November 2020 by Enterprise IT World

@entitworld

@enterpriseitworld

R S 2 0 | PA G E S 3 2 | V O LU M E 0 5 | I S S U E 0 8

WWW.ENTERPRISEITWORLD.COM

FOR THE CIOs. BY THE CIOs. NOVEMBER 2020

2ND GEN AMD EPYC PROCESSOR IS THE WORLD’S FIRST 7NM X86 DATACENTER PROCESSOR

INTERVIEW P-22

BY USING

ORACLE EXADATA CLOUD

AT CUSTOMER, ORGANIZATIONS CAN ACCESS ALL OF ORACLE

ENTERPRISE-GRADE CLOUD SERVICES With the Digital transformation catching up fast, every OEM has their offering to support the customers so also Oracle has but its ‘Exadata Cloud at Customer’ is an attractive proposition for the legacy applications. Srikanth Doranadula, Sr. Director - Cloud and Systems Business, Oracle India spoke to Enterprise IT World. Excerpts. P/16

FOR THE CIOs. BY THE CIOs.

PRESENT

SECURITY

SY M P O S I U M AND

CYBER SENTINEL AWARDS 2020

THEME DECODING CYBER SECURITY AMID PANDEMIC 19TH DECEMBER 2020

2:00 PM to 5:00 PM

www.enterpriseitworld.com

EDITOR’S LETTER

ROLE OF CIOS MORE CRITICAL NOW IN THIS PANDEMIC

Hello Friends.

Life amid the pandemic is not at all easy for anyone but for the CIOs and CISOs it is actually very very difficult. Every time they would be going to sleep must be pray for the safety of their organization. At a time two types of pressure for them – one: from the physical distance and how to make the system available to the workforce and how to manage the infra with a limited work force, two: how to keep their organizations not being attacked by the Malware and hackers. On top of it pressure from the management that there is no extra budget from the CFOs. Of course there is a sense of IT intelligence in the board room that the CEOs and CFOS along with the board members have understood the importance of the IT and availability of the system. But, it is not very easy to sink in with the thought that the priority is also IT along with marketing and sales. There is no choice for the organizations to look beyond IT in this time of social distancing. You are not going out and you are not inviting people into your office. On top of that your workforce is truncated in number.

NEXT MONTH SPECIAL

Today, the CIOs should realize their importance that without an IT decision maker, the function of the entire organization is crippled. We are hearing news that healthcare sector is being attacked every now and then. There is no system that the hackers cannot penetrate. Maximum time it is human driven. The workforce often times keep the nodes open for a long time. Many times organizations become complacent about their infrastructure. As the best of the breed lock cannot stop the thieves, similarly the best of the breed security system cannot hold back the hackers. There is always a competition of outperforming each other. When the CIOs understand that their responsibility has grown big this time, they must feel the responsibility also far bigger. We do not know what is there in the network or what is coming to you. Monitoring every packet is the rule of the thumb. Zero trust is the thumb rule. Nothing to be trusted. Security modelling, techniques and approaches should be around the human centric and behaviour centric. Towards disseminating and helping the CIOs and CISOs understand the security from close quarters, we have been doing various activities. On 19th December, we are organizing a cybersecurity symposium. Hope to receive your support too.

S A N J AY M O H A PAT R A S A N J AY @ A C C E N T I N F O M E D I A . C O M

COVER STORY

SUPPLEMENT

DC WORLD

QUOTES FROM TOP CIOS

The next issue is dedicated to DC OPPORTUNITY. We would like to take feedback from the CIOs and OEMs and create our judgment on the same.

The supplement story of the magazine would have relevant quotes from the top CIOs in India.

PLUS

Interviews and Case Studies

Catch interviews, guest articles and case studies of recent applications from the Industry stakeholders, IT/ITES Vendors and IT leaders and CIOs from the Enterprise IT World CIO Community.

Send in your inputs to sanjay@accentinfomedia.com 4

ENTERPRISE IT WORLD NOVEMBER 2020

CONTENTS V O L U M E 0 5 | I S S U E 0 8 | NOVEMBER 2020 | W W W . E N T E R P R I S E I T W O R L D . C O M

FOR THE CIOs. BY THE CIOs.

Publisher: Sanjib Mohapatra Chief Editor: Sanjay Mohapatra Managing Editor: Anisha Nayar Dhawan Sub Editor: Pooja Jain, Nidhi Shail Designer: Shadab Khan Web Designer: Vijay Bakshi, Sangeet Technical Writer: Manas Ranjan Lead Visualizer: DPR Choudhary MARKETING Marketing Manager: Vaishali Shukla SALES CONTACTS Delhi 6/102, Kaushalya Park, Hauz Khas New Delhi-110016 Phone: 91-11-41055458 E-mail: info@accentinfomedia.com

INTERVIEW

EDITORIAL OFFICE Delhi: 6/103, (GF) Kaushalya Park, New

BY USING ORACLE EXADATA CLOUD AT CUSTOMER, ORGANIZATIONS CAN ACCESS ALL OF ORACLE ENTERPRISE-GRADE CLOUD SERVICES

Delhi-110016, Phone: 91-11-41657670 / 46151993 info@ accentinfomedia.com

With the Digital transformation catching up fast, every OEM has their offering to support the customers so also Oracle has but its ‘Exadata Cloud at Customer’ is an attractive proposition for the legacy applications. Srikanth Doranadula, Sr. Director - Cloud and Systems Business, Oracle India spoke to Enterprise IT World. Excerpts.

SECURITY: /18 A New Cybersecurity ‘Norm’

MORE INSIDE

Phone: 91-11-46151993 / 41055458

Printed at Karan Printers, F-29/2, 1st floor, Okhla Industrial Area, Phase-2, New Delhi 110020, India. All rights reserved. No part of this publication can be reproduced without the prior written permission from the publisher. Subscription: Rs.200 (12 issues) All payments favouring: Accent Info Media Pvt. Ltd.

Editorial~ ~~~~~~~~~~~~~~~~~~~~~~~~~ 04 News~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 06

21 BFSI

Printed, Published and Owned by Sanjib Mohapatra Place of Publication: 6/103, (GF) Kaushalya Park, Hauz Khas New Delhi-110016

INTERVIEW

22 SECURITY

SAAS

SEAN HUNTER

VINAY SINHA

MICHAEL JOSEPH

ABHILASH PURUSHOTHAMAN

“Pandemic Presents Technology Ecosystem Opportunities for Banks”

“2nd Gen AMD EPYC Processor is the World’s First 7nm x86 Datacenter Processor”

“FortiGuard Labs Predicts Weaponizing of the Intelligent Edge Will Dramatically Alter Speed and Scale of Future Cyberattacks”

“AppDynamics Announces New Software-as-aService Offering in Asia”

NOVEMBER 2020 ENTERPRISE IT WORLD

ITWORLD

ROUND UP

Microsoft’s First Datacenter in Taiwan B Y S A N J AY @ A C C E N T I N FO M E D I A . C O M

Microsoft announced another major milestone in its “Reimagine Taiwan” initiative, including plans to establish its first cloud datacenter region in Taiwan and a significant investment in local talent and development with the goal to provide digital skilling for over 200,000 people in Taiwan by 2024. Additionally, Microsoft is growing its Taiwan Azure Hardware Systems and Infrastructure engineering group, which will establish Microsoft Taiwan as a hub in Asia for innovation in designing and building advanced cloud software and hardware infrastructure spanning AI, IoT and edge solutions. The new investment adds to Microsoft’s significant and recent investments in Taiwan, including the IoT Innovation Center, AI Research and Development Center, Startup Accelerator and the IoT Center of

ENTERPRISE IT WORLD NOVEMBER 2020

Excellence. Today’s announcement represents a new commitment in Microsoft’s more than 30-year history in Taiwan to fuel new growth that will accelerate digital transformation of Taiwan’s public and private sectors, helping customers to reimagine their future by providing access to highly secured enterprise-grade cloud services. In addition, Microsoft’s ambitious new skilling plan will help to cultivate and groom tech talent, increasing future employability opportunities for the people of Taiwan. According to a recent IDC study, over the next four years, Microsoft, its ecosystem and cloud customers together will generate more than $10 billion in new revenue and will add over 30,000 jobs to the Taiwan economy.

D ATA BRIEFINING

Worldwide Public Cloud End-User Spending to Grow 18% in 2021

Source: Gartner

ITWORLD // NEWS BRIEF

Knowlarity Chooses Google Cloud for Programmable Speech Analytics platform

Knowlarity Communications has selected Google Cloud to launch its Programmable Speech Analytics platform in India. The Programmable Speech Analytics solution promises to revolutionise the Speech Analytics market in India with its wide range of smart features including sentiment scoring, accurate transcription and real time analysis to offer improved conversational AI powered by Google Cloud. Knowlarity’s Programmable Speech Analytics platform will extract the data in real time where millions of calls will be processed automatically in a short span of time. Through this platform and open APIs, organizations can make sense of the huge reserves of audio/video data (recordings) at their disposal generated every day through collaboration of phone calls, online meetings, contact center phone calls,

CIO

voice searches, multimedia without having to compromise on reliability, security and privacy. Enterprises can now automate their workflow and processes by identifying the purpose of the conversation through speech analytics keyword spotting feature to derive deep insights for operational efficiency. “Speech analytics is emerging as an important driver for improving sales and customer experience for a number of organizations. While the speech analytics market in India has primarily been driven by the BPO industry, the demand is set to surge from other sectors as well including retail, banking, healthcare, telecom and hospitality. Google Cloud believes in being a forerunner in helping our customers build innovative solutions and Knowlarity is a great example.” said Mr Karan Bajwa, Managing Director, Google Cloud India.

Check Point Software Launches Industry’s First Cyber Security Platform

Check Point Software Technologies has introduced its next-generation unified cyber security platform, Check Point R81. The new platform is the industry’s first to deliver autonomous threat prevention designed for the entire distributed enterprise, enabling IT staff to manage the most complex and dynamic network environments easily and efficiently. “Today’s fast-paced changes to business applications and deployments to the cloud require organizations to be more agile than ever before – but this also exposes them to greater security risks and advanced threats,” said Itai Greenberg, VP of Product Management at Check Point Software Technologiesat Check Point. “Our new R81 platform gives IT and security teams holistic visibility, automated threat prevention and granular control over their entire network environment, making it easier to plan, check and quickly deploy changes to serve business need while strengthening their security and compliance postures.”

EVENTS

01 DEC 2020

14 DEC 2020

19 DEC 2020

Financial Services CyberTech Forum - Virtual

Machine Learning in Science & Engineering

Security Symposium 2020 & Cyber Sentinel Awards

BY: FINTECH GLOBAL

BY: MLSE 2020 ORGANIZING COMMITTEE

BY: ACCENT INFO MEDIA PVT. LTD.

