ISSUE 63 \ APRIL 2024
BUILDING STRONGER DEFENCES WHY SECURING THE CLOUD IS A SHARED RESPONSBILITY
SIMPLE. POWERFUL. SECURE. The unified platform for digital transformation. • Enable autonomous operations. • Control costs and complexity. • Increase agility and productivity. solarwinds.com
CONTENTS
18
44 PRODUCTS
WHY SECURING THE CLOUD IS A SHARED RESPONSBILITY
BUILDING STRONGER DEFENCES INTERVIEWS
VIEWPOINTS
14
12
UNLEASHING THE POTENTIAL OF DATA
16 TACKLING EMERGING THREATS
ACCELERATING PROGRESS
22 FIGHTING THE CLASSICS
26 ENSURING SECURITY
24 PIONEERING AGILITY
36 SECURING THE FUTURE
38 UNLOCKING COMPETITIVE EDGE
AWARDS
40 SHIFTING PARADIGMS
28 CXO 50 KSA AWARDS PUBLISHED BY INSIGHT MEDIA & PUBLISHING LLC
42 EMBARKING ON FINOPS
6 NEWS CLOUDFLARE POWERS ONE-CLICK-SIMPLE GLOBAL DEPLOYMENT FOR AI APPLICATIONS WITH HUGGING FACE THREE-QUARTERS OF BANKS ADMIT THEY NEED TO MODERNISE THEIR CORE FORTINET INTRODUCES EXPANSIVE UPGRADES TO ITS REAL-TIME NETWORK SECURITY OPERATING SYSTEM EPICOR SURPASSES $1 BILLION IN ANNUAL RECURRING REVENUE WITH AN EYE TO THE FUTURE OF AI-POWERED ERP APRIL 2024
CXO INSIGHT ME
3
EDITORIAL
ALL ABOUT DATA
L
ast month, I had the opportunity to attend the Kafka Summit in London, which was all about real-time data and data streaming technologies. I was hosted by Confluent, which made some interesting announcements during the summit, including integrating operational and analytical estates and the availability of Apache Flink, the stream processing framework, on its cloud. Kafka has emerged as the bedrock of modern data infrastructure, with an estimated 100,000 organisations, including Fortune 500 companies, leveraging this open-source platform for real-time data. Until recently, data streaming was limited to a handful of companies, such as Netflix, in the media sector, as well as banks and stock exchanges. Now, it has become crucial in shaping customer experiences in today’s business landscape. Yet, it remains elusive for many organisations. Why is it hard for enterprises to effectively harness their data resources in real time? The answer is simple – even with the growing appetite for real-time applications, configuring and managing stream processing stacks is a daunting challenge. From conversations with Confluent’s CEO and other key executives, I gleaned that data streaming
is now a key business requirement, and the technology has gone mainstream. They told me that the first step in embarking on data streaming is to establish a unified operational model, prioritising data governance. As a CIO, you may wonder if this investment is worthwhile. After all, implementing data streaming systems is challenging due to their high complexity and the involvement of various technologies and configurations. Moreover, scaling up data streaming solutions to handle large volumes of data may require significant infrastructure investments. Currently, the biggest use for data streaming is real-time analytics. It is also being used for fraud detection and prevention, predictive maintenance, personalisation of customer experience, and risk management and compliance. With data transformation and the velocity at which data is accessed becoming a key differentiator for many enterprises, investing in data streaming technologies sounds like a good idea to unlock the full potential of their data. However, you must understand how real-time data processing can add value to your organisation and align your investment with these goals.
Published by
Managing Editor Jeevan Thankappan jeevant@insightmediame.com +97156 - 4156425
Sales Director Merle Carrasco merlec@insightmediame.com +97155 - 1181730
Operations Director Rajeesh Nair rajeeshm@insightmediame.com +97155 - 9383094
Publication licensed by Sharjah Media City @Copyright 2024 Insight Media and Publishing
Production Head James Tharian jamest@insightmediame.com +97156 - 4945966
Administration Manager Fahida Afaf Bangod fahidaa@insightmediame.com +97156 - 5741456
Designer Anup Sathyan
While the publisher has made all efforts to ensure the accuracy of information in this magazine, they will not be held responsible for any errors
APRIL 2024
CXO INSIGHT ME
5
NEWS
CLOUDFLARE POWERS ONE-CLICKSIMPLE GLOBAL DEPLOYMENT FOR AI APPLICATIONS WITH HUGGING FACE
C
loudflare announced that developers can now deploy AI applications on Cloudflare’s global network in one simple click directly from Hugging Face, the leading open and collaborative platform for AI builders. With Workers AI now generally available, Cloudflare is the first serverless inference partner integrated on the Hugging Face Hub for deploying models, enabling developers to quickly, easily, and affordably deploy AI globally, without managing infrastructure or paying for unused compute capacity. Despite significant strides in AI innovation,
CONFLUENT UNVEILS TABLEFLOW Confluent announced new Confluent Cloud capabilities, making it easier for customers to stream, connect, govern, and process data for seamless experiences and timely insights while keeping their data safe. Confluent Tableflow easily transforms Apache Kafka topics and the associated schemas to Apache Iceberg tables with a single click to better supply data lakes and data warehouses. Confluent’s fully managed connectors have been enhanced with new secure networking paths and up to 50 percent lower throughput costs to enable more complete, safe, and cost-effective integrations. Stream Governance is now enabled by default across all regions with an improved SLA available for Schema Registry, making it easier to safely adjust and share data streams wherever they’re being used. For companies to make decisions that optimise costs, boost revenue, and drive 6
CXO INSIGHT ME
APRIL 2024
there is still a disconnect between its potential and the value it brings businesses. Organisations and their developers need to be able to experiment and iterate quickly and affordably, without having to set up, manage, or maintain GPUs or infrastructure. Businesses need a straightforward platform that unlocks speed, security, performance, observability, and compliance to bring innovative, production-ready applications to their customers faster. “The recent generative AI boom has companies across industries investing massive amounts of time and money into AI. Some of it will work, but the real challenge of AI is that the demo is easy, but putting it into production is incredibly hard,” said Matthew Prince, CEO and co-founder, Cloudflare. “We can solve this by abstracting away the cost and complexity of building AI-powered apps. Workers AI is one of the most affordable and accessible solutions to run inference. And with Hugging Face and Cloudflare both
deeply aligned in our efforts to democratise AI in a simple, affordable way, we’re giving developers the freedom and agility to choose a model and scale their AI apps from zero to global in an instant.” Today, Workers AI is generally available, providing the end-to-end infrastructure needed to scale and deploy AI models efficiently and affordably for the next era of AI applications. Cloudflare now has GPUs deployed across more than 150 cities globally, most recently launching in Cape Town, Durban, Johannesburg, and Lagos for the first locations in Africa, as well as Amman, Buenos Aires, Mexico City, Mumbai, New Delhi, and Seoul, to provide low-latency inference around the world. Workers AI is also expanding to support finetuned model weights, enabling organisations to build and deploy more specialised, domain-specific applications. In addition to Workers AI, Cloudflare’s AI Gateway offers a control plane for your AI applications, allowing developers to dynamically evaluate and route requests to different models and providers, eventually enabling developers to use data to create fine tunes and run the fine-tuned jobs directly on the Workers AI platform.
innovation, it requires connecting the operational and analytical estates of data, which are traditionally siloed in organisations. The operational estate includes the SaaS applications, custom apps, and databases that power businesses such as Oracle, Salesforce, and ServiceNow. The analytical estate includes data warehouses, data lakes, and analytics engines that power analytics and decision-making and use data streams and historical tables to run queries and different analytical functions. “The critical problem for modern companies is that operational and analytical estates must be highly connected, but are often built on point-to-point connections across dozens of tools,” said Shaun Clowes, Chief Product Officer at Confluent. “Businesses are left with a spaghetti mess of data that is painful to navigate and starves the business of real-time insights.” Many organisations turn to Kafka as the standard for data streaming in the operational estate, and to Iceberg as the standard open table format for data sets
in the analytical estate. Using Iceberg, companies can share data across teams and platforms while keeping tables updated as the data itself evolves. Companies using Kafka want to utilise Iceberg to meet the rising demand for both streaming and batch-based analytics. As a result, many companies must execute complex migrations which can be resource-intensive, resulting in stale and untrustworthy data and increased costs. “Open standards such as Apache Kafka and Apache Iceberg are popular choices for streaming data and managing data in tables for analytics engines,” said Stewart
Bond, Vice President of Data Intelligence and Integration Software at IDC. “However, there are still challenges for integrating real-time data across operational databases and analytics engines. Organisations should look for a solution that unifies the operational and analytical divide and manages the complexity of migrations, data formats, and schemas.” Tableflow, a new feature on Confluent Cloud, turns topics and schemas into Iceberg tables in one click to feed any data warehouse, data lake, or analytics engine for real-time or batch processing use cases. Tableflow works together with the existing capabilities of Confluent’s data streaming platform, including Stream Governance features and stream processing with Apache Flink, to unify the operational and analytical landscape. Confluent announced the general availability of Confluent Cloud for Apache Flink, a fully managed service for Apache Flink that enables customers to process data in real time and create high-quality, reusable data streams. Confluent Cloud for Apache Flink is available across Amazon Web Services (AWS), Google Cloud, and Microsoft Azure. Backed by Confluent’s 99.99% uptime SLA, Confluent’s cloud-native service for Flink enables reliable, serverless stream processing. Organisations are under incredible pressure to deliver exceptional customer experiences and streamline operations with cutting-edge use cases like fraud detection, predictive maintenance, and real-time inventory and supply chain management. Stream processing is a critical part of bringing these real-time experiences to life because it enables organisations to act on data as it arrives rather than waiting to process it in batches when the data is often already stale and out of date. As the compute layer in the data streaming infrastructure, stream processing helps teams filter, join, and enrich data in real time to make it more usable and valuable for sharing with downstream applications and systems. It creates high-quality data streams that can be reused for multiple projects and provides improved agility, data consistency, and cost savings compared to traditional batch processing solutions. As the de facto stream processing standard, Flink is relied upon by innovative companies like Airbnb, Uber, Netflix, and Stripe to support mission-critical streaming workloads. That is what sparked the surge in Flink’s popularity. In 2023, Flink was downloaded almost one million times.
THREE-QUARTERS OF BANKS ADMIT THEY NEED TO MODERNISE THEIR CORE
Endava, a technology services company combining world-class engineering, industry expertise and a people-centric mindset, today launched its Retail Banking Report. The report explores financial institutions’ (FIs) strategies for meeting customer demand and uncovers that the majority (75%) are struggling to take advantage of new payment offerings and stronger cybersecurity because their core systems haven’t been modernised. However, 75% of organisations believe they offer a good user experience, have strong data management practices and better technology than competitors. But even though over half of the FIs have moved their core systems to the cloud, the responses reveal problems implementing, scaling, or managing them. The top barriers to implementing a cloud-based core are competing technical priorities (40%), a lack of technical resources to manage it (37%), a fear of a long implementation (32%), and fraud/ security concerns (29%). FIs continue to face rising interest rates and inflation, and the report also taps into economic drivers such as creating a more profitable and loyal customer base. FIs ranked high priority ambitions for the next year as increasing efficiency (85%) and retaining customers (83%), as well as improving the digital customer experience (85%),
maintaining system stability (83%), and strengthening security/reducing fraud (83%). To meet these goals, many are turning to new technologies to improve internal processes and customer-facing products. While most are in the early stages of adoption, half of the FIs see AI as a top area for investment, closely followed by data analytics (45%) – both of which can offer powerful real-time fraud detection, virtual assistants, security, and investment management. When it comes to their existing tech, upgrading open banking (81%) and payment gateways (81%) are high or very high priorities. These focus areas will help them tackle ongoing challenges by becoming more customer-driven and tapping into additional revenue. Fred Fuller, Global Head of Banking at Endava, commented: “FIs have come a long way in embracing the fact that modern banking and a cloud-based core go hand-in-hand. Banks also recognise that migrating a legacy monolithic core to the cloud is not modernisation. They need to leverage modern digital technology to truly modernise the core to create a flexible and dynamic infrastructure that can quickly respond to customer and market demands. Although FIs think their technology is stronger than their competitors, the reality is that new features and functionality are usually built on old systems, which massively limits their scope for innovation. “Working with technology partners who can implement and manage a new core will help them embrace customercentric banking. This means being able to quickly roll out new products and services, as well as streamlining and securing their internal processes – all of which will help them hold onto market share.” To learn more about how retail banks are navigating new technology and evolving customer expectations, and how you can too, read the full report here.
