Page 1

ANALYST OPINION: MAKING SENSE OF TECHNOLOGY INNOVATIONS An ITP Technology Publication

June 2013 | Volume 26 Issue 6

DCIM rising Getting to grips with data centre management

Aligning business and IT strategies in the Middle East for 28 years

SUMMIT REPORT SHARING KNOWLEDGE 26

Ahmed Niyas, IT manager for Freightworks, talks unified communications and technology upgrades.

End user

Delivering Unified Comms Logistics provider Freightworks deploys unified communications to connect its staff and enhance customer services 42

STORAGE SOLVED MANAGING GROWING DATA REQUIREMENTS 54

Beyond Mobile Device Management BYOD 2.0 brings clarity to mobility 36

PLUS

Flexible Licensing Why software vendors need to rethink approaches to licensing Framing Security GBM wants end users to put policy at the heart of security efforts


/CONTENTS

June 2013 VOLUME 26 ISSUE 06

42

42

FREIGHTWORKS CONNECTS TO SUPPORT GROWTH Ahmed Niyas, (l) information technology manager, & Steen Hartwig, managing director, Freightworks.

Unified communications platform will help Freightworks to deliver business efficiency

June 2013 ARABIAN COMPUTER NEWS

1


/CONTENTS

THE FRONT

05

22

38

64

/START

/ANALYSIS

/COMMENT

/AFTER HOURS

The latest news headlines and

Middle East companies are not

Software producers need

Philip Hughes, managing

vital data from the local and international IT markets.

implementing proper policies to manage BYOD.

to develop more exible licensing to encourage uptake.

director Middle East, Sims Recycling Solutions.

26

48

54

24

26

Next-generation operating systems from Fortinet help protect against advanced application layer attacks.

The ACN Enterprise Computing Summit took a closer look at the key issues facing the regional IT industry today.

PROTECTING WEB APPLICATIONS

2

ARABIAN COMPUTER NEWS June 2013

IT LEADERS TACKLE INDUSTRY ISSUES

48

KEEPING UP WITH INNOVATION Analysts discuss how CIOs can understand new technologies and how to put them into action in their organisations.

60 54

ENTERPRISE STORAGE GROWS Data volumes and analytics are driving demand for innovation in complex enterprise storage solutions.


ITP TECHNOLOGY PUBLISHING BYOD: MOBILITY TREND HYPE OR NEW AREA OF SECURITY RISK? April 2013 | Volume 26 Issue 4

An ITP Technology Publication

Proving value How to demonstrate the value of projects to all stakeholders

Aligning business and IT strategies in the Middle East for 28 years

41

ENHANCING ASSET MANAGEMENT DU SELECTS MAXIMO EAM

PLUS

End user

Ready for growth Al Ain Zoo rolls out wide ranging IT upgrades to support new business growth 46

IP Communications Avaya evolves solutions to cater to the mid-market

58

PLUS

Abu Dhabi Ports Company moves its mission critical Oracle deployment onto a VMware virtualised environment for performance gains

Hiring Smarter Essential business and personal skills to look for in potential hires

40

2013¢McH

_www.itp.net_

www.itp.net MAY 2013 Vol. 11 Issue. 05

Virtualising mission critical

Breaking Silos Performance management gives holistic IT view

5 2^Â&#x2021;G* ,y|<gM2cÂł*gÂ&#x153;{G*

Building and delivering IT solutions for the Middle East

End user

Cloud Bursting Key considerations for adopting the cloud burst model

MANAGING SKILLS HOW TO ATTRACT AND RETAIN THE BEST IT TALENT

An ITP Technology Publication

CISCO TO BEEF UP CLOUD PROGRAM INTEL, ETISALAT MISR UNVEIL NEW SMARTPHONE ALMASA, LG PARTNER CANON REFRESHES PIXMA ARRAY EMPA SIGNED AS HUAWEI DISTIE

52

Ahmed Aljneibi, manager of IT Support for Al Ain Zoo, discusses building out solutions to support wideranging expansion plans.

52

An ITP Technology Publication

Consumer Security Opportunities for channel partners

Retail Appeal The rise of power retailers

PRIVATE CLOUD RISING IN THE REGION

Managed print services Lightening the load of hard copy solutions

Project Round Up New deals and ICT project deliveries from around the region

42

Dr Saif Al Ketbi, vice president of IT, Abu Dhabi Ports Company, explains how the company shifted its comprehensive Oracle stack onto VMware.

46

58

FIREWALLS: MOVING INTO THE CLOUD

Risk & Reward How Noor Islamic Bank tackles growing cyber crime threats

Aligning business and IT strategies in the Middle East for 28 years

BI ANALYTICS BUSINESS INTELLIGENCE EVERYWHERE

Projects Getting the best from ERP teams

May 2013 | Volume 26 Issue 5

16

cÂ&#x;Â&#x2122;<25zÂ&#x2021;- "Â&#x2014;hI(*" $cFy|Â&#x2013;G

34

30

Â&#x203A;cÂ&#x2021;Â&#x2013;G "Â&#x2014;hI(*"Â&#x2DC;¢Â&#x2013;0yÂŽ'¢¾g8c1g¤ Â&#x160;*^Â&#x153;GyM&* Â?Â&#x2013;+2°Â&#x161;¤E&* ÂŚxG*K2013

PLUS

Khalid Wani, sales director - Branded Business, WD

22

CME Partner Conference 2013

g¤Â&#x153;H&Âą*jcnhÂ&#x153;Âľ* Ă&#x17D;Â&#x201C;Â&#x2013;Â&#x;h{Â&#x2122;Â&#x2013;G

This yearâ&#x20AC;&#x2122;s channel conference will focus on innovation P22

Â&#x2C6;¤dG*ÂŚ^¤Â&#x2021;HÂ?H$cFy|Â&#x2013;G,Ă?dFÂ&#x20AC;8yD

A Bright Future Salim Ziade, GM, PPS at HP talks about the future of the new busines unit P24

g)znhGc+Â&#x2C6;¤dG*jcFy7K

exBÂ&#x153;<Â&#x17D;xÂ&#x2020;yÂ&#x20AC;}Â&#x2C6;Â&#x161;G*^Gc1 gFyÂ&#x20AC;7ÂŚDÂ&#x2122;cÂ&#x161;<&²*yMÂŁÂ&#x201A;-yM^H Â&#x192;Â&#x20AC;6K&²*Â&#x201C;yÂ&#x20AC;}G*\4^Â?Â&#x17D;M^h+] cÂĽÂ&#x2018;MyD(*Â&#x2122;cÂ&#x161;Â&#x20AC;7K

²+Â&#x2DC;eÂ&#x2018;iÂ&#x20AC;|G RETAIL SALVO hÂĽEyF+-{ 0' hL3ÂŁÂ&#x2C6;Â&#x20AC;|F+Â&#x201C;ÂŁÂ&#x20AC;|F+Âą 56 8

WD ups the tempo as it moves to boost its branded business in the Middle East (26)

 8

28

lqdG*K gCCDyCCÂ&#x2021;CCÂľ* Â&#x2DC;2cCCdCC- Â&#x2DC;cCCCš ° "ÂŚK*¢J" Â&#x2C6;CCH Â&#x17E;KcCCÂ&#x2021;CC- ,yCCFxCCH Â&#x2C6;CCE¢CC- "K2"  "ÂŚK*¢J" gCCFyCCCC7 Â&#x2C6;CCH Â&#x2C6;CCM5¢CC- gCC¤CCEcCCÂ?CC-* Â&#x2C6;CCE¢CC- "cdH(*"  Â&#x161;CCCJ42 Ă&#x17D;CCMĂ&#x160;CCH 7 gÂ&#x2122;¤Â?+ ,^CCM^CC/ jcÂ?Â?8 Â&#x203A;Ă&#x2026;CCC- "Â&#x201A;6K&Âą* Â&#x2019;yCCCC|CCG* Â&#x17E;¢IcF"  Â&#x201A;CCCCCC6K&Âą* Â&#x2019;yCCCC|CCG* ° Â&#x2C6;6¢hÂ&#x2013;G cÂ&#x;  1 lqd- "o¤Â&#x2013;´* 43*y+"

An ITP Technology Publication

USER GROUPS: REGIONAL END USERS WORKING BETTER TOGETHER

Registered at Dubai Media City PO Box 500024, Dubai, UAE Tel: + 971 (0)4 444 3000 Fax: + 971 (0)4 444 3030 Web: www.itp.com Off ices in Dubai & London ITP TECHNOLOGY PUBLISHING CEO Walid Akawi Managing Director Neil Davies Managing Director Karam Awad Deputy Managing Director Matthew Southwell General Manager Peter Conmy Editorial Director David Ingham EDITORIAL Senior Group Editor Mark Sutton Tel: +971 4 444 3225 email: mark.sutton@itp.com Contributors Keri Allan, Georgina Enzer, Stephen McBride, Manda Banda, Piers Ford ADVERTISING Sales Director George Hojeige Tel: +971 4 444 3203 email: george.hojeige@itp.com Sales Manager Ajay Sharma Tel: +971 4 444 3398 email: ajay.sharma@itp.com STUDIO Head of Design Daniel Prescott Principal Creative Simon Cobon PHOTOGRAPHY Chief Photographer Jovana Obradovic Senior Photographers Efraim Evidor, Isidora Bojovic Staff Photographers George Dipin, Juliet Dunne, Murrindie Frew, Shruti Jagdesh, Mosh Lafuente, Ruel Pableo, Rajesh Raghav, Verko Ignjatovic PRODUCTION & DISTRIBUTION Group Production & Distribution Director Kyle Smith Deputy Production Manager Basel Al Kassem Managing Picture Editor Patrick Littlejohn Distribution Executive Nada Al Alami CIRCULATION Head of Circulation & Database Gaurav Gulati

MAY 2013

AN ITP T EC H N O LO GY P U B L I CAT I O N

MAY 2013

Critical analysis for telecommunications executives

CLINIC WHY MOBILE MONEY MATTERS FOR TELCOS IN ME

VOLUME 19 ISSUE 5 An ITP Technology Publication www.commsmea.com

P4//EXPANSION Ooredoo launches LTE network in Qatar P10//OPERATIONS Bahrain 4G auction delayed over dispute P13//FINANCE Zain Saudi extends maturity on loan

Managing upwards â&#x20AC;&#x201C; stakeholder management â&#x20AC;&#x201C; is absolutely vital to successâ&#x20AC;? RICHARD GUEST ON CEO CHALLENGES// p28

//50 FEATURED PRODUCT BlackBerry Enterprise Service 10: the features you need to know //52 VENDOR PROFILE Reichle & De-Massari reveals its regional wins and expansions

FIT TO BURST INTEREST IN CLOUD BURSTING IS GROWING RAPIDLY //42 CASE STUDY

COUNTRY FOCUS

Jordan retains potential //p32

RISING STAR

Qatarâ&#x20AC;&#x2122;s Esâ&#x20AC;&#x2122;hailSat outlines ambitious plans for expansion in the run-up to the launch of its ďŹ rst satellite

OSN implements ForeScout CounterACT NAC system //26

CHAOS THEORY

CYBER CRIMINALS TAKING CONTROL OF INDUSTRIAL SYSTEMS AND BRINGING DOWN CITIES AND COUNTRIES IS NOT THAT FAR-FETCHED SAYS EUGENE KASPERSKY

The Middle Eastâ&#x20AC;&#x2122;s Leading IT Magazines are read by The Regionâ&#x20AC;&#x2122;s Most Important IT Leadersâ&#x20AC;Ś To have your copy delivered directly to your doorstep, SUBSCRIBE online by logging on to:

www.itp.com/subscriptions

MARKETING Head of Marketing Daniel Fewtrell Marketing Manager Michelle Meyrick Deputy Marketing Manager Shadia Basravi ITP DIGITAL Sales Director George Hojeige Tel: +971 4 444 3203 email: george.hojeige@itp.com Business Development Manager Josephine Dâ&#x20AC;&#x2122;Sa Tel: +971 4 444 3630 email: josephine.dsa@itp.com Group Sales Manager, ITP.net Vedrana Jovanovic Tel: +971 4 444 3569 email: vedrana.jovanovic@itp.com ITP GROUP Chairman Andrew Neil Managing Director Robert Seraf in Finance Director Toby Jay Spencer-Davies Board of Directors KM Jamieson, Mike Bayman, Walid Akawi, Neil Davies, Rob Corder, Mary Seraf in Circulation Customer Service Tel: +971 4 444 3000 Printed by Emirates Printing Press Dubai, L.L.C Controlled Distribution by Blue Truck Subscribe online at www.itp.com/subscriptions Arabian Computer News is audited by BPA Worldwide Average Qualified Circulation: 10,235 ( July-Dec 2012) The publishers regret that they cannot accept liability for error or omissions contained in this publication, however caused. The opinions and views contained in this publication are not necessarily those of the publishers. Readers are advised to seek specialist advice before acting on information contained in this publication, which is provided for general use and may not be appropriate for the readersâ&#x20AC;&#x2122; particular circumstances. The ownership of trademarks is acknowledged. No part of this publication or any part of the contents thereof may be reproduced, stored in a retrieval system or transmitted in any form without the permission of the publishers in writing. An exemption is hereby granted for extracts used for the purpose of fair review.

Published by and Copyright Š 2013 ITP Technology Publishing Ltd. Registered in the B.V.I. under Company Registration number 1402846.

4

ARABIAN COMPUTER NEWS June 2013


SECURITY

Cyber attacks rob $45m from Gulf Banks Faked RAKBANK and Bank Muscat cards used to take cash from ATMs worldwide

T

Image: Ramin Talaie/Getty Images

wo banks in the Gulf have been robbed of more than $45m by an international credit card hacking gang. The gang hacked into the systems of several credit card processing companies, believed to be based in India, and used stolen card data to create counterfeit cards which were used to withdraw cash from ATMs in as many as 27 countries, according to authorities in the US. The hackers increased the available balance and withdrawal limits on prepaid MasterCard debit cards issued by the Bank of Muscat of Oman, and National Bank of Ras Al Khaimah (RAKBANK) of the United Arab Emirates. Card data was then distributed to gangs in target countries, who used faked cards to withdraw large volumes of cash in Lynch: “In the place of guns and masks, this cyber crime organisation used laptops and the Internet.” two co-ordinated attacks. The first alleged attack, using RAKBANK card data, took place in December 2012, with the gang making 4,500 transac- other countries, but no details have been released tions worth $5m across about 20 countries. The second attack against Bank of Muscat at present. took place in February this year, with $40m stolen from ATMs in 24 countries through In a statement, Mastercard said it had cooper36,000 transactions that took place in just ten hours. ated with law enforcement in the investigation and Two India-based card payment processing companies, EnStage and ElectraCard, stressed that its systems were not involved or comwere later named by Reuters as having been the weak links that were compromised by promised in the attacks. the hackers. The New York cell had also taken steps to launIn New York alone, members of the gang using cloned cards for a single Bank of der the stolen cash through a bank account in MiMuscat account number made 2,904 withdrawals from ATMs across the city, netting ami, and buying luxury cars and watches. $2.4m in all. “In the place of guns and masks, this cyber The US Justice Department said it had arrested seven members of the New York crime organisation used laptops and the Internet,” operations of the gang, while an eighth suspect, the leader of the New York cell, was US Attorney for the Eastern District of New York reported to have been murdered in the Dominican Republic on 27th April. The scale of Loretta Lynch said at a news conference. “Moving the attacks mean that hundreds of people are likely to have been involved in withdraw- as swiftly as data over the Internet, the organisaing the cash from the ATM networks. tion worked its way from the computer systems of Law enforcement agencies in Japan, Canada, the UK, Romania and 12 other coun- international corporations to the streets of New tries have co-ordinated efforts to investigate the attacks, Arrests had been made in York City.”

