers, employees and, ultimately, the bottom line. MAY 2021 / CXO DX
29
» INSIGHT
DIGITAL TRANSFORMATION IS ALL ABOUT TRUST Edwin Weijdema, Global Technologist, Product Strategy, Veeam writes that one of the major trust issues organisations have regarding new technology is whether or not it is secure and if their data will be safe and protected
A
s we become more reliant on technology to work, communicate, and be entertained, we are having to place our trust in it more than ever before. When I choose to work from home instead of travelling to the office, I am trusting that my laptop is fully operational, my Internet connection is stable, and that my ability to access the cloud-based applications I need for my work are available. Subconsciously, however, it is natural to worry more about your devices and connectivity breaking down when working from home than it is when you are in the office, with the IT team sat in the same building. This is because putting our faith in technology often requires putting confidence in the unknown. Ultimately, this is what trust is all about. Am I confident enough in someone or something
30
CXO DX / MAY 2021
that I can overcome the uncertainty of the outcome? If you do not trust, you will not take risks or take a step into the unknown, which means you will never change. So, as organisations continue with their Digital Transformation (DX) journeys, how can they ensure that a lack of trust towards technology does not prevent them from taking the necessary risks that come with any attempt to initiate change? In some ways, the process of trusting a piece of technology is very similar to trusting another human. We have a number of mechanisms to draw on. The first is our gut instinct. You often know whether or not you find someone trustworthy within 30 seconds of meeting them. This is also true of technology. Everything from the brand logo to our first interaction with the user interface adds to our perception of whether or not a device, website or communication is trustworthy or not. Various studies suggest that we are more likely to accept phone calls from numbers we recognise. We become suspicious about providing personal information about ourselves when registering for services online, when we would have no hesitation giving the same details to a bank clerk or mortgage advisor. While our instincts are indeed powerful attributes, they can sometimes let us down. In the real world, this might be believing one of our friends when the story they are telling us is really a joke or accidentally driving towards the office on a Sunday because our brains are on autopilot. In the digital sphere, the conse-
» INSIGHT quences of us trusting our instincts or not thinking properly can be clicking on phishing links, compromising personal security information, and accepting fake news as a truth. However, trust is not all about our gut reaction. Trust is earned over time through our own experiences, but also through other peoples’. When you can read up on experiences shared by those other people, who you never have met, you can reduce your uncertainty and posed risk. This way you can take a confident step towards the unknown. This can be referred to as distributed trust. We are more likely to trust a professional decorator with a job in our home if he/she has a high rating and visible track record online where maybe even examples of their work are displayed. This is an example of distributed trust, and the same concept also applies to technology. For example, the majority of people are not early adopters. These are the fastest people to get on board with the latest products available or use new technology concepts before they become mainstream. Technology assists us with reducing the uncertainty by giving access to a huge pile of information. This information is what you can call a trust enabler. The majority of technology users and IT teams prefer to wait and see. Whether it’s buying a new smartphone or migrating data to the public cloud, many of us seek endorsement from people who have tried it first – including our peers, other businesses, independent consultants, and total strangers on the other side of the world. There’s a reason the IT industry has a saying that no one gets fired for hiring certain brands. Those brands have built a visible track record through being reliable, consistent, and delivering a great customer experience. People trust that their products and services will do what they say they will, based on years of success, so perceive their risk of investment to be lower than working with a brand they are less familiar with. One of the major trust issues organisations have regarding new technology is whether or not it is secure. Will their data be safe and protected? They also want to know what happens when things go wrong. What happens if the technology fails? How do we get our services back online and quickly recover our data? So, with DX on the agenda of every business boardroom, CIOs and IT teams need to feel reassured that the technology providers they put their trust in are fit for purpose. According to the Veeam Data Protection Report 2021, over a quarter of business leaders in the Middle East (26% in UAE and 27% in Saudi Arabia) see cyber threats as a challenge to their DX initiatives in the next 12 months. This heightened awareness towards the impact of cybersecurity breaches on their bottom line will weigh heavily on the minds of organisations when choosing their DX partner. Furthermore, organisations are starting to understand that one of the most sure-fire ways for a business to lose trust is for their data to be compromised – whether it is stolen or simply lost. Our research indicates that 50% of business leaders in UAE and 45% in Saudi Arabia think downtime and data loss could negatively impact customer confidence. 40% of respondents in both countries fear damage to brand integrity. Over a third (34%) of UAE organizations think this could result in a loss of employee confidence and 35% of Saudi Arabian enterprises think this could
