» EDITORIAL
MANAGING THE MULTI CLOUD While the move to the multi cloud is accelerating, organizations with legacy infrastructure will be more challenged than those who have more nimble cloud ready infrastructure to start with. For enterprises the more the number of applications running in silos, the more complex it gets to manage the transition to the cloud. For some good reasons too, organizations may prefer to continue running those applications as is and solution consultants may need to find the best way available for those companies to transition them to the cloud and yet be able to keep some workloads on premise as they choose, without a diminished performance on the applications front. The fact is that not all workload and business requirements will be the same and a multicloud deployment helps embrace that diversity. Each workload runs where it performs best, for the lowest cost. Apart from avoiding a vendor lock-in by keeping all their IT workloads in one cloud provider’s basket, a multitude of reasons justify why the multi cloud is the way ahead. One of the primary reasons going in with a multi cloud strategy would be to pick the best cloud service available for a particular requirement and therefore being stuck with one cloud provider wouldn’t give you that option. Further, there is more resilience when your workloads are distributed across different providers and yet interweaved for seamless user experience through multi-cloud orchestration. As the diversity builds up within a multi-cloud environment, the multi-cloud orchestration framework helps provide a single pane of glass via which the different environments and applications are managed. Hence the need for an effective multi-cloud orchestrator. With a powerful cloud orchestration plane that clearly defines best practices and policies, you will always increase the ROI you derive from your cloud deployments.
R. Narayan
......................................................
Pooja Panjwani Assistant Project Manager
Co-Founder & MD
saumyadeep@leapmediallc.com Mob: +971-54-4458401 Sunil Kumar Designer
PUBLISHED BY - Leap Media Solutions LLC
...................................
narayan@leapmediallc.com Mob: +971-55-7802403
SAUMYADEEP HALDER
............................................................
Co-Founder & Editor in Chief
MALLIKA REGO Co-Founder & Director Client Solutions
mallika@leapmediallc.com Mob: +971-50-2489676
...............................................................
RAMAN NARAYAN
...................................
Editor in Chief, CXO DX
Nihal Shetty Webmaster
REGISTERED OFFICE: Office 10, Sharjah Media City | www.cxodx.com SEPTEMBER 2021 / CXO DX
3
» CONTENTS
20 » SECURING EMAILS
Werno Gevers, Regional Manager at Mimecast Middle East discusses how to build resilience in the email system
23 » SECURING THE FRONT Anoop Kumar, Information Security Manager at Al Nisr Publishing elaborates on the challenges that a CISO faces these days
16 COVER FEATURE
16 » NAVIGATING THE TRANSFORMATION Across verticals, organizations are leveraging technologies to evolve their businesses while also fighting the battle to stay safe against cyber attacks.
NEWS INSIGHTS
12 » 70% of automation
initiatives held back by security concerns and data silos
13 » UAE Financial Organisations under pressure to increase security
INTERVIEW
15 » STRATEGIES FOR BETTER PROTECTION Finto Thomas, CISO at Alef Education discusses what it takes to make IT security more comprehensive in the transforming landscape
4
24 » HUNTING DOWN CYBERTHREATS Harish Chib, VP, MEA at Sophos discusses that organizations need a comprehensive, defencein-depth cybersecurity system that emphasizes multiple layers of protection
30 30 » CYBERSECURITY FOR THE HYBRID WORK ERA Ali Sleiman, Regional Technical Director, Middle East & Africa at Infoblox opines that the hybrid workforce needs cybersecurity rollout from day one
COLUMN
26 » THE JOURNEY FROM TECH SIDE PROJECT TO RETURN ON INVESTMENT Dave Russell, VP of Enterprise Strategy at Veeam opines that as an industry we must learn to temper our expectations, and those of our customers, towards the speed of returns from new technology deployments
28 » SECURING DATA THROUGH THE NETWORK TO EMPLOYEES – ANYWHERE Jan Lawford, Head of Security, VMware EMEA VMware EMEA writes that a Zero trust approach helps create a comprehensive ‘security operations centre’, which provides the context and visibility that IT teams need
CXO DX / SEPTEMBER 2021
32 » HOW TO CREATE AN AGILE SUPPLY CHAIN Supply chains must adopt a ”network approach”, connecting all partners to shared processes, managed within a single platform writes Khaled AlShami, Senior Director, Solution Consulting, MEA, Infor
34 » THE SD-WAN OPPORTUNITY Simon Pamplin at Aruba Silver Peak asks if SD-WAN growth Increases opportunity in the channel?
REGULARS
06 » NEWS 36 » TECHSHOW 38 » TRENDS & STATS
» NEWS
89% OF UAE CUSTOMERS ARE DIGITAL CONVERTS TO E-COMMERCE As e-commerce continues to grow, customers are placing greater emphasis on the customer experience Sitecore, a global leader in digital experience management software, announced that 89% of customers in the UAE, and 91% of customers in the Middle East and North Africa, have become digital converts since the pandemic and want to keep buying everything online. The research, conducted by YouGov MENA, surveyed more than 650 IT decision-makers across 12 countries in the Gulf Cooperation Council, the Levant, and Egypt. Boosted by the stay-at-home economy of COVID-19, the Middle East’s e-commerce market reached USD 12.1 billion in 2020, representing 53.8% year-overyear growth, according to a recent report by MarketLine. Electronics and retail accounted for USD 5.2 billion or 42.5% of the total market. As e-commerce continues to grow, customers are placing greater emphasis on the customer experience. Since the pandemic, 90% of UAE IT decision-makers said their customers will navigate away from a site and choose an alternative if they can’t find what they need in just a few clicks. Furthermore, 87% of UAE respondents agreed that their customers have less patience with slow or poorly functioning websites. “With 89 percent of UAE customers and 91 percent of MENA
Mohammed Alkhotani Area Vice President – MEA, Sitecore
customers being digital converts to e-commerce, the region is seeing a rapid transition from bricks and mortar stores to hybrid and e-commerce models,” said Mohammed Alkhotani, Area Vice President – Middle East and Africa, Sitecore. “Millennials and Generation Z customers have quickly shifted their significant spending power online. Pressure will continue to mount on retailers until they can deliver an experience that delights.”
SERVICENOW TO ACQUIRE INDOOR MAPPING AND WAYFINDING COMPANY MAPWIZE Acquisition empowers employees to confidently navigate the workplace with native mobile mapping and wayfinding capabilities for the new world of hybrid work Mapwize, ServiceNow will provide indoor mapping capabilities for employees as they reserve seats, conference rooms, workspaces and workplace resources, as well as navigate offices, from their desktop or mobile devices. Mapwize capabilities will also help workplace teams manage and update floor maps based on usage trends and evolving real-estate needs.
Blake McConnell
SVP, Employee Workflows, ServiceNow ServiceNow, the leading digital workflow company that makes work, work better for people, has signed an agreement to acquire Mapwize, an indoor-mapping and wayfinding company based in Lille, France. With
6
“In the new world of hybrid work, the role of workplace services has never been more critical in creating great employee experiences,” said Blake McConnell, SVP of Employee Workflows at ServiceNow. “With Mapwize, ServiceNow will power the future of employee experiences by making it easier for people to navigate their work environment and access the workspace information and workplace services they need to remain productive.” To support flexible and agile workplaces,
CXO DX / SEPTEMBER 2021
ServiceNow intends to build Mapwize’s capabilities natively into the Now Platform and the Workplace Service Delivery Suite. Mapwize’s mapping solutions, product features and technical talent will complement and enhance ServiceNow’s existing Workplace Service Delivery capabilities, including Workplace Space Mapping, Workplace Reservation Management, Workplace Space Management, Workplace Visitor Management, Case and Knowledge Management and the Safe Workplace Suite. Mapwize was founded in 2014 by CEO Médéric Morel and CTO Mathieu Gerard and is based in Lille, France. ServiceNow expects to complete the acquisition of Mapwize in Q3 2021.
» NEWS
AL AIN FINANCE DEPLOYS HID SOLUTIONS TO SECURE CUSTOMER TRANSACTIONS Authentication Service and HID Approve mobile-based authentication application to offer a secure and seamless Mobile and Online Banking experience to customers HID Global announced that Al Ain Finance has selected its cloud-based HID Authentication Service and HID Approve mobile-based authentication application to offer its customers a secure and seamless online banking experience. Al Ain Finance built its UAE operation from the ground up on a foundation of cloud-native banking software that optimized both its agility and resilience, especially during the global pandemic. As customers increasingly gravitated to digital channels, it became essential to secure customer access and all transactions using multi-factor authentication. As the company took its next step with the addition of digital front-office omnichannelbanking, it turned to HID Global for the vital consumer authentication portion of the solution. Pre-integrated with Al Ain
Finance’s existing banking software, HID Global’s consumer authentication offering was easy to deploy under a tight deadline. It has enabled Al Ain Finance to protect its customer’s data and transactions with maximum flexibility while delivering a seamless online and mobile app-based customer experience. The intuitive HID Approve app combines the security of public key-based cryptography and outof-band transaction signatures that offer the convenience of push notifications. “We can now offer a growing set of banking services through efficient and seamless digital channels with the highest levels of identity assurance,” said Ajith Nayak, Operations Manager with Al Ain Finance. “The HID interface makes enrollment and use easy, secure and effective across many different types of devices, and because the solution was already integrated with our
Ajith Nayak
Operations Manager, Al Ain Finance existing banking software, no customized development was required.” The HID solution has reduced the time and cost of delivering intelligence-based authentication and transaction signing on Al Ain Finance’s existing core banking platform.
VMWARE EXPANDS SAAS INNOVATIONS ON HORIZON PLATFORM Deployment of VMware Horizon desktops shows steep growth VMware Horizon is part of the VMware Workspace ONE platform and many customers are leveraging these solutions to unify management of devices, apps and desktops across multiple clouds. VMware Anywhere Workspace is an integrated solution that enables employees to work from anywhere with more secure, frictionless experiences. It brings together VMware Workspace ONE with VMware Carbon Black Cloud and VMware SASE.
VMware continues to build out its industry-leading virtual desktop infrastructure (VDI) and Desktop-as-a-Service (DaaS) platform and recently announced new capabilities to make it easier for IT to manage Horizon deployments wherever they may be, on-premises or in the cloud. During the first six weeks of the transition to remote work in early 2020, the total number of cloud-deployed VMware Horizon desktops grew by 82 percent. As employees decide if they will return to the office or continue working remotely in some manner, VMware Horizon will continue to play a critical role in how IT supports employees – no matter where they choose to work. “Apps are moving to the cloud and employees are accessing them from everywhere, creating a more complex environment for IT to manage,” said Shankar Iyer, senior vice president and general manager,
Shankar Iyer
SVP & GM, End-User Computing, VMware End-User Computing, VMware. “VMware Horizon is a modern platform built to reduce this complexity, increase management efficiency, and improve employee productivity regardless of whether the desktop and application workloads are on-premises, in the cloud, or a hybrid of both.”
As organizations adopt a hybrid or multicloud architecture with Horizon desktops and apps running on-premises and/or in one or more public or private clouds, the Horizon Control Plane simplifies things. IT teams can deploy, manage and scale virtual desktops and apps across private and public cloud environments using the cloud-hosted Horizon Control Plane. With hybrid delivery and management of virtual apps and desktops, IT teams get the best of both worlds.