ENTERPRISE IT WORLD NOVEMBER 2020

NEWS BRIEF // IT WORLD

TeamViewer Tensor Adds Co-Browsing, Mobile SDK and Augmented Reality

S/HE SAID IT

JULIA LIUSON

CORPORATE VICE PRESIDENT, DEVELOPER DIVISION AT MICROSOFT

“We’re pleased customers have already seen the benefits of this unique integration which is designed to give their applications unbeatable responsiveness and scale, while maintaining mission-critical uptime and reliability.”

TeamViewer announced a comprehensive update of TeamViewer Tensor. In addition to the recently announced Mobile Software Development Kit (SDK), TeamViewer Tensor now offers co-browsing and supports large organizations’ multi-tenancy needs. The current update of TeamViewer Tensor offers greatly improved possibilities for secure and innovative customer interaction via Mobile SDK and co-browsing with an integrated chat function. Additionally, Tensor supports large corporations in terms of multi-tenancy and remote work. This includes a security screen feature for the remotely controlled device, improved conditional access regulations, and comprehensive reporting and audits for easy handling of compliance regulations. The augmented reality solution, TeamViewer Pilot, was also integrated into the Tensor platform so that employees can also be supported in the event of hardware problems

QUICK BYTE ON

in the home office, for example. “Mobile apps and websites have always been important channels for our customers to interaction with their customers, and maybe even more so since COVID-19 has required less in-person interaction,” says Alexander Post, director product management at TeamViewer. “Providing dedicated support in an app or while visiting a website is a sensitive issue in terms of privacy. We are pleased that with the Mobile SDK and the co-browsing function we can offer innovative and GDPR-compliant possibilities. Our corporate customers also face the challenge of creating highly available, secure and cost-effective remote work solutions. We are therefore constantly expanding the home office specific features for corporations and with the Security Screen Feature and Conditional Access, we are placing a strong focus on the topic of security.”

“At Hyundai Motor Group, we’re committed to delivering greater value, safety, functionality and enjoyment over the lifetime of the car. The NVIDIA DRIVE platform is proven — it is scalable, energy-efficient and has the performance to support our next generation of software-defined vehicles.” PA U L C H O O , S E N I O R V I C E P R E S I D E N T O F T H E E L E CT R O N I C S T E C H U N I T AT H Y U N D A I M OTO R GROUP

SECURITY

ThreatQuotient Integrates with Infoblox for Enhanced DNS and IP Address Visibility ThreatQuotient integrated with Infoblox. The combination of Infoblox contextual data and the ThreatQ threat intelligence platform enables organisations to categorise, manage and respond to threats faster and more effectively. Infoblox DNS can put more than 45 million threat indicators to work in real-time within BloxOne Threat Defense, which provides advanced DNS security as SaaSbased services from the cloud or as a hybrid on-premises/SaaS solution. NOVEMBER 2020 ENTERPRISE IT WORLD

ITWORLD // NEWS BRIEF

QuEST Global’s Smart Defect Inspection Application for High-Precision

Edtech Startup Develops Video Communications Solution with AlcatelLucent Enterprise uLektz, an education technology Software-as-a-Service start-up, today announced the launch of uLektzMeet. com, a live online lecturing platform in partnership with Alcatel-Lucent Enterprise, a leading provider of communications, networking and cloud solutions tailored to customers’ industries. The platform addresses the growing need for an engaging virtual classroom as India advances its digital economy. uLektz Meet is being launched as one of the products of uLektz Suite of software applications that are seamlessly integrated and provide one-stop solution for all the needs of higher education. The uLektz Meet is offered in two editions – Basic Edition (Free for lifetime) and Premium Edition (Rs.

EXECUTIVE

300 per host per month) Both the editions have the same set of features and functionalities, except the limitations in the number of participants in a meeting. Sadiq Sait M.S, Founder and CEO of uLektz said, “Since the emergence of COVID-19, there has been an increasing demand for video conferencing solutions to conduct live online classes. Though there are many video conferencing solutions available in the market, they are generic, business-centric or very expensive. To provide an education-centric video communication solution that is secured, reliable and cost-effective, we partnered with Alcatel-Lucent Enterprise and designed uLektzMeet exclusively for Indian education market.”

QuEST Global Smart Defect Inspection (SDI) application powered by Artificial Intelligence (AI) designed for high-precision manufacturing companies like semiconductor chip manufacturers, will enable real-time defect inspection & diagnosis, product quality inspections, and prognosis and ensure optimal equipment usage. The platform-agnostic SDI application is built with Deep Learning (DL) technology for intelligent defect inspection and it can enable self-learning abilities for smarter decision making. Piyush Jain, Vice President & Head of Delivery – APAC, QuEST Global, said, “We are delighted to make our new Smart Defect Inspection application available to the OEMs in the high precision manufacturing industry. Designed to empower human inspectors for automating inspection with a simple and intuitive GUI, the application can help OEMs increase yield and aims to improve Overall Equipment Effectiveness – the gold standard for measuring manufacturing productivity. Along with business benefits to the OEMs, the SDI application also aims to reduce visual stress of the human inspectors, keeping health hazards at bay and improving their overall health.”

MOVEMENT JK Technosoft appoints Upendra Prakash Pateriya as the new SAP-Practice Head.

Skylo announced that Neelam Dhawan has joined the company’s board of directors.

10 ENTERPRISE IT WORLD NOVEMBER 2020

UiPath announced the appointment of Jennifer Tejada to its Board of Directors.

Pine Labs on boards Silicon Valley product leader and former executive member of Square, Gokul Rajaram as an advisor.

DigitalOcean announced that Hilary Schneider, CEO of Shutterfly, Inc., and Warren Adelman, former CEO of GoDaddy Inc., will be joining its board of directors, effective November 1.

NEWS BRIEF // IT WORLD

BOOK

SHELF

Permanent Record GLOBAL UPDATE

EDWARD SNOWDEN

Barracuda Acquires Fyde, a Zero Trust Network Access (ZTNA) Innovator Barracuda has acquired Fyde, a ZTNA provider based in Palo Alto, Calif., and Porto, Portugal to expand the Barracuda CloudGen SASE platform with ZTNA capabilities. The Fyde solution is available immediately as Barracuda CloudGen Access to businesses of all sizes. It will be available in the coming weeks for Managed Service Providers. Fyde’s innovative Zero Trust solution enables secure, reliable, and fast access to cloud or on-premises applications and workloads from any device and location. Fyde’s ZTNA solution addresses the security risks associated with traditional remote access by continuously verifying that only the right person, with the right device, and the right permissions can access company resources. The solution is ideal to connect users directly to cloud-native and legacy corporate applications deployed in hybrid and multi-cloud environments. “Remote work is here to stay, cloud migrations are accelerating, and traditional corporate perimeters have disappeared,” said BJ Jenkins, President and CEO at

Barracuda. “Fyde offers a powerful ZTNA solution that works on any infrastructure, any device, and with any application on a corporate network. With this acquisition, Barracuda is providing distributed businesses a new way to modernize remote access, enforce global security and access policies, and achieve seamless connectivity without compromising productivity.” Barracuda provides a broad and growing portfolio of cloud-enabled network and application security solutions. In July of this year, Barracuda launched CloudGen WAN, the industry’s first global SD-WAN service built natively on Microsoft Azure. With the acquisition of Fyde, Barracuda now offers ZTNA solutions that use a modern approach to securing applications and devices by providing identity-aware access control and device-based contextual security policies. This acquisition expands the capabilities of Barracuda’s SASE offering to help customers with digital migrations to the public cloud.

PRICE

RS. 1578.00 (HARDCOVER) About The Book Edward Snowden, the man who risked everything to expose the US government’s system of mass surveillance, reveals for the first time the story of his life, including how he helped to build that system and what motivated him to try to bring it down.

Key Feature Spanning the bucolic Beltway suburbs of his childhood and the clandestine CIA and NSA postings of his adulthood, Permanent Record is the extraordinary account of a bright young man who grew up online – a man who became a spy, a whistleblower, and, in exile, the Internet’s conscience. Written with wit, grace, passion, and an unflinching candor, Permanent Record is a crucial memoir of our digital age and destined to be a classic.

Matrix 5MP Bullet Camera – Project Series

Matrix Project Series 5MP Bullet Cameras are designed for serious outdoor deployments. The cameras are powered by Sony STARVIS sensor that makes them adept in producing strikingly clear images in low light conditions. Apart from

this, the True WDR algorithm ensures that evenly balanced images are produced in varying lighting conditions. Besides this, H.265 compression technique is used in data compression which allows the user to accumulate more video footage in the same storage capacity. Finally, with in-built video analytics like Motion Detection, Intrusion Detection and Tripwire users can expect proactive responses against future alerts. KEY FEATURES:  Sony Starvis Sensor: Colour Images @ 0.01lux

 H.265 Compression  True WDR (120dB)  High Signal to Noise Ratio (73dB)  On Board Storage (512GB)  Adaptive and Smart Streaming  Region of Interest  Higher Field of View (Upto 113° FOV)  Multiple-Stream Support  Motion Detection, Intrusion Detection, Tripwire  Smart Alerts  Direct Notification  NAS Support NOVEMBER 2020 ENTERPRISE IT WORLD

ITWORLD // NEWS BRIEF

IceWarp Deploys its All-in-one Email Collaboration Suite for Unichem Labs Unichem Laboratories, a pioneer in the Indian pharmaceuticals business has migrated from Network email solution to IceWarp’s email and business collaboration suite. The all in one solution of IceWarp promises to offer a value-added proposition to the esteemed organisation with a full proof emailing solution that is cost-efficient and bundled with a whole new family of apps right at the user’s fingertips by integrating everything one needs under a single login – Email, TeamChat, and Storage. Being a global pharmaceutical drug Company Unichem has a large database of customers. Before migrating to IceWarp, Unichem was facing many problems; high-end security and control was the key issue. Attempting to manage and streamline the processing of their products without altering their business activities was a major concern. The integration of all its operations from one platform was another goal. Post migrating to IceWarp, Unichem has experienced a sturdy growth in the number of active users that is growing gradually.

NVIDIA Announces Mellanox InfiniBand for Exascale AI Supercomputing NVIDIA introduced the next generation of NVIDIA Mellanox 400G InfiniBand, giving AI developers and scientific researchers the fastest networking performance available to take on the world’s most challenging problems. As computing requirements continue to grow exponentially in areas such as drug discovery, climate research and genomics, NVIDIA Mellanox 400G InfiniBand is accelerating this work through a dramatic leap in performance offered on the world’s only fully offloadable, in-network computing platform. The seventh generation of Mellanox InfiniBand provides ultra-low latency and doubles data throughput with NDR 400Gb/s and adds new NVIDIA In-Network Computing engines to provide additional acceleration. The world’s leading infrastructure manufacturers — including Atos, Dell Technologies, Fujitsu, Inspur, Lenovo and Supermicro — plan to integrate NVIDIA Mellanox 400G InfiniBand solutions into their enterprise solution offerings. These commitments are complemented by extensive support from leading storage infrastructure partners including DDN and IBM Storage, among others.

