India's Most Social CIOs on Twitter...8 Chandresh Dedhia CIO Fermenta Biotech @chandreshd 9 9...

Tr ac k Te c h n o lo gy B u i ld B u s i n e s s s hap e s e lf

A 9.9 Group Publication

Volume 07

Issue 07

October 2018150

INSIGHT

IBM’s Red Hat Deal – What changes for the CIO? Pg 16

INSIGHT

Account Takeover Attacks On The Rise: Study Pg 24

And why an open platform like Twitter is becoming a crucial medium in the new, outside-in regime of tech-leveraged

business transformation Pg. 04

India's Most Social CIOs on Twitter

Everybody has sensitive data. It’s a constant challenge

to keep it in the right hands and away from prying eyes.

With Google Cloud Data Loss Prevention, you can get a

comprehensive view of where your sensitive data resides and

protect the most critical bits before bad things happen.

See how we do it at g.co/cloudsecureIN

Go make it. We’ll protect it.

Spot the data leaks before they happen.

October 2018 | CIO&LEADER 1

Shyamanuja [email protected]

It is not every day that you get to see the same story on the cover of CIO&Leader and ITNEXT. With no dearth of tech stories around, why did we choose to put Twitter CIOs on cover?

Because I am getting more and more convinced that the ability to indulge in open communica-tion is becoming one of the most crucial factors for the C-suite executives; and an imperative for the CIOs who are supposed to lead others by example, when it comes to technology usage.

And nothing today provides a better platform to indulge in open communication than Twit-ter. However, there are very few Indian CIOs on Twitter. This is our way of encouraging more to come on the platform.

Here are five things Twitter can help you do;1. It can help you keep pace with what is hap-

pening around that will broaden your outlook. If you are a top auto-motive CIO, you need to know what is happening around this segment the world over. If you are CIO of a big conglomerate, major policy deci-sions and pointe of view around that is something that will help you immensely.

2. It can help you share your opin-ion, best practices, thoughts with the world. Sorry, unlike Facebook, Twit-

Why Twitter

Matters?

I

EDITORIAL

ter is not a dumb platform for sharing your picture receiving an award from an organization no one knows. But if you articulate a specific business chal-lenge in an emerging technology implementation and how you solved it in a blog, no platform is bet-ter than Twitter to share it. You do not even have to write a blog. You can just share in a series of tweets.

3. It can help you find use cases for new technolo-gies which the top management these days badly expects. Follow handles around blockchain and you will know what is happening globally around block-chain, updated almost every minute.

4. Twitter is a platform to indulge. Start a discus-sion, maybe with your peers, and if it is a trending topic, like a new technology, or a data breach, or a new policy decision, you will find many with new viewpoints and facts joining you. You can never get that on Facebook or LinkedIn.

5. Twitter is also the most effective medium—I guess the only such medium—for advocacy. Both government departments and businesses/brands are the most responsive when you raise it on Twit-ter. Similarly, it can draw like-minded people to join your campaign.

But the use cases of Twitter are restricted by your imagination. As the outside-in regime kicks in, you cannot shy away from looking around and engaging with the community in general. An open platform is a great tool to start with

The ability to indulge in open

communication is becoming one of the most crucial

factors for the C-suite executives; and an imperative

for the CIOs

Everybody has sensitive data. It’s a constant challenge

to keep it in the right hands and away from prying eyes.

With Google Cloud Data Loss Prevention, you can get a

comprehensive view of where your sensitive data resides and

protect the most critical bits before bad things happen.

See how we do it at g.co/cloudsecureIN

Go make it. We’ll protect it.

Spot the data leaks before they happen.

2 CIO&LEADER | October 2018

OctOber 2018

Cover Design by: Anil VK

S P I N E

TR AC K TE C H N O LO GY B U I LD B U S I N E S S S HAP E S E LF

A 9.9 Group Publication

Volume 07

Issue 07

October 2018150

INSIGHT

IBM’s Red Hat Deal – What changes for the CIO? Pg 16

INSIGHT

Account Takeover Attacks On The Rise: Study Pg 24


business transformation. Pg. 04


cONteNt

cOver stOry

advertisers’ index

Google IFCSchneider 11, IBCVodafone BC

This index is provided as an additional service.The publisher does not assume any liabilities for errors or omissions.

Please Recycle This Magazine And Remove Inserts Before Recycling

Copyright, All rights reserved: reproduction in whole or in part without written permission from Nine Dot Nine Mediaworx pvt Ltd. is prohibited. printed and published by Vikas gupta for Nine Dot Nine Mediaworx pvt Ltd, 121, patparganj, Mayur Vihar, phase - i, Near Mandir Masjid, Delhi-110091. printed at tara Art printers pvt ltd. A-46-47, Sector-5, NoiDA (U.p.) 2013011

04-10 | India's Most Social CIOs on TwitterAnd why an open platform like Twitter is becoming a crucial medium in the new, outside-in regime of tech-leveraged business transformation

3October 2018 | CIO&LEADER

www.cioandleader.com

MANAGeMeNtManaging Director: Dr Pramath Raj Sinha

Printer & Publisher: Vikas Gupta

eDItOrIALManaging Editor: Shyamanuja Das

Assistant Manager - Content: Dipanjan Mitra

DesIGNSr. Art Director: Anil VK

Art Director: Shokeen SaifiVisualiser: NV Baiju

Lead UI/UX Designer: Shri Hari TiwariSr. Designer: Charu Dwivedi

sALes & MArketING Director-Community Engagement:

Mahantesh Godi (+91 98804 36623)Brand Head: Vandana Chauhan (+91 99589 84581)

Senior Manager - Digital Engagement: Manan MushtaqCommunity Manager-B2B Tech: Megha Bhardwaj

Community Manager-B2B Tech: Renuka DeopaAssociate Brand Manager - Enterprise Tech: Abhishek Jain

Regional Sales Managers North: Deepak Sharma (+91 98117 91110)West: Prashant Amin (+91 98205 75282)

South: BN Raghavendra (+91 98453 81683)Ad Co-ordination/Scheduling: Kishan Singh

PrODuctION & LOGIstIcsManager Operations: Rakesh Upadhyay Asst. Manager - Logistics: Vijay Menon

Executive Logistics: Nilesh Shiravadekar Logistics: MP Singh & Mohd. Ansari

OffIce ADDress9.9 Group Pvt. Ltd.

(Formerly known as Nine Dot Nine Mediaworx Pvt. Ltd.)121, Patparganj, Mayur Vihar, Phase - I

Near Mandir Masjid, Delhi-110091 Published, Printed and Owned by 9.9 Group Pvt. Ltd.

(Formerly known as Nine Dot Nine Mediaworx Pvt. Ltd.) Published and printed on their behalf by

Vikas Gupta. Published at 121, Patparganj, Mayur Vihar, Phase - I, Near Mandir Masjid, Delhi-110091,

India. Printed at Tara Art Printers Pvt Ltd., A-46-47, Sector-5, NOIDA (U.P.) 201301.

Editor: Vikas Gupta

ArOuND tHe tecH

12-15 Why Twitter matters?

INsIGHt

16-17 IBM’s Red Hat Deal – What changes for the CIO?

24-25 Account Takeover Attacks On The Rise: Study

26-27 Majority Of Consumers Still Prefer Humans As Chat Agents: Study

18-19 Securing E-Procurements Through Digital Signatures

20-21 What Made Gemalto Retract Its Claims About Aadhaar Breach?


business transformation


CIO&LEADER | October 20184

Cover Story


Cover Story

Bhagvadgita, Lord Krishna shows Arjuna three paths of yoga, or con-necting with the Supreme Being.

They are karma yoga, the path of action; jnana yoga, the path of knowledge; and bhakti yoga, the path of unadulterated devotion.

The modern management too recognizes these as the three elements of human traits that have to be relied upon to achieve a goal—action, knowledge, and emotion. Every task requires a different mix of all these; every human being has these three traits in different ratios.

Arguably, the top three social media channels for a professional correspond to these three traits.

Facebook is for sharing personal moments, pure socializing and that occasional show-off of even personal achievements. A CIO posting pictures of numerous awards that he or she gets is perfectly nor-mal as far as Facebook goes. Facebook is the medium that appeals to the emotion.

LinkedIn is for immediate task at hand—looking for a job, hiring a resource, pursue clients, or simply create focus groups to carry forward some agenda. It is all about action. Though LinkedIn has started posts, many of them too are about tips on manage-ment and technology. While it is absolutely normal to keep sharing award pictures or holiday pictures in Facebook, someone who does that consistently in LinkedIn is considered a misfit for the medium. LinkedIn corresponds to action.

Twitter is about sharing knowledge for the sake of knowledge. Yes, it may help you do your job better; it may even do a bit of a show-off but it is essentially about curating knowledge. Knowledge may be a new research or just a new implementation of blockchain somewhere. The long-term agenda may be anything. The immediate agenda is imparting knowledge.

So, how much and how do Indian CIOs use these channels?

