Issuu on Google+

VOL 8 | ISSUE 11 |













Results 20 Security are in, how is your business responding?

Bunei 30 David Leading CISCO

in 15 East African countries

Dunn on 33 Marne driving digital

November 2016

literacy in SubSaharan Africa

INNOCENT MUHIZI Juggling IT and digital solutions for three Banks in Africa

Kshs. 300 Ushs. 9,000 Tshs. 6,000 RWF. 2,200 Rest of the World US $ 9

An publication












Intel Inside®. Powerful Data Center Outside. See the proof at

Powered by Intel® Xeon® Processors Intel, the Intel logo, Xeon, and Xeon Inside are trademarks or registered trademarks of Intel Corporation in the U.S. and/or other countries. EMC, VxRail, and the VCE logo are registered trademarks or trademarks of EMC Corporation in the United States and other countries. Dell is a trademark of Dell Inc. © Copyright 2016 EMC Corporation. All rights reserved. EMC is now part of the Dell group of companies. Numbers based on Edison Group, Inc. White Paper: “VCE VxRail™ Appliance Cost and Maintenance Advantages,” May 2016 and ESG Lab Report: “EMC Converged Platforms: VxRail Appliance,” June 2016.

High-powered. Impressively agile. Sharply dressed.

Get down to business with the Latitude 12 7000 Series 2-in-1, a laptop and tablet with accessories for mobile professionals. Faster to done: start fast and finish first.

Dell, the Dell logo, Latitude are trademarks of Dell Inc. Microsoft, Windows, Windows 10 and the Windows 10 logo are trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. Intel, the Intel logo, Xeon, and Xeon Inside are trademarks or registered trademarks of Intel Corporation in the U.S. and/or other countries. All rights reserved. Dell disclaims proprietary interest in the trademarks or trade names of other entities used to refer to them or their products. Copyright 2016 Dell Inc. All rights reserved.

Editor’s note E














EDITORIAL DIRECTOR Harry Hare EDITOR Davis Weddi TECHNICAL STAFF WRITERS Lillian Mutegi Baraka Jefwa Jeanette Oloo COLUMNISTS Bobby Yawe Sam Mwangi HEAD OF SALES & MARKETING Andrew Karanja BUSINESS DEVELOPMENT MANAGER Njambi Waruhiu ACCOUNT MANAGERS Amuyunzu Oscar Vanessa Obura SUBSCRIPTION & EVENTS Ellen Magembe Mellisa Dorsila DESIGN Nebojsa Dolovacki Published By

Printed By:

Offset Printing Ltd. Contacts

eDevelopment House : 604 Limuru Road Old Muthaiga : P O Box 49475 00100 Nairobi : Kenya +254 725 855 249, Email:

ALL RIGHTS RESERVED The content of CIO East Africa is protected by copyright law, full details of which are available from the publisher. While great care has been taken in the receipt and handling of material, production and accuracy of content in this magazine, the publisher will not accept any responsility for any errors, loss or ommisions which may occur.


Davis Weddi



t is clear that the job of a CIO is becoming more complicated and according to other CIO study reports the complications will continue in the coming year. But my question to CIOs this November is: What have you accomplished successfully since the year began? Share your experience please.

This takes us to another point: Do we have adequate infrastructure to meet the growing demand for digital products and services? Well, that is the question I leave for you to decide upon this November 2016 as we host you to our CIO100 Symposium at Enashpai Resort and Spa, Naivasha, Kenya.

But what stood out this year is the decision-making power of the CIO, for example a report published by @CIOonline, titled State of the CIO 2016: It’s complicated, indicates that while CIOs may not have to devote as much time as they once did to developing and maintaining relationships with their business stakeholders, collaboration between IT and the business may be even more important in 2016. This true in that Line-of-business and functional leaders are making more decisions about IT spending than ever before — at a greater level than CIOs anticipated even a couple of years ago.

As already mentioned in previous editions of this Magazine, the Symposium will be the centre of activity for IT and business leadership, we hope to see you there among those networking and sharing knowledge and new insights into how things are done.

While I may not readily want to pre-empt or divulge findings of our CIO Survey of 2016, it will remain that East Africans are quickly and fastening their belts around embracing new technologies. I will only point out one victim - the slow demise of the Banks branches as mobile penetration in the region continues to grow. It is interesting to note that financial institutions like Equity bank have sworn to take advantage of the status-quo - they have quickly unveiled the way-forward. It is all about innovation to suit the times. I will quote from one of the top CEOs in the region - Bob Collymore of Safaricom. He says, “At Safaricom, we believe that mobile technology has the ability to drive transformative change in Kenya and deliver critical services. This is because traditional infrastructure or government services are still not available to large segments of the populations.”


You will notice that in this edition, we have brought you an interesting mix of content, the one I find interesting are the interview we did with a CIO at three banks and the other is about a top executive at CISCO. We bring you some of the moments that transpired at Equity Bank’s launch of its new line of digital products and we also bring you the moments of the Microsoft event in which they explained their Windows 10 environment. Dell and Lenovo were there to unveil what is available for the East African market. One of our Opinion writers this month - Karien Bornheim, has delved into the issue of “Authentication” and explained that, “Effective authentication has gone from a luxury to a necessity. High-profile stories about online attacks, compromised data, data and identity theft and online fraud dominate the news on a daily basis, resulting in reputational damage to the enterprise and the significant loss of trust and business.” You are most welcome to our November Edition. To get in touch use the QR code below or to register for CIO100 Symposium




Innocent Muhizi, Regional CIO (Senior Consultant, IT and Digital Solutions) AB Bank Rwanda, Access Bank Liberia, Access Bank Zambia.

“There are quite a number of things that are happening. Number one, Analytics by far is going to be the enabling point. Two, we have a Blockchain that is coming which is a concept that not so many people understand but this is going to sort-of transform the industry so to speak. We need to be aware of what it is, what it offers, from a 3600 we need to look at it objectively and see what if offers as an industry and Cloud Services are out there and they are giving organisations ability to be able to do what they were not able to do before.”

FROM OUR ONLINE LOCATIONS 5 Most popular stories >> on

Mozilla to award $250,000 in Equal Rating Innovation contest to spark new ways to connect everyone Microsoft is the platinum sponsor for #CIO100AwardsEA Uganda’s Masambu elected Director-General of International Telecommunications Satellite Organization (ITSO) African Union Commission begins process of validating SME Strategy, Master Plan 2017-2021

Ben Roberts, CEO Liquid Telecom Kenya

“The impact of failure or data loss at data centre level could leave a whole country or business affected by service failure, and so these are our most secure sites: electric fencing, full CCTV coverage, armed guards, access control finger readers – the full works.”

Rwanda launches world’s first national drone delivery service powered by Zipline

5 Top >> cioeastafrica Are you a C-Suite? Come join in the discussion on emerging and disruptive technologies at the 6th Annual CIO 100 Symposium and Awards at the beautiful Enashipai Spa and Resort, Naivasha. Innocent Bagamba Muhizi a Regional CIO in Rwanda will be speaking at #CIO100AwardsEA

David Bunei, GM Cisco (East Africa and Indian Ocean Islands)

Marne Dunn, Global Digital literacy strategic programme manager Intel Corporation

“CIOs in our region are becoming more important than ever before. This is a challenging environment with a lot of change, turbulence and everything is about disrupting the known in order to have a fast and sustainable impact. My advice would be for CIOs in our region to position themselves and their organizations for digital disruption by putting mechanisms in place that enable them to be at the forefront, to remain competitive and to be agile.”

“As more women get into ICT there would be a lesser concern as there will be many other women in the room, but for now there is still gender digital divide in respect to the poor level of ICT Some of the implications really have to do with access to information. Women always create a ripple effect when they learn something new.” | NOVEMBER 2016 | CIO EAST AFRICA

George Njuguna, CIO HF Group will be speaking at #CIO100AwardsEA DISRUPTION 2016: Equity Group unveils new customer-led banking Control Risks Senior Partner Daniel Heal has today handed over to CIO East Africa, a ‘cheque’ of USD3500 as a sponsorship contribution towards the forthcoming CIO100 Symposium & Awards

5 Top >> tweets on CIOEastAfrica Want to know about recent tech trends? Follow this link: to hear what @ hareharry had to say about @CIO100Awards pic. Liquid Telecom Kenya rolls out IPv6, warns Africa will run out of old-style IPv4 addresses in 2017 - CIO East Africa… pic.twitter. com/l5sbu3h3By KRA’s new ICT Strategy seeks to leverage on technology to enhance customer services #TPM2016 @ KRACare The new ICT strategy will be based on eight key thematic areas #TPM2016 @KRACare KRA should ensure that the new system should be seamless, painless and transparent - Dr. Getao, ICT Secretary at the OPC #TPM2016 @KRACare 5





any years ago, there was a group who dominated the earth. They were at the very top of the food chain and were the most deadly of prey. They acted in their own interest, and years into their dominance, they were swept away by an evolutionary event. Another major evolution started in 1764, when manufacturing moved out of the cottage and into the city. Work became mechanised, creating a shift to powered factories and mass production. Industries across the world transformed radically, countries were defined by industrial power. A dominant class emerged, giving those with the money and power to create new products and to conquer the worlds of food production, transportation, and finance. Those who could not finance the building of these super machines were relegated to work for those who could. The origins of a new evolution started once a new word came into existence in 1613. Computer originally was used to describe a human who performed calculations. The definition of a computer remained much the same until the end of the 19th century, when the industrial revolution gave rise to machines whose primary purpose was calculating. The second Industrial Revolution beginning in the mid-19th century introduced electric power, steel, chemicals, petroleum and industrial mass production processes. The catalyst for the next phase of the world’s evolution came from a gentleman known as Henry Bessemer, who invented a Converter in 1856. The Third Industrial Revolution introduced the digitalization of technology. This is where the story may start to seem familiar. From the simplest computing machines that printed symbols onto paper tape to today’s super computers, the evolution of the machines is now defining our history. With every twist in this evolutionary story, we continue to leave growing numbers of people who do not have access behind. Nowhere was this more apparent than in Africa. According to the Brookings Institution, between 1970 and 2013, Africa’s share of global manufacturing output fell from 3% to 2%.


As a share of sub-Saharan Africa’s GDP, manufacturing has shrunk from almost 20% to about half that. Almost the entire output for Africa today is for domestic consumption, not export. But there is another evolution taking place within the continent that is shaping its future. We discussed the current economic climate and how we can leverage domestic finance to drive future growth. But what we haven’t spoken about is how to ensure that we make Africa the first truly inclusive society in the world. We see a worrying increase in political turbulence in Africa, the Middle East. We are not an equal society. If you’re one of the 7 million American men who are no longer even looking for work, you might be asking yourself how you have benefitted for the manufacture of your $1,000 iPhone that was manufactured in China for the company that is tax haven’d outside the USA. All over the world, we are seeing signs of revolution against this privilege. One more visible expression was in Britain in June 2016 with the defiant Brexit decision. But Brexit and indeed the current American electoral landscape is more than a revolution against those with money, it is an outcry against the abuse of privilege. How do we evolve beyond societies that only benefit the rich and privileged to drive inclusive growth? Business can pursue partnerships with government. Public private partnerships and consumer awareness are changing the expectations of businesses and brands. Successful businesses are those that have developed an authentic and moral interest in supporting society.

Leave no one behind At Safaricom, we believe that mobile technology has the ability to drive transformative change in Kenya and deliver critical services. This is because traditional infrastructure or government services are still not available to large segments of the populations. We’ve heard from Jesse Moore about how M-Kopa is currently connecting 500 low income households to solar energy every day. In the process they have saved 500K tones of CO2 emission, created 2,500 jobs, saved

low income customers an average of $750 (or a total of $300m over the products lifetime)

How the act of business can help drive inclusiveness and hope In the refugee camp of Daadab, we are enabling refugees who no access to bank accounts or traditional infrastructure to send and receive money via M-PESA, as the funds are sent directly to a beneficiary’s phone. The solution allows for the funding organisation to place restrictions to be placed on where the money spent, introducing transparency and accountability for a less than a $1 a day. For instance, in the heathland of Great Rift Valley, there is a place called Kapendo, which is called the valley of death due to constant fights between communities living there. Our decision to put up a base station created more than just access to a mobile phone signal. For two years, the community was ravaged by daily attacks. The base station not only provided access to power, for the first time for the community, but also provided a lifeline to help increase security. In another part of Kenya, a similar base station is not only securing the community, it also connecting mothers to essential health services.

The outcome of these initiatives Immediate access and high impact initiatives that create the basis for hope. We have partnered numerous times with government to extend more services to the Kenyan population through partnerships such as digitising primary schools, connecting health centres and many more. Africa is evolving. But it needs our help. Business can help bridge the gaps that our continuing evolution has created. Our biggest challenge as a community today is to ensure we don’t get left behind – and also that we leave no one behind. What we do next, and how we do it, will define our evolution as humanity. Thank You.




6 The Evolution of Hope 8 InBrief 9 Appointments 10 Regional RoundUP TREND LINES



Eazzy Banking to change the face of Banking in East Africa



Gartner’s 10 strategic predictions for 2017….and beyond

15 16

Justifying the CISO role in Africa


Accelerating business with latest Windows 10 Pro devices Frightening technology trends to worry about



24 Cover story:


Innocent Muhizi Juggling IT and digital solutions for three Banks in Africa



David Bunei Leading CISCO in 15 East African countries

Security Results are in, how is your business responding?


Highlights Of The Cio East Africa Mega Trends Report 2016



Marne Dunn on driving digital literacy in Sub-Saharan Africa | NOVEMBER 2016 | CIO EAST AFRICA

DELL’s secure Latitude 13 7000 Series 2-in-1



Physical Security for Networks - Dig it deep or hang it high


How cloud technology can transform IT in Africa

38 39

CIO Conquests


Advanced Authentication – a “nice to have” or an absolute necessity?


