a product message image
{' '} {' '}
Limited time offer
SAVE % on your upgrade

Page 1

INSIDE CONTEXT CHANNELWATCH, ASBIS SCIENCE OF DISTRIBUTION

PA G E S 6 0 VOLUME O7  |  ISSUE 08 MARCH 2020 WWW.EC-MEA.COM

MCAFEE

HACKING A TESLA WITH A

By minor alterations to a test roadside sign, McAfee was able to hack machine learning inside a Tesla car.

Transformation of the CIO role 2020-2025

Enterprise architecture basis of DX

Organisations cannot ignore Zero Trust

Orchestrating multi-cloud through dashboards

Bask Iyer, VMWare

Saul Brand, Gartner

Kamel Heus, Centrify

Anthony Webb, A10 Networks

AD-ECMEA-102020

SPEED SIGN


Global Community for Technology leaders


EDITORIAL

Unlearning machine learning

ARUN SHANKAR EDITOR A R U N @ G E C M E D I A G R O U P. C O M

In the next ten years, autonomous or self-driven vehicles will use a variety of optics-based sensors, amongst others, to recognise the environment in which they are being driven. In other words, they will recognise objects around them, including humans and other items of interest, as well as road and other signs that were previously meant for humans to cognise and then action, while driving. So how easy or how difficult is it to confuse the onboard optical recognition of signs today? Should we doing this or is too early or is too late to begin such hacks? To answer some of these extremely relevant questions, McAfee Labs analysed the pixel distribution of images and signs and tested the sensitivity of current industry standard webcams, towards alteration of the pixel distribution. Inside the lab it was relatively straightforward to hack the test image and get a high recognition confidence of an object that it was not, by the webcam. In other words, the machine learning to recognise an object visually and correctly, could be poisoned through exposure to hacked images and the internal learning - unlearned with disastrous results. To take this into a real-life situation, McAfee executives used an every-day Tesla car equipped with Tesla Automatic Cruise Control and Speed Assist, a hacked test road sign, and a controlled field to drive. The result: A road sign with only a short piece of single tape hacked the onboard camera and increased the speed of the car from 35mph, to 85mph, an unstable condition. According to McAfee Labs, the camera that was on board the tested Tesla car already exists for a sizeable installed base of Tesla cars. However, in the latest Tesla cars the camera and its machine learning have been removed. Your conclusions and thoughts? Much to think about here... How should channel partners embrace the cloud? The Opex model of cloud licensing is a definite setback for those partners used to delivering perpetual software licensing, onsite installation and configuration, hands-on training, and post installation support. How do we get the good old days back? Mindware, value add distributor of Microsoft, is looking at extending its expertise of aggregating channel sales, what it does best as a distributor, into the cloud as well. It is building and scaling its cloud marketplace from one vendor to multiple vendors, and for limited products, into full solution stacks. Aggregate the channel partners, aggregate their sales, and sell-through the cloud marketplace portal. Volume drives rebates! Good old days maybe back again. Just to see how cloud is selling in our adjacent EMEA countries turn to the last pages of this month’s edition. CONTEXT ChannelWatch 2019 survey, trends from 6,500+ channel partners across countries as diverse as Russia and Germany makes for fascinating understanding. Wishing you a healthy month ahead. ë

PRINTED BY

MEA MANAGING DIRECTOR Tushar Sahoo tushar@gecmediagroup.com EDITOR Arun Shankar arun@gecmediagroup.com CEO Ronak Samantaray ronak@gecmediagroup.com

EVENTS EXECUTIVE Lhodith Ann ann@gecmediagroup.com

PRODUCTION, CIRCULATION, SUBSCRIPTIONS info@gecmediagroup.com

DESIGNER: AJAY ARYA ASSISTANT DESIGNER: RAHUL ARYA

DESIGNED BY

EVENTS EXECUTIVE Shriya Nair shriya@gecmdiagroup.com

SUBSCRIPTIONS INFO@GECMEDIAGROUP.COM SOCIAL MARKETING & DIGITAL COMMUNICATION YASOBANT MISHRA   yasobant@gecmediagroup.com

04

M A R C H 2020

MEA

MASAFI COMPOUND, SATWA, P.O.BOX: 5613, DUBAI, UAE

SALES AND ADVERTISING Ronak Samantaray ronak@gecmediagroup.com Ph: + 971 555 120 490

GLOBAL HEAD, CONTENT AND STRATEGIC ALLIANCES Anushree Dixit anushree@gecmediagroup.com GROUP SALES HEAD Richa S richa@gecmediagroup.com

AL GHURAIR PRINTING & PUBLISHING LLC.

PUBLISHED BY ACCENT INFOMEDIA MEA FZ-LLC PO BOX : 500653, DUBAI, UAE 223, BUILDING 9, DUBAI MEDIA CITY, DUBAI, UAE PHONE : +971 (0) 4368 8523 31 FOXTAIL LAN, MONMOUTH JUNCTION, NJ - 08852 UNITED STATES OF AMERICA PHONE NO: + 1 732 794 5918 A PUBLICATION LICENSED BY INTERNATIONAL MEDIA PRODUCTION ZONE, DUBAI, UAE @COPYRIGHT 2013 ACCENT INFOMEDIA. ALL RIGHTS RESERVED. WHILE THE PUBLISHERS HAVE MADE EVERY EFFORT TO ENSURE THE ACCURACY OF ALL INFORMATION IN THIS MAGAZINE, THEY WILL NOT BE HELD RESPONSIBLE FOR ANY ERRORS THEREIN. COVER IMAGE: SOURCE COMPANY WEB SITE. IMAGE SELECTED ONLY FOR REPRESENTATIVE PURPOSE.


MARCH 2020 | VOLUME 07 | ISSUE 08

CONTENTS 34

HOW MCAFEE

HACKED A TESLA WITH

SPEED SIGN By altering the appearance of a test speed sign, McAfee was able to unlearn machine learning inside a Tesla car.

C O V E R I M A G E : S O U R C E C O M PA N Y W E B S I T E . I M A G E S E L E C T E D O N LY F O R R E P R E S E N TAT I V E P U R P O S E .

06-12 VIEWPOINT

28

14

CLOUD NEWS

CHANNEL STREET BREAKING RANKS WITH ITS CLOUD MARKET PLACE

19

AI AND AUTOMATION NEWS

20

CHANNEL NEWS

24

SECURITY NEWS

46-51 52-57 GUEST COLUMN

TRENDS CONTEXT CHANNELWATCH, ASBIS SCIENCE OF DISTRIBUTION

58

PEOPLE

MOBILEYE CAMERA SENSOR, USED WITH HEAD UP DISPLAY INSIDE THE TESLA CARS.

MAR C H 2020

MEA

05


VIEWPOINT

TRANSFORMATION OF THE CIO ROLE FROM 2020-2025 OVER THE NEXT FIVE YEARS, VMWARE’S BASK IYER BELIEVES THE ROLE OF THE CIO WILL TRANSFORM AND LEAP FORWARD DRIVING BY MULTIPLE POINTS OF INFLEXION.

Blockchain will facilitate transparency and push cross-industry collaboration.

experiences and enable new applications and use cases. Domain expertise not technology will be the roadblock for IoT and edge applications. In other words, technology is the easy part. How we apply it to an industry or use case takes more work. Hence, expect startups to drive growth in this area.

BASK IYER,

CIO WILL DRIVE CASH CIOs will become increasingly more responsible for revenue generation. This has already been happening for the past few years. Over the next five years, this trend will gain momentum.

chain is solving by enabling trust in transactions in new ways. GUARDIANS OF TRUST As businesses become more tech driven, companies are increasingly opening themselves up to cyberattacks and customer data loss. In this landscape, the Office of the CIO will become the new guardians of corporate trust and reputation to build and protect customer relationships. IT MORPHS INTO DX CIOs and IT organisations will move beyond the IT stack to greatly influence the product design and development function. The IT team in most companies will evolve into the digital organisation. CIOs will become the voice of the customer to educate companies about how their customers would discover, learn, try and buy products and services.

CIO AND CHIEF DIGITAL TRANSFORMATION OFFICER, VMWARE.

CIOs will become increasingly more responsible for revenue generation.

5G FLIPS MOBILE FIRST 5G networks will unleash multi-gigabit connection speeds for mobile phones. This will push enterprises toward thinking mobile first or mobile only. And because most of us use mobile more than other devices, this will create tremendous user satisfaction. STARTUPS DRIVE USE CASES Edge computing will complement data centres and cloud platforms to deliver new customer

06

M A R C H 2020

MEA

EMPLOYEE DX Digital employee experience will become a huge differentiator to attract and retain talent. This trend is quickly picking up speed. While free food, open offices and pool tables are talked about as differentiators, employees simply want to have the right tools, policies and processes to get their job done. Over the next half-decade, employee digital experience will be treated with same priority as external customers’ experience. CROSS INDUSTRY COLLABORATION Blockchain will facilitate transparency and push cross-industry collaboration. Increasingly, this will be a way to fix data integrity issues across multiple corporations—an emerging issue block-

Domain expertise not technology will be the roadblock for IoT and edge applications.

MODERNISING PROCESSES Enterprises adopt cloud primarily for disaster recovery or to build new apps. Now, they will pivot to leveraging innovations like Kubernetes and multi-cloud solutions to modernise core business applications and processes. AI LEAPS AND FALLS Artificial intelligence will pass the Turing Test, meaning artificial intelligence will match or exceed human intelligence in many areas. However, since many vendors claim they can integrate artificial intelligence into their products and services, we will have to kiss a lot of frogs before finding our prince or princess. KING DEVELOPER Developers will move to the centre of the business, enabling modern app-based innovations to drive business transformation. On a related note, IT will drive app-driven digital transformation, and IT job descriptions will match research and engineering such as app development. ë


www.btxshow.com

and C-suite Awards 2020 April-May 2020

DIGITAL TRANSFORMATION FOR C-SUITE AND BUSINESS SAUDI ARABIA

EGYPT

QATAR

NIGERIA

BAHRAIN

KUWAIT

OMAN

PAKISTAN

GHANA

ANALYTICS, ARTIFICIAL INTELLIGENCE, AUTOMATION CLOUD, ERP, SUPPLY CHAIN MANAGEMENT CYBERSECURITY, DATA INDUSTRIAL AND DIGITAL, INTERNET OF THINGS, SELF LEARNING SYSTEMS PEOPLE, SKILLS, CULTURE BROUGHT BY

OFFICIAL MEDIA PARTNERS


VIEWPOINT

ORGANISATIONS CAN NO LONGER IGNORE A ZERO TRUST APPROACH WEAK PASSWORDS ARE A SOURCE OF BREACHES AND BY ADOPTING ZERO TRUST APPROACH, ORGANISATIONS CAN REDUCE WEAKNESSES EXPLAINS KAMEL HEUS AT CENTRIFY.

The Zero Trust model, reinforces the modern belief that login identities can no longer be trusted.

KAMEL HEUS,

REGIONAL DIRECTOR, NORTHERN,

SOUTHERN EUROPE, MIDDLE EAST AND AFRICA FROM CENTRIFY.

Forrester Research points out that 80% of security breaches result from privileged access abuse.

Gartner research reveals that Middle East and North Africa have the highest number of reported breaches in the world. In 2018, more than 36,000 incidents were reported from this region, the highest in the world. Along with this statistic, Gartner presentations revealed that the region also has the highest mean time to identify the breach. At 260 days, it is the highest in the world. What are the weaknesses in organisations that allow such a high number of incidents? Post

08

M A R C H 2020

MEA

incident analysis usually reveals that prevalence and usage of weak passwords amongst end users, and especially privileged end users like administrators, is the root cause for such breaches. Most incidents that happen are not necessarily of an advanced nature, and mostly stem when threat actors or hackers are able to crack weak passwords, and gain entry into an organisation’s network using compromised credentials of end users and administrators. Gaining entry into an organisation’s network through the credentials of an actual end user or privileged end user like an administrator, remains the easiest entry strategy for threat actors. Forrester Research points out that 80% of security breaches result from privileged access abuse. In the past, it used to be assumed that access granted through a login including a user name and password was sufficient to guarantee the authenticity of the user. With the increasing sophistication of threat actors to brute force passwords to gain access, especially weak and repeated passwords, this assumption is no longer valid, and has spawned the creation of the Zero Trust model. The Zero Trust model, first suggested by Forrester Research and National Institute of Standards and Technology in 2010, reinforces the modern belief that login identities can no longer be trusted, inside or outside the organisation, especially with the expanding threat surface. By limiting and securing privileged access to

Most incidents that happen are not necessarily of an advanced nature

the above, the organisation is moving away from a perimeter-based approach to a Zero Trust approach. The Zero Trust approach boosts prevention, detection, response, and compliance towards standards such as HIPAA, FISMA, PCI, and others. Moreover, it can be extended to the cloud, mobility, Big Data lakes, DevOps, containers, microservices, and others. Organisations begin their Zero Trust journey with the following initiatives: #1 VAULT ALL PRIVILEGED CREDENTIALS Access to the credentials of privileged users and privileged resources need to be secured and controlled, raising the level of security management control. Rigorous multi-factor authentication also needs to be enabled and added around privileged users and privileged resources. #2 CONSOLIDATE IDENTITIES AND INTRODUCE LEAST PRIVILEGE All identities need to be consolidated to eliminate redundant ones at the same time limiting privileges to the minimum required to get the work done. Along with limiting privileges, workflows need to be limited in the similar manner to restrict lateral user movements. #3 HARDENING THE ENVIRONMENT Once the above two initiatives have been implemented, the organisation can move to the next level of compliance. This can include introduction of air gapping around hardware and resources, usage of host-based intrusion detection systems, and development of advanced behavioral analytics. By going through these steps, organisations can ensure they are no longer vulnerable in the area of security breaches and password theft. ë


Some wait for Thursday to end! Some wait for Sunday to Begin!

www.fitsmea.com

UNVEILING THE FUTURE AT #FITSMEA20'

Address Dubai Marina March 16, 2020

HAPPY COMPANIES CREATE HAPPY EMPLOYEES

NOMINATE CATEGORIES SMBs (0-150 EMPLOYEES) ENTERPRISES (151-5000 EMPLOYEES)

BROUGHT BY

OFFICIAL MEDIA PARTNERS


VIEWPOINT

ORCHESTRATING MULTI-CLOUD THROUGH CENTRALISED DASHBOARDS AS CLOUD ADOPTION GROWS SO DOES THE COMPLEXITY OF CLOUD OPERATIONS AND THE NEED FOR CENTRALISED MANAGEMENT, EXPLAINS ANTHONY WEBB FROM A10 NETWORKS.

Budgets do not go up when new technology is introduced and there is a need to optimise IT staff to make them more efficient.

ANTHONY WEBB, VICE PRESIDENT EMEA, A10 NETWORKS.

A centralised management tool can give IT teams visibility of both on-premises and multi-cloud environments.