SEPTEMBER 2021 / CXO DX
7
» NEWS
SOPHOS ACQUIRES REFACTR TO OPTIMIZE MTR AND XDR WITH SOAR CAPABILITIES The SOAR capabilities will also help automate Sophos’ Adaptive Cybersecurity Ecosystem Sophos has acquired Refactr, which develops and markets a versatile DevSecOps automation platform that bridges the gap between DevOps and cybersecurity. Based in Bellevue, Washington, Refactr launched in 2017 and is privately held. As DevOps and security teams continue to adopt “IT-as-Code” approaches to managing their environments, Refactr’s ability to automate any of these processes enables teams to scale. For example, with Refactr’s platform, DevOps teams can augment existing continuous integration, continuous delivery and continuous deployment (CI/CD) workflows, and cybersecurity teams can leverage the platform’s visual drag and drop builder. Refactr has leading customers in both the private and government/public sectors. Sophos is optimizing Refactr’s DevSec-
Ops automation platform to add Security Orchestration Automation and Response (SOAR) capabilities to its Managed Threat Response (MTR) and Extended Detection and Response (XDR) solutions. The SOAR capabilities will also help automate Sophos’ Adaptive Cybersecurity Ecosystem. “The industry needs SOAR to mature into more capable and generalizable DevSecOps solutions, and Sophos’ acquisition of Refactr will help us lead the way. With Refactr, Sophos will fast track the integration of such advanced SOAR capabilities into our Adaptive Cybersecurity Ecosystem, the basis for our XDR product and MTR service. We will provide a full spectrum of automated playbooks for our customers and partners, from drag-and-drop to fully programmable, along with broad integrations with third-party solutions
Joe Levy
Chief Technology Officer, Sophos through our technology alliances program to work with today’s diverse IT environments, ” said Joe Levy, chief technology officer, Sophos. Sophos will continue to develop and offer Refactr’s platform to their partners and organizations that want to build customized IT and security automations for themselves and for their customers.
NEWLY LAUNCHED CANVAS TO ENABLE PERSONALIZATION FOR ZOHO CRM Canvas delivers functionalities of both general purpose and a vertical CRM each employee, without IT or developer involvement. It helps simplify complex CRM implementations into streamlined and contextual employee-facing experiences. Zoho CRM as well as Canvas are available in Arabic interface with right to left orientation making it easier for Arabic users to customize the interface as per their preference.
Hyther Nizam
President-MEA, Zoho Corp Zoho has announced Canvas for Zoho CRM, a one-of-a-kind design studio for CRM personalization. Canvas enables businesses to create their own CRM interfaces that are better suited to the role of
8
Data and workflow customization can render a CRM system too complex for most employees and personalizing the CRM for each employee’s role involves excessive development effort and cost. As a direct result of this complexity, productivity drops, employees become disengaged, CRM adoption struggles, and ROI can suffer. With Canvas, companies of all sizes can avoid these issues and enjoy the breadth of functionality offered by a general-purpose CRM and the specialized experience offered by a vertical CRM.
CXO DX / SEPTEMBER 2021
With Canvas, Zoho’s customer experience platform continues to focus on building a system of experiences that simplifies the experience economy for brands and every stakeholder. “Many CRM software already offer an abundance of personalization for customer experiences, but the same is not true for employee experiences. As a result, everyone is using the same system and paying the productivity tax for no reason,” said Hyther Nizam, President-MEA, Zoho Corp. “Imagine a reality where the system is tailor-made for each employee’s role. That is true all-around personalization, and that is what we are bringing to market with Canvas. We believe it’s a more natural solution to the challenge of software adoption. Our ultimate aim is for businesses to create enterprise-wide software experiences with consumer-grade simplicity.”
» NEWS
MINDWARE AND EC-COUNCIL SIGN AGREEMENT TO DEVELOP CYBER SECURITY AWARENESS AND SKILLS Training courses will help prepare employees, contractors, temporary workers With digital threats on the rise, Mindware, one of the leading Value-Added Distributors (VADs) in the Middle East and Africa, announced that it had signed a partnership with the International Council of E-Commerce Consultants (EC-Council). EC-Council is the owner and developer of the world-renowned Certified Ethical Hacker (CEH) program as well as multiple other cybersecurity programs. The institution has trained and certified over 200,000 information security professionals globally, that have influenced the cyber security mindset of countless organizations worldwide. As per the agreement, Mindware will leverage the presence of EC-Council to offer cybersecurity certification, education, training, and services in various cybersecurity skills to partners and customers across the Middle East and North Africa (MENA) region. The courses are intended
to prepare employees, contractors, temporary workers, and any additional representatives who perform authorized functions online, by offering the necessary information to defend themselves and secure their organization’s assets from damage or loss. Philippe Jarre, CEO at Mindware says, “As part of Mindware’s growing security practice, we decided to join hands with EC-Council to help partners and customers overcome cyber security challenges through high-quality training and certification. We believe that this initiative will go a long way in developing overall skills in the region and reducing the number of cyber breaches and incidents,” he continues. With the specific needs for the region in mind, Mindware and EC-Council will focus on the following training courses: • Certified Ethical Hacker (CEH)
Philippe Jarre CEO, Mindware
• Certified Network Defender (CND) • Computer Hacking Forensic Investigator (CHFI) • EC-Council’s Certified Incident Handler (ECIH) • Certified SOC Analyst (CSA)
BARRACUDA THREAT REPORT REVEALS RANSOMWARE ATTACK PATTERNS Ransomware attacks saw a 64% increase in attacks, year over year Barracuda, a trusted partner and leading provider of cloud-enabled security solutions, released its third-annual threat research report on Ransomware. The new report looks at Ransomware attack patterns between August 2020 and July 2021. Barracuda researchers identified and analysed 121 ransomware incidents that occurred between August 2020 and July 2021, and saw a 64% increase in attacks, year over year. Cybercriminals are still heavily targeting municipalities, health care, and education, but attacks on other businesses are surging: • Attacks on corporations, such as infrastructure, travel, financial services, and other businesses, made up 57% of all ransomware attacks between August 2020 and July 2021, up from just 18% in our 2020 study. • Infrastructure-related businesses ac-
matically and now the average ransom ask per incident is over 10 million dollars. 8% of the incidents had a ransom ask less than $10 million, and 14% of the incidents had a ransom ask greater than $30 million. • Ransomware attacks are becoming pervasive across the globe. Just under half (44%) of the attacks in the past 12 months hit U.S organizations.
Fleming Shi
CTO, Barracuda count for 10% of all the attacks we studied. In fact, ransomware attacks are quickly evolving to target software supply chains, which reach more businesses in a single attempt. • The ransom amount is increasing dra-
“As cybercriminals are working towards bigger paydays in the future, the security industry needs to continue to create solutions that are easily consumable for companies of all sizes,” said Fleming Shi, CTO at Barracuda. “Attackers often start with small organizations that are connected to the larger targets and then work their way up. All of us in the security industry have an obligation to turn sophisticated technology into products and services that can be easily consumed by customers.”
SEPTEMBER 2021 / CXO DX
9
» NEWS
WSO2 ESTABLISHES MEA OFFICE IN DUBAI Since 2020, WSO2 has seen a 70% increase in its customer base across the MEA region and Africa (MEA) presence with its newly opened office in Dubai, UAE. The company has also appointed Uday Shankar Kizhepat, as the vice president and general manager (VP and GM) for the region to spearhead the organization’s expansion.
Uday Shankar Kizhepat VP & GM, MEA Region, WSO2
Responding to increased demand from enterprises and governments across the region for its open-source, cloud-native solutions, WSO2, the leader in digital transformation technology, today announced the expansion of its Middle East
“As more businesses and governments in the Middle East and Africa engage with consumers and citizens online, we have seen a tremendous increase in demand for our open-source technology to support their digital transformation and deliver modern, secure digital services,” said Dr. Sanjiva Weerawarana, WSO2 founder and CEO. “The addition of Uday and opening of the Dubai office extend our commitment to supporting the digital initiatives of these enterprises across the MEA region.” Since 2020, WSO2 has seen a 70% increase in its customer base across the MEA region. These enterprises join the thousands of organizations, including
hundreds of the world’s largest corporations, top universities, and governments, that rely on WSO2’s open source, cloud native solutions to drive their digital transformation—executing more than 18 trillion transactions annually. Using WSO2 for API management, integration, and customer identity and access management (CIAM), these organizations are harnessing the full power of their APIs to securely deliver their digital services and applications. As the VP and GM of the MEA Region at WSO2, Uday is responsible for overall ownership of regional growth, including go-to-market strategies, investments, and staffing. He brings over 20 years of industry experience in enterprise software sales. As a certified Cloud Practitioner and Digital Change Champion, Uday also has extensive knowledge about leading enterprise-level solutions in the market and their positioning in various verticals.
MANAGEENGINE ENHANCES ZIA, ITS AI ASSISTANT WITH AUGMENTED ANALYTICAL CAPABILITIES Company's analytics plus upgrade drives faster actionable decisions for organizations
as those obtained through advanced analytical and interpretive skills gathered from detailed charts, pivots, and dashboards.
ManageEngine, the enterprise IT management division of Zoho Corporation, today announced that its flagship IT analytics product, Analytics Plus, now enables users to gain faster insights by providing narrative insights into their IT data with zero human interactions. Available immediately, this capability empowers users to make faster decisions and save IT costs, increase revenue and productivity, and improve end-user satisfaction. According to the company's recent 2021 Digital Readiness Survey, 64% of organizations worldwide have increased their use of business analytics to improve decision-making and over 60% to leverage the available data. However, IT service desks continue to rely on database administrators to provide them with reports and dashboards to read, understand, and interpret their IT data. This process takes time and creates dependency on database experts,
10
Rakesh Jayaprakash
Product Manager at ManageEngine
who may not be proficient in the IT department's operational tactics. This often means the generated insights are irrelevant or outdated by the time service desks gain access to it. Furthermore, these reports also might not provide actionable insights, such
CXO DX / SEPTEMBER 2021
"Having worked with the analytics market for over 10 years and in IT for over 19 years, ManageEngine understands the IT analytics market and its demand for a reliable, scalable analytics solution that offers meaningful insights faster," said Rakesh Jayaprakash, product manager at ManageEngine. "To meet these demands, we've enhanced Zia, our AI-bot, to read, interpret and provide actionable insights in the form of digestible narratives. Using this, users can easily understand trends, anomalies, deviations in their data, and get predictions on the future—all just by clicking one button. Accessible from every report and dashboard, these automated insights work behind the scenes to give you instant insights into things that need your attention right away."
» NEWS
VERTIV SIGNS DISTRIBUTION AGREEMENT WITH INGRAM MICRO COVERING MENA REGION Partnership will ensure the demand for data management is met from basic rack solutions to edge solutions Vertiv, a global provider of critical digital infrastructure and continuity solutions, announced a distribution agreement with Ingram Micro, the global technology and supply chain services leader. With this announcement, Ingram Micro has access to Vertiv’s enhanced suite of edge-ready products and award-winning Vertiv Partner Programme (VPP), and is now the gateway to Vertiv’s comprehensive portfolio of IT technologies and services, including Geist rack power distribution units (rPDU), Liebert uninterruptible power supplies (UPS), Liebert rack cooling systems, and dedicated software and services for partners and customers in United Arab Emirates, Saudi Arabia, Oman, Bahrain, Kuwait, Qatar, Yemen, Lebanon, Jordan, Iraq, Afghanistan, Morocco, Tunisia, and Algeria. This distribution agreement will enable customers improved access to industry-lead-
ing support solutions during a time when digitalization, 5G, IoT and other trends are driving growth from enterprise data centers to the network edge. Dr. Ali Baghdadi, SVP & Chief Executive Ingram Micro META Region; and EMEA Cyber Security commented, “We are very pleased to start the distribution of Vertiv solutions. Vertiv is a global provider of critical digital infrastructure offering a wide range of solutions, programs and services to support the important needs of infrastructure that will make it easier for data center operators to create more valuable and sustainable operations.” “The extension of the alliance with Ingram Micro into MENA is very exciting, building on the strong relationship in region,” said Pierre Havenga, Managing Director of Vertiv in Middle East and Africa. “Jointly, we can provide state of the
Dr. Ali Baghdadi
SVP & Chief Executive Ingram Micro META Region and EMEA
art technology and solutions to customers across multiple verticals to ensure the demand for data management is met at the highest standard, from basic rack solutions to edge solutions.”
