23-25 APR 2024 DUBAI WORLD TRADE CENTRE
THE SUPER CONNECTOR EVENT FOR
CYBERSECURITY COMMUNITY SCAN HERE
E M P OW E R T H E CY B E R- S EC U R E D F U T U R E E n q u i re a b o u t E x h i b i t i n g , S p o n so rs h i p, S p e a k i n g O p p o r tu n i t i e s & m o re ! g i se c @ d w tc.c o m | te l : + 97 1 4 3 0 8 6 4 69
HOSTED BY
OFFICIAL GOVERNMENT CYBERSECURITY PARTNER
ﻣﺠﻠﺲ اﻷﻣﻦ اﻟﺴﻴﺒﺮاﻧﻲ CYBER SECURITY COUNCIL
United Arab Emirates
#gisecglobal | gisec.ae
OFFICIALLY SUPPORTED BY
ORGANISED BY
» EDITORIAL
OPPORTUNITIES AND CHALLENGES BECKON The new year beckons CIOs with the opportunity to set the tone for their organizations on the digital highway. The CIO has the onus of continuing and accelerating the digital transformation journey for his or her organization with prioritised decisions. There is a lot that can be done on the technology front and there are demands and expectations to be met from departments within the organization. Can all of it be done? Would it be wise to take them all up? That perhaps is the situation for some of the CIOs or IT heads. Of course, there are budgetary constraints that help keep a reality check and then there is the fact that not all the demands are high priority. As discussed in the cover story of this issue, the focus for the year in terms of initiatives can be built around some major pivots such as AI, cybersecurity, data management, cloud migration, and so on. Get AI and automation into processes, wherever they can add value such as automating routine tasks or ensuring AI is integrated into decision-making or customer-facing processes to enhance them. The impact of GenAI on enterprises across industries could be significant as it democratizes knowledge and hence could help employees sharpen their skills further. There will be a good number of use cases being piloted and the CIO could decide which one to focus upon on a priority basis. Needless to say, GenAI in the enterprise would be a game changer. Cybersecurity will remain a high-priority focus as always. As CIOs look to consolidate their cloud strategies, they may also review and optimize their spend. CIOs spoken to for the cover story have also stressed on the need to focus on data management and governance and that would be critical to enabling high-quality data available for the organization’s decision-making processes. And finally, talent retention will also be a crucial focus for the CIOs.
R. Narayan
Co-Founder & Editor in Chief
narayan@leapmediallc.com Mob: +971-55-7802403
SAUMYADEEP HALDER Co-Founder & MD
saumyadeep@leapmediallc.com Mob: +971-54-4458401
...................
RAMAN NARAYAN
...................
Editor in Chief, CXO DX
MALLIKA REGO Co-Founder & Director Client Solutions
mallika@leapmediallc.com Mob: +971-50-2489676
.........................................................................................................................................................................................................
Sunil Kumar Designer
Nihal Shetty Webmaster
PUBLISHED BY - Leap Media Solutions LLC
REGISTERED OFFICE: Office 10, Sharjah Media City | www.cxodx.com JANUARY 2024 / CXO DX
3
» CONTENTS INTERVIEW
18 » DEMOCRATIZING AI FOR THE ENTERPRISE Sid Bhatia, RVP & GM for Middle East, Turkey & Africa at Dataiku discusses the company’s focus on democratizing everyday AI in the enterprise.
14 COVER STORY
20 » SETTING THE INNOVATION BAR Ryan Li, CEO at Lexar discusses some industry trends as well as the company’s unique strengths.
14 » CIO OUTLOOK 2024 CIOs look ahead to prioritizing increased investments in AI, data modernisation, cybersecurity etc as they seek to enhance business value for their organizations
NEWS INSIGHT 11 » 60% OF UAE ORGANIZATIONS VIEW TECHNOLOGY AS KEY TO SUSTAINABILITY GOALS
12 » TENABLE STUDY REVEALS 40% OF CYBERATTACKS BREACH SAUDI ARABIAN ORGANISATIONS’ DEFENCES
13 » 1-IN-2 BUSINESSES LOSE EMPLOYEES WHEN DIGITAL TRANSFORMATION PROJECTS FAIL, ENDAVA RESEARCH 4
22 » ENABLING ENTERPRISE APPLICATION SECURITY Alvaro Warden, Worldwide Director, Channels & Partnerships at Invicti spoke to CXO DX about the company’s focus in the region to enable enterprise-grade application security testing.
24 » SETTING BENCHMARKS IN MOBILE APPLICATION SECURITY Harshit Agarwal, Co-Founder & CEO at Appknox discusses the company’s range of mobile application testing solutions.
25 » MAKING STRONG GAINS Jose Menacherry, Managing Director, Bulwark Technologies discusses the focus on Saudi Arabia.
CXO DX / JANUARY 2024
COLUMN
26 » THE IMPERATIVE SHIFT Piyush Chowhan, CIO, Panda Retail Company discusses how the CIO's domain has expanded beyond traditional IT functions.
28 » BUSINESS RISK OBSERVABILITY Joe Byrne, CTO Advisor, Cisco Observability discusses the value of business risk observability in managing modern applications.
30 » DE-RISKING BUSINESSES WITH CYBERSECURITY Hadi Jaafarawi, MDr - ME, Qualys shares his 5 predictions for 2024.
32 » ARE WE WINNING THE FIGHT AGAINST RANSOMWARE? Edwin Weijdema, Field CTO EMEA at Veeam says that when it comes to ransomware, there can be reluctance to admit to having suffered a data breach.
34 » THE 5 TECHNOLOGY TRENDS AFFECTING THE SECURITY SECTOR IN 2024 Johan Paulsson, CTO at Axis Communications says that In 2024, we will see security-focused applications appear based on the use of LLMs and generative AI.
REGULARS
06 » NEWS 36 » TECHSHOW 38 » TRENDS & STATS
» NEWS
EMIRATES STEEL ARKAN TO DEPLOY IBM ESG SOFTWARE This initiative also underscores Emirates Steel Arkan's commitment to realizing its decarbonization ambitions in line with UAE’s net zero by 2050 strategic initiative Emirates Steel Arkan and IBM announced on the sidelines of COP28 that the Group will be leveraging the advanced capabilities of IBM Envizi ESG Suite software to streamline the sustainability reporting process through revolutionized data utilization and insights as part of its digitization strategy to capture value and increase productivity and efficiencies. Collaborating seamlessly with IBM's business partner, Gulf Business Machines (GBM), this strategic implementation of Envizi marks a pivotal moment for Emirates Steel Arkan do drive its digital infrastructure modernization efforts forward using the power of digital capabilities to make data-driven decisions and reporting. Aligned with the UN Climate Change Conference (COP 28) and the UAE's "Year of Sustainability," this initiative underscores Emirates Steel Arkan's commitment to operationalizing sustainability, advancing environmental goals, and realizing its decarbonization ambitions in line with UAE’s net zero by 2050 strategic initiative. The IBM Envizi ESG Suite software establishes a robust data foundation, simplifying greenhouse gas (GHG) emission calculation and reporting while significantly reducing reporting time. Saeed Alghafri, CEO of Emirates Steel, an Emirates Steel Arkan company, said: “As one of the region’s leading steel and build-
ing materials groups, we have always emphasized and remained committed to innovation and sustainability. We are on a continued quest to boost our accountability and transparency and proactively working to enhance our ESG reporting process to give us a clear picture of where we stand, and how far we still must go to achieve our ambitious decarbonization goals. The IBM software will enable the Group to harness the transformative power of data analytics to deliver faster and more accurate results that will inform effective ESG strategies and action plans.”
REDINGTON AND LENOVO ANNOUNCE PARTNERSHIP The new partnership will enable better customer support and accelerate the adoption of Lenovo's intelligent solutions partner ecosystem and delivering offerings from Lenovo’s Solutions and Services Group (SSG) and Infrastructure Solutions Group (ISG) to businesses across the Middle East and Africa market. Organizations across sectors are seeking intelligent solutions to thrive in the digital era. Lenovo is optimizing cutting-edge technologies, such as AI, AR/VR, and edge computing, to empower customers fast-track their digital agendas and accelerate productivity.
Dharshana Kosgalage
Head of Technology Solutions Group, Redington MEA Redington, a leading VAD has announced a strategic partnership with Lenovo. The collaboration will see Redington creating strong go-to-market strategies with its
6
Redington, with its robust services capabilities, is well poised to add unique value to the Lenovo business in the region. The distributor has introduced its own intelligent cloud management platform called CloudQuarks, allowing partners to capitalize on cloud services, customized solutions, best practices all on a single platform. This platform is well-received
CXO DX / JANUARY 2024
by the partner community and has seen an increased adoption over the past year. Redington has also created services under SecureQuarks and DataQuarks – catering to end-to-end cybersecurity and analytics demands respectively, in the market. IoT Quarks by Redington also features Industry 4.0, which is its Smart Factory initiative in collaboration with PTC, a leader in industrial IoT, CAD, PLM and more. Dharshana Kosgalage, Head of Technology Solutions Group, Redington Middle East and Africa, said, "We are excited to partner with Lenovo, a global technology leader, to co-create the digital future. This key partnership enhances and complements our extensive portfolio of offerings, strengthening our commitment to delivering unparalleled value to our customers. Together, we are poised to explore new horizons and set new benchmarks in the technology distribution landscape."
» NEWS
GENETEC ANNOUNCES NEW VERSION OF SECURITY CENTER Company shifts to continuous software delivery model; new version brings map enhancement features, authentication improvements and new automation features. Genetec Inc. (“Genetec”), a leading technology provider of unified security, public safety, operations, and business intelligence solutions, announced a new version of its flagship unified security platform, Security Center. With a shift toward a continuous delivery approach, this version marks a new era in the way customers can stay up to date with the platform's latest features and updates. "The fast-changing security landscape is driving a requirement for rapid innovation. By adopting a continuous delivery model, we are able to deliver new features and security updates more consistently with less disruption to customers, while maintaining the ambitious scale of our innovation strategy,” explains Christian Morin, Vice President of Product Engineering and Chief Security Officer at Genetec Inc. The latest version of Security Center brings new mapping enhancements, including a new map widget for dashboards and improved zoom behavior, providing a smoother experience for operators, particularly in large city-wide or multi-site deployments. With the new map widgets, operators can create mini-monitoring tasks in their dashboards. They can pull cameras (or other entities) from the maps into empty tiles to view video, and easily search for entities they are interested in. The enhanced zoom feature now displays or hides layers depending on how much you
zoom in or out. This helps operators see only what's important at their current zoom level, preventing clutter. Security Center has also added new configuration enhancements for authentication services. These improvements include a new configuration wizard that walks users through the set-up process, a troubleshooting window to help detect and diagnose problems, and a testing window to check that everything is working properly before deploying it into production.
PROVEN SOLUTION TO STRENGTHEN AR OFFERINGS PROVEN Solution with its AR offerings will primarily focus on education, healthcare, and training sectors in the GCC PROVEN Solution, a leading enterprise focused on innovative technological solutions in AI, robotics, and AR/VR, has announced its plans to strengthen their Augmented Reality (AR) offerings, demonstrating ongoing advancements and technological breakthroughs. PROVEN Solution has been strategically observing the expanding capabilities of AR, recognizing its potential to revolutionize products and customer projects. Over the past year, the company has intensively evaluated AR's escalating potential, particularly propelled by recent hardware advancements, making it increasingly market adaptable. "AR represents an unprecedented opportunity for us and our strategy involves a dual approach," says Pavel Makarevich, VP of PROVEN Solution. "We are committed to developing our proprietary AR products while tailoring customized ap-
a hands-on, interactive experience across diverse sectors such as education, healthcare, and training." AR stands poised to elevate applications to new heights by combining virtual and physical components, which has piqued the interest among companies concerning the GCC market’s readiness for AR integration. This aims for scenario-based learning and real-time practical exposure, fostering interactive engagements through AR technology. However, the current phase is characterized by exploration and experimentation, as businesses discern optimal use cases aligned with their operations.
Pavel Makarevich
VP of PROVEN Solution plications for our clientele. We envision a landscape where a fusion of virtual and physical elements not only enhances knowledge acquisition but also provides
"Healthcare, education, and training are our primary domains," added Pavel. "We foresee synergistic integration between technology and our expertise in these sectors, empowering our clients with immersive AR experiences."
JANUARY 2024 / CXO DX
7
» NEWS
AMIVIZ PARTNERS WITH DECE SOFTWARE TO PROMOTE GEODI PLATFORM ACROSS THE MIDDLE EAST The collaboration aims to revolutionise data protection, management, and analysis for businesses operating in the region mote data protection solutions across the Middle East. DECE Software has been on boarded to the AmiViz B2B marketplace, and now its GEODI platform is available to resellers from UAE, Saudi Arabia, Oman, Qatar, Egypt and Jordan, among others in the region through the AmiViz online portal or AmiViz mobile app.