Most of them are fairly active on LinkedIn; many

In

Rank Name Designation Company Handle Total score

1 Avinash Velhal CIO, India Middle East & APAC Atos @avelhal 16

2 Anjani KumarRegional CIO, Africa Middle East & India

Nissan Motors @anjaniglobal 13

3 Ashok Jade CIO Shalimar Paints @ashokjade 12

4 Aneesh Nair CIO NDTV E-com-merce @aneeshNDTV 11

5 Kamal Karnatak Global CIO RJ Corp @kamalkarnatak 11

6 Harmeen Mehta Global CIO Airtel @HarmeenM 10

7 Jagdish Belwal CIO GE Transport @JeyCeeBee 9

8 Chandresh Dedhia CIO Fermenta Biotech @chandreshd 9

9 Jayantha Prabhu Group CIO Essar Group @Njayantha 8

10 Veneeth Purushotaman Group CIO Aster DM Health-care @veneethp 8

Top 5 by Followers1. Aneesh Nair, CIO, NDTV Worldwide2. Anjani Kumar, Regional CIO, AMI, Nissan Motors3. Avinash Velhal, CIO Atos India4. Jagdish Belwal, CIO, GE Transport5. Jayantha Prabhu, Group CIO, Essar

Top 5 by Follower to Following Ratio1. Harmeen Mehta, Global CIO, Airtel2. Veneeth Purushotaman, Group CIO, Aster DM Healthcare 3. Ashok Jade, CIO, Shalimar Paints4. Jagdish Belwal, CIO, GE Transport5. Keyur Desai, CIO, Essar Shipping & Ports

Top 5 Most Active 1. Ashok Jade, CIO, Shalimar Paints2. Avinash Velhal, Group CIO, Atos3. Kamal Karnatak, Global CIO, RJ Corp4. Anjani Kumar, Regional CIO - AMI, Nissan Motors5. Keyur Desai, CIO, Essar Ports & Shipping

Top 5 by Original Tweets1. Ashok Jade, CIO, Shalimar Paints2. Avinash Velhal, Group CIO, Atos3. Kamal Karnatak, Global CIO, RJ Corp4. Harmeen Mehta, Global CIO, Airtel5. Anjani Kumar, Regional CIO - AMI, Nissan Motors

Follow


Cover Story

have active Facebook accounts too where they share a liberal amount of their professional achievements, especially with pictures.

But what about Twitter – the medium of knowl-edge? We first set out to measure and understand how CIOs were using Twitter three years back in October 2015.

It was surely not a frequented medium. Not too many were actively using Twitter. The knowledge channel for Indian CIOs was their weakest link!

After three years, has it improved significantly? This story explores just that and gives you a list of

those CIOs who are using it better than others.

But before that, a look at what has changed since then on ground…

The Shift to the Use Case Regime In October 2015, creating a list of top social CIOs on Twitter was more of a fun exercise, for CIOs were still expected to do their well-defined task most effi-ciently, while helping the organization do the same. They did not have to figure out a lot of things. They had to do their job well. The culture of knowledge—active exploration of knowledge, and not just know-ing a lot of things about one thing—was not as critical as it is today.

In these three years, one thing has surely changed. Organizations are looking at embracing new emerging technologies proactively to see if and how they can create business value. How can block-chain be applied to my business so that it can make a positive business impact? Finding use cases for new technologies has become a significant imperative for the organizations. A lot of the CDO/Transformation leader roles have come in in organizations because CIOs have not been able to take up this responsibil-ity—and that is despite having most of the hard skills. The challenge is in mindset—changing it from an inside-out (finding solutions to well-defined prob-lems) to outside-in (scan, discover and apply new technologies to create positive business impact). It translates to a constant hunger for information on new developments, new use cases of tech, new appli-cation ideas, new ways of looking at the potential of a technology...

Nothing can give that better than Twitter. It covers the broadest spectrum of topics. There’s a cross sec-tion of people and hence cross fertilization of ideas (well, some absurd for sure; but that’s a pitfall of any pure knowledge exploration exercise). It updates by the second. You know what is trending. Above all, it is open. It is not just your professional contacts; neither your friends and family. It could be the top academi-cians to fellow CIOs across the world; an innovative government official using tech effectively to develop-ers working on solutions just for you. You do not have to know them—or even their name—prior hand to know what they are thinking, what they are doing.

Twitter is the medium that can support that cul-ture of knowledge, which is steadily becoming an imperative for the new CIOs.

Does that mean the Twitter usage has increased significantly? Far from that. While there have been more accounts and some enhanced activities by those who are ahead of the curve, the overall situa-tion is far from encouraging.


Cover StoryMethodologyFor the ranking purpose, we considered only those CIOs who have a minimum follower base of 500 in Twitter.

For those who have multiple accounts—both sharing content on technology and business—we considered the account with larger base of followers. Similarly, those that are not yet CIOs have not been considered. Once the shortlist was done, we used four parameters to rank them: absolute number of followers, follower-following ratio, actual activity and number of original tweets. The way they have been applied and the rational for these parameters are explained below.

Absolute Number of FollowersThis is the most important and most visible criteria and is an outcome-oriented parameter than an effort-oriented one. You may keep tweeting but still people do not follow you, implying your tweets are not making an impact. This has been given a weight that is two times the weight assigned to other parameters, which have been given an equal weight. It carries a total score of ten points (after being weighed).

Followers-following RatioFollower-following ratio indicates if a handle’s followers are there because they want to listen to something interesting or they are following because the handle has also been following them. This is a known characteristic of Twitter and that has to be accounted for in any exercise like ours. On the flip side, those with higher profiles offline, also benefit as people start following them once the account is opened, even if they may not be so active. Typically, this is the case with celebrities.

ActivityActivity is measured by the number of tweets (does not distinguish between replies and tweets) in the three months period – 8th July to 8th October 2018. It, does not, however, takes automated (“xxx no of people followed me/unfollowed me kind) tweets into account while determining the number of tweets. With so little tweets, we have not provided for consistency (whether the tweets are well spaced over a period or has occasional spikes. Going forward, if the Twitter activity goes up significantly, we may look at measuring this too.

Original TweetsNo of original tweets measures tweets by a handle that are not pure RTs. Value-added (Quoted) RTs and replies are counted as original tweets. This parameter measures if the handle just retweets or tries to engage.Of course, we would have liked to measure qualitative parameters too – like the relevance of tweets, quality of tweets etc., but that that requires taking subjective calls or expert help. We may do that once CIOs become a little more active on Twitter and we have a significant number of tweets coming out of the keyboards of CIOs.

SCORING KEY: FOLLOWERSNo of Followers Points

500-1000 1

1000-2000 2

2000-3000 3

3000-5000 4

5000 plus 5

SCORING KEY: FOLLOWER TO FOLLOWING RATIO

Ratio Value Points

0-1 0

Between 1 & 2 1

Between 2 & 5 2

Between 6 & 10 3

Between 11 & 30 4

SCORING KEY: ACTIVITYNo of Tweets in Last 3 Months POINTS

0-5 0

6 to 20 1

21 - 50 2

51-100 3

100 - 200 4

201 - 500 5

SCORING KEY: ORIGINAL TWEETSNo of Tweets in Last 3 Months Points

0 0

1 to 10 1

11 to 20 2

21 to 30 3

31 to 50 4

50 plus 5

Reaction on learning about the rankingI am pleasantly surprised by this honour as have been using twitter just as a social learning tool

Top things that he uses Twitter for1. To learn and update about latest trends and

personal interests2. Connect with influencers and interest groups. Positives & negatives of an open platform like Twitter(+) It is a real time and focused.(-) It requires constant vigilance to maintain your brand equity. Accuracy and reliability needs to be authenticated. Advices/tipsFollow the tags of interest. Participate in relevant chats. Follow the relevant influencers. Regularly tweet

Avinash Velhal Group CIO, India, Middle East & APAC

Atos International@avelhal

01

Reaction on learning about the rankingI have been active on selected social media for years and It’s good to be recognized as one of the top Social CIOs year after year by media house as credible as 9.9 Group. I get inspired by my boss @anthonyAThomas who tweets regularly even with global responsibility

Top things that he uses Twitter forTop would be technology, political or traffic jam information.

Positives & negatives of an open platform like Twitter(+) Twitter is definitely faster. Since it is an open platform, you get diverse views even though number of users are limited. Also, you know instantly what people are interested in. (-) Many people use the response for vested

interest and also too biased sometimes even unintentionally. Trolling is another negative of Twitter.

Must follow accounts@technology, @bbctech, @fttech-news, @cnet, #dig-italtransformation, # AI, # Analytics, #Datascience, city traffic police han-dle in your city.

Anjani Kumar Regional CIO, Africa, Middle East

India, Nissan Motors@anjaniglobal

02


The CIO Tweeple

Reaction on learning about the rankingIt is a pleasant surprise. I find Twitter very useful

Top things that he uses Twitter for1. My own opinion sharing 2. Learning others’ opinion3. Learn new developments/new books/research4. Recognize/appreciate others

Positives & negatives of an open platform like Twitter(+) Teaches you different ways of thinkingReach beyond your own circleCan influence and get things done (-) People may misinterpret you based on words as they do not know you

Must follow accounts@BillGates@cioandleader

Aneesh NairCIO, NDTV E-commerce@aneeshNDTV

Kamal KarnataGlobal CIO, RJ Corp@kamalkarnatak

Harmeen MehtaGlobal CIO, Airtel@HarmeenM

Jagdish BelwalCIO, GE Transport@JeyCeeBee

Chandresh DedhiaCIO, Fermenta Biotech@chandreshd

Jayantha PrabhuGroup CIO, Essar Group@Njayantha

Veneeth PurushotamanGroup CIO, Aster DM Healthcare@veneethp

Ashok Jade CIO, Shalimar Paints

@ashokjade

03

04

05

06

07

08

09

10


Cover Story


Cover Story

We could barely get twenty CIOs with more than 500 followers—our cut-off for considering for the list of top social CIOs on Twitter. Quite a few of them have not been active recently. We have considered a three month-period. For a medium that gets updated by the second, three months is a very, very long time to account for the occasional ups and downs in usage..