APRIL 2024
CXO INSIGHT ME
7
NEWS
FORTINET INTRODUCES EXPANSIVE UPGRADES TO ITS REAL-TIME NETWORK SECURITY OPERATING SYSTEM
F
ortinet announced the latest version of its FortiOS operating system and other major enhancements to the company’s cybersecurity platform, the Fortinet Security Fabric. Ken Xie, Founder, Chairman of the Board, and Chief Executive Officer at Fortinet said, “We founded Fortinet on the principle of fortifying our customers’ networks by converging networking into secure networking. To achieve this, we’ve spent the past two decades focused on organically developing our solutions around one operating system and investing in FortiASIC, our specialised compute processors. Today, FortiOS is the world’s most powerful, real-time network security operating system capable of simplifying management across content, applications, users, devices, data, and locations, and our proprietary FortiASICs deliver unprecedented performance, lower costs, and reduced energy consumption. Our dedication to over 20 years of organic innovation uniquely enables 30+ networking and security functions to work together, and we take great pride in enhancing the operating system that has already set the industry standard with the release of FortiOS 7.6.” FortiOS 7.6 empowers customers to better mitigate risk, reduce complexity, and realise a superior user experience across their entire network with new features spanning the following areas: • Hundreds of enhancements in FortiOS 7.6 deliver improvements across the Fortinet Security Fabric in areas such as Secure SD-WAN, secure access service edge (SASE), zero-trust network access (ZTNA), automation, provisioning, remote browser isolation, and digital experience monitoring (DEM), among other areas, all with flexible consumption (SaaS or PaaS) options. • GenAI for threat analysis and product deployment: Building on existing Generative AI (GenAI) capabilities for accelerated threat investigation and remediation, FortiOS 7.6 integrates 8
CXO INSIGHT ME
APRIL 2024
FortiAI (formerly Fortinet Advisor) natively within Fortinet’s central data lake, FortiAnalyzer, and its unified management console, FortiManager. These integrations improve threat analysis and response and streamline network and security operations, respectively. Expanding FortiAI across the Fortinet Security Fabric facilitates faster decision-making, helps detect and remediate incidents quickly, and ensures organisations can easily adopt the technologies they require. • Comprehensive data protection capabilities across the network: Centralised data protection combined with enforcement points across the Fortinet Security Fabric will enable more enterprises to adopt and manage a complete data loss prevention (DLP) strategy. These FortiOS 7.6 enhanced features ensure sensitive information remains secure no matter where it resides within the hybrid network. Additional updates to enhance the Fortinet Security Fabric include: • Endpoint detection and response features added to Fortinet’s unified agent: FortiClient, the Fortinet Security Fabric’s unified agent, will integrate with full endpoint detection and response (EDR) to add ransomware protection, behaviour-based detections, and automated response, as well as deeper visibility, control, and ZTNA remote access capabilities. Fortinet delivers a unified agent that includes VPN, ZTNA, endpoint protection platform (EPP), EDR, DEM, network access control
(NAC), and SASE to reduce agent sprawl and simplify management across complex environments. • More ways to combat the cyber skills shortage: On top of GenAI, FortiAnalyzer now includes options for out-of-the-box SIEM and SOAR services, delivering broader data ingestion and automated playbooks to streamline the adoption and expansion of security operations (SecOps). Ops augmentation is already available with our robust SOC-as-aService offering to assist SecOps, and we have now added a Managed FortiGate Service to support network operations teams. These services reflect Fortinet’s dedication to supporting our partners as they grow their portfolios to reach a broader audience and promote bestpractice deployments everywhere. These services specifically help our partners better overcome the ongoing cyber skills shortage and streamline the digital transformation of their end customers. The Power of One Operating System Fortinet’s dedication to integrating its portfolio across one operating system, coupled with its investments in custom ASICs, has yielded tangible benefits for customers of all sizes across the following areas: • Firewall: FortiOS started as a firewall operating system and excels at that function, delivering orders of magnitude of performance and power efficiency advantages when paired with our internally developed ASICs. With a single OS across all FortiGate models, Fortinet’s custom ASICs accelerate FortiOS functions to support 14 networking and security applications, enabling a hybrid mesh firewall approach to infrastructure security, protecting on-prem, remote, and cloud environments with consistent security policies and management. • Segmentation and ZTNA: For managed devices, ZTNA controls check users connecting to applications and data and segment application access using the same FortiOS application gateway. Lateral movement of cybercriminals and ransomware programmes is further limited by internal segmentation firewalls enabled by the high-throughput, low-
latency data centre firewalls powered by FortiOS. • OT/IoT/Edge Security: Because FortiOS can control and protect wired and wireless networks, this security can also seamlessly extend to the edge, providing consistent protection for IoT devices, OT networks, and other agentless devices. • Unified SASE: Fortinet’s global, scalable network, running FortiOS via worldwide points of presence, protects the hybrid workforce and thin edges. This network is also anchored by the industry-leading SD-WAN capabilities built into FortiOS to improve user experience. • AI-Driven Security Operations: All of these scenarios are then protected by Fortinet’s advanced AI-driven Security Operations, which are enabled by the common ingestion of data, telemetry, and threat information through our single data lake and the uniform application of FortiOS across the Fortinet Security Fabric. The Fortinet Security Fabric Platform Fortinet supports customers with a platform approach to cybersecurity via the Fortinet Security Fabric, which converges networking and security through one operating system (FortiOS), one unified agent (FortiClient), one management console (FortiManager), and one data lake (FortiAnalyzer) to integrate and protect the entire digital attack surface. It’s focused on three major enterprise pillars: secure networking, unified SASE, and AIdriven security operations. The Fortinet Security Fabric is the result of over two decades of relentless focus on the company’s platform vision and organic product development and innovation. It spans more than 50 enterprise-grade products and services, including network firewall, wired and wireless LAN, SD-WAN, SASE, SIEM, and EPP. This extensive integrated product coverage, combined with open APIs and a deep technology alliance partner ecosystem of over 500 third-party vendors, ensures customers can start building a platform based on what they currently have deployed and leverage the Fortinet Security Fabric in the way that drives the most value for their unique needs.
POSITIVE TECHNOLOGIES DETECTS A SERIES OF CYBERATTACKS AGAINST GOVERNMENT ORGANISATIONS IN RUSSIA AND THE CIS Positive Technologies Expert Security Center (PT ESC) discovered a new cybergroup called Lazy Koala. Experts confirm that the criminals use simple but effective attack techniques. Victims of the group include organisations from Russia and six CIS countries, with approximately 867 employee accounts compromised to date. As part of the threat research, PT ESC specialists discovered a series of attacks aimed at organisations in Russia, Belarus, Kazakhstan, Uzbekistan, Kyrgyzstan, Tajikistan, and Armenia. Government and financial organisations, as well as medical and educational institutions, were the main targets. Positive Technologies specialists notified affected organisations that they were compromised. Research shows that the attackers’ main goal was to steal accounts to various services from government organisation employee computers. The next step was likely use this information in further attacks on the internal structures of the organisations. Stolen data can also be sold on the dark web cyber services market. Behind the attacks is a previously unknown group that experts have dubbed Lazy Koala because of its basic techniques and the username. Koala of the person managing the Telegram bots with stolen data. Researchers were unable to establish connections with already known groups using the same techniques. “The calling card of the new group is this: ‘harder doesn’t mean better.’ Lazy Koala doesn’t bother with complex tools, tactics, and techniques, but they still get the job done. Their main weapon is a primitive password stealer malware that we assume is distributed using basic phishing. The scammers convince victims to open an attachment and launch the file in the browser. For each country, the attachment is even in the local language. After establishing itself on the infected device, the malware exfiltrates the stolen data using Telegram, a favorite tool among attackers,” shares Denis Kuvshinov, Head
of Threat Analysis, Positive Technologies Expert Security Center. “We notified the victims and believe that the fate of the stolen data is resale and use in subsequent attacks on the internal structures of organisations.” Phishing remains one of the main ways for attackers to penetrate infrastructure. Users are advised not to open suspicious messages or follow unknown links. Don’t download software from suspicious sites and torrents; instead, use licensed versions from trusted sources. Employees should be kept informed of all the latest phishing techniques and scams. These attacks can be detected using specialised security tools, while attack analysis and prevention should involve cyber incident investigation professionals. MaxPatrol SIEM can detect the key event of data theft with the Credential_Access_to_Passwords_ Storage rule, and the previous stages (phishing and data transfer) using the Run_Masquerading_Executable_File and Suspicious_Connection rules. The PT NAD network traffic behavioural analysis system helps detect calls to the Telegram API using the “tls.server_name == “api.telegram.org”” filter and set convenient notifications about them. If a new host starts accessing the Telegram API, PT NAD will send a notification to the SOC operator. PT Sandbox detects the actions of this APT group using a rule written specifically for them: a behavioural analysis verdict of TrojanPSW.Win32.LazyStealer.n. Similar attacks can also be detected using endpoint protection systems such as MaxPatrol EDR.
APRIL 2024
CXO INSIGHT ME
9
NEWS
NEW RESEARCH BY INFOBIP REVEALS A RAPID ADOPTION IN CONVERSATIONAL CHANNELS IN THE MIDDLE EAST
A
ccording to recent research by Infobip, a cloud communications platform, conversational customer experiences and generative AI have significantly impacted interactions between people and brands in the MENA region. Infobip analysed over 473 billion digital communications interactions in 2023 between businesses and consumers and identified notable trends in business messaging.
As consumers in the MENA region look for deeper engagement with the brands they use, conversational messaging channels have become the focal point of communication growth. In 2023, Infobip observed an increase of 184% in voice and video applications, 146% in mobile app messages, and a 51% increase in the use of WhatsApp YoY in the Middle East region. This paradigm shift underscores the region’s proactive approach to embracing innovative communication technologies, facilitating seamless connectivity and engagement. The research also shows that the telecommunication sector saw the highest growth in the adoption of conversational channels (89%), followed by the media and entertainment sector (53%), and the finance sector (52%).
Ivan Ostojic, Chief Business Officer at Infobip, said: “Our data shows how conversational experiences are rapidly spreading across the Middle East and the world as businesses roll out marketing, sales, and support use cases. Where 2022 revealed a spike in omnichannel adoption when brands recognised the importance of connecting with their customers on their preferred channel, 2023 shows how brands are perfecting the end-to-end customer journey. Customers can now seamlessly progress through a journey within a single conversational thread on a chat app. With the emergence of interactive AI, we expect brands to incorporate a federation of different chatbots and AI algorithms working together to trigger actions at the ideal points during the customer journey. In the next year, we foresee the widespread adoption in customer service, marketing and sale automation, and for operational use cases like scheduling deliveries and managing payments.”
EPICOR SURPASSES $1 BILLION IN ANNUAL RECURRING REVENUE WITH AN EYE TO THE FUTURE OF AI-POWERED ERP Epicor has announced it has surpassed $1 billion in annual recurring revenue (ARR), a milestone that underscores the company’s focus in driving adoption of its subscriptionbased Industry ERP Cloud portfolio built to meet the needs of its customers across the make, move, and sell industries. “This is a very rare achievement – today, only a small number of enterprise software companies have eclipsed $1 billion in ARR,” said Steve Murphy, Epicor CEO. “Our core strategy is to put the customer first in providing industry-focused, subscription-based cloud products that help solve their biggest supply chain and operational challenges. In fact, since 2018, we’ve invested approximately $1 billion in cloud-based innovations to advance our product offerings with the purpose-built, scalable, and secure technologies our customers require.” In its fiscal year 2023, Epicor realised 42 per cent year-over-year growth in software-as-a-service (SaaS)-based 10
CXO INSIGHT ME
APRIL 2024
to expect from Epicor, but to deliver these capabilities on a stable, scalable, secure platform 24×7,” said Rich Murr, Epicor Chief Customer & Information Officer. “We take that obligation very seriously and continue to make significant investments in the talent and technologies that allow us to meet that commitment.”
cloud revenue, with 70 per cent of new customers adopting a subscription-based offering. As Epicor accelerates cloud adoption across its core industry markets, the company’s focus in delivering an exceptional customer experience is also driving deeper engagement and outcomes for organisations worldwide. “When customers move their ERP solution from on-premises to Epicor’s cloud, they’re placing a great deal of trust in us to deliver not only the industry-leading features and functionality they’ve come
A New Expectation: Cognitive ERP With more than 23,000 customers worldwide and two and a half million daily users of the company’s platforms, Epicor is building on its momentum by reimagining how ERP software can and should serve essential industries and their workers through the power of artificial intelligence (AI). “While we’re recognising this $1 billion ARR milestone today, we are firmly focused on the road ahead in continuing to invest and deliver strong value to our customers – and that focus is centred on AI,” said Joe Ayers, Epicor CFO.
