Computerworld Malaysia September/October 2013 by Executive Networks Media

Microsoft’s ‘cloud on your terms’ 10 Why is winning in Asia

PP7687/08/2013 (032583)

Inside News P2 Penang Kicks Off Genuine Software Campaign P3 Two Security Products Born From VADS Partnership P4 IT Salaries Continue to Rise: PIKOM P5 Mydin Meets Business Challenges of Rapid Expansion with JDA P6 RPM to Transform Malaysian Healthcare P7 No Slowdown for Cyber Criminals P9 IDC DCIM Names Schneider Electric as Global Leader Again

Enterprise Mobility: Tablets and Beyond P12 Samsung Ramps up Enterprise Business P12 Maxis, Symantec to Offer Android Mobile Security P13 DiGi Kicks Off ‘Staged’ 4G LTE P13 Malaysian University Deploys Aruba BYOD for 10,000 Users

SOFTEC interview: Pushing the 18 The Malaysian software testing envelope

The Voice of I.T. Management

computerworld.com.my

September–October 2013

Lenovo Launches Windows 8 Touch Portfolio People love the touch aspects of Windows 8 computers in the PC Plus world, says Lenovo Malaysia.

Models display some of the new Lenovo Windows 8 devices

By AvantiKumar

ccording to computer manufacturer Lenovo, Malaysians will love the touchenabled new range of Windows 8 computers now available in various forms including the Lenovo IdeaPads Z400, Z500, U410, and S400 Touch devices as well as the IdeaPad Yoga 11S. Lenovo Malaysia’s country general manager Khoo Hung Chain also introduced the IdeaCentre C440 Touch Series all-in-one (AIO) desktop for family use and home

entertainment as well as the ultraportable IdeaPad U Series Ultrabooks, the multimedia intensive IdeaPad Z Series laptops, the premium machine designed for small businesses, the IdeaPad S Series, as well as the new model of the IdeaPad Yoga 11 series.

People Love Touch “People love touch. It’s everywhere in today’s PC Plus world and is driving new interactions with devices and

digital content,” said Khoo. “We’ve aggressively integrated touch across our consumer PCs so that we have one of the largest portfolios of Windows 8 touch products available, as well as maintain our current No.1 position as the nation’s largest PC manufacturer.” The IdeaPads Z400, Z500, U410, S400, Yoga 11S and IdeaCentre C440 Touch models are available in Malaysia.

GRC Supplement P20 Takaful Malaysia Slashes Data Costs P22 Threat-centric Approach to Cyber Crime P23 Natural Disasters, ‘People Power’ Forces Data Rethink P24 Put GRC at the Forefront of Business Strategy P26 The CIO Challenge of Making IT Seamless

RM5.00

(exclude delivery charges)

Security as a Business Catalyst The 2013 iteration of Cyber Security Malaysia Awards, Conference & Exhibition should stimulate much more than the US$3.5 million worth of business deals made during the 2012 event, says CyberSecurity Malaysia’s CEO. By AvantiKumar

alaysian national agency CyberSecurity Malaysia’s 2013 edition of its Cyber Security Malaysia Awards, Conference &

Exhibition includes the theme of security as an economic driver and one of its aims is to top the RM11 million (US$3.520 million) worth of deals made in last year’s event during business matching activities.

CONSIGN BACKUP WINDOWS TO HISTORY Keep Backup Windows in the Past  Enable ZERO-impact backup—even during business hours  Near-INSTANT data recovery—resuming business operations and IT services  RECOVER data to any point in time

2013

Download White Paper http://info.falconstor.com/WhitePaperRegisterCWM.html For enquire, email us at infoSEA@falconstor.com or call +012.3030061

The Cyber Security Malaysia Awards, Conference & Exhibition (CSM-ACE 2013), which will be held on 13-14 November 2013 at the Royale Chulan Hotel in Kuala Continued on page 5

News

2nd Row, left-to-right, starting from 5th from left: (a) Mr. Too Tean Lai, Secretary, Penang ICT Association, (b) Irene Sau, Marketing Director, BestBuy IT Hyperstore Sdn Bhd (c) Tuan Mohd Salleh bin Ma’amor, State Director of Domestic Trade, Co-operatives & Consumerism of Penang, (d) Sunny Ooi, Director of Consumer Channels Group, Microsoft Malaysia

Computerworld Malaysia September–October 2013 www.computerworld.com.my

Penang Kicks Off Genuine Software Campaign Malaysian ministry and the Penang ICT Association join forces with Microsoft to eradicate software piracy in the Malaysian state. By AvantiKumar

he Penang ICT Association PICTA together with the Ministry of Domestic Trade, Cooperatives and Consumerism (MDTCC) and the technology solutions provider Microsoft, have kicked off the Go Genuine campaign as the latest effort in the Malaysian state’s commitment to eradicate software piracy. PICTA Secretary Too Tean Lai said the Go Genuine Campaign will also educate ICT distributors and retailers, and their employees, to respect intellectual property rights by selling only genuine software to consumers and businesses. PICTA addressing software piracy for the members signed a Go Genuine state of Penang as well as a positive pledge during the launch event to example for the rest of Malaysia, recommend and sell only genuine said Mohd Salleh bin Ma’amor, software to customers. State Director of Domestic Trade, “PICTA and its members are proud Co-operatives & Consumerism of to pledge their commitment to the Penang. Go Genuine campaign, which is the “The MDTCC has always strived first of its kind in Penang,” said Too. to create a safer digital environment “Through this campaign, for Malaysian we hope to empower consumers and our members and other businesses,” said Mohd computer retailers and Salleh. “Counterfeiting distributors with the and software piracy necessary knowledge pose a real threat not and incentives to curb just to its users, but to software piracy and the entire ICT industry support fair trade and as a whole.” healthy competitive “This is why the practices.” MDTCC conducts This move is enforcement activities Too Tean Lai, Secretary, another positive step in Penang ICT Association to eradicate the sale

and distribution of counterfeit software. Having said that, an effective approach requires collaboration among government agencies, industry partners and the private sector, which is why we support the Go Genuine Campaign and applaud PICTA’s members for pledging to stop software piracy,” he said.

Recognising Genuine Software Microsoft Operations Regional Attorney, Intellectual Property Crimes Unit, Jonathan Selvasegaram, said: “We are committed to our long term partnership with PICTA and MDTCC to stop the sale and distribution of counterfeit software.” “We take very seriously our responsibility to protect consumers and businesses from the productivity and security risks associated

with counterfeit software, such as malware,” said Selvasegaram. “Counterfeit software often fails to operate properly, and presents a real risk of security breaches as well as a loss of business data, reputation and cost to recover from them.” “With the Go Genuine campaign, we will work together with PICTA to build awareness on the benefits of pledging to go genuine, and with MDTCC and the industry as a whole to support enforcement initiatives against software piracy,” he said. Selvasegaram said customers should insist on genuine copies and look for genuine labels as well as the Certificate of Authenticity that Microsoft requires be affixed to all PCs on which Windows is preinstalled. For further checks after purchase, log on to howtotell.com/

Q1 PC Market Takes 18% YoY Hit: IDC The domestic PC market is struggling with retail and enterprise declines but positive signs include a warm welcome in the retail sector for touch-based notebooks, according to IDC Asia Pacific. By AvantiKumar

hough Malaysia’s PC sector increased in the first quarter of this year by 18 percent sequentially, it declined by 18 percent year-on-year to reach 898,000 units for this quarter, according to IDC’s Asia/Pacific Tracker. IDC Asia/Pacific Market Analyst for Client Devices Research, Ng Juan Jin, said the quarter’s sole positive sign was another deliver of mini-notebooks nationwide under the government regulator Malaysian Communications and Multimedia Commission (MCMC) project while both the education and

enterprise segments posted declines. Ng said retail spending on PCs was affected by the Chinese New Year festivities as well as the increase of smartphones and tablets into the domestic market, which included a positive reaction to touch-based notebooks in the retail sector.

Touch-enabled Notebooks “The growing market share of touch-enabled notebooks in the first quarter of 2013 is an encouraging sign for the PC market,” he said. “Response has been positive so far as the touchscreen function provides consumers with a new and enjoyable user experience. “The outlook for this form factor

is positive due to the availability of a wide array of low-end models which appeal to the local mass market.” “[However] the upcoming quarters for Malaysia will be difficult as retailers continue to face challenge, though the difficulties in the market will be somewhat glossed over by the government’s commitment to IT investment in education,” added IDC Asia/Pacific’s ASEAN Research Manager, Client Devices, Daniel Pang.

Set for Extension “The MCMC mini-notebook programme is set for an extension in Q2 while the Ministry of Education is partnering with

YTL Communications to deliver Chromebooks to schools nationwide under the 1BestariNet initiative,” said Pang. IDC’s tracker noted that Lenovo emerged as the top vendor this quarter as it delivered a significant portion of the MCMC project, he said. Besides being a strong contender in the commercial space, Lenovo is also working on increasing its consumer market presence. By slashing the prices of its mainstream models and high profile advertising, it is aggressively targeting the consumer segment, which has so far been more receptive to players like Acer and ASUS.

News

(From left) Vasanthamohan Vasudevan, General Manager, ICT Services, VADS Berhad; Dato’ Seri George Chang, Vice President, South East Asia & Hong Kong, Fortinet; Ahmad Azhar Yahya, Chief Executive Officer, VADS Berhad; and Jeff Hurmuses, Vice President, Sales (APAC), Barracuda Networks.

Computerworld Malaysia September–October 2013 www.computerworld.com.my

Two Security Products Born From VADS Partnership VADS says partnership with Barracuda Networks and Fortinet takes security to the next level. By AvantiKumar

elekom Malaysia’s business process outsourcing arm VADS’ partnership with security firms Barracuda Networks and Fortinet has driven the launch of two new Web security products called VADS Managed Unified Threat Management (MUTM) and VADS Managed Web Application Firewall (MWAF). VADS Chief Executive Officer Ahmad Azhar Yahya said the two new additions to the firm’s managed security services portfolio continues its strategy of ‘defence in depth’ best practices. “This is accomplished through a balanced focus on three primary elements: people, process and technology; which are the core building blocks of VADS Security Operations Centre (SOC).” “Data protection has never been so important and as a service provider, it is our duty to ensure that the threats online are handled in the most appropriate manner so that our customers’ business is not severely affected,” said Ahmad Azhar. “VADS MUTM and MWAF solutions are targeted at all businesses transcending various industries which regard security as a key concern area for their organisation.” He said both the MUTM and MWAF solutions are offered on a managed service model and come with full device management and

proactive security monitoring of Web application firewall traffic coupled with end-toend provisioning, support and maintenance from VADS. VADS signed with Barracuda Networks to produce VADS MWAF, available in three packages; MWAF Starter (1 Web application), MWAF Standard (3 Web applications) and MWAF Premium (5 Web applications). All three packages are offered on a three-year contract. The partnership with Fortinet allows VADS to offer MUTM, also available in three packages— Basic (without reporting feature), Reporting Basic (with FortiCloud reportings) and Advanced Reporting (with Fortianalyzer reporting)— and all offered with a three-year contract. VADS SOC was established in 2005 and is ISO/IEC 27001:2005 certified where VADS’ certified personnel monitor and manage more than 1,000 security devices.

Compliance Interests Ahmad Azhar said the VADS MUTM solution provides multiple security features on a single platform to protect against viruses, Trojans, spywares and other malicious threats. The solution includes Intrusion Prevention System (IPS), Virtual Private Network (VPN), AntiVirus, Web Content Filtering and Application Control. With MUTM, the complexity of managing the

security applications is reduced, giving users more scalable and comprehensive protection against network-level and content-level threats. The VADS MWAF solution protects Web applications and servers from application level attacks such as SQL injection, crosssite scripting, cookie tampering and directory traversal attacks. The MWAF firewall is positioned in the customer’s Internet gateway with 24x7 surveillance monitoring and management by VADS’ SOC. MWAF also helps customers meet the compliance mandate of Payment Card Industry Data Security

Standard (PCI DSS) and ISO27001. “The interest for MWAF comes from larger organisations, which need to comply with Requirement 6.6 of the Payment Card Industry Data Security Standard (PCI DSS) and requires organisations to protect Web applications by either reviewing all custom code for vulnerabilities or installing a Web application firewall,” he said. “VADS Managed Security Services delivers both on-premise and cloud-based deployment models to cater for the varied needs of the small to large enterprises as well as government agencies and departments,” he said.

Meeting Malaysian Education Needs Adobe says new features and updates through Creative Cloud will help students and educators keep up-to-date with technology tools. By AvantiKumar

dobe has announced new updates as well as a new licensing option for educational institutions that will help educators and students in Malaysia, said the design solutions provider. “In a recent survey conducted across South East Asia, 58 percent of educators responded that they need more tools and training to help them promote creativity in the classroom,” said Adobe South East Asia Regional Director, Vicky Skipp. “New features and updates will be released through Creative Cloud, enabling students and educators to keep up to date with

the most leading-edge technology and features, with access to the latest tools for college and career success,” she said, adding that Adobe has also announced a significant new licensing option for primary, secondary, and higher education institutions. Skipp said Adobe’s announcements for Malaysia’s education sector include the availability of the full range of Adobe Creative Cloud including Creative Cloud Student Teacher Edition. In addition, she said Creative Cloud (a subscription-based service with more than 30 tools and services) for teams and Creative Cloud for enterprise options were

now available to educational institutions through a new plan called Education Enterprise Agreement (EEA). “The Education Enterprise Agreement (EEA) programme is an easy-to-manage, term-based licensing programme that gives educational institutions access to the new CC apps.” “This programme helps give our institutional customers the creative tools they need Vicky Skipp, Regional to be more productive, Director, Adobe foster creativity in teaching South East Asia and learning, and help their students develop essential digital communication skills,” of tools and services available she said. for students and teachers,” “Adobe has expanded the range said Skipp.

News

Computerworld Malaysia September–October 2013 www.computerworld.com.my

Woon Tai Hai, Chairman of PIKOM

IT Salaries Continue to Rise: PIKOM ICT remains in top five paying industries in Malaysia with IT professionals seeing an average salary increase of 8.7% over 2011, according to the National ICT Association of Malaysia’s study. By AvantiKumar

he National ICT Association of Malaysia, PIKOM, together with KPMG and Jobstreet.com’s report of the Malaysian job market, shows that ICT remains in the top five paying sectors in the country with ICT professionals seeing an average salary increase of 8.7 percent over 2011. PIKOM Chairman Woon Tai Hai said the 2013 ICT Job Market Outlook, which was produced in collaboration with KPMG and Jobstreet.com, was an overall study on the job market in Malaysia but with a focus on the salary component of ICT jobs and showed that the sector’s job outlook remained positive. “Despite the challenging economic state and uncertainty in the political scene last year, there is still an upward growth in the average salary for ICT professionals, be it junior or senior level,” he said. “We expect this positive growth to continue for the remainder of 2013 with a projected increase of

8.9 percent.” Woon said the overall average salary of ICT professionals increased from RM6,240 (US$1,957) in 2011 to RM6,782 (US$2,127) in 2012, a rise of 8.7 percent. The average entry-level salary for fresh graduates continues to grow from RM 2,238 (US$702) to RM2,343 (US$735), albeit only a marginal increase of 4.7 percent. “Looking at a five-year trend, it appears that sales, marketing and business development continue to be highly sought after jobs,” he said. “Meanwhile, jobs for Customer Service seem to be losing their shine as the hottest job in the country.”

Supply in Question “The survey results also indicate that ICT technical professionals with Java, C#, C++, dotNet, SharePoint and Web Application Development skills are very much in demand,” said Woon. “In the business applications area, there is a fast-growing demand for skills in ‘Big Data’ analytics and Quality and Process improvement skill sets,” he said, adding that rapid

technological advancements in analytics and business intelligence as well as “structural changes in the employment and business environments” could be fuelling this demand. “Although there has been improvement on the average salary, the supply of ICT fresh graduates continues to decline. At the same time, enabling the employability of our fresh graduates is still an ongoing discussion and debate.” He added that senior IT engineers earn about 46 percent higher than their junior counterparts. “Also, typically ICT professionals with more than 20 years of experience will earn 5.22 times more than those with less than a year experience; and by 3.39 times for those who have 10 to 19 years of experience respectively.”

Salary Gap to Level Up Woon said that similar to the previous years, the report shows that big companies in Malaysia continue to pay more as compared to smaller organisations—to an extent of 1.88 times more.

