CXO DX November 2021 by LeapMediaSolutions

Automate Your Approach to Cyber Risk Quantification Attackers don’t sleep. Nor does your business and its IT infrastructure. With all three functions operating in a hyperdynamic manner, it is not sufficient to take snapshots or to rely on human calculations. Cyber risk qualification needs to become a decision support system that operates in real-time rather than waiting for lengthy interviews, training, and manual reviews. This requires automation. Automated cyber risk quantification is now a reality, and businesses should move quickly to gain a better understanding of their actual business risks and prioritize mitigation efforts so that critical business processes, applications, and data are protected.

Automation boosts three specific areas for your team:

Proactively Model and Predict Risk Establish a Baseline, Mitigate and Monitor for Changes Recommend and Drive Smart Action

To learn more Meet the ThreatConnect team at @HACK STRATEGIC SPONSOR

28 – 30 November 2021

ThreatConnect.com

3865 Wilson Blvd., Suite 550 Arlington, VA 22203

sales@threatconnect.com 1.800.965.2708

» EDITORIAL

FROM DISRUPTION TO SHAPING THE FUTURE Disruptive trends have always shaped the Technology landscape. But at some point, disruptive trends themselves become consistent and the norm. Many of the trends that have been buzzwords for some years now, are now part of the mainstream. The scenario ahead is one of immense possibilities as these technologies continue to manifest in many mature applications that are enveloping and enhancing our daily lives, both in the personal and professional spaces. AI for instance is more and more pervasive across most technologies and is shaping careers of the future, across a diversity of requirements. It seems there is an opportunity for everyone, from the engineers to the generalists across other professions that need some knowhow of how AI can be used in their work processes for better outcomes. There are so many courses being offered in AI and ML as never before. While the fear was that AI will take away jobs, it only seems certain now that AI will be more of a tool to enhance many new job profiles that already exist and will come up in future. Cybersecurity has been a domain for only those who have the passion and aptitude for understanding and working with hardcore technologies. By no stretch of imagination, a walk in the park, this domain requires great commitment and expertise as well as the ability to keep pace with the challenges of an ever-transforming threat landscape. This too will continue to be a domain that offers significant career opportunities in the near future, although AI driven automation will also supplant many manual interventions in this segment. The success of the recently concluded GITEX, which saw an impressive turnout from visitors, yet again underlined the pivotal role that Technology holds in all our lives. Whether as Businesses or as individuals, new technologies, both devices and solutions, are here to help us communicate and collaborate better in a collective journey towards a more productive future.

R. Narayan

......................................................

Pooja Panjwani Assistant Project Manager

Co-Founder & MD

saumyadeep@leapmediallc.com Mob: +971-54-4458401 Sunil Kumar Designer

PUBLISHED BY - Leap Media Solutions LLC

...................................

narayan@leapmediallc.com Mob: +971-55-7802403

SAUMYADEEP HALDER

............................................................

Co-Founder & Editor in Chief

MALLIKA REGO Co-Founder & Director Client Solutions

mallika@leapmediallc.com Mob: +971-50-2489676

...............................................................

RAMAN NARAYAN

...................................

Editor in Chief, CXO DX

Nihal Shetty Webmaster

REGISTERED OFFICE: Office 10, Sharjah Media City | www.cxodx.com NOVEMBER 2021 / CXO DX

» CONTENTS

18 » OT SECURITY IN THE FOREFRONT

26 » AI: THE OPPORTUNITIES BEYOND THE MYTHS

Bachir Moussa, Regional Director, MEAR, Nozomi Networks speaks about the increased threat landscape in OT

Sid Bhatia, regional VP, Middle East & Turkey, Dataiku discusses the three myths of AI that stand in the way of regional growth

19 » COMPETING FOR THE FUTURE

14 COVER FEATURE

14 » A CLOUD FIRST APPROACH The cloud remains the key to enabling digital first economy with organizations ramping up to the next level of maturity in adopting cloud services.

NEWS INSIGHTS

12 » NETAPP EXPANDS HYBRID CLOUD PORTFOLIO 13 » VMWARE CHARTS COURSE FOR CUSTOMERS TO TAP OPPORTUNITY AT THE EDGE

Sunil Paul Co Founder & Managing Director at Finesse Global discusses the new focus areas

20 » ENABLING COGNITIVE CITIES Dr Muneer Zuhdi, Head of Cognitive Cities, Nokia discusses the solutions showcased at GITEX and the focus on enabling cognitive cities

21 » A ROBUST OUTLOOK Amanullah Khan, MD for Middle East, Turkey & Africa at Linksys discusses the focus for the company in the region

COLUMN

22 » KNOW YOUR BREACH LIKELIHOOD Saket Modi, Co-Founder and CEO at Safe Security writes about the need to revisit the fundamental elements of secured Banking

INTERVIEW

17 » BREACHING NEW FRONTIERS

24 » THE MADNESS OF RANSOMWARE 'AS A SERVICE'

James Petter, VP International, Pure Storage discusses some of the new offerings from Pure Storage

Ransomware is bad, but it is also made very easy for the perpetrators writes Wissam Saadeddine, Senior Manager - MENA at Infoblox

CXO DX / NOVEMBER 2021

28 » KUBERNETES WILL DRIVE UP VALUE OF IT SKILLS Michael Cade, Senior Global Technologist, Veeam says Kubernetes is democratising and commoditising infrastructure for software developers,serving as the core for modern, Cloud-native applications

30 » THE ROLE OF AI IN CYBERSECURITY AI is a powerful broom for cleaning up cluttered security environments writes Anoop Das, cybersecurity expert at Mimecast

32 » A HOLISTIC APPROACH TO SECURITY Avoid the most common mistakes organizations make when protecting against cyber threats writes Ram Narayanan, Country Manager, Check Point Software Technologies, Middle East

34 » THE WAR ON CYBERCRIME AND RANSOMWARE: ARE YOU READY? REGULARS

06 » NEWS 36 » TECHSHOW 38 » TRENDS & STATS

Connect To More https://me.dlink.com

Enterprise-grade High-performance High-speed Cloud networking for Businesses

Complete End-To-End Cloud Solution

DBA-1210P Nuclias Wave 2 AC1200 Dual-Band Access Point

Nuclias makes your business networking efﬁcient, easy

DBA-1510P Nuclias AC1750 Dual-Band Access Point

DBS-2000 Series Nuclias Smart-Managed Switches with PoE Options

to manage, and ready for the future. You can grow or scale back in line with your needs, with unlimited scalability.

Cloud networking, refreshed. Introducing Simple, feature-rich cloud networking, as it should be. People simply want things to work as they should, and network management is no exception. D-Link designed Nuclias to be a cloud networking solution with a simple and user-orientated design, packed with rich features and functionality, designed to address the needs of everyone.

Why Nuclias by D-Link?

Zero-Touch Provisioning for Rapid Deployment

Authentication via Captive Portal or Radius Server

Remote Access Multiple Sites and WLAN Management

Role-Based Administration & Auditable Logs

Geo-Locationing Using Google Maps

Wi-Fi Access with Social Login

Advanced Traﬃc Report and Data Analysis

Automated Monitoring and Alerts

» NEWS

LIFERAY ANNOUNCES PARTNERSHIP WITH MICROSOFT AZURE Partnership to scale digital experiences on cloud across the UAE Liferay, a leader in Digital Experience Platforms (DXP), providing experiences on web, mobile, and connected devices, recently announced a strategic partnership with Microsoft Azure for Liferay’s DXP Cloud to offer public and private sector organizations in the country the enhanced benefits of cloud that enrich digital experience capabilities to their customers together. As a result of this partnership, Liferay provides an abstract layer that allows customers to run Liferay DXP on multiple cloud providers with added PaaS capabilities along with Microsoft Azure with its powerful presence in the region and its commitment to security and availability. Additionally, DXP Cloud reduces the complexity of managing the infrastructure and empowers customers to create great digital experiences with its robust features. DXP Cloud is available via UAE based Microsoft managed data centers for organizations in the country. Speaking on the announcement, Moussalam Dalati – General Manager, Liferay Middle East, said, “The UAE is a key market for Liferay and there is significant demand for solutions that provide convenience with security and that alleviate data residency concerns. We are witnessing entities rapidly migrating to the cloud to stay competitive, spurred by the rising demand for digital experiences.”

“Microsoft is a long-term strategic partner and has been integral to Liferay’s presence in the Middle East. With DXP Cloud’ on Microsoft Azure, it solidifies our partnership founded on a symbiotic framework. Two companies offering a robust and dependable combination of tech services is a win-win situation for all our customers.”

INGRAM MICRO EXPANDS PARTNERSHIP WITH AVEPOINT TO INCLUDE META REGION AvePoint solutions help MSPs ensure compliance, prevent data loss, and enable business continuity for their end-customers “With more than 63,000 resellers relyIngram Micro has expanded its global reing on the Ingram Micro Cloud Marketlationship with AvePoint, the largest data place around the world, we are commitmanagement ISV for Microsoft 3651 , ted to ensuring our partners have the extends to the META region. Now, Avebest solutions, services and enablement Point’s collaboration security SaaS solubenefits to achieve success in their tions will be distributed through the Incloud business,” said Dr. Ali Baghdadi, gram Micro Cloud Marketplace across the SVP & Chief Executive Ingram Micro United Arab Emirates, Bahrain, Oman, META Region: and EMEA Cyber SecuQatar, Kuwait, Saudi Arabia, Jordan, Lebrity. “We chose AvePoint’s innovative anon, Egypt, Morocco, and Turkey. solutions to address the cloud backup and migrations services needs which Ingram Micro first engaged with Aveare in high demand across the region Point in 2017 and currently distributes its today." collaboration security solutions, which help customers overcome complex transAvePoint solutions help MSPs ensure formation, governance and compliance compliance, prevent data loss, and challenges in the cloud, across 25 Ingram enable business continuity for their Micro Cloud Marketplaces. Additionally, end-customers. Complementary to its Ingram Micro has listed AvePoint’s soludeep expertise in the Microsoft ecosystions as one of the preferred vendors globDr. Ali Baghdadi tem, AvePoint solutions are deployable ally to migrate, manage and protect data SVP & Chief Executive Ingram Micro with other digital collaboration systems for Microsoft 365 and Dynamics 365 on META Region: and EMEA Cyber Security like Google Workspace and Salesforce. all its Marketplaces in the META region.

CXO DX / NOVEMBER 2021

» NEWS

DELL TECHNOLOGIES INTRODUCES APEX FLEX ON DEMAND IN UAE AND SAUDI ARABIA APEX Flex on Demand provides choice and flexibility in how customers choose to buy and consume technology Dell Technologies announced that Dell Technologies APEX Flex on Demand is now available in UAE and Saudi Arabia. APEX Flex on Demand brings the industry's broadest infrastructure portfolio to customers who are looking for a pay-per-use consumption model. Offering flexible payment options, organizations have greater access to technology across Dell Technologies’ infrastructure stack including compute, storage, networking, virtualization, and data protection. Tailored to today’s fast-paced business environment, organizations can work with Dell Technologies to plan, deploy and manage their entire IT footprint and choose how they consume and pay for IT solutions. Customers can scale IT as needed to launch new applications, start new projects, and address the changing needs of their business.

Dell Technologies assists organisations to determine their hardware, software and services requirements to establish for today and plan for their future needs. From there, all technology is installed and made available to customers. Automated tools allow for a quick response to new service requests, workload fluctuations and changes driven by the business to improve IT flexibility. Customers can also customise configurations based on their workload and therefore avoid over-provisioning and control cost by paying for elastic resources only as they are consumed. Using the APEX Console, Flex on Demand customers can also view and monitor usage of consumed resources and view and approve invoices. Martin Uchytil, Regional Sales Director - Dell Financing MERAT said: “With the introduction of APEX Flex on Demand, Dell Technologies is enabling customers to

Martin Uchytil

Regional Sales Director, Dell Financing MERAT overcome these barriers to transform their IT. APEX Flex on Demand allows businesses to acquire infrastructure and services, paying only for what they use, with the ability to scale up and down, and enables them to start using technology more quickly to help achieve their business goals.”