Moving Technology Forward Allied Telesis have been serving the needs of our customers and the telecommunications industry since 1987. We guarantee secure, reliable technology from a company you can trust. Our hard-earned reputation for performance and product reliability has remained constant, offering highly respected value to our customers and partners around the world. For more information, please contact one of our Allied Telesis Account Managers today. Tel: +971 4 454 8740
© 2024 Allied Telesis, Inc. All rights reserved.
VIEWPOINT
ACCELERATING PROGRESS DR CLAUDIO ZITO, ASSISTANT PROFESSOR, MATHEMATICAL AND COMPUTER SCIENCES, HERIOT-WATT UNIVERSITY DUBAI, ON HOW AI-POWERED ROBOTICS IS PROPELLING THE MIDDLE EAST INTO THE AGE OF AUTOMATION.
T
he convergence of Artificial Intelligence (AI) and robotics has led to a technological revolution. From healthcare to manufacturing, agriculture to logistics, industries and economies are being redefined with the fusion of innovative technologies. With unprecedented levels of efficiency, productivity, and innovation, we are looking at a future wherein automation has become not just a possibility but a necessity. In this article, Claudio Zito dives deep into the realm of AI and robotics and explores how cutting-edge technologies are reshaping businesses and societies. 12
CXO INSIGHT ME
APRIL 2024
AI and its capabilities Automation, powered by AI and robotics, is changing how we live and work. Advancements in deep learning algorithms are significantly transforming industries. New opportunities are being unlocked daily with simplified business operations and enhanced decision-making. According to a report by Statista, the Industrial Robotics market in the world is projected to grow by 2.83% (2024-2028), resulting in a market volume of US$10.41bn in 2028. The fusion of AI and robotics is augmenting human capabilities, opening new frontiers of possibility, and driving productivity. AI can easily adapt to changing conditions,
make accurate predictions, and analyse data in real-time. AI is everywhere: virtual assistants, chatbots, self-driven cars, and metros. Industries impacted by AI The impact of AI-powered robotics has been profound and spans across industries. In the manufacturing industry, production processes have been revolutionised. This has led to increased output, unparalleled accuracy, and quality control. In the healthcare sector, patient care services are being provided with AI’s help. The AI-powered robots assist medical professionals by speeding up
the diagnosis of diseases. The numbers underscore this surge further. According to a report by ResearchAndMarkets, the Middle East service robotics market is projected to grow from USD 1.59 billion in 2021 to USD 3.58 billion by 2026, at a CAGR of 17.5% during the forecast period. Additionally, UAE’s medical robotics market, growing at a CAGR of 14.2% from 2020 to 2025, is projected to reach $182 million by 2025. As per the PWC report, AI will contribute $182 billion to the UAE’s economy by 2035. In the agricultural sector, AI-powered robotics are transforming agricultural practices. Technological innovations have led to optimised irrigation, maximised yields and better crop health. Adopting meticulous AI-powered agriculture technologies is critical for sustainable agriculture and economic resilience for a region that has battled challenges like water scarcity and food security. The Food and Agriculture Organization of the United Nations (FAO) states that the MENA region is expected to experience a 60% rise in food demand by 2050. This highlights the urgency of adopting innovative solutions to address agricultural challenges. In the transportation sector, AIpowered algorithms have created intelligent traffic management systems that have streamlined traffic congestion and improved resource efficiency. This has also led to the adoption of ecofriendly commuting methods. The UAE’s commitment to smart learning is evident in the education sector through initiatives like the Mohammed Bin Rashid Initiative for Smart Learning and the Mohamed bin Zayed University of Artificial Intelligence establishment. The desire to adapt to new learning systems has increased educational opportunities across the population. Heriot-Watt University Dubai also offers specialised courses in AI to personalise learning experiences and identify learning gaps. To propel advancements in AI and robotics, the campus also uses AI-powered occupancy sensors to optimise energy performance for 98% of the lighting load. In comparison, daylight sensors are employed for 63% of the lighting load to achieve energy efficiency.
AI-Initiatives Dubai Future Foundation’s ‘Dubai 10X’ initiative is just one of the several initiatives currently underway in the Middle East to boost robotics and automation. The idea is to make Dubai a hotbed of technological innovation, including robotics and artificial intelligence. Additionally, researchers at Heriot-Watt University and the University of Edinburgh recently started a Centre for Doctoral Training in Dependable and Deployable Artificial Intelligence for Robotics (CDT-D2AIR) to train new scientists in verification and certification systems for safer and more ethical robotics and AI. Another initiative springing economic growth and increasing productivity is Saudi Arabia’s Vision 2030. With the adoption of advanced technology, the country is gradually becoming a significant player in the robotics market. According to Statista reports, the Industrial Robotics market in Saudi Arabia is projected to grow by 1.56% (2024-2028), resulting in a market volume of US$19710.00k in 2028. Furthermore, the Technology Innovation Institute (TII) is organising an autonomous racing league in Abu Dhabi on April 27th, 2024. This will push the technology for self-driving cars, making smart cities with driverless cars a step closer. Oman’s National Robotics Program aims to boost robotics and automation across various industries. Moreover, Egypt’s Egyptian Knowledge Bank includes a robotics and automation centre to promote research and development in these areas.
Recently, Mercedes-Benz, in partnership with Apptronik, a robotics firm, expressed interest in humanoid robots that can take over physically demanding tasks requiring low skills. With this move, Mercedes aims to deploy a 160-pound bipedal robot named Apollo to inspect and transport parts to workers on the production line. This came shortly after BMW signed a deal to use humanoid robots in its factories. BMW’s robot is similar to Tesla’s Optimus bipedal robot built for general purposes. Overall, there has been significant growth in the service robotics and intralogistics automation markets, driven by increasing demand for automation, cost-effective solutions, and government initiatives to promote advanced technologies. Bracing for challenges This widespread adoption of automation in the Middle East comes with its set of challenges. Automation has raised concerns about job displacement, workforce reskilling and the future of labour. The World Economic Forum warns that over half the global workforce will require reskilling by 2025 to keep pace with the rapidly evolving job market. The proliferation of AI-powered robotics has also raised concerns about AI’s ethical implications, including privacy and security issues. However, with proactive measures and ethical frameworks, these challenges can be effectively addressed, paving the way for the responsible integration of AIpowered robotics into society. Getting future-ready As the Middle East continues to embrace automation, preparing for a future defined by innovation, progress, and prosperity is imperative. We can unlock unprecedented productivity levels only by investing in lifelong learning and skills development and committing to a culture of innovation and development. Collaboration and investment are needed to leverage the power of AI and automation. Only then can we chart a more inclusive, equitable and sustainable future for all and live in a world where humans and machines will collaborate harmoniously to drive progress for future generations.
APRIL 2024
CXO INSIGHT ME
13
INTERVIEW
UNLEASHING THE POTENTIAL OF DATA WE HAD THE OPPORTUNITY TO SPEAK WITH CARLOS SARMIENTO, VICE PRESIDENT OF CUSTOMER SUCCESS FOR EMEA AT CONFLUENT, DISCUSSING HOW THIS LEADING KAFKA PROVIDER IS HELPING COMPANIES IN HARNESSING THE POWER OF DATA.
C
an you explain your role at Confluent? I lead the Customer Success group, primarily focused on providing technical support and ensuring a seamless post-selling experience for our customers. This involves collaborating closely with our professional services team to deliver consulting services to enhance the customer’s product experience. How do you gauge customer satisfaction? There are two main elements. The first is whether they realise the value they were promised when buying the product. For instance, when they say, ‘I’m going to use Confluent to achieve this result’ or ‘to improve this performance,’ if the customer, after deploying this, actually achieves it is one way we are measuring this. The other element will be very much in line with the proper usage of the product. If they have bought the product with some credits, we want those to be used. Therefore, the consumption of the product is very important. Additionally, we have recently introduced something that I know many companies are already doing, which is Net Promoter Score. Can you elaborate on the process of onboarding customers? There are several ways to start with our technology. One way is yes, you can test our product, review it, and subscribe to our contract for the period of time that the customer wants. However, there are other ways that the customer can approach it, such as using the pay-as-you-go model. We call this a $0 commitment, meaning you’ll be paying based on what you are consuming.
14
CXO INSIGHT ME
APRIL 2024
Kafka is a highly technical solution. How do you assist customers during the implementation phase? That is true, and for our customers, there are various aspects to consider. They always have the option to subscribe to our premium support services. By adding this premium support to their subscription, they gain access to a direct support line to assist them with any issues. Additionally, members of my technical team will be available to provide further support as a value-added service. Additionally, they can also receive support from our professional service team. As you mentioned, Kafka is a highly technical solution, and sometimes deploying it without the proper knowledge can lead to mistakes. Who better to assist than those who have worked extensively with it? Therefore, we also offer professional service support, with specific packages designed to ease this journey. How do you help your on-prem customers to migrate to the cloud? The first step would involve identifying whether they prefer to undertake the migration themselves or if they require
assistance. We’ve recently introduced an initiative in collaboration with several partners. These certified partners are dedicated to assisting customers who wish to migrate to the cloud. While from our perspective, the optimal approach involves engaging our certified professionals, but customers can also pursue the migration independently. Why is a cloud-based solution better than self-managed Kafka? If you consider what developers truly desire, it’s to create the right applications. They don’t want to invest time in managing, setting up, and scaling up or down infrastructure; rather, they want to concentrate on their core strengths. Hence, cloud solutions are aiding developers and companies in becoming more efficient during the transition to realtime applications. AWS is one of the hyperscalers you collaborate with, and they offer a Kafka solution. Do you perceive this as a conflict of interest? Many companies have entered into this competition-cooperation relationship; it presents an opportunity for us to offer customers various options. If customers are utilising AWS and seek to leverage Confluent’s advantages, we’re ready to support them in doing so. While there’s an option to go with Amazon’s solution, there are distinct advantages to partnering with a company that has fostered and developed the Kafka community. What are some of the common challenges your customers face? I would say there are two or three primary challenges. Firstly, despite substantial investments in technology over time, a unified data pipeline remains elusive. Secondly, customers are increasingly tasked with accomplishing more with fewer resources. Not only are budgets becoming more restricted, but there’s also less time available for transitioning to production. This necessitates finding solutions like Confluent to expedite the process. Lastly, another challenge we’re encountering is the growing divide between operational and analytical environments. That is why we are bridging them together.
www.cbt.ae
04 210 1900
info@cbt.ae
INTERVIEW
TACKLING EMERGING THREATS IN AN EXCLUSIVE INTERVIEW WITH TOUFIC DERBASS, MANAGING DIRECTOR FOR MIDDLE EAST, TURKEY AND AFRICA AT KASPERSKY, WE DELVE INTO THE EMERGING THREAT VECTORS IN TODAY’S DIGITAL LANDSCAPE AND THE PROFOUND IMPACT OF GENERATIVE AI ON CYBERSECURITY.
