Issuu on Google+

WHERE W WH HER ERE RE TECHNOLOGY MEANS MEA BUSINESS ISSUE 269 | JUNE 2014 WWW.CNMEONLINE.COM ONLINE.COM

MOBILE MALWARE

SPECTRUM REFARMING

ROBERT BIGMAN

Former CIA CISO talks security

THE BIG DEAL The key to Big Data projects

HOT PROPERTY How Abdulsalam Al Bastaki brought stateside lessons and values to the Middle East IT scene

PLUS: NETWORK CAPACITY PLANNING | GAMEOVER ZEUS | OPEN-SOURCE CLOUD MANAGEMENT


The Business Tablet gets smarter Zero upfront payment on the latest tablets

Connect your business to the future with Business Tablet and enhance your business efficiency and employee performance.

4#APPLY

Benefits of Business Tablet: s:EROUPFRONTPAYMENT s!WIDERANGEOFTABLETSTOCHOOSEFROMLIKEI0ADMINI I0ADAND3AMSUNG'ALAXY sATTRACTIVEDATABUNDLESAVAILABLE'" '" '" '" s$ISCOUNTSONTABLETS s4HEWIDEST',4%NETWORKCOVERAGE

800 5800

etisalat.ae/businesstablet

I


EDITORIAL

The mobile revolution

Jeevan Thankappan Group Editor Talk to us:

E-mail: jeevan.thankappan@ cpimediagroup.com

Chairman Dominic De Sousa CEO Nadeem Hood

LTE is catching up faster than expected in the Middle East region, thanks to improving economies and affordability of LTE-enabled handsets. At the last count, there are around 20 LTE networks in the region, spread over eight countries. Mobile data consumption has been on the rise, especially in countries such as Saudi Arabia and UAE. The adoption of next-generation mobile services has helped to boost ARPU, following the drop in voice and messaging services revenue as a result of competition and OTT players. What is noteworthy about the roll out of mobile broadband technologies in this region is that we are ahead of some developed markets such as Europe, where the migration towards 4G is still at an early stage. In the UAE, which was one of the irst counties to roll out LTE networks, Etisalat has already deployed LTE Advanced, promising even faster and more reliable mobile access. In fact, LTE Advanced with its theoretical download speeds of 3Gbps is being touted by some as an alternative to ixed broadband networks. Although I am not sure if LTE-A is ever going to replace FTTH networks because of issues related to indoor-penetration, you can expect speeds two or three times faster than today’s LTE. Though the inlux of affordable handsets should trigger a faster roll-out of LTE across the region, there are still many roadblocks that operators have to overcome. The biggest hurdle is the availability of the most precious telecom resource – spectrum. Unlike others parts of the world, spectrum auctions are alien to this part of the world, and most operators roll out LTE in frequencies already assigned to them. With the spike in mobile data usage, most of them are staring at the prospect of overloading these spectrum bands, unless governments take the lead and encourage them to share spectrum and active infrastructure such as radio access networks. Another challenge for the operators is the dilemma of which network should they keep; most of them are operating 2G, 3G and 4G networks, which isn’t viable from a cost perspective. Industry pundits say service providers are most likely to keep 2G for the sake of global roaming, as data roaming still remains as expensive proposition. This is already happening in markets such as Pakistan where operators are leapfrogging 3G to adopt 4G. While the jury is still out on that, the most pressing challenge for them is how to monetise these next-gen mobile networks they have spent millions on building.

COO Georgina O’Hara Publishing Director Rajashree Rammohan raj.ram@cpimediagroup.com +971 4 375 1511 EDITORIAL Group Editor Jeevan Thankappan jeevan.thankappan@cpimediagroup.com +971 4 375 1513 Editor Annie Bricker annie.bricker@cpimediagroup.com +971 4 375 1499 Online Editor James Dartnell james.dartnell@cpimediagroup.com +971 4 375 1501 Contributors Randy Bean Mary Brandel ADVERTISING Senior Sales Manager Michal Zylinski michal.zylinski@cpimediagroup.com +971 4 375 1505 CIRCULATION Circulation Manager Rajeesh M rajeesh.nair@cpimediagroup.com +971 4 375 1645 PRODUCTION AND DESIGN Production Manager James P Tharian james.tharian@cpimediagroup.com +971 4 375 1643 Designer Analou Balbero analou.balbero@cpimediagroup.com +971 4 375 1504 DIGITAL SERVICES Digital Services Manager Tristan Troy P Maagma Web Developers Erik Briones Jefferson de Joya Photographer and Social Media Co-ordinator Jay Colina webmaster@cpimediagroup.com +971 4 440 9100

Published by

WHERE HERREE TECHN TECHNOLOGY TEC EC OLOGY MEANS MEA BUSINESS ISSUE 269 | JUNE 2014 WWW.CNMEONLINE.COM ONLINE.COM

Registered at IMPZ PO Box 13700 Dubai, UAE Tel: +971 4 375 1500 Fax: +971 4 447 2409

If you’d like to receive your own copy of CNME every month, log on and request a subscription: www.cnmeonline.com

MOBILE MALWARE

SPECTRUM REFARMING

ROBERT BIGMAN

Printed by Al Ghurair Printing & Publishing

Former CIA CISO talks security

THE BIG DEAL The key to Big Data projects

Regional partner of

HOT PROPERTY How Abdulsalam Al Bastaki brought stateside lessons and values to the Middle East IT scene

PLUS: NETWORK CAPACITY PLANNING | GAMEOVER ZEUS | OPEN-SOURCE CLOUD MANAGEMENT

© Copyright 2014 CPI All rights reserved While the publishers have made every effort to ensure the accuracy of all information in this magazine, they will not be held responsible for any errors therein.


Professional Expe results in Professional Serv We are committed to provide end-to-end services to our customers in their increasingly competitive markets. From sharing consumer insights to optimizing networks, our innovation serves you to offer an elevated customer experience.


erience

vices


EDITORIAL Our events

Game Over

Annie Bricker Deputy Editor Talk to us:

E-mail: annie.bricker@ cpimediagroup.com

This morning the IT world woke up to some very interesting news. The FBI, the UK's National Crime Agency, and a number of international law enforcement agencies announced this morning that they have signiicantly disrupted two of the world’s most dangerous inancial fraud operations: the Gameover Zeus botnet and the Cryptolocker ransomware network. Working with a number of private sector partners the cadre of agencies have seized a large amount of infrastructure used by both threats. Together, Gameover Zeus and Cryptolocker are responsible for millions of infections worldwide and are estimated to have been running since September 2011. Attackers have utilised Gameover Zeus to intercept online banking transactions, and supporting fraudulent scams at hundreds of inancial institutions globally. Cryptolocker is a form of ransomware that works by encrypting iles on the victim’s hard drive. No ix has been found for this attack yet, which leaves the victim with little choice but to pay for access to the affected iles. There is no doubt that these two choice pieces of malware are some of the malicious attacks in the cyber world, a fact which makes this story interesting to begin with. However, what truly peaked my interest was the takedown itself. The sneak attack on, dubbed “Operation Tovar,” began a week before the oficial announcement and is a collaborative effort by investigators at the FBI, Europol, and the UK’s National Crime Agency; security irms CrowdStrike, Dell SecureWorks, Symantec, Trend Micro and McAfee; and academic researchers at VU University Amsterdam and Saarland University in Germany. This is an unprecedented collaborative effort of government agencies in the ight against cyber-criminals. Coupled with the fact that private security enterprise was included in the effort and it is clear that the world is ready to come together and resolutely say, “Forget about jurisdiction, we aren’t going to take these attacks any longer.” Further, the US Justice Department just published a complaint that names the alleged author of the ZeuS Trojan, allegedly a Russian citizen named Evgeniy Mikhailovich Bogachev. The world’s authorities are naming names. I think this truly marks a turning point in the war on cyber-crime. A few years ago governments were just setting up and funding anti-cybercrime divisions. Now these agencies are standing together and working beyond their own borders to stop what prove to be global threats. I think it is an amazing turn of events and will change the way cyber-criminals are prosecuted from here on out. I hope that this is the start of many collaborative efforts between government agencies and private security companies. The only way that we can really start to bring down creators of malicious content is to work together as nations and consumers. If operations such as Tovar are the way forward, then I think the world stands a real chance in combating malware. Until then, stay safe out there.

BIG DATA

SYMPOSIUM

Our online platforms

Our social media

facebook.com/computernewsme

twitter.com/computernewsme

6

Computer News Middle East

JUNE 2014

www.cnmeonline.com

linkedin.com/in/computernewsme


Does your fibre system tick all the boxes?

LANmark-OF : Competitive Fibre Optic Solutions 40G

100G

tMicro-Bundle cables save up to 50% trunk space tSlimflex cords offer 7,5mm bend radius saving 30% space in patching areas tPre-terminated assemblies reduce installation time tMPO connectivity enables cost efficient migration to 40/100G

www.nexans.com/LANsystems

LANmark-OF brings the best fibre technologies together to ensure maximum reliability and lowest operational cost.

OF brochure

Accelerate business at the speed of light

info.ncs@nexans.com

Global expert in cables and cabling systems


Our Strategic Partners

Contents

Strategic ICT Partner

Strategic IT Transformation and Big Data Partner

Strategic Technology Partner

Strategic Innovation Partner

ISSUE 269 | JUNE 2014

12

BIG DATA SYMPOSIUM

HOT PROPERTY

62

10

Software-deďŹ ned everything This year's EMC World conference in Las Vegas showcased a range of softwaredefined storage products that is says will bridge the gap to third platform computing.

56 The Big Deal Mining Big Data can give businesses powerful insight into their customers and processes. However, poorly executed, a Big Data project can turn into a big problem.

12

Paving the way to Big Data The second edition of CNME's Big Data Symposium in Dubai defined what you need to know to underscore the success of Big Data.

62 Malicious Mobility Cyber-crime is on the rise and mobile devices are the new favorite targets of online criminals. As we live more of our lives on our mobile devices, how can we keep safe.

MALICIOUS MOBILITY

26 Hot Property Abdulsalam Al Bastaki, Senior Executive Director of Information Management at Dubai Property Group brings a sense of independance and ownership to the IT departments of a range of top comapnies.

78 8

34 Powering up The Saudi power utility company uses end-user IT analytics to transfor user experience and gain real-time visibility into the IT environment. 38 Managing the cloud CNME investigates the benefits of opensource cloud management and what to look for when choosing an management solution.

CLEAR AND PRESENT DANGER

Computer News Middle East

JUNE 2014

26

www.cnmeonline.com

71

Game Over Operation Tovar brought world governments together to to take down the GameOver ZeuS botnet. Lucas Zaichkowsky discusses why this collaboration is a game changer.

78

The age of the customer Victoria Strand, President of Ericsson GCC & Pakistan explains the importance of improving customer experience as a way to win business.

78

Clear and present danger James Dartnell sits down with Robert Bigman, former Chief Information Officer of the CIA.


The World’s Most Intelligent and Powerful NGFW Enterprise networks like yours demand the highest levels of protection and performance. Legacy security technologies have not kept up with the pace of change in the threat landscape and the evolution of your IT infrastructure. They cannot provide the protection you require. Fortinet’s Next-Generation Firewalls (NGFWs), powered by the cuttingedge FortiOS 5 operating system, brings intelligence to network security. Their unique features enable granular visibility and control on applications, devices and users for broad protection of the enterprise.

Healthcare Government & Defense Utilities ENTERPRISE SECURITY Service Providers Financial Services Retail

,QWHJUDWLQJ VXSHULRU oUHZDOO ,36 DSSOLFDWLRQ FRQWURO DQG 931 functionality with advanced behavior inspection, Fortinet’s FortiGate NGFWs help defeat today’s targeted external and internal attacks that intend to compromise your network. Whether protecting your data center and network perimeter or deployed as part of a managed security service, the FortiGate NGFWs deliver exceptional performance via purpose-built processor technology, making them ideal for securing high-bandwidth networks. /RRNLQJ WR oJKW DGYDQFHG WKUHDWV VHFXUH \RXU PRELOH ZLUHG DQG wireless environments or simply regain control of your IT infrastructure? You can rely on Fortinet FortiGate – the world’s most intelligent and powerful NGFW.

Talk to Fortinet today about moving your network to next generation security.

P O W E R E D B Y S E C U R E WAY

8 years of successful Middle East Distribution Authorised training centre Professional Services www.exclusive-networks.ae fortinet@secureway.ae

For more information please call us at +971 4 375 7612 or emial us at fortinet@secureway.ae

www.fortinet.com


IN DEPTH EMC World

Software-defined everything EMC hosted its annual EMC World conference at the Palazzo Hotel in Las Vegas, and along with its subsidiary VMware, took the opportunity to reveal a range of software-defined storage products that it says will help bridge the gap to third platform computing.

S

oftware-defined storage was the hot topic as 14,000 attended the annual EMC World conference at the Palazzo Hotel, deep in the Mojave desert. CEO Joe Tucci announced new product lines for his company, while right-hand man David Goulden, CEO, Information Infrastructure, EMC, delivered the supporting keynote. Tucci and Goulden were keen to stress the importance of bridging the gap from the second to the third platform of computing, and how EMC’s software-defined storage and

converged infrastructure will enable it to make the transition. “It’s important that we continue to manage the second platform and even first platform mainframes,” Goulden said. “By investing in new applications, companies can reduce the cost of first and second platform technologies and bridge the gap much easier.” EMC unveiled Elastic Cloud Storage, which can add hyperscale cloud capabilities to existing private and hybrid cloud environments and comes in packages ranging up to 2.9 petabytes per rack.

10

www.cnmeonline.com

Computer News Middle East

JUNE 2014

EMC claims ECS can reduce TCO by up to 28 percent compared to Amazon and Google’s cloud offerings, by achieving savings of 10 cents per gigabyte of storage. The four year TCO for 11.5 PB of raw data, or 5.7 PB of utilised object storage, is $5.7 million, while EMC says Google’s equivalent is $7.4 million, and Amazon Web Services’ at $8 million. “The entire written works of mankind, from the beginning of history in all languages would amount to 50 petabytes of data,” said Goulden. “In the last four quarters EMC Corporation has shipped 73 petabytes.” “By 2020, 27 percent of the digital universe will be generated by mobile connected things, while 40 percent of data will be touched by the cloud,” Tucci said. In the pipeline for some time now has been EMC’s software-defined storage offering, ViPR 2.0. EMC announced that ViPR 2.0 will geographically replicate data and give a cloudscale data centre. Running on commodity hardware and storage arrays, it caters for block storage and existing objects and HDFS. Off the back of IDC’s prediction that by 2017, flash will comprise 2.82 percent of enterprise storage, EMC announced its XtremIO


“It’s important that we continue to manage the second platform and even first platform mainframes. By investing in new applications, companies can reduce the cost of first and second platform technologies and bridge the gap much easier.”

flash array, which has scale-out architecture and data services that EMC claims are always inline. In a somewhat cheesy yet eye-catching move, EMC offered a prize of $1 million for the first customer who could prove their service had switched off. VMware also took the opportunity to unveil a range of new products. CEO Pat Gelsinger gave the main keynote of day two, and like Tucci, unveiled some of his company’s new offerings, and focused on the importance of a software-defined approach. Gelsinger first announced the vSphere 5.5 virtualisation platform, which combines x86 servers, storage arrays including EMC’s VNX, XIO and VMAX, and cloud storage. “Software-defined

architecture allows for automated operations— unlike a hardware-defined one—and helps IT move at the speed of the business,” Gelsinger said. “Our vSphere knows the needs of apps in real time, and offers a global view of underlying infrastructure.” SAP HANA will be on the new vSphere. Also unveiled was the VMware NSX – the company’s network virtualisation platform. “There are three main reasons to virtualise your network,” Gelsinger said. “The first is speed. Virtualised networks allow for on-demand apps and services. Secondly you have economic reasons. It allows for opex efficiency and capex cost savings. Thirdly you have greater security, as you can re-architect data centre security.” Gelsinger went on to describe how VMware’s new vCloud Hybrid Service, in conjunction with EMC’s on-premises storage, allowed “IT to control the lever between onpremises and off-premises.” When quizzed over the potential hurdle of regional cloud regulations Goulden told CNME, “One of the biggest challenges of mega clouds will be guaranteeing the data stays inside, and doesn’t leave the Middle East region,” he said. “There won’t be three or four mega clouds that dominate the entire world, but there will be region and industry-specific clouds; it will be a fragmented market. We’re currently

“One of the biggest challenges of mega clouds will be guaranteeing the data stays inside, and doesn’t leave the Middle East region. There won’t be three or four mega clouds that dominate the entire world, but there will be region and industry-specific clouds.”

www.cnmeonline.com

working with a number of franchise markets, and a number of countries that want to set up country or industry-specific clouds. Country and industry specifications mean it won’t be a one size fits all approach—there will be tens of thousands of private and hybrid clouds.” In the same vein, Gelsinger was keen to stress how cloud users should not be too bothered as to a cloud’s location, “Cloud currently tends to focus on the ‘where’ question, but we’re trying to focus on the ‘how’ and ‘what’ questions,” he said. “With the kind of software that EMC federation is bringing, it can focus on the ‘how’ and ‘what’. This will enable customers to operate in a cloud-like way, where they can keep their data wherever; on premise if need be. Having said that, I think cloud location will be a main anxiety in the IT industry for the next decade.” EMC also announced that it has agreed to acquire DSSD Inc., the developer of a new rackscale flash storage architecture for I/O-intensive in-memory databases and Big Data workloads like SAP HANA and Hadoop. Andreas Bechtolsheim, technology veteran and co-founder of Sun Microsystems, is a backer of DSSD, and said, “The prospects of what EMC and DSSD can achieve together are truly remarkable. We ventured out to create a new storage tier for transactional and Big Data applications that have the highest performance I/O requirements. Working together with EMC, DSSD will deliver a new type of storage system with game-changing latency, IOPS and bandwidth characteristics while offering the operational efficiency of shared storage.” Credit should be given to EMC, their vision of software-defined storage, in conjunction with VMware’s virtualised network offerings seem promising. Software-defined architecture, and business, awaits.

