AN ITP T E C H N O LO G Y P U B L I C AT I O N
MARCH 2013 VOLUME 19 ISSUE 3
ARE YOU PCI COMPLIANT? ALL COMPANIES PROCESSING CREDIT CARDS MUST COMPLY
We would like to give every business and every resident the ability to choose the telecom provider he wants. ” NAJMUL HUSSAIN P20
COMMENT: DEALING WITH TARGETED ATTACKS – TIME TO LOOK INSIDE THE NETWORK
Dubai World Central and Smartworld have installed the region’s first multi telecom vendor network
COMBATING THE DATA FLOOD: COMPANIES MUST START TREATING THEIR DATA AS AN ASSET
Connect to More
Business Solutions D-Linkâ€™s Switching, Wireless, Security, IP Surveillance and Storage Solutions deliver best-in-class performance and extreme value to small and mid-sized businesses, schools, hospitals, government agencies, retail chains and a variety of other organizations around the globe.
Connect to More
+971 4 880 9022
40: Combating the data flood Companies must start treating their data as an asset rather than a burden
3 Editorâ€™s letter: PCI compliance 5 Network news: All of the hardest hitting news from the network industry
20: Case Study: DWC implements multi-vendor network Dubai World Central, Smartworld install 10 Gigabit core network
Fast Lane explains its FL-FLEXPODI course and how it benefits network professionals in the regional industry
10 Vendor Profile: Brocade discusses its successes, challenges and future plans.
12 The Four Steps to IT Consolidation Nirvana: Philippe Elie, director, business operations EMEA, Riverbed, says IT consolidation still meets with scepticism
Dealing with targeted attacks: Strategies for mitigating APTs are lacking, says Trend Micro
16: Cloud computing is not just about IT: The real business opportunity for cloud services lies beyond IT, says Gartner.
18: Where to put your cooling units: 24: Are you PCI compliant? Any company of any size storing, transmitting or processing credit card details must be PCI compliant to ensure the safety and security of customersâ€™ data,
32: Network access controls and identity management Experts looks at what kinds of authentication and access controls enterprises can and should implement
Cannon Technologies explains where to put your cooling units
Network security news: All of the latest security news this month
56 Last word: Daniel Schmierer, area VP sales, Middle East & Africa, Polycom
PO Box 500024, Dubai, UAE Tel: +971 4 444 3000 Fax: +971 4 444 3030 :HEZZZLWSFRP Offices in Dubai and London ,737(&+12/2*<38%/,6+,1* &(2 Walid Akawi 0DQDJLQJ'LUHFWRU Neil Davies 0DQDJLQJ'LUHFWRU Karam Awad 'HSXW\0DQDJLQJ'LUHFWRU Matthew Southwell *HQHUDO0DQDJHUPeter Conmy (GLWRULDO'LUHFWRUDavid Ingham (',725,$/ (GLWRU Georgina Enzer Tel: +971 4 444 3316 email: email@example.com 6HQLRU*URXS(GLWRU Mark Sutton $'9(57,6,1* 6DOHV'LUHFWRU George Hojeige Tel: +971 4 444 3193 email: firstname.lastname@example.org $GYHUWLVLQJ0DQDJHUNayeem Dakhway Tel: +971 4 444 3482 email: email@example.com 678',2 +HDGRI'HVLJQDan Prescott 3+272*5$3+< +HDGRI3KRWRJUDSK\ Jovana Obradovic 6HQLRU3KRWRJUDSKHUVEfraim Evidor, Isidora Bojovic, 6WDII3KRWRJUDSKHUV Lester Ali, George Dipin, Murrindie Frew, Shruti Jagdesh, Mosh Lafuente, Ruel Pableo, Rajesh Raghav 352'8&7,21 ',675,%87,21 *URXS3URGXFWLRQ 'LVWULEXWLRQ'LUHFWRU Kyle Smith 'HSXW\3URGXFWLRQ0DQDJHUBasel Al Kassem 0DQDJLQJ3LFWXUH(GLWRU Patrick Littlejohn 'LVWULEXWLRQ([HFXWLYH Nada Al Alami &,5&8/$7,21 +HDGRI&LUFXODWLRQDQG'DWDEDVHGaurav Gulati 0$5.(7,1* +HDGRI0DUNHWLQJDaniel Fewtrell (YHQWV0DQDJHU,73%XVLQHVV Michelle Meyrick 'HSXW\0DUNHWLQJ0DQDJHU Shadia Basravi ,73',*,7$/ 'LJLWDO3XEOLVKLQJ'LUHFWRU Ahmad Bashour Tel: +971 4 444 3549 email: firstname.lastname@example.org *URXS6DOHV0DQDJHU,73QHW Vedrana Jovanovic Tel: +971 4 444 3569 email: email@example.com ,QWHUQHW'HYHORSPHQW0DQDJHU Mohammed Affan :HE$GYHUWLVLQJ0DQDJHU Meghna Jalnawalla ,73*5283 &KDLUPDQAndrew Neil 0DQDJLQJ'LUHFWRU Robert Serafin )LQDQFH'LUHFWRU Toby Jay %RDUGRI'LUHFWRUVMike Bayman, Neil Davies, Rob Corder, Robert Serafin, Toby Jay, Walid Akawi &XVWRPHU6HUYLFH7HO Printed by Royal Printing Press LLC Controlled Distribution by Blue Truck Subscribe online at www.itp.com/subscriptions The publishers regret that they cannot accept liability for error or omissions contained in this publication, however caused. The opinions and views contained in this publication are not necessarily those of the publishers. Readers are advised to seek specialist advice before acting on information contained in this publication which is provided for general use and may not be appropriate for the reader's particular circumstances. The ownership of trademarks is acknowledged. No part of this publication or any part of the contents thereof may be reproduced, stored in a retrieval system or transmitted in any form without the permission of the publishers in writing. An exemption is hereby granted for extracts used for the purpose of fair review.
Network Middle East is audited by BPA Worldwide. Average Qualified Circulation 5,174 (6 month audit Jul to Dec 2012)
Published by and ÂŠ 2013 ITP Technology Publishing, a division of the ITP Publishing Group Ltd. Registered in the B.V.I. under Company Number 1402846.
PCI compliance: time to demand security?
ayment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that every company that processes, stores or transmits debit, credit, or pre-paid card information maintains a secure environment. Any company that takes payment using cards branded with American Express, Discover, JCB, MasterCard, and Visa International should be PCI DSS compliant. It is also a must-have for any size of company, whether it is an SMB, or a company with thousands of employees. PCI applies to all organisations or merchants, regardless of size or number of transactions, that accept, transmit or store any cardholder data. If any customer of that organisation ever pays the merchant directly using a credit card or debit card, then the PCI DSS requirements apply. This standard is designed to give peace of mind to customers and business partners alike, that the company has done its utmost to ensure that its customers will not have their credit card details stolen, so why do very few companies in the UAE comply with PCI DSS? Well, at the moment there is no legislation to force companies to
ensure the security of credit card data that passes through their web portals. In the US, for example, the payment brands (Visa, Mastercard, American Express, Discover, JCB) may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. Not only this, but no security standards are currently enforced in the region, meaning that all these e-commerce sites that are popping up in the UAE and GCC, and all those Middle East-based enterprises that you entrust to keep your credit card information safely are not doing their utmost to protect your data. A sobering thought. How many of us shop online? How many of us pay our bills online? Utilising a web portal is the most convenient way to pay your bills, and we all know how much easier it is to grab something we see in an online store as a gift for a birthday, Eid present etc, rather than spending hours trawling through shops looking for the perfect gift. But is the ease of using online portals about to bite us? There have been very few reported major credit card detail thefts through hacking in the UAE, but, looking at the lack
March 2013 Vol.19 No.03
of of security laws in in general and security laws general and around PCI DSS implementation specifically, it seems like it may just be a matter of time before some cyber-criminal runs off with thousands of customersâ€™ credit card details. For those of us who do shop online frequently, the good news is that third party payment channels such as Paypal are PCI compliant, but merely using a third-party company does not exclude a company from PCI compliance. Although it may cut down on their risk exposure and consequently reduce the effort to validate compliance. However, it does not mean they can ignore PCI. So, next time you log on and spot a nice pair of shoes, or want to pay your bills, it might be a good idea to check whether the service provider has any form of security in place, and maybe it is time we, the customers, start demanding that these Middle East-based sites implement PCI DSS for our own protection.
GEORGINA ENZER Editor firstname.lastname@example.org
Do you receive Network Middle East every month? To subscribe, please visit www.itp.com/subscriptions
March 2013 Vol.19 No.03
Siemon begins Middle East, Russia recruitment drive Business Global infrastructure specialist Siemon is now recruiting for its commercial team in the Middle East and Russia. The company is expanding its activities and investment in both regions. The expansion also sees promotions for two of Siemon’s global marketing team: Daniel Vout has been promoted to the new role of regional manager for the company’s ‘North East’ area and Lyndsey Parham steps up into the role of marketing communications manager. Vout’s new role for the North East of EMEA sees him take control of Siemon’s business in Russia, Central Asia, the Baltics and Nordic countries.
WD expands portfolio, includes SMB products Services WD, a Western Digital company, has expanded its product portfolio to address small and medium-sized businesses with the addition of network backup software and appliances from Arkeia Software, a data protection company based in California, which was acquired by WD. WD has also announced that the Arkeia Network Backup version 10.0 software, for which a limited release was delivered in December 2012 is now available. Arkeia’s software, appliances and virtual appliances back up data to disk, tape and cloud storage. The company’s Progressive Deduplication technology is designed to speed up hybrid-cloud backup by reducing the bandwidth necessary to replicate backup sets over wide area networks.
Ovum’s Adam Leach: New OS may keep existing users, but will it attract new ones?
RIM launches BlackBerry 10 Products Research In Motion has launched its BlackBerry Enterprise Service 10 multiplatform EMM (Enterprise Mobility Management) solution to mixed reviews. The BlackBerry Enterprise Service 10 is designed to bring together device management, security, and mobile applications management for BlackBerry smartphones, BlackBerry PlayBook tablets, and new BlackBerry 10 smartphones in a consolidated solution. It is also designed to provide a single console for managing BlackBerry, Android and iOS devices. BlackBerry Enterprise Service 10 prepares organisations for the future of mobile diversity,
as well as integrates with existing BlackBerry Enterprise Server version 5.0 deployments. Adam Leach, principal analyst at Ovum said that the user experience of Blackberry 10 introduces some nice new features but importantly builds on Blackberry’s UI heritage and therefore will certainly appeal to existing Blackberry users. “The challenge for the company will be to attract new users and those that have already moved to alternative smartphones,” he said. One regional end-user is in no hurry to upgrade to the new BlackBerry 10. “A year ago Masdar replaced all BB handsets, therefore we will
take some time to assess this new offering and gradually introduce it in the organisation after initial testing,” said Alok Srivastava, acting head of ICT & senior manager, IT applications. Nicolai Solling from Help AG says he is looking forward to getting his hands on the new BlackBerry 10. “I want to see what they are coming out with. It looks interesting. It is a win or lose game for them right now, if they don’t make it with these devices it is going to be very challenging. If you look at the core functionality you need in a business phone, from our perspective BlackBerry is still the best option,” he said.
ManageEngine extends MDM to Android Implementation Real-time IT management company ManageEngine, has launched the latest version of its desktop and mobile device management (MDM) software, better known as Desktop Central,. The solution can now manage Android devices. The new version of Desktop Central is designed to extend mobile device management support to Android smartphones and tablets running Google’s mobile OS as well as devices running Apple iOS. “The mobile usage trends will eventually drive sharp increases
in demand for enterprise MDM solutions that embrace BYOD while ensuring enterprise data security,” said Mathivanan Venkatachalam, director of product management at ManageEngine. “The growing Android market and increasing demand for Android support among our customer base encouraged us to add Android support to Desktop Central as quickly as possible.” The solution includes data wipe, where IT staff can remotely wipe the data from a stolen or misplaced device or remove the corporate data from the device
when an employee leaves the company. Mobile application management, which is designed to enable IT professionals to distribute and manage in-house and Google Play store apps, and configuring profile/policy, which is designed to allow IT technicians to create polices that can restrict users from accessing the internet (EDGE or packet data). This is designed to ensure that data security by preventing users from exporting corporate data. Similarly, certain device features such as camera and Bluetooth can be disabled.
NME Award nominations are now open
March 2013 Vol.19 No.03
The OptiFiber Pro is designed for trouble shooting data centre, campus and fibre-based storage networks.
Livingston stocks OptiFiber Pro Products Test equipment rental company Livingston is now stocking the latest Optical Time Domain Reflectometer (OTDR) from Fluke Networks. The OptiFiber Pro has added to Livingstone’s range of rental products supporting next generation optical networks. The OptiFiber Pro is the industry’s first OTDR specifically designed to meet the challenges set by modern fibre optic enterprise infrastructure, rather than those of carrier infrastructure. The OptiFiber Pro is designed for troubleshooting campus, data centre and fibre-based
storage networks, as well as enabling rapid fibre certification to be carried out. Its integrated LinkWare software is designed to assure rapid generation of highly detailed, standard compliant reports. The EventMap view depicts fibre events in a way that means no trace analysis expertise is required by the operative. The OTDR’s DataCentre mode is designed to automate the process of defining test parameters, such as wavelength or end-detection algorithms, shortening set-up time and operative training. Its gesture-based user interface, built on a large format multi-
touch capacitive touchscreen, is designed to enhance productivity, with single-touch tap and swipe control for scrolling menus and selecting options, plus pinch zooms for magnification of items on the display. Weighing 1.28 kg and with an eight hour battery life, this device is highly portable. “With enterprises in need of ever increasing data storage resources and the on-going migration to 40/100Gbit Ethernet data centre architectures, maintaining the performance of optical network is crucial,” states Reinier Treur, marketing director at Livingston.
Middle East faces big data challenge Business The Middle East is facing a challenge from big data, which is posing a big storage challenge for businesses across the region, as the race to unlock value from massive and exponentially growing datasets heats up. Market research firm IDC predicts that the global big data market will grow 40% per year, seven times as fast as the rest of the IT industry. According to IDC, most of that cost will come from infrastructure-investment-calibre storage projects that are set to drive spending in the storage market to above 61% through 2015. With big data sets growing
by an average of 60% per year, based on IDC figures, business research specialists Aberdeen Group suggest that many companies will have to double the volume of their data storage every 2.5 years. IDC’s 2012 Digital Universe Study, sponsored by EMC, estimates that the digital universe will reach 40 zettabytes (ZB) by 2020. The amount exceeds previous forecasts by 5 ZBs, resulting in a 50-fold growth from the beginning of 2010. Machinegenerated data is a key driver in the growth of the world’s data – which is projected to increase 15x by 2020. The study states that while the investment
in spending on IT hardware, software, services, telecommunications and staff will grow by 40% per annum between 2012 and 2020, storage management, security, big data, and cloud computing will grow faster. “Whether it is mining social media sentiment, drawing on machine sensor readings to operate in a more sustainable fashion, forensic search engine trend analysis to prompt business decisions – or all of the above – the ability harness and tap into power of Big Data is becoming a must,” said Andrew Calthorpe, chief executive officer, at Dubaibased data storage solutions provider Condo Protego.
