< PreviousThe lab will achieve this by providing an integrated structure that supports the use of advanced methods and techniques that support open sources. The announcement was made at the Global Summit on Artificial Intelligence, a virtual event organised by the Saudi Data and Artificial Intelligence Authority (SDAIA) At the summit, STC’s group CEO Nasser bin Suleiman Al-Nasser urged large companies to promote innovation using artificial intelligence (AI), while developing solutions that aim to support Ericsson has announced Cloud RAN (Radio Access Network), a new offering to enable communications service pro- viders to add greater flexibility and ver- satility to their networks. Cloud RAN by Ericsson is a cloud-na- tive software solution handling compute functionality in the RAN. It will comple- ment high-performing purpose-built STC has announced plans to launch an advanced cloud-based data analysis laboratory through which big data and predictive analysis as well as AI innovation can be analysed. Cloud RAN by Ericsson will deliver network capabilities for both large-scale and centralised 5G deployments STC set to open data analysis lab to boost AI innovation in Saudi Ericsson announces cloud RAN portfolio for increased network flexibility For all the latest network news from the Middle East and Africa, visit www.itp.net INSIDE… 20 STC set to open data analysis lab 20 Ericsson announces cloud RAN portfolio 21 Alibaba Cloud drives growth for Chinese tech firm in Q3 21 Aveva and Microsoft extend strategic partnership //Regional_Update baseband offerings in the Ericsson Radio System portfolio, giving service provid- ers an optimal choice for any deployment scenario and need. As the telecoms industry deploys 5G networks around the globe, technologies such as automation and virtualisation, with Cloud RAN specifically, will play a key role in future network evolution. Cloud RAN by Ericsson will be re- leased in stages, matching the service providers’ journey to complement their purpose-built 5G networks. The first stage will provide the foundation, offer- ing a system-verified solution for 5G low band that will enable an easy transition to a virtualised RAN using commercial off- the-shelf (COTS) hardware platforms. the growth of sectors. Al-Nasser also revealed that STC re- lies on various AI technologies that serve customers, and the group in order to im- prove efficiency. This advanced structure of the afore- mentioned laboratory will allow the development of various projects, coop- eration opportunities and partnerships locally and internationally. Among the opportunities, it would in- clude datathons and artificial intelligence innovation competitions, in addition to cooperation opportunities with external governmental and private parties. The launch of STC’s AI laboratory comes after the announcement of a part- nership with Nvidia to launch a cloud so- lution for in-depth learning. // REGIONAL UPDATE / DECEMBER // WWW.ITP.NET/// 20 / NETWORK MIDDLE EAST / DECEMBER 2020 /ALLOW AUDIO TO TRULY CONNECT Next floor. Next city. Next continent. When the audio between conference callers works the way it should, distances become irrelevant. But when it fails, those distances are really felt. With a choice of solutions from Shure, you’ll be able to offer your users reliable audio technology that supports seamless collaboration. As if everyone’s in the same room. The way it should be. Finally, users will feel truly connected. © 2020 Shure Incorporated. See shure.com/trademarks. Discover our range of conferencing audio solutions at effortless.shure.comThe company also announced a more flexible NetApp Keystone Flex Subscription service and a new NetApp SolidFire Enterprise SDS solution. With these updates, organisations can now optimise performance and security, reduce costs, easily extend data management from on premises to any cloud, and consume hybrid cloud infrastructure as a service. César Cernuda, president, NetApp, said, “Digital transformation has accelerated to the point where projects that used to take years to accomplish now need to be completed in months or even weeks.. “With its rich data-centric software innovation, NetApp is uniquely positioned to help organisations quickly adapt and sustainably NetApp has updated its cloud-connected NetApp ONTAP data management software. NetApp brings the simplicity and flexibility of the cloud to the data centre César Cernuda, president, NetApp UAE-backed Virgin Hyper- loop completes test drive with human passengers Virgin Hyperloop has made history after successfully completing the