Malaysian Receives Leadership Award at US Security Event

The report also once again demonstrated that companies in Klang Valley offer comparatively higher salaries: up to 1.75 times more compared to the lowest paid location, he said. “Within the region, with a Purchase Power Parity (PPP) adjusted data it shows that countries like Indonesia, Philippines and India are paying relatively lower salaries for ICT professionals while Hong Kong, China, Singapore, Vietnam and Thailand continue to attract ICT professionals into their countries because of higher salaries.” “By 2018, the salary gap is likely to level up among booming Asian economies such as Singapore, Hong Kong, China and Vietnam. Malaysia will have to stay ahead of this salary curve to prevent further exodus and erosion of our talents to these economies,” said Woon.

Jay Bavisi, Co-founder & President, EC-Council

Co-founder and President of EC-Council, Jay Bavisi, is the first Malaysian and ‘possibly the first non-US citizen’ to receive the 2013 Industry Leadership Award. By AvantiKumar

he security certification body EC-Council has announced that its Co-founder and President, Malaysia-born Jay Bavisi, received the 2013 Industry Leadership award during the 17th Colloquium for Information Systems Security Education (CISSE) Conference held at the University of South Alabama, USA, in June 2013. According to a statement by the MSC (Multimedia Supercorridor) Malaysia status EC-Council, Bavisi is the first Malaysian and “possibly the first non-US citizen” to have received this award from the Committee on National Security Systems (CNSS). “It is truly an honour to be selected as the opening Keynote at the Colloquium 2013 as well as to receive this prestigious award. I am grateful to the entire Board and the National Security Agencies

CAE Community as a whole for this award and recognition,” said Jay Bavisi, who is also the co-creator of the Certified Ethical Hacker (CEH) certification that launched ethical hacking as a mainstream career. The statement adds that Bavisi conceived the Global Cyberlympics competition, which is supported by Dr. Hamadoun Toure, the Secretary General of the United Nations agency International Telecommunications Union (ITU). Bavisi’s other work at the ECCouncil Foundation includes the announcement of a grant of US$350,000 towards the wounded warrior programme that aims to retrain wounded warriors to become cyber warriors. The Foundation will also provide more than 100 schools in North America with the support to launch Cyber Security Awareness programmes for children in K-12

programmes titled Live.Learn. Secure. Dan Shoemaker, member of the Board of Directors and Senior Research Scientist at UD Mercy said: “This recognition has been long overdue for Jay. “His innovative leadership, vision and energy have helped re-make the field of information assurance and his contributions to the National well-being through his HackerHalted deserve to be recognised.”

Annual Conference The Colloquium is active throughout the year and holds an annual conference in June. The Colloquium board consists of members such as Brenda Oldfield, formerly the Director of the National Cyber Security Division of the U.S. Department of Homeland Security, William Maconachy, PhD former deputy senior computer science authority at the National

Security Agency (NSA) as well as Daniel P Shoemaker, PhD, principal investigator and senior research scientist at UD Mercy’s Centre for Cyber Security and Intelligence Studies. The MSC (Multimedia Supercorridor) Malaysia status International Council of E-Commerce Consultants (EC-Council) is a member-based organisation that certifies individuals in various e-business and security skills and also developed the E-Council Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Tester (LPT) programme.

News

Computerworld Malaysia September–October 2013 www.computerworld.com.my

Mydin Meets Business Challenges of Rapid Expansion with JDA The Malaysian retailer and wholesaler’s adoption of space floor planning solutions from JDA Software should generate returns on investment from the current fast-moving phase of new store openings and remodels, says Mydin’s IT Director. By AvantiKumar

alaysian retailer and wholesaler has adopted space floor planning solutions from JDA Software Group (JDA) to help manage the current phase of multiple new store openings and remodels as well as generate some business gains from the exercise. Mydin Mohamed Holdings (Mydin) IT Director Malik Murad Ali said the firm had chosen the path of innovative category management practices to support the business challenges associated with rapid growth with the use of JDA Space Planning, JDA Space Automation, JDA Floor Planning and JDA Intactix Knowledge Base. This new approach would help to streamline existing space management processes, said Malik. “With [these] solutions and processes in place, we are confident we can

Security as a Business Catalyst Continued from page 1

Lumpur, has also kept to its target of 300 delegates, even though it also exceeded this with 446 attendees last year, said CyberSecurity Malaysia’s chief executive officer Dr. Amirudin Abdul Wahab during a soft launch recently. According to a KPMG survey at last year’s CSM-ACE, the RM11 million worth of deals was made during the event, said Dr Amirudin, adding that this year’s theme— ‘Securing Cyberspace for Economic Growth’—was to further drive growth and innovation in the local cyber security industry. “Security is one of the drivers of growth under the government’s national economic transformation initiatives.” “This year’s CSM-ACE theme is in tune with the national Digital Transformation Programme (DTP)— or better known as ‘Digital Malaysia’ —where cyber security plays an important role to transform the Malaysian economy and society to achieve a fully developed nation by 2020,” he said. “Malaysia has a well-developed cyber security industry with strong potential to provide global solutions, but is yet to fully capitalise on the

create a competitive advantage and support our future growth plans.” He said Mydin currently has Malik Murad almost 200 outlets throughout Ali, IT Director, Malaysia comprising Mydin Mohamed Holdings Bhd hypermarkets, mini markets (MyMydin), convenience stores (MyMart), bazaars and emporiums. JDA solutions: In addition, Mydin was appointed — Increased revenue through more as the operator for the 85 Malaysian consumer-centric assortments; government-initiated Kedai improve in-stock positions, Rakyat1Malaysia (KR1M) outlets in appropriate floor and shelf space 2012, said Malik. Another 90 KR1M allocation, and speed to market of outlets are planned for the year 2013 new store launches and existing store throughout Malaysia. In addition to remodels. these, Mydin also has 10 Mydin Malls — Reduce inventory through with more in the pipeline. assortments tailored to local ROIs Expected demographics, identification and Malik said Mydin would meet the removal of inefficient inventory. challenge of new store openings — Improve process efficiency and remodels, manual shelf space through integration of a management, and store execution merchandising management and compliance issues and also system with a centralised expect the following benefits from space management system and

automation to reduce manual processes and data processing. — Redeploy resources to extend planogramming to 50 percent of the categories in the business to drive revenue growth. “We are very proud to have MYDIN deploy JDA solutions to further advance their space and category management processes and enhance their agility in the Malaysian market,” said JDA Software’s Regional Vice President for Asia Pacific, Derek Sampson. “We look forward to supporting MYDIN’s corporate vision and growth strategy as they compete in a very competitive market.”

around the world, generated both by state-sponsored as well as organised criminals and everyday cyber bullying,” said Dr Amirudin. “Many sectors of the public are too open online and have grown up in some cases without formal training on how to conduct yourself in the online world,” he said. “In common with many other people around the world, some Malaysians forget to question who they are talking to and what should be Face Your Problem discussed when online. Too many “CSM-ACE 2013 is the only 3-inof us are quick to take everyday 1 cyber security event in the problems to the online world.” country in that it comprises an Dr Amirudin said CyberSecurity awards ceremony, Malaysia’s a conference, and programmes offer an exhibition,” he sound advice as said. “As this is well as online and a public-private physical centres partnership driven for members of the event, we are now public to report open to discussing incidents. “This partnerships with year, we added industry players.” the CyberSAFE “However, the Programme (Cyber need for the general Security Awareness public as well as for Everyone) as industry for even one of the activities more vigilance is in order to focus on emphasised by educating Malaysian Dr. Amirudin Abdul Wahab, CEO, CyberSecurity Malaysia the recent attacks Internet users on

the importance of cyber security and to inculcate the positive use of the Internet. The CyberSAFE programme started way back in 2009 and has since reached out to more than 114,000 people nationwide.” “The weakest link is still the human factor rather than the technology,” he added. “It is best to face your problems, don’t Facebook them.” “This year, the event is expected to again attract participants from the government, critical national information infrastructure (CNII) organisations, academia as well as information security industry players,” said Dr Amirudin, adding that the event was being held in conjunction with World Innovation Forum programme. “For this year, we have included early bird registration fees,” he said. “Registration fees are being applied for the first time to keep a focus on the business aspects and economic opportunities of security whereas last year’s discussions tended to emphasise standards and compliances.” The participation fee for the two-day conference is RM899 (US$287) per person and is HRDF (Human Resource Development Fund) claimable.

lucrative business opportunities. About 10 percent of local IT revenue and 30 percent of export IT revenues are derived from cyber security products and services,” said Dr Amirudin, adding that by 2020, DTP has the aim of increasing the contribution of the digital economy from the current 12.5 percent to 17 percent of Gross National Income (GNI) and would be able to create 160,000 new high-income jobs.

Derek Sampson, Regional Vice President, Asia Pacific, JDA Software Group, Inc.

News

Natasha Gulati, Senior Industry Analyst for Healthcare, Frost & Sullivan Asia Pacific

Computerworld Malaysia September–October 2013 www.computerworld.com.my

RPM to Transform Malaysian Healthcare Advanced remote patient monitoring technologies market in Malaysia is expected to grow to US$33.9 million by 2017 and also spread throughout Asia Pacific, says Frost & Sullivan. By AvantiKumar

ccording to analyst firm Frost & Sullivan, remote patient monitoring (RPM) will help to transform healthcare delivery in Malaysia and presents a significant opportunity for medical device manufacturers as well as telecommunications equipment and service providers across Asia Pacific. Frost & Sullivan Asia Pacific Senior Industry Analyst for Healthcare Natasha Gulati said RPM, which refers to technologies that enable the monitoring of patients outside standard clinical environments, includes the use of patches or wearable devices to sophisticated monitors and equipment that can be used in homes, assisted living facilities, and in ambulatory settings. Gulati said the Malaysian market for RPM equipment is expected to grow at a compound annual growth rate (CAGR) of 7.6 percent between 2012 and 2017 to reach an estimated market value of US$33.9 million at the end of the forecast period. “Interestingly, while multinational players like Philips, Medtronic and Covidien command a sizeable market

share globally, the Malaysian market is highly fragmented and there has been a slew of local players entering the market with rather innovative business models,” she said. RPM technologies have assisted with chronic disease management as well as supporting independent ageing, added Gulati. “From a healthcare providers’ perspective, RPM enables mobility so that healthcare delivery can be ubiquitous and seamless.”

Priority Sector She said healthcare was listed as a priority sector in the 10th Malaysian Plan (started in 2011). “While several steps have been taken to improve healthcare delivery over the past few years, public expectations continue to rise at a pace faster than government action. Malaysians across the country have access to far more knowledge than before and with rising income levels, they are demanding improved healthcare services that match international standards.” Such a revolution in the consumers’ mindset, coupled with an ageing population suffering from a rising incidence of chronic diseases,

presents ample prospects for remote patient monitoring, said Gulati. “This is the reason why a Malaysian company, Embedded Wireless Labs., which had a successful RPM business in the U.S., decided to bring its technologies back home,” she said. “The company has created the Zilant Wellness Platform, which captures medical and health data from patient monitoring devices remotely and then transfers that information to a cloud server so that it can be accessed from anywhere at any time.” Another firm Embedded Wireless Labs has partnered with Maxis to support the telecommunications group’s Connected Village programme, which aims to bring quality, timely healthcare and diagnosis to under-served communities in rural Malaysia, among other benefits provided, such as banking and education, by provisioning ‘connectivity’ in these areas. Gulati said that in certain isolated parts of rural Malaysia, patients could take up to two days to reach the nearest care facility. As part of the Connected Village Program, patients suffering from

chronic diseases are invited for health checkups at an easily accessible, central location in their village where their health parameters are recorded and transmitted to respective care providers using the Maxis-Embedded Wireless ecosystem of connected devices including blood pressure monitors, glucometers, weighing scales and oximeters. The project is supported by Universiti Malaysia Sarawak (UNIMAS). “RPM projects like the Connected Village programme provide multiple benefits including extending healthcare services to remote areas; reducing the cost of healthcare delivery; reducing the chances of and costs associated with emergency care, and enabling efficient utilisation of a scarce medical workforce,” she said. “With the telecommunications infrastructure improving rapidly in the country and major market participants like Maxis exploring healthcare business models, remote patient monitoring is set for growth in Malaysia.”

Salaries Drop for Creative, Marketing Staff Despite Malaysian government’s increased investment, salaries have either dropped or stagnated in the digital, marketing and creative industries, according to Market Pulse study. are readjusting their rewards expectations. alaries have stagnated or “Over the past three to four years, dropped in the Malaysian employees have been expecting, digital, creative and marketing and demanding, salary increments sectors even with increased of 20-30 percent, which is just not investment by government and sustainable,” said Clarke. “The talent commercial companies, according market is now being more realistic to a new study by creative talent about what increment they can specialist font talent. expect while an increased number of The latest studies entry-level roles have from the company’s also pushed the median ongoing salary survey salary down.” shows that median In addition, men salaries have declined continued to receive since the beginning of higher salaries than the year. The results women despite compared wages, holding the same benefits and retention qualifications, she rates across gender, added. “Despite women job function and being more likely to country, said font hold a degree or higher talent’s Asia Director qualification than Karin Clarke, who their male colleagues, Karin Clarke, Asia Director, font talent added that employees their median salaries

By AvantiKumar

industries often required longer hours, which may influence women with family commitments to look for a better work-life balance elsewhere “such as a government position, Work-life Imbalances which further reduces their chances Malaysia Country Manager Priya of achieving pay parity within the Bala said part of this imbalance may creative and digital sector.” also be attributed to men being more “[The evidence also indicates likely to remain in their jobs for six that] men are more likely to opt for years or longer, and security while women the fact that men are are more likely to leave more likely to receive without another job to company-paid training go to,” said Clarke. than women. The study also font talent, formerly found that Malaysia’s Firebrand, has been median salaries were conducting studies on almost comparative the digital, creative and to Singapore, with marketing sectors since Malaysian women 2008, and has collated receiving slightly more than 35,000 higher salaries than surveys. Bala said their Singaporean the Malaysian digital, counterparts, but males Priya Bala, Malaysia Country Manager, font talent creative and marketing receiving slightly less

remained lower. The only exceptions were amongst the advertising account directors and creative directors surveyed.”

News

(From left) David Rajoo, Senior Technical Consultant, Symantec Malaysia; Nigel Tan, Director of Systems Engineering, Symantec Malaysia.

Computerworld Malaysia September–October 2013 www.computerworld.com.my

No Slowdown for Cyber Criminals Symantec’s threat report also points to an increase in cyber espionage while attacks on small businesses triple. By AvantiKumar

ccording to Symantec Malaysia’s Internet Security Threat report, there has been a 42 percent surge during 2012 on targeted attacks globally including a threefold increase in attacks on small businesses as well as an increase in cyber espionage. Symantec Malaysia Director of Systems Engineering Nigel Tan said the company’s Internet Security Threat Report, Volume 18 (ISTR) showed the targeted cyber espionage attacks were affecting the manufacturing sector as well as small businesses. “[Which] are the target of 31 percent of these attacks. Small businesses are attractive targets themselves and a way in to ultimately reach larger companies via ‘watering hole’ techniques. In addition, consumers remain vulnerable to ransomware and mobile threats, particularly on the Android platform.” “The sophistication of attacks coupled with today’s IT complexities, such as virtualisation, mobility and cloud, require organisations in Malaysia and globally to remain proactive and use ‘defence in depth’ security measures to stay ahead of

overall, she said. Bala said the figures show Malaysia’s company-paid training ranked as a lower priority than Singapore or Hong Kong, with men in Malaysia more likely to receive training than women. “There is room for Malaysian companies in creative, digital and marketing industries to invest in training, in order to boost in-country expertise. This would also help with retention, particularly women, who, according to our survey, are leaving their jobs at the five-year mark.” On flexible work arrangements, she said the studies showed that while Singaporean and Hong Kong firms were warming up to the idea, the concept has yet to be embraced in Malaysia in these sectors. “Many Malaysian companies are prioritising car parking, however offering flexible hours could offset this need,” Bala said. “Also, paternity leave does not rate as a high priority in Malaysia, with just 18 percent of the men surveyed receiving the benefit. However, we have seen an increase in male candidates requesting paid paternity leave, but this is rarely built into the contract.”

attacks,” said Tan. “”Cyber criminals aren’t slowing down; they continue to devise new ways to steal information from organisations of all sizes.” “While Malaysia is ranked 35th among countries globally on Internet threat activities, organisations should continue to take proactive initiatives to secure and manage critical information from a variety of security risks today,” he said. “The top growing trends that organisations in Malaysia should watch out for in today’s threat landscape includes targeted attacks in the manufacturing and small businesses sectors, mobile malware, and phishing threats.” According to the study, Tan, said: “Cyber criminals are targeting customer information, financial details and intellectual property. They have more ways than ever to spy on us, through computers, mobile devices and social networks. Any information they glean, from banking details to email addresses of associates, can be used in stealing identities and crafting further sophisticated attacks.” The Internet Security Threat Report is based on data from Symantec’s Global Intelligence Network, which Symantec analysts use to identify, analyse, and provide commentary on emerging trends in attacks, malicious code activity, phishing, and spam.