June 2013 ARABIAN COMPUTER NEWS

5


/START

EMC unveils softwaredefined storage platform EMC ViPR is world’s first software-defined storage platform, will manage both control and data plane

Amitabh Srivastava (l) at the EMC World launch of ViPR.

tomers to use only the control plane to manage the underlying intelligence of the storage arrays through policybased automation. ViPR also offers the ability to view objects as files and provides file access performance without the latency inherent to object storage; and allows for a software-based implementation, that will run on commodity hardware from a range of vendors. Amitabh Srivastava, president, Advanced Software Division, EMC said: “Building the web-scale data centre is critical for service providers and large enterprises. The rise of the softwaredefined data centre is a groundbreaking step toward delivering the management and performance capabilities needed to protect and leverage data. Only by separating the data centre from its underlying hardware can IT truly deliver resources as customizable, on-demand services. As the only solution on the market today, ViPR is able to support IT services in a heterogeneous storage environment while retaining and extending the value of underlying arrays. This is a game-changer for storage.” Vernon Turner, Senior Vice President, Infrastructure Research Group, IDC commented: “With the unveiling of ViPR, EMC is sending a clear message that the combination of arrays with a powerful software layer is unbeatable in terms of speed and simplicity. Customers want to extract more value from their storage investments while scaling back on management, and ViPR meets these needs while embracing open architecture and catering to all arrays.”

Who pays for BYOD? Forrester research surveyed just under 10,000 information workers worldwide to find out what mobile devices they use, who chose them, and who paid for them.

1 2 3

Laptop Used by: 63% Of which… Chose their own: 66% Paid for their own: 23% Average cost: $861 Smartphone Used by: 48% Of which… Chose their own: 83% Paid for their own: 43% Average cost: $420 Tablet Used by: 21% Of which… Chose their own: 80% Paid for their own: 47% Average cost: $526

June 2013 ARABIAN COMPUTER NEWS

Source: Forrester Research Inc

EMC has unveiled what it describes as the world’s first software-defined storage platform, called EMC ViPR. ViPR is intended to help organisations to manage storage infrastructure and data reaching multiple petabyte volumes. The technology will allow companies to automate storage processes, and build modern storage architecture that will be suitable for future application deployments, without requiring a large amount of technical resources to build or operate. The company says that ViPR is unique in that it manages both the storage infrastructure — the control plane — and the stored data — the data plane. The control plane can be decoupled from the data plane, allowing the use of both together — or enabling cus-

INFRASTRUCTURE

7


/START

CIO Council holds first meeting CIOAC of the Bahrain Technology & Business Society The Chief Information Officers Advisory Council (CIOAC) of the Technology & Business Society (TBS) of Bahrain has held its inaugural meeting. The CIOAC, which has been set up as an advisory council comprised of IT executives representing various sectors in the Kingdom of Bahrain, held its first meeting to discuss developments in the industry, and to exchange, The first CIOAC meeting focused on skills, experience and technical advice, best practice mindset needed by successful CIOs and other industry issues. and strategies to meet challenges facing the sector. technical advice related to IT legislation, which The TBS Board has appointed Mishal Al- has become an integral part of legal and conHellow as General Coordinator of the Advisory stitutional legislations in developed countries. Council. Al-Hellow said that the board aims to The meeting was sponsored by HP and create an interactive environment to discuss Ernst & Young, who presented a study on the IT challenges of common interest to both the ‘DNA of the CIO’ focused on the skills, experipublic and private sectors, and to also provide ence and mindset needed by successful CIOs.

INDUSTRY

PRODUCT FOCUS

HP takes All-in-One mobile An industry first, HP’s OfficeJet 150 Mobile All-in-One, promises to deliver print, copy and scan on the go, in a compact, if still somewhat weighty form factor.

50-sheet feed tray

USB and Bluetooth 2.0 connectivity

Flip up 6cm touchscreen controls

Lithium Ion battery prints up to 500 pages

THE BIG PICTURE May 17 San Francisco, USA An attendee at the Google I/O developer conference wearing Google Glass augmented reality computer. Google Glass, a camera-equipped, wearable computer, is expected to get a consumer release next year, although it is raising questions among privacy campaigners. Image: Justin Sullivan/Getty Images

8

ARABIAN COMPUTER NEWS June 2013


/START

9


/START

Adobe halts packaged software development Graphics software vendor to shift to cloud-based subscription model Adobe Systems is discontinuing the boxed version of its flagship Creative Suite application set, and will only continue developing its cloud-based Creative Cloud applications. The announcement, which was made at the recently held Adobe MAX conference in the USA, will also see the company focus its software development efforts on its Creative Cloud offering going forward. The graphics software maker says while Adobe Creative Suite 6 products will continue to be supported and available for purchase, the company has no plans for future releases of packaged Creative Suite or other CS products. Adobe said that it is counting on channel partners to help end user organisations to move to the cloud. According to the vendor, focusing development on Creative Cloud will not only ac-

LICENSING

Wadhwani: Moving to cloud-based applications will enable Adobe to deliver enhancements more quickly.

celerate the rate at which Adobe can and new features and functions to its products, but also broaden the type of innovation the company can offer the creative community worldwide. “We launched Creative Cloud a year ago and it has been a runaway success,” said David Wadhwani, senior vice president and general manager, Digital Media at Adobe Systems. “By focusing our energy — and our talented engineers — on Creative Cloud, we’re able to put innovation in our members› hands at a much faster pace.” Wadhwani said: “Creative Cloud brings together everything you need to create your best work. We’re delivering incredible new versions of our desktop tools, services that take publishing content to the next level and we’re making it easier than ever for creatives to collaborate and share their work worldwide.”

Android dominates mobile OS market

10

ARABIAN COMPUTER NEWS June 2013

Market share Q1 2013 Android iOS Windows Phone BlackBerry Linux Symbian Others

75% 17.3% 3.2% 2.9% 1% 1.2% 0.1%

Q1 2012 152.7m units Q1 2013 216.2m units

Source: IDG Research Services

IDC’s Worldwide Quarterly Mobile Phone Tracker report for the first quarter of 2013 showed Android taking three quarters of the market. In the same quarter, Microsoft’s Windows Phone OS has slipped past BlackBerry to take third place. Samsung was once again the clear leader among all Android smartphone vendors, commanding 41.1% market share.


40 million computer users donâ&#x20AC;&#x2122;t trust the power grid.

But they do trust APC by Schneider Electric Back-UPS. Power protection and real energy savings For years youâ&#x20AC;&#x2122;ve relied on APC by Schneider Electric Back-UPS to protect your business from expensive downtime caused by power problems. Today, the reinvented Back-UPS does even more. Its highly efficient design noticeably reduces energy use, so you start saving money the minute you plug it in. Only APC by Schneider Electric BackUPS guarantees to keep your electronics up and your energy use down! â&#x201E;˘

â&#x201E;˘

Keep your electronics up and your energy use down! Back-UPS models are available with the features and runtime capacity that best suit your application, and many models have been designed with power-saving features to reduce costs.

Unique energy-efficient features

The High-performance Back-UPS Pro Series

Power-saving outlets automatically shut off power to unused devices when your computer and peripherals are turned off or on standby. Automatic voltage regulation (AVR) adjusts the undervoltages and overvoltages without using the battery. With our patent-pending AVR bypass, the transformer kicks in only when needed and automatically deactivates when power is stable. Plus, our highly efficient designs reduce power consumption when power is good and extend runtimes when the lights go out. Together, these power-saving features eliminate wasteful electricity drains, saving you about $40 â&#x20AC;&#x201C; $50 a year. And managing todayâ&#x20AC;&#x2122;s Back-UPS couldnâ&#x20AC;&#x2122;t be easier thanks to an integrated LCD that provides diagnostic information at your fingertips.

High-performance Back-UPS Pro units deliver cost-cutting, energy-efficient features. Power-saving outlets automatically shut off power to unused devices when your computer and peripherals are turned off or on standby, eliminating costly electricity drains. (BR700G shown above)

Trusted insurance for all your business needs

The best-value ES 550G

The award-winning Back-UPS provides reliable power protection for a range of applications: from desktops and notebook computers to wired and wireless networks to external storage. Itâ&#x20AC;&#x2122;s the trusted insurance you need to stay up and running and reliably protected from both unpredictable power and energy waste!

The ES 550 uses an ultra-efficient design that consumes less power during normal operation than any other battery backup in its class, saving you money on your electricity bill. s/UTLETSs7ATTS6! s-INUTES-AXIMUM2UNTIME s4ELEPHONE0ROTECTION

The energy-efficient ES 750G The ES 750G boasts out innovative power-saving outlets, eliminating wasteful electricity drains when equipment is not in use. s/UTLETSs7ATTS6! s-INUTES-AXIMUM2UNTIME s#OAXAND4ELEPHONE.ETWORK0ROTECTION

Discover the different types of UPS systems! Download APC whitepaper within the next 30 days for FREE and enter to WIN an iPhone 5! Visit www.apc.com/promo Key Code 34929p ©2013 Schneider Electric. All Rights Reserved. Schneider Electric, APC and Back-UPS are trademarks owned by Schneider Electric Industries SAS or its affiliated companies. All other trademarks are the property of their SFTQFDUJWFPXOFSTtXXXBQDDPNt@.&(#@$


/START

EMAIL EVOLVING

Email solutions are shifting to embrace social channels and enhanced functions

E

mail has become one of the primary means of communications for business, but analyst company IDC believes that the medium must evolve if it is to overcome some of the challenges that users are facing today. Issues such as the sheer volume of communications, spam, users being included on emails that don’t directly relate to them, multiple versions of files being created, and pressure to respond to emails instantly are all bogging down workers and cause administrative headaches, the company says. “In corporate circles, email has become an indispensable tool for many, but with the explosive growth in the volume of emails and use cases, there is a growing sense of frustration among beleaguered users and concern from executives that email is not meeting all of the needs for a diverse set of business use cases,” commented Michael Fauscette, lead of IDC’s Software Business Solutions Group. IDC believes that email

needs to become more integrated with social networking tools such as instant messaging and collaborative environments to improve its usefulness. Some advanced email solutions are already including features such as filtering to manage mail; granular notifications and controls; archiving and attachment de-duplication to manage document versions, but there are more features to add. Fauscette says that solutions will need to focus on convergence — enabling a wider toolset than just email, so that users have the best application for the activity to hand; and context — where the tools and communications are linked to the person’s role, such as smart applications that would recognise a conversation between project team members, and automatically serve up the project plan and related supporting documents. “The future of email is social, and the future of social business clearly includes email as a key part of its feature set,” Fauscette said.

Email evolves • • • • •

File attachments integrated for social sharing Standalone contact lists expanding to dynamic social profiles Email strings becoming managed conversations Extending to group and social calendars Integrated conversation environments with IM, online meetings, real-time collaboration, public social networks, RSS, content sharing, and even voice and video • Seamless transitions across multiple tools and devices • Integrated workflow and collaborative task execution • Better security and protection of corporate data

929m 2013

1.1bn 2017

Business email accounts worldwide

74%

of email is spam

897m 1.78bn 2013 2017 Mobile email users worldwide

12

ARABIAN COMPUTER NEWS June 2013


/START

48%

3.19bn 4.86bn 2013 2017

digital information will grow 48% in 2012 to approximately 2.7 zettabytes

Social networking accounts worldwide Issues with email today • • • • • • • •

Managing volume of email Mixing personal and business mail Impact of ‘always on’ for workers Spam and other nuisances File sharing via email complicates document management Length and complexity of email Different expectations of response times Over-communicating with people who don’t need to be included on email threads

3.9bn 4.9bn 2013 2017 Email accounts worldwide Social software benefits

total email users worldwide by 2014

easy to use foster better internal and external relationships makes user more knowledgeable more productive easier to collect feedback and information real time faster decision making customers/employees insist on it

June 2013 ARABIAN COMPUTER NEWS

Source: IDC, Radicati, Trustwave

2.4billion

• • • • • • • •

13


/START

Saudi govt sites hit in co-ordinated attack Websites disrupted by co-ordinated DDoS attacks by ‘Saudi Anonymous’ group

SECURITY WATCH

Industrial espionage on the rise in 2012, targeted attacks up The volume of targeted attacks against large enterprises doubled from 2011 to 2012, according to Symantec, as hackers increasingly look to steal corporate secrets for profit. The security company said 50% of targeted attacks were against large organisations with 2,500 employees or more. Attackers are focusing their efforts on targeting those R&D roles, followed by sales personnel, to extract valuable corporate data.

TARGETED ATTACKS PER DAY IN 2012 250 200 Websites of several government entities, along with telecom Mobily, were targeted in the attacks.

150 100

14

ARABIAN COMPUTER NEWS June 2013

briefly disrupted, although they were later restored. The interior ministry website crashed, but was back up within two hours. The method of attack was mainly by distributed denial of service (DDoS), where a Web server is overwhelmed by a coordinated request for resources from multiple points of origin, resulting in the effective disabling of the websites it hosts. In other attacks, the group — which claims to be affiliated to the broad cyber collective Anonymous — used a SQL injection, which directly attacks software vulnerabilities in order to dump a database to a remote source. The motive for the attacks is unclear, although some sources linked them to reports that Mobily had approached a US hacker to help the operator to monitor its customer communications.

50

JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC

116

Targeted attack global average per day

TOP 10 INDUSTRY SECTORS ATTACKED IN 2012 Manufacturing: 24% Finance, insurance & real estate: 19% Services non-traditional: 17% Government: 12% Energy/Utilities: 10% Pro services: 8% Aerospace: 2% Retail: 2% Wholesale: 2% Transportation: 1%

Source: Symantec

A number of Saudi SECURITY government and company websites were targeted with cyber attacks in mid-May, in a concerted campaign, which was claimed by a group calling itself ‘Saudi Anonymous’. Government sites including the Saudi Ministry of Finance, General Intelligence Presidency, the Ministry of Foreign Affairs, the Directorate General of Passports, and provincial sites such as those for Mecca and Jeddah were apparently targeted, as was telecom company Mobily. The Saudi Interior Ministry confirmed to the Saudi state news agency that it was investigating the attacks, describing them as co-ordinated and simultaneous, and originating from hundreds of Internet protocol addresses in a number of countries. Many of the targeted sites were


+3UHFRPPHQGV:LQGRZV

7RXFKKDVFRPHWRWKH3& ([WHQG\RXUUHDFK 7KHIDPLO\RIWRXFKHQDEOHG3&VIURP+3ZLWK+33OD\ 0DGHIRU:LQGRZV 7RXFKLVWKHPRVWLQWXLWLYHZD\WRZRUN:KLFKLVZK\+3KDV FUHDWHGDIDPLO\RIWRXFKHQDEOHG3&VWKDWOHW\RXJHW FORVHUWRWKHWKLQJVWKDWPDWWHUWR\RXWKHXOWUDWKLQ+3 (19<7RXFKVPDUWZLWK%HDWV$XGLRvWKHVOHHN+3(19< 7RXFK6PDUWSRZHUHGE\WKH,QWHOÂ&#x2030;&RUHvLSURFHVVRUDQGWKH UHYROXWLRQDU\+3(19<[WKDWoVDOOQRWHERRNDQGDOOWDEOHW DOOLQRQH $QGZLWK+33OD\HQMR\XQOLPLWHGPXVLFVWUHDPLQJDQGIUHHGRZQORDGV ([WHQG\RXUUHDFKsLWPDWWHUVKSSOD\FRP

1RWDOOIHDWXUHVDUHDYDLODEOHLQDOOHGLWLRQVRI:LQGRZV6\VWHPVPD\UHTXLUHXSJUDGHGDQGRUVHSDUDWHO\SXUFKDVHGKDUGZDUHGULYHUVDQGRUVRIWZDUHWRWDNHIXOODGYDQWDJHRI:LQGRZVIXQFWLRQDOLW\6HH ZDUHGULYHUVDQGRUUV UVRIW RIW RI IWZDU ZDU DUHW DU H WR RWWDNHIXOODGYDQWDJHRI:LQGRZV V IXQF QFWLR W RQDO Q LW\\6HH HH KWWSZZZPLFURVRIWFRPÂ&#x201E;+HZOHWW3DFNDUG'HYHORSPHQW&RPSDQ\/3,QWHOWKH,QWHOORJR,QWHO,QVLGH,QWHO&RUHDQG&RUH,QVLGHDUHWUDGHPDUNVRI,QWHO&RUSRUDWLRQLQWKH86DQGRURWKHUFRXQWULHV DQG&RUH,QVLGHDUHWUDGHHPDU PDUNV NVRI NV V RI R ,Q ,QW QWWHO&RUSRUDWLRQLQWKH W 86DQG GR RU RURW U RWK KHUFRXQWULH LHHV $OORWKHUWUDGHPDUNVDUHWKHSURSHUW\RIWKHLUUHVSHFWLYHRZQHUV


/START

PROJECTS

Arabian Computer News brings you a regional roundup of recently announced and ongoing enterprise IT projects

1 / SAUDI ARABIA

Voice recognition for medical note taking Saudi Arabia’s King Fahd University Hospital is to implement a Nuance voice recognition system which will allow health workers to enter medical notes through voice-based input. All 550-plus clinicians will use the Nuance Healthcare Dragon Medical 360 | Network Edition speech recognition solution as part of a drive to link all aspects of hospital IT with their electronic medical records (EMR) platform. It is the firs such deployment in the region. The solution will be integrated with the Hospital’s clinical and administrative systems to support patient care.