The Knighted CIO

Threat to the CIO role and emerging opportunities



How to retain relevance



FasterDev wins at AITEC for being able to accelerate, automate software development 7






ederal and state agents have arrested more than a dozen bloggers and journalists deemed critical by political authorities in the last three months. The latest arrest involved a blogger, Jamil Mabai, arrested in Kaduna more than two weeks ago. Mr. Mabai’s offence was posting a report critical of Gov. Aminu Masari of Katsina State. A few days after the arrest, Mr. Mabai was arraigned before a Magistrate court in the state, which later said it had no jurisdiction on the matter. Yet, the court dismissed his application for bail. More bloggers have been arrested in Nigeria in the last one year. Still, many cases of arrest or harassment go unreported, says Mercy Abang, a blogger.



witter turned out to be the most powerful tool for leaders to convey messages to their citizens and the world at large. The social media platform, mostly used by elite people, also provides both a platform for unconditional communication, as citizens can meet their leaders and ask questions directly. According to Twiplomacy, Burson-Marsteller’s twitter study, Kagame, a tech addict described by International Telecommunications Union as the ‘Digital President’, is Africa’s most conversational president- only coming behind Kenyan President Uhuru Kenyatta 1.6 million followers. Source: Digital Content Africa 8

t’s about the U.K.’s other single-board educational computer, the micro:bit. It is smaller and cheaper than the Raspberry Pi, and it has a built-in keyboard and display, albeit consisting of just two pushbuttons and 25 red LEDs arranged in a five-by-five grid. It was developed for the U.K.’s national broadcaster, the BBC, which gave a million of them to British schools. The micro:bit is more like an embedded computer, encouraging children to develop their own takes on the internet of things. It is liked in Iceland, Norway, Singapore, and the U.S., and now the BBC and its partners in the project have created the Micro:bit Educational Foundation to promote its use in other countries. The BBC’s head of learning, Sinead Rocks said the independent foundation “will also work to enthuse and support young people on a global scale as well,” she wrote. The foundation will also have support from ARM, Microsoft, Nominet, Samsung Electronics, and the Institution of Engineering and Technology.



bout 40 percent of the patched flaws are located in Oracle E-Business Suite, Oracle Fusion Middleware, Oracle PeopleSoft, Oracle Retail Applications, Oracle JD Edwards, Oracle Supply Chain Products and Oracle Database Server. Many of these flaws can be exploited remotely without authentication to compromise the affected components. In total, Oracle’s October Critical Patch Update (CPU) contains 253 security fixes across hundreds of products including database servers, networking components, operating systems, application servers and ERP systems. In databases, 31 flaws were patched in MySQL and 12 in the Oracle Database Server. “Databases are typically not exposed to the internet, but administrators should plan on patching for CVE-2016-6304, CVE-2016-5598 and CVE-2010-5312 as they are remotely exploitable and attackers can use them after compromising another system on the network,” said Amol Sarwate, director of the vulnerability labs at security vendor Qualys. Another 21 flaws were fixed in Oracle E-Business Suite, the company’s main business software bundle. Fourteen of these vulnerabilities can be exploited remotely without authentication. Source: IDGN CIO EAST AFRICA | NOVEMBER 2016 |



obiCash has appointed Ann J. Camarillo the Group chief executive officer. Camarillo, who currently serves as MobiCash board member will succeed Patrick G. Ngabonziza, the companyís chairman and current Group CEO, according a statement from board of trustees. She has over 30 years of experience in financial services, IT and telecommunications. Camarillo has over the course of a 20-year career at MasterCard Worldwide held a variety of leadership positions in business development, customer management, debit and prepaid products, operations and technology in the United States and other markets. She worked in Belgium as CEO of Maestro International, the largest global debit card network, and CEO of Cirrus, the largest global ATM network, and as MasterCardís chief debit officer, as well as executive vice-president for market development in the US.


igital marketing strategist, Kirsty Barkhuizen, has been appointed regional director of WPP digital technology consultancy, Cognifide, which recently launched in South Africa with the opening of an office in Johannesburg. Previously, Barkhuizen lead transformation and enterprise social strategies for companies including Absa, Barclays Africa, Investec and Wyzetalk. She comments: ìThereís great appetite for change in local companies, especially as digital transformation becomes a priority for the board. But, despite all the ideals of digital transformation, available technology to make it happen, and moving away from siloed thinking to collaborative strategies, companies are still hesitant to risk the potential for disruption. So theyíre cautiously optimistic but slow to adopt, and this is really holding them back. ìThereís a burgeoning digital economy here in Africa and we have been impressed by the level of skills and the willingness for organisations to embrace changes that are required for them to accelerate their digital transformation,î comments Miro Walker, Cognifide CEO.


ormer Safaricom Chief Executive Officer Michael Joseph is set to join the board of Kenya Airways after shareholders voted on his nomination during the airline’s Annual General Meeting (AGM). The Kenya Airwaysí board is made up of 12 members. The government is the major shareholder with a 30 per cent stake. Mr. Joseph is currently in charge of mobile money at Vodafone, Safaricomís biggest shareholder. He was also re-elected in June, as a board member for Safaricom. He also consults for the World Bank on matters regarding financial inclusivity in developing countries. Mr Joseph was at one time appointed chancellor of Maseno University by President Uhuru Kenyatta. In 2010, he was appointed Chairman of the Kenya Tourism Board for a period of three years.



r. Gilbert Saggia, is leaving his position of Country Managing Director at Oracle to join SAP. However, it is not clear yet what position the highly respected IT and leadership expert will hold at SAP. He joined Oracle in February 2013. He was responsible for the office and operations, and was accountable for supporting the achievement of all business and functional objectives within the country. Widely read, Saggia has spent over 15 years in the ICT Industry in various capacities. Before joining Oracle in 2013, he was the Regional Manager for Cisco Systems responsible for the East African operation since 2007. Prior to Cisco, Saggia held various regional management positions at Siemens. He holds a degree in Medicine and Surgery from the University of Nairobi, a Masters MBA Certification from Tulane University USA, and other strategic leadership and business qualifications. He is a member of various regional and international ICT forums, and writes in regional periodicals and books particularly around “ICT in Healthcare”. He recently was listed in the top 40 under 40 Men in Kenya. | NOVEMBER 2016 | CIO EAST AFRICA






ccording to media reports, the deal will see the two parties work together to enhance ICT capacity development under the project that will run for nearly two and half years, which is being supported by the Japan International Cooperation Agency (JICA). Japanese ambassador to Rwanda, Takayuki Miyashita, said, “We strongly believe that ICT is a prerequisite to economic growth and it contributes to the required knowledge which leads to sustainable development. However, we have also been focusing on capacity building and human resource management, among other fields. It’s therefore, a pleasure for us to partner with you.”



his was said by the education and communication manager of E-Government Agency (EGA) Ms Suzan Mshakangoto while addressing the media.

“The system will easy the communication processes and reduce cost in the public institutions.Video and tele-conferences will be conducted through the system,” added Ms Mshakangoto. 77 institutions in 20 regions are set to be connected in the system by the end of the year under the President’s Office, Regional Administration and Local Government (TAMISEMI). Ms Mshakangoto said, “The President’s Office and Good Governance with the EGA has been training employees on the deployment of the technology and the government is committed to reach 182 regions, districts, municipal and city councils with those 527 public institutions.” She said at completion, all regions, districts, municipal and city offices will be connected to internet. 10





notice on the ICTAU website did not give a concrete explanation for the changes but mentioned the former chair Simon Kaheru as a director on the interim board. A few months ago, Simon Kaheru was appinted to a key board position in a government media house - the Uganda Broadcasting Corporation (UBC). According to the notice the new interim Chairman is Albert Mucunguzi and his General Secretary is Maureen Agena. There are six other names on the interim board. The notice said they will hold office until such a time when an AGM can be held and a new substantive Board of Directors is elected.



eports indicate that the agreement establishes a framework allowing both parties toe sharing information on their respective markets such as emerging trends as well as regulatory issues. The agreement was signed during a board meeting of the International Organization of Securities Commissions (IOSCO) in Hong Kong. In a statement, Paul Muthaura, chief executive of the CMA said, “The CMA has recently commenced efforts towards the establishment of a Regulatory Sandbox structure that is designed to encourage innovation in the capital markets. This strategy reflects the CMA’s role in facilitating the introductions of new fintech products in the capital markets area.” The partnership is reportedly being established as a result of the growing need to compare regulatory road blocks with other regions, with ASIC noting that innovation in the fintech space is not confined by national borders. | NOVEMBER 2016 | CIO EAST AFRICA





products called Eazzy Banking at Nairobi’s Radisson Blu hotel in October 2016. The Bank is promising to provide an easy, comprehensive and secure experience while supporting a convenient lifestyle for Kenyans transacting both in the country and abroad.

TO CHANGE THE FACE OF BANKING IN EAST AFRICA EQUITY BANK UNVEIL NEW DIGITAL PRODUCTS In October, East Africa’s most technologically progressive and relevant bank – Equity Bank brought to the market a new suit of products in response to the a transformed market force that has reduced physical interactions at different banks branches all over East Africa.


ustomers’ banking trends have declared the death of the bank branch as transaction channel, as they increasingly embrace self-service technology platforms that give them freedom, choice and control,” said Equity Bank CEO Dr. James Mwangi while launching a suite of digital

Dr. James Mwangi added, “Further, customers have demonstrated the extinction of cash preferring to transact with digital money which is safer for transactions and more hygienic than bank notes. In response to these trends that we have been observing from our customers, we have reinvented ourselves into a digital bank to respond to their needs, in line with our promise as their listening caring partner.”

The Eazzy Banking Products of Equity Bank EazzyAPI

Multiple approvals

With Eazzy API, application developers, businesses, institutions and payment providers can now leverage the full capabilities of a digital bank. We have exposed the bank’s capabilities in the form of APIs for direct integrations to your systems or customers with bank grade security at the heart of such implementations. These APIs include:  Funds transfer (within and outside Equity), Airtime top up from any telco at a discount, Pay bills, goods and services,  Instant Equity account opening and much more. Visit the Eazzy API portal;

Good news to holders of Joint, Group and Chama accounts. You can operate your joint account straight from your phone. No matter where you are, you can now use your Equitel line to approve group account transactions using your PIN. Multiple approvals allows signatories to transact wherever they are eliminating the need to physically meet in order to sign a cheque or to authorize transactions. It is safe, secure and convenient.



This is an online solution that allows Joint, Investment, Group or Chama account holders to manage their group activities like record keeping and banking transactions, while maintaining transparency and accessibility among all group members. This solution allows group members to monitor group transactions, track personal transactions therefore saving time and work efficiently

EazzyNet, offers our retail customers better online experience. Our new look and improved features enhances your online banking experience, making it easier to navigate through the platform. Bank anywhere, any time. The platform also enables PayPal account holders to withdraw their funds direct to their Equity Bank accounts within three business days. 



The bank boasts now that the all-inclusive Eazzy suite of banking products will take care of all customer needs. “We have a banking solution for everyone, in line with our inclusive agenda which we have carried as part of our commitment throughout our history,” said Dr. Mwangi who added, “The bank’s strategy is to be the region’s leading digital bank delivering a remarkable client experience in key digital touch points. “We have all witnessed how rapid adoption of mobile and other digital channels have transformed how people bank. We are thus delighted to unveil this platform that will drive growth in our business via new innovations and increased customer loyalty.” he said. Dr. Mwangi added that the digital journey that the bank started a year ago is already showing impressive results with the number of the bank’s active digital customers rising steadily. In the period ending September 2016, growth in Equitel mobile loan disbursements accounted for 84% of all loan disbursements compared to 16% branch loan disbursements. “The rapid growth of the financial technology industry in Kenya is a testament to the role advancing technology is playing in the evolution of financial services on the continent. Technology is fueling innovation and growth in the financial

services sector, creating new opportunities and disrupting the way business has traditionally been conducted.” he revealed.

Paladion for security operations monitoring, CISCO for Network infrastructure, and IBM for core banking infrastructure.

According to Dr. Mwangi, the success of this strategy has been underscored by forging strategic partnerships with global leading experts in data security, big data capture and analytics ensuring an operating environment that is highly available, secure, scalable and interoperable.

Equity Bank has now obtained the prestigious global Payment Card Industry Data Security Standard 3.1(PCI DSS 3.1) Certification effective 28thAugust 2016, becoming the first Kenyan bank and one of the first banks in East Africa to do so. This certification affirms Equity’s adherence to international security standards related to the protection of customer information.

Some of the partners include Oracle who have provided the software and hardware technology (engineered platform and cloud service), Apigee who have provided the API platform to support the self-service developers’ portal for innovations, Airtel who support the Equitel MVNO capability, OpenWay who have provided the card management platform and Infosys who have provided the core banking platform. Experian MicroAnalytics have provided the bank with a robust credit scoring platform that aggregates sources to analyze the customers. The other partners include

In addition, Equity Bank has recently partnered with a Global Security Operation Centre (GSOC) in line with the Bank’s strategic vision of providing secure Banking services to our customers. The GSOC is the central nerve center that offers real-time internal and external threats detection and cyber defense 247. It is equipped with specialized technology, processes and expertise to monitor, assess and proactively defend the Bank from potential threats both internally and externally.




You can now pay for bills, goods and services straight from your phone using; Your Equitel Line, Equity Bank App (EazzyApp) or Mobile money (Mpesa Airtel Money and Orange Money)  Look out for outlets with an EazzyPay Accepted Here signage; at shops, supermarkets, airlines, petrol stations, hotels, canteens as well as online.

EazzyApp is your Bank anywhere, anytime. Everything you do at the bank is now on EazzyApp. From sending money to paying for goods and services, accessing Eazzy loans, paying bills, checking the status of your account or saving for your future goals, it is all in your hands.


Eazzy bank account

Get an Eazzy loan of up to Kshs. 3million instantly on your phone. You don’t have to fill in any forms and no need for guarantors. What’s more, you can monitor your loan balance and make repayments through your Equitel line or use the EazzyApp.

Opening an Equity Bank account is easy. Simply dial *247# from your current local mobile network and open one instantly, hapo hapo. Download the EazzyApp and start doing your banking anywhere, anytime through your phone;  pay bills, buy goods and services for free, send money for free, apply and get a loan, check your account balance, withdraw money from an agent or ATM and much more.