W
hat are some of the emerging threat vectors you are observing? One emerging threat vector I’d like to emphasise is the vulnerability posed by interconnected Industrial Control Systems (ICS) computers, prevalent in industrial organisations and critical infrastructure. With the rapid digitisation of the industrial sector, new cyberthreats are arising that demand our attention and proactive measures. This is why Kaspersky is the only cybersecurity company to have it’s own ICS CERT team, dedicated to uncovering vulnerabilities with industrial control systems. We’re also the only cybersecurity company to offer Cyber Immune products based on our Kaspersky operating system, designed for the critical infrastructure sector. Our Kaspersky IoT Infrastructure Security is a range of Cyber Immune gateways for building reliable and functional IoT systems. These gateways play a key role in creating end-to-end services for enterprise digital transformation. What is the impact of GenAI on cybersecurity? The impact of GenAI on cybersecurity is significant, as it is enabling cybercriminals to launch increasingly sophisticated and believable attacks. Our experts found that 21% of phishing emails investigated between October and December 2023 were identified by AI content detectors as being created by non-human entities. This trend
16
CXO INSIGHT ME
APRIL 2024
suggests that criminals are actively leveraging AI technology to enhance the efficacy of their cyberthreats. Additionally, there have been instances reported where criminals have utilised AI-generated videos and voice memos impersonating CEOs to deceive employees into clicking on malicious links or disclosing sensitive information. Such tactics underscore the growing threat posed by the intersection of AI and cybersecurity, highlighting the need for robust defense measures to mitigate these evolving risks. What are your tips for enterprises to mitigate ransomware attacks and protect against adversarial AI? Tips for enterprises to mitigate ransomware attacks and protect against adversarial AI include: • Keep all devices and systems updated to prevent attackers from exploiting vulnerabilities. • Set up offline backups that intruders cannot misuse, and make sure you can access it quickly in an emergency. • Rely on a cybersecurity solution that uses a multi layered security approach that safeguards systems against ransomware at the malware delivery and execution stages. • The Kaspersky Threat Intelligence is also an essential tool to have which can provide in-depth data and real-time insights on the history, motivations and operations of targeted ransomware groups. • Employee education and cybersecurity training is necessary as human error is a common cause
for cybersecurity breach and can serve as an initial point of access for ransomware attacks. Users can also utilise Kaspersky’s free anti ransomware tool and No more Ransom initiative that helps block ransomware and decrypt files. Is Kaspersky leveraging AI/ML within its product portfolio? Yes, Kaspersky has been using AI in its solutions for close to 20 years. Machine Learning and Artificial intelligence help Kaspersky reach extremely low false positive rate when analysing billions of threats yearly. Do you see cybersecurity as a strategic business enabler? Yes, cybersecurity is indeed a strategic business enabler. When organisations prioritise cybersecurity, they are essentially protecting their valuable data, investments, and assets. This proactive approach not only mitigates potential risks but also fosters trust among stakeholders. An IDC study in the META region revealed that 77% of CISOs anticipate an increase of 10% or more in their cybersecurity budgets for 2024, indicating a growing recognition of its importance. Additionally, organisations are investing in employee training to enhance online vigilance. In fact, our demand for security awareness training saw a significant six-fold increase in 2023. These efforts not only fortify defenses against cyber threats but also contribute to the overall resilience and success of the business.
COVER FEATURE
BUILDING STRONGER DEFENCES WHY CLOUD SECURITY IS A SHARED RESPONSIBILITY BETWEEN THE SERVICE PROVIDER AND THE CUSTOMER.
C
loud computing offers many advantages, such as cost reduction and enhanced productivity, yet it also introduces security vulnerabilities. With the global expansion of cloud services, there’s a noticeable shift in security strategies and technologies. Gartner identifies the primary security risks in cloud computing as those inherent to resource sharing and remote data access, as well as third-party risks. Statistics indicate that 80 percent of companies encountered at least one cloud security incident in the past year, 18
CXO INSIGHT ME
APRIL 2024
with 27 percent experiencing a security incident specifically related to public cloud usage. Ezzeldin Hussein, Regional Senior Director, Solutions Engineering, META, SentinelOne, says data breaches are a common risk, where unauthorised access compromises sensitive information stored in the cloud. Misconfigurations in cloud services can lead to exposed data or resources, while insecure APIs may facilitate unauthorised access or data manipulation. DDoS attacks target cloud services to disrupt availability,
while insider threats pose risks from within organisations. Shared technology vulnerabilities can impact multiple cloud tenants, and compliance failures may result in legal and regulatory penalties. There are several security considerations you need to evaluate and understand when working in the cloud, according to Christopher Hills, Chief Security Strategist, BeyondTrust. One of the biggest avenues of attack is identity compromise. This leads to several other areas of risk that involves lateral movement and scanning for more identity and privilege, which then leads down a rabbit hole to a plethora of risks such as code signing certificate theft, server compromise, and data exfiltration. “One of the other major risks, when it comes to cloud, is third-party access and upstream supply chain compromise, which has downstream ramifications for additional compromise. You need to consider how users, whether they be your own end users, administrator, vendors, or third parties, are accessing
Christopher Hills
Ezzeldin Hussein
Frank Kim
your data. We are seeing trends across the cyber landscape where businesses are being compromised not by their own doing but instead by others accessing their resources and data,” he adds.
to rigorous industry standards and regulations. We can think of them as constantly vigilant guards, deploying cutting-edge intrusion detection and threat prevention systems. But remember, the onus of securing data and applications remains with the clients. By choosing a CSP with an impeccable security record and unwavering commitment to compliance; we can gain a powerful ally in the ever-evolving cyber threat landscape.” What responsibilities are typically managed by the cloud service
provider? How does the distribution of responsibilities differ between various cloud service models? This can vary based on the type of service, says Saumitra Das, VP Engineering, TotalCloud at Qualys. For example, when it comes to IaaS, the customer is responsible for the OS, applications, and data, including network configuration, access controls, and encryption of data. And in PaaS, the customer is responsible for applications and data including a few network configurations, access controls and encryption of data. However, for SaaS, the customer is only responsible for data, including access controls and data encryption. Hussein from SentinelOne says cloud service providers bear responsibility for securing the underlying infrastructure, including physical data centers, networks, and virtualisation layers. They manage and maintain the security of the cloud platform, such as server hardware, hypervisors, and storage systems, ensuring they are protected against unauthorised access, malware, and other threats. Additionally, providers offer built-in security features like firewalls, DDoS protection, and intrusion detection systems. They also ensure compliance with industry standards and regulations, regularly updating and patching systems to address vulnerabilities. This naturally raises the question: How can organisations ensure they fulfill their obligations in the shared responsibility model for cloud security?
Cloud security is a shared responsibility. Industry experts stress that while cloud service provides a secure foundation, customers are responsible for securely configuring and managing their cloud environment, including user access, data encryption, and application security. This shared responsibility model ensures that security is addressed comprehensively, with both parties working together to mitigate risks and protect sensitive information. “This model delineates who is responsible for securing what aspects of the cloud infrastructure and operations. CSPs typically manage the security of the cloud, including the physical infrastructure, network, and hardware. In contrast, customers are responsible for security in the cloud, which means they must protect their data, applications, and access controls. Training in understanding and implementing this model is crucial for organisations to safeguard their assets in the cloud effectively,” says Frank Kim, SANS Institute Fellow, and Cloud Security Curriculum Lead. Subhalakshmy Ganapathy, Chief IT Security Evangelist at ManageEngine, adds another perspective: “CSPs are also bastions of compliance, adhering
INDUSTRY EXPERTS STRESS THAT WHILE CLOUD SERVICE PROVIDES A SECURE FOUNDATION, CUSTOMERS ARE RESPONSIBLE FOR SECURELY CONFIGURING AND MANAGING THEIR CLOUD ENVIRONMENT, INCLUDING USER ACCESS, DATA ENCRYPTION, AND APPLICATION SECURITY.
APRIL 2024
CXO INSIGHT ME
19
COVER FEATURE
WHAT THE EXPERTS SAY
Subhalakshmi Ganapathy
Hills from BeyondTrust, says organisations need to ensure they are considering all angles of risks, not just one avenue or vertical. Leveraging strategies like zero trust and zero trust architecture will help reduce risk and bring awareness through continuous monitoring, in the event that a compromise does occur. Ganapathy from ManageEngine recommends fostering a culture of cloud security awareness throughout the organisations and implementing a robust IAM framework that goversn user privilege access. “Cloud security is an ongoing process. Utilise automation tools for security configuration management and vulnerability scanning. Consider implementing Cloud Access Security Brokers (CASBs) to gain deep visibility into cloud usage, enforce data security policies, and prevent unauthorised access. “For a more comprehensive approach, explore Secure Access Service Edge (SASE) solutions that converge networking and security functionalities. These advanced tools can automate security tasks, streamline access control, and provide realtime threat detection across a distributed cloud environment,” she says. Kim from SANS Institute stresses organisations must conduct regular security assessments and audits to identify and remediate vulnerabilities and ensure only authorised personnel have access to cloud resources. It’s almost important to encrypt data, at rest and in transit to protect sensitive information. “Regular training for an informed workforce is vital - on the latest cloud security best practices and potential threats. And lastly, organisations should continuously collaborate with their CSPS, engaging in transparent communication with providers to understand specific security measures and responsibilities,” he concludes. 20
CXO INSIGHT ME
APRIL 2024
AS THE DEMAND FOR INNOVATIVE AI AND ML-BASED PRODUCTS RISES, CLOUD SECURITY SOLUTIONS ARE GAINING PROMINENCE, EFFECTIVELY TACKLING THE CHALLENGES POSED BY DECENTRALISED DATA STORAGE. A RECENT GENETEC SURVEY REVEALED THAT 40% OF END USERS REPORTED THAT OVER 30% OF THEIR PHYSICAL SECURITY SETUPS NOW UTILISE CLOUD OR A BLEND OF CLOUD AND ON-PREMISES SOLUTIONS, REFLECTING THE INCREASING RELIANCE ON CLOUD INFRASTRUCTURE. HYBRID-CLOUD DEPLOYMENTS STAND OUT AS A PIVOTAL STRATEGY, OFFERING ORGANISATIONS UNPARALLELED AGILITY AND FLEXIBILITY TO SWIFTLY IMPLEMENT NEW SYSTEMS AND ADAPT TO EVOLVING SECURITY REQUIREMENTS. BY SEAMLESSLY INTEGRATING ONPREMISES AND CLOUD SOLUTIONS, BUSINESSES CAN OPTIMISE RESOURCE ALLOCATION, OVERCOME BUDGETARY CONSTRAINTS, AND UPHOLD ROBUST SECURITY PROTOCOLS ACROSS THEIR OPERATIONS. Firas Jadalla, Regional Director for the Middle East, Turkey, and Africa (META) at Genetec
ORGANISATIONS HOLD THE OTHER SIDE OF THE BATON. THEY MUST UNDERSTAND THE SCOPE AND EXTENT OF RESPONSIBILITIES THEY SHARE WITH CSPS. IT IS CRUCIAL TO SET UP MULTI-FACTOR AND ROLE-BASED AUTHENTICATION TO PREVENT UNAUTHORISED ACCESS. MONITORING AND TRACKING ANALYTICS OF ACTIVITIES, SUSPICIOUS BEHAVIORS, AND SECURITY GLITCHES OFFERS A BREAKTHROUGH IN PREVENTING ANY KIND OF SYSTEM FAILURE OR ATTACK. AS A CLIENT, YOU MUST AUTHENTICATE IF YOUR CLOUD PROVIDER IS ADHERING TO INDUSTRY STANDARDS AS WELL AS DATA PROTECTION LAWS AND OTHER REGULATORY COMPLIANCES FAILING WHICH COULD HAVE FINANCIAL, LEGAL, OR OTHER LIABILITIES. FINALLY, CLIENTS MUST UPSKILL THEIR EMPLOYEES TO SUPPORT THEIR CLOUD SYSTEM THAT WILL HELP THEM MAKE WELL-INFORMED DECISIONS. Biju Unni, Vice President at Cloud Box Technologies
VIEWPOINT
FIGHTING THE CLASSICS A PRIMER FOR THE UAE FINANCE SECTOR ON COUNTERING FILE-BASED ATTACKS, BY SERTAN SELCUK, VP METAP & CIS, OPSWAT
I
BM Security’s 2023 Cost of a Breach report estimated a joint average for the United Arab Emirates (UAE) and Saudi Arabia of US$7.97 million. As usual, the financial sector was experiencing the most expensive incursions, with an average cost of US$9.41 million. The industry will forever be a victim of its own success and, as such, must work harder than other industries to prevent compromise. In today’s FSI sector, of course, it is not just banks that are at risk. Cybergangs are a threat to the emergent FinTechs that are bringing new value to the sector’s institutions and their customers. And we must also mention the consumer-centric institutions using API-first models to expand their digital footprint and bring delight to customers and longevity to their brand. To compete in a digital economy, banks have made the dreaded trade-off of less security for more agility. The complexity introduced by the cloud can drastically reduce the visibility so sorely needed by the security team. In the confusion, we see a reduction in file-upload security. We may see misconfigurations everywhere. We may see insufficient threat notifications and alerts. But even as infrastructure has morphed and twisted into something unrecognisable, cybercriminals remain loyal to the classics. Even as they evolve their attack methods, they will still exploit vulnerabilities in widely used file formats — the everyday documents, spreadsheets, and emails on which we all rely. File-based attacks remain common and threat actors have honed their talents to the max on hiding malicious code, be it in scripts, macros, or hyperlinks. It only takes a moment of credulity for a user to click the wrong thing and roll out the welcome mat to an adversary. From one compromised device to another, 22
CXO INSIGHT ME
APRIL 2024
the intruder can hop laterally across the network, and if they reach servers or other critical infrastructure, the disaster movie begins. Business operations can be shut down on their whim. Intellectual property, personally identifiable information (PII), and transaction records can be exfiltrated or encrypted or both. Some of the damage reflected in IBM’s figures comes in the shape of a tarnished reputation, which in the financial sector will obviously lead to customer churn. And further damage comes in the form of compliance violations and fines. And yet, those impacts are just the aftermath. Financially motivated hackers could lock down systems, sell stolen data, or extort ransoms for the return of normal operations. So, all because of an errant click on a seemingly innocuous file, the business finds itself in a recovery process that may take years to complete. CISOs and their teams must race to the drawing board to devise ways of preventing these nightmare scenarios. Security postures must become more robust. But saying it out loud is merely the first step on a challenging road. An OPSWAT survey on the State of Web Application Security found that we can expect an acceleration
in the release of security upgrades that is so great that SOCs and IT admin teams will struggle to keep pace. It seems as though the FSI sector is currently in an uphill struggle as it tries to defend itself against the cyberthreat landscape. But strategies do exist. When battling file-related risks, institutions should adopt zero-trust technologies, or look to more stringent policies on allowable file types. To eliminate the dangerous elements within files, a technology known as “content disarm and reconstruction” (CDR), also referred to as “data sanitisation”, has emerged to take on this task. CDR breaks down files, removes exploitable content, and puts them back together without compromising their functionality. Deep CDR scans XML files to identify URLs that direct to known attacker servers and replace them with innocuous text. If a user should momentarily forget their awareness training and click on a file or link, the malware will have nowhere to upload to or download from. Harm will be averted because the infected file has been effectively neutralised. CDR therefore negates the need for every user to be 100% vigilant and never have an off day. On top of CDR, organisations can counter file-borne threats by putting in place zero-trust systems that enforce stricter policies. Multiscanning technology uses many AV engines to enhance detection rates and reduce mean time to remediate (MTTR). Less dwell time is always a good outcome. The FSI industry faces the same evolution of threats and vectors that other sectors do. Fortunately, its organisations have the resources to fight back. They can invest in zero trust and CDR to minimise risk and engender the trust from consumers and businesses, that is critical to the survival of the entire economy.