JUNE 2014

Computer News Middle East

11


IN DEPTH Big Data Symposium

Paving the path to Big Data CNME organised the second edition of its Big Data Symposium in Dubai last month, defining what you need to know to underscore the success of this exciting new technology in regional enterprises.

B

ig Data is forecast by analysts to drive a major chunk of IT spending in 2014. However, its deployment requires painstaking planning and clear strategies to be successful. When referring to Big Data, vendors lack consistent definition and the Symposium brought together thought-leaders to demystify what the terminology actually means and provide insights on the rights tools and strategy to realise the full potential of the technology. The event was flagged off by Jitendra Kapoor, Senior Manager- Digital Services

at Etisalat, who set the stage by turning the spotlight on the vast economic impact Big Data and associated technologies have on many industries. “Data is exploding. However, 85 percent of that is new data types from new sources. This means that conventional methods of process aren’t enough to leverage the vast amount of information that has been collected. There is an urgent need for an enterprise data hub, especially in larger organisations, which collates, using Big Data technologies, information from various sources to derive business value.”

12

www.cnmeonline.com

Computer News Middle East

JUNE 2014

As Middle Eastern enterprises are gradually beginning to understand how important Big Data is for responding to customer expectations, Basil Ayass, Marketing Director of Dell Middle East, took the veneer of technical wizardry off the terminology by defining what Big Data conceptually is in very simple terms. “As the characteristics of data have changed and outpaced technology, technology has risen to the challenge. Three Vs define Big Data – volume, velocity and variety. Think of Big Data only when you have multiple data sources that need to be integrated and develop a strategy that applies appropriate technologies for each phase of the lifecycle of the data,” said Ayass. The business case for moving to Big Data decision making was illustrated by Ali Radhi, Head of IT, MBC Group, who


gave the attendees an end-users perspective of the technology. “Extracting meaningful insights from astronomically large data sets has improved remarkably, thanks to software available to apply sophisticated techniques combined with growing computing horsepower. There are many definitions to the term Big Data. In our case, it refers to dataset whose size is beyond the ability of typical database software tools to capture, store, manage and analyse.”

While the buzz is all about Big Data and how best to use it to generate actionable insight, Mathias Kraemer, CTO, Jedox, spoke about how Big Data can be used for performance management and BI simulations. “The biggest pain in analysing data is slow query performance and unreliable software. To utilise data, one has to look at it from both sides of the coin. We are the pioneers of in-memory technology

www.cnmeonline.com

and have taken a unique approach to selfservice business intelligent and analytics by leveraging the power of in-power of graphics cards,” said Kraemer. The event, for the first time, also featured a session on open data, which can be a powerful tool to reshape how government and citizens interact with each other. Dr Usman Zafar, CEO, DUC Consulting, tackled this hot topic, detailing how open data can improve efficiency, bring savings and innovation, and provide wider economic benefits. Big Data has a significant impact on the bottom line of retailers all over the world and many are leveraging it to transform their processes. Kumar Prasoon, CIO, Al Safeer Group, made a presentation on leveraging Big Data with robotics and artificial intelligence in the retail landscape. “Big Data is a confluence of three trends comprising transaction data, interaction data and real time data processing. Robots in retail is the future, as they can generate detailed inventory and real time analysis.” Big Data adoption might be still at a nascent stage in the Middle East, but the second consecutive year of record attendance at the Symposium suggests that a majority of regional IT professionals are certain about their plans for Big Data – they are either embracing it or refusing it.

JUNE 2014

Computer News Middle East

13


IN DEPTH Banking Roundtable

Banking on IT During CNME’s annual Security Strategist conference a group of the region’s leading banking CIOs met to discuss the current state of banking security, and the future of the industry. In partnership with CNME, aeCERT hosted the event which explored threats specific to the banking industry.

P

articipants pointed out a number of areas in banking security that could be improved to tighten up current security practices in the region. “We need to see banks sharing information about attacks within the industry. Right now if one bank is attacked, it is bad business to let another bank know about a potential threat,” said Darwish Azad, Senior Manager, Group Information Security, Emirates NBD. Biju Nair, Head of Audit, Noor Bank, agreed and suggested that the government should play a role in sharing information between institutions. “I feel that regulator presence is lacking in the region,” he said, “There needs to be regulations to hold the banks accountable.” Speaking on the threats facing the banking sector specifically, Rinaldo Oliveira, Head of IT Risk and GRC, Commercial Bank of Dubai, mentioned targets both in the office and out. “There are specific threats that target users, our customers,” he said. “In addition, office computers are an obvious threat, but so too are computers that we take home. With more

people bringing devices and more employees taking laptops home to work, the threat level is heightened,” he said. Oliveira went on to say that banks need to focus on detection and prevention. Nair was quick to point out that a great deal of preventative measures are taken through providing awareness to users. “However, there is a difference between security awareness and security behaviour,” he said. “Behaviour is the important thing. We need to analyse whether or not users’ behaviours are changing, particularly with our employees.” Guidelines and regulations were on the minds of the CIOs in regard to implementing security in the region. “Many countries have guidelines. Not enforcement necessarily, but we need a guide to look to in the local context,” Oliveira said. “Perhaps we should have data privacy laws, but from which governing body would it come? I think the first step is guidelines, and enforcement and regulation is next.” Nair agreed that banks in the region are often left to their own devices, with no

14

www.cnmeonline.com

Computer News Middle East

JUNE 2014

regulatory review happening for banks. With banking being one of many industries jumping on the Bring Your Own Device bandwagon, the security situation in banks is becoming more complex. Ramwani described what he thought should happen with BYOD security as the trend moves forward, “There should be a policy coming from management,” he explained, “that is when all the technical solutions come into the picture. From the top to bottom there needs to be a policy on how it should be handled. This is where I think things are lacking.” Sameh Sabry, Regional Professional Services Manager, Spire Solutions, explained the confusion further, “First we need to define BYOD,” he said,” It means something different to every enterprise and the solution will be different depending on how your enterprise defines BYOD. What is your BYOD plan trying to accomplish and how do we contain all the security issues and mitigate attacks?” Finally, the group reflected on the importance of protecting users as well as protecting devices. “People still write their password on paper and stick it next to their PC,” said Ali Kilany, Senior Officer, IT Support, Dubai Islamic Bank. “No system, no matter how robust, can protect us from that sort of behaviour.” Truly the banking industry is one of the most sensitive areas when it comes to security. The way our money is handled is of utmost important, whether it be for an average citizen, a company or a government. As the security landscape changes, it is vital to prepare our regions banks for potential threats.


IN DEPTH Aviation Roundtable

Soaring threats In conjunction with Palo Alto Networks, CNME hosted an IT security roundtable for delegates from the aviation and logistics industries at the Habtoor Grand Hotel as part of its Security Strategist Conference in April, where IT leaders discussed the security issues their industry is facing.

W

ith over 60 million passengers passing through Dubai International Airport last year, the vast increase in the number of customers brings additional IT security risks. The culture of BYOD – and general user ignorance – pose great problems for IT decision makers, and these were topics that featured at the top of the agenda at the roundtable. Saeed Agha represented Palo Alto at the roundtable and put security at the top of the priority list for decision makers as well. “Both safety and security are paramount for businesses in the transportation sector. They need to ensure the continuity of service 24 hours 7 days 24 and 7 and the highest possible quality of service.” Arun Tewary, Vice President, Information Security and Chief Information Officer, Emirates Flight Catering, framed the issue of security as a global one, which required a drastic change of culture to improve measures, “IT security must be seen at a global, international level,” he said. “It is not merely an organisational issue. Until that is appreciated, threats cannot be

correctly tackled. IT security should become a social responsibility, so the approach towards it is no longer merely reactive. Strategic planning and punishment for security breaches have to be taken to higher level, and offences must be treated for what they are: a crime.” Vaibhav U. Bhatt, Infrastructure Service Manager, DHL Express, discussed how the UAE’s increasing prosperity has placed an additional burden on airline IT departments, “With Dubai now one of the busiest airports in the world, the increasing amount of passengers puts additional pressure on the aviation industry’s IT departments in terms of security,” he said. “Furthermore, with Expo 2020 on the horizon, this will only further increase. Security awareness is paramount.” Tewary supported this view, “With Dubai gaining ever-increasing attention, I see an increasing threat profile in this region. Big events attract miscreants, and this causes huge problems for us as CIOs.” In the same vein, Satam acknowledged the region’s growth as having damaging side effects in the context of IT security, “Being an emerging

16

www.cnmeonline.com

Computer News Middle East

JUNE 2014

market undoubtedly puts additional strain on the region,” he said. “The growth of Emirates is linked to the growth of Dubai, and this has necessitated that we move into a proactive approach to security.” Ahmer Khan, Network and Security Engineer, GCAA, discussed how IT departments have a huge responsibility to educate others within an organisation, “Most organisations don’t practice threat prevention; business users don’t know what’s going on,” he said. “When dealing with critical data, everything depends on IT, and it is IT’s responsibility to inform others of best practices.” Agha agreed that the user needs to take responsibility for their company’s devices as well, but that ultimately the organization needs to ensure the devices security, “That’s why it’s necessary to check if devices are compliant with policy before allowing them access to corporate networks and resources. It’s also necessary to take further steps to protect other devices from becoming infected. Organizations also need to go one step further than just protecting the device, they also need to protect the data that the device can access, which brings yet another dimension to the security requirements.” The participants of the round table agreed that the aviation industry presents some unique challenges when it comes to IT security, and that those challenges will only become more complex in the future. However, the outlooks isn’t so grim. With solid security measures in place and IT departments that keep a keen eye out, the aviation industry is sure to have a pleasant journey.


Simple. Adaptable. Manageable. quick uides for Solution g ! eployment and easy d

Simple: We are committed to making our solutions the easiest to install, configure, and integrate into either existing IT systems or data centers — or new build-outs. We ship our solution as “ready to install� as possible (e.g., tool-less rack PDU installation and standard cable management features). With our easyto-configure infrastructure,you can focus on more pressing IT concerns such as network threats.

ns Configuratio ace! sp for any IT Adaptable: Our solutions can be adapted to fit any IT configuration at any time — from small IT to data centers! Vendor-neutral enclosures, for example, come in different depths, heights, and widths so you can deploy your IT in whatever space you have available — from small IT or non-dedicated spaces to even large data centers.

r manage you d n a r o it n Mo ere! rom anywh f s e c a sp IT

Manageable: Local and remote management are simplified with “out-of-the-box� UPS outlet control, integrated monitoring of the local environment, and energy usage reporting. Manageability over the network and robust reporting capabilities help you prevent IT problems and quickly resolve them when they do occur — from anywhere! What’s more, our life cycle services ensure optimal operations.

Easy-to-deploy IT physical infrastructure Solution guides make it easy to determine what you need to solve today’s challenges. The core of our system, vendor-neutral enclosures and rack PDUs, makes deployment incredibly headache-free. Easily adjustable components, integrated baying brackets, pre-installed leveling feet, and cable management accessories with tool-less mounting facilitate simple and fast installation.

Integrated InfraStruxure™ solutions include everything for your IT physical infrastructure deployment: backup power and power distribution, cooling, enclosures, and management software. Adaptable solutions scale from the smallest IT spaces up to multi-megawatt data centers.

Business-wise, Future-driven.™

Download our Top 3 Solutions Guide for FREE and enter to WIN a Samsung Galaxy Note™ 3! Visit: www.apc.com/promo Key Code: 45610p Š2014 Schneider Electric. All Rights Reserved. Schneider Electric, APC, InfraStruxure, and Business-wise, Future-driven are trademarks owned by Schneider Electric Industries SAS PSJUTBGGJMJBUFEDPNQBOJFT"MMPUIFSUSBEFNBSLTBSFUIFQSPQFSUZPGUIFJSSFTQFDUJWFPXOFSTXXXTDIOFJEFSFMFDUSJDDPNt@.&@$@/PUF


SHORT TAKES Month in view

HP TO SLASH 16,000 MORE JOBS DESPITE PC GROWTH

APPLE ACQUIRES BEATS IN $3 BILLION DEAL The deal will bring Apple the Beats headphones business along with Beats Music, a subscription service that launched in January and has garnered good reviews. Beats co-founders Jimmy Iovine and Dr. Dre will join Apple as part of the deal. Apple expects to close the purchase in the fourth quarter. Beats may be best known for its headphones and other audio gear, but the company’s streaming service is probably Apple’s main reason for the acquisition, the biggest in its history. Apple’s iTunes service still dominates the music downloads business, but downloads have been going out of style with the growing popularity of streaming services such as Spotify and Pandora. Revenue from music downloads declined by 1 percent last year, to $2.8 billion, while revenue from paid subscription services increased 57 percent to $628 million, according to recent figures from the recording industry. Iovine, who founded Interscope Records before starting Beats with Dr. Dre in 2006, claimed he had “always known in my heart that Beats belonged with Apple.”

WHAT’S HOT?

Hewlett-Packard reported increased profits as its PC business turned in a strong quarter, but the company will slash thousands more jobs to reduce costs. HP has already cut 34,000 jobs as part of a plan announced two years ago to boost profits. It will now cut an additional 11,00016,000 jobs to make its workforce “more competitive,” it said. By October, when the cuts have taken effect, HP will have cut as many as 50,000 jobs

FIREEYE: SUSPECTED IRANIAN HACKERS TARGETED US DEFENCE INDUSTRY A suspected Iran-based hacking group known for defacing websites has targeted U.S. defence contractors and Iranian dissidents, according to a new report from security company FireEye. The group, which calls itself the Ajax Security Team, stopped defacing websites around December, but a network of computers it uses to steal data has shown continued activity distributing malware aimed at higher-

GARTNER: MENA PUBLIC CLOUD SERVICES TO GROW 23 PERCENT IN 2014

The public cloud services market in the Middle East and North Africa region (MENA) is on pace to grow 23 percent in 2014 to total $629 million, up from $511 million in 2013, according to the latest outlook by Gartner, while Software as a service (SaaS) is expected to grow 26.3 percent in 2014 to $123 million.

18

Computer News Middle East

since the restructuring began in 2012, or about 15 percent of its workforce. The cuts will affect almost all business units and geographies, and are expected to yield HP an additional $1 billion in savings. It announced the cuts along with its earnings report for the quarter ended 30th April. HP’s profit for the period was $1.27 billion, up 18 percent from a year earlier, on revenue of $27.3 billion, which was down 1 percent.

JUNE 2014

www.cnmeonline.com

value targets, FireEye said. The security company recovered information on 77 people targeted by the group by analysing a command-and-control server used to store stolen data. Most of the victims had their computers set to Persian and to Iran’s time zone. FireEye said it also uncovered evidence the group targeted U.S. defence contractors.

CIO BUDGETS UP AS CEO FOCUS SHIFTS FROM COST SAVING CIOs have reported the highest level of budget growth since 2006 as CEOs have shifted their focus away from cost saving to using technology to improve the effectiveness of operations, according to the 2014 Harvey Nash CIO Survey. Cost saving had been the leading CEO priority between 2009 and 2013, but this has now turned to operational efficiencies with 63 percent of CEOs now preferring money-making projects.


GOOGLE PLANS $30 BILLION IN INTERNATIONAL ACQUISITIONS In 2012, Google generated about half its revenue in non-U.S. markets. It said it will continue to use a substantial part of the profit from that business to acquire non-U.S. companies. The alternative, repatriating those earnings to the U.S., could expose it to a significant tax bill. Google spent about $1.4 billion on more than 20 strategic deals in 2013, including the

Google plans to spend $20-30 billion of its of its accumulated international profits to fund potential acquisitions of non-U.S. companies and technology rights. The company disclosed its plans to the U.S. Securities and Exchange Commission (SEC) last year, in a document that was published Tuesday. The SEC had asked Google to describe its plans for reinvesting its undistributed earnings in greater detail.

$1 billion acquisition of Waze, a navigation app developer, in June last year. Google continued its non-U.S. acquisition spree this year. In January it acquired the Londonbased artificial intelligence company DeepMind Technologies for a reported $400 million. In February it acquired ad fraud detection technology specialist Spider.io. And earlier this month, Google bought U.K. retail start-up Rangespan.

CHINA ACCUSES CISCO OF SUPPORTING US CYBERWAR EFFORTS China’s state-controlled press is accusing Cisco of helping the U.S. government in cyber espionage. The criticisms come a week after the U.S. indicted five Chinese military personnel for allegedly hacking into several U.S. companies for trade secrets. The government report, authored by China’s Internet Media Research Center, largely cited leaks from former U.S. National Security Agency contractor Edward Snowden, as well as articles written by foreign press groups. But it added that China had carried out its own investigation over several months and confirmed the spying activities. Cisco sent a letter earlier this month to U.S. President Barack Obama, asking that he work to restore trust in U.S. technology sales. This came after reports that the National Security Agency intercepted telecommunication equipment from Cisco and others to plant surveillance tools inside.

LENOVO UNVEILS THINKPAD 10 TABLET

Based on Intel’s quad-core Atom Z3795 processor, the ThinkPad 10 will ship with the 64-bit versions of Windows 8.1 and Windows 8.1 Pro, which could render it more attractive to the enterprise looking to standardise on 64-bit apps and images. The tablet will ship in models with either 2 or 4GB of memory and either 64 or 128GB of

storage. I/O ports are par for the course: Micro HDMI, one USB 2.0, and a MicroSD card slot for additional storage. But the ThinkPad 10 also has a port that allows you to connect it to a desktop docking station that will convert the tablet into a small all-in-one PC when you add a mouse and keyboard.