IBM COMMITS TO SKILL 30 MILLION PEOPLE GLOBALLY BY 2030 The company announces more than 170 new partnerships and program expansions in more than 30 countries more critical than ever,’ says Hossam Seif El-Din, General Manager, IBM Middle East and Pakistan. ‘In the Middle East, IBM is committed to building digital talent pipeline to support the workforce of the future, and we will continue to invest in our education and training programs to further support the national vision of digital innovation across the region.’

IBM unveiled a commitment and global plan to provide 30 million people of all ages with new skills needed for the jobs of tomorrow by 2030. To achieve this goal, IBM is announcing a clear roadmap with more than 170 new academic and industry partnerships. The effort will leverage IBM’s existing programs and career building platforms to expand access to education and in-demand technical roles. The difficulty employers worldwide face in finding skilled workers poses a significant hurdle to economic growth. According to the World Economic Forum, closing the global skills gap could add US$11.5 trillion to global GDP by 2028, but education and training systems would need to keep pace with market demands. To help do so, according to the WEF, the public and private sectors need to collaborate on education and training that keeps pace with market demands, demographic

Hossam Seif El-Din

GM, IBM Middle East and Pakistan changes, and technology progress. ‘In today’s world, digital skills on emerging technologies are growing in demand and are key to driving innovation and economic growth for nations. The need to upskill and reskill the workforce is getting

IBM’s programs range from technical education for teens at brick-and-mortar public schools and universities, and extend to paid, on-site IBM internships and apprenticeships. The company’s skills and education programs also pair IBM mentorships with learners, and provide nocharge, customizable online curricula to aspiring professionals. IBM’s plan to educate 30 million people relies on its broad combinations of programs, and includes collaborations with universities and key government entities.

NOVEMBER 2021 / CXO DX

» NEWS

PROW IMPLEMENTS EXTRAHOP REVEAL(X) SOLUTION FOR UNITED ARAB BANK PROW also launched its Managed Security Operations Centre (SOC) service PROW, a Dubai-based provider of system integration and professional IT and ICT services, has implemented the Reveal(x) solution from ExtraHop, the leader in cloud-native network detection and response (NDR), for United Arab Bank (UAB) to ensure unrivalled visibility within its network and improve cyber security across its applications and services.

Commenting on the announcement, Roland Hashem, Managing Director at PROW said: “United Arab Bank has consistently proven itself as an innovator within the financial services technology area, and we are pleased to work closely with the team to implement ExtraHop into its comprehensive monitoring and cyber security platforms.”

PROW announced the partnership at GITEX 2021, where they presented an award to Ayman AlQudsi, Chief Information Officer at United Arab Bank, for being the first to implement the NDR solution from ExtraHop in the region. At GITEX 2021, PROW also launched its Managed Security Operations Centre (SOC) service, a combination of state-of-the-art technologies that can be tailored to each client’s individual needs, as well as announcing the addition of Enigma, a real-time business, services and network analytics platform, to its portfolio of solutions.

Mahmoud Yassin, Head of IT Infrastructure and Security Operations at United Arab Bank added: “As one of the region’s most respected financial institutions, we continually strive to improve both our operational excellence and cyber security posture. With the addition of ExtraHop Reveal(x) we gain unparalleled visibility into our layer seven application network traffic, enabling us to improve both operational efficiency and detect potential cyber threats at the earliest possible opportunity.”

Roland Hashem

Managing Director, PROW

Ayman AlQudsi, Chief Information Officer at United Arab Bank said: “We are delighted to be recognised for being the first bank to implement the NDR solution from ExtraHop in the region. At UAB, client centricity is at the forefront of our priorities, and we are adopting cutting-edge technologies to provide the best possible experience for our customers.”

CITRIX AND GOOGLE CLOUD TEAM TO DELIVER FUTURE OF HYBRID WORK Partners join forces to enable desktops-as-a-service in simple, secure way

Tim Minahan

EVP, Business Strategy, Citrix Citrix Systems and Google Cloud are expanding their strategic partnership to deliver the future of hybrid work for enterprise customers. The companies announced a new collaboration which will

include Citrix launching a new DaaS offering on Google Cloud. The service will leverage Citrix’s management plane and HDX protocol to enable seamless delivery of virtualized applications and desktops on Google Cloud. The expanded partnership will empower distributed and hybrid workers to securely access the tools and information they need to engage and be productive, wherever they happen to be.

Under the terms of an expanded agreement: • Citrix will become a preferred and strategic virtual desktop service partner of Google Cloud • Google will become a preferred and strategic cloud partner for Citrix • Citrix will build a foundation of their cloud services on Google Cloud, starting with a Citrix purpose-built management plane that will enable cloud hosted desktops to stream any application on any end point device.

“Enterprises are no longer struggling with whether they should embrace remote work, but how quickly and efficiently they can do it,” said Tim Minahan, Executive Vice President of Business Strategy, Citrix. “Through this partnership with Google Cloud, we will help customers accelerate and embrace hybrid work models with new virtual desktop services on Google Cloud’s global and secure network.”

“For teams to thrive in a distributed environment they need easy, fast, and secure access to applications and workspaces from virtually anywhere,” said Kevin Ichhpurani, Corporate VP, Global Ecosystem at Google Cloud. “We’re excited to partner with Citrix to help organizations support remote work in the long-term, with low-latency and trusted access to desktops and applications across all types of devices, endpoints, and work environments.”

CXO DX / NOVEMBER 2021

» NEWS

ALJAMMAZ TECHNOLOGIES AND EXTREME NETWORKS SIGN DISTRIBUTION AGREEMENT The VAD will offer cloud networking solutions from Extreme Networks through its extensive partner network in Saudi Arabia AlJammaz Technologies, a regional leader in value-add distribution and cloud services aggregation has signed an agreement with Extreme Networks, a globally trusted provider of end-to-end, cloud-driven networking solutions for distribution across Saudi Arabia. The agreement was signed during GITEX Technology Week, where both AlJammaz Technologies and Extreme Networks were exhibitors. Extreme Networks is a leading provider of agile, reliable, and secure cloud-driven network solutions. AlJammaz will now work with its extensive partner network in Saudi Arabia to take the cloud networking solutions from Extreme Networks to enterprise customers in all key verticals. Eng. Asim AlJammaz CEO of AlJammaz Technologies said, “Extreme Networks is known for its innovative approach to networking leveraging the powers of machine learning, artificial intelligence, analytics, and automation. With the addition of Extreme Networks solutions to our portfolio, we will be able to empower our partners better in meeting the requirements of their enterprise customers for networking solutions that advance their digital transformation efforts.”

Maan Al-Shakarchi, Sales Director META at Extreme Networks said, “We are extremely pleased to finalize this partnership as AlJammaz is a leader regionally when it comes to value-add distribution. In alignment with the overarching Saudi Vision 2030 we want to help local enterprises to adapt to the new distributed work environments and be successful in their digital transformation initiatives. We look forward to working closely with them and expand our reach across the Kingdom.”

ALCATEL-LUCENT ENTERPRISE EXPANDS PORTFOLIO WITH VERSA NETWORKS SD-WAN & SASE SOLUTIONS ALE selected Versa Networks’ Titan solution to expand its capabilities from LAN and WLAN to SD-WAN Alcatel-Lucent Enterprise has partnered with Versa Networks to enhance software-defined network solutions. Versa Networks technology integrates seamlessly with existing Alcatel-Lucent Enterprise solutions, allowing customers to benefit from cost savings, agility, and flexibility of SD-WAN & SASE with quick and easy installation. By integrating Versa Networks technology with Versa Titan & SASE into its portfolio, Alcatel-Lucent Enterprise can expand its networking solutions for mid-size organization and the advantages brought by Shortest Path Bridging (SPB), simplified configuration and optimised security across multiple remote locations. Dedicated to innovation and providing its customers with the highest quality solutions, ALE selected Versa Networks’ Titan

Stephan Robineau

EVP Network Business Division, Alcatel-Lucent Enterprise solution to expand its capabilities from LAN and WLAN to SD-WAN, unifying network configuration, user and IoT management, security rules and operations across multiple branches.

Stephan Robineau, EVP Network Business Division at Alcatel-Lucent Enterprise, said: “We’re thrilled to partner with Versa Networks, a recognized and awarded leader for SASE and SD-WAN technologies. Their solutions for branch office Cloud and security services fit perfectly with our Enterprise networking solutions designed to simplify IT automation, secure IoT connectivity deployment and integrate quickly with business workflows. By leveraging this transformative technology, we enrich our new Network as a Service offer with complementary solutions to meet the business demands of today, but also future-proof enterprise IT operations. The product of this global partnership will become accessible first in Europe before extending worldwide in the next couple of months.

NOVEMBER 2021 / CXO DX

» NEWS

AL GHURAIR SELECTS ARUBA TO CREATE A PLATFORM FOR DIGITAL TRANSFORMATION Aruba Edge Services Platform (ESP) was fully aligned with the company’s vision for its digital future and unique requirements means to graft new applications on to the network.

Aruba, a Hewlett Packard Enterprise company, announced that UAE-based Al Ghurair Investment has implemented networking technology from Aruba that delivers resilient, future-ready infrastructure to accelerate digital transformation. The technology provides a scalable secure network template for consistent deployment and user experience, enables consistent wireless-first workplace with bandwidth to support critical business applications, cuts Wi-Fi deployment times from days

to hours and enables Zero Touch deployments across international operations. The deployment also reduces network costs through standardisation and consolidation. With digital transformation a priority in each of Al Ghurair Investment’s business units, the group needed to establish a singular network approach. The company wanted central oversight, tighter integration between business units and the

The cloud-native and service-oriented Aruba Edge Services Platform (ESP) was fully aligned with the company’s vision for its digital future and unique requirements. Aruba Central enables the unified management of wired and wireless infrastructure and delivers AI-powered insights, workflow automation and robust security, all as subscribed services. Aruba ClearPass ensures consistent policy-based governance in terms of the types of users and devices that can access each part of the network and gives visibility of network activity. The network now hosts 3,500 office users using Microsoft Teams and the plan is to roll out to Al Ghurair Investment’s warehouses, factories and production sites.

SITECORE HOSTS GLOBAL TOP SELLERS EVENT IN DUBAI DURING GITEX President’s Club is designated for the very top performers within Sitecore inspiring speeches about the company’s success and recent acquisitions of Boxever and Four51, Moosend, and Reflektion. President’s Club members exchanged best practice solutions with colleagues in order to target FY2022 business goals.

Sitecore, the global leader in digital experience management software, held its annual President’s Club event celebrating the achievements of its top salespeople during GITEX Technology Week, Employees from over 20 countries converged on Dubai, underscoring the UAE’s business resilience and growth, and excellence in hosting mega-events such as Expo 2020 Dubai. President’s Club is designated for the very top performers within Sitecore. While it’s primarily focused on sales, every function within Sitecore was able to select people from within their organization to recognize outstanding performance during the previous fiscal year. Additionally, the entire Executive Leadership Team from Sitecore participated to thank Sitecore team members for their outstanding contributions from FY2021.

Mohammed AlKhotani

Area Vice President - MEA, Sitecore

More than 100 of Sitecore’s top salespersons met with C-suite executives, including CEO Steve Tzikakis, who delivered

CXO DX / NOVEMBER 2021

“Holding Sitecore’s President’s Club in Dubai demonstrates the business resilience of Dubai and the UAE, and the prominence of being aligned with technology mega-events such as GITEX and Expo 2020 Dubai,” said Mohammed AlKhotani, Area Vice President - Middle East and Africa, Sitecore. “Sitecore is advancing our growth plan for the Middle East as a globally strategic market,by supporting customers across industry verticals such as government and public sector, banking, and hospitality.”