2 / LEBANON

3 / SAUDI ARABIA

4 / UAE

El Ajouz travel agency extends deal with Sabre

SSS integrates e-payment system for Saudi’s RCJY

REDTAG managing staff with Ramco HCM

El Ajouz Travel, the leading travel agency in Lebanon, has signed a three-year extension to its existing deal with Sabre Travel Network Middle East (Sabre). The travel agency will continue to exclusively use Sabre technology for all its reservation needs. The company also has special access to the Sabre Red Workspace booking system, which provides agents with faster start up times, high performance even in low-bandwidth areas and quick and easy access to lowfare content, for increased productivity.

The Royal Commission for Jubail and Yanbu (RCJY), responsible for industrial cities in the Kingdom, has completed the first stage of integrating the C4-Sadad e-payment system. Saudi based Secure Services Systems (SSS), is conducting the project, which will enable the Commission to automate the process of billing while enabling the users of its services to enquire about their financial liabilities and directly settle their monthly bills via the highly confidential and secure e-system.

Fashion and home retailer REDTAG Group has signed Ramco to provide a cloud-based Human Capital Management (HCM), system, to manage its workforce and payroll across six countries in the Gulf. The HCM solution includes including workforce management, attendance management, payroll and benefits, staffing, employee development, planning and self services. The retailer said that the new solution will help in generating real-time reports.

16

ARABIAN COMPUTER NEWS June 2013


/START

5 / BAHRAIN

6 / BAHRAIN

University of Bahrain upgrades IT infrastructure

Bahrain utility deploys bespoke SAP solutions

DEPLOYMENT

A regional enterprise project at a glance

The University of Bahrain has upgraded its IT infrastructure with the IBM PureFlex System. The deployment, the first of its kind in the education sector in the GCC, was carried out by Gulf Business Machines. The PureFlex System combines compute, storage, networking, virtualisation and management into a single infrastructure system. University of Bahrain will benefit from a simplified IT infrastructure as well as enhanced integrated storage and networking features.

The Kingdom of Bahrain Electricity and Water Authority (EWA) has announced a major new deployment of SAP solutions to automate key processes. The project, which will be the largest of its kind in Bahrain, will include the roll out of industry-specific SAP solutions to cover processes including customer relationship management, billing, metering and network asset management. EWA says that the project will improve customer service, performance and efficiency.

7 / UAE

8 / UAE

Emirates selects IFS to control engine overhaul

Mashreq Bank replaces legacy core banking

Emirates Airlines will deploy IFS applications to manage its new engine maintenance facility. The IFS Applications 8 solution will support all business processes including maintenance, repair and overhaul (MRO), and corporate performance management (CPM). The Emirates facility serves as Emirates’ in-house engine overhaul facility, and will service up to 300 engines per year. The solution includes IFS’s Complex Assembly MRO feature, which is already in use by Finnair and Alitalia.

Mashreq Bank has deployed Oracle’s Flexcube banking solutions to replace legacy solutions. The bank has rolled out Oracle Flexcube Universal Banking and Direct Banking for Qatar, the UAE, Kuwait and Bahrain, as a replacement for 40 separate legacy systems that it said were limiting operations. The bank now has a centralised scalable banking platform with a 360 degree view of all customer relationships. This has enabled the bank to tailor pricing of products and services.

User: Saudi Arabia’s Ministry of Health Project: Cloud-based data solution for infectious disease management The product: IBM SmartCloud The objective: Collect, share and analyze health information critical in managing public health outbreaks What they said: Ziad Memish, Deputy Minister for Public Health: “IBM’s innovative cloud-based healthcare technology serves as the foundation of the Ministry’s e-health scheme and infectious disease control program. It will help us improve public health in the Kingdom by keeping people healthier, enhancing vaccination coverage, identifying health issues and taking preventive measures to combat infectious diseases.”

June 2013 ARABIAN COMPUTER NEWS

17


Secure Access to Cloud, Data and Door

Authentication Beyond Passwords With the ever increasing risk from advanced IT security threats, organisations are looking to take authentication beyond passwords, while lowering cost at the same time. HID Global’s authentication solution provides you with the convenience, flexibility and comprehensive control you need to deliver secure access, without compromising on security. HID Global can empower your employee’s, partners and customers with anytime, anywhere access to enterprise cloud applications, data and the door. Experience authentication beyond passwords. hidglobal.com


/START

Major update on the way for Windows 8 Windows 8.1 update to bring ‘substantial’ changes to the operating system

A significant update to Windows, previously codenamed ‘Blue’, will be available in the fourth quarter of this year, Microsoft has announced. The Windows 8.1 update, which will be made available for free as update on the Windows Store, will represent “more substantial” changes than what is currently delivered in regular updates to the operating system. Tami Reller, chief marketing officer and chief financial officer of Microsoft’s Windows Business told a JP Morgan-sponsored tech conference in Boston, Massachusetts that it would be “easy to get from the Windows start screen”, which may be a reference to the reintroduction of the much-missed Windows Start button.

OPERATING SYSTEMS

Windows 8 to get makeover after just one year. Image: FRED DUFOUR/AFP/Getty Images

Reller also admitted in an interview with the Financial Times that the Windows 8 “learning curve is definitely real” and that the company “could and should have done more” to prepare both retailers and customers for the new operating system. A preview version of 8.1 is expected to be available in time for Microsoft’s Build developers’ conference, which is taking place on 26th June in San Francisco. Microsoft came under sustained criticism by industry analysts and users for its drastic departure from a familiar interface. Public responses from the Redmond-based software giant did nothing to quell the distaste for the new OS, which attempted to bridge the gap between traditional computing and the emerging tablet segment.

June 2013 ARABIAN COMPUTER NEWS

19


/START

QUOTE OF THE MONTH “You need to have a vision. You need to have a point of view. And you need to consistently deliver on that. You’re also consistently listening, learning, and becoming smarter.” TAMI RELLER, CMO AND CFO OF MICROSOFT’S WINDOWS DIVISION DESCRIBES HOW THE DIVISION HAS A “PRINCIPLED BUT NOT STUBBORN” APPROACH, AND WILL THEREFORE BE MAKING CHANGES TO THE OS WITH WINDOWS 8.1 UPDATE, TO MAKE IT EASIER TO USE

KPIs

IBM predicting strong second half, facing new corruption probe 208 204 200 196 APR 29

MAY 6

MAY 13

MAY 20

International Business Machines TICKER: IBM GLOBAL NEWS: IBM’s CFO has said that the company expects better performance in the second half of 2013 compared to this half. Mark Loughridge said that earnings for Q2 would grow by around 8% year-on-year, but double-digit growth is predicted for the second half. The company also disclosed in May that is under investigation by the US Department of Justice

20

(DOJ) for offences covered by the Foreign Corrupt Practices Act. IBM has brought its Watson artificial intelligence into the commercial space, with the launch of the IBM Watson Engagement Advisor, for use in customer service, marketing and sales. LOCAL NEWS: IBM’s Public Health Solution for Disease Management has been deployed by the Saudi Ministry of Health.

ARABIAN COMPUTER NEWS June 2013

UAE still not convinced of cloud security Frost & Sullivan survey shows companies still think data is safer in-house

IT decision makers in the UAE are still not convinced of the security of cloud services, according to a study by Frost & Sullivan. The ‘State of Cloud Computing Security in the UAE’ study found that 40% of IT managers believe that corporate data is more secure when hosted in internal data centres, rather than in the cloud, while only 17% felt that cloud was more secure. The study of SMBs and enterprises with 500-plus users found that the majority of companies (55%) have not adopted cloud solutions yet. Of the cloud adopters, 41.4% have private cloud deployments, 37.9% are using public clouds and 20.7% hybrids. The risk of data being stolen from cloud providers through identity theft or password cracking was cited as the main concern for companies who have not adopted the cloud, although those companies that had adopted cloud were far more concerned about the threat from malicious insiders. Other concerns included weak network security, shared technology vulnerabilities and data hijacking or interception. Marius Miginis, research analyst, ICT Practice, MENA Frost & Sullivan said that cloud providers in the UAE need to prove they are able to offer secure solutions: “The key restraint is security — there is a

SERVICES

UAE-wide opinion among IT managers that cloud services are less secure than managing data in-house. Therefore cloud security providers need to demonstrate their security solutions, which should include physical access to the facility, as well as protection of customer data be it at rest or in transit, and protection from either corruption of data or cyber attacks.” The awareness of cloud risks, and best practice to manage it, was varied among respondents, Miginis added. While 40% of respondents said they would do security assessment of a provider before taking up cloud vendor, and half felt it was important to educate cloud end users on security, the majority would have cloud security managed by the internal IT team, despite being aware of lack of in-house skills or expertise on the subject.


eHosting DataFort is the perfect complement to your existing IT department. Our experts are available to keep your IT systems running smoothly 24/7. Our Managed Operations can take care of all your requirements, giving you peace-of-mind to focus on your core business. • Own and operate multiple state-of-of-the-art Data Centers with 24/7 operations and management • High end credit-based Service Level Agreements to guarantee quality of service • 12 years experience with clients in Finance and Banking, Government, Electronics, Aviation, Retail, Real Estate, Entertainment and Media • Adherence to International Standards with ISO9001, ISO20000, ISO270001, ISO14001, ISO18000, BS25999 and ITIL Certifications • Awarded Best Managed Service Provider of the Year (2008 - 2011 & 2013) and Best Co-location Facility Middle East (2010 - 2011)

Our portfolio of services includes: • Managed Co-location • Managed IT Services (Leased Dedicated Servers, Managed Security, Managed Backup, Managed Storage, Managed Databases, Managed Exchange, IT Administration) • Disaster Recovery and Business Continuity • Cloud Infrastructure Services (Private Cloud, Public Cloud)


/ANALYSIS

Gulf companies not controlling BYOD Business use of personal mobile devices is common in the Gulf, but most companies are not properly managing access to corporate networks and data, says Hani Nofal, head of GBM’s Intelligent Network Solutions division

W

hile there is high penetration of mobile devices in the Gulf region, too many organisations are not controlling what employees are doing with their mobile devices, and are focusing just on connectivity and wireless, according to Hani Nofal, executive director, Gulf & Pakistan, Intelligent Network Solutions, GBM. Nofal said that a recent survey conducted by GBM, of 900 small and large organisations in the Gulf region, showed that many companies lacked basic security components, and had no clear strategy to manage mobile devices and the bring your own device trend. The survey showed 70% of respondents had three or more mobile or connected devices “What is more interesting is that 62% of those organisations said that they allow their employees to connect to enterprise networks with those devices,” he said. “Our view on this is that the technology is there, to allow you to connect your personal device, that is not really the issue. The concern really is the security aspect of this activity. Very few of the 62% have really invested in secure infrastructure, and the basic elements that would allow them to understand who is connected to what resource, who is allowed to access what application, how you can track it, set up basic access lists and so on.” The BYOD trend has taken hold in regional organisations, but Intelligent Network Solutions (INS), the networking arm of GBM, is seeing a worrying lack of awareness of policies and no focus on data, leaving corporate data and networks exposed. Nofal said that to some extent, vendors are to blame for confusing the end users by promoting a variety of different approaches to mobile device management.

22

ARABIAN COMPUTER NEWS June 2013

Nofal: Organisations are not focusing on BYOD policies and data, but connectivity.


/ANALYSIS

Nofal: It is not the connectivity, it is the end-to-end process, from defining the policies, defining responsibilities, access controls, that will allow companies to implement and monitor BYOD.

“In any new initiative, everyone has their own approach. If you talk to some vendors, they will tell you it is about how you implement your wireless network, so people think it is all about having a wireless network and enabling a couple of features in it. It is not the connectivity, it is the end-to-end process, from defining the policies, defining responsibilities, access controls, that will allow you to implement and monitor such a technology,” he commented. In conversations with customers, INS has been highlighting the need to drive awareness of the need for policies as the starting point for a BYOD strategy. “There is still a lot of education required in our region for organisations to be able to define the basic elements that they need to implement, before they can claim that they have BYOD capabilities,” he added. INS is aiming to bring a holistic approach to its customers, to help them better under-

“THERE IS STILL A LOT OF EDUCATION REQUIRED IFOR ORGANISATIONS TO BE ABLE TO DEFINE THE BASIC ELEMENTS THAT THEY NEED TO IMPLEMENT, BEFORE THEY CAN CLAIM TO HAVE BYOD CAPABILITIES.”

stand the situation. The company has consolidated its network offerings, including solutions and services, into a single proposition, called the GBM Security Framework. “Over the last 23 years, with our experience and customer base, we have built a lot of experience around security, across the multiple lines of business that we have,” Nofal explained. “What we have decided is to try and break the silos, and bring all of these lines of business together, to form a unique end-toend security story.” The GBM Security Framework includes all levels of security that a company needs to consider, including consulting for governance, risk and compliance requirements; security and compliance analytics and reporting capabilities, so that companies are able to actually track and monitor the security landscape; and the underlying operational security domains, to deliver solutions to address people, data, applications and infrastructure. The framework pulls together solutions from across GBM’s vendor portfolio and its services and consulting capabilities. The company sees growing awareness of security issues, driven in part by high profile attacks on regional entities, but this is mainly at government level so far, he said. In part, investing in security can still be a difficult business case for an IT manager to build, because the return on investment is intangible. Regional organisations are also often failing to conduct regular security assessments. Nofal said that the security framework is intended to address these shortcomings, and to help end user organisations to adopt best practices as part of adopting BYOD. “Our reference is always the framework, we try and start with the assessment and advice, to see what the customer has, any gaps they might have, and then take them through the process of building the BYOD capabilities. If you don’t spend time to understand where the gaps are in your infrastructure, then we aren’t ready to talk about BYOD,” he said.

