Hoshan Holding fuels digital transformation by migrating from SAP ECC to SAP S4 HANA Public Cloud. The company will benefit from AI-powered decision-making capabilities, optimized business processes and reduced cost of ownership

Seidor, a global system integrator that provides SAP Consulting services, has announced that Hoshan Holding, widely recognized as one of the largest holding companies in the Middle East, has become the first Saudi company to implement SAP S4 HANA for Public Cloud. The group will also integrate SAP SuccessFactors and SAP Cloud for Real Estate, to digitally transform the company’s capabilities and offerings in Saudi and the United Arab Emirates (UAE).

The latest ERP solution from SAP, SAP S4 HANA is a next-generation business suite with built-in artificial intelligence (AI), that will empower Hoshan Holding employees to capture every opportunity, while optimizing business functions across the entire enterprise. SuccessFactors will allow coverage of the entire talent-acquisition lifecycle from onboarding to offboarding, and SAP Cloud for Real Estate will turbo-charge the company’s asset management and insights.

Among the many benefits Hoshan Holding will reap from Seidor’s integration of next-gen SAP solutions into its technology stack is the “significant lowering of cost of ownership”, which was cited by Khalid AlBabtain, Board Member, Hoshan Holding, as a major impetus in selecting a cloud solution.

“For many years, we ran our core ERP on SAP ECC,” he said. “While the solution met all our business needs, we felt there was a need to move to a more simplified, standardized and agile environment with an enhanced UX and, at the same time, migrate to the cloud, which reduces our cost of ownership. SAP S4 HANA Public Cloud solution also requires less implementation time, delivers global standard processes, provides a more coherent roadmap for future solutions, demands less maintenance, and reduces other costs, such as hardware expenditure.”

Seidor has 35 years of experience in implementing SAP solutions around the world. Given SAP’s decision to stop support of SAP ECC, beginning in 2025, Seidor MENA, based in Dubai, UAE, is taking a leading role in the region’s digital transformation, helping organizations across the Middle East and North Africa (MENA) region leverage SAP S4 HANA to reinvent their business processes and optimize delivery of products and services.

“With SAP ECC soon reaching end of life, all roads lead to SAP S4 HANA. Organizations have several migration options available but unfortunately most businesses in the region are either not aware of all the options or are unsure of which strategy would be best suited for their business,” said Ignacio Ruiz de Equilaz, Managing Director, Seidor MENA. “In this respect Hoshan Holding serves as an excellent example of an organization that has worked closely with Seidor and taken the step of migrating their core business systems to the SAP cloud, realizing unprecedented leaps in their agility and the speed at which they can innovate—vital capabilities in the new global digital economy.

“Seidor’s values are built around world-class quality and delivery of all the very latest offerings from SAP, along with best-in-market consultancy, provided by our experts in solutioning. Taken together with our global reach and regional presence, MENA customers such as Hoshan Holding can be assured of a true digital-transformation partner that is ready to guide them, on their migration journey, to new standards of security, optimization and empowerment, “continued Ruiz de Equilaz.

Hoshan Group’s SAP implementation roadmap covers its KSA headquarters, as well as branches in the UAE, Oman, Kuwait, Qatar, Bahrain, Kenya and Morocco. Phase 1 of implementation was conducted in KSA and UAE simultaneously, involving five separate company codes and 28 plants. SAP S4 HANA Public Cloud modules deployed were Finance, Sales Order to Cash, Procure to Pay, and Inventory. SAP Cloud for Real Estate and SuccessFactors modules included Payroll and Employee Central. A further six locations―Oman, Kuwait, Qatar, Bahrain, Kenya and Morocco—will follow in subsequent deployment phases.

“Hoshan Holding, in its search for a solution that delivered best-in-class industry processes and decision-making capabilities, found in SAP S4 HANA Public Cloud a robust, consistent, easy-to-use tool that optimizes daily operations and frees up employees to focus on the more intellectual parts of their jobs,” Ruiz de Equilaz added. “This is digital transformation in action.”

Hoshan Holding plans to continue its partnership with Seidor as it grows into new markets. The company also intends an expansion of its SuccessFactors implementation to include other talent-management modules.

