Connect with us

Tech Interviews

Enterprise security strategies

Published

on

Evolving cyber threats are making enterprises more vulnerable to business losses and operational disruptions. To boost cyber resilience, enterprises need robust security strategies to protect their businesses. Rashmi Knowles, Field CTO EMEA for RSA Security, tells The Integrator how enterprises can build a holistic cyber strategy that works.

1. Why do enterprises need a holistic approach to cyber security?

Worldwide security spending on information security products and services is expected to grow to $93 billion in 2018, according to the latest forecast from Gartner.  Despite this level of spending, we have seen nearly 2,000 data breaches and nearly two billion personal records stolen.  Security technology alone cannot solve the risks to our business. Siloed security and business functions result in poor visibility and communication with each function only focusing on their priorities.  Connecting a security incident to a business context should be the ultimate goal of all organizations so security teams and the business need to close what RSA call the ‘The Gap of Grief’.

A number of forces make the Gap of Grief more treacherous:

  • Modernization – Quickening pace of digital transformation
  • Malice – Increasingly hazardous threat landscape
  • Mandates – Industry and government forcing the issue

The demands of interoperability and availability, along with consumers’ and organizations’ appetites for modernization and innovation, can present constant challenges.  The stealth persistence and resourcefulness of malicious actors only seem to be increasing.  On top of that, new and more stringent mandates continue to raise the bar for compliance and digital risk strategies.

2. What are some of these solutions that can ensure cyber security for the enterprises?

The combined pressures of modernization, malice, and mandates are spurring a new way of thinking about security strategy, marked by a convergence of security and business risk in the enterprise.  Some organizations are starting to develop security strategies in collaboration with the broader IT, fraud, risk and business functions, seeking to inform security with relevant, context-specific information about what the business values most. Organizations looking to adopt such a business-driven security strategy should focus on four pillars to assure success:

Full Visibility

The security team must be able to see across all digital channels. Only with visibility from the endpoint to the cloud, with detailed analytics, can organizations identify and correlate security and business risks across the whole environment.

Rapid Insight

Faster insight through better analytics is paramount.  The modern business environment has a plethora of business and security tools and the more time needed to interpret an event or incident, the greater the risk.

Comprehensive Response

Security teams today take their finding from security tools and remediate in a way that is not scalable.  The most effective way to turn insights into action is to orchestrate and automate the response.  For example, when security spots a user acting suspiciously through a deviation on a baseline, they can enable the identity plane to take actions stepping up authentication to ensure confidence that the user is legitimate.

Business Context

Security and fraud teams can’t rely on what they see in their own environments.  Contextual intelligence facilitates faster and better decisions for the business.  For security teams understanding business context – such as the criticality of an asset can help prioritize work and determine urgency when managing incidents.

To deliver these capabilities requires a comprehensive threat detection platform like an advanced SIEM to provide complete end-to-end visibility, automated behavior analytics, and machine learning to find both known and unknown threats and provide enriched data with business context and threat intelligence.

Identity is replacing perimeter as the primary defensive frontline. Every transaction begins with some form of identity – a machine or a user, therefore a comprehensive identity and access management (IAM) platform is mandatory as a key building block.  Today’s IAM platforms must provide complete flexibility for the user and insight to the business to manage identities.

And finally, a comprehensive governance, risk and compliance (GRC) platform provides the glue to connect a security incident to a business context to determine the severity of the incident.  For example, if a security team detected unusual activity on a file server and had to make the decision to shut the server down, then most organizations lack the insight to determine what business process runs on the server and any other systems that could be impacted by the action.  Criticality of the business process and data also need to be determined.

3.What will be the key drivers for holistic cyber security solutions?

Three key factors will drive the demand for holistic cyber security solutions – Modernisation, Malice and Mandates.  As mentioned above, the stealth persistence and resourcefulness of malicious actors only seem to be increasing.  On top of that, new and more stringent mandates continue to raise the bar for compliance and digital risk strategies. Hence, organizations need to adopt a holistic cybersecurity approach – one which connects a security incident to a business context and result in high visibility and rapid response.

4. What impact will GDPR have on cyber security and the solutions thus created?

GDPR is based on best practices for cybersecurity; and connecting a security incident to a business risk becomes even more important in GDPR. Organizations that are already using industry standards like NIST and have adopted a business-driven security strategy will lead in the fight to protect their organizations.

5. Will these solutions make it easier for enterprises to continually assess security threats and take steps to mitigate them?