June 2013 ARABIAN COMPUTER NEWS

23


/ANALYSIS

Protecting enterprise web applications Next-generation operating system for Fortinet web application firewall solutions developed to help inprotect web applications from growing complexity of malicious application layer attacks

P

rotecting against application layer threats is a growing task for web security professionals. With the vulnerabilities and exploits constantly shifting, keeping defences current is hard work. Despite the efforts of organisations such as the Open Web Applications Security Project (OWASP), which tracks threats, risks such as SQL injection attacks, broken authentication and session management, and security misconfiguration all add to the loads of security professionals. Enterprises now however, have an additional layer of protection against web application threats, with the launch of the next-generation operating system (OS) for its FortiWeb Web Application Firewalls (WAF) product family. According to Bashar Bashaireh, regional director at Fortinet Middle East, the new OS will provide important security advancements to protect against increasingly malicious application layer attacks. The new FortiWeb 5 OS, which is backward compatible with the entire FortiWeb family, features critical security advancements that include the ability to accurately identify the origin of Web application traffic to proactively distinguish between legitimate and malicious sources. Bashaireh explained that the FortiWeb solutions provides the ability to distinguish between legitimate known search engine requests, scanners, crawlers and other threshold based tools. This expands the bot identification and analysis coverage recently introduced with the FortiGuard IP Reputation service, which monitors IPs that are compromised or behaving abnormally. In conjunction with the FortiWeb 5 rollout, Fortinet is also introducing three new Web application firewall appliances: the

24

ARABIAN COMPUTER NEWS June 2013

FortiWeb-3000D, FortiWeb-3000DFsx and FortiWeb-4000D, which are designed for large enterprises, service providers and large data centres that require high performance Web application security. The FortiWeb3000D and FortiWeb-3000DFsx support up to 1.5 Gbps of throughput while the FortiWeb-4000D supports up 4 Gbps. The new

“NOT ONLY ARE WE INTRODUCING MORE INTELLIGENT PROTECTION AGAINST THE OWASP TOP 10 THREATS, WE’RE AS WELL DELIVERING NEW APPLIANCES THAT LEVERAGE AN APPLICATION-AWARE LOAD BALANCING ENGINE TO DISTRIBUTE TRAFFIC AND ROUTE CONTENT ACROSS MULTIPLE WEB SERVERS.”

appliances are 50 to 100 percent faster than their predecessors and provide robust protection against the Open Web Application Security Project (OWASP) Top 10 risks and aid in PCI DSS 6.6 compliance.

ADDRESSING WEB APPLICATION PAIN POINTS “Because today’s Web applications are being accessed and/or targeted by automated scripting tools, scans, search engines and unknown or malicious sources, security administrators need to quickly and easily identify those sources and traffic types,” Bashaireh said. “This is critical to distinguish good and bad traffic types and sources. FortiWeb technology now provides a graphical dashboard to easily spot and track bot traffic trends. “Moreover, the need to protect against application layer DoS attacks is increasingly important given the precipitous rise in attacks on application resources. This is in stark contrast to hackers’ previous focus on disrupting network bandwidth. FortiWeb 5 expands the previously released challenge response mechanism that distinguishes legitimate Web application requests from automated DoS tools to support in multiple different policies, providing better flexibility and granularity,” he added. As data centres continue their ongoing transition from IPv4 to IPv6, the need to provide bi-directional support between the two communications protocols is essential to maintaining optimal security. FortiWeb 5.0 fully supports IPv4-to-IPv6 and IPv6-toIPv4 communications. What makes the FortiWeb product family unique is its ability to combine broad Web application protection with Layer 7 load balancing and a built-in vulnerability scanner in a simple-to-manage system that does not require add-on licenses for each system component.


/ANALYSIS

Automated malicious scanning and attacks means that security administrators need to react quickly to threats, says Bashaireh.

FORTIWEB 5 DELIVERS NEW CAPABILITIES THAT INCLUDE: Search Engine Identification: With up to 30% of Web application traffic requests coming from known search engines such as Google, Bing, Yahoo and others, coupled with a proliferation of automated attacks, botnets, zombies and orchestrated DDoS attacks, the need to correctly identify sources and their inten-

tion is vital. FortiWeb 5 provides this capability so organizations can protect and optimize their Web applications accordingly. This feature also ties into the software’s new bot control identification layer, which proactively identifies whether in-bound traffic is coming from legitimate search engines or botnets, anonymous proxies, malicious sources or large scale automated attacks

Bot Dashboard: As a complement to the bot control layer, the new bot dashboard provides security administrators an immediate visual snapshot of traffic hitting their Web applications so they can quickly ascertain whether bots crawling apps are known search engines or malicious scanners. Real Browser Enforcement: As an enhancement to its application layer DoS protection, FortiWeb 5 enhances its Real Browser Enforcement challenge response action to better validate requests, ascertain the legitimacy of users and weed out automated DoS tools. “Network security continues to be one of the most pressing concerns in the Middle East. The introduction of FortiWeb 5 and our new high end Web application firewalls helps cater for the needs of the most demanding enterprises and service providers in the region,” said Bashaireh. “As enterprises constantly review their security strategies and add new layers of defence, not only are we introducing more intelligent protection against the OWASP Top 10 threats, we’re as well delivering new appliances that leverage an application-aware load balancing engine to distribute traffic and route content across multiple Web servers. The FortiWeb product line combines the best of both worlds — the industry’s most advanced Web application security with optimal performance.” The company has also been increasing its investment in skills and services in the region, including an Authorised Training Centres (ATCs) program, to deliver training to Fortinet’s partner community. “We plan as well to increase our technical and professional services resources in the region providing better pre-sales and post sales support to our partners and end-users. To provide further flexibility and cost effectiveness, we’ll start offering remote professional services to projects that require such kind of resources,” Bashaireh added.

June 2013 ARABIAN COMPUTER NEWS

25


/ACN ENTERPRISE COMPUTING SUMMIT

KNOWLEDGE SHAR

CIOS AND IT MANAGERS FROM AROUND THE REGION GATHERED AT TICE, OPPORTUNITIES AND THE BIG ISSUES FACING THE INFORMA 26

ARABIAN COMPUTER NEWS June 2013


/ACN ENTERPRISE COMPUTING SUMMIT

ING EMPOWERS IT THE ACN ENTERPRISE COMPUTING SUMMIT TO DISCUSS BEST PRACTION TECHNOLOGY SECTOR TODAY BY MARK SUTTON June 2013 ARABIAN COMPUTER NEWS

27


/ACN ENTERPRISE COMPUTING SUMMIT

Prasoon: Analytics is impacting on IT in almost every vertical sector, with a wide range of approaches to implementation.

eaders in the region’s IT sector gathered to discuss the issues facing the Middle East IT sector, at the third ACN Enterprise Computing Summit 2013. The event, which took place at the Jumeirah Beach Hotel, Dubai, at the end of April, brought together around one hundred CIOs, senior IT directors, and industry stakeholders, to discuss some of the key topics in the industry today, including delivering ROI, outsourcing, security, cloud computing, and analytics, along with presentations addressing the new technologies and the achievements of enterprise IT leaders.

TURNING VENDOR HYPE INTO ROI The first panel discussion of the ACN Enterprise Computing Summit focused on the topic of ‘Translating the hype into practical benefits and tangible ROI’. The panel, which was moderated by Munir Majdalawieh, Enterprise Computing coordinator at the College of Technological Innovation, Zayed University and which included, Vaibhav Bhatt, infrastructure service manager, DHL Express, Arun Tewary, vice president, IT & CIO, Emirates Flight Catering, and Ian Cook, VP CIO & head Of Operations, Oman Insurance Company, said that assessing and realising the practical benefits of new technologies is becoming increasingly complex, due to the speed of change, industry hype, and misconceived demand from internal business partners.

28

ARABIAN COMPUTER NEWS June 2013

Jamal-Eddine presented a case study on how ADPC deployed core Oracle applications on VMware.

O’Connell: There is growing maturity in creating contracts to manage outsourcing agreements in the region.

Tewary said that trying to keep up with technology trends is like looking through a kaleidoscope: “by the time you focus on one, something else comes along. It is very difficult in IT to really take note of the emerging technologies.” Cook said that companies need to focus above all on the business benefit of any new technology: “If a technology can reduce the cost per employee of providing a given service, like a desktop, then it is obviously something we should consider. If a technology can increase intimacy and cross-selling with my customers and then it is worth considering - those fundamentals have never changed. “Big data for me is not only a hype, it is extremely misleading; the cloud in many ways, you could argue that the mainframe was cloud,” he added. “As an industry we get caught up in these hypes. Cloud has been promoted now for the best part of eight years, and still there is very little uptake.” Bhatt added that the IT organisation needs to approach new technologies hand-in-hand with the rest of the business: “Whenever there is a new technology, we partner with the business and look at the business needs. Based on that we go out to the market and see whose technology best suits us, we give the business the opportunity to speak, and give their own inputs.” While the industry can very often be vendor-led, with the solution provider pushing updates to the user whether they want them or not, Tewary noted, it is still important for the CIO to be prepared to think of future steps. His organisation is now looking at how processes can be automated, to build on existing systems, while continuing to grow and improve efficiency. “You keep the core systems on, you keep looking at new versions


/ACN ENTERPRISE COMPUTING SUMMIT

BYOD is not just driving tablets and phones, but usage of mobile storage solutions for business as well, said Wani.

Rathi: Companies need to retain some IT capabilities in-house, and not outsource the entire function to a third party.

Majdalawieh: The most important thing is not the technology, it is how the business can benefit from these technologies.

and upgrades, but after a certain period of time you do need to start looking at the new technologies. What we have done last year, is that after five or six years of having our enterprise applications, they are stable, they cater to our core business requirements and major business processes, but the business volume is growing.” The panel also said that the consumerisation of IT, and its penetration into everyday life, meant that non-IT stakeholders are increasingly asking for new technologies without necessarily understanding the technology or if it will bring any benefits. CIOs need to stick to the fundamentals of analysing the benefits and pitfalls of any projects, and communicating those to the stakeholders. Proving the real ROI on any project was also difficult, and could sometimes be difficult to calculate. Cook also pointed out the need for business units to take ownership and responsibility for projects. Too often a business unit would request new technology, he said, but would not scope out a proper business case for the solution. Business units would also request a project, and then not take responsibility for it terms of successful completion and its future impact on operational costs and demands. “We insist on stakeholder ownership for an outcome. Business readiness, and the outcome that is expected from a project has to be owned within the business community. It is my job to recommend and execute; but above all, we have to define what success looks like.” The panel also stressed the need to get board-level support for IT projects, Bhatt said: “It becomes challenging to convince the peers, but once you put it across in layman’s terms — because they don’t understand IT — what is the risk, what is the benefits, and how the customers will benefit, based on that, we see that we get ap-

proval very quickly from the management. Once we have their buy in, it is straightforward.”

BALANCING INSOURCING VS OUTSOURCING The second round table panel of the day focused on the subject of outsourcing, and how companies should strike a balance between keeping functions inhouse and outsourcing. The panel was moderated by Simon Withers, partner — IT advisory, KMPG; with participation from Roger Tabbal, Cluster Director of Information Technology, Movenpick Hotel; Anamitara Roy, CIO, IFFCO; Rodel Pabico, Lead ICT Officer, Dubai School of Government; Nick O’Connell, Senior Associate, Al Tamimi & Company and Ajay Rathi, Head of IT at Meraas Holding. The panel members had a range of experience of outsourcing within their organisations, including functions such as LAN and hardware support, email, mobile applications, website, application development, data centre and others. While many organisations initially look at outsourcing to save costs, Roy said that the benefits are generally wider than that: “Cost is one of the first reasons people want to outsource, later on they realise there are far greater benefits of doing it,” he said. “Internally you can never keep pace with speed at which technology is changing; you have to take the advantage of [outsourcing]. “A difficult thing in this part of the world is to retain talent, especially in areas where there is a very high demand for skill, in a very niche area, and to be able to scale up and down quickly to meet demand, is very difficult. That is where you need to have somebody who has the back-end strength to meet your requirements and you

June 2013 ARABIAN COMPUTER NEWS

29


/ACN ENTERPRISE COMPUTING SUMMIT

don’t have to pay for a full time resource,” he added. The panel agreed that it should be careful process of deciding what could and could not be outsourced, and that in general core competencies should not be outsourced. “You need to look what can bring value to your business with effecting the customers,” Tabbal said. “You need to balance, you need to calculate the risk, and you definitely cannot take a risk with your main business competencies.” Any agreement should balance the skills of the outsourcing company versus the skills of the customer organisation, and understanding which is more applicable to the requirements of the function, Pabico said: You must learn to put yourself in the middle — what do you have, and what do they offer? In terms of capacity, you have to check if you have the necessary skills for the project and the deadline for your objective.” Companies should not try to outsource the entire IT department, Rathi explained: “You can’t outsource the whole department, you have to understand that there are requirements from departments that will keep on coming; you need to have a business analyst there, you need to have a CTO or someone who understands technology.” Changing the organisational focus to a mostly outsourced IT function would also change the nature of the skills that were required in the department, in general with a greater focus on the managerial skills to oversee contracts and relationships. “In my experience of helping companies to outsource, the biggest mistake that people often make is to try and take an inhouse IT team and reshape them into somebody who can successfully manage vendors. The skill set is completely different for a wholesale outsource model,” Withers commented. Another aspect to consider in outsourcing and staffing, Roy pointed out, was that outsourced staff would not behave like inhouse resources. While an inhouse employee could be called upon 24-7, outsourced personnel would by the contract or the service levels, and both the IT manager, and other managers in the organisation have to realise the implications of this in terms of responsiveness. The contract should be the basis of any outsourcing agreement, although O’Connell warned that the legal sector is still developing here : “What I have noticed is clients are becoming more sophisticated, very quickly. It wasn’t that long ago that we would get documentation from very large reputable organisations, it would be an agreement they had signed with a service provider, and it was just shocking. It may have locked them into a ten year contract for obsolete technology.” Contracts should not just be left to lawyers, O’Connell added,

30

ARABIAN COMPUTER NEWS June 2013

but the IT department should work closely with the legal advisor to ensure that the contract will accurately reflect the technical aspects of the services to be provided. Other important aspects of outsourcing contracts discussed included arbitration/remedy clauses that govern what happens if the service is not working as expected, exit clauses to enable the customer to get out of the agreement to avoid lock-in, and also that the contract reflects fair value for both parties. “I see a lot of vendors in this part of the world going into contracts where I think ‘I don’t see how you are going to make money out of this, without cutting corners somewhere along the line’. It looks to me as if all the flexibility is only going to be in one direction,” Withers said. Models such as revenue sharing, or ‘co-shoring’, or sharing the investment in resources, to ensure both parties are invested in successful execution have been developed and tried out in some organisations, but conflicts of interest can arise with the different parties working towards different objectives.


/ACN ENTERPRISE COMPUTING SUMMIT

Beyond hype: The panel discussed how to understand the real value of technology.

