the hub - issue 16

Injazat Data SyStemS’ offIcIal newSletter

Issue 16

SECURITY IN THE CLOUD

Simplified Disaster Recovery Planning

FACE TO FACE WITH OUR NEW CTO

INJAZAT AND KASPERSKY PARTNER FOR SECURITY

INSIDE:

what to expect as the world goes virtual

A Mubadala Company

Injazat ceo message

This is a special time in Injazat’s history as we celebrate our 10th anniversary. Founded in 2005 by Mubadala Development Company, Injazat Data Systems has expanded at an exponential pace. Today it is wholly owned and supported by Mubadala. In the past 10 years, Injazat has flourished to play a major role in developing the UAE’s IT managed services and outsourcing market and we are consistently developing strong ties with its customers to deliver a wide range of high-quality and secure IT managed services to government and commercial enterprises in the UAE and across the wider Gulf region. Looking ahead, we will focus on our growth strategy while continuing to build on the strength of our brand as the trusted technology partner of choice. I am incredibly excited about this journey and truly believe that the best of Injazat Data Systems is yet to come. We would like to thank our clients, partners and supporters for helping us on the road to achieving our goals. Abu Dhabi, and the Gulf, is currently in a period of great transformation with ICT and digital services at the heart of its growth. Organizations need a trusted partner to support and secure business critical data and manage their IT services strategy. Therefore, our central focus for this edition is cloud security, a topic which still poses many questions for IT decision makers. Concerns surrounding the subject are only natural; for many organizations in the region the concept is still relatively fresh. We hope this publication will give you new insight into security, data retention, and what to do in case of a data disaster.

Yours truly,Ibrahim Mohamed LariCEOInjazat Data Systems

2 The Hub | ISSUE 16

WEIGHING UP THE CLOUDOver 120 influential IT professionals were asked what their considerations were

when weighing up the pros and cons of the cloud.

71% commended cloud on the ability to help them be more scalabe

The cost of cloud computing turns 42% of IT decision makers off adopting cloud

only 12.5% stated that cloud solved the capex vs Opex debate

92% are concerned with security

40% felt that they would lose control of their IT operations when adopting cloud

60% stated cloud simplified management of IT and lifted the internal IT burden

Flexibility in the cloud encouraged 89% of decision makers to make the transition

78% prefer a hybrid cloud solution over a full transition

71% 42% 12.5%

92%

40%

PROS

78%

89%

60%

CONS

3ISSUE 16 | The Hub

feature

Few now question the benefits that can be realized from cloud through greater business agility, rapid scalability of services and reduced costs. Security, however, consistently rates as the major concern for enterprises adopting cloud-based services.

Frequent stories of hackers, organised cyber criminals and state-sponsored attacks not only play into these concerns of information

a step towards cloud security

loss, but also possible sabotage in which sophisticated methods are used to target potential victims.

The challenge for those wanting to reap the efficiency and cost benefits of cloud is to find new ways of protecting their physical and virtual assets – and that requires a whole-of-enterprise approach.

In line with this, evaluating and managing security risks must be top of mind for organizations

wanting to make a successful transition to cloud. The different deployment models – public, private and hybrid – each have their own security vulnerabilities and risks. These increase depending on the range of potentially unidentified users.

While the challenges are real, working methodically from the inside out is the key. CIOs and CSIOs must focus on securing their own enterprise’s use of cloud-based


feature

services rather than whether the cloud, in general, is secure.

There are a number of factors IT leaders should look out for when it comes to cloud security, such as the different mobile devices that are accessing the organization’s cloud network. This is something that needs to be carefully monitored as various trends continuously blur the border between personal and business computing devices, making it increasingly difficult for organizations to control security. Another factor is the cloud platform, future enterprise clouds are likely to be hybrid systems combining both physical and virtualized IT resources, all of which must be equipped with security. This includes malware and data protection measures, as well as network and host security solutions.