The overall news is not too great. Twitter—which is now the go-to medium for all open debates and campaigns—is still a rarely-used channel for CIOs.

However, what is encouraging is that some of the newer CIOs are taking it up seriously. A couple of them make their debut in the list while a few others have not been able to make the cut because they are still to garner 500 followers. Expect to see them next time when we do the exercise.

The Social CIOsFor creating the list of India’s top CIOs on Twitter, we did not just go by number of followers. We con-sidered four parameters: number of followers, that shows the achievement; followers to following ratio, that measures that you are an influencer and have not just garnered followers by you-follow-me-I-fol-low-you approach; activity, measured by number of tweets in last three months and finally the number of original tweets, in the same period that gauges how much you actually think before tweeting rather than just pressing a key to retweet. More details are given in the methodology box.

First, we created a super list of all the CIOs who are on Twitter. Since there is no such reliable list, we had to create the list ourselves. In fact, we had started doing that three years back when we first did a simi-lar exercise. We updated that list.

Since our objective was to rank only serving Indi-

an CIOs—either CIOs who are based in India, work-ing for an Indian or non-Indian company or global CIOs of Indian companies, irrespective of where they are based.

While updating, we had to exclude a few who featured in the list last time because they no more satisfy our criteria. For example, Anwar Bagdadi, who is no more a CIO or Tony Thomas, who is now a Global CIO and is not based in India were not con-sidered. Similarly, we had to exclude Mrutyunjay Mahapatra, ex CIO of State Bank of India who has taken over as the CEO of Syndicate Bank. There are a few CISOs who could have been in the list but we exclude them too; maybe, we will do a similar list for them. One notable name that got omitted is that of Sunil Varkey, CISO of Wipro. There are more, but we mention these names because they would probably have featured in the list, going purely by our scoring methodology.

We also did not consider IT leaders who are not yet CIOs. At least a couple of names got excluded because of this.

For scoring, we considered only those CIOs who have a follower base of 500 or more. The number got reduced drastically to less than 20. Then, we applied the scoring methodology (see methodology) to arrive at the list.

And here are the Top Indian CIOs on Twitter. Avinash Velhal, CIO of Atos India; Anjani Kumar, Regional CIO, AMI at Nissan Motors and Ashok Jade, CIO, Shalimar Paints took the pole positions. In case of a tie in total score, number of followers has been used to arrive at the final ranking.

While Avinash and Anjani featured in our last ranking too, Ashok is a new entrant but clearly pulled through because of his consistency of usage, and despite having a much lower base of users. Aneesh Nair, CIO of NDTV Worldwide, who leads the list in terms of number of followers, and who was the No 1 in our first ranking, fell significantly in the ranking because of lack of activity. Airtel CIO Har-meen Mehta clearly is way ahead of others when it comes to followers-following ratio.

Three CIOs missed the list by a whisker—veteran CIO Umesh Mehta of Jubilant Life Sciences; Keyur Desai of Essar Shipping & Ports and Mehriar Patel, CIO of Jeena & Co.

The list is not an end by itself. It is just a small effort to sensitize the CIOs about the value of open sharing, cross-fertilization of ideas and looking beyond the immediate business and immediate com-munity for ideas and opinions. In short, a catalyst for bringing in the Outside-in thinking

For creating the list of India’s top CIOs on Twitter, we did not just go by number of followers. We considered four parameters: number of followers; followers to following ratio; activity, measured by number of tweets in last three months; and number of original tweets in the same period


“Sexism used to be a problem in tech, but it’s

better now.”

What Women CIos are tIred of

hearIng... aroundthetechNewsMaker An All-women story!Only one out of five tech workers in the US is a woman. Large companies are slightly better. Yet, in most large tech companies—and that included Amazon, Uber, Twitter, Facebook, Google, Apple, Microsoft, IBM, and HPE—women comprise of less than 40% of their workforce.

It has not always been so.You may be surprised to know that all the six

programmers that were chosen to program the first American electronic programmable computer, ENIAC, built for the United States Army to calculate artillery firing tablesin early 40s, were women.

The six women programmers were Jean Jennings, Marlyn Wescoff, Ruth Lichterman, Betty Holberton, Frances Bilas, and Kay McNulty.

Today, a software training company named after Holberton, The Holberton School, is making news. It is a school that teaches programming in a project-based, no-theory manner. There are no formal teachers and no formal courses. The students are given increasingly difficult programming challenges to solve, with minimal initial directions on how to solve them. Students learn the theory and tools they need, by taking help from/helping each other.

What makes us notice this school is that a woman—and a very famous and popular one at that—has decided to invest in the school. What’s more, she is an Indian.

The picture has already given you the name. Yes, according to a report by The New York Times, Priyanka

Chopra has invested in the school! Indian tech start-ups, take note! Here’s another

potential investor to approach!

Cred

it: M

anan

sha1

5/W

ikim

edia

Com

mon

s

Around The Tech


makingheadlines

gender bender

By the Book

Impact of technology on society and economy is a subject of serious study. But for the majority of us, who experi‑ence it every day, doing a bit of analysis as amateur sociologists, the academic research is beyond our grasp and physi‑cal reach. Books like Ravi Agrawal’s 'India Connected: How Smartphones ae Transforming the World’s Biggest Democracy' are for those of us who would love to take a pause and think about it a bit, without having to be intimidated by the heavy academic lingo and presentation. It captures a subject, so close to our hearts, in an extremely readable way.

Nothing is as central to our lifestyles today as the mobile phone. The book by Agrawal, Managing Editor of For‑eign Policy and former CNN South Asia bureau chief, captures how this small device has changed our lives and changed India. Divided into nine chap‑ters under three sections—Opportu‑nity, Society and The State—it touches aspects, right from education and job creation to marriage to pornography; from fake news to digital wallets and the various ways it is touching—and being used to touch—our lives.

Agrawal’s book tells us how India has changed due to the smartphone; it is a fascinating read.

It's the emoji that is once again imaking news – Apple’s incredibly controver‑sial bagel emoji – to be precise. The bagel has now become more appetizing to the eye in its new avatar. It is lumpier, spread with cream cheese, and certainly more realistic and appetizing. The new bagel emoji was first noticed by Jeremy Burge of Emojipedia, who commented on its detailed drawing. Analyzing the changes, Burge wrote that the filling might have been necessary to make the bagel seem representative and edible. With a tongue in cheek, he commented that though the new bagel emoji may not find favor with those who prefer bagels with different contents, it was still a far more closer representation of what people would want to eat. Both Twitter and Google too have adopted the same approach as Apple, but have kept them closed. Microsoft and Samsung have kept their bagels plain, but have cut it open like Apple's bagel.

Smartphone is finding new and far reaching usage. Research shows that our treatment of boys and girls in early childhood shapes their perception of them-selves and their roles as they grow up. All this can be changed with the smartphone.

That is what a group of girls engaged in programs in Plan International believe. They have helped develop the idea that the smartphone should be used to sug-gest empowering and positive words which would help the young reach their full potential and break down stereotype barriers. The team has crowd-sourced 2,500 empowering words with the help of AI to scan and analyze texts from female-empowering blogs and publications. They have come up with an innovative keyboard prompt function that will suggest words meant to make the user react to what they have originally written, and change that for the better. Named Sheboard, it will offer predictive text input on text concerning girls to empower them digitally.

Around The Tech


autoNoMous

It is now the turn of bots to pen novels, or at least become vir‑tual assistants in the writing of one. Robin Sloan, acclaimed for his debut novel, ‘Mr. Penumbra’s 24‑Hour Bookstore’, is working with a collaborator on his new novel. The collabora‑tor is a computer. And with this, one can perish the idea of a novelist as the poor someone cooped up in a room alone, struggling to find the right words to craft his novel. Sloan’s new book is being written with the help of his homegrown software that finishes his sentences with the push of a tab key.

It is early yet to label this software as “novelist” and add to the lengthening list of accomplishments of artificial intel‑

Vital statistics

Global Cloud Infrastructure* Market Share

matter twitter

of

Amazon

Microsoft

IBM

Google

Alibaba

Next10

Rest of the Market

ligence, but it is clear that programming is about to redefine creativity any time soon. Sloan works by composing snip‑pets of text, which he sends to himself as messages and then works over into longer passages. His new novel, which is still untitled, is set in a near‑future California where nature is resurgent.

His software is not labeled as artificial intelligence. It’s machine learning that facilitates and extends his own words and imagination. At one level, it merely helps him do what fledgling writers have always done — immerse themselves in the works of those they want to emulate.