This is a robust, secure and comprehensive Cash and Liquidity Management solution that incorporates Payments, Collections & Receivables, Liquidity Management and Host to Host (H2H) modules to cater for Cash Management requirements of Corporate and SME clients. Seamlessly integrated, it gives you a global view of your cash position, enables you to make payments, manage your cash flow and balances across multiple currencies and locations. EazzyBiz offers a great user experience, unified view of accounts and has information rendering capability through analytics and management dashboards.

You can access Eazzy Loan from Equitel, EazzyApp or EazzyNet | NOVEMBER 2016 | CIO EAST AFRICA

Download the EazzyApp from Google Play Store or the App Store today




6. By 2021, 20% of activities will involve at least one of the seven digital giants.

G A R T N E R ’ S


That list consists of Apple, Google, Facebook, Amazon, Baidu, Alibaba and Tencent. For companies in the digital world, you need to either join them or compete against them. Plummer also predicts that by 2018, at least two of the digital giant brands will be in your kitchen.




he overarching theme, Plummer said, is digital disruption, which is not only happening, but is increasing in scale over time. Here are the 10 predictions:

1. By 2020, 100 million consumers will shop in virtual reality. Plummer says the Pokemon Go phenomenon is the precursor to deeper experience and engagement on the part of consumers. The next step is head-mounted displays, followed by augmented reality. Gartner predicts that by the end of 2017, one in five major retailers will begin deploying augmented reality on their web sites. If you’re in retail, it’s something to think about.

2. By 2020, 30% of web browsing sessions will be done without a screen. In other words, people will rely more and more on bots like Alexa or Siri, whose understanding of natural language is getting better all the time. In fact, Plummer says, somewhat tongue in cheek, that by 2020 the average person will have more conversations with their bots than with their spouse. As bots become better, smart agents will start taking over all types of mobile interactions. Gartner also predicts that instrumented devices will have speech capability, so, for example, a maintenance person can ask a jet engine whether it needs any parts replaced. 14

3. By 2019, 20% of brands will abandon their mobile apps. Plummer notes that most of us have dozens of apps on our phones, but rarely use them. And there’s nothing more annoying than having to constantly update multiple apps. He said that smart companies will abandon the traditional mobile app in favor of instant or progressive web apps.

4. By 2020, algorithms will alter behavior of billions of global workers in a positive way. This means that companies will use behavioral, psychological, social and cognitive science to create algorithms that influence employees to be better at their job. An example would be a program that listens in on a customer service call and then gives the customer service agent suggestions on how to answer questions more effectively. Plummer says this makes the employee more effective at their job and can help with talent retention.

5. By 2022, a blockchain-based business will be worth $10 billion. Gartner acknowledges that blockchain technology isn’t mature yet, but it has great potential to reduce costs in the financial services industry. And blockchain technology can be applied to any industry where transactions across communities need to be validated. Plummer says that by 2017 blockchains across industries will begin to appear.

7. Through 2019, every $1 that enterprises invest in innovation will require an additional $7 in core execution. In other words, companies looking to innovate and transform themselves will first have to modernize their legacy IT. And that’s expensive.

8. Through 2020, the Internet of Things will increase data center storage demand by less than 3%. That seems counterintuitive, considering the expected explosion of IoT, but Plummer says that most data generated via IoT sensors and devices will not be stored or retained.

9. By 2022, IoT will save consumers and businesses $1 trillion a year. Plummer points out that something as simple as predictive maintenance, can slash costs by 10% to 20%. That’s when an instrumented jet engine or elevator or other device reports when it needs maintenance.

10. By 2020, 40% of employees can cut healthcare costs by wearing a fitness tracker. The scenario is that companies buy fitness trackers for their employees, so that the overall health of their employees improves. In response, employees might be able to negotiate a reduction in their health care costs. In fact, Gartner predicts that by 2018, 2 million employees will be required to wear fitness trackers as a condition of employment. The Author of this article is Neal Weinberg — Executive Features Editor Neal Weinberg is Executive Features Editor at Network World. He can be reached at Twitter: @nealweinberg



Justifying the 


role in Africa



or Kenya, it is estimated that there are a total of 1,000 certified ICT risk professionals in the market with 26.1 million internet users - approximately one security professional for every 200,000 internet users. It is a worrying ratio that needs to change to successfully secure the Kenya’s cyberspace.

To Mathenge, Airtel Africa is already feeling the impacts of security efforts, “Simplification and definition of what security means from an organization management, middle and user perspective is something we do. We ask ourselves what is security to Airtel Africa and it is simply as what could go wrong. Then after answering that we look into what level we can go to protect that information.”

To understand the role of a CISO better and its importance, CIO East Africa talked to Joseph Mathenge, the CISO of Airtel Africa. “My path to Airtel comes from a background in Information Security. I did an undergraduate and a Masters Degree in information systems security. I have spent 15 years working in security space both in the USA and Kenya where I first worked at Equity Bank for two years then landed the opportunity as a CISO at Airtel Africa,” says Mathenge adding that as a CISO he is in-charge of protecting information Assets. “Airtel is in several countries in Africa and threat landscape in each country is unique. So understanding and being able to put the right controls in place is an interesting challenge. I am also there to advice senior management on the risks that face them from the systems,” he explains. His docket also involves classifying the new risks that new ventures can bring into the organisation as well as responding to incidences as they occur. Mathenge justifies that his presence at the C-Suite is important as he helps to take technical understanding and classify it into business jargon that the business leadership can well understand. Defining the security landscape in Africa, Mathenge reveals that one of the most interesting aspect in securing IT in Africa, after doing it in the US is discovering how starkly different it is. “There were threats in the US that we spent so much time to cover and are not

necessarily a big issue in Africa. For example when I left the USA in 2011, the largest risk was Identity Theft but when I came to Kenya it was not an issue. I would simply define it as Africa being in a maturity path of Information Security where the regulator controls a lot of things in other markets in terms of what people should do in protecting their systems, in Africa, it is not the case,” he observes and compares the threats landscape to the cultural differences that come to play as far as to how information is handled across Africa.

Protecting most critical data and Assets “My vision in protecting data in the organisation is through a clearly defined process in how you collect, use and store data but the rigour in following this processes will make or break you. In my vision in how I am trying to go through the Information Security data within Airtel Africa is to try and follow clearly defined and simple processes and follow them without fail,” he added. On what Airtel has done to define risks, Mathenge explains that they have four or five categories and the company is maturing its processes around that. “Through this we are able to detect incidences very early before they cause any harm. I do a lot in terms of managing systems to ensure they are securely configured,” he says. | NOVEMBER 2016 | CIO EAST AFRICA

He says, “I think an area I have seen improve in the past years is around our rigour to identify information assets and see how we can protect them be it through deployment of technology or improvement of processes and procedures or more user awareness.” On what pitfalls make organisations most vulnerable to insider threats and potential data breaches, Mathenge explains that, “The insider threats presents quite a vulnerable attack vector because the insider threat is someone you have trusted. It is a very fine line between providing access to all you need to do your job versus being a spy over your shoulder to look at everything they have.” On methodology, Mathenge explains that there is no one specific methodology. He says each organisation has a different way to do it. He observes that, “But as CISO you must understand that the people you explicitly trust can harm me and if they do how do I quickly respond to minimise the damage. We have built our security around ISO 27001 and that’s what we try to adhere to.” Mathenge points out that Africa has a unique problem where it leapfrogged development stages. For example: While developed markets laid telephone lines to each and everyone’s house, Kenya instead went mobile, so it leapfrogged a stage in terms of telecommunication keeping that in mind it might leapfrog security threats and this might be quite serious. 15



Lenovo East Africa Commercial Channel Manager Karim Hasham praises their computers’ overwhelming resilience during the event

Participants attentive during the Accelerate your Business Event at Radisson Blu.

Accelerating business with latest

Windows 10 Pro devices


A sales representative at Lenovo displays one of the new Lenovo Yoga 1, during the Accelerate your Business Event at Radisson Blu.

icrosoft officials at the event explained that new technology can be a substantial investment of time and money, especially for small businesses and they advised participants at the event to sure they make the right choice for their business needs. Indeed the event was complimented with opportunity to see and test drive the latest Windows 10 Pro devices.

Lenovo East Africa Commercial Channel Manager Karim Hasham narrates Lenovos’ new innovations during the Microsoft Accelerate your Business Event at Radisson Blu.


East African Retail Director for Intel Eric M. Muthuuri during a Microsoft breakfast workshop at Radisson Blu.

Ken Kagota of DELL giving his remarks during the Microsoft Accelerate your Business Event at Radisson Blu. Looking on is Rotimi Olumide, Windows division director for the West, East, Central Africa and Indian Ocean Islands, the East African Retail Director for Intel Eric M. Muthuuri and left is Lenovo East Africa Commercial Channel Manager Karim Hasham.

A client ponders as he reads about new technology during the Accelerate your Business Event


At the event, there was remarked emphasis around Microsoft productivity solutions and Windows devices, which Microsoft says enable employees to get their job done from anywhere. “Office 365 provides robust, familiar, top-ofthe-line productivity tools on your mobile device,” remarked Rotimi Olumide, Windows division director for the West, East, Central Africa and Indian Ocean Islands.

Clients examine in disbelief - new technology, at the Accelerate your Business Event

Rotimi Olumide, Windows division director for the West, East, Central Africa and Indian Ocean Islands addressing participants during the Accelerate your Business Event at Radisson Blu.

A client looks on in disbelief as he ponders on the new technology during the Accelerate your Business Event at Radisson Blu. CIO EAST AFRICA | NOVEMBER 2016 |


Frightening technology trends to worry about What’s keeping security folks up at night Often-overlooked internal threats

Despite the hype of external, malicious hackers taking over a network, the internal threat remains a company’s greatest worry. Internal threats can range in form, and pose as several scenarios. The most common is human error: not spiteful intentions, but an honest mistake. Sensitive data landing in the wrong hands via a misdirected email or a simple virus infection caused by a click on a malicious attachment.

Finding and retaining top talent

We’re all aware of the technology talent shortage, and how difficult it is to find quality IT support, software developers, and programmers. However, what’s even more difficult is retaining top talent. Keeping tech workers happy and engaged will not only help you retain valuable employees, but you’ll also find they remain motivated and more productive. If your organization has difficulty measuring and tracking employee engagement and performance, then consider technology Human capital management software.

Multiple generations

We currently have the highest number of generations in the workforce, with four age groups trying to work together at the same time. CIOs are tasked with learning preferences and nuances of Matures/ World War II, Baby Boomers, Generation X and Generation Y/Millennials, which all pose different security threats for an organization. It is important to support all generations, including their personal preferences and natural tendencies, to ensure everything from confidential printed documents to mobile applications stored on personal devices remain secure.

Shifts in compliance

Compliance regulations could change, meaning you must be prepared to quickly shift gears to remain compliant. With ever-changing global legislation, especially post-Brexit, and the C-suite is legitimately concerned over remaining compliant. The first step: roll out a compliant global workforce management strategy, consider three key areas: effective data management, employee and manager friendly

self-service, and a strong partner or solutions provider.

Migrating to the cloud

Businesses are becoming comfortable with migrating away from the security of physical servers and towards the benefits and flexibility of virtual servers. Security concerns are paramount for those that choose to employ could-based solutions, and problems such as unauthorized access or hijacking of accounts give CSOs a reason to proceed with caution. Evaluate cloud vendors.

Getting buy-in on hyperconvergence

Hyperconvergence offers the ability to integrate computer, storage, networking and virtualisation resources in a software-centric infrastructure, allowing these technologies to be managed as a single system. Why is hyperconvergence causing concern? Those planning to employ this solution, first evaluate the organisation’s current system strengths and weaknesses and address any problems prior to making the decision. Old software may not run on new platforms; test and validate, it may add to the overall cost of new technology.

Phishing and Business Email Compromise

Spooky and scary phishing attacks range from highly targeted spear phishing to the more traditional cast net style attack. Cybercriminals have continued to hone their techniques to improve their success rate against their targets by adding greater detail and customisation. Often referred to as Business Email Compromise (BEC), these have been a popular attack vector throughout 2016.


Hacktivists commit crimes to expose their victims’ perceived wrongdoing. Hacktivists are increasingly posting their intended targets’ identities on open forums, while divulging the spoils of their crime after the fact. Large corporations and law enforcement agencies have been popular targets recently with the intent to damage reputation or disrupt workflow.  Unfortunately, countless security breaches have been committed, with stolen data of innocent often made public | NOVEMBER 2016 | CIO EAST AFRICA


to showcase hacktivism “success.” When it comes to hacktivism, there has been no greater “success” story this year than the many exploits of the Syrian Electronic Army (SEA), where it breached major U.S. media outlets such as the Washington Post, CNN and Time as well as social media site Twitter.

The next Zero Day attack

These large-scale attacks often leverage the aforementioned secret vulnerabilities and use them to spread online malaise quickly. Examples include Storm Worm, which targeted an internet-consuming public and Stuxnet or Duqu that was a customized espionage attack.

Advanced Persistent Threat

APTs are attacks targeting either political, governmental or business entities. APTs are generally surreptitious with greater focus on maintaining its presence on a system. APTs often utilize the same infection vectors as other attacks such as spear phishing emails, web-based drive by infections, DNS based attacks, infected USB sticks and external hacking. They tend to take a detailed, patient approach in order to get from the entry point of the attack to the actual target which can vary from data that the attacker infiltrates from the infected system, or like in a case like Stuxnet, attack and destroy a very specific target (Iranian nuclear centrifuges).

Mobile exploits

Phones are our lives in our palms, but what if hackers also have access to them? A malware, referred to as Trident, used multiple zero-day exploits to jailbreak an iOS9 device. Once jailbroken, the attacker had access to the victim’s emails, texts, the phone’s camera and microphone, and location. Sadly, this malware was discovered only after malicious links leading to the exploit were sent to a human rights defender in the UAE. As consumers rely so heavily on mobile devices to conduct their daily lives, Black Hats will increasingly find ways to exploit such devices. Unfortunately, there are entire websites full of rogue apps. Users must also be aware of malicious apps designed around SMS fraud.