Achieves Coveted PCI DSS Security Certification

As a leading cloud-based CRM, Loyalty and Ecommerce platform provider, Capillary Technologies has put their customer’s security requirements at the forefront. Capillary has achieved the world’s highest security standards with the Payment Card Industry Data Security Standard (PCI DSS) certification, to ensure that their customers data is highly secure at all times, no matter where they shop. The PCI DSS certification mandates organizations to have a secure network with more than 300 data protection procedures and standards incudling firewalls, antivirus, SIEM, and Data Loss Prevention, in addition to ongoing scans and vunerability assessments every quarter.

“Being a CRM, Loyalty and an Ecommerce platform provider means that Capillary is involved in financial transactions in one form or another, while holding sensitive customer information and business data,” said Shailendra Singh, CISO at Capillary Technologies. “To put this into perspective, we process around US$15 billion worth of happy retail purchases every year for more than 400 brands across 30 countries. The onus is on us to keep this sensitive data secure and give our customers peace of mind. The way forward was to ensure that we meet world class data security standards and the PCI DSS Certification is one way to ensure that our customers are always consumer ready and that their data is safe at all times.”

In the post GDPR era, data security has become a key concern for consumers and organizations alike. With the advent of the digital ‘shopping universe’ consumers now have access to a number of touch points to interact with their favourite brands and retailers. This trend has led to a rapid increase in consumer data being generated in the form of financial and personal data and buying preferences. Additional data generated instore by AI-driven footfall counters takes this data to a new level and includes details like facial recognition, demographics, height, etc which results in brands, retailers and ecommerce platforms storing more and more sensitive data. Ensuring their customer data is secure has become a paramount concern.

With the region’s Ecommerce sector booming, it is expected to be worth US$69 billion by 2020, almost doubling in size in just a few years, according to PayFort. This translates into Ecommerce platforms possessiong billions worth of sensitive customer data, and raises the urgent need for brands to ensure this data is secure.

The PCI DSS certification is focused on technical evaluation of an organization to ensure that its architecture is well-designed to minimize security breaches. The certification is a significant accomplishment for Capillary Technologies in which it has demonstrated its commitment to ensure the highest compliance to securing it’s customers’ data. Capillary Technologies is also ISO 27001:2013 certificated in addition to being PCI DSS Version 3.2.1 certified.

“As Capillary continues to grow and our products evolve, the need for being compliant with the most stringent security standards became our primary goal. Being PCI DSS compliant was one of them. Being PCI DSS compliant with its 300 plus standards helps organizations to ensure that the data is always protected and consumers can transact in a secure environment”, added Singh.

Author: Morey Haber, Chief Technology Officer & Chief Information Security Officer, BeyondTrust

Realizing that most large organizations today have sophisticated security defenses, bad actors are beginning to target third-party vendors, as a means to gain access to an enterprises’ network. In fact, in 2018, over 11 significant breaches were caused by exploitation of third-party vendors and according to Carbon Black’s 2019 Global Incident Response Threat Report, 50% of today’s attacks leverage what they call, “island hopping”, where attackers are not only after an enterprises’ network, but all those along the supply chain as well[1].

IT admins, insiders, and third-party vendors need privileged access to perform their roles, but this shouldn’t mean ceding control of the IT environment to them. Organizations typically allow vendors to access their networks to perform a variety of different functions. However, this privileged access should be secured to the same (or higher) extent as the organization’s internal privileged users. Neglecting to do so will create a weak spot in your organization’s security that is ripe for exploit.

Because organizations typically use IT products and software solutions from a variety of vendors, IT is tasked with the enormous burden of having to secure remote access for these vendors, so that they may provide maintenance and troubleshooting for their products. As a consequence, organizations are faced with the dilemma of having to provide the needed access while also guarding against malware and bad actors entering through third-party connections.

Given that third-party vendors are an integral part of most organizations’ ecosystem―something that isn’t going to change anytime soon—there are seven steps you can take to exert better control over third-party vendor network connections and secure remote access.

Monitor & examine vendor activity

First, it’s imperative to scrutinize third-party vendor activity to enforce established policies for system access. You want to understand whether a policy violation was a simple mistake, or an indication of malicious intent. You should implement session recording to gain complete visibility over a given session. And finally, you should correlate information so that you have a holistic view that enables you to spot trends and patterns that are out of the ordinary.