Wipro, SNP SE enter into a Strategic Partnership Wipro and SNP Schneider-Neureither & Partner SE, announced a strategic partnership to help customers accelerate their enterprise transformation journey. As part of the partnership, Wipro will leverage SNP’s CrystalBridge data transformation platform and the BLUEFIELD approach to provide customers worldwide with a flexible, fast and secure migration to SAP S/4HANA. Through predefined scenarios, the platform allows organizations to evaluate and simulate the optimal transformation path, thereby reducing efforts and increasing the predictability of outcomes. Both companies will also build a ‘Transformation Competence Center’ that will train and certify Wipro consultants to use the BLUEFIELD transformation 12 ENTERPRISE IT WORLD NOVEMBER 2020

approach powered by CrystalBridge. Harish Dwarkanhalli, President, Cloud Enterprise Platforms (CEP), Wipro Limited said, “Wipro’s customers have been benefitting from the combined synergies of SNP and Wipro, and this partnership brings an unassailable advantage to them at a time when responsiveness and real-time decision making are critical for businesses. Our investment in the ‘Transformation Competence Center’ reinforces our commitment to the success of our customers and the relationship we have with SNP. We are confident that this collaboration will spur innovation and accelerate our customers’ digital transformation journey.”

DIGEST NSE ACADEMY ACQUIRES MAJORITY STAKE IN TALENTSPRINT NSE Academy Limited announced acquisition of Deep Tech education firm TalentSprint Private Ltd. The company is a leading education technology provider in the professional learning and executive education space and headquartered in Hyderabad. TalentSprint augments NSE Academy’s objective to be the leader in the Education segment with the aim of Continuous Life Long Learning right from K12, University to Executive level/Corporate learning, not only in finance skills but also adjacent areas in emerging technology areas such as Artificial Intelligence, Machine Learning, Fintech and Blockchain in the capital market and BFSI domain through online and offline modes. In recent times there has been high demand for skill acquisition/upgradation in these areas which are also leading to employment avenues for the nation’s young graduates and workforce. VEEAM REACHES 400,000 CUSTOMERS AS DATA BACKUP LEADER ENABLES ENTERPRISES Veeam Software, the leader in Backup solutions that deliver Cloud Data Management, today announced another quarter of double-digit growth with an annual recurring revenue (ARR) increase of 21 percent year-over-year (YoY) for Q3’20. Now with 400,000+ customers worldwide, Veeam is fueling its growth by continuing to take share in the core datacenter backup and recovery market while also embracing new solutions to support organizations’ cloud data protection needs. Veeam’s fastest growing product, Veeam Backup for Microsoft Office 365, continues incredibly strong growth with 85 percent YoY product growth. MICROSOFT ANNOUNCES DYNAMICS 365 PROJECT OPERATIONS IN INDIA Microsoft has announced the general availability of its Dynamics 365 Project Operations solution across India. It has been developed to help service-based businesses in unifying operational workflows to provide visibility, collaboration, and insights to drive success across teams, from prospects to payments to profit. An all in one application, it uses real-time analytics to connect and empower leadership, sales, resourcing, project management, and accounting teams with the visibility needed to deliver services to customers on-time and on-budget. Service organizations often face challenges arising from disparate systems and data silos which impact their success.

NEWS BRIEF // IT WORLD

MANAGEMENT

MANTRA

“The ability to learn is the most important quality a leader can have.” Padmasree Warrior (CEO & Founder, Fable)

Online Festive Shopping Creates The Perfect Storm For Cybercrime

SonicWall Expands Boundless Cybersecurity with New High-Performance

SonicWall announced the expansion of its Capture Cloud Platform with the addition of the high-performance NSa 2700 firewall and three new cost-effective TZ firewall options. The company also debuted SonicWall Cloud Edge Secure Access that delivers easy-to-deploy, easy-to-use zerotrust security for organizations operating in a modern work-from-anywhere model. “As emerging technologies mature, it’s imperative that companies make the necessary investments to ensure they are prepared for what is to come while making it seamless to the operation of their organizations,” said SonicWall President and CEO Bill Conner. “As remote users require more and more devices, the reliance upon IoT continues to rise and extended distributed networks are challenged with evolving security and connectivity measures, we

look to provide tailored options to address growing needs.” Multi-gigabit threat protection, SonicOS 7.0 arrive on NSa line The new SonicWall NSa 2700 expands multi-gigabit threat performance to enterprises, MSSPs, government agencies, as well as key retail, healthcare and hospitality verticals. It’s also the company’s first mid-level appliance on the new SonicOS 7.0 platform, delivering a modern UX/UI, device views, advanced security control, plus critical networking and management capabilities. Like the rest of SonicWall’s newest generation of firewall appliances, the NSa 2700 is ready to be managed by SonicWall’s cloud-native Network Security Manager (NSM), giving organizations a single, easy-to-use cloud interface for streamlined management, analytics and reporting. New low-end TZ firewalls give more options for SD-Branch deployments To secure increasingly relied upon SD-Branch solutions, SonicWall is adding more security choices for SMBs with new cost-effective TZ firewall options. The new TZ270, TZ370 and TZ470 were especially designed for mid-sized organizations.

McAfee announced findings from its ‘2020 Holiday Season: State of Today’s Digital e-Shopper’ India survey, revealing that while consumers are aware of increased online risks and scams, they still plan to shop more online this festive season. McAfee’s survey indicates that Indian consumers have shifted direction due to global events this year, opening themselves to more online threats as they live, work, play, and buy all through their devices. Consumers of all ages are shopping online more due to the COVID-19 pandemic, with more than half (68.1%) reporting an uptick since COVID-19 started. “Shopping behaviors continue to evolve, with consumers skipping in-store purchases to a great extent and shifting a bulk of their festive purchases online. In a bid to avail the best holiday deals and discounts, consumers open themselves up to risks on malicious websites, falling prey to phishing attacks through spam mails that are weaponised. Often, they carelessly give away personal information online that is then misused by cybercriminals for their nefarious gains.” said Venkat Krishnapur, Vice President of Engineering and Managing Director, McAfee India.

LogMeIn Announces New Sustainability Goals and Programs LogMeIn announced a new global sustainability program designed to mitigate the company’s operational impact on the environment. LogMeIn’s suite of products helps businesses stay connected in a rapidly changing world, and the sudden shift to remote work, necessitated by the pandemic, caused unprecedented spikes in LogMeIn’s product usage around the globe. The environmental benefits of this shift were also significant. LogMeIn has examined this new work paradigm and expanded its sustainability programs in order to account for all employee work options. “We initially started looking at our sustainability goals before anyone knew the massive impact the pandemic had on how, and where, we all work. What we quickly

realized was that the acceleration in the remote work trend could have a very real and lasting positive impact on our environment and we are proud to be able to play a small role in enabling that shift,” said Bill Wagner, President and CEO, LogMeIn. “In looking at our own sustainability practices as an organization, we wanted to not only rethink where and how we use office space, and to make those spaces as environmentally friendly as possible, but also apply those same goals and best practices to our employees’ homes, where the majority of our workforce will be based moving forward. Our announcement today is the first step in bringing that vision of creating more sustainable places and practices for our people to fruition.” NOVEMBER 2020 ENTERPRISE IT WORLD

ITWORLD // NEWS BRIEF

Sharad Sanghi will Lead NTT Ltd. India

DigiCert Enterprise PKI Manager Enhances Security for Remote Workforces Enterprise PKI Manager in DigiCert ONE from DigiCert supports security for today’s increasingly remote workforces via certificate automation to authenticate employees and their devices at scale, and encrypt data. Working from home is here to stay, with Gartner reporting that 74% of CFOs are looking to shift some employees to permanent remote work. Digital certificates are a proven, widely adopted solution for strong authentication and are well supported by a variety of devices, platforms and operating systems. Many organizations, including the world’s best brands, use private CA systems within their networks, relying on manual certificate management that often leads to errors or shutdowns and overworked teams. Enterprise PKI Manager makes it easy for

organizations to manage and use digital certificates to secure all employees, devices and data that connect to the network, and it can be deployed as a customer-managed on-premises or cloud solution, or managed by DigiCert. “Enterprise PKI Manager offers the smart automation and integration capabilities enterprise organizations need to safely support workers wherever they choose to connect to the network,” said DigiCert SVP of Product Brian Trzupek. “Customizable and compatible with a variety of mobile device management solutions, Enterprise PKI Manager enables our customers to manage their entire remote workforce and devices from one PKI system to better protect users and their devices, as well as the data, email and applications that they rely upon.”

NTT Ltd. is bringing together three key business entities as a single organization, effective on 1 January 2021. The new operating company will be built on the foundations of NTT India Pvt. Ltd., NTT Com India and Netmagic. Through this integrated entity, NTT Ltd. will bring innovative technology services and solutions to the extended client base in India. The integration will enhance the organization’s end-to-end ability to better serve and delight its clients with both transformational services elements including managed hybrid infrastructure, and cloud services, as well as with its foundational technology solutions and services. Its employees will also have more opportunities to thrive and grow on an even bigger stage and can serve and engage more meaningfully with the communities. Sharad Sanghi will be appointed Leader of NTT Ltd. India business on 1 January 2021. Sanghi is the CEO – Global Data Centers and Cloud Infrastructure (India) of NTT Ltd. (also known as NTT-Netmagic) and brings over 20 years of experience in developing internet backbone infrastructure and providing internet services. Sanghi is a dynamic and respected business leader and builder. Amongst other achievements, Sanghi successfully established and grew Netmagic as an India market leader in data center and cloud services. His strong leadership, coupled with his understanding of the India market and the NTT businesses, will be invaluable as the three companies come together as one organization.

Palo Alto Launches Industry’s First 5G-Native Security Offering

Palo Alto Networks today introduced the industry’s first 5G-native security offering, bringing its expertise in securing networks, 14 ENTERPRISE IT WORLD NOVEMBER 2020

clouds and devices to the 5G world. This new offering enables service providers and enterprises to turn 5G networks into highly secure networks. The promise of 5G is much more than faster browsing on mobile phones. Done right, 5G can bring massive business transformation. The design of 5G networks — with its ability to allow millions of devices in high-density settings — can enable smart supply chains, autonomous transportation, smart manufacturing, mass adoption of the internet of things

(IoT) and much more. “For 5G to live up to its promise of transforming industries, companies need the confidence that 5G networks and services have enterprise-grade security,” said Anand Oswal, senior vice president and general manager, Firewall as a Platform, Palo Alto Networks. “We created 5G-native security in order to give enterprises the confidence they need to harness 5G for business transformation and to help service providers secure the new enterprise services they are creating.”

PROACTIVE SECURITY // DIGITAL TRANSFORMATION

Jyoti Prakash, Regional Sales Director of India at Splunk. Jyoti Prakash is the Regional Sales Director of India at Splunk, responsible for the sales and business development for the market. Prior to this role, Mr. Prakash held several leadership positions in Micro Focus, Hewlett Packard Enterprise and Symantec, with extensive experience in go-to-market strategy development, sales management, creating new business initiatives for new markets, as well as building highperforming sales, presales, inside sales and marketing teams. Mr. Prakash has a strong background in enterprise sales across verticals and channel partner management. He is also an active participant on many CXO platforms, public forums and thought leadership panels.