The Network Middle East Innovation Awards are now open for nominations. This year there will be 16 categories, including Best Cabling Vendor, Best Data Centre Project of the Year and Best VAD Distributor of the Year. The awards will be judged by a panel of five independent analysts and industry professionals and will be presented to the very best implementations, vendor offerings and key individuals and organisations in the Middle East market. The Network Middle East Awards, which are now in their ninth year, set out to honour the projects, people, suppliers and service providers that have excelled in the regional networking sector over the past twelve months. The deadline for submissions is March 28th 2013.
R&M increases FTTH focus Products Swiss structured cabling specialist Reichle & DeMassari (R&M) Middle East, Turkey and Africa is increasing its focus on the growing fibre to the home (FTTH) market. Jean-Pierre Labry, EVP of R&M Middle East, Turkey and Africa has confirmed that the company has been working closely with telecom providers in Saudi Arabia, the UAE and Oman for large scale FTTH projects. Labry also said that the company is launching new products to further expand its FTTx portfolio. These include the introduction of the Venus FXXL solution with integrated Single Circuit Management (SCM) and field connectors which offer flexibility when planning building connections.
March 2013 Vol.19 No.03
CommScope shows feasibility of Cat 8 for enterprise Research Network infrastructure specialists CommScope, have demonstrated the technical feasibility of Category 8 cabling for enterprise networks. This is a step along the path towards a viable 40GBASE-T system for data centre applications. CommScope verified a proof-of-concept solution for a viable 40 Gigabit per second Ethernet channel by utilising prototype Category 8 RJ-45 connectors and copper twisted pair cables. All components were designed by engineers in CommScope labs. The CommScope proofof-concept shows that data centre operators will be able to extend their preferred mean of communication technology for 40G.
Jean-Pierre Labry, executive vice president, R&M Middle East, Turkey and Africa, says R&M is deeply committed to the region.
R&M to establish presence in Turkey Infrastructure Structured cabling specialist Reichle & De-Massari Middle East, Turkey and Africa, is planning to establish a local presence in Turkey after it experienced double digit growth in the Middle East region during 2012. “We are deeply committed to the region and the establishment of a local presence in Turkey is testament to this. This year we plan to bring a number of innovative products to the market which will be specifically adapted to healthcare, education, transportation, utilities, telecom and city development,” said Jean-Pierre Labry, EVP, R&M Middle East, Turkey and Africa.
During 2012, the company nearly doubled its staff strength, inaugurated a new regional office in Saudi Arabia and opened the region’s first-of-its-kind patch cord assembly facility at its headquarters in Dubai. “Over the past four years, in spite of the global recession and poor performance of regional markets, R&M has invested heavily in both staff and technology in order to develop first level supports for speed, consultancy and flexibility in the region. We customised our portfolio to the needs of the region and offered a broad spectrum of products catering to a wide range of vertical markets such as residential, office
cabling, industrial, petrochemical, energy, healthcare, and defense. The result of these efforts has been exponential growth even through the tough financial times and the Middle East, Turkey and Africa region is now one of the fastest growing markets for R&M,” said Labry. Labry also highlighted the emphasis that will be given to further development of the company’s distribution channel, particularly in markets such as Turkey, Saudi Arabia, Qatar, Oman and Iraq. The cabling specialist will remain focused on its copper offerings as well, since Cat6A remains a highly utilised cabling solution for the structured cabling industry.
Internet users want to stop data leakage Business According to Ovum’s latest Consumer Insights Survey, 68% of the internet population across 11 countries would select a ‘do-nottrack’ (DNT) feature if it was easily available, suggesting that a data black hole could soon open up under the internet economy. This desire to utilise a ‘do-nottrack’ feature has been born as digital consumers around the world begin to tire of their personal data being collected across the internet. Global industry analysts paint a threatening sce-
nario for the internet economy, as consumers seek out new tools that allow them to remain “invisible” – untraceable and impossible to target by data means. This hardening of consumer attitudes, coupled with tightening regulation, could diminish personal data supply lines and have a considerable impact on targeted advertising, CRM, big data analytics, and other digital industries. Recent data privacy scandals such as WhatsApp’s use of address books, and the continuing issues over privacy and data use
policies on Facebook and Google websites have fueled consumers’ concerns over the protection of their personal data. Ovum’s survey found that only 14% of respondents believe that internet companies are honest about their use of consumers’ personal data, suggesting it will be a challenge for online companies to change consumers’ perceptions. Ovum believes that internet companies should introduce new privacy tools and messaging campaigns designed to convince consumers that they can be trusted.
infographic ““only 28%
of small to mid-sized businesses have tested their backup” Symantec SMB Disaster Preparedness Survey 2011
Most back back-up ck up solutions today are based on technology that is at least 4 decades old...
55% hardware failure
quorum disaster recovery report exposes Solutions that enables instant recovery of data, applications and systems along with regular testing, prove critical to avoid costly downtime ccording to one-click backup, recovery and continuity specialists for small to midsized businesses Quorum, the best defence against downtime is installing a disaster recovery solution that ensures the business is operational in minutes, rather than days. This is born out by the results of its Quorum Disaster Recovery Report, Q1 2013, whose findings are taken from Quorum’s hundreds-strong global customer base. While natural disasters tend to take centre stage when considering
8 March 2013 Vol.19 No.03
the causes of downtime, hardware and software failures and human error are statistically more common. In fact, hardware failures alone comprise more than onehalf of disasters for small to midsized businesses, according to the Quorum Disaster Recovery Report. And given it takes an average of 30 hours for recovery (according to IT managers), small to mid-sized businesses are at risk of losing customers, their reputation and hundreds of thousands of dollars in revenue.
“90% of business who experience one week of downtime go out of business within six months, and 50% of those businesses ﬁle bankruptcy immediately“ Alpha Technology Group
top4 Types of
5% natural disaster
Average no of disaster recovery events per year
Average downtime per event
DOWNTIME IS COSTLY
$74,000 Average cost per hour of downtime
March 2013 Vol.19 No.03 9
March 2013 Vol.19 No.03
Vendor Profile: Brocade
Networking company Brocade explains its history, what it does, and what its plans are in the Middle East region going forward
Sufian Dweik, regional manager, Brocade, says that the company has an office in Saudi Arabia and Egypt as well as staff operating out of Kuwait and Qatar.
WHO IS BROCADE? Brocade is the pure-play networking company that innovates to make highperformance networks easier to deploy, manage, and scale in the world’s most demanding environments. Through industry-leading technology and unmatched expertise, Brocade delivers resilient networks that increase agility and efficiency while helping organisations stay ahead of change. From pioneering fabrics to software-defined networks, Brocade delivers innovative solutions for data center, campus, and service provider networks that reduce cost and complexity while facilitating virtualisation and cloud computing. Headquartered in San Jose, California, Brocade has approximately 5000 employees worldwide and serves a wide range of industries and customers in more than 160 countries. Today, it leads the Storage Area Network (SAN) market with the
industry’s most powerful and reliable offerings. In addition, Brocade provides Ethernet fabric technology and high-performance Ethernet networking solutions as part of a complete switching, routing, wireless, and application delivery portfolio. To meet the increasing requirements of distributed and mobile computing, Brocade is extending its proven data centre expertise throughout the entire network. This approach helps organisations achieve their most critical consolidation, mobility, virtualisation, and cloud computing initiatives. Brocade combines a proven history of innovation with standards leadership and strategic partnerships with world-class IT companies. Maintaining the industry’s most extensive partner ecosystem facilitates open, best-in-class solutions for the broadest range of IT environments. To help ensure a complete solution, Brocade delivers a full
“Brocade is the pure-play networking company that innovates to make high-performance networks easier to deploy, manage, and scale in the world’s most demanding environments.” SUFIAN DWEIK, REGIONAL MANAGER, MEMA AT BROCADE
range of education, support, and professional services offerings. Brocade is the industry leader in data centre storage networking solutions with a focus on SAN switching and server connectivity. Brocade is a recognised leader in end-to-end networking solutions with a focus on LAN switching, wireless, security, application delivery, and metro and internet core routing.
WHAT IS YOUR PRESENCE IN THE MIDDLE EAST? Brocade’s Middle East regional headquarters is based in Dubai Internet City in Dubai, UAE. The company has an office in Saudi Arabia and Egypt as well as staff operating out of Kuwait and Qatar. The company has a unique two- tier channel approach very different from competition and has two key distributors for the region – Westcon Middle East and Mindware. Brocade makes it a point to have a high involvement, ‘direct touch’, sales approach with end-users and work on opportunities alongside our partners, as this helps build the confidence of clients.
CAN YOU DESCRIBE SOME OF YOUR REGIONAL SUCCESSES? The Middle East contributes
significantly to Brocade’s EMEA revenue, which goes to show how important this market is strategically for the company. In the past we have managed to secure some large and prestigious projects involving big-name clients such as Al Nahdi Medical Company (NMC), Saudi Economic and Development Holding Company (SEDCO), UAE University (UAEU) and a host of other large enterprise, government and service provider companies across the region. Brocade dominates the Storage Area Networking (SAN) market in the Middle East, with a market share of over 70%.
WHAT ARE YOUR REGIONAL GOALS? Our objective for the Middle East market is to sustain the SAN dominance along with increasing our IP Networking market share. As we have increased our headcount in the region this past year we anticipate our growth in the region to reflect during 2013 and 2014 and as such we will continue to invest in the region as well as growing our channel base. We also plan to continue leveraging our ‘Executive Briefing Centres’ located in our Dubai office as well as our London facilities for more advanced showcasing of our complete product portfolio.
March 2013 Vol.19 No.03
A look at the ‘FLEXPOD Infrastructure for VMWare – Design/Implementation & Administration’ certification WHAT IS THE FL-FLEXPODI COURSE? Flexpodi is a course dealing with the design, implementation and administration of a Flexpod solution. Flexpod is a data centre platform combining storage, networking and server components from Cisco & NetApp and integrating them into a single flexible architecture. This infrastructure building block integrates the power of Cisco & NetApp together with VMware to provide an efficient data centre solution. The Fast Lane designed course explores in-depth mechanisms of Cisco Unified Computing Systems hand-in-hand with NetApp FAS storage systems and how they integrate into the FlexPod architecture serving VMware virtualisation solutions. Significant content is devoted to building block technologies and protocols as well as to the complete FlexPod solution and its design. Ample focus is set to hands-on configuration and management of UCS B-Series servers, NetApp FAS3200
systems and VMware vSphere environments for deployment as well as day-to-day operations of a FlexPod solution. The course consists of different modules including, Cloud Computing and Data Centre Solutions overview, Cisco UCS B-Series Hardware & Architecture, Designing Cisco UCS Server Deployment Model, Examining Cisco UCS Solution Management, Configuring UCS Connectivity, The NetApp Storage Environment, Basic administration of a NetApp FAS system, NetApp Physical & Logical Storage, NetApp in NFS NAS Environment, NetApp virtualisation solutions, vSphere Overview, vSphere FC Connectivity, vSphere iSCSI Connectivity, vSphere LUN Access, NetApp FAS/V 3200 for FlexPod, FlexPod for VMware and FlexPod Architecture.
WHAT BENEFITS DOES FL-FLEXPODI GIVE THE STUDENT IN THE EMPLOYMENT MARKET? The course takes the student
into the heart of the data centre platform with latest technologies that have been consolidated into a single architecture that is driving the market. Students obtain an understanding of cloud computing and modern data centre solutions and challenges. During the course students also work with the Cisco UCS solution and learn how to evaluate and describe the Cisco UCS solution architecture and identify different management options and administration tasks for Cisco UCS. Students will also learn how to explain the connectivity requirements for the Cisco UCS platform and explore the dimensions of the NetApp storage environment. Successful attendees will also be able to explore virtualisation solutions with NetApp, describe NetApp integration with vSphere environment, describe vSphere FC/FCoE connectivity with NetApp, describe vSphere iSCSI connectivity with NetApp, describe vSphere LUN access with NetApp, understand in depth
NetApp FAS/V 3200 for FlexPod, build FlexPod solution for VMWare and explore FlexPod solution architecture for cloud.
IS IT AN ESSENTIAL QUALIFICATION FOR STORAGE EXPERTS? It is a qualification for storage experts to excel in the deployment of advanced data centre solutions. Storage area networks require in-depth experience to manage, deploy, and interconnect multiple types of data storage devices and data servers that enterprise users rely on today. This is a multi-vendor course taking the student into the heart of the data centre platform with the latest technologies that have been consolidated into a single architecture driving the data centre market.
WHO SHOULD ATTEND?
This course is intended for the following audiences: System administrators Data Center Systems engineers Data Center Field Engineers Data Center technicians or administrators
Josef Miskulnig, CEO of Fast Lane, says that the FL-FlexpodI course takes the student into the heart of the data centre platform with technologies that have been consolidated into a single architecture that is driving the market.
The course teacher’s perspective Bassem Boshra Senior Cisco/NetApp Certified consultant and teacher of the FlexpodI course discusses the course benefits
System Operators responsible for vSphere and vCenter Server Professionals who need to deploy, configure, and manage the FlexPod solution
PREREQUISITES The following prerequisite skills and knowledge are recommended: Understanding of server system design and architecture Basic VMWare environment background Familiarity with Ethernet and TCP/ IP networking Familiarity with SANs
HOW MUCH DOES IT COST? The course price is $3950 for five days of training including courseware, professional trainers and state of the art equipped training labs.