EXPERT ADVICE
VIEWPOINT
PIONEERING AGILITY SID BHATIA, REGIONAL VP & GENERAL MANAGER FOR MIDDLE EAST, TURKEY & AFRICA, DATAIKU, LISTS THREE AI GOALS THAT DATA-CONSCIOUS UAE BANKS SHOULD PURSUE TO BECOME MORE NIMBLE.
T
he United Arab Emirates (UAE) is home to an almost fully banked population — 99.9% penetration, according to one estimate from Statista Market Insights and the World Bank. And almost 70% of us use online banking, in testament to the digital maturity of the nation’s FSI sector. Banks here have access to oceans of data that are exponentially deepening and widening. The challenge for 2024 is to juggle this position with other balls such as the emergence of new risks and technologies amid continued market volatility. 24
CXO INSIGHT ME
APRIL 2024
Rising to the challenge means finding ways to use data and AI responsibly (within regulatory boundaries) and transparently (to engender trust). There are three broad goals banks must pursue to squeeze optimum returns from their data projects.
1
Reduce risk UAE banks are subject to many regulations designed to protect customer data. From the UAE government’s Personal Data Protection Law (Federal Decree Law No. 45 of 2021) to the Payment Card Industry’s Data Security Standard (PCI DSS), the nation’s financial
institutions must be able to clearly “show their work”. They must be transparent and auditable. And this applies to machine learning models, so banks must understand how responsible AI relates to governance and MLOps. This calls for the right skills and processes to be in place, supported by AI platforms that are strong on governance and MLOps capabilities. As banks’ workforces grow, the complexity of maintaining a mixture of tools will increasingly become a recipe for noncompliance. If the bank uses one tool for data preparation, another for building models, and another for validation and
deployment, project leads will have to spend time integrating data pipelines. Errors will then creep in from all sides, at all stages. This will inevitably lead to risks such as missed deadlines, data losses, and security issues. Put simply, messy-looking tool stacks lead to messy governance and low-quality outputs.
2
Maximise ROI In AI, costs arise in many forms. We have those associated with skills acquisition and retention. We have those associated with implementation. And obviously, there is the cost of tools procurement. But additionally, we must consider any delays in cost savings because of the wrong systems being in place to allow rapid deployment of a solution. Missed savings are, after all, costly. Organisations must review the entire data and analytics stack to ensure it allows for seamless workflows. Data access and preparation should be integrated into downstream systems so technical teams can take over the work of analysts and easily apply machine learning techniques. By taking a cost-centric look at the building blocks of the AI stack, teams can identify opportunities for automation of steps in the lifecycle, leading to greater efficiency and reduced costs. Remember that familiar and comfortable tools may be cash sinkholes. Also at this stage, MLOps teams must think about the cost of model maintenance. It takes commitment to manage model drift and ensure out-of-date artefacts do not become harmful to the business by offering up misleading information based on stale data. Teams must look for ways to be more efficient at maintenance so that costs do not spiral out of control. To be clear, what we are describing here is the bedrock of MLOps. ML projects can be dizzying rides filled with the clamor of many stakeholders. To streamline processes, manual work (and rework) should be automated where possible, to save time and budget and free innovative humans to work on more high-value tasks.
IT IS A LOT OF PRESSURE TO JUGGLE MARKET VOLATILITY, TECHNOLOGY PROCUREMENT, REGULATORY GROWTH, AND THE REST. DATA NESTLES WITHIN UAE BANKS WAITING TO BE USED, BUT MANY INSTITUTIONS HAVE NOT YET MANAGED TO PUT IN PLACE THE GOVERNANCE AND TOOLS NECESSARY TO EMPOWER THEIR EMPLOYEES.
3
Empower people Brands in all industries tell their customers some variant of “we are our people”. In the modern UAE banking industry, relationships with employees are more important than ever. It is critical that institutions retain talent, and one way to do that is to get everyone involved in AI — to build an Everyday AI culture. Given the region’s STEM skills shortages, it is risky and
expensive to go on the hunt for goldengoose data scientists. There is an opportunity to build an AI team from within, from those who already possess the business knowledge, to identify relevant use cases and add value quickly. In 2024, we are likely to see financial businesses try to break free from the region’s talent shortages with a growyour-own approach that concentrates on tooling and employee empowerment. As banks come to incorporate more AIbased techniques and the centralized, governance-oriented platforms that support them, they will need data scientists less and less. Instead, business users such as actuaries and quants will come to the fore. They have a lot to contribute, given their affinity with mathematical techniques, and in turn, AI can greatly augment those roles. It is at this juncture that Everyday AI comes into its own. By looking at the skills you have within the context of the business you run, you begin to see how AI models can supercharge many roles and functions. With the right centralized tools, value is quickly harvested from within rather than waiting for the months it takes to hire a costly new data scientist, who will then take many more months to learn the ins and outs of the business. Training AI teams from within leads to quicker identification of relevant use cases, as well as better models, more accurate results, and more effective insights. Working for you It is a lot of pressure to juggle market volatility, technology procurement, regulatory growth, and the rest. Data nestles within UAE banks waiting to be used, but many institutions have not yet managed to put in place the governance and tools necessary to empower their employees. It takes a bold vision to inspire bold steps and make your data work for you. Everyday AI is just such a vision — one that concentrates on risk reduction, ROI maximisation, and employee empowerment, so that everyone can reap the rewards.
APRIL 2024
CXO INSIGHT ME
25
INTERVIEW
ENSURING SECURITY ALPER MEMIS, CEO OF PICUS SECURITY, DISCUSSES WHY VALIDATING SECURTIY CONTROLS IS ESSENTIAL TO STRENGTHENING CYBER RESILIENCE.
C
an you share some insights into what Picus Security is? Picus is a security validation company. By simulating threats, we empower security teams to consistently test their organisation’s security posture, quantify risk, and take action to prioritise and address exposures. Spending on cybersecurity technologies has been increasing for a long time. But what we see, is that more dollars spent doesn’t always translate into better security. Deploying a new EDR solution, for example, is all well and good, but if security teams don’t have a way to measure its effectiveness and keep it optimised against the latest threats, then its ROI cannot be fully realised. Picus helps organisations answer fundamental questions about their security. We do this by supplying the data needed to understand their readiness to prevent and detect threats, optimise security controls, enhance the visibility of critical assets, and more. Crucially, through automated validation, we enable organisations to validate proactively - which is essential to keep pace with the ever-evolving threat landscape and respond to risks before they cause damage and disruption. The Picus Security Validation Platform is trusted by hundreds of organisations 26
CXO INSIGHT ME
APRIL 2024
globally and comprises five individually licensable products. These include security control validation, which uses breach and attack simulation technology to simulate thousands of real-world threats and measure the effectiveness of an organisation’s defenses. It also includes attack path validation, which identifies the routes attackers could take to critical users and assets, and attack surface validation, which provides broad and up-to-date visibility of internal and external assets. By merging insights across products, Picus provides the context security teams need to manage threat exposure much more effectively across on-premises environments and the cloud. Can you take us through the process of validating security controls? The Picus Platform is powered by attack simulation technology, which enables security teams without offensive security expertise to simulate the latest real-world threats and attack techniques. By running simulations, the platform validates that prevention controls such as firewalls are configured to block threats, such as infiltration of malicious payloads. In addition, by integrating with detection controls, it validates that threat behaviors are being logged and that alerts are generated. Should gaps in threat coverage and visibility be discovered, the Picus platform supplies vendor-specific mitigation recommendations, including signatures and detection rules to address them. These mitigations help security teams optimise defenses and significantly reduce the time and effort required to do so. So organisations keep pace with the latest threats, the platform’s threat library is updated daily. It includes ransomware threats, web application attacks, APTs, and much more.
What sets you apart from the competition? Picus is the pioneer of breach and attack simulation. However, our platform has evolved beyond just BAS to offer customers the most extensive validation solution available today. Whatever an organisation’s validation needs - security control validation, attack path management, pen testing automation, or SOC optimisationPicus provides the outcomes needed. Importantly, we also go beyond merely identifying issues; we actively contribute to solving them. Picus believes that security validation should be quick and easy for every organisation to perform. It’s why the Picus Security Validation Platform is fast to deploy, easy to manage and does not require specialist offensive security expertise to use. We now offer a SaaS offering hosted in Dubai for customers in the Middle East who want to validate their security but have strict data residency requirements. Do you leverage AI and ML? AI has a huge part to play in helping organisations validate their security and manage threat exposure more effectively. As a result, we’re investing heavily in GenAI to help security teams work more effectively and amplify impact. Picus Numi, which operates on a custom-engineered exposure graph, is our AI-powered security analyst that provides users of our platform with easy access to critical information about their security posture. By asking questions, users can instantly review the findings of security validation assessments and get tailored recommendations to prioritise and address exposures. The release of Numi is just the latest example of Picus using GenAI, and we continue to harness its power to advance security outcomes even further for our customers.
Under the High Patronage of His Majesty King Mohammed VI UNDER THE AUTHORITY OF
HOSTED BY
29 - 31 MAY 2024
ORGANISED BY
MARRAKECH
VISIT TH E
TECH & STARTUP SHOW IN AFRICA
Creating A Bold Future For Africa Discover MORE tech solutions
Hear MORE ground-breaking opinions
Meet MORE tech brands
Network with MORE tech professionals
… than anywhere else on the entire African continent ◼ Ai Everything (AI x Cloud x IoT x Data) ◼ Cybersecurity ◼ Consumer Tech
◼ Digital Finance ◼ Telecoms & Connectivity ◼ North Star Africa
◼ Digital Cities ◼ Digital Health
UNLOCK AFRICA’S DIGITAL FUTURE AT GITEX AFRICA MAY 29-31, MARRAKECH, MOROCCO Book to secure your Early Bird Ticket today. Expires 18 April 2024 gitexafrica.com FIND YOUR WORLD
D U B A I
AWARDS
CHAMPIONING LEADERSHIP THE INAUGURAL CXO50 KSA AWARDS AND CONCLAVE HONOURED VISIONARY LEADERS IN SAUDI ARABIA WHO EXHIBITED OUTSTANDING LEADERSHIP, CREATIVITY, AND RESILIENCE BY LEVERAGING DIGITAL TECHNOLOGIES TO REVOLUTIONISE THEIR ORGANISATIONS AND INDUSTRIES.