BY SANJAY@ACCENTINFOMEDIA.COM

TURNING DATA INTO PROACTIVE SECURITY

ith cloud computing growing at a phenomenal rate across the world, shifts in consumer behavior towards digital services are resulting in evolutionary changes for the banking, financial services and insurance industry. Cloud-based banking, for example, is regarded as a catalyst for business transformation and a turning point in financial services. Cyber safety, however, has become a key concern holding back cloud adoption in many organizations. While bankers start to interface more of their processes to the cyberspace, how can they effectively protect their data assets from

burgeoning cyberthreats to maintain 24/7 operation and uncompromising customer experiences? Despite the deployment of anti-virus software, firewalls, encryption and other security solutions, many organizations are still not totally successful in combatting cyberthreats. The reality is they are using a defensive posture, and only tackle hacks and data breaches after they arise. Although a reactive approach can address a portion of the issue, it creates opportunities for cyberattackers to take advantage of known vulnerabilities and search for not-yet-realized ones. Besides, many traditional methods are based on rules or signatures and only prevent against known threats. With attacks constantly evolving, these technologies are not always successful in

keeping cybercriminals out of the network. What is missing? A Proactive Approach to Security A stitch in time saves nine. Stop looking for remedies to problems but the right path to avoid them. What we need is “behavioral analytics” – if we are able to detect patterns of fraud and discover malicious behavior before they become full-blown crises, we will stand a better position to mitigate the risks of advanced cyberthreats as well as insider threats. Everything starts with it – data. A good data analytics solution enables us to see the big picture of operations, facilitating breach analysis and incident response, compliance, and reporting. Prevention is the best self-defense. By predicting failures or detecting anomalies in our infrastructures through data-driven analytics, we can proactively hunt for attackers hiding within our network, thus standing a better position to stop hard-to-find malicious activities compared to simply rely on a standard security tool. However, faced with an overwhelming volume of business data across different heterogeneous, siloed data sources, how can we put all data within the organization at our fingertips, and finish data analysis in real time? Sharpening Competitive Edge with a Data-toEverything Platform If we can bring data to everything, anything is possible. What we need is not an ordinary analytics tool, but a versatile platform that integrates data from disparate sources into a single view, correlates and analyzes them in real time, and generates actionable insights for every question, decision and action. When we turn data into doing, data becomes the key to everything. Login to enterpriseitworld.com/turning-datainto-proactive-security/ for complete content NOVEMBER 2020 ENTERPRISE IT WORLD

INTERVIEW // ORACLE

What is the pace of digitization in the market? Per a recent Nasscom report, the Indian cloud computing market is expected to grow at 30 per cent y-o-y to reach $7.1 billion by 2022. We’re seeing increased appetite among Indian organizations for accelerating cloud-led digital transformation, especially given the unprecedented challenging situation the world is facing currently. The pursuit of faster and better performance, consistently lower costs, ease of integration and smoother cloud migration have made cloud a compelling proposition for Indian organizations.

BY SANJAY@ACCENTINFOMEDIA.COM

How is Oracle helping those companies with legacy systems in place, but are wanting to move to the cloud? Oracle today is the only end-to-end cloud provider, with a full-stack approach to the cloud. Customers can decide how and when to begin their journey to the cloud, via IaaS/PaaS or SaaS. Further, we realize that some customers may have already invested a significant amount of time, energy and resources in building their on-premises IT estates, and might not be keen to move lock, stock and barrel to the cloud. For these customers, we offer a cloud-ready on-ramp. What this means is customers get to benefit from a cloud-adjacent setup, with the same reliability of on-premises, coupled with the elasticity of cloud, to pursue their digital transformation. With cloud-adjacent architecture, enterprises will be able to reduce their data center footprint, while being able to leverage the scale and variety of modern public cloud services - with still having the control, precision as well as data ownership of an on-premises infrastructure setup. Tell us more about your solutions for data management in a cloudadjacent architecture model? A number of enterprises, particularly in the regulated industries, are gaining significant business benefits with Oracle Cloud at Customer offerings. These provide the exact same public cloud kind of experience to customers - including superior cost benefits, but within customers’ own premises, behind their firewall. To put it simply, with Oracle Cloud at Customer, organizations can access our entire portfolio of public cloud infrastructure, benefit from our fully managed cloud services, and take advantage of Oracle Fusion SaaS applications from within their datacenters. As a result, customers can run applications faster, lower costs by using the same high-performance capabilities as well as autonomous operations, while also benefiting from the low-cost subscription pricing model made available to our public cloud 16 ENTERPRISE IT WORLD NOVEMBER 2020

S R I K A N T H

D O R A N A D U L A

Sr. Director - Cloud and Systems Business, Oracle India

“By moving to Oracle Exadata Cloud at Customer, the organization achieved cloud

capabilities like flexibility, advanced security and scalability on-demand. infrastructure customers. Customers also get to maintain total control of their data, while complying with data sovereignty, security, connectivity and similar regulatory requirements. Specific to data management, by using Oracle Exadata Cloud at Customer, organizations can access almost all of our enterprise-grade data management cloud services, including the world’s first and only self-driving, self-repairing and self-securing database - the Oracle Autonomous Database. This enables enterprises with more

agility, scalability and elasticity while not adding further to their costs or complexities. One example is that of the auto finance division of one of India’s leading automobile companies. Their auto finance division offers vehicle loans to consumers for purchasing small consumer vehicles. They were running their core lending application on hardware that was due for refresh. By moving to Oracle Exadata Cloud at Customer, the organization achieved cloud capabilities like flexibility, advanced security and scalability on-

ORACLE // INTERVIEW

BY USING ORACLE EXADATA CLOUD AT CUSTOMER, ORGANIZATIONS CAN ACCESS ALL OF ORACLE ENTERPRISEGRADE CLOUD SERVICES With the Digital transformation catching up fast, every OEM has their offering to support the customers so also Oracle has but its ‘Exadata Cloud at Customer’ is an attractive proposition for the legacy applications. Srikanth Doranadula, Sr. Director - Cloud and Systems Business, Oracle India spoke to Enterprise IT World. Excerpts. demand. Another example is of a renowned asset management company in India. The organization was running customized fund management applications used to service their customers across various portfolios, on ageing hardware. With a move to Oracle Exadata Cloud at Customer, the organization achieved a smooth transition along with minimal operational disruption. How do you collaborate with your partner ecosystem to make sure

customers are well supported even after they start using Oracle solutions? Partners are a very important part of our ecosystem and account for nearly 80% of our transactions in JAPAC in one way or another. Our modernized Oracle PartnerNetwork (OPN 2020) program was launched to further empower our partners. It’s a customer-focused, cloud-first partner program that helps partners accelerate their transition to cloud, while driving superior customer experience and business outcomes. We

have a dedicated set of partners supporting all lines of our business, across cloud, license and hardware tracks. We’re continuously looking to strengthen our partner network and help partners realize their business aspirations, with customercentricity continuing to be our collective single-minded focus. What’s your take on the cybersecurity landscape? In the digital economy, data is a critical business asset. Protecting their data from cyber-theft and misuse has become an enormous challenge for organizations. Even as the bulk of the responsibility falls onto a CISO, it’s very important to institute an organization-wide approach to safeguard data, led by a security-first culture. We’re seeing that the hacks are increasing in complexity, variety and impact. Therefore, a CISO just can’t afford to let his/her guard down, given the attack surface has expanded unprecedentedly, across multiple threat vectors. Paucity of top quality cyber-talent, and increasing regulatory/compliance requirements, both add further to the complexity. Given the challenges, what cyber-security strategy should the C-suite adopt? And how is Oracle helping CISOs in this regard? Organizations that depend on humans to a large extent to thwart cyber-attacks, are bound to face an uphill task. With hackers typically using sophisticated tech such as AI/ML/bots to mount attacks, sooner rather than later, organizations will need to get their balance right - of deploying more machines instead of humans to fend off the threats. In effect, cyber-security today needs to be a machine versus machine battle, where the good machines outsmart the malicious ones. Oracle has securely managed the bulk of the world’s data for the last forty plus years, so security is in our DNA. Overall, we bring a 360 degree approach to security. So security is embedded by default in everything we do, from the core to the edge. It also helps if organizations embrace an autonomous approach to all things IT. Our flagship innovation - the Oracle Autonomous Database - is a great first step for organizations towards this. We’ll continue to innovate and help our customers consistently improve their security posture. A couple of recent cloud security innovations we introduced are: Oracle Maximum Security Zones and Oracle Cloud Guard. These are pre-built tools that automate threat response, and reduce customers’ cloud security risks better, faster, and more efficiently. We’ve made these available to all our cloud customers by default, with no additional costs. NOVEMBER 2020 ENTERPRISE IT WORLD

SECURITY // CYBERSECURITY

A NEW CYBERSECURITY ‘NORM’ NIKHIL TANEJA, VICE PRESIDENT & MANAGING DIRECTOR – INDIA, SAARC, MIDDLE EAST & GSI AT RADWARE

COVID-19 has brought behavioral changes in the way we work and consume technology today. Companies now understand that working from home is possible and better understand its limitations and benefits. Consumers are consuming services remotely – shopping, banking, health, to name a few – and they will learn to expect their services to be remote. Now that the “new normal” has arrived, companies are adapting their offerings and network capacity and making sure that the services they provide are secured. Some industries will move to be completely digital, while some will merely increase the portion of their remote service in their overall hybrid service approach. It is essential to stop and think about how these adjustments affect an organization’s cybersecurity processes and strategy. The behavioral changes added many blank pages to the business playbooks. It is now critical to adjust the security processes – a good process will allow the people to optimize the technology and use it in the right way while keeping the organization secured. Cloud Transformation One of the major changes in recent months was related to cloud transformation – many organizations experienced the cloud like never before and grew accustomed to it. They discovered more cloud advantages and accelerated their cloud 18 ENTERPRISE IT WORLD NOVEMBER 2020

transformation. Cloud migration and hybrid cloud usage, which in the past were perceived as long processes that would take many months and years, were accelerated to mere weeks and months to support the demand for resources. The main challenge in the cloud is how to verify the configuration and monitor activity. Each cloud vendor gives its own options for configuration and monitoring. It is preferred to have one comfortable place to check the security configuration, monitor the activity, and take actions when needed. Here are the aspects of a good cloud security system: s Identity verification – the system should monitor credential exfiltration attempts, credential stuffing, etc. s Least amount of access – the system should check permission per user, user-groups, and user roles and alerts on extra privileges and privileges that are not used. s Micro-segmentation and access – the system should monitor segmentation access. Other than internal segments, the system should monitor access to assets outside of the cloud and cloud-native assets that are not part of the defined user segments. s API monitoring – APIs are a big part of any cloud deployment, and the system should track their access and usage. The system should learn APIs permission and usage patterns and alert on anomalies. s Behavior analysis – with many configurations, users, and workloads spread across the