TRAINING COURSE DATES: 28 April – 02 May 2013, Dubai, UAE 30 June – 04 July 2013, Dubai, UAE 08 – 12 September: 2013, Dubai, United Arab Emirates
HOW DOES THE FLEXPODI COURSE ENHANCE/IMPROVE A STUDENT’S CAREER? The FlexpodI class covers all the modern technologies involved within modern data centre; for example, FC, FCoE, UCS, Netapp FAS, Vmware and Nexus platforms are all covered in the course. Since Flexpod is the state of the art solution for modern data centres, by attending the FlexpodI class this puts the student in the top of the game regarding DC technologies and career path. WHAT ARE THE MOST CHALLENGING PARTS OF THE COURSE FOR STUDENTS? The most challenging part in the course is the diversity of information and technologies covered. Usually in our classes we have either network engineers or storage engineers or server admins, the main challenge in the FlexpodI class that it integrates the three major areas of the DC together, networking, storage and server technologies so it is a bit challenging for the trainer to keep the audience in sync and the same for the students to keep up with the diversity of information in the class. WHAT IS THE DEMAND FOR THIS COURSE? If you mean market demand, then it is highly demanded not just in the Middle East but worldwide, the three major vendors Cisco, NetApp and VMware are doing very good job marketing the solution especially by
developing validated and tested designs covering major applications like Oracle on Flexpod, SAP on Flexpod and Hyper-V on Flexpod. In addition to the unified support matrix, where an end customer can contact any of the three vendors regarding any issue within the Flexpod. WHAT STANDARD OF KNOWLEDGE DO STUDENTS NEED TO TAKE PART IN THIS COURSE? The students need to have a solid understanding of networking and slightly about virtualisation and storage technologies. When I developed the course and the lab, I had in mind that it is very difficult to find students with expert knowledge in the three technical areas covered in the course (networking, storage and virtualisation), so the course is built with this mind and it takes the student from technology basics, through a deep dive into the three major technologies we talked about previously. DO PEOPLE DO PROPER DATA CENTRE DEPLOYMENTS IN THE REGION? CTOs and Technical decision makers are now keener in investing in proper and validated deployments; given current economy any investor or a decision maker needs to ensure fast ROI (Return on Invest) and investment protection on any new technical deployment. This is only insured if you invest in proper technology deployments.
March 2013 Vol.19 No.03
Nick Black from Trend Micro says that organisations are still too outwards focussed.
Dealing with targeted attacks – time to look inside the network
Strategies for mitigating advanced persistent threats are woefully lacking, explains Nick Black, technical director at Trend Micro
argeted attacks or APTstyle threats have been gaining much publicity since the watershed year of 2010, when the world first heard about the Stuxnet virus and the Operation Aurora breach of Google by Chinese hackers. Awareness of such threats among security professionals is now pretty high, but unfortunately strategies for mitigating them are in many cases woefully inadequate. The main problem is that organisations are still too outward focused, unaware that they may already have been hit by a silent, persistent and laser-focused attack. What many people don’t appreciate is that Advanced
Persistent Threats (APTs) often do not really contain particularly sophisticated malware – instead it is the social engineering techniques used to make that first all-important incursion which can really be called ‘advanced’. INDIVIDUAL TARGETS Cyber criminals today will typically target an individual in an organisation, using information gleaned from social networks and elsewhere in crafting their email to make it appear more convincing. It’s often a senior ranking member of the firm, because there will be more publicly available information about these people. Attacks can also begin in the physical world.
What is an APT? Advanced persistent threat (APT) is commonly used to refer to cyber threats that utilise a variety of intelligence gathering techniques to access sensitive information. Recognised attack vectors include infected media, supply chain compromise, and social engineering. Individuals, such as an individual hacker, are not usually referred to as an APT as they rarely have the resources to be both advanced and persistent even if they are intent on gaining access to, or attacking, a specific target.
For example, in the US, cyber gangs left ‘parking tickets’ – on which were printed URLs – on selected car windscreens. Those recipients who subsequently entered the URLs at their PC in the hope of paying the fine or complaining about it, would have their machine infiltrated by malware. When the attackers combine physical world presence with online attacks they may gain the trust of even the most guarded manager. The malware in question is usually a zero-day threat, eg one which has the best chance of evading traditional defences, but is certainly far from remarkable or sophisticated. Once inside, the bad guys will move laterally in the organisation, jumping from machine to machine in search of an admin password and ultimately the server where the key data resides. It’s all very quiet and carried out over long periods of time in order to stay under the radar. The biggest mistake IT teams make is viewing the perimetre as an impenetrable wall, which, if they focus all their efforts on it, will keep out the bad stuff and ensure the internal network is safe
from harm. They certainly need to keep investing in perimeter defences and end user education, but must view this layer nowadays as porous, because if an attacker spends enough time and money they will eventually get in. The perimeter is a noise filter of sorts but in reality multiple layers of defence are needed including around core servers. Virtual patching is also essential, shielding from known vulnerabilities at the network layer is an important step as it will send an alert if an attacker is trying to exploit a known vulnerability in the organisation. Also important are tools to analyse network traffic and sandbox any suspect threats. If there’s zero day malware, unique to that attack, then custom defences will need to be crafted to deal with it. In the past your defences didn’t have to be spectacular but just better than the next guy’s, the rationale being that attackers always go for the lowest hanging fruit. That logic has been turned on its head by cyber gangs laser-focused on your organisation alone.
Simple. Adaptable. Manageable. quick uides for Solution g ! eployment and easy d Simple:We are committed to making our solutions the easiest to install, configure, and integrate into either existing IT systems or data centers â€” or new build-outs. We ship our solution as â€œready to installâ€? as possible (e.g., tool-less rack PDU installation and standard cable management features). With our easy-to-configure infrastructure, you can focus on more pressing IT concerns such as network threats.
ns Configuratio ace! sp for any IT Adaptable: Our solutions can be adapted to ďŹ t any IT conďŹ guration at any time â€” from small IT to data centers! Vendorneutral enclosures, for example, come in different depths, heights, and widths so you can deploy your IT in whatever space you have available â€” from small IT or non-dedicated spaces to even large data centers.
ur d manage yo Monitor an ere! rom anywh IT spaces f Manageable: Local and remote management are simpliďŹ ed with â€œout-of-the-boxâ€? UPS outlet control, integrated monitoring of the local environment, and energy usage reporting. Manageability over the network and robust reporting capabilities help you prevent IT problems and quickly resolve them when they do occur â€” from anywhere! Whatâ€™s more, our life cycle services ensure optimal operations.
Easy-to-deploy IT physical infrastructure Solution guides make it easy to determine what you need to solve todayâ€™s challenges. The core of our system, vendor-neutral enclosures and rack PDUs, makes deployment incredibly headache-free. Easily adjustable components, integrated baying brackets, pre-installed leveling feet, and cable management accessories with tool-less mounting facilitate simple and fast installation.
Integrated InfraStruxureâ„˘ solutions include everything for your IT physical infrastructure deployment: backup power and power distribution, cooling, enclosures, and management software. Adaptable solutions scale from the smallest IT spaces up to multi-megawatt data centers.
Download any of our White Papers within the next 30 days for FREE and stand a chance to win an iPhone 5! Visit: www.apc.com/promo Key Code: 32203p Call +9714-7099690 (Arabic) / +9714-7099691 (English) Fax +97147099-650
ÂŠ2013 Schneider Electric. All Rights Reserved. Schneider Electric, APC, InfraStruxure, and Business-wise, Future-driven are trademarks owned by Schneider Electric Industries SAS or its affiliated COMPANIES !LL OTHER TRADEMARKS ARE THE PROPERTY OF THEIR RESPECTIVE OWNERS WWWAPCCOM s ?:!?#
March 2013 Vol.19 No.03
16 Brian Prentice says that the focus of cloud computing will shift toward exploiting it as a service delivery mechanism for the provision of non-IT capabilities.
Cloud computing is not just about IT
The real business opportunity for cloud services lies beyond IT, writes Brian Prentice, research vice president at Gartner
he word ‘cloud’ has been literally hanging over executives’ heads for the past two years — in the form of massive banners hanging from the ceilings of almost every hub airport they travel through. To date, the focus of cloud has been on the delivery of IT-related capabilities from IT-related providers, largely for things that the IT department is responsible for managing. Cloud computing is expected to grow to 20% or more of the total IT budget by 2013. Gartner research shows that there is already significant non-IT involvement in decision making about cloud services, with finance, marketing, HR and other business units acting as key stakeholders 25 to 30% of the time and actually funding cloud services between 10 and 30% of the time. Although largely a technological development,
many of the pertinent questions today about the usefulness of cloud computing as a business platform are non-technical. We believe over time businesses will better understand the principle that cloud computing is a means to deliver IT-enabled capabilities, not just simple IT capabilities. As this thinking evolves, the focus of cloud computing will shift toward exploiting it as a service delivery mechanism for the provision of non-IT capabilities, such as such as payroll, printing, logistics and e-commerce. In this context, cloud computing enables these services to be delivered from organisations that are not traditionally seen as IT companies, nor have any intention of ever being seen in this way. By 2015, Gartner predicts that 20% of non-IT sector global 500 companies will be cloud service
“The move by non-IT organisations to provide non-IT capabilities via the cloud will mean even more technology decisions will be made outside the IT organisation.”
providers. We are already seeing examples of this emerging. Large retail, financial service, government and media organisations have begun to recognise that supply chain competencies do not need to be commercialised solely through their stores, either physical or online. As discrete capabilities, they have their own revenue potential. We’ve also seen distribution businesses undertaking the same strategy. This trend is not being wholly enabled, or strictly defined, by cloud computing. There are several related trends that are actually fuelling the business mandate behind this, such as the accelerated digitisation or ‘hyperdigitisation’ of many industries that are largely information based, such as financial services, education, communications and media, government and industry-specific intermediaries, such as the travel and insurance sectors. These industries deliver non-physical digital services, increasingly mostly online.
Additionally, many businesses have been exploring the move toward process externalisation driven by activities such as open innovation. The move by non-IT organisations to provide non-IT capabilities via the cloud will mean even more technology decisions will be made outside the IT organisation. Ultimately these services are bound to service-level agreements that will be understood best by the owner of the specific process. Yet, while the barriers that historically prohibit these groups from directly provisioning these services drop, the need to manage data and integration requirements remain. Far from being a problem, this represents another opportunity for IT departments to redefine their value proposition as service enablers — either through consumption or provision of cloudbased services. As non-IT players externalise business competencies via the cloud, they will compete directly with IT organisations that have traditionally served in this capacity.
March 2013 Vol.19 No.03
Security experts InfoWatch and Sophos go head-to-head on BYOD security BYOD is one of the biggest challenges facing the modern enterprise; experts look at the biggest threats and how to stop them
ALEXANDER ZAROVSKY, INTERNATIONAL BUSINESS CHIEF, INFOWATCH
WHAT ARE THE BIGGEST THREATS BYOD BRINGS TO THE ENTERPRISE?
We see the BYOD trend presenting three main challenges to businesses. The first involves the loss of mobile devices. According to InfoWatch Global Data Leakage Report, H1 2012, 18.2% of all data leakage incidents in companies occur because of loss or theft of various mobile devices containing sensitive corporate data. Often staff fail to use the necessary security tools, such as encryption, on their mobile devices and ‘misplace’ their gadgets in public places. The second challenge is the vague limit between personal and corporate data on private mobile devices of employees. This data should be used and stored separately on a private device, thus companies require special policies for BYOD regarding personal and corporate data processing. The last difficulty is intellectual property protection. Employees often regard the results of their intellectual work as their private property, where as a matter of fact, it is usually the company’s property.
“Often staﬀ fail to use the necessary security tools, such as encryption, on their mobile devices. ”
BARBARA HUDSON, SOPHOS PRODUCT MARKETING MANAGER
Personally-owned devices bring consumer and other untested applications into the enterprise, which in turn can affect the enterprise network bandwidth and security. Android devices in particular have been seen to be a common target for cyber criminals who infect applications with malicious code designed to steal data and cause costs. As the user is always the administrator of the device, it can be very hard to forbid applications, or delete them as it is, after all, a personal device. Users often remove passcodes and screen-locks from their various mobile devices, which is a risk if a device is lost or stolen.
“It is often a good idea to introduce BYOD in stages rather than throughout the whole company from the oﬀset. BYOD is a learning process which is individual to every organisation. Businesses can look at user segmentation to see who need how much access and what controls are necessary.”
Alexander Zarovsky, international business chief, InfoWatch
Barbara Hudson, Sophos product marketing manager
In order to protect corporate data on a device which is The first step would be to introduce a Mobile Device lost or stolen, the IT team should use encryption and Management (MDM) solution to manage and control WHAT IS THE BEST Mobile Device Management (MDM) solutions. The which devices have access to the enterprise netlatter allows remotely controlling data on mobile dework. This should allow the enforcement of security WAY TO PROTECT vices including remote data removal - if the gadget policies and ensure devices which are not compliTHE ENTERPRISE is lost or stolen.To secure private and corporate data ant no longer have access to the network. The NETWORK FROM the most appropriate technology is Data Leakage solution should also offer the possibility to deploy a BYOD THREATS? Prevention (DLP) which provides for scenarios of security solution to protect Android mobile devices using the mobile gadgets as data storages and data from malicious applications and other threats and exchange devices (e-mail, Skype services, etc.) If staff ensure the protection remains installed on the device. A are allowed to use private devices in corporate network, it further step would be to prioritise WiFi bandwidth for busiwould be reasonable to install monitoring agents on each device ness applications. And the third would be the ongoing process and control traffic from these devices on the corporate gateway. Security of educating users. policies must include dividing private correspondence from corporate, access restrictions of private devices to corporate resources and using encryption.
The practice of allowing corporate access to personal devices in the Middle East region is among the highest in the world. However, the majority of employees expect their companies to grant them corporate mobile gadgets for executing their duties. If the company requires its employees to be available 24 hours per day, seven days a week, it should invest in providing him or her with a corporate device. If there is no such business need, there is then little sense either providing a corporate gadget or allowing him or her to use their own device in the network.
SHOULD COMPANIES RESTRICT BYOD TO PROTECT THEIR NETWORK?
It is often a good idea to introduce BYOD in stages rather than throughout the whole company from the offset. BYOD is a learning process which is individual to every organisation. Businesses can look at user segmentation to see who need how much access and what controls are necessary. Many companies also restrict the number of platforms they allow. Mobile Device Management to support BYOD doesnâ€™t have to be complex and if IT resources or expertise are limited, then it may be better to look at a hosted SaaS solution, or purchase from a Managed Service Provider to bridge the gap.
March 2013 Vol.19 No.03
March 2013 Vol.19 No.03
DWC implements a multi-vendor network Dubai World Central and Smartworld have installed the region’s first multi telecom vendor, 10 Gigabit core network in an MPLS service provider model
ubai World Central, Dubai’s aviation and logistics freezone, has implemented the region’s first vendor-neutral fibre network throughout its 140 square kilometre footprint utilising Smartworld, a next-generation service provider formed as a joint venture between DWC, Etisalat and du. The network allows any one of the hundreds of companies that are based in the city to access the telecoms services they want through the service provider they prefer. THE PROBLEM: Many of the clients in DWC are, and are likely to continue to be, multinationals that will have a lot of peer-to-peer services, which will need a lot of bandwidth. Today, people may talk about
100mBps, but they cannot utilise it. According to Najmul Hussain, programme manager for DWC, it is very possible that some of the companies in DWC will go beyond the 100mbps requirement. This means that the infrastructure that has been laid down should accommodate growth until 2020. IMPLEMENTATION OBJECTIVE: DWC is a freezone providing heuristic services to attract businesses, so keeping this in mind DWC decided to build the unique multi-telecom operator infrastructure to support their business in DWC and make it different to other areas. This allows businesses to have access to all kinds of services with full speeds, and they can choose between multiple service providers.