Ilyas Mohammed COO, AmiViz
Amiviz, the Middle East region’s first enterprise B2B marketplace, announced its strategic partnership with DECE Software, a prominent technology company, to pro-
The GEODI Platform offers a comprehensive suite of features, including search, discovery, classification, and masking functionalities that provide advanced data protection, data managment, and data analysis. Its intuitive interface and powerful AI capabilities enable users to analyse vast amounts of structured and unstructured data quickly and efficiently, making it an indispensable tool for banking, insurance, healthcare, telecommunications, and other industries.
The GEODI Platform, developed by DECE Software, offers state-of-theart tools to help businesses harness the power of their data, enabling them to make informed decisions, actions and gain a competitive edge. "AmiViz is thrilled to partner with DECE Software and promote the GEODI Platform in the Middle East," said Ilyas Mohammed, COO at AmiViz. "This collaboration aligns perfectly with our mission to empower organizations with innovative software solutions that revolutionise how they utilise their data. We are confident that the GEODI Platform will provide immense value to businesses in the region, enabling them to unlock the full potential of their data assets."
MINDWARE ANNOUNCES PARTNERSHIP WITH VECTRA AI Vectra AI is a front-runner when it comes to AI-driven threat detection and response for hybrid and multi-cloud enterprises Mindware, a leading value-added distributor (VAD) in the Middle East and Africa, has announced its new strategic partnership with Vectra AI, the leader in AI-driven cyber threat detection and response. Kicking-off the alliance, Mindware will be furnishing sales and pre-sales skilled resources to ensure the correct positioning of the Vectra AI platform. Moreover, the distributor will offer professional services to ensure the successful implementation, integration, and value-delivery of the Vectra AI platform at customer premises. Nicholas Argyrides, Vice President - Gulf at Mindware, commented, “We are excited to add Vectra AI to Mindware’s rapidly-expanding cybersecurity portfolio and provide our partners with yet another market-leading technology vendor. Their advanced threat detection and response capabilities not only enhance our security offerings but also significantly empower
8
our channel partners to proactively mitigate cyber threats. With Vectra AI on board, we've taken a giant leap forward in our commitment to safeguarding our clients' digital assets and ensuring a secure business environment.” Mindware is constructing a state-of-theart lab facility, equipped with the latest Vectra technologies for real-world simulations and hands-on customer experiences. It is also channelling resources into rigorous training programs, ensuring that the team earn Vectra-specific certifications, making them well-equipped to consult, implement, and support these solutions. Vectra AI is a front-runner when it comes to AI-driven threat detection and response for hybrid and multi-cloud enterprises and it continues to experience exponential growth in the Middle East and Africa region, primarily attributed to its strong value proposition. The increasing interest
CXO DX / JANUARY 2024
Nicholas Argyrides
Vice President - Gulf, Mindware
among CISOs and security buyers has attracted a high number of leading system integrators and Managed Security Service Providers (MSSPs) to seek “Resell” and/ or “MSSP” partnerships with Vectra AI.
» NEWS
GBM AND SIEMENS COLLABORATE TO SECURE DIGITAL INDUSTRIES The partnership will enable more organizations in the region to benefit from both parties’ expertise in automation, IT infrastructure, and cybersecurity GBM an end-to-end digital solutions provider and Siemens, a global leader in technology, have announced a collaborative effort to support more industries within the GCC to hone their competitive edge while supporting their sustainability ambitions. The collaboration was signed between both parties on the sidelines of COP28, being hosted now in Dubai, UAE. Under the agreement, Siemens and GBM will develop new goto-market strategies for creating and supplying transformative solutions in automation, IT infrastructure, and cybersecurity. These solutions will be tailored to a wide variety of industry applications, from utility grid distribution to water management and power generation. A key focus of the collaboration is ensuring state-of-the-art Operational Technology (OT) security for devices, products, and applications within digital industries. Guided by the principles of Zero Trust and tapping into GBM Shield—the company’s flagship cyber defense program, the latest advancements in threat detection, vulnerability assessments, and risk mitigation will be made available to more organizations in the GCC as they pursue their digital transformation agendas.
Mike Weston, CEO at GBM, stated: "We are thrilled to embark on this collaborative journey with Siemens, and to contribute to global sustainability goals amidst the ongoing COP28 discussions. Our collective strengths will not only redefine the digital landscape, but also fortify the cybersecurity infrastructure in the region. This effort exemplifies GBM's steadfast dedication to
ORGANISATIONS IN UAE AND SAUDI ARABIA LOSE $2.3M A YEAR TO CLOUD BREACHES 42% of respondents say it would be easy for attackers to move laterally across their organisation Inadequate cloud security practices are leaving organisations in the UAE and KSA susceptible to data breaches, according to new research from Illumio. The Illumio Cloud Security Index found that 54 percent of breaches in the UAE and KSA now originate in the cloud, costing organisations $2.3m USD annually. This is particularly concerning given that: · Over three quarters (76%) of respondents are running high-value applications in the cloud. · 100% of respondents admit to storing sensitive data in the cloud. · 98% say a cloud breach would impact their operations · 70% of respondents believe that cloud security in their own company is inadequate Fears about inadequate security practices are likely down to an inability to see and respond to risks in the cloud; 97 percent
say they need better visibility of connectivity with third-party software. 97 percent saying they need to improve their reaction time to cloud breaches. Respondents are also concerned about the consequences of attacks via the cloud. Cloud security is a high priority for 89 percent of respondents in the coming year. Zero Trust Segmentation (ZTS) is believed to be the solution with 89 percent believing it has the potential to significantly improve their own cloud security.
Ashraf Daqqa Regional Director for META, Illumio
Ashraf Daqqa, Regional Director for META at Illumio says, “We’re seeing rapid adoption of the cloud in the UAE and KSA, but as cloud adoption increases, so do the risks. By introducing ZTS as a part of a proactive Zero Trust security strategy, organisations can significantly improve their cyber resilience and reduce the cost and impact of cloud breaches." JANUARY 2024 / CXO DX
9
» NEWS
OMNIX INTERNATIONAL UNVEILS ADVANCED GENERATIVE CONVERSATIONAL AI The solution will streamline operations and elevate user experience by combining Conversational AI and Generative AI technologies
Walid Gomaa CEO of Omnix International
Omnix International, an end-to-end digital solutions and services pioneer, introduced an innovative Generative Conversational AI solution, a cutting-edge
AI-driven technology that integrates both Conversational AI and Generative AI. The solution utilizes AI, machine learning (ML), and Natural Language Processing (NLP), enabling it to increase operational efficiency and lays the groundwork for a future where intelligent systems autonomously can evolve and innovate.
elevated conversational experience.
Conversational AI is developed on a no-code authoring platform that enables bi-directional communication between humans and applications through a native connector. It comes with robust training tools and learning mechanisms, which continuously improve the performance and knowledge of virtual assistants. Additionally, it is equipped with advanced capabilities that enable it to differentiate intent, extract context, and acknowledge sentiment, providing an
"Our Generative Conversational AI solution is a powerful combination of cutting-edge technologies that aims to revolutionize enterprise interactions. It is an NLP engine that supports over 45 languages, making it a game-changer in the realm of intelligent virtual assistants. This solution is a testament to our mission to enhance productivity and satisfaction for enterprises in this transformative phase." said Walid Gomaa, CEO of Omnix International.
Conversational AI further excels in knowledge, vision, search, and voice processing. These features enable intelligent recommendations, semantic searches, image recognition with remarkable accuracy rates, and voicebased verifications.
LESS THAN HALF OF IT PROFESSIONALS HAVE A POSITIVE VIEW OF AI TOOLS Survey unveils varied IT professional sentiment towards AI tools: Challenges and prospects As new research from SolarWinds highlights, less than half (44%) of IT professionals have a positive view of AI tools.
Sascha Giese, Tech Evangelist at SolarWinds, commented on the findings: “With such hype around the trend, it might seem surprising that so many IT professionals currently have a negative view of AI tools. Many IT organisations require an internal AI literacy campaign, to educate on specific uses cases, the differences between subsets of AI, and to channel the productivity benefits wrought by AI into innovation.
The potential risks of AI have a long history in popular media, a fact reflected by the quarter (25%) of IT professionals who say AI tools will eventually pose a threat to society itself. However, rather than turning against AI, this attitude reflects the fact that IT professionals know that massive paradigm shifts require a great deal of planning and properly enforced controls. The survey reveals that almost half (48%) of IT professionals are calling for more stringent compliance and governance requirements to be put in place for AI solutions. over a quarter (28%) currently use AI tools in the workplace — while the same amount are planning imminent investment in AI. Furthermore, almost all of the
10
Sascha Giese
Tech Evangelist, SolarWinds tools popular among IT professionals are rushing to incorporate generative AI features into their products.
CXO DX / JANUARY 2024
“The buzz around AI, particularly generative AI, is grabbing the attention of business leaders. There are clear opportunities to reduce costs, create new product lines, or enrich existing offerings. While this enthusiasm from the C-suite is great for increasing IT budgets, its understandable certain reservations persist among IT professionals — particularly when it comes to AI replacing their key daily tasks.
» NEWS INSIGHT
60% OF UAE ORGANIZATIONS VIEW TECHNOLOGY AS KEY TO SUSTAINABILITY GOALS Only 22% of organizations surveyed by Kyndryl in the UAE have integrated sustainability into their strategies “Technology has emerged as a key enabler to sustainability success, and its role will only continue to grow with the advent of more sophisticated AI tools,” said Shelly Blackburn, Vice President, Cross Solutions Area, Microsoft. “We are eager to help drive meaningful change and contribute to a more sustainable future in collaboration with Kyndryl.” Key highlights of the survey include: • While CEOs and boards have made sustainability and digital transformation a priority, they need help with integration and execution of their programs to meet their goals. • 73% of organizations in the UAE use AI to monitor energy use, but only 46% use current data to predict future energy consumption. • Among stakeholders of organizations in the UAE, employees are the most vocal in advocating for sustainability policies and practices, followed by investors, customers and government regulators.
Drivers to Building a MoreTravers Sustainable OrgaNicholas nization in the UAE Country General Manager for Faith Taylor Chief Sustainability and ESG Officer, Kyndryl
K
yndryl, the world’s largest IT infrastructure services provider, in collaboration with Microsoft, today released the findings of The Global Sustainability Barometer study. The study, conducted by Ecosystm, finds that while 88% of organizations in the United Arab Emirates (UAE) place a high strategic level of importance on achieving their sustainability goals, only 22% have integrated sustainability into their strategies and data. As the world faces an increase in climate-related events and challenges, there is an urgency among businesses to act now using technology to drive sustainable solutions. While 63% of organizations surveyed in the UAE see great significance in technology’s role to achieve their goals, only 30% believe they are making full use of it in their organizations. “Many companies are at different stages of sustainability maturity,” said Faith Taylor, Chief Sustainability and ESG Officer, Kyndryl. “Companies are applying technology to unlock the full potential of sustainability. They are thinking beyond regulatory compliance to pragmatically execute and advance their sustainability goals.”
Below are sustainability best practices driving growth and imQatar,for Dell Technologies proving business outcomes:
• Make sustainability a CEO and Boardroom priority aligned with finance and technology. Over 52% of organizations in the UAE entrust the CEO and the Board with leadership roles in their sustainability functions. • Align sustainability with technology modernization. Technology can help to automate, modernize and prioritize sustainability processes and infrastructures. Of the respondents surveyed in the UAE, 64% use automation to improve efficiencies and build sustainable operations, while 51% use technology to reduce the environment footprint of their organization and support data and reporting requirements. • Build an integrated data foundation. Streamline data management for informed decision-making and successful execution of strategies. A mere 12% of organizations in the UAE have the capability to provide their employees with real-time sustainability dashboards. • Unleash AI for predictive sustainability. Expand the use of AI beyond reporting to include predictive analytics that assess Scope 3 risks, forecast energy consumption and anticipate potential risks such as natural disasters. • Empower employees. The study found that 55% of surveyed organizations in the UAE lack dedicated resources or limited internal expertise, which outlines the need for additional workforce development. JANUARY 2024 / CXO DX
11
» NEWS INSIGHT
Tenable Study Reveals 40% of Cyberattacks Breach Saudi Arabian Organisations’ Defences Security teams are so busy remediating cyberattacks that they don’t have time or resources to focus efforts on strengthening defences to deflect and protect against them From the study it was evident that time is not on the security team’s side. Sixty-eight percent of respondents believe their organisation would be more successful at defending against cyberattacks if it devoted more resources to preventive cybersecurity. Yet six in 10 respondents (66%) say the cybersecurity team is too busy fighting critical incidents to take a preventive approach to reducing their organisation’s exposure.