Watering Hole Attacks “One of the most significant innovations in targeted attacks is the emergence of watering hole attacks,” said Symantec Malaysia Senior Technical Consultant, David Rajoo. “The attackers compromise the security of a website that an intended target is likely to visit and once the target visits the website,

their computer becomes infected with malware.” Rajoo said ISTR 18’s findings also point out the vulnerability of small business, which offer the least resistance to attacks. “Targeted attacks are growing the most among businesses with fewer than 250 employees,” he said. “Small businesses globally are now the target of 31 percent of all attacks, a threefold increase from 2011.” “While small businesses may feel they are immune to targeted attacks, cyber criminals are attracted by these organisations’ bank account information, customer data and intellectual property,” he added. “Attackers hone in on small businesses that may often lack adequate security practices and infrastructure. Web-based attacks globally increased by 30 percent in 2012, many of which originated from the compromised websites of small businesses. These websites were then used in massive cyber attacks as well as ‘watering hole’ attacks.”

Shift of Targets In a watering hole attack, the attacker compromises a website, such as a blog or small business website, which is known to be frequently visited by the victim of interest. When the victim later visits the compromised website, a targeted attack payload is silently installed on their computer. The Elderwood Gang pioneered this class of attack; and, in 2012, successfully infected 500 organisations in a single day. In these scenarios, the attacker leverages the weak security of one business to circumvent the potentially stronger security of another business. Symantec’s Tan said the report indicated a shift of targets from government to manufacturing targets.

“Manufacturing has moved to the top of the list of industries targeted for attacks in 2012. Symantec believes this is attributed to an increase in attacks targeting the supply chain— cyber criminals find these contractors and subcontractors susceptible to attacks and they are often in possession of valuable intellectual property.” “Often by going after manufacturing companies in the supply chain, attackers gain access to sensitive information of a larger company,” he said. “In addition, executives are no longer the leading targets of choice. In 2012, the most commonly targeted victims of these types of attacks across all industries were knowledge workers (27 percent) with access to intellectual property as well as those in sales (24 percent). The report also showed that mobile malware increased during 2012 by 58 percent, and 32 percent of all mobile threats were attempts to steal information, such as e-mail addresses and phone numbers. However, these increases cannot necessarily be attributed to the 30 percent increase in mobile vulnerabilities, said Tan. “While Apple’s iOS had the most documented vulnerabilities, it only had one threat discovered during the same period. Android, by contrast, had fewer vulnerabilities but more threats than any other mobile operating system. Android’s market share, its open platform and the multiple distribution methods available to distribute malicious apps, make it the go-to platform for attackers.” Another finding is that 61 percent of malicious websites were compromised legitimate websites with business, technology and shopping websites in the top five types that were hosting infections. Tan said Symantec attributed this to unpatched vulnerabilities on legitimate websites. “Ransomware, a particularly vicious attack method, is now emerging as the malware of choice because of its high profitability for attackers. In this scenario, attackers use poisoned websites to infect unsuspecting users and lock their machines, demanding a ransom in order to regain access. Another growing source of infections on websites is malvertisements-this is when criminals buy advertising space on legitimate websites and use it to hide their attack code.”

The advantages of an Enterprise cloud solution Find out why Dimension Data proudly label their cloud solutions as Enterprise-grade and how your organization could gain from Malaysia’s upcoming locally-hosted cloud solution linked to an extensive global infrastructure.

and accelerate cloud adoption for Enterprise and Service Provider Clients.” Every core component of Dimension Data’s cloud architecture is built for enterprise-grade performance e.g. the networks are based on a Layer 2 network architecture which drives the kind of performance that many enterprises demand. Through Dimension Data’s MCP (Managed Cloud Platform™), we offer cloud services in a multitude of configurations that range from a simple managed public hosting package, to a private on-site cloud based in your organization’s facilities, or any extent of hybrid combination of the two. “Once you start off on public cloud, you can easily move into a hybrid or private platform seamlessly without having to rebuild your infrastructure,” says Hoi Ming. “We are seeing a lot of clients embarking on some early production workloads on the public cloud platform while they look to transform their inhouse architectures to a private cloud. A pre-requisite for many of them is the ability for the cloud provider to support a hybrid cloud, which we do reliably and elegantly, as an integrated offering from a single provider like Dimension Data.” Because of this ability to provision only as much as you need, Dimension Data’s MCP is equally suitable to both corporate and SME clients. It has the enterprise grade reliability and scalability that is demanded by corporate enterprise clients while at the same time making it available to SMEs at reasonable price points. From a security perspective, MCP services are subject to a stringent set of audits certified by SSAE 16 (www.ssae-16.com) and PCI DSS that ensure absolute data privacy from all perspectives including network security, vulnerability management and even personnel management. “The biggest question for many companies is – Is it secure placing my data in someone’s hands?” Hoi Ming explains. “Our processes are so extensive that even our CEO doesn’t have access to our cloud data centre without explicit permission from the data owners”. “ There are key advantages to being a global organization with a local presence,” says Hoi Ming. “The additional resources are there when you need them, and yet you maintain data sovereignty. Also, you get personal attention—you can see us, hold us and talk to us.” This means that legislations or standards that require an organization to restrict the transmission and storage of data to a specific geography (country or region) can be fulfilled. Using a public cloud or deploying a private cloud in a country or region allows companies to better meet data sovereignty requirements.

the last decade, cloud technology has emerged as the inevitable path of IT infrastructure. Its prevalence in our daily lives through email, and file-sharing has familiarized most of us with the basic concept. More impor tantly for business, the cloud’s offering of more flexibility, scale and a higher level of efficiency at a lower cost is what any organization would Chong Hoi Ming, Managing Director w a n t t o a c h i e ve. H owe ve r, of Dimension Data implementing the cloud at Malaysia & Vietnam an organizational level carries larger risks, rewards, and consequently, requirements in terms of security, performance and data sovereignty. “Clients realize the transformational potential of cloud computing, whether it’s moving into new markets, launching new products, or improving IT efficiency,” says Chong Hoi Ming Managing Director of Dimension Data Malaysia & Vietnam. “They’re also aware that migrating to the cloud is complex, with significant implications to their business across operations and IT.” Many of these issues come to light with many local cloud providers. Usually with shared, or at most one of their own data centres, these providers lack the scalability to handle peaks in traffic, the flexibility to handle different client requirements, and the experience to implement an effective cloud strategy. On the other hand, other international providers offer access to a large global infrastructure, but lack the additional security, performance and customization facilities often required by business clients. Dimension Data has been providing the world’s leading companies with IT infrastructure since 1983. With nine cloud service exchanges strategically positioned around the world, and four more to be launched in 2014 including one in Malaysia, we are uniquely positioned to provide enterprise-level cloud services to Malaysian organizations. “Our strategy is to be more relevant to our client’s IT needs. To achieve that, our offerings have to go beyond technology to Managed Services, Consulting, IT Outsourcing and of course, Cloud services,” says Hoi Ming. “We know ICT very well, and we can deliver ICT and cloud services better than anyone else given the knowledge that Dimension Data MCP Cloud Offerings we’ve gained from our system integration and managed services experiences, complemented by leading cloud solutions from the companies that we’ve acquired.” Higher Cost Lower Cost Dimension Data’s hardware and software expertise, Cost of Service augmented by its acquisition of market leading cloud Level of Sharing providers, has enabled it to accelerate its cloud server More Shared Elements Less Shared Elements performance significantly higher than its competitors. Hosted Private Cloud Enterprise Public Cloud On Premise Private Cloud A recent 2013 Tolly Report shows that Dimension Data cloud Managed Cloud Platform Managed Cloud Platform Managed Cloud Platform servers delivered up to 5 times the memory throughput, up to 6 times faster I/O performance and up to 9.6 times faster Gigabit Ethernet throughput than some of the world’s leading cloud providers. For more information on our performance advantages compared to our competitors, visit <http://nacloud.dimensiondata.com/tollyreport/> or DD *Hosted Private Small Price Med Custom Hosted *Hosted *Hosted PayFixed <http://www.tolly.com/> MCP Block Block Block Private MCP Private MCP per-use Contracts Private MCP “Fully Dedicated How Dimension Data achieves this is by driving both “custom” “custom” custom” ends—software through its years of SI experience, and Dedicated: Dedicated: Dedicated: Dedicated: hardware with skilled vendors such as Cisco, whose Servers Servers Servers Entire Private MCP Storage hardware is an integral part of Dimension Data’s cloud Storage Storage Hypervisor Hosted in a DD DC Hypervisor Hypervisor solutions. “We were, in fact, Malaysia’s first gold partner Array Array Hosted in DD DC Physical NW for Cisco,” says Hoi Ming. “There are lots of investments Hosted in DD DC Hosted in DD DC both ways between technology and R&D, so the alignment © Copyright Dimension Data 26 August 2013 1 of software and hardware is very close. We deliver Cisco technologies in a Cloud Solution that help simplify Flexibility and Security CloudControl™

CloudControl™

News

Computerworld Malaysia September–October 2013 www.computerworld.com.my

John Atherton, Vice President of APC by Schneider Electric Malaysia.

IDC DCIM Names Schneider Electric as Global Leader Again Schneider Electric Malaysia’s VP says the company’s StruxureWare for Data Centers suite helps to keep it at the forefront in IDC MarketScape report. By AvantiKumar

nergy management specialist Schneider Electric’s DCIM software suite—StruxureWare for Data Centers—has helped the company win a leadership position for the second consecutive year in analyst firm IDC’s MarketScape: Worldwide DCIM 2013 Vendor Analysis report. APC by Schneider Electric Malaysia Vice President, John Atherton, said: “We at Schneider Electric are honoured to having IDC name Schneider Electric as a worldwide MarketScape Leader (DCIM leader) for its StruxureWare for Data Centers suite.” “Struxureware for Data Centers is a holistic DCIM software suite

managing all aspects of the data centre to help businesses optimise data centre performance and meet IT business and service oriented goals,” said Atherton. “We are committed to provide an ‘all-in-one’ management software to ensure that data centres continue to be reliable, efficient, productive, safe and most important of all, maintaining a sustainable environment by being green.” According to IDC MarketScape (May 2013), several vendors maintained strong growth as well as an ongoing effort to define their brand offering through full-scale solutions. “Schneider Electric has again been identified by IDC in the MarketScape as one of the vendors most likely to

Another aspect of cloud computing is known as bursting—when a client need additional resources for a brief span of time, for instance more shoppers in the days leading up to festivities. Unlike local providers with limited resources, MCP cloud solutions can re-route these requests to any of Dimension Data’s strategically located cloud servers in Amsterdam, Hong Kong, Sydney, Tokyo, Johannesburg, Ashburn or San Jose. “We empower them to actually provision bursting either on demand or on-the-fly to be charged later,” Hoi Ming explains. On the other hand, having most requests handled locally also grants the organization much better network latency, essential for unified communications and other applications that require real-time responses.

Dimension Data MCP Global Cloud Exchange

Europe

US West US East

India

be a major player in the DCIM market over the next several years. A DCIM provider with a global footprint, long history in the industry, and strong financial backing is often preferred by DCIM purchase decision makers. “Schneider Electric has these qualities and is already present in many of the world’s enterprises with its power solutions and global support services team,” stated the IDC MarketScape report. “Having IDC name Schneider Electric a Leader in DCIM again is a remarkable achievement and confirms the strength of our strategy and vision for StruxureWare for

Data sovereignty is another consideration. At this point; most companies have already begun to take the first steps into cloud migration—either with a pilot project or at least to explore which parts of their organization can be migrated. As companies evolve their cloud thinking, they will aim for a balance between automation and control, usually ending up in some form of flexible hybrid cloud solution but, most importantly, without disrupting services or processes. “We see change is imminent,” says Hoi Ming. “We have recently secured a contract with a major enterprise client who will be subscribing to our Hosted Private Cloud in Malaysia. As an early adopter, they will enjoy a first mover advantage and we expect to see a lot more major enterprises following suit.” Understandably, many organizations find it difficult to know how ready they are to migrate, and what is involved in the process. For this reason, Dimension Data has created a Cloud Readiness Assessment program to assess your current infrastructure and help you make your first inroads onto the cloud. Many cloud service providers in the market are aggressively trying to build up their professional services arms to complement their cloud offerings due to client demands. Dimension Data already has a very mature professional services practice that allows Dimension Data to help clients make the transition to the cloud by engaging with a single party. To run a Cloud Readiness Assessment, OR to receive a free Cloud trial valued at USD200 OR to speak with one of Hong Kong our consultants, email <marketing.my@dimensiondata. com> or call <603-7710 8288 and ask for our Cloud Japan Business Unit>. Malaysia* Visit http://w w w.cisco.com/go/cloud for more information on Cisco Cloud Computing Indonesia

Brought to you By

Africa Australia * Note: Malaysia MCP to be ready by Q1 2014 © Copyright Dimension Data

Local for Data Sovereignty and Global for Scalability

Data Centers,” said Schneider Electric Vice President, Solution Software, Soeren Brogaard Jensen. “Our customers have consistently benefitted from the StruxureWare solution to solve their capacity problems over the past three years and we will continue to develop and innovate this market-leading DCIM solution to help customers bridge the gap between Facilities and IT, and operate their data centre as a business.” Schneider Electric’s marketleading DCIM solution, StruxureWare for Data Centers, is an integrated management software suite designed to manage data centres across multiple domains, providing actionable intelligence for both facilities, IT and C-level executives to balance availability and efficiency throughout the data centre lifecycle.

26 August 2013

Enterprise Mobility: Tablets and Beyond

Microsoft’s internal fundamental shift towards a new era of devices and services is also helping companies throughout Asia, including Malaysia, where partners offering cloud services grew by 420%. By AvantiKumar

omputerworld Malaysia recently asked Microsoft’s Jon Roskill, C o rp o ra te Vic e P r e s i d e n t , Worldwide Partner Group and Alvaro Celis, Asia Pacific’s Vice President, to present a status check on the benefits delivered by the company’s cloud solutions to companies in the Asia Pacific region. Could you provide a brief step through of how Microsoft has evolved its cloud strategy over the past couple of years and how this strategy has strengths that set it apart from other providers? Jon Roskill The Cloud OS is our vision to help customers embrace the big trends and challenges of the new era of IT: cloud computing, the new generation of connected apps and devices, big data and the consumerisation of IT. We differ from what others have to offer in a few ways:

— We are focused on enabling customer choice. While others only offer one or a few pieces of the cloud computing spectrum, our Cloud OS vision delivers a consistent platform across all of our customer’s clouds—their data centre, hosting service provider’s data centres and Windows Azure. — Our experience delivering the most widely used operating systems, applications and global cloud services uniquely positions Microsoft to deliver the Cloud OS. — Our products are deeply informed

by our first-hand experience in running some of the largest Internet-scale services in the world. — We are focused on ensuring the economics of the cloud benefit for our customers, not just us. Unlike the other top cloud operators (Google and Amazon), Microsoft has a wider range of services and customers, delivering over 200 services, for over one billion customers and 20 million companies and large government organisations around the world. Our Cloud OS strategy translates into a cloud-first approach to partners.