Not that long ago a group identifying itself as the Izz ad-Din al-Qassam Cyber Fighters was waging an ongoing series of DDoS attacks against major U.S. banking institutions. The group’s attack has caused major interruptions for targeted systems and reportedly operates under the direction of the Iranian government. The Author - Ryan Francis is managing editor for Network World and CSO. He can be reached at 17

Changes In Network Security As Seen In 2016 How has network security changed in the past 24 months? At its core, Network security is still the same as it was 15 years ago. A firewall at the perimeter and AV on servers and desktops is a mainstay for any organisation and then depending on size, risk and function, you have a myriad of devices, solutions and services to mitigate Cyber Risk. The big changes have arrived in the last two years and they are broken into two areas Delivery and Evolving threats. The delivery mechanics of a network from its data to its users, has been adapting and evolving for over a decade. With ADSL came the ability of an office worker to connect a fast internet connection to a phone line and circumvent the entire network security perimeter. These were hard (but not impossible) to control and even if it meant buying a $500 firewall with VPN, you could still manage that centrally. Now however, 4g allows users to connect anywhere and everywhere with literally no control or traceability. Sit on almost any train, in any coffee shop, in the lobby of any hotel and you scan for Wi-Fi connections. You will quickly see hundreds of unsecured, open, private, hotspots and more wireless networks, many of which you can join. Microsoft Wi-Fi Sense makes this even easier as you are given your trusted friends Wi-Fi passcodes to use as you wish. To make matters worse in many ways, the Internet of Things is connecting almost every conceivable device to the web. This doesn’t only include your car and fridge (which used to be the examples of what could be) but now almost every electronic device you have on you, including watches, tablets, trainers, glasses, and in the next few months much more, are IoT connected The big question becomes ‘where is the network edge or perimeter’ and if it doesn’t actually exist anymore, how do you secure it? The second aspect of the delivery piece is focused on digital transformation. Literally everything is going digital, it is now impossible (as in no possibility at all) to remove your digital foot print from the WWW. Children have domains bought for them before they are even born. Platforms, including Android, force you to maintain a master password which is incredibly hard to change and often includes s ome very personal digital poking and prodding to be successful. Microsoft SharePoint and to an increasing degree. OneDrive, have broug ht data transparency and transport to every desktop in super quick time. All of this digital data, and the transformation of how it is used and shared, can be a high risk for theft or damage from cyber criminals and the like. Evolving threats are the second side of the coin and this is what keeps many of us up at night. One of the staple threats for the past 10 plus years has been DDoS attacks. To most of us, until recently, these were basically flood or sync attacks which filled our stateful tables and consumed our bandwidth, but now they are much more and include application threats providing both local as well as remot e attacks. An ever growing number of DDoS attacks occur from within the network which was unheard of three years ago. Worse than all of that though is the way DDoS is being used, as over 40% of DDoS attacks are used to hide some form of cyber crime, either th eft or some other form of fraud. When an uncontrolled DDoS occurs everything else is a secondary concern and the cyber criminals know that and use it to their own advantage. Ransomware has been changing its modus operandi at a scary speed for any threat, starting as a basic piece of malicious code which encrypted your files and then asked for a ransom to release them. Most experts estimated that if you pai d the ransom, 80% of the time you got your files back, but you were probably highlighted as an easy fut ure target. Now the threat is that not only are your files encrypted, but it is likely they are stolen often as a targeted attack. No matter how much you pay it is less likely you will ever have access to your files and data again and if you happen to use a file sharing application, like the previously mentioned OneDrive or Dropbox, or are on the corporate network with network privileges, then everyone else could be in the same situation because t he malware spread to them as well. The network is now everywhere, the core is still a part but the perimeter no longer exists. Your networks external connection speeds have probably been multiplied ten plus times, if you account for every mobile connection, and yet the business might pay for a fraction of that connectivity in cash terms - but it could pay far more from a Cyber threat perspective.

The Solution… That is why you should consider Juniper Network solutions, which provides IP routing, security and WAN application acceleration solutions to power and protect the network, and the applications and services that run on it. Juniper's high-performance network infrastructure supports converged data, voice, video and wireless applications across extended enterprises and creates a responsive and secure environment for accelerating the deployment of services and applications over a single network.


+254 20 420 1000



TECHNOLOGY AS A BUSINESS ENABLER ENHANCING EFFICIENCY, TRANSPARENCY AND GOVERNANCE IN PROCUREMENT Today’s CxO is faced with multifaceted challenges that are increasingly complex, and more often than not require sophisticated yet nuanced responses.


nstead of the big platforms that promise a one-stop solution, what most enterprises require are niche technology solutions and platforms that address very specific business problems. These can either sit on existing platforms, or stand alone, or be deployed as cloud based services.

African businesses have grown faster than their available technology footprint. Many work with very rudimentary systems, and even more are still largely paper-based or at best utilize Excel spreadsheets for data collection and analyses. Clients and customers are impatient for information and have real time demands for data. This demand is best responded to with the right niche software solutions, capable of collecting data, analyzing, interpreting and rendering it actionable.

Benefit of niche technology platforms to CxO The CxO is tasked with identifying tools that will solve business problems in their organisations. One of the areas where users struggle with finding IT related tools is procurement. Most ERP systems have e-procurement modules which automate internal supplier management but these modules lack end-toend procurement functionalities. One of the key functionalities


missing in most ERP systems is the ability carry our electronic identification and vetting of suppliers which involves receiving of bids and carrying out electronic evaluations. Supplier identification processes include tenders, prequalification, quotations, expressions of interest and request for information.

Supplier Vetting One of the best in class solutions which automates the supplier identification is Tendersure, an African developed web based tendering tool designed to improve efficiency, transparency and integrity in the procurement process. It is only possible for authorized parties to see bids.

Strategic procurement Procurement is the integral part of corporate performance drawing increased attention from senior management. Until recently, procurement was a necessary, but seldom celebrated, component of multinational corporations. Almost 50% of best-in class enterprises that source strategically using best practice strategic sourcing techniques report more than four times greater procurement cost savings, better supply performance and greater profitability than industry peers. One of the highly rated strategic procurement solutions is BravoAdvantage. BravoAdvantage provides a robust platform that allows for Savings Management, Spend Analysis, Supplier Value Management, Strategic Sourcing, and Contract Life Cycle Management. With over 600 company clients worldwide, BravoAdvantage customers in Africa include GE and LafargeHolcim. Crossrail, the largest construction project in Europe began in 2012 but procurement process began in 2008 using BravoAdvantage procurement platform. The total budget for this project stands at £14.8 billion. 10,000 people working across 40 sites; a route running over 100kms, 42 km of new twin-bore tunnels requiring 250,000 tunnel segments or precast concrete testifying to its size and complexity. The project is 75% complete; in time and within the budget. The procurement has committed contracts worth £11 billion so far, including major tunnelling contracts and main construction contracts. The Crossrail project is using BravoAdvantage as the obvious choice to manage the complex procurement process, a crucial tool in simplifying and streamlining the spend management process. | NOVEMBER 2016 | CIO EAST AFRICA




Security Results are in, how is your business responding? According to the global state of Information Security, it currently stands that 91% of businesses follow a risk-based cyber security framework, 69% use cloud-based cybersecurity services and 59% leveraging Big Data to improve cybersecurity. But for now, it is the 65% that collaborate with others to improve cybersecurity that I wish to give some thought.


s security threats continue to grow and mutate by the day, the best course of action has been proactivity on the business part through advancing authentication and the improvement of programmes, some have gone as far as collaborating with external partners; who can give an unbiased critique and tests requisite to create the ever elusive secure environment. When you look at the Wireless networks at our work place, it happens to be a necessity owing to the functionalities, convenience and aesthetic appropriateness in that it eliminates cables which are at times difficult to manage. The minute you walk to your favorite coffee shop, at the airport lounge and even quite recently, on a Sunday afternoon when getting a shave or having your car cleaned, the standard welcome pack consists of a Free Wi-Fi signage at the doorstep or just within your eyesight. Simply put, we cannot do without it.However is the Wi-Fi you use at home, in the hotel and in the office the same? NO. As the demand for connected devices heightens, an even greater need to enhance security increases. While the office Wi-Fi is meant to support business functions and not just provide basic internet usage, the changing workplace has further allowed for employees to bring-your-own-device (BYOD); a well-accepted business practice. But out of the hundreds of businesses that allow this, only a handful are confident that their mode and level of security is in place.

While all businesses are almost concerned about loss of sensitive corporate or customer data, industrial espionage and non-compliance to industry regulations, respectively it is time we addressed IoT security; the role of a secure network on the function on a business’ ERP systems, corporate emails and in some cases system automation. All of which demand a secure, scalable and stable network, what Enterprise Wi-Fi or Enterpirse Wireless Local Area Network (WLAN) is built for. Enterprise WLAN requires authentication before use is granted beyond the usual Wi-Fi password in that it requires a username and password, such that it can be integrated into the other systems within the Enterprise; for example the windows active directory or existing separately. The access level features allows access where certain users are only permitted to certain parts of the enterprise network and resources. A good example is with guest authentication where only that person is able to access the internet while other users may not have any access to the internet at all, allowing that person to perhaps carry out sensitive transactions. While the prevention of 100% intrusion by a determined person may not be possible, it has the ability to detect and log the intrusion attempts which makes it possible to trace the person/s or use the intelligence to help in enhancing security. Simply put it is not just about deterring intrusion but the power of Intrusion Detection and Prevention. Enterprise WLAN ensures good quality connection by ensuring Quality of Service Control that guarantees that critical business systems have the required bandwidth to function properly on a consistent connection within the enterprise, no matter the location (No loss of signal) moving between different segments of the network. In the end, we can spend all we want to secure our businesses on the latest technology whether through firewalls, threat detection and artificial intelligence but in the end, we need to spend even more educating our employees. Whether through coercion or simple lack of knowledge, they remain a key aid in determining who gets inside your network. The Author - Raymond Macharia is Head of Network Planning and R&D at Internet Solutions Kenya



CUSTOMER STORY: INTERNATIONAL RESCUE COMMITTEE Liquid Telecom has been working with the International Rescue Committee (IRC) in Uganda over the last year to significantly improve its communications infrastructure, establishing dedicated fibre links between its headquarters in Kampala and other regional offices across the country.


he International Rescue Committee (IRC) provides vital support to Ugandans who are rebuilding from decades of war while hosting a growing influx of refugees. As a result, the organisation requires reliable and secure 24/7 internet access in order to coordinate its relief efforts across the country. IRC’s mission is to help people whose lives and livelihoods are shattered by conflict and disaster to survive, recover and gain control of their future. IRC first began working in Uganda in 1998 to help the 1.8 million Ugandans who had been forced to flee their homes as a result of the LRA conflict. It has been committed to protecting women and children from violence and exploitation, and helping communities rebuild. As a growing number of South Sudanese refugees flee to Uganda, it has also been working in three of the main districts hosting them. IRC teams and partners currently reach more than 1,284,492 people in Uganda with lifesaving support. Its relief work focuses on three key areas; health, education and economic wellbeing.

Challenges: As Uganda struggles to recover from the effects of war and hosts a growing population of refugees, IRC must be able respond to a refugee crisis or emergency anywhere in the country. It currently has refugee responses across four districts in Uganda: Kampala, Kiryandongo, Adjumani and Yumbe. The most recent of these is the Bidibidi refugee settlement in the district of Yumbe in Northern Uganda, which opened in August 2016 and now supports over 100,000 South Sudanese refugees. A new settlement area with a capacity for up to 80,000 refugees opened recently at Bidibidi, bringing the

settlement’s total capacity to 180,000. At the same time, IRC continues to be involved in programmes at refugee settlements in both Kiryandongo and Adjumani.

Community meeting in Adjumani

Communications is critical to the day-to-day work of IRC staff at these settlements, which rely on the internet to process information about refugees as well as access files remotely.


As a result of its improved network service, IRC has been able to migrate more systems, services and applications online to support its staff in Uganda. This includes introducing Office 365 and a new budgeting system. IRC is also working on a new virtual private network (VPN), which will bring its Uganda operations in-line with the wider IRC group’s IT and communications strategy. It is a mandate from the global headquarters that all IRC country operations migrate to VPN connections in the coming years. Most importantly, IRC has been able to rely on Liquid Telecom’s network for continuous 24/7 internet access, driving greater efficiency across all of its operations in Uganda and resulting in faster action at refugee settlements.

Liquid Telecom deployed a dedicated fibre link between IRC’s country headquarters in Kampala and regional offices serving the districts of Kiryandongo, Adjumani and Yumbe. This fibre connectivity provides IRC with greater bandwidth for its internal applications and systems, as well as offering higher speeds and quality of service. IRC staff also leverage the network to connect with colleagues in IRC’s regional Africa headquarters in neighbouring Kenya.

IRC’s medical team in action


“In the past, internet connectivity has been a major challenge for IRC across Uganda. Since becoming a customer of Liquid Telecom, we have seen a major improvement in our overall communications, which is enabling our staff to relay information quicker and resulting in faster action in the field,” said Andrew Serekedde, IT Officer at IRC Uganda.

Reliable and secure internet connectivity has provided the foundations for IRC to advance its IT and communications strategy in Uganda.

For more information about Liquid Telecom visit

To ensure IRC has continuous connectivity throughout its operations in Uganda, Liquid Telecom established a secondary backup WiMAX link, which serves the organisation in the event of a fibre cut.






n this edition (November 2016) of the CIO East Africa Magazine, we give you some highlights of the 2016 Mega Trends Report that will be published in full during the CIO100 Symposium taking place November 10th to 11th 2016. In the highlights, the summary of the report indicates that IT continues to fuel innovations in business and has in the recent past been a catalyst in creating overnight disruptive solutions.

In the report, there are four (4) major categories namely Government, Non Profit, Public and Private with the private category providing 67% of the respondents in the survey. This chart gives the proportion of participation by these major categories:

Interesting to note is the fact that technology has provided an opportunity for emerging economies to leapfrog well established global markets by utilising existing technologies to create disruption with Safaricom’s MPesa money transfer setting the benchmark in revolutionising the way business is done in East Africa.