The event commenced with a keynote address by Ali Abdulla Hassan, Chief Information Officer of the Ministry of Oil and Environment in Bahrain, focusing on ‘navigating digital transformation.’ Following this, Mohammed Khasawneh, Systems Engineer Manager for Giga Projects at Fortinet, delivered a presentation highlighting emerging threats in the digital age and discussing challenges within the cybersecurity domain. The panel discussion, themed ‘Strategies for Thriving in the Era of Digital Disruption,’ featured insights from industry experts such as Eliane Gerges, Regional Director of Dynatrace; Dr. Bandar Naghi, Global VP – GenAI & MENA CTO at Mphasis; Michael Andersen, CEO of EuroTech ME; and Walid Gomaa, CEO of Omnix International. 28
CXO INSIGHT ME
APRIL 2024
The event culminated with an awards ceremony, recognizing pioneers who have transformed their organisations into centers of innovation. These leaders have not only embraced digital transformation but have also championed it, driving change from the top down and inspiring their teams to push the boundaries of possibility.
Waheed Y. Khayyat
Hazem Jarrar
United Cooperative Assurance
King Faisal Foundation
Mohanad Z Alderaan Bank Aljazira
Ahmed Al Meqhem
Eslam Taha
Saudi Standards Metrology & Quality Organization
Riyadh Airports Company
APRIL 2024
CXO INSIGHT ME
29
AWARDS
Lawrence Eta
Mahmoud Farhan
Royal Commission for AlUlla
Arab National Bank
Eng. Khalid AlFaifi Kafalah
30
CXO INSIGHT ME
Bandar Naghi
Amr Bahi
Mphasis
Al Kohli Group
APRIL 2024
Ahmed Taher
Aijaz Regoo
Al Daajan Holding
MIS Forward
Muneer Abdurahman Al Sadhan Group and SPAR KSA
Asim Syed Badhuralam
Samer Marouf
Sanabel Al Salam Food manufacturing company
Rakaa Holding
APRIL 2024
CXO INSIGHT ME
31
AWARDS
Qasim Nadeem
Hilal Uddin
ABANA Enterprises Group
Alodood Contracting Company
Hany Elmaghrabi MyNaghi Group
32
CXO INSIGHT ME
Mirza R Baig
Mubarak Al Shahrani
Finzey Finance Company
King Saud University Medical City
APRIL 2024
Hussein ELHusseini
Hani Saif
Algihaz Holding
Extra
Abdulrahman Bin Saidan Saudi Electricity Company
Ali Abdulla Hassan
Gaurav Kole
Ministry of Oil and Environment
Leylalty Group
APRIL 2024
CXO INSIGHT ME
33
AWARDS
Fares N. Almari
Devender Manral
Zakat, Tax and Customs Authority
Kun Sports (Represented)
Hussein Buhaliqah Gulf International Bank
34
Muhammaed Junaid
Syed Fakruddin Albeez
United Motors Group (Represented)
King Abdulla Economic City (Represented)
CXO INSIGHT ME
APRIL 2024
23-25 APR 2024 DUBAI WORLD TRADE CENTRE
A BOLD NEW FUTURE AI-DRIVEN CYBER RESILIENCE MIDDLE EAST AND AFRICA'S LARGEST CYBERSECURITY EVENT SCAN HERE
G E T I N VO LV E D g i s e c @ d w tc . c o m | Te l : + 9 7 1 4 3 0 8 6 4 6 9
OFFICIAL GOVERNMENT CYBERSECURITY PARTNER
HOSTED BY
#gisecglobal | gisec.ae
OFFICIALLY SUPPORTED BY
ﻣﺠﻠﺲ اﻷﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ CYBER SECURITY COUNCIL
OFFICIAL DISTRIBUTION PARTNER
United Arab Emirates
LEAD STRATEGIC PARTNER
GOLD SPONSOR
DIGITAL TRANSFORMATION PARTNER
STRATEGIC PARTNER
BRONZE SPONSOR
PLATINUM SPONSOR
INTERVIEW
SECURING THE FUTURE GOPAN SIVASANKARAN, GENERAL MANAGER-META AT SECUREWORKS, OFFERS INSIGHTS INTO THE THREAT LANDSCAPE AND STRATEGIES FOR MITIGATING RISKS.
H
ow do you see the threat landscape evolving this year? This year is not significantly different; rather, it’s becoming more mature, with threat actors continually refining their tactics. As defenders, we must enhance our capabilities. Ransomware emerges as the predominant attack vector, with a steady stream of incidents in our region. Currently, SecureWorks is engaged in a record number of incident response engagements locally. Business email compromise remains a significant concern. Gone are the days of hoodieclad perpetrators; instead, we’re dealing with sophisticated professionals. The individuals behind ransomware creation, distribution, and negotiation are distinct, highlighting a highly professional and organised mode of operation. This trend is likely to persist and gain momentum in the future. Can you provide insights into Secureworks’ threat hunting capabilities? Our threat hunts stem from insights gleaned from thousands of customers, experience from over 10,000 incident response and testing engagements, and ongoing threat research from our Secureworks Counter Threat Unit (CTU). Global threat hunts are fed by telemetry from cloud, endpoint, network, identity, OT, email, and business apps. They are conducted continuously with the goal of proactively and iteratively discovering current or historical threats that evaded existing security mechanisms. Threat hunts are complete when findings are codified as countermeasures, integrated into threat graphs used by Taegis and applied to all customers both on a go-forward and
36
CXO INSIGHT ME
APRIL 2024
retroactive basis. A team of 50+ threat hunters use machine learning to analyse more than 75 billion leads per quarter to identify threats across customers. Threat hunts are initiated using these methodologies: • Atomic indicators & behavioral activity • Hypothesis-driven based on threat research • Zero-day exploits and attack vectors researched & identified by CTU • Structured playbook-based hunts on specific threats (ex. Qakbot, Rasberry Robin, Wire Transfer Fraud) • Unstructured hunts looking across customers in aggregate for patterns (ex. Abnormal hostnames) All MDR customers receive a monthly threat hunt tailored to their environment with the option to add-on an additional service for continuous threat hunts
SECUREWORKS UTILISES AI EXTENSIVELY IN TAEGIS. OUR CYBERSECURITY PLATFORM WAS DESIGNED FROM THE GROUND UP TO LEVERAGE AI FOCUSING ON THREAT PREVENTION, DETECTION, AND RESPONSE.
by a designated team they meet with bi-weekly. Findings are captured as an investigation where the customer can review details, mitigation, remediation, and hardening recommendations. Can you explain Secureworks’ approach to incident response? Secureworks has a robust incident response practice that has responded to cybersecurity emergencies since 2007. With a global team of deep subject matter experts, we provide support for cyber incident response to diverse organisations spanning various industries and verticals. Our team not only responds to incidents, but offers programs for pro-active response were we can assess organisation’s overall incident response practice. We also offer various ways to test and exercise an organisations incident response plan to ensure organisation are optimally prepared should an incident occur. Our seasoned Incident Response team has vast experience around executing complex cyber incident response, threat hunting, digital forensic analysis, malware analysis, attack surface reduction, cloud incident response, planning and testing, incident recovery, ransomware negotiation, incident command and postincident lessons learned. IR personnel leverage expertise and backgrounds spanning national, military, organisational Computer Security Incident Response Teams (CSIRTs), law enforcement and intelligence agencies. Within our MDR practice, our security operations center (SOC) has direct access to our incident response team. We want to ensure we surround our customers with the experience they need to recover quickly and mitigate damages. In tandem with our robust in-house capabilities, Secureworks leverages
by over 80%. Furthermore, AI is used by SecOps analysts throughout the platform, providing human-readable information about advanced attacker commands and assisting in the analysis of events and findings. Unique machine learning (ML) detectors include our patent-pending Hands-on-Keyboard detector and our Domain Generation Algorithm detector. We support multiple ways for customers to build their own ML models and alert pipelines, including via SDKs and Jupyter notebooks.
various relationships with cyber insurance firms and legal counsel, forming a holistic approach to Incident Response. This multi-faceted collaboration guarantees a well-rounded response that encompasses technical, financial, legal and communication aspects, ultimately mitigating the impact of cyber incidents. Do you leverage AI and ML in your porfolio? Secureworks utilises AI extensively in Taegis. Our cybersecurity platform was designed from the ground up to leverage AI focusing on threat prevention, detection, and response. We have multiple AI models that have been running in production for several years that leverage our proprietary data set to perform automated threat detections. We run these models in an ensemble fashion to maximise performance. These models are internally developed and
analyse various types of security data, including cloud, endpoint, network, identity, command history, etc., to identify potential threats and malicious activities. Additionally, AI algorithms are used for threat prioritisation, helping us to determine the criticality of detected threats. The platform also employs AI for investigation and response automation, enabling us to automatically draft incident summaries for over 50% of our investigations based on historical data. Recently, Secureworks announced a new AIpowered, patent-pending threat prioritisation and scoring engine in Secureworks Taegis XDR that uses a unique Threat Score to prioritise real threats. Internal testing over the last 12 months showed increasing productivity of our analysts by 100%. This drives efficiency and accuracy, improving our time to notify customers of incidents
Do you customise your solutions to meet the unique needs of your customers? We offer a highly flexible model and solution that can meet the needs of virtually any customer with the Secureworks Taegix XDR platform. A big part of that is being an open platform that integrates seamlessly with existing products, allowing organisations to future-proof their cyber defenses and maximise their technology investments. Out-of-the box we offer hundreds of integrations, and in a unique fashion support multiple EDR agents including our own. This way organisations can have the flexibility to switch out the underlying solution sets without changing the core way they detect, investigate, and respond to threats. Partners and customers can then also leverage our APIs and SDKs to build their own integrations bringing in their own telemetry sets. In addition, automating response actions is critical. While Taegis offers hundreds of pre-built response playbooks, customers can configure their own to better align to their needs. Finally, visibility in understanding how one’s security operation is critical. Leveraging the data inside of Taegis, organisations have configured their own dashboards and reports to best mee their needs. No organisation is the same, so we offer as much out-of-the box capabilities as we can and then ability to tune and configure to those specific use cases leveraging our professional service team or partners.
APRIL 2024
CXO INSIGHT ME
37
VIEWPOINT
UNLOCKING COMPETITIVE EDGE
JESSICA CONSTANTINIDIS, FIELD INNOVATION OFFICER, EMEA AT SERVICENOW, ON FOUR STEPS TO INTEGRATE GENAI INTO LOW-CODE DEVELOPMENT AND SUPERCHARGE COMPETITIVENESS.
G
enerative artificial intelligence (GenAI) has captured hearts and minds to a surprising extent given its relatively recent migration to the public consciousness. In the GCC, the GenAI market is predicted to be worth US$640 million this year but grow at a CAGR of almost 21% to reach US$2 billion by 2030. This is a stark quantification of the technology’s phenomenal charm offensive. Private citizens, technologists, business leaders — it does not matter who you are or what you do. Everyone can see the potential
38
CXO INSIGHT ME
APRIL 2024
in machine intelligence that can have flawless human-like conversations and then create formal documents from scratch. Or poetry. Or music. Imagine the potential in business. Just think of the myriad ways GenAI can augment human agents by not only automating mundane tasks but helping significantly with creative ones. Given software’s ability to process information, if we were able to imbue it with the ability to innovate, we would have a powerful ally indeed. Right now, the Arab Gulf has skills gaps that pervade every STEM discipline. GenAI can plug
these gaps. Most organizations do not have enough skilled coders to execute their digital strategies. GenAI has the potential to transform development when it joins forces with another hot trend (although admittedly, one that makes less headlines): low-code development. From ideation to implementation and beyond to testing and deployment, GenAI could help regional enterprises master the development lifecycle once and for all. Technologists and industry analysts are both predicting that GenAI and low-code will come together to help organizations meet the surging demand for digital
3
experiences. GenAI has all the expertise and all of the ease of use required to empower citizen developers and accelerate times to market. One of lowcode’s greatest strengths is eliminating the translation errors between business stakeholders and requirements analysts. Those with domain knowledge, can forge ahead and add value quickly. And GenAI guides them through best practices and applies governance standards. A functional, secure, compliant application can sometimes be built in a matter of hours by briefing a GenAI-powered virtual assistant using natural language. But powerful as these two technologies are, deployment of GenAI and low code, without due consideration of best practices, would be a mistake. The right steps will lead to the right outcomes. There are four of these steps.