APPLE AND SAMSUNG FAIL TO SETTLE PATENT DISPUTE IN CALIFORNIA Apple and Samsung told a court in California that they had failed to reach a settlement in their patent dispute, suggesting that a deal akin to that between Google and Apple may not be on the cards anytime soon.

PC SALE LEADS SONY TO $1.25 BILLION LOSS Sony’s move to abandon PCs has contributed to a massive net loss of $1.25 billion for the year to 31st March, and it has forecast a loss of $491 billion for the coming 12 months. A year earlier, Sony made a profit of around $400 million. Its latest plunge into the red is slightly less deep than it forecast two weeks ago.

In a joint filing late Monday, the two companies blamed each other for the failure of the talks initiated on 5th May. Apple and Google, whose Android operating system is used in most Samsung

devices, last week said that they had agreed to drop all current patent infringement lawsuits between them. The agreement between the two companies did not, however, include crosslicensing of each other’s patents.

IDC CUTS 2014 IT SPENDING FORECAST

WHAT’S NOT?

A slowdown in the growth rate for tablet and mobile phone sales are putting a damper on global IT spending, according to IDC. Worldwide IT spending will increase 4.1 percent in constant currency this year, to $3.7 trillion, IDC said. That’s down from last year’s 4.5 percent growth and from IDC’s prior forecast of 4.6 percent growth.

www.cnmeonline.com

JUNE 2014

Computer News Middle East

19


Find us online

www.cnmeonline.com

Analysis: Rethinking security for the new world

‘Keep calm and save the world’

Features: Framing the future

Staying current in the cloud

www.cnmeonline.com

Blogs:

Insight:

CNME Tweets: follow us at Twitter.com/computernewsme

Smart devices experience Younes Abad, Director, MBB Performance, Ericsson Middle East

Big Data analytics: the future of IT security?

ComputerNewsME Ali Radhi, Head of IT, MBC on stage explaining how to commercialise big data opportunities #CNME #bigdata

ComputerNewsME “What is Big Data? 1. Volume, 2. Velocity, 3. Variety: This Size, the growth and the Unstructured” #BigData #CNME

Microsoft Mobile: Restored glory?

Ericsson: TV market worth $750 billion in 2020

ComputerNewsME Big data is a growth opportunity, says Jitendra Kapoor, Sr Manager at Etisalat Digital Services #cnme #bigdata

ComputerNewsME CNME Big Data Symposium takes place tomorrow at Habtoor Grand #BigData2014

20

Computer News Middle East

JUNE 2014

www.cnmeonline.com


Pr

VALUE Division


IN DEPTH Kaspersky

Keep calm and save the world From April 20th through 24th, experts from Kaspersky Lab met with leading media in the region at the Kaspersky Lab Security Analyst Summit for the Middle East, Turkey and Africa held in Budapest, Hungary.

S

ecurity experts discussed global and regional cyber threats, corporate security issues and solutions to emerging threat. The company also presented its new virtualisation and fraud prevention solutions among other technologies. Kespersky’s goal is simple. “We are here to save the world,” was a phrase uttered countless times by all Kespersky experts at the Summit. As one of the fastest growing IT security companies in the world, Kespersky may be on its way to actually saving the world—or at least the world’s computers. The Summit gave the press unprecedented access to top-level security experts from Kaspersky. In addition, the Summit was attended by leading experts from other research outfits, including Necati Ersen Siseci Unit Head of the Cyber Analysis Team at the Scientific and Technological Research Council of Turkey Cyber Security Institute; Paolo Borghesi, Lead of Information Technology Risks Services, Deloitte & Touche in Qatar; Boldizsar Bencsath, Assistant Professor, Laboratory of Cryptography and Systems Security, Budapest University of Technology and Economics. Presentations were given in lay terms with real world examples, and the floor was

consistently open for questions and discussion. Sergey Novikov, Deputy Director, Global Research & Analysis Team, Kaspersky Lab kicked off the presentations with a regional cyber threats overview. “The threat landscape is changing,” said Novikov, “in 2006 there was one new virus discovered every minute. In 2012 we were looking at one new virus per second. Today, Kespersky Lab is currently processing 315, 000 new malicious files every day.” Stefan Tenase, Senior Security Researcher, Global Research & Analysis Team, Eastern Europe, Middle East and Africa, Kaspersky Lab presented an analysis of the world of cyberwarfare and advanced persistent threats. Hackers and so-called “hacktivists” are using cyber criminality to prop up and bring down governments and political movements. Any conference on cyber security would be remiss to exclude a discussion of e-commerce and financial security. Vladimir Zapolyansky, Head of Technology Positioning Department, Kespersky Labs showcased vulnerabilities of modern electronic payment systems and e-commerce sites. Real-life cases were given while Zapolyansky explained how the recently-

22

www.cnmeonline.com

Computer News Middle East

JUNE 2014

unveiled Kaspersky Fraud Prevention platform helps combat cyber-attacks targeted at financial service providers and users. As the conference continued, a plenary discussion dedicated to global and regional corporate cyber security threats focused on the foremost fears of today’s CIOs. Topics included Distributed Denials of Service, securing data storages, personal devices and clouds used by employees, the BYOD trend, employee attitudes toward security policies and the need of government regulations of standards and business. Of course, Kespersky experts did illustrate a number of examples of cyber threats that could have been avoided using security tools. Zapolyansky highlighted a number of new tools recently added to the security firm’s portfolio including Light Agent solution for Microsoft Hyper-V. This technology along with Endpoint Security for Business and Kaspersky Fraud Prevention is set to form a comprehensive platform of enterprise solutions with the goal of creating safer cyber environments. To bring the idea of the state of cyber threats literally to a street level, the team at Kespersky sent the participants of the summit on an elaborate cyber security themed scavenger hunt across Budapest. The goal of the exercise was to let the media know what kind of cyber threats exist, and what can be done to protect sensitive data and information. Indeed the event overall illustrated the enormity of the task that is protecting the world’s cyber environments. Kespersky Lab says it is out to “save the world,” and they may not be far from the truth. Kespersky Lab is at least making headway in protecting our data and information for potential threats, local and global.


ADVERTORIAL

3M Gulf Recognised as Strategic Alliance Partner by Dubai Health Authority In recognition of its outstanding copper and fiber cabling solutions, 3M Electronics, Electrical and Communications Unit, a part of 3M Gulf has been recognized by the Dubai Health Authority (DHA) as its Strategic Alliance Partner. 3M Gulf and DHA partnership span over a number of years. Today, 3M solutions are being installed in four main hospitals affiliated to DHA including Dubai Hospital, Rashid Hospital, Hatta Hospital and Latifa Hospital, in addition to 9 specialty centres, 20 primary healthcare clinics, and online services provided by DHA to a vast community of public and private health professionals and investors. Their first cooperation was the installation of a full 3M copper and fiber structured cabling system covered by a 25-year warranty at the Diabetes Centre in Dubai. Commenting on 3M’s recognition, Arafat Yousef, General Manager of the Electronics and Energy Group at 3M Gulf said: “As a global technology leader in the field of telecommunications, we are privileged to partner with the Dubai Health Authority in order to share our knowledge and global expertise to help them incorporate these in their industry practices. Many organisations are looking at upgrading their existing local area network cabling systems to a level and standard that they will benefit from for many years to come, and we at 3M are working closely with our partners that have the experience and expertise to bring these organisations innovative solutions.” 3M is one of the world’s leading providers of cabling solutions, with experience spanning over 40 years of network design and product innovation. 3M’s global market expertise is underpinned by local teams in over 80 countries, dedicated to supporting partners and customers every step of the way, from pre-sales to on-site support and beyond. 3M offers its cost-effective, quality network solutions for end users in Government, Health Care, Entertainment, Telecom, Finance, Sports, Hotels, Utilities, Industrial and Residential areas that need to implement structured cabling systems for Local Area Networks.

About 3M 3M captures the spark of new ideas and transforms them into thousands of ingenious products. Our culture of creative collaboration inspires a never-ending stream of powerful technologies that make life better. 3M is the innovation company that never stops inventing. With $30 billion in sales, 3M employs about 88,000 people worldwide and has operations in more than 70 countries. For more information on solutions, visit www.3Mgulf.com/telecom or follow @3MNews on Twitter.


HIGHLIGHTS OF THE TECH ARMS RACE

FACEBOOK VS. GOOGLE

GOOGLE AND FACEBOOK ARE AT WAR. SPENDING BILLIONS ON APPS AND SPECIALISTS

9 August 2009

13 May 2010

20 March 2011

Name FRIENDFEED Price

Name FRIENDSTER (patents) Price

Name SNAPTU Price

CLASSIFIED $50M $40,000,000 CLASSIFIED $60-70M Estimated

Estimated

Capabilities News Feed

Capabilities Facebook’s legal arsenal

Capabilities Facebook mobile service

News classified tech strengthened Facebook’s News Feed for battle againts Google’s domination of the ‘real-time web’

Facebook expanded its IP-hinterland in Southeast Asia

Snaptu helped Facebook tear down that wall between desktop and mobile services.

2009

2010

2011

9 November 2009

1 July 2010

1 5 August 2011

Name ADMOB Price

Name SLIDE Price

Name MOTOROLA MOBILITY Price

Capabilities Mobile Ads

Capabilities Social gaming apps

Capabilities Android, Google TV

AdMob’s interactive ad units and expandable rich media added Goggle extra clout in the mobile ad arms race

Google marshalled new talent to the front of social gaming

Another manufacturing bolsters Googles arsenal of tablets and mobiles.

$750,000,000 $182,000,000 $12,500,000,000


THE ZUCKERBERG DOCTRINE

THE PAGE-BRIN DOCTRINE

“Give people the power to share and connect”

“Do no harm, and make information both accessible and useful”

(...and sell lots of ads)

$147bn

(...and sell lots of ads)

market cap

46

Companies acquired by Facebook

$147bn

market cap

146

Companies acquired by Google

10 April 2012

12 October 2013

19 FEBRUARY 2014

Name INSTAGRAM Price

Name ONAVO Price

Name WHATSAPP Price

$1,000,00,000

CLASSIFIED $150-200M $19,000,00,000

Capabilities Picture management

Capabilities Mobile apps

Capabilities Cheap, efficient online messaging

17 filters, 5 milliom shots a day; a fearsome weapon of mass distraction

Smart analytics for the mobile front - and Facebook’s first Israeli office establishes a Middle Eastern stronghold.

450 million messengers (+1 million each month) in emerging markets - Facebook now controls new hotline.

Estimated

2012

2013

2014

31 July 2012

3 October 2012

26 January 2014

Name WILDFIRE INTERACTIVE Price

Name FLUTTER Price

Name DEEP MIND TECHN. Price

Capabilities Google+, DoubleClick, AdX/Admeld

Capabilities Android, Google X

Capabilities Google X, AI

Googlers could now command apps with gestures if the Man opted to build them into its gadgets.

Widened Google’s influence upon Ai, deep learning, and mind mapping.

$400,000,000

Social apps, contests, ad feeding to the biggest social networks including Facebook(!) A great chance to infiltrate and cash in on ads run by the enemy.

CLASSIFIED

$500,000,000

Source: imgur.com


CIO SPOTLIGHT Abdulsalam Al Bastaki

HOT PROPERTY Abdulsalam Al Bastaki knows exactly what he wants from his employees. An eight year stint in the USA has enabled the Senior Executive Director of Information Management at Dubai Properties Group to teach them how to operate independently, and has helped him to implement new IT infrastructure at a range of top companies. 26

Computer News Middle East

JUNE 2014

www.cnmeonline.com


A

sign in Al Bastaki’s office reads “Great leaders don’t produce followers, they produce leaders.” He is a strong believer in empowering his colleagues to become independent decision makers, who can complete tasks without his constant assistance. “When an employee comes to me and asks ‘what should I do?’ I tell them to go away and research the question at hand, and then to return to me with a plan of what they think they should be doing,” he says. “I then advise them whether or not they’re on the right track. In this day and age, people have no excuse for a lack of knowledge, we have the Internet!” Born and raised in Dubai, Al Bastaki achieved his high school diploma at the Jumeirah American School, and began working as a Systems Analyst for energy firm ConocoPhillips in 1982. He says his initial interest in IT began in his first five years of working with geologists at the company, as he was required to produce computer drawings and structure maps on “old” computers. “My old boss, Dean Patton, was very supportive of me, and pushed me to go the US to study IT,” he says. “I got an approval from the company to continue working for them whilst studying in Ohio, and off I went.” Al Bastaki found the initial transition to Columbus State Community College an easy one, as he had friends in America. It was to be the beginning of an eight year university career which saw him complete a Computer Programming degree there, before undertaking Computer Science degrees at Ohio State and then Franklin universities. He would return to the UAE during summers, where he continued his work as a Systems Analyst on home soil. To this day he believes American universities set the pace for academic institutions around the world. “You have to give huge credit to the American education system,” he says. “They share everything they learn; everything is published in academic journals and online. They are leaders in this respect.” He graduated from Franklin in 1995, and returned to Dubai, where he was promoted to the role of Senior Systems

“People in Dubai are more interested in execution than project planning, and as such a lot of ‘trial and error’ takes place. I struggle to teach people to sit back and think about the process and who or what will be affected before they go charging into something.”

“You have to give huge credit to the American education system. They share everything they learn; everything is published in academic journals and online. They are leaders in this respect.” Analyst. He found the initial homecoming tough, but quickly adjusted to his former culture. The experience of working of working stateside left a lasting impression on Al Bastaki. He was struck by impeccable levels of organisation, clarity, and transparency in project management, “I gained a huge amount of knowledge from my professional experience in the States,” he says. “Everything there is built as a system. All the steps in each process are clear; planning in the project is prioritised, as is teamwork.” Al Bastaki is quick to describe these procedures as “far better” than those in the UAE, and that American companies and employees serve as a fine example that should be copied in the Gulf. “There is a commitment and pride that you see in Americans’ work that is unlike what you see here,” he says. “They are extremely dedicated, and are not as bothered about recognition or financial bonuses. They are constantly out to prove themselves even if there may be no direct incentive involved.” The lessons he has learned impact his management style to this day. “It has certainly made me better at spotting flaws in a project,” he says, “People in Dubai are more interested in execution than planning, and as such a lot of ‘trial and error’ takes place. I struggle to teach people to sit back and think about the process and who or what will be affected before they go charging into something.” Al Bastaki takes huge pride in ensuring his employees know “how to think, and not what to think.” In 1996, Al Bastaki was part of the IT team at ConocoPhillips that achieved unprecedented recognition for the region, by completing an 11-month implementation of SAP—the fastest in the world at that time. “I’m very proud to have been part of that team,” he says. “Our project team leader, Derrick Hall, was a fantastic team leader and someone who hugely influenced me.” In February 1999 he became Head of IT Security and Services at aluminium firm Dubal, where he was enlisted to lead a major overhaul of the company’s IT infrastructure. “Although Dubal was ahead of a lot of other companies, there was still a need to revamp the infrastructure,” he says. “The hardware, network, storage systems and security all needed redoing, but the main challenge was the IT department’s revolving door; there was a continuing change of personnel, which made life difficult.” This process of changing the infrastructure was completed within two

www.cnmeonline.com

JUNE 2014

Computer News Middle East

27


CIO SPOTLIGHT Abdulsalam Al Bastaki

TIMELINE DOB

“There is a commitment and pride that you see in Americans’ work that is unlike what you see here. They are extremely dedicated, and are not as bothered about recognition or financial bonuses. They are constantly out to prove themselves even if there may be no direct incentive involved.”  years. Al Bastaki chose to implement Oracle ERP, and he also caught the attention of sister company EMAL, and was enlisted to help design a new infrastructure for the last six months of his Dubal tenure. In 2007 he left Dubal to become Vice President of IT at Dubai Silicon Oasis, where he was also made Managing Director of Dubai Circuit Design, and Vice President of Technology Investment for DSO during his tenure. Like Dubal, DSO was in need of an infrastructure revamp, and given that it was in the process of disengaging from DAFZA (Dubai Airport Free Zone Authority), Al Bastaki faced a familiar yet high-powered challenge. He was tasked with building IT services for the new location, and for new companies moving into the new free zone. “My initial work largely consisted of getting things ready for the new companies who were coming in,” he says. “I was helping them look at how they could establish a business without investing in IT applications and hardware, and providing ERP cloud services.” Unfortunately, Al Bastaki left in the pilot testing phase of the project, for what he describes as a “fantastic opportunity”—the role of Senior Executive Director of Information Management at Dubai Properties Group. “Put simply, it brought an interesting challenge,” Al Bastaki says. “Most of the company’s IT services were outsourced when I joined, which was about a year ago.” As has been seemingly customary in his career, Al Bastaki has had the opportunity to build “security, the network, ERP, CRM and the infrastructure” from scratch at the company. As well as transitioning all of his applications to the cloud, he aims to complete an e-services platform for DPG similar to the Dubai government’s M-Gov initiative by the end of 2014. Tennis lover Al Bastaki names Nelson Mandela as his inspiration. “For me, he is a genius,” he says. “He managed to unite a country that had been torn apart for years. Somehow, he persuaded people to accept the idea of living with each other, and we need more people like that in the world.”

