ISSUE 21 \ JUNE 2020
DIGITAL
LEADERSHIP How Dubai Asset Management is transforming the customer experience with proptech
CROWDSTRIKE SERVICES CYBER FRONT LINES REPORT OBSERVATIONS FROM THE FRONT LINES OF INCIDENT RESPONSE AND PROACTIVE SERVICES IN 2019
CONTENTS
40
12
PRODUCTS
HOW DUBAI ASSET MANAGEMENT IS TRANSFORMING THE CUSTOMER EXPERIENCE WITH PROPTECH
DIGITAL LEADERSHIP
10
34
FOR A 10 PREPARING POST-PANDEMIC WORLD 16 LOOK BEFORE
PRODUCT KNOWLEDGE 30 IS POWER
THE 18 REDEFINING FINANCE FUNCTION
ARE PASSWORDS 31 HERE TO STAY?
GETTING 22 SECURITY RIGHT
LIES 32 WHAT IN THE SHADOWS
24 THE FUTURE OF APPS
HOW TO UNLOCK THE 34 TRUE VALUE OF SECURITY
YOU LEAP
PUBLISHED BY INSIGHT MEDIA & PUBLISHING LLC
6
NEWS
RPA 28 TOGETTING THE NEXT LEVEL
SAUDI FINTECH FIRM LAUNCHES BETA TESTING FOR NEW PAYMENT PROCESSES UAE PASS TO BE THE SOLE DIGITAL IDENTITY TO ACCESS GOVERNMENT SERVICES AWS OUTPOSTS NOW AVAILABLE IN GULF COUNTRIES
JUNE 2020
CXO INSIGHT ME
3
EDITORIAL
STEP UP TO THE PLATE
T
he pandemic has rewritten the rules of business survival in modern times and exposed the so-called digital divide. As a result of the crisis, digital transformation has gained steam in many enterprises, and those companies that have invested in digital technologies stand a good chance to come out stronger when the economy recovers. As I have emphasised in my previous column, business continuity is the name of the game today. For this, companies will have to rethink their technology investments and plan for a much more resilient infrastructure and supply chain communications. Next month, we will celebrate the outstanding achievements of IT leaders who have turned challenges into opportunities during the lockdown by creating an inclusive remote work culture and ensuring business operations continuity. If you are one of those tenacious CIOs, we would like to hear from you and nominate yourself today for our Business Continuity Champions awards.
Besides CIOs, who else in the C-suite should be leading the business continuity efforts? The spotlight is on the CFO as someone who can guide the company through the current crisis. As McKinsey puts it, “strong leadership from the finance organisation is critical to addressing immediate concerns about survival, stabilising the business in the near term, and positioning it for recovery.” In this issue, we have featured an article on how rethinking the finance function is crucial to achieving real competitive advantage and solving critical business challenges. As many CFOs readily admit, the current finance function in many organisations are not equipped to meet tomorrow’s challenges, and bringing technologies such as AI, blockchain, and RPA into the finance department can yield handsome dividends in the long run. Flip the pages to find out how digital technologies are now transforming the CFO’s traditional role, what makes a digital CFO, and why your finance department will be left behind if it doesn’t adapt to new technology to deal with this crunch time.
Published by
Managing Editor Jeevan Thankappan jeevant@insightmediame.com +97156 - 4156425
Sales Director Merle Carrasco merlec@insightmediame.com +97155 - 1181730
Operations Director Rajeesh Nair rajeeshm@insightmediame.com +97155 - 9383094
Publication licensed by Sharjah Media City @Copyright 2020 Insight Media and Publishing
Production Head James Tharian jamest@insightmediame.com +97156 - 4945966
Administration Manager Fahida Afaf Bangod fahidaa@insightmediame.com +97156 - 5741456
Designer Anup Sathyan
While the publisher has made all efforts to ensure the accuracy of information in this magazine, they will not be held responsible for any errors
JUNE 2020
CXO INSIGHT ME
5
NEWS
SAUDI FINTECH FIRM LAUNCHES BETA TESTING FOR NEW PAYMENT PROCESSES
S
audi fintech company Geidea has officially launched its BETA testing for a host of new digital payment processing and store management products. Merchants will be able to co-create product features alongside Geidea based on their needs, give feedback and suggest new innovations. The new digital product range will accommodate every type of SME through every step of the payment process with an all-in-one, affordable and attractive solution. This will not only include card and digital payment processing but also everything from e-commerce such as the website builder, e-invoicing and payment gateway to store and restaurant management software. Merchants will also be able to integrate solutions with their existing software or hardware,
with third party providers like courier services, and food delivery apps. The BETA testing is due to last until August followed by a soft launch in September and a full roll out in October. The testing will ensure existing merchants are completely satisfied with the products before proceeding to the launch stage. At present, Geidea has 70% of the market share in POS terminals that are sold to banks in Saudi Arabia and is number one in the market. In February,
UAE PASS TO BE THE SOLE DIGITAL IDENTITY TO ACCESS GOVERNMENT SERVICES Smart Dubai has shared details on the recent decision issued by the Strategic Affairs Council, part of The Executive Council of Dubai, to mandate UAE PASS as the only digital identity to be used by citizens and residents to access government services in Dubai. Smart Dubai had put in motion an initiative called ‘The Digital Future’, developed as part of its 100-day plan for the ‘Government Development Track’ – one of the six tracks announced by the Dubai Council, which was inaugurated at the beginning of 2020 by His Highness Sheikh Mohammed bin Rashid Al Maktoum, Vice President, Prime Minister and Ruler of Dubai. The initiative expedites the adoption of UAE PASS by citizens and residents, which will pave the way for a digital future across the government and private sectors. The Strategic Affairs Council had adopted the UAE PASS policy in the 6
CXO INSIGHT ME
JUNE 2020
Emirate of Dubai as of 1st May, 2020, as one of the initiatives of the Dubai Council. UAE PASS offers an Dr. Aisha bint Butti bin Bishr, Smart Dubai authorised digital ID through smartphones and includes a digital signature feature allowing users to sign official documents. Users can access more than 5,000 government services by using a single username and password. With this, UAE PASS adds an element of trust to digital government transactions. The service has so far been adopted by 200,000 individuals. Dr. Aisha bint Butti bin Bishr, Director General of Smart Dubai, asserted that the Strategic Affairs Council’s decision to mandate the use of UAE PASS by
Geidea was the first fintech company to obtain a payment licence from the Saudi Arabian Monetary Authority, allowing it to operate in the Saudi banking market as a non-banking actor. Now, the firm plans to utilise its longstanding legacy and its licence to empower merchants to start, grow or manage their businesses anytime and anywhere by providing them with the latest technological payment tools to do so. “We are excited to launch our BETA testing and to co-create innovative product features with our merchants. Through this process, we will be able to gain valuable insight into what our merchants want from their payment process products and to tailor our services to their needs,” said Abdullah Faisal Alothman, Founder and CoChairman of Geidea. “For SMEs, these products will serve as the digital, inexpensive and agile solution to payment acceptance and business management. Our new products are designed for any business, whether they’re on the go, in-store or online.”
all individuals and government entities in Dubai will considerably accelerate its adoption across the entire Dubai community, and promote its use for various transactions in the UAE. “In partnership with the Telecommunications Regulatory Authority and Abu Dhabi Digital Authority, the UAE PASS project was launched in 2018 to support our wise leadership’s vision to build futureready smart cities. It is in line with their plans for digital transformation and supports the Dubai Paperless Strategy,” Dr Aisha added. Smart Dubai will work on a set of tasks, from developing plans to implement the system in the emirate and overseeing their implementation at various government entities, to developing the system in cooperation with relevant authorities and outlining frameworks to operate it. Additionally, Smart Dubai is tasked with authorising system operators in Dubai and overseeing the proper use of the system in accordance with predetermined conditions.
AWS OUTPOSTS NOW AVAILABLE IN GULF COUNTRIES
A
mazon Web Services (AWS) has announced the general availability of AWS Outposts in the United Arab Emirates (UAE) and the Kingdom of Saudi Arabia (KSA). It delivers fully managed and configurable compute and storage racks built with
MOHAP LAUNCHES VIRTUAL CLINICS The virtual clinics of the Ministry of Health and Prevention (MoHAP) have attracted more than 15,000 patients since their launch in response to the precautionary and preventive measures taken to limit the spread of the coronavirus, according to a WAM report. As part of the efforts made to enhance its telemedicine system, the Ministry recently reinforced its e-services by upgrading the services provided by outpatients clinics of the ministryrun hospitals to become virtual ones, using smart technology and digital communication systems. The service includes medical, nursing, and pharmacy services, as well as supporting medical specialties, such as nutrition and physiotherapy. The clinics will also provide remote curative and consultative services to simulate the pattern of traditional medical services without the need to visit hospitals. The virtual clinics deliver most of the vital medical specialties, such
AWS-designed hardware that allow customers to run compute and storage on-premises, while seamlessly connecting to AWS’s broad array of services in the cloud. AWS Outposts brings native AWS services, infrastructure, and operating models to virtually any data centre, colocation space, or on-premises facility. With AWS Outposts, customers can use the same AWS APIs, control plane, tools, and hardware on-premises as in the AWS cloud to deliver a truly consistent hybrid experience. Customers in the UAE and KSA who have workloads that require low latency access to on-premises systems, local data processing, or local data storage can benefit from AWS Outposts. These include applications that may need to generate near real-time responses, need to communicate with other on-premises systems, or control on-site equipment (e.g. factory floor equipment, health
management systems, and retail point of sale systems). Customers can also use AWS Outposts to securely store and process customer data in countries where there is no AWS Region. This is important for organizations in highly regulated industries and countries with data sovereignty requirements. Andy Isherwood, MD, AWS EMEA, said, “We are pleased to bring AWS Outposts to the UAE and KSA. Following the launch of the Middle East Region in Bahrain last year, customers have been continually expanding their use of AWS and have asked us to help them with moving their most sensitive workloads to the cloud. AWS Outposts helps them to achieve this. It is also particularly beneficial for customers in UAE and KSA with low latency and local data processing requirements as AWS Outposts seamlessly and securely integrates with AWS Regions.”
as cardiology, pediatrics, internal medicine, gynecology, nutrition, physiotherapy, remote mental health services, such as drug rehabilitation programmes, psychosocial consultation, other psychiatric departments, and community psychiatry of different ages, including adults, the elderly, children, and adolescents. The clinics will also provide medicine home delivery service nationwide to ensure the continuation of the curative services amid the current circumstances. Dr. Youssif Al Serkal, Assistant UnderSecretary for the Ministry’s Hospitals Sector, said, “The move falls in line with the government directives in terms of utilising smart solutions in the preventive
and therapeutic services to fight COVID-19. At MoHAP, we always seek to develop innovative tools and smart services to suit all the circumstances to provide our patients with top-notch health and curative consultative services.” Al Serkal pointed to the ministry’s keenness to ensure the continuation of the health services to maintain people’s health and safety and to continue to rely on communication technology remotely, as well as to make the best use of its advanced IT infrastructure that has been developed according to performance programs and indicators. Dr. Kalthoum Al Baloushi, Director of MoHAP’s Hospitals Administration, said, “At a time when health facilities worldwide are facing major health challenges, most importantly the prevention of COVID-19 infection or any other contagious diseases, our hospitals are well-qualified and equipped to carry out the telemedicine service which is the optimal solution to curb diseases amid COVID-19, thanks to the availability of a sophisticated IT infrastructure and a highly-skilled medical and technical staff.”
JUNE 2020
CXO INSIGHT ME
7
NEWS
ADNOC’S PANORAMA DIGITAL COMMAND CENTER GENERATES OVER $1 BILLION
T
he Abu Dhabi National Oil Company (ADNOC) has announced that its Panorama Digital Command Center (Panorama) has generated over $1 billion (AED 3.67 billion) in business value since its inception three years ago. Panorama is a key part of ADNOC’s ongoing strategic investments in digitisation and artificial intelligence (AI) to enable the company to drive greater efficiencies, optimise performance, and respond to complex market dynamics with agility and speed, as it continues to deliver on its 2030 smart growth strategy. Panorama aggregates real-time information across ADNOC’s 14 specialist subsidiary and joint venture companies and uses smart analytical models, AI, and big data to generate operational insights and recommendations. In addition to the business value Panorama has enabled, it has also proven to be a valuable asset in navigating the current COVID-19 situation. The access to real-time data
and analysis provided by ADNOC Classification: Public Panorama enables simulations and scenario planning, and plays an important role in ADNOC’s business continuity. Abdul Nasser Al Mughairbi, Senior Vice President, Digital at ADNOC, said, “The importance of embedding digital technology in businesses has never been greater and ADNOC’s continuous investment in digital transformation over the last three years allows us to be more resilient, agile and responsive in navigating today’s market landscape. Our Panorama Digital Command Center acts as our ‘eyes on the ground’ and enables speed, accessibility, and
DELL TECHNOLOGIES DELIVERS THE POWER OF OPEN SOURCE NETWORKING Dell Technologies has announced Enterprise SONiC Distribution by Dell Technologies, a new set of fully supported open source networking solutions that help enterprises modernise and simplify the operations and management of their data centres.