cloud, the right security system should learn the typical behavior of the system parts and alert on change of such behavior. s What to track – the system should track all the above for users, machines, storage, and FAAS (lambda, etc.). s How to alert – with all the above monitoring, the number of logs and alerts is vast. The system should report a clear attack-story that users can investigate and react upon and provide an easy automatic reaction mechanism. s Multi-cloud – organizations are using multiple cloud vendors these days, whether by choice or by evolution. With each cloud vendor offering different interfaces, the system should work on multiple clouds and provide one pane of glass for monitoring and one familiar interface for all of them. Zero-Trust Working from home raises the importance of a zero-trust model in the organization. When allowing remote access to the organization network, zero-trust becomes critical and must be part of the organization strategy. The model contains: s Identity verification and MFA – every person and device connecting to its network should prove its identity and get permission to connect. Commercial (or open-source) identity services should be used, with multi-factorauthentication to ensure the identity further. s Micro-segmentation – when the organization allows remote access, it is important to control who can access what. Data should be analyzed for value and importance, and the valued data should be kept in its own segment with well-defined access rules. Networks should be analyzed and segmented, and access to sensitive machines should be controlled. s Least amount of access – Each user should get the least amount of permission they need. s Access to sensitive networks and data should be monitored, and alerts should raise and handled once unauthorized access is detected. Since cloud migration is usually newer, it is easy to start the zero-trust model deployment in the cloud. Zero-trust works in the cloud, just like on-prem, with the aspects mentioned above. Attack Surface for Remote Services With interactions happening remotely, it is critical to give more attention to the attack surface of the remote applications When organizations initially developed remote services, they were a small portion of the overall service, and in many cases, were considered a backup plan. As a result, developers didn’t always have security in mind. Loginto https://www.enterpriseitworld.com/anew-cybersecurity-norm/ to access the article.

DATA SECURITY // SECURITY

HOW TO MAKE AN EFFECTIVE DATA SECURITY GOVERNANCE STRATEGY SONIT JAIN, CEO OF GAJSHIELD INFOTECH

An effective data security governance strategy should include features like custom cybersecurity policies, complete visibility over data, data encryption methodologies, among others. Context-based data leak prevention A context-based data leak prevention firewall creates context around data to enhance inspection and authentication. It helps to get granular details like sender/receiver address and email text patterns in an email to increase security. The contextual intelligence engine identifies the context to break and classify data into multiple data points. This helps to analyze all granular data points pertaining to these emails as well as other communications and prevent any policy violation.

Context-based data leak prevention firewalls also help to build the foundation for an effective data security governance. Data security governance requires building custom cybersecurity policies, which is among the many things that a context-based data leak prevention firewall allows you to do. A context-based data leak prevention firewall creates context around data and compares it with the custom security policies you created to prevent any data leakage. Hence, you can create policies according to your specific needs for enhanced data governance. Complete visibility over data Visibility over data is of utmost importance for monitoring and governance. Complete data visibility allows you to get complete knowledge of what is being downloaded, uploaded, or transmitted over your organization network. You will have complete control over your data. Contextual data leak prevention firewalls and complete visibility are often interconnected. A firewall backed up by a contextual intelligence engine generates deeper visibility by identifying context around data points. This combination of context-based data leak prevention and complete

visibility allows users to create custom cybersecurity policies based on their needs. For instance, you can restrict specific keywords in ‘from,’ ’to,’ ‘subject,’ and ‘email content’ of an email. Secure data transmission with VPN A VPN service is a must for effective data governance, especially in this remote working norm. Organizations are moving their enterprise applications to the cloud because of the various benefits that cloud deployment provides. Firstly, applications on the cloud can be easily accessed from anywhere in the world. Secondly, cloud vendors offer seamless data and security management, along with frequent backups. But this increasing deployment on clouds is also increasing the potential areas of attacks. Monitoring all the data access requests from the cloud is challenging for cybersecurity teams as the requests can come from any type of network and device. For instance, remote workforce teams can request access to data from their personal devices and public network. Hence, organizations need to secure data transmission with a VPN. A VPN extends a private network over a public network for the secure transmission of data. Therefore, it eliminates the need for opening enterprise applications to the internet for just internal usage. It also implements strict privilege access securities for monitoring and managing privileged accounts. VPN also enhances data security by encrypting data before transmitting it over the network. Central management system for data monitoring A data governance process involves multiple individuals and teams such as Chief Data Officer (CDO), managers, data governance committees, cybersecurity teams, and data stewards. For an effective data governance strategy, it is important that all these individuals and teams can govern data from a single platform, instead of monitoring data from different tools and platforms. A central management system allows all authorized people to monitor and govern data from a single platform. The central management system also helps to monitor and manage all the requests for data access coming from different devices and networks. For instance, a remote workforce team member might request enterprise application and data requests through a personal device and a public WiFi network. The central management system allows you to route all such requests coming from personal devices and public networks to your head office firewall, where all the requests can be handled from a single system. This ensures that all the requests are abiding by the security policies developed for securing your data. NOVEMBER 2020 ENTERPRISE IT WORLD

HEALTH CARE

seamlessly and safely from provider to patient. This reinforces the need for cloud security processes across healthcare IT networks. Without the ability of healthcare teams to log in from anywhere and safely manage patient data, costly breaches can occur. Luckily, advances in healthcare technology are making data security easier for the COVID world.

HOW COVID-19 HAS IMPACTED HEALTHCARE IT Coronavirus and technological advancements. These two topics are powerhouses of change dominating the future of the healthcare industry. For healthcare IT, the changing industry means innovations in cybersecurity and telehealth availability, creating safer and more accessible care. But the impacts of COVID on healthcare IT go beyond that. With innovative methods for healthcare treatments and delivery, data is at a greater risk than ever before. Cybercriminals are taking advantage of new technological systems to target data. Cybersecurity must improve as a result. Overall, the change in the market means advancements in care tech that offer a greater range of solutions. Within that, however, are risks and challenges now faced by the system. Here’s what you should know. Cybersecurity Concerns Reliance on technology is at an all-time high. Estimates show that approximately 31% of workers employed in March of 2020 transitioned into a remote capacity with weeks. Of those, a portion work within the healthcare industry, often in 20 ENTERPRISE IT WORLD NOVEMBER 2020

medical coding, billing, and even in direct patient treatment. Remote working means added cybersecurity risks. A physical location can maintain secure firewalls and network access keys. Managing these protections for a remote workforce is significantly more difficult. With healthcare data as valuable and vulnerable as it is, healthcare IT is particularly at risk. In 2019 alone, nearly 500 companies experienced data breaches across thousands of records, costing organizations around $429 for each record. The added risk of remote workers and patients in the wake of COVID-19 means questions have to be asked of IT departments when it comes to cybersecurity. Healthcare employees and patients alike must now become informed in the specifics of cybersecurity. Areas of focus across healthcare IT now include: s Virtual Private Networks (VPNs) s Encryption s Data backup s Video conferencing All of these elements must be coordinated

Advances in Healthcare Technology The impact of COVID-19 has driven technological innovation across the healthcare industry. With the need for immediate solutions to pandemic problems, healthcare facilities are integrating tech for safety and accessibility, considering the risk that a more open network brings to patient data. Among these new technologies are systems designed to make healthcare work for patients and care providers alike, no matter the distance. This requires a focus in three directions: authentication, accessibility, and cybersecurity. Authentication Authentication is the process of verifying an authorized user of a technological system. Without highly encrypted healthcare networks requiring authentication at various points, the world of healthcare data would be all but open to would-be intruders. Luckily, factors like biometric authentication are becoming increasingly utilized in the COVID landscape of at-home workers. Biometric authentication requires verification of a present and living user through biological features like their face or fingerprint. This systems check for “liveliness” so attempting to hack them through likeness imagery is difficult. This makes biometric systems more secure and faster than passwords. Here are some of the many ways healthcare networks are using biometric authentication to verify users: s Facial recognition s Fingerprint recognition s Iris scanning s Voice recognition Accessibility In the pandemic world, little is more important than healthcare accessibility without the risk. For the most vulnerable patients, going to see a doctor represents a risk in itself. That is why the emergence of telemedicine is changing the way healthcare IT systems function.

Loginto shorturl.at/ako14 to access the entire article

BFSI

Historically, banks have relied on a small number of monolithic suppliers and systems to provide them with broad capabilities, augmenting their own internal development, to provide all their infrastructure. These systems are patched to add features as banks grow and markets evolve. Mergers can lead to overlapping, incompatible systems; the bank’s infrastructure can make these systems brittle, costly and time-consuming to change. Still, this suits the entrenched oligopoly of suppliers: locked-in customers unable to sunset anything but stuck paying substantial recurring license fees. Interfaces between systems are often proprietary, making integrations multi-year projects. Most of these are undertaken by a select group of implementation firms that are incentivized to install systems that maximize billable hours and ensure years of lucrative integration work. Covid-19 and the subsequent government interventions, however, are forcing banks to move quickly: multi-year projects would never adequately address the emergency needs of customers and existential challenges of businesses. The crisis comes at a seminal moment for the industry, when many banks are beginning to experiment with cloud infrastructure. These solutions are able to provision (or decommission) infrastructure in seconds what previously would have taken years, and are well suited for rapid experimentation. This has led to an appetite at banks to try new things and “fail fast.” The Darwinian effect of running multiple parallel experiments lends itself to thinking of a bank as an ecosystem, where the best providers can be brought in for each functional area. Meanwhile, the bank’s own technologists can focus their people and budgets on key priorities, rather than spending large portions of ever-shrinking budgets patching a leaky ship. This requires a change in emphasis for financial technology firms: Rather than attempting to disrupt incumbents, there is now a unique opportunity to cooperate with them, providing a much-needed injection of innovation and dynamism at a crucial moment for the economy and communities. Fintechs need to be able to prove their value fast, so the emphasis is on deep vertical expertise that can be deployed rapidly in a variety of environments. Having open APIs and the ability to play a part in a diverse ecosystem of providers is an absolute necessity. Suppliers with “Mechanical Turk” solutions that paper over missing functionality with services will battle to scale rapidly enough and struggle to meet the demand from multiple client banks. The qualities required to thrive in this new order already exist at banks and fintechs; the

PANDEMIC PRESENTS TECHNOLOGY ECOSYSTEM OPPORTUNITIES FOR BANKS winners will be those that can get out of their own way and utilise these strengths. Over the last few years, banks have learned how to integrate disparate systems. The pandemic is forcing them to learn how to do to this quickly. They need to remove obstacles in their purchasing processes that entrench large suppliers and prevent them from building tech stacks made up of agile and best-in-class solutions. If they back their own ability to craft a cohesive and comprehensive ecosystem, they can tailor this end-state to achieve their desired results. Fintechs are used to bringing innovation and dynamism to the table. Creating lasting impact requires them to follow through and turn this into tangible products. There will be no shortage of opportunities for them to prove their value. The extraordinary circumstances brought about by the coronavirus have led to a moment of unique opportunity for both banks and fintechs. The economic environment and policy responses by the federal government has meant that banks are forced to act with surprising resourcefulness and agility. They are now seeking to carry this momentum to radically transform projects that seemed previously destined to move at a snail’s pace. To do this at speed and at scale, they have had to look beyond the short list of traditional vendors and implementation partners more accustomed to project timelines of several years, to a constellation of smaller, more agile fintechs that are able to meet specific needs at a rapid pace. The Davids and Goliaths are finally working together — so far, the outcomes have been pretty phenomenal.