As more and more organisations embrace cloud as part of their digital transformation efforts, it is becoming more popular for those organisations to adopt two or more clouds within their infrastructure. But here optimisation and security are key to managing multiple clouds. In fact, according to a global survey undertaken, around two-thirds of companies have now deployed enterprise applications across two or more public clouds. The survey, conducted by the Business Performance Innovation, BPI Network, shows that over four-in-five 84% expect to increase their reliance on public or private clouds over the next 24 months. Based on the survey data, there is a need to make sure that enterprises can provide reliability and security across all clouds, no matter which ones they are. Additionally, as budgets do not necessarily go up when new technology is introduced, there is a need to optimise the organisation’s IT staff to make them more efficient. There is also a compounding problem, when comparing one cloud provider against another, the services they are offering in the cloud are different. And even then, services they offer to support the application have nuanced differences in terms of how they work. Think of it in terms of video streaming services, these all have different interfaces and different ways of working. For cloud environ-

On-premises has a lot of supporting services, which have been developed over decades and have more advanced functionality.

10

M A R C H 2020

MEA

ments, the critical services that provide reliability and security have different capabilities between cloud providers. Organisations trying to meet mandates for reliability and security have to look at the overall environment. When organisations have infrastructure running in multiple clouds, they may have different reasons for doing so, such as better service quality in a remote part of the world or using a specific cloud when a preferred provider doesn’t have a viable presence in a particular region. The survey revealed that many organisations have moved from phase one of deployment of clouds to a second phase where they need to operationalise their environments by making sure IT has the tools to control them. This means that businesses should look at how they centrally manage their cloud and on-premises environments. IT staff need to have visibility to deal with any incidents as they come in and be able to set consistent policies across the entire environment so that they don’t have to worry about the differences in each individual cloud or on-premises environment. The survey found that centralised visibility, management and automation will be essential to improving and ensuring the security, reliability and performance of their environments. They point to centralised visibility and analytics into security and performance 56%, automated tools to speed response times and reduce costs 54%, and centralised management from a single point of control 50% as their most important requirements. Using a centralised management tool can give IT teams visibility of both on-premises and multi-cloud environments all in one location. This makes it easy for IT teams to see what is really going on in their polynimbus infrastructure. It should also help them be more efficient and normalise the disparate cloud environments. Such a strategy of automation and intelligence is key to how organisations move to operationalise multiple clouds and make them more efficient. ë


VIEWPOINT

MANAGING DATA, BACKUP, DR ACROSS MULTI-CLOUDS

ARRIVAL OF CLOUD DATA MANAGEMENT, CLOUD NATIVE, CONTAINERS, KUBERNETES ARE HELPING ENTERPRISES TO BECOME MORE AGILE, WRITES MICHAEL CADE AT VEEAM.

Migration of IT systems to the cloud has created an illusion of exaggerated maturity.

MICHAEL CADE, SENIOR GLOBAL TECHNOLOGIST, VEEAM.

In a containerised environment, the application is closer to the data.

The mass migration of IT systems to the cloud has created an illusion of exaggerated maturity. It is easy to forget the growth of the cloud industry is still accelerating. If anything, we are in the early stages of cloud adoption. As businesses move more workloads to the public cloud, IT managers are looking for ways of moving data more seamlessly across hyperscalers and private storage. One such approach is Cloud-Native – a strategy which decouples data platforms from the underlying infrastructure to deliver scalable and agile applications via the public cloud. This essentially renders the physical infrastructure irrelevant and allows a business to run applications in any cloud and on any device. In most cases, cloud-native refers to containerbased environments, with containers providing the platform used to make up a cloud-native application. Containers are a highly portable entity that can run on any platform and access data quickly to power the applications running on them. Put in layman’s terms, in a containerised environment, the application is closer to the data. Given the digital-first nature of modern businesses, IT must be highly scalable and flexible to ensure business continuity. Hybrid and multi-cloud solutions are perfect to support this. Approaches like Cloud-Native and Infrastructure as Code IAC, combined with technologies such as Kubernetes and Containers, are making IT systems easier to deploy. While this means data is scaling more quickly, it also means it can be managed with greater

While data is scaling more quickly, it can be managed with greater speed and accuracy.

12

M A R C H 2020

MEA

speed and accuracy. Rather than be hamstrung by IT, businesses can use technology as a means of acceleration. Gone are the days when IT managers have to provision infrastructure manually. IAC, for example, takes away the issue of configuring and deploying hardware. It allows businesses to create a blueprint of what the infrastructure should do and deploy it across multiple locations. An example of this in practice is a retailer looking to open multiple new stores. Previously, this would involve manually configuring an IT infrastructure for one new store and repeating this process across each and every site. Practically, IAC delivers crucial business benefits. It dramatically reduces time and cost that provisioning infrastructure across multiple sites brings by automating the process. This also removes the potential for human error from this process. As more businesses adopt a Cloud-Native and container-based approach to IT, Kubernetes are set to have a profound impact. Kubernetes are effectively orchestrators. They enable IT managers to manage their application deployments and spin up container environments across the organisation. This offers businesses a whole new level of agility – increasing time-to-market and the ability to respond to customer needs. These relatively new technologies and approaches can be united under the banner of Cloud Data Management. This refers to the management of data across an organisations’ entire cloud and data storage provision, bringing together disciplines such as backup, replication and disaster recovery. With businesses more reliant on their digital infrastructure than ever before, maintaining the availability of data has never been more important. As manual provisioning of IT and replication of infrastructure environments gives way to highly automated and replicable approaches, organisations need to manage data appropriately. This means investing in a robust Cloud Data Management strategy, continuously backing up, replicating and making data recoverable. ë


6TH EDITION

www.fitsmea.com HONORING THE BEST AT #CATALYSTSMEA20

#LeaderX Honoring the best

Address Dubai Marina

March 16, 2020

BROUGHT BY

OFFICIAL MEDIA PARTNERS


CLOUD NEWS

Nutanix finds hybrid cloud to be the ideal IT operating model

GREG SMITH, VICE PRESIDENT PRODUCT MARKETING, NUTANIX.

Nutanix has announced the retail industry findings of its second Enterprise Cloud Index Report, measuring retailers’ plans for adopting private, hybrid and public clouds. The report found the vast majority of retailers, 87.5%, identified hybrid cloud as the ideal IT operating model. It also showed many retailers, 72%, are planning to move some public cloud applications back on-premises.

Retailers recognise that seamless customer experience is no longer a nice-to-have. It is a critical factor in winning new customers and retaining existing ones. And flexible cloud infrastructure is critical to delivering it. A recent IDC report noted worldwide spending on customer experience technologies will reach $641 billion in 2022, demonstrating it’s at the forefront of business leaders’ strategy. In line with broader IT industry trends, many retailers also recognise the full, long-term costs of the public cloud. Additional findings of this year’s report include:

SECURITY IS TOP OF MIND Data showed that security heavily shapes retail cloud deployment plans. Nearly twothirds of respondents, 63.6%, said security has significant influence on their future cloud deployments, with hybrid cloud specifically identified as the most secure, 32%. As data privacy regulations continue to tighten and expand, retailers are at the forefront of looking for ways to efficiently manage customer data securely. Hybrid cloud operating models offer the security and flexibility retailers need to stay ahead of policy changes.

RETAILERS FOCUS MOST ON AGILITY Unlike in the broader IT industry, where cost is the top driver, retailers ranked the ability to accelerate IT deployments, 54.3%, as the top factor in deciding the best cloud environment for each application. In order to adapt quickly to customer trends in an age of multichannel selling across many platforms, retailers are leading the pack in maximising the flexibility of IT infrastructure to keep pace.

RETAIL LEADS IN DIGITAL APPS Always innovating to keep pace with customers’ demands, retailers outpace averages in using the public cloud to run digital applications and Internet of Things applications. They also run their business applications more often in the public cloud than other industries, with about 11% current penetration of multiple public clouds and about 19% penetration of a single public cloud.

Jordan’s Ministry of Digital Economy migrates to Nutanix Nutanix has announced that Jordan’s Ministry of Digital Economy and Entrepreneurship, MoDEE, has successfully completed its migration to the Nutanix enterprise cloud software as part of its ongoing efforts to accelerate digital transformation across Jordon. MoDEE’s mandate is to deliver and maintain the Government of Jordan’s digital transformation apparatus for all the country’s public entities, facilitating the delivery of end-user services to citizens and businesses. Like many countries in the Middle East, Jordan is making strides in digital technology usage as a means to invigorate the economy, promote entrepreneurship and innovation, and create jobs. Jordan has long set a pace for regional peers to follow, as it has established best practices for digital migration and enhanced its e-government services by leveraging emerging technologies such as cloud computing. MoDEE is also responsible for hosting ICT services for all of Jordan’s government entities. Previously, the ministry used a managed-service model to deliver ICT facilities from its own data centre, through its own servers and storage

14

M A R C H 2020

MEA

HE MOTHANNA GHARAIBEH, JORDAN’S MINISTER OF DIGITAL ECONOMY AND ENTREPRENEURSHIP.

devices. However, in trying to support a nation with economic growth ambitions rooted in digital prowess, MoDEE found the legacy setup limiting.

MoDEE’s new control comes from Nutanix’s one-click infrastructure management console Prism that allows admins to seamlessly and easily monitor all virtual environments running on AOS. The dashboard is designed to simplify and streamline common workflows, and to make hypervisor and VM management as easy as checking email. The Nutanix enterprise cloud software has also helped MoDEE increase capacity for handling large volumes of digital traffic, thereby streamlining services across e-government branches. The Nutanix enterprise cloud software will form the foundation of future expansions, Khamees explained, adding that a planned centralisation of applications and e-services was in the works for MoDEE’s private cloud. After migrating to Nutanix enterprise cloud software the ministry noticed an appreciable difference in performance and capacity. One government agency that was able to handle approximately 1,000 concurrent users on the legacy infrastructure can now accommodate approximately 3,000.


CLOUD NEWS

Riverbed’s Mena Migally on transformative technologies in 2020 digital transformation, Riverbed has a tremendous opportunity to widen its penetration in these markets while also building on engagements with existing customers. WHAT WILL BE THE POSSIBLE DRIVERS OR FACILITATORS FOR DIGITAL AND BUSINESS TRANSFORMATION IN THE YEAR 2020? Through 2019, countries in the Middle East continued to bear the impact of low oil prices. The need to counter-balance the economy’s dependence on oil and gas is abundantly clear. We are seeing countries now lay emphasis on transitioning to knowledge and skills-based economies. Technology plays a central role in such mature economies which is why this transition is driving digital transformation.

MENA MIGALLY, SENIOR DIRECTOR MENA, RIVERBED.

IN YOUR OPINION, WHAT HAS BEEN THE MOST TRANSFORMATIVE TECHNOLOGY OR SOLUTION OR USE CASE IN THE LAST ONE YEAR? Through 2019, we have witnessed a turning of the tide for cloud as the technology has rapidly matured from a buzz word to being widely adopted. The region’s appetite for cloud computing has even prompted some of the largest cloud providers globally to establish locally based data centres this year. This has had a transformational effect on the pace of innovation and also the ability of even smaller organisations to use technology to gain a competitive edge. This is of particular importance in the Middle East where SMBs are a pillar of the economy. For example, in the UAE, SMEs contribute 53% of the total GDP, whereas in Saudi Arabia, this segment accounts for 97% of all businesses. WHAT DO YOU ANTICIPATE WILL BE THE MOST TRANSFORMATIVE TECHNOLOGY OR SOLUTION OR USE CASE IN 2020? There is no doubt that countries in the Middle

East will aim to lead the 5G revolution. The arrival of 5G will act as a catalyst for more data rich applications to evolve, transforming the way humans and smart devices interact with each other and between themselves. We can also expect that user experience will be central to technology innovation through 2020 and beyond. From Riverbed’s perspective, this means ongoing innovation and enhancement of our Digital Networking portfolio which delivers superior digital experiences, new levels of operational efficiency, and accelerated business outcomes. WHICH COUNTRIES, WHICH SECTORS, ARE SHOWING VISIBLE PROGRESS IN TERMS OF ADOPTION WITH DEFINITE CUSTOMER BENEFITS AND BUSINESS RETURNS OR CYCLIC COMPLETION? Saudi Arabia, the UAE and Egypt all remain high growth markets for Riverbed in the MENA region. Governments in each of these countries have placed large emphasis on digital transformation in both the public and private sectors. As a vendor whose solutions serve to enable successful

WHAT WILL BE THE IMPACT OF THE UPCOMING MEGA EVENTS, 2020 AND WORLD CUP, ON THE TRANSFORMATION OUTLOOK OF THE REGION? 2020 is set to be a milestone year for the region with several global events, most prominently, Expo 2020 and the G20 summit, taking place in the region. Increased global attention and the influx of tourists are set to create a flood of new business opportunities. The challenge for governments and businesses will be to successfully convert the enthusiasm and emphasis on the region into long-term opportunities. With the focus of both events set firmly on positioning the UAE and Saudi Arabia as frontrunners in the global digital economy, IT innovation will be placed front and centre. As a result, in the coming year, CIOs will be under increasing pressure to leverage technologies such as AI, cloud, and mobility to enhance operational efficiency, drive innovation and enhance customer experiences. However, my advice to CIOs is to ensure that sufficient emphasis is laid on developing the platforms that are essential to supporting the long-term IT roadmap. SD-WAN is undoubtably one of these and with the simplicity it delivers comes ease of use, agility, and an enhanced ability to adapting to change and maximise investments.

MAR C H 2020

MEA

15


CLOUD NEWS

Oracle adds Saudi Arabia as cloud region

Oracle has announced that it is making further inroads in the Middle East by adding Jeddah, Saudi Arabia, as a cloud region. Along with Saudi Arabia, other countries Oracle has expanded to include Australia, Japan, Canada and The Netherlands. With these additions, Oracle’s Generation 2 Cloud is now available in 21 fully independent locations around the globe. Oracle also adds that it plans to make 36 cloud regions available by the end of 2020. Andrew Reichman, Director of Product Management at Oracle, notes that the

16

M A R C H 2020

MEA

expansion was based on customer feedback. In order to run critical systems of record in the cloud, they need to run workloads across fully independent cloud regions for disaster recovery purposes. And those multiple sites must be in the same country to meet data residency requirements. To that end, four of these new regions give customers a second site within the same country. The fifth region, in Saudi Arabia, will be joined by a second region later this year. Oracle plans to put a minimum of two regions in almost every country where they

operate, and these new regions mark a big step toward this goal. The United Kingdom, the United Arab Emirates, South Korea, India, and Brazil will also have two regions live by the end of 2020. Oracle Cloud has enabled a unique multicloud interconnection between Oracle and Microsoft Azure at an expanding list of sites. The company currently offer preconfigured, high-bandwidth, low-latency links between Oracle and Microsoft cloud regions in the Eastern United States, London, and Toronto, with more expected to go live soon.