Dubai World Central t %VCBJ8PSME$FOUSBMJTGBTUCFDPNJOHUIFBWJBUJPOBOE logistics hub for Dubai. The DWC freezone covers 140 square kilometres of land and is twice the size of Hong Kong. Dubai World Central is comprised of eight districts: logistics, aviation, Al Maktoum International Airport, humanitarian, residential, commercial, leisure, exhibition and commercial. Currently phase one is under construction and there are currently over 100 tenants from some of the world’s largest aviation, logistics, business and freight forwarding companies including Aramex, RSA, Al Futtaim and National Air Cargo. The Al Maktoum airport is also currently open for cargo and will open later this year for business and passengers. t %VCBJ8PSME$FOUSBMJTBOBFSPUSPQPMJTDPODFQU XJUIDJUJFT around the airport containing businesses relating to the airport. t %8$JTUIFMBOEMPSEBOEEFWFMPQFSPGUIFQMPUPGMBOE XIJDI was given to DWC by HH Sheikh Ahmed bin Saeed Al Maktoum. t .PTUPGUIFQMPUTJOUIFSFTJEFOUJBMDJUZIBWFBMSFBEZCFFO sold, and construction is pending.
â€œToday we have two licensed operators in the UAE; Etisalat and du. Services are distributed in other freezone areas so that the customer has to go with a single provider, but in DWC we can provide the services from both operators, so this will give more flexibility to the customer to choose to have more competition in terms of services, commercial prices and will be more attractive to do business. DWC is the first freezone city that is offering both service providers,â€? says Smartworldâ€™s Bahder. IMPLEMENTED INFRASTRUCTURE: Smartworld has laid super fast fibre infrastructure, with hundreds of kilometres of fibre cable linking all customers and plots with the multi 10-Gigabit core network in an MPLS service provider model. The network is capable of delivering up to 1 gigabit of bandwidth capacity to an individual office. â€œIt is not like a normal network, it is service provider MPLS multi 10 Gig core infrastructure, and also we have built a GigE access infrastructure so any customer or tenant in DWC can get GigE fibre to his premises,â€? says Bahder. Luai Bahder from Smartworld says that telecoms are a crucial element of DWC.
â€œToday Google in USA is building a GigE infrastructure in Kansas City. Verizon, the USAâ€™s fastest service provider gives up to 150 MB/S to the user. Today Google is building GigE infrastructure in Kansas to be the first city in USA to have this for the end-user. Today we have this in DWC. We have invested over Dh100m just in material to cover the entire network.â€? According to Bahder, the reason DWC has implemented GigE infrastructure when Etisalat and Du only provide up to 100mb/s is to cater for future requirements and to allow customers to implement services between multiple service providers. â€œEtisalat has just launched 4G or LTE technology, we are ready here in Dubai World Central to host this on our infrastructure any time,â€? said Bahder. IMPLEMENTATION PROBLEMS: TECHNICAL ISSUES: The first problem that Smartworld had to overcome was how to build the first open-equal access network in the region that would be able to transport services from a licensed operator plus transport the Smartworld community cloud, managed
Smartworld Smartworld is the next-generation service provider for telecom services and ICT services for Dubai World Central and is a joint venture between Etisalat, Dubai World Central and Du. The company was established four years ago in order to build telecom infrastructure in DWC and transport telecom services. â€œWhen we began the implementation of this entire infrastructure we realised that telecoms is a very critical element and when we agreed on looking at the infrastructure, we decided as DWC that we will bring in the infrastructure of all telecoms operators, unlike other areas in the city where it is either Etisalat or Du that brings in the infrastructure. We agreed that DWC will have open and equal access to all clients irrespective whether they want Etisalat or Du. As such we engaged in talks with Etisalat and Du, out of which Smartworld was born. It is a joint venture between all three companies and any other telecom company that may start up in the UAE,â€? says Luai Bahder, technical director of Smartworld.
Business benefits of the implementation t .VMUJUFMFDPNWFOEPSOFUXPSLTFSWJDFTBUUSBDUNPSFDVTUPNFST straight away. If a client can bring in the services that he wants, that makes DWC more attractive from a business point of view. t 4JODFUIFJOGSBTUSVDUVSFCFMPOHTUP%8$ JUFBSOTSFWFOVFGSPN the infrastructure â€“ benefitting the developer. t 4NBSUXPSME XIJDIJTQBSUPXOFECZ%8$ PQFSBUFTUIF network, so maintenance costs are reduced. t 5IFNVMUJUFMFDPNWFOEPSOFUXPSLXJUINVMUJQMFTFSWJDFT satisfies customers - there is always the option available of moving away from the existing service provider. t *UJTBOPQFOFRVBMOFUXPSLJOUFSNTPGTFSWJDFTBOEMJDFOTF operators â€“ it is a technology neutral platform for the business.
ICT services to the end-user and manage customer identities and the flow of the traffic between individual customers. â€œThe technical limitations of technology, the VLAN IDs is only 4096 IDs while there are about 2,000 plots in DWC, and the future requirement may be for thousands of tenants in the commercial city, was another problem to overcome. We managed to implement the latest technology to fix this which is the QinQ double tag. We are the first in the region to have QinQ technology,â€? said Bahder. QinQ is when each data packet which goes everywhere in DWC, has two VLAN IDs. 4096 multiplied by 4096 equals more than 16 million identities. So DWC can supply more than 16 million services from either Etisalat or Du or future providers. March 2013 Vol.19 No.03 21
Standards â€œFor the general technology, each vendor has his own standards, we are using best of breed in terms of infrastructure and active equipment. In terms of operation processes we are using the ITL version three in terms of operation infrastructure and as business processes we are following ISO standards,â€? said Bahder.
Najmul Hussain from Dubai World Central says that DWC is offering a unique cloud model to clients, in which they do not have to pay a telecoms operator to utilise and access cloud services.
Cloud service provider Smartworld has also invested in a community cloud to provide managed ICT services to customers. This managed ICT services covers servers, storage, unified communications, security, load balancing â€“ where it can reach all customers. Any tenant can get storage over fibre up to what he needs on the cloud. The capacity of the cloud is multi 10 Gig core. â€œToday in the region there is a challenge of providing public cloud because of the telecoms services. So any customer is paying back to the telecoms operator to reach the cloud via an internet or telecom link. Here in DWC we provide our cloud services with free access charges because it is our network,â€? said Bahder. Any customer that wants storage can buy the service from the cloud and it is provided up to the customerâ€™s premises without the need to buy telecoms services. â€œLook to any cloud offering in the region, this is a unique model and it gives attractive offers for the businesses here. If they want to have not only an office or plot, but their entire IT infrastructure provided as well, it can be outsourced and hosted in the cloud with attractive costs because the element of the telecom is removed,â€? said Hussain.
â€œThe initial apprehension by service providers was â€˜Why are you not using what we are using?â€™, but then you have to go back to our concept of open and equal access.â€? Najmul Hussain, programme manager for DWC.
Overcome environmental challenges â€œIn all facilities where we host our equipment we have the latest technology. We have in row cooling from APC, in terms of infrastructure. The fibre we have chosen for the infrastructure and the corridors and manholes we have built are all as per international standards in terms of containing the infrastructure. â€œThe civil infrastructure does play a big role in protecting the technology. Plus here we have a process which we have applied across all developers, where we provide our standards and requirements in terms of facilities that need to be built within the customer facilities in order to provide a proper environment for the infrastructure. We also manage the design of the facilities within the customer premises. The customer canâ€™t just build what he wants, he has to take permission from us and follow our guidelines and designs,â€? said Bahder.
Hardware implemented t$JTDP.1-4DPSF t)VBXFJBDDFTTQSPEVDUT t)1TFSWFST t&.$TUPSBHF t$PSOJOHĂśCSFDBCMJOH t"OEPUIFSCFTUPGCSFFEUFDIOPMPHJFT
22 March 2013 Vol.19 No.03
BUSINESS BASED ISSUES Apprehension by service providers around sharing a freezone was another issue that had to be overcome by DWC and its implementation partner Smartworld. â€œThe initial apprehension by service providers was â€˜Why are you not using what we are using?â€™, but then you have to go back to our concept of open and equal access. Whether you like it or not, our services and our businesses will have best of breed services irrespective of the operator. Today we have Etisalat and du, hopefully in another couple of years the TRA will approve another four, so we would like to give every business and every resident to choose what he wants. So the challenges were not just technical, the challenges were business-related as well and with stakeholders from the operational side,â€? said Smartworldâ€™s Najmul Hussain.
RESULTS â€œEverything has run perfectly from day one with no issues. We have even hosted our first event XIJDIXBT.&#"XIJDIDBSried this infrastructure and it was very successful and this year we XJMMIPTUUIFBJSTIPX TPUIBU will hopefully settle any apprehensions anyone has. The provisioning is apt for the amount of people we expect,â€? said Hussain. â€œAs the landlord, I would like to stress the fact that this is the best network that we have in the .JEEMF&BTU XPSMEXJEFFWFO*U is very important that the market understands the capacity and potential of this network, because from a telecom point of view this is probably the only area that has this kind of network. â€œWe would like to welcome any one who would like to see this and test the network and see the services we have to offer from a technical point of view.â€?
With Siemon monitoring your network...
...doesnâ€™t have to be difďŹ cult
Next Generation Intelligent Infrastructure Management
w w w. s i e m o n . c o m / m i d d l e e a s t / M a p I TG 2
Are you PCI compliant? Any company of any size storing, transmitting or processing credit card details must be PCI compliant to ensure the safety and security of customersâ€™ data, according to regional experts 24 March 2013 Vol.19 No.03
he Payment Card Industry Data Security Standard, or PCI DSS is a set of requirements designed to ensure that every company that processes, transmits or stores credit card data does so in a secure environment. The Payment Card Industry Security Standards Council, featuring five major global payment brands; American Express, MasterCard Worldwide, Visa Inc, Discover Financial Services and JCB International, was launched on September 7, 2006 to manage the ongoing evolution of the Payment Card Industry (PCI) security standards with focus on improving payment account security throughout the transaction process. The idea behind PCI compliance is to ensure that companies have improved security in cases where credit card details are stored or processed. “We have seen a lot of cases in the world where the storage and processing of credit card details have been compromised and obviously more security is necessary and in turn, any organisation, any company, any nonprofit organisation, it does not matter who, anyone who stores or processes credit card details would need to comply with PCI DSS,” explains Dr Angelika Plate, director of Strategic Security Consulting at help AG. PCI compliance applies to almost everybody in the payment industry, whether it is a merchant doing a transaction, or a bank providing financial services. Anything to do with finance by any channel, PCI is relevant. “As of today PCI has mandated the hardware manufacturers with a certain level of compliance depending on region,” says Niranj Sangal, Group CEO, at card payment specialists OMA Emirates LLC.
COMPLIANCE LEVELS There are four different levels of
Dr Angelika Plate from help AG says that every company regardless of size must be PCI compliant if it deals with credit card details.
“We have seen a lot of cases in the world where the storage and processing of credit card details have been compromised and obviously more security is necessary and in turn, any organisation, any company, any nonproﬁt organisation, it does not matter who, anyone who stores or processes credit card details would need to comply with PCI DSS.” Dr Angelika Plate, director of Strategic Security Consulting at IT security consultant help AG. PCI compliance and depending on which level you are on, you have certain rights. According to Martin Waldenstrom CEO of online payment gateway cashU, on the different levels there are different requirements depending on whether you are a processor or merchant. If you are a processor you process for hundreds and
even thousands of merchants but if you are a merchant it’s just for yourself. The different levels are defined based on services provided by different financial organisations. “Let’s take a bank; for a bank we have 12 different standards of compliance. We look at the security, including networks – which have to have a secure firewall
– and data encryption. This is all there to protect cardholder information. We restrict information to only those required to see it. Then we look at the physical, logical security of the premises where the data is stored,” explains Sangal. There are twelve different standards that a bank must look at or that Visa or MasterCard would assess the bank on. If you look at a merchant, for example Carrefour; it is an entity that is not a bank but has all the financial obligations in terms of a card used in its setup. “When you look at the compliance level of a bank it must adhere to all the 12 standards, but when it comes to Carrefour, there are certain features that are not applied to them because they are a merchant. But in terms of the data transmission from the location to the bank, it needs to be secure, so we look at data encryption and decryption,” states Sangal. “If you look at Duty Free, you need not do a compliance level for them because they have their own infrastructure. The banks do not force them to go with PCI standards because they have their own standards. All their applications are secure, which means if I go to a Duty Free setup I cannot use any USB or an external hard drive to download or upload data. So they are partially compliant when it comes to credit card transactions.” The most important thing for a card used in a retail outlet or an SMB, is the card holder name, then CVV2 – card verification value: the security code on the back of the card – and then the track-one and track-two data which is on the magnetic strip. It is not required that everybody uses a chip card; today the US is still running mag-stripe cards or contactless cards. “Today we are required to be fully EMV-compliant [Europay, MasterCard and Visa, also known March 2013 Vol.19 No.03 25
PCI COMPLIANCE IN UAE
Niranj Sangal from OMA Emirates says that about 80% of regional GCC institutions are fully PCI compliant.
“When you look at the compliance level of a bank it must adhere to all the 12 standards, but when it comes to Carrefour, there are certain features that are not applied to them because they are a merchant.” Niranj Sangal, Group CEO, OMA Emirates LLC. as “chip and PIN”; a chip standard is already applicable, since 2006 in the Middle East. Today in the region about 80% of providers are still implementing chip; practical acceptance is still 60%,” explains Sangal. There are a lot of standards that people can comply with and those standards that are build for compliance always have a set of requirements, PCI DSS has around 200 different requirements and sub-requirements. “Very often I am asked ‘is one requirement more important than another?’. Whilst maybe
people feel like it is, for example when there is a requirement to make sure that credit card details like the transaction numbers, and things like that, are stored in a secretive way. That looks more important than to have a written information security policy. However, on the compliance level it it does not make a blind bit of difference. A requirement is a requirement and non-compliance with one requirement will not lead to certification, as much as non-compliance with any of the other requirements,” states Dr Plate.