Adopting any security strategy must have the goal of constantly improving the capability model so that all the lessons learnt from an attack are fed back into a cyclical process.  The steps of Identify, Protect, Detect, Respond, and Recover must constantly be updated and refreshed with the latest learnings.

 

Tech Interviews

ASBIS’s Regional Growth Strategy and Driving Growth in Emerging Markets

Published

on

ASBIS JAFZA

In an interview with Integrator Media, Mr. Hesham Tantawi, Vice President at ASBIS Middle East, discussed the company’s strategies, emphasizing its active support for start-ups in the UAE and plans for further investment in Saudi Arabia. He also highlighted ASBIS’s training and development programs for partners and small businesses, leveraging their new distribution center in South Africa.

What strategies does ASBIS employ to support start-ups in the UAE?

We have initiated numerous projects with start-ups within our head office in Cyprus. Currently, we have around 20 start-ups in-house under the ASBIS umbrella since last year. In the next year, we plan to continue this effort, we have attended many seminars and exhibitions for start-ups in Saudi recently in the last quarter. We are looking forward to investing more in start-ups in this region as well.

What training and development program does ASBIS offer to partners and small businesses to facilitate their growth?

We have relocated to new premises equipped with several demonstration and proof of concept areas for our entire product range. Visitors to our facility will find proof of concept setups for large storage systems, servers, and a variety of technologies, including robotics.

In these proof-of-concept labs, we host our customers and their clients for training sessions, providing hands-on experience with our products and comprehensive training courses. Our premises also feature approximately six meeting rooms of varying sizes, including one that accommodates up to 50 people, designed for classroom or theater-style meetings where training is conducted.

Can you share recent government projects or partnerships ASBIS has in Saudi Arabia, Algeria, and South Africa?

We opened a distribution center in South Africa and are experiencing rapid growth, focusing on South Africa and neighboring countries. In Saudi Arabia, we collaborate closely with the government on server and storage projects, and work with telecommunications companies and major corporations such as Aramco and SABIC.

In Algeria, we have strong tie-ups with the government through our local partners, a relationship that has been established and maintained for 23 years.

What impact do you foresee advancements in robotic solutions having on the IT landscape?

Robotics is an integral part of the broader technology landscape, which is a major topic of discussion today. Robotics requires a robust IT infrastructure due to the necessary software implementations and management. While it is a distinct industry, separate from computers, it still relies heavily on IT technology to build its infrastructure. Robotics is indeed a growing segment.

Do you believe IT distributors need to adapt their business models to better understand end-users with emerging technologies like robotics and AI?

Remodeling distribution is essential, as distribution is a technique and not merely trading. Many people equate distribution with trading, but they are completely different. Distribution is a science with many KPIs and techniques. The right distributor builds markets, develops strategies, and grows alongside partners.

It involves a joint effort between distributors and channel partners. The end-user plays a crucial role, acting as the pull in the market. Distributors must build relationships with partners or resellers and create demand through effective marketing to drive end-user engagement. Ultimately, the end-user is key, as products need to be utilized.

Continue Reading

Tech Interviews

Halian’s Progressive Insights in the Transformative Technology Landscape

Published

on

Halian interview

Exclusive interview with Stuart Fry, Group Chief Executive Officer for Halian, Austin Fraser, and Austin Vita

Can you provide an overview of Halian’s approach to technological transformation?

    At Halian, we take a holistic approach to identifying our client’s goals and assisting them in achieving these as quickly as possible. We accomplish this by offering personalised and tailored recruitment and managed services, as well as outsourcing solutions. Our strong local presence in regions such as the United Arab Emirates (UAE), Saudi Arabia, Germany, and the United Kingdom (UK) enhances our recruitment capabilities and technological solutions.

    What are the significant transitions that Halian has undergone over its established 20-year history?

    After establishing the company in the UK in 1996, Halian expanded to Luxembourg and the Middle East in 2007 and 2008. We then launched Smart Services in the UAE, offering managed services for Oracle and the first Talent services for TDIC in Abu Dhabi.

    In 2020, we established Search, a practice offering permanent recruitment and headhunting services across all our markets. Following a management buyout by a private equity firm, we rapidly expanded, opening offices in Greece and Belgium, and acquiring Staffgroup GmbH, Staffgroup SAS, Staffgroup International Ltd, and Staffgroup Zug. This year, we merged with Austin Fraser, Austin Vita, and Austin International, forming the Halian Group with over 15 offices worldwide, including in the United Kingdom (UK), Germany, Belgium, France, Luxembourg, the United Arab Emirates (UAE), Saudi Arabia, and the United States of America (USA).