FORCEPOINT’S NEW PRODUCT CHIEF TO ACCELERATE DATA-FIRST SASE STRATEGY Rees Johnson, an industry veteran joins the company during period of strong double-digit growth in revenue and new customer acquisition Forcepoint, a global leader in data-first cybersecurity, announced Rees Johnson has joined the company as Chief Product Officer (CPO). Johnson will play a critical role as the company continues to deliver its Data-first Secure Access Service Edge (SASE) solutions that enable enterprises and government agencies to protect the lifeblood of their organization – data – anywhere it is accessed. Johnson will oversee the company’s entire product portfolio, including leadership and management of all product development, innovation and strategic integration efforts. As CPO, he will focus on continuous customer value-creation through the industry’s only data-first SASE offering, delivering unified secure access and data protection that spans on-premises, hybrid and cloud.
the leadership team of the three largest information security acquisitions in the market including McAfee by Intel for $7B, Bluecoat by Symantec for $4.6B and Symantec by Broadcom for $10B. Johnson joins Forcepoint from Symantec, where he was senior vice president of product management for the company’s Enterprise Division.
Rees Johnson
Chief Product Officer, Forcepoint A security technology veteran, Johnson brings more than 20 years of product management experience in network security, cloud security and SaaS migration strategy to Forcepoint. He has the unique distinction of having served on
“The future of network security is absolutely SASE and to lead with data is paramount. Forcepoint’s data-first SASE strategy is the way forward for organizations today. Forcepoint has a rich and proven history of data security leadership including nine times placement in the leader quadrant by the industry’s most recognized analyst firm,” said Johnson.
SEPTEMBER 2021 / CXO DX
11
» NEWS INSIGHT
70% OF AUTOMATION INITIATIVES HELD BACK BY SECURITY CONCERNS AND DATA SILOS Almost 9 out of 10 organizations agree that IT and business alignment has improved in the last 12 months driving faster innovation, together
M
uleSoft, a leading integration and API platform provider, reported that 70% of automation initiatives are being hindered by security concerns and data silos, as organizations increasingly look to automation to improve efficiency and productivity. However, MuleSoft’s IT and Business Alignment Barometer also revealed opportunities for companies to overcome these challenges and enable faster innovation across their organizations. IT and business teams working closely together can shrink or even eliminate organization silos, significantly reducing time to market. Brent Hayward, CEO, MuleSo said, “Delivering innovation fast requires reusable, secure assets the business can self-serve to quickly launch new digital experiences, products and services. As IT and business teams drive automation initiatives forward, empowering more people - developers and non-developers alike - to connect data and apps in a secure, yet frictionless way will be key to organizations' future success.” Based on a global study of 2,400 IT decision makers (ITDMs) and business decision makers (BDMs), the MuleSoft IT and Business Alignment Barometer also highlights organizations’ business priorities and challenges over the next 12 months:
Digital imperatives increase automation adoption
In an all-digital, work-from-anywhere world, automation has become a rising focus for many organizations to drive convenience, speed, and cost reductions. Organizations report that: • Operational efficiency is top of mind for businesses: Improving operational ef-
12
ficiency (54%), creating better connected customer experiences (50%), improving productivity (49%), becoming more agile for change (48%), and becoming more data-driven (45%) are organizations’ top five business priorities. • There’s automation everywhere: 95% of organizations have implemented or are in the process of implementing automation initiatives. • IT leads automation initiatives: Just over two-thirds (67%) of organizations say their automation initiatives are IT-led (i.e., driven by the IT department and the technology that is available).
Security concerns and data silos slow down business priorities
Security and governance, along with data distributed across multiple apps and platforms, continue to pose a challenge to automation initiatives, and hinder innovation. • Security concerns slowing down the pace of innovation: The majority (87%) of IT and business leaders say that security and governance concerns are slowing down the pace of innovation. • Disparate systems cause security headaches: Almost three quarters (73%) of organizations say the integration of disparate systems has increased their concerns around data security and governance – 31% say it had ‘significantly’ increased concerns. • Organizations still wary of empowering non-technical users: Most organizations recognize the need to empower business teams to help take the operational strain off IT. However, the majority remain wary about the security implications; 87% admitted security concerns were holding them back at least to some degree from empowering non-technical users to integrate data sources.
CXO DX / SEPTEMBER 2021
Brent Hayward CEO, MuleSoft
Collaborative innovation model for IT and business drives agility
IT teams can focus on producing secure and governed reusable assets, and empower business teams to integrate and self-serve these IT-approved assets to deliver innovation faster. • COVID-19 has sparked a new focus on business agility: More than three quarters (78%) of organizations say improving business agility to remain competitive will be extremely important in the future.. • IT increasingly drives business outcomes: The majority (88%) of business and IT leaders agree that IT has become even more important in driving business outcomes in the last 12 months. • Value of integration is recognized by the business: Almost nine in 10 (87%) BDMs feel that improved integration will help them meet their business objectives – 39% say it would help them “a lot.” • Drive agility by empowering business users to create connected experiences: The vast majority (86%) of organizations agree business outcomes would improve if business users were able to use low or no code to securely connect apps and data on their own to create connected experiences.
» NEWS INSIGHT
UAE FINANCIAL ORGANISATIONS UNDER PRESSURE TO INCREASE SECURITY Banks and FSIs come under pressure from government, shareholders, employees and customers as security risks increase during the pandemic 82 percent of IT decision makers working in banks and financial service institutions (FSIs) in the United Arab Emirates are under pressure to level up their security protocols, according to new research from Citrix. This comes as 72 percent see IT security risks in the industry increasing since the start of the COVID-19 pandemic. Employees are most likely to be pressurising their organisation to increase security, with 67 percent of IT pros reporting pressure from this group, followed by customers (48%), then government (45%), and shareholders (31%). Perhaps in response to these demands, 66 percent of respondents report that security has become a top priority in their organisation over the past 18 months. They join the further 31 percent who report that it has been a top priority “for years”. “It is no surprise that security has become an even greater priority since the pandemic began,” says Amir Sohrabi, Area Vice President for Emerging Markets at Citrix. “As remote work became ubiquitous overnight, and employees were more likely to be distracted by personal and professional stressors, cyberattacks have increased across the globe. This research highlights that both internal and external stakeholders have recognised the challenges, which are especially pertinent in a sector like finance.”
Technology maturity, namely Zero Trust and digital workspace, is driving confidence
However, despite the increase in cyber-attacks and the changing demands and pressures upon them; 95 percent of IT decision makers claim they are comfortable with their IT security provisions, with 25 percent of those saying they are “very comfortable”. 86 percent also believe that the IT security teams in their organisations have “all the skills necessary” to handle today’s challenges. This confidence may come, at least in part, from the fact that many organisations are replacing their traditional VPN solutions with Zero Trust, cloud-based services. 46 percent of respondents have already implemented this, with another 49 percent planning to do so in the next 12 months. A further six percent plan to follow suit in the longer term. The biggest drivers behind this decision are improving end user experience (42%), having an agile and secure remote work strategy (39%), consolidating multiple point products (36%) and more on-premises solution to the cloud (35%). In addition, 90 percent of IT decision makers report that they are satisfied with the digital workspace solutions their organisation has used to support remote work, over the past 18 months. 54 percent of respondents implemented these digital workspace solutions in response to the mandate to work from home in March
Amir Sohrabi
Area Vice President, Emerging Markets at Citrix 2020, while a further 42 percent already had them in place prior to the pandemic. The remaining 4 percent plan to provide their teams with digital workspace solutions in the future. Of the other technologies that organisations have in place to support remote working, the most popular are virtual desktops and apps (67%), video conferencing / streaming (62%), and emails (57%).
Skills and training gaps present potential vulnerabilities
Whilst the majority of IT decision makers feel they have the right teams in place to support their organisations’ current security posture, there may be challenges on the horizon. 87 percent of respondents admit that they will need to hire externally to get the right skills in the future, and 87 percent feel that at some point, IT security teams in their organisation “will need to be entirely reskilled”. Additionally, the research uncovers some gaps in wider security training for employees of banks and FSIs. 31 percent of respondents say that security training for all employees at their organisation is provided less than once a year, with 1% admitting it is provided every six years or less. “The challenges caused by the pandemic and the pressures put on IT decision makers by key stakeholder groups, have led to security soaring up the priority list for many financial organisations,” comments Amir Sohrabi. “The last 18 months have clearly been a time of great change, with new technologies being implemented, so it’s highly encouraging to see most IT managers in this sector adapt and accelerate, to ensure they have the correct security posture in place.” SEPTEMBER 2021 / CXO DX
13
» INTERVIEW
STRATEGIES FOR BETTER PROTECTION Finto Thomas, CISO at Alef Education discusses what it takes to make IT security more comprehensive in the transforming landscape Has the role of the CISO become more challenging in the context of the enhanced threat landscape? Today's threat landscape is changing by the day and the total surface area under threat is more than ever before, which makes the IT security team’s effort more challenging. Translating those risk into business terms to establish the value and return of investment on cybersecurity will be challenging for cybersecurity leaders. To make it a success, we need an organizational culture that treats security as a top priority. Cyber security leaders also need to put effort into awareness building and get a knowledgeable sponsor to support the reasonable demands of the cybersecurity team in the board and senior leadership meets. Everyone likes the "changes in life" but within the organization itself, we tend to strictly control the changes and people's adoption of any new changes will be time-consuming. What do you look for in a security vendor - would you go with point solutions or would you look at fewer vendors that can give your more solutions, so you have to manage only a few vendors? The fundamental security way is to opt for a multilayered approach that guarantees better protection and helps to catch the suspect at some gates (safeguards controls) but instead, we use the same type of detection methods everywhere. A multilayered approach with varied detection approaches can help hunt down threats better. From an "IT service delivery" (ITSM) perspective we would like to centralize and simplify the process and tools to ease the operations and support. We have to find the fine balance between both security and operational effectiveness that meet both requirements. Based on Organization risk appetite level security leaders need to find the balance. Do all organizations require a SOC to ensure they are on top of their security challenges and measures? Security detection and incident management are required for any IT-related organizations to protect their data or customer data in the new era. SOC as a dedicated team and tools set is a required skilled resources and cost. Based on the nature of the organization’s work and in-house capability, it can be offloaded and outsourced from third party providers or built in-house. As the company grow, the SOC coverage and effort will increase and it is
14
CXO DX / SEPTEMBER 2021
Finto Thomas
CISO, Alef Education
the responsibility of the security leader to take a call on building a SOC inhouse which will incur huge costs and effort or partner with skilled service providers. The availability of skilled people in-house also needs to be factored in this decision. Do you see SASE, XDR and Zero Trust, and other trends possibly redefining cybersecurity? Security leaders need to adopt SASE, XDR, Zero trust approaches into their security architecture. This can start with policies and procedures and adopt tools to support as required. Zerotrust principle seems to be adopted by most organizations and extended to other areas as required like DevSecOps with the "shift left" principle. Without proper operations and governance, tools alone may become a waste of money, hence to get the return of value we need to build the policies and procedures with stakeholder's confidence which is very crucial for those adoptions.
17-21
OCT 2021
DUBAI WORLD TRADE CENTRE
G I T E X . C O M
17-20 OCT 2021
# G I T E X 2 0 2 1
WHERE BUSINESS, INNOVATION, AND THE FUTURE WILL BE DECIDED 140 COUNTRIES PRESENTING THEIR TECHNOLOGIES, MAKE SURE YOU’RE THERE TOO SECURE YOUR SPACE NOW: marketing@gitex.com Platinum Sponsor
Gold Sponsor
Supporting Sponsor Xlabs
Bronze Sponsor
VIP Majlis Sponsor
Conference Sponsor
Supported by
Headline Sponsor Xlabs
Headline Sponsor Xlabs
Organised By
» COVER FEATURE
NAVIGATING THE TRANSFORMATION
Across verticals, organizations are leveraging digital technologies to evolve their businesses while also fighting the battle to stay safe against cyber attacks
I
n the past couple of years, the upheavals in Technology investments have been quite significant. The driving factors have been several including availability and maturing of many digital technologies such as AI, the acceleration towards mobile apps, the traction in the cloud adoption and so on. These diverse factors have enabled and challenged organizations to keep pace with what is best for them in their respective industries.