*IaaS, PaaS, Hosted Private Cloud

Source: Synergy Research Group Q3 2018 Study Cloud Infra services

33%

14.5%7.0%6.5%

4.5%

16.0%

18.5%

Around The Tech


India Up five places in World Economic Forum’s Global Competitiveness ReportIndia moved up five positions in World Economic Forum’s Global Competitiveness Report (GCR) 2018 to occupy 58th posi‑tion among 140 countries ranked by the report, based on the new parameters.

However, in the actual report released by WEF last year, India occupied 40th rank.

The new GCR measures countries across 12 pillars, as shown in the radar chart. India’s strengths are its market

size and macroeconomic stability while it ranks 117 among 140 countries when it comes to ICT adoption. This is despite the Digital India program and India’s claim of being an IT superpower.

data

WEF Global Competitiveness Report 2018: India's Showing

India 58th/140

Global Competitiveness Index 4.0 2018 edition Rank in 2017 edition: 63rd/135

58th Overall

Performance Overview 2018

Rank/140

100

90

80

70

60

50

40

30

20

10

0Score

Best USAUSA

Overall Score

Enabling Environment

Human Capital Markets

InnovationEcosystem

USA USACHN DEUNZL SGP SGPKOft (31) FN(4)

key Previous edition Lower middle income group average South Asia average

63rd Infrastructure

117th ICT

adoption

49th Macro-

economic stability

108th Health

96th Skills

110th Product market

75th Labour market

35th Financial system

3rd Market

size

58thBusiness

dynamism

31stInnovation capabiity

Parameter Rank Part of Pillar

Shareholder governance 2 Institutions

GDP 3 Market Size

Airport connectivity 4 Infrastructure

Quality of research institutions 8 Innovation

Capability

Companies embracing disruptive ideas 11 Business

Dynamism

Venture capital availability 13 Financial System

Hiring and firing practices 14 Labour Market

E-participation index 15 Institutions

47th Institutions


IBM’s Red Hat Deal – What changes for the CIO?If IBM decides to switch largely to an integration role in a multi-cloud environment, powered by Red Hat solutions, it will be great news for enterprises. But will it do that?By Shyamanuja Das

InsIgHt

Insight


n

CIOs, who have been IBM customers for years but were switching to cloud, would be comfortable if IBM offered the services

New data from The analyst community has already given a thumbs-down to the IBM-Red Hat deal. One analyst has famously called it a ‘desperate deal’. After falling behind Amazon, Microsoft and Google in the public cloud race, IBM needed to do something to keep itself relevant.

While championing ‘hybrid’ was the logical position to take for IBM, there was very little to show. Theoretically, it either had to do something significant in the public cloud space to break into the league or enhance its private cloud/inte-gration offering. With no practical way of achieving the former, it had no choice but to build a good differentiation in the latter, especially to thwart competitive threat from the likes of HPE and Oracle.

If an acquisition is indeed the answer, there was no better target than Red Hat. If the analyst community is questioning it, then it is on two points.

Is it too big, too late?Many question the price that IBM is paying—a whopping USD 34 billon, almost 60% premium on the price at which Red Hat was trading. Not just that, some other terms have also wor-ried the investors. One such is that IBM would pay Red Hat a billion if the deal fails to materialize.

The other big question is if it is too late to make an impact to IBM. Has it already lost the plot?

Let us leave both the questions for a moment and try to examine if and how IBM can turn around using Red Hat in its arsenal—something that is relevant for CIOs.

One thing is for clear. It was not an option for IBM to join as the fourth or fifth—Alibaba is almost as big, though restricted to APAC—public cloud player trying to catch up. Rather, it needed to do something around which its credibility can logically be—and to some extent, is—a bit higher—the hybrid game, that is becoming the prime cloud go-to for enterprises (more than half the cloud users have a hybrid approach, according to RightScale’s State of the Cloud 2018 report.

The same report says that organiza-tions are increasingly going for multiple cloud providers. Almost 81% of organi-zations have a multiple cloud strategy.

Red Hat solutions are uniquely posi-tioned to support that kind of enterprise strategy. Take OpenShift, its Linux container software. It can enable IBM to help enterprises migrate workloads between multiple clouds.

IBM CEO Ginni Rometty acknowl-

be maintained. For the CIOs, who have been IBM

customers for years but were switching to cloud, would be comfortable if IBM offered the services. It may be noted here that more and more customers of both hyperscale and smaller cloud pro-viders are turning to services partners for integration, especially in case of mul-tiple cloud providers.

Can IBM aspire to be the top such integrator? If it does, with the help of Red Hat portfolio, it may not help its short-term revenue much (why, it may cannibalize the public cloud business a bit) but it could be a big game changer for cloud.

Extending that, IBM may just be the consulting/integration partner for AWS and Google which do not have such capability, getting to a new round of IBM-Microsoft rivalry.

That would be good news for CIOs. Those who are speculating that other cloud players like ServiceNow, Pivotal, Zscaler, Okta, Ellie Mae and Twilio would now be pursued are stretching

things a bit too far. It is not Red Hat which badly needed IBM; it is the other way. Which other company could make that investment? Maybe HPE.

However, all these discussion—includ-ing ours here—ignores one big thing that Red Hat has got, its huge customer base, especially in the public sector and government, though for its traditional enterprise Linux platforms. Bombay Stock Exchange, GSTN, Aadhaar, LIC all run on Red Hat Linux. They are great entry points

edged as much when she called Red Hat “the world’s leading provider of open-source cloud solutions, and the emerg-ing leader in the platforms for hybrid cloud and multi-cloud.”

While that sounds nice and is true, from a pure product-technology stand-point, much will depend on how IBM maintains the neutrality of Red Hat, which has strong partnerships with all top cloud providers. Rometty too acknowledged that when she said Red Hat’s “Switzerland-like” position would

Insight


Securing E-Procurements with Digital SignaturesFor e-tenders, digital signatures play a crucial role, securing against any prospective fraudBy Ved Prakash

SSecurity services In today’s times, technology evolves real fast…the flip side, so do hackers. Armed with a deviously brilliant mind and supe-rior knowledge of the latest technologies, hackers are breaching organization’s cybersecurity with such surprising ease that’s its worrisome.

The latest victim of a sophisticated cyber fraud has been the Madhya Pradesh (MP) government. Dubbed as the ‘e-tender scam’, the fraud involved large-scale manipulation of the government’s e-procurement platform to rig the bids in favor of a

select few private companies. Fraudsters breached the e-procurement platform to check the bids quot-ed by various vendors and modified the bids of the companies of their choice to the lowest.

How did this happen?The scam came to light in March this year, when the Madhya Pradesh Jal Nigam (MPJNL) was noti-fied by an internal report that the bidding data sub-mitted by vendors was being modified in collusion with some insiders and a few private companies.

Insight


The internal inquiry revealed that the bids for rural water supply schemes had been altered to make three favored companies the lowest bidders. The bids of other vendors were illegally made available to these bidders so they could lower their bids and seal the deal.

How was the scam unearthed?Investigators conclude that the use of Digital Signatures (also known as Digital Signature Certificates or DSCs) and Encryption Keys played a pivotal role in unearth-ing the scam.

To ensure optimal security and transparency in the bidding process, the MP government’s e-procurement platform mandated that a vendor’s bidding data should be encrypted using the DSC of the Tender Open-ing Authority (TOA) and decrypted using the TOA’s encryption certificate keys.

When the bids of the submitted tenders were opened, the platform instantly highlighted a mismatch in the One-Way Hash (OWH) value of the vendor’s bid docu-ment. This, in turn, resulted in the ‘signature verifica-tion’ page showing an error in ‘signature and certificate validation status’, thereby indicating that the original bid data was modified at a later stage by an unauthor-ized person.

The OWH (a mathematical algorithm that indexes data of arbitrary size) that was generated at the time of submitting the bid was different from the tampered OWH, which indicated that the document content had been altered.

How Digital Signatures make e-Pro-curements saferIn today’s times, many organizations strive to transform into a paperless office to improve their efficiency and reduce operational costs.

In a paperless environment like this where most documents, especially confidential documents like tender bids, contracts, etc., are stored in an elec-tronic format, adopting a Digital Signatures-based approach can help organizations in many ways. Below are three significant benefits:

AuthenticationWhen it comes to submitting bids for e-tenders, pro-spective vendors submit a lot of confidential infor-mation like their company’s financial information, personal information of the directors and other senior personnel, name and contact details of their clients for reference checks, bid amount, etc.

To get an undue advantage over others, competing vendors would definitely like to access such confiden-tial information. They usually obtain this information

in connivance with insiders who have a direct access to it. As seen in the MP e-tender scam, once such infor-mation is accessed, the original bid documents can be modified to get an upper hand in the bidding process.

The use of Digital Signatures is perhaps the most cer-tain way to prevent such manipulations. Since the own-ership of a Digital Signature Key is bound to a specific user only, a ‘valid signature’ notification guarantees that the document was sent by that user only.

IntegrityIn many scenarios, the sender and receiver of a docu-ment need assurance that the document has not been altered in any way during transmission. Digital Sig-natures provide this feature by using cryptographic ‘message digest’ functions that contain a string of digits created by a one-way hashing formula.