first test drive with human passendgers. Josh Giegel, Co-Founder and Chief Technology Officer, and Sara Luchian, Director of Passenger Experience at Virgin Hyperloop were the first people in the world to ride on this new form of transportation. The test took place at Virgin Hyperloop’s 500-meter DevLoop test site in Las Vegas, Nevada, where the company has previously run over 400 un-occupied tests. NEWS IN BRIEF Aveva and Microsoft extend strategic partnership Aveva will extend its strategic collaboration with Microsoft to focus on accelerating digital transformation in the industrial sector – namely the manufac- turing and energy industries. Aveva will help maximise the value that customers can derive from the integration of Aveva’s portfolio with Microsoft cloud services and especially Micro- soft Azure (infrastructure, data and AI services), helping quicker implementations, connect teams more readily and drive growth opportunities through- out their integrated portfolio. Alibaba Cloud drives growth for Chinese tech firm in Q3 Alibaba has reported a strong financial quarter end- ing September 30, 2020. Revenue increased 30% and stood at US$22,838m, an increase of 30% year-over- year. Daniel Zhang, chairman and chief executive officer of Alibaba Group noted that the company continued to “help businesses recover and find new opportunities for growth” through digitalisation in the post-pandemic landscape. STL to acquire optical interconnect specialist Optotec Digital network specialist STL is set to acquire Italian optical interconnect producer, Optotec, in a move that will ramp up STL’s ability to serve its customers in Europe and the Middle East. Optotec provides a full range of Optical Interconnect Products for telecommunication, fibre to the home (FTTH) and cloud networks in Europe. transform in today’s hybrid cloud world. Now, we make it easier for them to develop applications in the cloud, move applications to the cloud, or create cloudlike experiences on premises.” // REGIONAL UPDATE / DECEMBER // WWW.ITP.NET/// 22 / NETWORK MIDDLE EAST / DECEMBER 2020 /Mimecast has released a new research which highlights the risky behaviour of employees using company-issued devices. The report highlighted the need for better awareness training, as people are clicking on links or opening suspicious emails despite having been trained. The study, which included the UAE, noted that despite a majority of respondents stating that they’ve had special awareness training, 61% still opened emails they considered to be suspicious. Meanwhile, 50% of the respondents admitted to not reporting suspicious emails to their IT or security teams. According to the State of Email Security 2020 report, personal email and browsing the web/shopping online were already two areas of major concern for IT professionals. In the Middle East, 66% of respondents said there was a risk to checking personal email as the cause of a serious security mistake, and 65 percent thought surfing the web or online shopping could likely cause an incident. McAfee announces MVISION Cloud Native Application Pro- tection Platform, an integrated architecture to secure the cloud native application ecosystem. Palo Alto Networks and PwC expand partnership to deliver managed detection and response (MDR) services to joint customers. Sophos has uncovered attack- ers using DLL side-loading to execute malicious code and install backdoors in the networks of targeted organisations Myanmar. Kaspersky researchers have discovered new Android bank- ing Trojan called Ghimob, which can spy and steal data from 153 Android applications. For further info on the above stories, plus all the latest security news, visit www.itp.net/security NEWS JUST IN… //Security_Report 61% still opened suspicious emails despite having had special awareness training UAE employees admit to opening suspicious emails: Mimecast fact, Mimecast has found that end-us- ers who have taken Mimecast Aware- ness Training are 5.2 times less likely to click on dangerous links. Awareness training can’t be just another check- the-box activity if you want a security conscious organisation.” Josh Douglas, vice president of threat intelligence, Mimecast, “Better training is crucial to avoid putting any organisation at risk. Employees need to be engaged, and trainings need to be short, visual, relevant and include hu- mour to make the message resonate. In Josh Douglas, Mimecast. // UPDATE / SECURITY // WWW.ITP.NET/// 24 / NETWORK MIDDLE EAST / DECEMBER 2020 /Thales has launched its Identity Verification Suite, to meet the demand generated