» NEWS

PROVEN ROBOTICS AND PUDU ROBOTICS UNVEIL NEXT-GENERATION ROBOTS IN SAUDI ARABIA Pudu’s signature robots – Kettybot, Bellabot and Pudubot – unveiled in the Kingdom at launch event Proven Robotics, a state-of-the-art venture by Proven Solution, and Pudu Robotics, an international high-tech enterprise dedicated to the design, R&D, production and sales of commercial service robots, held a launch event to unveil Pudu’s signature robots – Kettybot, Bellabot and Pudubot – for the first time in the Kingdom of Saudi Arabia. The live event presented an opportunity for both the companies to showcase the brilliance of these robots in improving efficiencies through AI technology, reducing operating costs and simplifying processes. Representatives from Proven Robotics and Pudu Robotics discussed the growth of robotics in the region, and the role of AI and robots in Saudi Arabia’s ambitious drive towards making automation and artificial intelligence a core pillar in the nation’s economic development strategy. Visitors attending the Riyadh Season 2021-22 were able to watch demos for Kettybot, Bellabot and Pudubot, robots that were developed to transform the operational landscape and improve efficiency. Bellabot robot was designed to revolutionize the human-robot interactive system, helping make manual tasks in customer-servicing obsolete; while Kettybot and Pudubot are service delivery robots and can act as a utility assistant in several industries. “There is an increasing demand for robotics across many indus-

tries, and this demand is expected to rise, driven by the introduction of new technologies, a growing need for automation fueled by the Covid-19 pandemic, and the need for contactless and automated interactions. Our agreement with Pudu Robotics comes in line with Saudi Arabia’s Vision 2030 that emphasizes economic diversification and aims to support businesses and organizations in Saudi Arabia to utilize the efficiencies created by robots to stay ahead of the curve,” said Zaid Al Mashari Group CEO of Proven Arabia.

INDUSTRIAL ENTERPRISES TO GAIN SECURE, CLOUD-BASED OPERATIONAL DATA SHARING WITH ANNOUNCEMENT OF AVEVA DATA HUB First integrated offering since OSIsoft acquisition “Customers are telling us that it’s not a question of whether they will adopt the cloud to view, enrich and share real-time and historical operations data, but how and when,” said Rónán de Hooge, AVEVA’s Executive Vice President of Information. “AVEVA Data Hub provides this answer, making it easy to aggregate and contextualize on-premises and remote data sources and securely share insights with a colleague across town, a business partner on the other side of the world, or even a data science application in the cloud for predictive modelling.”

AVEVA, a global leader in industrial software, announced its first SaaS offering that integrates key features of the market-leading PI Systemoperations data management platform with the AVEVA industrial software portfolio. AVEVA Data Hub, a secure, cloud-native hub for aggregating, managing and securely sharing operations data to gain new insights and improve operating performance, will deliver the proven operations data-sharing capabilities of OSIsoft Cloud Services (OCS) through the convenient AVEVA Connect industrial cloud platform. AVEVA Connect subscribers will enjoy the flexibility to access AVEVA Data Hub services alongside any mix of other AVE-

Rónán de Hooge

AVEVA’s Executive Vice President, Information VA cloud, hybrid and on-premises solutions as their business needs change, using the AVEVA Flex subscription program.

Customer applications for the technology have ranged from ensuring safe drinking water with predictive notifications to preparing data for advanced analysis to monitoring critical, remote equipment.

NOVEMBER 2021 / CXO DX

» NEWS INSIGHT

NETAPP EXPANDS HYBRID CLOUD PORTFOLIO New digital wallet capabilities for NetApp Cloud Manager and enhanced data services for simplified administration across a hybrid cloud among the highlights At INSIGHT 2021, NetApp, a global cloud-led, data-centric software company, announced new additions and enhanced capabilities across its hybrid cloud portfolio to help organizations modernize their IT infrastructures and accelerate digital transformation. Delivering new secure ways to consume and operate data services on-premises and in the cloud, NetApp hybrid cloud solutions make it simpler for enterprise customers to put their data to work — wherever and whenever they need it. With the latest release of ONTAP, NetApp is introducing enhanced protection against ransomware, expanded data management capabilities, and NVMe/TCP support for accelerated performance. The company is also announcing new digital wallet capabilities for NetApp Cloud Manager and enhanced data services for simplified administration across a hybrid cloud, more flexible consumption options to better control costs, as well as new Professional Services offerings to help customers unlock the full value of on-premises and hybrid cloud resources. “The promised benefits of migrating to the cloud may be profound, but many IT departments are still working to overcome on-premises challenges, like managing the complexity and costs of moving data, protecting against ransomware, and ensuring reliable performance for critical applications,” said Brad Anderson, Executive Vice President, Hybrid Cloud Group at NetApp. “As the hybrid cloud specialist, NetApp can help enterprises move their digital transformation efforts forward to deliver business results faster and within budget—whether they are still developing a strategy or in the middle of executing large-scale migrations.”

NetApp’s latest portfolio innovations announced include: • ONTAP Data Management Software Enhancements: The latest release of ONTAP enables enterprises to autonomously protect against ransomware attacks based on machine learning with integrated preemptive detection and accelerated data recovery. The new release also delivers enterprise-grade performance for SAN and modern workloads with NVMe/TCP support, expanded object storage capabilities, and simplified management. In addition, this latest ONTAP release will power the upcoming NetApp AFF A900, the next-generation high-resiliency all-flash system for business-critical workloads. • Enhanced Data Services: With new digital wallet capabilities available in NetApp Cloud Manager, customers can benefit from greater mobility and more visibility into usage of data service licenses across a hybrid cloud, with prepayment of credits enabling streamlined deployment to avoid procurement hassles. Additional updates include enhancements to NetApp Cloud Backup and Cloud Data Sense services, simplified deployment of Cloud Volumes ONTAP with new customer-ready templates, fully embedded Active IQ, and deeper integrations with NetApp Cloud Insights and ONTAP software to support Kubernetes workloads. • More Flexible Consumption Options: NetApp Keystone Flex Subscription, an on-premises storage-as-a-service offering with native cloud integration, continues to gain momentum with customers. The offering is now supported on four continents—encompassing petabytes of capacity within just under one year of availability. NetApp is now offering a new freemium service tier for Cloud Volumes ONTAP, providing customers with access

CXO DX / NOVEMBER 2021

Brad Anderson

EVP, Hybrid Cloud Group, NetApp

to a fully featured, perpetual license to use ONTAP in the cloud for workloads needing less than 500GB of storage. This consumption flexibility gives organizations the freedom to use enterprise-grade data services for small workloads such as Kubernetes clusters at no initial cost. An organization only needs to convert to a subscription when the workload matures and scales. • More Accessible Hybrid Cloud Expertise: NetApp is also introducing new Support and Professional Services offerings to make it even easier to access experts for step-by-step guidance as they transition to hybrid cloud. With SupportEdge Advisor for Cloud, NetApp is extending its data center support model to cloud services with rapid, direct access to trained specialists. NetApp Flexible Professional Services (FlexPS) is also available for customers that require on-demand and ongoing support as they transition to a hybrid cloud. With this new subscription-based offering, organizations can get the professional help they need to design and build a data fabric strategy, implement solutions, and optimize their hybrid cloud with predictable costs and avoid procurement delays.

» NEWS INSIGHT

UAE FINANCIAL ORGANISATIONS UNDER PRESSURE TO INCREASE SECURITY Banks and FSIs come under pressure from government, shareholders, employees and customers as security risks increase during the pandemic Organizations are distributing workloads across multiple clouds while simultaneously extending out to the edge – pushing apps and services closer to where people, data and things connect to the networked digital world. At VMworld 2021, VMware outlined how it is helping customers make sense of a more complex, multi-cloud environment and unveiled its vision for how it will help customers navigate the shift to the edge. It also introduced VMware Edge, a product portfolio that will enable organizations to run, manage, and better secure edge-native apps across multiple clouds, anywhere. “A new type of workload is emerging – edge-native apps – that must run at the edge to perform as intended. AR/VR, connected vehicles, and immersive gaming are becoming mainstream. 5G has made the use of collaborative robots, drone fleets and digital twins a reality,” said Sanjay Uppal, senior vice president and general manager, Service Provider and Edge, VMware. “VMware delivers a trusted foundation – a multi-cloud edge – to help organizations move forward in the new edge reality.”

Sanjay Uppal

Senior Vce President & GM, Service Provider & Edge, VMware

The Edge Defined

VMware defines the edge as distributed digital infrastructure for running workloads across a multitude of locations, placed close to users and devices producing and consuming data. Where a workload is placed at the edge is key to meeting the requirements of edge-native apps. • An edge-native workload placed anywhere between the cloud and the remote customer location and delivered as a service is called the near edge. • An edge-native workload placed at a remote customer location at the closest proximity to the endpoints is called the far edge. Edge-native apps require a multi-cloud edge. One that stitches together underlay services running on a service provider network (e.g., private connectivity, carrier 5G, network slicing) with overlay services delivered on top (e.g., SASE) and a compute services abstraction for the edge applications. All orchestrated by a management plane that provides consistent observability, installation, configuration, operations and management across all edge locations.

VMware Edge

VMware Edge brings together products from across VMware that will enable organizations to run, manage and better secure edge-native apps across multiple clouds at both near edge and far edge locations. VMware Edge solutions are purposefully designed for edge-native apps and their unique performance and latency requirements.

VMware Edge solutions include:

• VMware Edge Compute Stack, unveiled today at VMworld 2021, is a purpose-built, integrated VM and container-based stack that will enable organizations to modernize and secure edge-native apps at the far edge. VMware Edge Compute Stack will be available in Standard, Advanced, and Enterprise editions. VMware also has plans to develop a lightweight version of VMware Edge Compute Stack to provide an extremely thin edge for lightweight apps. • VMware SASE combines SD-WAN capabilities with cloud-delivered security functions, including cloud web security, zero trust network access, and firewalling. These capabilities are delivered as-a-service across both the near and far edge locations from a global network of points of presence (PoPs). • VMware Telco Cloud Platform has been delivering near edge solutions to the largest communication service providers in the world from their 4G/5G core all the way to the radio access network (RAN). By helping service providers modernize their network underlay, VMware enables them to deliver overlay edge services to their consumer and enterprise customers. VMware has key partnerships across the broad edge ecosystem to deliver seamlessly integrated solutions to customers. Its broad partner ecosystem spans public cloud providers, service providers, edge-native app developers, network services providers, system integrators, network equipment providers, near-edge hardware manufacturers, and far edge hardware manufacturers. NOVEMBER 2021 / CXO DX

» COVER FEATURE

A CLOUD FIRST APPROACH

The cloud remains the key to enabling digital first economy with organizations ramping up to the next level of maturity in terms of adopting cloud services

CXO DX / NOVEMBER 2021

ith the pandemic forcing companies to move to a remote model, cloud adoption saw an accelerated momentum and that trend seems to be irreversible. Within the year, the success that cloud delivered services delivered has perhaps further emboldened companies to ramp up their cloud initiatives. A cloud first strategy has become the more preferred way ahead for most companies looking to invest in IT infrastructure especially with range of choices available from a growing number of cloud service providers. According to IDC, the availability of multiple deployment options (hybrid cloud) and technologies that bring portability to applications (containers) enable customers to choose the best matched cloud provider for a given workload.

» COVER FEATURE The advantages are pretty much obvious in favor of cloud vis-avis on premise. However, a cloud first strategy doesn’t necessarily mean an only cloud approach and companies would need to assess their requirements before deciding to move workloads to the cloud. Jayakumar Mohanachandran, Group Chief Information Officer, Easa Saleh Al Gurg Group says, “Indeed, this has become the need of the hour vis-a-vis the earlier option. Workforce transformation

is now very much part of most board room conversations and having the right cloud provider and running your workloads on cloud become the most critical element in this journey. Defining the right strategy for organizations to have any cloud journey is important as one size doesn’t fit all.” Adopting the cloud gives advantages in terms of data storage, scale computing resources up and down as required, have hassle free maintenance and more. Padam Sundar Kafle, Head IT and Automation at Aster Hospital says, “In my Opinion, yes, we must adopt the cloud first strategy. A major reason is that we are moving into an era we collect digital data for almost all instances. When we collect digital data, it is important for us to ensure that data is stored securely and that we have long term retention. With cloud we can retain our data for years securely and not just for data collection but even for the processing of data collected through many years, normal computing power isn’t enough. If we want to have super computers on-premise, that is going to cost for maintenance and purchases. On the other hand in cloud, you can scale up the super computing as an when required, scale up and down based on the requirement. The cloud provider will take care of your data, server are up and running and if one server is down another is there as redundancy as well to ensure operations never face downtime.” Indeed cloud first strategy is almost synonymous with digital transformation. Without a cloud strategy, it is near impossible to embrace the transformation of the scale that is required to build a resilient future ready enterprise although it maybe possible to have a limited scale transformation only on premise IT. Moreover with most vendors now focused on delivering cloud based solutions, most of the innovation is happening on the cloud front. The arrival of the large datacenters in the region run by the public cloud providers also means a cloud fist strategy would gain further amongst most organizations in the region. Explaining why a digital first and cloud first not the same approach, Padam says, “Technically digital first and cloud first are not the same as digital first is possible even without touching cloud. Having said that, the information we collect with a digital first strategy would need much more data storage capacity and managing that with on-premise infrastructure is not going to be so easy. Therefore, while both aren’t the same, one complements the other.” In other words, a cloud first strategy complements a digital first strategy perfectly.