Digital Signatures ensure that the sender who has signed any document cannot at a later stage deny signing it. For e-tenders, this is crucial

As seen in the case of the MP e-tender scam, any alteration in the original document gets instantly high-lighted due to a mismatch in the OWH value of the original document and its altered version.

Non-repudiationDigital Signatures ensure that the sender who has signed any document cannot at a later stage deny sign-ing it. For e-tenders, this feature plays a crucial role, as a prospective vendor cannot at a later stage deny sub-mitting a bid with certain prices or submitting certain information during the pre-qualification stage.

As organizations shun paper-based processes and embrace digital practices like e-procurements, it is cru-cial that they implement robust cybersecurity measures to avoid breaches.

With an increasing number of procurement teams storing a chunk of proposals, contracts and other com-mercial documents in the digital format for ease of access, the need of the hour to prevent cyber frauds, is to adopt digital signing to verify the authenticity of such documents and use HSMs to ensure zero-compromise of the sensitive digital signatures

—The author is Senior Business Development Manager, India and SAARC Region, Gemalto

Insight


What Made Gemalto Retract Its Claims About Aadhaar Breach?The security software company apologised to UIDAI and changed its estimates by a whopping 20%

By CSO Forum

IIn an unprecedented move, security software maker Gemalto withdrew its much-quoted bi-annual global Breach Level Index (BLI) report that it had released on 9th October and republished it on 22nd October with significant downward revision of its

estimated number of records compro-mised globally in the first half of 2018.

Bulk of the difference between the two numbers—3.3 billion records in the revised estimates and 4.5 billion in the original estimated, a difference of more than 20%—is due to its retracted

Insight


claim that close to 1 billion Aadhaar records in India were compromised in that period (first half of 2018).

An India-specific release dated 15th October based on its first version of estimates had explicitly mentioned about Aadhaar accounting for a billion breaches.

“During the first six months of 2018, almost 1 billion records were compro-mised in Aadhaar breach incident, including name, address and other personally identified information,” the original release had claimed.

Gemalto tendered an unqualified apology to India’s identity database authority, UIDAI for the statement.

“Gemalto profusely regrets on its Breach Level Index Report 2018 and the subsequent press release issued in India on 15th October where it has by mistake taken into account an unveri-fied news article about alleged Aad-haar data breach. Gemalto has updated its Breach Level Index Report 2018 and wants to make it clear that it was an error in the above said report which has been corrected and all concerned should take note of it that we have not been able to track any verified or substantiated data breach of Aadhaar database of UIDAI. As a result, Gemal-to has withdrawn this alleged data from the Breach Level Index. Any incon-venience caused to UIDAI is deeply regretted,” it said in a release issued in India on 22nd October.

Interestingly, three days before Gemalto releasing the clarification, the UIDAI had already released its own clarification by quoting the Gemalto apology.

Why the U-turn?While it is not known what made Gemalto took a U-turn, staking its rep-utation built over years—by admitting that it based its report on an unverified ‘news article—the highly vocal social media too is silent on it.

Queries made to Gemalto by CSO Forum through its agency asking what made the company retract its earlier

claims did not offer any new insight and just referred to the revised release.

While a section of analysts speculate that it could be because of government pressure, many question the tone of the first release by Gemalto. It men-tioned about 1 billion data breaches in Aadhaar inside the release, without highlighting it.

“At 1 billion records, it is more than 20% of your estimated global data breaches, coming from one project. How can you be so casual about it, if it is indeed what you have found out,” asked a security consultant, who requested anonymity.

What is surprising is that Gemalto, in a positive article in its website about Aadhaar project, updated last in July 2018, had detailed out Gemalto’s role in Aadhaar.

In a section in the story titled “So where does Gemalto fit into this story?” the security solution maker had claimed that it contributed to two domains.

First was biometric enrolment solu-tions. “The roots of Gemalto's involve-ment in the Aadhaar project stretch right back to the very beginning. In the search for biometric enrolment solu-tions capable of capturing fingerprint and iris scans from over one billion people, the Indian authorities turned in particular to 3M Cogent– now a Gemalto company,” it said.

It has also mentioned that Gemalto was supplying its single-digit (one finger) optical fingerprint scanner to UIDAI.

“Another 2017 initiative by the UIDAI is set to promote even wider use of Gemalto technology within the Aadhaar scheme,” it said.

“Specifically, because the Unique Identification Numbers (UIDs) issued by the UIDAI contain Personally Iden-tifiable Information (PII), the authority mandated that the private crypto-graphic keys used to digitally sign and authenticate UIDs must be stored on a Hardware Security Module (HSM). Furthermore, to prevent data falling into the wrong hands, their use was also made subject to strict conditions. This included the use of 'tokenization' – the process of replacing data with a digital token that can be safely stored, processed and transmitted without compromising the original informa-tion,” it illustrated

Claiming that Gemalto is recognized as a world leader in this field, it pointed to a greater involvement with Aadhaar.

So, the breach of Aadhaar data it claimed in its first BLI release, was in a way security failure of a project, it is closely associated with, even though the breach may not have been a failure of its own systems.

What prompted Gemalto to make such drastic statements, only to with-draw it in less than two weeks? After admitting that it had ‘by mistake’ included one billion compromised records based on news reports, it does point to a lack of rigorous validation. Will the next Breach Level Index carry the same level of credibility that it car-ried till six months back?

“Gemalto has updated its Breach Level Index Report 2018 and wants to make it clear that it was an error in the above said report which has been corrected...we have not been able to track any verified or substantiated data breach...”

Insight


SD-WAN Deployments Increase But Challenges RemainOrganizations in India with SD-WAN in their organization saving USD 1.15 million on MPLS and networking costs over 12 months

By CIO&Leader

Insight


AA new global research report by Barracuda Networks, “Security, Connectivity, and Control: The Challenges and Opportunities of SD-WAN” surveyed IT leaders and networking and security professionals to learn how widespread SD-WAN deployments are, how organizations are deploying them, and what benefits and challenges they’re seeing.

Overall, the study indicates that SD-WAN deployments are increasing to address networking challenges resulting from the explosive growth of WAN traffic due to high demand for cloud applications and services. Security remains a top concern for an overwhelming majority of IT leaders as they consider upgrading to an SD-WAN solution. Highlights include:

Networking challenges are common with current WAN setups Top three challenges in India are performance between locations (64%), rapid network expansion (60%), and complexity (55%) SD-WAN deployments are on the rise In India one-third (37%) have already deployed SD-WAN in most of their sites, and 40% are in the process of doing so or will in the next year 78% of IT leaders in India said they experienced increased network security since deploying SD-WAN Security is a top priority when choosing an SD-WAN solution

Over three quarters (78%) of respondents in India agree that they don’t need to invest in any other security as their SD-WAN solution contains everything required SD-WAN offers improved security and lower costs Organizations in India with SD-WAN in their organization or in their sights estimate a saving of USD 1.15 million on MPLS and networking costs over 12 months, as a result of implementing SD-WAN

“These findings show that as IT professionals increasingly turn to SD-WAN to address their networking challenges, they’re looking for solutions that provide security, simplicity, and cost savings,” said Klaus Gheri, VP, Network Security, Barracuda. “Barracuda meets those needs by offering a single solution combining advanced security and SD-WAN.”

With secure SD-WAN and advanced security, Barracuda CloudGen Firewalls are an all-in-one solution that can be deployed on-premises as a physical or virtual appliance or in the cloud, redefining the role of a firewall and helping customers optimize distributed networks

SD-WAN deployments are increasing to address networking challenges, but security remains a top concern for an overwhelming majority of IT leaders...

Insight


Account Takeover Attacks On The Rise: Study

The study reveals from April to June this year, 4-8 organizations reported at least one account takeover incident, and the total number of incidents reported was 60

By CIO&Leader

Insight


Account takeover (ATO) attacks, in which a person's credentials are stolen and used to send emails from their real account, have multiple objectives. Some attackers try to use the hacked email account to launch phishing campaigns that will go undetected, some attackers steal credentials of other employees and sell them in the black market, and others use the account to conduct reconnaissance to launch personal-ized attacks. The most sophisticated attackers steal the credentials of a key employee (e.g., CEO or CFO), and use them to launch a Business Email Com-promise attack from the real employ-ee's email address.

To better understand the extent of account takeover, Grant Ho, along with the Barracuda Sentinel team, ran a study on 50 randomly selected orga-nizations. These organizations span different sectors, including private companies, public organizations, and educational institutions. These organi-zations reported account takeover inci-dents to us over a three month period, from the beginning of April until the end of June 2018. Note that this study may underestimate the number of real account takeover incidents, since some incidents may have taken place without the organization's knowledge.

The above table includes a summary of the incidents reported by these orga-nizations. An account takeover incident is defined as an employee's email being used by an attacker to email other people, either internal employees or external parties.

Overall, in each month 4-8 organizations reported at least one

Aaccount takeover incident, and the total number of incidents reported was 60. On average, when a company got compromised, the compromise resulted in at least 3 separate account takeover incidents, where either the same or different employees accounts were used for nefarious purposes. Out of the 60 incidents, 78% resulted in a phishing email. In these phishing emails, the goal of the attacker was typically to infect additional internal and external accounts. The email usually impersonates the employee and asks the recipient to click on a link. Another 17%

internal email traffic. This attack is effective because most email security systems do not scan internal traffic for threats. Therefore, attackers can send malware with relative ease internally, and the recipients will often open the attachments, which will cause their endpoints to get infected.

