Page 1

SERVICES PLAY: UAE TELECOM DU BUILDS ICT SERVICES PORTFOLIO An ITP Technology Publication

September 2012 | Volume 25 Issue 9

September 2012 | Volume 25 Issue 9

Cyber threats Is the region able to stop the wave of MEtargeted attacks?

Aligning business and IT strategies in the Middle East for 27 years

End user

Aligning business and IT strategies in the Middle East for 27 years

KOJ builds retail intelligence KOJ Group ready for retail store solution roll out 56

PLUS

Supply chain Tranzone streamlines healthcare 3PL services Video conferencing AUK connects campus to improve learning interaction

GOING MOBILE: STRATEGIES TO MANAGE MOBILE DATA 74

Threat Readiness Security experts assess regional awareness 39

An ITP Technology Publication

Thameem Rizvon, IT director of KOJ Group on retail deployment, keeping systems simple and getting value from vendors

OPEN SOURCE PLANNING FOR OPEN SOURCE ADOPTION 68


/CONTENTS

September 2012 VOLUME 25 ISSUE 09 56

John Lincoln, VP of enterprise for du believes the UAE can become an ICT services hub to cater for the whole region.

62

KOJ GROUP UPS STORE INSIGHT

DU DRIVING IT SERVICES

Kamal Osman Jamoom Group rolls out Oracle solutions to deliver tighter integration and better information exchange between outlets and head ofďŹ ce.

UAE telecom company du is building out its portfolio of IT services for large and small organisations as it sees the opportunities for outsourcing rising.

62 September 2012 ARABIAN COMPUTER NEWS

1


/CONTENTS

THE FRONT

07

39

52

80

/START

/TRENDS

/COMMENT

/AFTER HOURS

All this month’s news, numbers, and stats, locally and internationally.

Security vendors and SIs give their take on the state of security in the region.

Epicor discusses ERP selection; Teradata turns to the myths of Big Data.

ACN speaks to Hatem Bamatraf on helping build the UAE’s comms infrastructure.

32

56

68

74 12 32

36

68

74

Cyber attacks against the Middle East hit a new high this summer as several different APTs were uncovered.

Specialist 3PL provider Tranzone turned to Epicor to help get medical supplies to customers on time.

Open source software is increasingly gaining corporate adoption, but users need to be aware of issues surrounding it.

Changing work practices mean more and more corporate data is being spread beyond the internal network.

CYBER THREATS FLOODING REGION

2

TIGHTENING UP SUPPLY CHAINS

ARABIAN COMPUTER NEWS September 2012

OPEN SOURCE ON THE RISE

MANAGING DATA IN A MOBILE WORLD


Almost $139 million in server room research. Now yours is FREE! e

ergy s g En ntin Centre e m a e l t a p Im ient D Effic

tur chitec ved Ar y, o r p An Im -Efficienc h for Hig nsity e D h ig H entres Data C

ow The Advantages of Row g ooling and Rack-Oriented Coolin Architectures for Data Centres

Deploy ing Hig h-Dens Zones ity in Data C a Low-Densit entrree y

Pow Cap er and for acity M Coolin Dat a C anage g ent res ment

White Paper #130

Wh

ite

Pap e

r #1

‘Implementing Energy Efficient Data Centres’

‘An Improved Architecture for High-Efficiency, High-Density Data Centres’

White Paper #114

White Paper #126

65

$

$

00

FREE!

120 FREE! 00

‘The Advantages of Row and Rack-Oriented Cooling Architectures for Data Centres’ White Paper #130

$

85

00

FREE!

‘Deploying High-Density Zones in a Low-Density Data Centre’ White Paper #134

$

115

00

FREE!

50

‘Power and Cooling Capacity Management for Data Centres’ White Paper #150

$

22500 FREE!

Download FREE APC™ White Papers to avoid the most common mistakes in planning IT power and cooling Have a plan for your data centre. We talked to thousands of customers from Baltimore to Beijing and saw the good, the bad, and the ugly measures customers took in their data centre planning. In many cases, turnover and budget cuts resulted in no plan at all.

Get the answers you need and avoid headaches tomorrow. Do you and your staff know the top ten planning mistakes to avoid? The easiest way to improve cooling without spending a dime? Find the answers to these questions and more in our latest selection of white papers. Take advantage of our valuable research today and save yourself money and headaches tomorrow.

Download your white paper(s) within the next 30 days for FREE and stand a chance to WIN an iPad 2! Visit www.apc.com/promo Key Code 24141p Call +9714-7099690 (Arabic) / +9714-7099691 (English) Fax +97147099-650 ©2012 Schneider Electric. All Rights Reserved. Schneider Electric and APC are trademarks owned by Schneider Electric Industries SAS or its affiliated companies. All other trademarks are property of their respective owners. www.apc.com • 998-1764_ME-GB_C


MASDAR CONSOLIDATES IT SYSTEMS AND SAVES ITSELF AED 15 MILLION July 2012 | Volume 25 Issue 7

LENOVO: HARDWARE TITAN BUILDING ON INTERNATIONAL SUCCESS An ITP Technology Publication

Rising to the Surface A look at analyst reaction to Microsoft’s forthcoming Windows 8 tablet device

Aligning business and IT strategies in the Middle East for 27 years

August 2012 | Volume 25 Issue 8

Project Failures Has consumerisation made users complacent about project deployment?

Out of the cloud Regional cloud service providers open for business

End user

Ready for the integrated enterprise

ACN 100 Forum

CIOs have their say

Vol. 10 Issue. 9

Building and delivering IT solutions for the Middle East An ITP Technology Publication INGRAM TO ACQUIRE APTEC QUANTUM EXPANDS REACH ALFALAK WINS AWARD EBRP NAMES CHANNEL HEAD MATRIX SIGNS ITRADS HP SPINS OFF WEBOS UNIT EMC EXPANDS AMIN’S ROLE

PLUS

BPM solutions The future of Business Process Management

BUSINESS INTELLIGENCE EXTRACTING VALUE FROM BUSINESS DATA

74

Trading Platforms DMCC hosts its Tradeflow platform with eHDF Network performance Analysing key issues in application performance

2012—My+&*

66

_www.itp.net_

www.itp.net SEPTEMBER 2012

Access anywhere Citrix wants to help businesses transform the way they work

DISASTER RECOVERY CONCERNS OVER DATA SECURITY DRIVE UPTAKE

EDITORIAL Senior Group Editor Mark Sutton Tel: +971 4 444 3225 email: mark.sutton@itp.com Contributors Georgina Enzer, Keri Allan, Manda Banda ADVERTISING Sales Director George Hojeige Tel: +971 4 444 3203 email: george.hojeige@itp.com Sales Manager Ajay Sharma Tel: +971 4 444 3398 email: ajay.sharma@itp.com STUDIO Head of Design Daniel Prescott Principal Creative Simon Cobon

4 2^‡G* ,y7c‡G*gœ{G*

68

60

48

50

PLUS

33

INSIDE UNIFIED COMMUNICATIONS: LEVERAGING THE BENEFITS OF UC

Pan Emirates tackles upgrades to four key systems

Is BYOD unsafe, is cloud the future and does certification matter? Regional IT chiefs have their say on the biggest issues in tech

VIRTUALISATION DRIVE LONG TERM BENEFITS MAKE IT WORTH THE INVESTMENT

ITP TECHNOLOGY PUBLISHING CEO Walid Akawi Managing Director Neil Davies Managing Director Karam Awad Deputy Managing Director Matthew Southwell General Manager Peter Conmy Editorial Director David Ingham

Aligning business and IT strategies in the Middle East for 27 years Eyas Khashan, director of Information Technology Resources, Pan Emirates, prepares to go live with a multi-application project.

An ITP Technology Publication

30

SUPPLY CHAIN MASTERS THE BENEFITS OF EFFICIENTLY MANAGING LOGISTICS IN IT DISTRIBUTION (30)

SECURING NETWORKS

24

gM2¢‡{G*’¢{G*°g¤q+yG*

gDc§µ*g™¤G*ˆM5¢-

¡cªc+ 4cCC„CCI&±* ˆ¤™/  nh- *3cCCCµ €8yG* ¥JcHK "gM2¢‡{G* ’¢{G* —;°’¢CCCC{CCG*¡xCCCJcCCJyCCD¢CC-¥CChCCG* "Ly1&*’*¢6&*ˆ/*y-

g¤œG* j*4cCCCŸCCCµ*K j*ÅCCCC´* ¥CCJcCCH jcFy|+ cJ2cnM(* ›5ÊCCG* g¤œhG*K g¤d–hG gCCDcCCCC§CCµ* gCC™CC¤CCCCG* ˆCCCM5¢CCC"$ʙ‡G*jc/c¤h0*

DATA CENTRE MASTERY Cannon Technologies & Cerebra up the data centre ante P22

EXPLORING DIFFERENT ASPECTS OF THE EMERGING IT THREAT LANDSCAPE (34)

WALKING THE STREET

Logicom prepares to bolster its VAD credentials in MEA region (26)

A look at business on Dubai’s ‘Computer Street’

(40)

JARIR EYES EXPANSION

INTEL SHUFFLES LEADERSHIP

SAP TO OPEN TRAINING INSTITUTE

Retailer plans to have outlets in all cities across KSA P51

Taha Khalifa takes on MENA GM role P53

SAP’s institute to develop regional workforce and localised solutions P57

ˆM5¢hG*j*¢œEgGc™‡G ’yCC|G*—IcCC|-g–¹z)*¢/CC<€CC8c1yCCMy¥+2°i™¤E&*¥hG*Kg{Hc´*cŸ-4K2°‚6K&±*

12

jcCC¤dhG* —CCM¢¬ ° ,^CCM^²* cCCŸG¢–0 ˆCCH ›^thCC{µ* gCC+yª zCCMz‡- £CC–< jcFyCC|G* ^<cCC{- "¥CC+ €CC|-(*"  "zCC¤/¢G¢œ“- oM4¢hCC6 ˜cCC+¢–/ ¥CC7ch¤J" ¦ÇCC|- "˜cCCh¤nM2 žÇCC{MK"  "—F*4K* $cFyCC7 g“dCC7"CG ¥CCœ¤-ÊdG* ”MyCC|G* "˜cI¢¤CC7cIÇI(* €CC{“¤œHK&*"

An ITP Technology Publication

Registered at Dubai Media City PO Box 500024, Dubai, UAE Tel: + 971 (0)4 444 3000 Fax: + 971 (0)4 444 3030 Web: www.itp.com Offices in Dubai & London

PHOTOGRAPHY Chief Photographer Jovana Obradovic Senior Photographers Efraim Evidor, Isidora Bojovic Staff Photographers Lester Ali, George Dipin, Juliet Dunne, Murrindie Frew, Shruti Jagdesh, Mosh Lafuente, Ruel Pableo, Rajesh Raghav, Verko Ignjatovic PRODUCTION & DISTRIBUTION Group Production & Distribution Director Kyle Smith Deputy Production Manager Basel Al Kassem Managing Picture Editor Patrick Littlejohn Distribution Executive Nada Al Alami CIRCULATION Head of Circulation & Database Gaurav Gulati

SEPTEMBER 2012

Critical analysis for telecommunications executives

TOP #1

NAYLA KHAWAM CEO ORANGE JORDAN

An ITP Technology Publication

AZZA TORKEY CHAIRMAN TE DATA

#8

Plus

Q.NBN IN PROFILE Interview with CEO of Qatar National Broadband Network p32 MOBILE SECURITY Why mobile devices need robust security solutions p28

#5

MARWA EL AYOUTI CFO, VODAFONE EGYPT

MARKETING Head of Marketing Daniel Fewtrell Marketing Manager Michelle Meyrick Deputy Marketing Manager Shadia Basravi

www.commsmea.com

#13

NADIA AL SAIF VAS DIRECTOR ZAIN KUWAIT

THE MEA REGION’S TOP 30 FEMALE TELECOM EXECUTIVES REVEALED FULL LIST INSIDE

p41

The Middle East’s Leading IT Magazines are read by The Region’s Most Important IT Leaders… To have your copy delivered directly to your doorstep, SUBSCRIBE online by logging on to:

www.itp.com/subscriptions

ITP DIGITAL Senior Group Editor Mark Sutton Tel: +971 4 444 3225 email: mark.sutton@itp.com Assistant Editor Georgina Enzer Tel: +971 4 444 3723 email: georgina.enzer@itp.com Digital Publishing Director Ahmad Bashour Tel: +971 4 444 3549 email: ahmad.bashour@itp.com Group Sales Manager, ITP.net Vedrana Jovanovic Tel: +971 4 444 3569 email: vedrana.jovanovic@itp.com ITP GROUP Chairman Andrew Neil Managing Director Robert Serafin Finance Director Toby Jay Spencer-Davies Board of Directors KM Jamieson, Mike Bayman, Walid Akawi, Neil Davies, Rob Corder, Mary Serafin Circulation Customer Service Tel: +971 4 444 3000 Printed by Masar Printing Press. Controlled Distribution by Blue Truck Subscribe online at www.itp.com/subscriptions The publishers regret that they cannot accept liability for error or omissions contained in this publication, however caused. The opinions and views contained in this publication are not necessarily those of the publishers. Readers are advised to seek specialist advice before acting on information contained in this publication, which is provided for general use and may not be appropriate for the readers’ particular circumstances. The ownership of trademarks is acknowledged. No part of this publication or any part of the contents thereof may be reproduced, stored in a retrieval system or transmitted in any form without the permission of the publishers in writing. An exemption is hereby granted for extracts used for the purpose of fair review.

ANZEIGE

The inner pages of this magazine are printed on

Steinbeis Charisma 100% recycled paper, Silk which has been awarded the Blue Angel label.

www.stp.de

Published by and Copyright © 2012 ITP Technology Publishing Ltd. Registered in the B.V.I. under Company Registration number 1402846.

4

ARABIAN COMPUTER NEWS September 2012


0010111011100000110010101000011010010100101100011000101001110010100101110111000001100101010000 0010100101100011000101001110010100101110111000001100101010000110100101001011000110001010011100 0101110111000001100101010000110100101001011000110001010011100101001011101110000011001010100001 0101001011000110001010011100101001011101110000011001010100001101001010010110001100010100111001 1111111111111111111111111 1011000101001110010100101110111000001100100001101001010010110001100010100111001010010111011100 111111111111111111111111111111 11111111111111111111111111111 1111111 1111111111111111111111111 100101010000110100101001011000110001010011100101001011101110000011001010100001101001010010110 111111111111111111111111111111 11111111111111111111111111111 1111111 1111111111111111111111111 0001010011100101001011101110000011001010100001101001010010110001100010100111001010010111011100 111111111111111111111111111111 11111111111111111111111111111 1111111 1111111111111111111111111 100101010000110100101001011000110001010011100101001011101110000011001010100001101001010010110 111111111111111111111111111111 11111111111111111111111111111 1111111 1111111111111111111111111 00010100111001010010111011100000110010101000011010010100101010110001100010100111001010010111011 111111111111111111111111111111 11111111111111111111111111111 1111111 1111111111111111111111111 0011001010100001101001010010110001100010100111001010010111001100010100111001010010111011100000 111111111111111111111111111111 11111111111111111111111111111 1111111 1111111111111111111111111 1010100001101001010010110001100010100111001010010111011100000110010101000011010010100101100011 111111111111111111111111111111 11111111111111111111111111111 1111111 1111111111111111111111111 0100111001010010111011100000110010101000011010010100101100011000101001110010100101110111000001 111111111111111111111111111111 11111111111111111111111111111 1111111 1111111111111111111111111 0101000011010010100101100011000101001110010100101110111000001100101010000110100101001011000110 111111111111111111111111111111 11111111111111111111111111111 1111111 1111111111111111111111111 1001110010100101110111000001100101010000110100101001011000110001010011100101001011101110000011 111111111111111111111111111111 11111111111111111111111111111 1111111 1111111111111111111111111 101000011010010100101100011000101001110010100101110111000001100101010000110100101001011000110 111111111111111111111111111111 11111111111111111111111111111 1111111 1111111111111111111111111 10011100101001011101110100001101001010010110001100010100111001010010111011100000110010101000011 111111111111111111111111111111 11111111111111111111111111111 1111111 1111111111111111111111111 1010010110001100010100111001010010111011100000110010101000011010010100101100011000101001110010 111111111111111111111111111111 11111111111111111111111111111 1111111 1111111111111111111111111 0111011100000110010101000011010010100101100011000101001110010100101110111000001100101010010100 111111111111111111111111111111 11111111111111111111111111111 1111111 011100000110010101000011010010100101100011000101001110010100101110111000001100101010000110100 0101100011000101001110010100101110111000001100101010000110100101001011000110001010011100101001 0111000001100101010000110100101001011000110001010011100101001011101110000011001010100001101001 1011000110001010011100101001011101110000011001010100001101001010010110001100010100111001010010 1100000110010101000011010010100101100011000101001110010100101100010100111100101001011101110000 0100001010010110001100010100111001010010111011100000110010101000011010010 010100101100011000101001110010100101110 0101001011000110001010011100101001011101 010010110001100010100 01010010111011100000110010101000011010010100101100011000101001110010100101 0101110111000001100101010000110100101001 0100 1110111000001100101010 » Award-winning technology infrastructure combined with world-class 1010010100101100011000101001110010100101110111000001100101010000110100101 010100101100011000101 01001011000110001010011100101001011101110000011 100101100011000 001010101100011000101 risk management solutions 1001010010111011100000110010101000011010010100101100011000101001110010100 0101110111000001100 01 0101110011000101001110 » Over 1 100 risk technology implementations completed globally 00101110111000001100101010000110100101001011000110001010011100101001011101 1 0111000001100101010000110100101001011000110 111000001100101010000 p y p 00101001011000110001010011100101001011101110000011001010100001101001010010 0 101100011000101001110010100101110111000001100101010000110 011000110001010011100 01011101110000011001010100001101001010010110001100010100111001010010111011110000011001010100001 To learn more visit MoodysAnalytics com/risktechnology 0101001011000110001010011100101001011101110000011001010100001101001010010 010110001100010100111001010010111011100000 0110001100010100111001 10111011100000110010101000011010010100101100011000101001110010100101110111100000110010101000011 10100101100011000101001110010100101110111010000110100101001011000110001010011100101001011101110 0110010101000011010010100101100011000101001110010100101110111000001100101010000110100101001011 1000101001110010100101110111000001100101010000110100101001011000110001010011100101001011101110 01100101010010100101110111000001100101010000110100101001011000110001010011100101001011101110000 0101010000110100101001011000110001010011100101001011101110000011001010100001101001010010110001 00101110111000 1010011100101001011101110000011001010100001101001010010110001100010100111001010010111011100000 0101001011000 1010100001101001010010110001100010100111001010010111011100000110010101000011010010100101100011 * #1 in Risk Technology ranking for Capital forecasting, #1 in Asia Risk Technology ranking for Economic Capital. 0100111001010010111011100000110010101000011010010100101100011000101001110010100101100010100111 1001011101110000011001000001100101010000110100101001011000110001010011100101001011000101001111 10100101100011000101001110010100101110111010000110100101001011000110001010011100101001011101110 0110010101000011010010100101100011000101001110010100101110111000001100101010000110100101001011 Essential insight serving 1000101001110010100101110111000001100101010000110100101001011000110001010011100101001011101110 0010100 global financial markets moodysanalytics.com 01100101010010100101110111000001100101010000110100101001011000110001010011100101001011101110000 10100101100011000101001110010100101110111010000110100101001011000110001010011100101001011101110 © 2012 Moody’s Analytics, Inc. and/or its licensors and affiliates. All rights reserved.

