COLLABORATION WINS: HOW TO BUILD A HIGH-PERFORMANCE WORKFORCE Employee engagement is the emotional commitment an employee has to the organization and its goals. Make employee engagement a top priority and go where intelligence, benefits, and salary cannot - to real productivity and results.
COLLABORATION TRUMPS INTELLIGENCE Successful team performance can be attributed to collaboration efforts, rather than average team intelligence.
THE DISENGAGEMENT EPIDEMIC HOW MUCH IS IT COSTING YOU?
$
$550 billion
70% of employees are either not engaged or actively disengaged at work.
Active disengagement costs a major western market $450 billion to $550 billion per year.
Highly engaged teams are 4x more successful.
Companies with highly engaged workforces outperform by 147% earnings per share.
REMOTE WORKERS REMOTE WORKERS ARE MORE ENGAGED...
ENABLE THE REMOTE WORKFORCE WITH TECHNOLOGY TO ENGAGE AND OUTPERFORM.
...and they log an average of 4 more hours a week.
62
%
45
%
of workers are of networked "networked workers workers". spend time working at home.
39
%
of employees spend time working remotely.
FACE-TO-FACE COMMUNICATION = ENGAGEMENT EMAIL AND INSTANT MESSAGING ISN'T ENOUGH. TO BOOST COLLECTIVE INTELLIGENCE AND SOCIAL SENSITIVITY, FACE-TO-FACE COMMUNICATION IS KEY.
SOCIAL SENSITIVITY The ability to read a person's feelings through facial expressions.
HIGHER SOCIAL SENSITIVITY
=
OUT OF SIGHT. OUT OF MIND. Working remotely does not have to be isolating. Video conferencing strengthens worker connections and productivity.
Keep your workforce engaged. Check out Logitech's Video Collaboration Portfolio for affordable, high quality VC solutions: www.logitech.com/Video-Collaboration
HIGHER GROUP INTELLIGENCE
» EDITORIAL
THE LONG TERM VIEW The geopolitical uncertainties due to the Russia Ukraine war has upset the global recovery and growth scenarios which need to be recalibrated. While the war has been tragic with devastating consequences, the spillover in terms of global growth rates will be unavoidable. This could impact the investments and decision making of several Businesses that operate globally. There could be delays in larger decisions and disruptions in supply chains. There is also the possibility of more cyberattacks and this calls for an urgency in terms of ramping up cybersecurity investments. For instance, with remote work trends gaining ground, one of the challenges is to implement multi-factor authentication to facilitate secure remote worker access. With the workforce increasingly distributed there is the urgency to accelerate necessary cybersecurity investments. At GISEC, the attendees will get a sneak preview of the next generation technologies on the cybersecurity front that could help against the fast-evolving threat landscape. If not for the war, the outlook would have been quite upbeat with a strong recovery from after the worst days of the pandemic. The world has adjusted well to the remote work and now what we know as hybrid work models. There have been surveys whose results suggest a large number of employees do not wish to return to the previous model, although there must be a good number of employees and possibly in the majority who may think they could be more productive being physically present at their workplaces, where you also get to build and cherish camaraderie with your colleagues. The hybrid work model is however here to stay and companies need to have longer term strategies around enabling this within their organizations.
R. Narayan
......................................................
Arya Devi Associate Editor
editor@leapmediallc.com
Co-Founder & MD
saumyadeep@leapmediallc.com Mob: +971-54-4458401 Sunil Kumar Designer
PUBLISHED BY - Leap Media Solutions LLC
...................................
narayan@leapmediallc.com Mob: +971-55-7802403
SAUMYADEEP HALDER
............................................................
Co-Founder & Editor in Chief
MALLIKA REGO Co-Founder & Director Client Solutions
mallika@leapmediallc.com Mob: +971-50-2489676
...............................................................
RAMAN NARAYAN
...................................
Editor in Chief, CXO DX
Nihal Shetty Webmaster
REGISTERED OFFICE: Office 10, Sharjah Media City | www.cxodx.com MARCH 2022 / CXO DX
3
» CONTENTS
24 » ENABLING SECURE CONNECTIVITY 28 » SIMPLIFIED BUSINESS SOFTWARE WITH DEMOCRATIC DESIGN
16
29 » SECURING THE TRANSFORMATION JOURNEY
COVER FEATURE
16 » A DETERMINISTIC APPROACH TO CYBERSECURITY Virsec’s Deterministic Protection Platform offers protection against zero-days and evolving attacks to workloads deployed in production
NEWS INSIGHTS
12 » A ZOHO GROWS BY 58% AS UAE MARKET RECOVERS FROM THE PANDEMIC, DOUBLES ITS WORKFORCE
24 COLUMN
30 » ENSURING A SECURE DIGITAL ECOSYSTEM
32 » ELEVATING BUSINESS THROUGH NEXT-GEN DATA MANAGEMENT
FEATURE
34 » MAKING THE MODERN ENTERPRISE SECURE AND AGILE
20 » SECURING THE FUTURE 26 » PROMISES TO KEEP
36 » APM 4.0: POWERING THE NEXT INDUSTRIAL REVOLUTION 38 » KEEP CALM AND CARRY ON
INTERVIEW
14 » FOCUS ON A TECH-DRIVEN FUTURE
REGULARS
06 » NEWS 19 » RAISING THE BAR
20 4
CXO DX / MARCH 2022
36 » TECHSHOW 38 » TRENDS & STATS
» NEWS
NOON PAYMENTS MIGRATES ITS CORE OPERATIONS TO AZURE Digital payments platform looks to post-COVID future, where always-on availability and slick onboarding will be vital Microsoft announced that Dubai-based e-commerce business noon payments has successfully migrated its core operations to Azure, to achieve performance and availability, accelerate DevOps, and enhance cost-efficiency.
will, day or night, to the cloud environment with a single click and zero consultation with DevOps. And with Microsoft’s API management solution noon payments can not only scale without limits, but also protect its infrastructure.
Noon payments is entering its seventh year of operations, providing a comprehensive solution that enables quick onboarding, a richly featured checkout, and speedy integrations with major e-commerce platforms and shopping carts. The company’s decision-makers knew that in the post-COVID reality of always-on demands from consumers, performance would be a critical factor to remain differentiated in its operating market.
“Being a holistic payments platform, organizations like noon payments play a crucial role in enabling digital transformation for enterprises across the world,” said Naim Yazbeck, Regional Director, Enterprise and Partner Group (EPG), Microsoft UAE. “It’s exciting to see how the Microsoft cloud is delivering millisecond response times and single-click deployment to noon payments, making online transactions more secure and responsive for online shoppers in the region.”
Before its migration to Azure, noon payments had to deploy new apps and services through the PowerShell script, which was an error-prone process that required a lot of support from experts. Now, the company’s quality assurance team can deploy at
The Microsoft Azure cloud deployment was also able to meet noon payments’ requirement for zero downtime by leveraging Traffic Manager to divert transactions to other regions during times of main-
Naim Yazbeck
Regional Director, Enterprise and Partner Group (EPG), Microsoft UAE tenance. Azure also enables noon payments to scale its performance bandwidth through peak times such as noon’s Yellow Friday Sale in November when the company projected demand spikes of up to 10 times the normal load.
BEYONDTRUST PRIVILEGED REMOTE ACCESS FORTIFIES IT/OT SECURITY BeyondTrust Privileged Remote Access enforces least privilege, granular control and visibility, and layered credential security over remote access for employees and third parties mote Access 22.1, which empowers IT/OT teams to control, manage, and audit remote privileged access by authorized employees, contractors, and vendors — without compromising security. Organizations can enforce least privilege, exert granular control and visibility, and layer on advanced credential security over remote access for employees and third parties.
Daniel DeRosa
Chief Product Officer at BeyondTrust BeyondTrust, the worldwide leader in Privileged Access Management, has announced the release of BeyondTrust Privileged Re-
6
CXO DX / MARCH 2022
Allowing third-party remote access comes with many potential security risks. Vendors authorized to access the network and applications might not adhere to the organization’s same level of security protocols. They might use weak or default passwords, or share a single set of credentials among multiple individuals. VPN is another risky practice for extending ac-
cess to third parties, as they are a target for hackers to compromise the supply chain. To reduce these attack surfaces, BeyondTrust Privileged Remote Access provides greater control over remote vendor access by eliminating “all or nothing” access. All connections are brokered through a single access pathway, with granular, role-based access to specific systems and defined session parameters. “Third-party vendor remote access is often the weakest link in network and information security,” said Daniel DeRosa, Chief Product Officer at BeyondTrust. “We enable organizations to better monitor and manage third-party access for privileged users, without inhibiting business agility.”
» NEWS
VMWARE SIGNS MOU WITH ARAMCO TO DRIVE INNOVATION IN ENERGY SECTOR The collaboration is expected to strengthen and increase local procurement VMware has signed a Memorandum of Understanding (MoU) with Aramco to support collaboration across cloud and end-user computing, cybersecurity, and digital transformation in the areas of energy and green technologies. The MoU was signed at the LEAP technology event in Riyadh. Aramco, which has been innovating with VMware since 2016, has already utilized VMware cloud solutions which have been instrumental in enhancing end-user computing solutions for the energy sector. The two companies plan to collaborate in the exchange of ideas and expertise, exploring the potential to innovate in areas including software enhancements to be used by organizations in the region and around the world.
The collaboration is expected to strengthen and increase local procurement. It also aims to be a role model for digital best practice in Saudi Arabia, and to help encourage digital transformation efforts across the energy sector. “Aramco is showing how energy companies use digital solutions to optimize
operations, boost innovation, and improve employee experiences,” said Saif Mashat, country director, Saudi Arabia, VMware. He added: “We’re delighted to help accelerate the pace of innovation and meet the sector’s specific cloud, end-user computing, and security demands of the future.”
TENABLE EXPANDS TENABLE.CS TO DELIVER CLOUD-NATIVE APPLICATION SECURITY Tenable.cs is available as a standalone solution, as part of Tenable.io and as part of Tenable.ep Tenable, the Cyber Exposure company, announced new capabilities for Tenable. cs, its cloud-native application security platform. Tenable.cs delivers full lifecycle cloud-native security to address cyber risks from build to runtime. With the new features, organizations can secure cloud resources, container images and cloud assets to provide end-to-end security from code to cloud to workload. Tenable.cs enables organizations to programmatically detect and fix cloud infrastructure misconfigurations in the design, build and runtime phases of the Software Development Lifecycle (SDLC) to prevent unresolved insecure configuration or exploitable vulnerabilities from reaching production. Tenable.cs secures infrastructure as code (IaC) before deployment, maintains a secure posture in runtime, and controls drift by synchronizing configura-
cloud workloads as well as Container Security to assess cloud hosts and container images for vulnerabilities without the need to manage scan schedules, credentials or agents. “Shift-left is the future of cloud security,” said Nico Popp, chief product officer, Tenable. “It is about finding and remediating security risk across configuration, access and software vulnerabilities before the exposure finds its way into production. Tenable.cs embraces the GitOps philosophy by tightly integrating with developer tools and workflows.”
Nico Popp
Chief Product Oficer, Tenable tion between runtime and IaC. The solution also includes Frictionless Assessment and Nessus Vulnerability Assessment for
Tenable.cs is fully integrated into Tenable. ep, the company’s comprehensive Cyber Exposure platform. With this addition, Tenable delivers an integrated, end-to-end security solution and a complete picture of cyber risks across the modern attack surface. MARCH 2022 / CXO DX
7
» NEWS
QUALYS LAUNCHES CONTEXT XDR New XDR solution built on the highly scalable Qualys Cloud Platform combines native asset and vulnerability risk context with endpoint telemetry and third-party logs Qualys, a pioneer and leading provider of disruptive cloud-based IT, security and compliance solutions, today unveiled Qualys Context XDR, the industry’s first context-aware XDR. Powered by the highly scalable Qualys Cloud Platform, the solution combines rich asset inventory and vulnerability context, network and endpoint telemetry from Qualys sensors, along with high-quality threat intelligence and third-party log data to identify threats quickly and reduce alert fatigue. Protecting environments against an overwhelming and constantly evolving threat landscape is frustrating when detecting and responding to cybersecurity threats using siloed products that provide a narrow view of the attack. Current SIEM and XDR solutions passively and reactively collect disparate, unrelated logs creating an avalanche of notifications that place the burden of correlation and prioritization on the ana-
lyst. Incident response and threat hunting teams need an accurate, comprehensive picture of their attack surface to maintain an effective security, risk, and compliance program. Qualys Context XDR provides the security context that operations teams need to eliminate false positives and noise by triangulating risk posture, asset criticality, and threat intelligence. Together, this provides visibility, contextual priority, and meaningful insights about the assets that allow teams to quickly make the most impactful decisions for enhanced protection. "Cybersecurity is getting increasingly complex - with software supply chain attacks such as Kayesa, ransomware attacks like Colonial Pipeline and widespread severe vulnerabilities like Apache Log4j - providing threat actors with multiple pathways into organizations IT infrastructure,"
Sumedh Thakar
president and CEO of Qualys said Sumedh Thakar, president and CEO of Qualys. "Qualys Context XDR is built to simplify this complexity by detecting threats, prioritizing alerts with comprehensive context and responding swiftly with multiple response actions."