CLOUD NEWS

FireEye launches services for cloud-specific threats

FireEye has announced the availability of two new FireEye Mandiant services. Cloud Security Assessments help organisations evaluate and harden security in cloud platforms, and Cyber Defence Operations consulting services help organisations achieve security transformation by improving the detection and response capabilities of their security operations centre, SOC. Almost all major organisations are using or planning to use cloud environments for a variety of reasons, including cost and operational efficiencies. However, cloud security implementation requires a completely different approach and specialised skills compared to on-premises. Without the proper knowledge and contextual understanding of cloud security, the benefits associated with the cloud can quickly become diluted as organisations inadvertently expose themselves to greater levels of risk. Cloud Security Assessments are based on the

latest ways that attackers bypass cloud security measures, as observed on the frontlines by FireEye Mandiant experts. Available on the most popular cloud-based platforms including Microsoft Office 365, Microsoft Azure, Amazon Web Services, and Google Cloud, these assessments address common misconfigurations and issues with how organisations utilise and integrate the cloud into their existing IT and security programmes. Through tactical coaching and comprehensive recommendations, organisations achieve increased risk visibility and enhanced functional capabilities. Cloud Security Assessments can be customised to suit organisational budgets and security programme objectives. It is one thing to develop playbooks and define best practices, and it’s quite another to effectively implement those detection and response processes into how a SOC operates. With Cyber

Defence Operations, FireEye Mandiant experts help to accelerate an organisation’s security transformation initiatives by providing hands-on keyboard support for critical SOC roles. First, consultants conduct an initial evaluation that helps to define the transformation goals and objectives that will best mature the organisation’s capabilities. Examples of these objectives include building out threat hunting programmes and security metrics programmes. Dedicated Mandiant personnel will then offer technical event triage, analysis, and investigation support, operating within the client’s environment. Through this process, areas for maturation are identified and pursued, helping to identify and resolve visibility gaps and procedural issues. Throughout, knowledge transfer is continually conducted with the organisation’s existing detection and response team to help ensure changes are effectively operationalised.

MAR C H 2020

MEA

17


10 - 11 MARCH 2020

Unifying Purpose for Global Impact

The world’s most comprehensive AI event AI is becoming the new normal and if you ignore it will sadly be left behind. Discover ways to extract maximum value from AI at optimum scale at Ai Everything, one of the largest dedicated AI events in the world.

10K+ Visitors

130+

130+

200+

Exhibitors

Hours of content

Speakers

200+

Government Leaders

Get your Free Ticket at AI-EVERYTHING.COM

AI EVERYTHING COVERS EVERY CORE INDUSTRY - DEEPER THAN BEFORE; Healthcare | Telecom | Finance | Marketing | Transportation | Government | Retail | Education | Energy | Everything Else

Ai-Everything.com

#AiEverything

#AiEverything2020


AI AND AUTOMATION NEWS

ServiceNow introduces new industry workflow solutions

BILL MCDERMOTT, PRESIDENT AND CEO, SERVICENOW.

ServiceNow has announced a new industry solutions strategy to deliver workflows that help companies in specific industries address their unique digital transformation challenges and create value at scale. ServiceNow initially will focus on developing industry solutions for banking and telecommunications and will work with strategic partners to support its industry solutions journey and integrate those solutions in the customer environment. ServiceNow’s new banking solution will simplify middle-to-back office operations to help banks move at the speed of digital business, delivering seamless customer experiences throughout the enterprise that drive customer loyalty. The company’s new telecommunications solution will align customer care and service assurance to transform how communication service providers deliver great customer experiences by proactively anticipating issues and addressing them quickly while maximising availability and quality of service. ServiceNow also announced it is extending the scope of its partnerships with Deloitte and Accenture to address the unique challenges in the

initial target industries. Deloitte will become the Lead Launch Partner for ServiceNow’s banking solution, working with ServiceNow to implement new workflows that will transform how banks operate. This builds on Deloitte’s existing role as Lead Launch Partner for ServiceNow’s Finance Close Automation product, which was announced last year at ServiceNow’s Knowledge 2019 conference. Accenture will become the Lead Launch ecosystem partner for ServiceNow on its new telecommunications solution, helping companies drive digital transformation through purposebuilt workflows. Accenture will also help guide ServiceNow’s product roadmap and create telecommunications-specific digital workflow solutions that deliver great experiences to help support software defined networking, especially vital for new connected services enabled by 5G. ServiceNow’s solutions for banking and telecommunications are expected to be available later this year. The company expects to announce solutions for additional industries, including healthcare, manufacturing, media, technology and others, in the future.

AVEVA adds analytics to Asset Performance Management

AVEVA, a provider of industrial software, has announced a significant enhancement to its Asset Performance Management, APM, portfolio with the launch of AVEVA APM Assessment, AVEVA Asset Strategy Optimisation and AVEVA Asset Strategy Library.

Adding to AVEVA’s comprehensive preventive, condition-based and predictive software capabilities, the integrated solutions enable the workforce with prescriptive guidance, resulting in improved efficiency, safety and reliability. AVEVA’s APM Assessment benchmarks a company’s current practices against best in class performance and builds a comprehensive roadmap encompassing people, processes and technology. These metrics are then used in AVEVA Asset Strategy Optimisation to balance risk, cost and performance, which determines asset criticality. This enables organisations to prioritise maintenance investments and apply the most effective strategy. From reactive to proactive, AVEVA’s AIinfused software coupled with a rich asset library, provides the unique ability to empower customers beyond anomaly detection with prescriptive analytics to guide actions and drive targeted outcomes. By deploying these AVEVA solutions, organisations can predict asset failure and then prescribe the most economically advantageous

action to take to remediate potential asset failures. For company directors, these tools mean doubling production output resulting in a safer, more reliable environment for the workforce. A core component of AVEVA’s APM portfolio is tight alignment with customers to determine portfolio innovations and deliver proven business outcomes. The Frost & Sullivan assessment of the Global Asset Performance Management market positions AVEVA as the market leader in the $1.2B space, driven by the 4th Industrial Revolution and digitalisation trends. ADNOC Gas Processing is working with AVEVA using the predictive AI technology with prescriptive maintenance. We value our strategic partnership with AVEVA, they set a very good example for what a good collaboration is, and the results that come from this are a game-changer for long-term equipment management and optimisation,” commented Ahmed Mohamed Al Abri, Vice President, Engineering and Technical Services ADNOC Gas Processing.

MAR C H 2020

MEA

19


CHANNEL NEWS

Quest and One Identity sign agreement with Exclusive Networks

Quest and One Identity announce a new partnership with Exclusive Networks Middle East which allows them to distribute the full suite of products and services under the Quest Software Company umbrella. In a market that demands quick paced, easy to deploy best of breed solutions, Exclusive Networks- global specialist for cloud and cybersecurity solutions, has recently signed a distribution agreement with Quest and One Identity, a Quest Software Company. Since 1987, Quest and One Identity have provided software solutions for the fast-paced world of enterprise IT. With Quest, an organisation can spend less time on IT administration and more time on business innovation. In an agile and highly collaborative world where achieving simplicity in business is often a concern, whether it’s digital transformation, cloud expansion, security threats or something new, Quest helps organisations solve complex problems with simple solutions.

VAD Technologies, Hystax partner to offer cloud solutions

NICK SMIRNOV, CEO AT HYSTAX.

VAD Technologies has announced a long-term business alliance with Hystax to deliver the newest cloud technologies to customers in the GCC and the Middle East. Hystax offers a hybrid cloud management platform designed and developed to make digital transformation a straightforward process. Combining Hystax technology and VAD Technologies’ Distribution network unlocks multiple opportunities for serving the financial, industrial, education, telco, healthcare, government and SMB sectors, offering high-demand software. It is the premier solution to implement digital transformation projects and simplify the following processes: control budget and provisioning, manage workloads and optimise resources, forecast cloud costs prior to migration, provide cloud backup and business continuity. Hystax delivers software to migrate a variety of workloads from any source platform, whether it’s cloud environment or bare metal. Fully automated solution with consistent background replication, storage-agnostic snapshots, and orchestration functionality allows companies to avoid any performance impact during migrations and ensure industry-best, minimal Recovery Point Objective and Recovery Time Objective values.

20

M A R C H 2020

MEA

StarLink and Mitel sign partnership for UCC solutions

StarLink, a Value-Added-Distributor, in the Middle East, Turkey and Africa region has announced signing of MEA distribution partnership with Mitel, a global market leader in Cloud Communication and UC. Mitel delivers all-in-one communications, collaborations and contact centre solutions that organisations, be it small businesses or large enterprises, can either own or subscribe. With the cloud solution, Mitel has successfully helped organisations modernise their business communications, drive efficiencies, enjoy greater mobility, support a distributed workforce and access emerging technologies like AI and IoT. With more choices, cost-effective pricing and incentives, Mitel customers can migrate to the cloud at their own pace and get the right solution set that meets their unique business requirements. The onboarding process will see high-level partner and customer engagements, extensive brand awareness initiatives jointly by, StarLink and Mitel with the objective of building a strong foundation and lucrative pipeline.

CyberKnight to assist organisations augment security posture CyberKnight Technologies hosted an official reception to announce the launch of its operations in the Middle East. The event took place at the Radisson Blu Media City on the 29th of January, in the presence of the CyberKnight’s leadership team and over 40 industry stakeholders including vendors and channel partners. During the reception, CyberKnight’s innovative Art of Cybersecurity Distribution concept, as well as, its Zero Trust Security, ZTX, Framework were unveiled. CyberKnight Technologies, a company founded in 2019, is a cybersecurity value-added-distributor, headquartered in Dubai, covering the Middle East with on-the-ground presence in Saudi Arabia and all key Middle East markets. The ZTX framework incorporates emerging and important cybersecurity solutions that protect the entire attack surface, by leveraging AI, to help security teams at enterprise and government customers fortify breach detection, accelerate incident response and remediation, while addressing regulatory compliance.


CHANNEL NEWS

Emakina acquires Salesforce partner Cloudworks Emakina Group has strengthened its position in the GCC region with the acquisition of Cloudworks. Cloudworks is an agile cloud consulting company with offices in Dubai, Riyadh and Mumbai, and works on businesscritical digital projects for large companies. Its 30 experts are experienced in CRM, sales and marketing automation, process re-engineering and change management. With this acquisition, Emakina Group confirms its ambition to be a partner in the Middle East for companies looking to design and implement effective and memorable user experiences and streamline businesses. Cloudworks is one of the largest Platinum

Salesforce partners in the UAE and its work frequently collects five-star reviews. Digital expert Souphien Akhrif founded the company in 2015, after his studies in Information and Knowledge Systems, Engineering and Management at the Miage Sorbonne university. With his fast-growing team, Souphien successfully completed over 140 CRM and customer service projects in the GCC region. Major clients include CPI Financial, Emaar, DP World, Dubai Investments, Dubai World Trade Center, Omantel, Ooredoo, Saudi Aramco, Tadawul, and Virgin Megastore. After opening its Dubai office in 2018 and integrating Turkish agency WittyCommerce in

the group, the acquisition of Cloudworks once more confirms Emakina Group’s ambition to be the go-to partner in omnichannel commerce and digital business transformation in the GCC region and beyond. The Dubai Department for Economic Development and the Dubai Multi Commodities Centre have now approved the acquisition. With the acquisition of Cloudworks, Emakina now unites 1,000 technology and marketing experts in 22 offices across 3 continents. It combines expertise in strategy, creativity, and management on all major platforms and technologies to build digital businesses.

MAR C H 2020

MEA

21


CHANNEL NEWS

StarLink sets revenue target of $500 million for 2020

STARLINK TOP EXECUTIVE TEAM.

StarLink, a value-added distributor for cyber and cloud solutions in the Middle East, Turkey and Africa region, has announced a target of $500M for 2020, a turning point in the history of StarLink. Revealed at the company’s sales kick-off in Dubai, this ambitious target is in line with the steady revenue growth achieved over the past five years. The fiscal year 2019 closed with a 30% YoY growth, making the global distributor maintain lead as top cybersecurity VAD in the ME region. Last year was ground-breaking with the highest distribution partnership sign-offs, elevating its solutions portfolio to 50 plus vendors and some major strategic geographical expansion into Africa and Europe. With big plans underway for 2020, StarLink is already en route with significant resource ramp up, new strategic alliances and first of its kind initiatives. 2020 strategy will focus on reshaping the distribution landscape with key-value creators, become specialised in cyber and cloud solutions, increase market share, invest in automated and leading-edge processes and services, predicate and manage risks as well as continue to add value on all fronts.

SecureLink, ShiftLeft partner for application security testing SecureLink, a risk advisory firm based in Dubai and part of the StarLink group, has announced the signing of a distribution partnership with ShiftLeft, for GCC and Egypt. ShiftLeft is an application security testing product and it integrates directly into DevOps pipelines via pull request or build, and it can analyse 500,000 lines of code in under 10 minutes. This enables AppSec teams to insert security into DevOps without slowing down innovation. SecureLink will be the distributor for the entire ShiftLeft product suite of ShiftLeft Inspect, ShiftLeft Ocular and ShiftLeft Protect. Leveraging the ShiftLeft Code Property Graph. All ShiftLeft solutions are designed to provide accuracy, speed and scalability to help organisation achieve continuous security at the lowest OpEx.

22

M A R C H 2020

MEA

REGHU MOHANDAS, DIRECTOR RISK ADVISORY AND ANALYTICS, SECURELINK.


6-8 APRIL 2020 Dubai World Trade Centre

UNIFYING SECURITY FOR GLOBAL CITIZENS

FIRST TIME IN THE REGION KEYNOTE SPEAKERS

Bryan Seely The only hacker to wiretap the US Secret Service & FBI, what he's going to share will absolutely blow your mind

Hector Monsegur Anonymous' most notorious hacker and technical expert behind Anonymous/LulzSec collective

Enquire about exhibiting, speaking and visiting OFFICIALLY SUPPORTED BY

+971 4 308 6469

OFFICIAL DISTRIBUTION PARTNER

gisec@dwtc.com

STRATEGIC PARTNERS

www.gisec.ae

PLATINUM SPONSORS

ORGANISED BY


SECURITY NEWS

SANS finds disagreement on what constitutes threat hunting SANS Institute has released the SANS 2019 Threat Hunting Report, which shows that threat hunting is still in its infancy with few dedicated teams in existence and differing views on what constitutes threat hunting and how to hunt. Most respondents report using a variety of reactive approaches to threat hunting, including alerts, 40%, or IoCs via a SIEM or other alerting system to find adversary tools or artefacts, 57%. Such approaches are excellent supplements, but should not take the place of using proactive hunting techniques. Surprisingly, only 35% of respondents create hypotheses to guide their hunting activities. Organisations continue to require threat hunters to work in multiple roles. Hunters report having major responsibilities for managing SOC alerts, 34%, or incident response and forensics of breaches, 26%. Very few organisations have

MATHIAS FUCHS, SANS INSTRUCTOR.

moved to a dedicated hunt team over the past three surveys, indicating that threat hunting, and threat hunting teams, are still in their infancy. While 24% of respondents were unable to determine whether they had measurable improvements as a result of threat hunting, 61% reported having at least an 11% improvement in their overall security posture. Organisations have seen a marked improvement in more robust detections and better coverage across the environment, with 36% claiming significant improvement and another 53% realising some improvement. Other key improvements are attack surface exposure/hardened networks and endpoints, with 35% seeing significant improvement and 58% seeing some improvement, and more accurate detections and fewer false positives, at 32% significant improvement and 51% some improvement.

Unit 42 finds Kuwaiti organisation’s webpage exploited

NEW WATERING HOLE IDENTIFIED FOR CREDENTIAL HARVESTING.