Barracuda Sentinel is the only solu-tion in the market that can automati-cally prevent email account takeover. It combines three powerful layers: an AI engine that stops spear phishing attacks in real time, including emails that originate from within the com-

Month April18 May18 June18 Total

Number of organizations that experienced account takeover 8 7 4 19

Number of spam incidents 3 5 2 10

Number of phishing incidents 13 30 4 47

Number of attachment incidents 1 2 0 3

Total number of account takeover incidents 17 37 6 60

of incidents were used as platforms for sending spam campaigns. The reason attackers love using compromised accounts as vehicles for launching spam is that the accounts often have very high reputations: They are coming from reputable domains, from the correct IP, and from real people that have a legitimate email history. Therefore, they are much likely to get blocked by email security systems that rely on domain, sender or IP reputation. Finally, 5% of incidents involved in the attacker asking the recipient to download an attachment. These incidents all involved

pany; domain fraud visibility using DMARC authentication to guard against domain spoofing and brand hijacking and fraud simulation train-ing for high-risk individuals. Employ-ees should be trained to increase security awareness of various attacks. Simulated attack training is the most effective form of training. Barracuda PhishLine provides comprehensive, SCORM-compliant user training and testing as well as phishing simulation for emails, voicemail, and SMS along with other helpful tools to train users to identify cyberattacks

Insight


Majority Of Consumers Still Prefer Humans As Chat Agents: StudyWhile most agree chatbots can be fast and convenient in certain situations, consumers cite a lack of intelligence as their top complaint against automated bots, and 65% still prefer a human agent on the other end of the chat

By CIO&Leader

Insight


Most chatbots still aren’t smart enough to meet consum-ers’ great expectations, according to a Pegasystems study. While most agree chatbots can be fast and convenient in certain situations, consumers cite a lack of intelligence as their top complaint against automated bots, and 65% still prefer a human agent on the other end of the chat.

72% of consumers generally find chatbots to be helpful to some degree, but the interaction quality can be quite mixed. The majority (58%) rank their chatbot experi-ences as merely ‘adequate’ – doing some tasks well and others poorly. Another 18% grumble how chatbots are ineffective or even annoying. Only 16% gave their chatbot experience a high quality rating.

Analysts expect chatbot usage to rise significantly in the next two years – a shift that could prove costly for brands that don’t evolve their bots. According to Gartner, “25% of customer service and support operations will integrate virtual customer assistant (VCA) or chatbot technology across engagement channels by 2020, up from less than 2% in 2017.”

M

The survey found a separate group that have yet to try chatbots at all and have no plans to start anytime soon. These bot holdouts skew towards a slightly older demographic

Best bots keep it simpleConsumers tend to favor chatbots for only the simplest que-ries that can be done quickly. The most popular chatbot use cases are:

Tracking an order (60% selected) Finding basic information (53%) Asking basic questions (49%)

The respondents also noted that fast service (56%), abil-ity to engage on their own schedule (37%), and convenience (36%) are chatbots’ top benefits. When done well, 43% say chatbots can be almost as good as interacting with a human, while 34% disagree, and 23% don’t know.

Artificial intelligence or artificial stupidity?However, speed and simplicity can only take today’s digital consumers so far. While most brands claim artificial intel-ligence power their bots, consumers’ top chatbot complaints include:

Not enough smarts to effectively answer questions (27%) Lack of context in the conversation (24%) Robot-like engagement with few human qualities (14%)

Similarly, the top reasons consumers would drop a chat-bot session are when bots can’t answer their questions (47% selected), make them do more work than expected (47%) or are too vague in how they can assist them (43%). Separately, only 17% said they would use a bot to purchase goods and ser-vices, further muddying the path from bots to direct revenue.

In no mood for chit chatThe survey found a separate group that have yet to try chat-bots at all and have no plans to start anytime soon. These bot holdouts, which skew towards a slightly older demographic, say they haven’t used chatbots yet due to:

Lack of any real exposure to chatbots (53%) A personal preference to only engage with a human (30%) Lack of knowledge on how to use chatbots (23%)

A full 45% of these consumers without chatbot experience said they won’t try one in the next year while another 30% aren’t sure, which presents a roadblock to companies trying to expand reliance on digital service channels. Only 25% of these non-users said they would be willing to experiment with a chatbot, albeit with some reluctance. Their biggest concerns stem from their lack of experience: they simply don’t know how to use chatbots (top concern at 46%), lack confidence in chatbot effectiveness (31%), or worry about security and privacy (27%)

Insight


APAC Ahead Of US And EMEA In Security Policy Automation: StudyAPAC is substantially ahead in using AI/ML in production as compared to the US and EMEA where the rate of adoption is still in early days, with few organizations using AI/ML in production — just 4% of respondents in EMEA, 9% in the US

By CIO&Leader

Insight


APAC is ahead of the US and EMEA in terms of automation for processes involved in the management of firewall rules and security policy, according to the results of a global survey conducted by Osterman Research, Understanding Security Processes and the Need to Automate. The survey, which includes responses from 465 senior security leaders at large enterprises in the US, EMEA and APAC, reveals trends in the use of security automation, as well as artificial intelligence (AI) and machine learn-ing (ML). Survey questions focused on workflows in firewall and security policy management and vulnerability management.

APAC is substantially ahead in using AI/ML in production as compared to the US and EMEA where the rate of adoption is still in early days, with few organizations using AI/ML in pro-duction — just 4% of respondents in EMEA, 9% in the US.“Many organiza-tions have significant deficiencies with regard to their firewall and security management,” said Michael Oster-man, Principal Analyst of Osterman Research. “Most realize that they need to improve the way they manage securi-ty and policy, and they also realize that automating workflows and processes is key to these improvements.”

A few interesting trends from the survey:

Cost is critical but not for APAC, only 35% in APAC ranked costs

as the key driver for automation. They instead ranked the difficulty of managing the size and complexity of their network as the primary reason (43%), as well as being able to move skilled staff off mundane activities to higher value/skill security tasks (40%). Better visibility and context are still one of the key concerns when it comes to APAC. Organizations are still deficient in understanding network context and having vis-ibility of firewall and security policy, including why firewall rules exist. 47% in APAC said they had only “minimal or some understanding.” 39% in APAC said they have only minimal or some understanding of how security changes impact their business: And it appears that iden-tifying vulnerabilities continues to be a challenge, with 42% in APAC having only minimal or some under-standing of what vulnerabilities exist on network devices. Security staff are bogged down with incident response processes, compliance management and mak-ing changes to the security infra-structure. Compliance management and security changes were noted as the top time takers for APAC.

Security teams need help, with most organizations admitting they need to make major improvements in how they manage security and policy. The biggest improvements are needed in how organizations decommission applications: 54% in APAC say they do it “poorly or moderately.” Ironically, these are areas where automation can make a huge impact. Automation is an impetus for cloud migration. It’s no surprise

that for many companies, migration to the cloud is having a significant impact on the automation of security policy changes. This is most notable in APAC where 43% of organiza-tions said cloud is impacting the automation of security policy chang-es. Survey results also show that the clear majority of organizations are working on initiatives focused on security automation to support cloud environments.

While the journey to understand the key drivers for Security Automation continues, the good news is that secu-rity leaders have started on their auto-mation journey. “Security leaders are facing a tough time balancing organiza-tion risk and value from automating. Though there are many areas, where it is essential to implement automation — and, in fact, where automation reduces risk. For example, collecting/gathering data for attack surface visibility and modeling, network change manage-ment and rule life cycle management. Networks are simply becoming too large and complex to manage manu-ally,” said Gerard Sillars, VP-APAC, Skybox Security. If you’re not already working with a vendor in these areas, you should start looking for one

A“Security

leaders are facing a tough time balancing

organization risk and

value from automating”

Insight


Majority Of Indian Organizations Still In Early Stages Of Cloud Maturity: Study

Compared to the Asia/Pacific (excluding Japan) markets, with more than 14% of the organizations in the latter stages of maturity (repeatable, managed, and optimized), Indian organizations in the latter stages are lesser (10%)

By CIO&Leader

Insight


More than 93% of the Indian organizations are still in the early stages of maturity, according to IDC India’s latest study, titled IDC MaturityScape Benchmark: Cloud in India, 2018. This in IDC MaturityScape’s model are referred to as ad hoc and opportunistic stages. Compared to the Asia/Pacific (exclud-ing Japan) markets, with more than 14% of the organizations in the latter stages of maturity (repeatable, managed, and optimized), Indian organizations in the latter stages are lesser (10%).

While improving IT security and increasing business agility remain among the top expected benefits of cloud by Indian enterprises, the challenges related to costs and complexities with infrastructure cannot be ignored. To be able to derive maximum business value from their investments in cloud, awareness around potential benefits and challenges is a must.

“Most organizations in India have plans to spend maxi-mum of their new cloud spending on SaaS applications over the next year,” says Rishu Sharma, Associate Research Man-ager, Cloud and Internet of Things (IoT), IDC India. “Organi-zations in India are looking for providers with deep techno-logical expertise, along with experience across verticals, that can help them transform their businesses, providing them with business agility and increased IT security.”