8
CXO INSIGHT ME
JUNE 2020
Dell Technologies is building off the work Microsoft spearheaded as part of the Software for Open Networking in the Cloud (SONiC) open source project. By integrating SONiC into the DNA of Dell EMC PowerSwitch Open Networking hardware, Enterprise SONiC creates an agile and flexible network, built on open standards, to support any size workload Tom Burns, Senior Vice President and General Manager, Dell Technologies Integrated Products & Solutions, said “By breaking switch software into multiple, containerised components, we are providing enterprises the means to drastically simplify the management of massive and complex networks and
integration across our operations – key attributes that are required to make smart business decisions.” “We continue to responsibly advance projects for the next phase of our digital journey, including expanding our AI solutions, rolling out new blockchain applications, and enhancing our digital modeling capabilities.” Managed by the ADNOC Group Digital team, Panorama is currently being accessed through secure remote work settings. In addition to its digital transformation journey, ADNOC is also leveraging technology to strengthen its health, safety, and environmental (HSE) performance. An HSE information system is currently being built into Panorama, enabling real-time readings across multiple environmental key performance indicators. Panorama is just one of many digital transformation initiatives by ADNOC. Other digital initiatives include its smart data analytics Thamama Subsurface Collaboration Center; its use of AI-assisted value chain modeling, rock image pattern recognition, and predictive maintenance technologies; and blockchain-based hydrocarbon accounting, to name a few.
offer reliable networking performance in a cloud model.” With commercial-grade support for SONiC, cloud providers and large enterprises have a new level of production-tested tools, services and support that previously required significant internal investment technology support teams. It gives customers support for full-stack solutions with enterprise capabilities and advanced functionality beyond the base SONiC distribution. Dell offers a broad selection of open network operating systems. Customers can choose the hardware and software platform that best matches their priorities and take advantage of the benefits of open source innovation without sacrificing support, security or ease of integration into their own IT environments.
MORO HUB INTRODUCES UC CLOUD SERVICE SOLUTIONS
M
oro Hub, (Data Hub Integrated Solutions owned by DEWA), has launched Moro Connect, a disruptive offering that provides Unified Communications-as-a-Service (UCaaS) and Contact Center-as-a-Service (CCaaS) for businesses across the UAE. Moro Connect is built on technology powered by Avaya, a business communications software, systems and services provider. The collaboration between Avaya and Moro Hub will enable businesses in the UAE to deliver services to their customers faster at significantly reduced total cost of ownership (TCO), with better return on investments (ROI). Mohammed Bin Sulaiman, Moro Hub’s CEO said, “Businesses in the UAE are increasingly adopting ICT in their daily operations to boost their productivity, growth and to accelerate digital transformation. At Moro Hub, we recognise the importance of embracing
MICROSOFT UNVEILS NEW SUPERCOMPUTER AT BUILD CONFERENCE
Microsoft has announced a powerful set of new tools at ‘Build’, the company’s ultimate developers conference. The twoday virtual event aims to provide the developer community with unique opportunities to come together for a truly global experience. “This week, we celebrate the critical role of developers and their tireless
technology to power innovation to devise new products, services and processes.” He added that through the firm’s partnership with Avaya, Moro Hub will be introducing groundbreaking unified communication solutions in the UAE. “These solutions will allow our customers to experience improved and
streamlined access to their data through a consolidated process of IT systems, making it effortless to achieve their business outcomes through high levels of services delivery,” he said. Moro Hub will host Avaya’s Unified Communications and Contact Center solutions and make them available to enterprises in a cloud based subscription model, enabling organisations to purchase the capacity and services they require, as and when needed, without large upfront costs. Through “Moro Connect” offerings, businesses in the UAE will benefit from greater flexibility, enabling them to respond quickly to changing business demands, improve customer experience, and manage costs more effectively. This allows organisations the agility to scale their unified communication services deployments as per their requirements, add new features and functionality and benefit from efficient customer service experience.
efforts to rally during this time of crisis,” said Frank X. Shaw, Corporate Vice President, Communications, Microsoft. “We’ve unveiled a range of new tools and services to meet their needs to provide immediate impact and value, empowering innovations that help organisations and individuals achieve more.” “As work environments evolve, you’ll see how we’re creating solutions to help companies build, rebuild and thrive, including new tools that enable developers to design and deliver artificial intelligence (AI) applications in an ethical and responsible way, as well as help them build connected productivity experiences,” he added. During the conference, Microsoft announced a range of new solutions and upgrades to empower developers tackle some of the biggest problems today and tomorrow. Some of the key announcements include the launch of one of the world’s most powerful AI supercomputers built in Azure. Developed in collaboration
with and exclusively for OpenAI, this supercomputer is purpose-built to train massive distributed AI models, giving it all the benefits of a dedicated appliance paired with the benefits of Azure’s robust modern cloud infrastructure. The company also unveiled Azure Synapse Link, which brings operational database services and analytics together in real-time with a single click; New enhancements to Microsoft Teams for developers to build and publish Teams apps from Visual Studio and Visual Studio Code; as well as updates to the Fluid Framework, including making it open source to developers, and introducing the first way for end users to experience. At Build, Microsoft also introduced Microsoft Cloud for Healthcare, the company’s first industryspecific cloud offering, which brings together capabilities for customers and partners to enrich patient engagement, connect caregiving teams, and improve collaboration, decision-making and operational efficiencies.
L-R: Nidal Abou Ltaif, Avaya and Mohammed Bin Sulaiman, Moro Hub
JUNE 2020
CXO INSIGHT ME
9
VIEWPOINT
PREPARING FOR A POST-PANDEMIC WORLD AHMED AUDA, MANAGING DIRECTOR, METNA, VMWARE ON HOW TO PLAN FOR RE-ENTRY INTO A CHANGED WORLD
T
hroughout history, great disruption has accelerated change. Look at what the pandemic has done for those of us fortunate to be able to work remotely – we have been able to carry on. What has changed is that those businesses that were once nervous about enabling remote workforces have been forced to shift the majority of their employees to a completely decentralised way of working. It’s been a dramatic change – in 2018, EU data showed that 15% of employees worked from home – either regularly or on the odd occasion. Now, those numbers have turned on its head. It’s been one of the most rapid changes to working practices in history. But as
10
CXO INSIGHT ME
JUNE 2020
businesses start to look further ahead, they will be faced with a new horizon. Firstly, whatever happens after lockdowns are lifted, the switch back to ‘normal’ will not be a complete reset; and secondly, whether they want to stay fully remote, move as many people back to the office as possible, or have some sort of hybrid, they’re going to have to formalise the changes they’ve made to facilitate their re-entry into a permanently changed world. What’s certain is that the new equilibrium will not be in the same place as it was before – while employees may have found new benefits of remote working, there will be those still longing for the office. With this in mind, what are the big-ticket items to enable this strategic change to happen successfully?
A shift in culture In many ways, COVID-19 has forced the business case for digital transformation decisions that many organisations have been tentatively edging towards. From contactless and mobile payments, to the aforementioned remote working, the rapid development of sector-specific apps to the uptake in collaboration tools, the pandemic has mandated that businesses of all sizes are reliant on digital in today’s world – and possibly exposed or been a forcing function for those who have been late to adopt. This is one of the primary reasons why there will be a new ‘normal’ after coronavirus. In a staged climb down of restrictions, why would consumers rush to go back to paying with cash? Why would workers readily accept the previous restrictions on home working? Not all industries are the same or have the luxury of working from home, but for those that can, the fact that a significant proportion of businesses have continued to operate successfully with remote workforces means that the old reasons and excuses for not permitting out of office working are going to have much less credence than before. Of course, even though many have continued operating, that doesn’t mean they’ve had the chance to prepare, plan and execute cleanly. Indeed, in the early weeks, the mantra was: it doesn’t have to be perfect, it just needs to work. Now, as we enter a period where lockdowns look likely to be lifted on a staggered basis, those businesses have the opportunity to think more strategically about their transition to a post lockdown world, and beyond. This is an opportunity to recalibrate how organisations work: for example, the speed of decision making. Decisions that would have taken months, even years of debate before, have been made and executed on in days and weeks. This is not to suggest that
vital, strategic roadmaps should be set aside for ‘shoot from the hip’ decision making, but it does shine a light on some of the more timid approaches to new technologies and cultural change that might have hindered progress in the past. Double down on digital transformation In a sense, the response to the crisis has resulted in one of the largest mass proof of concept exercises for digital transformation ever undertaken. Different tools, applications, technologies and modes of working have been deployed at breath-taking speed to facilitate the decentralisation of businesses. However, post-lockdown life requires a level of mid-term decision making that’s probably been absent during the last couple of months when any DIY approach that has allowed business to continue has been tried. Many of those pragmatic short term actions may well have resulted in good outcomes but they haven’t necessarily created solid foundations for the mid to longer term. This might mean investing in secure communications channels and a quick move away from freemium offerings; or rethinking security strategies to allow for greater confidence in the viability of remote working; it might mean putting in place a more formal strategy to continue the work started with the quick deployment of public clouds for resource agility; and the transition to software-defined networks to improve security and flexibility. Whatever short term decisions have been made in response to the emergency, businesses now need to apply longer term strategic thinking – influenced by the events and insights of the past few weeks – to their clouds, networks, security and digital workspaces, providing the solid digital foundation required to build apps and deliver digital services in what is likely to be a world changed for ever. Many companies that were initially reticent to use public clouds are now engaging with them to unlock rapid scalability and flexibility. Cloud offers organisations a major opportunity – with the rate of adoption accelerating, businesses will find they have a variety of service providers to choose from, all with the scale and in-built security they need. These providers have
also demonstrated how to cope with the surge in demand, serving as a global proof of concept and validation of the approach However, it is vital that organisations implement a proper strategy that takes into account all their requirements, and then deploys secure environments accordingly. That means that while many may have jumped to public cloud, as the dust settles, they may come to realise that it’s not suitable for long term use with some of their applications from a security or cost perspective. This is where hybrid cloud, with its consistent operations and management, ability to move workloads between public, private and on-premises environments, and intrinsic security, would be an ideal solution to consider. In networking, companies that need to rapidly expand their network capacity have turned to software-defined networking , due to its accelerated speed of deployment, built-in automation and security, and frankly, because of the many restrictions and inflexibilities that make physical implementations hard to live with. As they look to the future, continuing that SDN migration is a logical step for companies that want to increase capacity, offer more fluidity to the business in terms of developing apps, using multiple clouds, and getting information into the hands of users, without continuing to investing in dead-end legacy physical networking. From a security perspective, the paradigm shift in how businesses are working has put security front and centre, with an
acknowledgement that breaches continue, and bad actors thrive in times of such uncertainty. Business resiliency has become even more essential than before. Remote workforces, using a vast array of corporate and own devices, are pushing IT to rapidly secure endpoints and applications. They are being asked to build-in security from the ground up, to all elements of the infrastructure, so that everything can remain secure, wherever it is located. Companies need to be implementing measures to continue the move to a more agile, innovative organisation, even if a majority of the workforce move back to working in offices, at least a part-time basis. With the move to digital workspaces, the focus will need to be on consolidating the changes that have already been made, whether that’s ensuring hastily procured collaboration tools are fully secure or constantly reinforcing company culture in virtual settings. It’s an opportunity to continue to create agility that supports productive workers, while ensuring that they feel safe and supported in a chaotic, uncertain time. Getting ready for life after COVID-19 No one can predict what will happen as lockdowns are lifted. While we all hope for a degree of normality, there is every likelihood that further waves of infection will force new lockdowns over the next year or so. That means that organisations need to be building resilience into their operations now, whilst at the same time, continuing to keep an eye on the mid-term so that investments made now still remain valid for whatever may be around the corner. For many organizations, this might even be a great competitive opportunity. Ultimately, we can all only speculate as to what might be ahead and to prepare accordingly. For organisations big and small, commercial or public, that means learning from the actions they took in during the early stages of the pandemic, retaining, formalising and building on those that worked, and failing fast and abandoning those that didn’t. Ultimately, as is always the case, those that can do this successfully will be several steps forward along the path of transformation into a truly digital, agile and flexible organisation.
JUNE 2020
CXO INSIGHT ME
11
COVER STORY
AT THE FOREFRONT OF INNOVATION MOHAMED ROUSHDY, HEAD OF BUSINESS TECHNOLOGY, INFORMATION TECHNOLOGY, DUBAI ASSET MANAGEMENT, TAKES US THROUGH HOW THE COMPANY IMPLEMENTED TRANSFORMATIVE PROPTECH TO EMERGE AS A DIGITAL LEADER IN THE UAE.
12
CXO INSIGHT ME
JUNE 2020
I
magine being able to review apartments for renting or leasing, choosing the one you like, confirming it with an agent, signing the lease or agreement, making the payments – all effortlessly through a mobile app without leaving the comfort of your couch. It may sound futuristic, but today this is now poised to become the new norm. Most property apps allow you to have a virtual image of the apartments, read about the facilities and schedule a viewing. However, Dubai Asset Management (Dubai AM) is the only property development and management company that offers an end-to-end and seamless digital lease contract lifecycle in the UAE. The need to digitally transform is permeating into every facet of life and is becoming intrinsic to everything we do, especially in business. Proptech or property technology is no exception and is witnessing the biggest push for digital transformation innovations. Dubai AM set out to transform the build-to-lease (BTL) real estate sector in the emirate and become a digital leader in this vertical. The company has demonstrated digital leadership in the real estate sector where digital adoption is still at a nascent stage through the deployment of cuttingedge features such as the integration of UAE Pass, the National Digital Identity and Digital Signature. As part of the firm’s overarching digital transformation strategy, Dubai AM initiated measures to enhance the customer experience by revolutionising its leasing, services and marketing functions using the Artificial Intelligence lead scoring algorithm. In 2018, keen to build its own digital asset footprint, the company became an independent entity as part of Dubai Holding Group. This led to the setup of an independent Information Technology department where Mohamed Roushdy joined the company to lead and establish its digital identity in the market.
“We were successfully able to pioneer our digital transformation initiative and enhance the customer experience by many folds. Two years ago, we only had a simple website and a call center. Today, we boast a full-fledged website featuring all our communities and have bidirectional channel with people looking to rent a home in Dubai and an innovative digital experience platform for our tenants ,” says Mohamed Roushdy, Head of Business Technology, Dubai Asset Management. “This was the first time the country was seeing such an innovation in proptech.” Transforming the property market The complete customer journey experience was overhauled through engagement platforms including web portal, native mobile apps, and a Nature Language Understanding
DIGITAL IS THE FUTURE. DUBAI AM’S LEADERSHIP TEAM RECOGNISED THE NEED TO TRANSFORM CUSTOMER EXPERIENCE AND IMPROVE INTERNAL EFFICIENCIES IN THEIR OPERATIONS IN ORDER TO SET THE COMPANY ON A HIGH GROWTH TRAJECTORY.