During the analysis of the xHunt campaign activities, researchers from Unit 42, the threat intelligence arm of Palo Alto Networks, identified a Kuwaiti organisation’s webpage used as an apparent watering hole. The webpage contained a hidden image which was observed between June and December 2019, and referenced domains associated with malicious activity conducted by

24

M A R C H 2020

MEA

the xHunt campaign operators. Unit 42 believes that the same threat actors involved in the Hisoka attack campaign compromised and injected this HTML code into this website in an attempt to harvest credentials from the website’s visitors; specifically, gathering account names and password hashes. While Unit 42 cannot confirm this, it is possible that the

actors intended to crack these hashes to obtain the visitor’s passwords or using the hashes gathered to carry out relay attacks to gain access to additional systems. If successful in harvesting account credentials, the compromised data has a plethora of uses for the attackers and can allow them to breach an organisation to steal sensitive information. Furthermore, because they would be using trusted credentials, it can allow attackers to go undetected for long periods of time, enabling them to infiltrate other parts of an organisation and even implement backdoors, like RATs, to get back into a system even after being removed. This can result in significant damage to an organisation over a prolonged period of time. During this same timeframe, Unit 42 observed an indication of DNS redirect activity on infrastructure used by these same operators. The domains observed in redirect activity primarily contained subdomains referencing an association with their organisational email servers further implying an interest in user credential harvesting.


SECURITY NEWS

Kaspersky offers businesses first-hand threat intelligence

Help AG launches incident response and forensic services

VENIAMIN LEVTSOV, VICE PRESIDENT CORPORATE BUSINESS, KASPERSKY.

STEPHAN BERNER, CEO HELP AG.

Kaspersky is now offering business users of EclecticIQ Platform access to its threat intelligence. In a new partnership, Kaspersky Threat Data Feeds, APT Intelligence Reports and Threat Lookup service will provide EclecticIQ customers with key expertise to enhance their understanding, prevention and reaction to the latest cyberthreats. A survey of IT Security leaders commissioned by Kaspersky revealed that the role of Cyber Threat Intelligence, CTI, analyst is amongst the most challenging to hire, with almost half, 49%, of chief information security officers agreeing with this. Understaffing in this area may result in a tough situation when existing experts are overloaded with work. To help TI analysts get relevant information from a single entry point instead of searching for and matching different sources, Kaspersky is collaborating with EclecticIQ. The Threat Intelligence platform, TIP, from EclecticIQ collects intelligence from open sources, commercial suppliers and industry partnerships and makes them available in a central resource, empowering threat and SOC analysts with the latest actionable and relevant context on cyberthreats. This allows the analysts to stop or swiftly respond to threats through their existing security infrastructure. With this integration, users can draw on Kaspersky’s threat intelligence, including access to latest Threat Data Feeds, online search through historical TI using Kaspersky Threat Lookup which contains petabytes of information about threats, legitimate objects and their various relationships, and Kaspersky APT Intelligence Reports, revealing methods, tactics and tools used by advanced malefactors. EclecticIQ’s cyberthreat intelligence analysts also use the data to provide additional services to clients through its Fusion Centre. The centre delivers thematic intelligence bundles, providing customers with a curated single source of relevant cyberthreat information from leading suppliers that is optimised for their organisation.

In a move to further help Middle East enterprises enhance their resilience against advanced cyber threats, Help AG, a cybersecurity solutions, services and consultancy provider, has launched an Incident Response and Forensics Service. The service will empower security teams to drastically shorten the time taken for identification, response and remediation in case of incidents involving cyber-attacks, data leakage and service disruption. Additionally, the Help AG team will work to identify and provide measures to address the root cause of the incident, thereby helping prevent reoccurrence of the threat. In 2019, the UAE and Saudi Arabia together reported the world’s second-highest cost impact from data breaches, with losses averaging a staggering $6 million per incident according to research by the Ponemon Institute. The study also found that companies that effectively contain a cyber-attack within 30 days save on average over $1 million on the total cost of a data breach. An addition to the company’s Managed Security Services portfolio, the new Incident Response and Forensics Service will be delivered by experts with over 10 years of experience in cybersecurity. The expertise of Help AG’s MSS division has been validated by Frost & Sullivan which presented the company with its prestigious UAE Managed Security Services Provider Company of the Year award. When the need arises, Help AG will assign and dispatch an incident response expert, in the shortest possible time, to work with the customer to conduct analysis and evaluation of the security incident or suspected compromise, up to the identification of root cause. The new service was unveiled at Help AG’s flagship Security Spotlight Forum event in the UAE and several large enterprises from the regional banking, telecoms and government sectors have expressed interest in the new offering.

MAR C H 2020

MEA

25


SECURITY NEWS

Kaspersky finds malware disguised as works of Grammy nominees

CYBERCRIMINALS ARE LEVERAGING NAMES OF ARTISTS AND SONGS NOMINATED FOR A GRAMMY 2020 AWARD

Cybercriminals are actively abusing the names of artists and songs nominated for a Grammy 2020 award, in order to spread malware. Kaspersky protection technologies detected a 39% rise in attacks under the guise of nominees’ work in 2019, compared to 2018. Ariana Grande, Taylor Swift and Post Malone were attackers’ favourites, with these nominees’ names used most often in 2019 as a disguise for malware. In light of the biggest music awards of the year, to show the extent of the problem, Kaspersky researchers analysed Grammy 2020 nominated artists’ names and song titles for malware. As a result, Kaspersky found 30,982 malicious files that used the names of artists or their tracks in order to spread malware, with 41,096 Kaspersky product users having encountered them.

26

M A R C H 2020

MEA

Analysis of the nominated artists showed that the names of Ariana Grande, Taylor Swift and Post Malone were used most to disguise malicious files, with over half, 55%, of detected malicious files named after them. The connection between the rise in popularity and malicious activity is very evident in the case of newer artists such as Billie Eilish. The teenage singer became hugely popular in 2019, and the number of users who downloaded malicious files with her name has risen almost tenfold compared to 2018, from 254 to 2171, the number of unique distributed malicious files, from 221 to 1,556. For instance, while the number of users attacked by malware disguised as Billie Eilish songs in UAE accounted for only 139 in 2018,

2019 saw this number increased to 31,782. Overall, United Arab Emirates saw 61 of such malicious files distributed in this region in 2019, with 100,961 attacks. However, while nomination for a prestigious award and recognition connected to it affects users’ interest in specific artists and, as a result, a growth in malicious activity, this is not necessarily the case for more established artists such as Lady Gaga, whose name use also experienced a rise in attacks in the past year. Kaspersky also analysed which records and songs, nominated for a Grammy in 2019, received most attention from cybercriminals. Post Malone’s Sunflower, Khalid’s Talk’and Lil Nas X’s Old Town Road, led the way for songs with the most malware attacks.


SECURITY NEWS

Mimecast, Cyber Resilience Think Tank, forecast trends Mimecast announced availability of Commencing a New Decade: 2020 Predictions, the latest eBook from the Cyber Resilience Think Tank. This group of security leaders recently gathered to reflect on the past decade and forecast the major trends expected in 2020 and beyond. The eBook is designed to provide expert insight to global industry influencers on what to expect and how to prepare for the upcoming security challenges organisations may face this coming year. During the CR Think Tank meeting, much of the discussion centred on the transformations of the SaaS, InfoSec and Application Security industries. The group also covered the challenges associated with not including security from the start. To best prepare for a strong and strategic 2020, the CR Think Tank outlined four key trends that will impact how organisations approach cybersecurity. New features, bug fixes, configuration changes, and much more are delivered and iterated upon quickly to provide the best possible end user and customer experience. However, because of the

constant iterations and improvements, security can no longer be an afterthought. DevOps teams are dependent on cloud deployments, which means that security must be top of mind at every stage of the application development process. After a period of explosive innovation and growth in the security solutions space, 2019 saw a busy year of consolidation, with larger players snapping up smaller ones to expand their portfolios. Beyond the economic implications for the industry, consolidation in cybersecurity has another angle that all organisations need to consider. The complexity that comes with diverse security technologies and the ecosystems where they operate together injects risk around inadvertently acquiring your next breach. To mitigate this challenge, security leaders must be brought into mergers and acquisitions in the early stages of planning to have a greater understanding of the security posture and capabilities of the company being acquired.

CHRISTINA VAN HOUTEN, CHIEF STRATEGY OFFICER, MIMECAST.

Vectra launches Cognito Detect to address Office 365 breaches Cyber risk is becoming an escalating concern for organisations around the world, and Office 365 data breaches are at the forefront. Even with the rising adoption of incremental security approaches like multi-factor authentication, access controls continue to be circumvented. In fact, 40% of organisations suffer from Office 365 account takeovers. As these data breaches make headlines with growing consistency, the resulting financial and reputational costs mount. It is far too easy for an attacker to manipulate human behaviour and gain high privilege access to business-critical SaaS resources. According to Microsoft’s Q3 FY19 earnings call, there are more than 180 million monthly users on Office 365. With so many users, 100% cyber hygiene becomes impossible. To make matters worse, teams continue to struggle to keep up with weekly vendor-driven configuration changes and new best practices. Against this backdrop, a massive number of alerts are flooding Security Operations Centres, SOCs, forcing analysts to spend time manually

analysing and prioritising which ones deserve attention. This is overwhelming security analysts’ time and organisations’ security budgets. As threat actors become more efficient at dodging and targeting the enterprise, most analysts simply can’t keep up. Credential abuse is the leading attack vector in SaaS, especially for Office 365. In an effort to help organisations securely and successfully protect their applications, Vectra AI is announcing the launch of Cognito Detect for Office 365. Backed by new detection models focused on credentials and privilege in SaaS applications, Vectra expands cloud coverage from Infrastructure-as-a-Service and extends the ability to track attacker activity pivoting between on-premise, data centre, IaaS and SaaS. Given that attackers don’t operate in silos, a security solution shouldn’t either. Vectra delivers the complete visibility across your deployment footprint that leaves attackers without a place to hide.

HITESH SHETH, CEO, VECTRA

MAR C H 2020

MEA

27


CHANNEL STREET

MINDWARE

BREAKING

RANKS WITH

CLOUD MARKET PLACE

LEADING VALUE DISTRIBUTOR FOR DELL AND MICROSOFT IS BULLISH ABOUT ITS CLOUD MARKET PLACE, SCALING IN VOLUME AND BREADTH WITH ENABLING VENDOR PARTNERS.

n B Y: A R U N S H A N K A R

T

he statistics vary, but Expo 2020 Dubai is expected to attract between 100,000 and 200,000 visitors daily. This is upwards of 20 million visitors from 190+ countries across six months of activity. While the primary purpose of these visitors is of course to visit Expo 2020 and engage in trade, each of these visitors will also drive incremental telecom, commerce, retail, and Internet activity around themselves. This is a significant surge in demand and throughput, and all technology platforms need to be assessed about their capability to support such an increase in workloads, feels Philippe Jarre, CEO Mindware. “The real challenge for such an event is the volume. The number of trade visitors that will come in is huge. There will be a huge spike in transactions, payments, traffic, communications, amongst others. The technologies that will support these transactions must be extremely resilient and secure. This is clearly an opportunity for technology vendors and the channel partner community,” Jarre points out. Expo 2020 Dubai will also be supported by multiple simple and advanced applications to enable visitor experience and convenience. “I

28

M A R C H 2020

MEA

think the right strategy for the Expo is that some of the workloads should be migrated to the cloud - public, private or hybrid, with the right level of security,” says Jarre. This will enable a faster go-to-market for many of the new applications that must be deployed before the opening. At the same time flexibility and scalability of the cloud model will help in terms of operational and cost efficiencies as IT consumption spikes during Expo 2020 Dubai and then comes back to normal post the Expo. CLOUD MARKETPLACE One of the most important current day decisions taken by Mindware has been to build its Cloud Marketplace. Based on feedback from Microsoft, a key vendor partner, Mindware was determined to gain market share in cloud sales. Mindware identified Interworks, a supplier of cloud brokerage platform solutions, and Cloud Business-asa-Service, especially built for Microsoft Cloud partners. Other than the benefit that Mindware would get with its own Cloud Marketplace for Microsoft and other cloud vendor partners, Interworks, was also prepared to offer its Cloud Businessas-a-Service, for Mindware’s channel partners.


CHANNEL STREET

PHILIPPE JARRE, CEO MINDWARE.

MAR C H 2020

MEA

29


CHANNEL STREET

CLOUD MARKET PLACE Currently the product catalogue available on the Marketplace is skewed in favour of Microsoft cloud products and services. Realising the need to diversify this portfolio in order to give partners the opportunity for increased revenue, Mindware is in the process of adding new products on the platform that can be bundled with existing Microsoft solutions. These new co-sell products are in the areas of virtualisation, backup and disaster recovery, security and performance management. Mindware is working with vendors to get cloud solutions certified for interoperability. A lot of products that Mindware intends to bring onto the cloud platform have already been available on-prem as a bundle with Microsoft solutions. Partners using the Mindware Cloud Marketplace platform will find value in co-sell products since they will be able to offer an end-to-end solution to their customers, rather than a stand-alone product. This in turn optimises the revenue and profitability opportunities for partners. Mindware also offers partners the option of using its professional services. This is a value add for partners just beginning their cloud journey. Mindware is also looking to sign up Independent Software Vendors to list their products on its Marketplace. A lot of regional ISVs are already selling products in Microsoft Azure Marketplace, that they have developed on Microsoft solutions. The biggest advantage of listing on Mindware’s Cloud Marketplace is the fact that Mindware’s platform is targeted at the local region. Mindware has a large number of managed service providers in its base and provide reach and access to market for ISVs.

30

M A R C H 2020

MEA


CHANNEL STREET

SNAPSHOT

Mindware follows a business model where as a distributor it shares the risk with its vendor partners and is flexible. With its Cloud Marketplace, Mindware expects a revenue growth of 300% for its cloud business. With the acquisition of value distributor Arrow ECS, Mindware acquired the Dell EMC business. The Dell EMC channel business is the largest for Mindware. Mindware will be next expanding its portfolio of vendor partners in the IoT and artificial intelligence space. Current vendor partners include: Alaris, Arc Serve, AVI Networks, Barco, Barracuda, CA, Censornet, Citrix, Dell Technologies, Eaton, Forcepoint, Hitachi, Intel, Ivanti, Ixia, Juniper Networks, Lenovo, McAfee, Microsoft, Next, Nexans, Riverbed, Sandvine, SAP, RSA, Thales, Trend Micro, Ubiquiti Networks, Veritas, Vertiv, Xerox.