28

Computer News Middle East

JUNE 2014

www.cnmeonline.com

Born in Dubai

1982

Finished high school and began working for energy firm ConocoPhillips

1987 Began eight year university career at Columbus State Community College in USA

1995

Returns to UAE after graduating from Franklin University

1996

Part of team to achieve world’s fastest SAP implementation

1999

Becomes Head of IT Security and Services at Dubal

2007

Takes Vice President of IT role at Dubai Silicon Oasis

2013

Joins Dubai Properties Group as Senior Executive Director of Information Management


BUSINESS PERFORMANCE DEPENDS ON APPLICATION PERFORMANCE With Riverbed, you can ensure your applications perform as expected, data is always available when needed, and performance issues are diagnosed and cured before end users even notice. Riverbed eliminates the performance constraints holding back modern IT architectures.

www.riverbed.com


ON LOCATION EGA

30

Computer News Middle East

JUNE 2014

www.cnmeonline.com


POWER OF TWO When Dubai Aluminium and Emirates Aluminium began preparing to be integrated into Emirates Global Aluminium in 2013, the companies’ IT departments had to merge their operations. Ahmad Almulla, Senior Vice President, Information Technology, EGA, oversaw the integration of the function, which has now left the company’s IT in a tidy state.

W

hen it was announced in June last year that the UAE’s two primary aluminium producers would be integrated into EGA, Ahmad Almulla was determined that merging the companies’ IT departments would be “seamless”. DUBAL and EMAL’s combined aluminium production is set to reach 2.4 million tons by mid-2014, and currently accounts for 50 per cent of the annual primary aluminium production in the GCC. That figure is also the stake DUBAL had owned in EMAL before the merger, which Almulla says facilitated the integration as similar cultures existed within the companies. “We looked at the whole integration as a question of change management,” Al Mulla says. “This project was always one of shortterm goals; we wanted the organisation to settle down first. Now that this is happening, we can start to think about the long-term.” The integration placed pressure on EGA’s IT team, as the need for information was expected to be met with key business

“The companies had different processes, and the difficulty was managing the workflow. HR, finance, IT and the supply chain all had to become one, and as such authority became an issue— not in a personal sense, but in terms of what we were able to approve and when.”

announcements. Launched in September 2013, all critical elements of the project were completed by 1st December, with all remaining day one projects—systems, processes and infrastructure—finalised by 1st February, in advance of EGA’s official incorporation in April 2014. The key projects included establishing a technical infrastructure to support the integration of DUBAL’s Jebel Ali site, and EMAL’s Al Taweelah site, and provisioning access to key EGA systems. Almulla says that, although there were innate similarities between the companies, integrating their systems was challenging nonetheless. “The companies had different processes, and the difficulty was managing the workflow,” he says. “HR, finance, IT and the supply chain all had to become one, and as such authority became an issue— not in a personal sense, but in terms of what we were able to approve and when. Branding was also important, as we had to catalyse the introduction of a new brand whilst preserving the existing one.” Almulla oversaw the establishment of a 100 mbps multi-protocol label switching line between the Jebel Ali and Al Taweelah sites, and was tasked with ensuring the network was securely connected. Once the communication was established—including wireless access— active directory trust was established between the two domains so that both domain users could access each other’s resources with proper authentication. Quest email collaboration synchronisation software was used for synchronising the email global address list and for calendar synchronisation. Using the same communication line, Cisco Telephony Call manager was used to install telephone extensions from the Al Taweelah site to Jebel Ali. EGA also implemented policies to access multiple applications access based on their authentication and authorisation. Cross site systems access was one of the key requirements of the EGA Management to ensure that system access was provided to both

www.cnmeonline.com

JUNE 2014

Computer News Middle East

31


ON LOCATION EGA

the sites. A project team was formed and the cross-site access was coordinated centrally by the DUBAL IT team along with integration management officers, who facilitated the approval process followed by the audit review. Bulk access templates were filled by executives of both the sites, along with the integration team to speed up the access provisioning process and ensure that necessary access was provided to both the site employees to perform EGA operations on day one, including leave approvals and other SAP-related tasks. All existing DUBAL and EMAL system workflows where updated to align with the new EGA delegation of authority. This included purchase order approvals, creation & amendment of stock items, and payment approvals. To deal with problems that arose throughout the integration planning process, a ‘war room’ was set up, and its members were responsible for incident resolution. Manned by 19 staff members, the centre received 193 calls in the month following the EGA’s official. Almulla is grateful for the support his team received from executives at both DUBAL and EMAL, citing this as a key factor in the project’s success. “The understanding of the board members was a big help to us,” he says. “They were demanding in terms of business metrics, but always realised that success was not going to arrive overnight. They always acknowledged our input, and were receptive in terms of the business-IT alignment goals we wanted to achieve.” Although the merged IT function was delivered on schedule with relative ease, Almulla underlines a variety of challenges his team faced in the five-month period. “The huge number of business requirements and diverse priorities meant the project was always going to be a challenge,” he says. “The need to mobilise in-house and external resources rapidly was always pressing, and shifting deadlines meant the team was kept on its toes.” At the time of the

“Regardless of how alike two companies may seem, all companies are different and sufficient attention should be paid to differences in culture, management styles, procedures and policies. Integrating businesses is a complex programme. Teams need to deal with uncertainty, and you need a flexible working model to accommodate changes.” 32

Computer News Middle East

JUNE 2014

www.cnmeonline.com

“We feel it’s important that we don’t define our strategy under pressure. So while things continue to settle within the integrated business, we’re drawing up plans. We will revisit our plans every six months, but for now things have gone smoothly.” June merger announcement, DUBAL had been in a “steady state of operations” for more than 30 years, while EMAL was a relatively new company, formed in 2006. As with any corporate merger, cultural and logistical issues created obstacles. “Managing delivery across multiple sites with different corporate cultures was an issue,” he says. “Systems were unified with a new delegation of authority. Managing vendors and suppliers of both smelters was key, as we had to ensure there was no disruption from them in the EGA framework.” Almulla regards the experience as a learning curve, saying that it has given him a sharper ability to scrutinise any potential future merger projects. “Regardless of how alike two companies may seem, all companies are different and sufficient attention should be paid to differences in culture, management styles, procedures and policies,” he says. “Integrating businesses is a complex programme. Teams need to deal with uncertainty, and you need a flexible working model to accommodate changes. Integration deals with handling information which may be confidential in nature. One has to be aware of what needs to be communicated, when, and to whom.” In terms of tangible ROI, Almulla says that the decision to use in-house resources proved hugely beneficial, as did the use of the DUBAL template approach and existing applications. As well as delivering all of the IT department’s integration-related projects on or before the delivery date, he is proud of a clean security and efficiency record while the project was in progress. There were no information security incidents throughout, there was zero unplanned downtime, and there was no disruption to core operational and business activities. The network availability between the Jebel Ali and Al Taweela sites was 99.57 per cent in January, and 99.69 per cent in February. Looking ahead, Almulla says EGA will formulate a longterm plan—between five and ten years – which will redefine the company’s IT infrastructure. “We are currently undertaking a roadmap exercise for every business unit,” he says. “We feel it’s important that we don’t define our strategy under pressure. So while things continue to settle within the integrated business, we’re drawing up plans. We will revisit our plans every six months, but for now things have gone smoothly.”


PowerEdge VRTX vs.

complicated. Up until now, that is. With the newly engineered Dell PowerEdge VRTX solution, you get an IT platform that’s equipped to grow with your company. The right-sized platform integrates servers, storage, networking and management into one easy-to-use system that won’t stretch your budget. Ŕ

Reclaim up to 75% more space than legacy solutions with the power of four tower servers in footprint that’s just a quarter of the size. your solution with just 4 cables instead of 28.

Ŕ

don’t You have to install special cooling systems or rewire any single, standard outlet and you’re up and running.

Ŕ

up Save $172,000 over 5 years.*

Visit Dell.com/ae/business/p/poweredge-vrtx/pd

Dell is located at One Dell Way, Round Rock, Texas 78682. *Results based on testing by Principled Technologies in June 2013, comparing the total cost of ownership and return on investment of a PowerEdge VRTX with 4 M-series server manufacturing variability. Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products.


CASE STUDY SEC

Powering up Th Saudi The S di power utility tilit company uses end-user d IT analytics l ti to t transform t f user experience and gain real-time visibility into the IT environment.

34

Computer News Middle East

JUNE 2014

www.cnmeonline.com


ADVANCED TARGETED ATTACKS. WE GET THEM BEFORE THEY GET YOU.

There is a new threat landscape. You may think your existing security defenses prevent the next generation of threats from entering your network and stealing your data. They don’t. Attacks such as spear

help you close the hole in your network.


CASE STUDY SEC

S

audi Electricity Company (SEC) provides generation, transmission and distribution of safe and reliable electric services to government, industrial, agricultural, business and residential sectors in the Kingdom of Saudi Arabia. SEC ranks as one of the largest organisations in the region and plays a key role with 46 power generation plants, 660 transmission substations and over 150 customer service offices, serving over 6.7 million customers across the Kingdom. SEC has a service-driven IT organisation with a fantastic IT vision. With the goal of being more customer-focused and service-oriented, SEC recognises IT is at the heart of the business and delivering excellent service to end-users is a top priority. Departing from the norm, IT is not seen as a cost centre, but as a strategic partner inside the company, focused on increasing productivity and efficiency to support the growth of the business. Within SEC, the IT team’s role is not only to equip end-users with the right IT tools and services, but also to put in place the right KPIs to be able to accurately measure the quality of service delivered to end-users. On top of the massive scale of operations, the IT team faces increased scrutiny over cyber security, following attacks on other high profile industries in the Middle East, and has to prepare for the splitting up of the company into different organisations, as mandated by regulators. “With almost 18,000 desktops serving 36,322 employees located all over the Kingdom, SEC’s IT infrastructure and endpoints are critical to the success of its business and its ability to deliver innovative and quality services to end-users and customers,” says Yahya Ibrahim Abdulrahman, CIO and Executive Director at SEC.

"With almost 18,000 desktops serving "36,322 employees located all over the kingdom, SEC's IT infrastructure and enpoints are critical to the success of its business."

36

Computer News Middle East

JUNE 2014

www.cnmeonline.com

SEC’s IT team was faced with the challenge of supporting the large number of end-users in disparate locations throughout the Kingdom. SEC had invested in various IT tools, but not one of them could provide global visibility in real-time on its entire IT environment. SEC was looking for a solution to improve IT operations and enhance performance across every aspect of the business. SEC needed to be able to collect accurate data and analytics on how its IT infrastructure was operating, without the costly and time consuming process of having to go on-site and manually check each location, in order to better understand how IT services were being consumed from the end-user perspective. SEC zeroed in on an end-user IT analytics solution from Nexthink to complement its configuration management, problem management, incident management, and its ITIL vision. Previously, SEC had no access to real-time information and historical data from the end-user perspective, and when troubleshooting the IT team were relying on inaccurate information and the subjective opinion of the end-users. The solution was first rolled out as a pilot project for 2,500 end-users, and then was extended to all of the desktops. The objective was to enable the IT team to be more proactive in supporting end-users and resolving issues before they impact more people. Nexthink enables SEC to improve efficiency in solving issues and accurately measure the quality of service delivered to end-users. In addition, the solution enables the utility company’s IT team to collect, analyse, correlate and compare all applications, end-user and endpoint activities over the entire IT infrastructure to provide optimal and reliable feedback to the business. The end-user IT analytics helps SEC implement its IT vision, through utilising and leveraging its existing technology investments, and ensuring that every endpoint device meets strict compliance standards with the latest software versions, IT updates and patches. Besides, it also improves SEC’s productivity, providing better support and enabling a more proactive IT approach and as a result, significantly contributes to cost savings. “The real-time analytics solution helps us to improve our IT operations and incident management, providing a continual comparison between the actual usage and optimal configuration of our 18,000 endpoints,” says Abdulrahman. “This enables our IT team to deliver a fantastic quality of service. IT analytics help us to easily measure and analyse data, generate dashboards and reports for our management and audit teams. We can make informed business decisions based on accurate information and deliver better services not only to our end-users, but our customers as well.”


FEATURE

Cloud management

MANAGING THE CLOUD As storage and computing power move from traditional bare-metal solutions, the next step is to ďŹ nd managing software that maintains the resource conservation, cost savings and agility that is the very draw of cloud computing. CNME investigates the beneďŹ ts of opensource cloud management and what to look out for when choosing a management solution.

oving power into the cloud would be all for naught if the cost of managing data outweighed the cost-savings provided by cloud solutions. Open-source management software is designed to deploy and manage large networks of virtual machines as a highly available, highly scalable Infrastructure as a Services cloud computing platform. The debate between the benefits of open-source management tools versus their proprietary counterparts had been widely debated for many years. The points on either side remained largely static until the advent of the cloud landscape. However, now that the question has been shot into the clouds, the debate has drastically changed. As cloud solutions tend to be both more agile and more adaptive, it seems clear that an open source management tool would be the solution for cloud management. As our concept and use of the cloud

M

38

Computer News Middle East

JUNE 2014

www.cnmeonline.com


SOLUTIONS WORLD

www.cnmeonline.com

JUNE 2014

Computer News Middle East

39


FEATURE

Cloud management

evolves, and open source management tool— developed on a continuous basis—can keep up with changes over time. “The pressure on IT today is to deliver more serves to its internal and external customers whiles optimising resources and cutting costs,” says Faycal Saile, General Manager, Middle East African and Turkey, Red Hat. The industry is moving more and more towards cloud based deployments. As of today, many popular worldwide applications are served over cloudbased infrastructures. This trend is increasing with a dependency on the selection of a vendor with specific hypervisor, cloud execution environment and the orchestrator suite with open initiatives like Linux, Android and OpenStack. It is key, therefore, for CIOs to choose wisely when it comes to management solutions for their cloud computing infrastructures. Open-source solutions of all kind bring with them the freedom of flexibility. “Open environments means more flexibility for the vendor as well as for its customers. A development community continuously enriches the features and capabilities to support both vendors and customers,” Murat Sahinoglu, Head of EP COS, Ericsson Regional Middle East. In addition to it’s adaptability, open source solutions to cloud management tend to relieve in house IT departments from having to manage a suite of vendor specific software. “Any cloud solution, once deployed, is likely to be placed in

Any cloud solution, once deployed, is likely to be placed in the hands of an ‘Operations and Management’ team who may not themselves be cloud professionals. Open-source becomes even more valuable here as it reduces the level of skill that such a cross discipline solution would normally require to support effectively.” Glen Ogden, Regional Sales Director, Middle East, A10 Networks

40

Computer News Middle East

JUNE 2014

www.cnmeonline.com

The pressure on IT today is to deliver more services to its internal and external customers whiles optimising resources and cutting costs.” Faycal Saile, General Manager, Middle East African and Turkey, Red Hat

the hands of an ‘Operations and Management’ team who may not themselves be cloud professionals. Open-source becomes even more valuable here as it reduces the level of skill that such a cross discipline solution would normally require to support effectively,” Glen Ogden, Regional Sales Director, Middle East, A10 Networks. In addition, open-source management solutions allow systems to be updated quickly and continuously through the adoption of subscription models. Buying into a subscription model gives customers regular access to all supported versions of management software in both binary and source form, including security updates and patches. “Life cycle management of the enabling platform is a key,” explains Sahinoglu, “For that reason, packaging and distribution is a good way to assure the support and life cycle management of an opensource system. Although this approach will create some additional maintenance costs and will limit the total flexibility, it will enable the organization to benefit from both aspects; using open systems and guaranteeing the support and LCM of the platform.” Sahinoglu. Buying into an open-source solution essentially gives the customer access to a community of ever evolving developers, rather than tying the business down with one vendor or utilizing limited, in-house resources. “Open-source has the benefit of being worked on by a much larger group talented individuals that one single company can usually possess,” explains Ogden, “On top of this, employees within a company deploying a cloud solution based on open-source can be part of the open source community delivering the tool, making it much easier for organizations to have influence on features in comparison to the traditional vendor model.”


9-11 JUNE 2014 DUBAI WORLD TRADE CENTRE

JOIN US @ GISEC 2014 We are at SM-B25

PROPELLING IT SECURITY INTO A BUSINESS ARENA Technology Partners Gold Partners

Deliver On

Silver Partners


FEATURE

Cloud management

The price for the open access to a community of developers, is that responsibility for the open source coding can be a grey area. Open-source isn’t owned and therefore, when things go wrong or support issues arise CIOs are left that the mercy of the community to fix them. A recent example of this is the Heartbleed vulnerability that was discovered in the popular Open SSL code. The bug affected countless companies and there was no individual or firm to be blamed. As such, there was no right to compensation and no guarantee on service levels as to when a patch would be developed. Still, in theory, open source model allows for higher quality, more secure and more integrated software. Access to an entire community of developers has proved to be a solution that meets the rate of innovation needed in today’s world of cloud management. A single vendor company would be hard-pressed to develop a cloud management solution that is heterogeneous and meets the pace of cloud innovation while keeping costs low. Though the initial start-up costs of implementing an open source cloud management solution may be lower than the overall costs of its traditional counterpart, there are still some “soft” costs that CIOs need to keep in mind when determining which solution is best for an organization or enterprise. “Some of the costs that CIOs need to be aware of stem from their own IT

“Some of the costs that CIOs need to be aware of stem from their own IT departments. Skills may not be present in their own staff so training or ousourcing may be required.”

42

Computer News Middle East

JUNE 2014

www.cnmeonline.com

Open environments means more flexibility for the vendor as well as for its customers. A development community continuously enriches the features and capabilities to support both vendors and customers.” Murat Sahinoglu, Head of EP COS, Ericsson Regional Middle East

departments. Skills may not be present in their own staff so training or outsourcing may be required. The open source software code needs maintenance, updates and support,” explains Saile. In addition to costs, CIOs need to identify which core components and applications in their infrastructure can be managed by the open source cloud management solution, then ensure that they create a software development lifecycle methodology for the specific cloud management software. The solution itself should not be disruptive to existing processes, policies and procedures. Additionally, the solution should offer the ability to scale out and the flexibility to adapt to new infrastructure components and applications. Saile adds that CIOs need to consider how the software will be managed and updated before selecting a management solution, “Many factors that need to be considered in selecting any open source management solution, such as the community that is ultimately driving the development of the solution and how the upstream contributions are ultimately released in a packaged product ready for an enterprise wide deployment as one specific user case.” Open source systems might have had some maturity issues at the beginning, but today they have proved that they are mature enough. For example OpenStack was started with 2010, but evolved very quickly. Today, CERN OpenStack Cloud has been in production since July 2013, now has around 40,000 cores and produces around 35PB of data size yearly.