Maher Jadallah Senior Director MENA, Tenable
T
enable, the Exposure Management company, highlighted that, of the cyberattacks Saudi Arabian organisations experienced in the last two years, 40% were successful. This forces security teams to focus time and efforts on reactively mitigating cyberattacks, rather than preventing them in the first instance. With 68% of Saudi organisations confident that their cybersecurity practices are capable of successfully reducing the organisation’s risk exposure, there is work to be done. These findings are based on a commissioned survey of 50 Saudi-based cybersecurity and IT leaders conducted in 2023 by Forrester Consulting on behalf of Tenable. Respondents were particularly concerned with the risks associated with cloud infrastructure, given the complexity it introduces in trying to correlate user and system identities, access and entitlement data. Half of organisations (56%) say they use multicloud and/or hybrid cloud environments. However, over half of respondents (62%) cite cloud infrastructure as one of the highest areas of risk exposure in their organisation. In order, the highest perceived risks come from the use of public cloud infrastructure (28%), multi cloud and/or hybrid cloud (20%) and private cloud infrastructure (14%).
12
CXO DX / JANUARY 2024
Cyber professionals cite that a reactive stance is largely due to their organisations' struggle to obtain an accurate picture of their attack surface, including visibility into unknown assets, cloud resources, code weaknesses and user entitlement systems. The complexity of infrastructure — with its reliance on multiple cloud systems, numerous identity and privilege management tools and various web-facing assets — brings with it numerous opportunities for misconfigurations and overlooked assets. Over half of respondents (60%) said a lack of data hygiene prevents them from drawing quality data from user privilege and access management systems, as well as from vulnerability management systems. While the majority of respondents (78%) say they consider user identity and access privileges when they prioritise vulnerabilities for patching/remediation, 62% say their organisation lacks an effective way of integrating such data into their preventive cybersecurity and exposure management practices. A lack of communication at the highest levels complicates and compounds the cyber problem in businesses. While attackers are continuously assessing environments, in most organisations meetings about business-critical systems take place monthly — at best. Seventy-two percent of respondents say they meet monthly with business leaders to discuss which systems are business critical, while 12% hold such meetings only once per year and 2% say they never hold such meetings. “Far too many security teams are being overwhelmed by the sheer volume of cyberattacks they have to react to, rather than focusing efforts on reducing risks. As the attack surface becomes ever more complex, caused by trends like cloud migration and AI, this imbalance will only deepen,” said Maher Jadallah, Senior Director Middle East & North Africa, Tenable. “Firefighting is not just exhausting, but also leaves the organisation open to unacceptable risks. Security teams need to change tactic to focus instead on preventative security that deflects cyberattacks and stops threat actors gaining a toehold into the infrastructure. That will need security leadership to be involved in high-end business decision making rather than consulted after the fact. Only then will steps be taken to reduce risks and strengthen defences.”
» NEWS INSIGHT
1-IN-2 BUSINESSES LOSE EMPLOYEES WHEN DIGITAL TRANSFORMATION PROJECTS FAIL In the Middle East, 54% said their organisation’s investment in DX projects in the last 12 months had been wasted
E
ndava, a global provider of digital transformation, agile development and intelligent automation services, today unveiled the results of its commissioned IDC InfoBrief, Leveraging the Human Advantage for Business Transformation. Exploring how organisations are tackling the evolution to the digital business era, the InfoBrief uncovers the roadblocks, tactics and outcomes of digital transformation (DX) efforts in the last year, as well as strategic drivers and approaches to integrating major technologies shaping the landscape, such as AI and automation. The research, which surveyed business leaders and decision-makers across the globe, including the Middle East, revealed that the overwhelming majority (88%) said that only 50% or less of their DX projects in the past year met the expected goals or outcomes. And in the Middle East specifically, a slight majority (54%) of respondents felt their organisations’ investments in digital transformation projects has been wasted. When businesses miss the mark on DX projects, it isn’t just cost implications they face. While 62% of global respondents reported failure resulting in them being less technically mature than competitors and having a longer time to market, key challenges damaging the employee experiences emerged as consequences too. Many are facing frustrated staff (56%), as well as a rise in staff attrition (50%) and a less stimulating work environment (43%). The causes of lacklustre results from digital transformations reinforce the notion that strategies too often neglect to prioritise a people-first approach in the planning, design and implementation of digital initiatives. For example, 39% of respondents indicated that a lack of employee buy-in was a key reason for failing to meet expected outcomes, implying a need for cultural considerations to encour-
age user engagements. This was followed by conflicting opinions from leadership (36%) and a lack of collaboration internally (33%), demonstrating a struggle to successfully navigate organisational dynamics or engage stakeholders throughout projects. When reflecting on failed DX projects, over half recognised that investments would have been better channelled into people-centric projects such as upskilling staff (55%) and improving IT and line of business communication (50%). Amid the rapid advancement of AI and the generative AI boom over the last few years, the survey also uncovered strong levels of current implementation and adoption plans in the pipeline for Middle East organisations, with over half (56%) of the respondents having already deployed AI in their organisation or running a proof of concept. Many organisations recognised the impact of retaining a human influence on their use of AI, as globally, almost half (49%) declared it as very or extremely important. Similarly, automation strategies were aimed at empowering a stronger employee experience and freeing people to work more strategically. 58% said their automation strategy is highly or very highly focused on removing mundane tasks and 54% agree that employee engagement and satisfaction is integral. It is worth noting however that while Middle East businesses recognise the value that AI and automation yield, the majority (54%) foresee that these technologies will have a high impact on their reskilling needs. Despite obvious challenges, for those who do get DX projects right, there are promising employee and customer outcomes beyond the business benefits. As well as achieving outcomes such as process optimisation (62%), cost reduction (57%) and revenue increases (53%), respondents
Travers David Nicholas Boast
General – MENA, Endava CountryManager General Manager for Qatar, Dell Technologies
also reported improved customer experiences (45%) and an uptick in employee productivity, satisfaction and retention (42%) when initiatives were effectively managed. Offering insight on the Middle East finding of the study, David Boast, General Manager – MENA, Endava said: “At a point when businesses are under immense pressure to maximise the ROI on every dollar spent, the fact that half of Middle East organisations believe their DX investments have been wasted is especially concerning. In addition to sunk costs, there is also the loss of business value that could have been achieved had these projects delivered on their intended outcomes. Moving forward, regional enterprises would be well advised to forgo complex, multi-year projects in favour of an iterative approach to tech innovation that is human-centric, constant, and scalable.”
JANUARY 2024 / CXO DX
13
» COVER STORY
CIO OUTLOOK 2024 CIOs look ahead to prioritizing increased investments in AI, data modernisation, cybersecurity etc as they seek to enhance business value for their organizations
A
s technology steers the world further into the future with its many advances, CIOs will have the onus of steering their respective organizations through the trajectories of technology adoption with a focus on what is necessary to stay ahead of their competition. From GenAI to sustainability, from edge to the cloud, there is bound to be accelerated progress in all trends that have been shaping the recent past. Manish Bindra, Group CIO at Galadari Brothers says, “As IT trends evolve, the key focus remains on enhancing customer interactions, intelligent data synthesis, optimizing computation, and strengthening cybersecurity. Looking forward, increased AI adoption, accelerated cloud migration, heightened cybersecurity focus, edge computing integration, and reliance on remote work technologies will continue to shape 2024.” Summarising key trends for the year, Jacob Mathew, CIO for a government entity in Abu Dhabi says, “The adoption of AI will continue to increase across the board and companies that have not started adopting AI will start to fall behind their competitors. With increasing adoption of data protection laws, recent EU AI regulation etc., and the ever-increasing threats will force boards to increase focus on Cybersecurity. Cloud Migration will continue to accelerate because competitive advantage from AI requires complex tools that are best deployed on the cloud. Further, multicloud adoption to reduce exposure to a single vendor would also be a strong consideration. With ESG becoming more prevalent, CIOs are increasingly being asked to reduce carbon footprint and embrace sustainable practices in all areas, especially in operations and disposal of old assets. Edge computing would continue to grow with the need for low latency and wider adoption of 5G technology.” Sharing his thoughts on key trends, Mario Foster, Group CIO at Al Ghurair Group says that as threats become more sophisticated, enterprises will invest heavily in advanced cybersecurity solu-
14
CXO DX / JANUARY 2024
» COVER STORY tions, including AI-driven threat detection and response systems. He believes that to manage the influx of data from IoT devices, enterprises will increasingly turn to edge computing for faster processing and reduced latency.
enterprises would be to look at transitioning modern cloud infrastructure, enabling data availability for business decisions, enabling an AI adoption strategy, securing enterprise data assets and enabling people transformation with agile skills.
He adds further, “AI and automation technologies will continue to be integrated into various enterprise processes, enhancing efficiency and decision-making. Sustainability will become a significant focus, with enterprises adopting green computing practices and investing in energy-efficient technology. The continuation of hybrid work models will drive the need for robust remote working technologies, focusing on collaboration tools and secure remote access.”
The buzz around GenAI in 2023 starting with the emergence of ChatGPT and followed by other LLMs as well as solutions enhanced with LLM is a trend that will gain significant speed and the impact will be seen across industries as they look to enhance their services to customers.
Damir Jaksic, CIO, KEO International Consultants picks his five key trends that will be significant in shaping the industry. From the pervasiveness of AI to hyper-personalisation in engaging customers and to the heightened focus on sustainability, 2024 will witness the consolidation of several trends from 2023. He says, “Foremost is the emphasis on AI, Risk, and Security Management, advocating for deliberate and forward-looking approaches to ensure lasting impact. Hyper-Personalization comes into focus, urging businesses to harness customer data for tailored experiences while navigating the balance between customization and privacy. In the Architectural, Engineering, and Construction industries, Virtual and Augmented Reality will open up a transformative era in engagement and efficiencies, prompting investments in cutting-edge technologies. Sustainability emerges as a defining factor across the board, compelling businesses to demonstrate social responsibility through their practices. Finally, the rise of Citizen Developer underscores the vital importance of unleashing the creative potential within diverse communities for developing innovative applications and solutions. These trends weave a narrative illustrating the intricate connection between technology and strategic business considerations in the ever-evolving IT landscape. According to Piyush Chowhan, CIO at the Saudi based Panda Retail Company – Savola Group, the top priorities for
Piyush lists out some of the opportunities that he sees coming up in some verticals. He says, “The sudden rise of GenAI has opened up a host of opportunities for enterprises to apply the power of LLM's to various aspects of content creation and validation. The applications include Contact center management, Marketing Automation, Legal Validation etc. Supply chain visibility and Digital health and education will also be highly beneficial from the advancement in LLM's.” According to Bindra while there will be progress, there could be ethical concerns also to deal with. He elaborates, “The continued development of Large Language Models (LLMs) will significantly impact enterprise IT across key verticals. Enhanced natural language processing capabilities will revolutionize customer engagement, streamline data analysis, and improve internal communication. However, ethical considerations and cybersecurity measures must be prioritized to ensure secure and responsible implementation.” Mario believes that LLMs could bring in more efficiencies in customer engagements. He says, “Large Language Models (LLMs) will revolutionize how enterprises interact with data and customers. In sectors like healthcare, finance, and customer service, LLMs will enable more efficient data processing, personalized customer interactions, and the automation of routine tasks, thereby enhancing productivity and customer satisfaction. Damir delves into more details of how
Manish Bindra Group CIO at Galadari Brothers
LLMs could possibly enhance all customer services and engagement with improved chatbots and enhanced content creation processes. “The ongoing development of Large Language Models (LLMs) is poised to bring significant transformations to enterprise IT across key verticals. In customer service, these models could power more intelligent and context-aware chatbots, elevating user interactions. For content creation within the IT sector, LLMs may streamline the generation of technical documentation, code comments, and other written materials. Data analysis stands to benefit as LLMs can extract valuable insights from extensive textual datasets, aiding in decision-making processes, or content creation or assessment.” Jacob provides different scenarios of how LLMs can help the organization improve across different functions. He says, “Customer support will improved with the use of chatbots providing better support 24 x 7. With the use of LLMs, logs can be analysed and responded to in a faster and automated manner, this enhancing cybersecurity. Based on historical data, LLMs can predict future events such as maintenance, market trends etc. Further, repetitive tasks
JANUARY 2024 / CXO DX
15
» COVER STORY adoption and ensure the costs, security and compliance are proactively managed. Ensure that investments done in data are aligned with business objectives by having robust data governance in place which could also open opportunities to monetize data assets. By actively adopting sustainability the CIOs can promote the ESG credentials of the company that provide credits and opportunities to companies in several countries.” Bindra says, that their organizational focus this year is on implementing advanced technologies to build a resilient centralized customer management system and enhancing customer journeys.
Jacob Mathew
CIO for a government entity in Abu Dhabi
can be detected, automated and done 24 x 7 at low costs with the use of LLMs and these can include data entry, report generation, candidate job application screening etc.”