Computerworld Malaysia September–October 2013 www.computerworld.com.my

Last week at the Worldwide Partner Conference, we announced Cloud OS Accelerate. As part of this new programme, Microsoft and key partners will invest more than US$100 million to help put thousands of new private and hybrid cloud solutions into the hands of customers. We’re also announcing a new Windows Intune offer, effective 1 September, that will help connect partners and customers with the latest in cloud connected management at a 30 percent discount. These new programmes are designed to help our partners realise the opportunities in cloud computing—today. I n M a y t h i s y e a r, w e a l s o announced plans to expand Windows Azure into Asia with new offerings in China, Australia, Japan and other markets in Asia in the near future. The announcement raises the stakes in the competitive cloud battle with companies such as Amazon and Google, as we are the first company to offer cloud services in China. Our customers can choose to deploy to the new major regions and know that their data will remain in country thanks to geo-replication between sub-regions. They can also deploy to the sub-region that best meets their needs for latency and local market factors What case study-type examples from different sectors can you detail that show how organisations (and partners) are starting to gain hard and soft ROIs from using Microsoft’s cloud services and solutions? Alvaro Celis In Asia Pacific, our cloud momentum speaks for itself. Office 365 and Azure has seen more than 150 percent YOY (year on year) growth

Why

Microsoft’s ‘Cloud on Your Terms’ is Winning in Asia

Enterprise Mobility: Tablets and Beyond

respectively, which is at least three times the rate of the overall cloud market growth in Asia Pacific. Microsoft’s cloud customers come from a variety of sectors including F&B, aerospace, healthcare, government and services. These include SATS (Singapore), V8 Supercars (Australia), Emperor Group (Hong Kong), The HK & Shanghai Hotels (Hong Kong), NOVA Business Services (Hong Kong), Coles (Australia) and Hersing (Singapore). Our partners are embracing Microsoft’s cloud strategy. More than 9000 in APAC sold our public cloud services in the last 12 months, an increase of more than 340 percent YOY. Below are some examples of growth from our APAC partners.

Malaysia—ISA Technology (Global Award Winner, Start Up Cloud) Since the introduction of their cloud offering, ISA Technology has seen their revenue grow significantly. By introducing Microsoft’s cloud offering, ISA has introduced a brand new revenue channel that’s been able to exponentially increase its growth in Malaysia. Within the past 12 months, the company has seen its cloud business grow three times. ISA said: “We believe that when Microsoft grows and bets on something, we’ll grow simultaneously if we jointly invest in their go forward plan. We’ve been in business with Microsoft for 15 years and this strategy has never let us down.”

Australia—New Lease As a specialist aggregator, NewLease has increased its profits year-on-year over the last eight years by focusing on the enablement of the service provider channel. NewLease has used nearly a decade of experience working with the SPLA programme to build processes and programmes that support its partners to build competitive and profitable services. These processes and programmes have been recognised as world best practice by Microsoft. Microsoft has been integral in achieving New Lease’s significant business growth as their cloud strategy and related programmes are the most mature in the market. Partnering with Microsoft has given NewLease and its clients access to integrated licensing programmes that allow for the deployment of true Hybrid cloud solutions.

Australia—Object Consulting (Global Award Winner, Cloud (Enterprise) In 2013, Object has seen 30 percent growth per annum YOY with 70 percent of revenue coming from Cloud and Devices projects, and the remain-

Computerworld Malaysia September–October 2013 www.computerworld.com.my

both will provide a competitive advantage. In the near future, we anticipate that these hybrid cloud solutions will be the primary driver of partner profitability. A partner’s ability to offer hybrid options to customers will result in optimal revenue capture opportunities as hybrid solutions ease customer data privacy and security concerns and cater to companies that prefer to keep that content safe on local servers.

Alvaro Celis, Vice President, Asia Pacific, Microsoft

ing 30 percent from a decreasing number of customers that still run on-premise installations of Windows Server and Sharepoint. Moving into the cloud has been remarkably easy for the Australian business and the customer response to the cloud has been significant. Despite having traditionally been a software development company, the introduction of Microsoft cloud solutions has seen this product type continue to dominate conversation and customer demands. As the business moves forward and looks to expand, they expect to see their cloud revenues increase. The backbone to Object’s profitability has been its partnership with Microsoft. According to Kevin Francis: “Microsoft’s partnership with us is the number one reason we’re profitable today. We work to drive active partner relationships, they provide us with strong business leads, we take the Microsoft GTM strategy to our customers and we see ourselves as an extension of Microsoft in Australia.” Microsoft works closely with our partners to move to the cloud. In particular, the APAC region expects to see a 40 percent growth that will bring five billion dollars’ worth of services by 2014. What opportunities are being missed, according to IDC’s report, by organisations in Malaysia (and Asia Pacific) and what common mistakes (including omissions) are being made so far? Alvaro Celis The increasing demand for cloud has been a disruptive force in the IT industry globally. It has forced companies including Microsoft, to change how we deliver solutions and value to customers. Like all disruptions in the IT industry, there are always many BIG questions that need to be answered. The two key ones we hear from our partners are: — Fear of redundancy as the middleman — Ability to profit from services to customers

Jon Roskill, Corporate Vice President, Worldwide Partner Group, Microsoft

Microsoft’s mission is to provide opportunities for partners of all sizes to participate in the cloud opportunity by providing solutions on-premise, online and in hybrid environments, offering choice for customers; our services were designed for partners to build on with their solutions, while ensuring the industry’s leading security, interoperability and SLAs. Partners with more than 50 percent of their revenue related to the cloud have been benefiting from higher gross profit, more new customers, increased revenue per employee and faster overall business growth, according to a recent IDC study, sponsored by Microsoft. The study underscored the transformation taking place in the business world as more organisations of all sizes move their technology infrastructures to the cloud. In fact, according to the findings, cloud-oriented partners, defined as those that generate more than 50 percent of their revenue from the cloud, grow at double the rate, accrue new customers more than two times faster and generate 30 percent more revenue per employee compared with non-cloud-oriented partners. Given the continued ‘soft’ economy (slow recovery etc), what do your partners and end-users need to focus on in driving profitability from the cloud in the short and mid-term? Jon Roskill The cloud presents the biggest opportunity for partners to make money and win new customers starting today and into the future. According to a recent IDC study, cloudoriented partners, defined as those that generate more than 50 percent of their revenue from the cloud, grow at double the rate, accrue new customers two times faster and generate double the revenue per employee compared to non-cloud-oriented partners. The cloud transition doesn’t mean partners need to abandon their onpremises expertise; rather, selling them

What are the top key points that you are excited to drive home to organisations in Malaysia (and indeed the region)? Alvaro Celis Firstly, we are entering a new era of devices and services at Microsoft. A fundamental shift is underway in our business to meet the changing needs of our customers. This will impact how we build and bring our products to market. It is a change that will be transformative—for us, for our customers and the broader ecosystem—in the coming year and the next decade. For our partner ecosystem, this means lots of new opportunities across devices and services—from the new Surface programme for partners starting to roll out worldwide to partners seeing profits from selling cloud solutions. Secondly, there is strong demand for Microsoft’s cloud solutions such as Office 365, CRM Online, Azure and many others have been growing from strength to strength. Our cloud growth is led by Office 365 & Azure, which have both grown in excess of 150 percent YOY, that’s more than three times the market growth. This strong momentum could not have been achieved without the support of our ecosystem, which is a core part of our business model and a key differentiator for Microsoft. The Microsoft ecosystem in Malaysia is, without a doubt, the largest in the IT industry with more than 5,000 partners nationwide. We are pleased to see our partners embrace the cloud. Just in the last 12 months, the number of partners selling Microsoft cloud services grew more than 340 percent. In Malaysia specifically, we saw 420 percent YOY cloud par tner growth. In some mature markets like New Zealand, the number of cloud partners has even exceeded the number of traditional on-premise partners. Lastly, our “cloud on your terms” strategy gives customers the power of choice. By offering solutions in the cloud, on premise or in a hybrid environment, customers can select solutions to meet their unique business needs. To help with this decision, customers continue to look to our proven Microsoft expertise and trusted advice of our Gold and Silver competency partners.

Enterprise Mobility: Tablets and Beyond

Computerworld Malaysia September–October 2013 www.computerworld.com.my

Samsung Ramps up Enterprise Business The first Samsung Enterprise Experience Centre in Malaysia demonstrates solutions for enterprises across verticals including the hospitality, retail, financial services, education and home business sectors. By AvantiKumar

igital technology solutions provider Samsung has opened its first centre in Malaysia that highlights its solutions for enterprises across different verticals, including the hospitality, retail, financial services, education and home business sectors. The 2,000 sq ft (186 sqm) Enterprise Experience Centre in Kuala Lumpur is a one-stop destination that demonstrates Samsung’s enterprise capabilities and include Mobile Security, Digital Smart Office & Virtualisation, Samsung School, and Retail and Digital Signage, said Samsung Malaysia Electronics Vice President, Enterprise Business Unit, Varinderjit Singh. During the launch of the new centre, which included real-life demos, Singh said the company’s consumer experience has helped to build a deep understanding of customers’ expectations as well as behaviours when interacting with technology. “Recognised as a leading household brand for our consumer electronics products, we wanted to go further than simply demonstrate our enterprise solutions,” he said. “By creating and acting out possible industry scenarios, we were able to demonstrate different solutions’ application,

efficacy, resourcefulness and value across multiple verticals as well as business types and sizes.” “As a leader in technology innovation, we are leveraging our success in the consumer space to transform a new business experience for the business sector,” said Singh. “Our enterprise capabilities now include secure mobility, print, cloud and display solutions for all business types—ranging from multinationals to small and medium businesses and we are looking to expand these capabilities by working with our industry partners to deliver the best possible solutions for our customers.”

Vision for Enterprises Singh said Samsung’s vision for enterprises, which underpins the company’s global campaign themed ‘the New Business Experience’, used solutions and new business tools that would allow companies to transform themselves into smarter businesses. He said the bring-your-owndevice (BYOD) trend included consumer behaviour and expectations that have altered how enterprises approach the mobility of their staff. “Businesses are now developing a more customer-oriented and value management style,” Singh said.

Varinderjit Singh, Vice President, Enterprise Business Unit, Samsung Malaysia Electronics presents an overview of Samsung’s Enterprise Solutions during the opening of the new Enterprise Experience Centre in Malaysia.

“To address these changes, Samsung has built on existing capabilities to further develop business-class solutions. In addition to developments on the product end, Samsung is building an eco-system with leading global business partners to boost their B2B [business-to-business] solutions.” In particular, the Digital Office and Virtualisation solutions allow users to access enterprise applications onthe-go on a single device securely and seamlessly, he said. “This helps in enabling businesses to adapt to the needs of an increasing mobile workforce who are expected to work on the move, anywhere, anytime.” Singh said education also has an important role in developing a concrete understanding of both devices and solutions. “The Samsung School is a total digital education package consisting of Samsung tablet and software to provide better teacher to

Maxis, Symantec to Offer Android Mobile Security Norton Mobile Security is now available to Maxis customers who use Android mobiles. By AvantiKumar

s the result of a partnership with security firm Symantec, Malaysian telco Maxis is now offering the Norton Mobile Security application to customers with Android mobile devices. The new service, which is part of the Maxis Secure portfolio, allows customers to enjoy a safer mobile experience as well as offer the ability to remotely locate, lock and wipe data from lost and stolen Android powered devices, said Maxis Head of Digital Services T. Kugan. “With the rapidly growing num-

ber of smartphones and devices people are using mobile devices more being offered in the market, there than ever in their daily lives, for eveis a higher risk of device and data rything from connecting with friends loss or theft,” he said. “Our partnerto paying for a cup of coffee. As we use ship with Symantec is an important our mobile phones in new and innostep forward in our ongoing efforts vative ways, we’re also putting sensiof building a robust mobile security tive information at risk, if the device ecosystem, and reafgets lost or stolen. With firms our commitment Norton Mobile Secut o m o b i l e s e c u r i t y. rity, we are making it Screenshot— The addition of Norsimple for people to Norton Mobile ton Mobile Security protect their Android Security application to Maxis Secure suite smartphones and safeof security services guard their data.” helps us provide our Packages customers with peace Norton Mobile Secuof mind and the much rity offers protecneeded protection for tion for Android their Android devices.” devices and data for Symantec vice RM1 (US$0.31) a week president, Asia South or RM3 (US$0.94) a Region, Eric Hoh, said: month with features “ I t ’s n o s e c r e t t h a t

student interaction, more efficient communication and improved classroom management.” “This serves as an inclusive digital learning system that features targeted services, devices and software to create a managed digital learning setting, contributing to increases in student grades and classroom efficiency.” “Retail and Digital Signage, which is customised to individual business requirements, can be seen through Samsung’s state-of-the-art professional displays, and are engineered for maximum performance and reliability—no matter what the application,” Singh said. “Samsung’s specialised factory tuning and software helps businesses achieve a uniform multi-video display to deliver the most impactful video wall for their business. Types of solutions include LED Backlit Displays, Touch Screen Displays and Video Wall Displays.”

that include: — Anti-Phishing Web Protection— Users are protected from malicious websites that could try to steal personal information. — Call & Text Blocker—Allows users to block specific people or phone numbers so that users are not disturbed by unwanted calls and SMS. — Lost Notice—In the event of a lost phone, allows users to send customised message to the person who located the device to have it returned. — Remote Lock—Users are able to lock the device remotely via the web or SMS to prevent others from accessing the data and information on the device. — Remote Locate—Pinpoints lost or stolen phones or tablets on a map to help users find their devices fast. — Remote Wipe—Allows users to wipe data and information in the device, both of which are stored in the internal memory or external memory, via SMS or the web.

Enterprise Mobility: Tablets and Beyond

Computerworld Malaysia September–October 2013 www.computerworld.com.my

DiGi Kicks Off ‘Staged’ 4G LTE

Broadband and tablet plan customers can now subscribe to the first stage implementation in selected locations in Klang Valley. By AvantiKumar

i G i Te l e c o m m u n i c a t i o n s (DiGi) has introduced its 4G LTE service, available to those who subscribe to specific broadband and tablet plans, in selected high traffic locations in the Klang Valley, said the telco. DiGi Chief Marketing Officer Albern Murty said the move to introduce 4G LTE (long term evolution) was “a singular milestone in DiGi’s journey to deliver Internet for All,” which was introduced three years ago with the introduction of 3G services. Murty said the company’s 3G population coverage has now reached 68 percent with 6.1 million mobile Internet and broadband customers as of the first quarter of 2013 and should reach the 75 percent mark by the end of the year. The network modernisation exercise, which involves swapping over 5,500 sites to enable significant quality and capacity improvements, is expected to be completed by the end of the third quarter, he said. “We are on track to achieve our ambition to deliver Internet For All Malaysians,” said Murty. “We have huge ambitions on how we will address this significant opportunity that 4G LTE has to offer. It will be a key driver in growing our data business.

Staged Introduction “As part of the Telenor Group, DiGi has an added advantage in the market as we can leverage on the Group’s global experience in mature markets on the deployment of 4G LTE,” he said. “Telenor has a proven track record in deploying 4G LTE with six markets, including DiGi, already operating on the next generation network. “To us, creating the right experience for our customers is critical, and to accomplish this, we are enabling 4G LTE services in stages,” said Murty. “This friendly approach is similar to when we first introduced 3G services more than three years ago at limited locations before expanding to more market centres.” “As such, in the first stage of implementation, we are rolling out 4G LTE services with a controlled footprint in the Klang Valley at selected high traffic areas, which are known as DiGi 4G LTE Zones. Customers can stream HD videos without buffering; share more in less time via Facebook, Twitter or

Instagram; and listen to uninterrupted music streaming.” He said DiGi will offer service plans on tablets and broadband. “New and existing customers who subscribe to DiGi Broadband and Tablet Plans with 6GB Internet quota and above will be upgraded automatically to 4G LTE service as long as they change their SIM cards to DiGinet+ SIMs at selected DiGi Stores. Customers with broadband plans below 6GB Internet quota can choose to enjoy the fourth generation ser-

vice on demand when they are in the DiGi 4G LTE Zones. They can activate the service by visiting DiGi MyInternet and choose from two hassle-free, bite-size plans from as low as RM30 [US$9.41] per month.” The DiGi 4G LTE zones in the Klang Valley are Plaza Low Yat, 1 Utama Shopping Centre, Kota Damansara, Subang Indah Villa, Sunway Mentari,

(From left) Praveen Rajan, Head of Products—Internet & Services of DiGi Telecommunications; and Albern Murty, Chief Marketing Officer of DiGi Telecommunications.

Bukit Bintang, KDU neighbourhood and Cheras Pandan Indah. Plans are underway to increase the 4G LTE coverage in these zones, and subsequently, to other market centres in Malaysia.