PURE STORAGE IN STRATEGIC ENGAGEMENT WITH AWS Portworx by Pure Storage provides Amazon EKS customers with enterprise storage capabilities that make it easier to run data-rich Kubernetes applications at scale solutions to help enterprises move Kubernetes workloads into production. Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service to run and scale Kubernetes on AWS without needing to install, operate and maintain a Kubernetes control plane or nodes. Portworx by Pure Storage can bring a fully integrated solution to customers for persistent storage, data protection, disaster recovery, data security, cross-region and hybrid data migrations, and automated capacity management for Kubernetes applications built by developers.
Murli Thirumale
VP and General Manager, Cloud Native Business Unit, Pure Storage Pure Storage has announced a strategic engagement with Amazon Web Services (AWS) for solution development and enablement programs for Pure’s Portworx
8
CXO DX / MARCH 2022
As part of its work with AWS, Portworx has also announced an Early Access Program for Portworx Backup as-a-Service (BaaS) on AWS. Portworx BaaS introduces a modern data protection control plane to accelerate implementation of data and application recovery objectives, delivering speed and simplicity to appli-
cation owners for safeguarding Kubernetes applications. This three year strategic investment is the latest step in expanding the relationship between Pure Storage and AWS, and will deliver a comprehensive Kubernetes platform for mutual customers moving applications into production. “Portworx and Amazon EKS deliver a truly better together solution that tackles some of the biggest challenges organizations face when bringing Kubernetes applications to enterprise scale,” said Murli Thirumale, VP and General Manager, Cloud Native Business Unit, Pure Storage. “We are excited by the results we’ve seen from our many joint customers who are using our solutions together today, and look forward to being able to accelerate Kubernetes applications for many more as a result of our expanded relationship with AWS, including our new Portworx Backup as-a-Service offering on AWS.”
See your business in a new way Whether you operate as one company, 10 divisions, or 100 entities, Sage 300cloud helps connect your business and speed up growth without the cost or complexity of traditional enterprise resource planning.
With Sage 300cloud you can: Break down silos and connect the most important aspects of your business. Gain complete visibility into, and control over different operations.
Better visibility
Customized for You
Make smarter decisions
Sage 300cloud connects all your business operations in a single, integrated cloud solution.
Sage 300cloud supports powerful functionality to meet your specific business needs, as and when you need it.
Unlock new avenues for growth with greater insight into your business’ performance.
For more information, pleaser write to: Website: www.redingtonvalue.com Email: sales.value@redingtonmea.com Location: Redington Value Office, H Hotel, SZR, 7th Floor, Dubai, UAE
» NEWS
PRINCE SULTAN UNIVERSITY AND VMWARE SIGN MOU TO LAUNCH INNOVATION CENTER The Innovation Center will also be used to demonstrate the benefits of VMware’s solutions to local customers and partners Saudi Arabia. The Innovation Center, which is expected to start operating in the first half of the year, will help foster a culture of learning and build real-world information and communications technology (ICT) skills, while providing a valuable resource to research projects underway at PSU by expanding access to VMware’s solutions. The Innovation Center will also be used to demonstrate the benefits of VMware’s solutions to local customers and partners, with the aim of helping accelerate digital transformation amongst the local business community. Prince Sultan University (PSU) and VMware have signed a Memorandum of Understanding (MoU) to launch an Innovation Center equipped with VMware software and resources to give students, researchers, and businesses hands-on experience with transformative digital solutions for app modernization, cloud, networking, security, and digital workspace. The MoU was signed under the patronage of H.E. Abdullah Alswaha, Minister of Communications and Information Technology,
Dr. Ahmed Yamani, president of PSU, said: “The Innovation Center is intended to spur innovation, research, and learning at the university, and amongst local businesses and partners that are interested in embracing a cloud-first approach. By helping a diverse range of people and organizations gain experience with VMware’s solutions, the Innovation Center will play an important role in furthering Saudi Arabia’s digitization agenda in line with Vision 2030.”
BARRACUDA LAUNCHES UAE DATA CENTRE SERVICES The vendor’s Cloud-to-Cloud Backup solution to be now delivered to customers in the United Arab Emirates from Microsoft’s local cloud data centres nesses in the country.
As it looks to meet the growing demand for data protection in the Emirates and better serve its Middle East customers, Barracuda Networks, Inc., a trusted partner and leading provider of cloud-first security solutions, today announced that its Cloud-to-Cloud Backup solution will now be delivered to customers in the United Arab Emirates from Microsoft’s local cloud data centres. This makes a total of 10 regions for the solution, and customers’ Office 365 backup data will be stored locally within the country, a key requirement for customers operating in regulated industries, and in complying with local regulations.
“At Barracuda, we continue to invest in our global infrastructure in order to help local organisations get access to protection against emerging threats,” said Chris Ross, SVP International, Barracuda. “As more organisations move to the cloud, they are looking to protect their data, while being able to handle and store data locally. Microsoft advises customers to use a third-party backup and recovery provider, and with these new regions, we will be able to serve our customers while helping them comply with data regulations and policies.”
With the UAE’s landmark personal data legislation that places new regulations around the processing of personal data for individuals in the UAE coming into effect this year, such concerns around geo-residency will no doubt be amplified for busi-
Barracuda’s latest version of Cloud-toCloud Backup delivers a fast search and restore experience for Office 365 data, including Teams, Exchange Online, SharePoint, and OneDrive. Compared to traditional backup and recovery solutions, it is
10
CXO DX / MARCH 2022
Chris Ross
SVP International, Barracuda a cloud-first solution that provides scale and resiliency, fast performance, and wide global coverage to protect Office 365 data born in the cloud.
» NEWS
COLORTOKENS EXPANDS ITS PRESENCE TO THE MIDDLE EAST Nader Baghdadi to head the regional operations agement will enable organizations to get an enterprise-wide view of overall cyber risks, predict breaches using SAFE’s proprietary algorithm and know the potential financial impact of each cyberattack before it occurs.
Nader Baghdadi
Senior Regional Director, MEA Safe Security announced a strategic collaboration with Infosys, a global leader in next-generation digital services and consulting. Safe Security’s SaaS platform SAFE, combined with Infosys’s capabilities in quantitative cyber risk man-
SAFE provides organizations with real-time visibility into their biggest cyber risks across people, processes, technologies, cybersecurity products and third-party. This is done by aggregating signals via APIs into a single dashboard, with actionable insights and potential financial impacts. The insights gained from SAFE also provide a common language for discussing cybersecurity risks with board members, auditors, and other internal and external stakeholders. By combining these insights with Infosys’ ongoing strategic guidance, joint customers will benefit from a more proactive cybersecurity approach.
“Combined with SAFE’s unique capabilities of measuring, mitigating and managing cyber risks and Infosys’s expertise in delivering seamless customer service through automation, innovation, and efficiency, we are bringing a powerful, and 360 degree cyber risk management solution to the market. This global strategic collaboration will help accelerate the adoption of predictive risk quantification solutions, and extend our leadership in this market,” said Saket Modi, Co-founder & CEO, Safe Security. Currently, organizations tend to invest in cybersecurity products and services based on their cyber risk maturity and not by having a complete understanding of their overall threats. The Safe Security and Infosys collaboration will give security and risk management leaders new insights into the overall performance of their cybersecurity investments.
BULWARK TO SHOWCASE PORTFOLIO AT GISEC The company has recently opened their office ‘Bulwark Saudi’ in Riyadh With an intense focus on boosting the IT security, communications & technology industries in the Middle East region, UAEbased Bulwark Technologies, one of the IT cybersecurity specialized Value-Added Distributor has an array of internationally acclaimed products lined up to be showcased at the Gulf Information Security Expo and Conference (GISEC) 2022. Gearing up for the mega-event, the company has reiterated the importance of building a strong, integrated security infrastructure in the region responding to predicted market demand & has introduced next generation security technologies at the right time. Located in Hall 6, stand C-49, Bulwark will highlight its end-toend security solutions and customer-centric distribution strategies during the show. The company will be offering latest technologies and new product launch spanning Digital Risk Protection, Hardware Security Modules, Encryption, Smart ID/PKI Solutions, Web Application Vulnerability Scanner, Data Classification, Data Loss Prevention, Secure Managed File Transfer, Encrypted Flash Drives & Disc Drives, Email Security & Archival, PIM/PAM, Secure Remote Access/Workspace Virtualization, Insider Threat Prevention, Employee Monitoring, Enterprise Mobile Management solutions, Cyber Skills Development / Training platform, SIEM in addition to their other security technologies at the event.
“GISEC is a great platform for demonstrating our product portfolio to targeted partners & customers in the region. With the region’s huge demand for cyber security, we look forward to receiving excellent & evoking responses from our vendors, partners & customers during the event,’’ said Jose Thomas Menacherry, Managing Director, Bulwark. Value Addition has been at the very core of Bulwark’s operations since its inception in 1999, making the company grow from strength to strength. MARCH 2022 / CXO DX
11
» NEWS INSIGHT
Zoho grows by 58% as UAE market recovers from the pandemic, doubles its workforce In 2021, Zoho grew by 52% in the Middle East and Africa region Zoho, a global technology company with an extensive product portfolio in the industry, announced that it has seen 58% growth in the UAE in 2021. The company has doubled its workforce in the country and increased its channel partner network by 48 per cent. The announcement was made during Zoholics Dubai, the company’s annual user conference being held at The Address Skyview, Downtown. “Zoho’s growth in the region is largely underpinned by local businesses realising the power of SaaS applications, as they reap benefits of digitising their operations. The breadth and depth of Zoho’s product portfolio, which includes over 50 business apps and our integrated suite Zoho One, enables businesses to digitise every aspect of their operations, without worrying about data silos or integration hassles,” said Hyther Nizam, President MEA, Zoho Corp. “Our vision for transnational localism has also helped us expand organically in the region, a strategy where our company growth is rooted in local business ecosystem development and community progress. Aside from increasing our on-ground presence with new offices and hiring local talent, our focus over the year has been on serving regional customer needs like local payment gateway integration, and enabling tech accessibility through partnerships with government bodies and local business networks,” he added. In 2021, Zoho partnered with Dubai Culture to help make enterprise technology available to solopreneurs, and businesses of all sizes. As part of its growth strategy, Zoho is hiring locally, increasing its partner network and collaborating with
12
CXO DX / MARCH 2022
local organizations to serve local businesses, while making its globally popular apps available and accessible to everyone. The company has also invested in upskilling initiatives, such as partnering with Emirates Academy of Hospitality Management to train their first-year BBA students in the ‘Role of technology in business management’.
leverage cross-functional smart reporting and analytics by combining data across different departments. This is an attractive offering for any business. Availability of RTL Arabic language support in our major apps such as CRM, Books and Creator, and other attributes like ease of use and affordable pricing have helped increase the adoption of our solutions in the region.”
“During the pandemic and its multiple waves, we have seen a surge in demand for customer experience platform, lowcode platform and business intelligence offerings, as they became instrumental for any business to stay operational and react to the quickly changing market demands,” said Ali Shabdar, Regional Director for MEA, Zoho Corp.
Growth in MEA
“Zoho One—the Operating System for business, which unifies 45+ apps built on the same technology stack that contextually integrate with one another and are supported by a common data model—allows business owners to transcend departmental silos, unify processes, and further
In 2022, Zoho plans to open offices in Kenya, Nigeria and three other countries, with Dubai serving as the regional headquarters. It also plans to continue hiring locally in other countries to serve its customers, as it expands its footprints across the region.
In 2021, Zoho grew by 52% in the Middle East and Africa region, which is the second highest growing region for the company. It grew its partner network by 55% and tripled its workforce in the region. The company also established its presence in seven countries, and set up new offices in Saudi Arabia, Egypt and South Africa.