© 2012 Moody’s Analytics, Inc. and/or its licensors and affiliates. All rights reserved.

Risk meets technology.


How?

Register NOW!

&NBJMVTUIFQSPTQFDU OBNFXJUIDPOUBDU EFUBJMT BOEZPVSOBNF  FNBJMOVNCFSUP SFHJTUFSZPVS t "SFZPVBCMFUPTZTUFNBUJ PQQPSUVOJUZ DBMMZDPMMBCPSBUFXJUIZPVS  TVQQMJFST DVTUPNFSTBOE Send us an email on marketing@intertecsys.com FNQMPZFFT t %PFTZPVSDPNQBOZPS DVTUPNFSOFFEUP TUSFBNMJOFUIFJS PQFSBUJPOBMQSPDFTTFT

t )PXNVDIUJNFJTTQFOUPO NBOVBMFOUSJFTBOBMZTJT  Choose Syros ERP & any of these gifts will be yours!

 



What is Syros ERP? 4ZSPT&31JTBMFBEJOH NJENBSLFU&31XJUI  DVTUPNFSTJO6"& *UTNPEVMFTJODMVEF รถOBODF QVSDIBTF TBMFT  DPOUSBDUJOH 4VQQMZDIBJO NBOBHFNFOU  )3QBZSPMM 4ZSPT&31JT QPXFSFEPO 0SBDMFBOE DBOHPMJWFJO KVTUEBZT   Visit www.intertecsys.com

%JTDMBJNFS"MMCSBOEMPHPTSFMBUFEBSFUIFQSPQFSUZPGUIFBCPWFOBNFE (P-JWFJOEBZTJTCBTFEPOTUBOEBSEJNQMFNFOUBUJPO

Terms & Conditions t

"MMPSEFSTIBWFUPCFQMBDFEPOPSCFGPSFTU0DUPCFS JOPSEFSUPCFDPOTJEFSFEBTQBSUPGUIFQSPNPUJPO

t

(JGUXJMMCFSFXBSEFEUPUIFรถSTUQFSTPOXIPSFHJTUFSTUIFPQQPSUVOJUZGPSBQSPTQFDUJWFDPNQBOZSFRVJSJOHBO&31VQPODPOรถSNBUJPOPGQVSDIBTFPSEFSGVMMQBZNFOUSFBMJ[BUJPOGSPNUIF

t

5IFDIPJDFPGHJGUTJODMVEF"QQMFJ1BE 4BNTVOH(BMBYZ5BCPSB.BMM(JGU7PVDIFSGPS"&%POMZ

t

*UJTOPUDPNQVMTPSZUIBUUIFQFSTPOUIBUSFHJTUFSTUIFPQQPSUVOJUZJTFNQMPZFEXJUIUIFQSPTQFDUJWFDPNQBOZ

t

(JGUTXJMMCFEFMJWFSFEXJUIJO6"&DPVOUSZMJNJUT"WBMJE*%PGUIFXJOOFSJTSFRVJSFEGPSJEFOUJUZDIFDL

QSPTQFDUJWFDPNQBOZ

t

5IJTPรฒFSDBOOPUCFVTFEXJUIBOPUIFSQSPNPUJPOPS4ZSPT&31SFTFMMFSEJTDPVOUTGPSBOPSEFS

t

.JOJNVNPSEFSWBMVFTIPVMECF"&% FYDMVEJOH0SBDMFMJDFOTFT

t

*OUFSUFDSFTFSWFTUIFSJHIUUPDIBOHF TVTQFOEPSXJUIESBXUIFPรฒFSBUBOZUJNFXJUIPVUOPUJDF

Dubai

Abu Dhabi

Bahrain

Oman

India

Saudi Arabia

Tel: +971-4-2221338 Fax: +971-4-2274937

Tel: +971-2-6266360 Fax: +971-2-6266361

Tel: +973-17-228070 Fax: +973-17-228101

Tel: +968-24152301 Fax: +968-24152300

Tel: +91-22-66923961 Fax: +91-22-28260250

Tel: +966-12499431 Mob: +966-548235402


SECURITY

Malware attacks on Aramco and RasGas

Middle East oil companies infected by malware, Aramco forced to rebuild 30,000 PCs

Al-Falih said that Aramco would reinforce its IT security following the attack.

PIERRE VERDY/AFP/Getty Images

T

wo major oil and gas companies in the region were hit by cyber attacks last month. Saudi Aramco was forced to shut down a number of systems, and had to restore 30,000 workstations that were affected by the Shamoon malware; while Qatar’s RasGas was attacked and a number of systems affected by an unknown virus on 27th August. The malware attack against Aramco began on 15th August, the start of the Eid holidays, and the company was not able to restore normal service until the 27th. Oil production is not thought to have been affected. “We addressed the threat immediately, and our precautionary procedures, which have been in place to counter such threats, and our multiple protective systems, have helped to mitigate these deplorable cyber threats from spiralling,” said Khalid A Al-Falih, president and CEO, Saudi Aramco. “Saudi Aramco is not the only company that became a target for such attempts, and this was not the first nor will it be the last illegal attempt to intrude into our systems,” said Al-Falih. “We will ensure that we will further reinforce our systems with all available means to protect against a recurrence of this type of cyber-attack.” A previously unknown hacker group, calling itself ‘Cutting Sword of Justice’ claimed responsibility for the attack, as a protest at Saudi authorities. The malware in use is believed to have been the Shamoon malware. Shamoon, also known as Disttrack, is worm that seems to be designed to steal data from infected PCs, but also has a highly destructive payload which can overwrite files and the Master Boot Record (MBR) of the machine, making it unbootable. RasGas, the second largest producer of Qatari LNG after Qatar Petroleum, reported that “an unknown virus has affected its office systems”.

During the incident, the company website was down and emails to the company bounced back as undeliverable. RasGas later said that production was not impacted.

September 2012 ARABIAN COMPUTER NEWS

7


/START

IBM buys Texas Memory Systems

Deal will build IBM’s solid state storage portfolio and expertise

IBM is set to buy flash mem- ployment of storage infrastructures, and part ory solution provider Texas of a holistic approach that exploits flash in Memory Systems (TMS), to build its solid conjunction with disk and tape technologies to solve complex problems.” state storage offerings. Demand for solid state storage solutions, TMS designs and sells high-performance solid state storage solutions, in the RamSan is expected to reach nearly 3 exabytes by 2016, family of shared rackmount systems, and Pe- according to IDC. ripheral Component Interconnect Express (PCIe) cards. Truskowski: IBM Brian Truskowski, general will invest in manager, Systems Storage and developing TMS’ product portfolio. Networking, IBM, commented: “The TMS strategy and solution set align well with our Smarter Computing approach to information technology by helping clients realize increased performance and efficiencies at lower costs. Solid state technology, in particular, is a critical component of our new Smarter Storage approach to the design and de-

STORAGE

PRODUCT FOCUS

Tandberg Data ups RDX capabilities Tandberg Data enhances RDX data cartridges functionality AccuGuard software allows up to 30TB compressed data on a single pocket-size cartridge.

Integrated cartridges with either SATA HDD or solid state drives.

8

ARABIAN COMPUTER NEWS September 2012

RDX Cartridge Encryptor (RCE) provides industry standard AES 256-bit encryption.

New 1.5TB RDX data cartridges with 50% more storage.

THE BIG PICTURE August 24 Seoul, Korea A Seoul court ruled that Apple and Samsung had infringed on each other’s patents and ordered a partial ban on sales. One day later, a US court awarded Apple $1.05bn damages against Samsung for patent infringement.


KIM JAE-HWAN/AFP/GettyImages

/START

9


/START

Itqan gets Microsoft honour Itqan Al-Bawardi finalist for Server Partner of the Year Itqan Al-Bawardi Computers was selected as a worldwide finalist for the Microsoft Server Platform Partner of the Year Award 2012. The company was selected as one of just three finalists from a field of 3,000 entrants worldwide, as part of Microsoft’s annual Partner of the Year Awards. “Itqan has again proved its commitment to excellence by being recognized in this global competition,” said Feras Al-

SYSTEMS INTEGRATOR

Al Jabi: Reaching the finals proves Itqan’s commitment to excellence.

Jabi, Itqan’s general manager. “We understand the dynamic market we operate in and therefore we constantly ensure that we hold the lead position through our ability to excel and implement the right processes and methodology to achieve the best results at all times. US-based CDW won the award, which recognizes partners that deliver solutions that enable customers to increase reliability and flexibility of their server platforms and data centre infrastructure.

WORD CLOUD

Three of the major vendors in the IT world reported financial results in August, with mixed results. Economic gloom impacted the market overall, but PC vendors had the worst of it, mainly due to low consumer spending and confidence, and a lull in the market ahead of the launch of Windows 8. Dell saw an 8% drop in revenues, with desktop and mobility revenues down, and consumer revenue falling 22%. HP’s repositioning strategy is still a work in progress, with the company posting a loss of $8.9bn for the quarter, and a 5% drop in revenues. In the network sector however, things looked much better, with Cisco beating analyst expectations to close the quarter with revenue up 56% year-on-year to hit $1.9bn.

Cisco shows strength

10

ARABIAN COMPUTER NEWS September 2012

Dell sees revenues drop 8%

HP posts $8.9bn loss


/START

20M total hours of video streamed over 17 days 2012 London Olympics becomes one of the most connected events in history ith the ongoing rise of mobile connectivity, high definition streaming and social media, the 2012 London Olympic Games was always going to set new records when it came to digital activity, but the final figures hit new highs. This year’s games was the first to offer every second of every event via live video streaming, creating a major uptick in the amount of people watching events online rather than through standard television broadcasts. The sheer volume of coverage available, 20 million hours of video streamed over 17 days, could have posed a problem for internet service providers, and for IT managers who had to manage staff accessing coverage at work, but YouTube still managed a peak of half a million simultaneous livestreams. The games also witnessed the rise of the second screen, as information hungry viewers looked to supplement

12

their TV viewing with additional information sources on notebooks, tablets and mobiles. Access to second screens also helped drive interactivity, with communications around the Olympics via social networking sites hitting new records – particularly Twitter, with 150 million tweets linked to the Olympics generated over the 16 days of the event. Both spectators and the athletes themselves contributed to Tweets about the Games. Feeding the hunger for information fell to Olympic partner Atos, with a team of 3,500 technology specialists, who served up 30% more competition data than ever before to broadcasters, and a touchscreen Commentator Information System (CIS), which provided real time data on all 26 Olympic sports and 5 Paralympic sports to commentators.

ARABIAN COMPUTER NEWS September 2012

430M

visits to the official London 2012 website


/START

Viewers turned to multiple screens to watch the games:

of second screens used to watch the Olympics were mobile phones or tablets

of the total traffic to the official Olympics website site and apps came from mobile devices

Viewers of TV plus two other screens watched 105% more Olympics coverage than those watching just TV

People watching on TV plus one other screen watched 52% more coverage than those watching just TV

People watching live streaming watched 66% more than those watching on TV

Google searches vs Beijing Olympics USAIN BOLT UP 40%

SUSHIL KUMAR UP 375%

KOHEI UCHIMURA UP 420%

RYAN LOCHTE UP 900%

Top tweets

Tweets/minute Usain Bolt during men’s 100m final

80,000 Tweets/minute Usain Bolt during men’s 200m final

116,000

Tweets/minute Spice Girls closing performance

total tweets September 2012 ARABIAN COMPUTER NEWS

13

Source: Atos, Google, Ciena, Twitter

74,000


/START

QUOTE OF THE MONTH

“The jury has now spoken. We applaud them for finding Samsung’s behavior willful and for sending a loud and clear message that stealing isn’t right. Today, values have won and I hope the whole world listens.” APPLE CEO TIM COOK ADDRESSES APPLE EMPLOYEES IN A MEMO AFTER THE COMPANY WON $1BN DAMAGES IN ITS PATENT INFRINGEMENT CASE AGAINST SAMSUNG IN COURT IN SAN JOSE.

KPIs

Groupon tanks as new internet companies suffer poor results 7.50 6.50 5.50

Intel makes changes to regional leadership Taha Khalifa becomes MENA GM, new software & services role for Sam Al-Schamma Intel has announced changes to its senior management in the region, with Taha Khalifa becoming regional general manager, and Sam Al-Schamma shifting into a new role to develop the software and services business in the region. As regional GM for the Middle East and North Africa (MENA) region, Khalifa will be responsible for managing six Intel offices spread across Morocco, Algeria, Egypt, Lebanon, Saudi Arabia and the United Arab Emirates, and for leading the company in the region. “Providing technology access and ICT skills is a cornerstone to economic growth in today’s competitive global marketplace. The MENA region is home to a young, vibrant and cosmopolitan population with high expectations of computing

BUSINESS

devices and constant connectivity, and we are committed to helping our nations equip their citizens with the right ICT skills in order to realize full potential in today’s knowledge economy,” commented Khalifa. “I’m excited about building on the success of the ICT industry and contributing to its growth in the region,” he added. Sam Al-Schamma, who held the GM role for the past four years, will move to a newly created role as director of Software and Services for Intel in the Middle East, Turkey & Africa region (META). In the new role, Al-Schamma will be responsible for establishing and driving Intel’s services and solutions offerings in the region, working with the software ecosystem to deliver solutions based on Intel technologies that support the local usage models and needs.

4.50 AUG 6

AUG 13

AUG 20

AUG 27

Groupon TICKER: GRPN GLOBAL NEWS: Group buying company Groupon saw investors react badly to its second quarter results in mid-August, when despite sales rising 45% yearon-year, its share price slumped. By end of August, shares were trading at under $4.50, down from the $20 IPO in November. The company reported global revenue of $568m in Q2, missing analyst

14

expectations by $5m. Other recently-floated internet business Facebook and Zynga similarly posted poor results in Q2. LOCAL NEWS: The chief executive of Groupon Middle East, assured local media the company was still in profit in the region, but did not disclose figures. Rival LivingSocial exited the Middle East market on 24th August, selling its list of 750,000 subscribers.

ARABIAN COMPUTER NEWS September 2012

ICT can drive local economies says Khalifa.


The Dubai CIRT Briefing on 16th October at the ‘Capital Club, DIFC’ FREE VIP parking and FREE entrance to GITEX for CxO’s

PLEASE REGISTER NOW

www.eventbrite.com/event/3914789240 AccessData cordially invites you to attend a live briefing to learn how the cyber security paradigm is shifting towards integrated response capabilities….. And to see CIRT 2.0 (Cyber Intelligence & Response Technology) in action. The presentation will cover… ą Detecting the Unknown Threat ą Continuous Monitoring ą Malware Disassembly Analysis (no sandbox) ą Removable Media Monitoring ą Advanced Root Cause Analysis ą Compliance and & Data Leakage Auditing ą Leveraging Built-In Batch Remediation

Why Should You Attend? Despite all the investment in cyber security, organizations still struggle to improve their cyber security postures. This is due to three obstacles plaguing organizations today…

Over-reliance on Inherently Handicapped Signature based Tools: Technologies, such as anti-virus, IDS/IPS and DLP, don’t catch intrusions or data leakage unless you tell them specifically what to look for.

Juggling Disparate Products: Once an incident is detected, personnel must juggle several products to analyze network communications, computers & suspected malware.

Lack of Collaboration: Large organizations have multiple teams, each focusing on one piece of the cyber security puzzle-computer forensics, network security, compliance, malware analysis and more.

Concerns over recent GCC malware attacks? AccessData’s Cyber Intelligence & Response Technology (CIRT) is the first product to deliver analysis of data in motion, data at rest & volatile data within a single interface. Integrating AccessData’s network forensics, computer forensics, large-scale data auditing and malware analysis technologies, CIRT lets you see all critical data through a single pane of glass. And unlike other products, it actually provides enterprise-class remediation capabilities. So not only are you able to figure out what’s happening on your network faster, you’re actually able to do something about it faster.

Interested in becoming an AccessData Reseller? Attend our ‘RESELLER BRIEFING DAY’ On 17th September in Dubai & 18th September in Qatar. For appointments, please email: gbrooks@accessdata.com Location: Dubai Capital Club, Gate Village 3, Dubai International Financial Centre, United Arab Emirates.


/START

PROJECTS

Arabian Computer News brings you a regional roundup of recently announced and ongoing enterprise IT projects

1 / JORDAN

Jordan NCFA project to track domestic abuse Jordan’s National Council for Family Affairs (NCFA) has inaugurated the first phase of a project to automate work processes used by civil institutions involved in monitoring domestic violence. The project, which is being developed with partner SSS Process on Appian technology, aims to develop the workflow around follow up of incidents, file sharing for case review and linking them to concerned governmental departments, ministries, and non-profit the Jordan River Foundation through a secure, integrated environment.

2 / EGYPT

3 / IRAQ

4 / SAUDI ARABIA

R&M Cat 6 cabling connects 900 villas

Hermes Datacomms wins contract in Iraq

Mobily inks $280m outsourcing deal with IBM

Reichle & De-Massari (R&M) has completed the cabling for Rooya Group’s ‘Telal Al Alamein project. The company has implemented a Cat 6 cable network, that provides connectivity to over nine hundred villas. The project took six months to complete, and will provide high speed connectivity to residents, for services such as broadband internet and HDTV. The project uses twisted pair cables which support Gigabyte Ethernet, to support present and future bandwidth needs.