INDIVIDUAL CUSTOMERS For individual customers, the following digital initiatives enabled the delivery of the desired customer experience: • Simplified customer on boarding using just e-mail and mobile number • Signing a lease contract using digital signature and online payment • Seamless move-in with online document submission and communication of guidelines • Comfortable stay in the community with fully online service request feature, personalized updates and entertainment events • Fully online digital lease renewal with digital signing using UAE PASS and online payment using credit/ debit cards and direct debit. • Hassle free move out process with transparent communication on the progress of deposit refund Additionally, both corporate and individual customers could enquire information, request for any maintenance services, upload images to convey the issues and schedule service appointments simply by logging on to mobile apps created by the firm or through a Chatbot over WhatsApp.
(NLU) Chatbot over WhatsApp. Dubai AM caters to two sets of customers – individuals and corporates who take units in bulk for employee accommodations. Usually the corporates maintain these units’ service requests by themselves through the call centre. To make it easier, Dubai AM was able to create a digital corporate platform with different features depending on the users, which include corporate managers, accommodation managers and occupants, to help them carry out all their activities digitally.
JUNE 2020
CXO INSIGHT ME
13
COVER STORY
Managers have complete visibility of the dashboard from the platform and can view the status of requests at any given point. This way, customers didn’t have to deal with any call queues at the call centre and had full visibility of all their contracts, payments, events, announcements and occupants’ requests. Additionally, both corporate and individual customers could enquire information, request for any maintenance services, upload images to convey the issues and schedule service appointments simply by logging on to mobile apps created by the firm or through a Chatbot over WhatsApp. “We are the only property management company to have done these services over WhatsApp chat, explains Roushdy. “We have incorporated a chatbot with the help of AI, which is entirely automated. The WhatsApp chat can be effortlessly used by tenants as well as non-tenants looking to rent a property in our ten communities.” He adds that tenants could also use the voice note feature of WhatsApp to communicate their issues and service requests. “Through our AI-driven WhatsApp chat or the app, customers could now schedule service technicians for specific timings based on real time technician availability.” The company went about implementing a comprehensive omnichannel experience across both online and offline channels, incorporating the features for customers to begin the journey offline or online and be able to resume it through the mobile app or offline. “For example, now with our omnichannel offering, in the lease renewal process, customers could visit the front office to submit their documents and choose to make an online payment later using the mobile app,” says Roushdy. A true seamless omnichannel platform would have not been possible without digital signatures and payments. 14
CXO INSIGHT ME
JUNE 2020
“We have integrated UAE PASS digital ID and digital signature service provided by Smart Dubai government into our application for our individual customers. If a customer needs to send the contract for signing, he can do so through the app by using the digital signature option. We were the first mover in the market to integrate with this innovation in the UAE as of today.” UAE Pass is the only national digital signature in the country, allowing customers to enroll themselves using Emirates ID and sign contracts digitally. Another key priority for Dubai AM was the Salesforce Transformation with the objective of improving lead conversion across channels such as brokers, online, front-office and backoffice. The company expanded from the existing traditional channels such as call centre, Walk-in and Website to new channels such as social media,
third party real estate aggregators and so on. Brokers and front office were equipped with customer 360 views through the implementation of CRM that improved conversion prospects. Lead scoring was carried out to identify leads with high likelihood of conversion who were assigned a score for prioritising the marketing response. Data from leads originating from various channels was leveraged to build marketing campaigns and target leads effectively with the help of digital platforms – Oracle Data Management Platform (Bluekai) and marketing automation platform (Eloqua). Roushdy adds, “Customer adoption has been great, especially during COVID-19. We witnessed increased adoption for the digital platform from 14% in January to 44% in May, our online lease renewals jumped to 64% in just a few months while WhatsApp
CORPORATE CUSTOMER PORTAL After building a good understanding of the corporate segment, Dubai AM implemented the following features in the corporate customer portal • Multiple user profiles / roles based on tasks executed – corporate manager, accommodation manager, corporate occupant • Dashboard for viewing multi-unit contracts • Managing unit occupancy • Assigning occupants to a unit, transfer occupants across units • Managing service requests for multiple units
WHATSAPP CHATBOT
Chatbot managed 87% of customer inquiries without the need to be transferred to an agent. The entire program was completed in less than 18 months. Spearheading digital innovation According to Roushdy, Dubai AM’s management was keen to create its digital presence in the market, and he was brought in to lead the program, based on his years of experience doing similar initiatives in other sectors. He played a critical role in crafting a digital customer engagement platform under one program. Roushdy and his team began liaising with Smart Dubai and attended several meetings to be a part of its blockchain project as well as of UAE Pass. Roushdy notes that he started the journey with them when the UAE Pass initiative was only a concept. “We were the only property company in the meetings,
whereas, most of the other firms involved were from the finance sector. When they said the innovation was available and ready, we immediately became a part of it. “We were able to gain Smart Dubai’s and Dubai Land Department’s (DLD) trust to be the first property company in the city to integrate digital signature, promote UAE Pass and work with them as a part of its Dubai Now initiative,” he explains. From the very beginning, Roushdy was convinced that this was the right solution to undertake. “I could see that it was the future. You cannot do any real work without having the ability to do digital signing and digital payments,” he says. “This is the best time to be a part of this transformation and I convinced our stakeholders on this way forward.” This wasn’t as difficult as the Dubai AM CEO and top management was
EXISTING CUSTOMERS • Raise and track maintenance requests • Explore my communities / other communities • Offers More Convenient Technician appointment booking for Customers • Major FAQ answered by the BOT POTENTIAL CUSTOMERS • Exploring communities • New channel to promote Dubai AM communities • Leads capture to CRM (Salesforce) • Major FAQ answered by the BOT
very supportive and clear on their objectives of becoming a digital leader. “Digital is the future. Dubai AM’s leadership team recognised the need to transform customer experience and improve internal efficiencies in their operations in order to set the company on a high growth trajectory. It also aspired to contribute to Dubai’s vision of becoming the happiest city on earth through use of smart technologies and processes,” concludes Roushdy.
JUNE 2020
CXO INSIGHT ME
15
INTERVIEW
LOOK BEFORE YOU LEAP PARTRICK GRILLO, SENIOR DIRECTOR, SOLUTIONS MARKETING AT FORTINET, ON SOME OF THE KEY CONSIDERATIONS TO KEEP IN MIND BEFORE CHOOSING AN SD-WAN SOLUTION.
W
hat are the key SD-WAN trends to watch for? The biggest trend must be about the full integration of networking, SD-WAN, with advanced security functionality – NextGeneration Firewall (NGFW). Fortinet is providing a full-featured SD-WAN and NGFW solution powered by the new SOC4 security processor to accelerate and enhance cloud and WAN connectivity. The FortiGate 60F Next-Generation Firewall consolidates SD-WAN, advanced routing, and advanced security capabilities into a single appliance, coupled with zero-touch provisioning that enables network leaders to deploy Secure SD-WAN quickly and easily. This is another major trend, zerotouch provisioning, which significantly simplifies the rollout of the SD-WAN network, especially as most remote sites do not have any technical staff. What should IT executives keep in mind while evaluating SD-WAN solutions? It can be challenging to make an “apples to apples” comparison of different SDWAN solutions. Security capabilities are undoubtedly one key point to look at – is security native to the solution or through a third-party/cloud capability? Look for a solution with multiple security features, including integrated NGFW, an IPSec VPN solution that can span across and between various locations, IPS, web-filtering, and highspeed SSL inspection performance. Another critical consideration is if the SD-WAN solution can provide segmentation at the remote site. In retail, for example, segmentation at the remote site is necessary for PCI-DSS compliance.
16
CXO INSIGHT ME
JUNE 2020
BY MANAGING SD-WAN FROM A SIMPLE USER INTERFACE, SUCH AS A SINGLE PANE OF GLASS MANAGEMENT AND ORCHESTRATION CONSOLE, IT TEAMS CAN DRASTICALLY REDUCE MANAGEMENT COSTS, SIMPLIFY CONFIGURATION, AND ACCELERATE DEPLOYMENT CYCLES.
A third is the level of integration of the SD-WAN solution with the existing security infrastructure. There are some other features to evaluate to ensure your SD-WAN solution provides a balance of quality, security, and value: Provisioning prowess: Ease the burden on time-strapped IT teams with a solution that automates device provisioning. Better yet, look for a centralised controller that can quickly provision branches and scale easily with zero-touch deployment. Deployment made easy: Accelerate deployment with a solution that offers single-pane-of-glass deployment, management, and monitoring for all components of SD-WAN, including networking, traffic management, and
security components and policies. Bandwidth relief: Forget about planning weeks or months in advance to deploy additional multiprotocol label switching (MPLS) bandwidth for a traditional WAN. With the right SD-WAN solution, organisations can quickly take advantage of widely available business broadband offerings to increase available bandwidth and ensure optimal network and application performance. Peak performance: Make businesscritical applications a priority with the help of application steering. The right application-aware SD-WAN solution can support a broad range of applications, thereby improving cloud application performance and enabling branches to directly communicate to the Internet, especially when using latency-sensitive applications such as voice and video. Great reliability: By gathering granular WAN path information, an SD-WAN solution can automatically failover to the best available WAN link. This path awareness intelligence ensures reliable network connectivity for greater business continuity. Comprehensive policy management: An SD-WAN solution with a management console can ensure IT teams manage and maintain universal policies on everything from security to application filtering across thousands of devices and applications, even across multiple locations. Flexible connection options: SD-WAN allows traffic to be routed efficiently over multiple channels, including not only existing MPLS circuits but also the public Internet via LTE and broadband. The result is a more efficient approach to managing WAN connectivity and overhead by leveraging more flexible and often lower-cost broadband options.
services on the cloud, Fortinet’s Secure SD-WAN solutions are the perfect alternative to outdated branch router strategies. They not only enable cloud access for high-performing applications used in branch locations, but they also facilitate video conferencing and unified communications – this is especially critical as businesses look to enhance their teleworker strategies. And security and networking are integrated into a single system, ensuring that security is automatically included in every connectivity decision, no matter how often changes need to be made.
Direct cloud access: Digital innovation is driving more services to the cloud. Unfortunately, conventional network architectures can’t support today’s sophisticated workloads and disruptive applications. The good news: SD-WAN provides direct access to critical cloud applications for users located far from headquarters. Friendly user interface: By managing SDWAN from a simple user interface, such as a single pane of glass management and orchestration console, IT teams can drastically reduce management costs, simplify configuration, and accelerate deployment cycles. Do you expect basic SD-WAN functionalities to be integrated with network security products? The integration of SD-WAN into network security solutions such as a firewall can’t be about “basic” SD-WAN functionalities. It must be full function SD-WAN capabilities as well as nextgeneration firewall functionality. There cannot be any compromise on either side of the equation. Unlike nearly every other SD-WAN solution on the market, the capabilities of Fortinet’s Secure SD-WAN solution combine advanced networking and traffic management with natively
integrated advanced security functionality. Better yet, both of these critical functions—networking and security—can be orchestrated through a single management interface, thereby significantly reducing administrative overhead, while alerting administrators to issues they may not have noticed otherwise. The deep interoperability between security and network functions is the hallmark of the next generation of security known as Security-Driven Networking. By weaving these traditionally separate systems into a single solution, organisations can achieve the visibility and control necessary to truly secure their entire infrastructure. Is your SD-WAN solution optimised for cloud connectivity? In short, yes. Cloud applications can be given priority over other applications such as email and web browsing. Since the Fortinet Secure SD-WAN solution is based on the FortiGate NGFW, it is fully integrated into the Fortinet Security Fabric cybersecurity platform, including dynamic cloud security. This integration support end to end connectivity and visibility. For organisations that need continual access to their business-critical apps and
Are you offering analytics to troubleshoot network performance issues? The Fortinet Secure SD-WAN solution is fully supported by Fortinet’s management and analytics platforms, FortiManager and FortiAnalyzer. Fortinet’s Fabric Management Center combines FortiManager and FortiAnalyzer for effective network operations, making agile network management a reality for Fortinet customers across NGFW, SD-WAN, and IPS, as well as other projects for the organisation. This combined solution enables three key use cases: centralised management, network automation and Security Fabric analytics. How is Fortinet helping to break the barriers between networking and security teams in enterprises? Fortinet has been a leading proponent of the integration of network and security since its inception. FortiOS, the most widely deployed security operating system in the world, has a rich mix of networking and security features and allows the FortiGate NGFW to function as a fully integrated network device. Fortinet’s cybersecurity platform, the Fortinet Security Fabric has security-driven networking as one of its key pillars. The philosophy behind security-driven networking is on both the technologies as well as breaking down the silos between the teams but demonstrating the value of the integration.
JUNE 2020
CXO INSIGHT ME
17
FEATURE
REDEFINING THE FINANCE FUNCTION WHY DIGITAL TRANSFORMATION OF THE FINANCE FUNCTION IS KEY TO DRIVING BUSINESS RESULTS IN TODAY’S UNCERTAIN TIMES.
I
n today’s turbulent business world, there is an increasing pressure on CFOs to contain costs, improve liquidity, and steer business strategy in new directions. The actions and choices of the CFO will have a far-reaching impact on the business recovery efforts as we transition toward the new normal. Finance leaders now have a bigger role to play in shaping the business strategy. One of the ways to steady business operations post-crisis period is to seize this opportunity to transform finance function through digital technologies. In the wake of Covid-19, which presents 18
CXO INSIGHT ME
JUNE 2020
unprecedented challenges, the CFO and the finance team can bring some rigor to the business by embracing digital capabilities and making the finance function more efficient, data-driven and automated. “The digital age and rapidly evolving market conditions present opportunities and threats to many current business models – to survive and thrive, organisations have to be increasingly agile,” says Aarti Mohan, ERPM Strategy Leader – ECEMEA, Oracle. “CFOs in the current times need to build finance and operational resiliency to support their teams and stakeholders efficiently for
driving growth. Companies need to be able to make informed decisions swiftly about how to adapt to rapid changes and swiftly implement new strategies. “ One of the top reasons prompting CFOs to consider digitisation and automation is time and cost, according to Bhaskar Sahay, Associate Partner, Advisory services, KPMG Lower Gulf. “There is constant pressure on the finance function to reduce the time to report, as well as the cost of reporting. Based on our experience, many CFOs in the GCC are striving to achieve a cost reduction by 2025, sometimes as aggressive as 30%-40%.”