1
The right people Some regional businesses will have an in-house team of developers, and some will not. But the power of low code, especially when supported by GenAI, is that it can benefit both types of organization. Even professional coders can code faster and more accurately with low-code and GenAI. From a strategy perspective, however, companies must take stock of their workforce and think about who might gain most from these technologies and who has the potential to add the most value. Do not overlook non-
GENAI IS A GAMECHANGER. WE KNEW THIS FROM THE VERY MOMENT WE HAD OUR FIRST ENCOUNTERS WITH IT. WHEN EVERY ENTERPRISE CAN BE AN APP FACTORY, COMPETITIVENESS IS RAMPED UP AND ECONOMIC GROWTH FOLLOWS. developer technical staff such as admins and analysts. Design a phased release program that equips each category and trains them appropriately with due regard for their role. Scale, industry, and the size of the existing developer pool are not factors that determine an organization’s ability to adopt low-code development platforms and GenAI. Almost anyone can benefit as long as they are empowered in the right way.
2
The right use cases GenAI fits into the technology mix whether you decide to build an application from scratch or customize an off-theshelf solution. Before integration projects kick off, however, it is advisable to make sure solutions architects have focused appropriately on use cases. They should design the solution around business capabilities and people empowerment. GenAI can help with code generation, flow generation, and recommendations on script versus flow. It is worthwhile starting with these use cases while bearing in mind that more will emerge over time. GenAI will likely be used in the future in more sophisticated use cases, including process generation and process automation design.
The right brief GenAI can do many things, but it cannot read minds. Its results are only as good as its initial instructions. The quality of human input is crucial, so organizations must train users of all stripes to give clear prompts. Be precise in laying out the end goals of the app and the details of how it will be used and what users hope to gain from it. These prompts will be in the form of task requirements, API specifications, and even potential constraints. It is important to get the brief right and to learn from missteps.
4
The right feedback Bedding down a new technology is a trial-and-error process. Stakeholders must design this process to accommodate feedback. Progress measurement and reporting should allow implementation leaders to always see how far they have come and how far they need to go. You should see betterquality code. You should see shorter development cycles. You should see happier developers who are focusing more on innovation than deadlines. If you do not see all these things, then return to the drawing board and make sure GenAI is being applied by the right people to the right use cases and that the right briefs are being issued. Our future, assured GenAI is a gamechanger. We knew this from the very moment we had our first encounters with it. When every enterprise can be an app factory, competitiveness is ramped up and economic growth follows. Customers will, of course, be delighted. And employees will be empowered and inspired to go further and innovate more often. What we are building here is something a lot more special than the extraordinarily powerful technologies of GenAI and low code themselves. We are building an inclusive, democratized development cycle with more efficient, more secure, more exciting outputs. In a digital economy, this is the foundation of sustainable competitiveness.
APRIL 2024
CXO INSIGHT ME
39
VIEWPOINT
SHIFTING PARADIGMS ALEX MCMULLAN, CTO INTERNATIONAL, PURE STORAGE, ON THE EVOLVING ROLE OF TECHNOLOGY INDUSTRY SLAs.
I
t’s hard to deny that today we live in a world of hype and fake news, where misinformation is commonplace, often leading to an erosion of trust in society. This is evident in both our professional and personal lives, and it’s one of the reasons that businesses are making concerted efforts to improve their corporate citizenship and become more transparent. It’s for this reason that we’ve witnessed the rise in popularity of Service Level Agreements (SLAs), guarantees offered up by companies as a way to ‘put their money where their mouth is’ when it comes to promising a good service/ experience. In order to retain the trust of customers, when things do go wrong, SLAs need to deliver. There’s a common perception that SLAs look good on paper, until the day you really need them. In much the same way that you don’t really know how good an insurance policy is until you have to make a claim, and are hit with excesses and other unexpected surprises, SLAs often leave disappointment and dissatisfaction in their wake. The challenge for service providers is to ensure the SLA is reflective of the service and is emphasised, so the customer feels there’s a joint investment with the provider they’re entering into a contract with.
The origin of SLAs in the technology sector The advent of technology sector SLAs can be traced back to the days when mainframes were establishing themselves as corporate computing platforms. At that time, computing availability was the main measure of value and mainframe vendors looked to SLAs as a way to differentiate themselves from competing computing 40
CXO INSIGHT ME
APRIL 2024
systems, with availability as their main focus. Over time, as the technology landscape has changed, SLAs have, in general, become more ubiquitous, with competing service providers aiming to offer the same level of service. However, what we’ve seen in actuality is a dilution of their effectiveness, so much so that many extend just to the basic limit of liability. As an example, it’s common for service providers to offer free months of service as compensation should an SLA not be met. The problem is, this is not what many customers are looking for in a serious SLA — especially in relation to mission critical services. What they are looking for is a genuine investment from the vendor in resolving an issue. Dissatisfaction with SLAs resulting from poor service is a major factor impacting customer retention. Outages can lead
to irreparable financial and reputational damage with customers, so a few free months of service do not likely resolve the issue. Now, the challenge for service providers is to re-establish meaningful SLAs that convey real value to the customer. The changing role of SLAs in technology procurement Until relatively recently, it was difficult for customers to move to a new platform or service. Vendor lock-in was the norm, facilitated by financial considerations such as overhanging balloon payments on contracts and expensive migration costs in the form of professional services for migrations, data egress charges etc. Added to this, vendors typically encourage customers to reinvest every few years in a
SLA has become a differentiating factor and has taken on a more central role in the procurement process. Along with this shift comes a far greater examination of the terms, conditions and proposed remedial action, should an SLA not be met. Customers are now considering the service level that they think will work best for their business but at the same time, they’re examining, in forensic detail, what the vendor will do to actually help in the event of an issue that invokes the SLA. This being the case, it’s the vendors who are demonstrably customer-focused that will successfully turn SLAs into a competitive advantage.
technology cycle in the hope that they’ll lock the customer into what amounts to a steady maintenance and subscription revenue stream for them. The rise of open systems, the internet, containers, the Linux operating system and a range of other technologies has changed the paradigm, lowering the cost of migration across a wide range of technologies — from network to storage and virtualisation. When customers can choose on the basis of something more than just what it would cost them to stop using a particular technology, change becomes more likely. As a result of this, we’re seeing a renewed emphasis on the contractual elements of SLAs. This can be observed across the technology sector but is particularly apparent in relation to subscription services, which are rapidly growing in popularity. SLAs as market differentiators We’re now entering a new phase in technology procurement where SLAs are becoming differentiators and, in many cases, the ultimate decider in purchasing decisions. Traditionally, procurement has been centred on cost, with a checklist as the mechanism for selection. The product or service that came in at the right price, with the most boxes checked, was generally selected. Now, with playing fields being more even in many technology sectors, as similar levels of service or capability are being offered, the
SLAs take an innovative leap forward In the technology sector, the ability to anticipate and react to major market shifts has always been a core tenet of success. Today, some companies are making innovative leaps forward by tying their SLAs directly to customers’ C-level priorities. For example, one of the biggest influencers in technology purchasing decisions is sustainability. Today’s procurement conversations focus on energy consumption and carbon footprint, as well as a sustainable supply chain. SLAs therefore have to
ANOTHER IMPORTANT TREND IS DATA SECURITY, DRIVEN BY THE UNABATED THREAT POSED BY RANSOMWARE AND OTHER FORMS OF CYBER-ATTACK. THIS TREND IS VERY PROMINENT IN THE DATA STORAGE SECTOR, BUT IT APPLIES TO THE ENTIRE TECHNOLOGY INDUSTRY.
relate to sustainability in order to provide meaningful value. Another important trend is data security, driven by the unabated threat posed by ransomware and other forms of cyber-attack. This trend is very prominent in the data storage sector, but it applies to the entire technology industry. Businesses should look for a data storage partner with SLAs on the power, cooling and data centre footprint requirements of its solutions. In addition, there should be transparent measurement of actual Watts per tebibyte (TiB), and consequences if guaranteed Watts/TiB or TiB/Rack is not met. Some storage vendors can help customers achieve up to 85% reduction in energy use and carbon emissions and up to 95% less rack space than competing offerings, and may even have a commitment to pay for their customers’ power and rack space costs. From a data protection perspective, we’re also seeing the emergence of new, SLA-backed data security and resiliency offerings, with the introduction of services that ensure no data migrations are required, while guaranteeing zero data loss in the event of a cyber incident. These services allow customers to mitigate unplanned costs due to data loss incidents, while maintaining day-today business operations amid upgrades. These are the kinds of SLAs making a real difference for businesses today. The future of SLAs There’s a clear societal trend towards less ownership and more subscription services. We see this in our personal lives and in business and it’s giving rise to greater emphasis on SLAs, with the aim of improving these services. Above all, SLAs must stay relevant and be reflective of how the customer uses the technology and what it is they are hoping to achieve with it, rather than just what a vendor is prepared to stand behind. Going forward, SLAs will begin to mean something again, and add real value to a technology market that’s developing at a quicker pace than ever before, with the most competition we’ve ever seen.
APRIL 2024
CXO INSIGHT ME
41
VIEWPOINT
EMBARKING ON FINOPS RAM RAMACHANDRAN, HEAD OF CLOUD ENGINEERING AT KYNDRYL, PROVIDES INSIGHTS INTO CLOUD FINOPS AND ITS SIGNIFICANCE.
T
he cloud offers numerous advantages to businesses; however, cloud expenses are unpredictable and can grow substantially if left unchecked. This is where FinOps comes into the picture. FinOps is a way of maximising business impact by optimising cloud spending. Cloud spend is growing at a tremendous rate. According to Fortune Business Insights, the spending on public cloud services is expected to hit $124 billion by 2025. Also, as per an analysis 42
CXO INSIGHT ME
APRIL 2024
made by the McKinsey & Company firm, the public cloud sector in the Middle East alone could reach $183 billion by 2030. Shift Left, DevOps and other agile practices have improved the overall software development lifecycle over the years. FinOps is a team sport that can offer benefits to an entire organisation. In “FinOps” practice, the decisionmaking responsibility is entrusted with the people doing the job towards the edges of the organisation. The limitless advantages of convenience, cost-effectiveness,
adaptability, speed, agility, and innovation opportunities in the cloud are evident. However, despite the growing adoption of cloud technologies, not all organisations are equally equipped with the experience and expertise to manage the usage and to implement optimised architectures for their solutions. As a result, organisations end up bearing the costs of ill-provisioned and unoptimised resources. A Forrester survey conducted in May 2023 by HashiCorp found that it was easy to see 50% of the resources in the initial stages end up being overprovisioned or underused. The FinOps framework was created to help address these problems. While many areas of cloud efficiency are still evolving, the swift adoption of the practice has led to a rapidly growing community of practitioners, service providers and experts. This community is poised to assist companies and effectively address these issues. As practitioners, we have organically embraced FinOps, drawing insights from our own experiences and applying successfully executed strategies to reduce our cloud expenditure across various domains. Prior to delving into the specifics of the FinOps journey, it is crucial to grasp the fundamental concepts and the phases of FinOps. FinOps is a mindset that synergizes the technology teams with the financial services and business departments to build an iterative process to inform about, optimise and operate on the opportunities to prevent cloud wastage and maximise cloud usage. Based on the FinOps Principals, the framework is key in providing core insights on actionable items to the various personas in the cloud using organisations. There are three phases of FinOps: Inform, Optimise, and Operate. The first step is to analyse the cloud infrastructure, the types of services utilised, and the associated lines of business to gain insights into the expenditure rationale. This phase, which involves presenting information to cloud users, is known as the Inform phase.