SURVEY Secunia and EMT are conducting a market intelligence initiative to identify key requirements within the customer IT security infrastructure. Secunia is recognised industry-wide as a pioneer and global player within the IT security ecosystem, in the niche of Vulnerability Management. Our award-winning portfolio equips corporate and private customers worldwide with Vulnerability Intelligence, Vulnerability Assessment, and automated Patch Management tools to manage and control vulnerabilities across their networks and endpoints. A track record of excellence makes Secunia a preferred supplier and trusted advisor for enterprises, such as Fortune 500 and Global 2000 businesses, and government agencies worldwide.

Intro questions: 1.

Is your patch management process manual or automated? Manual

2.

Are you patching for 3rd party applications (i.e. non Microsoft)? Yes

3.

Name: Designation: Organisation: Industry Sector Business email: Business phone: Mobile phone:

City: Country:

Evaluator

Influencer

No influence

3-6 Months

+ 6 Months

Have you budgeted for a patch management solution in the next 12 months? Planned

PO Box:

Other

In what timeframe do you plan to evaluate, replace or upgrade your existing security solutions? 0-3 Months

6.

WSUS

What is your role in the selection of security solutions for your organisation? Decision Maker

5.

No

Do you use SCCM or WSUS? SCCM

4.

Automated

Approved

Pending

No Budget


FEATURE

Capacity planning

UP TO CAPACITY As companies adopt technologies such as cloud and virtualisation, the practice of planning for network capacity to meet the bandwidth and application performance needs must also change. Network capacity planning and management has long been considered the black magic of the IT industry. How does one predict the future? How can you prepare for the additional demand for resources while avoiding over-provisioning? n simple terms, capacity planning means thinking about how the network will be affected by technological and business changes, and outfitting it with the system power and bandwidth needed to adequately run new applications before they are deployed. Network managers will have to invest in tools that extract data and diagnose tends and use that information to make suggestions. Businesses should also plan to hire capacity planning and performance experts. But most of all, capacity planning mandates a change in attitude from reactive to proactive. Historically, network architects would simply add more bandwidth to networks to improve performance when their businesses added more users and services. But the art of capacity planning isn’t as simple as ‘more is better.’ “The model of “just throw more bandwidth at it” simply doesn’t work anymore. Bandwidth is important, but it is not enough. Quality of service (QoS) is more important

I

44

Computer News Middle East

JUNE 2014

www.cnmeonline.com


STRATEGIC INNOVATION PARTNER

NETWORK WORLD LEADER IN SECURITY & APPLICATION DELIVERY

8 years of successful Middle East Distribution Authorised training centre Professional Services www.exclusive-networks.ae f5@secureway.ae

P O W E R E D B Y S E C U R E WAY


For deeper network security and control

look beyond the obvious.

Dell™ SonicWALL™ next-gen firewalls provide a deeper level of network security and application control without slowing down performance. Not all next-generation firewalls are the same. To start, Dell SonicWALL next-generation firewalls scan every byte of every packet while maintaining the high performance and low latency that busy networks require. Additionally, Dell SonicWALL network security goes deeper than other firewalls by providing high-performance SSL decryption and inspection, an intrusion prevention system that features sophisticated anti-evasion technology, context-aware application control and network-based malware protection that leverages the power of the cloud. Now your organization can block sophisticated new threats that emerge on a daily basis and stay productive. Go deeper at: sonicwall.com/deep

Copyright 2014 Dell Inc. All rights reserved. Dell SonicWALL is a trademark of Dell Inc. and all other Dell SonicWALL product and service names and slogans are trademarks of Dell Inc.


FEATURE

Capacity planning

than bandwidth if, for example, a big file transfer is taking all the available bandwidth, your video communication won’t be able to run. That is why application fluency and automatic QoS configuration is needed to intelligently transport your applications across the network,” says Ahmed Yousef, Network Sales Development, Alcatel-Lucent Enterprise. Saleem AlBalooshi - Executive Vice President - Network Development & Operations in du, echoes a similar opinion: “Unlike the old legacy model of simply increasing the network pipe, the modern capacity planning has to be adaptive and capable of delivering the capacity in the most cost effective way. The tools used should include a robust traffic forecast, a clear and solid plan to cater for all the future special events that need to be served and an accurate tool to measure the usage.” There are many capacity planning tools on the market that collect network, system and application performance data - in real time or over long periods, or both. Some software lets companies create model networks and simulate traffic to predict their bandwidth needs for future users and applications. The modeling tools let companies pose "what if?" scenarios to calculate how the network would behave in certain situations. What exactly does network capacity planning require? Can the current tools in the solve many of the problems faced by network managers? “Building a business case for increasing capacity requires that capacity planning teams have accurate and up-to-date information about core network traffic volumes, traffic types, peering and transit traffic, as well as traffic sources and destinations,” says Jim Curran, VP Enterprise Sales, Middle East and Africa, Commscope. There are numerous industry

reports and customer stories discussing the challenges organizations encounter with regards to planning, managing and meeting future requirements for their data center. For managers, keeping track of thousands of assets and understanding how best to use them has quickly extended beyond what manual processes can support, he adds. Nader Baghdadi, Middle East Regional Director, Ruckus Wireless, says network capacity planning enables organizations to forecast their network’s ability to sustain growth or increased application demands, and ensures that their network is designed and configured to support performance targets. “There are special solutions nowadays which are solely dedicated to network planning for enterprises. Such solutions involve a number of steps to determine the status and needs of the network: collecting data from prior performance, analyzing and evaluating optimal network design, reporting findings and producing recommendations.” However, the current approach to network planning and commissioning, as well as service creation and provisioning is obsolete because of the sizeable, continual shifts in traffic demands, according to Omar Alsaied, Middle East Carriers Sales Director, Ciena. “In addition to scaling an order of magnitude every few years, the network needs to become dynamically programmable. It is no longer sufficient for NOC personnel to do manual point-and-click provisioning through a highly customized, operator-specific manager. That does not scale, nor does it support the notion of a platform infrastructure whereby the network joins cloudbased compute and storage as a virtual pool of resources to be automatically allocated to meet the needs of NFV and an application-centric, on-

LEADER IN UTM

8 years of successful Middle East Distribution Authorised training centre Professional Services www.exclusive-networks.ae fortinet@secureway.ae

P O W E R E D B Y S E C U R E WAY


Dell recommends Windows.

Ready for the day your customer has to push out a new update. To 1,024 users. All logging in remotely.

Introducing the world’s most manageable systems,* secured by Dell Data Protection. For days like these. The new Dell Latitude and OptiPlex systems, available with up to Intel® Core™ i7 vPro™ processor and Dell remote BIOS management, providing seamless remote access to your customer’s employees’ PCs, no matter where they are. In addition, it enables out-ofband management so your customer can remotely erase a hard drive if a laptop is lost or stolen. And optional Dell Data Protection|Encryption protects data from the device to the cloud, and ensures only the right people have access to the laptop’s most sensitive data. Manageability and security concerns are solved. Talk about a win-win situation.

Manageable. Secure. Reliable.

Contact your Authorized Dell Distributor for further details Mindware – dell@mindware.ae or call us on +9714 450 0600

Most manageable claim applies to thefollowingproducts:OptiPlex 9020, OptiPlex 9020 AiO and Latitude E6540. Dell OptiPlex and Latitude systems are trademarks of Dell Inc. Ultrabook, Celeron, Celeron Inside, Core Inside, Intel, Intel Logo, Intel Atom, Intel Atom Inside, Intel Core, Intel Inside, Intel Inside Logo, Intel vPro, Itanium, Itanium Inside, Pentium, Pentium Inside, vPro Inside, Xeon, Xeon Phi and Xeon Inside are trademarks of Intel Corporation in the U.S. and/or other countries. ©2013 Dell Inc. All rights reserved.


FEATURE

Capacity planning

demand world,” he adds. Better network capacity planning begins with the right underlying architecture. It requires a linear “scale as you grow” design model that can easily adapt to increased usage demands, without the usual “rip and replace” solutions. “The next requirement is implementation of readily available “active-active” protocols versus traditional errorprone and mission-impacting “activestandby” protocols such as Spanning Tree. Ultimately, at the application layer of the network, deep packet inspection (DPI) capability is desired to optimize flows at a more granular level. For example, instead of an Enterprise completely blocking access to Facebook, they could allow access to Facebook (for legitimate social media marketing use) but block gaming applications within Facebook,” says Yousef. Curran adds that network capacity planning is all about balancing the need to meet user performance expectations against the realities of capital budgeting. Without intelligence, the network handles traffic on a first-come, first-served basis, regardless of the type of traffic or how critical it is to your business. All the traffic is treated equally and there’s no guarantee any one application will get the bandwidth it needs. Even if you add more bandwidth to the network, voice-overIP (VoIP) calls can still drop, video streams can still hang, and data can slow to a crawl. “When you prioritize traffic, you’re giving the network instructions on how to best handle the traffic flowing through your switch, both within your local network and to the Internet.” Now with contracting IT budgets, the days of overprovisions have ended, and network managers to have rely on the right tools to

uncover underutilized resources and avoid purchasing more hardware. “Network capacity planning can be easily achieved today by using the right solutions. Important factors to consider when evaluating the networking needs of your organization include: identifying business priorities and systems, assessing growth rates and historical usage and determining the best solutions that will ensure a fast, reliable and affordable connection,” says Ruckus. However, one needs to keep in mind that there are no tools currently available that completely address capacity planning needs. Network architects need to know in real time how to plan for capacity in the networks. “Historically, IT departments have overprovisioned IT infrastructure because systems had to be big enough to handle peak demand. That has changed with the growing popularity of cloud computing, however. Today, an administrator can plan around the organization's average needs and simply add cloud services to accommodate occasional usage spikes,” says Commscope. In the coming years, the flexibility and cost alternatives provided by new technologies such as virtualization, internal and external cloud computing, and different types of cloud-based solutions will offer IT infrastructure professionals a choice of platforms for running an application or business service. This changes the scope of capacity planning and consequently the process of planning capacities. Capacity planning is no longer just a process aimed at forecasting hardware needs; it's the key to understanding and optimizing the cost of running business services through platform selection. It can also help you to stretch your existing assets and make most of what you already have.

DNS – DHCP IPAM – NETWORK SECURITY & AUTOMATION IPV6

Your Value Added Distributor Authorised training centre Professional Services www.exclusive-networks.ae infoblox@secureway.ae

P O W E R E D B Y S E C U R E WAY


FEATURE

EAI

THINKING OUTSIDE THE BOX An enterprise application integration offers several rewards eliminating the cost of application development and improving user experience to name just two. But with the integration comes an array of complications that can require centralised policies. CNME takes a look at the rewards and boons of EAIs. raditionally, the driver for Enterprise Application Integration projects has been the necessity to get applications and systems within the enterprise to synchronise data and information with each other efficiently. A prime concern of this is standardisation of the platform and the quality of service it renders. With the role of integration platforms expanding, it has become an integral part of the enterprise architecture. The emergence of initiatives in social media, mobile, analytics and cloud - all of which involve distributed data sources—means that key

T

50

Computer News Middle East

JUNE 2014

www.cnmeonline.com


INTEGRATION ADVISOR

ADVANCED PERSISTENT THREAT (APT) ATTACK & ZERO DAY PROTECTION

Your Value Added Distributor www.exclusive-networks.ae oUHH\H#VHFXUHZD\DH

P O W E R E D B Y S E C U R E WAY


FEATURE

EIA

concerns now revolve around the extensibility and interoperability of the integration platform. “EAI is all about getting disparate islands of systems to work together using middleware for connectivity and data integration purposes,” says Megha Kumar, Research Manager, Software, IDC MEA. “There is a lot of work around understanding the business process and metrics across each department. EAI projects require extremely specialised skills, and in a market that is heavily challenged around skills, this is difficult. Information accountability and standardisation are also needed, as is a centralised person who understands the overall business, who is able to streamline it.” EAI projects offer promise on several levels, namely the ability to make real time decisions based on market shifts, and tackle reputation management issues and supply chain disruptions – all from a single interface. This agility also allows for swift prediction and reporting of exceptional cases. In addition, application and support teams could be merged, which could reduce operational expenses. Business processes could be smoothed, by combining the information and functionality of several applications into a single interface. Faisal Husain, Founder and CEO, Synechron, sees the benefit of having free-flowing information across internal and external systems. “Enterprise applications enable the flow of information between separate software programs within a company, as well as from outside the company’s own computer systems,” he says. “This can consolidate data collection efforts, eliminating the redundancies of having each application collect and store data for its own purposes.” The adoption of an ESB (Enterprise Service Bus) approach could allow for better standardisation and security, and could bring a more scalable system. This in turn could lead to a more service-oriented architecture, which allows for improved scalability and interoperability of systems with less of a risk of compromising on performance. However, Glen Ogden, Regional Sales Director, Middle East, A10 Networks, is conscious of accountability issues that could arise if problems occur, “If I have a problem with one part of an application that affects the other application, will the other vendor support me or will I be bounced back and forth between vendors with not one 52

Computer News Middle East

JUNE 2014

www.cnmeonline.com

Enterprise applications enable the flow of information between separate software programs within a company, as well as from outside the company’s own computer systems. This can consolidate data collection efforts, eliminating the redundancies of having each application collect and store data for its own purposes.” Faisal Husain, Founder and CEO, Synechron

person taking responsibility?” he says. “What new hardware components will I require to deliver this? Will an Application Delivery Controller (ADC) be required? Unfortunately, there are so many questions a CIO needs to ask, it can be a daunting prospect.” Mobile and Software-as-a-Service applications can present challenges around integration, as it is a given that data needs to run seamlessly between a cloud and on-premise system, and security must be maintained. In addition, scalability requirements will have an impact, so the challenge is to integrate through a flexible and secure integration model. It may be beneficial for SIs to standardise on tools, rather than fitting tools around standards. Ogden is mindful of challenging processes that come with SaaS application integration, “It may be necessary for the internal team to skill themselves up on the API framework or work with a Software Development Kit that accompanies the SAAS,” he says. “With personal computer or laptop testing this can be scripted making the process quick and easy to repeat many times; however with handsets, this can be a painstaking process with engineers forced to go through all permutations of an application on multiple handsets until they are comfortable of the end user experience.” Husain is wary of the specifications that


FEATURE

EAI

If I have a problem with one part of an application that affects the other application, will the other vendor support me or will I be bounced back and forth between vendors with not one person taking responsibility?” Glen Ogden, Regional Sales Director, Middle East, A10 Networks

SaaS brings with it “You still need to connect the software to your other existing applications,” he says. “As a result when businesses share data with a SaaS provider, they’re interacting with the application and not a data warehouse. With the implementation of Saas and mobile, your internal standards will have to be standardised according to what the external software provides.” As with any project, an EAI one requires prior planning in terms of security issues. Security challenges multiply when two applications are merged or integrated, and often cause long term problems. Critical sources including customer, product and financial data can all be accessed during the integration, and so SIs face a challenge in identifying the level of access that target applications need from master source systems, and the subset of information that is applicable for each system or application to be able to read or modify. Debashis Chatterjee, President, Technology Solutions, Cognizant, values the importance of regular security monitoring and centralised actions, “With many businesses taking to the cloud on their own, centralising security policies for such initiatives and ensuring implementation by the system integrator/SaaS provider becomes very important,” he says. “In classic B2B transactions such as EDI and managed file transfer, enterprises need to be constantly monitored to ensure that communications with trading partners are conducted securely and are not subject to breaches. An increased use of mobile, cloud solutions and API-based integration to SAAS platforms 54

Computer News Middle East

JUNE 2014

www.cnmeonline.com

poses new challenges for managing and securing these services, while still meeting delivery SLAs, performance, scalability, and so on. Complex and wide-ranging services that include cloud or SaaS platforms and external partner services require securing and efficiently managing such critical services and often, addressing compliance and risk requirements as well. In this context, CIOs need to ensure that applications are available on cloud and that all transactions are conducted securely. Enterprises should not be exposed to attacks such as DOS (denial of service), which could pull down the business.” Individual applications may be subject to security issues - however the key problem is what new security issues are being introduced when they are brought together. These are called emergent properties because in isolation they don’t exist, only when the two combine do they present themselves. Unfortunately, these issues can be difficult to see and may only become noticeable over time or when a security breach occurs. With any integration comes the hurdle of justifying investment at board level, which can leave CIOs hamstrung. CIOs and Systems Integrators should be keen to mention that an EAI can eliminate the cost of application development, and that OPEX can be reduced in the long term, and can improve user experience, which in itself will lead to greater demand and higher revenues. Chatterjee is all too aware of the role of EAI projects play in terms of business-IT alignment, “While traditionally these investments were thought to be a cost centre, CIOs are today linking the cost of investment to revenue increases, decrease in lead time on various business processes, elimination of waste and lost revenues,” he says. Husain realises the importance of cloud in terms of EAI, “Cloud computing solutions are being adopted at an accelerating rate, meaning that your organisation will be forced to cope with ever-increasing integration complexity,” he says. “One needs to work with more applications than ever before, and many of these solutions will be delivered as the SaaS model.” Streamlining a business and pursuing a serviceoriented architecture could be beneficial, especially in terms of cost. Investments in SOA or ESB can facilitate some data migrations which can be consumed by other applications.