HOT TOPICS The ACN Enterprise Computing Summit included three breakout sessions on cloud computing, security, and analytics. The security roundtable was hosted by Bahaa Hudairi, senior security consultant, McAfee Middle East; Thameem Rizvon, CIO at KOJ Group, ran the cloud computing roundtable; and Kumar Prasoon, Group CIO at Safeer Group, facilitated the discussion on driving IT strategy through analytics discussions. Security During the security round table, Bahaa Hudairi highlighted recent high profile attacks on the region, and how many of these attacks because of a lack of integration between different security systems, and no correlation or reporting of security events. The region is increasingly in the crosshairs of cyber criminals, but very often attacks are not overly sophisticated in technology terms, but exploit weaknesses in business process or systems. The panel also touched on the vulnerability of end users, and the need for proper policies and education to create more robust security.

Withers added: “The contract is only the first step on a long journey with the vendor and it is important to get that right in the first place, but building the relationship with the vendor in order to get the most out of the partnership is what will really make or break it.” Pabico highlighted the need to manage the contract over time, to ensure that the service promised is delivered. “You have to have a professional relationship with the vendors or organisation that you are dealing with; we look at the quality of service, after sales, will they support you as efficiently as when they are getting the contract?” he said. The event was concluded with a presentation from Khalid Wani from Western Digital who addressed new capabilities for personal storage systems, and was then followed by a case study presentation on Abu Dhabi Ports Company completing its virtualisation programme. Systems Engineer Mohamed Jamal-Edinne shared his insight into the challenges the company faced with a major virtualisation project, at first for the region. (see ACN May 2013).

Analytics The round table discussion of IT strategy through analytics, facilitated by Kumar Prasoon, showed the growing importance of analytics to the industry. Easily the best attended session, the discussion also highlighted the range of organisations that are either currently using analytics in business processes, or are looking to harness data power. Panel members represented organisations from the healthcare, government, events management, media, real estate, hospitality, education, retail, finance and recruitment sectors, and the diversity of industries was mirrored in the wide range of uses of analytics, to drive corporate and IT strategies, and deliver greater insight to users, customers and partners. Cloud Computing The discussion focused on cloud computing, hosted by Thameem Rizvon, also drew participation from a wide range of end user organisations, along with service providers, with a differing level of uptake of different models of cloud computing and hosted services. The panel touched on issues of trust and security around cloud services, and the legal and governance implications of those issues. Rizvon also shared his organisation’s experience with cloud computing, particularly with Oracle software-as-a-service solutions and how the company is seeing some good potential from the technology.

June 2013 ARABIAN COMPUTER NEWS

31


Š 2013 Dell Products. Dell, the Dell logo and Latitude are registered or unregistered trademarks of Dell Inc. in the United States and other countries. Intel, the Intel logo, Intel Atom and Intel Atom Inside are trademarks of Intel Corporation in the U.S. and/or other countries. Dell disclaims proprietary interest in the marks and names of others. Copyright Š 2011 Dell Inc. All rights reserved. Dell Corporation Limited, Reg. No 02081369, Dell House, The Boulevard, Cain Road, Bracknell, Berkshire RG12 1LF.


DellDell recommends recommends Windows Windows 8. 8.

Looks Looks and and feels feels likelike a tablet. a tablet. Manageable Manageable and and secure secure likelike a PC. a PC. ™ WithWith the hardworking the hardworking Latitude Latitude 10,™ featuring 10, featuring an an ® ® ™ ™ Atom Atom processor, processor, youryour company company can can run run more more IntelIntel efficiently efficiently thanthan everever before. before. Thanks Thanks to the to Windows the Windows 8 8 operating operating system, system, you you can can manage manage it like it like you you would would any any Windows Windows device. device. It comes It comes withwith a full-size a full-size USBUSB port,port, a swappable a swappable battery battery and and an SD an memory SD memory cardcard slot,slot, and and has has an optional an optional docking docking station. station.

™ ™ SeeSee how how thethe DellDell Latitude Latitude 10 can 10 can benefit benefit your your business business at www.dell.ae/tablet at www.dell.ae/tablet


/COMMENT

Strengthen defences — Think like an Attacker By understanding the methodologies that are followed by today’s criminally-motivated hackers, IT managers can better tailor their infrastructure to resist attack, says Anthony Perridge, channel director EMEA, Sourcefire

T

he recent increase in the number and severity of cyber attacks around the world demonstrate that we’re squarely in an era referred to as the ‘industrialisation of hacking’ which has created a faster, more effective and more efficient sector profiting from attacks to our IT infrastructure. Driven by the desire for economic or political gain or attention to their cause, hackers are executing more sophisticated and damaging attacks that at the same time are becoming easier to launch with widely available tools. To understand today’s array of threats and effectively defend against them, IT security professionals need to start thinking like attackers. With a deeper understanding of the methodical approach that attackers use to execute their mission, as demonstrated by the ‘attack chain,’ you can identify ways to strengthen defences. The attack chain, a simplified version of the ‘cyber kill chain,’ describes the events that lead to and through the phases of an attack. Let’s take a look: Survey. Attackers first enter your infrastructure and deploy surveillance malware to look at the full picture of your environment, regardless of where it exists – network, endpoint, mobile and virtual, to understand what attack vectors are available, what security tools are deployed and what accounts they may be able to capture and use for elevated permissions. This malware uses common channels to communicate and goes unnoticed as it conducts reconnaissance. Write. Knowing what they’re up against attackers then create targeted, context-aware malware. Examples we’ve seen include

“HACKERS ARE USING AUTOMATED METHODS TO SIMPLIFY AND EXPEDITE ATTACKS. USING MANUAL PROCESSES TO DEFEND AGAINST SUCH ATTACKS ARE INADEQUATE.” 34

ARABIAN COMPUTER NEWS June 2013

Proper protection of an environment requires full visibility into all elements of it, says Perridge.

malware that detects if it is in a sandbox and acts differently than on a user system, malware that checks for language pack installation (as in the case of Flame) before execution and malware that takes different actions if it is on a corporate network versus a home network. Attackers will extend surveillance activities to capture important details about where the assets are and how to get to them. They target your specific organisation, applications, users, partners, processes and procedures. Test. Then they make sure the malware works. The malware writers have deep pockets and well-developed information-sharing networks. They recreate your environment and test the malware against your technology and security tools to make sure it gets through defences undetected, in effect following software development processes like QA testing or bench testing. This approach is so foolproof malware writers are now offering guarantees that their malware will go undetected for six or even nine months. This is true industrialisation of hacking. Execute. Remember that we’re not talking about the old days where attackers were in it for the publicity. The financial incentives for secrecy are far greater than the glory. Attackers navigate through the extended network, environmentally aware, evading detection and moving laterally until reaching the target. Accomplish the mission. Sometimes the end game is to gather data; in other cases it is simply to disrupt or destroy. Whatever it is, they have more information and a targeted plan of attack to maximize success of their mission. Once the mission is complete they will remove evidence but maintain a beachhead for future attacks.


/COMMENT

Given the attack chain, what can defenders do to strengthen defences? It’s pretty clear that attackers are taking advantage of three key capabilities to hone their missions. Defenders must use these very same capabilities to better protect against attacks, including: Visibility: Attackers have full visibility of your IT environment, so too must you. To more effectively protect your organisation you need a baseline of information across your extended network (which includes endpoints, mobile devices and virtual environments) with visibility into all assets, operating systems, applications, services, protocols, users, network behaviour as well as potential threats and vulnerabilities. Seek out technologies that not only provide visibility but also offer contextual awareness by correlating extensive amounts of data related to your specific environment to enable more informed security decisions. Automation: You need to work smarter, not harder. Hackers are using automated methods to simplify and expedite attacks. Using manual processes to defend against such attacks are inadequate. You need to take advantage of technologies that combine contextual awareness with automation to optimise defences and resolve security events more quickly. Policy and rules updates, enforcement and tuning are just a few examples of processes that can be intelligently automated to deliver real-time protection in dynamic threat and IT environments. Intelligence: In an age when hackers are conducting extensive reconnaissance before launching attacks, security intelligence is critical to defeat attacks. Technologies that tap into the power of the cloud and big data analytics deliver the security intelligence

“REMEMBER THAT WE’RE NOT TALKING ABOUT THE OLD DAYS WHERE ATTACKERS WERE IN IT FOR THE PUBLICITY. THE FINANCIAL INCENTIVES FOR SECRECY ARE GREATER THAN THE GLORY.” you need, continuously tracking and storing information about unknown and suspicious files across a widespread community and applying big data analytics to identify, understand, and stop the latest threats. Not only can you apply this intelligence to retrospectively secure your environment, mitigating damage from threats that evade initial detection, but you can also update protections for more effective security. In a world in which attackers seem to be gaining an advantage, defenders need to fight fire with fire. Security technologies that enable visibility, automation and intelligence can help break the attack chain and foil attacks.

June 2013 ARABIAN COMPUTER NEWS

35


/COMMENT

BYOD 2.0: Beyond Mobile Device Management As demand from employees to use their own devices grows, companies are getting a better understanding of BYOD, writes Nicolas Benisti, Senior Manager, Regional Marketing Southern EMEA F5

W

hile it seems like the industry has been talking about it for years, a recent report by Forrester warned that BYOD uptake has only just begun. It’s true that corporates started discussing the concept back in 2007 when business executives began demanding access to corporate resources on their shiny new iPhones. But Forrester says that mobile information workers – workers with three or more devices, working from multiple locations, with many apps - has gone from 23% of all information workers — those who work on a computer for at least one hour per day — to 29% in 2013, and is set to continue to grow with more tablet devices and more apps. Forrester is right in that it is only now that large numbers of organisations are starting to implement BYOD initiatives. This increase is largely driven by the rise of cloud apps we can access on our mobile devices, and the influence they’re having on the way we work. The appeal of BYOD is obvious. Allowing employees to access their data on personal devices, from any location at any time, provides a number of benefits; they have greater flexibility and are able to work more efficiently, as well as gleaning more satisfaction from their jobs. On the flipside – and the concern that has held many businesses back – is the numerous security issues it

“NOT ALL EMPLOYEES ARE SECURITY-SAVVY, SO THEY AREN’T NECESSARILY VERY GOOD AT TAKING THE NECESSARY MEASURES TO PROTECT THEIR DEVICES, WHICH COULD LEAVE SENSITIVE DATA VULNERABLE TO ATTACK.” 36

ARABIAN COMPUTER NEWS June 2013

Benisti: Organisations are ready for BYOD 2.0.

raises as employees demand access to sensitive corporate data on unmanaged and potentially unsecured devices. In the early days of BYOD, (what we describe at F5 as BYOD 1.0), organisations tried to solve BYOD security issues in the workplace by managing employees’ devices as a whole (MDM: Mobile Device Management). But MDM is not without its drawbacks. Employees don’t like giving their companies control over their devices as they often contain personal applications and information. If an exec decides to leave a company, wiping her mobile may mean losing all enterprise data along with photos of her family. IT departments don’t like this scenario either; having to manage an employee’s entire device means their personal traffic becomes an IT problem. In addition, not all employees are security-savvy, so they aren’t necessarily very good at taking the necessary measures to protect their devices, which could leave sensitive data vulnerable to attack. If the IT department needs to make any upgrades to an employee’s smartphone, they would also have access to his or her personal data, including phone numbers, family photos and social calendars. As we enter BYOD 2.0, which Forrester indicates is the true beginning of the mobile working revolution, these issues are finally being addressed. MDM is over and Mobile Application Management (MAM) is set to take its place. The enterprise footprint on a personally owned device is now limited to the enterprise data and applications and nothing more. Device level Virtual Private Networks (VPNs) are now being replaced by application-specific


/COMMENT

“THE APPEAL OF BYOD IS OBVIOUS. ALLOWING EMPLOYEES TO ACCESS THEIR DATA ON PERSONAL DEVICES, FROM ANY LOCATION AT ANY TIME, PROVIDES A NUMBER OF BENEFITS; THEY HAVE GREATER FLEXIBILITY AND ARE ABLE TO WORK MORE EFFICIENTLY, AS WELL AS GLEANING MORE SATISFACTION FROM THEIR JOBS.” VPNs, meaning that security measures like encryption can be implemented on individual applications, such as Microsoft Exchange, ensuring that employees’ work emails are secure but that they won’t get locked out of other applications if they forget their email encryption password. What we are starting to see is technology that securely extends the enterprise to personal mobile devices. This builds on the BYOD 1.0 foundation, but the emphasis has now moved from management of the device to management of the application. Knowing that the IT department is managing applications rather than their entire device, employees can feel safe in the knowledge that their personal data is kept private and that they have control over their own devices. IT departments are happy because they now only need to concern themselves with the control, manage-

ment and security of enterprise data and applications, rather than personal content. By combining mobile management functionality and access functionality into a simple offering, enterprises achieve a mobile IT solution that extends from data and applications on the endpoint into the cloud and data centre. Different types of environments will require different levels of access control but this will not be to the detriment of the end user; phase two of BYOD means data is more secure but is as fast and available as before to provide an enhanced user experience. Executives have been quick to embrace the BYOD trend and now that their concerns over enterprise management of their personal data should be a thing of the past, it’ll be interesting to see just how far the trend goes.

June 2013 ARABIAN COMPUTER NEWS

37


/COMMENT

Software Producers need more flexibility Software developers may be losing as much as half of their potential revenues, but piracy is not the root cause of the loss, poor packaging and licensing is to blame, says Miguel Braojos, VP Sales SEMEA, SafeNet

O

ur recent survey, in partnership with the Software & Information Industry Association (SIIA), into the potential of software monetisation, revealed some startling results. Software producers admit that they are losing nearly 50% of potential revenues. What are they losing it to? History may tempt you to say piracy, especially when considering last year’s report from the Business Software Alliance that found 58% of computer users in the Middle East and Africa region are running pirated software. Although the piracy rate in the UAE is one of the lowest in the region at only 37%, a staggering 84% of the respondents in the UAE admit to pirating software, which results in a loss of $208 million to software companies, while in Saudi Arabia that figure rises to $449 milion. But is piracy the real reason? Not according to the 600-plus software producers who responded to the State of Software Monetisation survey.

CHANGING TIMES Software Intellectual Property (IP) theft is not new — software companies have been dealing with this for decades. Software companies are used to employing techniques to combat these challenges. Many companies feel as though they need to make a choice between security and business efficiency. But a simple way to combat this and develop a delicate balance is through a tailored software monetisation strategy and a licensing and entitlement management strategy that will be flexible enough to meet customers’ emerging business and security needs while providing robust IP protection. The survey has clearly highlighted that software producers need

Braojos: Software producers need to better manage licensing options and compliance.

solutions that deal with the four key elements of software monetisation, which are effective packaging, access and compliance control, back-office automation and management, and usage monitoring. As software producers deal with the maturation of the market, a redefined customer expectation around their experience, and open source threats, the loss of potential revenues is the real Achilles heel for many. As such, it can be argued that the number one issue isn’t piracy, rather it is the inertia associated with how software producers package and license their products. And the irony is software producers know it too. Nearly 84% of respondents believe that better software packaging techniques specifically could yield higher revenue.

PICK YOUR BATTLES

“ALTHOUGH THE PIRACY RATE IN THE UAE IS ONE OF THE LOWEST IN THE REGION AT ONLY 37%, A STAGGERING 84% OF THE RESPONDENTS IN THE UAE ADMIT TO PIRATING SOFTWARE.” 38

ARABIAN COMPUTER NEWS June 2013

To put this into stark perspective, you can either spend years fighting over piracy, via legal and technical means, or you can focus on what you actually control and boost your revenues the right way: by enabling your customers to license your software the way they want. A customer once told me how upset their CEO was when he found out that their software was being liberally pirated in an Eastern European country. However, once he calmed down, he realised that the revenue they were losing was not necessarily revenue they would have ever had. Their software was popular with university students but at their current licensing prices, there was no way for those students to actually afford the software. Instead, they had to think about free trialware for them first, which would convert them from ‘pirates’ to legitimate users, and then allow them to continue using software at modest prices once they graduated. Take that same logic and apply it to smaller


/COMMENT

“THE NEED FOR PROPER SOFTWARE PROTECTION GOES WITHOUT SAYING — SECURITY IS OF PARAMOUNT IMPORTANCE.”

start-up organisations. They have a need, but they certainly don’t have a lot of disposable budget, so would you rather ‘land and expand’ that account, or miss the opportunity altogether?