Hermes Datacomms Middle East, a UKbased WAN communications specialist has secured a contract to provide microwave and fibre connectivity the Iraqi’s operations of Consolidated Contractors Company, a pan-regional construction conglomerate. Hermes will provide a dedicated managed fibre circuit and 24/7 Network Operations support (NOC) over a 12 month time frame. Hermes Datacomms was awarded a trading licence for Iraq in late 2011.

Saudi Arabian telecom operator, Mobily, has signed a SAR1.05 billion ($280m), five year deal to outsource its IT operations to IBM. Mobily said that the deal will lead to several technical advantages in “final product quality”, and in managing and securing the applications and ensuring business continuity. The agreement will also increase flexibility in expansion, adaptability and risks management, the telco said. Mobily, part of the Etisalat group, said that the deal will be self-financing.

16

ARABIAN COMPUTER NEWS September 2012


/START

5 / OMAN

6 / UAE

Oman Arab Bank upgrades with IBM

UAEU at Al Ain deploys new data centre

DEPLOYMENT

A regional enterprise project at a glance

Oman Arab Bank (OAB) has upgraded its banking systems, to improve responsiveness to customers, and to enable greater business agility. The bank has rolled out new IBM server and storage virtualisation products, and IBM Websphere. The upgrade provides the bank with a virtualised environment and an open standards approach, for greater flexibility of systems. OAB has deployed IBM Power Systems and IBM System Storage SAN Volume Controller as to create the platform for core banking.

The United Arab Emirates University (UAEU) at Al Ain has installed a new data centre that will serve the campus and provide the backbone for the Ankabut academic network. The new data centre infrastructure is based on a Schneider Electric’ Infrastruxure embedded solution comprising Schneider Electric Racks/Enclosures, In-Row RP Cooling units, Schneider Electric In-Row RD Cooling units and Schneider Electric N+1 UPS units, and was developed on ‘green’ principles.

7 / QATAR

8 / SAUDI ARABIA

Qatar–based NBK implements HP architecture

Golden Chip Company selects Epicor ERP

Qatar-based family business Nasser Bin Khaled (NBK) has selected HP FlexNetwork architecture to replace its network infrastructure. Based on the HP 10500 switch, the new campus network is designed to provide NBK with cost-effective multimedia communications across all its sites. The resilient virtualised 10GB network infrastructure has the capacity to support 40GB/100GB in the future, and was implemented by HP partner Gulf Business Centre.

Damman-based Golden Chip Company (GCC) has selected Epicor ERP for deployment at its main production facility. The company, part of the Al Jabr Group, manufactures smart cards, RFID chips, magnetic stripe cards and associated services and solutions. The ERP system will help manage GCC’s entire production process, including workflows, inventory tracking and quotations. Total iCS, an Epicor value-added reseller (VAR) based in Saudi Arabia, will carry out the implementation.

User: Aspire Zone Foundation Project: Implementation of ERP for Aspire Academy, Aspetar Qatar Sports Medicine & Orthopedic Hospital and Aspire Logistics. The product: Oracle E-Business Suite R12. The objective: To deliver a single ERP system to manage all three newly-merged units of Qatar’s Aspire Zone Foundation, to replace out-of-date ERP solutions and provide integrated management. What the customer said: “Oracle was the clear choice, as it is a single vendor capable of providing consistent integrated technology across our organization. With Oracle, we can build a single, scalable platform that is benefitting AZF today and will support our technology roadmap into the future,” said Niyas Abdulrahiman, chief IT advisor, Aspire Zone Foundation.

September 2012 ARABIAN COMPUTER NEWS

17


Coming to a city near you! Visit www.emc.com/forum2012to find out more and register today

12 September, 2012 The Ritz Carlton Hotel, Doha

2 October, 2012 The Four Seasons Hotel, Riyadh

EMC Forum 2012 – Transform: Business+IT+Yourself Together, cloud computing and Big Data are transforming our industry; EMC helps you master these new IT realities. Don’t miss this free one-day event that gives you all the tools you need to take IT to the next level. Find out more: www.emc.com/forum2012


/START

Acer unhappy with Surface

Acer says Microsoft should ‘think twice’ about tablet Acer chairman and CEO JT Wang said Senior management at Acer have attacked Microsoft’s Microsoft should think twice before releasdecision to enter the hardware market with ing Surface. “We have said [to Microsoft] to think it its Surface tablet. In an interview with the Financial Times, over. Think twice. It will create a huge negaAcer president of PC Global Operations, tive impact for the ecosystem and other Campbell Kan suggested that the company brands may take a negative reaction. It’s not could look at alternatives to Microsoft if the something you are good at so think twice,” Wang told the FT. Surface goes ahead. “If Microsoft ... is going to do hardware business, what should we do? Should we still rely on Microsoft, or should we find other alternatives?” Kan said. The Windows 8-based tablet was announced in June, and is expected to launch in late October, but many analysts said that it was likely to be seen as comAcer is not happy with Microsoft’s launch petition by Microsoft’s OEM into PC hardware. hardware partners.

HARDWARE

Spotting the bandwidth hogs Blue Coat estimates that 30-60% of unauthorised bandwidth consumption on corporate networks is caused by these applications: 2012 London Olympics 17 days of live streaming coverage of the Olympics set world records for WAN and Internet bandwidth consumption. YouTube Today, over 3 billion hours of video are watched each month on YouTube. Apple 316 million iOS devices running OS updates, content

20

ARABIAN COMPUTER NEWS September 2012

downloads and uploads, iCloud and the App Store account for massive volumes of traffic. Social Networking Uploads and downloads to networks like Facebook show no sign of slowing. National and Supernational broadcasters More live and on-demand video available on the web from broadcasters means more bandwidth eaten up.

ITP.NET MOST READ

1 RIM could license out next OS to other handset manufacturers 2 Saudi Aramco hit by computer virus, oil production not affected 3 Syrian activists targeted by AntiHacker malware 4 Hackers release one million bank and web account details 5 New ME-focused cyberspying attack uncovered 6 Facebook commits to 25% clean energy use 7 Biometric authentication to become integral to mobile devices 8 Microsoft drops ‘Metro’ name for Windows 8 UI 9 Global tablet market up in Q2 says IDC 10 New MD for SAP KSA

COMMENT OF THE MONTH “This is definitely not good news. What’s happened to free enterprise and competition which benefits the consumer? Apple should concentrate on innovation as it once did.” RAHIM COMMENTS ON APPLE’S WIN VERSUS SAMSUNG


/START

Benefits B Be ene nefi fits of fit of ERP ERP implementations imp mp ple leme ment me ntat nt atio ions n AILA L BILITY OFF IN INFO FORM RMAT A ION 75% AVVAI 75 60 0% INCREASED INTERACTION 38 8% IMPROVED LEAD TIME 35% IMPROVED CUSTOMER INTERACTION 35% 35 35% REDUCED OPERATING EXPENSE 35

Com Companies mpanies are controlling costs aand nd timeliness for ERP roll outs, but bu ut are a re struggling with organisat t io ona l cchange h a n ge organisational

31 31 1% % REDUCED IT COSTS 2 % IMPROVED SUPPLIER INTERACTION 23

com mpanies satiisfied with h their ER RP selection

Approaches Appr Ap prroa p oach ches to to ERP ERP roll r ll o ro out ut he ERP markeet may be matture in IT terrms, but thatt does not mean that everry impleemen e tation goees smoothlly, or that every com mpany gain ins all th he bene be n fitts th ne heyy exp pectt fr f om their depl de plloy o meent, nt ac acco cord rd diin ng to a n w study. ne P noraama Pa m Consult l in ing, g, an n IT consultan ncy speciial a is isin ing g in ERP imp mplementtati tions, h haas releeas ased its 2012 2 ERP Repo ort rt,, which h hi h ghlights som o e off the issues aro round ER RP prroj ojec ects ts. The stud udy of 246 companies across various sect ctor ors worldw wo d ide show wed that while compan nies have improved thee mana ma nage geme ge ment n of bu udg dgets, timel ness li ss and rea ealising g bussin ines esss beeneefit fitss fr from m ERP R , th ther eree arre s ill isssu st sues. M ny com Ma o paani nies e don n’tt add eq qua uate t lyy set et a busin ines ess ca case se to be abl b e to measure re the suc ucce cess of the proje ject, and many compani pa nies es are cha hang ng gin ing g to too ma many ny of the heir ir bus usin ines esss pr proc oces esse sess to fit wit fit ith h th heeiir ne new w so s ft ftwa w re wa re. ricc Ki ri Kimb mb ber erli l ng pre li resiide dent of Pan anor oram a a co am comm mmen m nte ted: d: “W Whi hile le it is gra rati t fy ti fyin in ng to see ee

22

or ani orga n sa sati tion o s ta taki k ng con ontr ttrroll off the heir ir ERP imp mplementtaattio ion, n,, it sho houl uld d no not co ome at thee prricce off ign nor orin ing g keey or o gaani nisation nall ch han a ge isssue uess th that at can n and d wil ill ll have ha ve a neg gat a iv ivee im impa p ct c on th the b siine bu ness sss mov vin i g fo forw rwar rw ard. d “C Com ompa pani pa n es tha ni hatt do don’ n’tt ha n’ have vee sttrong ro ong mettho hodo dolo logi lo gies gi es in pl p ac acee to cop opee wi with th cha th hang ng ges in pr proo oc ss ce sses es and org gan aniz izzat atio io ona nall de de-siign n wro oug ght by ER ERP P sy syst stem st emss em – or o the h top p-l -lev e el buy-i ev uyy-i -in n necneecc essa s ry to mi m ti tiga gaate the h se s rissks – of ofte t n fin fi d be b ne nefit fitss sa sag g or disissap ppe p ar as time me goe oess on n. “N Not only is bus u in us ines esss bl es blue ue-ue printi t ng and pro r cess map appi p ng pi g an abs b olute requ uirrem emen en nt wh hen n it comes to su ucccesssf sful ullly imp pleement me nting E ER RP sy syst sttem ms, but als lso o comp co mpan anie an i s mu must st onlly ch chan an nge busi bu sine si ness sss pro r ceess sses es to fitt ERP P so oft ftwa ware wa re in arrea eass th that at aree non ndiff di f er ff eren e ti en tiat atin at in ng g,, succh as hum man n r so re s ur u cees or acc ccou ount ou ntin nt ing. in g. Too ofte ten we see ee org rgan anis an isat is atio at io ona nall back ba ckla lash sh and losss of com ompe p ti pe ti-tiive adv tive d an nta t ge whe hen n co omp paanies ni es cha hang ng ge in nte tegr gral al prro oce cess sssses ses es to fit th he so oft ft-w re the wa heyy ha have vee seele lect ctted.” ed d.””

ARABIAN NEWS September 2012 ARA ARAB AR IIAN N COMP COMPUTER U

47%

PHASED APPROACH reduces disruption but may cause resistance among departments

34%

BIG BANG! all employees switch at once, often disrupts

20% HYBRID APPROACH

companies don’t recoup p th he co ost of the projjectt


//START START

Running overscheduleâ&#x20AC;Ś

36%

31%

of projects run to schedule

take 25% longer than planned

10% take 50% % tha an longer than planned planne ed

AVERAGE AM MOUNT PROJECTS WENT OVEER BUDGE T ($$8,362,984 PLAANNED COMPARED TO $ 100,4 68,500 AC T UAL )

27% CUSTOMISED THEIR ERP TO FIT BUSINESS PROCESSES

Source: Sour u ce: cee Pano Panorama rama m Con Consult Consulting, sul sult u ing, Con Consona sona

2012 ERP market value

23 23


/START

SAP Saudi Arabia signs new MD SAP MENA has named Ahmed Jaber Al-Faifi as the new managing director for the company’s Saudi Arabia operations. Reporting directly to Sam Alkharrat, MD of SAP MENA, Al-Faifi will lead SAP’s ambitious growth strategy and field operations in one of the company’s most dynamic markets. An IT and telecommunications veteran with more than a decade›s experience across the Middle East, Al-Faifi joins SAP MENA from ZAIN KSA, where he held the position of Chief Operating Officer, supervising

BUSINESS

Al-Faifi will lead SAP’s growth plans for the Kingdom.

24

networks, IT, sales, marketing, customer care, among other key operational functions. Under Al-Faifi’s leadership, Zain KSA achieved tremendous growth in record time and expanded its operations to attain a market leadership position, including becoming the first in the region to launch mobile 4G LTE. “I am delighted to welcome Ahmed to our team,” said Alkharrat. “In a market as strategically important as Saudi Arabia, it is critical that we have the right person to lead and grow our business. Ahmed has the background and vision to move us to the next level, and will be instrumental in driving our customer-centric innovation agenda centering on cutting-edge, localised solutions related to mobility, analytics, applications, database and technology and the cloud.” “More than ever before, SAP’s team across MENA is built to scale, innovate and deliver valueadded solutions that can help businesses and organisations run better,” said Al-Faifi. “Saudi Arabia is in the midst of dramatic changes and its progress will need to occur with precision, efficiency and sustainability. I am proud to be a part of a company that is already influencing this exciting new reality, and look forward to supporting our Saudi customers and partners as we aspire to the next wave of growth and innovation.”

ARABIAN COMPUTER NEWS September 2012

Kaspersky and O+K investigate end user behaviour Kaspersky Lab and O+K Research have conducted a survey into IT consumers, to gauge how well they understand security risks, and how they protect themselves. The study of 11,000 users around the world, both novice and experienced, looked into areas such as use of devices, their perception of trustworthiness of different services, threat awareness and how much they value their digital data.

THREE MOST COMMON PROBLEMS ENCOUNTERED ONLINE

69% Spam

68%

56%

Unwanted content

Virus infections

HOW MUCH DO END USERS TRY TO PROTECT THEIR DATA? Device considered to be most safe with no need for security software

e-readers

Users who have had a device lost or stolen

18%

Highest use of security software - desktop PCs

95%

Lowest use of security software - mobile phone

25%

Use of specialist software to store passwords

7%

Passwords not stored only remembered by user

71%

FIVE PLATFORMS THOUGHT TO BE MOST RISKY End users judged platforms as ‘extremely unsafe and requires additional security software’ 50%

40%

30%

TABLET (NOT IPAD) MAC DESKTOP

MACBOOK

NOTEBOOK PC

DESKTOP PC

All data: Kaspersky Lab and O+K Research

Business apps vendor appoints Ahmed Jaber Al-Faifi to head its KSA operation

SECURITY WATCH


SA Earl he y Bi n V yo E rd u : $ re gi 5 st 0 er 0 n

w

ow

The World’s Most Important Gathering of CIOs and Senior IT Executives Focus. Connect. Lead. Disruptive technologies like cloud, social, mobile and information are revolutionizing business. The opportunity to leverage information innovation is right before us. The most successful CIOs and senior IT leaders will embrace the future by turning their attention to growth, cost reduction and competitive differentiation — all while filtering out the unproductive “noise” that can compromise clarity and purpose. Faced with fundamental changes to the enterprise ecosystem, IT leaders must acquire a new ability to Focus on the issues that matter, Connect people and ideas, and Lead with creativity and confidence. Comprehensive IT Agenda Gartner Symposium/ITxpo is the world’s most important gathering of CIOs and senior IT executives. Our 2013 agenda offers analyst sessions, workshops, roundtables and mastermind keynotes across three full days. With 10 role-based tracks and industry tracks, the agenda targets your specific title responsibilities and ways to adapt new ideas and strategy to your industry, along with insight on what’s next in IT. View the most comprehensive IT agenda for 2013 at gartner.com/me/symposium Symposium/ITxpo is for IT industry leaders, including: s¬ CIOs s¬ CTOs s¬ Senior IT Leaders s¬ Technology and Business Strategy Executives s¬ Institutional Investors & Venture Capitalists s¬ Technology and Service Providers


/START

MAKING THE SPAM Kaspersky Lab’s SecureList blog tracks the countries that sent the most spam in Q2

1 2 3 4 5 6 7 8 9 10 Other

COUNTRY China USA India Vietnam Brazil Korea Taiwan Russia Peru Kazakhstan

SHARE 18.8% 11.7% 11.7% 5.0% 4.8% 4.3% 2.6% 2.2% 2.2% 1.9% 34.8%

ARABIC ONLINE

Local companies launching local websites Souqalmal.com financial comparison website Souqalmal.com, has launched a new Arabic version of its service. The site allows consumers to search and compare over 700 different banking products, including credit cards, loans, mortgages and bank accounts, that are available in the UAE, Kuwait and Saudi, to find the best financial products to fit their needs, along with reader reviews.

26

ARABIAN COMPUTER NEWS September 2012

HP unveils network manager ANM 9.2 intended to improve and automate networks HP has released a new software management platform for networks that is intended to improve security, automation and network-availability for modern network infrastructure. The HP Automated Network Management (ANM) 9.2 for Converged Infrastructure, is a unified networkmanagement platform. The solution has been designed to improve control over network changes, increase visibility into performance, and to reduce costs through better prioritization of existing and future infrastructure investments based on new KPIs specifically designed for network management. “As organizations introduce new technologies to their converged infrastructures, the need for a networkmanagement blueprint for data centers increases,” said Tayfun Topkoc, regional director for HP Software, HP Middle East. “HP Automated Network Management software enables clients to increase network visibility and save costs like never before with a single solution that op-

INFRASTRUCTURE

Zari O’ Breesam, a UAE fashion house has launched a new website to allow customers to buy online. The site offers 160 items from the Zari O’ Breesam range, designed to be traditional Gulf womenswear but with a modern twist. The site provides users with functions such as order history and wishlists, with multiple currency payment options in US Dollars, Euros or Sterling. At present in a pilot phase, the fashion house is seeking feedback from users, who it says would often travel to Dubai just to buy single items from them, but can now access their fashion online.

timizes business decisions as well as IT investments.” HP ANM 9.2 includes major enhancements to HP Network Node Manager i(NNMi), HP Network Automation, NNMi Performance and NNMi Advanced Smart Plug-in add-on modules (iSPIs). It also provides access to new network-management Key Performance Indicators (KPIs)

Topkoc: ANM has been designed to manage growing requirements.