Malaysian University Deploys Aruba BYOD for 10,000 Users According to International Islamic University Malaysia’s project manager, implementing Aruba ClearPass has led to gains in productivity across five campuses. By AvantiKumar

ccording to International Islamic University Malaysia, the rollout of mobile networking provider Aruba’s ClearPass BYOD solution has allowed more than 10,000 users across five campuses to experience gains in productivity and security. International Islamic University Malaysia (IIUM) Project Manager, Wireless, Sayed Ahmad Fauzi, said the enterprise-grade bring-yourown-device (BYOD) solution needed to be easy to manage, that could be operated centrally by an IT staff of 10 to provide always-on access to the Internet to more than 10,000 concurrent users. Sayed said IIUM examined proof-of-concepts from three vendors including Aruba Networks and selected the Aruba Networks ClearPass access management system. “The university rolled out the full ClearPass Policy Manager solution including ClearPass OnBoard for device provisioning and configuration; ClearPass Guest for the secure management of visitor devices; and AirWave for centralised control.”

Albert Tay, ASEAN General Manager, Aruba Networks.

“ClearPass supports iOS, Android, Mac OS X and Windows 7 devices while its underlying Aruba MOVE (Mobile Virtual Enterprise) architecture allows easy and flexible integration with networking infrastructure from third party vendors,” he said, adding that this involved interoperating with Cisco’s wired switches and routers.

Teaching Possibilities The Aruba solution meant the university could avoid an expensive rip-and-replace operation as well as take advantage of ClearPass’s critical provisioning and network access capabilities that went further than many other mobile device management (MDM) tools, said Sayed. These features include automated device provisioning; selfser vice mobile device network configuration; device profiling and risk management to determine individual security requirements; and secure, automated guest device management, he added. “Aruba ClearPass not only simplified network authentication and kept staff and students ‘always on’, it has also broadened the range of

teaching possibilities,” said Sayed, adding that after the rollout the simpler authentication infrastructure allows students and staff to connect reliably with multiple devices. “This BYOD solution allows multiple platform client devices to connect to Wi-Fi with ease and reliability. It also provides an expanded teaching arsenal for lectures, allowing students to view e-textbooks, videos, educational apps, online research, digital learning apps, etc.” “IIUM is a perfect example of how wireless technology has evolved and is being used to address the onslaught of new mobile devices and applications flooding university networks,” said Aruba Networks ASEAN general manager Albert Tay. Tay said: “IIUM can give its students and faculty access to applications and resources that enhance the educational experience with our BYOD solution. Universities that recognise the importance of a comprehensive wireless and mobile strategy will have a clear advantage in today’s education market.” IIUM provides tertiary education to students from more than 100 countries.

placing work applications into a separate, isolated container. “The work container is controlled by the enterprise’s IT managers. IT will dictate security and manage that container according to the company’s policy and protocols,” explained Varinderjit. “The personal portion of the device is managed by the users where they can interact with friends on social media, play games or browse through the web.” Enforcement of the enterprise-specific workspace prevents interaction between business and personal data. It prohibits the movement of personal files and content from and into the enterprise container. This separation operates at the application layer and is designed to prevent data leakages, virus attacks and malware from penetrating into the enterprise network. Security in the business portion may be further enhanced with password protection and the setting of a reauthentication request after a fixed period of non-activity. Users can share files, business intelligence and make full use of enterprise applications within a secure environment. Another unique Samsung KNOX feature is the ease with which users can switch between business and personal use. A simple tap on the icon at the home page switches from one mode to the other. In business mode, users can effortlessly access their work email, scheduler and files. When they switch to the personal mode, they can just as easily get to their personal social media pages, photos and personal email screens. Users can also

Introducing Samsung KNOX™ Business and personal connectivity at a touch

he mobile computing revolution is forcing changes onto the traditional workplace, especially with a new generation of users entering the scene. Employees today are as likely to be working on tablets and smartphones as they are working at their desks. As the world’s leading smartphone provider, Samsung recognises this movement as they continue to push the limits in making enterprises more innovative and efficient. “Mobility is a need that is becoming more pervasive among today’s workforce,” said Varinderjit Singh, Vice President, Enterprise Business Unit, Samsung Malaysia Electronics. “We know that companies don’t just need devices, but rather business solutions that help them work smarter, deliver better and boost bottom lines.” Enterprises are embracing Bring-Your-Own-Device (“BYOD”) trend as they seek to drive productivity and business profitability. BYOD advantages include improved productivity, cost efficiency and employee satisfaction. However, while users are given the latitude in having their device of choice, enterprises want to ensure that they maintain control over the security and management of data and network. “As users, we want a single device which can carry out multiple functions seamlessly, be it at work or play. However, there is a need for balance between corporate and user preferences,” Varinderjit expressed. “Samsung KNOX is the solution, as it provides a secure platform and better control over enterprise data and applications,” he explained. Samsung KNOX is a newly developed Android Enterprise operating system that is proprietary to Samsung, engineered from the ground up with the security of mobile devices in mind. It allows users to maintain separate identities within the same device by

Varinderjit Singh, Vice President, Enterprise Business Unit, Samsung Malaysia Electronics

The Samsung KNOX™ stronghold With extended security policies, multiple security and management enhancements have been incorporated into Samsung KNOX from hardware to OS layers, whilst retaining full compatibility with the Android platform and the Google Ecosystem. The Samsung KNOX security architecture is built on multiple layers of defences, across the various components of the device from hardware and operating systems (“OS”) to Android firmware and applications. In addition to its application level controls, Samsung KNOX addresses platform security with a comprehensive three-pronged strategy to safeguard the system: Customisable Secure Boot, TIMA and a kernel with built-in SE Android access controls. Samsung KNOX’s Secure Boot technology ensures that only verified and authorised software can run on the device and forms the first line of defence against malicious attacks on devices. In addition, it also allows a safe switch of the secure boot root certificate after the devices are shipped. As a result, customers that have high security requirements can purchase regular consumer devices and switch the root-of-trust used for secure boot to better-protected ones. TIMA runs in the secure-world and provides continuous integrity monitoring of the Linux kernel. When TIMA detects that the integrity of the kernel or the boot loader is violated, it takes a policy-driven action in response. One of these policy actions disables the kernel and powers down the device. SE Android provides an enhanced mechanism to enforce the separation of information based on confidentiality and integrity requirements. SE Android isolates applications and data into different domains so that threats of tampering and bypassing of application security mechanisms are reduced while the amount of damage that can be caused by malicious or flawed applications is minimised. Samsung KNOX supports Virtual Private Network (“VPN”) connectivity, which enables IP-based encryption for secure access to enterprise assets. Its On Device Encryption

(“ODE”) helps to prevent unauthorised access to all data (including the microSD storage card) more efficiently. Samsung also provides support for Single-Sign-On (“SSO”) capabilities via active directory services and Exchange ActiveSync (“EAS”). With 29 prebuilt applications ready for immediate use, Samsung KNOX will work with most existing enterprise infrastructure. Easy to integrate and with a small learning and adoption curve, Samsung KNOX is FIPS 140-2 certified, allowing it to be deployed in regulated environments such as in government, healthcare and finance industries. It addresses IT managers’ need for enhanced security with simple and flexible management, and yet provides employees the freedom to switch between work and play on a single device without compromising personal privacy and productivity.

download applications for their personal use knowing that these applications will not disrupt enterprise programmes.

can then look for mobility management and security tools to automate the processes and enforce these policies.

“Samsung KNOX supports integrity management services on the device as well as at the core Android Operating System level. These features are built into both hardware and software to provide increased protection against device tampering,” said Varinderjit.

“Samsung’s vision is to help our customers utilise mobile technology in expanding their business initiatives,” said Varinderjit. “Through our global partnerships, Samsung now provides a more powerful enterprise mobility solution on the Android platform.”

In describing the change to this revolutionary working environment, Varinderjit highlighted that it was something new to many organisations and that a framework of policies and processes governing BYOD will help organisations manage its adoption and usage. Samsung provides its enterprise customers with over 450 IT policies and 1010 Application Programming Interface (“APIs”) in applying device management remotely. “As more and more employees embrace innovative work solutions, it is important that organisations have security guidelines and policies to manage individual devices,” he highlighted. “Engaging end-users from the beginning is essential as aligning programmes and policies with the needs of both the organisation and its users is critical to its success” Varinderjit added. Organisations should then determine access policies for each device type and employee profile to suit their requirements. These policies must be clearly documented and shared with employees. Once corporate access decisions have been made, organisations

He continued, “We have put a lot of effort into these partnerships, and into research and development (“R&D”) to develop robust, market-leading mobile security features that address the concerns of Chief Information Officers (“CIOs”) and security leaders. With the combination of both ARM TrustZonebased Integrity Measurement Architecture (“TIMA”) and Security Enhancements for Android (“SE Android”) which offers access controls for a secure operating system that addresses all of the major security gaps in Android, we are differentiating Samsung GALAXY from standard generic Android.” For further information on Samsung Enterprise Solutions, please visit our website, www.samsung.com/my/business

Brought to you by

CIO Boardroom Briefing Data is becoming the frontier in which businesses will establish competitive advantage and achieve innovation. But with terabytes of data being generated every minute, how do today’s business leaders make sense of it all? Computerworld Malaysia moderated a boardroom discussion with Malaysia’s IT elite to find out how.

Big Data:

Arulchelvam Arulampalam, Head of Axiata Management Services (AMS)

By Ramesh Sundram Knowledge is power, and in today’s data-driven economy success belongs to those businesses that are able to interpret and extract value from the huge amounts of information they acquire. Across industries, businesses are turning to analytics as the only way to meaningfully address big data. When delivering company-wide use of analytics, IT leaders in many organisations face common challenges in securing management buy-in, driving awareness and understanding about analytics, and motivating users to collaborate with IT to create meaningful business insights. Computerworld teamed up with SAS Institute and Fujitsu to discuss these and other issues with Malaysia’s top IT leaders at a CIO Boardroom Discussion titled Big Data: The Perfect Storm. Getting Value from Big Data The keynote presentation at the event was delivered by Kimberly Nevala, Director, Thought Leadership Delivery, SAS Best Practices, who discussed how SAS helps organisations harness their data by working with them to develop a holistic understanding about what it takes to become a data-driven business.

Daniel V. C. Lee, CIO, Felda Global Ventures Holdings

Ir. Sukhdev Singh, from Boustead Heavy Industries Corp.

enables large amounts of data to be collected from a rich variety of sources. For example, by gathering and interpreting data collected from moving vehicles and various other sensors the system builds a real-time image of traffic that could be used to manage traffic congestion. Another example given was monitoring driver speeds for the use of insurance companies. The framework includes Fujitsu’s analytic and infrastructure products which can be deployed on-premise or in the cloud and many enhancements of standard tools such as Hadoop. “You can start small and expand gradually with the same architecture,” said Wong. Currently, the system is being utilised by navigational vendors (like GPS service providers), taxi companies, travel bureaus, consulting firms, government agencies, automotive and electronics manufacturers, and even home appliance companies. The Journey to Value When the floor was opened for discussion, the executives in attendance began by sharing their experiences harnessing big data and utilising their information in strategic ways.

This approach begins by educating key decision makers and business leaders about the tangible business benefits achievable through analytics. Nevala emphasized the importance of anchoring any analytics conversation—big or small—to specific business issues relevant to the organization. She noted that many early big data conversations focus on gathering data with little regard to how business value would be created. Which is where improved “big analytic” capabilities come in.

Puan Mariam Mohd., CIO at LHDN, shared that her department has begun developing proof-of-concept models in the area of income tax analytics and that LHDN is also studying the analytics models adopted by tax authorities in countries such as Australia. “Our goal is harness big data analytics to improve the efficiency of tax collection in Malaysia, both to raise revenue for the government and to further streamline tax reporting for businesses and citizens,” said Puan Mariam.

High performance analytic solutions enable the delivery of valuable real-time business insights across the organisation by giving users the ability to look at data of all stripes through easy-to-use advanced data visualisation tools, by allowing validated analytic models to be executed in real-time—thereby improving operational decision making—and by utilizing multiple mechanisms, including mobile platforms, to deliver more insightful, impactful intelligence when and where it is needed.

Nevala shared how SAS’s analytic solutions have delivered value to tax offices around the world. Tax authorities in both Europe and the Americas utilize SAS to identify those tax-dodgers from whom investigation and prosecution would yield the highest rate of return. They are also taking a page from the retail industry which has been a front-runner in coupling social media with traditional data sources to segment customers (in this case taxpayers) to deliver targeted communications and incentives.

“The final result moves information-rich business analytics from a back-room activity to an integral part of business operations,” said Nevala.

Vincent Lim, General Manager, IT, Lion Group of Companies, manages IT across a broad portfolio of businesses that includes real estate development, the steel industry and the Parkson chain of department stores. “Lion Group is an organisation with a very long history, and our data is everywhere and is of every kind. We are looking toward big data analytics to help us better understand and harness our terabytes of data,” said Lim.

She illustrated this with an example of an airline using predictive asset maintenance to improve operational efficiency and customer satisfaction. By analysing data from multiple sources—the aircraft, weather reports, the airplane manufacturer— the airline can accurately predict when key parts may need service before an outage occurs. The results include improved flight quality and safety as well as a substantial reduction in unplanned maintenance and flight delays. Adding to this, Wong Weng Wah, Regional VP, Application Services for Fujitsu Asia, presented an end-to-end big data framework Fujitsu calls SPATIOWL which

One of the goals at Lion Group is to use analytics to cross-market sales between their sale of properties and Parkson’s sale of home-related products. By understanding and anticipating new homeowners’ needs, Parkson could ensure it offered desirable products at competitive prices, and coordinate its marketing efforts with property sales.

Kimberly Nevala, Director, Thought Leadership Delivery, SAS Best Practices

Professor Madya Rahidzab Talib from the information technology office at Universiti Teknologi MARA (UiTM)

Puan Mariam Mohd., CIO at LHDN

Wong Weng Wah, Regional VP, Application Services for Fujitsu Asia

Thomas Wong from Petronas

Puan Faridah Abdul Rahman, CIO, Group IT at Malaysia Airlines

Tan Kah Chai, GCIO at Sime Darby

Vincent Lim, General Manager, IT, Lion Group of Companies

Lim also discussed how Lion Group intends to use big data analytics to raise productivity at their automated steel mill. “The manufacture of steel is run by computers that create and store terabytes of data. We are hoping to use analytics to interpret this data and discover opportunities to increase yield and achieve greater efficiency and profitability at the mill,” said Lim. The next executive to speak was Professor Madya Rahidzab Talib from the information technology office at Universiti Teknologi MARA (UiTM). “We have 180,000 students distributed across every state in Malaysia, and over the next few years we expect UiTM’s student body to grow to 250,000. However, the IT department is not going to be increasing,” said Prof. Madya. “Our goals with big data analytics are to reduce costs and manpower needs while continuing to deliver on our SLAs to a growing pool of users,” he said. Prof. Madya then highlighted that organisations needed to do more to raise awareness and understanding about analytics among business units in order to drive innovation. Where does innovation come from? Tan Kah Chai, GCIO at Sime Darby, added to this point saying that Sime Darby was starting to introduce big data concepts throughout their organisation. “We are working to secure the buy-in of business stakeholders and build enthusiasm about the potential of big data by showing users how we can collect data, the techniques we use to build analytical models, and how these can help them derive valuable business insights,” Tan said. Arulchelvam Arulampalam, Head of Axiata Management Services (AMS), shared how AMS was using big data analytics to develop new products and services that drive customer engagement and increase customer retention. “We are also developing real-time analytic tools to discover opportunities to work with retail partners to deliver further value to our customer,” said Arulampalam. Aligning IT to the Business Sime Darby’s Tan raised the point that collaboration between the business and IT is critical to realising the full benefits of big data analytics. Puan Faridah Abdul Rahman, CIO, Group IT at Malaysia Airlines, agreed and said that the alignment between business and IT is key to achieving a successful big data strategy. “IT is the custodian of an organisation’s systems and we have tools to allow the business to leverage on the data. However, it is only through working closely with individual business units that we can understand their business challenges and deliver useful analytical solutions,” said Puan Faridah. Lost in Translation Thomas Wong from Petronas picked up on this and added that different users very often required different interpretations of the same data. “Our challenge is to present data in meaningful dashboards. If we don’t get this right early on, users

start blaming the dashboard for misrepresenting the data and lose confidence in data sourcing and integration strategy,” he said. Suresh Velauthan from Petronas said, “We are now developing dashboards that harness data analytics’ ability to deliver business insight. Our goal is to do more than reveal business status, but to drill down through the data and quickly identify actionable information that we can use for business benefit.” Vincent Cotte, Product Marketing Manager South East Asia for SAS, responded to this by sharing that one of the best ways to uncover important relationships within big data is through advanced analysis and data visualisation. Visual analytics empowers the users to discover hidden opportunities, identify key relationships on their own so that they can and make faster and more effective decisions. Ir. Suk hdev Singh, from Boustead Heavy Industries Corp., agreed that implementing self-service data discovery was a good strategy. “The operations and functional managers are the ones that make the decisions based on the reports that are generated, so it makes sense to give them the tools to define the data they need,” he said. This also made collaboration and alignment between IT and business units easier. Daniel V. C. Lee, CIO, Felda Global Ventures Holdings, expanded upon this saying, “Self-service real-time analytics do more than accelerate discovery of big data. It also allows users to do complex what-if analyses faster.” Business decision makers can use this to make better informed decisions, and to plan strategies that cope with volatile market forces. “Real-time analytics is a key enabler in driving a highperformance business culture,” said Lee. Nevala closed the session with a summary of the key points that were raised. “IT departments are transforming from being merely the custodian of an organisation’s data into the architects of business insight. The keys to a successful transformation include greater collaboration with our business partners and empowering the business with capabilities that allow them to freely explore the data and pursue insight,” said Nevala. She added that SAS and Fujitsu are committed to helping organisations overcome their data challenges—big and small—in ways that make good business sense. “After all,” she reiterated, “it’s not the amount of data an organization collects that predicts success. It’s how a company leverages the data they have that drives innovation and improved business outcomes.”