Key priorities
CIOs will need to prioritise the top tasks for the year ahead keeping in view how best adoption of specific technologies including GenAI will enhance or transform the business. The focus should be on adding value to the business while also having an eye on the ROI of technology investments. They should be tactical to deal with everyday operations and also have a sound strategy or vision for the future. Jacob elaborates on what he believes would need to priorities for a CIO in the year ahead. “Digital transformation is an ongoing pursuit, where the CIOs need to continue to improve the bottom line and improve customer experience with the adoption of better tools that drive Innovation and also reduce costs. The CIO would need to ensure that cybersecurity controls are well planned and executed, staff training and awareness sessions are done better etc. Talent Management would be a key focus. There is a need to continue cloud
16
“Establishing synergy across business units is key, albeit challenging. We'll prioritize digital transformation, bolster cybersecurity, optimize IT costs, and leverage data for strategic decision-making to drive our initiatives forward,” he adds. Talent retention seems to be a priority focus across the board as Mario would agree. Data compliance and privacy is also another focus area along with adopting new technologies and negotiating budgetary constraints. Mario says, “Finding and retaining skilled IT professionals in a competitive market will be crucial. With evolving data protection regulations, ensuring compliance while maintaining data privacy will be a key challenge. Continuously adapting to and incorporating new technologies to stay competitive will be a priority. CIOs will have to innovate while managing budgets, particularly in the wake of global economic fluctuations.” According to Damir, the ongoing need for digital transformation will persist, with CIOs working to modernize IT infrastructure, embrace cloud technologies, and facilitate seamless remote work capabilities. He adds further, “Our focus area will continue to be cybersecurity, as the threat landscape continues to evolve, requiring us to enhance our organization's defenses against cyber threats and ensure the security of sensitive data. Data privacy and compliance will be another priority, with the evolving landscape demanding attention to ensure that organizations ad-
CXO DX / JANUARY 2024
Mario Foster
Group CIO at Al Ghurair Group
here to data protection regulations. Lastly, striking a balance between innovation and cost management will remain a challenge, as we seek to invest in emerging technologies while optimizing IT budgets.” CIOs could look at enabling innovation and unlocking new value out of data transformation for the business. With modern data management processes, they could look at extracting data from their business to feed AI/ML engines which in turn could provide insights that could give their business a significant competitive edge. Bindra says, “Certainly, as CIOs we are already looking at varied possibilities. By leveraging advanced analytics, artificial intelligence, and machine learning, CIOs can extract valuable insights from data. This, in turn, can inform strategic decision-making, drive innovation, and create new opportunities for the business. However, it's essential the CIOs align closely with their businesses counterparts for successful implementation of such initiatives.” According to Piyush, CIOs need to lead data-led transformation by collaborating with the business and even external players to aggregate third-party data.
» COVER STORY
Organizations need to ensure that the IT strategy includes data governance and management in it, says Jacob. He says that there is a need to cultivate a data driven culture where data is seen as a strong strategic asset of any organisation. He adds further, “Breakdown department silos and integrate them together with a unified data architecture. Build a team with expertise in data science and analytics to drive innovation and successfully execute data transformation initiatives. Leverage cloud-based technology solutions for unlocking value from data and ensure that there is a strong focus on data security and privacy across the enterprise.”
Cloud adoption and consolidation Damir Jaksic
CIO, KEO International Consultants
“They need to create an open innovation framework that not only includes internal teams as well as the partner ecosystem. CIOs also need to create Data exchange platforms that will create monetization models for creating additional digital revenue streams.” Mario opines that CIOs can drive innovation by fostering a culture of continuous learning and experimentation. Implementing advanced data analytics and AI can unlock new insights from existing data sets, leading to improved decision-making and potentially uncovering new revenue streams. Damir says that CIOs can play a pivotal role in not only overseeing data transformation but also in leveraging it to enable innovation and unlock new value for the business. “By adopting advanced analytics, machine learning, and artificial intelligence, CIOs can harness the power of data to derive meaningful insights. To fully enable innovation, CIOs should foster a data-driven culture within the organization, encouraging cross-functional collaboration and continuous learning,” he adds.
In the past decade and more, the cloud has become central to IT roadmaps, and many organizations have undertaken the journey to multi-cloud adoption. They will be looking to consolidate and review their cloud strategies for the future with a focus on the costs as well. Bindra says, “In my opinion The next phase of cloud adoption will see a shift towards hybrid and edge computing models, allowing organizations to leverage the benefits of both on-premises and cloud infrastructure. Additionally, there will be a continued emphasis on optimizing cloud costs and enhancing data governance for a more efficient and secure cloud ecosystem.” Piyush says that multi-cloud should be the default choice for enterprises to ensure monopolies are not created. He adds that the next phase of cloud adoption will be triggered by the adoption of AI-enabled SaaS solutions which will be fully cloud-native relying on cloud-enabled data platforms and GAN (Generative adversarial networks) based models. Jacob says that companies will increasingly adopt multi-cloud strategies to avoid vendor lock-in and enhance resilience of the organization. He adds, “Companies having sensitive data will adopt Hybrid technology which is a combination of on-premises infra-
Piyush Chowhan
CIO, Panda Retail Company, Savola Group
structure with cloud services. With the wide adoption of cloud, applications are increasingly being developed cloud native using cloud tools. Cloud providers are increasing offering more industry-specific solutions to address the unique needs and compliance requirements of various sectors, such as healthcare, finance, and manufacturing. Sustainability considerations will become more prominent to drive the adoption of cloud technology and help companies with their ESG initiatives.” Mario says that the focus moving ahead is most likely to be on multi-cloud strategies and cloud-native technologies. “Enterprises will look to optimize cloud spending and performance, leading to more sophisticated cloud management and orchestration tools. There will also be a significant push towards full integration of cloud services into traditional IT environments, ensuring seamless operation across various platforms.” 2024 could thus well be a year where organizations will leverage technologies including GenAI, automation, and more cloud services to disrupt their respective industries further through more innovation.
JANUARY 2024 / CXO DX
17
» INTERVIEW
DEMOCRATIZING AI FOR THE ENTERPRISE Sid Bhatia, RVP & GM for Middle East, Turkey & Africa at Dataiku discussed the company’s focus on democratizing everyday AI in the enterprise
When was the company founded? What does the company name signify? The company was founded back in 2013. The founders were very inspired by the Japanese culture. Haiku is an extremely well-structured short poem in Japanese culture. So when they formed the company, they named it Dataiku, which is a combination of Data and Haiku. The logo is a bird and the story behind the logo is that Dataiku as a tech stack, is an orchestration layer, which has a complete bird’s eye view for the resources that are available in terms of the underlying infrastructure. It's a superstructure or a super orchestration layer that can connect to any kind of data, so that you get a bird's eye view of your data. How is the solution deployed and integrated with all the different solutions running in the enterprise? We have this tagline called ‘everyday AI’, and what it means is that we want to make sure that AI is being used on an everyday basis, by everybody in the organization. Think of AI as the internet or mobile phone, which is an integral part of your daily lives. And we want to make sure that we empower everybody in the organization, as the organization. Imagine a large bank, a large airline, a large manufacturing company etc using AI across its various departments and functions. We don't just address a particular community within that organization, which typically would be the data scientist community, but also enable the business side of the story, the sales option, the HR function, the supply chain function, the operations, and so on. Everybody has access to some data, but all of them wouldn’t be data experts or know how to code, because data science is perceived to be a very technical coding-oriented subject. Yet how do you enable them daily to help them to make informed decisions without any learning?
18
CXO DX / JANUARY 2024
That’s what Dataiku does, and we cater to every person in the organization. Some people may want to code and like to work on open source, in Python and other languages. So they can code their way to create datascience models with Dataiku. But it is also for the business analyst community, which is a very large community, who do not have a technical coding background, and they may be working on Excel sheets or frontend BI tools like Tableau QlikView. They're the ones who are crunching data and Dataiku caters to them as well, because, in the data interface, you have what we call the coding recipes for coders and visual recipes, where people can simply drag and drop and create machine learning models. What is unique about Dataiku value proposition as a solution? If you look at the overall Dataiku proposition, it can be seen as an end-to-end data science platform that helps you connect with any kind of data, wrangle any kind of data, check the data quality, get the data in the right format. Once the data is in the right format, you then use the coding recipes of the visual recipes to create models. Once you've created those models, you can of course enhance that model, apply data mining techniques to it, and have the prototype ready. Once the prototype is ready, and you feel that this can be productionized, you can do a one-click deployment on Kubernetes to operationalize the model. It also comes with dashboarding capabilities. It has charts, and graphs and is visually quite appealing. It can integrate with your front-end BI tools as well. If you have QlikView Tableau, you can feed into that and can have dashboards. The great thing about Dataiku is on the ML Ops front, which is where you have models and where you can
» INTERVIEW have 10 models, 100 models or 1000 models and all these models once operationalized need to be monitored constantly to make sure that the models are performing 24 by seven. You can monitor maybe five models manually, but you can't monitor 1000 models at scale. Within the Dataiku interface, we have monitoring as well, where you have the models, and have all the parameters defined, then if there's something that's not performing well, the user gets alerted. It is a very complete solution. If you look at the latest research or various reports, we have been leading in that space for the past 10 years. If a customer invests in Dataiku, they don't need another platform stack. It's an end-to-end data science platform that caters to everybody in the organization for any kind of use case that you want to deliver. How does your user licensing model work? The unique thing about Dataiku, is that just one license gives you everything. The product is called Dataiku Data Science Studio and we received a lot of positive reviews of that from our customer community as well. From a customer's point of view, the last thing that they want is complex licensing policies. Our licensing policy is very straight, very fair, very transparent, and very predictable. We have a user-based licensing model, where you can start small with five users or 10 users. And then you can start scaling. For example, if somebody wants to get into a three or five-year contract, it becomes very easy, because we have just one product to offer. The license schema is based on the number of users. So, in year one, they might have 10 users or 20 users, in year two, 50, and in year three perhaps 80 or 100. The projections for the increase in the number of users become very easy. Is this available to be deployed both on-prem and from the cloud? We have various offerings. A lot of customers in the Middle East have deployed on-prem. We are also part of the marketplace for all three leading cloud vendors. We also have our own managed services offering as well. The deployment options are thus very flexible. There are customers here who have deployed on-prem, some who have deployed from the cloud, and some looking at hybrid set-ups.
Sid Bhatia RVP & GM for META, Dataiku
Which have been key verticals of growth for you in the region? The public sector is a very huge focus and we've seen a lot of great reception from the public sector.We are doing very well when it comes to public sector entities in the UAE or Saudi and are working with the top-notch public sector entities, and a lot of ministries as well. That's one core sector of focus. The other sector that we have done extremely well globally, is the FSI space, the Financial Services insurance space. And again, we've got some of the largest banks in the region across the region among our customers. Manufacturing, Oil, and Gas as well as Energy are some of the other key sectors.
JANUARY 2024 / CXO DX
19
» INTERVIEW
SETTING THE INNOVATION BAR Ryan Li, CEO at Lexar discusses some industry trends as well as the company’s unique strengths
Discuss how Lexar has grown in the region and what is the outlook ahead in the memory industry? Lexar has a long history as a brand and is well-known for SSD and memory cards. We work closely with partners and have seen good growth, especially in this region in the past couple of years. However, there is still a lot of room to grow in the Middle East and Africa markets. The memory industry sees fluctuating prices and that challenges profitability. However, while we have seen a few manufacturers shrink, Lexar has continued to grow. We ensure our customers believe in our products. We assure quality and design excellence. We develop products based on user requirements such as for iPhone 15 users as an example. We focus on maintaining longer-term consistent relationships with partners unlike some of our competitors. We work with partners who share our values and this key to our continued growth. What are the current trends influencing the memory and storage solutions market, and how is Lexar adapting to them? Data storage has become indispensable given the rapid growth in internet users in the region, coupled with the steep rise in the volume of data generated from various digital platforms. This has resulted in a significant demand for more advanced and secure data storage solutions, a trend we expect will continue to grow for the foreseeable future.
Ryan Li CEO, Lexar
20
CXO DX / JANUARY 2024
Data storage for professional photographers, videographers, and content creators from the media and entertainment industry can be rather complex and challenging. Given that both these industries continue to face unprecedented challenges in the digital era, the demand for high-quality content, the proliferation of formats and platforms, the need for scalability and agility, and the threat of cyberattacks are some of the factors that put pressure on the industry’s data management capabilities.
» INTERVIEW Lexar is not just perfectly positioned to capitalize on the growing demand for memory and storage solutions through our wide range of products, we also have been able to anticipate and respond to the evolving needs of our target market.
committed to providing outstanding customer service, with friendly interactions, personalized advice, and expert support. With this dedication to performance, reliability, and support, customers can count on Lexar when it comes to storing the memories that matter.
Moreover, data security is of topmost importance for Lexar – all of our new portfolio of memory solutions features data security technology called ‘Lexar DataShield’, which is an advanced software that keeps files safe with 256-bit AES encryption.
Moreover, innovation and customer-centricity are at the core of everything we do at Lexar, as is evident from the superior performance of our products and the trust shown in us by our ever-growing customer base.
Are there emerging technologies or market shifts that can disrupt storage industry further? The increasing penetration of technologies such as artificial intelligence and Internet of Things, the proliferation of smart phones and laptops and the steady decline in the prices of consumer storage devices, such as HDD and SSD, are some of the factors driving the Middle East and Africa data storage market. Further, the digitization of information in residential and commercial places, along with surging usage of mobile computing devices such as laptops, smartphones and tablets are significantly contributing to the rising demand for next-generation memory solutions that can securely store huge amounts of data, and load, reload and identify relevant data in real time.