TAGpedia, an online encyclopaedia conceived with the aim of increasing the amount of Arabic content on the web, is scheduled to launch in December with about 500,000 articles. The Talal Abu-Ghazaleh Organisation (TAG-Org), which is producing the encyclopaedia, said it has already compiled 400,000 items from across the Arab world on a variety of sciences and other topics. Currently, only 2% of all web content is in Arabic, although Arabic speakers account for 5% of global internet users, according to Google. The encyclopaedia will be similar in format to Wikipedia.


Safe is advantage. Safe is profit. Safe is outright liberating. But safe doesn’t come easy. Especially when the dark forces are plotting night and day. It requires that delicate combination of brains and obsession. A brutally effective, global team that can snuff out danger before it gets dangerous. That’s McAfee, the world’s largest dedicated security company. We live and breathe digital security. Our job is to stay one step ahead. We know that today real security isn’t about “where,” it’s about everywhere. Every device, every connection, every location, every second. It’s because we never sleep, that you can sleep better.

©2012 McAfee, Inc. All rights reserved.

www.mcafee.com/safe


/START

Juniper Networks and Riverbed team up

Technology partnership to develop WAN optimisation, application delivery and mobility Juniper Networks and Riverbed Technology have announced a technology partnership, to focus on WAN optimisation, application delivery and mobility. The partnership aims to capitalise on the shifting focus of application acceleration towards convergence between the network and application layers. Under the deal, Juniper Networks will licence Riverbed’s application delivery controller (ADC) technology. The partnership will enhance Juniper’s capabilities in key network domains across the enterprise, including in the data centre, across WANs, and consumer and business devices through new application networking technologies that better manage, scale and optimize any application’s use of the network.

OPTIMISATION

Juniper has a strategic focus on high performance networking says Muglia.

The two companies will also work to integrate Riverbed’s Steelhead Mobile technology into the Juniper Networks Junos Pulse client to provide a mobile acceleration solution for mobile phones and tablets. The deal will also strengthen both companies application acceleration solution sets. “We are excited to partner with Riverbed to bring innovative, ground-breaking technologies to our enterprise customers. Riverbed’s application acceleration and WAN optimization solutions will complement our strategic focus on delivering high-performance networking infrastructure and further enhance our position in both data centre and consumer and business device domains. Our joint efforts with Riverbed will enable us to push the future of application networking,” said Bob Muglia of Juniper Networks.

BYOD: Top Five Tips Cameron Esdaile Aruba Networks’ online community, gives his top five suggestions for handling BYOD

1

Define a policy First, IT organizations should define a BYOD policy. What does a BYOD policy look like? It should include the types of users and the applications theyuse on a day-to-day basis. The next piece of the puzzle is who can access what and when and from where. Finally, you define access policies per device type.

28

2

Use a device aware network If the network does not know the device you are using when accessing these applications, it would be impossible to successfully implement a BYOD policy. Relying on an authentication system or intelligent fingerprinting techniques within the infrastructure or both are the available methods today.

ARABIAN COMPUTER NEWS September 2012

3

Enforce access control rules Enforcing access control rules is vital, preferably with a stateful firewall infrastructure and content filtering in place. Security enforcement needs to be simple to integrate with the existing network. Scalability is important with regard to the range of devices that need to be administered.

4

Reduce costs At the end of the day, all mobile devices need to connect to the network using a secure authentication method, preferably using certificate based authentication. The problem is, this means 15-20 minutes of manual labour per device. An Auto-provisioning system should be in place as part of any BYOD initiative.

5

Physical security What to do when your mobile device – with all the corporate email and data stored on it – is stolen or lost? This is one of the main reasons why Mobile Device Management (MDM) becomes important – it is not only about the access control but about the device and what’s stored inside, and how that can be managed.


www.helpag.com

Don’t underesƟmate your aƩacker. They only need to be lucky once.

Secure your business with help AG. help AG is an information security service and solutions provider. Known for its unmatched technical expertise and support services, help AG understands the correlation between technical and strategic information security and brings you the best solutions available on this planet.

Strategic

Consulting

Technical

Services

Support

Services


/ANALYSIS

AUK connects with video conferencing The American University of Kuwait utilises a wide deployment of Polycom video conferencing tools to connect students and faculty with external lecturers and introduce more interactive learning into the curriculum

F

or modern educational establishments, addressing students in a way that will stimulate them and keep them interested has become something of a challenge. More traditional teaching methods can’t compete with the attraction of YouTube, so more faculties are turning to technology to deliver education. The American University of Kuwait (AUK), an independent liberal arts institution of higher education, is one such establishment. As part of its continued efforts to provide the latest communications technology, the university has a significant deployment of video conferencing solutions, to serve its 2,200 students and faculty. Rusty Bruns, director of Information Technology at AUK commented: “We found that students today responded better visually compared to previous generations and we felt that it was our responsibility in conjunction with faculty recommendations to provide the best possible learning environment.” The university has 12 conferencing systems from Polycom, including Polycom HDX 7000 telepresence systems and Polycom VSX 7000 video conferencing systems with high

“STUDENTS DON’T LEARN FROM PAPER AND PENCIL ANYMORE … STUDENTS ARE MUCH MORE VISUAL TODAY.” 30

ARABIAN COMPUTER NEWS September 2012

resolution video, with Polycom StereoSurround technology for voice clarity, and can handle multiple speakers at once. The system has a simplified conference room control to make it easy for faculty to use. Bruns says the solution has been utilized in a number of ways. The system allows speakers and guest lecturers to address classes from any where in the world, and AUK intends to increase it has also been deployed the use of to tackle overflow from technology in teaching, says classes, to deliver lessons Bruns. to additional classrooms. “We wanted to conduct training and hold classes in more than one classroom simultaneously,” Bruns added. “Since it was going to be used by students mainly, we also wanted a communication tool which would be easy to use. The ability to have speakers, guest lecturers and authors speak to classes from anywhere in the world was an added advantage.” The solution has also saved the university an estimated $50,000 per year in the cost of interviewing job applicants. “We interview at least 20 people a year using the system, and since we are in Kuwait, and many of these [applicant] are in the United States, it costs, minimally, $2,500 to bring them to campus,” he said. AUK is providing close support from its AV specialists to ensure that faculty are able to deliver lessons smoothly, and the university intends to start developing some of the functionality that the system offers that is

currently under used. Bruns says the university also intends to get more faculty working with the solution, to improve the utilisation of the system and to increase the technology content of the curriculum. “What we are doing this semester, is we are starting to hold workshops this fall semester, for faculty to integrate technology into the classroom and into curriculum, I am not talking about just PowerPoint, I am talking about actually integrating the technology into the curricula so that they can reach students,” Bruns said, “Students don’t learn from paper and pencil any more, they don’t learn from standing in front of them and flipping pages; that type of lecture system doesn’t work, students are much more visual today. If you want to reach the student and keep the classes interesting, you have to integrate technology. If you keep it more interesting, they come to class.”


RED HAT OPEN CLOUD MAKING YOUR IT VISION A REALITY Selecting a cloud architecture will impact your organisations FRPSHWLWLYHQHVVpH[LELOLW\DQG,7HFRQRPLFVIRUWKHQH[W \HDUV5HG+DW2SHQ&ORXGOHWV\RXOHYHUDJHDOORI\RXU SK\VLFDOYLUWXDODQGSXEOLFFORXGUHVRXUFHVWRJHWKHUÂ&#x2039;JLYLQJ \RXWKHpH[LELOLW\\RXZDQWSRUWDELOLW\\RXQHHGDQGFRQWURO you deserve. redhat.com/opencloud

Copyright Š 2012 Red Hat, Inc. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, and RHCE are trade-marks of Red Hat, Inc., registered in the U.S. and other countries. LinuxŽ is the registered trademark of Linus Torvalds in the U.S. and other countries.


/ANALYSIS

The summer when security got serious Several serious cyber attacks against organisations and individuals in the Middle East have been uncovered in recent months. The region needs to wake up to the security vulnerabilities urgently, writes Mark Sutton.

I

t looks like all the predictions of the security experts have suddenly come true – if Stuxnet was a warning shot, then this summer has really seen the start of the new era of cyber attacks. In the two years since Stuxnet was discovered, in June 2010, the message from the security industry has been consistent and unanimous – things are only going to get worse from now on. The capabilities that Stuxnet demonstrated, the sophistication of the attack and the strategy that had clearly gone into its creation and execution were a showcase of just how advanced cyber attackers had become. From then on, every expert predicted that we would see the volume of attacks rise, and sophistication increase. And how right they Malware were. Since May, with attacks the detection of both have been developed that Flame and Wiper, a raft can avoid even of new Advanced Persisbehaviourbased tent Threats (APTs) have detection come to light, predomiand heuristic engines, said nantly with targets in the Kamluk. Middle East. Throughout the summer months, new, diverse threats have been uncovered, from Wiper, that infected Iranian oil companies, to the highly complicated cyber espionage tool kit that is Flame; Gauss that spied on individuals and monitored transactions with Lebanese banks; Mahdi which had been spying on individuals in Iran and Israel, and culminating in the Shamoon attack

32

ARABIAN COMPUTER NEWS September 2012

which infiltrated Saudi Aramco and took down 30,000 PCs. That Shamoon, which is described as being a relatively crude copycat attack, did not reportedly disrupt oil production at Aramco is testament to its ability to call on large, well-organized resources to recover, and good practices in separating production systems from web-facing systems, rather than any resilience to the initial attack. Whether the Shamoon attack concealed any theft of data from the oil company is not known. It is not just the Middle East that is being targeted. The Lucky Cat attack, which is believed to have originated from hackers based in China, was active from at least

June 2011 and targeted very specific sectors – organizations in aerospace, shipping, energy, military research, engineering in India and Japan, along with Tibetan community activists. The attack only compromised 233 systems in total, but that shows the narrow focus and precision of the attackers. The Middle East has been the focus of the majority of attacks, apparently caught between hacktivists protesting against local regimes, and foreign actors with their own agendas to pursue against countries and governments in the region. While the political factors remain, and security practices remain lax, the Middle East is likely to stay top of the hacker’s hit list. This leaves the region’s IT professionals in a difficult situation. The complexity of these attacks is as varied as the aims and methods of the attacks. The resources deployed for the Flame attack are thought to have been considerable, yet the Shamoon attack was described as the work of copycat script kiddies. The security companies themselves have struggled with these threats. The multi-stage attacks used by many of the APTs mean that they can be present on a network without triggering any traditional security measures. Nick Black, senior technical manager, Med, Middle East and Africa, Trend Micro said: “The challenge for AV vendors


/ANALYSIS

Saudi Aramco and RasGas were both hit by cyber attacks in August.

“THE MIDDLE EAST HAS BEEN THE FOCUS OF THE MAJORITY OF ATTACKS, APPARENTLY CAUGHT BETWEEN HACKTIVISTS PROTESTING AGAINST LOCAL REGIMES, AND FOREIGN ACTORS WITH THEIR OWN AGENDAS.”

or content security vendors to detect these attacks, is that because they are so targeted, they are very sophisticated, and the code itself that is injected into the network or the endpoint, may not be malicious. It is just a piece of code. If it is not doing something that we recognise as a known worm or Trojan, then it simply sits there undetected.” The Flame malware took this approach, and only installed certain modules under specific conditions. It was also able to avoid detection by more advanced security systems than just plain anti-virus, that monitor behaviour on the network and even took measures to detect and avoid anti-virus solutions. Vitaly Kamluk, chief malware expert, Russian Global Research & Analysis Team, Kaspersky Lab said: “It took the malware we estimate more than two years to make it to the anti-virus lab. We were wondering why that was, we have signature-independent technologies such as behaviour-based

detection and heuristic engines, and the answers were in the code of Flame. Flame actually makes very light checks before making any major changes or infecting other computers or removable media. It makes light checks on the system and if it finds any known anti-virus software in the system, it will not execute any risky steps, so as not to trigger behaviour-based detection. That is why the users and systems administrators have not seen any suspicious activity going on, it was silent on those machines that had anti-virus installed.” The Gauss malware posed an even bigger problem, after it was detected that it contained an additional, encrypted payload, which would only be activated on detection of a specific, unknown application. The encrypted payload is large enough to contain a Stuxnet-like SCADA targeted attack code, leading Kaspersky Lab to appeal to amateur cryptographers to help cracking the payload. Analysis of the Wiper malware

September 2012 ARABIAN COMPUTER NEWS

33


/ANALYSIS

“WHILE THE POLITICAL FACTORS REMAIN, AND SECURITY PRACTICES REMAIN LAX, THE MIDDLE EAST IS LIKELY TO STAY TOP OF THE HACKER’S HIT LIST.” was ended in August after no more details could be extracted from the recovered code. With the security industry struggling, and even a company the size of Aramco being so thoroughly compromised, the question now is how can any organisation protect itself from APTs, or if they would even know if there were threats in the system stealing data? The good news is that there are solutions that will go some way to detecting attacks. Solutions such as Security Incident and Event Management (SIEM) are able to integrate data from other hardware such as network monitoring, firewalls, and ac-

cess controls, to monitor behaviour such as multiple sign-ons from the same ID, or transfer of large volumes of data to unknown recipients. These solutions offer the benefit of preserving previous investments in security solutions, but they are typically complex to set up and administer, and require expensive technical expertise to put in place. At a time when budgets are under pressure, these complex solutions might not all be within reach of a typical business. Other companies are turning to managed security services to provide a degree of detection and removal of threats before they hit the company’s network, and to

provide them with expertise beyond the capabilities that they have in-house. Others are looking to consultancy services to help them plan security incident response and better organise their defences. Either way, organisations will require either skilled security personnel or skilled partners to be able protect themselves. Black commented: “Awareness is an issue, and with that awareness, you need skills. Because of the complexity and sophistication of these attacks, you can’t simply take a piece of code that will detect all of these things, there has to be a human element involved.”

MIDDLE EAST-TARGETED MALWARE TAKES MANY FORMS WITH DIFFERENT CAPABILITIES AND AIMS FLAME Type: Multi-part cyber espionage tool kit Target: Individuals and organizations in the Middle East or with links to the region Payload: Modular spyware with wide range of capabilities Outcome: 1,000-plus systems infected, began deleting itself in June Origin: Unknown, but originators thought to be well-funded and organised WIPER Type: Malware Target: Iranian Oil Facilities Payload: Wiper’s algorithm designed to destroy multiple gigabytes of files Outcome: Iranian Oil Ministry confirmed its systems were infected Origin: Unknown, not thought to be linked to Flame GAUSS Type: Cyber-espionage tool

34

ARABIAN COMPUTER NEWS September 2012

Target: Individuals, banking transactions with Lebanese banks Payload: Spyware, plus encrypted, mystery payload Outcome: Around 2,500 known infections in Lebanon, Israel and Palestine Origin: Unknown, but with some similarities to Flame in encryption, exploits and C&C set up. SHAMOON Type: Disttracker worm Target: Oil companies including Saudi Aramco Payload: Possible spyware, ability to wipe Master Boot Record Outcome: Saudi Aramco confirmed it had been forced to restore 30,000 infected workstations Origin: Claimed by previously unknown hacker group MAHDI Type: Cyber-espionage tool Target: Individuals, predominantly in Iran and working on critical infrastructure projects Payload: Modular spyware

Outcome: 1,000-plus users infected, Mahdi still spreading in August 2012 Origin: Similar in purpose to Flame, but not thought to be related DUQU Type: Remote Access Trojan (RAT) Target: Used for gathering information of use in attacking industrial control systems Payload: Theft of data, no destructive payload Outcome: Small number of infections detected Origin: Closely linked to Stuxnet STUXNET Type: Malware/ Cyber warfare tool Target: Supervisory control and data acquisition (SCADA) systems of Iranian nuclear industry Payload: Destructive attack aimed at Siemens SCADA controlled nuclear centrifuges. Outcome: As of November 2010, Iranian admitted to serious technical difficulties at several plants Origin: Believed to be US and Israel sponsored


Keep your business ahead of the rest with the new HINO 300 Series Double Cab. For all your enquiries call 800 HINOSALES (800 446672537)

www.hino.ae


/ANALYSIS

Supporting the supply chain Healthcare third party logistics provider Tranzone has deployed Infor Supply Chain Execution to improve the timeliness and efficiency of its services to distribute

H

ealthcare logistics provider Tranzone has rolled out Infor SCE (Supply Chain Execution), to improve the efficiency of its whole supply chain. The company, a third party logistics (3PL) provider for the healthcare industry, has deployed the solution to integrate warehouse management, labour management, 3PL billing and transportation management. Tranzone ships a number of medical products, including pharmaceuticals, medical devices, medical equipment and nutritional products from its central hub in the Jebel Ali Free Zone to customers around the region. The Infor SCE application will help improve efficiency, cut down on slow moving inventory, and ensure that there is transparency into the supply chain. The solution also includes the capability to record production batch numbers and medical device serial numbers to immediately recognise the brand and distributor. The solution has already helped in signing two new customers, Johnson & Johnson and GlaxoSmithKline, and Tranzone intends to further expand its customer base in the Gulf region. “The Infor SCE application has allowed us to provide our regional partners with enhanced services and continuous supply, both extremely important factors in our line of business as it is important we have full control of our inventory management system to ensure that stock is always available,” said Juergen Hirsch, GM of Tranzone. “Healthcare logistics is growing in the Middle East and we predict a further increase in the next 5-10 years. With the prospect of GCC regulations being harmo-

36

ARABIAN COMPUTER NEWS September 2012

nised in the future, it is now more important than ever to have a flexible and configurable solution for planning and supply chain management with the tools to serve our expanding database of customers efficiently and cost-effectively.” The solution was implemented by Infor partner SPAN, who also provided consultation, training on the use of the system and will handle ongoing maintenance. SPAN also implemented a customs tool as part of the solution, which will manage bill of entry and transfer bill models specific to Tranzone’s needs in the GCC. Kamel El-Ghossaini, regional manager – supply chain solutions, SPAN Group commented: “Before beginning implementation, SPAN spent time with the Tranzone team to understand their needs and to ensure that the Infor SCE solution would help meet

The Infor solution has already improved efficiency for Tranzone says Hirsch.

their specific business goals and objectives. We expect that Tranzone will see a return on their investment within two years and following this successful deployment they are now considering implementing the system within other operations.” “Infor Supply Chain Execution provides warehouse and transportation management capabilities that are critical to success in the highly demanding healthcare logistics industry,” said Mike Hibbert, channel manager for MEA, Infor. “We worked with our specialist partner SPAN to meet Tranzone’s needs by installing an industry-specific solution that will not only improve its efficiency and responsiveness but support the company’s future expansion. We are delighted that they have already signed two new customers since deploying the solution,” Hibbert added.