Offering an industry perspective, Sumith Poolappan, Head – IT Operations, Strategy & Governance, Flydubai says, “Airlines are predominantly looking at AI to improve revenue, improve operational efficiencies and enhance customer experience. In the aviation sector Revenue Management systems are increasingly using AI to enhance their effectiveness. Forecasting models will be heavily reliant on AI in the future.”
Organizations across the spectrum of verticals, from education to healthcare to Airlines have sought to leverage the new capabilities that these new technologies promise. The constraints unleased by the pandemic enforced lockdowns have only enhanced the need to embrace these new technologies sooner than later. Organizations have been turning to these new technologies to ensure that they are able to not only streamline their operations but also enhance their competencies in their domains, in turn radically improving services delivered to their users.
He elaborates on the implications across other functions including customer experience and operations.
AI in the mix
Role of AI has been in the ascendant in terms of use case scenarios across industries. AI as an enabler has manifold ramifications across many processes, from chatbots to critical Business insights from unstructured data.
16
CXO DX / SEPTEMBER 2021
“On the customer front, you see a lot of successful implementations of AI in the self-check-in space on the airports side. The pandemic has only accelerated this trend. You also see smart chatbots and conversational AI being deployed on apps and in the call centers. These enhance customer experience by giving a seamless near real time experience to customers who are increasingly used to intelligent assistants in their own personal space thanks to Alexa, Cortana and Siri.” On the operation front, he adds that AI is beginning to find mainstream adoption for maintenance of aircraft engines and in other engineering areas.
» COVER FEATURE “AI lends itself well to this where there is abundant data and clear precise operational and maintenance parameters. Another area is in flight planning, scheduling and disruption handling where AI is especially well equipped to assist humans and automate a lot of processes that are traditionally laborious, time consuming or prone to error.” And finally, AI has a significant role to play in cost savings. “AI is increasing finding it’s foot hold in the areas of fuel management. I expect to see AI deployed in areas like catering and meals management where traditional forecast and operating models are coming up short,” he adds. In the healthcare sector, the value of AI’s intervention cannot be underestimated. There is vast possibility for enhancing patient care and streamlining several processes that can save time, a critical factor in the sector. Mustansir Aziz, a senior IT leader from the healthcare industry says, “Artificial intelligence is one of the technologies that is used in building smart machines capable of performing tasks that typically would require human intelligence. As the technology matures, the clinical applications of AI would be beneficial in many ways such as affordable healthcare, improved success rates, efficient clinical trials, and a better quality of life. With this in mind the healthcare sector across the globe and even so more in UAE with the support of the leadership is seeing its adoption in quick time. Many health applications are now available that can be easily integrated in the existing workflow of the healthcare facility to see immediate increase in its efficiency and productivity. Some of the AI deployments happening in the region are in Clinical diagnosis, AI assisted robotic surgeries where utilization of AI compliments the surgeon’s skills. Robotic Pharmacies are also being deployed. Artificial intelligence in the healthcare sector will empower patients to become more involved in healthcare decision-making and improved reasoning of the treatments to some extent.” In the education sector, AI has an equally vital role to play and the potentialities will only increase over time. Joseph Aninas, Director of Information and Technology at Abu Dhabi University says, “AI in the university is a course on its own, the is taught to the students. ADU uses AI on chatbot too. My vision is AI for education is to have a platform that incorporates the student journey. AI should guide students towards their success, such as guiding them on their academic progress, analyzing their learning habits and suggesting a learning curve suitable for individuals students based on their learning capacity; it should act similar to an academic advisor. There is a broad application of AI in education but I reckon a platform that would add value to student success is what we need today as the younger generation is primarily driven by the information provided to them.”
The Cloud is gaining
A multi-cloud strategy now seems inevitable for companies ramping up their cloud-based deployments.
Sumith Poolappan
Head – IT Operations, Strategy & Governance, Flydubai
However, challenges remain in organization as to the trust factor with critical data in the cloud is still something not everyone is comfortable with. They would rather prefer a hybrid model. Joseph says, “Managing people expectations in the organization is one of the key challenges when it come to the cloud. Adapting to the cloud is the need of the hour but there could be resistance from the stakeholders as they may be anxious about the unknown in the context of the cloud.” In the healthcare sector, traditionally there has been a circumspect approach to cloud deployments, especially in view of the sensitivity of patient data but that is being addressed quite expertly. The advantages cloud deployed model offers healthcare systems are numerous. Mustansir says, “Cloud computing is one of the leading trends in digital transformation with accelerated adoption during the pandemic. Specially in the Healthcare sector migration towards cloud, whether it is hybrid, public, private or multi-cloud serves to overcome two major challenges, first to increasing cost-effectiveness and secondly to build a self-sufficient health ecosystem with patient’s wellbeing in the center. Cloud computing can also be used for communication, decision-making, and forecasting. Deployment of cloud technology can create an entire IT infrastructure that can unify healthcare facilities, patients, pharmacies, laboratories as well as insurance companies to provide an integrated information ecosystem. Health Information Exchange SEPTEMBER 2021 / CXO DX
17
» COVER FEATURE learn and take advantage of those specific Clouds in it’s most advanced form rather than spreading already thin resources even thinner across multiple ones. One can consider PAAS or SAAS from multiple cloud providers. The overheads of managing PASS or SAAS over multi clouds or providers is minor, compared to the benefits they bring in. Hence once should do a deep dive to see the specific use cases that calls for a mutli cloud solution or else stick to one or two established cloud providers.” He lists down some of the reasons that should be driving a cloud strategy and the most important thing is that one should not go with a cloud strategy just because everyone is doing it because that can lead to failure. “There has to be some key drivers and agreed measures of success e.g.: Digital transformation of the organization, cost reduction, faster time to market, lowering CAPEX investments etc, that the senior leadership as well as the Business units and IT embrace wholeheartedly and can stand behind. The easiest way to fail is to go cloud, hybrid, multi or pure – just because everyone is doing it.”
Joseph Aninas Director of Information and Technology, Abu Dhabi University
being implemented namely Malaffi in Abu Dhabi and Nabidh in Dubai. These Health Information Exchanges enables healthcare professionals to securely access unified medical records from all public and private medical facilities. An effective deployment would provide major benefits such as greater flexibility and greater transparency, working with big data to get analytical reports which can be used for forecasting in advance. For companies that are well underway to a multi-cloud model, it becomes imperative to cherry pick best of cloud services and this avoid vendor lock-in. At the same instance, this also brings up the need to have a framework to manage a multi-cloud environment that makes access of IT services seamless and secure. Sumith says, “A hybrid cloud is the first step towards implementing a meaningful cloud strategy. Especially for airlines who have such critical dynamic loads but come from a mainframe era, it is not possible to simply press a switch and make the transition.” He adds that a multi-cloud strategy should have a strong justification for using different cloud providers. “Today a multi cloud IAAS option needs to have an extremely strong business case to be made for it. The cost of managing and operating multiple clouds are substantial and the complexity increases exponentially with each new cloud provider you bring in. When you consider the potential benefits, it becomes even more unappealing. Sticking to one or two primary Cloud providers while implementing sound, highly resilient and secure architectural principles and patterns also allow the organization to fully
18
CXO DX / SEPTEMBER 2021
He explains that the way to go about it is start small, by choosing a suitable Cloud provider and then plan to move small dev and test workloads to the cloud, followed by some DR site migrations and small production workloads before looking at critical production workloads. Among other factors, Sumith mentions the need for existing IT and Business teams being fully onboarded with the cloud projects with training and certifications done. And further ensure operations follow best practices and are constantly optimized for capacity and costs. There is also the need to ensure effective risk, security and regulatory management especially in critical sectors.
IT investment outlook
Joseph believes that one of the priorities for organizations would be around enhancing sustainability and reducing carbon footprint even as they look to increase IT investments. He says, “The priority would be to reduce data center footprint and reduce TCO on IT assets. I think IT should look at balancing sustainable running cost and fit-for-use with measurable returns.” Sumith says that companies would be looking at investments on the cloud rather than on premise going ahead, with exceptions being when they need to support some legacy investments on premise. “The trend that I see is that organizations are not too thrilled about having to build and operate data centers. This coupled with shortage of skilled resources will see organizations adopting public cloud and models such as ours at scale. However, investments will continue on implementing more innovative security models like Zero trust, SASE and passwordless mechanisms at the enterprise level rather than on traditional compute, storage and networks.”
A digital outlook
The digital transformation strategies have worked out well for many entities across diverse sectors who were able to see a great enhancement in their operations and processes.
» COVER FEATURE This is also a technology jargon “digital journey”. The core of the digital journey is how the information is presented to the user, this is a lengthy topic to discuss but if you look into it, it is addressing how the data is presented to the viewer, what is the value of this information to the user. While the past year and half has seen a spurt in digital transformation initiatives, many companies had already been ahead of the curve with mobile first and cloud first strategies. Sumith adds, “Our vision was always digital. We adopted a Cloud first, Mobile first strategy over 6 years ago. Our aim was to ensure that all our IT systems would be accessible via mobile devices and would be (as afar as possible) deployed on the cloud and be cloud native. This allowed us to set the tone and move into a micro services based and in some cases a serverless architecture for our key systems which was a first for airlines. We invested heavily into building strong APIs and ensuring modular service based development across the board. Due to the strategy that we adopted we are well poised to embrace cutting edge technology without the friction that you traditionally associate with in the aviation industry. This meant that we were ahead in our digital transformation journey compared to a lot of our peers.” According to Mustansir, the journey has just begun for many organizations and there is a long way ahead. The success would hinge around making it an inclusive rollout. He says, “The digital transformation journey of most of the organizations have started during the pandemic. Expectations of the stakeholders are very high but reality is different. Transformations are hard, and digital ones are harder. Research shows that less than 30 percent of digital transformation projects succeed. Main reason is most of the decision makers think digital transformation is something related to Information Technology only. It should be an inclusive approach and should primarily have a broader business strategy. Not only consultants but people on the floor who actually work in the different departments should be included along as they have the insider knowledge about what works and what doesn’t in their daily operations and then strategize with a multi-pronged approach.
Security on the agenda
Cybersecurity is now a foremost concern for companies with more sophisticated ransomware attacks and other malware and an increasing velocity of attacks.
Mustansir Aziz Senior IT leader, Healthcare industry
greatly increased. This means that given the ever tightening budget for IT, the CyberSecurity part of the budget has to be well preserved and grown. For this we have to have a balanced approach on building strong foundations around Cyberdefense, Security hygiene, Threat hunting, Proactive threat management and word class incident response. This doesn’t mean buying and deploying a bunch of tools but rather using the tools like SIEM, SASE and EDRs in a more advanced manner. We are looking at enhancing these tools with AI capabilities to improve the signal to noise ratio. This is one area where we expect to see a lot of improvement in the coming months and years.” Cybersecurity challenges will continue to mount, and organizations will need to continue investing in solutions that can address the newer threats that crop up.
The attacks are becoming more sophisticated and common and companies are falling victims to breaches that cause them serious financial damage in addition to the collateral damages such as taking a hit in their reputation with the public.
“With cloud adoption on the rise and the roll out of 5G across the region threats to availability and integrity of networks has become major security concern. Attempts for data exfiltration is on the rise. Many organizations are being targeted with sophisticated ransomware attacks. With many people working from home using their own computing devices has led to exploitation of remote access solutions All these and more has opened up opportunities for technology providers to come up with innovative security solutions that would assist in securing the organizations digital and data footprint.”
Sumith adds, “The threat landscape has evolved immensely in the last decade. The regulatory burden on businesses both at a national and international level when it comes to CyberSecurity has also
In summary, even as companies continue to enhance their investments in going digital, they will also need to keep an eye on the security front and ensure they are protected all along the journey.
Joseph says, “Security remains a primary concern as far as IT operations go. An IT administrator will never have peace of mind in anticipation of a classic “Zero-Day” attack.”