DEVELOP EFFECTIVE BUSINESS MODELS It’s clear that software producers are in dire need of flexible licensing models. However despite knowing this, 61% of the respondents admitted that they struggle with the ability to flexibly price and package their applications, and 54% reported considerable revenue loss due to this. In order to develop effective business models, ensure customer satisfaction and enhance revenue, flexible licensing models need to be put in place now. Annual renewable license models with a maintenance element are still a popular offering across the Middle East for many ISVs, particularly traditional on-premise vendors who rely on customers to make an annual subscription towards point releases and major version upgrades. The perpetual license is also common, typically linked to the number of users. Moving on from the issues around flexible licensing models, access and compliance control can also be an important area of concern. Lack of control over software is a major cause of revenue loss — nearly half of the respondents thought that competitive IP theft had a significant impact on their business and just over 40% thought that lost revenue due to software piracy had a major impact on their business. This apprehension over the impact of software misuse is justified, as many organisations reported unlicensed software in use within their companies. However, although producers are recognising that their software may become compromised, there are many that are failing to license compliance enforcement mechanisms and IP protection tools. As the industry is evolving, software producers are starting to more frequently recognise other potential revenue barriers. Not only does the need to improve back office functionality drain resources, it can also be extremely time-consuming. Furthermore 59% of global respondents are reportedly struggling with back-office licensing processes. Specifically, this is down to problems with entitlement generation, delivery and activation. It’s essential that organisations ensure that their licensing processes are closely aligned with other back-office systems in order to implement a software monetisation strategy that helps fight revenue losses. It seems end-user and self-service support are common challenges for software producers. Implementation of integration management solutions would be a key way to address back-office inefficiencies, as well as greatly enhancing the end-user experience, overall efficiency and revenue generation for both the software producer and end-user.

KEEP AN EYE ON THE GOAL POST Another issue further aggravating the problem of software piracy is how to effectively monitor usage. When you consider the range of devices that are now available to consumers, there is a lot of pressure on software producers to ensure that their applications are available across the full spectrum of devices, as well as offering a variety of consumption offers such as subscription and pay as you go. Unfortunately that means effectively and accurately tracking software usage across all devices can be a challenge. Having the correct business intelligence is an integral part of the decision making process, in terms of new markets, packaging and internal resource management. More specifically, over half of all respondents reported challenges with tracking feature usage, information about end users and entitlement status. Software producers’ ability to track who is using their software, along with when, how, and to what extent, is a critically important factor to drive and maximise product investment opportunities, packaging strategies and other critical business decisions.

IT STARTS WITH A SMALL STEP Software producers are at least recognising the benefits of an effective software monetisation strategy, with 84% saying that an effective software monetisation strategy could boost their revenue by up to a half. By closely aligning their software monetisation strategy with their business objectives, producers are able to drive those strategies very early in the product development cycle. Essentially this means they can develop and adapt software packages to best meet the needs of their customers both now and in the future, as well as building licensing into their software and back-office systems. The need for proper software protection goes without saying, however, it is time software producers admit what is the real root of the problem. Create an effective software monetisation strategy that is built into your business strategy and grounded software packaging at the right price points for targeted markets; appropriate control of software; streamlined back-office systems, and efficient monitoring of usage. Make sure they are measuring the efficacy of their strategy, collecting proper feedback, and then make changes as necessary. Forget recovering the full 50% of lost revenues, if better packaging alone can result in even a 10% increase it is well worth the effort. For more information on The State of Software Monetisation survey conducted by SafeNet and the SIIA please visit www.safenet-inc. com/SoftwareMonetizationMatters

June 2013 ARABIAN COMPUTER NEWS

39


/EDITOR’S COMMENT

Another security breakdown The news that two banks in the Gulf were robbed of $45m in a global ATM scam should serve as yet another wake-up call to the industry, but it is hard to see it as anything other than an indictment of the poor processes and lax security displayed by too many organisations in the region. In short, hackers appear to have compromised the systems of two credit card processing companies, to remove limits on a small set of pre-paid credit cards. The credit card numbers were then circulated to gangs in 27 countries, where they then cloned the cards, and at a predetermined date and time, spread out across the cities they were based in and made as many withdrawals as possible. The attackers only struck twice, once against RAKBANK in December, netting around $5m, and then again against Bank Muscat in February for some $39m. The attack against Bank Muscat had been disclosed in February, by the bank itself in a statement to the Muscat Securities Market — its losses are estimated to account for 10% of predicted 2013 earnings. While the theft was undoubtedly audacious and well organised, and without knowing the exact mechanics of how pre-paid cards are administered compared to regular credit or debit cards, these attacks are not so much shocking, as they exasperating. How did such a large-scale attack succeed, and why did the banks in question not detect what was happening? Multiple, large amount withdrawals were made during a short time frame — 2,904 withdrawals were made in New York, on a single Bank Muscat account, in just ten hours (netting the thieves around $2.4m, incidentally). That is roughly 48 withdrawals per minute. The locations were spread out enough to have made it physically impossible for one person to be using the card, let alone for the volume of transactions to look anything like legitimate. The security sector has been pushing the message that IT security systems need to detect not just outright illegal behaviour in transaction processing, but also unusual or slightly sus-

40

ARABIAN COMPUTER NEWS June 2013

pect behaviour. If one incident by itself is not unusual enough to trigger an alarm, logging multiple events should be. These systems are already in place. We’ve all had the phone call from the bank after making an ATM withdrawal or large card purchase while in a foreign country — ‘are you in such and such a country? Did you just use your card at such and such ATM?’ The calls are partly reassuring that the bank is paying attention, partly creepy in how fast they are to call — sometime the phone has rung before you’ve even put the money in your wallet. The system may involve inefficient human intervention in the form of someone having to pick up the phone and make the call, and the cost of having agents on hand 24-7 to do so, but the bank is almost immediately aware of any potentially fraudulent transactions. Other systems send an SMS to the card holder to notify them of transactions. It puts the onus on the card holder, but it is another safety net. The failure to detect and block these attacks would suggest that either the attackers were intimately familiar with the systems in place — a 24 hour lag in communication between bank and processing company would have given them time enough to act; or else the banks lacked a system to detect this unusual behaviour and start a human investigation, or they failed to act on an alarm in a timely fashion. If it is the latter, then these banks are seriously remiss. Even if the mechanics of prepaid card processing, or the co-ordinated efforts of the attacks meant that there were no alarms, why had no one — apparently — ever realised this was a potential vulnerability or thought that putting alarms in place, or closing up a lag in communications would be a good idea? Bank Muscat has made a statement to shareholders that it will make every effort to recover the money. Given the New York gang had apparently already blown a large proportion on fast cars and luxury watches before they were caught, and that the gang leader was murdered in the Dominican Republic, recovery seems unlikely.

Mark Sutton Senior Group Editor mark.sutton@itp.com


/FREIGHTWORKS

42


/FREIGHTWORKS

Ahmed Niyas, information technology manager for Freightworks. The company has deployed Siemens uniямБed communications.

UC COMMS CONNECTING FOR GROWTH

INTERNATIONAL FREIGHT AND LOGISTICS PROVIDER FREIGHTWORKS IS LOOKING TO EXPAND ITS BUSINESS IN THE REGION AND AROUND THE GLOBE, AND IS BUILDING OUT ITS IT INFRASTRUCTURE TO ENABLE GROWTH PLANS. AS PART OF THE BUILD, AND TO KEEP STAFF AND CUSTOMERS CONNECTED, THE COMPANY RECENTLY COMPLETED THE ROLL OUT OF A NEW UNIFIED COMMUNICATIONS SYSTEM. BY MARK SUTTON June 2013 ARABIAN COMPUTER NEWS

43


/FREIGHTWORKS

Steen Hartwig (r), managing director of Freightworks says the new solutions will help to support the company’s forward plans for expansion.

ood communications are essential to any business, but especially so for companies that are operating across wide geographic areas or with a mobile workforce. For international freight forwarder and logistics provider Freightworks, headquartered in Dubai, a recent IT infrastructure upgrade offered the chance to enhance its communications capabilities dramatically. Freightworks, a joint venture between the UAE’s Emirates/DNATA and business conglomerate the Kanoo Group, has international operations in sea, air and road freight, as well as associated logistics services. During 2012, the company completed an upgrade of its IT infrastructure, including new servers, network hardware and workstations, an upgrade that the company said had been pending for some time. At the same time, Freightworks was faced with the need to upgrade its existing digital PABX and telephony systems, both hardware and software, in order to remain supported by its previous vendor. Ahmed Niyas, information technology manager for Freightworks, said that the company was evaluating its options for the telephony upgrade, both to upgrade the existing telephone system, and to switch to IP phones. The company had not considered a full unified communications roll out Niyas, said, until a conversation with systems integration partner NewRAS, who had provided some of the network hardware in the IT upgrade. NewRAS suggested an evaluation of Siemen’s unified communications systems. “Initially we thought unified communications would be expensive,” said Niyas, “but we had an initial presentation from Siemens, and it was eye-opening how much we could do with unified communication, it is more than just answering the phone. When we checked the prices, it was fairly competitive and it had so many features.” Freightworks also assessed unified communications from Avaya and Cisco, but opted for the Siemens solutions. “We decided to go with it, it was not so expensively, comparatively, to do the hardware upgrade, and we would get a new system that would benefit us a lot, and change the way we are communicating,” he said.

44

ARABIAN COMPUTER NEWS June 2013

The company contracted NewRAS for the project, and roll out of Siemens solutions for Freightworks head office in Al Ramoul, near Dubai International Airport, and its Jebel Ali Free Zone (JAFZ) facility, was begun in April this year. Siemens OpenScape Office LX software, which can cater to up to 500 users was deployed at the head office, while a Siemens MX system, which can handle up to 150 users, was deployed at JAFZ. Around 160 Siemens OpenStage IP telephones were deployed, and the company was able to run the solution on a single, pre-existing, server running SUSE Linux Enterprise Server. The two offices are connected via 40MB ADSL line, using SonicWall VPN to keep costs down. Steen Hartwig, managing director of Freightworks, explained that the unified communications project is just part of a wider upgrade to new IT systems to support the company’s operations and planned growth. “We have been trying to catch up with the development, and that is what we have been able to do in 2012-2013,” he said. “Early last year we completely revamped our entire IT setup, which was also something that had been pending for a number of years. The communication part of what we have just done with the Siemens solution, we wanted to take that next step. We are also in the process of rolling out a brand new ERP system, throughout the organisation - hopefully by the end of the year we will be done.” One minor issue raised as part of the evaluation was the relative newness of unified communication technology in the UAE, Hartwig said. “When you consider brands, Siemens is very solid,” he said. “It was a point of discussion, how we would get the support, how we would get the after sales service, and so forth, but we were assured that this would take place, we knew NewRAS, the Siemens people gave us a lot of comfort, and so far there has been no regrets.” The solutions deployed bring a range of benefits to Freight-


/FREIGHTWORKS

“BEING ABLE TO REACH YOUR PEOPLE, WHETHER THAT IS SALES PEOPLE, KEY ACCOUNT MANAGERS, OR DRIVERS OUT IN THE FIELD IS GOING TO BE THE SINGLE BIGGEST EFFICIENCY.” works, the company said, through features such as presence, fax management, call management, easy to configure conference calling, integration with other communications platforms and speed of set up and delivery. Hartwig said that the overall aim was to be better connected, and although it is too early to put figures to the gains, the company expects to see a strong return. “It is a little bit premature to talk about dollars and cents, we have made some assumptions certainly. Being able to

KIT LIST Siemens OpenScape Office LX Siemens OpenScape Office MX Siemens OpenStage IP telephones Pan Cyber Dialguard SonicWall UTM Firewall VPN

reach your people, whether that is sales people, key account managers, or drivers out in the field is going to be the single biggest efficiency. Some of the efficiencies can’t be measured in money terms, but when you run a business it is all about achieving these efficiencies. I believe that when we get to Q1 next year we will sit down to review the first year and see where we are at,” he said. Niyas highlighted a number of features in the solution, which will improve communications in several different ways.

45


/FREIGHTWORKS

“THOSE ARE PLANS THAT ARE THREE TO FIVE YEARS OUT, SO WE HAD TO THINK ABOUT WHERE WE ARE GOING TO BE IN FIVE YEARS. INSTEAD OF CHOOSING SOMETHING THAT IS APPROPRIATE FOR NOW OR NEXT YEAR, WE HAVE TO THINK ABOUT WHAT IS GOING TO BE TIME APPROPRIATE FOR THE WAY WE DO BUSINESS IN FIVE YEARS.” The software includes myPortal, a communications hub to manage calls. This will allow users to share whether they are in the office or not, to route calls to voicemail and to manage received or missed calls from a single window, meaning that users can prioritize answering calls without having to switch between desk voicemail, mobile and so on. The myPortal solution also includes a ‘one number’ feature, so that calls can reach a user wherever they are, for example to use myPortal and a laptop to conference call while travelling. The different features will enable Freightworks users to be much more responsive to customer communications, Niyas said, which will improve efficiency across a number of roles such as the sales team and the drivers. The system also has powerful features such as drag-and-drop conferencing, which will enable better internal communications. The software fax capability is anticipated to save the company one ream of paper per day — while fax may be obsolete in some industries, Niyas pointed out, in logistics it is still essential for processing official paperwork. Another feature of the software is integration with Microsoft Outlook. Senior management in the company mainly work through Outlook, as a dashboard, Niyas said, and myPortal will enable senior users to manage all of their communications directly through Outlook without switching into other applications. The project also has potential to save costs through better insight into call costs and usage, he added. Freightworks has a number of customers who outsource desk space and communications in Freightworks’ offices, and the deployment of Dialguard software, from Indian software company Pan Cyber, will enable better billing for these customers and for internal use. “A few of our customers share office space with us, we provide extensions as part of their office contracts,” Niyas said. “We need to bill them, we have software for that called Dialguard, which gives indepth reports of call monitoring, so we can charge them easily. It provides a lot of features, even for our internal call monitoring, it doesn’t just give the basic call log, it gives you the top extensions, time-wise and money-wise, which are the destinations we are calling most and where is the money being spent. Once we get those reports, it will be beneficial for us to go and do a deal with Etisalat.”

46

ARABIAN COMPUTER NEWS June 2013

To drive adoption of the system, Siemens provided end-user training, and the software also includes inbuilt help systems, and Freightworks intends to carry on with regular training for users, Hartwig noted: “One of the challenges is going to be to get people used to not using this as a standard PABX. To get the optimum out of it, we need to make sure that we continuously have training, that we make sure that they use it in the integrated fashion that they are supposed to. You can spend a lot of money buying a new system, but if it is not used in the appropriate manner then you might have as well stuck with the old one.” Another important aspect of the solutions deployed is the flexibility to grow, without having to add considerable extra costs. As the company is planning on a major ERP implementation, it intends to look at new capabilities that could be added based on both systems. Niyas points out that new extensions and facilities can be added to the network very easily, while features such as a customer service desk, which may be implemented once the ERP is deployed, can be activated just through the purchase of extra licences, without the need for hardware upgrades. Similarly, the company will be able to easily add video communications to its phones in future if it is deemed necessary. “It is one of the things that we don’t need right now, but we know that with very little effort and resource, we can add that. The system is geared for it, but right now there is no immediate need in the organisation,” Hartwig explained. The future flexibility of the system is critical as Freightworks looks to expand its operations, Hartwig added: “We have to think about domestic growth, regional growth and also international growth. Those are plans that are three to five years out, so we had to think about where we are going to be in five years. Instead of choosing something that is appropriate for now or next year, we have to think about what is going to be time appropriate for the way we do business in five years. I am very confident that the solution that we have chosen will cover us for a good many years — technology changes, but we are confident that this is going to help us in expanding.”