Currently there are no laws or regulations in the UAE around PCI compliance, at the moment it at the discretion of the organisation whether they want to be certified or not. “As long as there is no regulatory aspect around it, like maybe a decree from the central bank or some piece of legislation, compliance is only something that applies to people who want to claim compliance and any body wishing to claim compliance has to go through certification. What we have at the moment is a sheer mixture of some banks have it, some don’t. I think from any organisation, aside from banks, I don’t think anyone has really looked into it in the UAE,” says Dr Plate. While PCI DSS certification is nice for companies to have, because it gives customers independent accreditation that the company is certified to protect their data, the only drawback is that it is very difficult for an organisation to prove that they are secure. Companies who are PCI compliant can let customers know through a badge on their website. Any certification helps to demonstrate to business partners, customers and the general public that they are operating completely securely. “It is always good for any customer to double check if possible or get some additional credibility to make sure the payment gateway is secure. I have seen so
many people claiming all sorts of compliance, it is one of the most mis-used words I have ever seen and everybody who can think of it claims compliance with all sorts of things and in many cases it is not relevant at all. I have seen organisations who have said they are compliant because they use PCI compliant products, which is simply not good enough,” explains Dr Plate.
COMPLIANCE DEADLINE At the moment the deadline to be PCI compliant is in 2014. Being PCI compliant is recommended but there are no penalties for not abiding by it. “At the moment PCI is applied by each merchant in different ways because the processor may be PCI compliant. However there are some merchants who accept credit card details over the telephone or via fax and are not PCI compliant, which is not recommended,” says Waldenstrom. “There is an avenue to report a website breach that may affect credit card details, one can report it to the e-crime department at the police or the central bank. But here in the UAE there is no action that will be taken.” In the GCC the number of PCI compliant firms is much higher that for the UAE, OMA Emirates says that PCI compliance is a mandate so all institutions should be PCI compliant otherwise Visa, MasterCard and other schemes won’t certify them. “I would say about 80% of
PCI compliance levels Level 1: the highest and the only one that allows you to store credit card details. It requires you to have an external PCI auditor to audit at least once a month. You need to have a compliance officer dedicated to this. Level 1 is merchants that process over six million Visa or MasterCard transactions per year. Level 2: Level 2 are merchants processing from 150,000 to six million Visa or MasterCard transactions per year. Level 3: Level 3 are merchants processing from 20,000 to 150,000 Visa or MasterCard transactions per year. Level 4: Level 4 are all merchants not included in Levels 1, 2 or 3. March 2013 Vol.19 No.03 27
Does your ﬁbre system tick all the boxes?
LANmark-OF : Competitive Fibre Optic Solutions 40G
tMicro-Bundle cables save up to 50% trunk space tSlimﬂex cords offer 7,5mm bend radius saving 30% space in patching areas tPre-terminated assemblies reduce installation time tMPO connectivity enables cost efﬁcient migration to 40/100G
LANmark-OF brings the best ﬁbre technologies together to ensure maximum reliability and lowest operational cost. OF brochure
Accelerate business at the speed of light
Global expert in cables and cabling systems
Top 10 tips to ensure PCI compliance t *OTUBMMBOENBJOUBJOBรถSFXBMMDPOรถHVSBUJPOUPQSPUFDU DBSEIPMEFSEBUB t "MMTZTUFNTNVTUCFQSPUFDUFEGSPNVOBVUIPSJTFEBDDFTTGSPN UIFJOUFSOFU XIFUIFSFOUFSJOHUIFTZTUFNBTFDPNNFSDF FNQMPZFFTJOUFSOFUCBTFEBDDFTTUISPVHIEFTLUPQCSPXTFST PS FNQMPZFFTFNBJMBDDFTT t %POPUVTFWFOEPSTVQQMJFEEFGBVMUTGPSTZTUFNQBTTXPSETBOE PUIFSTFDVSJUZQBSBNFUFST5IFTFQBTTXPSETBOETFUUJOHTBSF XFMMLOPXOJOIBDLFSDPNNVOJUJFTBOEFBTJMZEFUFSNJOFEWJB QVCMJDJOGPSNBUJPO t 1SPUFDUTUPSFEDBSEIPMEFSEBUB&ODSZQUJPOJTBDSJUJDBM DPNQPOFOUPGDBSEIPMEFSEBUBQSPUFDUJPO"MTP NFUIPET GPSNJOJNJTJOHSJTLJODMVEFOPUTUPSJOHDBSEIPMEFSEBUB VOMFTTBCTPMVUFMZOFDFTTBSZ USVODBUJOHDBSEIPMEFSEBUBJGGVMM QFSTPOBMBDDPVOUOVNCFSJTOPUOFFEFEBOEOPUTFOEJOHJUJO VOFODSZQUFEFNBJMT t &ODSZQUUSBOTNJTTJPOPGDBSEIPMEFSEBUBBDSPTTPQFO QVCMJD OFUXPSLT t 6TFBOESFHVMBSMZVQEBUFBOUJWJSVTTPGUXBSFPSQSPHSBNT "OUJWJSVTTPGUXBSFNVTUCFVTFEBOESFHVMBSMZVQEBUFEPOBMM TZTUFNTDPNNPOMZBรฒFDUFECZWJSVTFTUPQSPUFDUTZTUFNTGSPN NBMJDJPVTTPGUXBSF t %FWFMPQBOENBJOUBJOTFDVSFTZTUFNTBOEBQQMJDBUJPOT.BOZ TFDVSJUZWVMOFSBCJMJUJFTBSFรถYFECZWFOEPSQSPWJEFETFDVSJUZ QBUDIFT"MMTZTUFNTNVTUIBWFUIFNPTUSFDFOUMZSFMFBTFE BQQSPQSJBUFTPGUXBSFQBUDIFT t 3FTUSJDUBDDFTTUPDBSEIPMEFSEBUBCZCVTJOFTTOFFEUPLOPX t "TTJHOBVOJRVF*%UPFBDIQFSTPOXJUIDPNQVUFSBDDFTT5IJT SFRVJSFNFOUFOTVSFTUIBUBDUJPOTUBLFOPODSJUJDBMEBUBBOE TZTUFNTBSFQFSGPSNFECZ BOEDBOCFUSBDFEUP LOPXOBOE BVUIPSJTFEVTFST t 5SBDLBOENPOJUPSBMMBDDFTTUPOFUXPSLSFTPVSDFTBOE DBSEIPMEFSEBUB
Martin Waldenstrom from cashU says that the different PCI compliance levels are defined based on the services provided by different financial organisations.
โThere is an avenue to report a website breach that may a๏ฌect credit card details; one can report it to the e-crime department at the police or the central bank. But here in the UAE there is no action that will be taken.โ Martin Waldenstrom CEO of cashU.
Today the majority of credit card transactions go through COMTRUST, says Niranj Sangal from OMA Emirates.
SFHJPOBMJOTUJUVUJPOTBSFGVMMZ DPNQMJBOU wTBZT4BOHBM 5PEBZUIFNBKPSJUZPGDSFEJU DBSEUSBOTBDUJPOTHPUISPVHI $0.53645 BMTPLOPXOBTUIFF $PNQBOZ BOENPTUPGUIFCBOLT BSFVTJOHUIFQBZNFOUHBUFXBZ PGF$PNQBOZUPEPBMMPGUIFJS FDPNNFSDFUSBOTBDUJPOT i,FFQJOHUIBUJONJOE UIFSF IBWFCFFOBTVCTUBOUJBMBNPVOU PGGSBVET<NPTUMZ>POUIF"GSJDBO $POUJOFOU4POPXUIFTDIFNFT BSFQSPWJEJOHUIFTFNFDIBOJTNT
EJSFDUMZUPFOEVTFST TPJGZPV EPOUXBOUUPVTFF$PNQBOZ ZPVDBOVTFUIF7JTBHBUFXBZ w 4BOHBMTBZT 'SPNPOXBSETNPTU รถOBODJBMPSHBOJTBUJPOTIBWF TUBSUFEMPPLJOHBUBDPNQMJBODF MFWFMTCFDBVTFNBOEBUFTIBWF CFFODPNJOHGSPNUIFDFOUSBM CBOLUPFOTVSFUIFDPSFCBOLJOH DBSENBOBHFNFOUTZTUFNTBOE UIFOFUXPSLBSFDPNQMJBOU i6OUJMXFPCTFSWFEUIBU FBDICBOLIBEPOFPSUXPBVEJ March 2013 Vol.19 No.03 29
have lower and so there is no solution that fits all. At the moment at least, nobody has come up with a decent scheme that helps to reduce the amount of requirements for SMBs, as sorry as I am to say that,” says Dr Plate. “I am the member of the ISO committee where ISO27001 is developed, which is one for the inputs into PCI DSS and even there we keep discussing whether we can do something for SMEs and how can we help them.” PCI compliance is all about security, so an SMB company will be assessed on: qualifications of staff, access rights, where a company hosts its system, auditing of the physical access to data rooms and IT department, companies are even assessed on whether they leave confidential documents in an easy to reach place, according to Waldenstrom.
PCI COMPLIANCE REQUIREMENTS
PCI compliance is now mandated by nearly every credit card scheme.
tors who were not up to the level of doing PCI audits, and that was why you had professional companies charging $100,000 or $120,000 just to do an audit. To save this cost the banks have been hiring their own people to do PCI audits,” Sangal explains. There was an incident in Algeria a couple of weeks ago, where Visa had certified a site and a fraud still occurred. In such cases the schemes are liable, but since 2006 most of the liability share is on the financial bodies. PCI compliance is now mandated by nearly every scheme. There are audits a company must go through before it starts taking payments. There is an application form that must be filled in, on which they ask about Payment Card Industry compliance.
30 March 2013 Vol.19 No.03
Without that compliance they won’t certify the premises. “MasterCard has started working with four organisations locally [in the UAE] and Visa has been working with around 30 companies. These companies do the audits for Visa and MasterCard; they look at the compliance level of the site and the compliance level of the applications used. We call the applications compliance level PA-DSS [Payment Application Data Security Standard]. The auditors scrutinise the whole application in terms of the way the data is stored on it. For example, do they have some stored procedures that store data and then release it?” says Sangal. In the last three years OMA Emirates has found that banks are starting to have PCI audit de-
partments. About 80% of these banks are already compliant. Recently most of them have been working towards compliance because Visa and MasterCard have got a mandate to ensure these standards are followed. Hardware manufacturers are also being certified because without the hardware you cannot run an application.
SMBS AND COMPLIANCE None of the PCI compliance standards downsize well, according to Dr Plate, and the number and complexity of standards that must be adhered to to become compliant can be prohibitive for small and medium businesses. “It is very difficult because the SME world is so diverse and some have higher security and some
There are a lot of requirements around PCI compliance covering the protection of the credit card data in storage, transmission, or as a process. There is not as much consideration of integrity or availability, which are also very important aspects. “I would recommend everybody considers availability. Nicely protected data does not mean anything if you don’t have availability,” states DrPlate. Then there are a set of technical requirements related to the network that is processing the data, any applications that are used for this processing, and all the IT devices used for this process. These all go through a separate product certification for PCI compliance. “The PCI DSS certification for organisations is always an organisation certification, that means that the organisation with its people, its processes, its IT, its technology, its policies and everything is assessed and
Detecting security breaches Security breaches can be hard to detect, but there are signs that can appear when a security breach has occurred: t6OLOPXOPSVOFYQFDUFEPVUHPJOHJOUFSOFUOFUXPSLUSBรณDGSPN UIFQBZNFOUDBSEFOWJSPONFOU t1SFTFODFPGVOFYQFDUFE*1BEESFTTFTPSSPVUJOH t6OLOPXOPSVOFYQFDUFEOFUXPSLUSBรณDGSPNTUPSFUP headquarter locations t6OLOPXOPSVOFYQFDUFETFSWJDFTBOEBQQMJDBUJPOTDPOรถHVSFE UPMBVODIBVUPNBUJDBMMZPOTZTUFNCPPU t6OLOPXOรถMFT TPGUXBSFBOEEFWJDFTJOTUBMMFEPOTZTUFNT t6OFYQMBJOFENPEJรถDBUJPOPSEFMFUJPOPGEBUB t"OUJWJSVTQSPHSBNTNBMGVODUJPOJOHPSCFDPNJOHEJTBCMFEGPS VOLOPXOSFBTPOT t&YDFTTJWFGBJMFEMPHJOBUUFNQUTJOTZTUFNBVUIFOUJDBUJPOBOE FWFOUMPHT t7FOEPSPSUIJSEQBSUZDPOOFDUJPOTNBEFUPUIFDBSEIPMEFS FOWJSPONFOUXJUIPVUQSJPSDPOTFOUBOEPSBUSPVCMFUJDLFU t42-*OKFDUJPOBUUFNQUTPSTUSBOHFDPEFJOXFCTFSWFSMPHT t"VUIFOUJDBUJPOFWFOUMPHNPEJรถDBUJPOT JF VOFYQMBJOFEFWFOU logs are being deleted) t4VTQJDJPVTBGUFSIPVSTรถMFTZTUFNBDUJWJUZ JF VTFSMPHJOPSBGUFS IPVSTBDUJWJUZUP1PJOUPG4BMF 104 TFSWFS t1SFTFODFPGBSPPULJU XIJDIIJEFTDFSUBJOรถMFTBOEQSPDFTTFT JO GPSFYBNQMF &YQMPSFS UIF5BTL.BOBHFS BOEPUIFSUPPMTPS DPNNBOET t4ZTUFNTSFCPPUJOHPSTIVUUJOHEPXOGPSVOLOPXOSFBTPOT t6OFYQFDUFEรถMFMFOHUIT TJ[FTPSEBUFT FTQFDJBMMZGPSTZTUFNรถMFT t6OFYQMBJOFEOFXVTFSBDDPVOUT t1SFTFODFPGBSDIJWFEDPNQSFTTFEรถMFTJOTZTUFNEJSFDUPSJFT t7BSJBODFTJOMPHDISPOPMPHZPSUJNFTUBNQT t*GZPVBSFSVOOJOH.JDSPTPGU DIFDL8JOEPXTSFHJTUSZTFUUJOHT GPSIJEEFONBMJDJPVTDPEF /PUF.BLFTVSFZPVCBDLVQZPVS SFHJTUSZLFZTCFGPSFNBLJOHBOZDIBOHFTBOEDPOTVMUXJUI .JDSPTPGU)FMQBOE4VQQPSU *By Visa Inc Fraud Control and Investigations Procedures Version 3.0 (Global)
There are between 12 and 15 steps that a company needs to go through to comply with PCI standards.
The weakest link in any company is the human being; that is why PCI compliance also deals with processes and policies for the employee.