by the rising need of remote client onboarding. The IDV Suite enables a 100%- AI identity verification service and integrates the latest facial recognition technology, document security features recognition and machine learning engines. The solution is said to address the Covid-19 environment with touchless interactions, allowing service providers Identity Verification Suite designed to onboard more users in a secure remote environment, and minimise ID fraud Thales launches Covid-friendly biometric solution to reach end users via their mobile handsets or the web. “Covid-19 has created a number of key global shifts that are shaping the method in which people are accurately identified when signing up to new accounts or interacting with digital services. Goode Intelligence forecasts that electronic identity and document verification service adoption, in such crisis context, will be accelerated by 15- 20%,” said Alan Goode, CEO and chief analyst at Goode Intelligence. QUOTED “IT security teams need to be on full alert 24 hours a day, seven days a week and have a full grasp of the latest threat intelligence on attacker tools and behaviours.”” Chester Wisniewski, principal research scientist, Sophos. Attackers will continue to exploit human behaviours, social engineering, and identity theft to establish a foothold and to steal data in every type of organisation.” Chris Morales, Head of Security Analytics, Vectra. “The first step on the road to compliance with data regulations is knowing what data you have and where it is. Without that insight, it’s practically impossible to ensure that data is being stored, processed and deleted in line with the law.” Johnny Karam, regional vice president, Veritas Emerging Region. SECURITY / UPDATE / / // SEPTEMBER-NOVEMBER 2020 / NETWORK MIDDLE EAST / 25// WWW.ITP.NET/HAT ARE THE BENEFITS AND CHALLENGES OF ACCELER- ATED CLOUD ADOPTION? HOW CAN IT IMPACT ANY ORGANI- SATION’S EXISTING SECURITY STRATEGY? Saad Ouchkir: While organisations have been turning to public cloud for cost saving and the agility offered by managed services on public cloud plat- forms, we see more organisations con- sidering public cloud for its security capabilities. In fact these organisations are realising that the economies of scale allow cloud providers to invest more in people and processes to help deliver a secure infrastructure. Organisations can build a robust se- curity posture by leveraging security capabilities that are available natively on their cloud platform of choice and build- ing their own security processes on top W of it to make sure that they offer the best security for their customers. HOW CAN ORGANISATIONS AVOID COMMON SECURITY MISTAKES WHEN THEY MOVE TO THE CLOUD? SO: It’s very important to understand the shared responsibility model that’s offered by cloud providers. While these providers offer state of the art security for the underlying infrastructure that their customers are using, it’s the cus- tomer’s responsibility to use security fea- tures and best practices offered by their cloud providers to secure their data. To give you an example: Cloud pro- viders offer identity and access manage- ment capabilities as well as multi-factor authentication to secure access to the data stored on their infrastructure and allow their customers to control who has access to what, but if the customer doesn’t use these capabilities they might put their data at risk. With working from home becoming the new norm and the ubiquity of SaaS applications, it’s very important to edu- cate both security administrators and end users on the importance of security. WHAT ARE THE DIFFERENT WAYS TO ENHANCE CLOUD SECURITY FOR MISSION CRITICAL BUSINESS APPLICATIONS? SO: When using public cloud for your mission critical business applications you benefit from a robust infrastructure and reliable SLAs that boost the performance. When it comes to security, there are things that you need to pay attention to: Your data must be encrypted all the time, at rest when the data is stored on the disks and in transit when data is transferred. At Google Cloud we have introduced Confidential Computing which allows our customers to encrypt the data even while it’s being processed. As more business applications are hosted in the cloud, it’s very important to shift access controls from the network We sat down with Saad Ouchkir, the Head of Customer Engineering META at Google Cloud to discuss how the conversation around cloud security has shifted towards data encryption and understand how regional privacy regulations apply to an organisation’s