"Whether a business is committed to staying out front or fighting for market survival, everyone needs to advance from a cloud-first strategy to a digital-first strategy now.”

Jayakumar, says, “A cloud-first strategy focuses on the transformation of technology that serves existing business processes. While an important step, a cloud-first strategy is not enough to compete and lead in a digital world. A digital-first strategy uses technology to transform business processes. Whether a business is committed to staying out front or fighting for market survival, everyone needs to advance from a cloud-first strategy to a digital-first strategy now.” With a cloud first strategy likely to be more dominant going ahead, it begs the questions whether there will still be room for on premise infrastructure? Will investments on premise for most organizations going ahead be marginal? NOVEMBER 2021 / CXO DX

» COVER FEATURE

Padam Sundar Kafle

Head IT and Automation, Aster Hospital

Jayakumar Mohanachandran

Group Chief Information Officer, Easa Saleh Al Gurg Group

Jayakumar says, “On-premise investments will still be there and continue as most organizations can’t move the core so easily. While each organization is different in their journey towards cloud, the majority will choose the hybrid cloud model and the core will still remain on premise to ensure better control and faster turn-around time. Any organization who has a cloud strategy will be focused on how can we refactor those satellite applications and ensure those workloads are running on cloud.”

He says, “It’s still too early for an organization to decide on moving critical workloads to the cloud. The entry of large players into this market by setting up their data centers in the country/region will definitely boost the confidence, but the topics around security, compliances and moreover the exit clauses in case if an organization decides to move from one provider to another is all transparent and seamless, will still remain as key points of discussion.”

Padam seems to concur with the view that on premise infrastructure will still have a place when he says, “On Premise investments especially in some sectors are still required. There always should be business continuity plans offline and in case there is any unforeseen outage in the cloud, then the show must go on.”

On the road ahead for digitalization, Padam says, “The next phase of digitalization will be more of the AI and ML with AR(Augmentation Reality)/VR(Virtual reality) and MR(Mix Reality), Robotics and drone kind of things will be collecting information , processing with AI engines and the information could be available anywhere in the world in seconds with the help of 5G.”

However, there is bound to be greater confidence in moving critical workloads to the cloud since most leading public cloud providers seem to be having local datacentres. Padam says, “Absolutely yes. Aster hosptials UAE moved their datacenters to Microsoft Azure cloud on 2019 when Microsoft opened their local datacenter at UAE. All business critical applications are being moved from on premise to Azure cloud. Aster hospitals UAE has successfully adopted adopt cloud computing, eliminating the data leakage /Loss risk.

Jayakumar seems to have a similar take on what lies ahead as he says, “Digitalization is going through an interesting time where we talk and work with BOTS as colleagues, and the future is more to do with AI/ML and the plethora of options that these technologies has to offer. This is going to be a game that will be much more levelled up with more and more players coming into the picture with their offerings on a reduced cost that can demonstrate high Proof of Value (POV)”

Jayakumar strikes a cautious note when he mentions that there need to be more clarity in terms of nitty-gritties like exit clauses when moving your workloads from one cloud provider to another.

With all those innovations coming along thick and fast, the cloud is definitely most likely to help leverage and deliver the best outcomes for Businesses looking to stay ahead.

CXO DX / NOVEMBER 2021

» INTERVIEW

BREACHING NEW FRONTIERS At this year’s GITEX, Pure Storage focused on announcing our vision for what modern data storage and management should be: services-driven and delivered as code. James Petter, VP International, Pure Storage discusses some of these new offerings from Pure Storage How has the Business outlook been for Pure as a Service? Storage as a service is relay come to the fore over the past 18 months particularly driven by the pandemic because organizations needed to start evaluating how they procure and run their technology stacks. Pure as a service offers organizations the flexibility and agility to procure technology under a financial framework and run their environment as a cloud service, not have to worry about doing their CAPEX transactions as in in the normal model and have a trusted vendor such as Pure Storage to come in and run it for them. What is Pure Fusion all about? We announced Pure Fusion at GITEX. Ione of the important things in the industry is to drive automation into your Technology stack. Pure Fusion allows you to do that with every product Pure has. Pure Fusion is, an industry-first self-service, autonomous storage platform that marries the best of enterprise storage with the agility and scalability of the cloud. You can now eliminate all the manual intervention that was needed earlier and all the risks that go with it. Pure Fusion delivers a SaaS management plane that pools storage arrays into availability zones and automates previously complex tasks such as workload placement, workload mobility, and fleet rebalancing. All you have to do now is to put policies into the engine, align those policies to your Business objectives and then Pure Fusion aligns all your data, whether it be Block file or object, on the right product at the right time. It also includes a new API framework that enables both storage teams and end users to operate in an on-demand, storage-as-code model that integrates with the developer tools they use today.

James Petter

VP International, Pure Storage

What does Portworx Data Services do? Portworx is about how clients use containers with the Kubernetes platform. Portworx Data Services is the industry’s first Database-as-a-Service platform for Kubernetes and enables DevOps engineers to deploy a managed, production-grade data service on Kubernetes. With Portworx, we help provide clients with the ability to manage Kubernetes applications born in the cloud with a management framework for day 2 operations which allows again automation into the containers and the application layer so that they don’t need to worry about it. What are the key verticals of focus for Pure Storage in the region? Within the UAE and Saudi, our key verti-

cals are Finance, Telco and Government. Those three verticals are pretty much consistent across the region for us but we are also looking to make more inroads into other verticals as well and look forward to conversations with customers who want to consider our solutions. Discuss the overall growth this year for Pure Storage? We have had a particularly good year of growth. We grew 23% last quarter. Pure as a service is 30% of our Business. That is only likely to accelerate and increase as more and more customers come to realize that the cloud and as a service model are becoming more important to their Businesses and the way they operate.

NOVEMBER 2021 / CXO DX

» INTERVIEW

OT SECURITY IN THE FOREFRONT Bachir Moussa, Regional Director, MEAR, Nozomi Networks speaks about the increased threat landscape in OT and Nozomi Networks’ focus on securing that space What was your focus at GITEX this year? We exhibited at our partner Moro Hub’s stand at GITEX. Our focus was on the convergence of OT and IT, demonstrating the value of the improving the visibility and security for OT and IT together. How is industrial cybersecurity now being looked at in terms of importance? Industrial cybersecurity has become more important over the past few years because organizations offering services to the public realize the impact that any disruption in their network can cause massive impact not only on their Business but also of their end users they support. The affected would be the common people that receive the utility services like water, electricity, gas etc. Organizations are approaching us to help them gain visibility into what is happening in their industrial networks and put the right security measures in place to avoid disruptions and network impact How has the threat landscape evolved with digital transformation and the shift to remote work model? Digital transformation today isn’t limited to the IT part only. It covers the OT side as well. So, there is a need for a holistic approach to IT, OT and IoT. This is an enabler, making Businesses more effective. However, as the connectivity increases, the attack surface also increases and previously while OT was separate from IT, it faced less threats. The only way to gain access to OT systems was to go physically. With digital transformation, that is no longer so. Therefore, organizations need to put effective security solutions to work across the IT, OT and IoT infrastructure. Remote work became more prevalent due to the pandemic and organizations had to quickly shift the way they work. They were used to protecting the campus and their own networks but they weren’t ready to protect their employees working remotely on such a massive scale. This caused a significant disruption in the way they worked. From an OT perspective, remote access had to be given in this context It became necessary for organizations to run. Hence, investing in OT security has become more important than ever before to enable Business transformation and Business effectiveness. Is the cloud and possibly multi cloud an important focus in the OT landscape? Multi cloud is a great strategy for now and into the future. Especially during the pandemic, it has become important to allow people to work from anywhere. Hence cloud and multi strategies

CXO DX / NOVEMBER 2021

Bachir Moussa

VRegional Director, MEAR, Nozomi Networks

are quite important. OT workloads have also started moving into the cloud to make it possible to manage these workloads from wherever you are located. At Nozomi, we are pro-cloud. We have released our Vantage platform that is SaaS based that allows organizations to manage their OT workload security and visibility from wherever they are located in a secure and effective manner. Discuss your partnership with Moro Hub? While cloud is an enabler, you also need to manage your workload across different clouds. This is where an MSSP comes in. Our partner Moro Hub with whom we signed up a partnership recently, is allowing us to take our solution of providing visibility and security in OT to a wider base of customers. By continuously managing that, they provide their expertise, allowing our customers to have their best outcomes from their investments in solutions from Nozomi and in addition allowing them to focus on their core Business activities.

» INTERVIEW

COMPETING FOR THE FUTURE

Sunil Paul, Co-Founder & Managing Director at Finesse Global discusses the focus areas for Finesse as it looks to tap into the opportunities in enabling and securing digital transformation for its customers. How was GITEX 2021 for Finesse? GITEX has been quite pretty satisfying and successful considering the circumstances. Lots of customers from other GCC countries and partners visited us. we have been quite happy to connect with them again. Visitors at the event have had an opportunity to get a hands-on experience with some of the new technologies. Discuss your focus on enabling digital transformation? We are leaders in the digital transformation segment. We must have supported at least more than 150 customers in their digital transformation journey across areas such as chatbots, AI, Business Intelligence, Advanced Analytics, CRM, Blockchain, Corporate Treasury Management, RPA, Managed services and more. We are in the leadership position in that space. Elaborate on your focus in cybersecurity services? Digital Transformation comes with its own challenges as well. Earlier, data used to be within the datacentre and on premise. Now with digital transformation, the scenario is quite different. People are accessing information from across the globe, many are working out of their homes. This has created a scenario of vulnerability for data and one can never know for sure where there could be a loophole for data leakage. This has led to the need for a new approach to cybersecurity compared to a traditional perimeter led approach. We have evolved an approach to securing digital transformation and are focusing on areas such as digital identity, data protection and privacy, cloud assurance, zero trust, hyper segmentation etc. we have also set up a local SOC which allows us to support our clients on the cybersecurity front. Since these are new technologies, it is not easy for organizations to onboard these solutions and also have the necessary in-house expertise to support them. This is where we come in to providing these technologies and skills on a shared services model through our SOC. We also combine them with our consulting services and services such as ongoing penetration testing etc. These are the services we focus on. What are the key verticals you focus on? From a digital transformation point of view, every industry is preparing for it. The traditional way of focusing on some verticals is also undergoing change. If for instance, you are focused on developing applications for a vertical, such as Education of healthcare for instance, and then trying to replicate in another domain would be a challenge because the verticals are quite different. However, from a digital transformation point of view, the focus is more horizontal. Be it a manufacturing company, or a company from retail, healthcare, education, financial services etc, all need an application such as a chatbot. Everyone needs to embrace AI, everyone needs to leverage their data and all of them wants to automate their Business processes. Not just that, everyone wants to interact with their

Sunil Paul

Co-Founder & Managing Director, Finesse Global

customers on their platform and everyone wants to secure all of that data. To revert to your question, our strengths lie in the BFSI sector, education, energy, healthcare and public sector. However, currently we are going beyond these traditional verticals we have focused on to address the requirements from the digital transformation perspective. How has the growth been? Finesse has never seen an exponential growth but has seen slow and steady growth consistently since our inception. We have had double digit growth rate in all these years except in 2020. We should have realized 15% growth year on year compared to last year. On the positive side, we weren’t as affected when the pandemic broke out as it may have impacted some others in the industry. We are in line with our targets. What are the new focus areas going ahead? We are building our resources around AI, as a major focus of our investments. We are ramping up skillsets and expertise for creating frameworks for AI, creating ready to deploy data models for specific industries. We are also extending our chatbots to enable the experience of chatbots leveraging AI We are also working on IoT and are building up on the data capture front as well also on the analytics front. NOVEMBER 2021 / CXO DX