PGDPVSTFGPSBQSPEVDUDPNQMJ BODFBTTFTTNFOUJUJTPOMZUIF QSPEVDUTUIBUBSFMPPLFEBUBOE GPS1$*%44DPNQMJBODFBUUIFPS HBOJTBUJPOBMMFWFM UIFPSHBOJTB UJPOOFFETUPVTF1$*DPNQMJBOU products in their processing to GVMMZBDIJFWFUIBU wTBZT%S1MBUF
THE HUMAN ELEMENT 5IFSFJTZFUBOPUIFSTFUPG SFRVJSFNFOUTGPSEPDVNFOUB tion, policies and processes, the people in the organisation need to be brought alongside in the 1$*DPNQMJBODFQSPDFTTBOEWFSZ PGUFOUIFIVNBOCFJOHJTUIF XFBLFTUMJOL i$PNQVUFSTZPVDBOTFUVQ EFUFSNJOJTUJDBMMZ JUNBZUBLFB MJUUMFCJUPGFรฒPSUUPEPTP CVU PODFZPVIBWFEPOFJU BOEEPOF JUQSPQFSMZJUXJMMXPSL*UJTOPU UIFTBNFBTQFPQMF:PVIBWFUP bring people on board and tell UIFNXIBUUIFZBSFTVQQPTFEUP CFEPJOHBOETPJUJTJNQPSUBOU hat they are brought alongside in UIFQSPDFTT w%S1MBUFTBZT 5IFSFBSFCFUXFFOUP TUFQTUIBUBDPNQBOZOFFETPO JUTOFUXPSLUPDPNQMZXJUI1$* TUBOEBSETBOEJUWBSJFTCFUXFFO NFSDIBOUTBOEQSPDFTTPST i5PEBZUIFHSFBUFTUDPTUJO1$* DPNQMJBODFJTUIFOFUXPSLDPTU
*XPVMEOPUMPPLBUBQQMJDBUJPOT CFDBVTFHFOFSBMMZNPTUPGUIF WFOEPSTOFFEUPCFDPNQMJBOU 5IFNBJOQBSUPGUIFJOGSBTUSVD UVSFJOUFSNTPGTQFOEJTUIFOFU XPSLBOE1$*OFUXPSLTDPTURVJUF BMPUPGNPOFZ wTUBUFT4BOHBM 5IFDPTUPGJNQMFNFOUJOH1BZ NFOU$BSE*OEVTUSZDPNQMJBODF depends entirely on where the DPNQBOZJTBMPOHUIFDPNQMJ BODFMBEEFS JGUIFDPNQBOZPOMZ EPFTBUJOZCJUPGDSFEJUDBSE QSPDFTTJOHUIFOUIFQSPDFTTJTGBS FBTJFSUIFOJGJUHPFTUISPVHIB CJHOFUXPSLXJUIBMPUPGDPOOFD UJPOTUPPUIFSPSHBOJTBUJPOT "MTP UIFPWFSBMMBNPVOUPG QFPQMFJOWPMWFEJOUIFDSFEJU card transaction process and UIFPWFSBMMBNPVOUPGTZTUFNT BOEDPNQMFYJUZPGUIPTFTZTUFNT JOWPMWFEJOUIFQSPDFTTJTBOPUIFS DPOTJEFSBUJPO i"OPUIFSUIJOHUPCFBSJONJOE is how good or bad the organisa UJPOJTBOZXBZ*GUIFSFJTBMPOH XBZUPHPJOPSEFSUPBDIJFWF GVMMDPNQMJBODFPCWJPVTMZUIFSF JTNPSFUPEPUIFOJGUIFSFJT WFSZMJUUMFUPEP"OZรถOBMMZJGBO PSHBOJTBUJPOJTVTJOHOPO1$* DPNQMJBOUQSPEVDUTBOEUIFZ OFFEUPSFQMBDFUIFNBMMXJUI DPNQMJBOUQSPEVDUTJUXJMMBEEBO BEEJUJPOBMDPTU wTUBUFT%S1MBUF March 2013 Vol.19 No.03 31
Network access controls and identity management: What you need to know
Access controls and identity management experts look at what kinds of authentication and access controls enterprises can and should implement, how they work and how they protect the network against unauthorised intrusions.
f you are a network manager who has not implemented identity management (IDM) and network access controls (NAC), then you will be a network manager who is looking for a new job, according to digital security experts Gemalto. “If you do not implement identity management and network access controls, you are really setting yourself up for a problem because even though a username and password has been considered good enough security, that is changing. We are getting to a place where the demand, especially for sensitive areas of a corporate network, is for stronger authentication credentials,” explains Ray Wizbowski, vice president of strategic marketing, Security Business Unit, at Gemalto. IDM and NAC is the management of individual identifiers, their authentication, authorisation, and privileges within or across system
32 March 2013 Vol.19 No.03
and enterprise boundaries with the goal of increasing security and productivity while decreasing cost, downtime and repetitive tasks. Who accesses what in a corporate network is an essential tool in the battle to maintain network security. IDM can be extended to physical access, to buildings and access control systems in general. A good example of this is the Emirates ID card, which potentially could be used for identity management or to identify the individual. “In the future you might have public services which will use the certificate store that we have on the Emirates ID to identify the individual against those services. There is nothing that stops the Emirates ID project from also having commercial access for enterprises to identify employees, visitors etc,” says Nicolai Solling, director of technology services at help AG Middle East.
Who accesses what in a corporate network is an essential tool in the battle to maintain network security.
March 2013 Vol.19 No.03 33
CONTROLS When enterprises looking at IDM and NAC for the typical uses that exist within the organisation and the access that they need, they need to keep in mind how privileged users are controlled within the organisation. “As part of an overall access governance programme, people should look to put the right controls in place that actually improve the ability for people to do their jobs, but also take away the risk from the business. So being able to control the sharing and use of privileged passwords, being able to record sessions if an external consultant is accessing systems and being in a position where you haven’t got large number of administrators who are using and sharing system or administrator passwords,” says Phil Allen, director, Identity and Access Management, EMEA at access control and identity management experts Dell Quest One Identity Solutions. The average American enterprise environment any user will have up to 25 different identities they have to remember within the environment and at any point in time they will have username and password that is expiring or about to expire and the user has to remember all of these, says Wizbowski. “From a management perspec-
In the average American enterprise environment, any user will have up to 25 different identities.
tive that is a huge overhead. Every time that you lose a password as a user, some of the research shows that it costs the company $25 is in loss of productivity because the person cant log it, it is the fact that you have to call support etc,” he explains.
IMPORTANCE OF IDENTITY, ACCESS MANAGEMENT Data is the crown jewel of any organisation; the intellectual property and the data of the business, whether that is financial data, mergers and acquisition data, and all of that is now connected to the internet. In today’s environment there needs to be a new way of looking at enterprise security. In the past, NAC and IDM were focused on keeping the bad guys out and letting the good guys in. Enterprises handled this by putting up a strong perimeter security strategy. NAC and IDM were put in place to essentially offer keys to the right people to let them in through this hardened perimeter while keeping those without the keys out of the network. “This was a decent strategy when the enterprise controlled their data centre, the applications sat within that data centre, and the organisation could easily control who to let in and who to keep out,” says Marc Lee, director EMEA, at identity and access
Ray Wizbowski from Gemalto says that network access controls and identity management are business critical.
“If you do not implement identity management and network access controls, you are really setting yourself up for a problem because even though a username and password has been considered good enough security, that is changing.” Ray Wizbowski, vice president of strategic marketing, Security Business Unit, Gemalto.
Nicolai Solling: HelpAG: talks NemID Denmark has an advanced form of identity management called the NemID, which means easy ID, every single person in Denmark who has a social security number has this ID. You can use it for e-government services and on top of that they have a commercial arm which allows people to identify the individual using that. So if you go to services like the Danish eBay, one of the big issues they had on the website was that they could not identify the individual that was putting stuff up for sale. What they are now doing is they are actually subscribing to this government-based identity service, the NemID, which means that as an individual I have one card that identifies me against these services. The same thing happens with banks, another place where identity is very important. When we log onto our e-banking, there is a project called Easy ID, which is a government service, run by the same company which does all our money transfers between banks in Denmark. The banks use this service to identify users on e-banking environments. One card does everything. There is nothing that stops a large enterprise to go and access the identity service on its applications. According to Nat Pisupati from HID Global, the Emirates ID is going to be able to be used as a payment device.
March 2013 Vol.19 No.03 35
management leaders Courion. Enterprises now have travelling executives who have unlimited access to the data on the corporate network and are carrying it with them on their laptops, so that data becomes the most precious asset within a company. Controlling who gets access to what is critical and having strong authentication is essential. “Identity and access management is beyond a nice to have thing. I would call it business critical, mission critical, whatever term you want to use,” states Gemalto’s Wizbowski. Implementing a way to ensure a high level of assurance that the employee that is accessing that data is the correct person has become essential. “If it is not in place it is a case of not if you will get compromised, it is when you will get compromised, because if you are blocking access by using a username and password that is easily bypassed by cyber thieves,” states Wizbowski. Today, the extended enterprise is all about ensuring that employees, contractors, partners and even customers can access critical data and applications from anywhere, anytime. The applications and data are often cloud based and accessed by mobile devices. This hardened perimeter of keeping everyone out no longer applies; the new perimeter is policy based and the key ingredient to that policy is identity and access. “Because of the huge entrance of the new devices to the network, mainly from tablet computers, smartphones etc, additional security is needed now, included network access control,” says Ammar Enaya, general manager for the Middle East at network access solution provider, Aruba Networks. Identity intelligence is required to immediately identify when user access or activity is suspicious, identify the risk associated
36 March 2013 Vol.19 No.3
Phil Allen from Dell Quest One Identity Solutions says that putting the right controls in place makes is easier for employees to do their jobs.
“As part of an overall access governance programme, people should look to put the right controls in place that actually improve the ability for people to do their jobs, but also take away the risk from the business.” Phil Allen, director, Identity and Access Management, EMEA, Dell Quest One Identity Solutions. with this, and immediately alert and notify the proper people and provide them ability to remediate. It provides the ability to define policy, enforce policy, verify policy compliance, and immediately identify risky access and user behaviour to take immediate action to remedy. “We work with Aramco and Qatar Petroleum and they have very, very secure premises, very secure facilities and they don’t want the security in these building to be compromised, so we provide an ID card. For example in Qatar where you can not only enter the building, but security guard can authenticate your identity because your photo is on the ID. It is difficult to compromise because we have some very
strong authentication devices in place in the ID cards and one can also log onto their laptop with the same ID card, providing logical security for their laptops. These companies in oil & gas and government, they really don’t want their facilities or employee IDs to be compromised and no one can blame them for that,” explains Nat Pisupati, regional sales director for secure identity solutions provider HID Global.
HOW DOES IT WORK? Most software systems use NAC or IDM software in one form or another. User identity is authenticated and verified to ensure that the user has the correct provisions to access information. Vendors that provide access
management systems provide an application residing on a server that accepts authentication requests and uses standards-based policies to verify the request. “The identity used in the request contains attributes and credentials that are used in the verification step. Additional software uses the identity information that is also indexed with application or system entitlements to determine whether the requestor is authorised to access the application or system. There are specific entitlements for each application. These entitlements are identified and stored in an entitlement catalog during the construction of the identity management system,” explains Earl Perkins, research vice president in Systems, Security and Risk, at market research firm Gartner. Access management solutions bring together authentication and authorisation services to verify identities and enforce the entitlements associated with them. Audit software serves as a foundation for analysis and alerting, recording activity and recognising patterns of user behaviour. If there is an anomaly or
Nicolai Solling from HelpAG says there is no reason why commercial ID applications cannot be integrated into the Emirates ID card.
“There is nothing that stops the Emirates ID project from also having commercial access for enterprises to identify employees, visitors etc” Nicolai Solling, director of technology services, HelpAG Middle East.
NFC in identity management: NFC for use in network access and identity management is in its very early stages. In the ID market NFC technology is primarily being used to open doors. Near Field Communications is a young, evolving technology, and so are the technologies that will secure it as well as the role that NFC may play in security. “We have a pilot project in Goodyear Arizona, state university where students were given mobile phones like BlackBerry’s or iPhones and a lot of these kids seem to be losing their room keys, but most of them will not use their phone, so we are using a programme right now where these kids can access the library, the entrance to different college buildings, they can access their dormitory rooms by putting their mobile phone in front of a card reader and the door automatically opens,” says Pisupati. Nicolai Solling from HelpAG says that he has seen authentication methods whereby the user places their phone on a physical reader device next to their computer. Your phone then identifies you and that you are close to your computer and opens the machine. When you are not at your computer you take your phone with you and the computer locks. That proximity information can also be used by IT applications that can then forward calls when the user is away from his desk, for example. When it comes to using NFC within a data infrastructure, this is still very, very early technology, according to Ray Wizbowski from Gemalto. “There are some reports that say NFC are about 10% of the phone market right now, I think that may be a bit high, but even at 10% you are still talking a very small number that would be able to be used for access or identity management,” he says. While it is possible that NFC may serve as a foundation for delivering improved means of authentication and/or authorisation, it is too early to tell at this stage. Interesting development work continues, explains Earl Perkins from Gartner.
abnormality, Identity and Access Management systems can alert IT staff, enabling the identification of potential risk areas before any real threats occur. “The authorisation decision of ‘should you get access to this resource’ or ‘can you perform this operation’ is then made using identity and provisioning information. The software is used to detect whether more information or stronger authentication is required to provide access, or whether access should be granted to the user,” explains Lee. Access control software controls who goes to what part of a complex or building, for example in Qatar petroleum they have virtual cities, and they can control movements of people where they want based on how senior they are. “We allow the IT managers to define roles, because in an
organisation a particular user might need access to certain programmes, so we allow them to define what a person’s role is, what they are allowed to do and we allow them to implement that role based approach,” says Prasanna Kumar Singh, senior technical expert, ADManager Plus at ManageEngine. According to Allen, from Dell Quest One Identity Solutions he typically sees organisations still using the in-built authentication processes that exist within applications like Microsoft systems and Unix systems that exist on their infrastructure. “However, if people are accessing the network externally from we are seeing a rise in enterprises using strong authentication processes, such as software based tokens, hardware based tokens, people using one time tokens on mobile devices,” he says. March 2013 Vol.19 No.03 37
“To build an eﬀective system, there is a burden placed upon key support providers like network managers to construct an eﬀective identity data model, to ensure that systems are conﬁgured and supported properly, and to ensure the ongoing maintenance of that environment” Earl Perkins, Research Vice President in Systems, Security and Risk, Gartner.
An effective IDM and NAC system brings an enterprise better assurance of access, says Earl Perkins from Gartner.