SEPTEMBER 2021 / CXO DX
19
» INTERVIEW
SECURING EMAILS
E
mail remains a leading attack vector for cybercriminals looking to penetrate the network. Werno Gevers, Regional Manager at Mimecast Middle East discusses how to build resilience in the email system and also goes on to discuss other trends including web security In the remote work era, is email the leading threat vector? Email remains the number one business application and the favoured attack vector for cybercriminals, with research indicating that nine out of ten cyberattacks utilise email in some form. The pandemic has accelerated the volume and sophistication of cyberattacks. Research from the Mimecast Threat Intelligence Centre in 2020 found a 93% increase in malicious file detections in the region between March and April 2020, just as the pandemic started spreading and countries went into lockdown. A steady increase in all attack types has been noted every month since. Organisations are more reliant on their email and other business productivity tools than before, with most organisations still following a hybrid work model. In Mimecast's latest State of Email Security 2021 report, 70% of organisations in the UAE reported that the volume of email has increased, with three-quarters
20
saying they expect an email-borne attack to damage their business in the next twelve months. The most common types of email-related attacks in the region included phishing with malicious links or attachments (reported by 55% of organisations), impersonation fraud or business email compromise (47%), and fraudulent use of a company's brand via spoofed email (40%). The biggest email security challenges in 2021 among organisations in the UAE included the increasing sophistication of attacks (42%), the growing volume of attacks (41%), and employee naiveté about cybersecurity (50%). What are the different aspects of building cyber resilience in your email system? One of the most important things to keep in mind is that an organisation can't embed true email resilience simply by relying on a single, large service provider or software vendor. It's an eggs-in-one-
CXO DX / SEPTEMBER 2021
basket approach that leaves the organisation vulnerable when the provider experiences service outages or unexpected downtime, or when attackers find a new security flaw. More importantly, if all organisations used the same service provider it creates an everyone's-eggs-in-the-same-basket scenario where threat actors only have to learn to breach one provider's defences to gain access to huge numbers of organisations' data, which greatly weakens each organisation's overall resilience. Another point to keep in mind is that resilience can’t be solved by technology alone. Aspects such as culture, workplace policies and executive buy-in play as large a role in building greater resilience. For example, to improve their cyber resilience, organisations need to empower employees with ongoing cybersecurity awareness training to ensure employees can identify and avoid risky behaviour, even if that organisation has other security controls in place. True resilience requires that technology, culture, employee behaviour and workplace policies all work in tandem to strengthen the organisation's overall resilience. The rate at which criminals are evolving their attack methods means that organisations cannot rely on defences alone and they always have to assume that an attack might be successful. Having continuity and recoverability measures in place means that in the event of a successful attack, organisations are able to
» INTERVIEW
get back to business as soon as possible. This includes having an independent, separately secured archive to ensure data can be recovered in the case of a successful ransomware attack. And an email continuity plan will allow you to continue operating. How significant is DMARC in authenticating emails? Is it only for emails sent from our domain or does it also authenticate emails received? Also elaborate on your product DMARC is an email validation system that is designed to detect when someone is using your domain without authorisation, and to block delivery of all unauthenticated mail. It builds on existing SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) protocols by adding a critical reporting element. DMARC gives organisations the power to govern their email domains and have visibility over which emails are being sent on their behalf. This allows security teams to quickly discover and halt any unauthorised emails being sent from their domains, protecting customers from potential exploitation by cybercriminals. Mimecast's DMARC Analyzer empowers email senders and receivers. For email senders, it allows organisations to see who is sending emails on their behalf and what mail is legitimate and what is not, allows them to publish a DMARC record to instruct internet service providers what to do when an email doesn't pass authentication, and so protects customers and supply chains against phishing attacks using the organisation's owned domains. It further allows receivers to distinguish between legitimate and fraudulent senders, and then quarantine or reject mail from all unauthenticated sources. In addition, it protects employees by stopping impersonation and phishing attacks using the organisation's owned
Werno Gevers Regional Manager Mimecast Middle East
domains before they even reach employee inboxes. In our latest State of Email Security Report 2021, 85% of respondents in the UAE indicated they either use or plan to use DMARC in their organisations, although only 23% are already making use of the technology, indicating room for improvement. How can organisations be effective in curbing ransomware and phishing attacks? In Mimecast's State of Email Security 2021 report, 78% of organisations in the Middle East reported experiencing a business disruption due to ransomware in the past year, up from only 66% the
year before. Organisations reported an average of six days' downtime following a successful ransomware attack, and of the 43% that paid the ransom, more than half (56%) never recovered their data. A lack of preparation certainly plays a role in growing success of ransomware and other attack types: only 23% of ME organisations reported having a cyber resilience strategy in place, and 86% were hurt by a lack of cyber preparedness in the past year. To protect against ransomware attacks, Middle East organisations need to develop a layered security strategy that hardens the email perimeter and protects against email-borne attack. This is especially important as email remains the favoured attack vector for cybercriminals,
SEPTEMBER 2021 / CXO DX
21
» INTERVIEW and should include additional security solutions to augment native security of business email platforms such as Microsoft 365. And by integrating with other best-of-breed security solutions, you can speed up detection and response.
become live attacks. It gives organisations the power to quickly and easily block any potentially malicious domains and URLs at the click of a button, preventing dangerous links in emails being clicked on by employees.
Data should be archived to an independent and separately secured environment, and a robust email continuity plan needs to be established to ensure the business can continue running in the wake of a successful attack.
Organisations in the region are without a doubt becoming more aware of online brand exploitation and the danger it poses. Our research found that 95% of organisations in the region would be concerned if a counterfeit website misappropriated their brand, up from 74% a year prior. Similarly, 94% of organisations would be concerned if bad actors spoofed their email domain, compared to 80% in 2020.
Critically, end-user awareness training needs to be prioritised and provided on an ongoing basis to ensure every member of the organisation works to strengthen overall organisational defences. Finally, organisations need to control and monitor shadow IT, especially as new hybrid work models blur the lines between personal and professional lives. Aspects such as unsecured Wi-Fi, public file sharing services and accessing insecure websites can all provide opportunities for cybercriminals to breach organisational defences with ransomware and other malware. How does Mimecast Brand Exploit protect work? Is there enough awareness and demand from customers in the region for this? Brand exploitation is a growing concern to organisations, since even unsophisticated attackers can register lookalike domains and use brands as bait to target people that trust it. By cloning a respected brand's website, attackers can steal login credentials, personal information and even money.
In response, nearly all organisations 97% in fact - either use or have near-term plans to use a brand protection service in 2021, with 7 in 10 organisations in the region already using such a service. You have a focus on web security solutions. Is the web another potent threat vector as far as corporate networks are concerned? Web security is an essential component of an effective cyber resilience strategy. The web is used in 91% of malware attacks and is the second-most commonly used vector for cyberattacks after email.
One of the main challenges is that these types of attacks take place beyond the perimeter of a typical organisation's defences. Gateway defences protect the organisations, but can't extend that protection to partners and customers, and DMARC can help but is limited to domains owned by the organisation. Mimecast Brand Exploit Protect helps to block brand attacks before they can even launch, and stops live attacks. The service uses a combination of machine learning and targeted scans to identify attack patterns at an early stage, and block compromised assets before they
22
CXO DX / SEPTEMBER 2021
"Organisations in the region are without a doubt becoming more aware of online brand exploitation and the danger it poses. Our research found that 95% of organisations in the region would be concerned if a counterfeit website misappropriated their brand, up from 74% a year prior."
It's also a major distraction for employees at work, an issue that has gained increasing relevance with the switch to remote and hybrid work models. In research conducted in 2020, respondents from the UAE reported the greatest use of company-issued devices for personal activities among all countries surveyed. Nearly nine in 10 (87%) respondents in the UAE said they use their work-issued device for personal activities, against a global average of 73%. The most common personal activities that UAE employees engaged in using their work-issued devices include financial transactions (59%), checking personal email (57%), downloading and installing software for personal use (43%), and video calls with friends and families (50%). Elaborate on your integration with other security products from different vendors? Defending an organisation against cyberthreats is a complex task that often requires a diverse and complex set of tools. While adding technologies to an organisation's infrastructure is easy, getting them to work together is not. Managing so many products can also be immensely challenging and requires skills that are not always readily available. A key to effective security integration in a cloud-enabled environment is the adoption of Application Programming Interfaces (APIs). APIs help to automate data integration and exchange across multiple security tools, such as those used for Security Information and Event Management (SIEM), Security Orchestration, Automation and Response (SOAR), endpoint security, and IT Service Management System (ITSM) solutions. Mimecast’s technology was built for the cloud from the ground up. Our purpose-built, cloud-native platform – known as Mime|OS – provides an extensible architecture that lets you quickly and easily integrate Mimecast with existing investments. We offer pre-built integrations plus example code and documentation, allowing organisations to leverage the collective power of the best technologies in the industry. This ultimately reduces complexity, lowers risk, and optimises investments.
» INTERVIEW
SECURING THE FRONT Anoop Kumar, Information Security Manager at Al Nisr Publishing elaborates on the challenges that a CISO faces these days How challenging is the role of a CISO these days with cybersecurity an increasingly prominent focus at organizations? What makes it challenging? From a general industry perspective, I would like to cite a few factors. One of the primacy challenges would be a lack of adequate resources due to budget constraints. This may especially be so in case of organizations that may have faced a drop in the revenues due to the pandemic. On the other hand, a lack of adequate expertise in cyber security to address modern sec-ops models may be a limiting factor as well as the landscape is swiftly changing. Another aspect would be to find the right audience in management or the Board to highlight the risk and hence justify the need for new security investment. A lack of ownership among stakeholders could always be a challenge and finally when trained operational staff leave the organization without adequate succession planning, that would be yet another challenge to surmount. What do you look for in a security vendor? Would you go with point solutions or would you look at fewer vendors that can give your more solutions, so you have to manage only a few vendors? A lot of it comes down to the budget at disposal as revenues have been impacted by the pandemic. Subsequently spending is controlled and there is a need to look for cost effective alternatives. Do all organizations require a SOC to ensure they are on top of their security challenges and measures? In this pandemic season, where revenues are diminished, I do not think all the organization can afford a SOC. However, SOC operations can be outsourced with cost effective offering from 3rd party security vendors. How do you see the role of MSSPs? The whole idea behind managed security is to minimize operational sost & improve operational security efficiency as well as improve compliance. “What get measured can be managed better” transparency in operational security management brings in improved confidence as incident management, log monitoring, triage, vulnerability management are shown as a dashboard. The Managed services model help reduce manpower costs and clear the hurdle of finding right security talent. There is also the possibility of getting better expertise, better scope of security management and better intelligence, as the exposure might be global or regional. So the idea is to achieve cost effective incident response and triage, with authoritative engagement in local and interna-
Anoop Kumar
Information Security Manager at Al Nisr Publishing
tional legal / legislative authorities. You are assured of proactive monitoring and reporting. Do you see SASE, XDR and Zero Trust and other trends possibly redefining cybersecurity? Yes, the pandemic has forced organizations to deploy remote working models, which obviously requires these new approaches to help control the risk. While offering reduced TCO and improved security, these solutions will have a huge role to play in keeping the networks and data safe. SEPTEMBER 2021 / CXO DX
23
» INTERVIEW
HUNTING DOWN CYBER THREATS
H
arish Chib, vice president, Middle East & Africa discusses that organizations need a comprehensive, defence-in-depth cybersecurity system that emphasizes multiple layers of protection is critical for proactively defending against these stealthy attacks Discuss how cybercriminals have innovated in their malicious campaigns and malware delivery? What are the new kind of attacks prevalent? The threat landscape today has largely stabilized. With a few exceptions, the most prominent threat groups, threat types and their delivery methods have been consistent for the past couple of years. It consists of nation-state attackers, highly skilled cybercrime organizations, and low-skill opportunistic groups and individuals. The nation-state attackers are the most difficult to defend against, if it's even possible. They are extremely highly skilled, endlessly patient and enjoy limitless resources. We can however learn from their past tactics and tooling which ultimately end up in the hands of organized cybercrime. This group is almost exclusively financially motivated and is responsible for most of the threats we encounter. Many of them are highly skilled and well-funded. They are continually looking for the next edge in defeating our defences. Both tech and humans. They operate botnets and create most of the malware in the wild. The low-skilled, opportunistic criminals contribute to the rest of the noise and distraction in the threat landscape. They rely mostly on automation and older, over-used, and detectable tools. Email continues to be the preferred mechanism for distributing first stage threats. Whether this is from infected attachments or malicious links, threat groups are still finding success with email campaigns. Email is also responsible for phishing attacks where the goal is to harvest credentials for resale or use in potentially targeted attacks against organizations. Many large botnets, such as Emotet, are also used in spreading malware like banking trojans and ransomware. Ransomware continues to be one of the most visible and destructive threats organizations face. Over half of the organizations we recently surveyed admitted to being victims of a ransomware attack.