    How does Halian ensure the success of its Smart Services in diverse regions like the Middle East and Europe?

    Halian’s Smart Services offers comprehensive managed IT infrastructure and operations services, DevOps, Project Management, PMO, and service function outsourcing. We provide expertise either on-site or remotely through our Center of Excellence to ensure service continuity, free up internal resources, and enable organisations to focus on their core business.

    In the Middle East and Europe, we ensure the success of our Smart Services by engaging clients at every step of our partnership. Through collaboration, Halian delivers effective talent management and digital transformation services, including cloud migration, training, re-skilling, and job mobility.

    Can you elaborate on how technology is revolutionising the financial and commerce sectors for consumers and businesses?

    Technology has revolutionised the financial and commerce sectors in the Middle East, benefiting both businesses and consumers. In the financial industry, the proliferation of mobile banking, digital wallets, and other fintech innovations, such as peer-to-peer lending, has made an enormous impact.

    In the commerce sector, the rise of online marketplaces, such as Amazon and Noon, and social marketplaces, like Instagram Shopping and WhatsApp Business, have transformed the industry. For businesses, the use of social platforms and Artificial Intelligence (AI) offers a broader reach to a global customer base, cost-effective marketing, and allows valuable data insights to be gathered for strategic decision-making.

    Governments in the region are also supporting these digital transformations through progressive regulations and the establishment of innovation hubs, such as Dubai’s Fintech Hive and Saudi Arabia’s Vision 2030 initiative. 

    What are the current challenges organisations face in technology recruitment aspect and how does Halian effectively address these challenges to ensure businesses’ success?

    There are numerous challenges that organisations encounter when it comes to recruiting in the technology industry. These difficulties often include the task of finding top talent for specialised and niche positions, hiring a large number of contractors for a project, and effectively onboarding and managing new hires.

    Our approach to overcoming these challenges is through providing our clients with dedicated and specialised teams that have the tools and network to source the right profiles required in a short amount of time.

    Could you provide your insight on Halian’s strategic vision for the UAE market in the coming years?

    Halian’s strategic vision for the UAE market in the coming years centres on revolutionising how customers address their technology and hiring challenges. This vision is supported by Halian’s dedication to innovative workforce and intelligent service solutions, which have already demonstrated their effectiveness in improving customer engagement.

    A crucial element of this strategy is promoting diversity and inclusion by helping the UAE attract top talent from around the world. This dual approach not only meets immediate technological, and recruitment needs but also aligns with the UAE’s broader aspirations of becoming a global hub for talent and innovation.

    Continue Reading

    Tech Interviews

    Sophos on MSP Challenges, Cybersecurity Solutions, and Future Trends in Cyber Insurance

    Published

    on

    Sophos Cybersecurity

    Integrator Media had an exclusive interview with Gerard Allison, SVP, Sales EMEA at Sophos. We delved into key challenges faced by Managed Service Providers (MSPs) in staying current with cybersecurity solutions. Sophos outlines their strategies for maintaining effective security measures against evolving threats and discusses the types of threat intelligence they provide to partners and MSPs. We discussed how Sopho’s Partner Care program aligns with global partner program enhancements and offers insights into future trends in cyber insurance adoption.

    What are the biggest challenges MSPs face in staying current with cyber security solutions and technologies in the present scenario?

    All MSPs face a common challenge today, the vast array of security products available in the market. Their biggest challenge is how to review, service, install, and deliver these products as a service. This issue is exacerbated by a global shortage of cybersecurity skills, which is even more prevalent in the Middle East region.

    There is a skill shortage among customers, so when they have security products, often there is nobody available to monitor these products, check for alerts, and handle remediation. The same challenge exists for MSPs, who are limited by the number of products they can manage. Therefore, MSPs are seeking platforms that integrate multiple technologies and can be delivered as a service.

    What Sophos excels at, unlike any other vendor, is being vendor-agnostic. If you are already working with another vendor, you don’t have to discard their product. Our managed detection response overlays existing solutions, helping MSPs deliver their services more effectively.

    How does Sophos ensure its security solutions stay effective against the ever-changing cyber threats?