Edwin Weijdema Global Technologist, Product Strategy, Veeam
" People trust that their products and services will do what they say they will, based on years of success, so perceive their risk of investment to be lower than working with a brand they are less familiar with"
result in reduced stock price. All this shows the inextricable link between data protection and trust. In terms of how successfully organisations in the Middle East are currently protecting data, 27% of all backup jobs and 24% of all restore jobs fail leaving 45% of data potentially unprotected. The issues of data protection and cybersecurity, therefore, pose a threat to DX. It is clear that humans’ relationship with technology, whether they are a customer, a business decision maker, or an employee, is all about trust. So, businesses must turn to trusted technology advisors who can help them ensure that their DX is built on solid foundations, with a data protection that is fit for purpose. MAY 2021 / CXO DX
31
» INSIGHT
Three Forces are driving the new Cloud shift writes Andrew Brinded, Senior Vice President EMEA Sales, Nutanix
C
loud adoption is accelerating during the pandemic as organisations seek to rapidly deploy applications, tools and services that are suited to remote working. But the ways in which clouds are being deployed, and the reasons why, have changed. In this article I want to outline the three reasons why organisations are moving more of their assets to the cloud and what this change in mindset will mean for the ways in which progressive businesses are run.
home working even after the pandemic has ceased to dominate decision-making.
But first, let’s look at the business IT context today. It is evident that cloud has saved businesses by providing a way to keep going through lockdowns. The emerging consensus of wisdom suggests that many, if not most, companies will allow more flexible and
“The proportion of IT spending that is being allocated to cloud will accelerate even further in the aftermath of the COVID-19 crisis, as companies look to improve operational efficiencies,” says Ed Anderson, Distinguished VP Analyst at Gartner. And the
32
CXO DX / MAY 2021
That means that the ongoing transition to cloud continues, often as part of a broader business transformation strategic exercise. The scale of this can’t be overstated. Gartner suggests that 45 percent of spending on infrastructure, applications and business process outsourcing will shift to cloud by 2024.
» INSIGHT number of applications and services that are on premises become fewer and fewer.
Reasons to change But the reasons for cloud deployment are also changing. Cloud initially soared, in part, because the subscription billing model made more sense than the old enterprise software licensing. Capital expenditure was replaced by operating expenditure and companies paid on a utility basis. Financial flexibility was cloud’s trump card and it meant in turn that cloud users could trial ideas at very low cost and very quickly. In many ways, cloud brought the Silicon Valley ethos of “fail fast” into the corporate mainstream. Now, however, things have changed. Companies actually accept that they might end up paying more for cloud over time compared to on-premises IT but accept this as a price worth the outlay. And three factors are driving a second wave of cloud acceptance or what Gartner calls “cloud shift”. These are agility, security and AI: let’s look at them one by one. Agility - In uncertain times, companies need the ability to try things out, change strategy quickly and dial capacity up and down on an ‘as needs’ basis. High-street retailers moving online, restaurants becoming delivery-only providers, face-to-face meetings becoming Zoom calls, complex ‘what if’ scenario modelling for strategic change… all of these are examples of why it’s critical to move fast and only the cloud has that affordable flexibility and capacity. Security - Originally seen as a weak point of cloud, the argument has become reversed. Few organisations can protect themselves as effectively as the cloud providers that run some of the world’s largest datacentres, have visibility into every conceivable incoming threat, can build in processes that detect and monitor suspicious behaviour and can afford to hire squadrons of experts in their fields. All of this means that security has become a cloud positive. AI - Cloud is acting as an on-ramp for companies seeking to try out new things and provides the tools, the elastic compute power and infrastructure to do this. Look, for example, at Google Cloud AI as a way to access pre-packaged solutions, building blocks and developer tools. AI has arguably proceeded more slowly than the hype would suggest but most of us will agree that it is one of the most powerful technologies that can be deployed over the coming years to automate and accelerate decision-making, processes and creation of insights. These three factors are driving more and more cloud adoption, but what sort? I believe that it’s inevitable that companies will run multiple clouds in order to avoid lock-in and to be able to shift workloads, when needed, over time. Using more than one cloud platform will also support disaster recovery, business continuity planning and regulatory compliance. The new focus of attention will move away from individual clouds that will be used for their