» INTERVIEW
FOCUS ON A TECHDRIVEN FUTURE Jayesh Maganlal, CIO at DAMAC Properties elaborates on how he strives to keep up with Damac’s vision of having a tech driven future for a smoother customer experience. How has the IT landscape changed in the last 2 years? With technology moving forward at a rapid pace, there is a need for organisations to keep pace and remain relevant. DAMAC’s vision for a tech-driven future emphasises readiness, speed, and agility of technology by reengineering its processes and building a robust integration layer, resulting in a smoother customer experience. When it comes to envisioning the future and maintaining a competitive edge, a brand cannot afford to just resort to tried-and-tested methods. It must drive innovation at every possible junction of its journey and encourage open discussion with its customers, form virtual teams with active participation from business users, and employ collaboration tools. We have recognised that technology is no longer only a driver of business, but it is the business and we have implemented a tech-driven blueprint for growth that we take very seriously. Currently, we are committed to fast-track our digital transformation agenda. IT has become the forefront of our business operations, and we are ensuring that technology is engrained into every single process and business function. What is the next phase of digital transformation requirement? How far have you reached in the initial digital transformation journey? Our next phase of digital transformation is Total Experience (TX). TX is all about operating experiences without vacuum/silos. It seamlessly combines and overlaps employee experience, customer experience, user experience, multiple experiences and so on. The streamlining of customer experience is paramount to the progress of all our developments and consolidates its position as a futuristic company. We are invested in the latest technological trends towards elevating its services and empowering the sector to adapt to the modern age. We have made significant progress in addressing customer experiences through new digital touchpoints, changing the user experiences to simplify ways of communicating and interacting with our customers and digitising the journey of all our processes across the organisation. As part of this process, we offer residents, tenants and prospective clients, 360-degree views of its ready apartments to help them get a feel for the premium quality of its homes. In addition, customers can also virtually customise their apartments/villas through
14
CXO DX / MARCH 2022
Jayesh Maganlal CIO, DAMAC Properties
this virtual viewing experience to suit their preferences so that they may begin to experience what it would feel like to live in their future homes. Our DAMAC Malou Living Toft app has been recently launched for community-related services residents and tenVP EMEA,for Milestone Systems ants — which seeks to make several services and processes easier and more seamless for homeowners — from settling payments to uploading documents for property handover, making amenity bookings and getting special discounts on services, among others. With massive digital transformation occurring across the region, what were the major challenges faced by you? Managing demand from the business is a challenge as all requirements are important and expectations to deliver remains high and urgent. Having a tactical plan, a coherent framework and a digital roadmap we can help plan this out. It also helps to ensure being equipped with the right digital talents that can help in making the execution more efficient. What is your cloud strategy? Do you have hybrid cloud strategy in place? Are you looking at multi-cloud adoption for leveraging the best of cloud? Hybrid multi-cloud is the strategy going forward and it is something that we adopt, and have planned for. This allows flexibility for the customers to choose and decide based on their specific needs. With more solutions relying on SaaS and PaaS platforms, multi-cloud is the way forward. What is your IT agenda for this year? Our goal for this year is to continue our focus on driving Total Experience across all our touchpoints from customer management, employee management, sales management and simplifying the back-office operations. By employing advanced innovations, we will continue to enhance our services by offering residents and potential buyers premier experiences and advanced technologies that cater to their lifestyles.
» COVER FEATURE
A DETERMINISTIC APPROACH TO CYBERSECURITY With an approach that redefines cybersecurity, Virsec’s Deterministic Protection Platform offers protection against zero-days and evolving attacks to workloads deployed in production
C
ybersecurity today needs to overcome sophisticated attacks before they can penetrate infrastructure and software. Easier said than done because these attacks are unpredictable and are evolving fast. Hence there is a need for an entirely redefined approach that ensures better protection against zero-days, evolving attacks and, known and unknown threats to workloads deployed in production. With its Deterministic Protection Platform (DPP), Virsec delivers a solution that meets these requirements to secure critical infrastructure at all times. Dave Furneaux, CEO, Virsec says, “At Virsec, we recognize that the only way to overcome the most sophisticated types of cyber threats is true protection. Cybersecurity is an industry of innovation. Technology needs to constantly evolve and at a fast pace at that, because attackers tend to exploit software at their very core in innovative and unpredictable ways. There is no singular or fixed pattern that can be tracked and cracked; hence it is crucial that threats are stopped before they can start to infiltrate the system. The Deterministic Protection Platform (DPP) by Virsec is the only solution that ensures precise protection against zero-days and evolving attacks to workloads deployed in production. Runtime protection is key, as DPP reduces threat actor dwell time from minutes to milliseconds across the full software stack. Our focus allows us understanding and thwart attacks from their source, that is prevention within the application itself, rather than attempting to trace the attacker.” Traditional security can no longer handle today’s cyberattacks that have become increasingly complex where actors exploit systems at
16
CXO DX / MARCH 2022
the core to obtain control of server workloads. With conventional security solutions, attackers can bypass detection and gain access. Dave adds, “Conventional security solutions are probabilistic in their approach as they rely on heuristics or AI to “guess” if an attack has occurred, typically by analyzing logs after an incident has occured. As a result, breaches keep happening, with attacker dwell times averaging almost seven days. Additionally, these tools generate hundreds of false positive alerts – overwhelming precious security resources with having to investigate and respond to each one. Certain market segments such as defence, banking, government, national and critical infrastructure, amongst others, cannot afford the risks of being exploited. Critical infrastructure systems require full protection to prevent data theft, service disruption, and financial losses. Virsec has a unique approach to mitigating these risks, rooted in determinism.” Rather than focusing on the attacker and past behaviour, Virsec focuses on the application in runtime. An application is built using code, and once a specific code is written and used to build an application, it will always produce the same results and the same outcome when executed. This repetition is the biggest indicator of proper functioning – if there are any anomalies, and when the code starts acting in ways that are not part of the original infrastructure, it is a warning sign. Dave elaborates, “With Virsec’s technology, namely our Deterministic Protection Platform, these deviations are detected early and stopped before major damage or downtime is caused. With DPP, Virsec is making security response obsolete by offering the protection those probabilistic solutions do not. DPP ensures automatic protection against all known and unknown threats to vulnerable workloads, but it also reduces adversary dwell time from minutes to milliseconds, specifically protecting against ransomware, remote code execution, supply chain poisoning, and memory-based attacks.Virsec have made significant investment and developed numerous patents rooted in our first-principles approach to protection, which separate us from traditional security tools.” Traditional approaches to protection rely on monitoring systems from a distance and only reacting once the attack has taken place – at this
» COVER FEATURE point, often the damage has been done and it is difficult to recover what may have been lost. DPP does not rely on prior knowledge and focuses on what the Applications are meant to do. Any deviant behavior needs to dealt with in milliseconds before the infiltration succeeds. Dave says, “Prior knowledge of applications is not what prevents attacks, rather it is a thorough understanding of what the application is supposed to do versus what it should not. It is critically important to fully understand applications from the inside out. A deterministic approach automatically safeguards an application from within because it can detect a threat within milliseconds – as soon as the code stops doing what it has always been doing. The first two or three seconds in are very crucial for the attack to proceed. You must be able to stop it at that time, and we are able to do that with DPP, by knowing and understanding the application’s code thoroughly. It is different because it does not just rely on the knowledge, but on the consistency of the application and any fluctuations are an immediate warning sign of an adversary in your network. This means zero dwell time for a cyber threat, and it is eradicated before it can compromise your business, and the attacker is left unaware.” DPP is designed to prevent cybercriminals' efforts to set up attacks, execute scripts/code, and gain free reign over server environments by exploiting hosted applications. Threats that bypass existing security controls can be countered with trusted precision at any stage in the attack sequence, so attackers do not benefit from delayed security efforts. When it comes to ransomware, one of the key points to keep in mind is that it does not happen overnight. The attackers wait for weeks, maybe even months, in your network before they act. A key focus of DPP is that with its approach of ensuring zero dwell time for a cyber threat , it is able to offer early remediation against ransomware attacks that are now seen to be on the rise. Dave says, “ With DPP, there is constant visibility into a software’s workload as it is being executed. This is not just into application components, but spans vulnerable workloads, files, processes and memory space that are typically targeted by attackers. Having such thorough visibility into systems during runtime allows organizations to pay attention to any inconsistencies and boost their security for sensitive or critical information. Unlike typical solutions that enable threats to progress as various incidents are evaluated or precedence is established, DPP ensures early attack eradication for zero attacker dwell-time without affecting system operations. DPP provides a deeper layer of protection while enabling a direct line of sight into all software code and workload – true runtime observability, without impacting performance.” Virsec’s Deterministic Protection Platform simplifies cybersecurity for organizations without much tech expertise. It is automated and does not require a team of cybersecurity personnel to be deployed to manage it. “Virsec automates runtime protection on any server workload and in any workload environment. Organizations want security that is convenient, and DPP offers this by instantly mapping the application workload within milliseconds once it is launched, deterministically allowing only known “good behavior” as defined by the parameters
Dave Furneaux CEO, Virsec
of the software. “ Security teams deploying DPP have experienced significant OPEX savings by up to 70% and increased time to focus on business innovation versus the hassle of monitoring suspicious events, hunting out threats, investigating results, and reacting to thousands of false alerts daily. DPP consolidates several security tools (WAF, AV, allow-listing) and unifies protection for workloads deployed in containers, clouds, and VMs (virtual machines), shrinking the security footprint within a single installation while delivering accuracy in protection and no false positives. The intuitive UI maximizes usability and accelerates deployment and protection at scale. DPP also ensures precise protection against zero-day and evolving attacks to workloads deployed in production with its own Zero trust approach. “Unlike other Zero-Trust solutions who focus solely on identify and access management (IAM), DPP assumes threat actors have arrived on the host server to execute malicious activity using validated requests, data, and components at runtime. DPP applies a ‘never trust, always validate’ approach to application runtime, delivering the tightest control on software components and solid protection against evasive attacks that weaponize the same. It uniquely maps the entire software stack as applications load to discern how systems should execute, and protections on deviations automatically initiate in milliseconds. DPP enables organizations to continuously validate files, processes, process flow, and memory usages automatically as throughout the runtime cycle for zero trust execution that erases risk and simplifies security,” adds Dave.
Enabling cloud adoption
DPP also makes it convenient for organizations to embrace a cloudfirst strategy without concerns of heightened risks or security complexities. It integrates seamlessly with DevOps, DevSecOps, and CI/ CD pipelines for secure code development, drift prevention, and assurance that applications are deployed to the cloud protected. DPP’s MARCH 2022 / CXO DX
17
» COVER FEATURE deterministic approach to threat detection instantly reduces the attack surface and protects against the most evasive attacks that have the potential to compromise VMs or Kubernetes and Docker containers. “Whether DPP is deployed in cloud environments like Amazon Web Services, Google Cloud Platform, and Microsoft Azure, customers can experience the same depth of visibility and full-stack protection afforded on-premises without additional skill requirements or shifting expertise to an MDR/MSSP. Furthermore, DPP allows organizations to unify their security capabilities central to cloud runtime protection within one platform instead of relying on solutions that add more complexity to protecting cloud deployments regardless of infrastructure demands,” says Dave.
The partner focus
The cybersecurity vendor has a strong partner focus as part of its go to market strategy. Virsec has built a strong partner system with outcome-based incentives for its partners’ teams. It also has a very strong focus on partner-team enablement through trainings and certifications for customer satisfaction, and some of its strategic partners enjoy the benefits and opportunities that arise out of joint marketing activities as well as funded heads. Dave says,“From the very start of our journey, Virsec has been partnering with organizations who share our mission to make cyberattacks irrelevant. We work closely with many partner-centric companies whose mission is to protect end-user software infrastructure, and it is safe to say we are a channel-focused company. Virsec engages with a diverse set of partners including, value added distributors, resellers, referrers, system integrators, and managed service providers.” Virsec works in tandem with channel and global alliance partners to ensure they deliver on their commitment to keep their customers safe. Bobby Gupta, Senior Vice President and MD of International Business, Virsec says, “Virsec is on a mission to make cyberattacks irrelevant by fully protecting software while its running. We envision a fully safe digital ecosystem, and our ambition has always been to achieve this through the support of our channel partners, both within the region as well as globally. Virsec maintains global alliances with international organizations such as Raytheon, KPMG, and IBM, but we also work with several local partners in the Middle East, Asia Pacific, and Europe. We have always had a deep commitment to reaching our end users though our partners. We strongly believe in the experience and breadth of our partners in the region that supports us in achieving our mission.”