Identity and access management, are also among the key areas that IT leaders should monitor, as the security ecosystem cannot be entirely controlled. Hence, proper security provisioning, governance and management tooling must be in place for reporting and to check for breaches. Security and compliance in the cloud should also be managed diligently, this requires more than just security products – there should be security-minded people and processes to ensure that the environment operates securely. Lastly, the cloud stakeholders set the overall security levels to meet audit and compliance requirements.

Deploying clouD safelyThe traditional perimeter barrier to IT security is no longer effective

in a complex cloud environment which has no clearly identifiable boundaries. Technical adjustments are perhaps only part of the solution, organizations also need a well-rounded program which requires strong business involvement. Security must be incorporated into business and data processes throughout the enterprise and not just on the perimeter or in the cloud.

Here are a few elements organizations should consider when developing a program their cloud security defense:

Having a risk-baseD approacHEstablishing an approach based on the perceived risks is essential for organizations preparing to move applications and data to the cloud. There are four main components to a risk-based methodology, this include assessing various levels of risk from a compliance and operational viewpoint; addressing security issues in order of priority; continually monitoring and improving the security environment; and using proven security technologies and flexible sourcing models for security transformation programs.

securing Design applicationsMost applications are not designed to run in a potentially hostile environment. CIOs must ensure that all data and applications are thoroughly reviewed and amended before they are deployed on a cloud platform.

The aim is to make them self-defending, which requires new strategies from developers for

application development and data management. They need to focus on protecting information to ensure confidentiality, integrity and availability. Preferably, architect security should be addressed during the requirements and design phases of a new system with security measures, access control and encryption built-in at a fine-grained level.

ongoing auDiting anD managementContinuous compliance monitoring must be in place for the secure delivery of cloud services. Traditional regimes of monthly or annual audits are meaningless in an environment that is constantly changing.

To enable forensic examination and analysis in the event of a security breach, there needs to be ongoing monitoring and maintenance of incident records and log files. This information must be available in real time to facilitate rapid response, notification and containment measures.

infrastructure anD network securityWhen using a cloud-based service, an enterprise has minimal direct control over infrastructure and network security, including operational procedures, network configuration and intrusion prevention.

These are all critical areas, so it is important that the user undertakes a thorough review of the service provider’s policies as part of the due diligence process during contract negotiation and service sourcing.

5ISSUE 16 | The Hub

10 years ofSince 2005 Injazat Data Systems has been harnessing the transformative potential of ICT to help its clients achieve their goals & objectives.

Injazat Data Systems established in February with

the aim to provide complete IT outsourcing to UAE entities

Injazat holds more than 50% of the UAE's

outsourcing market

In its first 2 years of operation, Injazat signed contracts worth

AED 1.3 billion

Injazat grows 68% in the first year

Injazat launched its Tier IV Data Center. The first in the

region.

2005 2007 2009

2006 2008

4 staff430 staff

600 staff

800 staff

2005

2007

2009

2015

INJAZATStaff

growth over the

years


Injazat delivers world class IT solutions to more

than 50,000 public & private end users

Injazat named ‘Managed Services Provider of the

Year‘ at CNME‘s 4th ICT Achievement Awards 2013

Injazat wins 2010 Frost & Sullivan market Share

Leadership of the Year for the UAE Captive Managed

Services Market

Injazat achieved a customer satisfaction excellence gold star from

Cisco. This designation recognizes Injazat for delivering outstanding

customer service to customers in UAE

Injazat announces that it has added ‘Managed Virtual Data Center‘ Services to its

comprehensive Enterprise Cloud portfolio in response to rapidly growing demand for

premier Cloud Services in the country.