SEAN HUNTER, CIO OF OAKNORTH

NOVEMBER 2020 ENTERPRISE IT WORLD

INTERVIEW // DATACENTER

BY SANJAY@ACCENTINFOMEDIA.COM

How are enterprises re-imagining the data center? The IT landscape is in a constant state of evolution and is at the forefront of digital transformation. In the current times, IT leaders are reimagining their on-premise data centers to simplify and scale their IT infrastructure for better outcomes. This is driven by the current and the future way of business functioning and the need to gain insights and analyze vast amounts of data quickly and maximize returns on the data center investment. Adding more compute power, Virtual Desktop Infrastructure (VDI), moving to the cloud for better performance, better optimization capabilities and lower cost, results in maximizing the returns on data center investment. High performance continues to be a top priority with rapidly growing volumes of data, apps and technologies. IT decision makers are looking at creating robust IT infrastructure that is flexible, powerful, efficient, secure, and simple to manage. This is why hyperconverged Infrastructure (HCI) is an effective option to consider for enterprises. It takes in all the elements of a traditional “hardware-defined” IT infrastructure and evolves it into a “software-defined” virtualized environment that is simpler to manage and operate. HCI provides the scalability and simplicity of the cloud with the performance of on-premise infrastructure. This in turn opens fresh opportunities for enterprises to digitize faster, innovate more with increased efficiency. How are data center solution providers meeting the evolving modern computing needs? Enterprises have been looking at ways to address their challenges around space, power and optimization to bring better ROI on their server spends. Changing business dynamics are pressing IT decision makers to seek more with less – more performance and scalability with reduced power, which can lead to better TCO. Today, companies like AMD are helping data center customers enable hybrid, multi-cloud approaches for their IT environment, which allows these customers to be more versatile and agile in a virtualized environment. The drive to virtualization and hybridcloud computing has propelled a paradigm shift from physical to virtual infrastructure. Now storage is virtualized along with computing. At AMD, we understand the needs for software-defined infrastructure. Whether organizations build software defined storage appliances, virtualized environments, or hyper converged systems, AMD EPYC processors offer the CPU and I/O performance, flexibility and security features that enterprises can take advantage of. In fact, AMD EPYC processors, the underpinning of 22 ENTERPRISE IT WORLD NOVEMBER 2020

V I N AY

S I N H A

Managing Director, India Sales at AMD

“AMD EPYC CPUs and AMD Radeon Instinct GPUs power a VDId offering from Microsoft Azure called NVv4.”

many of these hybrid-cloud and virtualized data centers, have delivered record-setting performance across enterprise, virtualization, cloud and high-performance workloads. What are Virtual Machines/Virtual Desktop Infrastructure (VDIs) and

its role in enhancing server capabilities? Virtual Desktop Infrastructure (VDI) is a type of a virtual machine and in its simplest terms, replicates a full computer desktop through a virtualized instance; meaning a user can access something like an immensely powerful rendering system through a browser. Historically, VDI

DATACENTER // INTERVIEW

2ND GEN AMD EPYC PROCESSOR IS THE WORLD’S FIRST 7NM X86 DATACENTER PROCESSOR pushes virtualized servers to the very edge of their capabilities. Today, VDI is bringing an even richer user experience to a mobile and distributed workforce. VDI enables IT administrators to enhance centralized control and protection over business-critical data while supporting collaboration. A better user experience is tied directly to server capability. Industry-leading core count coupled with class leading memory capacity

and bandwidth enables optimal virtual desktop density and performance. VDI has evolved significantly in recent years, achieving unprecedented levels of mobility, capability, versatility, and security. AMD EPYC CPUs and AMD Radeon Instinct GPUs power a VDI offering from Microsoft Azure called NVv4. This VDI offering allows customers to choose the amount of GPU power they need for their

workloads, from 1/8th of a GPU all the way to a full GPU for heavy rendering and design work. Why are top public cloud service providers and enterprises in the world are relying on AMD for compute? 2nd Gen AMD EPYC processors are a new breed of server processors which set a higher standard for data centers. Cloud service providers and enterprises are incorporating AMD EPYC processors to access features including PCIe 4, class-leading memory bandwidth and AMD Infinity Guard security features. More importantly, these customers are utilizing AMD EPYC processors for its performance capabilities across enterprise applications, virtualized and cloud computing environments, software-defined infrastructure, high-performance computing, and data analytic applications. Enterprises are migrating tasks and sensitive workloads to the cloud for reasons that include ease of management, scalability, security, and reduced costs. In line with this, at AMD, we believe that setting up a comprehensively agile and reliable data center ecosystem will significantly empower dynamic businesses to make smarter decisions, and AMD EPYC Processors help make that happen. The ecosystem of OEMs and cloud providers using AMD EPYC processors continues to grow, with more than 120 cloud instances and OEM platforms using AMD EPYC processors to date. AMD advantage in offering modern datacenter solutions? A balanced and optimized IT infrastructure, workload acceleration, and data protection is a must for enterprises to be competitive. AMD has been on the forefront of solving these challenges by delivering leadership innovations. Our 2nd Gen AMD EPYC processor is the world’s first x86 datacenter processor based on leading edge 7 nanometer process technology, providing leadership performance and architecture with advanced security features. Our processors are bringing new balance to the data center for enterprise workloads in hyperconverged infrastructure, commercial HPC, and relational databases. With the world’s highest per-core performance x86 server CPU and the highest core count in an x86-architecture server processor, we are uniquely positioned to aid the modern data center with solutions that provide with high performance capabilities. The AMD EPYC processor portfolio helps to run a virtualized infrastructure, thereby reducing the footprint of equipment required to meet the business needs. With this, we are bringing new levels of server performance for the modern data center. NOVEMBER 2020 ENTERPRISE IT WORLD 23

SECURITY // FORTIGUARD

Fortinet unveiled predictions from the FortiGuard Labs global threat intelligence and research team about the threat landscape for 2021 and beyond. s These predictions reveal strategies the team anticipates cybercriminals will employ in the near future, along with recommendations that will help defenders prepare to protect against these oncoming attacks. s Cyber adversaries leveraging intelligent edges, 5G-enabled devices, and advances in computing power will create a wave of new and advanced threats at unprecedented speed and scale. In addition, threat actors will continue to shift significant resources to target and exploit emerging edge environments, such as remote workers, or even new OT edge environments, rather than just targeting the core network. s For defenders, it is critical to plan ahead now by leveraging the power of artificial intelligence (AI) and machine learning (ML) to speed threat prevention, detection, and response. Actionable and integrated threat intelligence will also be important to improve an organization’s ability to defend in real time as the speed of attacks continues to increase. s Highlights of the predictions follow, but for a more detailed view of the predictions and key takeaways, visit the blog. Michael Joseph, Director System Engineering, India & SAARC, Fortinet. “2020 demonstrated the ability of cyber adversaries to leverage dramatic changes happening in our daily lives as new opportunites for attacks at an unprecedented scale. Going into 2021 and beyond, we face another significant shift with the rise of new intelligent edges, which is about more than just end-users and devices remotely connecting to the network. Targeting these emerging edges will not only create new attack vectors, but groups of compromised devices could work in concert to target victims at 5G speeds. To get out ahead of this coming reality, all edges must be part of a larger, integrated, and automated security fabric platform that operates across the core network, multi-cloud environments, branch offices, and remote workers.” The Intelligent Edge Is an Opportunity and a Target Over the past few years, the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks. One of the most significant advantages to cybercriminals in all of this is that while all of these edges are interconnected many organizations have sacrificed centralized visibility and unified control in favor of performance and 24 ENTERPRISE IT WORLD NOVEMBER 2020

digital transformation. As a result, cyber adversaries are looking to evolve their attacks by targeting these environments and will look to harness the speed and scale possibilities 5G will enable. s Trojans Evolve To Target the Edge: While end-users and their home resources are already targets for cybercriminals, sophisticated attackers will use these as a springboard into other things going forward. Corporate network attacks launched from a remote worker’s home network, especially when usage trends are clearly understood, can be carefully coordinated so they do not raise suspicions. Eventually, advanced malware could also discover even more valuable data and trends using new EATs (Edge Access Trojans) and perform invasive activities such as intercept requests off the local network to compromise additional systems or inject additional attack commands. s Edge-enabled Swarm Attacks: Compromising and leveraging new 5G-enabled devices will open up opportunities for more advanced threats. There is progress being made by cybercriminals toward developing and deploying swarm-based attacks. These attacks leverage hijacked devices divided into subgroups, each with specialized skills. They target networks or devices as an integrated system and share

intelligence in real time to refine their attack as it is happening. Swarm technologies require large amounts of processing power to enable individual swarmbots and to efficiently share information in a bot swarm. This enables them to rapidly discover, share, and correlate vulnerabilities, and then shift their attack methods to better exploit what they discover. s Social Engineering Could Get Smarter: Smart devices or other home-based systems that interact with users, will no longer simply be targets for attacks, but will also be conduits for deeper attacks. Leveraging important contextual information about users including daily routines, habits, or financial information could make social engineering-based attacks more successful. Smarter attacks could lead to much more than turning off security systems, disabling cameras, or hijacking smart appliances, it could enable the ransoming and extortion of additional data or stealth credential attacks. s Ransoming OT Edges Could Be a New Reality: Ransomware continues to evolve, and as IT systems increasingly converge with operational technology (OT) systems, particularly critical infrastructure, there will be even more data, devices, and unfortunately, lives at risk. Extortion, defamation, and defacement are all tools of

FORTIGUARD // SECURITY

to counter it by adopting crypto agility.