Andrew Brinded Senior Vice President EMEA Sales, Nutanix
" Companies actually accept that they might end up paying more for cloud over time compared to on-premises IT but accept this as a price worth the outlay. And three factors are driving a second wave of cloud acceptance or what Gartner calls "cloud shift"
merits on a ‘horses for courses’ basis. Instead, the power base will move towards ‘data planes’ that provide a way for CIOs to manage across APIs and move services dynamically between clouds to maintain optimal business flexibility and operational fluidity. Of course, this won’t happen overnight. These changes will take multiple years and challenges such as application modernisation shouldn’t be underestimated. It’s likely that most established companies will continue to run some operations from their datacentres for a while yet. But the organisations that are already acting and moving to multi-cloud will be the most secure, fast-moving and decisive. And they will be best placed to bounce back first and be prosperous, whatever gets thrown at us in 2021. MAY 2021 / CXO DX
33
» INSIGHT
DIGITAL TWINS ARE THE SECRET WEAPONS OF MASS TRANSFORMATION Digital Twins can ignite industrial innovation through optimized business processes, value efficiencies and improved staff productivity, says Dr. Tariq Aslam, Head of MEA, AVEVA The Covid-19 pandemic has forced businesses everywhere to reassess their priorities and speed up digital transformation. Across sectors, businesses are enhancing their digital capabilities to not only survive, but also thrive in the ‘new normal’. Digital transformation has emerged as the definitive way forward.
In manufacturing, a Digital Twin can track the effectiveness of plants, machines, and other fixed assets on the factory floor in real time. Overlaying the technology with machine learning and IoT capabilities delivers a holistic view of the asset and predicts maintenance requirements well in advance, avoiding unscheduled downtime.
But unless digital solutions are embedded at the very core of the value chain, their transformative capabilities will not fully benefit organizations. When Industry 4.0 technologies such as artificial intelligence, the cloud and the internet of things are deployed concurrently, they can deliver accelerated benefits such as optimized business processes and value efficiencies while improving staff productivity.
When used across a supply chain, the technology can offer end-to-end visibility so producers and customers know at all times exactly where a shipment is, the route it has taken and exactly when it will arrive at its destination.
At the heart of this clutch of technologies sits the Digital Twin. As a live replica of potential and actual physical assets, processes, people, systems and devices, a Digital Twin presents deep data insights, highlights process efficiencies, and accelerates worker automation. Across the industrial sector, companies use Digital Twins in several ways, from trialing new assets and processes to operational improvements and training systems.
The Digital Twin at work IDC estimates that spending on digital transformation will touch $2.3 trillion, by 2023. But to unleash its true potential, digital transformation needs to be executed as a holistic, enterprise-level strategy. And here, a Digital Twin of the Organization can be the vehicle that delivers a transformation plan, syncs up business and operational objectives, and ultimately delivers optimal results.
34
CXO DX / MAY 2021
Similarly, when put to work in mining, a Digital Twin provides visual intelligence across the asset lifecycle. By virtually simulating extraction operations, it can provide readings on asset temperatures, electricity consumption, pump pressure and flow rates, while allowing engineers to remotely model virtual scenarios around blasting, metallurgy, and process control for optimum performance. With a single-window view into their operations, businesses gain functional intelligence that ignites innovation and increases enterprise value in many ways. Predictive analytics results in improved operations and maintenance, generating billions in cost savings, either directly or by avoiding downtime. Moreover, the technology offers the opportunity to model what-if scenarios that comply with safety and regulatory requirements, calibrating the highest-value route to next-generation products or processes.
Four steps to Digital Transformation Using a four-pronged strategy, Digital
Dr. Tariq Aslam
Head of MEA, AVEVA
Twins contextualize new and existing data by into new insights that help enterprises close the loop towards continuous process improvement without the burden of risk 1. Establish a Digital Twin model powered by accurate data feeds to pinpoint asset performance and modify key control points for short- and long-term value. 2. Ascertain how Digital Twin simulations and predictive analytics can improve enterprise-wide value through operations or process improvements and risk control. 3. Draw up a Digital Twin strategy to map out program and project planning for digital transformation. 4. Deploy the Digital Twin to map out connections between current and future developments and determine how the enterprise or project responds to internal or external changes. Gartner estimates that by 2021 Digital Twins will exist for potentially billions of scenarios. Companies that leverage the intelligent master data management of Digital Twin technology will realize the trifecta of business innovation, bottom-line improvements, and stakeholder value for generations to come.