» INTERVIEW

ENABLING COGNITIVE CITIES

Dr Muneer Zuhdi, Head of Cognitive Cities, Nokia discusses the solutions showcased at GITEX and the focus on enabling cognitive cities

What was your focus at the GITEX showcase this year? We have showcased high performance networks based on 5G and also dedicated private networks as well as a lot of use cases that can help digitize cities and industries including oil & gas, ports, utilities, smart cities, demonstrating the value you can unlock once you have transformed these industries. We showcased the role of private wireless networks in gaining situational awareness by monitoring people, assets and vehicles. We also showcased enhanced efficiencies possible with connected Automatic Guided Vehicle. The demonstrations also included improved safety and security that can be achieved with advanced automation in ports and utility digitalization. Is there a difference between cognitive cities and smart cities? The cognitive approach goes a step beyond ‘smart’. Smart is about automating, digitizing etc. But now, with so many advances in AI and ML, the way the cities and industries operate should be in a continuous loop. Once you collect the data, you manage the data and analyze it, then you should be able to optimize the action you take. Therefore, it has to be a continuous loop of learning that can help you optimize the outcome and shows in the services you provide to your clients, or in the case of cities, the services you provide to citizens, residents and visitors which we do with our approach. Elaborate on Nokia’s focus in the region? Globally, we are working with different service providers, as well as with cities and enterprises. We are committed to the region where we have engaged with leading services providers cities and cities. Discuss Nokia’s focus on securing the critical infrastructure? When you are talking of digitizing industries and cities, you are talking of mission critical solutions. So, it has to be secured and security is not something you can patch later on. It has to be built in. You need to have a design for end to end security, from securing devices to IoT, securing the cloud, securing the connectivity, the datacentre, the platforms and the application. It has to be overarching and give you an end to end view to make sure all mission critical operations are secured in the industries and cities. Is AI an integral part of the solutions you offer? Ai has to be an integral part of all solutions, whether it is in the networking solutions, in terms of optimizing the services, or in terms of detecting and mitigating errors to add more resiliency

CXO DX / NOVEMBER 2021

Dr Muneer Zuhdi

Head of Cognitive Cities, Nokia

to your network. On the security front, you try to detect patterns using the AI ML engine to establish any anomalies. Elaborate on the solutions you offer for enterprises? We have dedicated solutions for enterprises across different verticals, both wired and wireless. In the wired segment, we have IP/MPLS, Gigabit Passive Optical Networks (GPON) solutions for instance and on the wireless front, we have dedicated private LTE and now we are moving towards 5G. On top of this networking platform, we have platforms for device management, data management, data analytics. And on the very top, there is an Integrated Operations Center (IOC) where you can onboard the different applications you have, whether for cities or for different industries, such as those for asset tracking, geo geofencing, traffic management, situation awareness, all the different applications that can help you automate the operations of industries and cities. The objective would be to improve the productivity, increase efficiency, reduce any possibility for accident and improve the safety for different industry verticals.

» INTERVIEW

A ROBUST OUTLOOK Amanullah Khan, Managing Director for Middle East, Turkey & Africa at Linksys discusses the focus for the company in the region, their showcase at GITEX and how adoption of 5G is likely to drive more demand for their solutions Discuss the Business growth outlook for Linksys across segments? Last year we have had phenomenal growth and we are forecasting likewise growth for 2022 as well. The growth is going to come from adoption of 5G technologies, adoption of cloud solutions in the SME space and adoption of WiFi 6 in the consumer space. We have seen significant growth in the mid-enterprise space. This has been around 49% growth over last year and we expect to see a growth of 25-30 % over next year. In the retail space, growth is coming from the online sales as once can expect as people get more comfortable with online shopping. We expect to see growth in the consumer business led by online retail predominantly and can expect that business to double. We are working with almost all leading ISPs in the region, doing a lot of proof of concept demos and look to grow that business. We will be working along with several ISPs in accelerating 5G adoption in the region. Please elaborate on the partnership with Fortinet? This has been a significant development for Linksys. Fortinet invested 160 Million USD into Linksys and owns part of the Linksys Business. Launched first in the US, we are bringing the solution to the Middle East region, which will be a fully managed solution. Linksys HomeWRK for Business is the first ever enterprise solution to deliver secure network connectivity for both corporate and personal needs in one easy-to-setup unit optimized for business applications and collaboration tools. The goal is to deliver enterprise-grade connectivity and security, with unparalleled quality of service, to organizations that need to provide seamless and secure connectivity for their employees to efficiently work from home. Pretty soon, we expect the 5G modem technology to move from the Qualcomm Snapdragon X55 to Qualcomm Snapdragon X65 and X62 chipsets, enabling higher speeds. We expect the regulatory authorities to start allowing Wi-Fi 6E band that support 5G services. if not the first, we will one of the first to bring those products to the markets in the region. We expect the technology adoption to accelerate in the first part of the next year and hopefully in the second half, it would see adoption by the masses. What did your GITEX showcase included in terms of solutions? At GITEX we showcased an extensive range of our products. This

Werno Gevers Regional Manager Amanullah Khan

Mimecast East Managing Director for METAMiddle at Linksys included our 5G indoor CPEs supporting voice, data and video. We showcased a 5G outdoor router supporting both sub-6GHz and millimeter wave 5G networks. We also showcased an industrial 5G router which could be used at remote manufacturing sites In the consumer space, we showcased our latest Velop 6E routers which we plan to launch as soon as regulatory approval for 6E band comes in. We also showcased our WiFi 6 routers that support triband technology. We also showcased our cloud managed access points for the commercial segment which includes both WiFi 5 and WiFi 6 technology which we will be bringing in, These include both indoor and outdoor access points. We also showcased some of our managed wifi solutions. Which verticals would be of key focus? With our HomeWRK solutions, we expect to make inroads in the education and large enterprise sectors. For organizations that require secure remote working environment for employees working from home, we hope to address that requirement. We also expect to grow our business in healthcare, hospitality and logistics sectors as well as Manufacturing and Travel. NOVEMBER 2021 / CXO DX

» COLUMN

KNOW YOUR BREACH LIKELIHOOD Saket Modi, Co-Founder and CEO at Safe Security writes about the need to revisit the fundamental elements of secured Banking

“Can I jump over two or three guys like I used to? No. Am I as fast as I used to be? No, but I still have the fundamentals and smarts. That’s what enables me to still be a dominant player. As a kid growing up, I never skipped steps. I always worked on fundamentals because I know athleticism is fleeting “— Kobe Bryant For any discipline — be it sports, music or academics — the grasp on fundamentals needs to be strong. One cannot, after all, write a sentence without first learning the alphabet. The pandemic has catalyzed digital changes within organizations and outside them as their customers embraced open banking and digital transactions. According to Business Insider Intelligence’s Mobile Banking Competitive Edge study, 89% of survey respondents said they use mobile banking. Deloitte reports that 35% of customers increased their online banking usage during Covid-19, and Visa saw about 13 million Latin American customers make their first online transaction in the first quarter of 2020. With such a digital boom, cybersecurity has come into sharp focus. However, the fundamentals of how cybersecurity is ap-

CXO DX / NOVEMBER 2021

proached are still unclear, which is why we still see businesses spend on the bottomless well and still get breached. According to a Deloitte report, financial institutions are expected to spend roughly 11% of their IT budget on cybersecurity, with the largest banks in the U.S. investing $1 billion each! However, while organizations are improving in cyberattack planning, detection and response, their ability to contain an active threat has declined by 13%, according to IBM’s Cyber Resilient Organization Report.

What Are the Fundamentals?

Currently, the five vectors of the banking sector — people, processes, technology, third-parties and cybersecurity products — are viewed in silos and treated as such. People, security, security tools, compliance and audits are considered fundamental to cybersecurity when they are a part of a granular picture. Organizations are purchasing more products to generate more lists, based not on objective measurements but subjective abstractions of the CIO, security team or competitor enterprises. On average, enterprises deploy 45 cybersecurity-related tools. However, there is a definite lack of cohesiveness in determining what is going well and what could be

» COLUMN better. To put it in perspective, enterprises that deploy over 50 cybersecurity tools rank themselves 8% lower in their ability to detect threats than other companies employing fewer toolsets! There is no industry standard determining the fundamentals enabling financial institutes (FI) to answer one simple question: How secure are they today? When the CEO can be held accountable for an organization’s breach (as per the GDPR), the board gets more curious and involved in the decision-making processes of cybersecurity than ever before. In such a scenario, cybersecurity should transform from being jargon-rich to simple, unified and easy. Managing, mitigating and measuring risk objectively is the fundamental shift required, and this comes with the knowledge of an enterprise’s breach likelihood.

Financial Institutions Needed to Adopt Breach Likelihood Yesterday

Gartner defines integrated risk management (IRM) as “practices and processes supported by a risk-aware culture and enabling technologies, that improve decision making and performance through an integrated view of how well an organization manages its unique set of risks.” The building block of IRM is enterprise risk. Currently, organizations have tried and failed to protect data by looking at cybersecurity through compliance frameworks only, with point-intime reports from siloed tools. It is time they move from reactive and defensive risk management to predictive risk management through breach likelihood, which simplifies cybersecurity. Computing an enterprise’s breach likelihood leverages technology that is not alien to the BFSI sector. Machine learning-enabled predictions are already being deployed in insurance, employee welfare and customer experience. A large online payments system uses deep learning, algorithms, multi-class models and more to sieve fraudulent and genuine transactions by deriving actionable insights from their story-model analysis. Cybersecurity can also be simplified using technology that already exists. The fundamental element of cybersecurity is as basic as knowing the enterprise breach likelihood that can be calculated from enterprise-wide signals. Breach likelihood prediction in the banking sector shifts power to the cybersecurity team and the organization, enabling them to prevent rather than react to threats. Be it the possibility of a breach through ransomware, cloud misconfigurations or business email compromise, breach likelihood gives an as-is metric for cyber risks and a means to prioritize vulnerabilities. This simplifies the understanding and management of cybersecurity. FIs willing to invest in methods that simplify cybersecurity can begin with: •

Stepping away from a compliance-only qualitative approach to ensure no vectors — people, processes, technology or cybersecurity products for both first and third parties — go unaddressed.

•

Consolidating

reports

from

all

cybersecuri-

Saket Modi

Co-Founder and CEO, Safe Security

ty products/services to a single dashboard. This will help security and risk management teams prioritize risks across the enterprise in a single view. •

Measuring their cyber risk posture in its as-is state. They either accept the risk and improve their risk posture by purchasing cyber insurances, accept the risk and forgo any changes, especially when the investment required to mitigate the risk is larger than its dollar value impact, or mitigate the vulnerabilities by defining their cyber risk appetite and cyber risk tolerance.

To date, the fundamental approach of securing any business has been reactive. Investments in cybersecurity have historically maintained a check-the-box approach to meet compliance and audit requirements. There are many distractions and abstractions surrounding cybersecurity, especially when it is a qualitative analysis. Once the foundation is solid with an industry-wide breach likelihood adoption, cybersecurity will become a solution rather than a problem that security executives perceive as right now.

NOVEMBER 2021 / CXO DX

» COLUMN

THE MADNESS OF RANSOMWARE

'AS A SERVICE'

Ransomware is bad, but it is also made very easy for the perpetrators writes Wissam Saadeddine, Senior Manager - MENA at Infoblox

By: Wissam Saadeddine, Senior Manager - MENA at Infoblox

ansomware has taken on absurd forms recently. At the beginning of this year, much of the east coast in the United States faced gas shortages because Colonial Pipeline was shut down. In July, hundreds of managed service providers had REvil ransomware dropped on their systems through Kaseya desktop management software. In Ireland, the HSE (the Health Service Executive, responsible for health care in the country) was in a digital hostage situation. And those are just a few of the most striking examples. What’s so striking about these attacks is that they all seem to be the work of amateurs, and not of professional hacking groups.