/INNOVATION

48


/INNOVATION

KEEPING AHEAD OF INNOVATION

WITH THE COMBINATION OF SEVERAL MAJOR NEW ADVANCES IN TECHNOLOGY OPENING UP THE POSSIBILITIES FOR NEW SOLUTIONS, AND IT DEPARTMENTS COMING UNDER PRESSURE TO ENABLE BUSINESS TRANSFORMATION, CIOS ARE FACING A TOUGH TASK IN STAYING UP-TO-DATE WITH TECHNOLOGIES THAT ARE RELEVANT TO THEIR ORGANISATION BY MARK SUTTON June 2013 ARABIAN COMPUTER NEWS

49


/INNOVATION

Baul Lewis: CIOs need trusted partners, and impartial sources of information to make sense of the wealth of new technologies and how to apply them.

taying current with technology development, both in terms of what technology is breaking through, and what the implications might be to a CIO’s organisation, is not an easy task, particularly given the current opening up of technologies into new realms of mobile, cloud, social and large scale analytics. In recent years, the CIO has faced reduced budgets, and new technology has not been a high priority. Now, with the era of the third platform, the emergence of new technologies and the apparent recovery of IT budgets — a recent Gartner survey found that four out of five CEOs expected to increase IT spending in 2013 — the CIO is faced with having to understand a wide range of potentially game-changing technologies. Mark McDonald, group vice president, Head of Research for Gartner Executive Programs says that the technology opportunities now are greater than they have been in over a decade, putting innovation back on the agenda. “Innovation is hot now because we are coming out of a decade where there were no major business technology innovations. If you go from the dotcom bust to 2011, there really was no major piece of information technology that was driving innovation — the cloud was predominantly seen as an infrastructure replacement model; the other thing that people were talking about was outsourcing — in that whole decade. The new technologies to create these innovations, the technology-intensive solutions, now exist, and they haven’t existed before. We are coming out of an innovation desert, into a bazaar of digital opportunities.” Andrew Baul Lewis, director of the ICT Practice, Frost & Sullivan, also sees a speeding up of the cycle of innovation: “The IT and comms industries have very rapid cycles for new releases, and with the development of new areas — such as security and apps — that speed has increased in the past five or so years. CIOs should keep a watching eye on the latest tech, but companies need to move at their own pace, according to its capability and demands.” There are multiple sources of information to help IT decision makers stay current, but not all have the same value or usefulness. “There is a constant flood of new technologies and features from ICT suppliers that attack the CIOs,” Baul Lewis says. “But for many CIOs, the multiple announcements simply blend into each other

50

ARABIAN COMPUTER NEWS June 2013

CIOs should focus on new technology through the lens of the business objective they are trying to achieve, says McDonald.

and become white noise. In order to make sense of this noise, CIOs should rely on trusted partners and sources. As well as their own team, there are usually integrators or resellers who have to deploy and develop ICT systems. The quality partners will try to make sure that what advice they give is in the best interest of their customers, not their suppliers.” Baul Lewis also recommends other sources of data such as business publications, along with resources such as customer reference websites, which can offer a more in-depth understanding of how to address new technologies. For Gartner, the most important source of information for CIOs is each other, through peer-to-peer networking and conversation. McDonald says that interaction with peers, both face-to-face, which has been the more predominant form in the Middle East, but also moving into online forums and virtual spaces, gives CIOs the depth and breadth of interaction to discuss the real issues they have, and to get impartial advice from those that have already tackled those issues. “The reason we say that the most powerful way for CIOs to stay up-to-date is to network with each other is because peer-to-peer networking, or peer interaction networking is the stuff that enables the CIO to go as deep as they need to, and the answers to stick really well,” he says. McDonald highlights Gartner Peer Connect, an online community, with a peer-driven agenda that is open to Gartner customers, with

“THERE IS A CONSTANT FLOOD OF NEW TECHNOLOGIES AND FEATURES FROM ICT SUPPLIERS THAT ATTACK THE CIOS. FOR MANY CIOS, THE MULTIPLE ANNOUNCEMENTS SIMPLY BLEND INTO EACH OTHER AND BECOME WHITE NOISE.”


/INNOVATION

participation from its analysts. The online community has generated a “tremendous amount of interaction”, according to McDonald, since launch 18 months ago. Online communities can provide a global reach for CIOs to ask questions, and also have the benefit of providing the history of any previous discussions on a subject, to create a knowledge resource. Naturally, both McDonald and Baul Lewis believe that analyst organisations have an important role to play in guiding IT decisions. Engagement with analysts removes the immediate commercial pressure that comes with discussions with solution providers, and helps to build trust, which in turn leads to better discussions of the real business issues at stake. “Industry analysts should represent the grounded, rounded view of the combined industry,” says Baul Lewis. “The role of industry analysts, such as Frost & Sullivan, is to provide a guiding view of what developments in technology mean for customers and for the industry as a whole. We also have a role providing a more rounded view than just that from within one industry, or even one-part of the industry — balancing the hype of the suppliers with the reality of customers. “For example, we warned that the growth of smartphones and the BYOD trend would open up businesses to potential security vulnerabilities, and that the bulk of IT and Comms systems and suppliers were not prepared for these issues. However, their own staff and the device industry pushed ahead buying new devices and apps, and CIOs have been caught in the middle,” he adds.

Discussions with analysts should be framed according to the CIO’s agenda, McDonald adds, and should also be relevant to the level of decision making that the CIO is taking part in. On any new idea or technology that is advocated by an analyst organisation, CIOs should be questioning ‘who has done it?’ and ‘what have been the results?’ to better understand the realities of that technology. “There is a big difference between the way I think the market should be, and the way the market, or a particular solution ‘is’. That difference is very important to CIOs, because they make decisions that bet their organisation. If you talk to an enterprise architect or somebody else in an organisation and they say that this is the way they think it should be, that’s great, but they are not really betting on it — when a CIO says ‘we are going to go this way with digital,’ for example, then they are really betting the organisation on it. That is why CIOs should be looking for sources of information that treat CIOs differently,” he says. The overall driver for how much CIOs engage with new technologies and innovations, should always be the organisation’s business objectives. Companies need to consider things like the length of their business cycle when deciding how far ahead to plan to match future requirements, and where to focus their efforts. “Increasingly businesses are looking for new products, services or businesses to provide growth, and IT has a strong role to play in developing and supporting this effort,” comments Baul Lewis. “Whether these become priorities for the CIO depends upon the

June 2013 ARABIAN COMPUTER NEWS

51


/INNOVATION

CIOs need to engage with analysts according to their own agenda and what is relevant to their organisation.

“ANY KIND OF INNOVATION IS ASSOCIATED WITH MAKING THE BUSINESS DIFFERENT, IN A WAY THAT MATTERS IN THE FUTURE. KEEPING THAT IN FRONT OF [CIOS] IS REALLY IMPORTANT.” business focus, and resources of the company. The strategy of the company they work for, its business objectives should be the driver for what the CIO spends their company’s hard earned money on. The CIO should have a pro-active role in setting these objectives, so that the advantages of new technologies or services can be understood by the business.” As IT gets pushed into a more strategic role, and is expected to create business change, McDonald also recommends that CIOs look to sources of business information and strategy to better understand broader business issues, not just the technology part. “There has been a real focus in the past as IT as somewhat separated from the rest of the business, but when you talk about how to increase free cash flow, or trade in markets outside my core geography, technologies aren’t going to cover those things,” he says. “They need to focus on the business problem they are trying to

52

ARABIAN COMPUTER NEWS June 2013

solve. Any kind of innovation is associated with making the business different, in a way that matters in the future. Keeping that in front of them is really important. “One of the things we found is that really successful companies doing digital innovation don’t have a digital strategy, but they do have business outcomes they are trying to create. The reason is that what is possible with digital technology is almost unbounded. If I have a strategy that artificially limits what is almost unbounded, then I am limiting my options. If I start with a business goal, then I can be open to any one of those ways not only being possible, but more importantly being profitable. A lot of digital strategies, and a lot of implementations have fallen down, because while it is possible to run your ERP on a mobile phone, it probably isn’t profitable to do so. The realm of what is possible using new technologies, is huge - there’s lots of things I could do, there’s not a lot of things I should do.”


/DATA STORAGE

54


/DATA STORAGE

Storage systems are under pressure from the increasing volumes of corporate data generated by an always-on workforce.

DATA GROWTH DRIVING STORAGE SOLUTIONS GROWING VOLUMES OF CORPORATE DATA AND THE DEMANDS OF ANALYTICS IS DRIVING DEVELOPMENT OF NEW SOLUTIONS FOR ENTERPRISE STORAGE. CLOUD-BASED SERVICES, HIGH PERFORMANCE FLASH DRIVES AND SOFTWARE-DRIVEN SYSTEMS ARE ALL SHIFTING AWAY FROM BIG BOX STORAGE TO A MORE INTELLIGENT VISION OF DATA MANAGEMENT. BY KERI ALLAN June 2013 ARABIAN COMPUTER NEWS

55


/DATA STORAGE

Horne: The Software Defined Data Centre is an increasingly popular concept in enterprise storage systems at present.

nterprise storage has needed to evolve over the years in order to cater to the rising volumes of data companies create. Storage solutions are considered an enabler to business growth as the data stored can be analysed to produce insights into key business decisions. And the latest storage trends, including data de-duplication, automatic tiering of storage, big data analytics and cloud storage are all focused on the efficient management and effective utilisation of data. “Enterprises are changing their view of how they can analyse, leverage and ‘monetise’ data,” agrees Arun Chandrasekaran, research director Data Center Infrastructure and Operations, Gartner. “The imminent explosion in big data is giving rise to innovations in storage technologies and management. For example, scale-out storage is allowing companies to add storage at a lower cost for incremental capacity. “New technologies — most notably enterprise deployment of solid-state drives (SSDs) — are enabling faster access to this data,” he continues. “Additionally infrastructure virtualisation such as virtualised servers, desktops, storage and newer delivery models such as cloud are impacting the traditional procurement and total cost of ownership (TCO) models in storage.” The emerging trends in storage models currently are converged solutions, cloud and flash. “Converged solutions, which include server, storage, and network components in a pre-configured bundle, have gained a measure of acceptance due to their ease of acquisition and setup,” says Aaron White, general manager, Middle East and Turkey, Hitachi Data

Systems. “However, most of the bundled solutions currently offered in the market require separate tools for managing server, storage and network components because they normally consist of products from different vendors. In 2013, we will see the growing acceptance of unified compute platforms where the management and orchestration of server, storage, and network resources will be done through a single pane of glass to achieve an integrated turnkey solution.” When it comes to cloud storage, many organisations have adopted this as a way to mitigate the capacity and cost issues associated with the growth of unstructured data and content and IBM has already started to see certain sectors embrace cloud storage solutions. “We are seeing some interest in public storage clouds in the telecommunications sector. Private storage cloud has some momentum in the education sector,” notes Sherif Fadel, Systems and Technology group manager, IBM Gulf & Levant. Sean Horne, Director Mid-Tier Storage at EMC Corporation adds that there are two kinds of public cloud storage scenarios at present, including managed services with traditional SAN and NAS running databases such as SQL and Oracle; and Internet-based offerings with

“THE CONFLUENCE OF BIG DATA, SOCIAL, MOBILE AND CLOUD TECHNOLOGIES IS CREATING AN ENVIRONMENT IN THE ENTERPRISE THAT DEMANDS FASTER, MORE EFFICIENT, ACCESS TO BUSINESS INSIGHTS, AND FLASH CAN PROVIDE THAT ACCESS QUICKLY.” 56

ARABIAN COMPUTER NEWS June 2013


/DATA STORAGE

Best-of-breed solutions vs single vendor solutions are gaining in popularity at the moment, says Subramani.

Joseph: Cloud uptake has been limited by poor connectivity, poor quality of data connects available and associated cost.

Kumar: Software is going to play an increasingly key role in managing information in enterprises in future.

applications running in browsers using web-based storage such as Amazon or Google. “Taking the case of the latter, the very fact that Amazon announced its storage earnings to amount to a massive $3 billion earlier this year is a clear indication of the popularity of this cloud model. These figures didn’t exist five years ago, so we are witnessing a growth in adoption of about 50-60% every quarter, which is quite substantial,” Horne said. “On the other hand, there are still many organisations who are building their private clouds or are investing in heavy virtualisation which is the first step to establishing a private cloud environment.” Public cloud does have its issues, as Boby Joseph, CEO of StorIT Distribution highlights: “A very small portion has shifted to cloud because of the limiting connectivity speeds and quality, of data connects available to the enterprise, and the speed and cost remaining very poor performing items.” “Unfortunately performance and security remain key concerns for IT directors and admins,” adds Meera Kaul, managing director, Optimus Technology and Telecommunicatons. “The proportion of storage that has moved to public clouds is still very low; especially for the mid-market and high-end enterprise segment. Private clouds are now beginning to take off and as performance and security concerns are addressed we will gradually see a shift towards the public cloud paradigm in the coming years for storage.” Although uptake isn’t huge it is continuing to grow, and Gartner’s Chandrasekaran believes that as it matures it will emerge as a viable alternative to building on-premises storage infrastructures and will pose significant challenges to incumbent storage vendors.