FEATURE

Big Data

THE BIG DEAL Big Data is a big deal. Governments and enterprises are beginning to utilise the data created by daily transactions and M2M communications to make a business decisions, engage with citizens and customise end user experiences. However, Big Data can only be useful if projects are planned and implemented correctly.

56

Computer News Middle East

JUNE 2014

www.cnmeonline.com


STRATEGIC TECHNOLOGY PARTNER

STORAGE ADVISOR

ften a nebulous definition, generally speaking Big Data refers to amounts of data created that are too large to be captured by traditional methods of storage and analysis. As we create more data, we are referring to these large datasets in terms of YattaBytes and in the future we are going to be looking at numbers like BrontoBytes. The IT world is now awash with a vast amount of data coming from mobile devices, social media and the Internet of Things. It is clear that there is value in all of that data, the problem now is how can businesses make the data speak in a way that it shares its inherent usefulness. In terms of adoption throughout industries, banking and manufacturing are leading the pack in the implementation of Big Data projects. Both sectors tend to create a great deal of potential useful information, and they stand to benefit greatly from analysing that data. “Manufacturers are monitoring minute vibration data from their equipment, which changes slightly as it wear down, to predict the optimal time to replace and maintain,” Allen Mitchell, Senior Technical Account Manager, MENA, CommVault Systems, gives a real world example of how Big Data analysis projects can benefit businesses, “Replacing equipment too soon wastes money; replacing it too late triggers an expensive work stoppage.” Big Data projects that strive to analyse social media data are also extremely common these days. Such projects help organisations and business gain deeper insight into customer data. With a clearer understanding of the

O

www.cnmeonline.com

JUNE 2014

Computer News Middle East

57


FEATURE

Big Data

social interactions of their customers, businesses can tailor customer experiences and interact more effectively. “Our most successful clients around the world have tackled challenges across understanding customer behaviour and personalised engagement, finance, risk and operations—deploying leading edge thinking, all supported by the foundation from IT that provides agility and cost-effective scale,” says Mahmoud Al Kordy, Big Data and Alalytics Leader, IBM MEA. The Middle East is a rapidly growing market segment for Big Data storage. Educational, healthcare, banking and hospitality sectors are all moving into a phase of data capturing and storage in the region. All of this data in turn needs to be analysed and interpreted. This is where Big Data projects come into play. Common projects include parallel processing/ grid computing, cloud computing and Hadoop based projects among many others. Essentially, the goals of each type of project are similar—to collect and analyse data that has been created by customer transactions. Large datasets require complex storage systems and reliable software to process vast amounts of information efficiently. To ensure that Big Data projects are successful, experts agree on at least one point—CIOs need to determine what information is important to their businesses. Every organisation has different needs when it comes to data, and simply mining Big Data with no measurable end goals can lead to wasted resources and money. “Businesses need to

Our most successful clients around the world have tackled challenges across understanding customer behaviour and personalised engagement, finance, risk and operations – deploying leading edge thinking, all supported by the foundation from IT that provides agility and cost-effective scale.” Mahmoud Al Kordy, Big Data and Alalytics Leader, IBM MEA

58

Computer News Middle East

JUNE 2014

Manufacturers are monitoring minute vibration data from their equipment, which changes slightly as it wear down, to predict the optimal time to replace and maintain." Allen Mitchell, Senior Technical Account Manager, MENA, CommVault Systems

understand what is the end-goal of the analysis,” says Megha Kumar, Research Manager – Software, IDC MEA. In addition to clear end-goals and KPIs, businesses need to ensure that proper data governance is in place. The cleaner the data is to begin with, the more useful the analytics will be. “If an organisation cannot pinpoint the value of its analytics strategies, it wont be motivated to invest in them, or to develop and act on insights,” explains Al Kordy, “Moreover, it could be investing in strategies that only deliver low-value returns and missing opportunities to improve future outcomes.” Also, IT departments looking to implement a Big Data project need to consider potential security threats. “Within today’s Big Data context,” says Sudheer Subramanian, Senior IT Solutions Manager, Huawei Enterprise Middle East, “Organisations must consider security across the collection analysis and storage of sensitive information. Security threats have always existed in the digital realm as the sensitivity of a company’s information must be properly evaluated and protected.” It is also important that the business environment is conducive to analytical projects as well. This means not simply a culture that infuses analytics everywhere, but also C-level executives willing to invest and support the projects in the long term. “There are hundreds of things that you need to check off to make any project successful,” says Carel Badenhorst, Head Technology Practice, Middle East and Africa, Turkey, SAS, “From my experience there is one single point of failure. Executive buy-in for thinking analytically and supporting the implementation of proper analytics life cycle

www.cnmeonline.com


FEATURE

50

Big Data

Petabytes it would take to store the written works of human history

60

decision process has to exist from the beginning and be maintained for the duration of the life cycle.” Big Data projects can certainly work to drive business and streamline productivity. However, if implemented incorrectly, there are a number of pitfalls that enterprises can easily stumble upon. Organisations need to be clear on their goals and determine what kind of information they want to gather from mining their data. So too they must be willing to invest and carry out the project throughout the life cycle. “Capitalising on Big Data will require changes in the way organisations view the role of data within the enterprise,” says Allen Mitchell, Senior Technical Account Manager, MENA, CommVault Systems, “IT organisations must accommodate storing and working with Big Data, and make available analysis tools that are easy to work with and integrated into business processes.” With proper planning, a Big Data analysis can mean big benefits for businesses. “The companies that succeed in turning Big Data into actionable information will have a clear competitive advantage over companies that are aware of it but don’t know what to do about it,” says Mitchell. Businesses that leverage their valuable information are able to engage with customers and create a customised customer experience. Beyond the customer, however, organisations that implement successful Big Data analysis projects are able to gain valuable knowledge regarding the successes and pitfalls of their own

Computer News Middle East

JUNE 2014

www.cnmeonline.com

Security threats have always existed in the digital realm as the sensitivity of a company’s information must be properly evaluated and protected.” Sudheer Subramanian, Senior IT Solutions Manager, Huawei Enterprise Middle East

business processes. Big Data can reveal where businesses are thriving, and where their policies or processes need to be revised. From business to government, to the benefit of customers or to investigate the bottom line of an organisation, analysing Big Data is key for understanding the information individuals and businesses create. To implement a proper analysis of an organisation’s Big Data, plans must be put in place, goals must be set and everyone involved needs to be on board. If a Big Data project is successful, businesses stand to gain powerful insight into their processes and can use that information to take their organisation to the next level.


FEATURE

Mobile malware

MALICIOUS MOBILITY From paying bills on our smartphones to banking on our tablets, we are living more and more of our lives on our mobile devices. However, with all of this agility comes a measure of concern.

62

Computer News Middle East

JUNE 2014

www.cnmeonline.com


SECURITY ADVISOR

ackers are taking notice of our mobile transactions and creating virus and malware that target mobile users specifically. Let’s be honest, we aren’t going to give up on our on-the-go lives any time soon—so what is the best way to protect our data? The type of data stored on smartphones is becoming increasingly sensitive as we live more of our lives on our mobile devices. Arguably, most heavy smartphone users would be more horrified to lose their mobile device than even their wallet. “Users store all kinds of things on their devices,” says Ayman Mohammed, Practice Head of Security Systems, CNS, “Sensitive data, such as email, calendars, contact information and passwords are saved and stored on smartphones.” Of course, it is not smartphones alone that are made targets. Far beyond a collection of selfies and SMS conversations, this increased use of mobile devices for things such as financial transactions has opened up a whole new world for would-be hackers. “The growth in the use of mobile devices has created a new target for cyber-criminals to launch attacks that can result in financial loss, reputational damage and data breaches against both individuals and organisations,” explains

H

www.cnmeonline.com

JUNE 2014

Computer News Middle East

63


FEATURE

1800

Mobile malware

estimated number of new strains of mobile malware detected daily

Paul Wright, Manager of Professional Services and Investigation Team, Middle East, India and Africa, AccessData. To target these devices, criminals are relying not only on malicious coding, but on the behaviour of users as well. Megha Kumar, Research Manager – Software, IDC MEA, points out that in the Middle East, users are quite vulnerable to behavioural attacks, “In the region, social engineering attacks and spam are quite prominent.” Savvy cyber-criminals know that mobile security is, when compared to traditional PC security, only now being taken seriously by individual users. “One interesting thing I’ve noticed in recently months in the Middle East,” notes Nick Leighton, Middle East Public Relations, Palo Alto Networks, “is a shift in attitude toward mobile malware. Years ago, many people seemed to view mobile malware as a construct rather than a real world issue. While acknowledging that is was a concern, other priorities took precedence.” Today, however, individual users as well as organisations are stepping up their game when it comes to protecting their devices. There is no question that mobile malware is an issue, in the region and globally. The motivation of cyber-criminals is usually fairly obvious—financial gain. “In addition to photos and contact information, mobile devices are used for online banking, performing financial transaction and private and business voice calls,” echoes Ahmad Enaya, SE Manager, Middle East, Aruba Networks, “Typically this consumer grade equipment has no security turned on by default, and most users do not bother with

The growth in the use of mobile devices has created a new target for cyber-criminals to launch attacks that can result in financial loss, reputational damage and data breaches against both individuals and organisations.” Paul Wright, Manager of Professional Services and Investigation Team, Middle East, India and Africa, AccessData

64

Computer News Middle East

JUNE 2014

www.cnmeonline.com

Typically this consumer grade equipment has no security turned on by default, and most users do not bother with additional configuration steps to turn on even basic security.” Ahmad Enaya, SE Manager, Middle East, Aruba Networks

additional configuration steps to turn on even basic security.” This perfect storm of sensitive information and lack of security can lead to disaster. Indeed, when speaking on mobile malware, iPhone users may look at their device with a sense of security. Though instances of attack on Apple’s iOS are admittedly far fewer than its counterparts, iPhone users are should not assume they are safe. Apple keeps its users safe from malicious apps by heavily regulating what apps are made available. However, it is these very restrictions that often cause users to jailbreak their devices. “Apple has restrictions that push users to jailbreak their phones,” explains Cherif Slieman, General Manager, Middle East, Infoblox, “If you have not jailbroken your iPhone, removing all the restrictions implemented by Apple, you are very safe from malware. But these restrictions are one of the most frustrating issues for iPhone users and many are jailbreaking to enable them to add apps that Apple doesn’t allow.” In addition to these behavioural flaws that can compromise iOS, the platform itself has experienced more attacks than ever in the past few years. “According to Juniper Research, mobile malware grew by 155 percent across all platforms-Apple’s iOS, Research In Motion’s BlackBerry and Symbian,” warns Mohammad Ismail, Identity and Access Solution Manager, Middle East & Africa, Gemalto. Roman Unuchek, Senior Malware Analyst at Kaspersky Lab agrees with Ismail’s concern, pointing out attacks specific to the Apple OS in the recent past, “The myth about Mac OS security was demolished when in 2012 the quantity of created antivirus entries has grown by 30 percent in comparison with 2011, and


Connect to More...

Now 1900 Mbps

www.dlinkmea.com www.dlink-cloud.com

DIR-880L AC1900 DUAL BAND GIGABIT CLOUD ROUTER 11AC BEAMFORMING Access and view your network on-the-go via the mydlink website or mobile app

ADVANCED QOS ENGINE VPN SERVER / HARDWARE NAT

Stream media to your mobile devices using the SharePort™ Mobile app for iOS and Android

SHAREPORT / USB 3.0 4 x GIGABIT PORTS

www.dlinkmea.com

+971 4 880 9022

facebook.com/dlinkmea

info.me@dlinkmea.com

Online Technical Support

www.dlinkmea.com/techsupport


FEATURE

Mobile Malware

the notorious Flashback Trojan managed to create the biggest Mac OS botnet which consisted of 700,000 devices all over the world.” As Apple’s market share increases, their flaws in their OS are becoming targets, “An iOS 6 security flaw was also found, which could grant complete access to an iPhone or iPad running the iOS platform,” says Tony Zabaneh, Senior Sales Engineer, Trend Micro Middle East. Ray Kafity, Regional Sales director, Middle East, Turkey and Africa, FireEye, agrees, “FireEye mobile security researchers have found several severe security flaws in the iOS7 architecture which allows malicious app to monitor every screen tap and button press and other events in the background on non-jailbroken iOS7.” With no operating system safe, it is paramount that users and organisations do all they can to protect their mobile devices. Nicolai Solling, Director of Technology Services, Help AG, explains that the first step is to change user perceptions. “Any user needs to understand today that a smartphone is a computer and when the data on this computer is valuable the device becomes a target. The easiest point of entry is the user, so the user will be the target for social engineering attacks, where cyber criminals will exploit the user’s lack of security know-how.” Indeed, the first step in cyber-security—be it traditional PC security or mobile security—is education. Users need to learn to recognise phishing sites, the importance of keeping their software up to date, and how to avoid behaviours that will compromise their devices. Ismail asserts that a little common sense can go a long way to protect sensitive information, “Consumers can respect simple security rules when communicating important personal information using their mobile. They can also make sure that a reliable identification is taking place between them and the network, using strong authentication technology.” In addition, users should be sure that their devices are running the latest versions of their preferred OS. “For software security, it is important to make sure that the latest OS and patches for your operating system are installed. Moreover, make sure not to download any software from unknown or untrusted sources,” says Enaya. As for businesses and organisations, education 66

Computer News Middle East

JUNE 2014

www.cnmeonline.com

Any user needs to understand today that a smartphone is a computer and when the data on this computer is valuable the device becomes a target." Nicolai Solling, Director of Technology Services, Help AG

is remains key. Businesses need to ensure that employees—whether they are using their own devices for business or corporate provided gear—are educated on the basics of safe mobile behaviour. In addition, companies providing a BYOD program need to be particularly vigilant. “A successful BYOD program involves a defined segmentation of corporate and personal data applications,” says Wright. A lack of corporate planning when it comes to BYOD programs can lead to the compromise of the entire company. “The main issue of mobile devices is that they are owned by the employees in most cases, and they contain personal and enterprise applications on the same device. In many cases, they lack the level of security and management of corporate devices, while they might contain critical business or private information,” warns Enaya. Keeping software updated, avoiding unauthorised software and installing security software are all paramount in keeping mobile devices safe. However, they key to protecting mobile data is user behaviour. Users need to be aware of how they use their devices or the damage could be devastating and almost impossible to fix. “Cyber-crime has no boundaries, in particular it has no boundaries in relation to jurisdiction. In addition when an incident takes place the amount of data compromised is not always known, and when missing data is retrieved, if the data is not protected or encrypted, there is no assurance that is it has not already been duplicated, stored elsewhere, or forwarded to another,” Paul Wright, Manager of Professional Services and Investigation Team, Middle East, India and Africa, AccessData.


FEATURE

68

Spectrum

Computer News Middle East

JUNE 2014

www.cnmeonline.com


IN ASSOCIATION WITH

TELECOMS WORLD

SPECTRUM OF HOPE With the migration to 4G LTE, a spectrum crunch is looming large over the regional telecom operators. Refarming of spectrum resources is emerging as one of the most cost effective ways to roll out mobile broadband technologies. pectrum is the lifeblood of mobile services. Any service on the airwaves needs frequencies it can use without being overwhelmed by interference, whether the frequency it uses comes from an exclusive license or from a sharing arrangement. The more packets of data are being exchanged over a network, the more spectrum will be needed to carry them—unless something else is done. Mobile operators, technology vendors and governments have been sounding alarms about mobile networks nearing capacity for years, and those alarms are getting louder. A study by investment bank Credit Suisse said mobile networks worldwide were filled to 65 percent of capacity on average. With the exponential rise in mobile data traffic and new applications, operators run the risk of overloading their spectrum band, which will slow down users’ mobile experience. Deloitte predicts that although additional spectrum will continue to be made available in many global markets, spectrum exhaustion will continue to exacerbate in many

S

www.cnmeonline.com

JUNE 2014

Computer News Middle East

69


FEATURE

Spectrum

countries, especially in dense urban areas. End users will continue to see performance impacts as a result, primarily in the form of lower speeds, but also through inability to access networks and dropped calls or sessions. The reason is simple demand for spectrum will exceed supply. Demand for wireless bandwidth continues to grow in leaps and bounds, but supply is relatively constrained. By 2014 the US alone may suffer a 275MHz spectral “deficit”. Despite widespread calls for more spectrum to carry mobile data, there is a wide range of technologies already being used or explored that could help to speed up networks or put off the day when more frequencies need to be cleared. Government and industry agree that what’s need is at least a two-pronged approach, with more spectrum as well strategies to make better use of the spectrum that is already available. Some industry experts say it’s time to throw out the whole notion of allocating certain frequencies exclusively to commercial mobile service, or to any exclusive use. Instead, they advocate mobile operators sharing spectrum with current users, such as government agencies. Advances in technology, including small cells and radio performance improvements, help make it possible for mobile networks to use the same frequencies as other services, as long as potentially interfering signals don't rise above a certain level. Another way to make better use of all spectrum is refarming. As carriers adopt LTE, which uses

"Spectrum is a scarce resource and realising economies of scale and ensuring its optimal utilisation is equally critical for both operators and government bodies.”