DIGITISED FINANCE FUNCTIONS CAN UNLOCK SIGNIFICANT VALUE AND OPPORTUNITIES, WHICH IN RETURN WILL SIGNIFICANTLY BENEFIT BOTH THE CFO AND THE OVERALL ORGANISATION. DIGITALISATION CAN PROVIDE CFOs WITH THE ABILITY TO HAVE REAL-TIME EXPOSURE TO COMPANY PERFORMANCE, ALLOWING MORE EFFECTIVE DECISION MAKING, AGILE PLANNING, AND FORECASTING CAPABILITIES BASED ON ADVANCED ANALYTICS OR ARTIFICIAL INTELLIGENCE.
Aarti Mohan
He adds historically finance functions used to serve as “scorekeepers.” However, they are now becoming an insight engine that needs to provide forward-looking strategic information and conduct more predictive analysis. For example, at present, CFOs are being asked to predict how performance will develop in the next six months in these uncertain times. To be able to provide this forward-looking analysis on a timely basis, it is important that CFOs are equipped with the correct digitised tools.
Manish Ranjan, Program Manager for Software & Cloud at IDC Middle East, Turkey and Africa, says from a finance function point of view, various organisations have started bringing digital finance strategy by increasingly integrating various disparate systems and automating back-office functions by using disruptive technologies such as AI, RPA, blockchain and cloud. With the changing market landscape, the role of CFOs has also evolved over a period of time where they are seen as a key enabler in driving organisation’s digital transformation and modernisation strategies. Technology advancements, including the emergence of AI, RPA, blockchain, and cloud, present CFOs with extensive opportunities to achieve their strategic objectives. “Most of the finance functions are repetitive and processoriented, which can be automated and simplified using these technologies. Automation of finance function will not only save time and costs but will also allow businesses to operate more effectively and empower its employees to be more productive,” he says. Digitised finance functions can unlock significant value and opportunities, which in return will significantly benefit both the CFO and the overall organisation. Digitalisation can provide CFOs with the ability to have real-time exposure to company performance, allowing more effective decision making, agile planning, and forecasting capabilities based on advanced analytics or artificial intelligence. “Digital will trigger a definite shift of the future of finance focus, by enhancing better strategic management decisions such as capital allocation, doubling the capacity for business partnering with better and faster insights through a more effective and efficient business operation,” says Andreas Kyrilis, Managing Director and Partner at Boston Consulting Group. The “new normal” has also brought a new definition for the role of the CFO, which revolves around creating a single version of the “financial truth”. Bashar Kilani, Region Executive, IBM Gulf and Levant, says the “new
Bhaskar Sahay
Andreas Kyrilis
normal” requires CFO to collaborate extensively with their C-Suite peers on strategy execution in such areas as risk management as well as investigating new markets and operational capabilities. The role of the CFO has evolved and their focus needs to shift towards new paradigms that can be summarised in the following points. He adds CFOs have to accelerate progress toward becoming a “Value Integrator” by developing specific finance competencies and tackle their immediate challenges. “For example, with COVID-19, CFOs should implement specific, targeted actions to cut costs. They should also seek organisation-wide innovative solutions, including new business and operating models that have been successfully applied in both public and private sectors, to deliver more with less and provide increased transparency.”
JUNE 2020
CXO INSIGHT ME
19
FEATURE
Bashar Kilani
Partnering for performance Does the CFO have to be a technologist to lead the digital transformation of finance functions? Not necessarily, but finance leaders have to understand the impact technology has on the way they do their jobs. And the CFO-CIO partnership is now more important than ever. Kashif Al Aziz, Industry Leader, Financial Services, SAP EMEA South, says on digital transformation and finance automation, it’s vital for Middle East organisations to have their CFOs and CIOs partner on identifying the business goals, the solutions that best meet these business goals, and how to efficiently achieve these goals. “CFOs are best-equipped to highlight the business objectives of digital transformation, including how changes in departmental and functional work will contribute to or detract from the overall digital transformation strategy.” “The lines are becoming blur between the CFO and CIO today,” says Nasri Nasser Eddine, Regional Sales Director for Software AG in Gulf and Levant.“According to a Forbes Insights Report, 96% of executives consider the CFO-CIO relationship to be a crucial one for the success of any business. It is through this relationship that a company can build a strong financial system in line with its business goals. Neither one can anymore work in silos; digital innovations in the finance function are now made keeping in mind the 20
CXO INSIGHT ME
JUNE 2020
Kashif Al Aziz
functional advancements that the CFO mandates mostly through technological advancements which are led by the CIO. In fact, many of the CFO’s initiatives transform into IT initiatives today. Kilani from IBM says the success of the organisation depends on the effective collaboration and partnership between the C-suite as a team, but the partnership with the CIO or CDO is particularly important as it forms the basis for the digital transformation of the business in general. “The partnership should focus on joint initiatives to evaluate the impact of emerging technologies on every aspect of your enterprise. Assess the potential for providing more individualised digital customer experiences and search for partners who can help the organisation become more innovative by sharing technological expertise. Draw on input from customers and partners, as well as market research and data from the business units, to optimise your planning and boost your bottom line,” he adds. Tips for overcoming obstacles When it comes to finance function transformation, there are some common challenges finance leaders face, starting from defining what the change means for finance and implementation approaches. Sahay from KPMG says it is very important for a CFO to formulate a clear vision and strategy for the finance function, as well as analysing its performance. In our experience,
Nasri Nasser Eddine
transformation projects are likely to be successful when the leadership is committed and closely involved in the process. In KPMG’s CEO Outlook 2019 survey, while 84% of CEOs said they want their employees to feel empowered to innovate without worrying about the possibility of negative consequences, only 56% said their organisation currently has a culture where “fastfailing” innovation is celebrated. “Most common challenge is the mindset change and cultural shift for the employees of the organisation. Once that has been overcome, all other challenges become secondary. It is important for people to understand that digitisation with cloud ERP applications allows growth for the individual and organisation by making them agile, resilient and better prepared for the future,” says Mohan from Oracle. Kilani from IBM urges CFOs to become a big-picture thinkers. “Focus on the strategic implications of industry convergence and digital transformation. Analyse industry trends and changes in the competitive landscape regularly and rigorously; bear in mind that digital invaders can be very hard to detect while they’re small, so CFOs need to scan the entire scene. Look forward – and far afield – for new opportunities to expand. And make sure their organisation’s financial planning is fully aligned with its strategic and operational planning,” he sums up.
VIEWPOINT
GETTING SECURITY RIGHT STEVE RIVERS, TECHNICAL DIRECTOR INTERNATIONAL, THREATQUOTIENT, HOW TO MAKE BETTER SECURITY DECISIONS
O
ver the past twelve months enterprises continue to face further onslaught of security data from disparate systems, platforms and applications concerning the state of the network, potential threats and suspicious behaviour. This continues to challenge every Security Operations Centre (SOC) and Incident Response (IR) team as it looks to address impacts to security operations, vulnerability management and incident response with better and faster decision making. To do this, many organisations are bringing in more data feeds — both threat and vulnerability — and investing in analytic behavioural detection tools. Unfortunately, this is not driving improved decision making. Instead, it is burying staff under data. The end-result is declining decision-making capability due to alert fatigue. To combat this, organisations should
22
CXO INSIGHT ME
JUNE 2020
follow five simple steps to enable better and faster decision making. Step One: Make Prioritisation the First Priority Separating the probable from the possible with context enables analysts to ascertain one high priority alert from another, empowering them to prioritise. Prioritisation is critical and to underscore this point, the National Institute of Standards and Technology (NIST) states in its Computer Security Incident Handling Guide, “prioritising the handling of the incident is perhaps the most critical decision point in the incident handling process.” Prioritisation applies to not just incident response, but all critical alerts. The ability to prioritise gives the analysts the breathing room necessary to focus on what matters, addressing the highest priority alerts first. Step Two : Gain Context Alert triage reduces alert fatigue by
facilitating quick differentiation of one high priority alert from another. The best method to achieve this differentiation is by incorporating contextual information. Having the right context empowers analysts to separate alerts carrying immediate risk from those that carry high risk, but they can address later. One of the best means to gain context is through aggregating and authenticating internal security indicators (indicators of compromise and event data) with external threat intelligence. Unfortunately, most organisations incorporate threat intelligence only after they classify an event as suspect. We see this as a missed opportunity because threat intelligence provides valuable context long before an event is considered suspect. The right context helps the SOC and IR teams separate the possible from the probable. Otherwise, everything is possible making all high priority alerts equal. For example, an anomalous
outbound activity alert from a bank’s development server is possibly malicious, requiring further investigation, regardless if this is a malicious or a benign event. In contrast, integrating threat intelligence that shows the IP addresses are command & control (C&C) sites explicitly targeting financial services organisations indicates this alert is probably a beacon requiring immediate blocking and incident response. Step Three: Focus on Making Better Decisions By reducing noise and providing a means to differentiate one high priority event from another, security analysts can focus without incurring alert fatigue. And, when analysts focus, they make better decisions. This is where team orchestration comes in. Every member of the team must ensure they have the same understanding of the situation, the risks, the impacts and next steps. Team coordination is a top challenge for security and risk managers. To address this, some organisations are instituting playbooks into their SOC and IR activities. These playbooks map out the critical steps to move from detecting a suspicious event to classification, analysis and response. A playbook is a flow model for executing repeatable steps along the path of incident response. These models are extremely helpful for mapping and in some cases automating various stages in the process. However, playbooks are static and limited in their ability to effect team decision making because they lack a key ingredient: real-time, situational intelligence. Step Four: Increase Effectiveness through Situational Intelligence There is a difference between getting everyone on the same page and making sure everyone has the information they need to do their job. For example, a threat analyst will be looking for information about active threats in the wild, known threats to the organisation and all the unique indicators of the potential threat actor, with an emphasis on the reconnaissance, weaponisation, delivery and exploit steps of the Cyber Kill Chain
(CKC). Contrast this with an IR analyst focusing on Indicators of Compromise (IoC) related to exploit, installation, C&C and actions on objectives steps in the CKC. Both team members are working on the same problem, but their intelligence needs are different, yet, related. We call this different, yet, related intelligence, situational intelligence: presenting the right information to the right person at the right time. Situational intelligence derives from bringing together the machine data generated by all the security devices (e.g., SIEM, IDS/IPS, endpoint, HIDS and FW) and integrating it with threat intelligence. The goal is to provide situationally relevant insights to the team member analysing the data. Situational intelligence gives the team member the actionable information they need to work more efficiently and effectively as part of a team effort. When all team members have the right information at the right time, and the team is operating on the same page, we call this universal understanding. Universal understanding is a tipping point in team dynamics, when the team is operating at full effectiveness. Step Five: Collaborate to Make Better Decisions, Faster So far, I have outlined steps on the mechanics of making better decisions. How do organisations make better decisions faster?
This is where a collaborative investigation workspace takes the playbook concept but makes it dynamic to reflect real-time team decision making and puts it into action through automation. The underlying framework and flow are laid out, tracking the actions and interaction of the team in real time. The seamless collaboration workspace enables team members to make better decisions, faster by providing: • A global view — A universal perspective showing all teams and team members involved in the investigation and their activities, across the entire organisation, divided by region or specialty focus • Focused knowledge — Keeping the big picture in mind with consistent, shared global knowledge, while still supporting localised concentration. • Test, then talk capability — Team members can work through their hypotheses in parallel, test their theories, and then report to the broader team. Security teams continue to face significant alert fatigue from a continual barrage of high priority alerts. The expanding threat landscape and the increasingly dynamic nature of IT operations are the primary contributors to this alert escalation. The only way SOC and IR teams have a chance to overcome alert fatigue is to introduce threat intelligence to add context, which facilitates prioritisation and triage. Doing this helps to make better decisions, but the team also needs to be aligned and synchronised. This is challenging for many teams because they are dispersed and specialised. They need a consistent way in which to operate, so everyone is on the same page, while still focusing on their role in the decision-making process. Achieving this requires situational intelligence and working within a seamless collaborative environment. In the end, doing all the above positions teams for universal understanding, which is the basis for making better decisions, faster.
JUNE 2020
CXO INSIGHT ME
23
FEATURE
THE FUTURE OF APPS LOW-CODE DEVELOPMENT PLATFORMS THAT ACCELERATE APPLICATION DEVELOPMENT AND DELIVERY ARE OFFERING IT NIMBLE WAYS TO MOVE THE BUSINESS FORWARD. ARE YOU READY TO JOIN THE NEW REVOLUTION?
L
ow-code development platforms allow enterprises to build mobile and web applications through a graphical user interface and automate most of the manual processes to improve quality and time to deployment. For CIOs struggling with shrinking IT budgets and skills shortage, the low-code platform offers a way to modernise their legacy applications and create responsive solutions that meet business users’ needs. According to Research and Markets, the global market for low-code platforms is expected to reach around $53.07 billion by 2024, driven by factors such as the
24
CXO INSIGHT ME
JUNE 2020
increasing demand for customisation, scalability, and robust solutions. What is behind this rapid growth? “With the increasing adoption of enterprise application software, there is a surge in the low-code and no-code application platforms in the market. Organisations are leveraging much more agile application development practices to quickly modernise their business applications, which not only saves cost and time but also eradicates the challenges related to software development skillsets,” says Manish Ranjan, Program Manager for Software & Cloud at IDC Middle East, Turkey and Africa.