CXO DX / NOVEMBER 2021

The Colonial Pipeline hackers said of the chaos they caused at American gas pumps: "Our goal is to make money, not to create problems for society." The HSE hackers eventually gave their decryption code away for free, appearing to be a bit shocked by the impacts of their attack. And in July, the REvil group suddenly went offline, shortly before an unknown person handed the Kaseya victims the decryption key. In fact, researchers at cybersecurity company Group-IB have reported that nearly two-thirds of all ransomware attacks in 2020 came from RaaS-based platforms which are tailor-made for amateurs to carry out devastating attacks.

» COLUMN Emergence of RaaS What is RaaS and what does that mean? Ransomware as a Service (RaaS) means that you can simply purchase a service online, on the Dark Web, and you can then take whoever you want hostage at will. So, if you want to get rich quickly, all you need is a connection to the dark web, a credit card or other way to pay, and reprehensible morals. Unfortunately, the success of these types of constructions says more about the state of cybersecurity than about the criminals themselves. Unlike really advanced cyberthreats, these types of RaaS services are very easy to recognize. Their IP addresses are known. Any decent secure Domain Name System (DNS) should automatically block RaaS - but this is not happening. And that's symptomatic of how far too many small and large companies still manage their security. Patches are not installed. Updates are not run. Passwords are not changed. Settings are not checked. And freely accessible information about all kinds of large and small threats is systematically ignored.

Importance of DNS DNS is an essential part of any network. The server translates domain names into IP addresses and in this way ensures that network traffic ends up in the right place. Because it is such a critical part of network functionality, DNS traffic has traditionally been unencrypted, widely trusted by the systems that make networks work. Unfortunately, this also makes it an ideal method for hackers seeking to transfer data into a network (for example when uploading malware) or out of one (like when stealing sensitive data). But at the same time, DNS’s central location at the foundation of the network also makes it possible to use as a powerful security tool. As one of the first services a device uses when it connects to the network, DNS can give network administrators visibility across the entire network, allowing them to identify and isolate compromised machines before they can cause significant damage. DNS can also be used to monitor traffic and can be leveraged to automatically block traffic to known malicious servers. DNS security solutions can use Threat Intelligence - information about known threats, which is collected and shared by security providers - in this way to disrupt RaaS attacks before they cause damage. Servers that are known to be used by hackers are therefore automatically blocked by the DNS before the ransomware can be uploaded. The biggest challenge to our resilience is not in 'state actors' or digital criminal masterminds. They have better things to do than look for tiny rewards. The problem is that companies are so squeamish about their cybersecurity that any small-time criminal willing to put a little bit of time and effort into the Dark Web

Wissam Saadeddine

Senior Manager - MENA at Infoblox

"DNS traffic has traditionally been unencrypted, widely trusted by the systems that make networks work. Unfortunately, this also makes it an ideal method for hackers seeking to transfer data into a network."

can effortlessly shut down the whole thing before anyone even realizes what's happening. It is the responsibility of the companies themselves to take at least the most basic measures. Of course, if a good hacker really wants it, he will get in everywhere. But the fact that we are currently seeing one nasty amateur after another cause enormous damage with means that have been known for a long time and can easily be parried, I think is even worse. NOVEMBER 2021 / CXO DX

» COLUMN

AI:

The opportunities beyond the myths

Sid Bhatia, regional vice president, Middle East & Turkey, Dataiku discusses the three myths of AI that may stand in the way of regional growth

is projected to be a US$320 billion industry in the Middle East by 2030, according to PwC, and GMI Research cites GCC nations as leaders in the field, expecting Internet and smart device penetration, as well as megaprojects like Saudi Arabia’s US$500-billion NEOM smart city, to continue fueling growth. But unless we take a thoughtful step back, AI’s promise may peter out. The problem is hype, which can quickly lead to memes, some of which are myths. AI is subject to marketing like any other product. Stick the right brand label on a pair of sneakers and watch profit margins soar while the returns on identical footwear,r that don't carry the brand, languish in breakeven territory. The meme: the branded shoes are of higher quality. The reality: not so much. And so, a myth is born. Similarly, some so-called “AI solutions” carry some lofty claims on the tin. Cost savings of this and that. Productivity boosts. Unprecedented capabilities that

CXO DX / NOVEMBER 2021

will allow early adopters to disrupt their industries. And so on.

Let’s define our terms

We can think of AI as machines mimicking human cognition and agency to the extent that the technology does things we could never dream of doing. Humans that can divide seven-figure numbers by pi in their heads could be thought of as smart. Machines doing the same are mere calculators. Conversely, while a machine that can recognize an individual face in a crowd is impressive, a human that does the same is merely thought of as awake and paying attention. So, it is important to establish what AI is and what it is not. When systems that are not AI get it wrong, the memes lead the media to serve up wrongheaded clickbait headlines that mislead, confuse, and scare those who could benefit from the genuine article. So, let’s look at some myths surrounding the technology.

» COLUMN Myth 1: AI is dangerous and steals jobs

There is a slew of characterizations that cast AI as a bogeyman, from the Hollywood-inspired robot-revolution fantasies to the sadly more realistic labor-displacement concerns. As I am sure none of you lies awake worrying about Arnold Schwarzenegger-shaped androids targeting you for termination, I will concentrate on unemployment. This is a justifiable and timely concern, especially in the wake of jobs losses caused by the pandemic. But the pandemic, awful as it was, did not create digital transformation. It merely accelerated it. In many cases, such as healthcare, education, and logistics, automation and other technologies allowed organizations to keep going through the crisis, and saved jobs in the process. Many reports, from respected bodies such as the World Bank and World Economic Forum, predict a net gain in jobs because of the Fourth Industrial Revolution. As one industry becomes more productive because of automation, it will not only need humans to supervise the machines (creating new jobs through the so-called "human in the loop" methodology). It will also shave costs for itself and others in its supply chain, leading to lower prices, increased demand, and the creation of more jobs. But none of this is any comfort to displaced workers, which is why AI companies advocate responsible AI. Responsible AI calls (among many other things) for the skilling, upskilling and reskilling of workforces to accommodate the demand for AI solutions. This will sometimes lead to “augmented intelligence” in which AI-based systems are used as tools to help humans do their jobs more effectively. Examples include the FSI sector, where AI can be used to target fraud investigations and identify promising areas for investment.

Sid Bhatia

Myth 2: AI is successful only for experts and large enterprises

The idea that AI is out of reach for all but the largest enterprises, with armies of data scientists at their beck and call, is outdated. Today, platform companies provide a variety of tools through transparent, pay-as-you-use cloud services. These offerings are tailored to be both affordable and useable by all. Anyone with the appropriate level of industry knowledge can become a citizen data scientist and add value to their organization. Middle East enterprises concerned about skills gaps should consider hiring someone with domain knowledge and skill them over time to become a data scientist. Organizations should also review their data and IT infrastructure to ensure it is scalable. And strategy should include a roadmap to reshape the corporate culture so everyone, regardless of seniority, thinks in terms of data — how it is gathered, stored, and leveraged. This diminishes organizational and informational silos, which are major barriers to the success of AI.

Myth 3: Adopting AI is a fire-and-forget proposition

AI is not a fast-track to anywhere, be it competitiveness, efficiency, or anything else that could be interpreted as success. In data-first cultures, organizations account for people and processes as well as data and the AI systems that feed on it. Goal-oriented strategies will ensure AI plays a value-adding role in a wider change.

Regional Vice President, Middle East & Turkey, Dataiku

Just as we should not expect the adoption of AI technologies to be its own reward, neither should we expect ROI to flow naturally from it either. The wrong use case in the wrong hands; gathering the wrong kind of data simply because it is data; a lack of communication between siloed business units; and a rash of other missteps can lead to costs rather than benefits. Equally, failure to implement responsible AI could result in public embarrassment that hurts an organization's brand.

Look beneath the mask

AI can be a breakthrough for the organization that integrates it with educated guile. Behind the headline hyperbole hides a promising truth. AI is both less scary than the negative stories would suggest and more subtle than the positive stories would sell. The trick is to think about business models, goals, operational limitations, budget constraints and market conditions before assembling the AI toolset that is right for you. Ahead lie opportunities for sustainable growth across the region. AI, leveraged wisely and realistically, can get us there. NOVEMBER 2021 / CXO DX

» COLUMN

KUBERNETES WILL DRIVE UP VALUE OF IT SKILLS Michael Cade, Senior Global Technologist, Veeam writes that Kubernetes is democratising and commoditising infrastructure for software developers, serving as the core for modern, Cloud-native applications

he open-source and Cloud-native container management platform, Kubernetes, is a game-changer for businesses looking to make their development, testing, and production phases more consistent across platforms. While nowhere near as existential, the same questions being asked around AI and machine learning are already being asked of Kubernetes. Will they threaten and replace the roles of IT teams given their ability to ‘orchestrate’ and ‘automate’ the management of containerised environments? And as always, the reality is that new technologies create opportunity rather than remove them.

Michael Cade

Senior Global Technologist, Veeam

Developers already have significant freedom, independence and influence over purchasing decisions – with between 70-79% feeling they have either significant or complete influence over these kinds of investments, according to IDC. When you consider 2.7 million of the 6.5 million total cloud native developers thought to exist around the globe are using Kubernetes, according to the CNCF, that’s a significant chunk of the talent base that IT teams must consult and support.. With the cloud-native developer base also growing, it shows that these next-generation technologies are actually bringing more people into the IT management and software development industry than they are taking away. All of these increasingly fast and automated development cycles and spinning up containers left, right, and centre creates two things: cost and data. Who manages and limits the cost of these platforms, and who manages and protects the huge volumes of data being created? The answer will always be highly skilled human beings.

CXO DX / NOVEMBER 2021

» COLUMN Democratising development

As with any disruptive technology, Kubernetes cannot be deployed and managed without a period of education and experimentation. Businesses are in that exciting, but sometimes frustrating, phase of deploying Kubernetes where they are trying new things. One of the core capabilities IT teams are already seeing is the value Kubernetes bring when grouping together the containers that make up an application into logical units. This application-centric approach to Kubernetes gives IT teams the ability to accelerate and scale application delivery without the risk of human error. This means the business can deliver applications faster, at greater scale, and with greater accuracy. What’s arguably more exciting to talk about though is not just what Kubernetes can do, but what they might be able to achieve at a broader level. Fundamentally, Kubernetes is democratising and commoditising infrastructure for software developers, serving as the core for modern, Cloud-native applications. This takes us towards what comes next for the technology. Kubernetes can run on almost any platform, but the same applications can almost run freely between them. This flexibility could mean that IT teams start to manage their entire infrastructure using Kubernetes rather than using separate management layers for containers, virtual machines, cloud and software-as-a-service (SaaS). Such a powerful management capability would have all sorts of implications for IT teams in terms of the level of control they truly have over their infrastructure. For example, this could change how businesses manage costs and ensure they are complying to relevant data regulations. However, it could also mean so much more in terms of what is possible and the speed of software and application development cycles. This is just one way that Kubernetes could seriously drive up the value of an organisation’s IT function, as well as the value of IT skills. Industries such as financial services, retail, and manufacturing just to name a few are already a matter of not who can do what, but who can do it first when it comes to application development? Who can innovate fastest and respond to changing market demand and customer expectations in days rather than months? This scenario takes IT out of the data centre and into the boardroom – with a strategic seat in the future of every business.

it doesn’t matter if we are dealing with individual applications or specific challenges around physical, virtual, cloud, Kubernetes, and the wider Cloud-Native ecosystem. They all have advantages and disadvantages but that doesn’t stop people moving their most critical workloads to the optimum platform. This is a scenario where the old adage “just because you can it doesn’t mean you should” could not apply more. As well as understanding the opportunities that Kubernetes are already bringing and could bring in future, we must be mindful that no platform is risk-free. Data loss scenarios still take place in Kubernetes which are not addressed by availability or replication. So, organisations still need a backup solution that works against a wide range of Kubernetes application stacks and deployment methods. For example, Kasten K10 by Veeam has been built to focus on the application, is Kubernetes-native, can run in multiple cloud and on-premises clusters, and is data services aware. As more “stateful” container applications are brought into production, the need to protect the data holistically – meaning native within the container, instead of “just” the storage repository – is likely to grow. In turn, so will the requirement for third-party native backups. Taking a balanced and pragmatic view, Kubernetes and Cloud-native are unlikely to be the solution to everything today or won't be in the future. However, IT teams need to understand what they are capable of and their comparative benefits to make informed decisions. They aren’t scary or any more difficult to understand than the platforms we’ve been using for years. Just like them, they are capable of great things – perhaps more so, they thrive

"Taking a balanced and pragmatic view, Kubernetes and Cloud-native are unlikely to be the solution to everything today or won't be in the future. However, IT teams need to understand what they are capable of and their comparative benefits to make informed decisions."