compliance requirements CLOUDS ARE SECURE: ARE YOU USING THEM SECURELY? // INTERIEW / GOOGLE CLOUD // WWW.ITP.NET/// 26 / NETWORK MIDDLE EAST / DECEMBER 2020 /perimeter to individual users and devic- es using the zero trust security model. We’ve been using that model for years internally at Google and we recently made our implementation of zero trust available to our customers allowing their employees and contractors to ac- cess mission critical business applica- tions remotely without the need for a traditional VPN. PLEASE HIGHLIGHT THE KEY COM- PLIANCE CHALLENGES WHEN OP- ERATING IN THE CLOUD. SO: When moving to the cloud organi- sations have the double challenge of protecting sensitive applications while achieving and maintaining compliance with regulatory and industrial require- ments. For this reason, it’s important to choose a cloud vendor that undergoes several independent third-party audits on a regular basis to provide compliance with key international standards. Regulations such as GDPR place sig- nificant emphasis on enterprises know- ing how their data is being processed, who has access to data, and how secu- rity incidents will be managed. For this reason we have dedicated teams of engi- neers and compliance experts at Google Cloud who support our customers in meeting their regulatory compliance and risk management obligations. One of the requirements that some regulated companies in our region have to comply with is the requirement to host customer data in-country. At Google Cloud we have designed a hybrid cloud technology called Anthos that al- lows our customers to benefit from the agility of cloud native technology while storing customer data on premise. We’ve partnered with Moro Hub, fast growing cloud service provider and one of Digi- tal DEWA companies, to host workloads in their Tier-III Green Data Centre in Dubai using Anthos. SECURING CLOUD IS A PRIORITY FOR BOTH CLOUD-NATIVES AND THOSE EMBARKING ON THEIR CLOUD JOURNEY. HOW WILL THEIR Saad Ouchkir, the Head of Customer Engineering META at Google Cloud CLOUD SECURITY STRATEGY BE SIMILAR OR DIFFERENT? FUR- THER, WHAT DOES THIS STRATEGY LOOK LIKE? SO: Cloud native companies have the advantage of starting with a clean slate. They don’t have legacy systems that they need to maintain. This allows them to use cloud native technologies with built- in security features. This doesn’t mean that other compa- nies can’t make use of the cloud in a se- cure way. At Google Cloud we make sure to meet our customers where they are. We run assessments to understand their current state and we help them through- out their cloud journey. We designed a Cloud Adoption Framework to help our customers move to the cloud with confidence. It articu- lates around three components: People, Processes and Technology and focuses on key capabilities that organisations need to develop in order to succeed in their cloud adoption. Two of these capa- bilities that I find essential are upskilling IT staff and building a secure landing zone for their applications in the cloud. ARE THERE SECURITY GAPS IN CLOUD PLATFORMS THAT CYBER ATTACKERS MAY LEVERAGE?? SO: Cloud providers put a lot of effort into building state-of-the-art data cen- tres and the most sophisticated secu- rity systems and processes. At Google, security is part of our culture, all em- ployees receive ongoing security train- ing throughout their Google careers. Our dedicated security team includes some of the world’s foremost experts in information, application and network security. We specifically built a full-time team, known as Project Zero that aims to prevent targeted attacks by reporting bugs to software vendors. The shift to remote work has cre- ated an opportunity for cyber attackers to target users through increasingly so- phisticated phishing attacks that try to steal their passwords. For this reason we encourage our customers to use phishing-resistant physical two-factor authentication de- vices like security keys that use public key cryptography to verify a user’s iden- tity. HOW CAN ORGANISATIONS EN- SURE THE IMPLEMENTATION OF THE RIGHT SECURITY ARCHITEC- TURE TO WITHSTAND SUCH AT- TACKS? SO: An organisation’s security pos- ture is only as strong as its weakest link. As we work with our customers, we help them tailor a security solution that covers multiple aspects: Technol- ogy of course, but also their processes and people, increasing awareness of phishing, and helping the users to identify such attacks is important. We also encourage our customers to make the use of anti-phishing two-factor authentication devices