24
CXO DX / SEPTEMBER 2021
Data theft is also very concerning for many organizations. The data being stolen can take many forms: intellectual property, credentials, financial information, personal information, customer lists, state secrets, etc. Each type of data can be used to further the attack, published to harm the company, or sold to third parties. Unfortunately, the way data theft manifests itself sometimes is in conjunction with a ransomware attack. This means some organizations are doubly affected. Other threats, such as, credentials stealers, keyloggers, and phishing attacks all play a role in abetting data theft. As with ransomware, sometimes these threats operate in concert with each other. For example, the Emotet (info stealer) to Dridex (banking trojan) to Ryuk (ransomware) infection chain. With cloud hosting more workloads from companies, discuss the need for better securing them against potential cyber attacks/threats? Organizations should evaluate security solutions that are able to cover security, compliance and configuration monitoring controls around all cloud assets, as well as cloud infrastructure, to protect against the range of potential cyberattacks. Four key steps are to: • Define the right cloud security posture Start by knowing that cloud providers follow a “shared security model,” which means that organizations are responsible for securing anything they run or store in the cloud (not the provider), and then build from there to create the best the security posture. • Test and enforce compliance Deploy a cloud security posture management solution that provides a single view of all cloud assets and delivers continuous insight into the current state of security, including access and configurations. • Build a layered defense Identify the shortcomings of cloud provider platforms and build a layered defense that is able to detect and respond to security issues across the network, cloud workloads, and remote users, and safeguard access routes to cloud services via endpoint and mobile devices.
» INTERVIEW
• Continuously monitor Monitor for any deviations or suspicious behaviors that are different than the tested and enforced posture. Set solutions risk-profile alerts to avoid being overwhelmed and look for solutions that integrate with SIEM. Has work from home trends in the past year and half invited more cyberattacks such as phishing and ransomware? Our recently published report “Phishing Insights 2021” reveals that phishing attacks targeting organizations globally ramped up considerably during the pandemic, as millions of employees working from home became a prime target for cybercriminals. The majority (60%) of IT teams in the UAE and 68% in Saudi said the number of phishing emails targeting their employees increased during 2020. During the pandemic we have seen continued growth in the social extortion side of ransomware. Most highly skilled ransomware groups have adopted the encrypt and leak extortion scheme pioneered by the Maze group in 2019 and some are even considering an exfiltration only model. Some ransomware groups have also taken advantage of the pandemic’s remote working conditions to cripple certain organizations, notably educational institutions who rely on remote learning. Overall, there have been less victims in 2020 but the lower volume has been offset by ever more damaging attacks and much higher ransom demands. Discuss Sophos' approach to ZTNA? what advantages does ZTNA offer? Companies need a more in-depth defense strategy, and they need to adopt new technologies. Currently the market is going towards Zero Trust strategies like ZTNA or SASE. That is the right approach, because everything comes always back to endpoint. The Endpoint and its user is the ultimate the key in the ability to drive cybersecurity forward. Moreover, a comprehensive, defence-in-depth cybersecurity system that emphasizes multiple layers of protection is critical for proactively defending against these stealthy attacks. Sophos makes it easy for customers to have security products designed from the ground up to talk to each other, share intelligence and immediately respond to attacks. We also make it easy for customers, traditional partners and MSPs to manage Sophos security with a single pane of glass through Sophos Central. Broad visibility, layered and communicating security, threat intelligence, the ability to respond in real-time – these are all critical components needed to defend against attacks today. A good sample is Endpoint Detection and Response and Extended Detection and Response. Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) are important tools for threat hunting. What these essentially do, is help organizations to hunt across
Harish Chib
Vice President, Middle East & Africa
"The nation-state attackers are the most difficult to defend against, if it's even possible. They are extremely highly skilled, endlessly patient and enjoy limitless resources. We can however learn from their past tactics and tooling which ultimately end up in the hands of organized cybercrime." their environment to detect indicators of compromise (IOCs) and indicators of attack (IOA). While EDR are powerful tools, they are limited to detection and response on endpoints and servers. To defend IT infrastructure more comprehensively an integrated detection and response system is key. This is where XDR comes in. XDR takes the idea of EDR and extends it. It goes beyond the endpoint and server, incorporating data from other security tools such as firewalls, email gateways, public cloud tools and mobile threat management solutions. SEPTEMBER 2021 / CXO DX
25
» COLUMN
The Journey from Tech Side Project to Return on Investment Dave Russell, Vice President of Enterprise Strategy at Veeam opines that as an industry we must learn to temper our expectations, and those of our customers, towards how quickly and how far new technologies will create radical and lasting change
N
ew technologies attract a lot of hype. Descriptions used to describe new technologies such as ‘revolutionary’ and ‘ground-breaking’ have lost their impact through their overuse. Furthermore, this culture of overpromising makes technologists and customers alike cynical when they don’t see immediate or significant impact of new tech deployments. However, there are numerous examples of technologies that have been subjected to scepticism early on but gone on to become staple parts of the digital economy. From touchscreen interfaces to the Internet of Things (IoT), this path is so well trodden that Gartner produces its annual hype cycle, which theorises the idea that new technologies go from early adopters’ enthusiasm to inflated expectations, before a sense of disillusionment sets in. As understanding of the technology matures, a more realistic judgement can be made of its use as more viable applications are discovered and deployed.
26
CXO DX / SEPTEMBER 2021
There are many reasons why new technologies can initially flatter to deceive. It can simply be executed in the wrong way – possibly because the skills do not yet exist to design solutions and troubleshoot problems. Digital transformation is one such example, where businesses feel held back by a lack of skills to implement new technology – with almost half (49%) of IT decision makers surveyed citing this as a concern according to Veeam Data Protection Report 2021. It can be that a technology is simple ahead of its time and the complementary technologies that give it a clear place in the world do not yet exist. Returning to the consumer example of touchscreen devices, the early efforts by Palm and Microsoft to launch personal tablets were flawed by their inability connect wireless to the Internet or sync with PCs and laptops. It was only when wireless technology and cloud computing reached maturity that smartphones and tablets came of age.
» COLUMN
Finally, technology can work perfectly well, but not really solve a big enough problem to warrant significant investment. That’s why you often hear talk of ‘killer apps’ or use-cases that will give a new technology purpose and meaning. QR codes are an example of a technology that the world thought it had infinite uses for but struggled to take off until they found their calling in mobile boarding passes and ticketing applications. Experience therefore tells us that just because a new technology might not change the way things are done tomorrow, it doesn’t mean it won’t have a big impact long-term. With that said, it’s fine to get excited by the potential of a new technology. But as an industry we must learn to temper our expectations, and those of our customers, towards how quickly and how far new technologies will create radical and lasting change.
Contain your excitement
Even for those technologies which solve a real problem, are enabled by the right complementary technologies. and are generally understood enough to be successfully tested and deployed, there are other challenges. Any enterprise IT deployment requires investment, upskilling and cultural change from business leaders and employees. That means it can take years to build a compelling enough business case to convince budget holders to incorporate new deployments into their strategy. In addition, once a clear business case has been established – there are regulatory, cybersecurity and data protection requirements to throw into the mix. Given the value modern businesses rightly place on their data and the consequences of failing to manage and protect it, this is something which must be considered as early in the tech lifecycle as possible. If you cannot confidently protect and manage data within an IT service or application, don’t deploy it. An example of a technology that is moving through the various phases of the hype cycle at a rate of knots is containers – seen by many as a natural evolution of a virtualised environment – but designed to give IT managers greater control and flexibility over their applications. As little as around two years ago, containers had already begun their slide into Gartner’s so-called trough of disillusionment – the phase when businesses have begun to act on the hype but been disappointed by the lack of immediate outcomes. However, fast-forward the clock to 2021 and containers are already a critical component of DevOps-led infrastructure and application modernization – with Kubernetes emerging as the dominant container orchestration platform. The business case for using containers enabled by Kubernetes is becoming well established, as microservices-based architectures have gained traction within the enterprise. This opens up new possibilities when it comes to protecting data within containerized environments. A general rule to live and die by is that if you can’t manage data, you can’t protect it. So, deploying Kubernetes adds the vital orchestration layer, meaning there is now a significant opportunity for a single data protection platform that includes virtual, physical, cloud and containerised environments. Establishing more advanced data protection and backup credentials is one of the advancements that will help containers go from IT side project to achieving the return on investment businesses crave.
At the edge of reason
Another technology which presents certain data protection challenges is edge computing. Currently, Gartner places edge computing right at the peak of inflated expectations on its Hype Cycle. As hyperscalers look to extend their ever-expanding data volumes and workloads to the edge and the shift towards remote working creates a greater sense of urgency for businesses looking to transform digitally, the case for edge computing looks compelling. You can view this as a confluence of events that make edge computing more relevant. However, alongside digital transformation, there are other words on CIOs’ minds: data protection, cybersecurity, cost optimisation and digital skills to name a few. All these are relevant when it comes to taking edge computing from an overhyped proof of concept to a core hybrid infrastructure service. To manage and protect data at the edge, businesses must be able to identify the data they need, back it up and secure it. Not only does this require backup, data and replication capabilities, it also requires specific skills – so often in short supply when it comes to relatively new technologies. Businesses looking to capitalise on edge computing at this stage need to work with specialist partners to ensure their deployments are not just conducted successfully but are done so without putting data at risk or allowing cloud storage costs to spiral out of control. Taking the time to define your businesses’ Cloud Data Management strategy will provide direction and clear objectives, allowing you to measure the success of introducing edge computing to the data management mix.
"There are many reasons why new technologies can initially flatter to deceive. It can simply be executed in the wrong way – possibly because the skills do not yet exist to design solutions and troubleshoot problems. Digital transformation is one such example, where businesses feel held back by a lack of skills to implement new technology." Taking a strategic view of where technologies you have not successfully deployed before sit within your wider business objectives is crucial for building the business case for them and acquiring the necessary buy-in from budget holders to invest complementary solutions and onboard the necessary skills. For enterprises locked in a race to transform digitally, evolving customer demands along with an increased reliance on cloud and connectivity are forcing their hands. Implementing the latest and greatest technologies to achieve the desired outcomes of digital transformation requires investment in the necessary skills, data management and protection capabilities required to do so successfully, cost-effectively and securely.
SEPTEMBER 2021 / CXO DX
27
» COLUMN
Securing data through the network to employees – anywhere Jan Lawford, Head of Security, VMware EMEA writes that a Zero trust approach helps create a comprehensive ‘security operations centre’, which provides the context and visibility that IT teams need
28
CXO DX / SEPTEMBER 2021
H
ow important is ‘where’ we work? Location is becoming more irrelevant as traditional office-based working is being replaced by more a flexible, distributed ‘anywhere’ model. But if employees can’t get secure access to the right information at speed, wherever they are, anywhere working will fail. Whether you’re in the office, at home, on the move, or in co-working spaces – the flow of data through an organisation has increased in complexity. Multiple locations means multiple points of risk and greater security threats between data centres, applications, the network, the cloud, and devices. With corporate data no longer protected by the traditional infrastructure perimeter of the office, securing data across all these potential entry points has rightly become a boardroom issue.
» COLUMN VMware’s recent Global Security Insights Report revealed the most vulnerable breach points on the data journey as organisations move their infrastructure to accommodate the anywhere workforce. Eighty percent of organisations surveyed stated they have experienced cyberattacks due to more employees working from home and almost one in five cite the network as being their main breach point of concern. Let’s take a closer look.