Brought to you by

GRC Supplement

By AvantiKumar

n an interview with Computerworld Malaysia, The Malaysian Software Testing Board (MSTB) President Mastura Abu Samah takes stock of past, current and future initiatives to develop the homegrown software testing to the level needed to take on the global market. As well as tracking progress to becoming a regional software testing hub, Mastura also details some of the topics that will be covered at this year’s upcoming regional SOFTEC conference. In what way has awareness and competence of Malaysia’s software testing industry changed in the last two years (also what the picture looks like today compared to when MSTB launched its first regional conference in 2008)? Both awareness and competence level have improved significantly over the last two years. The increase in awareness is evidenced by an increasing number of participants, particularly from the industry, in SOFTEC, Software Testing Straight Talk and other events that we have organised. The details are: Event

No of participants

Softec 2012

340

Softec 2011

250

STST 2012

245

STST 2011

218

Pushing

the Malaysian Software Testing Envelope In addition to SOFTEC 2013, MSTB’s president details initiatives to further build Malaysia’s software testing industry such as considering the recruitment of people with autism spectrum disorders.

GTB/MSTB Academic 1000 (University Outreach Seminar students and series (Oct 9-11, 2011 lectures) Notably, the increase has come mainly from industry participants. The industry has clearly acknowledged the importance and relevance of software testing to their businesses and operations. In addition, we noted the following trends. There has been an increase in visitations to Q-Lab. In 2012 Q-Lab hosted 21 visits from various public & private organisations (both domestic and international) as well as from Institutes of Higher Learning (students and lecturers). There is also an emergence of open tenders by private and public organisations, which includes specific requirements for independent software testing. Over the last two years, the number of certified testers in Malaysia has increased from 774 (end of 2010) to 1,768 (end of 2012). The number has now surpassed the 2,000 mark. Much of the increase is attributed to the Q-Capability Development, an intervention programme to acceler-

ate the increase in certified software testers in Malaysia. However, we also note that a number of organisations have started to send their employees (in numbers) for certification, using their own funds. This is an indication that more and more organisations have become

aware and they are convinced about the value of certification to their business/operations. Nevertheless, there is still much to do in building our competence. We hope to ramp the number up faster through our Academic Outreach programme, which seeks to facilitate

Computerworld Malaysia September–October 2013 www.computerworld.com.my

enhancement of existing software engineering offerings in Malaysian universities through incorporation of industry-developed software testing and requirements engineering curriculum. Since the launch of initiatives such as Q-Lab in mid-2010, how do you think the industry has helped or hindered progress? Since its opening in 2010, the Q-Lab has attracted numerous domestic and international visitors and they returned impressed. Achieving a Level 3 in the Test Maturity Model integration (TMMi) accreditation also helped strengthen Q-Lab’s positioning as world-class software testing facility. Commercially, the Q-Lab has achieved a number of successes, even from its very first year. The two publicly announced contracts were with Mutiara Smart Computing (2010) and Telekom R&D (2011). Several other contracts were secured after that including a major one sealed earlier this year. (We are not at liberty to reveal the names of the other clients.) The Q-Lab has also been consulted by public and private organisations to help them assess their testing needs and in some cases, to prepare their Independent Verification & Validation (IVV) tenders. In other areas, the Q-Lab has also conducted numerous test tool workshops for universities as well as user organisations. All these are well within the intended purpose of the Lab’s establishment, both as a commercially able testing facility and as a showcase outfit pivotal in supporting and realisation of MSTH activities and objectives. Has the talent gap in the country for skilled testing professionals improved or degraded in specific areas, especially in qualitative as well as quantitative terms? The increase in the number of certified testers, as described above, does help reduce the talent gap for skilled professionals, albeit specific in software testing. Under the MSTH initiative, MSTB promotes internationally-recognised professional certification schemes from the International Software Testing Qualifications Board (ISTQB) and the International Requirements Engineering Board (IREB). Both of these schemes are centred on syllabi that have been developed from the collective experience of seasoned practitioners and experts from around the world. And the syllabi are continuously updated by the respective bodies (ISTQB & IREB). As such,

GRC Supplement

there is no or minimal gap against industry’s current needs/practice. At the same time, MSTB also champions compliance to internationally recognised processes for testing organisations based on the Test Maturity Model integration (TMMi) framework. This is to ensure that both our testers and testing organisations are at par with internationally accepted levels in terms of skills, competency and test processes. Through our Academic Outreach programme, we are trying to address the ‘gap’ issue at the university level. MSTB is working directly with eight universities to pilot implementation of ISTQB’s Certified Tester Foundation Level (CTFL) syllabus in the existing software engineering curriculum. Based on the findings and lessons learnt from the pilot, we will submit a proposal for a national rollout of the programme. We are also starting a similar pilot implementation with IREB’s Certified Professional for Requirements Engineer-Foundation Level (CPRE-FL).

Certain European companies, such as SAP, recently have singled out software testing professionals from the ASD (autistic spectrum disorder) community. While people with ASD have communication issues, their ability to analyse long sets of data with great accuracy is of especial use in quality and testing roles. Do you plan to launch an initiative to take advantage of this in Malaysia and when? We are aware of the development and through our working relationship with the German Testing Board (GTB), we are currently evaluating the initiative undertaken in Germany to see if it will be suitable for the Malaysian environment.

Has the unique approach you mentioned the last time we spoke about building Malaysia as a regional software testing hub yielded meaningful results? The unique approach is an approach on the software testing ecosystem as a whole by MSTH whereby we have incorporated public-private collaboration. The private sector leads the implementation while the public sector intervenes in areas such as policy and legal framework. Apart from that, we have active international participation from the onset. We also provide the platform for stakeholders to collaborate thought initiatives such as SOFTEC and STST. Some intermediate achievements that we have accomplished domestically and internationally are: Domestic: — Increase in the number of certified testers, both CTFL & CPRE-FL (as explained above)

— Open tenders issued by domestic buyers specifically on software testing/Independent Verification & Validation (IVV) — Eight universities in MSTH Academic Outreach Pilot Programme (incorporation of CTFL & CPRE syllabi in Software Engineering courses) — Q-LAB achieved its TMMi Level 3 accreditation in June 2012 and it is eligible to take on “high-end” software testing projects — Government amending procurement policy to cater for independent software testing — Continuous success of SOFTEC annual conference. This year, moving up to regional level as SOFTEC Asia 2013 is targeting 500 delegates from the region. We had only about 100 delegates at the inaugural SOFTEC (in 2008). Since then the number has been increasing. For SOFTEC 2012, the number of delegates was 340. — Establishment of regional chapters of MSTH to spearhead efforts to champion development of software testing industry, aligned to MSTH objectives. — Local companies aspiring to be world-class IVV companies have started to be aware of our existence. International: — Appointment of six internationally renowned software testing experts as members of MSTH International Promotion & Advisory Council (IPAC). — Collaboration with Korea Testing Laboratory on Software Product Certification Scheme. — Collaboration GTB and University of Memphis on MSTH Academic Outreach Programme, which covers both academic & applied research programmes. — Malaysia is now a voting member at the International Standards Organisations, actively participating on the development of new software testing standard (ISO/IEC 29119). — Malaysia, through Standards Malaysia, has registered an application to host ISO JTC1/SC7 Plenary in 2017 (i.e. an annual congregation of the world’s experts to review and/ or develop standards in the field of information technology) — Collaboration with ISTQB & IREB. The next steps or moves forward are as follows: — Cluster development programme, step to make them world-class IVV service provider — Launch of Software Product Certification Scheme — More intervention from government to encourage uptake of IVV services — Create/expand COP, extending to International community — Initiate creation of directory of FDI, etc

Computerworld Malaysia September–October 2013 www.computerworld.com.my

“Both awareness and competence level have improved significantly over the last two years.”

— Mastura Abu Samah, President, Malaysian Software Testing Board

Could you detail how this year’s regional conference is different from previous ones? SOFTEC Asia 2013 (for more information, visit www.mstb.org/softec) is a natural expansion of geographical coverage for the conference. The conference will have some 20 international speakers who will collectively deliver some 40 Keynotes, Plenary as well as Tutorial and Workshop sessions. MSTB has been organising SOFTEC annually since 2008 as a national-level event in Malaysia. The conference features a wealth of international speakers who are well-known in the global arena of software testing. Over the years, SOFTEC has grown to become the premier software testing event in Asia through support from both domestic audience and members of the Asian Software Testing Alliance (ASTA). S OFTEC Asia 2 0 13 w ill ha ve strong representation of speakers from Japan, where quality is embedded in their culture. Speakers from Japan will include Professor Ken Sakamura, the developer of TRON who is often referred to as ‘Bill Gates of Japan’ as well as Professor Motoei Azuma who is the leading expert in Software Quality Assurance in Japan and a well-respected figure in the international software quality standards development. The conference has adopted the theme of Test the Walk and this is closely related to Malaysia’s stated intention to instil Software Quality Assurance (SQA) practices across all sectors of the community. In a nutshell, the theme encapsulates a focus on ensuring that Malaysia is moving in the right direction as the country continues to pursue software quality excellence through learning from the wealth of experience and knowledge of SQA experts and thought leaders from around the globe. At the same time, the SOFTEC Asia 2013 will also be a platform to

share Malaysia’s own initiatives and learning experience in developing its software testing expertise and capability on a national level.

Moving forward, what would be your key priorities? As domestic awareness and demand for software testing rise, the next focus will be to help build Malaysia’s software testing service providers, through the MSTH Cluster development programme. The intention is to help selected (based on certain criteria) Malaysian companies to enhance capability providing independent software testing services. This is to ensure that Malaysian companies benefit from the increase in demand, catalysed by the MSTH initiative. Another focus area is the national Quality Software Certification Scheme based on ISO standards (ISO/IEC 17065 & MS ISO/IEC 17025). Compliance to the ISO standards means that certifications under the scheme are recognised internationally. Through this certification, software product owners will be able to ensure that the quality of their products meet international standards, and this is especially important in boosting marketability of made-inMalaysia software products in the global market. The Government of Malaysia has been supportive of these efforts through positive interventions including: — Ensuring support/participation of Public Sector agencies in MSTH activities — Facilitating coordination/cooperation between MSTB & relevant ministries/agencies in implementing various MSTH programmes/initiatives — Affecting changes in relevant policies where necessary (e.g. procurement) — Grant for professional certification (CTFL, CTAL & CPRE) — Support for international collaborations and promotional activities.

GRC Supplement

Computerworld Malaysia September–October 2013 www.computerworld.com.my

Takaful Malaysia Data Costs

The adoption of CommVault’s Simpana data management platform also brings big data analytics into the insurance firm’s strategic business scenario, says Takaful Malaysia’s CIO. By AvantiKumar

akaful Malaysia’s move to enterprise data management provider CommVault’s data management platform, Simpana, has already helped to cut costs including storage costs by 50 percent, said the Malaysian insurance firm. Other benefits include lowering support costs by up to 35 percent, reducing administrative overhead by up to 80 percent, said Takaful Malaysia’s Chief Information Officer, Patrick Wong. “There’s no doubt Simpana has made it so much easier for Takaful Malaysia’s IT operations in terms of manageability of our entire backup infrastructure,” said Wong. “But what is just as important is the greater level of confidence we have in the new backup system. We can now easily recover data on the fly. Just one week ago, we managed to recover our GM Bancassurance’s mailbox within a few hours. It increases the level of trust in the data we process and this is what strategic IT alignment is all about— supporting the business strategy.” The use of Simpana has also helped to double both backup and archive performance as well as enable scale to manage data growth, meet regulatory requirements and other business demands. Some of Takaful Malaysia’s 125-strong IT staff’s time could now be prioritised to higher value work, he added.

The move to CommVault’s platform was managed by CommVault premier partner Infrastructure Consulting & Managed Services (ICMS), whose managing director Desmond Chan outlined some of the steps in the project, which included the consolidation of three point products on 12 backup servers into a single end to end data management platform running with just two backup servers.

Single Pane of Glass “In addition, Takaful Malaysia, like most other companies, has experienced rapid data growth—from 7TB [terabytes] to approximately 20TB within the span of two years,” he said. “The cost of upgrading the existing backup platform to cope with data growth was estimated at a staggering

RM1 million [US$316,205]. Also, the company’s previous cloud backup solution presented compatibility and scalability issues.” “All the data management functions, reporting and forecasting, can now be done from a single pane of glass, which has lowered management time by 30 percent each day,” said Chan. “As the insurance company has a complex infrastructure across multiple sites—there was often poor backup performance from using multiple platforms. Now a backup can be performed in about 15 minutes from two hours. In addition, granular recovery of information is now possible in half an hour or less instead of the previous two or three days.” “ICMS has an open infrastructure approach and works with backup and cloud solutions from many different partners, depending on the customer’s requirements,” he said. “For example, we also offer CommVault’s ROMS (remote operations management services), which can be managed offsite for customers by us using many different cloud providers.” Takaful Malaysia’s Wong said the next step would be to upgrade to the latest Simpana version 10 by the end of the year.

Latest Version CommVault Systems Asia Pacific Vice President Rick Theiler said the latest version, Simpana version 10, now manages complex stores of data using a single source code. “CommVault has grown not by acquisition but through

(From left) Rick Theiler, Vice President, CommVault Systems, Asia Pacific; and Patrick Wong, CIO, Takaful Malaysia.

developing and expanding modules with its own resources, which means our customers can benefit without relicensing software repeatedly.” “Solutions such as Simpana help to meet challenges faced by many enterprises in APAC,” said Theiler, who cited a 2013 IDG survey, commissioned CommVault, that said more than 75 percent of companies stressed the importance of their end-users having the ability to securely access data remotely from any device. The same study showed that 87 percent of organisations preferred this universal, secure access to company data to be via intuitive search. “The survey describes the data security, productivity and decision-making challenges caused by information silos, highlighting how a single platform providing secure data management and access from anywhere can mitigate these enterprise IT issues.” CommVault’s Malaysia & Brunei Country Manager Eric Lim added that many companies in Malaysia in common with other parts of the world adopt CommVault solutions to first realise immediate cost savings as well as building a future-proof and flexible data management system. “Since we opened the CommVault office in 2006, our customers have come from both the public and commercial sectors that may also need to meet appropriate compliance demands.” Lim said that a recent Gartner study showed that 71 percent of employees use unsanctioned devices and cloud services. “This has created a new level of complexity in the enterprise as 70 percent of data resides on employee devices. The latest version Simpana leaps forward by allowing integration with hardware, thus allowing hardware to perform backups to help meet the demands of this new data growth as well as to protect this data across different, such as iOS and Android, devices.” “Adoption of Simpana so far shows that it can help to boost productivity by up to 50 percent,” he said. “As 70 percent of data resides on employee devices, CommVault software can help to both protect and access this data distributed across devices.”