Improved readiness to tackle new technology challenges This year witnessed continued investments in newer technologies. While the rest of the world has adopted these technologies it is heartening to note that the East Africa region has not been left behind. From a survey conducted by Gartner in Jan 2015 titled: 2015 CIO Agenda: An Africa Perspective some of the findings of Top Technology Priorities for 2015, Africa vs. Global is as shown in the table below:

The process of coming up with this year’s Mega Trends report was benchmarked against the global leading award schemes, mainly Malcom Baldridge of America and European Foundation for Quality Management – EFQM from Europe. The findings of the survey commissioned to produce this regional Mega Trends report show that ICT has fueled growth in industries where traditional models of business are competing for survival. “From taxi services from Uber, to social media communication platform such as WhatsApp, Telegram, FaceBook and many others,” said a preliminary summary of the report.


Sectors There were a total twenty three (23) sectors participating in this years survey as indicated with the Computer S/W sector providing 14% of the respondents followed by Education or Non Profit and Financial services with 9.5% and 9.3% respectively. Participation by Sectors

It has been noted that with each emerging technology comes challenges of identifying suitable technical skilled partners both internally and externally to fuel adoption and drive their competiveness through IT innovations. The authoritative findings observe that in a highly competitive world, those who fail to seize the opportunities that technology provides are losing their once dominant positions, and this is not bound to change anytime soon. In compiling the report of the CIO 2016 survey, the researchers sought to identify how organisations are utilising and adopting ICTs to fuel innovations.



FEATURE A common feature across these excellence models is the general structure of the assessment tool/questionnaire. The participating organisations are assessed using a model that emphasizes the relationship between two key aspects: 1. Business processes 2. Business results This way, organisations are assessed on their ability to not only deliver results today but also to build on sustainably by creating a culture of continuous improvement. CIO 100 2016 Business process Parameters: 1. Project knowledge institutionalisation: This parameter assessed the sustainability of the project. 2. Project Reliability: This parameter assessed if the project produces similar results under consistent conditions. 3. Top leadership involvement: This parameter looked into the level of top leadership involvement in supporting the nominated project. 4. Project Innovativeness: This parameter sought innovative aspects of the project, a key pillar in the assessment process

From 2015 CIO survey, East Africa organisations have continued to invest in newer technologies are now comparable to the Global scene though lagging behind slightly. It is also compares well to the rest of the continent based on the Gartner report The table below gives the key technologies utilized in current survey submissions: Technology Area Cloud Computing services or software as a Service (SaaS) Mobile or Wireless Customer Service or Customer Relationship Management CRM) Business Intelligence Business process management Enterprise Resource Planning (ERP) Social Media Databases or Data warehouse collaboration tools Virtualization: Server Security Technologies (e.g data loss prevention, encryption, identity management) Content Document Management Supply chain or logistics Others Virtualization: Storage Video Conferencing or Telepresence Unified communications Enterprise Architecture Big Data Virtualization: Desktop PC

% 31% 23% 20%

CIO 100 2016 Results Parameters: 1. Business Results: This looked into the measurable business benefits accrued form the project. They include but not limited to ROI, increased market share, number of new customers gained, percentage of customers retained, additional revenue generated etc.

19% 18% 17% 16% 12% 10% 8%

2. Competitive Advantage: This parameter sought to establish if the project has put a company in a favorable or superior business position

6% 5% 4% 4% 4% 3% 3% 2% 1% 0%

Overview of Survey: CIO 100 2016 Survey data collection process commenced in mid July 2016 and came to a close on Friday 7th October 2016 with an achievement of 536, of which 406 were marked as complete. In order to make the CIO 100 2016 process more competitive and scientific. This year’s process was benchmarked against the global leading award schemes, mainly Malcom Baldridge of America and European Foundation for Quality Management – EFQM from Europe.

Increasingly the role of ICT Vendors and external partners cannot be ignored as they play a critical role in delivering emerging technologies faster and more efficiently to the market and are equipped to deliver solution through extended partnerships with product/solution owners. Managing ICT project complexities and multi-vendor environments will continue to grow as key focus area for organizations based on these findings. Overall, all major categories of organizations surveyed ranked equally the performance of their ICT vendors.

Average ICT Vendor Rating


Organizations will have to develop clear metrics on measuring performance of vendors to reduce the complexities of managing multi-vendor environments. #2. Customer focus In 2015 Customer impact and operational impact were at per as primary impact of ICT projects, 2016 saw marginal changes with Customer impact being the major focus area followed by . #3.Driving Departmental Change In 2016 the survey found a shift in ICT projects among organizations surveyed. Accounting & Finance was the major beneficiary of ICT projects implemented, with Human resource and IT Operations being second and third respectively. The only decline was in implementation Overall Business Goal of the project 2015

Overall Business Goal of the project 2016


Social Impact


Security, Regulatory Compliance, Risk Management

18% 6%


Operational Imact



Financial Impact



Customer Impact



Strategic Impact/Competetive Advantage


#4. Embracing cloud technologies Overview of respondents Some of the findings #1. Collaboration with ICT vendor’s key in driving new innovations within businesses In 2016 respondents identified the key role of external ICT vendors play in delivering successful ICT projects. With an average 82% of respondents likely to engage their current ICT vendor(s) for future projects. Some of the reasons included efficiency and cost effectives in delivering solutions for key business objectives through ICT. | NOVEMBER 2016 | CIO EAST AFRICA

In 2016 the survey found organisations have embraced cloud technologies improve and more indicate the will make investments in this area. Some of the reasons are fuelled by efficiencies while reducing the costs of ICT infrastructure investments. Organisations across the major categories and sectors all utilised technologies in this category which emerged the top followed by Mobile or Wireless Technologies. The full report will be published during the CIO100 Symposium at Enashpai Resort and Spa in Naivasha, Kenya. It will also be shared on our online platforms after publication.




Innocent Muhizi Juggling IT and digital solutions for three Banks in Africa

– Senior Consultant, IT and Digital Solutions, AB Bank Rwanda, Access Bank Liberia, Access Bank Zambia.

This is a rare circumstance where we bring you one of East Africa’s top-notch Information Technology experts. This time we were at Radisson Blu Hotel in Nairobi where met Innocent Muhizi who recently moved out of I&M Bank in Kigali Rwanda and took on a Senior Consultant role at three banks located at different regions on the continent namely AB Bank Rwanda (in Eastern Africa), Access Bank Liberia (in Western Africa) and Access Bank Zambia (in Southern Africa). Muhizi, a jovial and constantly happy man answered all our questions with so much interest. The following are excerpts of the interview we did with him… 24


COVER STORY is a breach, in case there is a security problem? Some of the interventions that are being promoted in Rwanda and I believe this is across East Africa and other regions as well is

QUESTION: Tell us briefly about yourself and how you became a leader in IT? Muhizi: My name is Innocent Bagamba Muhizi. I am Rwandan by nationality, I have been in the IT Industry for now over 14 years. Started off in the Public Sector then went to the Private Sector. Starting from being an IT professional up to of recent, in the past 6 years I have been in the senior IT management in commercial banking sector. I have done a little bit of telecom regulations, payments systems implementation in the banking sector, General IT and systems integration. So basically the last six years of my career I have been in payment systems, digital banking and electronic services, over and above the daily CIO duties. Payments technologies implementation: What are some of the new technologies that are being implemented in Rwanda around payment technologies? In Rwanda we have quite interesting technologies that are coming up, one of them being the mobile, this is not only in Rwanda but rather a global phenomenon. A lot of payment services now use mobile either through some products developed by commercial banks or those developed by telecom companies. There are others developed by FinTechs that are starting up in developing their own payment services using mobile technologies. However, that’s not only it, internet banking is also now a thing that is commonly used by all the premium service providers and that is spread across different sectors. When you can be able to pay your taxes, you can be able to pay your bills, you can be able to pay school fees using either your mobile or your internet banking services. There are cards that are used quite a lot in the market now. We have started to see NFC being used and some biometric services, and I believe this is just the beginning. How widespread is this, the use in the country? It is quite widespread and just like it is across East Africa, it is really widespread in Rwanda where you go to all the corners of the country you’re able to get at least ability to pay your bill or ability

1. You have to define the policies and procedures that have to be followed.

to top up your airtime or ability to send money across from one city to another city and we see that it has taken foothold on all the services and across all the parts of the country. Basing again on payment technologies, we hear a lot about security being a challenge, so what security challenges have been observed in Rwanda via payment technologies? I would say that in Rwanda as of today, God Forbid! We are still a bit lucky we have not been hit big by any incidents of a security breach but generally information security or payment security is something that every chief executive or every senior official in any organization should be worried about. If you take the recent example of a couple years when one billion dollars was lost by banks in Europe, recently 80 billion dollars was lost by a Bangladesh bank through SWIFT Payment Systems which is believed to be one of the most secure systems. That is a clear indication that people need to be concerned about that and there are so many tools out there that organisations need to employ but the challenge is the technical knowhow, the financial requirements and the processes of implementing some of these security solutions that are provided. What interventions do you think Rwanda is prepared with in case there | NOVEMBER 2016 | CIO EAST AFRICA

2. You have to provide technologies that are able to run on those policies and platforms. For example right now there is a move to do security managed services, this is a monitoring system that will monitor any potential hackers and potential outbreaks of security incidents, then you are alerted of that breach and this scans not only one market but across the whole world and these are some of the solutions that technology providers of security services providers are providing for organisations to look at and then of course over and above that 3. You have to put in a rigorous encryption systems with different algorithms to be able to protect to your network. Let’s talk about IT teams, you’ve been leading them and you’re still leading them and possibly you’re going to continue leading them, how has been the one that you have been leading of late? They have been excellent, IT teams are the unsung heroes of the industry. There is someone who likes to say, “You enter into a room you switch on your light and they come on but you don’t understand the effort, the energy that has gone into enabling you to switch on that light and it comes on”. The IT teams are like that, the IT teams do a tremendous amount of work behind the scenes and when things are working you don’t need them or you don’t even recognize them but when things fall apart that’s when people start to call them names and give them this and that but really the amount of work they do is phenomenal. How would you go about retaining the best among your team, what do you put in place in order to retain? One of the misconceptions that people have is to think that if I give you money 25

COVER STORY then you would be satisfied. That is a wrong approach. Find out what would interest these guys, at the end of the day you will find that they are not only interested in money, they want recognition, they want to know that their ideas are heard, they want you to know that what their soft spots are, what they care about. So the moment you package this all together then you would be able to see these guys stay with you longer. They have brilliant ideas but because some of the organisations are locked into this rigid way of looking at things you don’t give them room to excel, but rather say I am going to pay you money and that’s it then you have it wrong. You will realize that actually you could pay me less but cater for what I care about and I would take that. As a CIO, what are your big plans in the future, what ambitions do you have? If I could push any and every CIO to transition from that role into a CEO, because if you’re able to get somebody who has the technical understanding of the nitty-gritty of how the system works to get to the level where you look at the big picture from the business point of view then you have a fantastic CEO and that is my plan, that is my ambition. In the role that I am holding I want to be the enabler, I want to be the business champion. What technologies are out there that improve the bottom-line of the organization, how can I do that securely and how can I do that reliably so that our customers are able to see and feel that you’re a true partner in their day to day lives. What are the priorities that you’re going to take for the year ahead? Number one is the digital transformation of the organization meaning introducing digital solutions, digital products but also not losing your sight of information security. All this digital solutions that we give due to our customers. Our customers have to have the confidence that they are secure. Number two, they have to know that you will be available anytime and every time they need them so the liability and infrastructure optimization is very paramount. Basically, those three pillars if you will are my focus going into the new year ahead. 26

What do you think will impact or create disruption in the coming year? There are quite a number of things that are happening. Number one, Analytics by far is going to be the enabling point. Two, we have a Blockchain that is coming which is a concept that not so many people understand but this is going to sort-of transform the industry so to speak. We need to be aware of what it is, what it offers, from a 3600 we need to look at it objectively and see what if offers as an industry and Cloud Services are out there and they are giving organisations ability to be able to do what they were not able to do before. On top of that there is Internet of Things in the near future is going to be the day to day thing. So there are quite a number of technologies that are emerging that are going to sort of transform the entire IT landscape.

Are you preparing for them yourself at the institution? Currently we are looking at stabilizing the infrastructure first and then we start to look into these technologies. The digital solutions are a very key consideration for our business and we are definitely looking at them. What advice do you have for others who are aspiring to work in Finance Technology? My advice would be to understand two things, one know your business roles, understand the business you’re in and by doing that you have to understand customer needs. Two, you have also to look at the technologies side, what technology tools are out there that are going to enable me to serve my customers better and I think if you marry those two you will be able to do quite well in that role.



Business as usual is never usual and the Latitude 13 7000 Series is said to be the world’s most secure 2-in-1 device, combining a lightweight business Ultrabook and a detachable 13-inch tablet in one powerful device without compromise.


The vendor says this device offers true business productivity where users can work how they want, where they want with all-day battery life and a full business-class backlit keyboard, bolstered by the latest generation Intel Core M processors.

caught off guard — share information easily and connect to a projector, display or TV. • Dell Premier Sleeve + Stand, customized to protect Latitude 13 7000 Series 2-in-1. • Dell Active Stylus, for hands-free viewing, navigating and note taking on your tablet.

When paired with accessories purposefully designed by Dell for this device including a carrying case, sleeve, power companion and universal dongle, the Latitude 13 7000 Series 2-in-1 delivers ultra-mobile professionals a first-class productivity experience. And IT will value managing just one secure, manageable and reliable device, versus separate laptops and tablets. For true business productivity, the Latitude 13 7000 Series 2-in-1 is designed to keep you productive – on the road or at the office – with powerful business-class features: • Multitask throughout your day with powerful Intel Core M processor and Intel Core M processor family – optimized for 2-in-1 devices. • Enjoy ample viewing area for your content on the large 13.3-inch Full HD touch display. The latest 10-point capacitive touch technology delivers pinpoint accuracy and supports the optional Dell Active Stylus for easy note taking. • Work comfortably on-the-go with the full-size business-class single point ISO keyboard with standard backlight and the convenience of two USB 3.0 ports on the keyboard base. • Stay connected wherever you are with superior connectivity options, including LTE/HSPA Mobile Broadband and Bluetooth 4.0. • Go longer in between charges with up to 10.5 hours of battery life when connected to the optional 2-cell battery in the keyboard base.