Ready when you are. Everywhere you are.

GlobalFrame.

Chatsworth Products, Inc. (CPI) is pleased to announce the launch of the GlobalFrame® Cabinet System, the newest addition to our extensive line of cabinet products to optimise, store and secure valuable technology equipment. CPI’s GlobalFrame Cabinet is an economical, highly adaptable storage solution available in 30 popular frame sizes, many of which are stocked and available for quick shipment around the globe. Compared to other standard cabinet solutions, GlobalFrame is unique and offers a thermal solution with CPI Passive Cooling® to meet the needs of today’s varying airflow needs.

Features & Benefits • Cost-effective cabinet solution adaptable to server, network and mixed-use applications • Select models immediately available with same day shipping • Available in two configurations to support front-torear or front-to-top airflow • Supports up to 3,000 lb (1360 kg) of equipment • Wide range of thermal, power and cable management accessories • Sized to match industry standards

The GlobalFrame Cabinet System is now immediately available from stock from our preferred distribution partners: Go to www.hasoub.com/contact or email sales_info@hasoub.com or mohammed.belbesy@hasoub.com, +966-56-7726020

Go to www.multinetfze.com or email info@multinetfze.com +971-6-5579397

Go to www.anixter.com or email dubaicustomerservice@anixter.com +971-48067100

www.chatsworth.com

Middle East Sales Office +971-4-2602125

Optimise. Store. Secure.


/TRENDS

NICK BLACK

SENIOR TECHNICAL MANAGER, MED, MIDDLE EAST AND AFRICA. TREND MICRO

SECURITY SPECIALISTS Cyber security threats against the Middle East have reached unprecedented levels – meet the experts that are helping protect regional organisations

Threat Awareness Understanding the nature of cyber attacks is essential to knowing what solutions can stop them “For traditional malware, you have your virus signatures, a virus comes in, we detect it, quarantine it, delete it – for these APTs, that’s now not good enough,” says Nick Black. “It’s tough for companies to understand the nature of that threat, and to have a security methodology and procedures, combined with the technology, to detect and mitigate that risk.” The complexity of APTs, and the fact that elements of their behaviour are not recognised as malicious by traditional solutions, means that organisations need to look for advanced layered security approaches. Organisations need more awareness and should take a partnership approach, drawing on vendor expertise. He also points out that SMBs, with less resources to secure themselves, are equally a target for cyber attack, even if they don’t know it. “I am very confident that right now there are hundreds, or probably thousands of companies that have APTs or some kind of malicious code on their network and they are not aware of it.”

September 2012 ARABIAN COMPUTER NEWS

39


/TRENDS

JUSTIN DOO

SECURITY PRACTICE DIRECTOR, SYMANTEC MENA

Multiple Vulnerabilities Organisations need to guard against a range of threats “Cybercriminals are consistently perfecting the art of external hacking and malware attacks, which is now fuelling a covert underground economy that supplies tools for theft and exchanges for stolen information,” says Justin Doo. “These guys are businessmen and the Middle East is where the money is.” Doo says that the Middle East is a target-rich environment for hackers, and they are not just after large organisations. The Android Arspam attack, a Trojan that was disguised as an Android prayer time app, shows the focus on the region. Organisations have varying levels of maturity when it comes to security, he says, but they can manage threats by assessing their current methodology and practices in place for information protection; educating staff to promote user awareness; performing ongoing risk and threat monitoring; and implementing managed security services.Security measures must be comprehensive, he warns: “A single negligent user or unpatched computer is enough to give attackers a beachhead into an organization.”

40

ARABIAN COMPUTER NEWS September 2012


Hook your customers up for the ride of their lives.

As the global leader in network video, Axis is setting a fast pace for the industry. Now itâ&#x20AC;&#x2122;s time to bring the whole analog gang along for the ride. Axis video encoders are the ideal way for you to approach the huge analog market â&#x20AC;&#x201D; offering customers IP surveillance benefits even if they arenâ&#x20AC;&#x2122;t ready to jump off the analog bandwagon yet. Axis encoders protect your customersâ&#x20AC;&#x2122; investments by enabling a mix of analog and network cameras.

And with the broadest range of encoders in the industry, Axis helps you fit any need and price point. When your customers are looking to migrate to IP surveillance, give them (and yourself) a head start. Axis video encoders â&#x20AC;&#x201D; the fast lane to growing your video surveillance business. Get the Axis picture. Stay one step ahead. Visit www.axis.com/encoders

A complete range of video encoders â&#x20AC;˘ Multiple video compression formats â&#x20AC;˘ H.264 for reduced bandwidth â&#x20AC;˘ Power over Ethernet for cost savings â&#x20AC;˘ Intelligent video capabilities â&#x20AC;˘ Rack solutions simplify scaling

CZKUACFAJQQMGFWRECTAEJCPPGNOCIAZAGPAKPFF

2/


/TRENDS

Integrated Intelligence SIEM solutions pull together data to give wider picture

BAHAA HUDAIRI

REGIONAL PRE-SALES ENGINEER, MCAFEE

42

ARABIAN COMPUTER NEWS September 2012

Guarding against more complex cyber attacks requires more complex solutions, says Bahaa Hudairi, something which customers are gain more awareness of. McAfee is seeing growing interest in Security Information and Event Management (SIEM) solutions, such as its NitroSecurity. SEIM solutions pull in data from different security and network hardware and tracks it over time, which helps provide a more holistic and comprehensive view of any suspicious behaviour taking place on an organisation’s network. “The problem right now that many customers are facing is trying to find that needle-ina-haystack of an attack, or an attack that is hidden,” Hudairi says. “They want to make sense of the security solutions that they have already, they want to get the value of their investments.” Hudairi says there is also more demand for managed services and incident management, as organisations realise the need for expert help. He also detects a change in attitudes towards security. “Security has always been an afterthought. Companies would build their infrastructure, put everything in place, and then think what they should do about security. Now what we are working with our customers on, is to build in security from day one.”


/TRENDS

NICOLAI SOLLING

DIRECTOR OF TECHNOLOGY SERVICES HELP AG

Proactive Approach

Too many organisations still taking a reactive line on security threats which leaves them vulnerable Lack of awareness and lack of good practice, are the biggest threats to IT security, says Nicolai Solling, from end users being careless with passwords, lack of encryption of data through to corporations that have not secured corporate data on mobile devices. The company works closely with a number of customers in the Oil & Gas sector, where Solling says he has seen some progress in uptake of solutions and practices, in part due to attacks on the energy sector such as Stuxnet that affected industrial control systems. “Over the last couple of years, we see the malware becoming more and more advanced. I am sure that something like the incidents that targeted the Iranian nuclear reactors, that those specific events definitely had an echoing effect on the oil and gas sector,” he says. Some companies in the Oil & Gas sector are now putting staff in place that are solely responsible for securing industrial control systems, but Solling says the IT industry and end user attitudes as whole still needs to change: “My personal opinion is that we are still being too reactive to security in general, a more proactive or strategic approach to security is still lacking.”

44

ARABIAN COMPUTER NEWS September 2012


/TRENDS

Best Practices Essential Companies are failing on basics like proper patch management

EMAD HAFFAR

TECHNICAL MANAGER, KASPERSKY LAB

46

ARABIAN COMPUTER NEWS September 2012

Organisations in the region are heeding the call to improve their security, says Emad Haffar. The recent cyber attacks have been a wake up call, creating a rise in enquiries from customers, but there is still work to be done. “We definitely see more awareness about this topic among organisations in the region, we are moving in the right direction, but comparing the maturity level to other parts of the world, there is some work that needs to be done,” he says. If organisations in the region are becoming more security aware though, end users are still lagging behind. Kaspersky Security Network data shows that the malware exposure in the Middle East is around one and a half times that of Europe. While rates of infection with web-based malware are high, locally delivered threats that spread via the network or USB are even higher in the region, with two self-replicating malwares, Sality and Kiddo being responsible for a large proportion of infections. “Keep in mind these two pieces of malware are not new, most AV products detect these malware and they use known vulnerabilities in the system,” Haffar said. “Keeping this in mind, a lot of machines in the Middle East are not properly patched and they don’t use proper AV solutions.”


/TRENDS

NIMA SARAF

TECHNICAL TEAM LEADER INFORMATION SECURITY, ADVANCED NETWORKING AT FVC

Network Defence

Network resources can be first means of spotting attacks Managing the emerging threats to a network requires one vital starting point, according to Nima Saraf – the network manager has to have monitoring and reporting of the network. “To be able to manage a network, whether from network utilization view or security, you need to first understand what is going on in the network, only then can you plan to improve and secure it,” he says. Cyber threats cannot be mitigated by a single standalone appliance any more, Saraf says, but rather require a combination of multiple products and services such as forensic analysis, SIEM, LM, NAC, IPS/IDS, VA, firewalls, web application firewalls, anti-spam and malware protection. Saraf says progress is being made in adopting new solutions, but it will be a gradual approach for most organisations: We are seeing the new generation of security solutions building in both monitoring and vulnerability scan engines. Unfortunately only a few of these large organisations are able to afford such advanced solutions. Most of them will have to implement a step-by-step solution to tackle the new problems, starting with replacing UTMs.”

48

ARABIAN COMPUTER NEWS September 2012


/EDITOR’S COMMENT

Aramco attack: a defining moment for IT security? The cyber attack on Saudi Aramco, might have come as part of a wave of advanced persistent threats that are targeting the region, but it is by far the most high profile security incident to have happened in this part of the world. If an organization of the scale of Saudi Aramco can be hit, then every organisation can consider themselves to be vulnerable. Attacks against industry, and the oil and gas companies in particular, cut to the very life blood of the Middle East. These attacks go beyond embarrassment and into the serious economic threats to nation states. I don’t believe there is a single, co-ordinated conspiracy to destabilize the Middle East, but rather the attacks are the work of a diverse range of ‘actors’ with different aims, skill sets and means of operating. But that is not to say that any organization can be complacent or think that they aren’t a potential target. Flame is a highly complex malware, that must have been put together by serious people with serious resources, but if its capabilities were unseen before today, then tools like it will be a commodity tomorrow. Shamoon was even described as “a copycat, the work of script kiddies,” yet it must have cost Aramco hundreds of man hours to restore its systems, let alone any data loss that may have occurred. The question is, whether organizations in the region will finally hear this wake up call? Aramco did the right thing in at least confirming the situation, but there needs

50

ARABIAN COMPUTER NEWS September 2012

to be more dialogue at a regional and global level on how to improve security systems, and to combat these threats. The national CERTs in the region, need to take the lead, and they need to get wider buy in from the governments behind them. More legislation should be in place to require disclosure of security incidents. For the CIO or IT manager, there are solutions that are evolving that address some of the issues. Solutions to spot unusual behaviour on the network, that look to patterns or out-of-the-ordinary events, rather than simple firewall protocols or scanning for AV signatures, are coming to market, but they are complex and require strong technical skills to deploy, which, coming at a time when budgets are strained, to say the least, might not put them in reach of every organisation straight away. A partial roll out of security solutions is better than hoping it won’t happen to you, but organisations need to be very aware of just what systems are protected and what that means to policies and business processes. But complex systems are not the best starting point. What is striking is the amount of times these attacks use known vulnerabilities or simple vectors of attack like infected USBs or social engineering. This is where companies in the region need to start taking a far more serious approach to security, from the basics up. Stop using vulnerable pirated software. Start patching applications properly. Create proper policies and enforce them, and educate staff. These threats to the region are not going away, so it is up to the IT professionals to start making changes that will provide the basics of defence.

Mark Sutton Senior Group Editor


Collaborate face-to-face with anyone, anywhere. Polycom速 RealPresence速 solutions empower people to collaborate better, smarter, and with more impact in their business communications. We create the experiences that push the greatness of human collaboration forward. Come see the latest vertical solutions at the Polycom-FVC booth at Gitex. Visit us at booth Z-G10 in Zabeel Hall from 14th to 18th October 2012. www.fvc.com


/COMMENT

How to make your next ERP replacement your last Anish Kanaran, regional director for MENA and Turkey, Epicor Software Corporation provides some key considerations to bear in mind when selecting a new enterprise resource planning application.

A

n enterprise resource planning (ERP) system can be likened to the information backbone of a company that reaches into all areas of the business and value chain. Replacing it can thus be a very difficult and painful process. When done correctly, though, an ERP replacement can unleash unlimited business potential. Selecting a proven ERP provider is the best and only way to ensure the success of an ERP replacement project. The provider must be part of the vision and should be attuned to the long-term business strategy and objectives of the enterprise. So how does an enterprise go about selecting the best solution that meets its requirements? Here are 12 criteria to help you choose the best ERP provider for your business:

Anish Kanaran is regional director for MENA and Turkey, Epicor Software Corporation

1. A FUTURE PROOF DECISION An ERP system must be able to adapt to dynamic technology and business strategies that only a few providers can accurately predict today. An ERP vendor with a proven track record in agility and meeting changing market needs is essential. It is important to find vendors with a history of delivering new technologies and solutions such as service-oriented architecture (SOA), lean strategies, workflow and e-business that streamline and automates business operations and processes.

2. ROCK-SOLID SOLUTIONS The best systems include capabilities that give your organization new ways to become more competitive. SOA is vital as it helps businesses connect with their customers, partners, and employees. Rock-solid solutions generate rock-solid results. Companies that use an ERP solution with superior functionality report measurable improvements from both an operational and financial perspective.

3. REPLACEMENT KNOW-HOW A vendor that specializes in ERP is a better choice than one with divided, unfocused interests and business units vying for resources. In the last five years, system replacements have reportedly comprised more than 80 per cent of ERP implementations . When a vendor’s business is 80 to 90 per cent system replacements, they know what it takes to deliver a smooth and flawless transition. They will also have expertise in how to review and replace ineffective processes.

Look for a vendor that has replaced systems for everyone from Fortune 500 companies to mid-sized and small companies, as well as for businesses with both single and multiple packages.

4. ELIMINATION OF IMPLEMENTATION GUESSWORK The success of your new system depends on two dimensions: the time it takes to implement the system and the amount of business change and value delivered. Quick advantage occurs when the implementation is fast and results in high strategic value. The greatest strength of a software vendor should be their ability to deliver this type of implementation. A proven implementation methodology removes uncertainty and addresses your expectations for a rapid, effective and worry-free system replacement process.

5. TAILOR-MADE BUSINESS FIT No two businesses are alike. You therefore don’t want a “cookie cutter” approach to setting up your system. Whether you are modeling currently effective processes or reengineering and improving ineffective processes to support new strategies, five key elements of the solution’s design give it the ability to create a tailor-made solution for your company. These elements are Execution of the Implementation Roadmap, System Settings, Tools to Customize Your System, Advanced Technologies, and Portals.

6. INDUSTRY EXPERTISE With extensive industry experience and expertise, a vendor will be equipped to offer you the kind of support services and tools that al-

52

ARABIAN COMPUTER NEWS September 2012


/COMMENT

“IN THE LONG RUN, IT WILL NOT KEEP YOU IN BUSINESS. THAT MAKES TECHNOLOGY A STRATEGIC RATHER THAN A STRICTLY IT DECISION.”

low you to successfully solve your most difficult business challenges, rapidly deploy applications, and maximize your return on investment. Make sure the vendor’s implementation team which will include design professionals, systems analysts, technical, consultants, and financial experts understand your industry inside and out.

7. SOUND FINANCIAL FOUNDATION Businesses ultimately succeed or fail based on their ability to operate profitably. The combination of a competitive, global business environment, coupled with the mandatory regulatory compliance many companies face today, makes successfully managing your finances one of the biggest challenges your company can face. The right ERP vendor will help your business achieve sound financial management, from the basics of general ledger transaction entry to providing the sophisticated reporting, monitoring, and business performance management tools available.

8. STACKING THE TECHNOLOGY ODDS IN YOUR FAVOR As a business, you need technologies that will grow with you, help you compete successfully and effectively run your operations both now and in the future. Thus, information technologies should be evaluated and employed based on their relevancy and ability to provide sustained business advantages. Reliable and proven technologies are then seamlessly integrated into the total suite to deliver the greatest return. In the long run, IT will not keep you in business. That makes technology a strategic rather than a strictly IT decision. Although technology is clearly an important influencing factor in any ERP selection process, history continues to show that some of the best ERP results occur when technology specifications are determined by what is required to support critical business needs. That is the essence of a resilient approach to technology.

9. A TESTAMENT TO SCALABILITY If this is to be your last ERP system replacement, investment protection should be the cornerstone of your software provider’s product development strategy. Partner with a vendor offering proof of the ease of upgrading, low need for custom programming, and high relevance of capabilities delivered in each new release. One that can expand the system›s functionality as the need arises or as new features become available. The best vendors have a high percentage of customers on maintenance and current releases and have a majority of clients over the 7-year mark.

10. COMMUNITY COLLABORATION: MAXIMIZING CUSTOMER MOMENTS OF TRUTH Every encounter between customers and their frontline people is a ‘moment of truth’ that sets the tone for the entire company in the minds of their customers. You must know how customer-oriented your supplier is and how much information they provide to those on the front line. Look for a comprehensive support program and exclusive services such as Remote Consulting, Client List Server and Data Access, On-Call Web Conferencing User Support, and Web-Based Training and Solution Webinars that have a powerful impact on the success of your ERP implementation.

11. INTEGRITY AND DEDICATION Determine the longevity of your vendor. Look for consistent growth and financial stability as well as adherence to sound corporate and fiscal management practices. Understand their business objectives. Consistent growth and profitability maintains and improves the vendor’s ability to provide support and technology advancements in step with your developing needs and the needs of the market. Beyond longevity of your vendor, you’ll also want to understand their dedication to their customers. Response time to requests is of critical importance and should be in minutes. Look for response time statistics that show continuous and dramatic improvements. Look for evidence that support personnel relentlessly strive to achieve this goal while maintaining the highest standards of professionalism. Make sure your ERP vendor is willing to work as hard as necessary to get you answers and help when you need it.

12. DELIVERING RETURN ON INVESTMENT For more than two decades, organizations have seen their highest ROI come from their ERP. This is due to strategic ERP solutions that streamline, integrate, automate and improve operations in companies around the globe. An ERP replacement should help you achieve the maximum return on investment with the shortest period.