Three steps to security management:

Prevent, Detect, Correct IT

consumerism is thriving as new devices are rapidly introduced to the market and multiple channels of connectivity enhanced. Cloud computing has boosted social networking activity by providing easier access and faster speed. Businesses, in turn, have tapped into these new communication channels in reaching out to their customers. The proliferation of devices, networks and platforms has also increased vulnerability points within systems, particularly amongst host and network devices. Hosts are particularly vulnerable as they provide access to data, applications and services. Hosts can also be exploited as an avenue to gain further inroads to an organisation’s network. Such breaches may not be immediately detectable, allowing infiltrators the opportunity to bide their time in choosing the moment to attack. Such security vulnerabilities call for a robust configuration management strategy which will protect organisations against constantly shifting threats. “Most attacks are targets of opportunity; the attacker is bouncing around until he finds a weakly defended system, and then uses that to wriggle into a network of connected machines. Because of that reality, hardening systems is the number one priority for businesses,” said Michael Thelander, director of product marketing at Tripwire. “If it’s too hard for the passing hacker, worm, or malware, the attacker is much more likely to just move on to less defended targets.” System hardening is designed to eliminate as many risks as possible by reducing the system’s surface of vulnerability. Organisations determine the configuration and security standards they wish to maintain, then monitor against deviations from these standards. Hardening policies can be applied to devices, applications and networks. Hardening is a component of security configuration management (SCM), an end-to-end process that continually assures the integrity of security configurations and the information they protect. SCM connects an organisation’s IT configurations to the organisation’s initiatives and measures, continually protects information systems, and detects the issues and deviations that increase risk. “SCM provides integrated monitoring capabilities which detect and act when configurations change unexpectedly,” said Thelander. “In many cases, its automated solution can re-test configuration states when a change is detected.” He continued, “It is important for organisations to get back to basics and look at the fundamentals. Given the prevalence of breaches directly related to configuration failures for systems and network devices, implementing a secure configuration management program is essential to properly securing systems and data, as well as in meeting compliance mandates.”

SCM tools are able to detect changes to configuration states and will note real-time changes that occur at different parts of the system such as changes at the server, database, directory server and network device levels. They should also provide automation in repairing misaligned security configurations using role-based workflows, detailed reporting, and fully executable scripts that speed remediation, reduce risk, and save time and money. SCM solutions also allow businesses to leverage on third-party security benchmarks, thereby avoiding the lengthy process involved in creating customised rules whilst conforming to industry standards. Today’s complex IT environment calls for rigorous controls in managing an organisation’s infrastructure. To maintain system security, baseline configurations must be clearly defined, documented and audited continuously. As updates and changes will be made from time to time, configurations will be affected. A change management process which detects and considers the impact of such changes is crucial. Failure to control these changes is a major factor causing security breaches. “Lack of visibility is the biggest problem in detecting weaknesses within a system. This is often due to segregation within IT itself, where different teams take charge of different areas within the system and do not always co-ordinate its configuration definition,” said Thelander. “As a result, teams may not be aware of the state of systems deployed, and how configuration changes may affect other parts of the organisation. Such communication shortcomings allow attackers to exploit the system.” A central configuration management team tasked with co-ordinating the organisation’s overall security policies will help organisations create a baseline of security, monitor updates and eliminate a large percentage of weaknesses. An equally important channel of communication lies in addressing the communication gap between security implementation and business initiatives. “In the past, C-suite executives have tended to prioritise cost over tangible security benefits, whilst IT executives tended to reflect on operational goals and technical improvement as their goals. Brought to you by Such disconnect is changing as security risk management becomes an integral part of business objectives,” said Thelander. He concluded, “Security management should not be viewed merely from the cost basis but as a strategic goal for the organisation.” www.spectrum-edge.com

GRC Supplement

Sourcefire Malaysia Country Manager Ivan Wen suggests different ways on how cyber crime can be more effectively managed by the financial services industry in Malaysia. By AvantiKumar

Computerworld Malaysia September–October 2013 www.computerworld.com.my

Threat-centric

Approach to Cyber Crime

uring an interview with Computerworld Malaysia, networking security and [intrusion prevention [IPS] specialist Sourcefire’s Malaysia Country Manager, Ivan Wen advises that a new threat-centric approach was needed by the banking industry to try and manage the rapidly-increasing number and complexity of cyber crime as more people use Internet banking and other online financial services.

How serious is cyber crime in Malaysia and Asia Pacific compared to the U.S. or Japan and what are the trends? Across Asia Pacific, cyber attacks have grown in frequency, severity and complexity. Many businesses count the number of attacks they face in the tens of thousands every week or month. Over the last two years, Malaysia’s threat landscape has been relatively active. The region’s malware infection rates and botnet drones were well above the worldwide average and Malaysia had the world’s highest concentration of phishing sites. According to the recent MYCERT incident statistics, enterprise fraud and intrusion attempts have risen significantly with approximately 40-50 percent yearon-year growth. These challenges are forcing companies to invest in innovative security technologies that enable visibility, automation and intelligence before lasting damage can occur to business and reputation. There are no silver bullets. Increasingly, security is about looking at it from a defender’s per-

Ivan Wen, Country Manager, Sourcefire Malaysia

spective, mapping an attack to a continuum consisting of three phases: before the attack, during an attack and after an attack.

How many people are using Internet banking in Malaysia. What is the status of cyber crime and fraud in Malaysia? Internet banking has grown steadily in Malaysia since it was first introduced in June 2000, and is now offered by 29 banks in Malaysia. As of September last year, there were 12.8 million registered users, rising from 3.2 million in 2006 and eight million in 2009. Within the region, the highest reported cyber crime was fraud, followed by cyber invasion attempts, spam, denial of service, contentrelated offences, malicious code and cyber defamation. Across Asia, we continue to see attacks, which deploy

targeted, sophisticated approaches. While the motivation and, in most cases, the tactics employed by those responsible for these attacks are different, what has become increasingly apparent is that we now need to look at security in a new way. To combat these attacks, defenders need a new threat-centric approach to security to address the full attack continuum—before, during and after an attack—with continuous visibility into indicators of compromise and retrospective security to quickly contain and stop the damage.

What has been the cost to the Malaysian financial sector of cyber crime? Could you detail the type of incidents and any interesting correlations? The cumulative cost of security incidents, privacy breaches and business

disruption in Malaysia is estimated to have surpassed the RM3 billion (US$950 million) mark over the last five years. Numerous banks in the region have issued security alerts regarding persistent malware such as newer Zeus variants, and Spyeye. A number of cyber crime attacks on financial institutions in the region have been attributed to Trojans. In addition, we are beginning to see fake mobile banking applications that can bypass certain application store security checks and are listed for free download. These applications can attempt to compromise banking information stored on the device in order to commit bank/credit card fraud. Attackers go to great lengths to remain undetected, using technologies and methods that result in nearly imperceptible indicators of compromise. They have the resources, expertise and persistence to compromise any organisation, at any time; attackers fundamentally understand the nature of classic security technologies and their applications and exploit the gaps between them. They relentlessly drive their attacks home, frequently using tools that have been developed specifically to circumvent the target’s chosen security infrastructure. Once they penetrate the network they go to great lengths to remain undetected, using technologies and methods that result in nearly imperceptible indicators of compromise to accomplish their mission. This has severe implications for banks and all other institutions, which now require much stronger security measures to prevent and ward off attacks. As financial institutions continue to turn to technology to enable more efficient and convenient services for customers, what is increasingly apparent is that we now need to look at security in a different way. To effectively defend against these attacks, IT security professionals need to adopt a new approach and start thinking like attackers.

How are security and other information and communications technology (ICT) vendors cooperating with enforcement and government agencies to tackle the breaches at different levels? Could you also detail what technical solutions can address these threats? Security and ICT vendors frequently collaborate with law enforcement agencies to ensure they are equipped with the right operational tools and security intelligence to address key issues and curb cyber crime. We believe this collaboration can help to detect threats and solve cyber crimes targeted at the private and public

GRC Supplement

sectors. Many banking organisations today count the number of attacks they face in the tens of thousands every week or month. Given this landscape, and the seeming inevitability of getting hit, what is impor tant today is how quickly you are aware you have a problem, then being able to measure how serious that problem is and how quickly you stop it from spreading around your organisation to limit the damage done. Organisations can strengthen defences and protect against attacks by gaining the following three capabilities: Visibility: Seek out technologies that not only provide visibility but also offer contextual awareness by correlating extensive amounts of data related to your specific environment to enable more informed security decisions. Automation: You need to take advantage of technologies that combine contextual awareness with automation to optimise defences and resolve security events more quickly. Policy and rules updates, enforcement and tuning are just a few examples of processes that can be intelligently automated to deliver real-time protection in dynamic threat and IT environments. Intelligence: Attackers are conducting extensive reconnaissance before launching attacks; security intelligence is critical to defeat attacks. Technologies that tap into the power of the cloud and big data analytics deliver the security intelligence you need, continuously tracking and storing information about unknown and suspicious files across a widespread community and applying big data analytics to identify, understand, and stop the latest threats. Not only can you apply this intelligence to retrospectively secure your environment, mitigating damage from threats that evade initial detection, but you can also update protections for more effective security.

Natural Disasters, ‘People Power’ Forces Data Rethink

Disaster recovery and backup solutions provider Acronis signs new distribution deal with Malaysia’s Avnet. By AvantiKumar

isaster recovery and data protection provider Acronis said the Malaysian market has become one of its most important focus areas as it is one of the foremost countries where “people power”, in the form of the BYOD trend, is forcing companies to reevaluate their data management plans. During the signing of a new distribution agreement with local IT solutions distributor Avnet Technology Solutions in late June, Acronis Asia Pacific President Bill Taylor-Mountford said “the unrelenting series of floods, earthquakes, and other unpredictable disasters ravaging the whole world within recent years have proven the value of a business continuity policy. It is vitally important to back up critical business data, maintain continuity and provide customer service in the wake of a natural disaster.” “Disaster recovery and data protection solutions present a tremendous revenue opportunity for valueadded resellers, especially in the SMB market,” added Avnet Technology Solutions Malaysia Country General Manager, Chiew Yue Lam.

(From left) Bill Taylor-Mountford, President of Acronis Asia Pacific; and Chiew Yue Lam, Country General Manager, Avnet Technology Solutions Malaysia

In addition to technical solutions, what other processes need to be put into place? Given today’s landscape, and the seeming inevitability of getting hit, it is time to look at security in a different way. Increasingly, it is about looking at security from a defender’s perspective, mapping an attack to a continuum consisting of three phases: before the attack, during an attack and after an attack. We also recommend the following three courses of action: Understand the current face of threats: It is critical to focus on the shifting nature of attacks themselves. Given the rise and severity of attacks around the worlds, organisations should be most concerned with

Computerworld Malaysia September–October 2013 www.computerworld.com.my

the changing nature of threats and approaches attackers are adopting today. Adopt a threat-centric approach to security: Attackers don’t discriminate and will take advantage of any gap in protection to reach their end goal. Rather than rely on disparate ‘silver bullet’ technologies that don’t and can’t work together, organisations need solutions that address the extended network, protecting endpoints, mobile and virtual environments as well. They must share intelligence in a continuous fashion and they must span the full attack continuum-before, during and after

After the signing event, Acronis’s Taylor-Mountford said: “In addition to the natural disasters, people power —in the form of the bring-your-own-device [BYOD] trend—has forced companies, particularly in Malaysia, to revaluate their data handling strategies.” “In my conversations with many companies there is still a resistance to BYOD, and this also results in not realising the full value from the move to personal devices and mobile working,” he said.

The BYOD Storm “Companies are worried by the BYOD storm in that much of their data is on personal devices and being transported through personal cloud services such as Dropbox,” said Taylor-Mountford. “There may be 21 percent of corporate data in rogue clouds in Malaysia and 47 percent of stored data is highly classified, according to different analysts.” “Security is the major worry for businesses of all sizes and as well as disaster recovery [DR] to ensure business continuity, we need a whole integrated approach to better handle data,” he said. “Avnet customers, for example, can access data within a firewall with any compromises and ensure they are meeting appropriate compliance requirements,” said Taylor-Mountford. “What this new partnership will bring to Malaysian businesses is a set of solutions to overcome the hesitancy in adopting cloud strategies. This hesitancy among many companies is of course based on performance, security and data recovery issues.” “The solutions now being offered through this new partnership also take into account proper management and backup of information and to retain corporate data behind a firewall. To pursue BYOD properly, you need both policies as well as the software,” he said. “Recognising a serious shift in the needs for data protection, Acronis has expanded beyond the backup and disaster recovery market to offer virtualisation, cloud and mobility solutions,” Taylor-Mountford said. “Acronis is delivering a comprehensive platform strategy that allows customers to more simply and reliably mitigate the risk to data in today’s world, in ways no legacy vendor can.” Under the new alliance, Avnet will sell, market and support Acronis’ suite of disaster recovery and data protection solutions to resellers and managed service providers throughout Malaysia.

an attack. Look for technologies that go beyond point-in-time detection and blocking to include a continuous capability, always watching and never forgetting, so you can mitigate damage once an attacker gets in. Educate users and IT staff on the latest threats: Educating users so that they are wise to common attack techniques and putting policies in place to restrict user behaviour can go a long way toward preventing malicious attacks that rely on relatively simple methods. Organisations must also be committed to keeping their staff highly trained on the current threat land-

scape. Ongoing professional development with a specific focus on being able to identify an incident, know how to classify it and how to contain and eliminate it will help keep security teams apprised of the latest techniques used by attackers to disguise threats, exfiltration of data and establish beachheads for future attacks. While it’s important to continue to bolster defences, increasing resiliency in the face of relentless attacks is also crucial. A comprehensive approach includes technologies, processes and people so that organisations can take the right action quickly when an attack happens.

GRC Supplement

Computerworld Malaysia September–October 2013 www.computerworld.com.my

Forefront Business Strategy

Put GRC at the of Rodney Teoh, Director, KPMG ASEAN Management Consulting

This year’s Computerworld Malaysia GRC Forum includes how some risk management approaches could sharpen investment decision-making. By Rosalind See

bout 100 information technology (IT) professionals participated in Computerworld Malaysia’s Governance, Risk and Compliance 2013 forum held at Intercontinental Hotel, Kuala Lumpur on 2 July 2013. This yea r ’s for u m fo cu s e d o n G R C ’s value in driving strategic initiatives as organisations strove to meet the challenges posed by new markets and communication channels. “In addition to enhanced efficiency and risk mitigation, GRC technology is beneficial to organisations in its strategic performance role as risk and compliance information can help them make better business and investment-allocation decisions,” said Computerworld Malaysia Editor AvantiKumar in his welcome address. “The advent of cloud computing has led to a more digitalised and interconnected world. We have seen data explosion and the pervasiveness of applications which can be accessed from everywhere. The line between personal and professional hours, devices and data has disappeared,” noted keynote speaker CyberSecurity Malaysia Head of Innovation and Commercialisation Department,

Mohamed Anwer bin Mohd Yusoff. “The avenues, speed and dexterity of attacks and threats have increased. New actors acting on motivations ranging from cyber crime to terrorism to state-sponsored intrusions have emerged.” Security is often cited as one of the top concerns in surveys on cloud computing with trust, multi-tenancy, encryption and compliance being some key issues. However, cloud security was a tractable problem. “There are security advantages in shifting to the cloud,” said Anwer. “Shifting public data to an external cloud reduces the exposure of internal sensitive data. Cloud homogeneity makes security auditing and testing simpler. Cloud computing enables automated security management with more redundancy and disaster recovery options available.” Security challenges included having to place trust in a vendor’s security model and the loss of physical control. There may also be audit challenges in obtaining support for investigations, indirect administrator accountability and an inability to respond to audit findings. “The main challenge on cloud security is the lack of clear standards for cloud. Currently, there are only

guidelines. Standards are still being developed but the process is long with much negotiation with industry players involved. As with all things new, there could also be a period of confusion once standards are adopted,” cautioned Anwer. “Compliance is not the same as security, and security is not the same as compliance.” “We are so hung up on security that we do not understand compliance,” agreed keynote speaker International Association of Outsourcing P r o f e s s i o n a l s ( I AO P ) M a l a y s i a Chairman and Matryzel Consulting Chairman & Chief Executive Officer,

Bobby Varanasi. “Organisations are so caught up in strengthening their operations that they forget to address the strategic challenges. This results in the same responses to more complex problems.”