    With 37 years of heritage starting in the endpoint, Sophos has established significant credibility in the market. We have ex-ops teams and threat intelligence hunters who continually monitor market trends. Our data lake collects all relevant market information, which we use to inform our customers.

    Globally, we serve 580,000 customers, making us one of the largest providers. Our MDR (Managed Detection Response) solution alone has over 22,000 customers within just two years, surpassing the combined customer base of all other MDR companies. This extensive reach allows us to observe and protect a broad range of environments, ensuring comprehensive security for all our customers.  

    What type of threat intelligence does the Sophos ex-ops unit provide to partners and MSPs?

    We provide threat intelligence directly through our managed detection response (MDR) services. We manage and monitor their network, detect threats, and respond immediately to the customer. Alternatively, we can support an MSP’s SOC by conducting threat hunting and incident response. In the event of an incident, we promptly notify and guide them through resolving the issue. We offer flexible solutions, either handling everything or providing specific components as needed by the customer.

    What is the most overlooked cybersecurity best practice that leads to successful cyber-attacks in this region?

    Numerous factors contribute to security, but the most critical are people and training. It is essential for companies to ensure that employees are regularly updated on current threats and are aware of basic security practices, such as recognizing phishing attempts. Almost every company has likely experienced an employee clicking on a malicious link, highlighting the ongoing need for comprehensive training in our security efforts.

    Do you believe that many companies lack a robust cybersecurity awareness culture?

    It is making progress, but there is room for significant improvement. Cybersecurity awareness should not be a checkbox exercise; it is essential for every employee across every company to grasp the basics, benefiting everyone.

     However, training cannot be a one-time event. It must be continuous and ongoing because threats are evolving, including machine-to-machine challenges, reflecting a changing landscape. Human nature dictates that people forget, so regular education and reminders are crucial to reinforce cybersecurity practices effectively.

    How does the lack of internal cybersecurity expertise affect both MSPs and their clients in terms of their respective organizations?

    In MSPs, the shortage of skills means they lack sufficient time. For instance, at cybersecurity exhibitions like GITEX, hundreds of new companies emerge annually. MSPs are inundated with calls about new products every day or week. Without enough skilled personnel to evaluate these products and conduct proof-of-concepts (POCs), they struggle to keep up with reviewing new technologies.

    This skill gap underscores the importance of being vendor-agnostic like Sophos, allowing MSPs to integrate existing solutions without discarding them. Sophos can overlay existing infrastructure or provide a comprehensive platform covering firewall and network security, alleviating the burden on MSPs who cannot manage everything alone due to limited resources.

    While MSPs may have personnel, ensuring they are adequately skilled across various domains remains a challenge. In response, there is a concerted effort to enhance Sophos training in the region, with ongoing discussions and plans for regular training sessions hosted by distributors such as Starlink and Logicom in Riyadh and Dubai, both in-person and virtually.

    How does the Sophos partner care program align with the overall enhancements in the Sophos global partner program?

    Our partner program has received positive feedback for its strong educational resources, competitive margins, and effective deal registration processes. We recently introduced Partner Care as a crucial addition. Partner Care ensures rapid response times, with SLAs guaranteeing that partners worldwide receive immediate assistance when they contact us by email or phone on the same day.

    Partner Care handles various needs such as license adjustments and customer inquiries about their licenses or expiration dates. It also supports partners with deal registrations, a significant benefit. Our Partner Portal further empowers partners to become self-sufficient, enabling quicker customer service by facilitating streamlined operations directly within the portal. Ultimately, speed and responsiveness are paramount, and our Partner Care program is designed to meet these demands effectively.

    What future trends does Sophos predict in the adoption of cyber insurance and how it will impact companies’ cybersecurity measures?

    Cyber insurance is a growing market and will become crucial for businesses to consider. For CFOs and CEOs, having cyber insurance provides clear protection for their data and safeguards the core identity of their company. Interestingly, many companies haven’t budgeted for cyber insurance initially, so the decision often boils down to weighing the cost against the risk.

    A notable advantage of having an MDR solution like Sophos is that it can lead to significant discounts on cyber insurance. Insurance providers typically inquire about the cybersecurity measures in place, including monitoring capabilities. By leveraging cybersecurity-as-a-service with continuous 24/7 monitoring, companies can reassure insurers, potentially lowering their premiums.

    Continue Reading

    Trending

    Please enable JavaScript in your browser to complete this form.

    Copyright © 2023 | The Integrator