HAPPY HUNTING Replacing an ERP system is a colossal event for any company. By definition, an ERP system is the business backbone. Replacing it can be a difficult and painful process. When done correctly, it will mean greater efficiency, increased profitability, more flexibility and growth potential. The cornerstone of this effort is finding a partner who will maintain focus until you achieve your goals.

September 2012 ARABIAN COMPUTER NEWS

53


/COMMENT

Five myths that shroud Big Data Big data might be addressed as if all data were the same, says Jean-Marc Bonnet, Consulting Architect with Teradata EMEA, but there are some misconceptions to overcome before solutions to handle big data can be delivered

C

ompanies have a wealth of information about their customers – from online transaction records to social media data – the key is drawing insights from all the data regardless of its channel or source. The challenge is that all data is not structured the same. Businesses are accustomed to collecting and analyzing structured data like the information in traditional year-over-year sales reports. Many business are now struggling with how to capture and analyze other types of data that is multi-structured. The structure of the data and the complex inter-relationships of big data types do not lend themselves to analysis with today’s traditional techniques. This presents organizations with a new task to develop an infrastructure that can easily analyze and leverage, not merely store, this emerging data along with the traditional data.

MYTH #1: BIG DATA IS ALL ABOUT VOLUME AND THE GROWTH OF DATA Not exactly. Yes, big data includes large volumes of traditional business data that is growing at exponential rates, but it also includes new sources of diverse data. The varied data comes from web applications, sensor networks, social networks, genomics, video, and photographs. Big data is also complex and extremely difficult to capture, store, manage, and analyze. Both types of data are indeed growing.

MYTH #2: COMPANIES SHOULD RIP AND REPLACE THEIR EXISTING ANALYTICS SYSTEMS TO DEAL WITH ADVANCING BIG DATA ERA No, this isn’t necessary. Building big data analytic capabilities requires the right mix of people, processes, and technology. If a company isn’t realizing value from its existing business intelligence environment, then this issue must be addressed first, before a big data initiative is started. The real value of big data analytics is realized when the analysis of traditional business data is enriched with big data insights— creating a transparent and comprehensive view of the business. That view can create opportunities that drive superior growth.

MYTH #4: DATA SCIENTISTS AND BIG DATA ANALYTICS ARE 2012’S IT FAD Big data analytics is not a one-time event – it’s here to stay. According to Tim O’Reilly, founder of O’Reilly Media, “We are at the beginning of an amazing world of data-driven applications. It’s up to us to shape the world.” Data scientists, now an established profession, often combine a deep understanding of business processes with mathematical, statistical, and technical skills. There is incredible demand for these professionals who blend business acumen with technical know-how.

MYTH #5: THE VALUE OF BIG DATA RESIDES WITH THE TECHNICAL PROCESSING CAPABILITIES OF HADOOP AND SIMILAR SOFTWARE There isn’t one single technology that does it all. Building big data analytic capabilities requires a variety of technologies depending on the business problem that the organization is working to solve. Unlocking the business value hidden within the data is the key. This requires sophisticated analytic applications, and some of the new, sophisticated applications include digital marketing optimization, fraud detection and prevention, and social network analysis. Hadoop adds value and has its place in the big data technology arsenal.

THE KEY TO SUCCESS The key is to integrate new types of data with traditional business data that businesses already have. By opening up access to the entire corporate ecosystem and incorporating data from all sources, businesses can use big data analytics to achieve a super-charged view of the customer to improve customer service and sales.

MYTH #3: BIG DATA IS ONLY FOR BIG TECH COMPANIES LIKE GOOGLE Whether a company is a large internet firm, a Fortune 500 or smaller organization, the explosion of big data matters. Operating a business today without serious insight into business data is simply not an option. It is all about competitive advantage, regardless of the industry. Competitive advantage depends on the ability to manage and analyze all the critical data entering a business environment. The new world with different types of big data requires deep analytic insights gathered from many data sources and large volumes of data.

54

ARABIAN COMPUTER NEWS September 2012

Big Data is not just about numbers, and approaches to data will not be one-sizefits-all


THE MOST CELEBRATED EVENT FOR THE MIDDLE EAST TELECOMS INDUSTRY Tuesday 4th December, 2012 The Westin, Dubai The 7th Annual CommsMEA Awards set out to celebrate and pay tribute to the telecoms industry professionals and operators that have shown outstanding performance and results in key market segments.

NOMINATION DEADLINE

For advertising enquiries please contact:

THURSDAY 4TH OCTOBER

Natasha Pendleton +971 4 444 3193 natasha.pendleton@itp.com

Sponsorship Opportunities Now Available

For nomination enquiries please contact: Roger Field +971 4 444 3419 roger.field@itp.com

For table booking enquiries please contact: Michelle Meyrick +971 4 444 3328 michelle.meyrick@itp.com

CATEGORY SPONSORS

For more information please visit:

www.itp.net/commsmea-awards


/KOJ GROUP

56


/KOJ GROUP

KOJ Group has steadily grown its chain of stores and brands, while making more efямБcient use of its back-end resources, says Thameem Rizvon.

KOJ GROUP TIGHTENS REINS ON RETAIL OPS

KAMAL OSMAN JAMJOOM GROUP MAKES EXTENSIVE USE OF ORACLE RETAIL SOLUTIONS TO HELP IT MANAGE AN EVER-EXPANDING, DIVERSE RETAIL CHAIN BY MARK SUTTON September August 2012 ARABIAN COMPUTER NEWS

57


/KOJ GROUP

Richard Winsor, group CFO for KOJ Group explains the importance of its retail and back office Oracle solutions in ensuring that the business is able to better manage and plan its growing network of retail stores.

he company operates a retail chain of ten different brands, with around 570 stores in six countries in the region. The KOJ Group includes its own brands Nayomi, Mikyajy, along with franchises of brands such as the Body Shop and Early Learning Centre. KOJ Group is a long-time Oracle user, having been the first Middle East retailer to roll out the Oracle Retail solution. Thameem Rizvon, IT director of KOJ Group, said that the group chose to go with Oracle in 2006, after reviewing the set up it had previously and finding it could be better. “If you look at the business, everything we do revolves around retail. In 2006, when we did an analysis of our systems vis-avis the way the company was growing, we realised we had a challenge of disparate systems not talking to each other, so you never had a single source of truth,” he said. The company shortlisted two leading vendors for retailfocused solutions, and finally selected Oracle based on its solutions, presence in the region, and the fact that it counted many major retailers among its customers. KOJ then began a series of major implementations of Oracle modules. The project began with Oracle Retail and Oracle E-Business Suite, before proceeding with Oracle Retail Merchandising Operations Management, Oracle Retail Merchandise Financial Planning and Oracle Retail Warehouse Management System, with all systems in place by April 2008. These deployments were followed by the implementation of Oracle Data Warehouse at the end of 2009, and then an upgrade of existing Oracle solutions the following year. Oracle solutions now drive most of the company’s back office functions, from centralised systems at it Dubai head office, including finance, HR, warehousing, and high-level planning. The improvements in efficiency has enabled KOJ to go from 280 stores in 2007 to around 570 stores today, while actually reducing the warehouse staff required by 20% and reducing IT headcount from 51 to 28 personnel. While KOJ has extensive deployments of Oracle, that does Rizvon says that for each module that has been rolled out, the company has gone with a different systems integrator, based on the requirement that the SI has consultants available with the right

58

ARABIAN COMPUTER NEWS September 2012

functional skills and experience in the relevant module, for the duration of the project. With so many key business processes in place, KOJ has taken a careful approach to project implementation, implementing a project management methodology, GO/NO-GO [see box] to ensure that all stakeholders in the business are aware of the benefits the project should deliver, as well as signing off on each stage. KOJ has also looked to avoid complexity by mainly sticking to out-of-the-box deployments, with minimal customisation. Richard Winsor, group chief financial officer, KOJ explains: “These are essential projects. We have a methodology for putting in projects which has proved pretty robust, we tend to do one project at a time, we tend to leave a stabilisation period between one project and the next, and we stick to vanilla in terms of the system. As a retail business it is not overly complicated, Oracle is far more sophisticated than us as a business, so we fundamentally believe there is enough functionality in Oracle for us and we don’t need to go and make lots of bespoke changes.”

KOJ GO/NO-GO METHODOLOGY For all of its projects, KOJ has a strict methodology, dubbed GO/NO-GO, to ensure all stakeholders are comfortable with progress before advancing to the next stage. Rizvon explains: “We have a stringent project management methodology, it is an extract from the global PMI method, we have customised a very strong interface with the business. In simple terms, we call these ‘GO/NO-GO’ meetings. For every project, depending on the complexity, we determine anywhere between three to six milestones, and set the business targets that we aim to achieve. These are shared with the board, and the board are present in these meetings, along with the other stakeholders – the system integrator; Oracle is present in every single milestone meet, I am present, my project team is present, and we go through these parameters in every single meeting.” In the meetings, the stakeholders discuss the parameters of the project stage, and decide whether they have achieved their target for that specific goal, with all parties physically signing off on the decision to proceed or not. “In the last three years there have been three instances when we took the courageous decision to stop a project from going to the next milestone before we had finished. It helps, in business terms, that the business knows what this project is going to deliver, and we have a very strong alignment to the business,” he adds.


/KOJ GROUP

“IT WILL MAKE US MORE EFFICIENT, MAKE DATA FLOW MORE ACCURATE, AND ALLOW US TO MAKE BETTER INFORMED AND QUICKER DECISIONS - WE WILL MAKE MORE SALES IF THE RIGHT STOCK IS IN THE RIGHT STORE AT THE RIGHT TIME.” 59


/KOJ GROUP

KOJ SYSTEMS Oracle E-Business Suite Oracle Data Warehouse Oracle Retail

Rizvon: Data flowing to and from the retail store network should be automatically processed by head office servers, withouth the need for manual intervention, to ensure an up-to-date view of the business.

Sun Microsystems servers NCR Point of Sale terminals

Rizvon agreed: “When we looked at Oracle retail, one of the key factors we looked at was if Oracle Retail can run global businesses with much more complications, we should also be able to run it. Having multiple systems could lead to possible issues of integration and data duplication which we want to avoid. Our implementations in all the modules to date, are pretty much vanilla. It is not 100%, but we try to keep [customisation] to a minimum.” Oracle has not only offered functionality such as out-of-thebox support for multi-currency, an important requirement for KOJ, but has also consistently improved and updated the applications. This has further strengthened KOJ’s aim to use the software as-is, without customisation. Rizvon said that while changing business processes to fit the system can be challenging, changes have been minimal, and through strong project management and procedures such as GO/NO-GO, the IT team has been able to get a high degree of acceptance from the business. For current projects, KOJ has been busy over the summer with a pilot project for two new modules, Oracle Retail Point-of-Service and Oracle Retail Store Inventory Management applications. The solutions have been deployed to 15 stores in the UAE and Saudi Arabia for the pilot, which partly took place during Ramadan, a key sales period for the group. Winsor summed up the benefits of this latest project: “It will make us more efficient, make data flow more accurate, and allow us to make better informed and quicker decisions - we will make more sales if the right stock is in the right store at the right time.” The point of sale solution replaces an existing solution, in use for nearly ten years, which Rizvon explained, had become outdated and could not scale to match the growth in the number of stores the group operates.

60

ARABIAN COMPUTER NEWS September 2012

“We have been looking at our tickets for the past six years and close to 60% of our existing issues comes from our POS application. Almost 60% of those issues are something which can be easily related to the application,” he said. The present point of sale solution does not integrate properly with systems at the head office, and teams have had to spend time manually validating data and juggling services to ensure that sales information, promotional pricing and so on can flow to and from the stores. “Today it requires the skill of some of my best support team members, to be looking at certain services, to shut down some services, run services - that is not the way technology should run, from any technology perspective these should be automated,” Rizvon said. “I am very happy to say that in these 15 stores in the last two to three months we never had to step in to do that, it automatically works.” The only customisation that was required for the POS system was integration of credit card systems, to remove any manual processing of credit card transactions, which will address current issues with manual errors. KOJ also aims to use some of the functions in the POS system for clock-in and clock-out of staff using biometrics, which will help the company to better analyse and plan workforce requirements.


/KOJ GROUP

“ONE OF THE KEY FACTORS WE LOOKED AT WAS IF ORACLE RETAIL CAN RUN GLOBAL BUSINESSES WITH MUCH MORE COMPLICATIONS, WE SHOULD ALSO BE ABLE TO RUN IT.” The Store Inventory Management application, which manages the back office operations of the stores, such as stock handling and reporting, has also proven its worth in the pilot deployment, Rizvon said, through giving much better insight and faster reporting of various processes at each store. “The biggest plus in the SIM is the quick update on our stock on hand. SIM being an online application, it immediately updates stock to our head office, the moment we receive it in the warehouse. As a retailer, the majority of your cash is in your stock. We would like to have the right amount of cash invested in the right amount of stock, and with this we can do a detailed analysis of stock,” he said. “Another important functionality is store-to-store. When we move stock in our current system, it takes a day to two days to update the other store, which is quite challenging, because sometimes you have received the item, but electronically the stock has not come through. In this Oracle Retail SIM, it is instantaneous. The receiving store gets the stock and they are immediately able to sell it to the customer. That is a significant plus. “We are looking at how our data warehouse operates. Today we have 570 stores, each director, each brand owner, each planner has their own dashboards in the Oracle Retail Data Warehouse. With the current retail system limited in terms of updating our head office, it can take two days for all the sales transactions to be consumed. With the Oracle system, it is instantaneous, it is a significant plus, because when we have more stores, even a day or two of sales not being updated can be quite challenging,” he said. Alongside the Oracle pilot, KOJ is also working on another pilot using Cisco solutions, to improve the connectivity of the stores. With stores in so many different locations, but no SLAs offered by service providers in the region, the group is looking at ways to ensure that stores can be constantly connected to head office, and to ensure that data is flowing in real time between systems. In terms of systems, Rizvon is confident that with the completion of the pilot phase, most of the work is done, and that the group now has a clear idea of what is needed to complete the project. “In these 15 stores, our objective was to run these for a couple

of months, and also during our peak trading month of Ramadan, so we are able to analyse the performance, we are able to understand what are the key things we need to plan during the roll out,” he said. “We have done the first 15 pilot stores, those are the most critical aspect, because in those stores we built all the integration that is required for the back office systems. This took us close to five months, which is probably one of the shortest time frames.” The next stage is deploying the new Oracle applications to the whole network of stores, and to ensure that the staff are trained to use them properly. The IT group has taken twenty personnel from retail, who will be attached to the team for the next four to five months, to help train staff instore. “The challenge would be on the training, our focus would be to work with the business to make sure the training happens successfully, and the stores have all the tools beforehand to make sure the go live is successful,” Rizvon explained. “Our plan is to go live with ten stores every day, so we will have one retail team member, and one member from IT or the vendor, who will be at every store the day after they go live to handhold the staff. The objective is to make sure we have a smoother go live.”

GETTING VALUE OUT OF THE VENDOR While KOJ has a close working relationship with its main vendors, including Oracle, Thameem Rizvon says that IT professionals should look to the wider industry to get maximum benefits from their vendors. As part of the CIO Arabia group, Rizvon has invested time in networking with peers from the retail sector, so that they can mutually extend their expertise and share experience. Rizvon was also a founder of Middle East Oracle User Group (MEOUG), and believes that participation in such groups can help companies to get the most return from their expenditure on applications. “Oracle has all the processes and methodologies to make your project work, provided you know how to reach it,” Rizvon explains. “My activism in the user group is primarily to learn about these opportunities. When we implemented an advanced planning module, we had nobody in this region who had done this module, so I had to look globally. I identified a couple of vendors, and then we spoke to Oracle’s global leadership team to enable those vendors to come in. “There is a wonderful support methodology within the Oracle support team, where you can get those returns. You are entitled to monthly reports, and you are entitled to a lot of knowledge updates, unfortunately this is not always known by the customer.”

September 2012 ARABIAN COMPUTER NEWS

61


/DU

62


/DU

Telecom providers are ideally positioned to become IT service providers, thanks to their existing relationship with the customer and their control of the network, says Lincoln.