MICHAEL JOSEPH, DIRECTOR SYSTEM ENGINEERING, INDIA & SAARC, FORTINET

FORTIGUARD LABS PREDICTS WEAPONIZING OF THE INTELLIGENT EDGE WILL DRAMATICALLY ALTER SPEED AND SCALE OF FUTURE CYBERATTACKS the ransomware trade already. Going forward, human lives will be at risk when field devices and sensors at the OT edge, which include critical infrastructures, increasingly become targets of cybercriminals in the field. Innovations in Computing Performance Will Also Be Targeted Other types of attacks that target developments in computing performance and innovation in connectivity specifically for cybercriminal gain are also on the horizon. These attacks will enable adversaries to cover new territory and will challenge defenders to get ahead of the cybercriminal curve. s Advanced Cryptomining: Processing power is important if cybercriminals want to scale future attacks with ML and AI capabilities. Eventually, by compromising edge devices for their processing power, cybercriminals would be able to process massive amounts of data and learn more about how and when edge devices are used. It could also enable cryptomining to be more effective. Infected PCs being hijacked for their compute resources are often identified since CPU usage directly impacts the end-user’s workstation experience. Compromising secondary devices could be much less noticeable.

s Spreading Attacks from Space: The connectivity of satellite systems and overall telecommunications could be an attractive target for cybercriminals. As new communication systems scale and begin to rely more on a network of satellite-based systems, cybercriminals could target this convergence and follow in pursuit. As a result, compromising satellite base stations and then spreading that malware through satellitebased networks could give attackers the ability to potentially target millions of connected users at scale or inflict DDoS attacks that could impede vital communications. s The Quantum Computing Threat: From a cybersecurity perspective, quantum computing could create a new risk when it eventually is capable of challenging the effectiveness of encryption in the future. The enormous compute power of quantum computers could render some asymmetric encryption algorithms solvable. As a result, organizations will need to prepare to shift to quantum-resistant crypto algorithms by using the principle of crypto agility, to ensure the protection of current and future information. Although the average cybercriminal does not have access to quantum computers, some nation-states will, therefore the eventual threat will be realized if preparations are not made now

AI Will Be Critical To Defending Against Future Attacks As these forward-looking attack trends gradually become reality, it will only be a matter of time before enabling resources are commoditized and available as a darknet service or as part of open-source toolkits. Therefore, it will take a careful combination of technology, people, training, and partnerships to secure against these types of attacks coming from cyber adversaries in the future. s AI Will Need To Evolve: The evolution of AI is critical for future defense against evolving attacks. AI will need to evolve to the next generation. This will include leveraging local learning nodes powered by ML as part of an integrated system similar to the human nervous system. AI-enhanced technologies that can see, anticipate, and counter attacks will need to become reality in the future because cyberattacks of the future will occur in microseconds. The primary role of humans will be to ensure that security systems have been fed enough intelligence to not only actively counter attacks but actually anticipate attacks so that they can be avoided. s Partnerships Are Vital for the Future: Organizations cannot be expected to defend against cyber adversaries on their own. They will need to know who to inform in the case of an attack so that the “fingerprints” can be properly shared and law enforcement can do its work. Cybersecurity vendors, threat research organizations, and other industry groups need to partner with each other for information sharing, but also with law enforcement to help dismantle adversarial infrastructures to prevent future attacks. Cybercriminals face no borders online, so the fight against cybercrime needs to go beyond borders as well. Only by working together will we turn the tide against cybercriminals. s Enabling Blue Teams: Threat actor tactics, techniques, and procedures (TTPs), researched by threat intelligence teams, such as threat actor playbooks, can be fed to AI systems to enable the detection of attack patterns. Similarly, as organizations light up heatmaps of currently active threats, intelligent systems will be able to proactively obfuscate network targets and place attractive decoys along attack paths. Eventually, organizations could respond to any counterintelligence efforts before they happen, enabling blue teams to maintain a position of superior control. This sort of training gives security team members the ability to improve their skills while locking down the network.

NOVEMBER 2020 ENTERPRISE IT WORLD 25

SAAS

APPDYNAMICS ANNOUNCES NEW SOFTWAREAS-A-SERVICE OFFERING IN ASIA AppDynamics, part of Cisco and the world’s #1 APM solution and full-stack, business centric observability platform, today announced the availability of its Software-as-a-Service (SaaS) offering in Asia, enabling customers to access AppDynamics solutions via a local cloud location. Situated in India and built on the Amazon Web Services (AWS) Mumbai region, the offering is available to AppDynamics customers in India and throughout Asia. Enterprises can now accelerate their digital transformations through faster access to the latest AppDynamics innovations and industry-leading AIOps solutions. The adoption of cloud services in India is on the rise, with IDC reporting that by 2022, 40% of new enterprise applications in India will be developed cloud-native, based on a hyper-agile architecture, and that by 2023, 55% of top 500 organizations in India will have a multi-cloud management strategy. Furthermore, the availability of this new SaaS offering will resolve potential concerns around data sovereignty and data governance requirements for customers in India. This anticipates legislation, including the Personal Data Protection Bill 2019, which would require Indian organizations to retain critical application 26 ENTERPRISE IT WORLD NOVEMBER 2020

ABHILASH PURUSHOTHAMAN, MANAGING DIRECTOR FOR INDIA & SAARC, APPDYNAMICS

performance and business data within India. This is the fourth SaaS offering location offered by AppDynamics. Existing regions include Asia Pacific (Australia), the European Union (Germany), and North America (US). This newest addition confirms AppDynamics’ focus and continued investments in India and the wider region. “AppDynamics’ SaaS offering in Asia opens up a whole new market – particularly in India – and creates a real and differentiated value proposition for our existing and prospective customers. Enterprises can now choose our industry leading, business centric observability platform via a local SaaS offering and deploy AppDynamics solutions more rapidly and drive faster outcomes for their businesses. AppDynamics is committed to the region and helping enterprises deliver flawless digital experiences to customers and employees.” said Abhilash Purushothaman, Managing Director for India & SAARC, AppDynamics. Enterprises and service providers can use AppDynamics to monitor their applications onpremises or in the cloud while achieving greater control around: s Data Residency – Enables enterprise businesses to comply with anticipated India-specific

jurisdiction and regulatory control guidelines relating to the location of stored data. s Scale – AppDynamics’ unified suite of solutions delivered with the scalability of AWS provides high-speed access to data. s Access to Innovation – Leverage the latest innovation from AppDynamics, including industry leading AIOps, APM and Business iQ solutions, through automated and seamless upgrades. s Data Privacy and Security – The SaaS offering in Asia augments and reinforces AppDynamics’ commitment to building security and privacy by design in our product development cycle. “We are seeing greater adoption of application performance and AIOps technologies, so the availability of a SaaS offering for customers in Asia, in particular India, is timely and much needed,” said Maneesh Jhawar, Founder and CEO, QualityKiosk Technologies, an AppDynamics ‘Titan Partner’ based in Mumbai, India. “As an AppDynamics partner in the region, we are particularly excited about the opportunities this brings to accelerate adoption of APM across industry segments, as well as drive significant incremental value to existing and new customers.”

MATRIX // CASE STUDY

ALMABANI OPTS MATRIX SOLUTIONS FOR CENTRALIZED ACCESS CONTROL AND ATTENDANCE TRACKING

BY SANJAY@ACCENTINFOMEDIA.COM

Industry Construction Customer Name Almabani Users 1500+ Devices 48Time-Attendance and Access Control Devices Locations 12 Across Jeddah, Khobar, Riyadh & Lebanon

Company Profile Almabani General Contractors has a long robust history which began when the founders established the company in Jeddah, Saudi Arabia in October of 1972. They are a family-owned company that remains true to its founders’ spirit, covenants, innovation and perseverance. For four and a half decades, they have been building up their expertise to serve an ever more demanding and challenging construction need in the region. In a prosperous economy fuelled by the oil boom, the company was positioned to participate in the execution of some of the most prestigious landmark projects in the Kingdom of Saudi Arabia. They have the highest classification in all civil and electrical works with in-house capabilities to develop design and value engineer solutions to cater to the customers’ needs. They have proudly executed projects from complex infrastructure works to heavy civil engineering structures. Today they are engaged in highly competitive turnkey projects worth several Billion Dollars. To this end, Almabani continues to invest in quality, value engineering, proactive and talented people, endeavoring at all times to satisfy their customer’s expectations and to best serve the welfare of our society.

Challenges Almabani General Contractors was using traditional decentralized access control & timeattendance systems in which they were facing the issue of excessive manual work and inaccurate data. Because of the poor quality of the existing biometric sensors, user fingerprints weren’t recognized in the 1st attempt and the process was annoying and time-consuming. As the company is dealing with construction work, one of the major challenges for construction workers is accurate attendance marking despite dirty/ stained fingers. Moreover, due to existing software limitations, many policies of access control and time-attendance couldn’t be implemented. As the existing system was decentralized, on-field employees faced issues while marking their attendance. Only basic reports could be prepared for attendance and access whereas they needed more customized reports because of various shifts and different contract workers. Moreover, third party integration was not possible in the earlier system. And last but not the least, they were unsatisfied with support from the past supplier. Solution Matrix solutions experts collaborated with the decision heads to understand the exact requirement and provide a cost-effective solution. After a comprehensive discussion, Matrix offered a

centralized solution for all the locations. With the Matrix Time-Attendance and Access Control solution, the customer has overcome all the challenges. Now, it’s possible for them to get control of all the locations from a single central location. To overcome the problem of inaccurate attendance marking due to dirty/stained fingers, Matrix provided the multispectral fingerprint sensor technology which contains information about both the surface and the subsurface features of the skin. This technology gives a high throughput. They also acquired Palm Vein Reader for contactless authentication verification for the higher authorities. The solution from Matrix is fully customized with multiple shifts and attendance policies that can be applied to individual users. Smart mobile application for attendance marking, and leave applications make the work easy for users. Now, the customer is able to get the report of each employee with 200 different options. With the auto-push technology, there is no need to transfer the data into the server. The data are automatically transferred to the server in realtime. The customer also got flexibility in terms of connectivity with 3G and WiFi options. The system from Matrix also provided the flexibility for easy integration with the third-party payroll system. Results sAccuracy in Attendance Management sCentralized Time-Attendance and Access Control Management sHigh Possibility of Third-party Integration sUser-friendly and Fast Process because of Good Quality Sensor sOEM Support sContactless and Advanced Technology sFlexibility in Terms of Integration, Connectivity and Credentials NOVEMBER 2020 ENTERPRISE IT WORLD 27