compulsory for all their users. And when designing their remote ap- plications access, we encourage them to shift their access controls from the network perimeter to the use of “zero- trust” paradigm where no network de- vice is trusted by default, even if it’s con- nected to the corporate network. Follow us on Twitter: @GoogleCloud_ME Learn more about Google Cloud’s se- curity solutions: cloud.google.com/ security GOOGLE CLOUD / INTERVIEW // // DECEMBER 2020 / NETWORK MIDDLE EAST / 27// WWW.ITP.NET/We are in unprecedented times and no one can truly predict what lies ahead. What we do know is that threat actors are on the lookout for vulnerabilities and the sudden move to remote operations may have left loopholes that they can leverage. We sat down with security experts to understand how the security landscape may shape up next yearwwAs systems and services move out of the traditional network/data centre envi- ronment, security must lean heavily on proof of identity. The mechanisms for securing services are verifying the iden- tity of the user, the system they are using and the location they are in. This is referred to as identity-as-the- perimeter. This approach takes identity – an already valuable asset – and sig- nificantly elevates its status. With this in mind, it is very easy to predict the behaviour we will see from threat ac- tors — attacks on the mechanisms that maintain and secure verified identities will increase through 2021 and beyond. This year, organisations have witnessed unprecedented shifts in both work para- digms and threat activity. Because of this rapidly evolving threat landscape, it will take a careful combination of technol- ogy, people, training and partnerships to Insider threats will increase, calling for more user awareness training. Brand hijacking will proliferate both via email and the web. Threat intelligence feeds will become critical to drive pro-active strategies in securing business systems and alerting users to potential threats. Covid-19 will continue to accelerate the shift to cloud deployment. The impor- tance of cloud security will be elevat- ed, especially as most employees are working from home and accessing data stored centrally in the cloud. secure against the types of attacks com- ing from cyber adversaries in the future. Indeed, cybersecurity vendors, threat research organisations and other industry groups will need to collaborate with each other for information sharing and include working with law enforce- ment to help dismantle adversarial infra- structures to prevent future attacks. We also believe that the evolution of AI will be critical against evolving attacks, AI- enhanced technologies that can see, an- ticipate, and counter attacks will become a reality because cyber-attacks of the fu- ture will occur in microseconds. required to drive our ever-expanding attack surface and corresponding technology chain. Ask what is truly essential, so that you can focus. A good model is known as the OODA Loop – it stands for Observe, Orient, Decide, then Act. We have a lot of “Observe” technology (many sensors). Most companies have invested heavily in Decide (using SIEM) and are in the early stages of automating Act (using SOAR). The big gap to address in 2021 is Orient – taking all the raw facts, and relating them to your specific business situation, so you understand what is relevant or critical, and what is low priority. EXPONENTIAL RISE IN IDENTITY- CENTRIC SECURITY AI-ENHANCED TECH WILL EMERGE TO COUNTER ATTACKS INSIDER THREATS WILL INCREASE Karl Lankford, director – Solutions Engineering, BeyondTrust Alain Penel, regional vice president – Middle East, Fortinet Raafat Kastoun, cybersecurity specialist, Mimecast The next ‘big thing’ in security is to take something away, not add another widget. Most security teams have more technology stacked up than they can operate to get the intended benefits. Simplification is never easy – ask any poet. Still, we have to reduce the skill level PRIORITISING WHAT IS RELEVANT OR CRITICAL Dr. Mike Lloyd, CTO, RedSeal UPTICK IN ATTACKS TARGETING OPERATIONAL TECHNOLOGY There will be an abundance of 5G-en- abled devices that hold the potential to revolutionise working practices, particularly within IT and OT as the environments continue to converge and evolve. The challenge is that, once 5G is widely available, IT teams and attackers will be looking for ways to navigate the mass distribution and Maher Jadallah, regional director - Middle East, Tenable THE NEXT BIG THING / FEATURE // // DECEMBER 2020 / NETWORK MIDDLE EAST / 29// WWW.ITP.NET/Next >