“STORAGE VENDORS TODAY ARE, FOR THE MOST PART, SOFTWARE COMPANIES THAT PACKAGE THEIR SOFTWARE WITH SERVERS AND STORAGE COMPONENTS TO CREATE HIGHLY AVAILABLE AND FUNCTIONALLY RICH STORAGE SYSTEMS.” “Initially private and public cloud uptake is usually for non-business critical applications and storage, but more and more companies are putting their entire data centre off premise,” notes Joe Fagan, Seagate Cloud sales director, EMEA. A change in consumption models is also beginning to take place in the storage market, which will fundamentally change how storage vendors, channel partners and customers operate. “The acquisition of storage will begin to change from a CAPEX

June 2013 ARABIAN COMPUTER NEWS

57


/DATA STORAGE

White: Solutions that mix products from vendors often need multiple solutions to manage properly.

model, where we buy capacity upfront for the next four to five years and depreciate it over that period, to an OPEX, pay as you go, ondemand, acquisition model,” White notes. Flash in all its manifestations (SSD, PCIe, flash arrays etc.) is the fastest growing segment. Last year was significant for flash in SSDs.; before 2012 the price point was too high to make it a feasible option for data centre computing. Many providers now believe that 2013 is the year that flash becomes a serious contender for enterprises needing a high performance solution. Plus, the availability of reliable enterprise class Solid State Drives (SSD) and flash is also driving lots of interesting dynamics. “In the enterprise flash space there are about 15 new entrants with all flash arrays, hybrid arrays and PCIe SSD or flash solutions. The need for speed is driving SSD and PCIe uptake primarily for Virtual Desktop Infrastructure (VDI) but also for application acceleration,” notes Fagan. “However, commercially and technically there are complications that must not be overlooked,” he adds. “There is a lot of education needed around flash because there is one fundamental difference between flash-based memory and HDD. With HDD you buy it and it essentially works forever. Using it may fill it up, but it doesn’t deteriorate the drive or wear it away. With flash, using it does wear it away, and so we will all have to get used to the concept and its implication for warranty, pricing, total cost of ownership and scalability.” Many providers see great potential in flash storage and are focusing on widening the solutions they offer. IBM, for example recently unveiled an initiative to invest $1 billion in research and development to design, create and integrate new flash solutions into its expanding portfolio of servers, storage systems and middleware. “The economics and performance of flash are at a point where the technology can have a revolutionary impact on enterprises, especially for transaction-intensive applications. The confluence of big data, social, mobile and cloud technologies is creating an environment in the enterprise that demands faster, more efficient, access to business insights, and flash can provide that access quickly,” says Fadel. Undoubtedly the march of software defined storage has begun. “Storage has been software-led for a while, although the complete abstraction of underlying hardware is just beginning to happen now,” highlights Chandrasekaran. “Storage vendors today are, for the most part, software companies that package their software with servers and storage components to create highly available and functionally rich storage systems. “Hardware and software technologies have evolved to the point

58

ARABIAN COMPUTER NEWS June 2013

“IN 2013, WE WILL SEE THE GROWING ACCEPTANCE OF UNIFIED COMPUTE PLATFORMS WHERE THE MANAGEMENT AND ORCHESTRATION OF SERVER, STORAGE, AND NETWORK RESOURCES WILL BE DONE THROUGH A SINGLE PANE OF GLASS TO ACHIEVE AN INTEGRATED TURNKEY SOLUTION.” where it is now practical to avoid the high costs of proprietary solutions, at least for non-mission-critical data. This is because of the relative ease with which storage-system-based intelligence and file system functionality can be moved back into industry-standard physical servers or virtual machines by smaller and newer vendors, and the availability of professional support and maintenance.” “The most popular concept at the moment is the Software Defined Data Centre where the abstract software intelligence is virtualised and separated from the hardware, which will allow hardware technologies of different generations to co-exist with newer software solutions,” adds Horne. “In an SDDC, where the hardware is standardised and disassociated from software that holds the intelligence, we will see enterprises invest in fewer hardware refresh cycles and more software updates. EMC has recently announced a new technology that it says will


/DATA STORAGE

SINGLE VENDOR OR BEST-OF-BREED? Although there is a mix of approaches taken by enterprises in the Middle East, vendors are increasingly seeing more organisations move towards best-of-breed solutions. There are however, still some large organisations that see the value in a single vendor providing a broad storage portfolio, as it has its advantages, including approach of only one engagement, one support call, and one consultancy partner. “With that said, there are the disadvantages of being behind the technology curve and sometimes paying more. Today we see the early adopters continuing to seek out the best-of-breed technologies and figure out how to integrate them into their solutions,” notes Joe Fagan, Seagate Cloud sales director, EMEA. “The choice between single-vendor vs. best-of-breed approaches is highly subjective and depends on the enterprise. While the single-vendor approach offers an interoperable solution suite, the best-of-breed approach avoids vendor lock-in and enables enterprises to adopt the best solutions offered by a variety of vendors,” explains IDC analyst Swapna Subramani. “The best-of-breed approach however needs to be integrated with management tools that can give an accurate, real-time picture of operations on an end-to-end basis, spanning the middleware technology silos to ensure interoperability,” she adds.

help IT decision makers tackle this problem of efficiency. In May, at EMC world, the company unveiled its new ViPR technology, which will allow users to manage both the control plane storage infrastructure, and the data residing within that infrastructure, the Data Plane. Horne says that the volumes of information in data centres, and the cost and complexity of managing it, is becoming untenable, with CIOs looking to compromise or sacrifice capabilities in order to make infrastructure easier to manage and control costs. The new technology can offer dramatic gains in performance, with customers able to manage twice the data at half the cost and complexity, Horne says, managing volumes up to up to 14 Petabytes with a much smaller staff than in traditional models. The ViPR technology will allow companies to automate storage processes, and build modern storage architecture that will be suitable for future application deployments, without requiring a large

amount of technical resources to build or operate, the company says. The ViPR core APIs are open, so that customers and other vendors are able to integrate with it, to accelerate the addition of new array adapters and new data services. The technology is primarily aimed at service providers and cloud environments, although it will also be suitable for enterprise IT departments that are looking to provide IT-as-a-service internally. IDC analyst Megha Kumar believes that software is going to play an increasingly key role in managing information in future. “Given the exponential data growth and the growing awareness of trends such as big data among the enterprises, the use of storage management software, archiving and de-duplication functionalities of software will be critical. Customers are going to try to be more efficient in how they manage their existing storage infrastructure by using advanced software functionalities,” she notes.

June 2013 ARABIAN COMPUTER NEWS

59


/DCIM

60


/DCIM

Data Centre Infrastructure Management (DCIM) solutions offer highly detailed monitoring and reporting of factors such as power consumption, airямВow and performance.

DCIM DELIVERS DATA CENTRE CONTROL AS THE MIDDLE EAST SEES A GROWING WAVE OF DATA CENTRE BUILD OUT, ORGANISATIONS ARE CONSTANTLY LOOKING FOR NEW WAYS TO MANAGE, MONITOR AND STREAMLINE THE UNDERLYING INFRASTRUCTURE FOR MAXIMUM PERFORMANCE AND RETURN ON INVESTMENT BY PIERS FORD June 2013 ARABIAN COMPUTER NEWS

61


/DCIM

“POWER CONSUMPTION IN DATA CENTRES IS A BLACK HOLE. NO ONE WANTS TO MEASURE IT AND THEY SELDOM HAVE THE ABILITY TO.” ata centre infrastructure management (DCIM) — the convergence of IT and data centre facilities functions — is rapidly becoming the weapon of choice in the quest for a holistic view of data centre assets, performance and energy consumption. And with its ability to provide a comprehensive real-time view from the server rack right up to the building’s power consumption, it is also playing an increasingly important strategic role in planning for data centre availability. DCIM solutions essentially monitor all of the assets in a data centre, and gather data on variables such as cooling, power usage, utilisation of hardware, application performance and overall performance. Through such granular monitoring, enterprises are able to set and measure performance goals and tune the data centre for optimal efficiency. The market for DCIM solutions is growing rapidly, as organisations realize the value the technology offers. Last year, research and consultancy firm MarketsandMarkets valued the global DCIM market at a relatively modest $307 million. But it forecast annual growth of almost 50%, suggesting that it will reach $3.14 billion by 2017. Recent entrants into this growing sector include Siemens, and Digital Realty Trust, while IBM has also combined its IT service management (ITSM) software with Emerson Network Power’s Trellis platform. This growth will be driven by the IT manager’s need to measure asset performance and maximise its value to the business, as well as assessing cooling requirements. DCIM will also meet the requirement to plan for scenarios that are likely to include more server and storage virtualisation and consolidation, and will reflect the increasing pressure to operate a greener, more sustainable infrastructure. DCIM has four main areas where it delivers benefits to the user organisation — visibility into the infrastructure; improved decision making based on that visibility; greater automation and reduced risk; and better efficiency. In terms of visibility, DCIM is particularly useful in being able to track and analyse individual virtual machines, to gauge usage and performance. This allows the data centre manager to understand the resources it is using and whether the resources are over- or under-

62

ARABIAN COMPUTER NEWS June 2013

utilised, and if requirements are changing. This level of insight allows for fine control of resources. DCIM software can also deliver automation of administrative tasks in the data centre, such as data migration and storage optimisation, to free up human resources and lessen the risk of human error. The combination of all these enables the organisation to create the maximum application availability and operational efficiency capable with the resources to hand, and can help to manage overall data centre costs. The benefits of DCIM can be leveraged at all stages of data centre operations, from design through to operations and predictive analysis and planning. “Data is growing and expanding at an unprecedented rate, which will only accelerate,” said Syed Akhtar, sales director software MEA at Schneider Electric’s IT business, which supplies integrated management software suite StruxureWare. “For instance, social media and photo/video share are rapidly growing mediums requiring massive data storage and sharing capacity. The systems which allow us to browse social media sites, tweet and share pictures require critical infrastructure — and this is where DCIM comes into play. “Markets such as the Middle East are still relatively young, which brings its own advantages. Users can leap over the early phases of development that more mature markets enforce. This allows them to focus resources on improving efficiency through methods such as heat-recycling and a comprehensive unified data centre operation approach.” While it is still a relatively niche market, there is good general awareness of the benefits of DCIM in the region. Leading players are unanimous in predicting growth, although it is likely to be uneven in the immediate future. “I see DCIM in the incubation stage, with some pockets of opportunities in the region,” said Sanjeet Padhy, service assurance practice manager at CA Technologies MENA, which has its own comprehensive DCIM solution. “I also see DCIM as an area of interest with telcos and MSPs who have started thinking of offering DCIM as a service. Globally, a joint CA/IDC study found that 85% of organisations admit that issues with data centre power, space and cooling capacity – as well as asset and uptime issues – resulted in delayed or aborted application rollouts, reduced ability to support customers, and unplanned reallocation of OpEx and CapEx budget away from strategic goals during the past year. I think that organisations in the Middle East region will eventually face the same issues.” According to Ciaran Forde, vice president, enterprise, MEA at


/DCIM

Dighe: DCIM is one of the best solutions to monitor DC power consumption.

DCIM solutions are still in the incubation stage of development, says Padhy.

Forde: Cloud providers will need DCIM to prove the offer efficient service.

imVISION vendor Commscope, growth in the region will come from both data centre upgrades and the implementation of DCIM in green-field data centres across the region. “It is predicted that the majority of computer processing will be done in cloud-based data centres,” said Forde. “This means more and more processing and storage will be done outside the organisation’s network. For this to happen, organisations must have the highest level of confidence in these data centres to manage and protect their data and business processing. An effective DCIM solution is part of the economic confidence-building picture.” For organisations contemplating DCIM deployment, it is certainly not an off-the-shelf investment. Legacy data centres are complex, hybrid environments. And while DCIM is a prime lever for imposing order on an infrastructure which has probably evolved in an ad hoc way, it requires a deep skills set, which many organisations may not have in-house. “DCIM knowledge covers a wide range of areas including power, cooling, copper and fibre cable plants, energy efficiency, management tools and integrating IT service management, all of which require hands-on experience, some formal training and in many cases, certifications,” said Forde. The cost of investment is likely to be returned through several areas, such as energy efficiency, and aiding with compliance with green policies or corporate environmental goals. CA’s Padhy said that traditional approaches to energy insight and chargeback are limited and labour-intensive, making this a great opportunity for DCIM sales. Salil Dighe, managing director at Meta Byte Technologies, a regional SI which focuses on power saving and server capacity

DCIM CHALLENGES IDC identifies three main challenges to successful DCIM deployment: The relative newness of DCIM may require additional services to complete the set-up, including data centre audits, installing and supporting sensors and software, and developing custom reports. These issue will diminish with better templates and more experience. Substantial internal work such as training and driving staff adoption may be required. IDC recommends that this step be taken, no matter how long or expensive, because the ROI is much higher for software that is actually used. Organisations need to identify who is in charge — facilities or IT — of DCIM efforts and responsibilities. An internal sponsor may need to take overall charge.

optimisation, agreed: “Power consumption in data centres is a black hole,” he said. “No one wants to measure it and they seldom have the ability to. We need to admit that the days are gone when you could take power for granted in Middle Eastern data centres. Gartner estimates that electricity bills now constitute 12% of the TCO for data centres. That sums up the story, and finance executives are looking to bring down data centre OpEx. This is where we believe the greatest demand will come in the future.”

June 2013 ARABIAN COMPUTER NEWS

63


/AFTER HOURS

Arabian Computer News delves below the corporate strategy to understand what really makes the region’s IT leaders tick.

PHILIP HUGHES MANAGING DIRECTOR MIDDLE EAST, SIMS RECYCLING SOLUTIONS What is your fondest memory of working in the Middle East IT industry? Taking 40 of my customers for skiing lessons in Austria. Many of them had never even seen snow before! I found the old videos recently. Their reactions will stay with me always. It was hilarious!

How did you end up where you are now? I worked for a small reseller in the UK, one of our clients worked with a London based SI. They had a project that needed a specialist solution. I met the Account Director in London, asked him what he wanted and gave him the solution. The Account Director moved to Dubai, needed a good Salesman. I got the call. That was 20 years ago this Gitex! Everything since has been damned hard work. What is your management philosophy? My employees are my strength, my role is to make them the best that they can be and to give them the framework to be the experts that my business and customers need to succeed and to then support their decisions. What was your first computer, and when did you first use it? Tandy Twin Floppy PC with CGA Colour Monitor, used in my home office, must have been 1986 or so. What is your greatest achievement? I’d like to think that in my time here I have made a difference to the industry or to some of the people in it. My proudest moment was seeing one of my team win European Sales Person of the year for a previous employer. What is your biggest mistake? Way too many to remember — show me an employee who never makes a mistake and I will fire them for never trying anything new! I suppose mine was not standing up stronger and faster against ‘corporate jobsworths’ in the EMEA who caused harm to my partner channel with stupid business decisions. It still hurts me even today that some Junior Ivy League Graduate could play politics and I could not stop the damage it caused.

64

ARABIAN COMPUTER NEWS June 2013

GETTING PERSONAL Nationality: I used to be British but now know how to throw a shrimp on the barbie! Number of years in the industry: In Dubai 20 this year, in total 24. Favourite food: Ravi’s Curry. Holiday: Thailand. It simply has everything. Music: Guitar band/indie rock. Dream car: I’m happy with my 7 year old Pajero. Gadget: My fridge for grape juices. Piece of advice: If you are not having fun then something in life is very wrong.

What technology do you think will have the biggest impact on the market in 2012? Cost reductions most probably! For us, we see major opportunities in the field of Asset & Data Management. It is closely related to the Security Information and Event Management sector and we are ahead of the curve, but it is one of the core issues that delays real acceptance in the corporate world of areas such as the cloud and tablet use. What’s the best way to deal with stress? Understand you have it. Try and focus it as a positive energy, Everyone needs some level of stress. Understand when it gets too heavy that you are only working at between fifty andseventy-five percent of your efficiency so STOP. You must recover. Take time out to laugh, or go to Karaoke, anything that is fun, maybe book a round of golf or create a different type of stress (eg volunteer to cook for a dinner party or do voluntary work) or simply say — I need a break. A long weekend doing something with the phone switched off is a far more efficient solution than losing your job or health because of it.


Intelligent scanning for smart business

Introducing the new ScanSnap iX500 from Fujitsu. Made to make your life easier. · · · ·

www.ScanSnapit.com/ME

Built in Wi-Fi for documents straight to tablet or smartphone Scans business cards to A4 double-sided and even A3 Fast scanning, up to 50 sides per minute Creates searchable PDFs

Drop a mixed handful of documents into the new Fujitsu iX500 scanner; anything you like from business cards to A3. Then just press the blue button. In less time than it takes to read this, the first page will be scanned and the image ready to be viewed. It can even scan both sides at the same time with no loss of speed. The iX500 will deliver perfect results: pages facing the same way and all images straightened. The new GI-processor performs the intelligent image enhancement responsible for great looking images. They can be easily stored as searchable pdfs to make finding them again child’s play, or if you want them on the move just use the in-built Wi-Fi to send the documents straight to your tablet or smartphone.


ACN - June 2013  

Arabian Computer News June2013 - Vol 26 - Issue 6 ITP Technology Publishing (68 Pages)

Advertisement
Read more
Read more
Similar to
Popular now
Just for you