The IDC MaturityScape specifically defines the stages, critical measures, business outcomes, and actions that are required to effectively move through the stages and increase value as more investments are made. Using the

maturity measures and descriptions in the document, organizations can:

Understand exactly what sets “thriving” organizations apart from “surviving” organizations, based on their maturity scores Understand industry and peer group expectations for business outcomes and IT outcomes for an increasingly mature (sophisticated) use of cloud in how organiza-tions operationalize their internal IT assets and how they source capability on the public (provider-based) cloud Understand the supporting processes, governance mod-els, technologies, and skills to deliver cloud-based service delivery models to their internal customers Identify gaps in overall cloud management capabilities based on the aforementioned criteria - or more broadly, vision, technology, people, and process

“While organizations in India understand the need for incorporating cloud technologies in their digital journey, they will have to move from experimentation to active adoption, ensure scale and swiftness for better leverage. 'The Cloud Journey' is a mandatory one for all organizations and there is a need to take intelligent decisions to be able to progress rapidly in the maturity curve” says Ranganath Sadasiva, Director, Enterprise Infrastructure, IDC India

MWhile improving IT security and increasing business agility remain among the top expected benefits...the challenges related to costs and complexities cannot be ignored

Insight


Payment Security Compliance Drops For The First Time In Six Years: StudyOnly 52.4% of organizations are maintaining full compliance in 2017, compared to 55.4% in 2016

By CIO&Leader

Insight


After documenting improvements in Payment Card Industry Data Security Standard (PCI DSS) compliance over the past six years (2010 – 2016), Veri-zon’s 2018 Payment Security Report (PSR) now reveals a concerning downward trend with companies failing compli-ance assessments and perhaps, more importantly, not maintaining - full compliance.

The Payment Card Industry Data Security Standard (PCI DSS) helps businesses that offer card payment facilities protect their payment systems from breaches and theft of cardholder data. PCI DSS compliance has been shown (via the Verizon Data Breach Investigations Report series) to help protect payment systems from both data breaches and theft of card-holder data, so this trend is alarming.

Data gathered by Verizon’s PCI DSS qualified security assessors (QSAs) during 2017 demonstrates that PCI compliance is decreasing amongst global businesses, with only 52.4% of organizations maintaining full compliance in 2017, compared to 55.4% in 2016. Regional differences are highlighted, demonstrating that companies in the Asia-Pacific region are more likely to achieve full compli-ance at 77.8%, compared to those based in Europe (46.4%) and the Americas (39.7%). These differences can be attributed to the timing of geographical compliance rollout strategies, cultural

appreciation of awards/recognition, or the maturity of IT systems.

By business sector, IT services remain on top when it comes to com-pliance, with over three-quarters of organizations (77.8%) achieving full status. Retail (56.3%) and financial ser-vices (47.9%) were significantly ahead of hospitality organizations (38.5%), which demonstrated the lowest com-pliance sustainability. With businesses often leveraging PCI DSS compliance efforts to meet the security require-ments of data protection regulations, such as the European Data Protection Regulation (GDPR), this gap between the various business sectors that deal with electronic payments on a daily basis is significant.

Control effectiveness and sustainability are essentialVerizon’s nine factors of control effec-tiveness and sustainability support the 12 key requirements of the PCI DSS standard and are as follows:

Factor 1: Control Environment: The sustainability and effective-ness of the 12 Key Requirements depends on a healthy Control Envi-ronment. Factor 2: Control Design: Proper control operation to meet DSS secu-rity control objectives depends on sound Control Design. Factor 3: Control Risk: Without on-going maintenance (security testing, risk management, etc.), controls can degrade over time and eventually break down. Mitigation of control failures requires integrat-ed management of Control Risk. Factor 4: Control Robustness: Controls operate in dynamic busi-ness and ever-changing threat envi-ronments. They must be robust to resist unwanted change to remain functional and perform to specifica-

tions (configure standards, access control, system hardening, etc.). Factor 5: Control Resilience: Security controls can potentially still fail, despite adding layers of control for increased robustness, therefore control resilience with proactive discovery and quick recovery from failure is essential for effectiveness and sustainability. Factor 6: Control Lifecycle Man-agement: To achieve all of the above it is necessary to monitor and actively manage security controls throughout each stage of their life-cycle from inception to retirement.

Factor 7: Performance Manage-ment: Establishing and commu-nicating performance standards to measure the actual performance of the control environment improves control effectiveness, and promotes predictable outcomes of your data protection and compliance activities, allowing for early identification and correction of performance deviations. Factor 8: Maturity Measurement: A control environment should never be stagnant – it must improve continuously. To do so, businesses need a roadmap, a target level of process and capability maturity to track the degree of formality and optimization of processes as indication of how close developing processes are to being complete and capable of continual improvement. Factor 9: Self-Assessment: Achieving all of the above requires in-house proficiency – resource capacity (people, processes and technology), capability (support-ing processes), competency (skills, knowledge and experience) and commitment (the will to consistent-ly adhere to compliance require-ments) – in short a self-assessment proficiency.

A

Insight


Asia-Pacific Organizations Experience Threat-Alert FatigueThe study reveals a lack of centralized security management platforms and an over-reliance on cloud service providers to secure workloadsBy CIO&Leader

Many network security threats today go uninvestigated, with IT professionals struggling to accurately prioritize alerts due to the overwhelming volume generated in an increasingly cloud-reliant work landscape, according to Juniper Networks and Ovum Research’s new report, titled Too Much of a Good Thing? Enterprise Cybersecurity Adoption Trends Across Asia-Pacific.

The report polled 350 companies and public-sector organizations across 11 countries including China, India, Japan, Korea, Australia and Singapore. Across the region, more than 42% of respondents shared that they were dealing with approximately 50 alerts a day, although only a small fraction of them required further investigation. In India, eight percent of respondents said they were receiving more than 1,000 alerts a day and almost half reported more than 50 threats a day, making India the second-highest cybersecurity prone market after China.

In addition to threat-alert fatigue, the report also highlighted several other key findings, including an over-reliance on cloud service providers to secure data and a proliferation of secu-rity tools. Respondents were also sur-veyed on how they have protected their existing infrastructure, as well as how far they have moved and secured their corporate workloads in the cloud.

M

Insight


The findings all indicate a need for enterprises to consider adopting a cen-tralized security management platform and the importance of implementing automation to better prioritize the growing number of threat alerts.

Key Findings from the ReportImproved Alert Prioritization Com-bats Threat FatigueWith the increasing number and variety of threat alerts emerging, it is becoming increasingly difficult for security teams to respond to the ones that matter. For instance, the report shows that financial services institu-tions are dealing with hundreds of thousands of alerts daily. Additionally, the majority of these alerts were ulti-mately not important enough to merit further action. Nearly two-thirds of all respondents indicated that less than 10% of all alerts are legitimate and require further attention.

In India, 8% of respondents say they receive over 1,000 threat alerts a day, the highest reported in APAC. More significantly, only 30% of respondents from India reported that 10% or less of those threats are legitimate, while only 12% say that over half of the threats they receive warrant further investigation.

Improved Centralized Security Man-agement is a MustAs cyber criminals discover new ways to mount attacks and respond in real-time to emerging revenue opportuni-ties, the report revealed that enterprise decision makers have responded to this by deploying patchworks of new secu-rity solutions. This, over time, creates siloed security tools, each reporting to their own dashboard.

More than half of the companies surveyed with over 1,000 branches

In addition, automation of key secu-rity operation tasks are being widely adopted to more effectively prioritize and analyze alerts, enabling security teams to respond faster to the most crucial threats.

Reducing Reliance on Communica-tion Service Providers (CSPs) to Manage Data Security is a Rising PriorityThe report showed that, while APAC organizations have widely embraced SaaS applications, a more meaning-ful way to gauge longer-term cloud adoption trends would be the degree to which corporate applications have migrated to either IaaS or PaaS environ-ments. Across the APAC region, nearly half of organizations surveyed (47% for smaller; 42% for larger) admitted they rely entirely on their CSP.

In India, the findings highlight a healthy uptake of this migration, with almost 70% of respondents sharing that between 11 and 50% of all their corporate workloads have already been migrated to either an IaaS or PaaS platform. Addition-ally, almost 20% of respondents from larger companies (with over 1,000 branches), also shared that more than 50% of their corporate workloads have been migrated to IaaS or PaaS platforms. When it comes to securing these workloads, the report indicated that over 30% of respondents from India have opted for on-premise security tools to protect their workloads in the cloud, almost the same amount as those that depend on their CSPs. The findings indicate that India is fast outperforming other APAC markets with its high levels of workload being moved to the cloud and their adoption of cloud-based security tools

in operation around APAC said they were managing over 100 tools – a clear indicator of the growing need for cen-tralized management, particularly as organizations scale up.

In India, while almost 30% of respondents shared that they were managing more than 50 tools for this purpose, 45% reported higher levels of using a centralized secu-rity platform or have implemented a Security Incident and Event Man-agement (SIEM) center – the high-est in the APAC region. Overall, the findings across the region further reinforced the need for a centralized security manage-ment platform and for improved threat alert prioritization based on the total amount of alerts received each day, with 50% indicating having to deal with over 50 alerts daily. The challenge is exacerbated in larger organizations with larger branch networks, with 8% of these companies receiving more than 1,000 alerts daily.