MAR C H 2020

MEA

31


CHANNEL STREET

Mindware can now white label, Interwork’s Cloud Business-as-a-Service, reselling the solution to its own partners. “What I want to do is to potentially create a community of partners that can share resources using this Marketplace. They can sell consultancy services for example that another partner can use. So, Mindware will become an aggregator not only of hardware and software, but services as well,” explains Jarre. Other strengths of the Interworks platform are its range of APIs and the back office, integrated billing system. Jarre plans to automate the Cloud Marketplace’s, back office and leverage its data capabilities through business intelligence tools. At some stage, Jarre wants Mindware channel partners to be viewing their invoicing and orders through this portal on their mobiles and tablets. PHASE TWO The dialogue with Interworks started in January 2019 and Mindware’s Cloud Marketplace portal went live in October 2019. The Mindware Cloud Marketplace is just a start towards a much bigger vision of building the Mindware e-commerce market place. While Microsoft will be the initial vendor partner on the Mindware Marketplace, it will be the first amongst other supporting vendors. Jarre plans to drive the sales volume around Microsoft Cloud through his team. But he also plans to diversify and scale the breadth of sales to include other Mindware vendor partners, like Citrix, Veritas, and security vendor partners, into this platform. The key to making this platform financially sustainable, according to him, is to offer multiple vendor solution bundles on the Marketplace. “In 18 months, I am expecting we will have a combined business that will not only be growing from a whole new perspective, but from a margin perspective. While this is an investment period for me, it is critical. Maybe I will accelerate faster since this gives me capabilities to enter in some new countries where I was not. This is a unit I have decided to create and manage independently as a single channel,” say Jarre, as he attempts to stitch together the various facets of his Cloud Marketplace strategy. Once stabilised, Jarre expects the sales revenue

32

M A R C H 2020

MEA

from cloud to grow 300% year on year. The pattern of cloud sales follows the growth curve of other on-demand, utility-based service models, like managed services. In such delivery services, 80% of the annual sales target is achieved in the first month of the fiscal year. The rest of the calendar year is used to prepare for the next fiscal year at 300% growth. SOLUTION STACKS “Building an IT solution stack is not called rocket science,” says Jarre. “It is quite simple. You need to pick areas. So, we decided to pick three areas.” Mindware has built its current solution stack across three key areas: infrastructure and IT integration; cyber security; and cloud transformation. Mindware’s core competence lies in the area of IT infrastructure including hardware, storage, and integration of applications. This is the first solution stack area. “Infrastructure is the base of what we have. You have to help partners to develop their technical capabilities. This is what we do a lot in Mindware and we are very good,” adds Jarre. The second solution stack that Mindware offers is cyber security. Mindware’s long and consistent baseline in the region has helped it to boost its security vendor partner portfolio. “Because of our credentials in the Middle East, we were able to bring some new vendors and now we have amazing portfolio of capabilities in security,” explains Jarre. Training and education of channel partners is key in cyber security. As a value-added distributor, offering channel partners a complete solution stack in cyber security is a key differentiator for Mindware in the highly competitive Middle East region. Channel partners need to be trained on sizing and building the solution in terms of the final bill of quantities. “Security products are highly complex and there is a big spectrum of capabilities according to where you want to play. You need someone with a good overall view and we have a good team of security consultants,” comments Jarre. The third area that Mindware operates in is cloud migration, cloud installation, and cloud analysis. Mindware’s entry into cloud has been two-fold with its channel partners. On the one hand it

has been about technical competence and the value proposition that channel partners need to build around their cloud offering, including sizing workloads and migration from on-premises to the cloud. On the other hand, it has been about how they are going to make money from this offering. Channel partners can also build applications for the cloud, and the upcoming Expo 2020 Dubai is one such great opportunity. “We are not a systems integrator,” says Jarre. “Our solution team is working on helping partners in projects that enable these kinds of initiatives. We have a services organisation to help partners.” WHAT IS NEW? Is the value-added distribution model of building competence across solution stacks changing? “It is still here, nothing has changed,” muses Jarre. “And I do not think it will change, because the market is not asking for something else at the present time.” One point of disruption in the regional channel business is the possible emergence of a vendor led, large scale market place, drawing in other enabling vendors and associated go to market channel partners, concedes Jarre. Another strength of Mindware that works across its competence areas of infrastructure and cybersecurity, is consulting. “We lead by technical analysis,” says Jarre. Mindware builds multi-vendor, pre-integrated solutions, that it offers back to its channel partners, who sell them directly to their end-customers. Since it is pre-integrated, the amount of integration that needs to be done at the end is small, usually 5-10%. “We buy the appliances, and the software. We have certified solution architects who can bundle hardware and software with certain services and propose ready-to-use solutions,” summarises Jarre. Being bullish about the future of its Cloud Marketplace, allows Mindware to break away from the ranks of other value add distributors, and build a unique positioning and loyalty amongst cloud-first and cloud-ready channel partners ë


COVER FEATURE

T

he last several years have been fascinating observing the steady move towards autonomous driving. While semi-autonomous vehicles have existed for many years, fleets of fully autonomous vehicles operating as a single connected entity is still a thing of the future. Nearly every new vehicle produced in 2019 implements state-of-the art sensors that utilise analytics technologies, such as machine learning or artificial intelligence, and are designed to automate, assist or replace many of the functions humans were responsible for. These can range from rain-sensors on the windshield to control wiper blades, to object detection sensors using radar and lidar for collision avoidance, to camera systems capable of recognising objects in range and providing direct driving input to the vehicle. McAfee Advanced Threat Research has been studying model hacking, also known in the industry as adversarial machine learning. Model hacking is the concept of exploiting weaknesses universally present in machine learning algorithms to achieve adverse results. With model hacking, the study of how adversaries could target and evade artificial intelligence, McAfee have an opportunity to influence awareness, understanding and development of more secure technologies before they are implemented. With this in mind, McAfee decided to focus on the broadly deployed MobilEye camera system, utilised across over 40 million vehicles, including Tesla models. MobilEye is one of the leading vendors of Advanced Driver Assist Systems, catering to some of the world’s most advanced automotive companies. Tesla, is a name synonymous with ground-breaking, innovative and eco-friendly smart cars. MODEL HACKING ATTACKS McAfee were successful in creating extremely efficient digital attacks which could cause misclassifications of a highly robust classifier, built to determine with high precision and accuracy what it is looking at, approaching 100% confidence. McAfee further expanded efforts to

34

M A R C H 2020

MEA

create physical stickers, that model the same type of perturbations, or digital changes to the original photo, which trigger weaknesses in the classifier and cause it to misclassify the target image. This set of stickers has been specifically created with the right combination of color, size and location on the target sign to cause a robust webcambased image classifier to think it is looking at an Added Lane sign instead of a Stop sign. In reality, modern vehicles do not yet rely on Stop signs to enable any kind of autonomous features such as applying the brakes, so McAfee decided to alter the approach and shift over to speed limit signs. McAfee knew, for example, that the MobilEye camera is used by some vehicles to determine the speed limit, display it on the heads-up display, and potentially even feed that speed limit to certain features of the car related to autonomous driving. McAfee then repeated the stop sign experiments on traffic signs, using a highly robust classifier, and a trusted high-resolution webcam. McAfee made changes to the sign like block it partially, place the stickers in random locations — and the classifier did an outstanding job of correctly predicting the true sign. While there were many obstacles to achieving the same success, McAfee was ultimately able to prove both targeted and untargeted attacks, digitally and physically, against speed limit signs. WHITE AND BLACK BOX THEORY McAfee decided it was time to test the black box theory. What this means, in its most simple form, is attacks leveraging model hacking which are trained and executed against white box, also known as open source systems, will successfully transfer to black box, or fully closed and proprietary systems, so long as the features and properties of the attack are similar enough. For example, if one system is relying on specific numeric values of the pixels of an image to classify it, the attack should replicate on another camera system that relies on pixel-based features as well. The last part of McAfee lab-based testing


COVER FEATURE

HOW MCAFEE

HACKED A TESLA WITH

SPEED SIGN BY ALTERING THE APPEARANCE OF A TEST SPEED SIGN, MCAFEE WAS ABLE TO UNLEARN MACHINE LEARNING INSIDE A TESLA CAR, AND CHANGE ITS SPEED TO INCORRECTLY.

C O V E R I M A G E : S O U R C E C O M PA N Y W E B S I T E . I M A G E S E L E C T E D O N LY F O R R E P R E S E N TAT I V E P U R P O S E . MAR C H 2020

MEA

35


COVER FEATURE

Tesla model X 2016, used to assess the robustness of Tesla Automatic Cruise Control and Speed Assist.

Tesla model S 2016, used to assess the robustness of Tesla Automatic Cruise Control and Speed Assist.

Heads up display showing the adversarial 35mph sign recognised as 85mph, inside the Tesla car. MobilEye camera sensor, used with head up display inside the Tesla cars.

involved simplifying this attack and applying it to a real-world target. McAfee wondered if the MobilEye camera was as robust as the webcambased classifier McAfee built in the lab? Would it truly require several highly specific, and easily noticeable stickers to cause a misclassification? McAfee was able to run repeated tests on a 2016 Model S and 2016 Model X Tesla using the MobilEye camera, Tesla’s hardware pack 1 with EyeQ3 MobilEye chip. The first test involved simply attempting to recreate the physical sticker test – and, it worked, almost immediately and with a high rate of reproducibility. In lab tests, McAfee had developed attacks that were resistant to change in angle, lighting

36

M A R C H 2020

MEA

and even reflectivity, knowing this would emulate real-world conditions. McAfee results were consistent in getting the MobilEye camera to think it was looking at a different speed limit sign than it was. The next step in the testing was to reduce the number of stickers to determine at which point they failed to cause a misclassification. McAfee realised that the heads-up display continued to misclassify the speed limit sign. McAfee continued reducing stickers from 4 adversarial stickers in the only locations possible to confuse the webcam, all the way down to a single piece of black electrical tape, approximately 2 inches long, and extending the middle of the 3 on the traffic sign. Even to a trained eye, this hardly looks suspicious or malicious, and many who saw it did

not realise the sign had been altered at all. This tiny piece of sticker was all it took to make the MobilEye camera’s top prediction for the sign to be 85 mph. CONTROLLING AUTONOMOUS FUNCTIONS McAfee began to investigate whether any of the features of the camera sensor might directly affect any of the mechanical, and even more relevant, autonomous features of the car. After extensive study, McAfee came across a feature known as Tesla Automatic Cruise Control that could use speed limit signs as input to set the vehicle speed. A software release for Tesla Automatic Cruise Control contained just enough information to point towards Speed Assist, with the following


COVER FEATURE

Various examples of adversarial signs that created misclassification for the MobilEye camera sensor and its machine learning from 35mph to 45mph and then 85mph. Also incorrectly showed Added Lane.

statement, under the Tesla Automatic Cruise Control feature description: You can now immediately adjust your set speed to the speed determined by Speed Assist. Speed Assist, was a feature rolled out by Tesla in 2014. McAfee can now add these all up to surmise that it might be possible, for Tesla models enabled with Speed Assist and Tesla Automatic Cruise Control, with a simple modification to a traffic sign to cause the car to increase speed on its own! By making a tiny sticker-based modification to our speed limit sign, McAfee were able to cause a targeted misclassification of the MobilEye camera on a Tesla and use it to cause the vehicle to autonomously speed up to 85 mph when reading a 35-mph sign.

It is worth noting that this is seemingly only possible on the first implementation of Tesla Automatic Cruise Control when the driver double taps the lever, engaging Cruise Control. If the misclassification is successful, the autopilot engages 100% of the time. WAY FORWARD All these findings were tested against earlier versions Tesla hardware pack 1, MobilEye version EyeQ3 of the MobilEye camera platform. McAfee did get access to a 2020 vehicle implementing the latest version of the MobilEye camera and were pleased to see it did not appear to be susceptible to this attack vector or misclassification. McAfee is thrilled to see that MobilEye appears to have embraced the community of researchers

working to solve this issue and are working to improve the resilience of their product. Still, it will be quite some time before the latest MobilEye camera platform is widely deployed. The vulnerable version of the camera continues to account for a sizeable installation base among Tesla vehicles. The newest models of Tesla vehicles do not implement MobilEye technology any longer, and do not currently appear to support traffic sign recognition at all. ĂŤ

Source: Model Hacking ADAS to Pave Safer Roads for Autonomous Vehicles by Steve Povolny and Shivangee Trivedi, McAfee Labs. Test images source McAfee. Tesla images source Tesla web site.

MAR C H 2020

MEA

37


COVER FEATURE

WHAT IS ADVERSARIAL MACHINE LEARNING AND MODEL HACKING

The term adversarial machine learning, is a mouthful! The term describes study and design of adversarial attacks targeting artificial intelligence models and features. McAfee have coined the easier term model hacking to enhance comprehension of this increasing threat. Within artificial intelligence, the model – a mathematical algorithm that provides insights to enable business results – can be attacked without knowledge of the actual model created. Features are those characteristics of a model that define the output desired. Features can also be attacked without knowledge of the features used! Simply by perturbating – changing the magnitudes of a few features such as pixels for images, zeros to ones-ones to zeros, or removing a few features – the attacker can wreak havoc in security operations with disastrous effects. Hackers will continue to ping unobtrusively until they are rewarded with nefarious outcomes. While malware represents the most common artifact deployed by cybercriminals to attack victims, numerous other targets exist that pose equal or perhaps even greater threats. Over the last 18 months, McAfee have studied what has increasingly become an industry research trend: digital and physical attacks on traffic signs. McAfee initially set out to reproduce one of the original papers on the topic, and built a highly robust classifier, using an RGB Red Green Blue webcam to classify stop signs from the LISA traffic sign data set. The model performed exceptionally well, handling lighting, viewing angles, and sign obstruction. Over a period of several months, McAfee developed model hacking code to cause both untargeted and targeted attacks on the sign, in both the digital and physical realms. Following on this success, McAfee extended the attack vector to speed limit signs, recognising that modern vehicles increasingly implement camera-based speed limit sign detection, not just as input to the HeadsUp-Display HUD on the vehicle, but in some cases, as input to the actual driving policy of the vehicle. Ultimately, McAfee discovered that minuscule modifications to speed limit signs could allow an attacker to influence the autonomous driving features of the vehicle, controlling the speed of the adaptive cruise control. The good news is that much like classic software vulnerabilities, model hacking is possible to defend against, and the industry is taking advantage of this rare opportunity to address the threat before it becomes of real value to the adversary. Introduction and Application of Model Hacking by Steve Povolny and Celeste Fralick, McAfee Labs.

38

M A R C H 2020

MEA


INNOVATION

VERITAS COMPLETES VISION SOLUTION DAY IN UAE

WHILE DATA MAY BE THE NEW OIL OF THIS DECADE, BUSINESSES NEED TO TRANSFORM TO GENERATE VALUE FROM THEIR DATA, WAS THE THEME AT VERITAS SOLUTION DAY.

V

eritas successfully completed its Vision Solution Day in the first week of February in Dubai, UAE. Close to 250 IT decision makers and influencers attended the event at Address SkyView. The focus of the Solution Day was to learn how Veritas enables organisations to harness the power of information and serve complex heterogeneous environments. The welcome address and keynotes at the event were presented by executives from Veritas Technologies. These included Damian Wilk,

40

M A R C H 2020

MEA

Sales Leader; Mark Nutt, Senior Vice President; Deepak Mohan, Executive Vice President, Enterprise Data Protection and Compliance; Johnny Karam, Vice President, Emerging Markets; Ian Wood, Head of Business Practices EMEA; Rich Rose, Senior, Distinguished Architect. The keynotes and presentations at the event were built around informing the delegates how to make cloud migration simple; using digital compliance to re-shape data management; boosting data resilience with an integrated protection strategy; addressing the challenges from business

transformation and the growth of modern workloads; seeing data clearly to achieve business goals; how data protection is more than just backing up data. The knowledge and understanding of data is not just an insurance policy to ensure compliance, it is an investment in the competitiveness of a business. During the presentations, Nutt emphasized that merely having the data inside an organisation is not sufficient to generate results. Businesses have to transform to be able to use the data. With the growing deluge of data, complexity increase the costs of performance. Mohan pointed out that, with all these challenges, IT is probably the hardest job today. IT end users should focus on the application dashboard and let the application manage the complexity. Karam also pointed out that, businesses cannot keep adding storage into the data growth problem. Automation is a critical part of solving the management of data. Wood explained that the cost of enterprise downtime is highly prohibitive today. Veritas global surveys indicates that the cost of downtime can vary from $5,000 per minute to $1M per hour. This cost is generated from the loss of brand reputation, stemming from the loss of data availability, and the lack of testing over disaster recovery. The process of disaster recovery is so labour intensive that it is hardly every tested. Wood pointed out that it is easier to focus on testing application availability and data availability. The Veritas Net Backup platform has been built over the last 20 years and is able to manage 500 types of data sources. The event was concluded with a panel discussion moderated by Ian Wood from Veritas. The participants of the panel discussion included Fayaz Ahamed Badubhai, Group IT Director, Al Yousuf Group; Shujah Ahmed, Executive Director, Dubai Holdings; Nitin Bharghava, CIO, Mashreq Bank; and Mahmoud Yassin, CISO, United Arab Bank. The panel pointed out the challenges of managing people and culture, security, and legacy technology assets during the process of digital transformation. Managing technology is the easy part for IT executives, they felt. ĂŤ


Vigilance Built From Within

CHOOSE THE RIGHT SURVEILLANCE STORAGE ALWAYS-ON SkyHawk® provides reliable 24×7 support for up to 64 HD cameras in DVR/NVR environments, and is 4K ready.