SECURITY // MCAFEE

MCAFEE SEES COVID19-THEMED THREATS AND POWERSHELL MALWARE SURGE IN Q2 2020

RAJ SAMANI, MCAFEE FELLOW AND CHIEF SCIENTIST

McAfee released its McAfee Threats Report: November 2020, examining cybercriminal activity related to malware and the evolution of cyber threats in Q2 2020. During this period, McAfee saw an average of 419 new threats per minute as overall new malware samples grew by 11.5%. A significant proliferation in malicious Donoff Microsoft Office documents attacks propelled new PowerShell malware up 117%, and the global impact of COVID-19 prompted cybercriminals to adjust their cybercrime campaigns to lure victims with pandemic themes and exploit the realities of a workforce working from home. “The second quarter of 2020 saw continued developments in innovative threat categories such 28 ENTERPRISE IT WORLD NOVEMBER 2020

as PowerShell malware and the quick adaptation by cybercriminals to target organizations through employees working from remote environments,” said Raj Samani, McAfee fellow and chief scientist. “What began as a trickle of phishing campaigns and the occasional malicious app quickly turned into a deluge of malicious URLs, attacks on cloud users and capable threat actors leveraging the world’s thirst for more information on COVID-19 as an entry mechanism into systems across the globe.” Each quarter, McAfee assesses the state of the cyber threat landscape based on in-depth research, investigative analysis, and threat data gathered by the McAfee Global Threat Intelligence cloud from over a billion sensors across multiple threat vectors around the world. COVID-19-Themed Threat Campaigns After a first quarter that saw the world plunge into pandemic, the second quarter saw enterprises continue to adapt to unprecedented numbers of employees working from home and the cybersecurity challenges this new normal demands. In response, McAfee launched the McAfee COVID19 Threats Dashboard to help CISOs and security teams understand how bad actors have retargeted increasingly sophisticated techniques toward businesses, governments, schools, and a workforce coping with COVID-19 restrictions and the potential vulnerabilities of remote device and bandwidth security. Over the course of Q2, McAfee’s global network of over a billion sensors observed a 605% increase in COVID-19-related attack detections compared to Q1. Donoff & PowerShell Malware Donoff Microsoft Office documents act as TrojanDownloaders by leveraging the Windows Command shell to launch PowerShell and proceed to download and execute malicious files. Donoff played a critical role in driving the 689%

surge in PowerShell malware in Q1 2020. In Q2, the acceleration of Donoff-related malware growth slowed but remained robust, driving up PowerShell malware by 117% and helping to drive a 103% increase in overall new Microsoft Office malware. This activity should be viewed within the context of the overall continued growth trend in PowerShell threats. In 2019, total samples of PowerShell malware grew 1,902%. Attacks on Cloud Users McAfee observed nearly 7.5 million external attacks on cloud user accounts. This is based on the aggregation and anonymization of cloud usage data from more than 30 million McAfee MVISION cloud users worldwide during the second quarter of 2020. This data set represents companies in all major industries across the globe, including financial services, healthcare, public sector, education, retail, technology, manufacturing, energy, utilities, legal, real estate, transportation, and business services. Q2 2020 Threat Activity s Malware overall. McAfee Labs observed 419 new threats per minute in Q2 2020, an increase of almost 12% over the previous quarter. Ransomware growth remained steady compare to the first quarter of 2020. s Coinminer malware. After growing 26% in Q1, new Coinmining malware increased 25% over the previous quarter sustained by the popularity of new Coinmining applications. s Mobile malware. After a 71% increase in new mobile malware samples in Q1, Q2 saw the category slow 15% despite a surge in Android Mobby Adware. s Internet of Things. New IoT malware increased only 7% in Q2, but the space saw significant activity by Gafgyt and Mirai threats, both of which drove growth in new Linux malware by 22% during the period. s Regional cyber activity. McAfee counted 561 publicly disclosed security incidents in the second quarter of 2020, an increase of 22% from Q1. Disclosed incidents targeting North America decreased 30% over the previous quarter. These incidents decreased 47% in the United States, but increased 25% in Canada and 29% in the United Kingdom. s Attack vector. Overall, Malware led among reported attack vectors accounting for 35% of publicly reported incidents in Q2. Account Hijacking and Targeted Attacks accounted for 17% and 9% respectively. s Sector activity. Disclosed incidents detected in the second quarter of 2020 targeting Science and Technology increased 91% over the previous quarter. Incidents in Manufacturing increased 10%, but Public Sector events decreased by 14%.

HITACHI // IOT

HITACHI DEVELOPS IOT PLATFORM FOR THE HIGH VALUE-ADDED BUILDINGS REQUIRED FOR THE NEW NORMAL

BY SANJAY@ACCENTINFOMEDIA.COM

Hitachi has developed an IoT platform that brings to buildings the high added value required for the new normal, including high efficiency of building management and improved comfort for building users. Hitachi will launch the IoT platform in 2020 as a new Lumada(1) solution in the field of buildings, in Japan.

Hitachi’s IoT platform for buildings was developed using Microsoft Azure and Microsoft Dynamics 365, two cloud platforms of Microsoft Japan Co., Ltd.. Moving forward, Hitachi will deepen its Collaborative Creation with Microsoft Japan under its newly commenced partnership system, the Lumada Alliance Program(2) to develop solutions in the field of buildings and accelerate the overseas expansion of these solutions. In recent years, continuous supplies of large office buildings in urban areas cause intensification of competition for gaining ten-

ants. In addition to this, workstyle reform has progressed due to the spread of COVID-19 infection. These changes surrounding buildings have accelerated the moves to improve the high added value of buildings and realize smart buildings by leveraging digital technologies to achieve the increased efficiency and sophistication of operations in buildings and to provide greater comfort to office workers and other building users. Based on this background, in April 2020 Hitachi and Hitachi Building Systems Co., Ltd. systematized touchless solutions that enable building users to move and live without touching in buildings and have been gradually expanding these lineup(3). Hitachi has also developed a service platform for developers, which provides office workers the new experience of working and living using a smartphone app(4). With these and other moves, Hitachi has continued to enhance its digital solutions in the field of buildings, to meet the needs of the new normal. Hitachi and Microsoft are strengthening their cooperation in many industrial fields. For example, in June 2020 the companies formed a strategic alliance related to next-generation digital solutions for manufacturing and logistics(5). Moreover, Microsoft endorsed the Lumada Alliance Program, Hitachi’s partnership system newly commenced on November 4, 2020. This time, in the field of buildings, Hitachi has developed the IoT platform for buildings as the new Lumada solution, by utilizing Azure, Dynamics 365, and other technologies. The IoT platform for buildings is a solution for developers that enables comprehensive remote monitoring and analysis of the operating status of building equipment, including elevators, escalators, and air-conditioning systems. Intended mainly for large buildings, it also enables users to simultaneously monitor and analyze multiple buildings. In addition, it combines and analyzes data about building equipment and the flow

of people, including the crowdedness of each area of a building. Thus, it improves building management efficiency and building users’ comfort, and it maintains and improves the quality of building operations. “The newly developed IoT platform for buildings is a next-generation solution for buildings that realize new and efficient operation managements for building equipment, and comfortable life in the buildings. I believe this platform contributes significantly to the customers that progress development of smart buildings and smart cities utilizing digital technologies,” said Shinya Mitsudomi, Vice President and Executive Officer, CEO of Building Systems Business Unit, Hitachi, Ltd., and President of Hitachi Building Systems Co., Ltd. “Hitachi developed this platform through the Collaborative Creation with Microsoft Japan. From now on Hitachi will strengthen Lumada solutions in the field of buildings by proceeding Collaborative Creation with its partners under the Lumada Alliance Program and provide new value for ‘people, building systems, and society.” “We heartily welcome Hitachi’s provision of its IoT platform for buildings, which utilizes Microsoft Azure and Microsoft Dynamics 365, to the Japanese market as part of our strategic alliance,” said Hitoshi Yoshida, President of Microsoft Japan Co., Ltd. “Microsoft Azure provides AI and IoT technologies that drive the digital transformation of customers, and it continues to grow as a global platform. Hitachi is actively developing smart building solutions for the new normal. We have high expectations that this platform will accelerate digital transformation in the building facility maintenance field. We for our part will also conduct sales promotion support activities for this solution on Microsoft AppSource.

Loginto shorturl.at/alxG0 to access the entire article

NOVEMBER 2020 ENTERPRISE IT WORLD 29

MARKET WATCH

BY SANJAY@ACCENTINFOMEDIA.COM

ASIGRA FORECASTS FIVE RANSOMWARE CHALLENGES EXPECTED TO INCREASE BUSINESS RISK IN 2021

Asigra forecasted five ransomware challenges expected to impact businesses in 2021, driven in part by an escalation of increasingly sophisticated ransomware attacks globally. Tasked with ensuring operational continuity, Asigra is responding to these challenges and providing guidance on maintaining productive business operations. According to the US Government’s Cybersecurity & Infrastructure Security Agency (CISA), “The organization has observed continuing ransomware attacks across the country and around the world. Malicious actors have adjusted their ransomware tactics over time to include pressuring victims for payment by threatening to release stolen data if they refuse to pay. Malicious actors increasingly use tactics such as deleting system backups, which make restoration and recovery more difficult or infeasible for impacted organizations.” Organizations today have a false sense of security that their backup will be there for them when a ransomware attack occurs. Sadly, a large number of these attacks now target backup data,

30 ENTERPRISE IT WORLD NOVEMBER 2020

preventing business recoveries after such attacks. With pandemic-influenced IT trends evolving and a shift in IT solutions and services underway, Asigra has identified the following challenges expected in 2021 and guidelines for operating successfully going forward: 1. Ransomware Attacks on Kubernetes Containers: The deployment of Kubernetes-based containers is growing rapidly as it allows software to run consistently between computing environments, making it highly portable, productive and ideal for digital transformation. Along with these advantages comes the generation of massive data volumes, making these new environments prime targets for new ransomware variants. Mitigating these attacks will require an industry-wide approach to ensuring the viability of these environments before, during and after such attacks. 2. Cyber-targeting of SaaS-Based Applications: With the increase in distributed enterprise operations and remote work environments, there will be continued adoption of SaaS-based applications. Beyond the flexible use of these

applications, they offer cost, time and scalability advantages in many cases. However, they also create a new data source that is vulnerable to ransomware and must be protected. 3. AI-Driven Cyberattacks: Artificial intelligence and the technologies that enable it are becoming more advanced. The resulting new capabilities are allowing criminal organizations to conduct more complex and targeted attacks. To counter these more intelligent attacks, organizational defenses must also evolve. 4. Ransomware Payments to Become Illegal: The US government has expressed intentions to align the payment of cyber ransoms with the support of terrorist organizations and will likely make these payments illegal. It is expected that other nations will enact such laws as well, especially to defend against possible nation-state sponsored actors. Without the ability to retrieve criminally encrypted data or recover properly, ransomware attacks will become business ending events. 5. Managed Security Service Provider Registration with the Government: The US government will move to require MSPs/MSSPs that provide cybersecurity services to register their organizations with the government, adding more regulations as the ransomware trend continues to accelerate. One method of addressing any of the above challenges is to ensure a viable backup copy is available to restore all data to pre-attack status. This entails a strong defense of the organization’s backup infrastructure, including access to backup software controls. Recent ransomware variants are conducting immutability subversion attacks which are possible because ‘step-up’ or Deep MFA (multi-factor authentication) has not been applied to backup software. Asigra Deep MFA requires credentials for any critical function that could compromise a recovery – providing protection to secure policy settings and controls. “Organizations need to ready themselves to properly and quickly respond to ransomware attacks regardless of what has been attacked. One way to do this is to make backup data very difficult to hack,” said David Farajun, Chief Executive Officer, Asigra, Inc. “Regardless of the imposing number of routes that ransomware will take in 2021, having a well-planned response plan to get your systems back up and running in the least amount of time will be critical to ensuring business viability.” For a demonstration of this enhanced data protection suite, please contact umair.sattar@ asigra.com or visit https://www.asigra.com/ contact-us to schedule.

RNI NO: DEL ENG/ 2017/ 69906 Postal Reg. No.: DL-SW-01 / 4200 / 17-19

Date of Publication: 28 of Every Month Date of Posting: 1 & 2 of Every Month