» INSIGHT
THE NEED FOR DNS SECURITY IN IOT ENVIRONMENTS B Krupa Srivatsan, Director of Product Marketing at Infoblox says that the recent WRECK vulnerabilities showed was that there is an increased risk of compromise when it comes to IoT In today’s digital economy, the number of devices connecting to the network is increasing exponentially. According to Gartner, 2020 saw 20.6 billion connected devices with smart cities and connected healthcare topping the list of types of IoT environments. The Internet of Things (IoT) comprises four aspects – the devices or things that are connecting to the Internet, infrastructure needed to actually connect these devices, the data that flows from these devices to backend systems and the analysis done on this data for making better business decisions. IoT devices are often found at the production or “operations edge” of a business, especially when it comes to industrial IoT like smart lighting, smart grid, smart factories and the like. IoT deployments can be complex and several aspects like security and efficient management need to be taken into consideration for success. What the recent WRECK vulnerabilities showed was that there is an increased risk of compromise when it comes to IoT. Earlier this week, it was discovered that more than 100 million connected IoT devices could be potentially at risk from nine newly disclosed DNS vulnerabilities, collectively dubbed as WRECK. The scale of exposure highlights the impact of vulnerabilities in DNS. DNS is the lifeblood of digital connectivity and without it, nothing can get online. It’s the foundation for all networks including IoT devices. For successful security of IoT environments, it is critical for organizations to look at an enterprise grade DNS security solution to protect against DNS-based DDoS attacks, close DNS security gaps such as DNS-data exfiltration and use built-in DNS security to disrupt malware activity and the ability of attackers to infiltrate an organization.
BKrupa Srivatsan
Director of Product Marketing, Infoblox
When it comes to security in IoT deployments, early detection and response is critical because of increased complexity and scale. • IoT increases the attack surface. As more and more of these devices connect and exchange information, the greater the impact of a successful attack. • IoT devices forming botnets are a common concern and have been used in the past to launch high bandwidth DDoS attacks. • Service theft by jamming smart meters with malware to steal electricity is another example of how IoT devices can be misused by bad actors.
cious sites. It effectively stops botnets from forming and launching attacks. It also provides detailed threat investigation tools to get context around threats and take action in minutes, not hours. • As more and more data is exchanged between IoT devices and backend systems, there is a greater risk of data exfiltration. Using advanced behavioral analytics to detect and block DNS based data exfiltration and DNS tunneling, including methods that have well known signatures as well as those that don’t, can significantly reduce the risk of data exfiltration. • In IoT deployments, it is important to implement security tools that work with other existing controls already in place to ensure an integrated approach to detection and remediation, and an integrated DNS security solution can provide that. • DNS is also a common DDoS attack vector and any disruption to the DNS service could mean downtime, which no business wants. Rule based DNS DDoS mitigation integrated into external or internal DNS can minimize the impact of such attacks and keep the service running.
A robust DNS security solution can provide a layer of protection for IP enabled IoT devices and IoT gateways: • By using highly accurate, curated threat intelligence, DNS can proactively detect and block communications from IoT devices to mali-
In general, following good network hygiene, using policy rules to protect against incoming threats and blocking unnecessary external access to IoT devices that don’t need it should be best practice and followed. MAY 2021 / CXO DX
35
» TECHSHOW
SOPHOS XGS SERIES FIREWALL APPLIANCES Sophos unveiled new XGS Series firewall appliances with unrivaled performance and advanced protection against cyberattacks. The new appliances feature industry-best Transport Layer Security (TLS) inspection, including native support for TLS 1.3, that is up to five times faster than other models available on the market today. Sophos Firewall XGS Series desktop and most 1U rackmount appliances are available for immediate purchase exclusively through Sophos’ global channel of partners and managed service providers (MSPs). These models are ideally suited for small, medium and distributed organizations as an all-in-one network security solution with a strong price to performance ratio and diverse add-on connectivity options. Additional models designed for enterprise edge environments requiring maximum throughput for more complex network configurations will be available in the coming weeks. Simplified licensing includes bundled protection with enhanced support
•
•
•
hardware itself further protects customers’ hardware investment. Sophos provides unique and intuitive dashboard visibility of TLS traffic and inspection issues, and security administrators can add exceptions for problematic streams with one click. Performance is also optimized out of the box with an extensive set of rules that are updated and maintained by SophosLabs to exclude safe traffic from inspection. Sophos Firewall XGS Series appliances and firmware are easily managed on the cloud-based Sophos Central platform alongside Sophos’ entire portfolio of next-generation cybersecurity solutions. Solutions share threat intelligence and automatically respond to security incidents through Sophos’ unique synchronized security approach. Integration with Sophos Managed Threat Response (MTR) further boosts protection with human analysis for 24/7 fully managed threat detection and response.