Here are some ways to approach monitoring:

• Inventory your third-party vendor connections to understand where these connections come from, what they are connected to, and who has access to what
• Look for firewall rules that permit inbound connections for which you are unaware
• Perform vulnerability scans on your external-facing hosts to search for services that are listening for inbound connections
• Validate that your enterprise password security policies apply to accounts on inbound network connections
• Implement policies and standards specific to third-party issues, and use technical controls to enforce them
• Monitor for any security deficiencies and then address them

Limit network access

Most of your vendors only need access to very specific systems, so to better protect your organization, limit access using physical or logical network segmentation and channel access through known pathways. You can accomplish this by leveraging a privileged access management solution to restrict unapproved protocols and direct approved sessions to a predefined route. 

Apply multiple robust internal safeguards

As with other types of threats, a multi-layered defense is key to protecting against threats arising from third-party access. Apply encryption, multi-factor authentication (MFA), and a comprehensive data security policy, amongst other measures.

Educate your internal and external stakeholders

On average, it takes about 197 days for an organization to realize that it has been breached. A lot of damage can be done in 197 days. Educate across the enterprise and continually reinforce the message that the risks are real.

Conduct vendor assessments

Your service-level agreement (SLA) with third-party vendors should spell out the security standards you expect them to comply with, and you should routinely review compliance performance with your vendors. At a minimum, your vendors should implement the security basics, such as vulnerability management. You should also enforce strong controls over the use of credentials—always with a clear line-of-sight into who is using the credential, and for what purpose.

Authenticate user behavior

Vendor and partner credentials are often very weak and susceptible to inadvertent disclosure. Therefore, the best way to protect credentials is to proactively manage and control them. You can do this by eliminating shared accounts, enforcing onboarding, and using background checks to identity-proof third-party individuals that are accessing your systems.

Prevent unauthorized commands & mistakes

One step you want to take is to broker permissions to various target systems using different accounts, each with varying levels of permission. You should restrict the commands that a specific user can apply, via blacklists and whitelists, to provide a high degree of control and flexibility. To this end, use a privileged access management solution, enable fine-grained permission controls, and enforce the principle of least privilege (PoLP).

Vendor access is often inadequately controlled, making it a favored target of cyberattackers. By layering on these seven steps, you can exert better control over third-party access to your environment and make significant progress toward reducing cyber risk.

Expansion Empowers Customers to Deliver and Protect Apps and Desktops from the Cloud of their Choice

Nutanix, Inc. (NASDAQ: NTNX), a leader in enterprise cloud computing, today announced the continued evolution of its offerings across private and public clouds, further making multi-cloud computing a reality for its customers. With today’s news, Nutanix is extending its Xi Frame desktop-as-a-service solution from the public cloud to the private cloud, enabling the delivery of apps and desktops in a true hybrid cloud environment. In addition, the company is announcing new functionality and additional planned availability zones for its cloud-based disaster recovery (DR) service, Xi Leap.

According to the IDC InfoBrief, sponsored by Nutanix, “Surviving and Thriving in a Multi-cloud World,” multi-cloud deployments are now the norm for enterprise organizations — less than 30% of customers report using single cloud environments. Most customers leverage different cloud platforms across multiple service providers. The interoperability of data and applications between these varied cloud environments is growing in importance, and yet access to hybrid cloud capabilities where a single application runs across clouds remains elusive to most organizations. As companies eagerly seek out ways to make the multi-cloud environment a reality, these new updates from Nutanix provide additional capabilities to streamline the implementation of their cloud services deployments.

Introducing Nutanix Xi Frame for the Private Cloud

With Nutanix Xi Frame, customers can already access applications and virtual desktops from popular public clouds like AWS and Azure simply and easily, using any browser and any device. With the latest Xi Frame update running on the Nutanix AHV hypervisor, customers can now extend desktop delivery to their Nutanix private cloud, integrating virtual desktop infrastructure (VDI) services with the Nutanix Enterprise Cloud platform. Xi Frame desktops can be simultaneously delivered via multiple clouds and managed via a single console for seamless control and administration, providing a true hybrid experience.

In addition to being available to users on AWS and Azure, Xi Frame is now also available to customers worldwide for Nutanix private cloud deployments using AHV. Customers can provision 1000s of virtual desktops in minutes, as opposed to weeks, enabling them to improve the economics, speed and scale of desktop delivery. IT teams can now select the right cloud — public or private — for their VDI initiatives. 