70

Computer News Middle East

JUNE 2014

www.cnmeonline.com

Growing smartphone penetration and rise of OTT services is also significantly contributing to growth of data on networks. Bhanu Chaddha, Research Manager –Telecoms & Media, IDC

spectrum much more efficiently than earlier technologies, they plan to gradually migrate users off of their oldest networks and reuse those frequencies. Those moves ultimately will make a significant amount of additional spectrum available for high-speed data services, but it's not an overnight solution. “Spectrum is a scarce resource and realising economies of scale and ensuring its optimal utilisation is equally critical for both operators as well as government bodies. With more and more subscribers switching to 3G and 4G services data volumes on the networks are increasing exponentially, putting strain on the spectrum resource. Growing smartphone penetration and rise of over-the-top (OTT) services is also significantly contributing to growth of data on networks, making network economic difficult to justify in absence of adequate spectrum allocation,” says Bhanu Chaddha, Research Manager – Telecoms & Media, IDC. He adds that spectrum auctions are rare in the Middle East and in many countries such as Saudi Arabia regulators have not been able to fully accomplish goals set under national frequency allocation plans of vacating spectrum held by government bodies and the military. “In such a scenario operators had no choice but to refarm their existing spectrum for launching next generation 4G networks. Towards this 1800 MHz spectrum has emerged as the prime candidate for refarming initiative of the regional operators for two main reasons: availability and ecosystem support.” One is one of the reasons making spectrum refarming a compelling option for operations is the


on-going deployments of 4G LTE in the region. This has been driven primarly by the embedding of LTE technology into consumer devices ranging from smartphones, laptops and tablets to femtocells, game consoles, cameras, music players and even to nextgeneration smart wearables and accessories. “Wireless operator networks are faced with increasing demands for capacity nowadays, due to the proliferation of devices that rely on wireless technology, such as smartphones, tablets and laptops. The high data bandwidth can only be supported LTE technology; however, wireless operators are facing a challenge in deploying LTE due to the limited availability of spectrum. Spectrum also comes at a high cost, since it is a limited resource that can only be sold to operators by governments,” says Vick Mamlouk, VP-Wireless Sales, Commscope MEA. In the MENA region, the spectrum availability differs from one country to another. According to Deloitte, Bahrain, the UAE and Qatar have allocated well above 100MHz of spectrum per operator, while Morocco, Egypt and Oman have less than 50MHz of spectrum per provider, which are levels comparable to India. According to the same research, the mobile industry’s spectrum holdings in the region are operationally inefficient, due to the lack of harmonization. There is also a risk that spectrum will be insufficient in the future due to changing consumer habits leading to increased data traffic. “For governments in the Arab states, some of the options to mitigate this spectrum scarcity include releasing harmonized spectrum through the digital switchover in the Digital Dividend bands (700MHz and 800MHz), promoting spectrum liberalization by re-farming the 1,800MHz band, and promoting

One of the main challenges of spectrum refarming is maintaining the quality of the 3G service to customers during the LTE rollout operations.” Vick Mamlouk, VP-Wireless Sales, Commscope MEA

“Wireless operator networks are faced with increasing demands for capacity nowadays, due to the proliferation of devices that rely on wireless technolgy, such as smartphones tablets and laptops”

further release of the 2,600MHz band,” adds Mamlouk. The biggest benefit of spectrum refarming for operators is the cost. It will be much more cost efficient to upgrade an existing network that it would be obtain new spectrum in the first place, while at the same time reducing the need for additional spectrum, which allows operators to invest in LTE technology. Furthermore, by converting the existing spectrum, the lifespan can be expanded. While spectrum refarming has enabled operators to launch 4G services it has not be void of challenges. “Refarming is a tedious process and requires readjustment in network topology as well as base station frequencies which if not done carefully could have a detrimental effect on QoS and service experience and may as well lead to capacity constraint for existing services. It is therefore recommended that refarming is carried out in a phased approach while ensuring smooth transition between 4G and non-4G subscribes,” says Chaddha. Mamlouk agrees: “One of the main challenges of spectrum refarming is maintaining the quality of the 3G service to customers during the LTE rollout operations. The operators must find the right balance between deploying LTE while maintaining adequate capacity in the remaining spectrum to support non-LTE traffic. Another challenge is the interoperability when between LTE and non-LTE (2G / 3G) traffic, since there are still many users in the region that use only voice services.”

www.cnmeonline.com

JUNE 2014

Computer News Middle East

71


OPINION Cybersecurity

Operation Tovar: GameOver ZeuS Botnet Takedown Lucas Zaichkowsky, Enterprise Defense Architect at AccessData

T

he U.S. Department of Justice (DOJ) today announced a multinational takedown operation for a high profile ZeuS botnet known as GameOver ZeuS (GOZ), named after analysis of initial malware samples. The takedown operation was dubbed “Operation Tovar� according to a post by independent journalist Brian Krebs. The DOJ further stated the GameOver ZeuS botnet is in control of an estimated 500,000 to 1 million Windows computers worldwide and leveraged these infected computers to conduct more than $100 million dollars in wire fraud. In addition to Operation Tovar, the DOJ added they have disrupted the use of ransomware called CryptoLocker, known for encrypting documents on infected systems

to make them unreadable. The attackers confronted their victims and proceeded to extort money in exchange for file recovery. The DOJ estimates there were 234,000 infections and more than $27 million in payments the first two months of operation. The operators of GameOver ZeuS attracted close attention from authorities due to the extensive wire fraud activity. According to another Brian Krebs post, the GameOver Zeus attackers conducted DDoS attacks to distract banks while committing wire fraud and stealing hundreds of thousands of dollars. What is not well known is that these attacks were widespread for a long time and caused a big scare in the financial services industry. According to several inside sources I have spoken with, a significant number of

71

www.cnmeonline.com

Computer News Middle East

JUNE 2014

banks were hit by these attacks. Thanks to the continual flow of information shared among peer groups, such as Information Sharing & Analysis Centers (ISACs), participating organizations knew what signs to look for to avoid losses from these types of attacks. The major difficulty in unraveling the GameOver ZeuS botnet infrastructure is mapping it out. Structured peer-to-peer (P2P) architecture allowed attackers to control their botnet army by accessing any infected system. Making matters even tougher, ZeuS botnet operators made it difficult to locate all infected systems using antivirus and nextgen antimalware products. They distributed generic droppers via email by attaching a zip file containing an executable, disguised as a document, or providing a link to web sites hosting popular exploit kits such as Blackhole. Exploit kits identify unpatched software for each visitor, then exploit those specific unpatched vulnerabilities. However, the initial dropper would not be classified as ZeuS. It would contain a list of hard coded addresses for the ZeuS download. After the dropper downloads and executes ZeuS, a new variant is created on the fly for each infection and the original downloaded ZeuS exe is deleted. This makes it difficult for antivirus vendors to identify all compromised


systems since each infection is a unique variant requiring more signatures. According to a blog post by Dell SecureWorks, a successful take down of GameOver ZeuS required collaboration to simultaneously hijack DNS domains while blocking infected systems at ISPs and the sharing of information with other security organizations. Botnets such as ZeuS are extremely common and simple to operate with no investment. ZeuS source code is already freely available on the Internet for anyone to modify and create their own variants that are undetectable by antivirus software. Once developed, attackers launch phishing campaigns with attached files or exploit kits to prevent email attachments from getting blocked. A little over a month ago, I received an email containing a dropper attributed to GameOver ZeuS. Manual analysis uncovered that the dropper planted and executed a second stage dropper that would in turn download a package over the internet. It contained a special purpose password stealing version of ZeuS used to harvest saved passwords from popular software such as web browsers and it also loaded up Cryptolocker (aka Crilock). More information can be found on Microsoft’s Malware Encyclopedia. The most important detail about password stealing and CryptoLocker were not evident in reports generated by automated malware analysis engines from the first submitted dropper. See the comments section in this VirusTotal report for the dropper where I provide manual analysis results (User: LucasErratus). Then compare it against automated analysis results from Malwr and Sophos. You can see in this VirusTotal report that the package, with the password stealing ZeuS, was only detected on 6 of 52 antivirus engines a full several days after it was submitted to the antivirus vendors. Fast forward to today and I am afraid the detection results are not much better. Most antivirus vendors reject the submission I sent in because it is a bundle, not actual

binaries that can be executed standalone. Even more noteworthy, automated analysis results only acknowledged one of two domains and not the second stage dropper which was programmed with the ZeuS package. Knowing both domains and all the other intermediary files is key to uncovering more infected systems and blocking future infections from that attack campaign. To illustrate a more recent example, see the manual analysis I did on a fresh dropper unrelated to GameOver ZeuS that arrived in my home email June 1. View the comments section of this VirusTotal report and compare it to this automated Malwr report. The automated report identified one domain the dropper downloads ZeuS from. Manual analysis uncovered all ten and a narrative sequence of events. Again, this example highlights the important need to investigate all threats thoroughly. Why is all of this important? Missing hosts with backdoors planted and compromised credentials is the primary reason hacking intrusions are not discovered until after the major damage is done. For example, in the recent eBay intrusion, attackers used compromised employee credentials to login and make their way to steal a database, affecting 145 million users. Undoubtedly, the hackers are cracking passwords from that dump and will use them to break into other organizations. It is also common for these attackers to sell access on the black market to those willing to pay a high premium. As seen in past database dumps, the success rate at cracking passwords is abysmally high. By using wordlists with real world passwords and high rate GPU cracking, it is easy to crack all but the most complex passwords using cheap consumer hardware. In closing, the significance of GameOver ZeuS and recent high profile attacks reinforces the necessity to have the right tools and processes necessary to: identify and understand threats, successfully remediate the incident, block future related threats, and identify ones that still manage to slip through to the endpoints. Documenting findings as

www.cnmeonline.com

Indicators of Compromise (IOCs) and then applying them at the endpoint level, in network traffic, and by searching logfiles is how mature security teams accomplish these goals. For organizations and users concerned by these types of threats, here are steps they can take to protect their environments and minimize the risks: t #MPDLFNBJMBUUBDINFOUTDPOUBJOJOH executable files or zip files with executables such as exe and scr. t 6TFWVMOFSBCJMJUZNJUJHBUJPOTPęXBSFUP make up for unpatched software to avoid getting hit by exploit kits. The Microsoft Enhanced Mitigation Experience Toolkit (EMET) has a proven track record of deflecting software vulnerability exploitation including rare 0days vulnerabilities being exploited before software patches are available. Also, EMET can be managed in corporate environments using group policies making it a no-brainer business decision. t *OTUBMMBOUJWJSVTTPęXBSF"MUIPVHIOPU perfect, antivirus software can still catch a large percentage of malware and reduce noise. Detected incidents could even lead you to uncover damage or other malware that would have gone undiscovered otherwise. t 'PSPSHBOJ[BUJPOTXJUI*5TFDVSJUZTUBGG or dedicated IR teams, I recommend acquiring consolidated platforms such as AccessData’s ResolutionOne™ Platform, designed to automate most of the capabilities required to analyze and understand incidents, and uncover what narrowly focused point products are not telling them. Applying these capabilities in a piecemeal fashion creates a hodgepodge of tools that require many manual steps to build the final big picture. This indirectly increases the technical skill requirements needed to investigate incidents and contributes to the growing demand for advanced security experts. For more on this discussion, see the recent blog post by AccessData CEO, Tim Leehealey.

JUNE 2014

Computer News Middle East

72


ANALYST CORNER Gartner

Three sourcing options for government shared services Bryan Pagliano, Research Director, Gartner

P

ressure is growing on government shared-service organisations to cut costs and improve services. Across the globe and at all levels of government, budget austerity and organisational reforms are pressuring IT and non-IT shared-service providers to deliver cost optimisation and improve service delivery. At the same time, alternative sourcing models—especially cloud computing—are commoditising service portfolios and becoming more attractive. Shared-service executives need to evaluate different sourcing options to best achieve these outcomes. Government shared-service initiatives can drive economies of scale and process improvement, but they have traditionally struggled to achieve their intended benefits in the planned time frames. While current budget constraints are prompting more agencies and jurisdictions to consider shared-service initiatives, many are sceptical that promised results can be delivered. This is particularly true when alternatives to internal sourcing, such as cloud computing, offer options that could complement, as well as supplement,

traditional shared services. Additionally, many sharing initiatives, particularly wholeof-government shared-service initiatives, are floundering. There are three broad categories of sourcing options for shared-service IT executives to consider.

73

www.cnmeonline.com

Computer News Middle East

JUNE 2014

Internal Sourcing Here the processes, people and tools used to deliver services are entirely owned and managed by the government sharedservice provider, which is often created by consolidating people and other assets transferred from fragmented organisations. Existing government shared services rely mostly on internal sourcing, in which internal staff, managers and executives own the ongoing processes and competencies required to deliver services. In many cases, they may use external service providers, either in the form of system integrators or contract staff to build systems in the first place and then maintain them. While internal sourcing can leverage capital and can often provide more customised government solutions, alternatives challenge traditional business cases. In many

cases, challenges to internal sourcing now even have policymaker support. In multiple jurisdictions in Australia, shared-service organisations are no longer being protected by whole-of-government policy. The most public example is in Queensland, where expectations are that services from the centralised sharedservice organisation should be competitive or “contestable” with other commercial offerings. Advantages: Internal sourcing offers a relatively high degree of flexibility for organisations that have mature service delivery capabilities. Internal sourcing also retains control over the details; this can be advantageous when sharedservice organisations need to respond to scrutiny from public watchdog or oversight organisations. Internal sourcing may also have local economic benefits when the agency or jurisdiction trains and employs citizens. Disadvantages: Internal sourcing demands a focus on operational excellence requiring constantly “staying ahead of the curve” on skills, technology and processes at the lowest cost levels. This can be difficult to sustain over a long period of time. As well, multiple “cloud first” policy initiatives, along with the success of consumer and commercial clouds, creates a bias toward


external sourcing that shifts the burden of proof to justifying continued use of internal sourcing. This bias further complicates an existing problem for shared-service organisations around customer executive buy-in. In evaluating the internal sourcing option, shared-service executives should consider the size of the customer base as well as the potential customer base. Second, consider the nature of the service offering. For example, how domain-specific are the IT systems and business processes of the shared-service offerings? Finally, how costly is it to transition to a new sourcing option? Governments pay particular attention to the length of time to achieve a return on the investment, often giving priority to short-term budget issues. Public-Private Partnerships (PPPs) PPPs are arrangements in which a government agency commits to a long-term relationship with a private-sector vendor to share investments, risks and rewards to build and run a public-sector program. Most often PPPs are joint ventures in which partners are engaged throughout the duration of the arrangement, combining the skills or capabilities of each partner to serve a mutually beneficial purpose. For example, the Suffolk County council in the U.K. used a joint venture to establish a shared-service unit while also providing future commercial opportunities for the private partner. This model has also been used in North America and Australia for multiagency IT infrastructure projects, such as statewide public-safety radio communications systems. Less common PPP structures include: (1) the equity investment model, in which governments invest in private-sector efforts alongside other sources of financing, and (2) the build-operate-transfer model, in which, financed by the government, a private-sector entity builds a capability and then transfers ownership of that capability as part of the contract after a concession period. Advantages: A PPP is an appealing sourcing option for government sharedservice providers that are looking to leverage a partner’s financial and management resources and competencies, or, depending on national laws, shared-service providers that

are looking for a sourcing option to aid in restructuring their workforce by transferring public-sector staff to private vendors. Disadvantages: The drawbacks of PPPs include the extremely difficult pricing and contracting process, limited switching options once the contract is established, determining how to handle unexpected costs, and PPP’s traditional need, as with PPP civil engineering projects, for a long-term environment that is relatively stable. In evaluating the PPP option, sharedservice executives should determine if there is a mutual overlap of value between government interests and private-sector interests, consider the duration of the asset in question and compare the relative difficulty and risks of a PPP agreement to the costs of building the solution through other sourcing options. Externalisation Here the processes, people and tools used to deliver the services used are supplied primarily, or entirely, by external service providers. Traditionally, external sourcing options, such as full outsourcing and selective outsourcing, have competed with shared services where centralisation policy mandates did not exist. Shared-service customers would often see the provider organisation that used internal sourcing as having inherent advantages, such as a greater understanding of business requirements, a greater compliance with regulatory environments and an overall better workforce alignment around fiduciary responsibility to taxpayers. On the other hand, customers often see external competitors to shared services as being more efficient due to the effects of market forces. There is some truth in both perceptions. Advantages : Externalisation allows the shared-service organisation to take advantage of predictable cost structures through contracts. Also, externalisation can harvest the benefits of cloud services. For example, IaaS offerings can either fill gaps in a solution or offer more cost-effective options through hybrid IT. Additionally, the service management, analysis, integration and evaluation competencies developed to improve current service offerings through externalisation can also be used to create new

www.cnmeonline.com

service offerings, like hybrid cloud solutions. Disadvantages : The drawbacks of externalisation are in initiating and managing the change that it brings. For shared-service providers that still rely solely on insourcing, this can be stark. Full use of externalisation requires new strategy, new skills in evaluating and selecting vendors, new contracting skills, and new sourcing management practice when services rather than products become the predominant deliverable. Above all, shared-service executives need to keep their service sourcing strategy up to date through continuous sourcing evaluations. While cost is a key consideration, evaluate other criteria such as flexibility, ease of compliance and shared risk. The Future Will Lie in Between To lower costs and improve services, you need to determine the optimal blend of available alternatives in your agency’s IT sourcing portfolio by determining the optimal blend of available alternatives. Gartner expects that alternative sourcing options, particularly using cloud-based service delivery models, will experience the fastest growth. In conversations with Gartner clients, a strategic approach to sourcing is emerging. For each line of service (or system), sharedservice executives will compare alternatives based on multiple criteria to select the most appropriate option. The expected outcome of these strategic analyses is that a number of shared services will rely on multiple suppliers and a variety of delivery models. In other words, they will partner with the outsourcing vendors that they traditionally considered their direct competitors. As a result, some shared services are progressively transforming into multisourcing service integrators, whose core competencies will consist in their ability to design a service portfolio to meet needs. However, the shared services that take this path will need to become much-leaner organisations. Their delivery arm will be increasingly commoditized, and the set of skills they require will move from technical IT operations expertise toward service management and vendor management, IT financial management, and relationship management.