In our experience, we formed a FinOps team tasked with getting insight into growing cloud spend. The team worked with product owners, engineering, and finance and used tooling to gather the invoicing information from the various clouds and analyse the data in a single pane of glass. It sounds simple, but it was a challenging task. There were different account owners across the organisation that needed to give our tooling privileges to access their billing data respecting all security and compliance measures. Working with business leaders, analytics, engineers, and finance teams to earn their trust required time and effort but was a firm step in the right direction. The inform phase alone gave enough visibility of costs to enable the team to review the cloud spend and decommission the cloud accounts that were no longer used but contained resources, resulting in additional cloud spend. These accounts had no owner and no explanation of usage. After the inform phase comes optimisation. Based on this framework the Optimise phase focuses on pinpointing the opportunities to enhance cloud productivity. This phase gives the users details about unused or ill provisioned resources and other recommendations, increasing the list of KPI’s on the organisation that can be tracked. Optimisation options may result in competing paths, but the aim is to create a strategy to help organisations use the cloud in an efficient way. Regarding our experiences, we got insights and recommendations that enlightened us to understand the areas of cloud proficiency in our organisation. With the results, we were able to add automation to scale our resources to maximise efficiency, and reconsider models like the Savings Plans, Reserved Instances, and commitment-based discounts. Close collaboration between the personas involved in the process was essential for better optimisation. Cooperation between the teams is a salient point of optimisation.
Paying attention to budget management is another essential area in promoting the optimisation of cloud resource usage in active accounts. Forecasting, show backs, and anomaly detection from the Inform phase should be implemented in the Optimise phase effectively. The last phase of the framework was operate. The concept is that, following the knowledge gained in the two preceding phases, it is now time to establish policies, implement governance, enhance automation, and educate the teams participating in the process. It is also important in this phase to build a culture of ownership and accountability and iterate acting on the opportunities that were found. Based on our experience, by gaining access and insights to rich data through the FinOps process, the internal teams felt empowered to make the correct choices to work together and took ownership to use the cloud resources while optimising the costs. The iterative evolution of finding opportunities to improve upon is organisations like Kyndryl, that embrace FinOps. Depending on how well equipped and involved they are in the Inform, Optimise, and Operate phases, most organisations using FinOps can be categorised in the Crawl, Walk and Run phases mentioned as the FinOps Maturity Model. A few key points to consider when aiming for success in the FinOps journey are that there should be collaboration in the
teams, the business value of the cloud should drive the decisions, and all users should take ownership of their cloud usage. Creating a central team that drives FinOps, provides data in a timely manner and takes advantage of the various cloud models also helps. We will elaborate on the various FinOps Personas and how to go about implementing FinOps in the next following series of this article. There is a cultural shift to use the framework, that requires close collaboration between silos within the organisation, starting small and celebrating small successes, one at a time. It is critical for organisations to optimise cloud usage and minimise wastage, this is why embracing FinOps mindset from the beginning is essential. Fortunately, FinOps has a highly engaged community, with active workgroups and an exceptionally knowledgeable pool of experts spanning various domains. There are numerous internal initiatives on FinOps like FOCUS groups methodologies to standardise the data consumed from the different cloud providers, workgroups dedicated to resolve challenges associated with cloud efficiency and other enhancements. It is evident that FinOps is not a onetime task but rather an iterative process, where organisations naturally enhance their efficiency as they delve deeper into their FinOps journey. As a result, they can better channel their resources towards innovative market-leading solutions. Additionally, machine learning capabilities and advanced analytics adopting Artificial Intelligence are estimated to unveil fresh opportunities for the FinOps in the forthcoming era. As per the newest State of FinOps Survey, 2024, reducing waste of unused resources is indeed the topmost priority these days. If you are considering cloud adoption, we encourage you join the FinOps journey, get introduced to the FinOps Foundation Community and reach out to the experts who are seasoned and certified FinOps Practitioners and FinOps Professionals, FinOps Service Providers and have a Certified FinOps Platform.
APRIL 2024
CXO INSIGHT ME
43
PRODUCTS
CommScope GigaREACH XL solution CommScope has announced its GigaREACH XL solution, the latest innovation in the SYSTIMAX portfolio; reliably doubling the reach of traditional twisted pair Ethernet devices on the enterprise network. The enterprise network has rapidly expanded beyond IT and is now expected to power and connect operational devices such as security cameras, access control panels and wireless access points. Some of these systems are often located away from the telecom room, placing them beyond the 100-meter limit established by commercial building standards such as ANSI/TIA-568 and ISO 11801. CommScope addresses this challenge with its new GigaREACH XL solution. With the GigaREACH XL solution, customers can easily connect and power devices beyond the
44
CXO INSIGHT ME
APRIL 2024
100-meter limit with one cable and with little or no disruption to existing services. It requires no additional telecom rooms, PoE extenders or optical equipment, which translates into fewer points of failure, lower installation costs, and lower greenhouse gas emissions. The GigaREACH XL solution supports 100Mbps Ethernet and 90W PoE up to 200 meters, 1Gbps Ethernet and 90W PoE up to 150 meters (50% longer than Cat 6), and 10Mbps Ethernet and 90W PoE up to 250 meters. Key patented design features from SYSTIMAX Category 6A cabling were incorporated to enable the extended distance capabilities. The GigaREACH XL solution supports all types of PoE applications and utilizes the same installation tools and best practices our certified PartnerPRO community employs. As part of the SYSTIMAX portfolio, the GigaREACH XL solution is also backed by CommScope’s SYSTIMAX Assurance program.
Western Digital NVMe SSD
The new Western Digital PC SN5000S NVMe SSD delivers next generation QLC (quad-level cell) performance to provide PC OEMs with a PCIe Gen4x4 solution that’s ready to take on demanding workloads with ease. According to IDC, QLC NAND is expected to power over 50% of client SSDs by 2026. The need for a robust solution from a premium, trusted brand has become essential, and
QLC NAND is one of the latest technologies to bring higher capacity and affordable SSDs to market. By leveraging Western Digital’s unique vertical integration, the new Western Digital PC SN5000S NVMe SSD challenges what was previously possible. In fact, it raises the bar for QLC technology by delivering high performance and strong endurance and uncompromising reliability. The Western Digital PC SN5000S NVMe SSD is a costeffective, DRAM-less QLC PCIe Gen4 SSD for notebook and desktop systems that offers PC OEMs: • 17% and 16% increase in sequential read and write speeds, respectively. • 15% and 13% improvements on random read and write speeds, respectively, over the previous generation. • Faster I/O speeds and reduced read/write latencies, compared to the previous generation TLC, to enhance the user experience during intensive operations such as loading, copying and booting. • Western Digital’s in-house controller and firmware for a fully optimized solution allowing faster time to market and quality control. • Improved device power efficiency during active usage by up to 20% over the previous generation thanks to enhanced power management for a highly mobile optimized solution. • Dedicated boot partition, with options for TCG OPAL 2.02 and ATA security with RSA-3K and SHA-384 for additional protection.
Synology BeeStation Synology today announced the launch of BeeStation, a new addition to its product line designed to bring personal cloud storage to everyone, particularly those who seek simplicity and ease of use. BeeStation will make backing up, managing, and sharing files adaptable to any lifestyle without subscription fees and with maximum control over your private data. Start your personal cloud straight out-of-the-box with a built-in 4 TB hard drive, ample room for work documents, personal files, photos, and videos. By simply scanning a QR code and connecting the necessary cables, users are minutes away from their personal cloud service.
The accompanying web, desktop and mobile applications offer a seamless experience for managing and accessing files from anywhere, mirroring the convenience of popular cloud services.
APRIL 2024
CXO INSIGHT ME
45
BLOG
RIDING THE WAVE
SUNIL PAUL, MD OF FINESSE, UNRAVELS NVIDIA’S RAPID ASCENT TO PROMINENCE IN THE MIDST OF THE AI BOOM.
A
rtificial intelligence (AI) has been around for decades, but in the past few years, it has transformed every facet of our lives. AI’s pervasive influence reverberates across personal devices, automobiles, art, entertainment, and even battlefields, leaving an indelible mark in every sphere it touches. “Accelerated computing and generative AI have hit the tipping point. Demand is surging worldwide across companies, industries and nations,” said Jensen Huang, founder and CEO of NVIDIA, which has seen its fortunes skyrocket due to the AI revolution. Last month, the American chipmaker surpassed $2 trillion in market capitalisation, a mere nine months after reaching $1 trillion in June 2023. Thus, it joined the august company of Microsoft and Apple. The company started its journey in 1993 with Graphics Processing Units (GPUs) for gaming PCs. Unlike CPUs designed for general-purpose computing, GPUs are good at doing complex graphics, making NVIDIA synonymous with high-performance graphics and super-realistic gaming experience. Cryptocurrency miners harnessed GPUs’ computing power to run complex calculations to create Bitcoins and Ethers. But NVIDIA wasn’t too pleased to be associated with the crypto industry despite being its biggest beneficiary. The rise of Deep Learning, a subset of AI using artificial neural networks, was a gamechanger. With their immense computational needs, deep learning algorithms outpaced traditional CPU capabilities. NVIDIA’s GPUs, tailored for parallel processing, filled this gap seamlessly. However, NVIDIA’s AI prowess is more than just GPU chips—the secret sauce is CUDA (Compute Unified Device Architecture) embedded in its GPU chips. CUDA unlocked the power of GPUs for general-purpose computing while giving
46
CXO INSIGHT ME
APRIL 2024
software developers extremely powerful hardware to play with. This hardware and software integration took the processing capability of GPUs to a new level and opened up new frontiers in scientific computing, simulations, and, most importantly, AI applications. As demand for AI computing power surged, NVIDIA’s GPUs, optimised for deep learning workloads, became the weapon of choice for researchers and developers. From facial recognition to natural language processing to streaming and intelligent cars, NVIDIA’s GPUs became the workhorses powering the next generation of AI applications. However, it was the meteoric rise of Generative AI, propelled by OpenAI’s large language model ChatGPT, which made AI and NVIDIA mainstream topics. OpenAI used NVIDIA’s GPUs to train and deploy ChatGPT, which uses vast troves of preexisting data to create new content ranging from poems to images to music and even computer code with a few prompts. Without serious competition, NVIDIA’s GPUs have become instrumental in training the complex algorithms that drive Generative AI. Artists and designers are leveraging these tools to create stunning visuals, while researchers are exploring applications in drug discovery, material science, and even game development. Generative AI represents a vast new market for NVIDIA, further solidifying its position as a leader in the AI landscape. Interestingly, NVIDIA’s dominance in the gaming industry plays a crucial role in its AI success. The constant push for better graphics processing translates into ever more powerful GPUs. These advancements not only benefit gamers but also directly improve performance in AI applications. This virtuous cycle allows NVIDIA to invest heavily in R&D for both gaming and AI, creating a win-win situation. With the never-ending demand for its super GPUs, NVIDIA is well-positioned to be at the heart of the AI revolution
and reap its benefits. In March 2023, a Tom’s Hardware report, citing research firm TrendForce, said ChatGPT required around 20,000 units to process training data. The firm forecasted the number to potentially increase to over 30,000 units as OpenAI continued to deploy ChatGPT commercially. Those calculations were based on the processing power of NVIDIA’s A100, which costs between $10,000 and $15,000. But that boat has sailed far. The company’s H100 chip, three times faster than the A100 and costs nearly $30,000 to $40,000 a piece, has a waiting period of six months and more. In November 2023, the company announced the H200 as an upgrade from the H100. Waiting in the wings is the GH200, based on a new architecture called Blackwell, which will be launched this year. These new launches promise to maintain the company’s exceptionally high revenue growth in the future. However, NVIDIA’s success with GPUs in the AI market has also attracted established players and new entrants. Chip makers Intel and AMD are vying for market share, while Samsung Electronics is working on a more power-efficient chip, which could set a new standard. Meanwhile, big tech companies such as Amazon, Microsoft, Google, and Meta are aiming to reduce their dependence on NVIDIA by putting their own AI chips on the table. As AI technologies become increasingly integrated into various sectors, from healthcare to finance, the demand for efficient, powerful, and cost-effective AI computing will only grow. While competition is intensifying, NVIDIA can still grow its business even if its market share drops as there are ample opportunities for all players thanks to rapidly expanding demand.
YE A R S
o f
su
cc ess
Harness the boundless potential of your IT infrastructure with our holistic array of solutions. Enterprise Service and Asset Management
Log Analysis and Security
Endpoint Management and Security
Data Visualization & Analytics
IT Infrastructure Monitoring & Management
Hyper Automation Platform
Active Directory Management and Auditing
Optimizing Data Flow
Contact us to learn more.
Low Code Software Development Platform
CONSULTING
SOLUTIONS
MANAGED SERVICES
Leave IT headaches behind, embrace IT brilliance. Contact us to learn more. + 97 1 4 45 42741
re a c h@elitser- me.com
www.elitser-me.co m
4