Extending the Reach of Cloud-based DR to More Regions with Nutanix Xi Leap

As enterprises continue to embrace cloud services, and enterprise infrastructures become more virtual, data and IT operations are rapidly migrating to the cloud. When done right, cloud-based disaster recovery is an attractive strategy for any size organization to protect their business critical applications. Nutanix Xi Leap extends the enterprise datacenter to the cloud, allowing IT teams to harmonize public and private clouds and deliver enhanced availability for critical data and applications. Customers get a natively-integrated DR cloud service, and single pane management, to protect critical workloads running in the datacenter and in a cloud, delivering improved business continuity.

Nutanix is adding new capabilities to its Xi Leap DR service, including:

• New Availability Zones: Nutanix Xi Leap is expanding beyond its current availability zones in U.S. West, U.S. East and the U.K. In the coming months, additional Xi Leap availability zones are expected to be available in Italy, through Nutanix’s partnership with Sparkle, the international services arm of Telecom Italia Group, as well as in Japan and Germany.
• Support for ESXi: Xi Leap now also provides DR services for enterprise workloads running on Nutanix private clouds using VMware ESXi, making it even simpler to transform existing applications into a hybrid service.

“With previous disaster recovery systems, we weren’t able to achieve the performance we expected for virtual machine restoration and managing DR as a separate silo made our infrastructure more complex,” said Patrick Sudderth, Director of Technical Services, Lexipol. “Nutanix Xi Leap allows us to configure policies that automate the DR workflow directly within the Prism Console and restoration happens in a matter of minutes. No other DRaaS vendor can come close to the simplicity of execution we experience with Xi Leap.”

Securing Cloud Applications

Fundamental to delivering applications in a multi-cloud architecture is ensuring that applications remain secure — independent of the cloud infrastructure chosen. Comprehensive and automated compliance assessments are necessary to ensure application mobility between clouds. Xi Beam, a Nutanix SaaS offering that provides cloud governance, will include a realtime security compliance module designed to identify critical cloud infrastructure vulnerabilities and recommend specific remediation. With new security and compliance functionality, IT architects will be able to fix security risks before they impact the business.

“The multi-cloud world is the new reality for IT — it’s no longer up for debate. Customers need solutions that can bring together the full mix of public, private, and edge clouds that will soon make up their critical infrastructure without drowning them in needless complexity and unchecked costs,” said Sunil Potti, Chief Product and Development Officer, Nutanix. “By continuing to add new capabilities to our portfolio, we’re giving customers the freedom to deliver their applications and data from the cloud that makes the most sense for their business.”

Availability

Nutanix Xi Frame for Nutanix Enterprise Cloud Platform deployments using AHV is available now. Xi Leap services are currently live in several availability zones including U.S. West, U.S. East and the U.K. Additional availability zones are planned for Italy, Germany and Japan in CYQ3’19. Nutanix Xi Beam is already generally available for cloud governance and optimization. The real time security compliance capabilities in Xi Beam are currently available to certain customers in early access, with general availability expected in CYQ2’19.

Forward-Looking Statements

This press release contains express and implied forward-looking statements, including, but not limited to, statements regarding our business plans and objectives, new products, product features, services and technology that are under development or in process, including new availability zones for Nutanix Xi Leap and new security compliance capabilities of Nutanix Xi Beam, the capabilities of such products, product features, services and technology, and our plans to introduce such products, product features, services and technology in future releases, including the expected availability of the new Nutanix Xi Leap availability zones and the new security compliance capabilities of Nutanix Xi Beam. These forward-looking statements are not historical facts and instead are based on current expectations, estimates, opinions, and beliefs. Consequently, you should not rely on these forward-looking statements. The accuracy of such forward-looking statements depends upon future events and involves risks, uncertainties, and other factors beyond our control that may cause these statements to be inaccurate and cause actual results, performance or achievements to differ materially and adversely from those anticipated or implied by such statements, including, among others: failure to develop, or unexpected difficulties or delays in developing, new products, services, product features or technology in a timely or cost-effective basis; delays in the availability of new Nutanix Xi Leap availability zones and/or new security compliance capabilities of Nutanix Xi Beam; the introduction, or acceleration of adoption of, competing solutions; and other risks detailed in our quarterly report on Form 10-Q for our fiscal quarter ended January 31, 2019, filed with the SEC on March 12, 2019. Our SEC filings are available on the Investor Relations section of the company website at ir.nutanix.com and on the SEC’s website at http://www.sec.gov. These forward looking statements speak only as of the date of this press release and, except as required bylaw, we assume no obligation to update forward-looking statements to reflect actual results or subsequent events or circumstances.