4K ready

64

24×7

HD Cameras Supported

ImagePerfect™ Firmware

SMART SkyHawk AI enables surveillance solutions that can simultaneously support 64 HD cameras and 16 AI streams. Production Monitoring

Anomaly Detection

CENTRALIZED STORAGE Exos™ drives and system solutions are immensely scalable and fully optimized to store petabytes of data from 1000s of cameras.

Centralized Backup

Learn more at SEAGATE.COM/SURVEILLANCE


SPECIAL FOCUS

WEST AFRICA

ENERGY, FINANCE ARE ICT DRIVERS, BUT GROWTH IS ELUSIVE NIGERIA AND GHANA ARE DRIVING WEST AFRICAN ECONOMY WITH ENERGY AND BANKING INDUSTRIES, BUT STRONG COUNTRY GOVERNANCE IS ALSO REQUIRED TO MOVE AHEAD.

W

est Africa is the westernmost region of Africa and consists of 16 countries including Benin, Burkina Faso, Cape Verde, The Gambia, Ghana, Guinea, Guinea-Bissau, Ivory Coast, Liberia, Mali, Mauritania, Niger, Nigeria, Senegal, Sierra Leone and Togo, Saint Helena,

42

M A R C H 2020

MEA

Ascension and Tristan da Cunha. The population of West Africa is estimated at close to 400 million people as of 2018. However, in terms of ICT consumption and spending, Nigeria dominates the West Africa region, and is the investment powerhouse, at least for now. According to a recent conference IDC Direc-

tions 2020 in Dubai UAE, the generic drivers for ICT consumption across Middle East, Africa and Turkey include Public sector leading transformation efforts, Diversification efforts, Urbanisation, Mega events and national programmes, Thriving startup ecosystem, Large young consumer base, Tech driving innovation transformation.


SPECIAL FOCUS

MARK WALKER,

LEAD SUB SAHARAN RESEARCH AND CONSULTING PRACTICE, IDC MEA.

On a similar pan-regional scale the inhibitors for ICT consumption across Middle East, Africa and Turkey include Political uncertainties, Weak global demand, Limited access to capital, Elections in several countries, Volatile oil and commodity prices, Weaker consumer sentiment, Unemployment, lack of skills, Currency fluctuations, amongst others. This does not include the recent impact of COVID-19. THE NIGERIAN ICT POWERHOUSE According to global research firm, IDC, Nigeria ranks amongst the top five ICT spending countries in Middle East, Africa and Turkey. Nigeria follows, South Africa, Saudi Arabia, UAE, and Turkey in ICT spending. IDC estimates Nigeria will spend $3.4B on ICT during 2020, with a modest YoY growth rate of 2.3%. According to Mark Walker, Lead for Sub Saharan Research and Consulting Practice at IDC Middle East and Africa, economic growth across

Nigeria has been slow with average GDP growth of about 2% in the last three years. Crude oil remains the key source of revenue for the country, which exposes the country to direct impact of increase or decline in global oil prices. The forex market has relatively been stable; however, the stability is artificial as the government through monetary policies is controlling the market price of the naira rather than allowing market forces to be the determinant. Inflation has also been stable at about 11%, however, recent increase in VAT from 5-7.5% is expected to have trickle-down effect on pricing for consumer goods which is expected to drive inflation upwards Key vertical ICT spending markets in Nigeria are mobile network service providers, IT service providers, IT companies, banking and finance, and the government. Says Walker, “Nigeria is still in its infrastructure build stage so over 70% of IT spend is on hardware infrastructure and is dominated by these verticals.”

Mobile network providers are key spenders on datacentre infrastructure to support internal services and deliver services to external customers. IT service provider too are key spenders on datacentres as they offer mostly collocation services. Two tier IV datacentres are expected to be launched in Nigeria by the end of 2020. The enterprise business segment dominates IT service consumption because of business requirement and financial capability “Regulation by the central bank of Nigeria over data sovereignty is forcing investments in datacentre infrastructure and disaster recovery site across the country. The government has also been investing in hardware upgrade across parastatals,” points out Walker, which is likely to drive high-end enterprise solutions. There is high consumption of mobile services across all business segments. Poor fixed infrastructure for both voice and broadband, in Nigeria has been a key driver for the high uptake of mobile services. Like voice there is high mobile

MAR C H 2020

MEA

43


SPECIAL FOCUS

data consumption across all businesses. There is availability of fixed wireless access, although usage is driven by SMEs. Fixed wireless access offers relatively robust Internet connections at affordable prices to match SME business requirements and budget. Large businesses and multinational organisations can afford more robust and dedicated bandwidth solutions to meet business demands. IT consumption in the SME space is limited to top tier SMEs that subscribe to SME in a box solution, which includes

44

M A R C H 2020

MEA

bundled connectivity and IT service. Analytics tools and AI platforms are been used to create better customer experience in the banking sector. Banks now have virtual assistants that can sort certain customer challenges without human interference. FinTechs are leveraging AI platforms for credit underwriting such that loan facility is offered within hours of profiling a customer online. Machine to machine solutions are been used in the FMCG and manufacturing space to ensure

increase productivity and monitoring in factories. 3D printing at a very low scale is available in the manufacturing sector. Electronic toll collection is also available at limited toll gates across the country. The media and entertainment industry have gradually adopted drones to capture high rise video footage. OVERVIEW OF NIGERIA According to reports and analysis by Oxford Business Group, Nigeria is Africa’s biggest oil exporter


SPECIAL FOCUS

REGIONAL PLAYERS SURFLINE COMMUNICATIONS

Ghana based Surfline has 4G technology on a 100% LTE network. In addition to 4G LTE, Surfline provides Internet services via fiber broadband, microwave and Wifi access. It operates a B2C, B2B and B2G business models to a customer base of over a hundred thousand subscribers in Ghana. Surfline Communications was established in 2011 to provide premium quality wireless broadband connectivity to the Ghanaian market. The National Communications Authority awarded Surfline a Broadband Wireless Access license the following year. Surfline launched to become the first 4G LTE Company in Ghana. It is the single largest LTE deployed in Sub-Saharan Africa with strategic partners such as IBM, Alcatel Lucent, Microsoft and Huawei. To ensure customers are able to enjoy services, Surfline Communications have invested in industry leading server and network hardware which are IBM Power and X-Series servers to Fortinet Firewalls, Switches and Routers to house and protect business applications, with redundancy across the entire infrastructure. In addition to hardware, Surfline Communications has also invested in Oracle stack of applications, which provides real-time rating and charging of prepaid events, voucher management systems and customer relationship management applications. Surfline’s state of the art-based framework over Fusion middle-ware also facilitates integration across Oracle and non-Oracle applications, providing service activation on network elements, Billing and Revenue management for post-paid subscribers, collects and processes usage data records from network elements. Surline’s systems also provide Data-Warehousing, Business Intelligence support and Oracle ERP which gives enterprise business support. This support includes Finance, Human Resource Management Systems, Supply Chain Management which manages different inventories.

EZIPAY Ezipay is a payment facilitator allowing diaspora to send money back home from 149 countries instantly into a mobile money wallet and bank account. It also has other valued added services like airtime top-up, TV subscription, Internet bundle, fibre and broadband bills, mobile money transfer, bank transfer, international and local flight booking and purchase as well as grocery purchase and delivery. Across Africa, Ezipay operates in Ghana, Sierra Leone, Ivory Coast, Senegal, Benin, Togo, Burkina Faso, Niger, Guinea Bissau, Mali, Liberia, Cameroon, Zambia. Eziapy is available as an Android and iOS application. Cloud based technologies are a driver for its business. Different regulations in every African country are an inhibitor for its business, as well as lack of education about Fintech products. and, with a population of 193M, the region’s biggest economy and largest consumer base. While the government is reliant on oil and gas for its revenue, the economy itself is more diversified, with manufacturing, banking and insurance, retail and agriculture all major contributors. However, each of these sectors could grow faster and create more opportunities if structural problems were overcome, among them, the country’s electricity shortage, corruption and bureaucratic bottlenecks.

The country’s main economic blueprint is the Economic Recovery and Growth Plan, launched in 2017, which includes up to 60 policy interventions that seek to remove major obstacles to growth. Following the general election in February 2019, the incoming administration will be expected once again to consider major policy questions, notably including the issues of subsidies, oil sector laws and how to boost tax receipts. Nigeria’s ICT sector has faced several

challenging years, with rapid currency depreciation and a macroeconomic slowdown weighing on profitability. However, the sector remains a critical non-oil growth driver and major contributor to the economy, supported by a sizeable young population and the rapid adoption of mobile Internet services. Dominated by four large mobile operators, the telecoms industry remains on a steady growth trajectory, as rising smartphone penetration and investment in mobile internet networks supports a shift towards data-driven growth models. In the IT sector government efforts to boost broadband penetration have begun to gather steam, although the country will face a number of challenges in achieving its ambitious mid-term expansion targets owing to issues in deploying new fibre-optic infrastructure. OVERVIEW OF GHANA According to reports and analysis by Oxford Business Group, Ghana’s economy is one of the fastest growing in Africa, and its recently established oil and gas industry has made it a target for foreign investment. However, while prospects for continued expansion are good, the state faces a stubborn fiscal deficit and the longer-term challenge of reducing the nation’s reliance on a small number of exports. Fiscal and economic reform, therefore, remain top of the agenda in the election year of 2020. Ghana is Africa’s biggest producer of gold and second-biggest producer of cocoa. Since the 2007 discovery of significant oil reserves, hydrocarbons exports have been added to the roster. A reliance on export commodities, however, means that the economy has in the past been vulnerable to crop failures and falling prices. Ghana has the second-highest data penetration rate in sub-Saharan Africa, the fastestgrowing mobile money market on the continent and a burgeoning tech start-up scene. ICT therefore represents one of the most dynamic areas of its economy. Recognising the sector’s potential, the government has stepped up efforts to stimulate market activity and pave the way for the rollout of 4G and 5G technology. Nevertheless, taxes and spectrum costs have dampened growth and emerging tech firms continue to struggle for financing. The rapid expansion of mobile data penetration and mobile money platforms has had a transformative effect on the economy, boosting financial inclusion and providing companies with new avenues to develop and market their products. These platforms have also opened up new opportunities for start-ups. ë

MAR C H 2020

MEA

45


GUEST COLUMN

HOW THIRD GEN AI WILL TRANSFORM CYBERSECURITY CHALLENGES COPING WITH NEXT LEVEL OF CYBER THREATS WILL REQUIRE ADVANCED AI AND INTEGRATED, ORGANISATION-WIDE NETWORK APPROACH, EXPLAINS DEREK MANKY AT FORTINET.

Today, different segments of the networks cannot see or talk to each other and threat intelligence often exists in isolation.

I

magine what you would have done differently in your network if you could have just seen a few years into the future. Would you have been quicker to embrace the cloud? What about the time and money spent on technologies that you now do not really use? Every wiring closet has a number of expensive boat anchors sitting on a shelf somewhere gathering dust. Of course, if your organisation has ever been the victim of a serious breach, it is easy to guess how you may have prepared differently for that. The truth is, that last one is not really just wishful thinking. Cybersecurity professionals, have been warning organisations about the threats just around the corner for years. Some require years of experience to understand threat actor trends and malware trajectories. But others just stare you in the face. While predicting what cybercriminals are going to do next can be tricky, the reverse is not true. When it comes to the cyber arms race, the criminal community has always had a distinct advantage in knowing what is coming next. Organisations are constantly looking for new ways to squeeze more value out of their networks, or gain that sliver of competitive edge through the use of new technologies. And cybercriminals can predict with a high degree of certainty where many of those organisations will also neglect to apply proper security to those efforts. According to one report, cybercriminals cost the global economy a total of $1.5 trillion last year. And the rate of growth for cybercrime looks likely to continue for some time unless organisations make a significant paradigm shift as to how they think about and deploy security.

GAIN UPPER HAND To get out ahead of the traditional cycle of buying new cybersecurity solutions in response to the latest threat trends, organisations need to begin using the same sorts of technologies and strategies to defend their networks that criminals are using to compromise them. That means adopting an integrated approach that leverages the power and resources

46

M A R C H 2020

MEA

of today’s enterprise. How can organisations successfully gain the upper hand when it comes to their cyber adversaries. And that strategy relies heavily on two things: the development and deployment of solutions built around machine learning and artificial intelligence, and shifting to a security-driven networking strategy that takes the principle of look before you leap to a new level. One of the objectives for a security-focused artificial intelligence strategy is to develop an adaptive immune system for the network similar to the one in the human body. In the body, white blood cells come to the rescue when a problem is detected, acting autonomously to fight infection. In the network, artificial intelligence can potentially perform much the same task by identifying threats and initiating and coordinating a response.

FIRST, SECOND GENERATION AI The first generation of artificial intelligence is already in place in some sectors. Leveraging artificial neural networks and massive databases, systems using machine learning can rapidly sift through mountains of data to provide analysis and determine a proper course of action, all at network speeds. The next generation of artificial intelligence, currently running in labs and some production environments, is able better able to detect patterns by distributing learning nodes across an environment. This enhances its impact on things like access control. Some artificial intelligence systems are now able to identify individuals using complex bio-footprints such as typing patterns or heartbeat rhythms, and detect even the most subtle deviations in normal network traffic to identify malicious actors and malware. Implementing this in today’s networks will require deploying regional artificial intelligence-enhanced learning nodes that can collect and process local data for quick responses to events, and also share that data back to a central artificial intelligence brain to deeper correlation to not only better

By shifting responsibilities to autonomous selflearning processes, cybersecurity professionals will be able to focus on strategy.


GUEST COLUMN

DEREK MANKY,

CHIEF SECURITY INSIGHTS AND GLOBAL THREAT ALLIANCES, FORTINET.

Artificial intelligence will exist as an interconnected web of intelligent regional learner nodes.

security ramifications. And that has to include prioritising how the security to be deployed in new areas of the network will interoperate with existing systems.

NEW APPROACH

detect suspicious patterns of behavior, but also immediately respond in a decisive manner before an attack can even be fully formed.