In India, 8% of respondents say they receive

over 1,000 threat alerts a

day, the highest reported in

APAC...10% or less of those threats are legitimate

Insight


Key Digital Disruptions CIOs May Not See Coming: GartnerQuantum computing, real-time language translation and nanotechnology are some of the key disruptions which needs to be considered

By CIO&Leader

O Organizations may not be prepared for key digital disruptions, which include several categories of disruption, each of which rep-resents a significant potential for new dis-ruptive companies and business models to emerge, according to Gartner.

Quantum ComputingQuantum computing (QC) is a type of non-classical computing that is based on the quantum state of subatomic particles. Clas-

sic computers operate using binary bits where the bit is either 0 or 1, true or false, positive or negative. However, in QC, the bit is referred to as a quantum bit or qubit. Unlike the strictly binary bits of classic computing, qubits can represent 1 or 0 or a superposition of both partly 0 and partly 1 at the same time.

Superposition is what gives quantum com-puters speed and parallelism, meaning that these computers could theoretically work

Insight


on millions of computations at once. Further, qubits can be linked with other qubits in a process called entanglement. When combined with superposition, quantum computers could process a massive number of possible outcomes at the same time.

Real-Time Language TranslationReal-time language translation could, in effect, fundamentally change commu-nication across the globe. Devices, such as translation earbuds and voice and text translation services can perform translation in real-time, breaking down language barriers with friends, family, clients and colleagues. This technology could not only disrupt intercultural language barriers, but also language translators as this role may no longer be needed.

NanotechnologyNanotechnology is science, engineer-ing and technology conducted at the nanoscale — 1 to 100 nanometers. The implications of this technology are that the creation of solutions involves indi-vidual atoms and molecules. Nanotech is used to create new effects in materials science, such as self-healing materials. Applications in medicine, electronics, security and manufacturing herald a world of small solutions that fill in the gaps in the macroverse in which we live.

Swarm IntelligenceDigital business will stretch conven-tional management methods past the breaking point. The enterprise will need to make decisions in real time about unpredictable events, based on information from many different sources (such as Internet of Things [IoT] devices) beyond the organiza-tion’s control. Humans move too slowly, stand-alone smart machines cost too much, and hyperscale architectures cannot deal with the variability. Swarm intelligence could tackle the mission at a low cost.

Swarm intelligence is the collective

behavior of decentralized, self-orga-nized systems, natural or artificial. A swarm consists of small computing elements (either physical entities or software agents) that follow simple rules for coordinating their activities. Such elements can be replicated quickly and inexpensively. Thus, a swarm can be scaled up and down easily as needs change. CIOs should start exploring the concept to scale management, especially in digital business scenarios.

Human-Machine InterfacesHuman-machine interface (HMI) offers solutions providers the oppor-tunity to differentiate with innovative, multimodal experiences. In addition, people living with disabilities benefit from HMIs that are being adapted to their needs, including some already in use within organizations of all types. Technology will give some of these people “superabilities,” spurring people without disabilities to also employ the technology to keep up.

For example, electromyography (EMG) wearables allow current users who would be unable to do so otherwise to use smartphones and computers through the use of sensors that measure muscle activity. Muscular contraction generates electrical signals that can be measured from the skin surface. Sen-sors may be placed on a single part or multiple parts of the body, as appropri-ate to the individual. The gestures are in turn interpreted by a HMI linked to another device, such as a PC or smartphone. Wearable devices using myoelectric signals have already hit the consumer market and will continue migrating to devices intended for peo-ple with disabilities.

Software Distribution RevolutionSoftware procurement and acquisi-tion is undergoing a fundamental shift. The way in which software is located, bought and updated is now in the province of the software distribu-tion marketplace. With the continued

growth of cloud platforms from Ama-zon Web Services (AWS), Microsoft, Google, IBM and others, as well as the ever-increasing introduction of cloud-oriented products and services, the role of marketplaces for selling and buying is gathering steam. The cloud platform providers realize (to varying degrees) that they must remove as much friction as possible in the buying and owning processes for both their own offerings and the offerings of their independent software vendors (ISVs) (i.e., partners). ISVs or cloud technology service pro-viders (TSPs) recognize the need to reach large and increasingly diverse buying audiences.

Smartphone DisintermediationThe use of other devices, such as virtual personal assistants (VPAs), smart-watches and other wearables, may mean a shift in how people continue to use the smartphone.

CIOs and IT leaders should use wearability of a technology as a guid-ing principle and investigate and pilot wearable solutions to improve worker effectiveness, increase safety, enhance customer experiences and improve employee satisfaction

Digital business will stretch conventional management methods past the breaking point. The enterprise will need to make decisions in real time

Insight


Security Solution Revenues In APeJ To Rise In 2022: IDCAsia/Pacific excluding Japan (APeJ) spending on security related hardware, software and services will reach USD 28.76 billion in 2022 with a compound annual growth rate (CAGR) of 20.7% over the forecast period 2017-22

By CIO&Leader

Insight


Asia/Pacific excluding Japan (APeJ) spend-ing on security related hardware, software and services will reach USD 28.76 billion in 2022 with a compound annual growth rate (CAGR) of 20.7% over the forecast period 2017-22, according to IDC Worldwide Semian-nual Security Spending Guide. Security spend-ing is estimated to reach USD 13.41 billion this year, an increase of 19.6% against 2017.

Security-related services will be both the largest (USD 5.3 billion in 2018) and the fastest growing (23.3% CAGR) category of APeJ security spending. Managed security services will be the largest segment within the services category, delivering almost 45 to 50% of the technology category total in 2022. Integration services and consulting services will be responsible for most of the remainder. Secu-rity Hardware is the second-largest category with spending expected to total USD 4.9 billion in 2018. Network security hardware will be the largest hardware segment throughout the forecast period, followed by data security hardware. Most of the spend in network security hardware is led by Unified Threat Management and Firewall technology hard-ware. Software spend will reach USD 3.1 billion in 2018 with a five-year CAGR of 14% only.

Banking will make the largest investment in security solu-tions, growing double-fold from USD 2.1 billion in 2018 to USD 4.5 billion in 2022. Security-related services, led by managed security services, will account for more than half of the industry's spend throughout the forecast. The second and third largest industries in year 2018, which are discrete manufacturing and federal/central government (USD 1.8 billion and USD 1.3 billion in 2018, respectively) are led by Hardware technology group. The industries that will see the fastest growth in security spending will be Resource Indus-try (24.2% CAGR), state/local government (24% CAGR), and Utilities (22.9% CAGR).

From a company size perspective, large and very large

businesses (those with more than 500 employees) will be responsible for nearly two thirds of all security-related spending in 2018. Small businesses (10-99 employees) will see the strongest spending growth of 21.5%, which will be neck to neck growth with 21.4% in very large businesses (1000+ employees) and 21.3% in large businesses (500-999 employees) over the forecast period. Small offices (1-9 employees) and medium size businesses (100 to 499 employ-ees) will also experience moderately good growth of 20.3% and 19.8% respectively.

From a geography perspective, IDC counts two sub regions under APeJ, which are China and Rest of Asia Pacific (excluding Japan & China). China will only account to 39.7% of total APeJ security solutions spend in 2018 but will gain traction by year 2022 by accounting to almost 50% of total APeJ market. China will show a record five-year CAGR of 26.6% as compared to 16.2% recorded by Rest of APeJ region. Telecommunications and State/Local Government are the two leading drivers of Chinese market for security related solutions, collectively accounting to 35% share from overall China spend in 2018. Industrial spend in APeJ (excluding China) will be led by strong demand in India, Singapore and Malaysia.

A

Source: IDC Worldwide Semiannual Security Spending Guide, 2017H2

45.3%

15.6%

13.5%10.2%

9.2%

6.2%

Banking

Telecommunication

Federal/Central Government

State/Local Government

Discrete Manufacturing

Others

Top Industry Based on 2018 Market Share (Value (Constant Annual))

of the winners report to a C level42%of winners work in organizations with IT budget of over 10 crore and above64%

Come and establish camaraderie with the IT giants of tomorrow

#TheBigPicture

For engagement opportunities, please contact

Mahantesh G 9880436623 [email protected] Sharma 9811791110 [email protected] Amin 9820575282 [email protected] Raghavendra 98453 81683 [email protected] Vandana Chauhan 9958984581 [email protected]

Apply for the NEXT100 today—it could change your l i fe . Go to: www.next100. in

of the winners report to a C level42%of winners work in organizations with IT budget of over 10 crore and above64%

Come and establish camaraderie with the IT giants of tomorrow

#TheBigPicture

For engagement opportunities, please contact

Mahantesh G 9880436623 [email protected] Sharma 9811791110 [email protected] Amin 9820575282 [email protected] Raghavendra 98453 81683 [email protected] Vandana Chauhan 9958984581 [email protected]

Apply for the NEXT100 today—it could change your l i fe . Go to: www.next100. in

Date post:	16-Apr-2020
Category:	Documents
Upload:	others
View:	4 times
Download:	0 times

India's Most Social CIOs on Twitter...8 Chandresh Dedhia CIO Fermenta Biotech @chandreshd 9 9...

Documents