Traditional security no longer works
The network is paramount, carrying data from the data centre to the app to the cloud to the device. Whilst securing traditional networking has largely been restricted to the perimeter of the corporate infrastructure – a secure bubble guarded by a firewall – it’s no longer clear in the modern world whether the new network even has a perimeter any longer, let alone how to secure it. There may be 50,000+ connection points outside the traditional corporate firewall, wherever an ‘anywhere worker’ might happen to be. By vastly expanding the network’s reach through VPNs (or ‘Virtually Pointless Networks’, as they are ironically being labelled), IT leaders have ultimately lost the end-to-end visibility that they used to count on.
How to secure your network?
With organisations dealing with more extensive physical and virtual networks, network security must be amplified to reinstate this visibility. The Virtual Cloud Network is a solution that can deliver pervasive connectivity and intrinsic security as a built-in distributed service, for users to apps and businesses to data, regardless of location. Underpinning this are new technologies such as Secure Access Service Edge (SASE), that reroutes networking requirements through the cloud, providing better context, scalability and seamless user experience. In fact, Gartner predicts that by 2024, more than 60% of SD-WAN customers will have evolved this into a SASE architecture, compared with only about 35% in 2020. Edge IoT devices have a similar challenge with IT teams struggling with a lack of visibility across the multiple devices they are managing. For critical infrastructure suppliers such as energy providers for example, IoT devices and the data that runs to and from them through the network, are central to monitoring the status of their systems. For Ansaldo Energia, a critical task for its global operations is its monitoring and diagnostic system, which collects data from more than 200 power plants around the world. To protect the devices collecting this data, Ansaldo adopted a cloud-based solution that delivers a 30% drop in total cost of ownership while improving security and flexibility.
Multiple touch points – one holistic solution
Whether you’re securing the network, apps, workloads or endpoint devices, organisations need to rethink security as an inherent and distributed part of the modern enterprise through a zero-trust approach. By incorporating zero-trust security principles into an organisation’s supply chain, they can achieve complete end-to-end protection. This creates a comprehensive ‘security op-
Jan Lawford
Head of Security, VMware EMEA
"Whilst securing traditional networking has largely been restricted to the perimeter of the corporate infrastructure – a secure bubble guarded by a firewall – it’s no longer clear in the modern world whether the new network even has a perimeter any longer, let alone how to secure it." erations centre’, which provides the context and visibility that IT teams need. Relevant security information is presented in context and combined in an intelligent fashion across teams, reducing silos and improving teamwork and communication.
Anywhere working will help to make employees
feel empowered, connected and productive, and taking this new stance will ensure teams are better equipped to solve the threats of today and tomorrow, with fewer blind spots and reduced time to detection and response. Organisations can better operationalise security, making more effective use of people and resources, all whilst delivering the speed and security required of the modern enterprise. SEPTEMBER 2021 / CXO DX
29
» COLUMN
CYBERSECURITY STRATEGIES FOR THE HYBRID WORK ERA
Ali Sleiman, Regional Technical Director, Middle East & Africa at Infoblox opines that the hybrid workforce needs cybersecurity rollout from day one
T
he hybrid workforce is a permanent reality for most companies these days. The sudden onset of the pandemic and associated shutdowns gave organizations very little time to prepare for such large-scale remote work, let alone time to think about how to secure their ‘work from home’ users who still needed to access enterprise applications in the cloud, and work with and store corporate data on their devices. Security teams now have to think about protecting corporate resources and data as employees are working outside the corporate perimeter. The pandemic, widespread remote work, and the adoption of new technologies have brought in changes that traditional network architectures cannot deal with. The existing paradigm where the security stack is located within the cor-
30
CXO DX / SEPTEMBER 2021
porate network is no longer sufficient to protect these teleworkers. Teleworking also exposes the company to a much broader attack surface, as workers add personal devices and home and public Wi-Fi networks to the corporate network. The internet, cloud technologies and the onslaught of wireless all contribute to a massive increase in the attack surface. This requires a different security skill set and an increased awareness of the vulnerabilities of today’s IT environment. Bad actors are taking advantage of the chaotic nature of these times, by launching coronavirus-themed cyber-attacks and impersonating well-known websites that try to provide useful, timely information for the general public. Indeed, COVID-19 has become the subject of choice for phishing and spear-phish-
» COLUMN
ing campaigns that seek to take advantage of the heightened level of fear and concern. In this scenario, cybersecurity needs to be rolled out from day one, or else companies and their employees will be at serious risk from partially secured cloud deployments, data breaches, insecure applications, and remote locations where the security and management of the remote user and the local branch LAN is often ignored, leaving end-users vulnerable. In many cases employees working remotely ignore basic cyber hygiene rules like updating the operating system, using an effective antivirus or strong passwords and backing up data regularly. However, companies also have a responsibility to have structured security policies which address all security gaps. These need to be implemented and adhered to by all employees. Remote workers and end-users will likely be active on a variety of mobile devices, home networks, and public Wi-Fi networks, which make them more likely to face cyberattacks. Leveraging the position a core technology like DNS security has in the network, can play a critical role in preventing attacks like lookalike domains, DOH/DOT, data exfiltration, and content vulnerabilities. Without a security control like Custom Lookalike Domain, for example, that can monitor such risks, teleworkers will be more easily targeted and vulnerable to attacks, especially in an age where character substitution is increasingly employed by cybercriminals to manipulate users into exposing credit card numbers, passwords and other sensitive data. End-users will always have the primary responsibility of being aware of increasingly sophisticated cyber threats, provided the organization provides proper education and training, and enforces security policies. It is important to consider the risks in consumer grade Wi-Fi connections, as home routers are usually not secure or patched. There are also risks in using shared documents on cloud folders. Additionally, home browsers configured with plug-ins and certain applications may introduce substantial risk. CISOs should consider implementing technologies like BloxOne Threat Defense from Infoblox that includes a lightweight endpoint agent that helps end users with all of these vulnerabilities and more. While there are a number of different solutions available to protect remote workers, one of the best and most cost-effective is DDI (DNS, DHCP, IPAM). DNS is the foundation of the Internet and so every connection to the Internet goes through it, making it an ideal service that can be used to secure the network. In the corporate environment, DNS is often provisioned
Ali Sleiman
Regional Technical Director, MEA, Infoblox
by the internal security team, but when working from home, employees typically use public DNS or DNS provided by their service providers - both of which seldom do security enforcement on DNS. Today’s security decision makers need to have a variety of skills, and an ability to understand the impact that new technologies like SDN, SD-WAN, Multi-cloud, and Network Functions Virtualization (NFV) have on their ability to assess the risk of such deployments and respond with the right security models like Zero-Trust and cybersecurity tools for the organization. SEPTEMBER 2021 / CXO DX
31
» COLUMN
HOW TO CREATE AN AGILE SUPPLY CHAIN
Karthik Krishnaswamy Director of Product Marketing, NGINX, F5
Supply chains must adopt a ”network approach”, connecting all partners to shared processes, data and metrics, managed within a single platform to succeed writes Khaled AlShami, Senior Director, Solution Consulting, Middle East & Africa, Infor
C
ompetitive supply chains must enable a new level of coordinated performance that creates a high-fidelity picture of in-process flows across your extended network. Building the continuous supply chain supports contextual deviations, conveys alerts and drives continuous planning via sense & respond capabilities.
Optimizing multi-party business processes Supply chains are complex networks where over 80% of the data and processes sits within partner systems. To see and act on the latest picture of your supply chain, your company needs that data from each of your partners, but the problem is most companies rely solely on an enterprise-centric approach to solve a multi-enterprise problem.
32
CXO DX / SEPTEMBER 2021
The only way to overcome those limitations is to adopt a "network approach." Connecting all partners to shared processes, data and metrics managed within a single platform creates a single version of truth for all parties. This allows supply chains to eliminate the data silos and inherent latency in order to reduce the root causes of friction, variability and costs in today’s supply chains, both internally and externally.
Managing product flows
Balancing customer service levels and supply chain costs is nothing new, but customer expectations are more demanding than even before due to how quickly products need to be in market to capture sales and quickly turnaround delivery. Your customers are under their own pressure to meet on-time and in-full (OTIF) delivery and that flows all the way back upstream.
» COLUMN These challenges highlight that today’s supply chain structures simply aren't equipped to deal with the high demands if partners and systems aren't providing "single truth" visibility. With solutions that provide real-time visibility and machine learning to assist with predictive sensing of product availability issues, your company can make the needed adjustments to meet customer service agreements.
Advancing supply chain visibility maturity in the organization
How do we define supply chain visibility today? Leaving aside long-term forecasting and planning that depends on insight to meet demand, the operational aspects of the supply chain that we can materially impact with improved and multi-dimensional visibility involve orders, shipments, and inventory. Obviously, supply chain visibility can’t be achieved from a single data source, or a single set of participants. Just as the old-fashioned supply ‘chain’ is more accurately described as a network today, so a networked solution to building multi-dimensional visibility to that ecosystem offers the best path to value. A networked visibility approach means that business benefits can be realized across many cross-functional and cross-domain areas.
"Connecting all partners to shared processes, data and metrics managed within a single platform creates a single version of truth for all parties. This allows supply chains to eliminate the data silos and inherent latency in order to reduce the root causes of friction, variability and costs in today’s supply chains, both internally and externally." The value of visibility
Supply chain visibility frameworks need to recognize the milestone components that make international product flow successful as well as transparency of outbound truck shipments constrained by connectivity to many different carriers. Collaboration with trading partners is the only way to gain the higher levels of visibility that can significantly improve global supply chain planning and fulfilment operations. To keep production running and customers happy, it is critical to know when expected product availability for fulfilment or consumption is in jeopardy.
Finance & Trade Flows
Volatility in supply chains makes it hard to profitably meet demand. Sourcing is complex, often involves hundreds of partners, and suppliers often don’t have access to adequate capital, causing instability in the supply base. The majority of inventory, cost, and risk is outside of a single enterprise’s control. Too many siloed systems and not enough shared data make it impossible to reliably meet consumer demands. Companies, with only a few pieces of the puzzle, must scramble to track inventory and provide accurate ETAs.
Khaled AlShami
Senior Director, Solution Consulting, Middle East & Africa, Infor
Automation of supplier payment can help improve supplier relations, optimize working capital, and reduce fees and inefficiencies along the financial supply chain. To automate supplier invoice payments and standardize documentation, companies must transform themselves from silo-based, inward-facing corporate operators to interconnected, highly agile business network orchestrators.
End-to-end visibility & orchestration
Incorporating your supply chains’ ability to sense and respond, orchestrate finance and trade flows, and utilize advanced data centres and artificial intelligence is crucial for providing transparent visualization of supply chain dynamics. In addition to these pillars, next generation control towers, or control centres, deliver pervasive end-to-end visibility by capturing impact, interconnections, repercussions, and options. They synchronize participants to help dissolve a functionally siloed approach to fulfilment. Once organizations adopt a networked solution that allows all parties to share and see real-time updates, the heightened sense and response capabilities allow them to further close the loop and develop the continuous supply chain. SEPTEMBER 2021 / CXO DX
33
» COLUMN
THE SD-WAN OPPORTUNITY Simon Pamplin, Chief Technologist WAN Edge EMEA at Aruba Silver Peak, a Hewlett Packard Enterprise company asks if the growing emergence of SD-WAN increase opportunity in the channel?
Over the past year the pandemic has been a catalyst for accelerated digital transformation and companies are now working hard to adapt and maintain the pace they set themselves. Alongside a myriad of other challenges, the new ‘work from anywhere’ mandate has been a prevailing shift that businesses have had to embrace. Remote working is the new norm, and the net has widened in terms of business locations; instead of being fixed, viable ‘office’ settings could now be coffee shops, homes, shared spaces, and pop-up venues. This has altered the concept of a branch office; while the apps used are the same, the way they are accessed and secured is different, which is putting increased pressure on organizations to transform their WAN and security architectures. Many organizations have tried to manage this shift by stretching their legacy router and firewall centric infrastructures that simply can’t sustain the pace and aren’t flexible enough for modern applications that are primarily hosted in the cloud. As a result, there is a growing demand for SD-WAN, which relies on a cloud-first architecture. But how can channel partners maximize SD-WAN as a growth opportunity? And what should they look out for when it comes to identifying potential customers?