By Aaron White, Regional Director, Middle East at Nutanix

The Future is Hybrid Cloud

As enterprises demand stronger application mobility and interoperability, they are increasingly choosing hybrid cloud infrastructure (the combined use of private and public clouds with some degree of integration between the two cloud environments). While the advent of public cloud has increased IT efficiency in certain areas, hybrid cloud capabilities are the next step in providing the freedom to dynamically provision and manage applications based on business needs.

As per findings of Nutanix’s first annual global Enterprise Cloud Index[1], measuring enterprise plans for adopting private, hybrid and public clouds, enterprises plan to increase hybrid cloud usage, with 91% stating hybrid cloud as the ideal IT model, but only 18% stating they have that model today. The findings also revealed that application mobility across any cloud is a top priority for 97% of respondents – with 88% of respondents saying it would “solve a lot of my problems.” Additionally, the report found public cloud is not a panacea; IT decision makers ranked matching applications to the right cloud environment as a critical capability, and 35% of organizations using public clouds overspent their annual budget. When asked to rank the primary benefits of hybrid cloud, interoperability between cloud types (23%) and the ability to move applications back and forth between clouds (16%) outranked cost (6%) and security (5%) as the primary benefits.

White enterprises are turning to hybrid cloud to modernize IT for the digital era, given the significant complexity that still exists today in cross-cloud management and integration, many enterprises are struggling to create an effective hybrid cloud strategy.

Below are 5 tips that will provide guidelines to regional enterprises considering the move to a hybrid cloud model:

1. A SINGLE INFRASTRUCTURE OR BIMODAL IT?

Supporting mode 1 (traditional) and 2 (next-gen) applications with separate infrastructure is called bimodal IT—and it’s a limiting, impractical process. Your hybrid cloud needs to support both seamlessly for a more agile infrastructure

2. DON’T OVERLOOK DEVELOPMENT AND TEST RESOURCES

Be sure to include all IT resources dedicated to development work, including tools, repositories, build servers, and so on

3. DON’T CHOOSE CLOUD PROVIDERS TOO SOON

Before you start thinking about a cloud provider, make a complete list of the environments you’ll need to give you an idea of what you’re doing on-prem. Remember, this is a 3-5 year commitment at least, so no rush!

4. RECONCILING IT IDEALS AND REALITY

Enterprise IT is rarely perfect, but you can still optimize it with a tactical, practical cloud management approach. As you work toward implementing hybrid cloud, keep the lights on in your current environment.

5. NEW TO DEVOPS? TIME TO GET FAMILIAR

As an enterprise, gaining a competitive advantage is a business necessity. To stay ahead of the curve, many enterprises from varying industries are getting serious about DevOps.

In conclusion, reliance on legacy datacentre architectures—whether you own the equipment and software or not—or getting locked into a specific infrastructure stack can add to technical debt, increase operating costs, and limit future flexibility. This is becoming a thing of the past. Hybrid cloud is the future. Hybrid cloud capabilities constitute a growing necessity in the dynamic, digital business climate, in which enterprises demand the freedom to dynamically provision and manage applications based on business needs. Reaching this ideal IT operating model will require more comprehensive hybrid vendor solutions, as well as greater expertise in designing, building, and operating hybrid clouds.

[1] Nutanix commissioned Vanson Bourne to survey IT decision makers about where they are running their business applications today, where they plan to run them in the future, challenges in setting up their cloud environments and how their cloud initiatives stack up against other IT projects and priorities. The survey resulted in approximately 2,300 respondents from multiple industries, business sizes and geographies in the Americas; Europe, the Middle East, Africa (EMEA); and Asia-Pacific and Japan (APJ) regions. To learn more about the report and findings, please download the full “Nutanix Enterprise Cloud Index 2018”,

Thunder Threat Protection System (TPS) Gives Service Providers the Highest Performance DDoS Defense in Compact, Reliable Form Factor

 A10 Networks, announced a new capacity enhancement to its Thunder^® 14045 TPS, which delivers industry-leading attack traffic mitigation capabilities. This capacity gain provides the highest performance available in the market with 500 Gbps of defense in one appliance. The smaller form factor reduces the number of devices required, while building scalable DDoS defenses that meet the challenge of emerging attacks. As service providers look to expand their service offerings, the Thunder TPS solution enables them to build profitable DDoS mitigation services that protect their own networks, as well as their subscribers.