Bobby Gupta
Senior Vice President and MD of International Business, Virsec
across the Middle East,” says Dave. We have recently announced a big partnership with Yotta Infrastructure in India. Virsec’s Series C funding round of $100 million last summer propelled its growth by allowing to hire new key executives and expand its global footprint. “Last year we further expanded our efforts in the ANZ region, Africa, India, North America as well as the Middle East and Africa. We are now beginning to reach Japan and APAC, and Europe, too. Additionally, our strategic relationships and commitment across the four Quadrilateral Security Dialogue (Quad) nations (US, Japan, India and Australia) has enhanced our ability to protect within critical infrastructure and the defence sectors globally. This has contributed to garnering momentum and solidifying the outlook we have for the future of Virsec, ” adds Dave. From a global perspective, the Middle East market is a key focus for Virsec.
Virsec has expanded its global presence in recent years and is looking to make more inroads into the Middle East region in the near future
Bobby says, “Middle East is a key region for Virsec. We have seen how cyber-attack patterns have grown across the region, and as one of the only providers of runtime application security, Virsec works very closely with various verticals in the Middle East such as government, telecoms and in financial services, namely within the UAE, Saudi Arabia, Qatar, Kuwait, Jordan, and Egypt. In fact, many of our early customers are located in the region. We have a significant presence in the UAE, with a local team and a strong network of channel partners across the region.”
“Virsec is proud of our robust global footprint, which has us engaged in over 20 countries including many in the Middle East. We anticipate continued growth in and across the region this year and in the future – catalysed by our connections, team and partners in the region. We expand our strategic focus by growing our team on the ground, onboarding partners, and ultimately boosting our channel presence
With an approach that redefines how cybersecurity is being looked at, GISEC serves as an ideal platform the vendor to showcase what it has to offer. Virsec is an exhibitor at this year’s GISEC and will be highlighting the capabilities, performance and operational savings of DPP and also use the platform to spread awareness of true runtime protection and why it is so vital for organizations today.
The Outlook Ahead
18
CXO DX / MARCH 2022
» INTERVIEW
RAISING THE BAR Jishant Karunakaran, CEO at Mindfire Technologies, a next generation provider of cybersecurity services discusses how the company is helping enterprise customers secure their infrastructure and data Please discuss Mindfire's expansion with a new office at DIC? The expansion is in line with our mission of becoming a trusted cyber security services provider with world class infrastructure and skills, along with strong local presence so as to strengthen our position as a trusted partner available locally here in the UAE. Our cyber defence centre at Dubai internet city hosts a security operations centre as well as forensic lab. We are continuously investing in technology and process and methodologies to ensure that we are able to deliver value to our customers. We relish in constantly raising the bar for ourselves when it comes to customer satisfaction and our ability to innovate and deliver emerging security solutions as well as managed security services. Have you increased your team? Has the business grown in 2021? Last year our team grew by over 100%, as many of our enterprise customer entrust us with their security cybersecurity services. The segment which saw significant growth was managed security services with organizations realising the value an MSSP can bring for them in terms of managing cybersecurity challenges. Discuss the cybersecurity landscape as you see it at present? Are companies investing sufficiently in security? Obviously, there is increased realization across the spectrum of enterprise leadership that the security threats are increasingly getting complex, frequent, and impactful as well as the fact that threats come from outside and inside the organization and that everyone is vulnerable. Cybersecurity is being seen as critical business investments to be leveraged to generate organizational value, not a just good to have attribute which reduces business risk. Keeping pace with cybersecurity and data privacy also drives innovation and growth. We have a strong team on data security and protection services helping our customers on formulating and implementing data protection policies and technologies to ensure compliance and to safeguard this critical enterprise asset. What are your strengths as a security services provider? Our core strength obviously our skilled team of professionals. We constantly invest in our people with frequent trainings, workshops and brainstorming sessions. Over the years we have developed strong partnership with some of the leading cybersecurity vendors. We represent them here in the region with certified team of can customise and implement these solutions for our customers here in the region. We have a dedicated Incident response team with fully facilitated forensic lab. Elaborate your focus on cloud security? We see our self as a cloud native company having been part of early cloud initiatives in the region. As Organizations migrate their enterprise workloads and applications to the public cloud
Jishant Karunakaran CEO, Mindfire Technologies
to take advantage of the elastic and scalable infrastructure as well as to benefit from cloud native applications and services available on the public cloud security is all the more important. We help our customer with Cloud security posture management to provide comprehensive security across public cloud. You have a focus on Managed security services- do you already have customers who subscribe to managed services from you? Managed security services is our faster growing business segment over the past couple of years. We have some of the leading entities both in public and private sector in our managed security services portfolio. We are certified with ISO/IEC 27001:2003 Information Security Management System Hall marking our managed security services. Which are the key vendors you work with across different solutions? We work closely with vendors like VMWARE security for their leading EDR solution Carbon Black and NDR solution last line, AT&T cybersecurity USM anywhere is one of our hot selling segment. We are a Microsoft managed security partner as well offering Microsoft 365 and sentinel security offerings. For email resilience we also work with Mimecast and Barracuda apart from Proof point as well. For XDR segment we work with SOPHOS and Sentinel One. We partner with RSA for their leading SIEM solution newishness. For monitoring solutions, we work primarily with PAESSLER PRTG. We also partner with Fortinet, Checkpoint, Forcepoint, BlueLiv and ORCA. MARCH 2022 / CXO DX
19
» FEATURE | GISEC
SECURING THE FUTURE Cybersecurity vendors have evolved next generation security technologies to take on the rapidly transforming threat landscape
W
ith the need for cybersecurity to be now an integral part of digital transformation initiatives, cybersecurity investments are a priority for IT decision makers. The advent of Zero Trust and SASE along with several others have redefined the traditional approach to security, especially to be relevant in a multi cloud era.
20
CXO DX / MARCH 2022
Every year at GISEC, the advances on the cybersecurity front gets showcased by leading vendors and at this edition too, expect nothing less. A visit to the expo seems mandatory for CISOs and CIOs as well as other senior IT decision executives to get a good overview of what they could possibly factor into in their focus ahead for securing their organizations better.
» FEATURE | GISEC
Ram Narayanan, Country Manager, Check Point Software Technologies, Middle East says, “GISEC is one of the most anticipated events in the region which provides an enormous platform to showcase our transformation and signal our new thinking and energy and capitalize on new business development. We will emphasize on our new strategic directions towards the best and brightest thinking around our solution highlights through our new mantra ‘You Deserve the best Security’ and showcase our Infinity portfolio of solutions which includes our three main pillars, Check Point CloudGuard, Check Point Harmony and Check Point Quantum.” The vendor will introduce Demo Point to its channel partners and end customers where they get to explore our Quantum (Network), CloudGuard (Cloud) & Harmony (User and Access) security products. Check Point’s cloud security architects will be engaging with customers onsite and showcase how to address cloud
Maher Jadallah
Senior Director MENA, Tenable
security at scale and speed. Check Point will also be discussing and showcasing its hyperscale architecture – Maestro solution and engaging with prospects how it can be relevant to their environment and address some of their use cases. For Qualys, the focus would be on their latest innovations 30-day trials will be offered to interested delegates. Technical experts at
their booth will address queries around their solutions including Qualys CyberSecurity Asset Management (CSAM), Qualys Vulnerability Management Detection and Response (VMDR) and Qualys Context XDR. Qualys CyberSecurity Asset Management (CSAM) is an asset management solution that enables security teams to reduce the ‘threat debt’ by continuously inventorying assets, applying business criticality and risk context, detecting security gaps like unauthorized or EOL software and responding with appropriate actions to mitigate risk. Qualys Vulnerability Management Detection and Response (VMDR) is a single-console platform for the discovery, assessment, prioritization, and patching of critical vulnerabilities in real time, across global hybrid-IT landscapes. This year, Qualys will be highlighting VMDR’s recently added Advanced Remediation capability. Qualys Context XDR is a context-aware XDR solution that combines rich asset inventory and vulnerability context, network and endpoint telemetry from Qualys sensors, along with high-quality threat. Lookout will use GISEC as a platform to showcase the Lookout Security Service Edge (SSE) solution. Lookout SSE consolidates CASB, ZTNA, and SWG with Endpoint Security into a unified platform that reduces cost and complexity while simplifying management of security and access across all endpoints, clouds and on-premises infrastructures MARCH 2022 / CXO DX
21
» FEATURE | GISEC
Hadi Jaafarawi
Managing Director – Middle East, Qualys Bahaa Hudairi, Regional Sales Director META, Lookout says, “Lookout Security Service Edge (SSE) solution enables organizations to secure their data while supporting a modern, anywhere anytime workforce with consistent cloud-delivered security policies regardless of where data is stored. In addition to integrating Cloud Access Security Broker (CASB), Zero Trust Network Access (ZTNA) and Secure Web Gateway (SWG) into a single platform, Lookout SSE integrates policy and data security enforcements deeply across web, SaaS and private applications. These include User and Entity Behavior Analytics (UEBA), Data Loss Prevention (DLP) and Enterprise Digital Rights Management (EDRM). As a result, the Lookout SSE solution delivers an easy-to-use unified user interface across SWG, CASB and ZTNA that simplifies policy and reporting workflows. By analyzing telemetry data from users, endpoints and the data they’re accessing, Lookout dynamically enforces policies with varying degrees of granularity.” Tenable’s focus at GISEC would be to highlight the need for customers to understand the risks their networks face with accelerated cloud adoption and their solutions that can help them fix those vulnerabilities. Maher Jadallah, Senior Director Middle East & North Africa, Tenable says, “ Cloud adoption has exploded, particularly to accommodate a hybrid workforce. However, discovering and prioritising vulnerabilities in a cloud environment is only half the
22
CXO DX / MARCH 2022
Bahaa Hudairi
Regional Sales Director META, Lookout
battle. Organisations need to shift left with cloud security to find and remediate vulnerabilities before they reach production.” He adds, “When we look at how attacks play out, in the vast majority of cases, bad actors typically go after the low hanging fruit in networks — known but unpatched vulnerabilities. Having exploited a vulnerability to gain a toe-hold into the organisation, attackers will pivot focus to Active Directory and the identity infrastructure to escalate privileges and move laterally, with an aim to target further vulnerabilities, install malware and exfiltrate data. At GISEC, our focus will be helping organisations understand these security risks to their business.”