All in all the device is made with security, manageability and reliability

• Also, with Intel Pro Wireless Display technology (Intel Pro WiDi), users can connect wirelessly to projectors and displays with the security and configuration capabilities Latitude 13 7000 Series 2-in-1 is an office To achieve ultimate mobility, a line of accessories purposefully designed for the Latitude 13 7000 Series 2-in-1 creates a functional mobile office that can keep on-the-go professionals productive throughout the workday. This Dell Mobile Office includes: • Dell Premier Briefcase, a functional bag to carry and organize your device and accessories in a sleek, TSA checkpoint friendly design. • Dell Portable Power Companion, provides extra power for all your devices (PC, tablet and smartphone) so that you’re always charged, even without a wall outlet (available soon). • Dell Adapter – USB 3.0 to HDMI/VGA/ Ethernet/USB 2.0, provides multiple connections so that you’re never | NOVEMBER 2016 | CIO EAST AFRICA

The world’s most secure business 2-in1: • Dell Data Protection | Encryption protects your data across all endpoints, including external media and in public cloud storage. Stop advanced malware in its tracks with DDP | Protected Workspace and enable advanced authentication options with DDP | Security Tools. The world’s most manageable business 2-in-1: • By building unique management capabilities into our business class PCs, Dell helps extend life expectancy to decrease IT issues as systems age. With Dell Client Command Suite, download free tools that help streamline system deployment, monitoring and updating in complex IT environments. Within our suite, download KACE K1000 Express, a free, easy-touse IT inventory tool that will manage warranty status, BIOS and driver updates, across your Dell devices. Plus Dell offers unique Intel vPro capabilities for updating your entire fleet of commercial endpoints at once, even if they’re powered off. 27



David Bunei Leading CISCO in 15 East African countries

CIO East Africa Editor Davis Weddi interviewed David Bunei the CISCO GM for East Africa and Indian Ocean Islands about his role and leadership at the company. The excerpts follow.


CIO East Africa: What does your role as General Manager Cisco East Africa and Indian Ocean Islands entail? David Bunei: It’s an incredible experience to be a leader at Cisco. We are about thirty years old now and we have been in Kenya for almost twelve of those thirty years, and I have worked in the IT industry for fifteen of those thirty years. When I look back, I have always had a great admiration for Cisco, a company that aspires to change the way we love, work, play and learn. So in my role as a GM, it really is an opportunity for me to make Cisco’s vision a reality for the citizens of East Africa and the Indian Ocean Islands. What has changed in your role ever since you assumed the position? On the 1st of August 2015, about a year ago I was appointed to the role. I had to start off with strengthening my team so that we deliver on our goals. As a result, compared to

where we were a year ago, we are now at the forefront of digital transformation in the region. Governments and our customers are now starting to trust us to work with them in creating and implementing digital strategies that improve the lives and experiences of citizens, businesses and their customers. What are the most important decisions you make as a leader in your day to day work? We’re going through quite a massive transition in the technology industry. Innovation is happening at such a fast speed that even the process of decision making needs to be disrupted in order to make sure that no opportunity is lost. If you fail in that decision making, then you need to fail fast and move on; thankfully nowadays innovation is much cheaper than it was before, enabling us to really horn into R&D. We also have to move full speed in a market that is facing lots of challenges and as a leader I have to narrow down decisions CIO EAST AFRICA | NOVEMBER 2016 |

IT AND LEADERSHIP to what is a necessity and what is a niceto-have. In brief, tell us your career journey? I received my first exposure to technology through a Mac II computer that was donated to our high school almost 26 years ago, I happened to be one of only three students in the whole school that was given the opportunity to provide digitized support to the school via this Mac computer. This really sparked my interest in computers so after high school I studied Electrical Engineering at the University of Nairobi. In 2000, at the dawn of the internet bubble, I received an opportunity to major in IT and IP Communication. I briefly worked in the telecommunications industry before I joined Cisco as an Engineer and later, a leader in the company’s Sales Organization.

It is very important that all our employees are Cisco believers. We want our people to be absolutely committed to being passionate about we do. and governments are definitely one of the biggest consumers of country digitization just by the breath of their operations which has become highly dependent on technology to be able to offer good services to citizens. In East Africa and the Indian Ocean Islands we have been working with government agencies to support digital transformation of ports, mobile operations and transportation to name a few areas. Today, our strong relations with government has allowed government to trust us to

That means your whole career has been at Cisco? I have been with Cisco for twelve of the fifteen years I have been in the IT industry. I am deeply passionate about solving the problems of customers in an effort to change the way we do things and Cisco’s vision is about changing the way we live, work, play and learn. I am fortunate to work for a company that aspires for the same things I do. Who mentored you in your career? There are a lot of mentors who have supported me throughout my career. To name one; David Gatama, founder of LANTech offered me my first job and under him, I got a lot of exposure about the possibilities of IT. He also inspired me to one day also reach out and mentor and sponsor others that come after me. What are some of the notable government projects you can talk about working with government? It’s fair to say that over the last thirty years, Cisco has been a significant contributor to the growth of country digitization | NOVEMBER 2016 | CIO EAST AFRICA

expand our expertise to other areas including security. In my role, overseeing fifteen countries, I intend on making sure that we retain our current work with government by continuing to provide first class work and secondly to expand our base by constantly staying ahead of our competitors. We invest a portion of our annual profits to R&D remain at the forefront of innovation. Is there a specific project that you can mention? I have already mentioned some above. We have also been involved in the national data centre for one of the East Africa governments, it was a big project and I believe there are similar projects that have happened across the region. The government’s national service delivery priorities including national IDs, driving license, and over 100 applications run on the data centre. Did Cisco vie for the one in Uganda, the national ID project? Cisco leverages a channel strategy globally to deliver its products and services, in the region we have an extended set of partners that we work together to support our customers. Cisco has one of the strongest set of ecosystem partners who also acts as our Go-to-Market so for most projects globally and in the region we leverage these partners, we continually invest in our channel partners to ensure our customers receive the highest level of support in each country we operate in. What challenges do you face as the GM and how are you able to work around these challenges? As a leader in a very dynamic environment where the speed of change is so fast, the biggest challenge is anticipating both what will happen next and 29


what needs to happen next. Currently, I am undergoing a huge process of investing in educating and exposing the younger generation to the Internet of Things (IoT) because as the future workforce, they need to be adequately equipped for what lies ahead. The Cisco Networking Academy has trained 92 800 African students in FY16 of which 32% are female. From your own perspective, is the mission, the core values or the vision the most important to your organization? They are all very important because together they make us who we are, a global networking and technology leader. We have been named one of the top companies in terms of integrity; we are renowned globally as the best company to work for, and we are leading in most if not all - our core competencies. This is because we understand that at the core of our company is our mission, values and vision and we never lose sight of these in everything that we do. That actually brings me to next question on how you align Cisco to its core value? We do a lot of internal training to make sure that we are not only aligned to the company values but we also believe in 30

them too. It is very important that all our employees are Cisco believers. We want our people to be absolutely committed to being passionate about we do. What advice do you give someone going into a leadership position? It’s very different for each individual but firstly, it is important to understand yourself, to be guided by values, to understand your role in shaping your team, and to live this on a day-to-day basis. I also recommend constantly improving and reinventing yourself as a

leader in order to stay relevant with the rapidly changing times. Reading and exposure goes a long way in this regard. What resources would you recommend for someone looking into to becoming a better leader? I read a lot of leadership books. I also read a lot of technical books so I keep abreast with my Engineering peers. Some of the common ones I enjoy is Stephen Covey’s “7 Habits of Highly Effective People”, and “Good to Great” by Jim Collins. I am currently reading a book titled “Coherence” by Dr. Allan Watkin and it is about understanding yourself and the environment that you operate in so you are able to adapt that to what is required of you as a leader. What would be your advice to CIOs in East Africa and Indian Ocean Islands? CIOs in our region are becoming more important than ever before. This is a challenging environment with a lot of change, turbulence and everything is about disrupting the known in order to have a fast and sustainable impact. My advice would be for CIOs in our region to position themselves and their organizations for digital disruption by putting mechanisms in place that enable them to be at the forefront, to remain competitive and to be agile.




Marn e Dunn on driving digital literacy in Sub-Saharan Africa To anyone who has access to the internet, tools like Google Search remain just that a search engine. We use the tool to access any sort of information and many are the times that we hardly appreciate the power to access information at any time.


ut how about a woman in the rural parts of Kenya, who for the first time gets access to internet and the first thing she chooses to search is why she takes in so much water. Then the first few results shows that, taking in too much water could be a symptom of diabetes. She searches further and gets to realize that she has a couple of symptoms for diabetes. She goes to the hospital and it’s

confirmed that she is diabetic but since she noticed early, the disease is treatable. This is just one of the many stories through The She Will Connect Platform and My Digital Journey which is a web-based application with gaming mechanics where women are empowered to learn individually or in a facilitated environment, and with the support of a peer network. My Digital Journey uses case scenarios relevant to women in the form of challenges, which gives them the opportunity to practice solutions before moving on to the next level. The platform is a new addition to the Intel She Will Connect program, which aims to bridge the technology-gender gap, to teach young women how to leverage the internet and technology to pursue their goals. Intel She Will Connect was introduced as a direct response to findings of the Women and the Web Report, which examined women’s access to and use of the Internet in low and middle income countries. The Report found that, on average, there are nearly 25% fewer women than men are online in developing countries. This represents 200 million fewer women than men online today. In Sub-Saharan Africa, the size of the gap is 43%— the largest across all the regions in the study. | NOVEMBER 2016 | CIO EAST AFRICA


WOMEN IN TECH But then who heads this initiatives at Intel Corporation? During the launch of the Intel Caravan, that is set to provide digital ICT to communities in Kenya’s peri-urban and rural areas we caught up with Marne Dunn Digital Literacy Strategic Program Manager at Intel Corporation. Marne began her Intel career in 1996 and is currently leading the Intel She Will Connect Program among other programmes focused on closing the gender digital divide and empowering women through technology within Corporate Affairs. Prior to joining the Corporate Affairs Group, she held various business, technical, marketing and management roles in ICT including a 10 year SAP career she concluded sharing the Intel SAP story with customers throughout EMEA, APAC, and North America.  As a lifelong volunteer she has a strong belief in teaching to enable self-sufficiency, community developed and community led sustainable programs.  In 2010 Marne earned the US Intel Hero award and served with the Intel Education Service Corps in Kenya.  “It is such stories that make me feel motivated to go on doing what I do,” she said with a smile during the interview. ”I started working in the Digital literacy space back in 2005 as a volunteer in the underserved communities focused on Women completely and homeless women and what they needed technologically.” She further added, “Coming into the ecosystem through Intel, especially on the technical side, I was the only female in the room. Travelling internationally, that became worse. Sometimes, I sense the surprise when I begin leading technical discussions. It’s pretty normal for a woman in technology that these are things that they would face.”

which was geared to digital literacy for adults. Years later Intel then launched Intel She will connect which seeks to completely close the Digital Gender Divide specifically where it is largest that is in the Sub Saharan Africa. “We have also developed an Intel She will connect app. This app creates awareness talking about the gender digital divide gap and why we need women connected. We share stories of impact connectivity has had in Women as well as basic tutorials in internet,” explained Marne. To bridge the gap, Intel also partnered with Arizona State University to create My Digital Journey program. Since the start of the She Will Connect programme in Kenya, the programme has reached 60,000 women mostly through face to face training. Across Kenya, Nigeria and South Africa the programme has impacted 180,000 and the reach could be much broader. “Through our free basics content we have reached a million women across 20 African countries where content has been translated into Swahili and French,” she added.

So how did it all start? “Intel has a history of running digital literacy programmes that date back to 2005 with the Intel Learn which was not technology based. It was focused on 21st century skills but utilizing technology in developing this skills,” said Marne.

“When we started the Programme we focused on reaching 5 million women by 2020. We first focused on reaching women but we have since shifted our focus on the impact our programme has reached. We have been looking at the Case Studies from the studies,” she said citing an example from the earlier quoted case study.

After that Intel through her leadership developed the Intel Learn Easy Steps

“As more women get into ICT there would be a lesser concern as there will


be many other women in the room, but for now there is still gender digital divide in respect to the poor level of ICT Some of the implications really have to do with access to information. Women always create a ripple effect when they learn something new,” she said. “When women have access to information, they tend not to keep it to themselves. This in turn affects the quality of businesses, families and life in general. So you can imagine the ripple effect when that access is not there,” she further added. To Marne there are several reasons why this gap exists, one has to do with the perception of technology, and the other has to do with the perception of what it means to be on the internet. “We found out that when we asked women why they weren’t connected they would say things like, “there is nothing on the internet for me. If that’s your perception, there is no way you would go anywhere near the internet because you don’t believe there is anything there for you. “As Intel, one thing we are changing is perception. So part of what we are looking at is how do you talk to women about what their specific needs are and introduce how technology can help them. For girls who desire a career in tech, the main thing is to stay curious and keep learning and asking questions and look for those role models. There are women in technology in Kenya that are around, so don’t let anybody tell you, you can’t do it because you are a girl,” she concluded.



FasterDev wins at AITEC for being able to accelerate, automate software development To mark the 10th anniversary of its Banking & Mobile Money COMESA Conference, AITEC selected the region’s 20 most promising and innovative Fintech start-ups to demo their products and services at the Sarova Panafric Hotel, Nairobi, Kenya. FasterDev was among the start-ups that took part in the competition, where they emerged as the winners.