Managing Complexities “We are living in the age of modular corporations, where corporations are breaking down their walled boundaries and permitting external organisations to collaborate in core areas of the business. This calls for agility and flexibility across the board, and an understanding that risks can

“Compliance is not the same as security, and security is not the same as compliance.” —Mohamed Anwer bin Mohd Yusoff, Head of Innovation and Commercialisation Department, CyberSecurity Malaysia

GRC Supplement

emanate internally from within and across functions,” he said. “Most risks manifest themselves from little understanding of market dynamics or poor people practices. Inaction or lackadaisical approaches toward problem-solving will translate issues into unmanageable risks.” While national boundaries created predictable environments, cross-border transactions revealed the need for better understanding of different legal and regulatory environments as well as local market knowledge. “The ASEAN 2015 agreement and South-South collaborations will bring further opportunities and challenges,” said Varanasi. “GRC competencies p r ov i d e a b l u e p r i n t for success in the age where global dynamics call for a more strategic approach in planning growth.” He continued: “Governance is a process, not just a discrete endeavour which needs to be deployed in times of need. It is a core function within organisations—corporate or government. Practising compliance is important in the context of effectiveness, not just from a standpoint of consequences. These practices have to be considered a priority and embedded into all management roles, and throughout the organisation.” “The value placed in GRC has shifted in recent years,” noted the third keynote speaker, KPMG ASEAN Management Consulting Director Rodney Teoh. “The KPMG GRC survey 2012/2013 showed that 74 percent of

Bobby Varanasi, Chairman, International Association of Outsourcing Professionals Malaysia, and Chairman & CEO, Matryzel Consulting

Asia Pacific respondents expressed serious interest in using GRC technology to address defensive situations such as reducing risk exposure and mitigating fear of reputational risk. Cost reduction and agility, considered higher priorities in past years, were now considered lower priorities.” The sur vey also showed that awareness of the GRC technology available was still limited. “Respondents cited visibility over risk and compliance activities as the primary requisite for any GRC technology, but were unsure on how they could leverage GRC technology in shoring up their risk exposure,” said Teoh. “GRC investment today must provide enterprise-wide coverage while helping companies meet their expansion goals. Consolidating and integrating the different existing GRC solutions in your organisation can result in cost savings, efficiency and productivity gains. It can also unlock new cross-functional integration functionality.”

Closing Compliance Gaps As organisations move beyond their home borders, they will face challenges in identifying compliance gaps across different countries and will need to develop policies which reflect their expanded regional and global reach. “Policies sit between what regulations dictate and the controls embedded in the organisation to enforce operational practices. Automation of regulatory compliance management will help organisations in controlling fragmented silos, work replication and the increased cost of compliance,” said Teoh. A regulatory compliance lifecycle encompassed initial implementation and maintenance, continuous monitoring followed by internal and external audits. “Do not try to address

Computerworld Malaysia September–October 2013 www.computerworld.com.my

all regulations at once,” advised Teoh. “Star t your pilot programme by assessing a few key sets of regulations. Once you have stabilised the implementation and can sustain these key solutions, then bring on board more regulations which are not critical in the first phase but will be important to the company in the long term.” The GRC platform also incorporated business continuity management (BCM) and disaster recovery (DR) planning. “Organisations have to cater for a range of unanticipated events and have to be ready at all times,” said Teoh. “Do not under-estimate the effort required in ensuring that middle and senior-level management have immediate visibility and are familiar with what they need to do. Co-ordination and remote access to BCM systems is important as key personnel are unlikely to be found at a single location when disaster strikes.”

Continuous Security Management “One of the biggest IT security challenges today is enforcing security policies,” said MEASAT Broadcast Network Systems (ASTRO) Manager, IT Security and Assurance, Chaiw Kok Kee. “Establishing and implementing a security policy framework is only useful if you can measure its effectiveness. As a start, organisations can adopt a recognised benchmark which limits risk and enforces good security.” Having good security policies includes constant testing and adding reinforcements for continued improvement. “Secure configuration management starts with system hardening to reduce surface attacks in information systems and minimise their vulnerabilities,” he said. “It continues with automated capabilities which are repeatable, flexible, continuous and self-correcting.” “Security configuration is one of the most critical steps to achieving an objective measure of cyber security,” said Chaiw. “Configuration drift is a constant enemy, and organisations have to constantly document changes made to ensure continuous compliance.” Organisations have responded to new attack vectors by focusing their efforts and investment in putting in more controls. While such controls

Chaiw Kok Kee, Manager, IT Security and Assurance, MEASAT Broadcast Network Systems (ASTRO)

had reduced the attack surface, it had not prevented threats from breaking though. “There is no silver bullet in securing your systems. Layers of protection are required to counter threats and these layers have to be deployed along the entire attack continuum,” said Sourcefire Malaysia, Brunei and Vietnam Security Architect K.Y. Kong. “There are three distinct phases to be addressed along the attack continuum,” he said. “The first phase takes place before an attack. Companies have to understand their environment and its vulnerabilities in order to protect it. This includes knowing their networks, devices, applications and users, and implementing the appropriate controls and access.” “Detection and prevention takes place in the second phase of the continuum,” said Kong. “In the third phase, which is after an attack, organisations have to be able to determine the scope of damage, and enforce containment and remediation measures.”

Return on Investment How companies derive value from their GRC investments is reflected in their approach towards it. “Management plays an important role in determining the attitude towards GRC,” said Chaiw during the panel discussion. “A company which is proactive in its GRC approach and goes beyond just meeting minimum requirements will reap the benefits of better governance.” “GRC responsiveness is a function of an organisation’s environment,” agreed Varanasi. “There is a need to understand cross-functional risk. People understand risk within their function but do not always consider the impact of their actions on other functions. This results in hits on an organisation’s balance sheet and may affect its customers.” As Malaysian companies go regional and global, cross-border business means that organisations will be subjected to higher GRC standards. “Revenue-generation ultimately dictates the behaviour on appetite for risk,” said Teoh. “With reputational risk at stake, IT compliance will play a major role in organisations’ investment decisions.”

GRC Supplement

The

Computerworld Malaysia September–October 2013 www.computerworld.com.my

CIO Challenge of Making IT Seamless

Malaysian Professor Dr Jasbir Dhaliwal, Director at FedEx Institute of Technology in Memphis, USA, will return to Malaysia to chair the CIO roundtable at this year’s SOFTEC Asia 2013 event in Kuala Lumpur. By AvantiKumar

ased at the University of Memphis, USA, Malaysia-born Professor Dr Jasbir Dhaliwal, FedEx Institute of Technology Director, System Testing Excellence Program (STEP), gives his take on CIO challenges and what Malaysia and other Asean countries can learn from software testing adoptions in developed nations.

Professor Dr Jasbir Dhaliwal, Director, System Testing Excellence Program, FedEx Institute of Technology.

What are the main issues or problems faced by CIOs today in organisations within the Asean region? With the rapid integration of business in Asean, CIOs are faced with challenges to make IT systems work seamlessly across borders with countries having big differences in sophistication of IT configurations, user interfaces, back-end processes, mobile infrastructure, pricing and business rules, etc. Regional CIOs have to spend a lot more time and attention on testing to make sure these challenges are overcome and to ensure that business is not impacted by failure in software functionality. They are also faced with a shortage of skilled personnel who understand sophisticated software testing best practices that to lead to quality software. The rapid pace of change in mobile computing is also forcing CIOs to increase investments on testing to make sure business software runs seamlessly across multiple platforms.

The fact that many C-level business executives, who are the peers of the CIO, don’t understand the value of the cost of investments in software quality also creates challenges for the CIO to make a strong business case for such investments.

How quickly do you see organisations in the Asean region adopting software testing in their companies and also which industries are moving into this area? By and large Asean today remains a net importer of business and scientific software. This flow can only be reversed if Asean technology organisations strengthen their testing efforts to produce higher quality software that strengthens their global branding. Over the last decade, there has been a growing realisation about this and I am seeing significant progress. There is a growing realisation that software testing has a key role to play and that software testers are a key profession and career path separate and distinct from coders and systems analysts. I also see a big jump in the ambition of regional technology organisations in wanting to be producers of world-class software especially in a new world where software is being incorporated into all kinds of physical products. There is a lot of software code today that is incorporated into the core of physical products such as cars, weapons systems, digital assistants, TVs, etc. that have large consumer markets in ASEAN so I expect these industries to move very fast on software testing. At the same time, the diversity of Asean necessitates complex supply chain and demand networks for servicing customers—these are all coordinated and optimised by software. The greater the complexity and dependence on these networks, the larger will be the investment necessary for software testing.

How can software testing produce ROI for organisations? Returns on investment is a complex phenomenon incorporating both tangible and intangible costs and benefits. Too often many business

executives don’t buy into the ROI of software testing efforts until there is a major breakdown of their business systems that brings their organisation to its knees in terms of revenues. It does not have to be like this—our research centre is working intensively on educating North American C-level business executives in this regard. I have found that some CEO’s of large enterprises often prefer an outside assessment of software testing ROI than their own internal studies. I suspect this could be because current technology executives have a poor understanding of methods of relating business risks to software failures. They may also be struggling to articulate the business value of sophisticated software testing methods (which can be very technical) to their peers. I constantly preach to CIOs and software development executives that the costs of software testing must always be separated from the overall budget for new software so that business executives get used to making direct investments in software quality. The good news is that Risk-based Testing methods are becoming known and popular now at senior business levels. Developing sophisticated ROI methods for software testing remains an applied research challenge and we are focusing on it.

Please share any other similar business models that have worked in other countries that may be adopted by the countries in Asean. A greater number of American organisations are now focusing on the unit cost of diverse testing activities. This is driving a lot of change in how test planning is done and how software testing is managed. There is also a move towards having distinct servicelevel indicators that are testing based in outsourced testing contracts. Too often in the past, these were either too

high-level or borrowed from the “callcentre” mindset that did not value the creative dimensions of testing work. This is changing the way outsourced testing is being contracted. There is also a big push to measure and manage innovation in testing work—both in terms of automated tools and sophisticated test methods. This is shifting the traditional out-of-date mindset of software testing as being a largely manual and disorganised effort at finding bugs or breaking software. A lot of these ideas are fast seeping into and becoming common place in the Asean technology management and testing communities. While Asia has a growing technical research community in software testing and a large hungry market for applied testing innovations—we need to do more to bridge the divide between these two groups for future success in practical business models for software testing.

What new things can we expect from SOFTEC Asia this year? SOFTEC 2013 represents a landmark in the continuing development of software testing as a technology discipline and profession in the region. Besides earning recognition as a truly Asian phenomenon now, it is great to see SOFTEC grow to become the STAREAST or EUROSTAR of Asia. The coming together of pan-Asian practitioners of software testing and experts from around the world will spur a lot of innovations and new breakthroughs besides the obvious business deals for companies. I am also excited to see the sophistication of the topics and issues being discussed in the conference programme —they are truly at the cutting-edge and we have some great international speakers involved. There is something for everyone including the junior coder testing his or her first program to the C-level technology executive seeking the best new ideas to keep testing at the forefront of his or her software development efforts. There is even a post-graduate workshop for academics to share ideas and to learn about business needs that should drive future testing research. SOFTEC Asia 2013 is a regionallevel conference on software testing organised by the Malaysian Software Testing Board (MSTB) under the auspices of the Malaysia Software Testing Hub (MSTH) initiative, Public-Private collaboration to develop a new source of economic growth for the nation. The conference will be held at the Sunway Resort Hotel and Spa from 2-5 September. Prof Dr Dhaliwal will be present at SOFTEC Asia 2013 in Kuala Lumpur to chair the CIO Roundtable.

Logging Off

Computerworld Malaysia September–October 2013 www.computerworld.com.my

The Technology to Read Your Mind

Editorial

n a recent article in The Atlantic on functional MRI (fMRI), a tool used to assess brain activity changes, it was mooted that such a technology could be used to “infer information regarding who we are thinking about, what we have seen and the memories we are recalling.” The technology to ‘infer thought’ from mapping brain activity is evolving ahead of the legal, social and political considerations of mind-reading machines. In the US last year, one man on trial for murder attempted to use fMRI-based lie detection results to prove that the death was due to a suicide. This attempt was rejected by the court. Meanwhile a year earlier, in another case, the court decided to exclude fMRI lie detection results as it was not convinced that the process could even be tested never mind whether it could actually detect “real lies”. However, it is only a matter of time before more widely-accepted brain scanning methods are available for use both by prosecutors and defendants. Of course, another consideration is whether computing technology can mimic the brain’s capacity for perception, action, and thought. Let’s remember the human brain works slowly at low precision and yet has no difficulty with recognising, interpreting, and acting upon patterns while using only the same power as a 20 watt light bulb with the volume of a two-litre bottle. Undaunted, IBM is working on a programming architecture for chips modelled after the human brain. “Architectures and programs are closely intertwined and a new architecture necessitates a new programming paradigm,’ said Dr Dharmendra Modha, the principal investigator for the project at IBM Research, told a Daily Mail reporter. ‘While complementing today’s computers, this will bring forth a fundamentally new technological capability in terms of programming and applying emerging learning systems.” Back to our simple question: could defendants be forced by warrant to undergo tests to prove their innocence or guilt? As US-based professor of law Dov Fox wrote in a 2009 law review article, “Brain imaging is difficult to classify because it promises distinctly testimonial-like information about the content of a person’s mind that is packaged in demonstrably physical-like form, either as blood flows in the case of fMRI, or as brainwaves in the case of EEG.” He suggests that the compelled use of brain imaging techniques would “deprive individuals of control over their thoughts” and be a violation of the Fifth Amendment. Unfortunately, many nations have not clarified their stand on individual privacy, never mind making provision to secure such a right. What do you think?

Editor AvantiKumar Sub-editor

Subatra Suppiah Zafar Hasan Anjum Contributor Rosalind See Art Director Benedict Koh

Online Editor

Advertising/marketing/reprints Account Manager Catherine Loh Tel: +603 7804 3692 Email: cloh@execnetworks.com Sales Director Glen Myles Tel +65 6395 8018 Email: gmyles@execnetworks.com Regional Account Director Francesca Lee Tel: +65 6395 8041 Email: fclee@execnetworks.com Regional Account Director Ng Yi-lin Tel: +65 6395 8045 Email: ylng@execnetworks.com Circulation & Production Circulation And Production Specialist Doris Jacob Tel: +603 7804 3692 How To Contact The Editor We welcome your letters, questions, comments, complaints and compliments. All should be addressed to the Editor, AvantiKumar: Tel: +603 7804 3692 Email: avantikumar@execnetworks.com Address: Unit 612, Block A, Kelana Business Centre, 97 Jalan Ss 7/2, Kelana Jaya 47301 Petaling Jaya, Selangor Darul Ehsan, Malaysia executive networks Media chief executive officer Mark Hobson Finance Manager Allan Chee Operations Manager Alison Lim About Executive Networks Media Executive Networks Media is the publisher of the region’s leading media brands dedicated to covering and supporting the information and communications industry (MIS Asia, CIO Asia, Computerworld Singapore and Computerworld Malaysia), the producer of events devoted to the communities they represent, and the owner of a research consultancy dedicated to studying technology industry developments as well as technology deployment trends across Asia. Subscriber Services & Updates Please contact Doris Jacob Email: subs-cwm@execnetworks.com Subscription rates for one year Malaysia – RM38.00 Countries within Asia – US$25.00 Countries outside Asia – US$32.00 This publication may not be reproduced or transmitted in any form in whole or in part without the written express consent of the publishers. Executive Networks Media Sdn Bhd (743215-W) Unit 612, Block A, Kelana Business Centre 97 Jalan Ss 7/2, Kelana Jaya 47301 Petaling Jaya, Selangor Darul Ehsan, Malaysia Printed By: KHL Printing Co Sdn Bhd (235060-A) Lot 10 & 12, Jalan Modal 23/2 Seksyen 23 Kawasan Miel Phase 8 40000 Shah Alam, Selangor, Malaysia

avantikumar@execnetworks.com

Get your latest technology resources from

the largest I.T. library in the region

cio-asia.com

technology issues that impact business

mis-asia.com

deeper insights into IT strategy and best practices

computerworld.com.sg and computerworld.com.my analytical reporting on local and global breaking news

Sign-up for our e-newsletters that suit your key responsibilities and information needs: Regional e-newsletters  CIO Asia  MIS Asia Country e-newsletters  Computerworld Singapore  Computerworld Malaysia  MIS tech Hong Kong Technology e-newsletters  MIS tech Cloud Computing  MIS tech Security  MIS tech Data Centre Industry e-newsletters  MIS Asia Public Sector  MIS Asia Manufacturing  MIS Asia Financial Services  MIS Asia Logistics & Retail