THIRD GENERATION AI The third generation of artificial intelligence, however, is where things begin to get really interesting. Artificial intelligence will still require a central brain, but rather than a hub and spoke model, it will instead exist as an interconnected web of even more intelligent regional learner nodes, much like an organic neural network. Direct information sharing between nodes will not only play a pivotal role in identifying threats

in true real time, but also ensure that central protections and controls match local requirements and variations. Of course, none of this will matter if security is not deployed where cybercriminals strike. Today, different segments of the networks cannot see or talk to each other and collected threat intelligence often exists in isolation. The result is a fragmented security implementation that cybercriminals are all too eager to exploit. This challenge is being compounded as more and more organisations rush headlong into adopting new technologies – today it is the cloud and tomorrow it will be 5G and edge computing – without first properly considering all of the

Getting from where most organisations are today, to the sort of integrated and distributed security that the future will require, underscores the need to take a new approach. Organisations need to focus on interconnectivity and deep integration between their security devices. For machine learning systems to be successful, they not only need access to critical security information, but that data will need to be seamlessly and instantly shared across the network so can be adapted to each networked environment’s unique configuration. This will also require taking a security-first approach to new network expansions to ensure that all network and security systems and devices are visible and consistently controllable from anywhere in the network. The ability for machine learning and artificial intelligence systems to take over many of the menial and detail-oriented tasks previously assigned to human resources will take a significant bite out of the growing cybersecurity skills gap. By shifting responsibilities to autonomous self-learning processes that function similarly to human autoimmune systems – hunting for, detecting, and responding to security events autonomously and in true real time – valuable cybersecurity professionals will be able to focus their unique skillsets on higher-order planning and strategy. This transition will be critical as organisations move to adopt the advanced security-driven network strategies that will help their businesses succeed in the digital marketplace of tomorrow. ë

MAR C H 2020

MEA

47


GUEST COLUMN

UNPROTECTED APIS NEXT SWEET SPOT FOR THREAT ACTORS IN THE WORLD OF DIGITAL TECHNOLOGIES AND OPEN SYSTEMS, APIS ARE THE KEY AND ARE ALSO THE NEW HACKER TARGET, WRITES RAY POMPON AT F5 NETWORKS.

System owners did not realise that their API was wide open.

An API is a user interface for other apps instead of users.

T

he word is out. Organisations across the world are finally waking up to the potential of application program interfaces, APIs transforming business models and directly generating revenue. Momentum has been building steadily. Back in 2015, the Harvard Business Review reported that 90% of Expedia’s revenue was driven by APIs. eBay and Salesforce also claimed 60% and 50% API-driven revenue, respectively In simple terms, an API is a user interface for other apps instead of users. They are often managed with API gateways, which are lightweight pieces of software running on an application server that manages those connection points for other app services or mobile apps to push or pull data. This helps define the API in relation to other APIs and clients, enabling organisations to use the output of the original service in different ways, apps or environments without starting from scratch. This is a big deal for those looking to leverage existing infrastructures with minimal modifications. The influence and spread of APIs has continued to grow in recent years, with the portal and community forum programmableweb.com listing 12,000 in 2015. In October 2019, the number stood at nearly 23,000. Naturally, this has not gone unnoticed by hackers and cybercriminals. One of the biggest issues is overly broad permissions, which means attacks through the API can basically give bad actors visibility into everything within the application infrastructure. API calls are also prone to the usual web request pitfalls such as injections, credential brute force, parameter tampering, and session snooping. Visibility is another major increasingly pervasive problem. Organisations of every stripe – including IT vendors – have a notoriously poor track record of maintaining situational API awareness.

MISCONFIGURED ACCESS In a recent survey, all of 2018’s recorded API breaches up until November focused on large platforms with significant numbers of APIs, and mobile apps heavily dependent on

48

M A R C H 2020

MEA

a few of them to function. However, every single breach discovered from November 2018 to the present was the result of misconfigured access controls. In other words, system owners did not realise that their API was wide open. The good news is that the principal threat actors were primarily fame-hungry security researchers with no intentions to leak or exploit data. Next time, organisations may not be so lucky. In another notable near-miss from last year, a North Carolina State University study found that more than 100,000 code repositories on GitHub had API tokens and cryptographic keys—the literal tools for API access control—stored in plaintext and visible in plain sight. It is a trend we have seen for a while: developers using workarounds or insecure practices during development, and then failing to mitigate those issues when the project goes live. Storing API authentication information in plaintext on GitHub is just the latest incarnation of an enduring issue.

REMEDIATIONS

Inventory Understand where your APIs exist and how they contribute to business operations. Context is king. Perimeter scans to get the “hacker’s eye” view” and in-depth discovery interviews with development and operations teams are essential. Get all the details on the table and prepare risk assessments accordingly. Authenticate The 2019 survey found that 25% of surveyed organisations do not use API authentication. 38% reported that they did so some of the time, and 37% said it was most of the time. This a big problem. There are different forms of API authentication and a risk-based approach is advised before committing to anything. Credentials are the keys to the kingdom and must be stored in a secure way, whether in the form of user-password combinations for either machines or human users or API

The prevalence of APIs is matched only by their obscurity.


GUEST COLUMN

RAY POMPON,

PRINCIPAL THREAT RESEARCH EVANGELIST, F5 NETWORKS.

Constant testing is required to stay current.

Connections Log and review all API connections, regardless of outcome and behaviour. It is also best practice to monitor the assets that the APIs serve. Encrypt We increasingly encrypt all user traffic on the web and APIs are no different. Encrypt connections and validate certificates, as with any other service. Tools Use an API-aware proxy or a firewall to inspect, validate, and throttle requests. Some API security services can analyse the originating client and attempt to determine if a request is legitimate or malicious. They can also ensure that API requests stay where they’re supposed to.

keys which are simplified authentication strings that have specific uses.

It is a good idea to place a bug bounty on API vulnerabilities and harness insight of researchers.

Authorise No APIs should pass unsanitised or unvalidated input to applications. That is a sure-fire recipe for an injection attack. API credentials must be treated using the principle of least privilege. Role-based access control is the best way forward. At a minimum, it should entail limiting HTTP methods that specific roles can implement. Organisations need to allow their environments and business logic dictate decisive action. It is also possible to define sequences of actions that correspond to the specific API use case.

Test The prevalence of APIs is matched only by their obscurity. Constant testing is required to stay current. It is also a good idea to place a bug bounty on API vulnerabilities and harness the insight of proactive security researchers. APIs are not new, but they are increasingly relevant for the way the Internet is growing and applications are evolving. In many ways, they reintroduce existing risks in forms that are more likely to be exploited, more impactful, and harder to recognise. See, for example, Cambridge Analytica’s notorious recent exposure of social media API loopholes that enabled it to collect millions of users’ data. At the same time, APIs are an unavoidable component in contemporary architectures, which means that avoiding or ignoring any related security issues is no longer an option. ë

MAR C H 2020

MEA

49


GUEST COLUMN

ENTERPRISE ARCHITECTURE WILL BECOME BASIS OF DX ENTERPRISE AND INFORMATION ARCHITECTURE WILL SOON BECOME THE FOUNDATION OF SUCCESSFUL DIGITAL TRANSFORMATION EXPLAINS SAUL BRAND AT GARTNER.

The emergence of data, analytics, machine learning and artificial intelligence is rapidly reshaping organisations’ core business models.

SAUL BRAND,

SENIOR DIRECTOR ANALYST, GARTNER.

I

n 2011, Gartner predicted that within ten years, the majority of global enterprises would support enterprise architecture as a distinct discipline that is integral to business planning. Now, in 2020, enterprise architecture has grown from a support function into a highly strategic one, responsible for designing an intelligent information architecture that supports digitalisation and innovation. Enterprise architecture continues to evolve at a rapid pace as emerging technologies lead to business disruption. A traditional enterprise architecture approach that focuses on technical and solution architec-

50

M A R C H 2020

MEA

To keep pace with digital business, enterprise architecture must recognise and elevate the importance of information architecture.

ture is no longer enough to meet the needs of today’s enterprises. Today’s enterprise architects are responsible for designing intelligence into the business and operating models, identifying ways to help their organisation use data, analytics and artificial intelligence to plan, track and manage digital business investments. Traditionally, enterprise architecture led strategy execution activities for the enterprise. However, enterprise architecture has shifted its focus to strategy design. By 2023, 60% of enterprise architecture practices will design intelligence into their business and operating models

to support strategy development and execution. Use design thinking approaches to act like an internal management consultancy. Track and evaluate emerging technologies, and map them back to the business model to identify how they can create opportunities. Add value to the enterprise through strategic technology integration. The emergence of data, analytics, machine learning and artificial intelligence is rapidly reshaping organisations’ core business models. To keep pace with digital business, enterprise architecture must recognise and elevate the importance of information architecture. By 2023, 65% of enterprise architecture programmes will refocus on information architecture, making it central to all digitalisation initiatives. The ability to effectively understand and model a wide range of information sources will be critical for enterprise architecture to enable adaptive and information-driven business models. Help business leaders drive competition and profitability by linking all business efforts to information architecture. Develop a clear model that showcases the business ecosystem, its dynamics, and the creation and sharing of information. Work with domain experts across IT to ensure that the underlying technology platform is ready to manage and manipulate information in its various forms. The ongoing shift toward an internal management consultancy role uniquely positions the

By 2023, 65% of enterprise architecture programmes will refocus on information architecture, making it central to all digitalization.


GUEST COLUMN

YOUR PRIVACY POLICY WILL IMPACT YOUR SALES IN FUTURE, CUSTOMERS MAY DECIDE WHETHER TO BUY OR NOT BUY YOUR PRODUCTS BASED ON HOW YOU MANAGE THEIR PRIVACY, SAYS BART WILLEMSEN AT GARTNER.

BART WILLEMSEN,

VICE PRESIDENT ANALYST, GARTNER.

Privacy is becoming a reason for consumers to purchase a product, in the same way that organic, free trade and cruelty-free labels have driven products sales in the past decade. Privacy-first products are likely to follow this trend. To increase customer trust, executive leaders need to build a holistic and adaptive privacy programme across the organisation, and be proactive instead of responding to each jurisdictional challenge.

In 2019, Gartner observed a decline in overall customer satisfaction, an erosion of trust and an increase in privacy invasion. Today, these sentiments extend into all interactions between customers, organisations and devices. As customers demand protection of their privacy, lawmakers around the world are preparing to meet this demand. By 2023, 65% of the world’s population will have its personal information covered under modern privacy regulations, up from 10% today. More than 60 jurisdictions around the world have enacted or proposed postmodern privacy and data protection laws, following the introduction of the GDPR in 2018. These include Argentina, Australia, Brazil, Egypt, India, Indonesia, Japan, Kenya, Mexico, Nigeria, Panama, US, Singapore and Thailand. People are actively demanding privacy protection — and legislators are reacting. If your organisation operates globally, focus on standardising operations in accordance with the GDPR, and then adjust as required for local requirements. Use technology solutions to assist with not only readiness efforts, but also to automate portions of your privacy management program

once it is established. This is particularly important for the handling of subject rights requests and the processes for consent and preference management. By year-end 2022, more than 1 million organisations will have appointed a privacy officer or data protection officer. Increased regulation will lead organisations to hire capable, empowered senior-level privacy officers to deliver both compliance and customer satisfaction. There were only a few thousand official privacy officers worldwide before the GDPR took effect in 2018. In 2019, it was estimated that already half a million organisations relied on the expertise of a privacy officer. Organisations that avoided hiring a privacy officer because they were not subject to the GDPR now need to catch up. Appoint a privacy officer, ideally one who reports directly to the board. Whether the current regulatory landscape demands it or not, having a dedicated lead for the privacy discipline is necessary to help co-steer the corporate strategy and affect the organisation on strategic, tactical and operational levels. ë

By 2023, 60% of organisations will depend on enterprise architecture ’s role to lead the business approach to digital innovation. enterprise architect to be an innovation leader for the organisation. Enterprise architecture leaders understand business and IT capabilities and can improve communication and collaboration across silos. By 2023, 60% of organisations will depend on enterprise architecture’s role to lead the business approach to digital innovation. Enterprise architecture can also bridge innovation and operations. To drive and operationalise innovation, help plan, design and orchestrate the move of an innovation into the operating model. Then feed the realities of the operating model back into the innovation process.

Finally, enterprise architects must identify ways to balance stakeholder perspectives so that everyone stays laser-focused on achieving the organisation’s targeted business outcomes. This places enterprise architecture at the heart of innovation, providing key services and ensuring that it is successfully executed. As the practice of enterprise architecture evolves, so will its toolset. By 2023, 60% of enterprise architecture tools will be intelligent. Future enterprise architecture tools will support customer experience, product design, machine learning, the Internet of Things, and more.

Enterprise architects and technology innovation leaders should focus on collaboration and artificial intelligence as they move through 2020 and beyond. The enterprise architecture toolkit will be part of a broader ecosystem of tools that the organisation uses. For example, it may link to IT service management, portfolio and product management, and strategy and planning tools. This will be a complex ecosystem of tools, models and information that raises the importance of AI to help navigate, reveal and provide additional insights. ë

MAR C H 2020

MEA

51


TRENDS

THE SCIENCE OF DISTRIBUTION

IF SCIENTIFIC REASONING AND LOGICAL ANALYSES HAVE A CRITICAL ROLE TO PLAY IN PUSHING BUSINESS TO GREATER HEIGHTS, ASBIS MIDDLE EAST CAN CERTAINLY BE TOUTED AS ONE OF THE MOST ‘LOGICAL’ DISTRIBUTORS IN THE IT PRODUCTS AND SERVICES MARKETPLACE TODAY. THE COMPANY’S VICE PRESIDENT, HESHAM TANTAWI, SAYS THAT THE COMPANY IS AIMING FOR A 10% GROWTH THIS YEAR COMPARED TO THE PREDICTED MARKET GROWTH OF 2%. REASON – ASBIS DOES BUSINESS SCIENTIFICALLY.

(EXCERPTS)

W

hile the term ‘Transformation’ may have different parameters, definitions and concepts for organizations worldwide, Hesham Tantawi says it is all about being at the right place, at the right time, with the right technologies and with the right expertise.

AHEAD OF THE CURVE “Transparency and Analytics is in our DNA”, says Hesham. “Being a global player, we understand the market dynamics and how different countries perform differently. This helps us to align our go-to-market strategies, enhance our organized thinking and do SWOT Analysis on the market conditions and perform accordingly. Like any other discipline of science, we future-proof our approach and evaluate the pros and cons of a situation and take measures to overcome any challenges.” Hesham asserts that this is one of the most critical factors in success for Asbis. “Today, you can see many suppliers and partners running out of business due to the geopolitical issues and the rampant credit crunches in the market. He who knows how to strike the right equilibrium between the supply chain and the cash flow will only be able to survive the current situation. We are equipped with this knowledge and we further impart this to our reseller network as well. This is also one of the strongest reasons for Asbis to predict a 10% growth this year, whilst the overall market growth is predicted to be around 2%.”

PREDICTIVE SELLING While some go with the flow, others swim against the

52

M A R C H 2020

MEA

tide…. but Hesham says that he rides on top of the waves. “Absis has a very strong history of not falling prey to buzzwords. We have rather predicted the appetite and have always been many steps ahead of the market and the competitors in bringing products and solutions that become the future-trendsetters. One of the most recent case that I can cite here is the Prestigo Click&Touch keyboard. Our latest offering to the IT marketplace and a trend-setting product. We have already tasted the appetite for this in Las Vegas and a lot of A-Class vendors have approached us who are willing to include this product in their future designs. Just imagine the amount of space it will save and the use of mouse that it will cut down.” In January 2020 ASBIS concluded an agreement to acquire 40% of the shares of Clevetura LLC, based in Minsk, for a total of USD 584,000. Clevetura LLC is a Belarusian startup, which designed and launched in 2019 a unique Prestigio Click&Touch keyboard, the first in the world based on Touch-Keys technology developed and patented by the Company. Click&Touch keyboards will be sold under the Prestigio brand.