Distributed denial of service (DDoS) attacks are only going to increase over time and attackers have an ever-expanding opportunity to use new device types, particularly connected-home devices like home hubs, routers and IP cameras to mount even larger attacks. In fact, the most recent A10 Networks’ DDoS Weapons Intelligence report describes the significant potential for attackers to use an IoT-related protocol, the Constrained Application Protocol (CoAP), deployed on IoT devices to marshal attacks.

With their expansive attack surface and absolute need for 24×7 uptime, global communications providers, cloud and online gaming service providers require the highest levels of protection from DDoS attacks. Service providers can rely on A10 Networks for expanded L3-7 DDoS protection, high scalability and advanced automated defenses that intelligently leverage machine learning.

“The proliferation of connected devices, and the increases in bandwidth and new application services enabled by advanced 5G networks mean that the size and intensity of DDoS attacks will increase exponentially. Customers require a modern approach to automated defenses with new technologies like machine learning and advanced threat intelligence to mitigate these attacks. The performance and automation available with Thunder TPS will help service providers deliver effective protection to their subscribers in this new and evolving attack landscape,” said Ahmed Abdelhalim, director of product management, A10 Networks.

With 500 Gbps mitigation capacity per Thunder TPS device, A10 Networks continues to drive innovation in the fast-growing DDoS market, leaving legacy suppliers behind. Thunder TPS solution is core to A10 Networks’ DDoS defense strategy delivering:

• One-DDoS Protection– The industry’s only connected intelligence system that provides full-spectrum multi-vector DDoS defense with distributed detection and machine learning capabilities within targeted infrastructure, including Thunder TPS, ADC, CGN, and CFW.
• Predictive, Automated Cyber Defense– Intelligent Automation, granular protection capabilities and zero-touch operation accelerate responses to ensure optimal, efficient protection.
• Actionable DDoS Weapons Intelligence– Incorporates global intelligence from A10 Networks DDoS weapons research for improved security posture and real-time insights into emerging threats.
• Industry-leading Performance– The highest performance in a small form factor enables fast detection and mitigation while lowering costs, reducing complexity, and increasing reliability in the field.

By Alain Penel, Regional Vice President – Middle East, Fortinet.

Operational technology (OT) refers to the hardware and software used to run industrial control systems (ICS), such as SCADA, that serve as the foundation of various areas of critical infrastructure. This includes industries that are essential to public safety and well-being, including power plants, manufacturing, water utilities, healthcare, transit, and more. OT differs from traditional IT systems due to the processes and systems that must be incorporated to effectively manage production and resource development systems, including engines, valves, sensors, and even robotics, that are common to critical infrastructure environments but may be absent from traditional IT stacks.

While IT and OT have been managed separately since their inception, there has been a growing movement toward the convergence of these two systems over the past 12 – 18 months. Incorporating IT capabilities such as big data analytics and machine learning into OT systems, along with faster connectivity solutions in order to respond to security and safety events more quickly, has allowed these industries to improve productivity and efficiency, offering a competitive edge to those who combine the systems effectively.

However, it’s important for OT teams to consider how this convergence affects the cybersecurity posture of critical infrastructure, especially given the impact that downtime caused by a cyberattack can have on the economy, health, and productivity of the nation. And worse, the potential safety risks to workers and even local communities should a critical system be compromised.

To determine where critical industries may be at risk due to IT and OT convergence, Fortinet has compiled the State of Operational Technology and Cybersecurity Report.

The State of Operational Technology and Cybersecurity

To understand the types of threats facing operational technology and how OT teams can mitigate these threats, Fortinet conducted a survey of organizations in critical industries with greater than 2,500 employees. Specifically, we examined plant and manufacturing operations leaders in:

• Manufacturing
• Energy and utilities
• Healthcare
• Transportation

Their answers revealed where OT is most vulnerable, the types of cyberattacks they regularly face, what their current security tactics are, and where improvement to cybersecurity protocols must be made.

Cybersecurity Risks for Operational Technology

The report revealed that cybersecurity must become a greater focus where operational technology is concerned, as 74% of OT organizations experienced a data breach in the last 12 months. The breaches negatively impacted organizations in a myriad of ways, including a reduction in safety, productivity and revenue, the compromise of business-critical data, and damaged brand reputation. Considering these, it’s clear that OT organizations that do not prioritize cybersecurity as part of their IT and OT convergence strategy risk losing all of the benefits of this strategy when they encounter an attack.