Key Features: •
•
New Xstream flow processors within the appliances automatically accelerate trusted traffic, such as software as a service (SaaS), software-defined wide-area network (SD-WAN) and cloud applications, providing maximum headroom for traffic requiring TLS and deep packet inspection. This greatly reduces latency and improves overall performance for important business applications, particularly those using real-time data. The Xstream flow processors are software programmable, allowing Sophos to offload additional traffic in the future. The flexibility to enhance and adapt connectivity on the
ALCATEL-LUCENT OMNIACCESS STELLAR AP1311 Alcatel-Lucent Enterprise, a leading digital-age networking solutions provider announces the general availability of two new Wi-Fi 6 certified access points: Alcatel-Lucent OmniAccess Stellar AP1311 entry level premium model, and the Alcatel-Lucent OmniAccess Stellar AP1301 entry level base model. These new indoor access points provide powerful WLAN capacity, based on the latest Wi-Fi 6 standard, and can address small and medium-sized enterprise demand for higher bandwidth and connectivity. The Wi-Fi 6 standard (802.11ax) has been developed to
36
CXO DX / MAY 2021
provide higher performance, capacity, and bandwidth, in high-density environments, such as gathering places where many mobile users and IoTs connect simultaneously. Since 2019, Alcatel-Lucent Enterprise has introduced many advanced OmniAccess Stellar Wi-Fi 6 access points and was the first to obtain certification for an outdoor Wi-Fi 6 access point, solidifying its market position as a leading provider of campus and industrial networking solutions. Today, the company is launching two new OmniAccess Stellar Wi-Fi 6 indoor entry-level access points expanding its WLAN portfolio with cost-effective and versatile products that offer a superior user experience, future proof technology for high-density client indoor locations.
» TECHSHOW
VIGILANCE 2 MEGAPIXEL H.265 OUTDOOR BULLET CAMERA DCS-4712E footage. These vigilance cameras are also PoE capable for flexible, simple installation, and management is effortless with the D-ViewCam Video Management Software.
Key Features: • • • • • Featuring a 2, 4, or 8-megapixel progressive CMOS sensor, each vigilance series camera delivers superior quality video and is IP66 weather resistant to sustain any outdoor environment. Wide Dynamic Range ensures that imaging is clear in high contrast lighting conditions, and 3D Noise Reduction allows the camera to capture clearer videos in poor lighting conditions. With a 30M IR illuminator, the camera can see in complete darkness at night time. Additionally, Corridor Mode provides vertically oriented streaming for maximized field of view when users need to monitor areas such as hallways, staircases, tunnels, etc. Users can also block out sensitive areas with the Privacy Mask feature. All cameras support H.264 video compression, as well as H.265 HEVC for optimized bandwidth efficiency. Motion Detection helps to save band-width and makes it easier for users to review
• • • •
1/2.8” 2-megapixel progressive CMOS sensor captures high-quality footage Max Resolution of up to 1920 x 1080 at 30 fps High-quality fixed lens with 2.8 mm focal length Wide Dynamic Range (WDR) image enhancement improves footage quality in high contrast lighting conditions H.265 compression strikes the perfect balance between high image quality and bandwidth efficiency Motion Detection not only saves bandwidth, it also makes reviewing footage much less burdensome Block out or mask sensitive areas with the Privacy Mask Built-in IR LED illuminator with a 30m range for surveillance even in the dead of night All aspects of your camera are easily managed with the free D-ViewCam™ Video Management Software
Key Features •
•
•
The new OmniAccess Stellar AP1311 provides premium features for all type of enterprises, is retro-compatible with previous WLAN standards, and offers robust IoT support with Bluetooth Low Energy and Zigbee radios, a Modbus IIoT (Industrial IoT) port, and a 1GbE port for wired IoT connectivity. The new access point also provides extra high security with a dedicated scanning radio. The new OmniAccess Stellar AP1301 is optimized for standard Wi-Fi 6 functionality, lower power consumption and provides great value for small and medium-sized businesses as they evolve their digital infrastructure. Similarly to all OmniAccess Stellar access points, the OmniAccess Stellar AP1311 and OmniAccess Stellar AP1301, rely on the field-proven, distributed architecture framework with built-in virtual controller capabilities, eliminating the need for expensive centralised controller appliances with
•
their inherent constraints as a single point of failure and traffic bottleneck. The OmniAccess Stellar product line, based on a distributed control architecture provides greater flexibility, resiliency, and scalability for IT departments, and simplifies moves, adds, and changes to the WLAN network.