THE BURDEN ON IT An effective IDM and NAC system brings an enterprise better assurance of access, more transparency for access and identity administration, and accountability of that access for all users, according to Gartner. In such an environment, audit for compliance purposes is easier and more thorough, and automation of many manual processes associated with identi-
ties is established and helps to streamline the process of identity management and use. “To build an effective system, there is a burden placed upon key support providers like network managers to construct an effective identity data model, to ensure that systems are configured and supported properly, and to ensure the ongoing maintenance of that environment. The overall level of effort by the
manager varies widely based upon the degree and scale of implementation,” says Perkins. According to HID global, there is a lot of work involved when it comes to implementation of access controls and network authentication software. “You are looking at thousands and thousands of people, different ID numbers and one person at a time and each one has to be given different access to various points in a building or buildings in a complex and that does place a lot of burden on the IT managers as well as on the infrastructure because in some instances you are managing hundreds of thousands of people. A big petroleum company has 200-300,000 employees as well as contract workers that come in every day and every one of these people has to be managed and given access and permission and every time new vendor comes into a building, all their details have to be put into the system,” says Pisupati.
Wizbowski says that in most cases there is no downtime for the organisation when they move into access and identity management, it is just a simple switch over. However, the biggest challenge is getting hardware devices, such as an OTP token in people’s hands. “The easiest way to provide enterprise employees with access controls is for them to download an application and then switch to using it, so it really is a back end change,” he explains.
This change can be done in as little as a couple of weeks for small organisations or as a phased approach, or where different groups are phased into the access change over a couple of months. Another advantage of the latest IAM technology is that it allows IT managers to better align business risk to access risk by providing a clear view of the most problematic security areas. This enables organisations to allocate their security budgets more effectively to the most criti-
Pros and cons of NAC Authentication:
Highest security; standards based; multiprotocol; most transparent; scales;built-into modern operating systems
Very familiar model to end-users; broadest platform support; handles guest users best.
Tight integration between client and security policy; broad range of topology support.
802.1X supplicants have a “bad reputation” (although this is not supported in our testing); weak guest support; poor support for nonmainstream platforms such as Linux, Palm, Symbian, and embedded devices.
Onerous and slow for all users; only supports IP; requires web browser; security model weaker
Platform support not broad (usually Windows-only); requires vendor lock-in; weak guest support.
38 March 2013 Vol.19 No.03
Access and identity management is fast becoming a must-have for enterprises.
cal areas that pose significant risk to their business. In terms of actual dollar costs, Perkins from Gartner says that at a guess, if we assume an â€œaverageâ€? enterprise of 10,000 users with at least 10 major applications and requirements for different classes of access, such an organisation might require $250,000 to $500,000 in software costs and another $200,000 to $400,000 in implementation costs. This means such a use case might cost between $450,000 to $900,000. Such projects often take anywhere from six months to a year to implement depending upon complexity. These costs also include training and education.
Key questions to answer when deploying NAC
Questions to be answered
What is your security policy?
What are you trying to accomplish? What type of users and devices will the NAC deployment focus on?
What authentication method will you use?
How will user identity affect security policy and access control?
What end-point security features do you want?
What types of devices will have their security checked? What is the associated policy? How will you handle users and devices that cannot be checked, such as guests or printers? Will you be running continual security checks, or just at login time?
What enforcement strategy will you use?
Where in the network will you enforce? Will you mix different types of enforcement, or use a single consistent strategy?
How is NAC going to integrate into your existing network?
How will physical integration be done? What steps can you take to ensure that integration goes smoothly and without unnecessary disruption? How will it integrate organisationally? March 2013 Vol.19 No.03 39
40 March 2013 Vol.19 No.03
Companies must start treating their data as an asset rather than a burden, writes Piers Ford
March 2013 Vol.19 No.03 41
WEDNESDAY 29TH MAY 2013, JUMEIRAH EMIRATES TOWERS, DUBAI THE MOST CELEBRATED EVENT FOR MIDDLE EAST NETWORKING PROFESSIONALS NOW IN THEIR 9TH YEAR, THE NETWORK MIDDLE EAST INNOVATION AWARDS BRINGS TOGETHER THE REGION’S IT COMMUNITY TO RECOGNISE THE LEADING PROJECTS, VENDORS AND INDIVIDUALS IN THE NETWORKING SECTOR
ONE MONTH LEFT TO NOMINATE NOMINATION DEADLINE THURSDAY 28 MARCH, 2013
Do not miss your opportunity be part of the 9th Network Middle East Innovation Awards. Visit www.itp.net/events/nme-awards or contact one of our team today
For sponsorship enquiries please contact:
For nomination enquiries please contact:
For any other enquiries please contact:
Nayeem Dakhway Sales Manager Tel: +971 4 444 3482 Email: email@example.com
Georgina Enzer Editor, Network Middle East Tel: +971 4 444 3723 Email: firstname.lastname@example.org
Michelle Meyrick Events Manager Tel: +971 4 444 3328 Email: email@example.com
George Hojeige Sales Director Tel: +971 4 444 3203 Email: firstname.lastname@example.org
w w w. i t p . n e t / e v e n t s / n m e - a w a r d s
f data was water, we’d need more than a fleet of arks to save us from the flood. The volumes being bandied around– take your pick from exabytes, terabytes and petabytes – defy comprehension for most of us. But digital data is spilling out of its traditional home in the corporate database, crying out for analysis, integration and above all, use. And with analysts like Gartner and IDC predicting that the digital universe will double in size every year between now and 2020, resistance is futile. Instead, it’s time for enterprises to embrace the phenomenon of big data and acknowledge the opportunity it represents: to find innovative, cost-effective ways to manage and store information, and build applications that will exploit it in increasingly creative ways. If the infrastructure is not to buckle under the pressure, organisations must start treating their data as a dynamic asset rather than an overwhelming by-product requiring expensive storage just to hold it at bay.
DEFINING BIG DATA What is big data? Definitions abound, but a broad consensus is that it is the deluge of unstructured data generated by what might loosely be called ‘life in the 21st century’: everything from multimedia traffic to mobile devices, surveillance networks and social media.
The list is endless. The smallest transaction creates its own wave of data, adding another layer to the information pool. “Organisations are producing more data than ever before from various internal and external sources, thereby making it critical for them to manage and analyse this enormous volume,” explains Boby Joseph, chief executive officer at StorIT Distribution. “Although there is no exact definition of big data, most research firms define it as the massive volumes of complex, high velocity and variable data that an organisation collects over time and which it is difficult to analyse and handle using traditional database management tools. Such large volumes of unstructured data require advanced technologies and techniques to capture, store, analyse, distribute and manage this information.” Joseph says that simply acknowledging the phenomenon and trying to apply traditional management tools to accommodate this bewildering array of data sets is not the answer. Businesses need to interact with big data in real time so that they can react quickly and make fast business changes in response to the live situation it represents. The wealth of information can only yield its true value if there is a shift in attitude. “To address the big data problem, organisations need to change their mindset in addition to upgrading their technology,” states Joseph. “To use big data
“Although there is no exact deﬁnition of big data, most research ﬁrms deﬁne it as the massive volumes of complex, high velocity and variable data that an organisation collects over time and which it is diﬃcult to analyse and handle using traditional database management tools.” Boby Joseph, CEO, StorIT Distribution.
Boby Joseph from StorIT says that organisations are producing more data than ever before.
How to manage Big Data Haritha Ramachandran, programme manager, information and communication technologies practice at analyst Frost & Sullivan, said businesses should choose big data processes that suit the size and scale of analysis they aspire to. “Initially, they could start with a collaborative business intelligence solution that gets data real-time from social media, then scale up to a full-blown analytical system with tiered storage management and the like,” she said. “Globally, big data is gaining interest among enterprises that deal with huge data sets – banking and telecoms, for example. Over 85% of the Fortune 500 companies are planning to implement the technology in the next two years. “Comparatively, the Middle East is still in its infancy. Although there is much discussion, little implementation is seen as yet. Vendors are still marketing the advantages of big data to companies. However, budgets, manpower and risk seem to be deterrents. Verticals such as healthcare are veering towards managing data effectively to provide better service to the citizens; big data is an enabler for electronic medical and health records, and so on.”
March 2013 Vol.19 No.03
Sofocles Socratous from Seagate says that more and more businesses are looking to outsource their big data to the cloud.
effectively, organisations need to choose from a number of advanced technologies and new platforms that will help them tap into internal systems, silos, warehouses and external systems. They also need to add resources with skills to use this massive volume of data optimally. This means that the organisation’s infrastructure, operations and development team need to work together to tap the full potential of big data.” So it’s a challenge for everyone. And there are some important questions to consider. “Big data is becoming a particular problem for IT, because more of the budget is going to data storage and the volume of data is causing traditional models to break,” says John Rollason, EMEA director, product, solutions & alliances marketing at network storage vendor NetApp. “We need to get people to think of data as something that’s more of an asset, and help them find different ways to manage and store it.”
44 March 2013 Vol.19 No.03
THE CLOUD Sofocles Socratous, regional sales director at storage specialist Seagate, says the fundamental challenges of data management, information security, infrastructure investment and operational control, are increasingly aggravated by the need to reduce the complexity and cost of enterprise data storage. “Some of the key questions that I think big enterprise will have to face now include: how do enterprises store lots of data in a limited physical space? How do they offer reliable and consistent data access to their ever-growing customer base while avoiding network congestion? And how can they deal with shrinking budgets yet offer a sustainable storage platform that they won’t outgrow tomorrow?” Socratous asks. He says that more businesses in the Middle East are looking at IT virtualisation, outsourcing their data to the cloud – which negates the problems of overand under-provisioning storage
“Some of the key questions that I think enterprise will have to face now include: how do they store lots of data in a limited physical space? How do they oﬀer reliable and consistent data access to their ever-growing customer base while avoiding network congestion?” Sofocles Socratous, regional sales director, Seagate.
The value of big data While big data is much-discussed at board level, it requires commitment and investment throughout the business. Analysts say that in order to realise the benefits of cost effectiveness that big data could ultimately deliver, CIOs might run into opposition because of the big price tag on the storage infrastructure technologies pitched at meeting the challenge. “Due to the fact that most big data projects today are funded by the business, it is becoming imperative for CIOs to demonstrate the cost effectiveness of a proposed big data project,” said Sid Deshpande, senior research analyst at Gartner. “In order to leverage and deploy some of the emerging storage architectures, CIOs and IT managers need to hire employees with the correct business level exposure, in addition to the technology skill sets: Java and functional programming, data mining and statistics, open source code management, custom ETL exploiting MapReduce methods, Hadoop, and open source data analytics.”
Analysts such as Gartner and IDC predict that the digital universe will double in size every year between now and 2020.
resources, and theoretically liberates the business to focus on data analysis and exploitation. And to do that, they need the right tools. “The fact that most enterprises are being forced to address big data is in itself an opportunity to lower their network’s total cost of ownership through the deployment of more modern and more efficient information technology solutions,” explains Socratous. “With large enterprises expanding their current data centres and building new virtual networks, deploying new physical-layer infrastructure is becoming more recognised as a
business priority, as it can serve to handle the deluge of new data while improving system performance, scalability and future network congestion.” The cloud does not necessarily contain all the answers, however. According to Andrew Logie, chief technology officer at IT strategy consultant DrPete, which has undertaken a number of projects across the region, big data-savvy enterprises are turning to major technology and social media providers for their tools. Companies like Amazon and Google are, after all, in the vanguard of the big data phenomenon. “For instance, Google utilises
“Using distributed infrastructure and software to deliver solutions over diﬀerent geographic territories creates its own challenges – for example, within some EMEA countries, legislation requires data relating to individuals to be identiﬁed on individual disk drive spindles.” Andrew Logie, chief technology oﬃcer, DrPete.
46 March 2013 Vol.19 No.03
Mervyn Kelly from Ciena says that there is a need to upgrade current data warehouse models.
PEOPLE. POWER. PROFITS.
NOW ON YOUR iPAD
In-depth news, expert views, big name interviews and exclusive videos now on the Arabian Business iPad App.
Download your FREE App today.
www.arabianbusiness.com Search for Arabian Business in the App store
Allen Mitchell from CommVault says it will be essential for the IT function to make available analysis tools that are easy to work with and well-integrated with business processes.
a proprietary technology called ‘Big Table’ and possibly other open software source solutions such as Hadoop and Cassandra,” says Logie. “While Amazon provides hosted database solutions built on its noSQL ‘DynamoDB’ solution, based on distributed datastores where the emphasis is on predictable Input/Output per second and scaling on demand, rather than just storage used.
“This is implemented on fast flash-based disk arrays, with as much distributed computing resource as is sufficient to handle the request specified by the customer application and the data stored.” However, organisations should be cautious about implementing a cloud-based big data strategy which takes the data too far from their own domain.
“Agent-less SRM makes rollout a nonissue and it can really help you to organise data for the best access/cost compromise.” Allen Mitchell, MENA senior technical account manager, CommVault.
48 March 2013 Vol.19 No.03
“Solutions always work more effectively when they are near users,” counsels Logie. “The challenge with collecting and reporting on big data is that users can be anywhere, and in huge numbers. “Using distributed infrastructure and software to deliver solutions over different geographic territories creates its own challenges – for example, within some EMEA countries, legislation requires data relating to individuals to be identified on individual disk drive spindles. This scenario makes using cloud-based infrastructure challenging. Amazon, at least, allows organisations to pin their data to any regional data centre.”
Yet adhering to traditional, localised data management practices could compromise the ability to scale quickly and be reactive in data analysis. It’s a dilemma that information technology managers will need to resolve with care.
EASE-OF-USE IS IMPORTANT At data analysis software specialist CommVault, MENA senior technical account manager Allen Mitchell says it will be essential for the IT function to make available analysis tools that are easy to work with and well-integrated with business processes. “Using Storage Resource Management (SRM) software is a
Haritha Ramachandran from Frost & Sullivan says that big data management in the Middle East is still in its infancy.
“Globally, big data is gaining interest among enterprises that deal with huge data sets – banking and telecoms, for example. Over 85% of the Fortune 500 companies are planning to implement the technology in the next two years.” Haritha Ramachandran, programme manager, Frost & Sullivan.