The most common types of cyberattacks affecting operational technology are malware, phishing, spyware, and mobile security breaches. The survey results show that these attacks persist as a result of four key reasons:

1. Lack of Visibility: 78% of organizations only have partial cybersecurity visibility into operational technology. This makes it difficult for teams to detect unusual behavior, quickly respond to potential threats, and perform threat analysis – all of which are crucial to a successful cybersecurity posture.
2. Lack of Personnel: As we have often seen elsewhere, due to the cybersecurity skills gap the low availability of skilled security professionals is a key concern for operations leaders considering implementing new security tools and controls in the network.
3. Rapid Pace of Change: 64% of operations leaders note that keeping up with the pace of change is a challenge when it comes to security, and yet, at the same time, slowing digital transformation efforts for any reason can compromise their competitive edge.
4. Network Complexity: OT network environments are complex, with anywhere from 50 to 500 devices to monitor and secure, many of which come from different vendors. This exacerbates the challenges surrounding visibility and personnel, as each device stores different data and has different security configuration needs and requirements.

Improving Security for Operational Technology

With these attack vectors and security challenges in mind, there are several steps operations leaders can take to improve the security posture at their organizations and minimize the risks associated with downtime in the wake of an attack.

First, 62% of organizations stated intentions to dramatically increase their cybersecurity budgets this year. Additionally, organizations are also adjusting their cybersecurity strategies, with 70% stating their intention to make the CISO responsible for OT cybersecurity in the next year—currently, just 9% of CISOs overseeing OT security.

In addition to these two changes already underway, organizations can implement several security tactics that have demonstrated success in critical infrastructure industries. As part of this study, Fortinet examined the differences in cybersecurity controls in place between those organizations that experienced zero intrusions over the last 12 months, and similarly-sized organizations with six or more intrusions. There were several tactics and tools that stood out among those top-tier organizations that those in the bottom-tier lacked, including:

• Multi-factor authentication
• Role-based access control
• Network segmentation
• Conduct security compliance reviews
• Management and analysis of security events

As OT and IT systems continue to converge, implementing these essential tactics can help operations leaders and CISOs gain visibility across their OT environments while reducing complexity in their network to reduce cyber risk.

Final Thoughts

Security threats to Operational Technology networks, especially in critical infrastructures such as transportation, health, and energy, can have major consequences for ensuring the success of these organizations, as well as for the daily lives of the people those industries support. To help minimize this risk, this latest report from Fortinet provides a critical examination of key areas of vulnerability in order to help OT teams identify more effective ways to improve cybersecurity efforts in the industries they support.

A10 Networks, announced that it has appointed Ehab Halablab as the company’s new Regional Channel Manager for Middle East and North Africa (MENA).

Ehab has more than 12 years’ experience in the IT industry. Prior to A10 Networks he worked at security firm Symantec as territory manager for enterprise where he was instrumental in driving new business acquision. He also held a regional channel leadership position at Blue Coat Systems (acquired by Symantec) and regional sales manager position at Sophos. The early part of his career was spent at Naizak Distribution Services as account manager for several key security vendors.

Mohammed Al-Moneer, Regional Vice President of Sales – MENA at A10 Networks says, “Ehab brings a wealth of leadership and channel expertise to our company. Partners are critical to A10’s growth strategy and success. In order to drive our leadership in 5G, multi-cloud and security infrastructures, we needed a regional channel head with a depth of relevant experience and a proven track record and Ehab ticked these boxes. He will play a pivotal role in leading the adoption of a channel-driven business strategy, partner enablement and identifying new partners, while ensuring they are equipped with the tools necessary to sell our company’s portfolio of market leading soutions.”

Ehab will be responsible for developing & executing a regional channel strategy focused on partner certification, premier security partner recruitment, and direct & indirect channel enablement programmes. As part of the strategy to grow the business, Ehab is looking to transform distributors into value added distributors (VADs). The company will be actively onboarding new potential partners in the region that will be focused on A10’s business. The internal sales team will also be seeding new business opportunities that will be fulfilled through resellers in the region. In addition, Ehab will be focused on strengthening local ties with the company’s alliance partners like HP, Nokia Systems, Ericsson and NEC.

Ehab will champion the regional launch of the company’s award winning Affinity Partner Programme, which leverages incentive programmes, co-partner end user events and vertical focused events to drive partner engagement and opportunities.