ON A HIGH GROWTH TRAJECTORY Despite the challenging market conditions, Asbis is boasting a high growth rate. The distributor has recorded a striking USD 664 million in Q4 2019, compared to USD 571 million in the same period of 2018. KSA, Egypt and UAE have been the highestgrossing markets in the region. According to its reports in the investor portal, ASBIS remains the distributor of


TRENDS

HESHAM TANTAWI, VICE PRESIDENT MIDDLE EAST, ASBIS.

channel training and awareness and making sure that the growth is linear across the chain and the current situation is not hampering the company’s business. “Our channel network is updated. We ensure that we talk to our partners and customers on a day-to-day basis and keep the entire supply chain informed about any situation. Our goods are monitored throughout, from the supplier, to the shipper, to the retailer and to the customer. By doing this, we ensure that the goods are supplied on time and reaches the right people, even if it is the minimum required amount.” “My advice or suggestion to our industry colleagues is very comprehensive. In the time of crisis, the one who has cash is the king. So, do not pump your cash into things which are not required and overstuff your supply chain,” adds Hesham. first choice for many global IT producers, and the Group’s strategy is to generate the best possible results for its shareholders. Hesham tells us that the market can look forward to some interesting announcement from the company in terms of new vendor sign up in the Networking and Security space.

HOLDING TIGHT

CLOSING NOTE

It is indeed a challenging time for the global economy with the Corona Virus impacting exports, imports and simultaneously trade and business worldwide. Distributors and suppliers are one of the most affected in the entire supply chain. The company is also investing heavily into its

Hesham says that in 2020 the market will ride high on one concept— Efficiency. “Those who do not imbibe this virtue in their business models will certainly perish. Business has to be efficient in everything it does— Supply chain, Sales pipeline, Deliveries, Workflow and Product management.” ë

MAR C H 2020

MEA

53


TRENDS

CONTEXT

RESELLER DYNAMICS ACROSS 15 EMEA COUNTRIES CONTEXT CHANNELWATCH 2019 COVERS THE SELL-OUT PROCESS FROM 6,500+ B2C AND B2B RESELLERS IN 15 COUNTRIES INCLUDING IT PRODUCTS AND SERVICES, INVESTMENTS AND SENTIMENT.

C

ONTEXT ChannelWatch 2019 is an online reseller survey providing insights into reseller behavior in the IT channel. The report profiles the activities of a representative sample of 6,582 resellers operating in the following countries: UK & Ireland, France, Germany, Spain, Italy, Portugal, Poland, Czech Republic, Baltics, Russia, Turkey and South Africa. This sampling of resellers across twelve regions, 15 countries including Ireland, and three Baltic states, provides insights into geographic trends as well as reseller priorities and issues. CONTEXT analyses all transactions into respective sales channels through its proprietary reseller database which contains 9 million raw names categorised into 250,000 unique resellers. CONTEXT uses these reseller metrics to provide an objective measure of the change in the reseller landscape. The survey tells us what resellers say they are doing; the reseller metrics provide independent verification that this is what they actually are doing. Despite the economic headwinds of slowing GDP in Germany, the uncertainty of Brexit, and the ongoing trade war between China and the US, resellers have shown themselves to be resolutely optimistic, proving that the IT industry is in good health. While growth in the nine months ended 30 September 2019 was slower than in 2018, when the CONTEXT panel grew by +6.7%, it remained robust at +3.4% in the ChannelWatch countries. +4.6% when Russia and Turkey, where performance has been negative, are excluded. Resellers are more optimistic about the coming twelve months than they were a year ago. There have been sizeable increases in net reseller sentiment in the UK & Ireland and

54

M A R C H 2020

MEA

Germany, and countries such as Italy and Spain, where it was also high last year, have maintained their level of optimism. The notable exception is Turkey, although there has been a marginal downward change in France. After a difficult year, it is encouraging to see that Russian resellers are maintaining their positive outlook, and this augurs well for 2020. The health statistics show resellers are sticking with traditional IT products, such as PCs and printers, while also moving into new areas, such as hyper-converged infrastructure and smart home. They are also spending more money per reseller in almost all categories. HCI systems, which underpin the growth of datacentres, are attracting more resellers, with the hardware elements garnering particular attention. This represents a massive opportunity for the channel. The reseller metrics show that integrated systems purchases per reseller went down in 2019 because the number of resellers in this market increased by +19.3% whereas purchases growth was only +7.7%. Internet of Things IoT is growing rapidly and 18% of resellers want to introduce it into their portfolio next year. This will engender an explosion of cloud-storage capabilities, which will in turn drive demand for traditional IT products such as servers. Digital transformation is the nexus of growth for the channel. B2B resellers are more optimistic than their B2C counterparts. They see more opportunities in the growth of activity driven by digital transformation. There is only one country in which B2C resellers are more optimistic than B2B – Italy. B2B resellers see four top investment priorities – cloud, networking, cybersecurity and workplace

optimisation – which reflect their customers’ agenda of digital transformation. 20% of resellers have developed their own intellectual property by, for example, engaging in software and database development; this puts them in a strong position to benefit from digital transformation projects. The motivation to be part of this IT revolution is evident: 75% of resellers say they are excited about digital transformation, and 77% want to learn more about it. The success and relevance of the channel are not guaranteed – there are still many resellers who are holding back from investing in digital transformation 52% overall, and as many as 73% of resellers in some countries, such as Italy. The number of resellers who have sold no cloud services in the last six months has gone down dramatically: from 41% in 2018 to 26% this year. Answers to the question, what cloud services have you sold in the last six months? shows that sales have fallen in only two areas since last year – back-up and webhosting – while those in all other areas have increased. In security, the increase has been driven by the risk of cybercrime: managed security services make sense for resellers and for their clients not only because patches and regular maintenance are taken care of but also because increasingly mobile workforces and the growth of bring your own device make a cloud solution a good fit. Vertical-based applications, which still represent only a small part of reseller activity, grew in 2019 and, for the first time, the percentage of resellers who say they sold vertical solutions in the last six months reached double figures. This area adds a huge amount of value and we expect it to continue to grow over the next few years.


TRENDS

DRAMATIC REDUCTION IN % RESELLERS WHO SOLD NO CLOUD

The % of resellers who have sold no cloud services in the last six months has gone down in all countries except Russia, another measure of progress of cloud sales in this period. A breakdown of

responses shows that cloud services are being sold mainly in the backup, storage and security areas across the board. Across all countries except Russia, a significant number of resellers intend

to invest in the provision of cloud products and services. Many distributors are already investing large sums into building one-stop marketplaces for provisioning, management and billing across vendors as well as offering online marketing tools and the option to white-label some services. As such distributor marketplaces mature, reseller investment in the area will become less necessary and we therefore suspect that, in future years, the number of survey respondents active in this area will decline. The decline in sales of backup services continued this year, and storage sales were on a par with those in 2018. This could be attributed to customers either returning to on-premises backup and storage, to reduce costs, or simply purchasing directly from the vendor. Security continues to be – and always will be – a hot topic: because cybercrime can be very lucrative, criminals are continually innovating. Recent scams include using artificial intelligence to imitate a trusted person and so fool a human being into divulging sensitive information. Security is commonly considered to be the largest growth area for the channel, and it is also an area where customers are willing to spend. Managed security services make sense – not only because patches and regular maintenance are taken care of, but also because a cloud solution is a good fit for mobile workforces and BYOD, both of which are becoming increasingly common. While there has been a marked improvement in sales of infrastructure services since 2018, levels are still below those of 2017. It is an area in which hyperscale vendors would love to see more growth, however, more analysts now acknowledge that these services are really only appropriate to specific use cases where a good return on investment is possible. That 10% of respondents now offer vertical solutions is a sign that resellers are finding a niche in which to work. To do well in a particular industry, a reseller needs to both be a subject-matter expert and know how to sell and integrate solutions to solve common problems within the field. They need to build repeatable solutions that drive greater economies of scale to increase profits. This can be a challenging process and it takes time and investment. It is, therefore, unsurprising that only a comparatively small proportion of resellers operate in this area.

MAR C H 2020

MEA

55


TRENDS

CLOUD IS HIGH, AI IS LOW, FOR RESELLER INVESTMENT

Over the next 12 months, B2B resellers intend to invest primarily in provision of cloud products and services, networking, cybersecurity and workplace optimisation. Datacentre solutions also scored reasonably highly. Device as a service, artificial intelligence, digital signage and 3D printing were low on the priority list for these resellers. The investment areas identified by resellers were fairly consistent across countries. The notable differences are that Russian resellers were far less interested in provision of cloud products and services, and Russia and the Baltics were relatively less interested in cybersecurity than other countries. This may be because cloud infrastructure, which requires strong cyber-protection, is relatively underdeveloped in these countries, and backing-up data is considered more important than protecting it. This is related also to a general lack of customer and market education in cybersecurity, which clearly manifests itself in a lack of intended investment in this field. In fact, many Russian resellers commented on poor availability of training and some also voiced concerns about a lack of educated and skilled people.

56

M A R C H 2020

MEA


TRENDS

HOW HAVE RESELLERS PERFORMED IN LAST 12 MONTHS? Reseller sentiment is based on the response to the question, How, would you say your business has performed in the last 12 months? The net % is calculated by deducting the % who respond not well from the % who respond well. Responses of OK are ignored. Reseller sentiment has strengthened considerably since 2018, with one major exception: Turkey has been through a turbulent time following the devaluation of the lira and has faced other political and economic challenges. In 2019, for the first time, we have analysed the responses of resellers into B2B and B2C. The results are telling: they show a notable difference between the two categories, with B2B resellers expressing a more positive opinion than B2C resellers – except in Italy and Russia – reflecting a lack of consumer confidence that appears to be felt across all countries.

ENTRY AND EXIT OF EMEA RESELLERS

In the period Q3 2018 to Q2 2019, there were a total of 122,368 IT resellers through whom the distributors on the CONTEXT panel sold products and services to end customers in ten of the twelve ChannelWatch countries. This is a +2.7% increase on the 119,193 in Q3 2017 to Q2 2018, which demonstrates the overall stability of the market. Over these twelve months, the average purchases per reseller increased by +3.7% from EUR

486K to EUR 504K, and the figure was considerably higher in the UK & Ireland, where the spend per reseller was EUR 843K. The graphic is sorted by ratio of entries to exits, in descending order. The renewal profile of the reseller base varies from market to market and year to year. Last year, three major economies, UK and Ireland, Spain and Italy, had replacement rates below the equilibrium level whereas this year, in almost all countries, Portugal and Sweden are the

exceptions, more resellers joined the market than left it. Belgium is the outlier with many more new entrants than leavers as well as large growth in the total purchases by resellers, indicating a thriving channel. ë

Content and graphics excerpted from CONTEXT ChannelWatch 2019.

MAR C H 2020

MEA

57


PEOPLE

SentinelOne appoints Daniel Kollberg as Vice President of EMEA

HID appoints Björn Lidefelt as President and CEO

SAP appoints Sergio Maccotta as SVP for Middle East South

SentinelOne, announced the appointment of Daniel Kollberg as Vice President EMEA. The appointment supports SentinelOne’s record growth across the globe on the journey of becoming the next great cybersecurity company, through helping organisations use AI to defend against every attack at every stage. Kollberg brings over 25 years of leadership experience in cybersecurity and IT solutions to SentinelOne. Prior to joining the company, Daniel was most recently VP, EMEA Service Providers at Palo Alto Networks, where he helped grow and scale the company over the past five years. At SentinelOne, Daniel will work closely with the executive leadership team to execute aggressive growth plans across EMEA.

Björn Lidefelt has been named President and CEO. Lidefelt joins the company after serving as Chief Commercial Officer at HID parent company ASSA ABLOY, where he oversaw branding, communications, commercial development and strategy. He also has extensive experience in international sales and marketing, having spent more than nine years in Asia Pacific markets including China and Malaysia. Lidefelt holds a Master of Science degree in Industrial Engineering and Management from the University of Linköping, Sweden, majoring in computer science and marketing. He succeeds Stefan Widing, who led HID Global for over four years.

SAP has promoted Sergio Maccotta to the role of Senior Vice President of SAP Middle East South. Maccotta, previously the leader of the Strategic Customer Programme team for SAP EMEA South, will continue to be based in Dubai. He replaces Gergi Abboud, who has been promoted to the role of Head of SCP for SAP EMEA South. Participating as the Innovative Enterprise Software Partner for Expo 2020 Dubai, and advancing the 5-year $200 million UAE investment plan, SAP has opened cloud data centres in the UAE and Saudi Arabia. According to a recent IDC report, the Middle East will have boosted the global customer experience market to a record high of $641 billion by 2022.

Forcepoint appoints Nico Popp as Chief Product Officer

Tenable appoints Mark Thurmond as Chief Operating Officer Tenable has announced it has appointed Mark Thurmond as Chief Operating Officer. In this role, Thurmond will lead Tenable’s global field operations, including sales, professional services and technical support. Thurmond is an accomplished executive leading global sales, services, and operations organisations in high growth technology companies. He joins Tenable from Turbonomic where he served as COO and was responsible for aligning the company’s global operations to help customers on their journey to hybrid cloud. Prior to Turbonomic, he was Executive Vice President at Qlik Technologies where he led Worldwide Sales and Services. Thurmond also held multiple global sales and operations leadership positions for divisions of Dell EMC, including Senior Vice President of Worldwide Sales at VCE and RSA.

58

M A R C H 2020

MEA

FireEye appoints Symantec veteran Gordon Love VP MEA FireEye has appointed Gordon Love as Vice President for Middle East and Africa to help drive growth in the region and deepen relationships with partners. He reports directly to FireEye’s Vice President of EMEA Kevin Taylor and is based in the company’s office in Dubai, UAE. Love brings engineering, management and sales experience spanning more than two decades in the IT security and enterprise software sectors. Prior to joining FireEye, Love spent 10 years at Symantec where he was Vice President of the EMEA Emerging Region, overseeing the Middle East, South Africa, Russia, South East Europe, Czech Republic, Poland, Africa and Turkey. He previously held roles with Faritec, IBM, FNB South Africa and Standard Bank Group.

Forcepoint has announced Nico Popp has joined the company as Chief Product Officer. In this newly-created role, Popp will oversee the global execution and strategic evolution of Forcepoint’s behavioural-based cloud security platform. This will include leadership of all product development, management and innovation, such as Forcepoint X-Labs, at the company while also leading the strategic integration of the overall product and customer experience to empower Forcepoint’s global customers for success. Popp joins Forcepoint from Symantec, where he was Senior Vice President of Cloud and Information Protection leading the data and cloud security product and engineering teams. Prior to Symantec, Popp held senior leadership roles at Verisign. He has also served as the technical founder and CTO at RealNames, and was the co-inventor of WebObjects at NeXT, Apple. Popp holds more than 30 patents. ë


www.fitsmea.com

6

UNVEILING THE FUTURE AT #FITSMEA20

2020

#SMARTEverything Region’s Tech Future is here.

Address Dubai Marina

March 16, 2020

BROUGHT BY

OFFICIAL MEDIA PARTNERS

Profile for GEC Media Group

EC MEA March Issue 2020  

EC MEA March Issue 2020  

Advertisement