Security challenges amidst transformation
The trends of hybrid work models coupled with accelerated transformation towards multi cloud adoption, edge computing, IoT deployments etc has amplified the threat landscape. Hadi Jaafarawi, Managing Director – Middle East, Qualys says, “The Digital Transformation and the Digital Age we are living in, make Enterprise IT environments boundless and more and more complex. We are basically facing a change of paradigm from a Corporate-centric to Cloud/Internet-centric landscape/infrastructure/network. What is needed to secure any IT infrastructure is, first and foremost, the visibility on all IT assets. This is the cornerstone of any cybersecurity program, because “you cannot se-
» FEATURE | GISEC cure what you can’t see or you don’t know”. Furthermore, the visibility cannot just be from time to time, it has to be all the time and in real time.” He adds, “The Qualys Cloud Platform, combined with its powerful lightweight Cloud Agents, Virtual Scanners, and Network Analysis (passive scanning) capabilities bring together all four key elements of an effective vulnerability management program into a single app unified by powerful out-of-the-box orchestration workflows.Qualys VMDR enables organizations to automatically discover every asset in their environment, including unmanaged assets appearing on the network, inventory all hardware and software, and classify and tag critical assets. VMDR continuously assesses these assets for the latest vulnerabilities and applies the latest threat intel analysis to prioritize actively exploitable vulnerabilities.” The shortcomings of VPN have to be addressed in order to not to allow even legitimate users all unrestricted access which is where zero trust comes in. Bahaa says, “Cloud-based infrastructure has enabled employees to be productive from anywhere on any device. This has driven the need for seamless access to corporate data to get their work done. As a consequence, many organizations have turned to virtual private networks (VPNs) to support remote workers, but this approach falls short in a number of ways. First, VPNs give whomever is connected unrestricted access without the contextual awareness of who or what wants access. Second, they don’t understand whether the device connecting into the network is free of malware or if the user is who they say they are. Third, a VPN can also give access to other devices connected to the user’s network that are frequently not under your control.” Lookout Zero Trust Network Access (ZTNA) continuously monitors the identity of those requesting access to an organizations’ apps and understands what they need for work. These insights enable a Zero Trust approach, providing dynamic identity and context-aware access to data depending on the risk level of the user and device. The move to a multi-cloud strategy has been largely driven by choices; using more than one cloud service provider allows an organization to choose whichever services and capabilities fit their needs best. According to Check Point Software’s 2022 Cloud Security Report revealed that cloud security incidents were up 10% from the previous year with 27% of organizations now citing misconfiguration, way ahead of issues like exposed data or account compromise. According to Ram, “Organizations are continuing to adopt cloud, with 35% running more than 50% of their workloads on Azure, AWS and GCP, they struggle to manage the complexity of secur-
Ram Narayanan
Country Manager, Check Point Software Technologies, Middle East ing their cloud infrastructures across multiple cloud platforms, while also suffering a cyber-skills and knowledge shortage. The right security framework will maximise full value and ensure security across these environments He elaborates further on the evolving landscape. “The cybersecurity landscape presents a sophisticated perspective all together. While we understand that there are a set of partners who work and stick on to a particular industry vertical, today’s generation of threats is not limited only to a certain vertical. The Gen V of cyber attacks has expanded every organization’s perimeter. According to Check Point Software’s latest threat intelligence report, an organization in the UAE is being attacked on average 720 times per week in the last 6 months, with healthcare, finance/banking and retail/wholesale being the topmost impacted industries respectively. Most organization’s attack surface has become wider, now more than ever. Modern organizations are investing to recalibrate their cyber security approach around three main elements: Securing their corporate networks and data centers, securing cloud environments and lastly, securing employees wherever they are. “ Indeed, the attack surface is widening further with the proliferation of connected devices as well as the distributed workforce working out of anywhere. It will take the redefined approaches and solutions from cybersecurity vendors to address the sophisticated attacks that prowl around all threat vectors, looking for a way in. MARCH 2022 / CXO DX
23
» INTERVIEW
SECURING CONNECTIVITY Amanulla Khan, Managing Director of Linksys Middle East, Turkey & Africa discuss how the networking leader is focusing on delivering solutions integrating latest technologies to address evolving market trends Discuss the focus on expanding your solutions? As leaders in the market, we are always looking to offer reliable solutions to consumers and businesses because we understand the importance of strong and steady technology. For both our consumer and business segments, we are simultaneously working to expand our WiFi solutions by integrating the latest and greatest technologies such as WiFi 6 and 6E and/ or the newest iterations of Mesh WiFi. We also do this by combining different functionalities into our solutions in line with IoT ecosystems. We’re also proud of Linksys HomeWRK for Business, the first ever enterprise solution to deliver secure network connectivity for both corporate and personal needs in one easy-to-setup unit optimized for business applications and collaboration tools. In a similar vein, Linksys HomeWRK for Education will bring reliable connectivity and security to
24
students at home. The HomeWRK solutions are secured by Fortinet who bring their expertise to safeguard cyber threats introduced by home networks. We believe technology should be accessible to everyone, so we aim to make our solutions easy to use and reliable. How do you see the next few years in terms of market trends and growth for Linksys? Our business will grow in many ways. In terms of technology, we expect 6E and Mesh to be more commonly adopted amongst consumers and our product roadmap will reflect that demand. We expect the same for 5G as it becomes more accessible to the mass market through ISP infrastructures being setup across the country. In relation to our business initiatives, we expect retail to expand their online presence in the region, which will demand more reliable networks. ISPs are on their
CXO DX / FEBRUARY 2022
way to offering higher-end solutions and Mesh WiFi products as the demand for higher speeds and efficient networking grows. We will be working closely with them during these developments. We are looking at a shift for SMEs to move to a subscription-based pay-as-yougrow model as they become less reliant on large infrastructures. Our Linksys Cloud Manager solution is already enabling this and we expect more businesses to move to this model. Discuss your focus around SMEs and Large Enterprises We have always had great relationships with SMEs which we will continue to grow through offering the cloud managed access points (Linksys Cloud Manager), switches, and routers. This segment has grown for us at a steady pace so we will continue to add solutions to meet these demands. We plan to recruit more SMEs
» INTERVIEW whilst sharing our knowledge of our solutions and technology through training programmes. With our newly solidified partnership with Fortinet, we are now able to offer secure networks and expect our Linksys HomeWRK for Business solution to be well-received by large enterprises as the need to replicate corporate networks at home increases. (MEA) We will be expanding our footprint in multiple verticals such as education, hospitality, and logistics. Retail has always been a big part of our business so we will continue to grow in that space along with technological innovations. These segments need secure wireless solutions which we offer through our remote access points and Linksys HomeWRK. Ultimately, most business need secure solutions for their employees so we will continue to do our best to support this demand. Do you see the need for enabling Remote Network Infrastructures as a key driver of market growth? We’re already seeing remote infrastructure driving trends and it will continue to grow as flexible working becomes more common across the globe. People like to have the option to work securely from home and will need reliable connections for this. Our roadmap includes solutions like HomeWRK for Business with Fortinet for secure working from home and a 5G mobile hotspot to enable this flexibility How does your partnership with Fortinet address the connectivity requirements for work from home employees? Enterprise-at-home is becoming a significant step in the evolution of workplace technology as working and learning from home is now more common globally than it ever was. This leads to an increasing need for reliable infrastructures to mitigate cybersecurity risks and maintain efficiency. Businesses want to replicate corporate networks by giving their employees access to the same resources as in the office. Office premises running at partial capacities means people are working from home more than ever. This also leads to an increased need in reliable WiFi and networking from home. Not only do individuals need solid WiFi, but businesses also want to offer enterprise grade solutions so that performance and security are not compromised. Our customers and retail partners
Amanulla Khan
Managing Director of Linksys META
need reliable solutions that deliver enterprise-grade performance. Businesses are now able to offer solid networking setups for their employees without compromising on security or work performance. Investments are shifting with this change of working environments, and we are at the forefront to support this. Our strategic alliance with Fortinet enables us to offer enterprise-grade connectivity and security, with unparalleled quality of service, to organizations that need to provide seamless and secure connectivity for their employees to efficiently work from home. With the increase in remote and hybrid work, enterprise IT teams are struggling to enable their workforce to work effectively from anywhere while protecting their organization from security threats, including ransomware, malware and phishing attacks, introduced by home networks. This leads to an increasing need for reliable infrastructures to mitigate cybersecurity risks and maintain efficiency.
Linksys HomeWRK for Business is the first ever enterprise solution to deliver secure network connectivity for both corporate and personal needs in one easy-tosetup unit optimized for business applications and collaboration tools. The goal is to deliver enterprise grade connectivity and security, with unparalleled quality of service, to organizations that need to provide seamless and secure connectivity for their employees to efficiently work from home. The partnership will also address the issue of the homework gap among students as schools are reopening with hybrid models for learning. Initially, we expect the product to be sold through SIs, MSPs and ISPs to large and medium enterprise customers who would like to deliver enterprise-grade connectivity and security, with unparalleled quality of service to their employees. We are always looking to grow and offer premium solutions that make the most sense to our customers and the end consumers. MARCH 2022 / CXO DX
25
» CIO OUTLOOK | KSA
Promises to keep Saudi Arabia is racing towards the 2030 vision and digital transformation both in the public and private sectors are key to that
There is a technology revolution in the country. Once entirely focused on oil, Saudi Arabia's economy is rapidly modernizing and diversifying. During the last year, the country's enterprises have embraced digital transformation and migrated to the cloud at a rapid pace. A new generation that considers new technologies to be one of the main components of their lifestyle has had a significant impact on the rapid transformation and on the other hand, technology giants are joining the race to entrench themselves in the Saudi Market by establishing regional offices and Cloud data centers. “Saudi Arabia is a very important market for technology companies. The advanced IT infrastructure, wide geographical distribution, e-government initiatives, electronic banking, electronic-based education, and many other factors make it a ripe technology market. Many nationals have the entrepreneur mindset, and technology helps them achieve their goal,” says Imdath Nazim, Head of IT, (IHG)Voco Hotel Riyadh.
Imdath Nazim
Head of IT, (IHG)Voco Hotel Riyadh
Saudi Arabia has the largest Information and Communications Technology (ICT) market in the Middle East and North Africa, with over 33 million consumers, and it is well-positioned to become a technology service and cloud hub with access to international connectivity. The Kingdom is poised to become a world leader in the digital economy with deployment of new technologies such as Artificial Intelligence (AI), Internet of Things (IoT), Blockchain, Big Data, Robotics, Machine Learning, and 5G across public and commercial sectors. It was one of the first nations in the world whose institutions began to experiment with the usage of blockchain and permitted multinational enterprises desiring to test innovative digital solutions and to deploy them in the KSA in future.
26
CXO DX / MARCH 2022
Digital transformation is constantly affecting businesses across the Kingdom's public and private sectors, from national-level data management systems to human capital development portals. ICT decision-makers are designing and executing strategies to use new technologies not just to fit with national digital transformation initiatives, but also to address critical business concerns. Digital technologies play an important role in allowing the Vision Realization Programs (VRPs) that are assisting in the realization of Saudi Arabia's Vision 2030. One of the key goals of Vision 2030's National Transformation Program is to support digital transformation and the development of the digital economy. “I believe there is an evident change in the technology industry in KSA as a result of the Saudi Vision 2030. The vision focuses on various areas but one of the main focus is digital transformation for companies. With the digital transformation journey, other elements are incorporated as cybersecurity, AI/ML, IoT, Big Data etc. This focus aligns with the visions of the companies as well. The result can be witnessed in the market with various events like @HACK, LEAP etc.” said Abdelmajed Ahmed Saeed Fadol, Cybersecurity Manager, MEDGULF. KSA has been investing in creating a strong digital infrastructure, to accelerate the digital revolution. This has helped the Kingdom to deal with public and private sector disruptions while maintain-
» CIO OUTLOOK | KSA ing commercial continuity, educational activities, citizen needs, and daily resident life. In a turn to build a stronger digital foundation, many new technologies were implemented by almost all of the CIOs across the region. The COVID 19 pandemic and the need for remote working support also aided in this transformation. Cloud adoption has accelerated in the recent past. Cloud adoption was one of the major decisions taken by many IT decision-makers. According to recent IDC, public cloud spending in Saudi Arabia is expected to exceed $950 million in 2022 and reach $1.3 trillion in 2025, demonstrating how much the country is embracing cloud services. NEOM, Saudi Arabia's flagship $500 billion business zone, is in negotiations with corporations to select the main partner for its first cloud computing contract, which would establish the groundwork for high-tech services in its flagship $500 billion business zone. “In Boudl Hotels Group, we had the biggest Cloud transformation project in Saudi Arabia for the year 2021, moving more than 50 hotels from the on Premises PMS system to the Cloud system based on unified standard and platform for all our hotels group,” said Osama Merghani, Group IT Director, Braira Hotels and Resorts. “The shift to cloud based technologies has been the subject of an argument between those who favored the cloud and believe in the high security and reliability standards of the cloud service provider; and the others who prefer the traditional way of keeping the data on-premises and build their own data center. Digital transformation trend came to prove the efficiency, reliability, security and productivity of Cloud systems concept; the transformation to the cloud became a mandatory plan for most of companies,” he added. The government is the most important driver of digital activities, with various modernization projects that use the cloud as a foundation layer. Continuous investments in new datacenters by local and global technology providers in the kingdom have boosted cloud adoption since these locally situated facilities comply with Saudi Arabia's data residency and governance rules. There has also been an increase towards deployments of hybrid multicloud architectures, which combine public and private clouds with traditional on-premises infrastructure. However, the market continues to encounter issues related to cloud knowledge and skills, legacy infrastructure that is inappropriate for cloud migration, and a mindset that views cloud as insecure. On the cybersecurity front, the government is taking measures to ensure strong cyber protection measures are in place across the public and private sectors. “The National cybersecurity authority has both regulatory and operational cybersecurity functions, and it collaborates closely with public and private entities to improve the country's cybersecurity posture in order to protect vital interests, national security, critical infrastructures etc. There is also better awareness on cybersecurity issues and threats in the kingdom,” said Abdelmajed. “There is no doubt Saudi Arabia is one of the most targeted Coun-
Osama Merghani
Group IT Director, Braira Hotels and Resorts
tries by Cyber-attacks since it’s the biggest economy in the region, the recent Aramco ransomware attack on July 2021 is an example of the importance of having efficient cyber security policies and systems, its crucial to protect the systems against attacks but it’s more important to have a proper system recovery plan in case of data breach incidents,” said Osama. As the country races towards accomplishing the various milestones of the 2030 vision, Technologies will continue to play a key role in accomplishing them and alongside companies based out of the Kingdom will also need to keep pace with the expectations of the economy that is fast integrating with a digital future.