He adds using low-code or/and no-code application platforms, CIOs can drive their digital transformation initiatives and also resolve their key challenges highlighted earlier. Using low-code, CIOs can modernise any business applications without re-building their existing ones and that too, with much less time, within days and weeks. With this, CIOs can also accelerate on their time to market and gain a business advantage over other competitors. Low-code platforms can also help IT decision-makers in creating a truly customer-centric organisation and fostering business collaboration. “Low-
Manish Ranjan
code platforms help CIOs forge a closer connection between business and IT and move from an order-taking mentality to a driver of business outcomes and innovation,” says Rodrigo Castelo, Vice President - Middle East & Africa, OutSystems. “They do this by enabling organisations to rapidly launch new products, prototype and deploy new ideas in just days or weeks, and iterate based on user feedback, thus staying ahead of their competition. With a low-code platform, CIOs can quickly address a wide variety of application development needs ranging from creating departmental apps to automating business processes to implementing large-scale enterprise applications, be it B2C, B2B or B2E. Lowcode also gives CIOs the ability to use their existing resources, making it possible to “upskill” people rapidly, which is going to be critical, both for companies to work at speed, and for the workforce to get engaged in new career opportunities.” Explaining why low-code platforms are heralded as the future of application development, Pradeep Shilige, Global Head of Delivery, Cognizant, says, “These platforms offer CIOs a different model of programming that delivers speed as well as throughput benefits. By providing faster, creative and efficient ways to modernise applications and deliver minimal viable products for enabling future-forward experiences, these platforms help accelerate digital transformation, bridge silos, streamline processes, and drive greater and more
seamless collaboration across teams. Accelerating time-to-market and providing hyper-personalised services are some of the key promises of these platforms that CIOs can leverage for competitive advantage.” Though low-code platforms are easing the burden on programming teams, industry pundits say it will not completely replace traditional coding. “There will always be a need for procode developers, who can tackle the larger more complex problems and systems which require more advanced skills. But the opportunity that it represents is to create building blocks from that work, and ‘shift-left’ the ability for low-and no-code employees to then manage and maintain and potentially refine/enhance the workflows,” says Chris Pope, VP Innovation, ServiceNow. Thierry Nicault, Regional Vice-President for Enterprise Business Unit (EBU) - MEA and Central Europe, Salesforce, agrees: “Low-code app development will not replace coders themselves. Rather, lowcode app development makes building apps easier and faster for coders, since they are able to leverage pre-built building blocks of code, rather than having to write new code from scratch.” Virender Jeet, Senior Vice President, Newgen Software, says you cannot classify applications in low-code or procode categories. During development, it depends whether you need pro-developerlevel intervention or customisation. Also, as applications grow and become part of the organisation, more complex functionality might need to be added often requiring pro-grade development, albeit minimal. A good low code platform helps you maintain a balance. However, Castelo from OutSystems has a different opinion and cites a Gartner study, which predicts low-code application platforms will be used for 65% of all application development activity in five years. The study also states that low-code is applicable to a wide variety of use cases. “The one area where many CIOs hesitate is building large-scale, mission-critical applications with low-code. Many are stuck in the mindset that you have to buy packages or spend years writing custom
Virender Jeet
Rodrigo Castelo
code with large team,” he says. The most established low-code platforms like OutSystems are well equipped to take on this challenge and in fact, we have several customers already running their entire business and core systems on our low-code platform. With all of the benefits that low-code provides, such as speed, agility, time-to-market, and ability to reskill and resort to existing personnel, I see no reason why low-code wouldn’t replace traditional coding in all the enterprise use cases pertaining to digital operations, digital experiences, and digital core systems. It is happening already, he adds. Where do low-code platforms work best? Ranjan from IDC says low-code platforms is an effective way to streamline business process, operations, and bring
JUNE 2020
CXO INSIGHT ME
25
FEATURE
Pradeep Shilige
automation. Using low-code, organisations are modernising their legacy business applications without re-architecting the complete applications. There is an increasing adoption of low-code and nocode based mobile and web applications within customer experience and customer support function, offering greater flexibility and control on how the experience is delivered. “Especially during the current COVID 19 crisis, organisations were able to build mobile applications within days using low-code to offer their customer services. Organisations from healthcare, education, government and municipalities and retail industries launched various mobile and web applications to better serve their customers (and citizen) during the current crisis,” he says. Shilige from Cognizant adds that lowcode platforms work best in areas that need faster deployment of functionality with minimal skillsets. These include departmental applications and specific user interfaces to ERP/CRM applications that cannot wait for developer cycles, specific B2C or B2B campaign applications that are time-bound and need to be deployed quickly, and pilot usages of critical applications. What should you look out for? For CIOs opting for low-code application platforms, it is not easy to pick the best platforms from the pack given all the marketplace noise. As low-code platforms have the potential to drive transformational changes, CIOs will have to be involved in the whole process of 26
CXO INSIGHT ME
JUNE 2020
Chris Pope
ESPECIALLY DURING THE CURRENT COVID 19 CRISIS, ORGANISATIONS WERE ABLE TO BUILD MOBILE APPLICATIONS WITHIN DAYS USING LOWCODE TO OFFER THEIR CUSTOMER SERVICES. ORGANISATIONS FROM HEALTHCARE, EDUCATION, GOVERNMENT AND MUNICIPALITIES AND RETAIL INDUSTRIES LAUNCHED VARIOUS MOBILE AND WEB APPLICATIONS TO BETTER SERVE THEIR CUSTOMERS (AND CITIZEN) DURING THE CURRENT CRISIS. evaluation, selection and procurement process. “Middle East organisations should evaluate low-code platforms based on business goals, the types of applications they need to build and the desired experience for the end-user. Other considerations include things like enterprise app security, and the ability to seamlessly integrate with internal and external data sources,” says Nicault from Salesforce.
Thierry Nicault
According to Pope from ServiceNow, the criteria can vary depending on the problem and complexity being solved. The key is to, early on, identify the problem being solved and the outcome you want to achieve. For example, the most advanced and featurerich platforms might be overkill for the problem being solved. “Understanding the right fit will ensure you pay for what you need, rather than a list of features that either go unused or your organisation doesn’t have the skills to utilise,” he says. Most of the business applications have workflows, ranging from simple to complex. “A low code platform should offer comprehensive process management capabilities (across development, execution, monitoring, administration, and optimisation). What’s more, you should also be able to leverage RPA for the last-mile process automation,” says Jeet from Newgen Software. The criteria for selecting a low-code platform also depends on the sorts of solutions you plan to build, but there are key capabilities that are common to most situations. “Some low-code vendors specialise in mobile, some in workflow, some fit more into the no-code space and are intended for very simple types of apps. The most sophisticated low-code platforms do not limit what you can build and will ensure you don’t hit a wall as your applications evolve and grow, in usage and in complexity. Look for platforms that cover the full stack: database, logic, multiexperience, and multi-channel user interface and business processes,” says Castelo from OutSystems.
Trusted Intelligence. Stop account takeover Manage ransomware Avoid fraud losses Identify insider threats Expand your team Prioritize vulnerabilities Protect physical assets Reduce risk
www.cyberknight.tech
INTERVIEW
GETTING RPA TO THE NEXT LEVEL MILAN SHETH, EVP-IMEA, AUTOMATION ANYWHERE, ON HOW INTELLIGENT AUTOMATION CAN FREE US FROM TEDIOUS TASKS AND SOLVE BUSINESS CHALLENGES.
it’s necessary to have a strategic vision about how it should be implemented. Process identification is a critical place to start, as repetitive tasks can be easily automated with RPA. RPA has the power to free up resources, redefine standards and transform business operations. But only if it is approached systematically and the enterprise is ready and has chosen the right vendor. Kickstarting a process of building proof of value is important to get more buy-in for the adoption of RPA. Furthermore, building a culture of acceptance within the enterprise is important. This is critical for the expansion of automation and transformation of the business. Employees must be empowered to share the automation process through upskilling and enabling them to view bots as their tools. An upskilled workforce that is capable of running automation and has the awareness about its benefits, will benefit from a holistic approach to automation. This can also be further augmented with an effective customer success team that can help boost automation initiatives.
W
hat are some of the key factors crucial to successful RPA deployments? Automating specific business processes within an enterprise requires several moving parts to come together. At first, the ease with which tasks can
28
CXO INSIGHT ME
JUNE 2020
be automated are an eye-opener for enterprises. This leads many organisations to automate too many complex tasks, too soon. The temptation to resolve long-standing business limitations leads to quick deployments without waiting for ROI to be measured. Since automation is a critical part of digital transformation,
What is the difference between RPA and IPA? While RPA has been great for automating routine and repetitive tasks and it has delivered cost savings across industries, IPA, or intelligent automation, is the next step in its evolution. Intelligent automation provides an intelligent self-learning layer on top of RPA. For enterprises on an automation journey, it’s important to differentiate between
the two and choose solutions that offer the best of both worlds. Purpose-built cognitive solutions that are inherent in a platform can help avoid delays in solving product issues and lower failure rates. IPA leverages AI and other data science technologies to not only automate tasks, but actually make smarter decisions and even pinpoint the right business processes to automate. It helps enterprises avoid the trap of automating complex processes too soon and raising expectations about the effects of RPA. Cognitive RPA pushes the boundaries of what RPA is capable of and hugely reduces errors and processing time. Cognitive RPA is also highly dataintensive and demands a lot of thought and upfront work to ensure success. Is hyperautomation the next big trend in RPA? Industry analysts, such as Gartner, have highlighted hyperautomation as a top strategic technology for 2020. It encompasses end-to-end automation that leverages multiple technologies from RPA to machine learning and AI. It extends beyond individual processes and creates a scenario where business processes are dynamically discovered and automated. In simpler terms, hyperautomation is designed to not just mimic human actions, but human intelligence as well. It paves the way for high-level digital transformation by getting complex business processes to work in harmony. The potential business impact of hyperautomation is huge. It is changing the game by becoming highly datadriven and automating complex work that relies on input from multiple people. It further empowers enterprises by sorting through semi-structured data that is hidden in emails and other documents. By converting this data into actionable insights that can be further automated, hyperautomation is creating intelligent digital workers. This is broadening RPA’s ability to solve end-to-end business problems, and it represents a significant step in the automation journey. The future is RPA + AI, and hyperautomation marks the beginning of that evolution.
What is driving the need for automation? The Covid-19 pandemic has forced organisations to digitally transform with remote working and the need for business continuity. Adding to this, is the fact that business needs are constantly changing in complex digital working environments. Customers are also placing higher expectations on enterprises and want them to keep up with their evolving habits. This is leading to enterprises receiving piles of incoming data from several sources. Enterprises spend a lot of man-hours sorting through this data and performing routine jobs that are repetitive in nature. Across different industries, these jobs seem different, but they all have a common characteristic - they are repetitive and high in volume. Automation can help tackle these issues by outsourcing these jobs to software bots so that human workers can concentrate on high-value creative tasks. Not only does this free up resources to lower operating costs, it also allows frees human workers to focus on work that is more creative and productive. In a competitive business scenario, automation gives enterprises the edge in the market. It enables them to better meet customer expectations and build loyalty. Automation that is scalable, reliable and repeatable has the potential to alter how enterprises operate now and in the future. RPA simply ensures that humans and bots perform the tasks that are the most suitable for them. This leads to faster time to market and product development at a faster pace. How do you address scalability issues related to RPA? Automating for success is a longterm game. While initial steps in the RPA journey must be ‘rule-based’ and process driven, the long-term vision must be to implement AI and machine learning capabilities and analytics. This requires an effective scalability strategy. Looking for quick wins is not an effective long-term strategy and building Centers of Excellence (CoEs) to deliver proof of value is critical. Going from 5 to 500 bots
requires a functional support platform that CoE’s are adept at providing. Many enterprises make the mistake of automating too much too soon or trying to create few complex bots that handle everything. This is based on assumptions on how RPA platforms operate. Effective RPA education and training can help navigate this. This brings a renewed focus on process identification in order to get bots to work with each other. Effective support structures behind the scenes can complement automation scalability. Having the right specialists, customer success teams and related technologies can make or break scalability challenges. This can steadily build a chain of bots that can deliver maximum value. Enabling bots to be reused and redeployed for other tasks when the moment arises is also a crucial objective. Getting an automation platform up and running is the first step and relatively easier to manage. Scaling the automation is where the true challenge arises and that requires the best mix of people and technologies. Attended or unattended RPA - what should users choose? This depends on the nature of the task involved and the maturity of existing automation processes in the organisation. Attended automation empowers human workers by giving them ‘virtual assistants’ and configuring bots to work together with humans. On the other hand, unattended automation is where bots work and communicate with each other. An organisation’s vision and buy-in play critical roles in choosing between attended and unattended automation. The decision-making process will determine whether employees are going to trigger bots or bots will perform rulebased processes. It’s common to see unattended automation controlled by CoE’s in order to run back-office tasks to reduce costs and improve ROI. Both are effective options to enhance productivity and lower costs and have a unique role to play in automating for success depending on where an enterprise is in its automation journey.
JUNE 2020
CXO INSIGHT ME
29
VIEWPOINT
PRODUCT KNOWLEDGE IS POWER STEVE MURPHY, CEO, EPICOR SOFTWARE, ON HOW PRODUCT KNOWLEDGE CAN TRANSLATE INTO INCREASED SALES AND HELP YOU EXCEED CUSTOMER EXPECTATIONS.
I
f you’re in the business of selling technology, you know that you win sales when you can solve tough, specific problems. However, to demonstrate that you can solve a customer’s pain points, you must know technology solutions at a detailed level—you need deep product knowledge. You must also understand the specific needs of your customers so you can communicate which solutions and capabilities are most relevant to them. When you have more comprehensive knowledge on both fronts, you can communicate how your solution is differentiated, relevant, and superior on a functional level. But simply understanding there’s a need for deep product knowledge is not enough. You also need to know how to best obtain product knowledge and then seek it out continually. Here are six practical tips to help you stay current on product knowledge— three for companies and three for employees. What Companies Can Do Embed product knowledge in company culture: This first step is crucial. The importance of product knowledge starts at the top. Executives and other leaders should diligently work to ensure product knowledge is a valued part of your company culture. Don’t just know your product—talk about it with each other and your customers. Hold town halls with your employees and share how product knowledge will play a central role—if it hasn’t already. Invest in product knowledge training: Once the importance of product knowledge is established in your company culture, follow through. You need to spend time and money on education that delivers information and training to your employees on product
30
CXO INSIGHT ME
JUNE 2020
knowledge, important product updates, etc. If you run into pushback on this front, emphasise the long-term benefits you’ll get out of this investment. When a customer feels your sales rep understands their business and specific challenges, not only is your company more likely to win a sale, but you also establish a greater level of trust for a long-term working relationship with that customer.
a B—rarely an A. But, if you studied throughout the year and stayed up-todate on reading, the time you needed to study for your test was less intense, you typically performed better, and you were able to retain the information long term. The same is true for consuming product knowledge. Consume information as frequently as you can— even if it’s only two or three minutes at a time. Read an article while you wait in line for coffee. Watch a short tech update after you put the kids to bed. This doesn’t need to be a heavy lift—just a mindful one.