Elaborate on your further vision for consumer storage and how have you adapted to new trends? Lexar is geared towards providing the best innovative technologies and solutions to help our consumers across markets access, protect, and store their most valuable digital data.
One of the most transformative trends we're witnessing today is the proliferation of the Internet of Things. From smart thermostats that learn our preferences to wearable devices that monitor our health, IoT is connecting the previously unconnected. Semiconductors, with their ability to process and transmit data efficiently, are at the heart of this revolution. Additionally, the emergence of artificial intelligence (AI) and machine learning (ML) technologies is providing new opportunities for market development. These technologies aid memory chips in processing large amounts of data in less time. Moreover, the increasing demand for faster and advanced memory chips in industrial applications will drive market growth over the forecast timeline. The global semiconductor market size was USD 573.44 billion in 2022 and is projected to reach USD 1,380.79 billion in 2029, exhibiting a CAGR of 12.2% during the forecast period. Elaborate the focus on being a pioneer in setting new benchmarks when it comes to storage performance and features? A multitude of factors give Lexar a definite competitive edge in today’s marketplace. To begin with, our focus on Research & Development. Over the years Lexar has invested millions of dollars in its world-class R&D facilities with the overarching goal of bringing to market memory and storage solutions that are technologically superior and address the evolving needs of today’s consumers. Our product designs undergo extensive testing in the Lexar Quality Labs, facilities with more than 1,100 digital devices, to ensure performance, quality, compatibility, and reliability. And we are
We are very much in tune with new trends and emerging technologies, and we remain agile to respond to market requirements and launch relevant products. Let’s take the example of Artificial Intelligence, which is transforming the way we live and work. But as AI becomes more sophisticated and data-intensive, traditional hard drives are struggling to keep up as they can't handle the large amounts of data that AI applications generate and can't provide the fast access times that AI algorithms require. That is where Solid State Drives (SSD) come in. They offer a number of advantages that make them a critical component of the AI revolution. Lexar is well-positioned to embrace the AI innovation wave with our range of SSD storage solutions that are ideal for AI-powered applications, where speed and reliability are critical. How do you see the Middle East as a focus market for you? The Middle East & Africa market is extremely crucial to Lexar’s ambitious growth targets. According to a recent report published by Future Market Insights, the Middle East and Africa data storage market is forecast to surpass a valuation of USD 8.43 Bn by 2025, and at Lexar, we believe it is the right time for us to extend our legacy of delivering superior performance in the vibrant MEA market with our range of products for all segments including gamers, videographers and content creators. Additionally, we are firming up our distribution channel with key distribution partnership agreements across the region, with a focus on improving customer service at all touch points. We have appointed the region’s best distributors to ensure that our products are easily and readily available at all major retail outlets and online shopping platforms such as Amazon UAE and Amazon KSA. To complement our regional strategy, we’ve also made key management hires in recent months and opened offices in some of our major markets. Moreover, there’s been a renewed emphasis on stepping up our marketing and branding efforts in our key markets, the positive results of which we are already seeing. JANUARY 2024 / CXO DX
21
» INTERVIEW
ENABLING ENTERPRISE APPLICATION SECURITY Alvaro Warden, Worldwide Director, Channels & Partnerships at Invicti spoke to CXO DX about the company’s focus in the region to enable enterprise-grade application security testing
Elaborate about your application security testing solutions for the enterprise segment? Invicti is an enterprise-grade application security testing platform that continuously discovers and tests all of an organization’s web applications and APIs and automates remediation workflows to help organizations mitigate risk. The platform combines advanced testing technologies – DAST, IAST, and SCA – with broad support for industry-standard authentication methods, short scan times, unparalleled accuracy through our proprietary proof-based scanning functionality, and integrations into DevSecOps workflows so that vulnerabilities can be remediated quickly and efficiently. Invicti offers three packages to support enterprise use cases: 1) Standard: An on-premise desktop web vulnerability scanner 2) Enterprise: Available on-premise and in the cloud, web vulnerability scanner plus over 50 integrations to automate your CI/CD and SDLC 3) 360: Available on-premise and in the cloud and includes all of the capabilities above plus IAST and SCA Do the SME segment businesses have enough awareness of the need to invest in application security testing solutions? Invicti’s core capability, DAST (dynamic application security testing) is a well-established segment of security, and of application security specifically. Many organizations, especially those with compliance mandates, such as PCI-DSS–are well aware of the need for DAST. Invicti-sponsored research indicates that DAST will be 19% adopted in SMB, 29% adopted in mid-mar-
22
CXO DX / JANUARY 2024
ket, and 57% adopted in enterprise in 2024, suggesting a strong continuing market opportunity. Looking at Invicti’s customer base, there is a large number of SME customers. The three most popular features for that segment are: Proof-Based Scanning Many application security testing solutions are prone to false positives, which makes security testing slower, less accurate, and much more frustrating. However, vulnerabilities that can be exploited are not false positives. Our proprietary proof-based scanning automatically confirms 94% of direct-impact vulnerabilities with a confirmation accuracy of 99.98% which means there is a false positive rate of less than 0.02%. Invicti provides safely extracted payloads in the scan results as proof that the finding can be exploited. This approach reduces the burden for security professionals that are overwhelmed with manual re-tests and serves to prioritize remediations for developers so they can get back to focusing on innovation. Continuous Web Asset Discovery Organizations can’t secure what they don’t know they have, and many drastically underestimate the number of websites, web services, APIs, and web applications they own. In a matter of seconds, Invicti’s automated asset discovery engine detects all of the publicly-facing web assets associated with an organization by leveraging a highly optimized database of global web assets to run its discovery queries.
» INTERVIEW The discovery process can be customized using the organization’s domain as an initial input, enabling the user to exclude specific results or manually add domains for analysis. Invicti keeps track of the discovery status, automatically notifying the user when new publicly-facing web assets are detected – no user interaction required. Technologies Dashboard Invicti finds and lists all of the technologies used in and across your web applications so that you have a complete inventory of your applications’ technology stack. It provides an in-depth report, through the Technologies Dashboard, that indicates all of the applications in which out-of-date technologies or vulnerable components are in use, and automatically notifies the responsible users so that issues can be remediated. With visibility into where vulnerable components or outdated technologies are used in multiple applications, you are better able to prioritize and reduce time to remediation. With the rise in awareness around supply chain risk, the Technologies Dashboard is an invaluable tool in assisting in creating a comprehensive Software Bill of Materials (SBOM). Describe the advantages of combining the DAST + IAST scanning approach Invicti offers unique DAST-induced Interactive Application Security Testing for PHP, Java, .NET, and Node.js. Unlike passive IAST solutions that rely on functional testing or user interaction to crawl an application, our DAST+IAST approach offers unparalleled test coverage so that users can identify and fix more of the highest-impact vulnerabilities. This approach uniquely offers deeper insights into runtime issues while identifying and testing local assets that traditional crawlers can’t see. With an IAST sensor deployed locally in the runtime environment, the DAST scanner is given access to the full website structure – including unlinked and hidden files, as well as server-side configuration files – so it can completely map, crawl, and test all pages. This reduces time to remediation because IAST is able to pinpoint the exploitable vulnerabilities down to the line of code. The IAST sensor (agent) continuously provides additional information about vulnerabilities and the application environment. Our IAST solution also enhances our proprietary proof-based scanning functionality as it monitors the scanning process and supplies extra information to deliver proof for even more vulnerabilities. This results in even fewer false positives and allows users to confidently automate more issues without the need for manual verification. In fact, our industry-leading proof-based scanning automatically confirms 94% of direct-impact vulnerabilities with a confirmation accuracy of 99.98%. Scan results that include findings from IAST scanning are clearly marked within the vulnerability reports that can be accessed through the Invicti UI. These findings can be found in automatic trouble tickets providing developers with the issue location, details about the impact of the vulnerability, remediation guidance, and the safely extracted payloads to provide proof that the finding can be exploited. Elaborate your focus on the Middle East market? The Middle East and Africa (MEA) region is experiencing a significant digital transformation across various industries, includ-
Alvaro Warden Worldwide Director, Channels & Partnerships, Invicti
ing finance, healthcare, energy and government. Each of these sectors has unique application security requirements, making it critical that best of breed and specialized solutions are implemented. As organizations adopt more digital technologies, the need for robust application security solutions becomes critical to protect sensitive data and ensure business continuity. From a regulatory compliance perspective, many countries in the MEA region are implementing or enhancing data protection and privacy regulations where compliance requires robust application security measures. MEA is a strategic growth region for Invicti Security, and we have a strong network of channel partners who are able to further enhance the customer experience and foster trust within the market via local language support and differentiated services delivery, allowing us to more effectively serve these markets, reach new customers, and expand our mutual footprint in the most rapid manner possible. We will continue to invest heavily in further developing our presence in MEA. Discuss the highlights of your showcase and participation at Black Hat? Our expectation is that the market exposure Black Hat provides, along with networking opportunities with industry peers, our partners and potential customers, will enhance our visibility within the market and connect us with those companies actively seeking our software solution. We very much value the in-person collaboration with our local channel partners and systems integrators, as they continue to help accelerate the distribution and adoption of Invicti’s best of breed DAST solution within the market. JANUARY 2024 / CXO DX
23
» INTERVIEW
SETTING BENCHMARKS IN MOBILE APPLICATION SECURITY Harshit Agarwal, Co-Founder & CEO at Appknox discusses the company’s range of mobile application testing solutions and it’s focus on the MEA region Dynamic Application Security Testing (DAST) – A deeper dive into the app’s transport layer that checks for loopholes in communication between the application and the server. Application Program Interface Testing (APIT) – Complete server-side testing for all mobile app components. Under Penetration testing, we offer indepth testing that detects security issues without aiming to damage the infrastructure. Penetration Testing simulates a real-life attack, more like a real hacker approach to uncover security loopholes, and is a goal-based approach.
Harshit Agarwal Co-Founder & CEO, Appknox Can you elaborate on the spectrum of application testing services that your organization offers? At Appknox, we provide vulnerability assessment, penetration testing, store monitoring/drift detection as well as visibility into Software Bill of Materials. Through vulnerability assessment, we help define, identify, classify, and prioritize vulnerabilities in applications. Vulnerability assessment involves an indepth evaluation of a security posture and recommends appropriate remediation to remove security risks. It is a list-oriented approach that has the following testing methods that we use. Static Application Security Testing (SAST) – A fully automated security test that checks for basic configuration issues in code and the application.
24
Store Monitoring / Drift Detection helps in the complete identification of the latest version of the mobile app from the app store along with real-time notification for unscanned versions on the app store. Finally, we also help gain visibility into all the components with binary-based SBOM to discover all components used in mobile apps and uncover attack surfaces for open-source and third-party components. How important is it to ensure testing so that the mobile applications run smoothly in different environments? How has Appknox helped enhance testing? Ensuring thorough testing for mobile applications across diverse environments is crucial. The seamless functionality of an app depends on its ability to perform reliably across various devices and operating systems. Rigorous testing not only guarantees optimal user experience but also identifies and rectifies potential issues before deployment. Today, users access applications on different devices and platforms making meticulous testing non-negotiable for sustained success and user satisfaction.
CXO DX / JANUARY 2024
To aid this, Appknox has recently introduced automated DAST that is triggered without human interaction and triggers all functionalities across the application which makes the vulnerability assessment process comprehensive without leaving out untested functionality because of human error or miss. It also discovers and analyzes emerging security threats and vulnerabilities by automating security scans on real devices with realistic attack scenarios for accurate identification as opposed to simulators. What is the opportunity that you see for your solution in the Middle East? The Middle East sees a rising trend in app usage across sectors, creating an opportunity for solutions like Appknox to enhance security against evolving cyber threats. The ongoing digital transformation initiatives in the Middle East increase the demand for secure mobile applications, positioning Appknox as a key player. With a growing awareness of cybersecurity threats, businesses in the Middle East seek solutions like Appknox for advanced security testing to protect their digital assets. Finally, strengthening data protection regulations in the Middle East creates an opportunity for Appknox to assist mobile app developers and businesses in ensuring compliance through security testing. Discuss your partnership with Bulwark. With Bulwark, Appknox found a partner who has the same mindset of making the Digital world more secure and sound for its users. Together we aim to provide cutting-edge security solutions tailored to the unique challenges of the GCC market. We are committed to empowering businesses with robust mobile security measures, ensuring a safer digital landscape for organizations across the region.