“Saudi Arabia is a very important market for technology companies. The advanced IT infrastructure, wide geographical distribution, e-government initiatives, electronic banking, electronic-based education, and many other factors make it a ripe technology market.” MARCH 2022 / CXO DX
27
» INTERVIEW
SIMPLIFIED BUSINESS SOFTWARE WITH DEMOCRATIC DESIGN Anand Venkatraman, Sr. Vice President and General Manager – APAC (Freshworks) talks to CXO DX on their varied solutions for their growing customers.
What makes Freshworks different from legacy software? Legacy software fails to deliver the agility organisations need in a fast-paced, digital world. These solutions have largely been developed in silos and therefore entail complex integrations and long, cumbersome implementation and upgrade cycles. Freshworks was founded with the mission to simplify business software, designing first and foremost for the front-line user, then for the team, and then for the managers. We have consistently delivered on this commitment with software, business users love to use. Our solutions are fast to onboard, priced affordably, and built to delight, while still being powerful enough to deliver sophisticated business outcomes. That’s why we are trusted by over 56,000 companies in 120 countries. Freshworks' solutions are modern, intuitive, and scalable. They are purpose-built for everyone, so we can empower the people we do business with, from the back office to the front desk. Elaborate on the major enterprise solutions of Freshworks The concept of ‘democratic design’ underpins the way we at Freshworks design and deliver our solutions. We don't design our solution just for the Fortune 500, but rather for the Fortune 5 million. Today, we have customers who pay us $1 million, but they did not start as $1-million customers. They start as a $50,000 or $100,000 customer and then grow over time. In the Middle East, the market momentum has been largely geared towards our range of solutions that drive customer delight. This includes Freshdesk, our cloud-based customer service software which enables businesses to provide help desk support with smart automation and bot capabilities to get things done faster. With the power of Freshworks Neo and the integrations
28
CXO DX / MARCH 2022
aim to achieve to elevate employee experience without any drop in business continuity.
Anand Venkatraman
Sr. Vice President and General Manager–APAC (Freshworks) available in our marketplace, customers of all sizes can pick and choose the way they want their products to work. What are the key advantages of the Unified Service Management Solution of Freshworks? The role of the IT Service Desk is rapidly expanding. Competing with other hardware and software investments, IT services teams are under increasing pressure to do more with less. IT executives must rethink their IT strategy spanning service management and incident management to deliver on the promise of uninterrupted IT, support growth at scale and ensure a healthy return on investment (ROI). However, these efforts can be encumbered by legacy IT services Management (ITSM) and IT operations management (ITOM) solutions which are siloed and built with heavy custom code that requires specialised skills to implement, maintain, manage, and upgrade. Recognising these challenges, Freshworks delivers a modern, unified service management solution that combines ITSM and ITOM. This approach has clear benefits as it streamlines what service management teams
How does employee productivity increase with Freshservice? Through its incorporation of AI and bots, Freshservice promotes the use of self-service by employees, largely allowing IT engineers to focus on the things that matter to the business. With the level 1 incidents out of the way, agent productivity can skyrocket. Employee experience will also be elevated as bots enable instant response and resolution. Discuss your focus in the Middle East region. The Middle East region has seen a huge wave of digitisation, and with all that comes the need for organisations to better equip their employees to serve their businesses. As a key enabler of this transformation, Freshworks has achieved remarkable growth in the MEA region with some of the marquee customers across the Gulf countries, South Africa, Kenya, Nigeria, Egypt and Israel. We have thousands of customers in the region, and these organisations are spread across a broad range of verticals. We have grown phenomenally through a concerted effort to establish our footprint across verticals. Freshworks is now building on this momentum by investing heavily in MEA and the coming year, we have plans in place to establish a regional presence across MEA to place us even closer to our prospects and customers. What did the financial year of 2021 look like and what are your expectations for 2022? As a public company, we can’t make forward-looking statements but we operate in huge red ocean markets. Our growth has been at a healthy clip as we posted an impressive 49% year-over-year growth in 2021, and we expect to continue to build on this momentum and grow in the coming quarters.
» INTERVIEW
SECURING THE TRANSFORMATION JOURNEY Sunil Paul, Co-Founder & Managing Director at Finesse Global discusses the company’s cybersecurity focus What does Finesse see as the features that distinguish itself from other SIs in the region? Finesse is one of the most trusted software companies in the GCC, providing next-generation digital solutions and services to companies across industry verticals. We focus on key differentiators that separate Finesse from other system integration (SI) companies in the region. Since Finesse's founding in 2010, it has been guided by the vision to positively impact the lives of people in the GCC region. This vision is at the heart of every decision Finesse makes. A one-size-fits-all approach does not work in business. With its extensive experience supporting businesses of various sizes (small, medium, enterprise) and across domains, Finesse has developed the competence to support its clients with the best-tailored solution that will be most successful. A poorly planned digital transformation can prove costly for a company. For example, many companies invest heavily in digital transformation initiatives without planning for the security concerns that are essential to these initiatives. This can result in customer distrust and unnecessary financial and reputation losses for businesses. With Finesse, organizations can trust they will receive a comprehensive digital transformation solution that will ensure their initiatives will succeed. Give us a snapshot of what you would be showcasing at GISEC 2022? As part of GISEC 2022, Finesse will showcase how organizations can secure their digital transformation journeys. As part of this event, Finesse will assist organizations with identifying how they can make cybersecurity a part of their digital
transformation roadmaps right from the beginning, as well as advise them on the best security solutions. Cybersecurity solutions provided by Finesse include Compliance and digital risk solutions that protect your business from digital threats and remain compliant with regulations. We offer Zero Trust modeled solutions that never trust, always verify. Finesse offers solutions for the three main pillars of zero-trust, including micro-segmentation, multi-factor authentication, and privileged access management. We have Cloud and Application Assurance solutions in our portfolio that create processes, controls, and technology to govern all data exchanges within your cloud and application infrastructure. Our Digital Identity management solutions help werify your digital identities across your business and public platforms by using zero-trust principles. The Cyberhub powered by Finesse is a 24/7 SOC (Security Operations Centre) that monitors all cybersecurity events and applies needed AI and human controls as and when they occur to protect your organization. To meet the growing needs of our clients Finesse has partnered with niche global leaders to ensure our regional customers have top-notch solutions in important areas. Some of these partners at our stall include Barracuda, Sophos, Beyond trust, and Tech First Gulf LLC. How does Finesse help businesses in securing digital transformation? Keeping your business's digital transformation secure is just as important as digital
Sunil Paul Co-Founder & Managing Director at Finesse Global
transformation itself. Finesse, as a digital transformation pioneer in the GCC, helps Malou Toft you plan and fuel your digitalSystems ambition, VP EMEA, Milestone while also securing your business on the digital front, so you move forward with confident caution on your digital journey. Our dedicated cybersecurity practice caters to infrastructure and cloud security, application security assistance, security intelligence, analytics, digital identity, and Data Protection and privacy. Finesse is committed to providing clients with 'zero-trust' network security in all its implementations. By implementing this model of network security, we can ensure that deployments are secure and prepared to stop security breaches. This approach ensures that the right people are getting the right level of access across the enterprise, thus improving security posture and end-user productivity. Our security portfolio includes solutions for cyber risk terrain analytics, compliance & digital risk, cloud & application assurance, managed security services, multi-factor authentication, PIM/PAM, and micro-segmentation. Through the expertise and experience of our cybersecurity practitioners, we provide increased visibility and rapid detection of threats in organizations, thereby enhancing business productivity and ensuring networks and data are protected from unauthorized access and cyber threats. MARCH 2022 / CXO DX
29
» INTERVIEW
ENSURING A SECURE DIGITAL ECOSYSTEM
Shinoj Sebastian, Group Head of IT, Royal Group (IHC), UAE talks to CXO DX on the current cybersecurity landscape of UAE. as 52% of organizations faced a malware attack in 2020, compared to only 37% in 2019. These attacks have become one of the most prominent threats of the last few years, and they will likely keep growing in the future.
Shinoj Sebastian
Group Head of IT, Royal Group (IHC), UAE
How has the cybersecurity landscape changed in the last 2 years? Cybersecurity is never static, it’s ever-evolving to a newer and wider threat landscape, and that’s especially true today. After widespread and frequent disruptions across various industry verticals in the past few years, the shift to remote work due to the COVID-19 pandemic, which would likely become a permanent fixture, increases the threat surface for most organizations. "What was old is now new," in the Cybersecurity landscape. In 2019, ransomware was starting to decrease, but with COVID, attackers have pivoted back to ransomware, and they are having a lot of success with it. As working from home continues to be the norm for many, threat actors will have more opportunities to deliver ransomware. The threat landscape remains fluid as attackers look to take advantage of disasters to phish and social engineer employees. A prominent report revealed a 41% increase in malware attacks in the last two years,
30
CXO DX / MARCH 2022
With the deployment of remote workforce, cybersecurity challenges is said to be on a rise. How were the challenges you faced and how did you tackle them? We had taken the WFH context as an opportunity to transform Enterprise IT into a Secure Digital Ecosystem. We have taken the following steps to tackle the ever-evolving threat landscape. We established a Security Operations Center (SOC), proactively monitoring the threat surface of our Enterprise IT. We implemented top-notch cybersecurity solutions in SIEM (Security Incident & Event Management), VMDR (Vulnerability Management, Detection & Response), EDR (Endpoint Detection & Response), NAC (Network Access Control), PAM (Privileged Access Management), MDM (Mobile Device Management), DLP (Data Leakage Prevention), et. We applied Principle of Least Privilege & multi-layered Defense-in-Depth security to protect End users, Desktops, Infrastructure, Applications and Gateways. We developed Information Security Awareness Program for the year 2021-22, delivered awareness training for the entire user community with Desktop Screensavers, Banners, Interactive sessions, Security games and puzzles, etc. We do realistic Phishing simulations on the human side of Cybersecurity, and subsequently implement mandatory security awareness training for those who have been phished, using AI-powered Information Security learning solutions. Elaborate on the requirement of enhancing security with cloud adoption. As more organizations migrate their data,
applications and other assets to the cloud, it becomes even more important to understand how to protect highly sensitive business information that could potentially be exposed. We had embarked on our cloud journey before the pandemic and nothing has derailed our journey to the IT Centre of Excellence for the Group, aligned to IT roadmap & Enterprise Architecture. What is your opinion on the currently popular approaches like zero trust model? Implementing a Zero Trust model has become a leading security strategy for most organizations as traditional security perimeters have become ineffective. Many find the “Zero Trust Journey” as overwhelming at the outset, however, a Zero Trust Ecosystem will be rewarding, quite challenging though. It uniquely addresses the modern challenges of today’s business, including securing remote workers, hybrid cloud environments, ransomware threats, etc. What is your IT agenda for this year? 2022 promises to be both exciting and challenging for IT leaders. We have set the following digital agenda to get the most value from IT in the year ahead. WE want to innovate and build future-proof IT systems, transform IT as a Business Enabler with a Data-Driven Business Model and give more focus to strengthen organization-wide cybersecurity skills and awareness. We will look to improve Digital Dexterity by advancing automation work processes using Robotic Process Automation (RPA) and Artificial Intelligence (AI). We are committing to Cloud and completing the digital transformation journey. We will look at AI-powered automated Security Assessment System, and monitoring of application performance and the end-user experience.
Brought to you by
Future Workspace Summit & Awards Enabling & Securing Work From Anywhere United Arab Emirates, 16th June 2022
In-person Summit & Awards 2nd edition
For Awards Nominations and Registrations, please visit
www.futureworkspacesummit.com The Future Workspace Summit & Awards by CXO DX intends to generate more insights into the role of Technology in reimagining the future of work, as the workforce becomes more distributed. The event’s Awards segment will recognize superlative initiatives taken up by companies and CIOs in their efforts towards workspace and overall digital transformation. Awards will be also presented to vendors, SIs and distributors in specific segments, as a recognition for their excellence.