Be smart about sharing product knowledge: While providing employees with access to product knowledge is important, be strategic to maximise the impact of your efforts. First, consider your words. Use plain language so communications and training are simple to comprehend and remember. Also, translate complex industry jargon so it’s easy for employees to share the information with customers. Second, push out tech updates on an exception basis. This means sharing notable changes to a product. Avoid inundating your employees with unnecessary information. Third, only send technology updates out to relevant personnel. Mass customise who gets what information based on their job function. Finally, consider providing in-person workshops given by leaders in your business who are black belts or superusers on a specific solution. Have them go out and share their knowledge on pain points of businesses you serve, as well as the value propositions of your solution.
Ignore product release data at your own risk: When your company provides you with a product update, use it. It’s part of a good-faith relationship. They are prioritising the importance of product knowledge, and they want you to as well. Go a step further. If you receive information that is helpful to you, share feedback and say why you found it helpful. Conversely, if you need additional information, don’t be shy about seeking it out.
What Employees Can Do Consume in manageable doses: Think back to your college days. If you crammed for a test, you might get
Pursue information from objective outlets: In addition to the product knowledge provided by your company, seek information from outside outlets. Consider looking beyond tech publications. Professional, balanced publications and think tanks offer credible, researched information. For example, The Wall Street Journal and The Financial Times have tech sections that can provide a well-rounded perspective. Technology constantly evolves, and maintaining up-to-date product knowledge is by no means easy. Remind yourself that it’s an investment in your success with your customers. When you can provide them with specific information and articulate how solutions address tough problems, everyone wins.
VIEWPOINT
ARE PASSWORDS HERE TO STAY? RAJESH GANESAN, VICE PRESIDENT, MANAGEENGINE, SAYS WE ARE NOT QUITE READY FOR PASSWORDLESS SYSTEMS.
do store users’ biometric data, it’s wise to utilise hashing or blockchain technology to protect this data. Nevertheless, unlike passwords, biometric data—be it irises, faces, or fingerprints—cannot be replaced. For the time being, passwords are here to stay; however, there are some important things to consider.
S
eeing as we’re on the cusp of driverless cars, humanmachine integration, and groundbreaking robotics, it’s somewhat surprising that we’re still relying on passwords. Although passwordless authentication options are gaining prominence, there’s a reason why we’re still using passwords 60 years after their inception: they’re effective. Unlike facial recognition and other biometric solutions, passwords are either completely right or completely wrong. Currently, biometrics require a margin of error; for example, it has been shown that people can open their relatives’ phones via facial recognition apps. Even more importantly, if one’s biometric data is ever compromised, it can never be replaced. Unfortunately, we have already seen a major breach of biometric data. Last August, web privacy company vpnMentor discovered a breach in Suprema’s security platform, Biostar2, which exposed facial recognition data and fingerprint records for 1 million people. According to vpnMentor, Suprema saved exact copies of users’ fingerprints, potentially compromising these individuals’ biometric information forever. For companies that
Multifactor authentication is key Whether you use password-based authentication or not, your organisation should require multi-factor authentication (MFA). There is no excuse not to employ MFA, especially with the current proliferation of applications that enable such services. Do not require mandatory password resets If your organisation does have MFA in place, you definitely should not require the mandatory password resets. In fact, such requirements arguably make your network less safe, as employees tend to write their passwords on Post-It notes at their work stations, and resort to using similar passwords, as well as passwords that are easy for hackers to guess. As a caveat, if employees change roles within your organisation, it may make sense to require a password reset. Ideally, this reset request should be automated as part of the transfer process. Require complex passwords Given that password brute force attacks are still the most common form attack, it is still important to require complex passwords and disallow weak passwords. The NIST recommends requiring long, complex passwords that employees haven’t used in the past. Manage privileged accounts separately It is wise to consider utilising an enterprise grade password manager to
stay on top of password security issues. Additionally, as privileged accounts are typically shared by a few people in an organisation, you should consider having a separate program to manage the passwords for these privileged accounts. To get certain tasks completed, your system administration should be able to elevate privileges for any given user for a set period of time, and if necessary, the system admin should be able to disable direct authentication to all privileged accounts. Look into passwordless authentication options Despite the effectiveness of passwords, wherever possible you can look to eliminate or disable password based authentication. Passwordless authentication, such as one-time passwords (OTPs) sent via email and SMS, are becoming increasingly popular. If you decide to introduce a passwordless authentication option for select business accounts, be sure to consider employing two or more options; this way you can effectively remove passwords without compromising your security. Conclusion Until passwordless authentication options and biometric solutions become more advanced, it is wise to rely on long, complex passwords and multi-factor authentication. Unlike passwords, biometric solutions—fingerprint modules, iris scanners, and voice recognition systems—require a margin of error. Additionally, as we saw in the breach of Suprema’s biometric database, if such an event does occur, users’ sensitive biometric data is compromised for life. Put simply, for the time being, passwords are the safest route for your organisation to take from a security perspective.
JUNE 2020
CXO INSIGHT ME
31
INTERVIEW
WHAT LIES IN THE SHADOWS HAIDER PASHA, SENIOR DIRECTOR AND CHIEF SECURITY OFFICER AT PALO ALTO NETWORKS, MIDDLE EAST AND AFRICA (MEA), ON CYBERSECURITY AND DARKNET IN THE REGION.
32
CXO INSIGHT ME
JUNE 2020
I
n your opinion, what are the biggest issues facing cybersecurity in the GCC? The high volume of attacks is one of the main issues, and while we live in an era of rapid digital transformation, cybersecurity attacks are rising at organisations of all sizes and industries. In many cases, we have witnessed that cyber attackers are merely looking at pulling down IT systems without even having a financial gain. At Palo Alto Networks, we elevate the security state for our customers, making them more cyber resilient and prepared well in advance. We ensure all operations continue smoothly with an optimal level of security to avoid data breaches from any sort of attack. We also have a dedicated account team and system engineers for large organisations, and we work very closely with all our customers and key partners, providing them with cuttingedge security technology to prevent cyberattacks. Are there any country-specific issues you have to deal within in the region? There are specific country-level issues, but in general, there is less awareness within the region when it comes to the importance of cybersecurity. Attacks in the Middle East range from actual theft of data, to spam emails or phishing attempts, due to greater prevalence of malware. Companies often do not identify when an attack has taken place unless reported by a third party or client on suspicious messages. Moreover, incidents in the region have not gained the same awareness compared to more regulated countries. A huge proportion of the region’s firms are also privately or family-owned, with no external shareholders. In these cases, cybersecurity measures are less likely to be in place as the key focus is on profitability. Luckily, there are cybercrime laws in place which vary from countries; with the UAE having one of the most effective laws in the GCC region, introduced in 2006.
How do these issues differ (or align) with the issues faced in terms of cybersecurity worldwide? Cybersecurity issues are present in all markets in more or less the same way. With the Middle East developing into one of the world’s most technologically advanced regions, there are many new and greater risks involved. Moreover, with the region’s high youth population, they might be more prone to these risks. What basic advice would you give to individuals and companies in terms of being vigilant about cybersecurity? As an organisation, there are various aspects of system security to take control of, including regular system updates, removal of unnecessary software and plugins to limit potential vulnerabilities and avoid the spread of malvertising, and keeping a regular watch over emails – especially if received from external sources. Organisations must look at good quality firewalls and anti-malware and antiransomware systems for early detection and prevention of the spreading of threats. In addition, organisations must have robust authentication methods in place with strong passwords and verification questions. Here at Palo Alto Networks, we follow a zero-trust approach with a strict verification process. It is essential to have authentication solutions in place within the network, the cloud and at the end point to prevent installation and spread of any malware. The quicker the detection, the greater the ability to reduce the impact. For individuals, the basic rule is being aware of unknown cold calls and emails; for example, one must be especially suspicious if asked to open a link or share personal financial details from an unknown source. This should be an immediate red-flag and must be sent to your IT or security department. In the age of mobile and social media, it is also best advised to avoid downloading untrusted applications and oversharing personal and financial information on social platforms. To add further protection, use different and complex passwords for accounts and change them
frequently. It is all these tiny steps that can help to avoid data breaching. Simple web browsing can sometimes interfere with security systems as well; however, most antivirus software and end point systems can predict malicious websites and flag it. How would you explain the darknet for beginners? The darknet is simply keeping anonymity, it is a part of the internet that cannot be found through search engines. Largely used for illegal practices, the dark web is mostly not accessible through usual web browsers and has specific ones such as Tor Network, which provides a decentralised architecture. It offers stolen data such as credit cards, personal information and ID scans, personal credit card reports, operating accounts of online systems, email accounts, stolen credentials and malware and exploit kits, amongst many. Overall, the markets for darknet play two roles; allowing cybercriminals to purchase tools which are then used in specific stages of the kill-chain and allowing cybercriminals to make monetary profit by selling stolen data from victims. What challenges does the darknet pose, and how are these different from regular cybersecurity? The main challenge of the darknet is that a large percentage of internet and online service users are unaware of these threats and the safety measures to secure personal information on their systems. The darknet is mostly not used by the general public and operates very differently from the regular internet, through systems and coding platforms most consumers are not aware of. Therefore, it is imperative to have a better understanding of how cybercriminals within the darknet operate and the type of traded information. Palo Alto Networks provides several platforms, including the NextGeneration security platform, safely enabling applications and providing solutions to prevent both known and unknown threats across the network, cloud and endpoints.
JUNE 2020
CXO INSIGHT ME
33
VIEWPOINT
HOW TO UNLOCK THE TRUE VALUE OF SECURITY EFFECTIVE VULNERABILITY MANAGEMENT NEEDS A NEW, MORE INCLUSIVE APPROACH TO SECURITY, SAYS MARCO ROTTIGNI, CHIEF TECHNICAL SECURITY OFFICER, EMEA, QUALYS
O
ver the past decade, countries across the Middle East have locked themselves into nationwide economic initiatives where smart governments will one day watch over smart societies powered by smart grids; nextgeneration healthcare will ensure a thriving population where classrooms of the future groom astute innovators in sustainable cycles of prosperity. As early as 2016, Deloitte, PwC and other industry observers, saw the Middle East as poised for harnessing Industry 4.0 to foment globally competitive economies. Around the same time,
34
CXO INSIGHT ME
JUNE 2020
McKinsey noted a 150-fold surge in crossborder data flow between the region and the rest of the world, and speculated about a future that would include a Digital Middle East. And in February, IDC told the UAE’s National newspaper that one third of the Middle East and Africa’s US$90billion IT spend for this year would be dedicated to digitisation. But digital transformation, while a catalyst for many boons, comes with some caveats. The breadth and depth of change to infrastructure can throw the unwary security team off balance. It takes a firm hand and shrewd planning to address the challenges of a rapidly digitising world.
Global spread, global threats First, we should not forget that most industries have seen competition skyrocket, often because of the ready availability of digital platforms. Where previously, entrepreneurs only needed to out-manoeuvre players in their local sandbox, now threats can come from anywhere in the world. Scaling up is child’s play, because of the cloud, so digitisation begets digitisation because of the globalisation of business. The new global state of play has led to businesses that are continually growing and spreading to other geographies. IT follows suit — expanding, changing shape and adopting technologies
such as the cloud and software containerisation. Ad hoc adaptation to such rapidly changing architecture is neither practical nor optimal. Security teams can no longer afford to support the castle after it has been built. They need to be intimately involved in design and implementation to ensure an environment that is as free of vulnerabilities as possible. After all, security teams are expected to be risk managers — and risk management is inherently predictive. So, security teams need to be allowed to assert themselves and embed their best practices at source, throughout the software-development lifecycle. Developers, testers and operations teams can all benefit from this approach and end up becoming more mindful of vulnerabilities as a result. Know your assets Providing a list of vulnerabilities is exceedingly difficult without first compiling a comprehensive asset list. Of course, in the dynamic environments that security teams must now protect, these lists must also be dynamic. Once the asset roster is no longer a nebulous unknown, vulnerabilities can be identified and flagged for investigation. But even as teams reach this stage, they will discover that globally spread businesses will be plagued by too many issues to address with limited resources. Effective prioritisation then becomes vital. Patching every flaw in every asset
is impractical, so organisations have to address those issues that carry the greatest risk and are most widespread. The harder a vulnerability is to exploit, the lower its place in the priority queue. It is worth noting that zero-days are not necessarily the weakest links in an ecosystem. Cybercriminals notoriously set their sights on low-hanging fruit. So, an old flaw that is easily exploited and rarely patched is perfect fodder. This kind of issue will be high on security teams’ priority lists. Between a comprehensive digitalasset register and a strategic priority list, enterprises can build the precise risk profiles and action plans that make sense for their operations. They can incorporate their individual business goals into their priority lists to craft workflows that govern security-team activity and information flow. This means the right people are informed of the right threats at the right time, enabling prompt and effective action. In addition, the data gathered can present senior managers with real-time risk-snapshots of the entire organisation, regardless of its geographical spread. Such information is invaluable to decision makers who are responsible for routing resources to their optimal destination. Brace for culture change And finally, after all the asset monitoring, vulnerability prioritisation and activity modelling, organisations will be in a position to automate future workflows and fine-tune the vulnerability detection and mitigation processes. It should be obvious that such an approach benefits businesses that are geographically scattered. Consider that growing businesses may not have any IT staff, let alone security specialists, in place at some of their newer offices. It will be important to gather data at these sites so that it may be assessed centrally and acted upon with minimal input from the non-technical staff on site. To make this approach work, however, requires another kind of change — one of authority and process. Security teams have traditionally been a part of IT departments and yet retained a
separate, add-on identity. However, given the all-pervading nature of the digital realm, security needs to become part of an organisation’s corporate DNA, from the boardroom to the server room. Best practices should be embedded within all business processes as de facto standards, within software engineering and beyond. Security teams need to be present in all levels of operation, and their tools deployed wherever relevant. Once they are embedded in all aspects of the business, they can guide technical and non-technical teams towards the safest practices. They can then better inform the right employees of the right vulnerabilities more quickly, ensuring that all staff members are properly mobilised in the fight against cyberthreats. Greater insights, more robust results Software architects and developers can then take ownership of any bugs or configuration issues that could lead to vulnerabilities, because they have discovered them, eliminating the crossteam finger-pointing that results from siloed approaches. With security teams empowering others to discover their own issues, confidence in the workflow can be established across the organisation. This will make it easier to implement yet more best practices, such as the Centre for Internet Security (CIS) Benchmarks. Transformation can be difficult, whether digital or operational. By embedding security knowhow into software production, we acknowledge that approaches to interaction and collaboration will undergo overhauls. But early involvement leads to greater insight and more robust results. The new ways of working will ensure a human-digital ecosystem that can cope with change more easily while ensuring a secure technology stack. Vulnerabilities will be identified, tracked, and addressed with agility. The time has come for security leaders to be business leaders. Protection from the hungry digital hoards can only come through a complete integration of such teams into every element of the softwaredevelopment lifecycle.