JUNE 2014

Computer News Middle East

74


FACE TO FACE Victoria Strand

76

Computer News Middle East

JUNE 2014

www.cnmeonline.com


The age of the customer Customer experience has emerged as one of the telecom industry’s hottest segments, as telecom service providers strive to retain customers in the face of tough competition. Victoria Strand, President of Ericsson GCC & Pakistan, explains the importance of improving customer experience as a way to win and retain customers.

T

he rise of digital and social media has put customers at the centre of the telecom experience. Is it important now for service providers to conduct tailored, one-to-one relationships with customers? The digital revolution is creating significant difficulties for traditional communications service providers (CSPs). Not only are they struggling with an enormous growth in data volumes, but digital alternatives are tucking the voice and messaging revenue. As such, operators are rethinking their strategies and reshaping their business models to stay relevant and profitable, and customer experience plays an essential role in this. Customer behaviour is changing, and CSPs mainly study these behaviours to understand what their customer base wants in order to enhance their customer experience to match demands. That is the way to increase loyalty and drive revenue. Is it time for Middle Eastern operators to look beyond the network to improve QoS and customer experience? Yes. As I mentioned earlier, customer experience is the key for operators to remain relevant and profitable. A recent study conducted by Ericsson’sConsumer Lab revealed that network performance is vital for winning customer loyalty, and for keeping churn low—especially amongst smart device users. This is growing in relevance as we see even more customers going mobile, with the growing Bring Your Own Device trend increasing demand for an unparalleled experience whenever and wherever they want it. An improved, seamless network helps to boost customer experience by giving them the connectivity they expect, as does focusing on transparency, efficiency, and proactivity in providing customers with a greater feeling of control over their accounts. At Ericsson, we offer an End-user Experience QoS solution that will help operators to consistently deliver the best possible experience for voice, messaging and data services. It focuses on salient points such as measuring response time and availability to improve them based on a statistical overview, and speeds up new product launch times through automation of the handset and application verification process, amongst others. When it comes to customer experience, operators mainly consider streamlining everything they do, particularly on the customerfacing front, as even the smallest interactions can have an impact on the bigger experience picture.

Most telecom operators leverage CRM to drive customer experience. But is that enough? It may have been enough in the past, but today operators need to go beyond relationship management and into customer experience management, or CEM. Relationship falls under this sphere, but it includes the entire experience throughout the relationship cycle that is ever more important in our increasingly digitized society. As we progress into the Networked Society, customers must be empowered by a superior experience, every time and everywhere they connect to any of the operator’s touch points. A recent study conducted by the Ericsson Consumer Lab revealed that 81 per cent of executives believe that customer experience is key to improved financial performance, due to increased customer retention, so it is essential that operators go one step beyond traditional measures. How can you define and measure customer experience? What you measure, and the way in which you measure it, is entirely dependent upon what is considered most important by your customers. In order to accurately measure, we must monitor in real-time, or as close to real-time as possible, is essential, and should be an ongoing exercise. Once we have identified the areas that are most important, and therefore that should be measured, they must collect data that can be used to design methods to improve the experience, across the board. By conducting consistent measurements and deriving meaningful insights from the data collected, operators will be able to take remedial actions in any weak points before it effects customer experience. Can you tell us very briefly about the technologies available from Ericsson that can enhance customer experience? At Ericsson, we offer numerous solutions that set our customers on a journey towards optimised customer experience management, rather than being a one-shot effort that will offer only short-term effects. We work with operators to optimise their spectrum and network investments, offering them a cost-effective, long-term strategy that will boost their customer experience at all touch points. Our solutions include centric-managed services; smart devices experience with strong Operations Support Systems and Business Support Systems; TV Anywhere for seamless, personalised viewing; LTE Broadcast; Professional services and much more, all designed to build a customised, flexible, and effective customer experience.

www.cnmeonline.com

JUNE 2014

Computer News Middle East

77


FACE TO FACE Robert Bigman

David Aron, Vice President, Gartner

Clear and present danger As Chief Information Security Officer of the Central Intelligence Agency for 30 years, Robert Bigman was entrusted with protecting the United States’ most sensitive secrets. The President of consultancy ďŹ rm 2BSecure took time out to talk to CNME about why outdated IT architectures leave worldwide security hanging by a thread.

78

Computer News Middle East

JUNE 2014

www.cnmeonline.com


H

ow has the threat landscape changed since you began working at the CIA? In my opinion it hasn’t at all. The same threats and risks that exist now existed in the seventies; there is the same inherent risk in technology and computers. You could say that these risks have been amplified by consumerisation, but, historically, we have never addressed the critical issues. In this age, the capabilities of the Internet of Things is creating more problems. Tell me about the paranoia you faced while working there. I was always paranoid! As a CISO you have to be. It’s not necessarily a negative thing, if your job is to protect something. And as the saying goes, “just because you’re paranoid doesn’t mean they’re not out to get you.” 2BSecure says it believes in ‘Thoughtful information technology architecture.’ Can you give your definition of what this is? For many years, industries, governments and consumers have been sold the idea of ‘you can have it all without any security risk.’ Well they are fast learning that that isn’t true. Nothing is ever free in life, and that is especially apt in the case of the Internet. So many security companies try and tell you “use my product and you will be OK.” This is far from true. Security issues are tied to the Internet; it is the main target of those who are out to exploit flaws. All the right technology will still be breached; if you are a target, hackers will get you. Thoughtful architecture means having solid foundations at the base, whereas what we have now are old, weak, decrepit foundations, on top of which

are built layers of software, and the whole thing is due a collapse. You’ve previously mentioned how Unix and Microsoft architectures have remained the same from when they were developed in the 1970s, leaving huge vulnerabilities. What needs to be done to solve this underlying problem? These architectures are 25-30 years old, and were built in the days of smaller computing needs. When you consider that these same architectures are now being employed on mobile computers, which are so widely bought, it seems like madness. You’re left thinking ‘how on earth did these end up on the mass market?’ Windows 7 and even Windows 8 is based on 20-year-old architecture, and it has issues. The internet was initially based on private network exchanges between remote nodes, and we didn’t know what it would turn into. TCP/IP protocol at least allows you to modify for performance and scale, which is what we implemented at the CIA. What was the biggest challenge you faced in your career at the CIA? Simply enough, to keep the agency’s systems from being penetrated. It is one thing to keep your systems secure, and another to keep them hidden. Both were a challenge, and when you have really bad technologies as your defence, you really are in trouble. Another main challenge was explaining abstract technical concepts like the movement of electrons to senior personnel within the CIA. These are people who can’t understand how the technical aspects of a phone call work. I became highly proficient in explaining concepts with video – and moving puppets. Having said that, the acceptance of risk there was zero, unlike in industry, where companies don’t have the same prudence. There, unless there is a gun to their head, they don’t do much. When there is a serious possibility of losing information, they do everything to stop it, but until then, not enough. In the grand scheme of things, when did cybersecurity first become a major issue? It still hasn’t. Every week there is a conference about what you can do to improve your security, but a fundamental rethink of the product

www.cnmeonline.com

architectures that are used to move data - and new R&D - is needed. At the same time, it is not viable to upset the economy and suddenly switch horses in terms of security strategy, it has to be a gradual transition. Waiting for a new product to come along won’t solve the problem; encryption certainly hasn’t stopped cybercriminals. It’s a morbid analogy, but I view the reality of security weakness as the same as a reaction to a family member’s death. At the moment we are in the stage of realisation, where we are beginning to understand what is happening but haven’t fully grasped the gravity of the situation; we haven’t got a rational answer of how to respond. We need to move from the emotional response to form a rational plan of action. It has dawned on the US government that this is a really big problem; but the likes of Cisco aren’t helping with the IoT, where everything is connected: your car, your clothes, your cat. It’s out of control. I’m guessing you’re not optimistic for the future then? Even in June 2014 we are being repeatedly told of new security issues we face, and that simply downloading a product will make all our problems go away. There is empirical evidence that security products do not work. I recently had a meeting with the CEO and CIO of a large corporation, and they told me their goal was to eliminate the need for cybersecurity. I told them that I’d love to make that happen, but there is no mathematical formula that can achieve that. We need to go back and fix the fundamentals, and come up with new security solutions. If we were to start work right now on rebuilding the foundations, it would take a minimum of 5-10 years before they were complete. Any words of comfort for the region’s IT leaders? They need to go back to basics. It’s no use just taking advice off of salesman and hoping security issues will be resolved. They need to take responsibility for their own organisations, spend resources where possible, do their best to rework their architecture and bring in people with the right skills to help them move forward. Throwing money at the problem is not enough, IT leaders must do the necessary due diligence when implementing security strategies. Given the skills gap in the region, where can the Middle East source these new recruits? They’re in China! I think a good start is to fund security courses and degrees, like they’re starting to do in the US. We need to start growing our knowledge in the Internet-based economy.

JUNE 2014

Computer News Middle East

79


Exhibition : 9 - 11 Conference : 10 -11

JUNE 2014

The Middle East’s Essential I.T. Security Knowledge Platform

UN FRERIVA EXHE LLED IBIT ION FR SEEE SECURIT SS Y ION S JUN KEYE 10 Rob NO T For ert Bi E

I.T. SECURITY IS A CRITICAL STRATEGIC IMPERATIVE Attack sophistication and cost is increasing. New vulnerabilities are exposed daily.

m

KNOWING THE LATEST THREATS AND RESPONSES IS ESSENTIAL Fight tomorrow’s threats. Gain the very latest global insights into the most sophisticated attackers.

GISEC HAS THE ANSWERS The region’s number one I.T. Security event. Get your I.T. Security strategy patch in one hit, ensure you have the inside knowledge to protect your assets.

TIMINGS

Exhibition : 10 am – 6 pm

ORGANISED BY

POWERED BY

SILVER SPONSORS

JUN KEYE 11 Mik NO T CR ko Hy E O

FIR , F-S ponn S e MID T TIM cure en DLE E IN EAS THE T

FRE WO E RKS HO PS I.T. AWSECU AR RITY DS

Conference: 9 am – 5:45 pm

GISECDUBAI GISECDUBAI GISEC - GULF INFORMATION

www.gisec.ae/visit +971 4 308 6805 gisec@dwtc.com

g

FIR er C man S I MID T TIM SO, C DLE E IN IA EAS THE T

Register to Attend Today: www.gisec.ae/visit

SECURITY EXPO AND CONFERENCE

STRATEGIC SPONSOR

DIAMOND SPONSOR

PLATINUM SPONSORS

CONFERENCE KNOWLEDGE PARTNER

GOLD SPONSORS

SUPPORTING ASSOCIATIONS

AWARD LEAD SPONSOR

OFFICIAL PUBLISHER

OFFICIAL TRAVEL PARTNER


Launches and releases

PRODUCTS

PRODUCT OF THE MONTH

PRODUCT WATCH

A breakdown of the top products and solutions to be launched and released in the last month.

PRODUCT: Ascend P7 VENDOR: Huawei WHAT IT DOES: Huawei has unveiled its latest flagship smartphone—the Huawei Ascend P7. On the heels of the Samsung Galazy S5 and the HTC One M8, Huwawei has unleashed a 6.5 mm thick handset with a 445 ppi display and a 13 MP 5P non-spherical lens rear-facing camera. The design is solid with beveled brushed metal edges across the top and sides and a rounded profile that curves around the bottom edge. For durability, Huawei has weaved seven layers of materials together underneath a glass layer. WHAT YOU SHOULD KNOW: Like most smartphones these days Huawei has put a great deal of thought into the camera. The Ascend P7 gives users an edge in low-light settings with a BSI sensor, Image Signal Processer, and f/2.0 aperture. The camera also provides 1080p HD video playback and 10 level auto-facial enhancement.

PRODUCT: Moto X BRAND: Motorola PRODUCT OF THE MONTH: Backup Plus FAST BRAND: Seagate WHAT IT DOES: In general, external harddrives are not particularly exciting products. However, Seagate has really amped up the portable drive game with the Backup Plus FAST. First of all, it is fast—very, very fast. The super-speed USB 3.0 interface delivers transfer speeds of up to 220MB per second. Futhermore, the surprisingly slim case houses a whopping 4TB of data making it the perfect companion for creative types such as photographers and designers, or just audiophiles and movie junkies looking to quickly move large files. WHAT YOU SHOULD KNOW: Like most hefty external drives the Backup Plus FAST comes with its own proprietary software interface. This is the software that will eventually be included across the Seagate Backup Plus series. Moving beyond the traditional dashboard interface, the software allows one-click back up via any iOS or Android mobile device. Via the Seagate Mobile Backup app users can easly back up al of the pictures and videos from that device to the drive or a cloud service.

WHAT IT DOES: Motorola and Google have come together to release the premium phone in its Nexus line. The Moto X is designed to be the pinnacle of Android phones, and, well, it is. It is everything that one could want from an Android phone without all of the proprietary software and customisations that can sometimes bog down the user experience. Moto X has got latest operating system of Android 4.4 KitKat, 4.6-inch AMOLED display, 10 MP rear camera and two-megapixel front camera, and 16GB memory with a promotion of 50GB storage free for two years on Google Drive. WHAT YOU SHOULD KNOW: Finally, after its release in August 2013, the Moto X is available in the Middle East. The bells and whistles that do set it off are extremely user friendly and created with everyday problems in mind. “Our roots are deep in mobile hardware and innovation—we invented mobile communications and take pride in that,” said Marcus Frost in an interview with CNME following the UAE launch. The Moto X is now available in the UAE for a market price of AED 1,599.

www.cnmeonline.com

JUNE 2014

Computer News Middle East

81


COLUMN

The word on the street

James Dartnell

The growth of Google S

CNME’s man about town gives his spin on the latest IT news and trends. 82

Computer News Middle East

JUNE 2014

o the word’s out. By the end of May it emerged that Google will invest between $20-30 billion in acquisitions of non-US-based companies, following its 2013 disclosure to the U.S. Securities and Exchanges Commission of the plans. Prior to Facebook’s $19 billion purchase of messaging service WhatsApp in February, Google’s $17 billion outlay on 144 companies over the last two years was more than Apple, Microsoft, Amazon and Yahoo’s combined. Although it is not yet clear as to the timeframe of Google’s planned purchases, the proposed investment is, if nothing else, alarming. What’s more, following the announcement that its $159 billion value means it has now displaced Apple as the world’s most coveted brand, the investment can only increase the looming threat on citizen privacy. Google’s wide array of disparate acquisitions over the last 13 years indicates a willingness to dominate several sectors, which all come under the umbrella of personal information. The overall effect will be to hike its primary purpose of pinpointed advertising, via a strong presence in the IoT, robotics, and cloud services. It seems these days

www.cnmeonline.com

that Google’s legal team is inundated with fresh lawsuits demanding that it cease to impinge on various aspects of privacy. A Berlin court recently said Google’s privacy policy and terms of service violate German data protection laws, while the Court of Justice of the European Union ruled that Google must remove links to outdated information on citizens. There also remains the lingering suspicion that Google has engulfed these companies not just for their cutting-edge products, but also for their refreshing, visionary leaders. In February, Google’s Senior Vice President of People Operations, Laszlo Bock, outlined the qualities that the company looks for in prospective job applicants. “’Successful bright people’ rarely experience failure, so they don’t know how to learn from it,” he said. “These individuals commit the fundamental attribution error, which is if something good happens, it’s because I’m a genius. If something bad happens, it’s because someone’s an idiot.” Take the CEO of Nest—the smart smoke alarm and thermostat developer—Tony Fadell. Here Google have not only spent $3.2 billion on acquiring an emerging IoT leader, but they have also enlisted the man who oversaw the development of the first 18 editions of the iPod. They seem to have realised that by hoarding talent, as well as a vast pool of personal information, they could soon be unstoppable. Given the NSA’s recent misdemeanours, it seems the US government, the one entity who could perhaps curb Google’s stranglehold, is at a loss for how to intervene. No doubt, the proposed investment is exciting for technology, but one has to fear for where this mammoth investment will lead.


We not only provide core technology,

we provide confidence. THE CRITICAL DATA STORAGE CHALLENGE Data is crucial to an enterprise’s operation. The problem is that long-term operation of key storage systems at high loads often results in slower response from the system and an increased risk of downtime. So how do you choose a reliable storage system that ensures the robust storage of data and the enterprise's smooth operation?

A BETTER WAY HUAWEI OceanStor 18000 SERIES ENTERPRISE STORAGE SYSTEM

Safe and trustworthy, flexible and efficient, ensuring the reliable storage of critical data

Huawei OceanStor 18000 Series Enterprise Storage System is designed to support the smooth operation of the core business of an enterprise. The system’s high performance, high reliability and low latency ensure that core business processes remain online and receive rapid service from the storage system. l'HFGQDKH@AHKHSX20 times faster data recovery and 99.9999% usability of recovered data ensure core business reliably online. l'HFGODQENQL@MBD,HKKHNMRNE(./2@MCODQENQL@MBDSVHBDSGDHMCTRSQXRS@MC@QCVHKKD@RHKXBNODVHSGSGD deluge of data over the next 10 years. l'HFGDEEHBHDMBX,HBQNRDBNMCQDRONMRDSHLDVHSGTOSNSHLDRE@RSDQQDRONMRDSNATRHMDRRRXRSDLR HMBQD@RDR the quality and efficiency of services. To find out more OKD@RDUHRHSenterprise.huawei.com p

HUAWEI OceanStor 18000 Series Enterprise Storage System Huawei OceanStor 18000 Series Enterprise Storage System With(MSDKÂŽ XeonÂŽ processor (MSDK SGD(MSDKKNFN 7DNM @MC 7DNM (MRHCD @QD SQ@CDL@QJR NQ QDFHRSDQDC SQ@CDL@QJR NE (MSDK Corporation in the U.S. and/or other countries.

For more information, please search Huawei OceanStor 18000 Series


Computer News Middle East June 2014