Back to school for IT

With great power comes responsibility. To seize this opportunity with both hands, IT teams need to feel empowered with the authority, tools and skills to maximise the opportunity Kubernetes presents. This requires a leap of faith into the unknown. This stuff can make us infrastructure folk a little nervous. But many have already made the leap – we recently found in our Cloud Protection Trends Report 2021 that as many as 61% of organizations globally are either already using containers in production, actively testing them, or are intending to use them within the next year. My response to the concern from some is let’s do what we do best and ask the same questions we do of any platform. What does it sit on and how do we enable the correct and required architecture? When you view it from a platform or infrastructure level,

in certain scenarios and are less suitable for others, and all data still needs to be backed up and protected in the event that it goes missing. The teams who are able to really get to grips with the maximising the potential of Kubernetes stand to win big when it comes to increasing the speed and quality of application development cycles, bringing new features, services and products to market to surprise and delight customers. Imagine this, a scenario where Kubernetes does not just enable application development to be fast and efficient but that same platform is used to orchestrate other areas of the business, virtual machines or cloud-based IaaS and other workloads all benefiting from the same orchestration engine. NOVEMBER 2021 / CXO DX

» COLUMN

THE ROLE OF

AI IN CYBERSECURITY

AI is a powerful broom for cleaning up cluttered security environments writes Anoop Das, cybersecurity expert at Mimecast

he stunning growth of the global cybercrime industry is putting strain on organisations and their security teams. Mimecast's latest State of Email Security Report 2021 found that 45% of organisations in the UAE reported an increase in the sophistication of incoming cyberattacks, while 41% cited a growing volume of attacks.

Security teams in turn look to deploy new tools and solutions to protect vulnerable users and systems, and this is warranted. The increase in brand impersonation attacks, for example, has made solutions such as DMARC and brand exploit protect tools invaluable to efforts to protect customers from compromise.

That most organisations are also dealing with the challenge of securing a hybrid workforce, as many staff members continue to work remotely part time, only adds to the challenge. The increasing reliance on email and other business productivity tools is creating new challenges. In fact, three-quarters (75%) of organisations expect an email-borne attack will damage their business this year.

However, the growing number of security tools is also leading to cluttered security environments that can be hard to manage. One study puts the average number of security tools at any given enterprise at 45 - others believe it's closer to 75.

CXO DX / NOVEMBER 2021

An (over)abundance of security tools

What's interesting is that having more security tools does not necessarily equate to a better security posture. An IBM study found

» COLUMN that enterprises using 50 or more security tools ranked themselves 8% lower in their threat detection capabilities and 7% lower in their defence capabilities than their less cluttered peers. The ongoing cybersecurity skills shortage presents a major challenge when it comes to managing security environments. Some analysts estimate that there is a global shortage of three million cybersecurity professionals, at a time when cyber threats have drastically increased in both volume and sophistication. Without the right personnel to manage the technology and ensure that everything is always properly enabled, having dozens of security solutions can cause more trouble than good. Which is why having too many security tools doesn’t necessarily translate into better protection. This may explain the growing adoption of artificial intelligence within security teams. The AI market for cybersecurity is expected to grow from $8.8-billion in 2019 to more than $38-billion by 2026, as the adoption of IoT and connected devices and a growing volume of cyberattacks put pressure on internal teams.

Decluttering security environments with AI

For most security professionals, security intelligence is still very much carbon based, not silicon based. In other words, for most security professionals, it's people and not tech that generate the highest-quality, actionable intelligence into security. However, the volume of threats, the growing number of security tools, the broad range of threat vectors and the impact of the pandemic - specifically the sudden rise in remote work - have put immense pressure on security teams. The use of AI makes sense, especially where the organisation's risk profile, security solutions or skills require augmentation. What do organisations need to bear in mind when determining what role AI could play in supporting security teams? For one, AI is of little use when it is not integrated to the organisation's broader security ecosystem. Security teams should be able to integrate the findings of the AI tool into their other security tools to provide a unified and automated view of current and emerging threats. Having the AI tool assume some of the complexities of human behaviour also increases its usefulness. For example, machine learning is often effective in detecting highly-directed attacks that may be difficult for traditional rule-based systems to detect. The sheer volume of data that most organisations have to manage also makes it near-impossible for security teams to remain effective without the assistance of algorithms. For example, the new CyberGraph email security tool uses AI to detect sophisticated phishing and impersonation attacks, identifying anomalies and applying machine learning technology to create an identity graph based on relationships and connections between email senders. This provides security teams with an automated tool that alerts employees in real-time about email-borne threats. Setting clear expectations for what return-on-investment you

Anoop Das

Cybersecurity Expert, Mimecast

"For most security professionals, security intelligence is still very much carbon based, not silicon based. In other words, for most security professionals, it's people and not tech that generate the highest-quality, actionable intelligence into security." seek for an AI deployment also makes positive outcomes more likely. Implementing an AI tool may require time and resources, which need to be factored in upfront. Although it is no silver bullet, AI can be a powerful tool in helping organisations build greater resilience, and can lend welcome support to under-pressure security teams. However, it is essential that security leaders understand the role and limits of AI upfront, lest it becomes yet another solution cluttering up the security environment.

NOVEMBER 2021 / CXO DX

» COLUMN

A HOLISTIC APPROACH TO SECURITY Avoid the most common mistakes organizations make when protecting against cyber threats writes Ram Narayanan, Country Manager, Check Point Software Technologies, Middle East

The world of cybercrime is growing every day, every hour, every minute. Recently Check Point Research (CPR) reported that globally there are 40% more attacks per week on organizations in 2021 compared to 2020. Not only are attacks on the increase, new hacking techniques are emerging all the time such as the use of social engineering, where even experienced users may not recognize the hidden danger of malware in an otherwise genuine looking message. In addition to the growing number of threats, the Covid 19 pandemic, which turned corporate life upside down, now presents another layer of danger from a cyber security point of view. With more and more employees working remotely, there are more potential points of entry to the company network for criminals. As priorities changed, the need to communicate with customers and colleagues in the virtual world was often seen as more urgent than the need for security. However, the damage a successful attack can cause may run into millions of dollars while also inflicting untold harm to the organization’s reputation. Costly cyber-attacks have been widely reported in the media this year so try to learn from the mistakes of others and most important, try not to repeat them. So, what should you be looking out for and what should you take care to avoid? • It doesn't apply to me. The first and biggest mistake is the notion that it couldn’t happen to you. Do not assume your organizations have nothing of value that hackers are interested in. While there are some obvious high value targets, nobody is immune or off-limits as far as criminals are concerned. Every organization has a value. Plus, in the cyber world, many attacks are automated, so they may not be aimed directly at you. That doesn't mean you won't get hit by a ‘stray bullet’. Additionally, nearly half of all cyberattacks are aimed at small companies.

CXO DX / NOVEMBER 2021

• Threats have always been around and always will be, protection can wait, we have more important things to do now. The Covid pandemic has brought new challenges and tasks virtually overnight. Most organizations did not immediately prioritize security when transitioning to a remote working environment. Organizations quickly told employees to start working from home and made remote resources available. However, addressing security after the event opens countless windows for attack and increases the chances of poor implementation. Cybersecurity should be an integral part of every project and every change, right from the start. • I don't have to worry about anything, the IT teams will figure it all out. IT security is not just the responsibility of the IT team. Collaboration across the organization is key. Take security into account in budgets and business plans, and at the start of new projects. Make security a priority and address security at management levels. Training and education are important because every single employee is responsible for protecting the organization. There’s no point buying an expensive alarm system and then forgetting to lock the office door at night. A similar situation occurs when users give their log-in credentials to cyber criminals, via phishing emails, and leave the door open for criminals to get into the corporate network. • We've implemented a security solution in the past, that's enough. Cyber threats are developing at pace. Attackers are using artificial intelligence, and threats can be bought by amateurs on the darknet. Using any outdated technology can exact a heavy penalty. You can no longer deal with these emerging threats by waiting for them to happen and hoping to stop them at the gates of your organization. Detection alone is not enough, the key to protection today is prevention and solutions that extract threats and eliminate attacks before they can do any damage.

» COLUMN • Vigilant during the week, but weekends are for relaxing! Hackers never sleep. On the contrary, they wait for you to let your guard down so they can easily hunt down their weakened prey. Don’t think hackers take holidays and weekends off. The opposite is true. Be sure to beef up your security on those weekends and holidays, because a weekend attack won't wait until Monday. After all, we saw this recently in the massive ransomware attack, affecting over 200 companies that were compromised through Kaseya's systems. Hackers chose the weekend to attack precisely because IT staff are often unavailable and organisations are more vulnerable. • We're in no danger and if something happens, we'll improvise. In a successful attack, there's no time to panic or think too long. Every second can make the difference, and for you it can mean whether the damage is in the hundreds of thousands or millions of dollars. It is essential to have a clearly defined incident response plan, clearly identified procedures, responsibilities and contacts.

"Attackers are using artificial intelligence, and threats can be bought by amateurs on the darknet. Using any outdated technology can exact a heavy penalty. You can no longer deal with these emerging threats by waiting for them to happen and hoping to stop them at the gates of your organization." • Phew. We stopped the attack, that's the end of it. The opposite is true. It's just the beginning. If an attack does occur, it's important to not only stop it, but also to thoroughly investigate why the incident took place. Investigate where the vulnerabilities are, how to improve security so the situation doesn't happen again, and to make sure all systems are now safe and in their original state. Prevention work after an attack is just as important as stopping it in the first place. • There's no rush, updates can wait. You might think that software updates will add a few features or some small things and that you don't need it right now. However, updates also contain important vulnerability fixes, so never put off installing updates and patches. • Everything for everyone. Especially with the increase of remote working, company executives may feel the need to give employees access to all resources. But the lack of segmentation can only lead to the threat spreading throughout the network and causing even more damage in the event of an attack. Only

Ram Narayanan

Country Manager, Check Point Software Technologies, ME

allow access to the part of the network that a given employee absolutely needs to do their job. • The network is secured, that's enough. Don't forget that security is not just about servers and the network. Security is also essential for mobile devices, personal devices, and increasingly smart technology and IoT, such as cameras, smart watches, smart light bulbs or even sophisticated hospital equipment like an ultrasound machine. Anything with an internet connection can pose a threat so approach the problem holistically. Getting your security strategy right is a very sensitive issue. If you make security too strict and impose the toughest possible policies and rules, it won’t work. You have to take into account business processes, culture and working practices. If security makes employees' working lives significantly more difficult, they will look for ways to get around everything and the originally good intention will be completely undone. So, there is a need to align all elements into one workable system. Don't hesitate to enlist the help of external experts to help you fine-tune the whole gig. NOVEMBER 2021 / CXO DX

» COLUMN

THE WAR ON CYBERCRIME AND RANSOMWARE:

ARE YOU READY? W

e are seeing an increase in effective and destructive cyberattacks affecting thousands of organizations in a single incident creating an important inflection point for the war on cybercrime. In the case of ransomware, some operators are shifting their strategy away from email-initiated payloads to focusing on gaining and selling initial access into corporate networks further showing the continued evolution of Ransomware-as-a-Service (RaaS) fueling cybercrime. This means even ransomware is about much more than just ransom, it can also be about access. In fact, recent data from Fortinet’s FortiGuard Labs shows that the average weekly ransomware activity in June 2021 was more than 10x higher than one year ago. According to Fortinet’s State of Ransomware survey, it has become the top threat concern for many organizations today.

Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs says that because many cybercriminal organizations operate like a business, defenders can use their own tactics, real time data, high resolution intelligence, against them by disrupting their supply chain, making it more expensive for them to operate and thereby forcing them to shift tactics.

CXO DX / NOVEMBER 2021

Attacks have crippled the supply chains of many organizations, impacted our daily lives and productivity, and have hurt commerce more than ever before. With much of the workforce working remotely as well as continued virtual learning, every one of us is now a conduit for an attack. But it’s not as bleak as it might seem; law enforcement and cyber defenders are collaborating and working diligently behind the scenes to detect and respond to all kinds of threats. Now is the time for everyone to join the fight against cybercrime.