» INTERVIEW
MAKING STRONG GAINS Jose Menacherry, Managing Director, Bulwark Technologies discusses the focus on Saudi Arabia and highlights of the company’s participation at Black Hat last month Discuss the focus on Saudi Arabia market for Bulwark? Saudi Arabia is a focused region for us and we have a local office “Bulwark Saudi for Information Technology’ based in Riyadh Saudi Arabia since October 2021. We continue to expand our team and resources for that region and will be doubling our staff strength to support our channel partners to provide end to end cybersecurity solutions to the end customers. What were the highlights of your showcase at Black Hat? We announced some major partnerships and demonstrated their ‘Best in Class’ products and solutions. These included Enterprise Email Security & Archival, Mobile App Security, Data Classification, Data Security, Data Loss Prevention, Web Vulnerability Assessment, Penetration Testing, Integrated Vulnerability Management, Encrypted Flash / Disk drives, Workspace Virtualization, Secure Remote Access, Digital Rights Management, Zero Trust Content Management, PKI based password less authentication, Centralized Alerts & Notifications Management Platform solutions amongst others. . What are some of the significant new solutions you are bringing to market from your different vendors? Bulwark has announced some major partnerships with several vendors and solution providers recently. These include Appknox for Mobile App Security, Votiro for Zero Trust Content Security, Holm Security for Next-Gen Vulnerability Management, Continuity Software for Enterprise Storage & Backup Systems and Resecurity for Cyber Threat Intelligence / Digital Risk Monitoring. In the highly competitive IT Security Distribution market and keeping well-paced with ever changing Security landscape in the region, we have been successful in
the introduction of niche Security Technologies and new partnerships to address the customer pain areas and to provide a complete end to end solution to their ever-growing and changing Security requirements. How are you enabling your partners to tackle the evolving requirements against a fast-transforming cybersecurity landscape? Value Addition has been at the very core of our operations, making the company a pioneer in the domain of Cyber Security Value Added Distribution and has helped it and its channel to grow at an accelerated rate. We are committed to consistently and successfully adding great value to all our vendors across the region. We have excelled in providing and delivering value-added services to partners, that include solutions pre-sales consulting, training, channel enablement programs, post-sales implementation and technical support, and adding value at every stage of product life cycle. Channel development and growth into focused territories across GCC regions & India has been our constant endeavor. As part of this strategy, we execute comprehensive, action-oriented and established channel programs which benefits our partners through deal registrations, better rebates, joint marketing activities, technical and sales enablement and promotes greater synergy among our vendors and partners and added value to end customers. Discuss any recent vendors that you have tied up or are in the process of signing up? We have recently announced some major partnerships with vendors like Appknox, Votiro, Holm Security, Resecurity & Continuity Software and are in the process of signing up with few other new vendors. Discuss the growth outlook for yours
Jose Thomas Menacherry Managing Director, Bulwark
business across the region and expansion plans? Bulwark has achieved good growth in revenues in the current fiscal year and plans to follow the same strategy in the upcoming year. Our constant emphasis and focus would be to provide high end corporate security solutions through major system integrators in the region. It was a year of adding major Security vendors & building a stronger Cyber Security product and solutions portfolio. We have introduced niche leading global security products and solutions in the region to meet the cyber security requirements of the customers. We are a channel-driven organization with constant focus on enhancing our sales, marketing and technical competencies to enable the channel community to meet its desired goals and objectives.
JANUARY 2024 / CXO DX
25
» COLUMN
BUSINESS TRANSFORMATION AS THE KEY AGENDA IN 2024 Piyush Chowhan, Chief Information Officer, Panda Retail Company Savola Group discusses how the CIO's domain has expanded beyond traditional IT functions and they are pivotal in aligning technology initiatives with overall business strategy As we step into 2024, the global landscape continues its rapid evolution, marked by unprecedented challenges and opportunities. In this dynamic environment, one resounding theme emerges: Business Transformation takes center stage as the paramount agenda for organizations worldwide. The accelerating pace of change, fuelled by technological advancements and evolving consumer expectations, propels businesses to adapt and innovate continually. The COVID-19 pandemic acted as a catalyst, accelerating digitalization and reshaping traditional business paradigms. However, 2024 marks a pivotal moment where adaptation transcends mere survival; it becomes the cornerstone for success and relevance. The advancements in new Technologies like GenAI pose a lot of threats to traditional business models which therefore require major changes (if not revamp) to be relevant in the future.
option; it's a necessity. While more change is coming, the workforce has hit a wall: A Gartner survey revealed that employees’ willingness to support enterprise change collapsed to just 43% in 2022, compared to 74% in 2016.
ness units, fostering cohesive alignment towards transformational goals. Effective communication and collaboration with stakeholders ensure that technology investments align with diverse departmental needs and strategic objectives.
CIOs must lead the business transformation In 2024, the role of the Chief Information Officer (CIO) in leading business transformation has never been more crucial. The evolving landscape demands a strategic, tech-savvy leader who can drive innovation and navigate complex digital transitions.
However, the success of business transformation doesn't solely rest on the CIO's shoulders. It requires a collective effort from C-suite executives, each contributing their expertise to navigate organizational shifts successfully.
Embracing Business Transformation entails more than digital integration. It embodies a holistic reimagining of operational strategies, organizational structures, and customer engagements. The focus extends beyond technology adoption to encompass cultural shifts, innovation frameworks, and sustainable practices.
The CIO's domain has expanded beyond traditional IT functions. They are pivotal in aligning technology initiatives with overall business strategy, leveraging digital solutions to enhance operational efficiency, customer experiences, and competitive advantage. Given the accelerating pace of technological advancements, the CIO's expertise in emerging technologies like AI, IoT, cloud computing, and data analytics positions them as catalysts for change. Their role extends to fostering a culture of innovation, promoting agile methodologies, and ensuring that the organization adapts swiftly to market changes.
However, navigating this transformative landscape is not without challenges. Businesses grapple with talent acquisition, cybersecurity threats, ethical considerations in AI, and the balancing act between innovation and risk mitigation. As we navigate the complexities of this transformative era, 2024 heralds a decisive chapter where Business Transformation isn't merely an
Moreover, as businesses increasingly rely on data-driven insights, the CIO's oversight of data governance, cybersecurity, and analytics becomes paramount. They not only safeguard valuable data assets but also extract actionable insights to drive informed decision-making. Collaboration is another key aspect where CIOs excel. They bridge the gap between IT and other busi-
26
CXO DX / JANUARY 2024
While the CIO plays a pivotal role in leading business transformation, it's a collaborative effort across the entire leadership team. Their strategic vision, technological prowess, and ability to drive innovation make them instrumental in steering organizations toward successful transformation in the dynamic landscape of 2024. Business transformation, while essential for adaptation and growth, can encounter several pitfalls: 1. Resistance to Change: Employees or stakeholders might resist transformation due to fear of the unknown, leading to lower adoption rates or implementation hurdles. 2. Lack of Clear Strategy: Initiating transformation without a well-defined strategy can result in directionless efforts, causing confusion and inefficiency within the organization. 3. Inadequate Leadership Support: Without strong leadership buy-in or support, transformation efforts may lack direction, resources, and the necessary impetus to succeed. 4. Technological Challenges: Over-reliance on technology without aligning it
» COLUMN with business needs can lead to complexity, integration issues, or poor technology fit for specific processes. 5. Poor Communication: Ineffective communication about transformation goals, progress, or changes can create uncertainty among employees, impacting morale and commitment. 6. Insufficient Talent or Skills: Lack of skilled resources capable of driving and implementing transformative initiatives can hinder progress. 7. Culture Clash: Misalignment between the existing organizational culture and the intended transformative culture can impede change efforts. 8. Overlooking Customer Impact: Neglecting to consider the impact of transformation on customers' experiences or expectations can result in dissatisfaction or loss of loyalty. 9. Financial Constraints: Inadequate budget allocation or financial constraints might limit the execution of transformational plans or compromise on necessary resources. 10. Short-term Focus: Focusing solely on short-term gains without considering longterm sustainability can lead to incomplete transformations or inability to adapt to future changes. Addressing these pitfalls demands a holistic approach, involving strategic planning, effective communication, strong leadership, cultural alignment, and a gradual, phased implementation to ensure successful and sustainable business transformation. The most common mistake when it comes to business transformation today is trying to build higher speed than the organization can adapt. A 2022 Gartner survey found that 75% of organizations are adopting a top-down approach to change, which requires strong executive drive and buyin . Their goal is for workers to buy into the new path and for managers to lead the charge as champions and role models for their teams. Creating a sustainable business transformation Sustainable transformation goes beyond immediate changes; it involves reshaping strategies, operations, and cultures to align with enduring environmental, social, and governance (ESG) principles. Enterprises are increasingly recognizing that sustainability isn't merely a trend but a fundamental driver of resilience, growth, and competitiveness.
Amid pressing global challenges like climate change and societal expectations for responsible corporate behavior, businesses that integrate sustainability into their transformational agendas gain a strategic edge. They leverage sustainable practices to mitigate risks, enhance brand reputation, and attract investors, customers, and talent seeking ethical and environmentally conscious partners. This shift encompasses various facets – from adopting eco-friendly technologies and circular economy practices to prioritizing diversity, equity, and inclusion (DEI) initiatives. Organizations embed sustainability metrics into their performance evaluations, demonstrating commitment towards holistic progress beyond financial gains. Advancements in technology infrastructure play a pivotal role in enabling and accelerating business transformation: 1. Cloud Computing: Cloud infrastructure facilitates scalability, flexibility, and cost-efficiency. It empowers businesses to access resources on-demand, enabling faster innovation, enhanced collaboration, and seamless scalability. 2. Edge Computing: Edge infrastructure allows data processing closer to the source, enabling real-time analytics, reducing latency, and supporting applications like IoT, AI, and autonomous systems. 3. AI and Machine Learning Infrastructure: Advanced AI infrastructure, including specialized hardware like GPUs and TPUs, accelerates AI model training and inference, unlocking new capabilities in predictive analytics, automation, and decision-making. 4. Blockchain Technology: Blockchain infrastructure provides secure, transparent, and decentralized networks, offering potential in supply chain management, smart contracts, and secure transactions. 5. 5G Networks: High-speed, low-latency 5G networks enable faster data transfer, supporting IoT devices, remote work, and enhanced connectivity, revolutionizing industries like healthcare, manufacturing, and transportation. 6. Cybersecurity Infrastructure: Advanced cybersecurity infrastructure, including AI-driven threat detection, encryption technologies, and zero-trust architectures, safeguards against evolving cyber threats, protecting digital assets and ensuring compliance. 7. DevOps and CI/CD Pipelines: DevOps
Piyush Chowhan Chief Information Officer, Panda Retail Company – Savola Group
practices and continuous integration/continuous deployment (CI/CD) pipelines streamline software development, ensuring faster releases, higher quality, and better collaboration among development, operations, and QA teams. 8. Containerization and Kubernetes: Container-based infrastructure and orchestration tools like Kubernetes enhance portability, scalability, and efficiency in deploying and managing applications across different environments. 9. APIs and Microservices Architecture: APIs and microservices-based infrastructure enable modular, scalable, and agile development, fostering innovation, interoperability, and the creation of new services. These technological advancements form the backbone of modern business transformation, empowering organizations to innovate, adapt, and compete in today's rapidly evolving digital landscape. They provide the foundation upon which enterprises build resilient, agile, and future-ready infrastructures for sustained growth and success.
JANUARY 2024 / CXO DX
27
» COLUMN
BUSINESS RISK OBSERVABILITY Joe Byrne, CTO Advisor, Cisco Observability discusses the value of business risk observability in managing modern applications
As the modern workforce has become distributed across offices and remote locations, so have the applications employees depend on to carry out their work. These distributed applications have drastically changed the security paradigm, drawing out the attack surface area of the digital enterprise. Attackers have been quick to exploit this trend, with research by Red Hat revealing that the majority (93%) of businesses experienced at least one security incident in their Kubernetes environments in the past 12 months.
come at the expense of robust application security during software development.
In the Middle East, governments such as those in the UAE and Saudi Arabia have clearly laid out cloud-first strategies, and subsequently, cloud-native application development is gaining momentum. While this enables organizations to innovate at greater speed and scale, it is also exponentially raising complexity for application and security teams. In a recent Cisco study, 92% of global technologists admitted that the rush to rapidly innovate and respond to the changing needs of customers has
Application security is essential to the business
28
CXO DX / JANUARY 2024
The UAE’s Head of Cyber Security Mohammed Hamad Al Kuwaiti recently said that the UAE Cyber Security Council cooperates with its partners in deterring over 50,000 cyber-attacks per day. Facing such numbers, it is easy to see how organizations are getting overwhelmed and why a solution must be found.
The Red Hat study showed that almost a third (31%) of organizations that faced a security incident consequently experienced financial or customer losses. IT teams need to act quickly and decisively in order to protect their customer data and the reputation of their organizations. And this means ensuring they have the tools, insights and working practices to bring together applica-
» COLUMN tions and security teams to securely develop and deploy modern applications. Crucially, businesses need to apply business context to their security findings so that teams can rapidly locate, assess and prioritize risk, and then remediate issues based on potential business impact. Applications are now the enabler of business — be it the digital services customers use to interact with organizations, or the enterprise applications employees rely on daily. As a result, brand trust and loyalty is now built upon application availability, security, and performance. However, with the shift to cloud-native technologies, vulnerabilities can occur anytime and anywhere. This makes it incredibly difficult and time-consuming for application teams and security teams to assess risks and prioritize actions. What they need is clear visibility of each new security risk with real-time vulnerability analytics. But with so many new and constantly changing threats within Kubernetes environments, traditional vulnerability scanning solutions simply don’t provide adequate information.