Another key focus area for Ehab will be enabling strategic partners within the high-growth security, cloud & infrastructure domains. The company has launched its Authorized Training Centre (ATC) based in Dubai to educate partners and customers. A10 ATCs will be regulary launching monthly sessions at the beginning of each quarter. There is also going to be the launch of a partner training program called ‘RiDerS’ which will give an opportunity to channel system engineers to gain the requisite high level of security knowledge.

“The network application, cloud and security business in the MENA region is growing at an exponential rate as organizations are looking to embark on the road to digital transformation. I’m delighted to be joining A10 Networks at this very exciting time since the company’s technologies are at the core of several of today’s key IT business drivers like 5G, multi-cloud and security. I am looking forward to empowering our partners to deliver a first-class experience to our mutual prospects and customers, drive customer engagement and fuel growth,” concludes Ehab.

Author: Claude Schuck, regional head, Middle East at Veeam

The ways businesses leverage cloud to manage and maximise the value of their data continue to evolve. The years when adopting cloud-based solutions felt like the first step into some brave new world may be behind us, but with every new cloud-consumption model comes new questions. Multi-cloud, the current variation of cloud deployment, is attracting attention, questions and scepticism from businesses.

Whereas a hybrid cloud is a single entity, an amalgamation of a private cloud with public cloud environments, multi-cloud simply includes multiple clouds. It is a nod towards the fact that businesses are increasingly using different clouds for different purposes. In today’s digital economy, 81% of enterprisesare embracing a multi-cloud strategy.

It is common for the IT industry to promote the idea of a one-stop shop model – a single point of failure – to avoid the perceived inefficiency and confusion of dealing with multiple vendors and cloud service providers (CSPs). Data is now described as the oil of the digital economy, a company’s most valuable resource, so as businesses demand an infrastructure which maximises the potential value of that data, IT departments are under pressure to deliver.

For example, a business may wish to store data from its fastest growing business unit in Google Cloud for scalability at relatively low expense but use AWS for its R&D databases to enjoy the benefits of AI and voice-assisted search. Whereas previously the only viable decision for the business would have been to make a judgment call based on its priority needs and budget constraints, the best strategic option is now to adopt a multi-cloud approach.

Data-driven transformation

There is a movement from organisations to become more data-driven, with business leaders recognising the importance of data in both high-level business strategy and operational decision-making. Furthermore, consumers and employees are beginning to appreciate the true value of their data, which means businesses must ensure that the people who share data with them see the value in doing so through receiving more personalised experiences. People want to know that their data is protected and is secure, but they also want greater transparency about what it is being used for.

Creating this data-driven culture is underpinned by continuous digital transformation – embracing the latest and greatest technologies which allow the business to repeatedly lift its performance levels. According to Gartner’s 2018 CIO Agenda report, making progress towards becoming a digital business is a top priority for CIOs – and the proliferation towards multi-cloud reflects this trend.

Despite this, the latest Veeam Availability Report reveals that two thirdsof senior IT leaders admit their digital transformation has been held back by unplanned downtime. And successful multi-cloud deployments depend on the availability of all apps and data, at all times. So, businesses looking to take advantage of multi-cloud environments must ensure that their apps and data are always available – and that their culture of data-driven decision-making is fully supported to maintain customer confidence and brand reputation.

Availability in the multi-cloud

The complexity of maintaining availability within a multi-cloud environment is the reliance on multiple CSPs. While all major vendors and CSPs will make backup and disaster recovery (DR) solutions available to their customers, each provider has different protocols, service level agreements (SLAs) and capabilities; and the last thing any business wants to hear when disaster strikes is that they are not adequately protected or that recovery has failed. While no business, regardless of whether it is using multi-cloud or not, can guarantee that it will never experience unplanned downtime, every business can ensure that it is prepared for this possibility.

Therefore, businesses opting for multi-cloud need to ensure that they have an availability solution which sits cross their entire cloud provision, making cloud data protection easy with a seamless process for sending data offsite to the cloud. As well as a reliable backup and DR solution which is interoperable with all major CSP solutions, the platform should provide businesses with full visibility of data availability across their entire multi-cloud infrastructure.

For businesses using multi-cloud to power their digital transformation in the bid to establish a more data-driven culture across the organisation, data is akin to running water – a utility which all rely on and must be available at all times. Businesses embracing multi-cloud should not be put off by the prospect of working with multiple vendors as certain software-based platforms can give the peace of mind and a turnkey solution to minimising downtime.