DU SETS SIGHTS ON SERVICES

UAE OPERATOR DU AIMS TO EXPAND BEYOND TRADITIONAL TELECOMS SERVICES TO BE BECOME A TRUSTED PARTNER OF CHOICE FOR A WIDE RANGE OF ENTERPRISE AND SME IT SERVICES. JOHN LINCOLN, VP OF ENTERPRISE, IS THE MAN IN CHARGE OF TAPPING INTO THIS GROWING BUSINESS FOR DU BY MARK SUTTON September 2012 ARABIAN COMPUTER NEWS

63


/DU

Lincoln: Du is developing partnerships with different vendors and SIs to develop new markets and vertical opportunities.

here has always been considerable overlap between the spheres of information technology and telecommunications. Telecoms companies have often been at the forefront of developing IT solutions, and in an ever connected world, they play a vital role in linking systems. Now, with the rise of technologies such as cloud computing and video conferencing, and in trends such as mobility and BYOD, the convergence between IT and telecoms has never been stronger. For UAE telco du, the convergence of IT and communications represents a major opportunity for business services. The second telecoms operator in the Emirates, launched in 2006, du initially had a major focus on the consumer mobile market, given that it was restricted to providing fixed services only in certain freezones, but the operator has since set its sights on a much wider market, and a wide set of business services. John Lincoln, VP of enterprise for du and 22 year telco veteran, believes that today, the real target for du is nothing less than creating a services hub that will serve three billion customers across the wider Middle East and Africa region. “I am more bullish on the UAE than any other market that I have worked in,” Lincoln said. “The UAE is the prime market to

“I AM MORE BULLISH ON THE UAE THAN ANY OTHER MARKET THAT I HAVE WORKED IN. THE UAE IS THE PRIME MARKET TO SERVE THREE BILLION PEOPLE.” 64

ARABIAN COMPUTER NEWS September 2012

serve three billion people. The western economies are stagnating or growth is limited, and they are all looking to expand, where best to expand than in markets that are underdeveloped or developing. Dubai is fairly developed, but think about India, the emerging Middle East, Africa - where do you think the MNCs will locate to serve this market? Dubai is going to be a fantastic hub, and in that respect, the telecommunications potential, and the ability to serve ICT services it is a fantastic opportunity.” It’s a major target for a company that at present only operates in its home country, but the plans for expanding du services outside of telecoms are certainly ambitious. du has already launched a number of managed and hosted services offerings, and has attracted major customers such as General Electric. The company is planning to launch even more solutions, including more cloud offerings, over the next twelve months, and Lincoln believes that the timing for expansion in both enterprise and SME services is ideal. “We believe first and foremost that as du we address both the very large enterprises, the MNCs, large government organizations, all the way to SMEs and SO/HOs. It is a wide spectrum of different types of company that we address,” he said. For enterprise customers, the economic downturn of 2008 meant that for the first time, many CIOs in the UAE actually had to think about budgets and being accountable for for their spending, as well as facing cuts in budgets, Lincoln said. Growing complexity of IT solutions, in terms of maintenance and deploy-


/DU

“WE BELIEVE FIRST AND FOREMOST THAT AS DU WE ADDRESS BOTH THE VERY LARGE ENTERPRISES, THE MNCS, LARGE GOVERNMENT ORGANIZATIONS, ALL THE WAY TO SMES AND SO/HOS.” ment mean that CIOs face a greater task of managing their own infrastructure, with limited options of how they manage it. Many would rather focus on their core business rather than dealing with complexities such as infrastructure security. Outsourcing should also be considered as a means to optimize investment and budgets, Lincoln added. CIOs in most large enterprises spend about 60% of their IT budget on hardware, with utilization rates that may be as low as 30-40%. With staffing costs to run this under-used infrastructure added on top of that, it is not necessarily cost effective to keep non-core activities in house. For the SME sector, du was the first operator in the country to introduce specific packages for SMEs, to differentiate between consumers and SMEs for telecoms services, despite SMEs being one of the biggest spenders on telecoms services. The company is expanding beyond telecoms services for SMEs, and wants to be seen as the provider of choice, Lincoln said. In September, du will be launching a partnership with the Sheikh Mohammed Bin Rashid Establishment for Young Business Leaders (SME) and Microsoft, to offer Microsoft applications and du’s mobile services as a bundle, and company also plans an extended portfolio of IT offerings for SMEs. Lincoln said that the main driver for SMEs to consider outsourcing is cost and convenience. SMEs want pricing predictability from vendors, and they want value for money through switching to OPEX, rather than CAPEX investments. In convenience terms, they need help managing complexity of IT solutions, which they can’t always afford IT administrators for, and they prefer the convenience of working with a single vendor. All these factors, for both enterprise and SMEs, are making outsourcing of services more attractive as a whole, Lincoln said, but the telcos stand out from other service providers, such as local systems integrators, outsource specialists like the Indian BPO companies or the global names like IBM. “The research that we have has shown that large enterprises are willing to outsource their services to telcos beyond the core services that we traditionally provide; roughly 50% of companies are willing to do that, they prefer local telcos because they want somebody in the country, who is established,” he said. “They look at the telco, at what they currently spend on telecommunications, and so they look to leverage better value for money because of the scale of the purchase they can do.” Taking IT services from a telco is also a natural extension of the existing connectivity that the telco provides, and the convergence of IT and communications.

DU SOLUTIONS FOR LARGE ENTERPRISES Alongside of voice and data connectivity solutions for large enterprises, du offers a growing set of business solutions and managed services: MANAGED SERVICES Global IP VPN | Global Ethernet National IP VPN Contact Centre Solutions Managed LAN Hosted Web Hosted email Domain Name services Business Managed TV Business Omnipresence Managed Guest Internet Service

BUSINESS SOLUTIONS Industry Solutions Broadcast Services Professional Services Mobile Telemetry Solutions Power Bill SMB SOLUTIONS Hosted web Hosted email Hosted DNS

“As telcos we provide network services between point A and point B. It becomes a natural extension, if I can manage the connectivity, then I can manage the end points, the routers and switches. If I can manage the end devices, there is a natural extension for me to manage the security to the end devices; if I can do that then I can also offer data centre services, and if I can do that then I can also do server management, and then I can also do virtualization,” he said. du is also looking to deliver services with partners in a range of areas, to complement its own professional services team and tap vertical markets. The telco is working with Polycom to offer video conferencing and collaboration, an example of how the operator is able to provide the connectivity and the video network operations centre (VNOC) while Polycom handles the end terminals. The whole is sold to the customer as a solution from du, rather than the customer having to buy the end points and infrastructure as a CAPEX, then get bandwidth services from someone else. The operator has a similar model for its managed bandwidth service for hotels, to help them meet peak demand, and with security companies for its managed security services. “Communications is a critical element of the entire IT managed services. The complexity of the requirements, the network security and bandwidth management, along with the specialized

September 2012 ARABIAN COMPUTER NEWS

65


/DU

Proper use of service providers can help companies to tap greater expertise, improve efficiency and focus on core activities, Lincoln says.

applications that companies need, is something that is best done through partners who are vertically expert, together with the telco,” Lincoln commented. Another focus area for the operator is in cloud computing. du is already offering some cloud-based solutions, namely security solutions such as unified threat management and device management, and while Lincoln believes that cloud is still in its infancy in the region, he expects it to take off in the coming year. The operator aims to offer selective cloud services where it can get enough volume of customers to be profitable, with services such as managed security combined with web and email security, that can be charged on a monthly basis. du will also look to horizontal application offerings. “We believe there is an opportunity for three or four horizontal applications to be put on the cloud, working with partners. One is HR/labour application, the second is CRM, the third one is accounting, and the fourth is communications and storage. We believe there will be a huge opportunity in the cloud,” he said. “In the Middle East the cloud market is still in its infancy, it is very niche, and we believe that the inflexion point is next year, next year it will take off.” The operator is also pursuing a strategy of selective investments to extend fibre connectivity to growth areas in the UAE, to extend its reach, and it has also signed a major partnership with an un-named data centre provider, that will offer du-branded data

66

ARABIAN COMPUTER NEWS September 2012

“LARGE ENTERPRISES PREFER LOCAL TELCOS BECAUSE THEY WANT SOMEBODY IN THE COUNTRY, WHO IS ESTABLISHED. THEY LOOK AT THE TELCO, AT WHAT THEY CURRENTLY SPEND ON TELECOMMUNICATIONS, AND SO THEY LOOK TO LEVERAGE BETTER VALUE FOR MONEY BECAUSE OF THE SCALE OF THE PURCHASE THEY CAN DO.” centre services out of the UAE. Lincoln believes this represents a major opportunity, to host data centres for multinational companies that want to serve the wider region out of Dubai. Lincoln said that the managed services sector is maturing in the region, although there is still some way to go in convincing CIOs that they are able to retain control of their systems, through SLAs, management portals and reporting capabilities that are offered as part of the service. The managed services conversation also needs to be extended to include the financial stakeholders in an enterprise. “In terms of maturity, I think we are mature in the core services, in the managed service front, but we still have some ways to go, in the cloud I believe next year will be when it takes off,” he said. “One of the hindering factors is most CIOs are rightly concerned about security. They want control of their networks, so our job is to convince them that they still have full control. You have SLAs tied to this, you have management portals and reporting capabilities that enable you to understand and manage your IT managed services better,” Lincoln commented. “We are not just addressing the CIOs, we think the CFO is a very important stakeholder to understand why they should go into managed services. We are really bullish, we think it is a fantastic time to be in the UAE going after this particular sector.”


14-18 OCTOBER 2012

DUBAI INTERNATIONAL CONVENTION AND EXHIBITION CENTRE

D E K R MA THE DATE?

O2C0TO1BE2R TUE SUN MON

WED

THU

FRI

SAT

2

3

4

5

6

1

10

11

12

7

9

13

8 15

16

17

18

19

14

NOW MAKE YOUR MARK

21

22

23

24

28

29

30

31

20

26

25

27

GITEX Technology week

hnology Week c Te x e it G r fo s n o ti ITP’s official publica tions to the show’s lu so g in h lis b u p f o rs. Increase deliver a full range o it ib h x e s lu -p 0 0 ,5 rs and 3 130,000-plus visito ring and after the u d , re fo e b re su o p x your marketing e our team today. g n ti c ta n co y b n io exhibit

review P X E IT G s e im GITEXT www.gitex.com

nnn%^`k\o%Zfd

BER 2011 SHOW DATES: 9-13 OCTO

DAY ONE: 09 OCTOBER

2011

S le with TODAY’ LIGHTS GITEX stays in po tures HIGH r fea w ne of plethora to

OFFICIAL NS PUBLICATIO

New sections address

us lineup key trends in IT; illustrio

nce of speakers for confere

TRA promote new domain names

WEEK is reGITEX TECHNOLOGY leading position inforcing its market new features and with the addition of e programme an enhanced conferenc changes will the t this year. Together, SHOW NEWS P8 and CIOs help ensure that executives n they need to have all the informatio today’s changing stay competitive in . business landscape even further “GITEX is cementing influence on t its position as a leading introducing SHOW NEWS P14 by the global ICT industry not only reflecting brand new sectors, but by providing the current trends, future,” says Heopportunities for the Chief Executive lal Saeed Almarri, year. Trade Centre, programme this Officer, Dubai World conference and an expanded “The industry’s organiser of GITEX. t GITEX has new sections GULFCOMMS P39 digital marketing, top cyber security, telecoms organcard technology and will showcase isations and experts offer essential and speeds, their latest products double current 3G es.” high new industry perspectiv added to S1-MAC4 allowing users to watch video Sheikh Saeed Hall, make One of the new features definition movies, to er is CyberSelooking year multiplay be this WILL online T play GY tP49 the exhibition LTE, or calls and visitors can ETISALA CONSUMER TECHNOLO move. awareness of its new curity @ GITEX, where games whilst on the tutorials from raise unications unications see presentations and “Advanced telecomm 4G, mobile telecomm experts on cybera developed the world’s foremost network this week. are a key basis for security. Featured support network can The network will crime and electronic society, and this 4G ns include g various more than companies and organisatio Norton, speeds of 100 MB/s, contribute to developin McAfee, education, Abu Dhabi Police, sectors including as the Hat. INFOCOMM tP57 healthcare as well aeCERT and Black finance, GITEX the is sectors, Also new this year economic and business be a direct g section of the will Digital Marketin the latter of which an opportusays Nasser show, which provides and analyse beneficiary of 4G,” CEO, Etisalat. nity to assess, evaluate is becoming Bin Obood, Acting what the launch the full potential of The operator says tool. Exhibitors of the first an essential business ikoo, ICANN makes the UAE one to have a include Yahoo Maktoob, countries in the world At launch, service. 4G ial and Khellan. commerc world, the use stations are Across the business more than 700 base increasing. From key areas of of card technology is INTERVIEW tP61 operational and “all financial servicwidespread use in the the UAE” are covered. . phone SIM cards, by 4G technology es sector to mobile Bin Obood: Excited

E-services vitalt for governmen

Avaya unveils new enterprise comms platform

<e\knfib <k`jXcXkcXleZ_\jCK

Genius delights video gaming community Global AV event comes to region Etisalat Group CEO has plans for the telco

Continued on page

A DV E RT IS IN G

New security, digital

card marketing and smart

sections amongst

major innovations

seeks to grow its enterprise networking business

LOGY WEEK is GITEX TECHNO new elements to introducing brand as the Middle reinforce its position Asia (MEASA) East, Africa, and South on the pulse’ region’s leading ‘finger t technology event. SHOW NEWS P3 ICT exhiAs one of the three largest connects the show bitions in the world, industry profesmore than 136,000 with over sionals from five continentsof the most is one 3,500 suppliers, and le events in tP35 influential and high-profi CLOUD CONFEX today. sector ICT global the ear to “GITEX strives year-on-y and ICT market drive the regional for the world’s provide a platform organisato ICT users. most illustrious technology that matter most knowledge and to focus on the issues tions to share their of GITEX continues issues Running essential region. the Gulf Africa and products on LOGY GULFCOMMS tP69 Dhabi Police, East, Loh, Senior Vice GITEX TECHNO the day,” says Trixee Trade Centre, Terabyte Sponsor, Abu and ae- alongside East & Sponsors, McAfee InfoComm Middle President, Dubai World . “Follow- Gigabyte with Black Hat. WEEK, (IFMEA) is a joint venture organiser of the exhibitionsuccessful CERT, in association latest trends Africa InfoCommAsia and Dubai ing the event’s extremely we com- Sessions will cover the year, a range of sub- between Centre. 30th anniversary last more cutting and vulnerabilities on identity World Trade a dedicated showcase mitted to adding even for GITEX jects from mobile malware,widgetiAs well as soluorder malware through Visual products and edge components in Audio cloning, for g.” fraud, IFMEA positionin through to credit card on the tradeshow floor, educato strengthen its global LOGY WEEK, zation websites and social media tions dited GITEX TECHNO will feature CTS-accre InfoComm 9 - 13 October phishing seminars from the which will run from nal Conven- malware and more. tP87 2011, GITEX tion with a variety of CONSUMER TECH Also new to GITEX 2011 at Dubai Internatio is themed ty Academy, along manufacturers to Centre, ties for Marketing is an opportuni tion and Exhibition s and will tackle Digital realise the full opportuni solutions in conference their ‘Redefine the Future’ nts with dedi- to assess, evaluate and present an esThis combinakey industry developme and sectors. potential of what is becoming and training sessions. tool. Digital marketing tion of networking and education in a cated first time features ly be- sential business businesses in vast potential has already As data security increasing being employed by s utilise market with key playgame of cat and is many consumer break to as or East make a irresistible Middle comes Cyber Secu- the es and tablet proved AV market. “The launch of SHOPPER tP89 mouse, the brand new at providing social media, smartphon use ers in the point GITEX contributing to the increasedrs to our event comes at a turningal AV,” rity @ GITEX is aimed individuals with PCs, of profession media. Key contributo both corporations and and tools of digital include in the evolution Manager, Digital Marketing will the information, awareness says Richard Tan, General of AV tide of cyber- GITEX to combat the growing by the TRA Yahoo, Ikoo and ICANN. requests InfoCommAsia. “The migration making onto IT networks is After it received countless crime. Officially endorsed Cyber Se, InfoComm productsintegration a more net-centric and supported by aeCERT, a series from global exhibitors INFOCOMM tP95 its systems feature launching be will page 12 t curity @ GITEX International will Middle Continued on demonstrations tradeshow for the of daily interactive ons from first ever and educational presentati

Cloud computing gains momentum Etisalat focuses on fibre to the home and 4G GCT aims to please with range of Apple extras

Bargains, deals and discounts:ns Shopper retur AV show makes regional debut

4t

GY GITEX TECHNOLOE WEEK CATALOGU GEORGE HOJEIGE

EX 2011

hances GIT LIGHTS GITEX further en sition HIGH r po g din market lea Huawei

T: +971 4 4443203 M: +971 50 5025532 .com itp E: george.hojeige@

DAVID INGHAM

43000 E D ITO R IA L TeE: l:da+9vid71.in4 gh44am @itp.com


/OPEN SOURCE

68


/OPEN SOURCE

The open source software movement has several different ideas about how open source should operate, but the unifying feature is that users should be free to amend code.

OPENING UP TO OPEN SOURCE OPEN SOURCE SOFTWARE HAS TAKEN TIME TO BE ACCEPTED BY ORGANISATIONS IN THE MIDDLE EAST, BUT AN INCREASING NUMBER OF USERS ARE EMBRACING THE ADVANTAGES BY KERI ALLAN September 2012 ARABIAN COMPUTER NEWS

69


/OPEN SOURCE

DeBono: Many enterprises in the region are mature enough to benefit from open source.

Ramachandran: Companies may need to invest in skilled resources to properly implement OS.

lobal use of open source (OS) software has risen drastically in recent years. Uptake in the Middle East region is becoming more popular for a number of reasons, including the fact that OS solutions often allow organisations to drive sales and revenue as well as manage issues such as big data at a more affordable cost. “The general trend has been to do more with less,” says George DeBono, Red Hat’s general manager, Middle East and Africa. “This means that while IT budgets see little or no increase, enterprises still turn to their IT departments to help streamline processes and increase productivity. This is why we are approached by a number of customers who are aware that by spending their money with us, they are capable of running their operations at a fraction of the cost of the solutions from other vendors. “At a time when IT budgets aren’t growing sufficiently to keep up with growing IT demands, such cost savings are essential as these funds can then be allocated to future development projects, which help enterprises maintain their competitive advantage.” Traditionally small organisations have been leading the way in the adoption of OS, however in recent years several governments have also opted for these solutions.