MAY 2021 / CXO DX
37
» TRENDS & STATS
STUDY SHOWS GLOBAL PUBLIC SECTOR “CLOUD SMART” STRATEGIES VALIDATED BY COVID-19 RESPONSE Nutanix announced the global public sector industry findings of its third annual Enterprise Cloud Index Report, measuring organisations’ plans for adopting private, hybrid and public clouds. The findings point to a concentrated modernisation effort throughout the sector over the past few months, with 70% of respondents saying COVID-19 has caused IT to be viewed more strategically in their organisations. This COVID-19-spurred push is especially notable, given that the public sector has struggled with IT modernisation efforts. Nearly half (48%) of global public sector respondents said their organisations had
no employees working remotely one year ago. However, since the onset of the pandemic, the sector has scaled its number of remote workers, with only 15% and 11% of respondents reporting employing zero remote workers today. In order to effectively support this growing remote workforce, organisations have begun strategically evaluating their cloud models – with more than three-fourths (82%) of global public sector respondents identifying hybrid cloud as the ideal IT operating model for them. Other key findings of this year’s report include: ● Modernisation is dependent on decom-
missioning legacy architectures: In 2019, 53% of global public sector organisations exclusively ran traditional, non-cloud-enabled datacentres. In 2020, that percentage dropped to 22%. Over the next five years, the public sector expects a 20-percentage-point drop in legacy datacentre installations and a substantial 43-point increase in hybrid cloud deployments. ● Working from home remains top-ofmind: 43% of public sector respondents reported a direct increase in their public cloud investments as a direct result of the pandemic – eight points higher than the global average. These moves likely reflect an effort to quickly provide for home working employees, as past restrictions made them less capable of providing work-from-home solutions than other industries. Moreover, most entities in this sector are planning to maintain support for home working. ● Security plays a large factor in deployment decisions: Public sector respondents identified security, privacy and compliance as the number one factor driving their deployment decisions. Similarly, the majority of respondents (59%) identified these same factors as the reason for moving applications back on-premises ● Cost isn’t the primary driver behind infrastructure change: The public sector’s top motives for modifying its IT infrastructures are to gain greater control of IT resource usage (54%) and to gain the flexibility (50%) and speed needed (44%) to meet business requirements.
BUSINESSES IN MENA SHOW RENEWED INTEREST IN IT PROJECTS IT spending in the Middle East and North Africa (MENA) is projected to total $171 billion in 2021, an increase of 4.5% from 2020, according to the latest forecast by Gartner, Inc. “IT projects were either put on hold or canceled in MENA because of COVID-19. In 2021, as the situation in the region improves and businesses understand the true value of a resilient digital ecosystem, IT spending will return to a pre-pandemic growth rate,” said John-David Lovelock, distinguished research vice president at Gartner. “In the first quarter of 2021 projects such as ‘remote work visas’, ‘Smart Dubai 2021’, and other economic policy regulations were launched. These are expected to boost technology investments in the region.” In 2020, IT spending in MENA grew 2.7%, as compared to 2020. Most of the segments experienced flat growth, except for communications services which grew 7.2% last year. This year, enterprise software will experience the highest growth at 14.5%. The increase in number of remote workers will be the
38
CXO DX / MAY 2021
catalyst to this growth. Growth will also return to segments such as data center systems and devices over the next two years. IT spending in MENA will return to pre-pandemic levels and even surpass it over the next two years. “Different economies have reacted differently to the pandemic. Rapid digitalization of MENA, especially the gulf countries, began before the pandemic. While 2020 slowed the growth of IT in the region, the ‘K-shaped’ recovery has begun faster in this region, as compared to Asia and Latin America,” said Mr. Lovelock. CIOs in MENA will increase their spending on servers, applications and infrastructure software in 2021, to support the rapid digitalization efforts. Additionally, the increase in remote workforce will increase spending on mobile devices and remote working technologies such as desktop-as-a-service (DaaS).