Business risk observability is now a business imperative
To be as effective as possible, security teams need to be able to evaluate the business risks of potential attacks, align teams and triage threats. To do this, they need to rapidly pinpoint where vulnerabilities exist across application entities — business transactions, services, workload, pods and containers — so that they can quickly isolate them. They then need to assess the severity of these risks, the likelihood that they will be exploited and the risk to the business of each issue. With ever-increasing numbers of threats, prioritization is key, and this type of business risk observability is essential for technologists to understand and prioritize risks. By combining application performance data and business impact context with vulnerability detection and security intelligence, IT teams can prioritize security issues with a business risk score. This will allow them to easily identify which business transactions present the greatest risk to their organization. For instance, they can assess the risk to sensitive customer data resulting from a particular business transaction, or calculate the potential for loss of revenue. This approach reframes the cybersecurity threat in a more meaningful context. Instead of firefighting from one issue to the next, as they occur, security teams can act more strategically, based on real-time business transaction data. By prioritizing security issues with business context, they can improve key metrics such as mean time to detect (MTTD) and mean time to remediation (MTTR). It is encouraging to see that technologists are recognizing the need for change — 93% state that it’s now important to be able to contextualize security so that they can correlate risk in relation to other key areas such as the application, user and business, and to prioritize vulnerability fixes based on potential impact. Perhaps most importantly, business risk observability helps application and security teams come together around a single source of truth for all application availability, performance and security
Joe Byrne CTO Advisor, Cisco Observability
data. In the era of zero-day threats, where vulnerabilities can remain unknown for long periods of time, such a framework enables all teams to work cross-functionally on secure deployments of modern applications. Business risk observability provides a platform for IT departments to shift to an integrated DevSecOps approach. Teams are able to collaborate far more effectively and embed security into the application lifecycle from the outset, with development teams adhering to the organization’s most critical security priorities.
The benefits of business risk observability
Gartner predicts that 95% of new digital workloads will be deployed on cloud native platforms by 2025. Attackers will undoubtedly be taking note of this, and we can expect that Kubernetes within modern application environments will become an increasingly attractive target. For IT leaders, this represents a significant new threat that they simply haven’t had to consider before. Application security will need to become a major priority for IT departments in all sectors. There is no abating the flood of applications in the modern enterprise. They have become an essential part of how businesses operate, and in many cases, offer the decisive competitive edge. Recognizing this, organizations must strive to protect their most valuable assets. Business risk observability provides them with an effective means to do so, ensuring applications effectively serve their end purpose of boosting customer loyalty and driving revenues. JANUARY 2024 / CXO DX
29
» COLUMN
DE-RISKING BUSINESSES WITH CYBERSECURITY Hadi Jaafarawi, Managing Director - Middle East, Qualys shares his 5 predictions for 2024 that UAE’s security leaders looking to de-risk their businesses could consider
N
othing stays the same. As we roll from 2023 to 2024, the cyberthreat landscape continues to evolve. Attacks are more frequent. According to the UAE government’s Head of Cybersecurity, Dr. Mohammed Hamad Al Kuwaiti, the nation fends off 50,000 attacks a day. These are deterred attacks. Attacks that fail. And there are more than 18 million of them in a year. About two for every member of the population. What about the ones that succeed? IBM Security tells us the average cost of a breach for the UAE and Saudi Arabia sits at around US$8 million. While that is a shared average, we can easily see the scale of the problem for UAE security stakeholders. And yet, there is hope. In the year ahead, I predict five changes in approach that will deliver us into a safer age — despite the growing attack surface, increasing sophistication in infiltration methods, and talent gaps.
30
CXO DX / JANUARY 2024
» COLUMN
1. From consolidation to simplification
Global averages for the number of security tools installed by organizations reach as high as 90. Thus far, consolidation has been the go-to strategy for CISOs, including those based in the UAE. But in 2024, security leaders will go one step further and look to simplify security processes. Ultimately, the tools that best help organizations de-risk their business by effectively measuring, communicating and eliminating cyber risk will be the ones that win out. We will see automation help SOCs to find the genuine risks and ignore the false alarms by taking a risk-based approach to security alerts and allowing AI to triage threats. Remediation will become more automated, allowing cyber talent to be put to its best use.
2. AI’s big break
While AI’s hype has caused suspicion among tech pros, the potential of this basket of tools cannot be ignored. In 2024, we can expect enough pilots to create enough measurably positive results to build momentum in adoption. The security team will see other business units adopt AI and create more data and more vulnerabilities than ever before. And analysts will reflect on the AI capabilities of threat actors that must be countered. Security leaders will deduce that more attack surface and more sophisticated attack methods could mean trouble if they do not enlist help from AI. In addition, the CISO and the SOC must educate themselves on all things AI, so they can advise other business units on how to adopt it safely. This advice will shape compliance and risk management across the region. CISOs and GRC officers cannot hope to stop the adoption of AI any more than they could stop cloud migration or any other digital transformation initiative. Instead, they must exert what influence they can to avoid the worst mistakes.
3. Less skills, more AI
AI has a role to play in plugging skills gaps. Virtual agents can help junior cybersecurity analysts to be more effective from day one. And automation can take lengthy, tedious, or repetitive tasks off the plates of employees who could be used more effectively elsewhere. In this way, AI augments rather than supplants professionals, which is timely, given the incidence of burnout and attrition we see across the industry. In one study, 69% of cyber talent in the UAE said they dealt with up to 50 incidents daily and almost half (42%) agreed the word “inundated” was appropriate to describe their workload. In 2024, security leaders will need to take a fresh look at their teams’ health and wellbeing if they are going to maintain an effective cybersecurity function. AI can help with some aspects of this problem by taking some of the load off, but the rest will be down to human interaction, empathy, and building an inclusive, caring culture.
4. Softer skills
Tech cannot do it all. It can do little to counter malicious insiders who compromise the organization from within. And let us not forget that any credentials theft, whether through phishing or insider duplicity, can leave a threat actor unchallenged as they burrow their way into the IT suite. In 2024, organizations will spend more time on training employees at all levels in their responsibilities. Developers will be urged to manage identities more securely in their code to make credentials more difficult to steal. And end-us-
Hadi Jaafarawi Managing Director – ME, Qualys
ers will be taught to understand vectors like business email compromise (BEC), social engineering, and phishing. None of this will happen in isolation. Security will work more closely with other business functions to come up with ways to make training more memorable and impactful. Content will be infused with humor or memes concocted by professionals outside the security and IT teams to truly help those lessons stick.
5. Security takes ownership of data
Since data sits at the heart of so many core business applications, 2024 will be the year that security finally, and uniformly, addresses the need for organization-wide compliance. We will see security being involved in every instance of data access. This security presence will extend to everyday operations. Even the machinery of OT will not be exempt. Security teams will end up conducting performance diagnostics because such screenings require data, and data is going to be the domain of security. While this may appear to be the end of autonomy for business units, we have long seen technology professionals from inside and outside the security function talk about information silos and their potential to stymie effective operations. By placing data in the hands of a single function, we won’t slow down operations, instead it’ll allow the security team to offer consistent protection while adding business value.
The Year of Safety
As we make resolutions for 2024, what will you prioritize and fix? I hope this list has helped provide some ideas and that the coming year will be more secure for you than ever before. JANUARY 2024 / CXO DX
31
» COLUMN
ARE WE WINNING THE FIGHT AGAINST
RANSOMWARE?
Edwin Weijdema, Field CTO EMEA and Lead Cybersecurity Technologist at Veeam says that when it comes to ransomware, there can be reluctance to admit to having suffered a data breach and some insurance policies outright prevent companies from doing so
Ransomware first rose to dominance as cybercriminals’ main weapon of choice way back in 2020. Since then, it has been top of the global security agenda, plaguing businesses, public services and individuals alike. Organisations have had to quickly pivot their cybersecurity, data protection and disaster recovery strategies to adjust to this new pandemic. But is it making a difference? Ransomware and cyber resilience remains the number one priority for most security teams three years on, and the endless headlines of high-profile ransomware victims keep on coming. Is the end in sight? What’s changed since 2020, and what still needs to happen to close the ransomware loop for good?
However, the Veeam Data Protection Trends Report 2023 and Ransomware Trends Report 2023, both large-scale surveys of unbiased organisations across EMEA, the Americas and APJ, paint a different picture. The former found that 85% of organisations suffered at least one cyber-attack over the last year (an 9 % increase from the previous year) and the ransomware report, which exclusively surveyed businesses that had suffered an attack, found that a shocking 80% of companies had paid a ransom to recover data. Other industry surveys typically show similar findings, so why is there a disconnect between total global numbers and what the majority of individual companies are saying?
Mixed signals? Answering that first big question is not simple. For example, data suggests that in 2022 the global number of ransomware attacks dropped significantly (having doubled in 2021) and analysis from blockchain company Chainalysis reports that the total value of ransomware payments paid in 2022 also dropped significantly both positive signs that globally ransomware is slowing down.
While targeted surveys can give us a valuable temperature check of a certain region or industry, total global numbers are tricky. Naturally, sheer scale is a factor but when it comes to ransomware, there can be reluctance to admit to having suffered a data breach and some insurance policies outright prevent companies from doing so. Tracking crypto payments is not an exact science either, as many addresses will not have been identified on the
32
CXO DX / JANUARY 2024
» COLUMN
blockchain and thus will be absent from global data. In certain regions like EMEA, we are seeing more openness to share when it comes to ransomware, as leaders recognise that collaboration and information-sharing can help move the security industry forward and build jointly greater resiliency. What’s changed? So, amongst all this grey, what has changed for definite? Naturally, threats are constantly evolving and becoming more sophisticated. But this is a fundamental of cybersecurity - protection and resilience efforts that improve alongside this and the catand-mouse game goes on and on. With ransomware specifically, we’ve seen attitudes to paying demands continue to swing back and forth. Two years ago, one of the largest ever ransomware payments was paid simply to “prevent any potential risk.” Since then, education on just how unreliable, unethical, and untimely this is as a strategy was improved across the industry but two further flies in the ointment have arrived which have made kicking ransomware payments for good far more difficult. One is cyber insurance. This is a field that has changed drastically since the rise of ransomware, and it remains highly volatile to this day. Cyber insurance is not a bad thing, of course, it gives businesses financial resilience against a near-certain threat. However, it has also given organisations a means of paying ransomware demands. The Veeam Ransomware Trends Report 2023 found that 77% of respondents who paid demands did so with insurance money. Premiums continuing to rise may eventually halt this, as will a growing number of policies specifically excluding ransomware from their cover. Perhaps the bigger factor, and the reason why companies feel they have no choice but to pay ransoms in the first place, is attacks increasingly targeting backup repositories. Recent reports revealed that cyber villains were able to affect the backup repositories in three out of four attacks. If businesses don’t have other offsite copies of this data or simply aren’t in a position to recover fast enough it can be tempting for the board to opt to give in to demands. While senior leadership of course want to do the right thing from a security perspective, ultimately their top priority is to keep the business running. What still needs to be done? What needs to change to tip the balance of the ransomware struggle and for us to start seeing attacks and payments go down for good? It still comes down to education and preparedness - particularly for those outside of the security and backup teams. This includes busting myths about what happens leading up to and after a ransomware attack. For example, encryption doesn’t happen as soon as an employee clicks a malicious phishing link - it can be months or even a year between breaching a system and locking data and declaring a ransom. Likewise, decryption doesn’t happen as soon as a ransom is paid either, ignoring the fact that roughly a quarter of businesses pay a ransom yet remain unable to recover their data, even the best-case scenario can be incredibly slow to decrypt and recover. This part of the business model as most offer the option to buy more decryption keys on top of the ransom cost to speed up the process!
Edwin Weijdema Field CTO EMEA and Lead Cybersecurity Technologist, Veeam
Understanding the beast is the first step in being prepared to respond to it. A ransomware recovery plan should have three stages: Preparation - Planning recovery, ensuring you have reliable backups (following at least the 3-2-1 rule), having a disaster recovery location set up and ready to go, and ramping up training and exercise to ensure the business and organization are prepared. Response - Following a pre-defined and tested incident response process, locating and containing the breach, and scanning backups to ensure they are uncontaminated. Recover - Recovering the environment without reintroducing the malware or cyber infected data into the production environment during restoration and getting the business back up and running. To conclude, while there might be a degree of uncertainty about the status of the global struggle against ransomware, what isn’t in doubt is that ransomware attacks remain an inevitability for most businesses. This doesn’t mean there’s no hope against these cyber criminals however, it’s important to understand that if companies are prepared and design their recovery well, they can reach a point of 100% resilience against ransomware. That doesn’t mean there will be no business impact from such attacks, but it means you can recover quickly and say “no” to ransomware demands. JANUARY 2024 / CXO DX
33
» COLUMN
The 5 technology trends affecting the security sector in 2024 Johan Paulsson, CTO at Axis Communications says that In 2024, we will see security-focused applications appear based on the use of LLMs and generative AI
E
ven for those of us who have been working in the technology industry for decades, the pace of change over the past 12 months has been extraordinary.