“IF AN ORGANISATION DOES NOT HAVE A WELL-STRUCTURED PLAN TO WORK WITH OS; WHEN SOMETHING GOES WRONG IT COULD BE TRAGIC.” 70

ARABIAN COMPUTER NEWS September 2012

“Bahrain was one of the first, and they phased out Windows in favour of Linux,” says Company85 consultant Michele Daryanani. “More recently, in Saudi Arabia, the United Nations Development Programme (UNDP) has established an OS software centre which ties in with King Abdullah University of Science and Technology (KAUST’s) OS programmes.” The region is seeing an increase in large organisations’ curiosity and adoption of OS, with vendors like Zimbra, Percona, Actuate and SugarCRM all now widely accepted enterprise grade alternatives to traditional non-open source vendors. “Therefore enterprise organisations now have scalable, secure, mature open source platforms from which to truly start to create reliance upon OS as a very attractive cost saving investment without sacrificing features or critically, support,” explains Jason Currill, founder and CEO of Ospero. But can OS really be the centre piece of an enterprise’s IT strategy? With the availability of robust, adaptable and most importantly, cost friendly solutions, Frost & Sullivan believes the answer is yes – as long as an enterprise follows three key steps. “Assess the IT situation – this involves a clear understanding of where the organisation is at the moment and what it would like its IT structure to evolve into,” says Haritha Ramachandran, program manager, Information and Communication Technologies Practice, Middle East and North Africa, Frost & Sullivan. “Evaluate software options - this involves a step by step evalu-


/OPEN SOURCE

“OS IS NO LONGER A POOR MAN’S ALTERNATIVE TO ESTABLISHED VENDORS, IT IS NOW A CREDIBLE ALTERNATIVE TO RUNNING MISSION CRITICAL APPS FOR ENTERPRISE CUSTOMERS AND THIS CAN ONLY BE WELCOMED AND EMBRACED.” ation of what is available in the market,” she continues. “Seamless integration and custom development – this is the most important step since it involves the actual implementation and customisation of the software. This often may involve investment in the form of a good developer to support the actual process.” As with all solutions, OS has a time and a place, and this depends on a company’s maturity and needs. Ramachandran, for example, believes it is prudent for big enterprises to use OS in the case of mission critical applications. “OS is the best bet for mission critical applications for two reasons namely, security and flexibility to develop and customise. Security is the key to any enterprise and mission critical applications cannot afford to have vulnerabilities. OS communities due to their communal and interactive nature discover and fix security vulnerabilities quicker than commercial software vendors. “As well, with names like Red Hat and IBM in the market, open source security practices are backed by commercial support and guarantees, to ensure more enterprises adopt them successfully. Big enterprises thrive in their ability to have their IT staff customise their applications to their needs and open source software provides the right platform to enable this,” she says. Indeed security options can be one of the positive points of turning to OS, DeBono says: “The advantage of adopting the OS development methodology is that we can leverage a global community of developers and users, whose collective resources and knowledge supplements the developers we employ. As a result, we are able to offer enhancements, fixes and upgrades more quickly and with less development cost than is typical of many proprietary software vendors. Any vulnerabilities found in the system are identified and addressed by this large resource pool in a time frame which is much smaller.” “Security-Enhanced Linux (SELinux) is a Linux feature that provides the mechanism for supporting access control security policies, including United States Department of Defence-style mandatory access controls, through the use of Linux

Security Modules (LSM) in the Linux kernel. SELinux is available with commercial support as part of all versions of Red Hat Enterprise Linux (RHEL). “I think the Middle East IT market has reached a level of maturity wherein enterprises are sufficiently informed about OS technology. In terms of security, it has been well documented and well proven that Linux is the most secure operating system on the planet so we don’t believe that there are any concerns in this regard,” he adds. Although organisations need to be careful not to dismiss OS software because of issues that can be mitigated quite easily, they do need to consider when a move might be unwise by considering the risks. “If an organisation chooses to migrate to OS purely based on the licensing costs, expecting to see a reduction in the total cost of ownership without any further work, this could be quite risky,” says Daryanani. “If an organisation does not have a well-structured plan to work with OS; when something goes wrong it could be tragic.” In-house skills and the choice of vendor can also change the level of risk, as Currill highlights. “If the organisation has a large or talented pool of internal developers then this always helps to minimise the risk of moving to a tier 2 OS vendor. If the organisation does not, then clearly the risk increases as the support community is small and the vendor may also be too small to offer the level of service level agreement (SLA) that an enterprise would require,” he says. “It might be unwise to work with open source without a good support package,” agrees Ramachandran. “SMBs may be stuck posting on message boards awaiting replies when the licensed software option could possibly give them expert service.” To facilitate the widespread deployment of their offerings, companies such as Red Hat have focused on gaining support for their technologies from the providers of hardware, software and systems integrator’s services critical to large enterprises. This ensures compatibility with market leading technologies, thereby simplifying the installation and integration process.

September 2012 ARABIAN COMPUTER NEWS

71


/OPEN SOURCE

HISTORY OF OPEN SOURCE SOFTWARE 1950s-1960s: Most software has accessible source code that can be shared and amended freely. IBM’s SHARE user group formed to help facilitate the exchange of software. 1970s: Rise of proprietary software, as software companies seek to control their applications. 1984: Richard Stallman founds GNU project to create a free, open source operating system, and the Free Software Foundation to support GNU. 1989: General Public Licence (GPL) released. GNU software developers must agree to the GPL to keep source code freely available. 1991: Linus Torvalds creates Linux, using the Free Software Foundation’s development tools. 1993: FreeBSD ‘Unix-like’ operating system released. 1994: Linux 1.0 is released after widespread collaboration on improving the original Linux kernel. 1995: Red Hat Software company founded. 1998: Netscape releases its web browser code as open source. Term ‘Open Source’ is first adopted shortly afterwards. Open Source Initiative founded, Mozilla Project founded. 1999: Sun Microsystems releases StarOffice as open source. SourceForge founded as a repository of open source projects. 2004: Firefox 1.0 released. Canonical releases Ubuntu 4.1, Linux distribution. 2007: Google Android first previewed by the Open Handset Alliance.

But are there compliance issues companies should consider when going forward with OS solutions? Ramachandran identified one issue – lack of checks and balances: “As quickly as companies are to migrate to OS software they have trouble managing the vast quantity of code available for them. Scanning the code, setting up processes to use it, running it by an approval committee and also keeping abreast of the latest compliance information published by the consortium sponsoring the software are all key checks and balances that enable compliance. Lack in any of the above could result in costing an organisation its value in fines,” she notes. Currill adds that it’s always good to check if there are any restrictions around the usage of the vendor’s code/application.

72

ARABIAN COMPUTER NEWS September 2012

There is growing uptake of OS solutions, but companies should not make decisions based purely on licensing costs says Daryanani.

“Some OS vendors insist that the code is always open and available for others to use and improve upon. While this is great for the bigger community, for the enterprise that just spent months and months customising and coding the software for their specific usage it could be now be at a competitive disadvantage if the code now has to be shared with the public,” he says. It’s pretty easy to see why the interest in OS has grown. While there are specific issues each company must consider before signing up, however that is also the case with most solutions. As Currill highlights, its interest is growing in both the minds of customers as well as vendors, and gives organisations an ever wider choice of software solutions to pick from. “There are thousands and thousands of open source projects in the marketplace and with large vendors like VMware, Oracle purchasing Sun and therefore MySQL, it’s clear that OS is for sure on the mind of not only established vendors but also customers. “It’s always good to work with best of breed OS vendors as they have the largest developer community and forums, they typically have excellent support (a major source of revenue so they have to get it right) and release ‘certified versions’ regularly that have been through the vendor’s own internal QA procedure,” he continues. “OS is no longer a poor man’s alternative to established vendors, it is now a credible alternative to running mission critical apps for enterprises and this can only be welcomed and embraced.”


/MOBILITY

74


/MOBILITY

The blurring of boundaries between work tool and personal gadget mean mobile devices have the potential to upset corporate data management.

MAKING MOBILITY MANAGEABLE

AS WORKING PRACTICES, AND CORPORATE DATA, HAVE STEADILY SHIFTED TO THE MOBILE ARENA, SO THE RISK OF DATA BEING COMPROMISED HAS GROWN. PROPER PROTECTION FOR MOBILE DEVICES IS NO LONGER AN OPTION BY KERI ALLAN September 2012 ARABIAN COMPUTER NEWS

75


/MOBILITY

Nofal: Companies have to set minimum standards for securing devices that carry business information.

any working practices in the Middle East remain transitory, with executives needing to travel across the region and into Africa to visit regional offices. There is a continued demand for solutions that allow employees to access data securely when on the move, which in turn has led to: “security for mobile working and mobile data becoming a business critical concern for CIOs and IT managers,” says Aaron White, regional director for Citrix in MEA. According to Kaspersky Lab data, one third of companies all over the world allow their employees to use mobile devices with full access to the corporate network and its resources. By doing so, companies are creating a gaping hole in their security. The seriousness of this issue has increased over the past year. Data shows that 29% of companies had suffered the loss or theft of mobile devices and 10% of companies had experienced critical information leaks due to the loss or theft of a mobile device. There is definitely a growing trend towards mobility as more and more employees need to access company data when they’re out of the office for business purposes or working remotely from home. “Whether they’re inside or outside your organisation’s four walls, you need to find a way to provide authorised users with access to network applications and online services - securely,” says Miguel Braojos, SafeNet’s vice president of Sales Southern Europe, Middle East and Africa. “As businesses are increasingly embracing mobility, information has to be available anywhere and on any device. To achieve this, enterprises need to ensure that data is secured at every stage - from the moment of generation, to securing each point of access, to protecting the process of communication exchange.”

76

ARABIAN COMPUTER NEWS September 2012

Voronkov: IT security vendors are developing various approaches to secure mobile devices and corporate data.

“WHETHER THEY’RE INSIDE OR OUTSIDE YOUR ORGANISATION’S FOUR WALLS, YOU NEED TO FIND A WAY TO PROVIDE AUTHORISED USERS WITH ACCESS TO NETWORK APPLICATIONS AND ONLINE SERVICES - SECURELY.”

So the big question for IT managers and CIOs is how can you keep enterprise information secure while enabling users to access the information from anywhere? Hani Nofal, Intelligent Network Solutions director at GBM believes that allowing access from any device anywhere does not mean sacrificing security. IT must establish the minimum security baseline that any device must meet to be used on the corporate network, including WiFi security, VPN access, and perhaps add-on software to protect against malware.


/MOBILITY

White: security of data stored on the device, and secure connectivity while working are becoming critical concerns.

THE MYSTERY OF THE DISAPPEARING LAPTOP One laptop is stolen every 53 seconds 70 million smartphones are lost each year, with only 7 percent recovered 80 percent of the cost of a lost laptop is from data breach Source: Kensington, 2011

“In addition, due to the wide range of devices, it is critical to be able to identify each device connecting to the network and authenticate both the device and the person using it,” he notes. The experts highlight that encryption is the best way to secure the data itself, whether it is inside the data centre or on a mobile device. It protects data in transit as well as at rest. The damage brought about by many of the recent breaches would have been minimised if organisations just did this step, “ notes Baojos. “The great thing about encryption is that, unlike DLP technologies, it doesn’t have to be contentaware. This means that you don’t have to complete a data discovery before you deploy it.” Encryption can be a daunting project to consider, but many organisations, lead by the data centre modernisation projects organisations such as SafeNet are seeing, are beginning to centralise cryptography and provide ‘cryptography as an IT service’ back to the business. “A centralised encryption IT service allows an IT team to provide encryption and authentication services and manages the full data protection side of the business,” Baojos explains. “This saves individual business units from trying to procure and run their own encryption silo, and allows them to focus on the core business. Other benefits include centralised management and auditing of all encryption within an organisation. There is another significant benefit of a centralised encryption IT service – and that is centralised key management. One of the biggest drawbacks of each business unit applying data

encryption on its own is that there is proliferation of security keys. By consolidating this, businesses can run a tighter ship and manage those keys more effectively.” Chris Kozup, senior director of EMEA Marketing, Aruba Networks, moves on to another point. “Both authentication and encryption techniques for wireless networks are widely accepted and deployed,” he says, “however, the emphasis for mobile security has now shifted to ensuring that data stored on mobile devices is protected – especially in the event the device is lost or stolen. “It’s important that the network has the intelligence to know who and where the user is, what device they have and what types of applications they are using in order to tailor security methods for each different scenario. This type of context-based security allows organisations to define and enforce security policies for any mobile use case.” Monitoring network traffic is one technique that can aid security in this instance, although it does not provide a complete security solution, does allow IT managers to profile different types of applications and devices that are active on the network. But not all users might be willing to accept additional delays or the fact that personal data is monitored by their IT department. One solution is to only monitor or control a sandboxed portion of the personal device, something that is beginning to appear. “Employees are prevented from downloading files outside of the corporate email and only the segregated portion of the device is monitored. Although more advanced versions of this solution may one day be of value for some employers, today they are unlikely to be acceptable due to critical limitations,” notes McAfee’s Essam Ahmed, regional presales manager MENA. Another possible alternative is a web filtering solution, notes Kon-

52 percent of devices are stolen from the office/workplace 24 percent of devices are stolen from conferences

September 2012 ARABIAN COMPUTER NEWS

77


/MOBILITY

“IT’S IMPORTANT THAT THE NETWORK HAS THE INTELLIGENCE TO KNOW WHO AND WHERE THE USER IS, WHAT DEVICE THEY HAVE AND WHAT TYPES OF APPLICATIONS THEY ARE USING IN ORDER TO TAILOR SECURITY METHODS FOR EACH DIFFERENT SCENARIO.” stantin Voronkov, senior product manager, Kaspersky Lab. “When a user needs to access corporate-related services, traffic can be checked for phishing sites. A mobile device management solution can ensure corporate applications only work via secure connections.” Voronkov also highlights that a new focus in the field of mobile device security is the ability to remotely remove corporate data from a device. If an employee leaves the company or a device is lost or stolen, the IT department can locate it or wipe any corporate data from it. The ideal security approach, according to White, is to enable completely device-independent computing through desktop virtualisation, accessed through a SSL VPN that protects the enterprise network and is supplemented by a secure file sync and sharing service. “With this approach, IT can provide optimal freedom for users, while maintaining security and control. People can access all of their Windows, web and SaaS apps on any device, over any network, with single sign-on and seamless session roaming across networks and devices,” he says. “Because apps and data are managed within the data centre, IT maintains centralised data protection, compliance access control and user administration as easily on BYODs as on corporate-owned endpoints, all within the same unified environment.” But while it’s a powerful control, the virtualisation promise of any device anywhere has historically been limited by traditional security controls, notes Ahmed: “For example, installing antivirus on every virtualised image is a network, system, and virtualised image density drain. Virtualised images should be used in conjunction with specialised security solutions designed to optimise virtualised environments and maximise virtualised image density without sacrificing security.” It may provide businesses with a range Network of benefits, but for organisations tasked intelligence is key to ensuring devices with managing sensitive data, virtualisation can be managed, can present a host of challenges revolving says Kozup.

78

ARABIAN COMPUTER NEWS

around multi-tenancy, administrative access and data destruction. “When it comes time to remove a given asset, it grows increasingly difficult to authoritatively ensure that all copies of a virtual instance, and the sensitive assets on that instance, are permanently removed,” notes Braojos. The experts also advise that enterprises use core data centre technologies to mitigate risk. Behavioural and monitoring technologies like IPS, application aware firewalls and network/user behaviour solutions are a great way to baseline normal behaviour and then look for abnormal activities that might be a breach. “Many of the data centre applications have built-in capabilities to limit activity too, for example by time of day or volume of data being transferred etc,” says Barojos. “This behavioural angle is a great way to limit damage done by a breach or a malicious insider.” With many of the devices used being employees’ own, bringing security to them is a challenging task. More and more IT managers are developing mobile device management (MDM) policies, and Kaspersky recommends that an MDM makes sure devices are protected with a PIN code and that the applications that access corporate data are protected with a strong password. “Also, all application caches and corporate files stored locally should be encrypted, because mobile devices can easily be lost or stolen. As the number of malicious programs grows anti-malware software offers yet another very important level of security for devices,” says Voronkov. In the end the experts such as Kozup recommend that the best strategy for managing and securing enterprise mobility and mobile data is a multifaceted and multilayered approach. By integrating layers of encryption and authentication, networking monitoring and a move towards virtualisation for example, the fear of security breeches from mobile data and devices should be lowered.


/AFTER HOURS

Arabian Computer News delves below the corporate strategy to understand what really makes the region’s IT leaders tick.

THIS MONTH: HATEM BAMATRAF EXECUTIVE VICE PRESIDENT, NETWORK DEVELOPMENT, DU Can you tell us how you began working in the ICT industry in the UAE? I graduated from Etisalat College of Engineering with an honours degree in Electrical and Electronic Engineering – a passion of mine – and began my career in 1995. I had the opportunity to join du in 2007 as the Senior Vice President of Network Development, to head up the network part of the technology division. Currently, I am the Executive Vice President of Network Development and Network Operations. Talk us through what you do on a daily basis. A typical day in the office is always busy. There are lots of meeting requests to fulfill; I tend to meet externally with partners, vendors and suppliers, as well as internally with my direct reportees and peers within the organisation. I believe that discussions, meetings and communicating are the best way to address any issues, challenges and problems that we might come across. It’s a more efficient way of communication than through emails. What has been your proudest achievement in your career so far? There are a number of things that I’m really proud of, first of which is to have chosen the career path that I’ve followed until now. I’m proud to have been part of the team that built the UAE’s mobile network in the mid 90’s. It makes me also proud to know that I played a key role in building another successful company in KSA, Mobily. I’m proud that since I joined du in 2007, we’ve managed to overcome all of the challenges that we faced since the early launch to reach the stage of success that we’re at now. We’ve got 48% of the market share and cover more than 99% of the population of the UAE; we are the first choice of customers in UAE.

80

ARABIAN COMPUTER NEWS September 2012

What IT product or innovation should the IT industry watch out for this year? Technology is changing radically and that is what I love about it – the level and pace of innovation is always very fast, in both telecommunications and IT. There are interesting trends happening in the business of telecoms and technology, such as cloud computing and cloud services. The other thing is the introduction of faster speeds in broadband and mobile broadband, such as 4G and LTE. We’re proud to say that we’ve launched our 4G services in June this year, and we’re going to take our mobile broadband story even further. What IT company, other than your own do you admire and why? Basically, I admire Apple – I think a lot of people do. Apple’s products have shaped and changed the music industry and the overall telecommunication with a superior customer experience. The ecosystem that they’ve built has been instrumental in transforming media into the digital space. And then, of course, there’s the iPhone. Again, not the first smartphone, but it changed the way that smartphones were perceived with the design of the device, the applications and again, the ecosystem around it with the App Store, the way in which your iTunes will work with your iPhone. I really admire this company. All of their products are amazing, and all of them provide a really great experience. Who do you look up to in your career and why? I have several role models; I believe that Role models are people who you have usually had the opportunity to work with, in order to be convinced of their worthiness as a role model. our CEO, Osman Sultan, is a role model, as is Khalid Al Kaf, CEO of Mobily. My father has also been a role model throughout my life.


© Kodak, 2012. Kodak is a trademark. DoldeMedien_40_12

SMARTER DOCUMENT IMAGING WITH KODAK

TRANSFORM DOCUMENTS INTO BUSINESS INSIGHT Kodak’s portfolio of solutions empowers organizations of all sizes to transform paper and electronic documents into business insight. Award-winning scanners and capture software. Industry-leading service and support. A growing array of professional services. It all adds up to having the solutions that make your insight take flight.

Make a change for the better. Kodak.com/go/DI For inquiries : Tel: +9714 3444910 E-mail: meaf-di@kodak.com

SCANNERS

SOFTWARE

SOLUTIONS

SERVICE & SUPPORT

PROFESSIONAL SERVICES

YELLOW CHANGES EVERYTHING


ACN - September 2012  

Arabian Computer News (ACN) -August 2012 - Volume 25 - Issue 9 "84 Pages" ITP Technology Publishing, Dubai, UAE

Read more
Read more
Similar to
Popular now
Just for you