JUNE 2020
CXO INSIGHT ME
35
VIEWPOINT
A CLOSER LOOK AT
CYBERSECURITY AND LANS ARAFAT YOUSEF, MANAGING DIRECTOR – MIDDLE EAST & AFRICA, NEXANS CABLING SOLUTIONS, WRITES WHY BANDWIDTH SHOULDN’T BE THE ONLY CONSIDERATION AS VULNERABILITIES CONTINUE TO SURGE IN NUMBER AND SEVERITY.
A
s businesses and economies become more dependent on connectivity, they also become more vulnerable to cybercrime. Cybercrime damages will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015, according to a recent report from Cybersecurity Ventures. Global cybersecurity spending will exceed $1 trillion cumulatively for the period from 2017-2021. TÜV Rheinland’s latest annual report on Cybersecurity - a collaboration between global cybersecurity experts lists key cybersecurity trends for 2020. According to the report, uncontrolled access to personal data carries the risk of destabilising the digital society and smart devices are spreading faster than they can be secured. Attacks are currently focusing on supply chains and transport. Vulnerabilities in internet-connected personal medical devices such as insulin pumps, heart and glucose monitors, defibrillators and pacemakers are another cause for concern. In addition, cloud, IoT and mobile devices are all giving security experts cause for concern. The ‘S’ in IoT stands for ‘Security’… As we connect more and more people and devices across locations to our networks, we open up more potential security vulnerabilities. Guests or employees using a wireless access point or connecting from home directly or via a VPN can introduce potential issues that may be very hard to detect and resolve. Wireless Access Points have also introduced new challenges. If unsecured, or poorly secured, anyone can join a WAP. Abuse can result in anything from Denial of Service to identity theft when someone
36
CXO INSIGHT ME
JUNE 2020
has identified the MAC address of a computer with network privileges by eavesdropping on network traffic. One comforting thought is the fact that fibre carrying data to and from buildings is as safe as possible. Hacking into a fibre cable is practically impossible. You would need direct access to the fibre and the opportunity to remove its protective covering - carefully. Actually, getting access to the data stream would require highly specific hardware and software tools, power levels and alignment. In the extremely unlikely event this could be successfully overcome, you’d need to capture, demodulate, restructure and decrypt information. So, although bending a cable beyond its prescribed radius might allow some light to escape, the chances of anyone abusing the escaped signal in any meaningful way are negligible. When we look at LANs inside buildings, the architecture itself and proven safety measures usually provide a relatively high level of protection. Best practices include using WPA2 and data encryption, creating guest networks, and deactivating unused ports. Using a support router with an activated firewall and physically securing network hardware is also wise. In addition to these measures, an office, campus or hospital environment can put many other security measures in place. These range from physical access and security cameras to password logs. Using physical locks to project cable joints and connection points and regularly updating device and system
passwords and encryption are also vital to enhancing protection. Human behaviour Of course, the solution isn’t only about technology and protocols. The human factor is equally important – if not even more so! The European Agency for Network and Information Security point out that “the starting point for any organisation is to gain understanding of its current cybersecurity status, and the ways in which human factors might support or detract from that defensive stance.” After all, most cyberattacks start with nothing more than an email. Carefully analysing people’s behaviour and engaging in discussion with users are key to improving the culture of safety, but also exposing flaws and security demands that are impractical or impossible to comply with. Integrated security A Fibre to the Office (FTTO) solution offers a high level of built-in protection. Fibre is laid vertically from a central building distributor to different floors. From there, cable runs horizontally to an FTTO switch installed at the workstation or service consolidation point, near WAPs or other devices. Switches ensure intelligent conversion from fibre to copper and vice versa, feed terminal devices with data and power and make it easy to set up ring topologies for redundancy at user level. Advanced redundancy and security concepts make planning and extending the network to accommodate future needs easy. Intelligent system features help increase network security. The Nexans switches used in this concept provide the ideal basis for secure Gigabyte Ethernet networks in any environment. Intelligent Management Features help further increase the security of the network and minimise service costs. Nexans switches support all relevant security and encryption mechanisms such as IEEE 802.1x, SNMPv3, HTTPs, SSH and SCP. Hardened firmware of switches provides high level protection against attacks. Because floor distributors or signal repeaters are not required between the central switch and FTTO workstation switches, there are fewer places where security breaches may occur.
VIEWPOINT
TACKLING SUPPLY CHAIN DISRUPTIONS ANAS A. ABDUL-HAIY, DIRECTOR AND DEPUTY CEO OF PROVEN CONSULT, ON HOW TO PROTECT SUPPLY CHAINS DURING COVID-19
A
s the world is battling against COVID-19, the pandemic has an uneven effect on the supply chain industry. Industries such as auto, travel, consumer goods, electronics, and retail have been profoundly impacted. The supply chain economy has a large and distinct impact on economies of the world that is driven by industrial activities and innovation. Data leading the way Having a data-centric approach towards supply chain management is making suppliers more agile in their operations. Using predictive modeling and data simulations, businesses can predict the impact of a sudden decline in demand in one country that can impact the entire supply chain. Live tracking the sales, shipments, and orders with minimum latency will help businesses to identify surge or decline in demand and these data can guide the decisions regarding the production levels. End-to-end digitising Having a cloud-based or web-based ordering system, allows businesses to act on shifts in demand proactively. Creating an end-to-end digital IT ecosystem is key to drive and minimise the latencies. However, to track actual production, inventory levels, and shipments, businesses must leverage various Internet of Things technologies together to bridge data between various processes. Starting from placing the order or query to the actual production and distribution, these various processes in the value chain funnel need to be digitised to enable faster decision making.
Automation for agile supply chain While the manufacturers are looking for alternate vendors for their critical components, the reduced labour force and increased demand have led to increased lead time. Accelerating production and reducing manual interventions in the business processes are critical to solving these problems. Suppliers must develop greater automation capabilities to accelerate production and minimise manual interventions in the business process. Using IoT and robotics, businesses can fast track assembly lines, inventory management, and data analytics. Embracing the digital Workforce: For manufacturers, labour shortage and replenishment serve as focal points for operations to manage ramp-up in production after temporary shutdowns. Therefore, businesses are embracing the digital work environment and communication channels to continue their operations remotely. Departments such as
marketing, finance, and HR has moved to virtual desks. While these techniques act as a solution to cope with the supply chain crisis, it is the principles that are leading the decision making. New principles for sustainable supply chain Diversifying the supply chain will not only make supply chain reliable also help businesses to optimise cost. Businesses can source components for new products from low-cost sources and can launch new products at a lower price to boost their sales. This crisis has key lessons for businesses about reliable and efficient supply chain management. In the immediate term, organisations need to take steps to stabilise supply chain operations by conducting risk assessments and implementing business continuity plans using crisis-management teams. Crisis Management for Short Term Impact: To address the volatile nature of current supply chain operations, organisations should mobilise a crisis-management team or a war-room setup that has the power to make quick, analysis-based supply chain decisions. Analysts should examine supplier delivery performance, deviations from plans, canceled orders, fulfillment rates more frequently to identify any potential supply chain issues. Optimising HR Strategies While protecting supply chain businesses is paramount for economies; at the heart of this crisis, people are most affected. Protecting the people working in the supply chain ecosystem must be a priority for businesses amidst the pandemic. At an unprecedented time of pandemic threats, businesses must make quick decisions led by talented executives to implement new policies and standards to the ground level. As businesses shift towards automation and digitalisation, the focus has to be on finding new executive talent for implementing strategical and analytical functions of supply chain management.
JUNE 2020
CXO INSIGHT ME
37
INTERVIEW
WINNING
THE CYBER WAR
WAEL JABER, VP, TECHNOLOGY & SERVICES AT CYBERKNIGHT, ON WHY THREAT INTELLIGENCE IS CRUCIAL IN THE FIGHT AGAINST CYBERCRIME.
C
an you please explain what your Unified Threat Intelligence concept is? CyberKnight’s United Threat Intelligence (UTI) concept has been created to help customers build an effective cyber threat intelligence practice based on methodologies, taken from industry best practices, in addition to the latest technology and services that operate in that space. Adopting the CyberKnight’s UTI solution offering would help our strategic customers to save on efforts, time, and resources to build a very efficient and cost-effective CTI program. The UTI concept caters to many of the threat intelligence requirements within different industry verticals. The solutions we are offering in this UTI bundle consist of EcleticIQ (Threat Intelligence Platform), RiskIQ (Open and Surface Web Intelligence), FlashPoint (Deep and Dark Web Intelligence), CrowdStrike (Adversaries Intelligence), Attivo (Local Intelligence) What can companies do to make threat intelligence more effective and actionable? Effective Threat Intelligence is about clearly understanding the business risk an organisation is exposed to, and about reducing the uncertainty when dealing with such risk. Cyber threat intelligence should be selected, collected, and produced very thoughtfully to ensure the quality and efficiency, so that an organisation would benefit from it and make it actionable. Actionable and effective
38
CXO INSIGHT ME
JUNE 2020
threat intelligence should be relevant to and aligned with the corporate business requirements, the strategy of its stakeholders, and the threat profile of the organisation. The threat profile involves knowing the threat landscape and the potential threat actors that are potentially after the organisation. Once a CTI strategy for the corporate is set in place, and the company’s threat profile is defined, the selection and collection of the right type of intelligence feed would be much easier, and the consumption and production are more actionable and efficient.
threat intelligence practice, especially in a modern threat landscape, where Security Operation Centers (SOCs) are overloaded with thousands of alerts every day. At the moment, without automation, it’s simply not possible to minimise false alerts and not miss out on anything important. Automation could be beneficial in assisting the TI analyst in focusing on specific threats or topics and helping reduce the time spent during
Too many threat intel feeds can contribute to security information overload. What should users keep in mind while evaluating feeds? Collecting threat intelligence feeds randomly for the sake of collecting will not do any CTI programme any good. On the contrary, it would aggravate the whole situation and cause additional alert fatigue to TI and SOC Analysts. During the selection process of intelligence feeds, users should carefully study and understand what their business risk is in the first place, and what strategic intelligence they need to collect, that can provide the necessary information and insights to their business leaders and stakeholders, that would help them make better strategic decisions. Next, they need to understand the real threat landscape and trends that target their business, industry, and geographic region and choose the intelligence feed provider that can provide the right operational intelligence, which can help them implement the right security controls to deter such threats. The last thing to consider, is to identify the potential types of threat actors that might target their organisation, their origins, their motives, and their techniques, based on which they can select the intelligence provider that focus on the adversaries that are matching their requirements.
HAVING THE ANALYST AVAILABLE WHEN AN AI MODEL “ASKS FOR HELP” IS CRUCIAL AS CYBER THREATS CHANGE, ESPECIALLY WHEN THEY CHANGE WITH THE INTENT TO FOOL THE MODEL. DEVELOPING A FEEDBACK MECHANISM THAT PROVIDES YOUR MODEL WITH THE ABILITY TO IDENTIFY AND SURFACE QUESTIONABLE ITEMS IS CRITICAL TO THE SUCCESS OF YOUR MODEL.
What is the role of automation in threat intelligence? Automation is a crucial part of any
investigations, and to add context to alarms and incidents an organisation might face. However, automation should not be fully and solely depended on during the discovery, triage, investigation, and production processes of threat intelligence, because a Human hacker can easily fool it. Automation is a powerful tool, but it is not a remedy for modern security postures. Smart attackers need to be met by smart human defenders aided by automation.
Are companies adopting AI/ML for threat intelligence? Machine learning is being used in many ways within the threat intelligence space. It could range from using ML/AI to help in acquiring the knowledge and intelligence at internet scale similar as to how RiskIQ are using it to crawl the wild web and mimic internet browsing users, or as how Flashpoint are using it, to extract intelligence out of illicit groups in the deep and dark web which are very tricky to navigate and interact with. ML/AI are also being used in the triaging, curation, and vetting of collected intelligence and this is used by many threat intelligence providers to ensure the relevancy and quality of collected intelligence. For instance, EclecticIQ leverages ML capabilities of its product to help the threat analyst discover, investigate, and produce relevant intelligence. ML/AI are also used, for example, in deceiving threat attackers, by luring them into deceptive decoys that resemble real production environments, after which real-time local intelligence about the active threat actor could be collected is how Attivo Networks use ML/AL. Not to forget the importance of ML and AI in the defense against zero-day and unknown malware types and the importance of gathering intelligence about the techniques used and its attribution to threat actor groups, similarly as to how Crowdstrike uses ML/AI for. It’s important to note that adversaries are using AI/ML against security defenses, and they use ML/AI to defeat the effectiveness of the ML/AI used at the other side of the spectrum. ML/ AI alone is not enough and have to be supervised and trained by an analyst, because now ML/AI does not have the human common sense to reason. Having the analyst available when an AI model “asks for help” is crucial as cyber threats change, especially when they change with the intent to fool the model. Developing a feedback mechanism that provides your model with the ability to identify and surface questionable items is critical to the success of your model.