Cybercrime Is a Business Too

Cybercrime has become big business, replete with call centers that assist their victims to pay ransoms, tech support, affiliates who move and launder money, and those

» COLUMN who manage forums on the Dark Web to create and sell code. Take for example ransomware-as-a-service (RaaS), a subscription-based model that allows partners (affiliates) to use ransomware tools that have already been developed by someone else to execute attacks. The affiliates earn a percentage of the profits sometimes up to 80% if the attack is successful, and everybody else gets their cut. The booming cybercrime ecosystem generating more than a trillion dollars of revenue every year. And that supply chain is growing as well, because the bad actors are getting better funded, they are using new elements and service models, and they keep changing their tactics and upping the game. This has led to an increase in cyberattacks. The result is that we are now at an important inflection point for the war on cybercrime. Now more than ever, each one of us has a critical role to play in strengthening the cyber kill chain, to thwart efforts at each step: reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions. How does the cybercrime supply chain work? In most sophisticated ecosystems, multiple people and functions work together. It works the same way now in cybercrime. In the cybercrime supply chain, the suppliers create and produce things like malware and zero-code exploits, then they license, sell, and share their technology with distributors and affiliates, who then sell their solutions to clients who target those solutions at victims—they use their supply chain to better infiltrate their victims’ supply chains. And they have one goal in mind: profit. There are people behind the scenes who manage transactions, secure the funds, launder the money, and distribute the payouts. Just as in any corporation, they may work with account managers who coordinate the sale. And then there are the money mules who move the money so it can’t be traced.

Disrupt their supply chain

Threat hunters and researchers follow these criminals’ moves and study their tactics and playbooks to replicate and detonate their attacks. We use heat maps to uncover recent techniques, so we know what they are thinking and what they have implemented which is key—their heat maps turn into roadmaps that lead us in the right direction. Because many cybercriminal organizations operate like a business, we defenders can use their own tactics, real time data, high resolution intelligence, against them by disrupting their supply chain, making it more expensive for them to operate and thereby forcing them to shift tactics. Our efforts are also starting to pay off. Several events thus far in 2021 count as wins for the defenders. Take TrickBot, for example—its original developer was arraigned on several charges in June. And the coordinated takedown of Emotet, one of the most prolific malware operations in recent history, as well as actions to disrupt ransomware operations, such as Egregor and NetWalker. These wins signify the momentum of cyber defenders, including collaboration among global governments and law enforcement. The US Department of Justice (DOJ) sent a strong message when they charged a NetWalker affiliate who walked away with $28M— one of the first times that law enforcement has gone after the business partner and not just the developer. This needs to happen more

Derek Manky

Chief, Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs

often; if the affiliates are in danger of prosecution, they might not be as apt to participate. The amount of attention that some of these takedowns have garnered has forced a few ransomware operators to announce that they were ceasing operations altogether.

Educate Yourself and Take Action

By educating ourselves on best-practice cyber hygiene, collaborating with other defenders, and leveraging tools like artificial intelligence (AI) to detect and implement countermeasures, we can stay one step ahead of the bad guys. Reacting to a security breach is one thing, but stopping it before it can do any damage is another. Automated threat detection and AI are critical tools in enabling organizations to address attacks in real time and to mitigate attacks at speed and at scale especially across individual endpoints. Zero Trust approaches need to implement to enable secure access for remote work and learning. In addition, cybersecurity user-awareness training is as important as ever, with home workers and students, not just organizations, being targets of cyberattacks An easy way to garner some powerful cybersecurity knowledge is through Fortinet’s NSE Training Institute’s (NSE) extensive training and education programs as part of Fortinet’s Training Advancement Agenda (TAA), which offer free courses for anyone interested in learning about cybersecurity, as well as more-advanced programs for cybersecurity professionals. Learning some basic ins and outs of cyberwarfare can only help all of us to fortify against attacks. As cybercriminals become more sophisticated and creative, so do we, in lockstep. The collaboration and sharing of threat intelligence among enterprises, law enforcement, and government entities helps to shine a light on the bad actors. And when they are taken down, it’s taking them longer to recover. Some affiliates are abandoning their criminal organizations altogether because they too have become targets of law enforcement. NOVEMBER 2021 / CXO DX

» TECHSHOW

X500: Designed for defense and oil & gas sectors, the X500 laptop from Getac, the leader in rugged computing solutions, offers larger 15.6-inch display, a high-definition display or the ability to add PCI or PCIe cards. By combining powerful Intel 7th generation Quad-Core processors with a brilliant 15.6 inch full HD display and endless expansion, the X500 is a powerful ultra rugged notebook. The X500 features a massive 15.6 inch Full HD 1080p widescreen display delivering crystal-clear high def. Configure yours with the NVIDIA GeForce GTX1050 discrete graphics with 4GB of dedicated memory and you will get faster speeds (frames per second) with incredible responsiveness. Available on every X500 is the advanced QuadraClear display. Getac's QuadraClear solution combines proprietary technologies for both screen brightness and anti-reflectivity to reduce the sunlight's reflectivity and provides a more effective contrast rate than other displays, while still maintaining the battery life you need in the field. The QuadraClear display is powered by LEDs that provide an energy efficient display that is mercury-free, durable and consistent in brightness over time.

Key Features: •

The QuadraClear display is powered by LEDs that provide an energy efficient display that is mercury-free, durable and consistent in brightness over time.

•

With a state-of-the-art 2.9 GHz Intel Core i7 Quad-Core Processor, the X500 is a powerful fully rugged computer ever made. The Quad Core Processor is ideally suited to handle the

DCS-8635LH With next generation 2K QHD 1440p resolution and 360-degree views, the DCS-8635LH can capture everything within its sight in extremely high detail.The DCS8635LH is equipped with rapid motorized panning and auto tracks any person lurking in the area to let them know someone is watching. Auto patrol can also be scheduled to periodically scan the perimeter for suspicious activity. With an operating tolerance of -25 - 45°C (-4 - 113°F) you can check up on what’s happening in your outdoor area during the harshest winter temperatures and the most blistering summer heat waves. No longer will you need to worry if your camera’s frozen over or been damaged by the heat.

CXO DX / NOVEMBER 2021

multi-tasking necessary in todays complex work environments. •

With four USB 3.0 ports, two serial ports, dual Ethernet ports and a VGA port among others, the X500 has plenty of ports to connect the peripherals that you use.

•

Built from high quality magnesium alloy, the X500 features four main casings specifically engineered to protect the computer against drops, shocks, spills, vibration and more. The sealed design of the X500 protects it against dust and moisture.

•

The X500 can be configured with dual 500GB drives with RAID 0 or RAID 1 with Windows Server 2019 providing either maximum capacity and performance or mirror drives for maximum protection, depending on your needs.

The latest industry standard allows for higher quality video recording, longer recording time and massively reduced bandwidth and storage consumption. The DCS-8635LH uses Panorama View Angle Selection, so you can point it at any target in the field of view with one touch. Now you can jump to specific areas with pinpoint accuracy, keeping intruders, pets, and other moving targets in sight. The DCS-8635LH uses Panorama View Angle Selection, so you can point it at any target in the field of view with one touch. Now you can jump to specific areas with pinpoint accuracy, keeping intruders, pets, and other moving targets in sight. The DCS-8635LH comes with edge-based person detection which intelligently identifies human motion, minimizing false triggers and alarms.

» TECHSHOW

POLY STUDIO E70 The Poly Studio E70 is a first-of-its-kind intelligent camera that super-charges meeting rooms with mind-blowing video quality, state-of-the-art audio features, and next-level analytics. Dual lenses with 20-megapixel 4K sensors are boosted by Poly DirectorAI technology to create a completely unrivaled video experience – perfect for hybrid working environments. Poly Director AI technology, which includes Acoustic Fence, and NoiseBlockAI, ensures that meetings have the feel of a real live broadcast-quality production with its own in-room director. The Poly Studio E70 provides large meeting rooms with the ability to transition undetected between a wide angle and narrow lens. Everyone in the room is seen in sharp detail. The Poly Studio E70 intelligent camera is a Zoom-certified solutions that will support Zoom Rooms Smart Gallery to bring meeting equality to medium and large rooms. Zoom Rooms Smart Gallery will use AI to create a gallery view, and send up to three unique video streams to frame-up in-room participants to remote

attendees, to make sure everyone gets the face-to-face communication they crave.

Key Features: •

Life-like video with dual lenses, each with their own 20 megapixel 4K sensors

•

Enhanced security with lightning-fast motorized, integrated electronic privacy shutter

•

Super-targeted speaker tracking and professional-quality group framing with Poly DirectorAI

•

Easy management with Poly Lens ensures high uptime and provides advanced analytics

•

Get the full picture about your environment with advanced analytics from Poly Lens

Key Features: •

2K QHD 1440P resolution with 360° views (270° pan)

•

AI-based person detection, vehicle detection, and person tracking

•

Glass-break detection adds a new line of defense to your home surveillance

•

Patrol option scans the area for anything suspicious

•

Dual-band Wi-Fi and Ethernet Connectivity

•

IP65 weather resistant for outdoor operation

•

Operates in extreme temperatures of -25 ~ 45 °C (-13 to 113 °F)

NOVEMBER 2021 / CXO DX

» TRENDS & STATS

END USER SPENDING ON PUBLIC CLOUD SERVICES IN MENA TO GROW 19% IN 2022 Shift from Oil-Economy to a Data-led Economy Will Boost Public Cloud Growth in the Region

nd-user spending on public cloud services in the Middle East and North Africa (MENA) region will total $5.7 billion in 2022, an increase of 19.2%, according to the latest forecast by Gartner, Inc. While still in double digits, growth in 2022 will be slower compared to the forecasted 21.6% growth in 2021. “A renewed focus on technology growth post COVID-19 in the region is leading to continued growth in public cloud spending,” said Colleen Graham, senior research director at Gartner. “Various MENA governments’ policies on telemedicine, usage of autonomous vehicles, smart cities and a rapid move towards the next phase of the fourth industrial revolution are opening new growth avenues for public cloud in the region. Additionally, the attention given to building and nurturing talent will turn a new leaf in the region’s shift towards becoming a digital economy.”

25.8% from 2021. The highest growth will be recorded by cloud system infrastructure services (IaaS). This segment will grow 36.8% to total $895 million in 2022.

economy, enterprises harness profits from data and digital transformation and data and governance have become vital issues. “Public cloud services will have an integral role to play in this transition as many public and private sector projects in the pipeline are dependent on successful and secure deployment of public cloud services,” said Graham.

Countries in the MENA region are being MENA CIOs are turning towards cloud to swept up in the global data revolution as secure the quickest time to value for their they shift from oil-driven economies to IT investments made over the last two data-driven economies. In a data-driven years. In 2022, MENA CIOs will spend the most on cloud application services (SaaS), which includes MENA Public Cloud Services End-User business intelligence applications, email and authoring, Spending Forecast (Millions of U.S. Dollars) content services, customer experience and relationship man- Segment 2020 2020 Growth (%) 2021 2021 Growth (%) 2022 2022 Growth (%) agement, and supply chain. This Cloud business process 9.9 647.9 7.8 734.7 13.4 807.2 services (BPaaS) total segment will total $2.3 billion, Cloud application an increase of 16% from 2021, infrastructure services 712 42.3 904.2 27 1,137.20 25.8 and will account for 40% of the (PaaS) total application services total investment made on public Cloud 1,676.20 22 1,993.40 18.9 2,312.50 16 (SaaS) total cloud services (see Table 1). Cloud management and security services total

The second largest segment will be cloud application and infrastructure services (PaaS), which is forecast to total $1.1 billion in 2022, an increase of

Cloud system infrastructure services (IaaS) total Cloud Desktop as a Service (DaaS) Total

CXO DX / NOVEMBER 2021

410.2

417.1

1.7

447.4

7.3

442.2

49.5

654.6

895.2

36.8

57.9

80.1

93.7

61.9

117.4

25.3

3,946.50

26.6

4,797.60

21.6

5,716.90

19.2

Source: Gartner (October 2021)