» COLUMN
ELEVATING BUSINESS THROUGH NEXT-GEN DATA MANAGEMENT Nowadays, companies know how important their data is. But are they managing that data in a way that makes backup and recovery simple, can enhance security, improves productivity, and makes data more productive? Gregg Petersen, Regional Director - MEA at Cohesity shares his thoughts
L
aw enforcement in one European country recently accidentally deleted more than 150,000 files containing fingerprint, DNA, and arrest information from national police systems. This immediately called into question whether proper protection solutions, backups, or policies were in place to both prevent this data loss - and to quickly recover the deleted data. But this is not necessarily an isolated incident. A report by industry analysts IDC into backup and disaster recovery found that 43% of organisations surveyed had suffered unrecoverable data within the last year (2021) and very few organisations (20.4%) were confident in their solution’s ability to recover data. This not only calls into question the types of backup solutions that have been deployed, but the overall data management strategy that’s in place.
32
CXO DX / MARCH 2022
Next-gen data management: Important for business success In prior decades, proper data management meant having a backup copy of data that could be called on as an insurance policy if it was ever needed. That’s no longer the case. Not even close. Today, not only is stored production data frequently encrypted by bad actors engaging in ransomware attacks, but conventional backups are often destroyed at the same time. In addition, organisations need to meet basic data availability and access requirements, comply with government regulations, optimise storage costs, and/or analyse data for key business insights. As a result, relying on outdated data management systems is not just an IT problem - it poses a serious threat to business success. Next-gen data management offers a combination of four elements to put companies in the driver’s seat with their data: zero-trust
» COLUMN security principles, AI-powered insights, large scale simplicity, and third-party extensibility. This approach can help organisations ensure their data is backed up and protected. It can also play a key role in reducing data infrastructure silos which can help save money, increase productivity, and reduce a company’s attack surface, critical when trying to protect data from ransomware and other cyber threats. With next-gen data management, companies can also easily bring apps to the data, simplifying how organisations extract value from their data. Such next-gen data management solutions are already available today and are being used by numerous organisations around the world. So, how should organisations evaluate their data landscape under this lens? And, given data is an organisation's most important digital asset, what key considerations are rising to the top when it comes to data management in 2022? To answer these questions, consider the following three points.
1. Prepare for the worst case scenario
Ransomware is ubiquitous today. And, as these attacks become more sophisticated in nature, the problem is becoming more urgent. According to reports, Cybersecurity Ventures expects global cybercrime costs to grow by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025. In addition to strong defences like firewalls and two-factor authentication, companies need to invest in modern data management solutions that include capabilities like AI-powered anomaly detection that can help businesses identify threats, respond, and if necessary, remediate quickly. These advanced solutions can also help organisations restore data and quickly resume operations without disappointing their customers or paying ransom to hackers.
Gregg Petersen
Regional Director - MEA, Cohesity
2. Be ready for the hybrid future of work
Many companies are now using the cloud for everyday processes. COVID-19 has led to a further increase in global spending on public cloud services. According to Gartner, the sector has grown 23.1 percent to a total of $332.3 billion by 2021, up from $270 billion in 2020. In addition to managing data on-premises, many enterprises are embracing a hybrid-cloud model, which also can include Data Management as a Service (DMaaS). With DMaaS, data and infrastructure are managed by a next-generation data management vendor and hosted by a leading cloud service provider. These services, which often include backup, disaster recovery and more, are designed to offer a host of benefits ranging from enhanced scalability and data security, to added flexibility and efficiency. These SaaS offerings can also enable companies to shift from a CapEx to an OpEx model and empower already-overstretched IT teams to focus on other business critical tasks.
3. Benefit from more effective data management
CIOs and their colleagues in business departments continue to
be inundated with data. According to Frost & Sullivan analysts, spending on Big Data analytics will increase 4.5-fold by 2025. This shows that companies are increasingly focused on getting the most out of their information. That's another reason why data management has never been more important. Organisations should embrace next-gen solutions that enable analysis through analytics, that make it easy for data to be used for development and testing, and where businesses can easily bring third party apps to the data, which opens up a new world of possibilities -- including improving data compliance and security.
Time for the next generation
With data constantly growing, budgets stagnating or even shrinking, and pressure to drive business value, a new way of looking at data management is key. Small improvements to legacy backup and storage technology likely won't be enough. Instead, it’s critical that companies embrace a next-gen approach that is designed to simplify data management, enhance security, and make data more productive in a dynamic hybrid cloud world. MARCH 2022 / CXO DX
33
» COLUMN
MAKING THE MODERN ENTERPRISE SECURE AND AGILE Sajith Kumar, General Manager – Enterprise from Cloud Box Technologies summarizes possible technology and strategic measures in 2022 that can help transform security for the enterprise.
F
or the Boards of global and regional organizations, cybersecurity and managing digital transformation alongside, are promising to be amongst the most challenging. While Boards are doing a lot to bridge the gap between themselves and the CISO and the security organization, here are some other technology and strategic measures that can help make the enterprise more agile and secure.
Trend #1 The big policy reset
What is the biggest and most immediate change required in an organization’s security policies? It is the fact that majority of its employees are no longer employees but more like remote workers. Or in other words, remote workers are now the workers and remote work is now the organization’s work. In other words, enterprises need to reset their entire security policies and tools to be able to manage risks from this new organizational reality.
Trend #2 Managing workers
How will security be deployed for the modern hybrid organization, where workers are switching between multiple modes of working. At times they will be onsite inside the office firewall, at
34
CXO DX / MARCH 2022
other times mobile and on the move, and at other times working from home. All the while accessing the wireless networks, Internet or private VPNs. How will an organization’s security architecture continuously adjust for its workers as they move across its fabric? Today’s enterprises are being turned inside out with these challenges of managing workers requiring multiple modes and levels of security access. All organizations will need to have a defensive posture and well-defined security policies and risks with regard to onsite, remote and mobile workers. One of the approaches is to develop and deploy a cybersecurity mesh, which enables a distributed enterprise to deploy and extend security where it is required the most.
Trend #3 Managing enterprise assets
Other than the pandemic, digital transformation is also responsible for connecting industrial, operational, IT assets that are distributed across the fabric of the organization. These assets could be located at the edge, inside the network, at the core, and even
» COLUMN inside other networks. Gateways and middleware are now effectively and efficiently connecting disparate networks inside enterprises that were not feasible a decade ago. To manage all these challenges, security needs to be flexible, agile, scalable and yet robust enough to deliver for workers and protect for the organization.
Trend #4 Just who is an employee?
As workers move across the enterprises’ security fabric, their security access levels need to keep changing. More importantly so should their identity-based security, with zero-trust being a dominant requirement. While zero-trust identity access is not new, it gains renewed importance in the face of hybrid worker access as well integration of disparate networks driven by digital transformation. Social engineering to gain identity access is a dominant activity for sophisticated global threat actors. Hence, identity management techniques and practices need to be further elevated in terms of importance. Along with human identities, we also have machine and robot identities, that are adding additional complexities in the overall identity access management operations. Digital technologies such as robotic process automation are driving automation of processes and each of these automated process or Bots requires a sign-on into the network and application stacks. APIs are another vulnerable hot spot where access is granted to users across multiple applications via APIs. To better manage digital transformation, enterprises need to relook at their end-to-end identity credentials across all humans, Bots, devices. Boards are now alerted to address the challenges thrown up by ransomware, advanced persistent threats, and other supply chain malware that are having disastrous effects on some global businesses. Board members have been in the spotlight for being unable to speak the same language as CISOs and therefore unable to bridge the gaps from top to bottom. Now they are forming dedicated committees headed by security experts and selected board member to bridge the gap and address the challenge. With this initiative, CISOs can expect much better information flow with the Board, as well as much deeper conversations about security spending, policies, proactiveness, risks and governance, strategy.
Trend #6 Proliferation of vendors
An ongoing challenge that continues into the next year is the complexity of security tools that are being managed by CISOs and IT managers. Global surveys by research firm Gartner have found that 78% of CISOs are managing 16 or more tools across their cybersecurity vendor portfolio. While 12% of CISOs are managing more than 46 tools. The harsh reality is that cybersecurity organisations have far too many tools, from far too many vendors, leading to complex
Sajith Kumar
General Manager – Enterprise, Cloud Box Technologies
management routines, continuously high demand on skills and increasing security headcount. Under these circumstances, CISOs need to begin extended vendor consolidation activities, realising that such activities take time and there is no short-term solution while heading in this direction. Another reality check is that reduction of capex spending may not be a direct, realisable benefit, but rather reduction of indirect costs and increase in operational efficiency are more achievable and realisable targets.
Trend #7 Testing and validation
New tools are being added to the portfolio of solutions that can be used to validate an organization’s security vulnerabilities. One such area is breach and attack simulations that does continuous testing and validation of security controls and tests the ability to withstand external threats. It also highlights risks to high-value assets such as highly confidential data. Another area that is developing is the ability to protect data while it is being read and used, in comparison to protecting data in motion or at rest. This enhanced security allows secure data processing, secure sharing, and cross border transfers without risks.
MARCH 2022 / CXO DX
35
» COLUMN
APM 4.0: Powering the next industrial revolution Industrial companies of the future are leveraging data to eliminate downtime and boost efficiencies, writes Matt Newton, Director, Artificial Intelligence and Optimization, AVEVA
T
he industrial sector is in the midst of its biggest disruption in decades. Across the globe, organizations are facing major pressures to become more reliable and productive while reducing costs.
In the last two years, many companies have undergone digital transformation to foster corporate agility and resilience amid an increasingly dynamic business landscape. As such, the concept of APM is also evolving.
Amid the rapid changes that are happening in the market, businesses can no longer afford to continue to operate in a reactive environment. It’s critical for organizations to reduce production loss while extending equipment life – efficiencies that can help businesses achieve operational excellence.
The intersection of Industry 4.0, Industrial Internet of Things (IIoT), and technologies such as AI, predictive maintenance, cloud, big data, and mobility, are bringing assets to the forefront of the business.
But how can this be achieved? The answer lies in Asset Performance Management (APM) – a set of technologies and practices that can monitor assets to identify, diagnose, and prioritize impending equipment problems – continuously and in real time. Well-executed APM empowers organizations to reduce unscheduled downtime, prevent equipment failures, reduce maintenance costs, improve asset utilization, and identify underperforming assets to support overall business objectives. At the heart of APM is the concept of maximizing profitability by balancing risk, cost, and performance of the plant, of the assets, and of the people that are operating all those things.
36
CXO DX / MARCH 2022
This shift represents the future of industry. By leveraging APM 4.0, assets can be transformed from cost centers into powerful drivers of revenue and profitability.
Step forward, APM 4.0
APM 4.0 is predicated on proactive asset performance management, enabled by predictive alerts and prescriptive analytics. These types of technologies can lower costs, while optimizing labor usage and equipment performance. Through the use of predictive and prescriptive analytics, companies can implement strategies that avoid unplanned downtime for their most critical assets – while also deciding which preventative
» COLUMN or corrective asset strategy is the best course of action to take for their less vital equipment. True industrial digital transformation can only be built upon a solid APM foundation – through a system that holistically connects engineering, operations, and performance. APM 4.0 creates a single integrated digital thread across the complete asset lifecycle. Two key factors play a pivotal role in the implementation of an effective APM strategy: • First, there must be connectivity among assets and workers. • Second, decisions that are informed by sensors and intelligent data must be able to be executed in real-time.
Matt Newton
Director, Artificial Intelligence and Optimization, AVEVA
However, it’s also important to understand that it is not always feasible to invoke predictive strategies to mitigate asset risks or optimize performance.
The predictive power of data
As automation becomes increasingly prevalent across industries, mechanical devices are being replaced by electronic components in manufacturing, industrial, and factory environments. This evolution means more sensors are being used to capture more sophisticated data. In turn, this shift is greatly enhancing potential visibility and insight for owner-operators.
Predictive outperforms reactive
A networked system of sensors and mobile devices can provide decision makers with real-time data on the condition, performance, and safety of their assets, enabling more precise decisions. In stark contrast to the widely used – and typically lagging – indicators that report failures only after they occur, today’s APM 4.0 systems can use sensor data to predict performance degradations and component failures before they happen.
No ‘one size-fits-all’ approach
Predictive and prescriptive analytics have the power to utilize sensor data to make better decisions – creating significant opportunities to improve asset performance.
For some assets, it might not be financially feasible to apply predictive strategies because the cost of the cure might be more expensive than the value of the benefit – such as planned downtime. In order to implement an effective APM 4.0 solution, the owner operator should utilize predictive and prescriptive analytics within a wider asset risk management strategy.