JUNE 2020
CXO INSIGHT ME
39
PRODUCTS
Huawei Announces FusionServer Pro In The Middle East
GENETEC HELPS TO REINFORCE SOCIAL DISTANCING WITH NEW SOLUTION As many retailers, restaurants and public venues start reopening, the need to enforce physical distancing measures is critical. To help these organisations monitor their occupancy levels and ensure compliance with regulations, Genetec, a technology provider of unified security, public safety, operations, and business intelligence solutions, has announced a new Occupancy Management Package. The Occupancy Management Package includes analytics and reporting tools that enable organisations to tap into their security system to count the number of people in a store or similar business area, visualise data, and alert employees when occupancy limits are being reached. Audit reports can also be easily produced to demonstrate a business’ compliance with physical distancing regulations. With this new package, organisations can define policies that adhere to local guidelines for occupancy and mobilise their operations to limit the risk of transmission. Live occupancy data is displayed in clear, graphical ways. When occupancy limits are being reached, employees who are responsible for monitoring the situation can receive alerts on a mobile device, via email, or on their Security Center dashboard so they can take appropriate action.
A10 Networks Delivers Highest Performance DDoS Protection
A10 is offering a leap forward for service providers with DDoS protection at the scale required to stop today’s cyber threats. The company has released the highestperformance DDoS protection appliance to help service providers and MSSPs mitigate the largest DDoS attacks. The A10 Thunder Threat Protection System (TPS) 7655 provides up to 1.2 Tbps blocking capacity and 380 40
CXO INSIGHT ME
JUNE 2020
FusionServer Pro features two engines, one for intelligent acceleration, and one for intelligent management. Together, these engines improve the performance of the server at the system level, enhanced by five intelligent management features which contribute to improving client O&M efficiency, while also reducing OPEX. Huawei’s x86 FusionServer Pro Intelligent server delivers high performance, high reliability and scalability, and can be deployed in numerous scenarios such as racks, high-density, blades, critical business, heterogeneous, liquid-cooled servers and other models. Transformation today is shifting from digital to intelligent. As the core driving force, the computing industry faces challenges in compute power and management. Featuring outstanding compute power and intelligence, Huawei’s x86 FusionServer Pro will harness the computing industry and enable transformation into an intelligent world. This intelligent world needs infrastructure consisting of three parts: connectivity, compute, and cloud. Connectivity and compute infrastructure make the cloud more efficient. And data centres are responsible for most computing tasks. According to Huawei’s Global Industry Vision (GIV) 2025, the penetration rate of Artificial Intelligence (AI) in enterprises will reach 86 percent by 2025. Along with increasing intelligent transformation in industry, more and more large-scale data centres will be built. Traditional data centres and servers must upgrade to address the industry’s challenges.
Gbps scrubbing capacity. Combining Zero-day Automated Protection (ZAP) powered by artificial intelligence (AI) via machine learning (ML) and advanced software mitigations, Thunder TPS delivers unprecedented protection in a compact 1.5U form factor, enabling customers to efficiently scale-out their DDoS defences as the threat landscape expands. The Thunder 7655 TPS will be available in Q3 2020. In addition, A10 is bringing first-tomarket support for HTTP/3 (QUIC) DDoS protection in software. To ensure the user experience for business and consumer services that are migrating to the cloud, QUIC is rapidly being adopted by content and cloud providers, leading browser developers,
such as Mozilla and Google, and is backed by the Internet Engineering Task Force (IETF). The QUIC protocol provides faster connect times with built-in security versus the traditional combination of TCP and TLS. It also offers a dramatic reduction in latency that will enable better user experience for content-rich web applications. Based on these benefits, HTTP/3 has also adopted QUIC for use on the transport layer. A10 said it is the first major software and hardware DDoS vendor to provide DDoS protection for HTTP/3 and the QUIC protocol. and enables a safer next generation of web services using this protocol. HTTP/3 and QUIC protocol support is available now for all Thunder TPS customers.
IEC Telecom Unveils SatelliteBased Networking Management Solution Satellite communications specialist, IEC Telecom has introduced its latest satellitebased networking management solution, OneGate Aid Compact to improve the efficiency of first responders in regional communities across the Middle East and Africa amid the COVID-19 pandemic. OneGate Aid Compact is an agile and future-ready network management solution that operates from a virtual platform and is designed to keep mobile humanitarian teams connected at all times, enabling full control and visibility overactive telecommunication links. Urban areas utilise GSM networks, while remote missions are heavily reliant
on satellite communication. Moreover, mandatory social distancing prevents from staff reinforcement or rotation and as a result, field workers are heavily dependent on satellite networks to receive remote counselling and training. With an increase in data usage, it is not enough to simply have access to the satellite network, but be in a position to manage available resources and channel essential communications on mission-critical operations. IEC Telecom’s OneGate Aid Compact is powered by Thuraya IP+ for stationed use and Thuraya Voyager for vehicular use over Thuraya’s L-Band network. It enables first response teams with optimised network traffic availing services such as big data transfer and live conferencing. OneGate Aid Compact also provides the gateway for remote maintenance, enabling technical support teams to monitor and troubleshoot at any place and
at any time. It may also be enhanced with an augmented reality toolkit, providing field workers with a ‘virtual pair of hands’ displayed on the screen of the device in use. As such, limited staff onsite is exponentially expended via digitally present teams in the HQ and network support teams at IEC Telcom. With built-in Wi-Fi enablers, OneGate Aid Compact provide remote workers with a way to connect their own devices to the dedicated welfare network. This provides them with an added option to reach out to their families regardless of location. A dedicated welfare environment operates based on a voucher system.
Nexans Announces Cat 6A Field Terminable Plug For MPTL Links
New Flagship OPPO Smartphone Now Available In The UAE
Nexans has released a new Category 6A field installable plug as part of its LANmark-6A offer. This plug is designed to build Modular Plug Terminated Links (MPTL), an increasingly popular method to directly connect patch panels with network devices, such as Wireless Access Points and IP cameras. These devices are usually located near the ceiling, where there is often no possibility to install an outlet or other connection box. MPTL are built with infrastructure cable terminated with an RJ45 jack on one end and an RJ45 plug on the other and are now standardised in TIA 568-2.D and specified in the draft version of ISO/IEC TR 11801-9910 ED1. In conjunction with LANmark-6A horizontal cable and the LANmark-6A Snap-In connector, configured in MPTL, the LANmark-6A Field Terminable Plug will support all Class EA applications, including 10GBase-T and Power over Ethernet up to 100W. When designed and carried out following our Design Guidelines (for MPTL / 1-connector Channel) and tested according to our MPTL Field Test procedure, LANmark-6A MPTL installations qualify for a 25-year LANmark system warranty. The LANmark-6A Field Terminable Plug is fully shielded, accepts cable of 6.0mm to 8.5mm diameter with AWG24 to AWG23 solid wires and is easy to install without the need for a special termination tool, apart from a pair of parallel jaw pliers.
Global technology brand OPPO is gearing up to bring its newest premium flagship smartphone in the UAE. The Find X2 Pro will be launched in partnership with Etisalat on June 18th, bringing a new generation of superior performance and OPPO’s technology excellence to the UAE. The Find X2 Pro is powered by the company’s most powerful triple-camera system that leverages a Sony IMX689 48MP primary camera, as well as 48MP ultrawide angle and 13MP telephoto cameras. This versatile system will bring the ultimate photography experience to consumers, making the Find X2 Pro ideal for photography enthusiasts. The latest flagship smartphone also brings in a visual revolution with the most advanced screen OPPO has developed to date. The customised 120Hz refresh rate, 3K QHD+ Ultra Vision Screen is capable of displaying one billion colours and life-like vibrancy. The display excellence of Find X2 Pro includes TUV Rheinland Full Care Display Certification and an AI Adaptive Eye Protection System. The smartphone has received the renowned DisplayMate Best Smartphone Display Award and earned DisplayMate’s highest ever Display Performance Grade of A+. This exquisite Ultra Vision Screen, combined with Dolby Atmos and dual stereo speakers, makes audio and video a genuinely immersive experience. To deliver a seamless and ultimate 5G experience to the users, Find X2 Pro integrates OPPO Smart 5G technology to intelligently navigate and choose the most suitable network to maximise speed and battery life. By combining powerful performance, industry-leading innovation, and top-end technology features, the OPPO Find X2 Pro is setting new benchmarks for the premium smartphone industry. The OPPO Find X2 Pro will be available in the UAE with 512GB internal memory from June 18th.
JUNE 2020
CXO INSIGHT ME
41
BLOG
ADAPTING TO THE DIGITAL WORLD SUNIL PAUL, MANAGING DIRECTOR OF FINESSE, ON HOW THE PANDEMIC HAS PROVEN TO BE A GAME CHANGER FOR ONLINE SHOPPING AS CONSUMERS FLOCK TO WEBSITES FOR ESSENTIAL GOODS.
S
ocial distancing, quarantines and lockdowns imposed by governments to check the spread of COVID19 have accelerated the digitalisation trend with consumers preferring to shop online instead of physical stores and use digital payments instead of cash to minimize the risks of getting infected. In Italy, for example, between February and March 2020, retailers registered an increase in online sales by a whopping 90 percent. Dubaibased Majid Al Futtaim, which operates 24 shopping malls, saw a surge in online sales, with a 59 percent year-on-year increase in online customers in March 2020, according to a recent report by the Dubai Future Foundation. Thanks to strict restrictions, there has also been a shift in categories from items such as apparel/ accessories and electronics, lodging and airlines to everyday spends like food and groceries, medicines, household chemicals and personal hygiene. Techradar.com had reported, quoting Ken Research, that in the UAE, online grocery orders had increased by 80-100 percent in the first months of the year, owing to COVID-19. In comparison, in Saudi Arabia, some online retailers had experienced a 200 percent increase in average sales in the early stages of the pandemic. Online shopping in the West is also witnessing the influx of new demography of older customers, a 42
CXO INSIGHT ME
JUNE 2020
group susceptible to COVID-19. The temporary boost they have provided to sales may become long-lasting if these customers continue shopping online after the outbreak subsides. Efforts to reduce people to people contact combined with fears about contaminated currency have also triggered an increase in the use of cards and contactless payments. In South Korea, for instance, card and mobile payments grew 30 percent between January and February 2020, as did innovations in contactless pickup and delivery services. Before the pandemic, more than 50 percent of face-to-face payment transactions in the UAE were made with contactless technology, and a consumer study Visa did with Dubai Economy (DED) in 2019 found that over 80 percent of contactless users trusted the technologies. In many countries, central banks have lifted some of the restrictions and requirements applied to e-payment systems to overcome COVID-19. Safaricom, Kenya’s largest telecoms company and the owner of the M-Pesa mobile money platform, announced in mid-March that it would remove fees for all transactions under KSh1000 ($9.42), while also increasing the daily transaction limit for small and medium-sized businesses from KSh70,000 ($659) to KSh150,000 ($1410). In China, contactless digital payments at the point of sale, such as Quick Response (QR) codes or near-field communications (NFC) via e-wallets have experienced rapid growth to surpass cash and cards in-
store transaction volumes and values. Interestingly, China’s experience with the SARS epidemic in 2003 helped launch digital payments and e-commerce in the country, according to the World Economic Forum (WEF). The Chinese government, a recent post by WEF explained, focused on building crucial infrastructure in the areas of identity, internet access and legacy payment systems, all while encouraging domestic online payments and digital commerce through light-touch regulations. These investments have paid off to the extent that digital payments have reached the threshold of attaining the status of a public good in China. Today, all kinds of payments ranging from taxi fares to mobile and utility bills to government fees and more can be transacted digitally. On a wider note, online retail sales in China accounted for over 35 percent of total retail sales in 2019, the biggest in the world. The COVID-19 pandemic has seen an exponential increase in online purchases and payments across multiple markets, demographics and economic classes, and hastened the normalisation of their usage. Ecommerce and digital payments basically kept the economies running during the pandemic. With the current set of restrictions from the current pandemic expected to be with us for several years, it is therefore important that countries further strengthen their digital infrastructure, systems and applications to cope with whatever challenges future decades may bring.
Our mission is to empower current and future cybersecurity practitioners with training, education, certifications, and resources to create a safer global community. In challenging and uncertain times like these, we want to do our best to help and support. That is why SANS is introducing the Flexi-Pass. This Pass offers full flexibility and a SANS training guarantee by offering “Full-access” to our different training formats PLUS a GIAC certification attempt and NetWars Continuous access. 3 ways to train, 1 chance to certify, 6 months to play - all for the price of 1 training course!
What does the SANS Flexi-Pass offer?
It allows you to study one selected course across all three SANS training modalities:
OnDemand
SANS OnDemand (6 months)
Live Online
SANS Live Online
Training Event
SANS Live In-Person Training
Includes one complimentary GIAC Certification attempt
Includes complimentary NetWars Continuous access (6 months)
The Complete SANS training experience The SANS Flexi-Pass provides you with the ability to take your SANS course whenever and wherever you want. At the same time, the pass ensures you get the most well rounded training experience by including the GIAC certification attempt and the challenging, hands-on learning experience of NetWars Continuous. Get the complete SANS Training Experience for only 7,519 USD.
th
The SANS Flexi-Pass is only available until June 30 , so don’t miss this unique opportunity and secure your training today. If you would like to know more or speak to a SANS representative, please reach out to us: mea@sans.org
+971 4 431 0761
sans.org/flexi-pass-2020
Phone: +971-4-8863850 E-mail: info@asbisme.ae www.asbisme.ae