Strategies for coping with Big Data Big data requires big changes in infrastructure and data analysis. At high-performance network specialist Ciena, EMEA marketing director Mervyn Kelly said there are three main areas of opportunities and challenges for the enterprise. Firstly, the combination of high-speed cameras, 1- and 10-gigabit Ethernet networks and sophisticated analytical software has enabled new big data applications. In the US, for example, baseball stadiums are being fitted with cameras and software that tracks players and ball flight in real time, to develop precise performance metrics. That’s one million records per game. “The potential to develop similar, totally new applications using big data analysis cuts across almost every business,” said Kelly. There will also be the need to upgrade current data warehouse models – to make better sense of supply chain information, for example. “An upgrade project might include integrating a new data source by connecting to a subsidiary’s data centre,” said Kelly “Or maybe adding a new network connection to a cloud facility with more compute-intensive platforms enables the ability to economically shift big data workloads that demand peak processing.” Finally, research and education institutions have the opportunity to exploit very high performance applications in the areas of computational bioinformatics, weather and climate simulation, brain simulations and other ‘peta-scale’ research. “The ability to scale to 100 Gbps networking is key to moving these huge data sets between data centres,” he said.
good start,” he said. “Agent-less SRM makes rollout a non-issue and it can really help you to organise data for the best access or cost compromise. Not only will the trending warn you that you’re heading down the big data path, but it can also help drive archive policies for effective long-term storage and keep costs under control.” On the enterprise storage front, in a non-cloud environment, a flexible approach combining multidirectional scalability and multiple data centre support will be crucial, said Andrew Childs, senior business development management at Huawei Enterprise Middle East. Multidirectional scalability and the flexibility to use a variety of storage methods – Distributed File System, Scale-out, Network Attached Storage and Object-
based storage – will be instrumental in successful big data management, said Childs. “Availability is also important in being able to manage big data for a company,” he added. “Should a data centre, for example, go down due to some natural calamity the data will still be accessible with multiple data centres. While companies in the region are quite a long way behind the western world in terms of having solutions to support the growing big data trend, we are seeing companies in the Middle East moving slowly itowards providing these data centre solutions. “They are planning ahead, realising that enormous amounts and various types of data can be capitalised on market intelligence to drive their market share and stay ahead of the curve.” March 2013 Vol.19 No.03
March 2013 Vol.19 No.03
Khaled Kefel from BlackBerry says that the BlackBerry workspace is fully encrypted and fully secure.
BlackBerry 10: The safe option for enterprises?
Khaled Kefel, senior country director, Saudi Arabia at BlackBerry, explains the security benefits of the new enterprise platform What makes the BlackBerry 10 platform a better option for enterprises when compared to Android or iOS? We’ve been in the device management business for over 10 years and we offer a secure, manageable and cost effective solution that organisations can definitely trust. BlackBerry 10 smartphones will be managed on the BlackBerry Enterprise Service 10 (BES 10), which is BlackBerry’s new enterprise mobility management solution. With BES10, we are giving businesses a cost-efficient and industry leading secure, reliable and scalable solution that consolidates the management of smartphones and tablets running BlackBerry and PlayBook OS, as well as Android and iOS. No other mobile device management (MDM) vendor manages more devices than BlackBerry. We are also supporting the consumerisation of IT through BES 10’s BlackBerry Balance feature for BlackBerry 10 smartphones, which offers separation of work and personal data. Personal apps and information are kept separate from work data, and customers can switch from their Personal Space to their Work Space
with a simple gesture on the BlackBerry 10. The Work Space is fully encrypted and secure, enabling organisations to protect their content and applications, while at the same time letting employees get the most out of their smartphone experience for their personal use Can you describe the new security enhancements and how these protect the enterprise better than previous versions? BlackBerry is the gold standard for secure end-to-end mobility. Security is built into the BlackBerry DNA and that is why BlackBerry 10 and BES10 were FIPS certified before launch. BES 10 ensures end-to-end data encryption provides protection and assures employees of their privacy and freedom with features like BlackBerry Balance. We’ve also supported protection against unauthorised devices accessing corporate assets and prevent data leakage. By creating a single outbound port for all communications, there is no need for additional VPNs. With BlackBerry Balance, IT organisations have the ability to segment and control work data on the device, without having
Key security features of BlackBerry 10 t BlackBerry Balance: This system allows users to separate professional communications and applications from music, photographs and other personal items. t Application permissions: This feature lets you see, control, and customise what each application can access and allows you to manage and protect your privacy. t BlackBerry Protect: This can help you remotely locate your BlackBerry smartphone, set a password, and even wipe it from anywhere with an internet connection. It is integrated into every BlackBerry 10 smartphone.. t FIPS Certification: BlackBerry 10 is Federal Information Processing Standard certified. This is a US government computer security standard used to accredit cryptographic modules. t End-to-end data encryption: BlackBerry products and solutions are protected by best-in-class AES 256-bit encryption, a highly secure, internationally recognised data protection standard.
to ‘lock down’ the BlackBerry 10 platform capabilities. This provides CIOs with the trusted end-to-end BlackBerry security model, and enables users to use the work and personal BlackBerry 10 features they want, without circumventing IT, or sacrificing any functionality. Many analysts have said that BlackBerry 10 is the make or break for BlackBerry; what would you say to this?
We’re confident BlackBerry 10 will succeed. Since our global launch across six cities, including Dubai here in the Middle East, we have had a fantastic response for our BlackBerry Z10 smartphone. We are building a new, seamless customer experience and partnering for success with customers, developers and carriers. Consumers and enterprises are excited about our re-designed, re-engineered, and re-invented BlackBerry platform.
Regional companies are set to reevaluate protection measures in wake of the Aramco attack, according to IDC.
March 2013 Vol.19 No.03
GCC cyber security spend to surge The role and importance of information security continues to evolve within the Gulf Cooperation Council (GCC) block of countries, and this evolution is only expected to intensify over the next few years, according to the newly released “Gulf States Security Software Market 20122016 Forecast and 2011 Vendor Shares” study from International Data Corporation (IDC). The Gulf security software market generated $143.34 million in license and maintenance revenue in 2011, with IDC’s research showing that large enterprises, particularly those from the banking, government, and telecommunications sectors
were the primary drivers of this expenditure. The IDC expects spending on IT security in the GCC to continue growing over the coming five years, as the region is witnessing an increasing level of cyber warfare. Indeed, it is believed that the spate of recent attacks on energy and media companies in countries such as Saudi Arabia and Qatar were only the first in a series that are likely to grow in complexity and in frequency. “Companies and governments must assess all possible risk vectors and IT security threats, and reevaluate their security strategies accordingly,” says Megha Kumar a research
manager at IDC Middle East, Africa, and Turkey. “We expect companies, and even governments, to rebuild their business continuity strategies in order to effectively manage the eventuality of further complex cyber attacks. We also expect organisations to become more stringent when evaluating prospective vendors out of concern that they may not be doing enough to remain ahead of the threats.” The UAE accounted for the largest proportion of spending on security software in the Gulf, with 41.5% share, followed by Saudi Arabia and the other GCC countries of Kuwait, Bahrain,
Oman, and Qatar. The market continues to be dominated by Symantec, which garnered 22.2% share in 2011, while McAfee placed second with 12.5% share and Kaspersky rose to third with 10.8% share. The top three sectors of finance, government, and telecommunications together contributed to 58.2% of total security software spending in the GCC in 2011. The series of cyber attacks that struck the energy sector in 2012 will cause companies to reevaluate their security strategies and show greater interest in business continuity planning, fueling security spending throughout 2013 and 2014.
Trend Micro releases SMB security solutions Cloud security leader Trend Micro has announced Worry-Free Business Security solutions in the Windows Server 2012 Essentials dashboard and Trend Micro Worry-Free Business Security 8, which supports Windows 8. These solutions are designed to protect small business in the face of the growing BYOD and cloud trends. “Trend Micro is committed to delivering products that best serve
small businesses. By working with Microsoft to integrate Trend Micro Worry-Free Business Security Services and Windows Server 2012 Essentials, Trend Micro small business customers benefit from cloud computing and mobile applications while feeling confident that their information is safe. It’s the must-have security for small businesses,”said Magi Diego, director, SMB Marketing at
Trend Micro. Through an integrated approach that is designed to protect data, promote flexible work styles, and simplify the path to the cloud, Microsoft Windows Server 2012 Essentials a central server that can automate important activities like online data backup and protection of computers; allow teams to share and organise business documents; provide a platform for running line-of-
business applications; and provide remote access to data from any internet-connected location or connected device. “Trend Micro is taking advantage of the built-in ability to include their offerings in the single management console in Microsoft Windows Server 2012 Essentials,” said David Fabritius, Product marketing manager, Server and Tools, at Microsoft.
Farid Faraidooni from du says that more and more companies are realising that employees want to use their own devices.
March 2013 Vol.19 No.03
Du launches MDM solution As part of its managed services offerings, du – the UAE’s integrated telecommunications service provider, has announced the launch of Mobile Device Management, offering both on-premise and cloud based solutions for businesses to manage corporate data on their employees’personal mobile devices. The solution is built on MobileIron, a leading platform for securing and managing mobile apps, documents, and devices. Du’s MDM solution is designed to provides a secure gateway that connects the end-user to the organisation to retrieve and share corporate data, to back-
end enterprise resources like Exchange, app and web servers and SharePoint. MDM permits employees to securely view email attachments, secure access to SharePoint docs and secure on-device storage. In addition, there is no ‘Open in’access for rogue apps and organisational data can be deleted in the case of a lost device. Du MDM is designed to provide a one stop, highly configurable, cross-platform solution that is compatible with any mobile device used by an employee. Offered in collaboration with MobileIron, the MDM solution provided by du is purpose-built
for Mobile IT providing endto-end integrated security for multiple operating systems, data loss prevention controls for email attachments, certificatebased identity, application and document containerisation, Bring Your Own Device privacy protection, and automated closed-loop compliance. “More and more companies realise, that in the fast paced lives of employees today, they prefer the convenience of using their personal mobile devices for work which would entail organisations monitoring their devices, without compromising any employee’s privacy. Additionally, this proves to
be a challenge for an organisations IT department to maintain control of sensitive information. Our MDM is the ideal solution to maintaining the privacy of each employee, while also maintaining security and control over which individuals are able to access these files. All the data is encrypted prior to transfer with MobileIron providing delivery, configuration, data-in-motion, and data-at-rest protection for email, applications, documents and web services,”said Farid Faraidooni, chief commercial officer, du. The solution is available on the cloud as well as on an on-premise MDM model..
RSA announces release of RSA Security Analytics RSA, has announced the release of RSA Security Analytics – a transformational security monitoring and investigative solution designed to help organisations defend their digital assets against today’s internal and external threats. Built on RSA NetWitness technology, RSA Security Analytics fuses SIEM, Network Forensics, and Big Data analytics into a security platform. By providing security professionals with the visibility to see and understand vulnerabilities and attacks, RSA Security
Analytics is designed to enable the discovery of risks as they occur. Furthermore, by helping security professionals understand digital risks originating from both inside and outside their enterprise, organisations can better defend business assets, including intellectual property and other sensitive data, while reducing the time and cost associated with threat management and compliance-focused reporting. The RSA Security Analytics Unified Platform is designed to deliver: Quick Capture and
Analysis: Security-relevant data, including full network packets, logs, and threat intelligence, are captured and quickly analysed to speed up threat detection. High Powered Analytics: Designed to enable much largerscale collection of data and empower new analysis methods over that of traditional SIEM-based approaches to security. Integrated Threat Intelligence: Helps organisations operationalise the use of threat intelligence feeds to accelerate detection and investigations
of potential attack tools and techniques. Context for Threats: Through integrations with the RSA Archer GRC platform and RSA Data Loss Prevention suite, and by fusing data produced by other products, analysts can use business context to prioritise and allocate resources to the threats which pose the greatest risk. Malware Identification: Using a variety of investigative techniques, the solution identifies a much wider range of malwarebased attacks.
March 2013 Vol.19 No.03
Communication champion Daniel Schmierer, area sales vice president for Middle East & Africa, Polycom, talks IT innovations
Can you tell us how you began working in the IT industry? In 1984, after finishing my studies, the personal computer started to spread in enterprises and I decided I wanted to be in the industry. I joined Texas Instruments Computer Division and a few years later I joined Digital Equipment Corporation, the second largest IT company after IBM at the time, and I have continued to work in the technology industry since. What is the best and worst thing about the networking industry? The best thing is the creativity, energy and capacity to change how the world is communicating and coming together. Working now for Polycom, the leader in video communication and collaboration, we are bringing people from all over the world to communicate with each other and breaking through the distance.
Favourite things What is your favourite film: Many are great, let’s say ‘The Good the Bad and the Ugly’. iOS, BlackBerry or Android? iOS What is your favourite gadget? None Who is your favourite band/musician? Stevie Ray Vaughan What is your favourite book? The 7 habits of highly efficient people from John Covey
Talk us through what you do on a daily basis... My days are a mixture of activities, encompassing customer and reseller visits, meetings and sales reviews with my team, internal meetings on project advancements, analysing and planning the business, economic and competitive environment, along with being continuously trained on our ever-evolving portfolio. What has been your proudest achievement in your career so far? What keeps me proud and fuels my professional passion is Polycom’s success as a winning team. I feel particularly rewarded by the fantastic personal relationships I have with my colleagues, be it at Polycom, and throughout my career. What IT product or innovation should the IT industry watch out for this year? Mobility and cloud are really the areas to watch this year. People want to connect, work, be entertained, and see each other from anywhere at any time. Millions of smartphones and tablets are spreading at light speed, and mobility applications and related cloud access are a major trend. Comparing the IT industry to other countries, do you think it measures up or is lacking and why? The UAE is moving very fast in adopting leading edge technologies. We have very advanced and forward
thinking customers in the region adopting Polycom solutions. What IT company, other than your own do you admire and why? Companies like Apple, Microsoft and IBM all have an incredible power in developing applications with great human interface, whilst renewing and adapting their strategies in a fast changing competitive environment, and have maintained that for more than 30 years. Who do you look up to in your career and why? I have written many books regarding sales and management and there are too many great mentors out there to name one specifically. Watching great CEOs or inspirational presenters is always a good reference point. What do you do for fun? I play and watch football, I like photography and I recently started learning to play the acoustic guitar.
Opportunity is Knocking Open the Door to Energy Savings
Just as no two data centres are the same, the solutions needed to keep your energy costs down are rarely the same either. Whether you’re looking for free cooling or need to support higher heat densities, Chatsworth Products, Inc. (CPI) can create the perfect Aisle Containment Solution for you. CPI’s stock of racks, cabinets, cable management and containment doors have helped create some of the industry’s most innovative containment solutions from the ﬂoor up – literally. Now, with Aisle Containment Solutions that are unmatched on the custom market and sealing solutions that are proven to be 200% more efﬁcient than any similar product, CPI is proud to introduce its new pre-engineered Aisle Containment System.
Features & Beneﬁts • Available as either Hot or Cold Aisle Containment • Architectural aluminum sliding doors with auto-closing mechanism • Designed for ease-of-assembly and maximum sealing performance • Work with our application engineers to create unique design solutions • Broadens air temperature envelope with 4x higher heat and power densities
Find out more at www.chatsworthproducts.co.uk/aisle-containment
Middle East Sales Office +971-4-2602125