A new conversation
One of the key benefits of SD-WAN is that it aligns the network to the desired outcomes of the business. The network is built around the needs of the business and the software creates an agile virtual network enabling acceleration and innovation that can’t be matched by traditional networks. With SD-WAN automation and intelligence, the network becomes self-driving, simplifying processes and driving efficiencies that ensure business leaders can get on with running their companies instead of worrying about the accessibility and security of their business applications. This shift in approach presents a huge opportunity for channel partners – particularly those who have sold traditional networking. Instead of talking to IT departments about new network ‘products’, resellers can now speak to business leaders about WAN and security transformation that will enable them to deliver on broader
34
CXO DX / SEPTEMBER 2021
» COLUMN company goals and objectives, and gain time to market advantages. This means partners can target a new audience with a fundamentally new approach to unifying network and security architectures, instead focusing on addressing strategic business challenges for customers rather than simply reselling networking gear.
An entry to cloud
Businesses across every sector are considering some form of digital transformation, but this is often accompanied by concerns around complexity and disruption. SDWAN eradicates those concerns – with the Aruba EdgeConnect SD-WAN edge platform, for example, it’s now possible to extend the network into AWS, Azure, Google or Oracle with a few mouse clicks, meaning businesses don’t need to worry about embracing a hybrid or multi-cloud strategy. This level of simplicity makes SD-WAN an attractive proposition for businesses considering cloud migration and gives partners another opportunity to have a strategic business discussion with customers. Furthermore, as partners continue supporting customers in their adoption and evolution of WAN and security transformation, they will have the ability to establish profitable SD-WAN business practices that will fuel their own growth and profitability in a sustainable way. To ensure resellers succeed throughout their SD-Wan journey they should partner with a trusted provider that offers ongoing training and certification.
SD-WAN-ready businesses
Of course, cloud transformation is a broad brush to target companies with but there are ways to narrow the focus. Businesses most ripe for SD-WAN will be those struggling to sustain high quality of experience for end users or those with latency issues. Partners should listen for customers who are currently unable to deliver consistent application performance, or who are complaining about application availability, which has an inevitable impact on productivity and trade. These are all signals that SD-WAN would provide a viable solution. It’s also a good time for partners to re-engage with businesses that put major projects on hold due to COVID. Though many
Simon Pamplin
Chief Technologist WAN Edge EMEA, Aruba Silver Peak
initiatives were accelerated during the pandemic, enabling SD-WAN to deliver almost instant agility and speed to help businesses sustain and improve operations, a large number were postponed or cancelled entirely. In those cases, companies now find themselves trailing behind their digitally savvy peers and losing competitive advantage. Partners should encourage conversations with customers to identify the need for increased efficiency, particularly for those still holding back on transformation projects. Furthermore, as businesses continue their shift to the cloud, many are struggling with how to segment and secure cloud-destined application traffic. SD-WAN presents an opportunity to discuss both WAN and security transformation and how to help
businesses to deliver edge to cloud network security. Addressing this issue also has significant business ramifications.
Final word
The good thing about SD-WAN is that it’s sector agnostic, so resellers have a vast target market and addressable market to serve. SD-WAN is driven by business needs and will benefit any geographically distributed business, which casts the net wide in a post-pandemic world. As organizations continue their journey down the road of digital transformation, the need for agility and speed at the Edge will only accelerate. With SD-WAN ripe for picking, partners should be able to maximize market opportunity and ensure their customers can achieve business goals in a digital-first world.
SEPTEMBER 2021 / CXO DX
35
» TECHSHOW
INFUSE SOLUTION FROM KODAK ALARIS Kodak Alaris unveiled INfuse Expansion Modules, including six new software add-ons and support for a third-party card reader accessory that allows users to scan documents more securely and efficiently than before. Partners such as ISVs and Systems Integrators can now customize their core INfuse offering by adding one or more of these modules to their solutions. The INfuse Solution integrates into other applications allowing users to complete tasks more accurately and faster than ever before. Tasks previously completed in days are now measured in minutes or hours. INfuse includes three key components: the partner’s software application, INfuse Management Software, and the INfuse AX Scanner. Partners create efficient, networked document solutions such as invoice processing, medical records management, or customer account management by integrating the INfuse solution into their line of business applications through the use of APIs and plug-in modules.
Key Features: •
•
Kodak Alaris now supports secure access to INfuse AX Scanners using a third-party card reader. The HID OMNIKEY Smart Card Reader is a cost-effective way for organizations to leverage their existing user ID system to improve security while providing a user-friendly experience. In addition to the existing standard and partner customized connectors, four new Direct-to-destination Connector Modules are available to optimize data channel efficiency to major cloud destinations. These Connector Modules allow the scanner to scan directly to Microsoft Azure Blob
storage, Amazon S3 storage, Alibaba OSS storage, or Tencent COS storage without passing through intermediate destinations. This improves security while simultaneously eliminating costs, delays, and maintenance complexities. •
The Kodak Alaris subscription licensing model now offers the new INfuse Expansion Modules, allowing partners the flexibility to configure the right solution for each customer.
D-LINK EAGLE PRO AI PRODUCT SERIES The pandemic has accelerated the digital transformation of the home as more people are working, playing, and learning at home and demanding better network experiences. D-Link’s latest solutions support the post-covid lifestyle by providing the intelligent, powerful network communications for bandwidth-heavy applications in device-dense homes. D-Link’s new EAGLE PRO AI Series features a comprehensive range of routers to fulfill everyone’s needs for home Wi-Fi and 4G Wi-Fi. Equipped with Wi-Fi 6 Technology, the R15 AX1500 Wi-Fi 6 Smart Router, M15 AX1500
36
CXO DX / SEPTEMBER 2021
Mesh Router, and E15 AX1500 Mesh Range Extender deliver up to four times more capacity and 40% throughput increase than Wi-Fi 5. WiFi 6 enables uninterrupted, high-quality online experiences for today’s generation of users who demand simultaneous connection of multiple devices at home. The R03, R04, and R12 Wi-Fi AI Routers are entry-level devices for emerging markets that provide the latest WPA3 security encryption for more secure connectivity. The EAGLE PRO AI series also includes 4G AI Routers G415 and G416, as well as entry-level models G403 and G412, all with two built-in external LTE antennas. Additionally, the G416 uti-
» TECHSHOW
LOGI BOLT Logitech announced the expansion of its enterprise business offerings to include individual work setup solutions in addition to existing, industry-leading meeting room video conferencing technologies to meet the evolving needs of today’s enterprise IT – from the hybrid workplace to global connectivity – to enhance the overall employee experience. Powering this expansion is the introduction of Logi Bolt, a new high-performance, secure wireless technology offering that provides a solution to key imperatives for enterprise IT - secure wireless connection, robust wireless signal and cross-platform compatibility for mice and keyboards. Logitech is bringing Logi Bolt to the enterprise on a global scale to drive enhanced productivity. These offerings prioritize the needs of enterprise IT to keep their diverse workforces productive, collaborative and secure no matter where they work. Logitech engineered Logi Bolt to conquer IT challenges that can emerge whether users occupy the office or work remotely. Logi Bolt wireless technology seems to establish a connection faster, so switching between a desk and a conference room is smoother and more user friendly.
Key Features: •
Security: Delivers a secure level of wireless connectivity for wireless peripheral connectivity for Logitech mice and keyboards with Bluetooth® Low Energy Security Mode 1, Level 4, when paired with a Logi Bolt USB receiver, also known as Secure Connections Only Mode
•
Robust Signal: The Logi Bolt USB receivers also provide a strong, reliable, drop off free connection up to 10 meters (33 feet), even in congested wireless environments, with up to eight times lower average latency in many cases than other commonly deployed wireless protocols in congested, noisy enterprise environments.
•
Great Compatibility: Logi Bolt devices are more universally compatible than most leading peripheral brands on the market. Their connections are reliable, allowing IT managers to efficiently source, purchase and distribute without compatibility or connectivity issues, and they work with just about every operating system and platform, including but not limited
lizes Carrier Aggregation Technology to boost data speeds up to 300 Mbps. Carrier Aggregation provides the foundation for deploying 4G and 5G networks, with the capability to combine several frequency bands for higher peak rates and increased cell coverage.
•
The AI Mesh Optimizer is D-Link’s unique AI-enhanced Beamforming Technology that delivers more powerful, reliable Wi-Fi throughout the entire home. The AI Traffic Optimizer automatically prioritizes and allocates bandwidth to different applications and provides users with feedback of which devices are causing congestion.
•
The EAGLE PRO AI App features an embedded SpeedTest for checking Internet speed, Health Mode for scheduling sleep schedules, and support for Amazon Alexa and Google Assistant Voice Control.
Key Features: •
Designed with built-in EAGLE PRO AI capabilities, the series routers analyze traffic and optimize the home network through the AI Engine. The AI Wi-Fi Optimizer continuously scans and monitors the network to keep users connected to the best Wi-Fi channel.
to: Windows, macOS, iOS, iPadOS, Linux, Chrome OS and Android™. Users can connect via Logi Bolt USB receivers when security and signal strength are paramount, or by using the Bluetooth Low Energy wireless technology installed on the host computer, giving IT managers the flexibility to roll out Logi Bolt wireless mice and keyboards across platforms, functions, and operating systems.
SEPTEMBER 2021 / CXO DX
37
» TRENDS & STATS
CUSTOMER SERVICE TO SIGNIFICANTLY INCREASE INVESTMENTS IN CHATBOTS, AI AND ANALYTICS Gartner Research signals a shift from Rep-Enablement Technologies to increasing focus and investments in understanding customers through analytics Investments in technologies focused on the customer are rapidly becoming a top priority for customer service and support (CSS) leaders, according to Gartner, Inc. In a survey of 89 service leaders in May-June 2021, respondents evaluated 51 technologies to assess how they are currently being used, the value they provide service organizations and what bets service leaders would place on their future importance. Among all 51 technologies surveyed, case management, consolidated agent desktop, internal collaboration tools, online account portal and unified communications, currently deliver the most value for customer service leaders. “Customer service and support leaders derive value from these technologies because they support an important part of their operations,” said Lauren Villeneuve, senior principal in the Gartner Customer Service & Support Practice. “Additionally, they support new operational needs of managing a remote workforce, new demands and expectations from customers and heightened expectations for service to deliver improved customer experience and value.” In two years, the anticipated most valuable technologies revolve around the customer, through digital self-service platforms and understanding customer behavior through analytics. “It is crucial that leaders understand how customers interact with digital channels in order to contain customers within them, and improve their overall customer experience,” said Connor Seidenschwarz, principal, research in the Gartner Customer Service & Support Practice. “In fact,
38
most customer service leaders we surveyed view investments in analytics as an investment in improving their self-service capabilities.” Past challenges with analytics stem primarily from a lack of data, or transforming raw data into actionable insights that can be used to inform decisions. However, CSS leaders indicate they are overcoming these challenges, and anticipate that the largest increases in value over the next two years will come from technologies that analyze and leverage customer data. As the technology landscape advances, Gartner recommends that customer service and support leaders responsible for service and support strategy and leadership take the following actions:
CXO DX / SEPTEMBER 2021
• Review core service objectives, understand customer preferences and behaviors, and conduct a thorough market scan to select and prioritize technologies for investment. • Collaborate and coordinate with other functions, including IT, marketing and finance, to understand existing plans or technology and their perspectives, and identify areas of coordination. • Gather data on customer behaviors and experiences to identify the technology’s current and potential role in the customer service journey. • Assess the performance of existing technologies by evaluating usage, cost, customer experience, rep experience and strategic relevance, and how they fare against market trends.
https://me.dlink.com | info.me@me.dlink.com