“AITEC was an opportunity to learn, connect and gain exposure. For a start-up like FasterDev, those three things are sometimes even more important than trying to sell our solution,” said Amadou Chico Cissoko, FasterDev, CEO, during an interview with CIO East Africa. FasterDev is a technology tool that accelerates and automates the process of developing software for most business applications, whether on desktop, web or mobile. In most commonly used programming languages like; Visual Basic.Net, C#, Aspx, Php, AngularJS, HTML & JavaScript. The company enables freelance software developers and software development firms to reduce time and costs of developing software for themselves and their clients. “Developers feed the software with a database and choose the functionalities they would want and the rest is magic,” opined Cissoko about their product. “FasterDev is at the moment able to deliver hundreds of thousands of lines of codes, multiple user interfaces (UIs), designs, database conversions and data generation, basic reports and various commonly used plug-ins for business application software in a matter of seconds,” he added. | NOVEMBER 2016 | CIO EAST AFRICA


The most elaborate application so far made from FasterDev is Bankopa; a SACCO Management ERP software. Cissoko says that on a conventional approach, developing Bankopa could have take about 6 competent programmers a year or more to complete. “We did it in just over two months with only 3 programmers. It is a working solution that has now been rolled out to a number of SACCOs in Kenya. We have currently got requests coming from Botswana and Lesotho, and we are sure to get more calls coming,” Cissoko continued. FasterDev was co-founded by Cissoko and Hannington Mambo, who is also the company’s CTO, as an internal tool within Mambo Software, a company that provides off-theshelf software in the East African region. “Hannington and I met during a Business Networking forum, where he did a short presentation of FasterDev to the group and no one seemed to understand it. I approached him later and told him that I saw something in him and what he’s built and I would be willing to help him bring it to life,” he continued. According to Cissoko, the strength of the FasterDev team lies in their combined experiences in building businesses and building enterprise software. He and Mambo are both award winning, hardworking and dedicated entrepreneurs with a diverse and complementary set of skills, knowledge and networks that give them an edge in this industry. The entire team currently consists of a core team of 2 with 4 other collaborators. “As we grow, we intend to create our own ecosystem, by organizing competitions and hackhatons within the Nairobi Tech and Innovation ecosystem in order to identify, attract and nurture the best talent.” Cissoko concluded.





usinesses face a huge challenge in protecting networks from cyberattacks, but consider for a minute some of the complexities involved in physically protecting network and ICT infrastructure. I am responsible for network operations of largest independent pan-African fibre network.

For us our physical security requires meticulous planning to minimise the risk of fibre cuts or theft of network equipment. In a nutshell, our tactic is too dig it deep and hang it high. Our fibre can either be found 1.2 to 1.5 metres safely tucked away underground, or at the very top of utility poles running alongside electricity lines. Other operators in the region are deploying fibre as fast as they can, but sometimes at the cost of leaving their networks exposed. In several cities I have visited there are many cases where the wires have sunk so low from the pylons that anyone could come along and grab hold of them or inflict accidental or malicious damage. There are some incidents that are hard to avoid, however. Contractors digging up roads, for example, may accidently hit and damage fibre – often reburying them and running away shortly afterwards. Or criminals sometimes venture down manholes and destroy fibre during a misguided quest for copper. The long outstanding Critical Infrastructure Bill in Kenya seeks to protect networks from such damage. Most ICT and Telecoms networks will have different levels of site classifications requiring different levels of security. The architecture of any modern big 34

The impact of failure at a branch office could impact service availability across an entire region or location.

Network infrastructure is generally not the most obvious target for criminals, but the growing threat of terrorism is changing attitudes to protecting physical infrastructure. Deadly terrorist attacks across East Africa have prompted businesses to invest further in physical security across their operations.

network is highly distributed. And naturally leads to 3 or more levels. At the core or central office sits the data centre, at branches or network nodes sits networking equipment to connect users to the central office, and at the edge are the devices which access the network. The impact of failure or data loss at data centre level could leave a whole country or business affected by service failure, and so these are our most secure sites: electric fencing, full CCTV coverage, armed guards, access control finger readers – the full works. The impact of failure at a branch office could impact service availability across an entire region or location. Security remains high at these sites, which are monitored by CCTV and security guards. The impact of failure from an edge device will only impact a user or small group of users. Edge devices can include network CPE devices, laptops, smartphones< point of sale devices. Here edge switches are kept under lock or entrusted to specific individuals. Basically at this level there is weak or low physical security. Theft may have minimal impact on business continuity but can result in large amounts of data loss if devices localise data that is not encrypted and backed up to the central office

In 2006, I was working in Nigeria alongside an engineer, who asked me to wait in his car while he went to attend a quick job at a bank. He wasn’t quick and after half an hour, I decided to go and find him. I strolled through the building into the room where the main core banking servers were located to find the engineer. The firewalls in the racks remain to this day some of the largest I have ever seen. But I was able to walk straight up to them without a single person asking me for ID. All that investment in protecting the networks from cyberattacks, without giving a second thought on how to secure the equipment itself. This would never happen anywhere in the region today. Over the last ten years, businesses have woken up to this kind of vulnerability – be it more down to fear of a criminal brandishing a gun rather than one with a memory stick hidden up their sleeve. But it still serves as a valuable lesson to businesses: investment in the latest cybersecurity technologies should always be matched with investment in the physical protection of your equipment. The Author – Ben Roberts is CEO of Liquid Telecom Kenya



HOW CLOUD TECHNOLOGY CAN TRANSFORM IT IN AFRICA Cloud technology is being hailed as an African success story but what does its future hold? BY BRETT PARKER



t’s only a few years since major cloud providers were wary about investing in Africa due to concerns around connectivity and electrical supply. The fact that companies such as SAP, IBM, Oracle, Huawei and Amazon are now all enthusiastically investing in the continent is a testament to Africa’s significant economic and digital progress over the last decade. Many business and political leaders see cloud technology as having the potential to transform the African technology industry. But can it live up to the hype?

The cloud on the go According to the International Telecommunication Union (ITU), the penetration rate for mobile broadband in Africa is 17.4%, up from just 2% in 2010. If you include all mobile phones, then 38% of all Sub-Saharan Africans are connected. In comparison, only 0.5% have a fixed broadband connection. For this reason, many of the first wave of African cloud services are designed specifically for mobile phones and many of the expectations vested in cloud technologies are for the mobile cloud. Considered together, these are early signs that mobile cloud technology is starting to deliver. But it’s on the ground where the impact of the cloud is being felt most profoundly. In South Africa, for instance, community health workers are using a mobile app to register patients and upload their data to the cloud, cutting admin overheads and helping them treat more people in less time. In Nigeria, pharmacists and patients are using a cloud-based service to verify the authenticity of prescription medicines. And in Kenya, local innovators created a cloud-based market-tracking app for farmers trying to get the best prices for their goods.

The beauty of these apps is that they provide services tailored to available mobile bandwidth on relatively low-powered devices which people already own. The processing overhead is moved into the cloud, so users pay only for what they need.

The cloud moves inland While mobile cloud might be the African cloud story most people are talking about, it’s not the only story. At the same time, African governments - often with Chinese support and investment - are extending their national data backbones beyond the capitals and coastal cities. In 2015, 19 African countries announced projects that will see 22,000 kilometres of new fibre cable laid in non-metropolitan areas. The advent of fast broadband in cities such as Lagos, Nairobi, Accra, and Cape Town has already created a demand for fixed-line cloud services that is changing the way those parts of Africa work. And the immediate impact has been much the same as elsewhere in the world. Public and private sector organisations in well-connected areas have used the cloud to rationalise and save costs. The Nigerian government, for instance, saved US$70 million by moving its payroll functions to the cloud.

The cloud changing lives For many Africans, being able to access services quickly and conveniently through the cloud is demonstrably changing their lives. In Ethiopia, for example, much of the storage and processing of government data has been moved into the cloud. But the story in Africa is in fact much bigger than that. The first wave of cloud providers on the continent were predom- | NOVEMBER 2016 | CIO EAST AFRICA

inantly global players such as IBM, Cisco, Oracle, Huawei and SAP - working in partnership with local providers who knew the market. “Dimension Data is proud to be the first certified SAP partner in Africa able to provide a complete managed cloud environment to SAP customers”, explained Paulo Masselli, CEO of Britehouse, a division of Dimension Data specialising in SAP solutions. But often, for African cloud companies, this initial partnership is only the start of their story. Many are now moving beyond simply providing execution and are bringing their own products to the market. In 2015, the African sub-sea cable company SEACOM started Pamoja, a company dedicated to bringing cloud services to African businesses. In Kenya, analytics start-up SuperFluid Labs is taking its cloud-service global. And in Cameroon, Koomzo offers cloud-based management systems to the country’s schools. There was a time when so-called experts would say that Africa did not have the infrastructure or market conditions to support cloud technology and the many benefits it could bring to citizens on the continent. But these misconceptions are now being dispelled and it is clear that the opposite is in fact true. [We are seeing an explosion of cloud-powered developments in Africa similar to the rapid expansion of high-tech manufacturing in China 20 years ago.] African companies that partner with international players in cloud computing are fast gaining access to expertise, finance and global networks that have the potential to give them the push they need to develop technology products to meet the demands of the African market, and beyond. The Author Brett Parker is Managing Director SAP Africa 35

AFRICAN. We can protect mines from downtime that can cost millions in lost earnings. We believe in the strength of African Mining. It’s why we’ve built Africa’s largest fibre infrastructure and provide an award-winning satellite network, capable of keeping any mining concern as connected, protected and productive as possible. Because we are not just a telecoms company. We are your technology partner.

Building Africa’s digital future





his means that the burden of responsibility has shifted once again back to the CIO rather than the CMO whom we had originally considered to drive organizational growth. The reasons for this are pretty plain, putting it simply our connected infrastructure for the region is built around an unstable model. A good example is the average 22 fiber cuts experienced in Kenya every single day. Another example is the larger and more complex cyber-attacks that have inundated every aspect of our technology environment where even our own employees become the weak spot through mobile devices for highly targeted and swift attacks through ransomware, spear-phishing and other types of generally destructive invasions of our day to day lives. The list could go on but the further challenge remains the lack of remedy from a government perspective to be able to address all the injustices against this regions CIO’s. Several high profile CIO’s have this year lost lucrative jobs in this market simply due to the fact that they were completely incapacitated and their and info

stripped by cyber-criminals. Boards are no longer tolerant to the idea of a CIO who is not in complete and thorough control of every iota of anything even vaguely resembling technology. This has in turn created and newly emerging breed of CIO in 2016, bolder, more determined, dominant and decisive. This new CIO, a survivor of an alien global technological cyberscape, fraught with the constant risk of global negative and malicious attacks. The new CIO’s in this region are a demanding, no character who won’t take no for an answer. The biggest beneficiaries of this of course are the large tech MNO’s who are capable of creating order out of chaos for the right price. This does mean that the region has stayed right at the forefront of very advanced developments and solutions that are constantly being churned out of research and development divisions of the largest ICT Vendors many of these heavily funded by Government in developed countries. The world is as it were coming together once more in a unique and beautiful

Already in the pipeline there are whispers of amazing evolutionary and ambitious projects that one prays will be brought to life to the amazement and benefit of all. 38

manner to the benefit of our captains of industry and a youthful service driven populace of consumers. No amount of incentive will cause today’s CIO to go back to the lax days of supervised vigilance and timid management. Today’s guys and girls carrying the title of CIO bear the scars of real life experience and narrowly averted disasters that remain solidly branded, a constant reminder transfixed right at the center of their frontal lobes. Good progress has been made but as I often say ‘the good is the enemy of the best’ and the best is yet to come as the region begins to prepare for some of the largest and most aggressive investments into industry the greatest achievements lie ahead bolstered by the fact that not only are the most advanced solutions and technological innovations available here but also by a highly trained and skilled workforce, ready to take up and handle any new challenge assigned to it. Election ‘fever’ and global economic pressures may play a role in affecting future environments but one thing’s for sure no amount of negativity will be able to hold back the surge in investments by bullish, dominant, conquering CIO’s in this region over the next 24 months. Already in the pipeline there are whispers of amazing evolutionary and ambitious projects that one prays will be brought to life to the amazement and benefit of all. It is all coming together across highly redundant, geo-dispersed, cloud and mobile enabled secure environments that are the hope for our future.



Threat to the CIO role and emerging opportunities BY JAMES MURITU



any years ago, there was a role by the name EDP (Electronic Data Processing) Manager, that is no longer mentioned anywhere. Then came a fellow by name of IT Manager, that still features to date. The CIO landed with a bang and it’s still a very coveted role that most IT professionals want in their resumes. With the rise of Digital and Big Data, we are seeing some role definition dynamics that will potentially either put the CIO role under threat or create new opportunities. With the emergence of these new technologies, chief digital officers and chief data officers are starting to occupy the center seat. This new development is raising questions on whether these CDOs are turning out to be a threat to the CIOs role. The strive and appetite for businesses in Africa and globally to cultivate digital enterprises gave rise to the Chief Digital Officer role. It’s imperative to understand the three types of Chief Digital Officers: ex-Agency – these are the traditional interactive marketing leaders that view digital as “digital marketing”, Digital transformation strategists – change agents chartered with the reinvention of their organizations and lastly, Technologists – those who view digital primarily from an technology enterprise perspective. Gartner VP and distinguished analyst Debra Logan comments that the chief digital officers tend to be more on the marketing and sales side. In 2013, Deloitte published a report on the impact of digital disruption across 18 industries called Digital disruption: Short fuse, big bang. At that time, Deloitte predicted 13 of those industries would face significant

risk of disruption by 2017 as a result of the sustained growth and penetration of digital technologies. Delloite’s predictions were right and disruption has occurred way beyond the 18 industries and before 2017!. Digital has evolved significantly over the past few years, giving organizations a new approach to how they market and interact with their customers. It’s with this notion that savvy companies are appreciating the role of the CDO and giving the role some space in the ever crowded board room. For lackluster CIOS, the threat posed by a CDO is a relegation of the CIO role as an individual who understands zero about digital concepts and is best bestowed with managing the traditional IT enterprise. The opportunity provided for innovative and “go getter CIOs” is a chance is prove to the Board that they not only understand the traditional enterprise, but they also grasp digital and everything digital. The latter approach provides a golden opportunity for a traditional CIO to learn a whole new market and get some relief from the routine and operations stuff. The Chief Data Officer is a relatively new title. Two years ago, a Gartner report suggested that 19%of business leaders expected to recruit a chief digital officer while 17% foresee a chief data officer appointment. The chief data officer is primarily responsible for an organization’s data management and data mining with a high demand for them being seen in the in banking, finance and insurance companies that rely on Data management as a competitive tool. The CDO’s position arose in response to the | NOVEMBER 2016 | CIO EAST AFRICA