Once again, we’re left in no doubt that technological innovations are bringing both huge opportunities and more complex challenges than we’ve faced before, and they show no sign of slowing down. Keeping pace with the changes and their implications — for vendors, customers, and regulators — demands focus, energy, and diligence. The key technological trends that we see affecting the security sector in 2024 reflect this rapidly evolving environment. As ever, they’re a mix of positive opportunities to be grasped, alongside the challenges that need to be addressed.
1 - The potential for generative AI in the security sector
Previous technology trends posts have highlighted the potential for AI and deep learning in the security sector, with a particular focus on advanced analytics on the edge of the network, in cameras themselves. This proliferation of deep learning to the edge is accelerating. Virtually any new network camera being launched features deep learning capabilities, which vastly improve the accuracy of analytics. These capabilities are the foundation for building scalable cloud solutions as they remove such heavy bandwidth requirements, reduce processing in the cloud, and make the system more reliable. However, in terms of AI, 2023 has been the year where large language models (LLMs) as the basis for generative AI have forced their way into public consciousness. This form of AI supports the creation of new content — words, images, even video — based on natural language prompts and questions from users. Every business is looking at the potential use case for generative AI, and the security sector is no different. In 2024, we will see security-focused applications appear based on the use of LLMs and generative AI. These will likely include assistants for opera-
34
CXO DX / JANUARY 2024
tors, helping them more accurately and efficiently interpret what is happening in a scene, and as interactive customer support, providing more useful and actionable responses to queries from customers. In addition, generative AI has already proven its value in software development, and this will be a benefit seen throughout the security sector. We do, of course, need to be aware of the risks and potential pitfalls of generative AI. There will be debates over which models to employ and how, and particularly around the use of open-source vs proprietary models, but the biggest risk will be to ignore it.
2 - Solution management efficiencies driving hybrid architecture
Hybrid solution architectures — those employing the advantages of on premise, cloud, and edge technologies — are now established as the new standard in many security solutions. Functionalities are deployed where it is most efficient, utilizing the best of each instance in a system, adding an increased level of flexibility. Ultimately, system architectures should be in service to the customer’s needs, not the vendor’s preferred structure. To a great extent, it’s a question of accessibility. The more of a solution that exists in environments easily accessible to both vendors and customers, the more ability vendors have to manage elements of the system, taking a greater responsibility and reducing the burden on customers. Hybrid architectures also support the forthcoming use cases for AI support and automation in solution management and operation; increased system accessibility being valuable to both human support and that from AI, taking advantage of each different instance’s strengths.
3 - Security always, but safety too
Security and safety have often been connected as a single subject. Increasingly they are being recognized as separate use cases: security being related to preventing intentional acts — break-ins, vandalism, aggression towards people, etc. — and safety related to the unintentional dangers and incidents that can cause harm to people, property, and the environment.
» COLUMN For a number of reasons, the use of video surveillance and analytics in safety use cases is growing fast and will continue to do so. One reason, unfortunately, is climate change. With extreme weather conditions causing floods, wildfires, landslides, avalanches, and more, video surveillance, environmental sensors, and analytics will be increasingly used by authorities to give early warning of potential disasters and support the most rapid and effective response. Risk management, compliance to health and safety directives, and regulatory requirements is another key reason for the continued growth in safety-related use cases. Video surveillance will be used extensively within organizations to ensure adherence to H&S policies and safe working practices, such as the wearing of required Personal Protective Equipment (PPE). Where incidents do take place, video surveillance will be an increasingly useful and important tool in investigations. Security as a use case for surveillance is well-established. Safety will continue to evolve.
4 - Regulation and compliance driving technology
Speaking of compliance, the global regulatory environment is having an increasing impact on the development of technology, its application, and use. Compliance with these is something that vendors and end users need to be aware of and should be looking to work in close partnership to ensure. AI, cybersecurity, sustainability, corporate governance — all are areas coming under greater regulatory scrutiny. Vendors need to develop their own technologies and operate their own businesses in ways that support their customers’ compliance requirements. Increasingly, the regulatory landscape covers more than the specific development and use of technology itself. Geopolitics and trade relations between nation states are also leading to regulations that demand transparency to a component level if vendors want to maintain a license to operate in key international markets. It’s a constantly evolving and changing area, and one which requires constant diligence, development, and transparency throughout the value chain. For users of security technology, it’s a question of trust. Can they be sure that every link in their supply chain is operating in a way that supports their own regulatory compliance?
Johan Paulsson CTO, Axis Communications
This total system perspective is useful and should be welcomed by the industry. It will lead to innovations in new technologies and cameras that bring benefits throughout the system, not in isolation. Cameras that reduce bitrate, storage, and server load with the intention of reducing server cooling requirements are a good example. More efficient transportation of products, sustainable packaging, and the use of standard components can all also play a part. Visibility and greater control across the supply chain is essential.
The impact of every aspect of a security system will be under increased scrutiny, with vendors and customers needing to monitor, measure and, increasingly, report on a broad range of factors. Taking a total system perspective will be essential.
We all accept that total cost of ownership (TCO) is an important measure, but security vendors will increasingly need to consider (and be transparent about) total impact of ownership, taking non-financial aspects into account, including environmental and societal. It will no longer be possible for vendors to operate in isolation of their own and their customers’ value chains.
Energy consumption is a good example. A video camera itself consumes a relatively small amount of energy. But when also considering the servers, switches, hubs, and routers through which the data is transferred, sitting in large data centers that require cooling, the picture changes.
We have no doubt that 2024 will see further advancements in technology, and with that bring further challenges for us all to navigate. As ever, we’re looking forward to working with our partners and customers to ensure positive outcomes for all, within the sector and beyond.
5 - Taking the ‘total system’ perspective
JANUARY 2024 / CXO DX
35
» TECHSHOW
HUAWEI MATEBOOK D 16 With its expansive 16-inch near bezel-less display, 90% screen-to-body ratio, and sleek Space Grey design, the MateBook D 16 offers creators and office workers an immersive visual experience for work and play. Despite its large screen, the MateBook D 16 weighs just 1.68kg. The MateBook D 16 is designed to give users an immersive large-screen experience with extremely thin bezels and an incredible screen-to-body ratio of 90%. This expansive screen gives creators a larger canvas to work off and multitasking office workers a spacious workspace. The laptop also brings a breakthrough in performance levels with the 13th Gen Intel Corei5 High-Performance Processor, suitable for handling heavy multitasking such as programming, illustrating, and video editing. Despite its generous display, the MateBook D 16 is remarkably slim and lightweight, measuring just 17mm thick and weighing only 1.68kg. It has a sleek and elegant construction and comes in futuristic Space Grey and Mystic Silver colours. The laptop also boasts the HUAWEI Met-
aline technology, which can establish ultra-long-distance connections of up to 270 metres. This greatly reduces false signal pick-ups and creates stabler connections, allowing users to enjoy smooth video streams and conference calls. The laptop also comes with a numeric keypad and physical shortcut keys that enable users to work with charts, data, and documents more efficiently.
Highlights: •
The MateBook D 16 weighs just 1.68kg
•
Features 16-inch large screen, 16:10 golden aspect ratio and 90% screen-tobody ratio, providing a wider view.
•
Includes HUAWEI Metaline technology, which can establish ultra-long-distance connections of up to 270 metres
DELL ULTRASHARP 27 THUNDERBOLT HUB MONITOR Dell has introduced the world’s first five-star certified monitors for eye comfort- the Dell UltraSharp 27 ThunderboltTM Hub Monitor (U2724DE) and Dell UltraSharp 27 Monitor (U2724D). This is a brand-new industry standard for eye comfort developed by TUV Rheinland, one of the world’s leading professional and independent testing service providers. Dell is the first in the market to introduce monitors with this highest 5-star rating certification. These monitors offer enhanced visual comfort features to help users reduce eye strain, including a Built-in Ambient Light Sensor that detects ambient lighting condition and au-
36
CXO DX / JANUARY 2024
tomatically adjusts screen brightness and color tone setting. These new features are important because a recent study showed that a monitor which adjusts its brightness under different ambient light levels can reduce the frequency of eye fatigue signs by 7 to 17 percent. Another study revealed that a monitor with a low blue light reduction feature helps reduce signs of eye fatigue by 8 percent after 50 minutes of performing a search task4.
Highlights: •
Ambient Light Sensor: A built-in Ambient light sensor intelligently optimizes brightness and color temperature based on your surroundings.
» TECHSHOW
EPSON COLORWORKS C6500 SERIES The C6000 series benefits from a wealth features that are designed to provide practical and creative solutions. It supports media widths, from 25mm for the C6000Ae and from 50mm for the C6000Pe to 112mm and boasts expanded media support which even includes textured paper. The ColorWorks range of label printers can print anything from tiny labels for vaping liquid bottles, to large durable labels suitable for chemical drums. The matte black ink version (for both Pe and Ae models) provides users with increased print finish flexibility on textured or plain paper. The series has been designed to be extremely user friendly. All operations can be carried out from the front, saving operation space. These label printers offer high-quality, high-resolution, four-colour print output as standard; along with colour matching functionality (ICC profile and spot colour matching tool) for impressive, impactful, on-demand colour labels.
Highlights: •
Media Flexibility Expanded media support. Label widths from 25mm to 112mm Compact Simple, unobtrusive design with front panel operation
•
Built-in peeler model (CW-C6000Pe) For print-and-apply production line goods
•
Auto-cutter model (CW-C6000Ae) For chemical, food & beverage, horticulture, and logistics
•
Matte black ink version available for both CW-C6000Ae and CW-C6000Pe models
•
Improved ComfortView Plus: Reduces harmful blue light emissions to <35%, for all-day comfort without sacrificing color accuracy.
•
A 120Hz refresh rate delivers less flicker, more seamless scrolling and smoother motion than 60Hz monitors.
•
Organize your screen with Easy Arrange and save profiles with Easy Arrange Memory.
•
Easy navigation: Share a single keyboard, mouse and monitor between multiple PCs with USB KVM wizard. Quickly switch between PCs with the quick-access menu or hot keys.
•
Connect to more with DisplayPort 1.4, HDMI (HDCP 1.4) (supports up to FHD 1920 x 1080 120Hz TMDS as specified in HDMI 1.4), USB-A and USB-C ports that provide speeds of up to 10Gbps.
JANUARY 2024 / CXO DX
37
» TRENDS & STATS
GenAI solutions expected to double in 2024 and grow to $151.1 billion in 2027
E
nterprises will invest more than $19.4 billion worldwide on GenAI solutions in 2023 according to an updated forecast from IDC. This spending, which includes GenAI software as well as related infrastructure hardware and IT/business services, is expected to more than double in 2024 and reach $151.1 billion in 2027 with a compound annual growth rate (CAGR) of 86.1% over the 2023-2027 forecast period. “Despite IT headwinds in 2023, businesses accelerated their exploration of GenAI to boost business transformation. In 2024, the shift to AI everywhere will enter a critical buildout phase as enterprises make major new investments with the goal of drastically reducing the time and costs associated with customer and employee productivity use cases. From there, the focus will shift to investments that boost revenue and business outcomes,” said Rick Villars, group vice president, Worldwide Research at IDC. IDC expects GenAI investments to follow a natural progression over the next sever-
38
al years as organizations transition from early experimentation to aggressive infrastructure and trained data model building to widespread adoption with extensions to the edge of all business activities. While companies at all levels will experience a shift in their technology investments toward AI implementation and the adoption of AI-enhanced products/services, the IT industry will make much a greater and faster AI pivot during the same period. This is because every company will race to introduce AI-enhanced products/services and to assist their customers with AI implementations. For most, AI will replace cloud as the lead motivator of innovation. GenAI Infrastructure, including hardware, Infrastructure as a Service (IaaS), and system infrastructure software (SIS), will represent the largest area of investment during the build out phase. But GenAI Platform and Application Software will gradually overtake infrastructure by the end of the forecast with a five-year CAGR of 99.6%. Similarly, GenAI Ser-
CXO DX / JANUARY 2024
vices, including IT and business services, will nearly equal infrastructure spending by the end of the forecast with a five-year CAGR of 94.2%. By the end of the forecast, GenAI spending will account for 29.0% of overall AI spending, up significantly from 10.8% in 2023. GenAI spending will remain strong well beyond the build out phase as these solutions become a foundational element in enterprises’ digital business control platforms. “Generative AI has served as a catalyst for investments in traditional AI solutions. The synergy between traditional and generative AI opens up a world of possibilities across industries,” said Ritu Jyoti, group vice president, Worldwide Artificial Intelligence and Automation market research and advisory services at IDC. “As we look ahead to the future of AI, embracing a holistic approach that merges traditional AI with generative creativity will enable more versatile AI systems capable of adapting to evolving challenges while fostering disruptive innovation.”
Vibin Shaju General Manager – UAE, Trellix