The roadmap to APM 4.0
While companies are close to achieving APM 4.0, others may not be quite sure where they should begin their adoption journey. It’s important to remember that embarking on the transition from reactive maintenance to a more proactive or predictive strategy is a process. In many cases, the organization’s culture is the biggest obstacle to overcome. In a reactive environment, “firefighting” maintenance is valued, but in a proactive environment, the strategy should focus on preventing fires from erupting in the first place. When the organization is focused on preventing failures from happening, the culture begins to shift from reactive to proactive. There will always exist some reactive actions, but being able to minimize reactive work will allow for better planning and scheduling, an increase in overall equipment effectiveness and, ultimately, boosted profitability. MARCH 2022 / CXO DX
37
» COLUMN
KEEP CALM AND CARRY ON
Christopher Budd, Director Threat Research Sophos shares five tips to better protect yourself during the current Russia-Ukraine Crisis
T
he current Russia-Ukraine crisis is unprecedented. One aspect of the current crisis is the very real concern around increased cyberattacks on an unprecedented scale.
The concern is reasonable: there’s simply no way to know what’s going to happen next. And the concern stems not just from nation-state actors and their proxies: cybercriminals, hacktivists, and vandals also thrive in times of chaos and uncertainty like this. With all these unknown and unknowable cyber risks and threats swirling around, it’s understandable that people are worried and even afraid and not sure what to do. The important thing to remember is that we do know what we
38
CXO DX / MARCH 2022
can do to better protect ourselves during this crisis. These are the same things that we can and should be doing every day and during every crisis. We just need to remember them and act on them. Focusing and executing on five specific, concrete areas of action can help you better protect yourself and your organization from attacks during this time of increased uncertainty: 1. 2. 3. 4.
Alert and educate your users about the increased risks Update systems, mobile, IoT and network devices and apps Run and update security software Secure remote access accounts and devices
» COLUMN 5. Make and verify backups
Alert and educate your users about the increased risks
User education is always a key part of any cybersecurity program. People form the last defense against attack. With all that’s going on, many people may not be thinking about the increased cybersecurity risk and their role in helping to protect themselves and their organization. Help people understand we’re in a time of increased risk and that they need to exercise even more caution than usual against phishing, malicious links and attachments.
Update systems, mobile, IoT and network devices and apps
Keeping systems up to date with patches against vulnerabilities is always important but right now even more so. While people have gotten used to updating their mobile devices and computers using automatic updates, it’s important to also remember to update IoT devices, routers and remote access software and devices. Make it a priority to ensure that you’re updating everything, not just mobile devices and computers.
Run and update security software
Having security software on all your endpoints is important to provide protection against attacks. Out-of-date or misconfigured security software however not only fails to protect but can give a false sense of security. Take time to ensure that you not only have security software in place but that’s it’s fully up-to-date and configured properly. Take the time to verify you’ve got automatic updates working on your security software either by logging into it or through the management console.
Secure remote access accounts and devices
Lately, we’ve seen ransomware and more sophisticated attacks carried out successfully by using remote access to access the target network. This problem has become more serious since the pandemic began and remote access became more common. Two specific things that you should do to better protect your organization against these kinds of attacks is to make sure that your remote access devices and software are up-to-date, and that only valid accounts have remote access capabilities. If you’re not using multi-factor authentication (MFA) to protect your remote access you should look at implementing that as soon as possible as well. Make and verify backups Good, reliable, usable backups are your parachute and safety net rolled into one. Having good, reliable, usable backups can help you recover from ransomware and major cyberattacks. They can also help you recover from physical threats like natural or human made disasters. But backups only work if the backups are done correctly and can be restored. Take time to ensure that not only do you have a good backup strategy in place, including storing backups off-site, but that you can successfully restore from those backups quickly and effectively. A good rule of thumb is the “32-1 Rule”:
Christopher Budd
Director Threat Research, Sophos
2 different storage locations for those backups 1 of which is offsite/offline
Conclusion
The reality is that we never know what’s going to happen each day. But times like right now bring that uncertainty into clearer focus and help us see that truth more clearly. And the reality is that the cyber threat environment for everyone is significantly higher: chaotic times breed more chaotic times and actions. All this uncertainty it can be overwhelming so that you don’t know what to do. And in the face of extraordinary threats, it can also seem like following ordinary guidance is insufficient. But the reality is that in times and situations like this, keeping focused on the basics still provides a solid foundation that can help you better protect yourself and your organization.
"Having security software on all your endpoints is important to provide protection against attacks. Out-of-date or misconfigured security software however not only fails to protect but can give a false sense of security."
3 copies of your backups, including the one you’re using now MARCH 2022 / CXO DX
39
» TECHSHOW
RIGHTSIGHT 2 Logitech is creating more equitable experiences for hybrid workers with RightSight 2 software that now simultaneously presents both a close-up view of the individual speaker and a view of the entire meeting room during video calls. With RightSight 2 auto-framing technology, far-end participants can follow the active speaker while also getting situational context from the group, such as one person gesturing to another or writing on a whiteboard. As the workforce adapts to a long-term hybrid environment, Logitech continues to advance its software intelligence to deliver the immersive, inclusive experiences that remote participants would have if they were physically in the room. RightSight 2 is Logitech’s latest innovation in an ongoing goal to make meetings more equitable now and in the future. RightSight 2 combines audio and video intelligence to detect people’s placement in the room and the location of their voices. Speaker View is a new mode that uses the two-camera system in Rally Bar and Rally Bar Mini to render a picture-in-picture view* of the active speaker and the whole group. The active speaker is framed using the main camera that pans and zooms smoothly as the speaker changes, while the wide-angle AI Viewfinder frames the room, ensuring remote participants can see and hear all meeting exchanges clearly.
Highlights: •
IT admins have the flexibility to toggle between Speaker View and Group View (RightSight’s original implementation of auto-framing) to best suit their teams.
•
RightSight 2’s Speaker View is compatible with all of Logitech’s major cloud video conferencing partners, giving IT teams assurance that their Logitech video collaboration ecosystem will adapt to the evolving needs of their hybrid workplace.
•
The feature will work as picture-in-picture mode with Microsoft Teams Rooms on Android and Windows, and seamlessly integrates into Zoom Rooms multi-stream technology—which shows each of the speaker and room streams in separate, individual tiles.
MICROSOFT SURFACE LAPTOP STUDIO, SURFACE PRO 8 Microsoft announced the general availability of Microsoft Surface Laptop Studio and Surface Pro 8 for organisations across industries in the UAE. Built to be modern and essential devices for today’s hybrid workforce, the new Surface products protect productivity, promote innovation, and prioritise accessibility, while ensuring the safety and security of all users.
40
CXO DX / MARCH 2022
Designed in concert with Windows 11, the new devices reflect Microsoft’s commitment towards designing technology that fosters productivity and creativity, while also bringing inclusion and accessibility to the fore. The Surface Laptop Studio will transform the way users work with the most powerful and flexible laptop yet. It’s
» TECHSHOW
HOT SYSTEMS Omnix International, an end-to-end digital solutions and services pioneer, announced the next-generation version of its Hardware Optimization Technology (HOT) Systems workstations and laptops powered by Intel’s 12th generation processors. The workstations are designed and configured to meet the needs and standards across diverse sectors which include Architecture, Engineering & Construction (AEC), Oil & Gas, Manufacturing and Product Design as well as Media and Entertainment. The unique optimization methodology developed by Omnix R&D team enabled on these stations improve productivity for time critical manufacturing and oil and gas projects and ensure maximum performance and speed for AEC based applications, besides other strong capabilities. Omnix’s specialized hardware division professionally custom builds and develop their in-house brand named as HOT Systems. The product portfolio ranges from workstations, laptops, servers, render boxes, render farms and collaborative cloud for professional applications such as Autodesk, Adobe, Rhino, Lumion, Unity, Enscape, Twin Motion, Dassault Systèmes, Arc GIS, Cinema 4D to name some. Developed in-house by the research and development team, the upgraded HOT Systems workstations are fitted with the latest Intel 12th generation alder lake processors. HOT Systems products are proudly built in the UAE with industry standard components from major components manufacturers and products are shipped across– UAE, Oman, Kuwait, KSA, Qatar, Bahrain and expanding to newer territories.
built for performance with the highest graphics horsepower of any Surface Laptop. Seamlessly multitask and handle heavy workflows with quad-core powered 11th Gen Intel® Core H Series processors, blazing enterprise-grade NVIDIA RTX A2000 laptop GPUs, and Thunderbolt 4 ports. No matter the task, the Surface Laptop Studio provides unparalleled flexibility as it transitions from a best-in-class laptop to a natural angle for immersive Microsoft Teams calls and presentations, to a full-performance canvas. Unleash creativity and enjoy the feeling of putting pen to paper with the vibrant and sharp 14.4” touchscreen and Surface Slim Pen 2.
Highlights: •
HOT Systems are supported by the latest DDR5 memories, newer motherboard chipset, and PCI express 5, which doubles the bandwidth and delivers consistent improvement in performances within 2D & 3D, AR/VR, Analysis and Simulation based applications.
•
The New DMI 4.0 Link enhances high-speed networking, offers more peripherals and larger storage.
•
HOT Systems have evolved as an industry standard providing software and hardware integrated solutions for demanding CAD, BIM, Graphics and Point cloud applications in the Middle East Region.
•
The hardware offers a unique optimization methodology that enable enhanced software and hardware performances.
Highlights: •
Work the way you want whether compiling code on a powerful business laptop, multitasking while docked on a perfectly angled stage, or sketching ideas on a full-horsepower creative studio.
•
Seamlessly multitask, work in whichever mode you want, and handle heavy workflows with high-speed processors, blazing enterprise-grade graphics and pro-level storage.
•
Run circles around renders, tackle complex data, and sketch stunning 3D visualisations. This high performance business laptop is the most powerful Surface yet, delivering the highest graphics horsepower of any Surface.
•
Take notes, sketch during brainstorms, and draw like you would pen on paper on the sharp 14.4” 120 Hz touchscreen.
MARCH 2022 / CXO DX
41
» TRENDS & STATS
OVER HALF OF ENTERPRISE IT SPENDING TO SHIFT TO THE CLOUD BY 2025
Enterprise IT spending on public cloud computing, within addressable market segments, will overtake spending on traditional IT in 2025, according to Gartner, Inc. Gartner’s ‘cloud shift’ research includes only those enterprise IT categories that can transition to cloud, within the application software, infrastructure software, business process services and system infrastructure markets. By 2025, 51% of IT spending in these four categories will have shifted from traditional solutions to the public cloud, compared to 41% in 2022. Almost two-thirds (65.9%) of spending on application software will be directed toward cloud technologies in 2025, up from 57.7% in 2022. “The shift to the cloud has only accelerated over the past two years due to COVID-19, as organizations responded to a new business and social dynamic,” said Michael Warrilow, research vice president at Gartner. “Technology and service providers that fail to adapt to the pace of cloud shift face increasing risk of becoming obsolete or, at best, being relegated to low-growth markets.” In 2022, traditional offerings will constitute 58.7% of the addressable revenue (see Figure 1), but growth in traditional markets will be much lower than cloud. Demand for integration capabilities, agile work processes and composable architecture will drive continued shift to the cloud, as long-term digital transformation and modernization initiatives are brought forward to 2022. Technol-
42
CXO DX / MARCH 2022
ogy product managers should use the cloud shift as measure of market opportunity. In 2022, more than $1.3 trillion in enterprise IT spending is at stake from the shift to cloud, growing to almost $1.8 trillion in 2025, according to Gartner. Ongoing disruption to IT markets by cloud will be amplified by the introduction of new technologies, including distributed cloud. Many will further blur the lines between traditional and cloud offerings. Enterprise adoption of distributed cloud has the potential to further accelerate cloud shift because it brings public cloud services into domains that have primarily been non-cloud, expanding the addressable market. Organizations are evaluating it because of its ability to meet location-specific requirements, such as data sovereignty, low-latency and network bandwidth. To capitalize on the shift to cloud, Gartner recommends technology and services providers target segments where the shift is occurring most aggressively, in addition to seeking new highgrowth cloud opportunities. For example, infrastructure-related segments have a lower level of cloud penetration and are expected to grow faster than segments such as enterprise applications that are already highly penetrated. Providers should also target specific personas, adoption profiles and use cases with go-to-market initiatives.