With the rise and rise of Big Data, most organizations will be hesitant to let the CIO wear both hats and would prefer to have a full time Chief Data Officer. demands posed by Big Data and the need to look at data beyond the transactional lens. In Africa, I can bet that most organizations are yet to appreciate any of these roles. For organizations that want to stay ahead of the pack and be more competitive the emergence of these new roles, provides a perfect moment to bring in talent that will help steer this agenda. An emerging opinion is that the rise of the Chief Data Officer might dilute the CIO role, especially for traditional inward looking CIOs. It’s however an opportunity for ambitious CIOs to either maneuver their way in the board room and get the Data role under their domain or gravitate towards this role. With the rise and rise of Big Data, most organizations will be hesitant to let the CIO wear both hats and would prefer to have a full time Chief Data Officer. The fact remains that the CIO role is here to stay, but pressure is building on this role to be more assertive and forward looking as more “Cs” join the block. 39


Advanced Authentication – a “nice to have” or an absolute necessity? BY KARIEN BORNHEIM



rganizations continue to face challenges with providing consistent, convenient and secure access from different devices to enterprise, third-party applications and cloud-based services,” according to Gregg Kriezman, VP, Research at Gartner. “Organizations that proceed with disjointed Identity and Access Management and Enterprise Mobility Management may delay or lose opportunities to provide users with consistent convenient access while adequately protecting the enterprise against threats that increasingly overcome traditional access controls.” In today’s global and connected world, customers, clients and citizens expect to have immediate, secure and easy access to business services and their personal data in order to interact with businesses and governments while employees, contractors and 3rd party suppliers expect to have immediate, secure and easy access to their relevant computer infrastructure, applications and data to remain productive in their jobs, regardless of location and device. The number of human users has also grown exponentially. Smart phones and tablets continue to evolve. IOT devices and mobile applications have joined the demand for connectivity and interaction, multiplying the points of exposure even further. Traditional credentials (username and password) have also proven to be vulnerable. As a result, the need for additional access and authentication controls has arisen to assist enterprises in reducing risk without compromising the end user experience. The term “Authentication” refers to the process of verifying a user’s identity when requesting secure access to IT systems. Digital authentication takes place when someone or something with a particular known identity proves that identity to the system to which access is required. The person or “thing” must prove exclusive ownership of the identity by presenting information only he, she or it possesses. This can be a password, a biometric trait, a token, etc. Successfully submitting the correct


credentials and having it verified by an access control system constitutes the process of authentication whereupon access is initiated. Traditionally “One-Factor Authentication” refers to a username and password login while “Two-Factor Authentication” requires an additional separate credential in order to complete the login process. This second credential may be a biometric fingerprint, a hard token or an OTP (one time PIN which changes every time the user logs in). “Multifactor Authentication” or “Advanced Authentication” refers to a combination of authentication methods - dependent on the user, the situation, the device, the location, the user’s role, the data sensitivity and the risk of a particular transaction. For example, accessing an email application from inside the workplace from a desktop by a known user that has entered the building with a biometric access control system may only require one-factor authentication as the risk is relatively low to the business while a customer accessing his/her banking application from out of the country on an unknown device would require multifactor authentication as the risk has grown exponentially. By adapting an appropriate level of authentication based on situational risk, organisations are able to tailor the user’s authentication experience to the proper strength. Solutions such as Micro Focus’s Advanced Authentication Framework and Access Manager allows the administrator to define context-based policies, such as the user’s location, device and time of access to assess the risk of the desired request, resulting in a dynamic approach to balancing simplicity and security making it more difficult for the malicious person to be identified as someone he or she is not. Advanced authentication mechanisms assist in defeating hackers, simply because it is more time consuming to defeat multifactor authentication than stealing or hacking a password. Advanced authentication consists of the following 3 standard authentication factors: • “Something you know” - knowledge committed to memory, such as a password or an answer to a secret question.

• “Something you have” - an item that is owned or carried, such as an access card, a smart card or a token. This equates to an identity document or a driver’s license presented at a bank. • “Something you are” - a physical attribute that can be identified, such as a fingerprint or voice. Authentication is achieved by combining “something you know”, “something you have” and/or “something you are” in various ways. Multifactor Advanced Authentication Something you know e.g. password

Something you have e.g. OTP

Something you are e.g. fingerprint

Successful access to data and system

Effective authentication has gone from a luxury to a necessity. High-profile stories about online attacks, compromised data, data and identity theft and online fraud dominate the news on a daily basis, resulting in reputational damage to the enterprise and the significant loss of trust and business. In addition, governments are tightening up on data protection laws that are holding company boards legally liable in the case of data breaches. Therefore companies and governments need to ensure that their authentication solutions are not only resistant to attacks, but also easy-touse, flexible and cost-effective. Footprint Africa Business Solutions (FABS), in association with Total Solutions Ltd and Micro Focus, provide Identity Powered Security to Enterprises and Governments across Africa. These solutions include Identity and Access Management (IAM), an Advanced Authentication Framework, Privileged Account Management, Security Information and Event Management (SIEM) and many other Software Services and Solutions that range from Endpoint and Mobile Management (ZenWorks), Disaster Recovery and Business Continuity (Platespin Forge, Migrate and Protect) and Security Assessments and Penetration Testing.






ynnott on the other hand, was a banker who rose to the roles of Head of Management Information Systems at Bank of Boston where he coined the term “CIO”. In other words, the term CIO was coined by two professionals who were not instantiated from the typical modern day CIO class or the perception thereof. When Gruber was interviewed in 2010, in CIO Insight, he said that “Many people think that the CIO is only responsible for the information technology and the information systems people, this is not true. The concept of information technology is broad, it includes the entire life cycle of the information from the production, diffusion, and use of the information technology to produce data to the application of what was learned from the data garnered by the new information systems. Information technology is used to manage the life cycle of information so that CIO is the manager of the information, rather than merely the manager of the information systems staff or information technology.” Gruber notes that in the 1990s only 7.7% of CIOs reported to the CEO. According to Nash/KPMG 2016 CIO survey, 34% of CIOs report to the CEO. The survey population was comprised 3,352 CIOs. This means that two in every three CIOs didn’t report to the CEO. While the gains of 26.3% further “validates how IT has become increasingly strategic as businesses seek to generate more money using digital technologies”, according to, the less than 50% is a major concern for an enterprise that is highly dependent on digital technologies. Gruber notes this of the case of failure of Lehman and Bear Stearns:

How can a CIO be strategic when the context of their sourcing is not? Consider these sample requirements of requirement of a CIO. Qualifications: •• B.Sc Computer Science or IT •• M.Sc Computer Science will be an added advantage •• PRINCE2 and ITIL Certification •• Ability to understand complex systems environment •• Able to run a 24/7 operations Responsibility •• Develop and execute ICT Strategy in support of corporate strategy •• Position ICT as a proactive technology driver •• Manage the relationships with regulators, industry and internal stakeholders •• Develop and manage the IT budget. The case above points to disconnect between responsibility and qualifications. The qualifications point to a techie, operational and PMO type of CIO while the responsibility points to a strategic, less techie and corporate focused CIO. It is likely the recruitment process would first examine qualification before further engaging the candidate. In this case, the techie candidate would score higher on first glance than the lesser techie candidate. This begs the question, “what does the enterprise require of the CIO?” The 2016 Gartner CIO Agenda Report identified the CEO-CIO relationship and categorized it as follows;

“It is obvious that the CIO was not a powerful force in setting standards for monitoring of risk. The CIO was able to produce high volume and speed of transactions but was not instrumental at the strategic critical success factors guide to senior management.” | NOVEMBER 2016 | CIO EAST AFRICA

•• 23% of CEOs consider their CIO as a trusted ally. •• 50% of CEOs consider their CIO as a partner. •• 25% of CEOs consider their CIO as transactional.

At a global level, there is an increasing need for a trusted partner more than a transactional (tactical and operational). Gartner says that in the next five years CIOs expect digital revenues to grow from 16% to 37%. Similarly, public-sector CIOs predict a rise from 42% to 77% in digital processes. The PwC 2016 Global Industry 4.0 report noted that annual digital revenues rose by 2.9% on average while cost reductions increased by 3.6% on average. While digital revenues are increasing and costs are decreasing, one key concern for enterprises about CIOs success is talent. Talent comprised 22% in the Gartner report. The concern on talent centered on information management followed by business knowledge / acumen. Gartner conducted a survey of 2,944 CIOs. This represented approx US$11T in revenue/public-sector budgets and US$250B in IT spending. On average this is US$85M IT spend. Assuming revenue growth would be at mid-point, of say 25%, translates to US$ 4.6B average five year growth. In those 5 years, the intensity IT spend to deliver that 25%+ growth would mean that US$85 average may increase initially in the first few years of transformation then dropping over the remaining years as changes take effect. Revenue growth anchored on lesser effort involved in making that revenue is what appears to be the key to unlocking the conundrum of a CIO. This is irrespective of the methods (or how to do this) adopted. To move the trusted ally from 23% to catch up with 50% partner in order to make a “trusted partner” requires a robust CIO who understands the dynamics of P&L items. Beyond containing IT costs, optimizing the entire value chain that makes the revenue, given the coherent and holistic view, would draw the CIO closer to enterprise knighthood. 41



How to retain relevance The personal computer revolution was a great event but sadly, it has stopped many of us from moving forward in sync with technological developments. We even went further to come up terms such as PC Server, what an oxymoron.


t is time we removed the personal from PC if we are to allow out compute to grow wings and soar into the clouds otherwise we shall continue to believe that the relevance of the CIO is dependent on how much heat they generate into the building. In a way encouraging virtualisation, colocation and cloud is personally hammering the last nail into the coffin of my business as it now stands. Over the past five years, our concentration has been on retrofitting existing data centres and server rooms to make them more efficient in terms of not only cooling but also monitoring and management. Our initial area of concentration was structured cabling and email/groupware solutions this paid the bills until a few years ago when the entire industry became commoditised and the cloud arrived. The reality of the cloud came home to roost when Google stole our customer making it crystal clear to us that the world had truly become a village. Many CIOs are sitting pretty believing that their function within the organisation is to keep the lights on, yes this could be one of the tasks but nowhere does it say it needs to be done next door to your office. In interacting with many organisations, I have seen the post of CIO being field by those with no clue about what a techie is instead they are flooding in from operations, finance and soon marketing.

Many CIOs are sitting pretty believing that their function within the organisation is to keep the lights on, yes this could be one of the tasks but nowhere does it say it needs to be done next door to your office. 42

The change is coming and it is a matter of when not if, so the sooner you let go of all that hardware and the technical jargon the sooner you become relevant again within the changing organisational structure.

As many of them are out of their league when it comes to talking technology they are more susceptible to discussions on issues such as managed services, outsourced services and cloud, words that are blasphemous to most IT heads. The first thing to do as you let go of the hardware is make sure that you have as few crisis as possible that relate to hardware, such as dead AC units, drained UPSs or accidentally unplugged patch codes. You can achieve this by optimising the data centre then reducing physical access to the bear minimum by providing secure and logged remote access to all equipment from the core switch to the GSM modem. Get remote visibility of the entire environment by installing SNMP and related services so that you are proactive in resolving issues as opposed to reactive. Once you have achieved this and are comfortable with not needing to physically touch the hardware to feel important then you are likely to be more receptive to discussions on colocation, the precursor to cloud, for those who need to deal with legacy issues. The change is coming and it is a matter of when not if, so the sooner you let go of all that hardware and the technical jargon the sooner you become relevant again within the changing organisational structure. CIO EAST AFRICA | NOVEMBER 2016 |

Transforming African Business Through Technology

QED is a leading niche business software solutions provider in Africa. We are at the forefront of the global technology marketplace, bringing the latest business solutions to Kenya and the African market. QED identifies and partners with developers of business enabling technology based solutions that are relevant to the African market. QED has an impressive portfolio of business solutions that include the eProcurement tools Tendersure, eRequester, and BravoAdvantage; ARCHIBUS, a real estate, infrastructure, facilities and asset management tool; ARITMOS, a fully integrated agribusiness platform; and K8, a fully integrated ERP platform for the distributive trades. QED is also a Sage X3 Certified Silver partner.

Our Solutions Asset, Space & Facilities Management

A real estate, infrastructure and facilities management system

Our Clients

Food and agriculture software solution

A strategic procurement platform

A web based purchasing system

A fully integrated ERP systems in trade

Business management solution

Tendersure Web Based Supplier Prequalification & eTendering

A tender management solution

Parklands Plaza, 7th Floor, 6 Chiromo Lane, P. O. Box 64960 - 00620, Nairobi kenya Tel: +254 20 234 3857, +254 773 570 801,,

SRX – Next Generation Anti-Threat Firewall High-performance security with advanced, integrated threat intelligence, delivered on the industry’s most scalable and resilient platform. SRX Series gateways set new benchmarks. Security for any size data center and enterprise edge. Offers a broad range of options—from all-in-one, integrated physical and virtual security networking devices to highly scalable, chassis-based data center solutions—that can defend enterprise data centers and service providers of any size.

Comprehensive threat protection Provides advanced, next-generation defense against known and unknown threats, with a comprehensive suite of layered security services both on-premises and in the cloud. All SRX Series gateways are built for resiliency, scalability, and availability to secure data centers or the enterprise edge against the broadest spectrum of threats.

Maximum performance and scale Supports fast, secure, and highly available data center and enterprise edge operations, with unmatched performance and scalability, massive session volumes, and flexible large-scale connectivity, with ultra-low latency performance of up to 1 Tbps. +254 20 420 1000

Carrier-grade reliability Delivers continuous uptime through in-service hardware and software upgrades, redundant components, and carrier-class hardware for resiliency. The high-end SRX Series gateways deliver six-nines reliability for nonstop business continuity and application availability.

Superior security value Provides outstanding value for high-speed, highly effective security services—even with multiple services enabled. The system’s flexible, modular approach protects your investment by scaling for future network growth.

westconafrica @africawestcon

CIO November Edition 2016