2011 2013

2012 20142010

Gold Certification from

Value-Added Reseller for

Valued Partners

Silver Partner for Portals and Collaboration, Software

Development and Application Integration

Platinum Partnership

The year of its launch, In-jazat played a major role in expanding the UAE IT Outsourcing market by

747%

STrATegIc AllIANceS

A Mubadala Company

7ISSUE 16 | The Hub

Insight

There are countless examples which reiterate the fact that we have to plan for the unthinkable. What business leaders often fail to consider is the complexity of having proper, balanced business continuity capability in the face of disasters. Planning for every eventuality is not always possible, however, and having basic controls in place may not be a fast process. The answer is to break the effort up into manageable chunks and concentrate on those that can be put into place within the shortest possible timeframe.

One of these areas is Disaster Recovery Planning. Disaster Recovery Planning (DRP) is a subset of Business Continuity Planning and focuses on the securing and recovering of digitized information assets. Broader Business Continuity Planning (BCP) activities focus on managing risks and safeguarding or recovering business functions, as well as preparing to

transfered to the service provider• Simple and seamless deployment• Scalable to your requirements• Customizable to suit your specific environment and preferences• Vendor/brand agnostic• Storage agnostic• Reduces resource requirements• Remote and/or automated testing• Consulting services on tap – BIA, RA, Customised disaster recovery plan.• Leveraged expertise and knowledge share

Draas challenges: • Ignorance – Many are still reluctant to adopt cloud-based solutions because they just don’t know if it is a viable solution• Security – Many still perceive the ‘cloud’ to be insecure. Security challenges in the cloud are no different than the security challenges we face in securing platform infrastructure the cloud is

manage the actual crisis and logistics around it should the worst happen.

DRP technology options today allow users to be savvy and create a workable solution in a much shorter time and with much less effort than before.

It may be clear by this point that what I’m referring to are Cloud-Based recovery services, or to be more precise, Managed Disaster Recovery-As-A-Service (DRaaS). Why not let someone else who has the knowledge, resources, space and capability help you on this front? Moreover, if you struggle to justify the budget for in-house expenditures on necessary equipment, DRaaS affords the opportunity to achieve DR goals with a small initial capital cost.

key benefits of Draas: • Although the accountability for DR is retained, the responsibility is

Judging by recent events throughout the world, it is clear that cyber-attacks have evolved, breaches have multiplied, and serious security gaps have been exposed in organizations. Security, and therefore business continuity planning, are in the forefront of business leaders’ minds.

Simplified Disaster recovery Planning


hosted on. We have to be clever about our access control and client segregation protocols. • Location – Many are concerned about the location of the service provider. In the UAE, government-related data is not allowed to be hosted outside the borders of the country.

benefits of using injazat as a service provider:• Cloud hosting delivered from a Tier IV Data Center guaranteeing 99.95 percent uptime• Data is hosted within the borders of the UAE• Pay-as-you-go model• Maximum cost benefits

• ISO27001 certified secure environment• Local expertise• Best-of-breed technology

In closing, be smart about DR, embrace the benefits of new technology and service offerings, be prepared, it could happen to you!

EVENT

malware attack (Organization remains anonymous)

cyber-attack caused physical damage

(Germany)

u.s. office of personnel management

CAUSE

In excess of 4 million client

transaction database entries

wiped. Insider participation

not ruled out.

Hackers had struck an

unnamed steel mill in

Germany. They did so by

manipulating and disrupting

control systems to such a

degree that a blast furnace

could not be properly shut

down, resulting in ‘massive’

damage. Similar to the

Stuxnet saga.

5.6 million peoples’ fingerprint

data stolen

IMPACT

Replicated backup compromised, tape backups incomplete,

approximately half a million client records lost.

Massive reputational damage as the organisation reluctantly

asked clients to send details of the last six months captured

transactions back them to be manually recaptured. Huge

financial impact as some transactions could never be restored

including outstanding invoices.

Massive financial impact as furnace had to be rebuilt and

production reduced to a trickle for months.

Legal liability of unfulfilled contracts

Reputational damage

Who knows what you can do with these! So many

applications can be compromised, banking, pension funds,

restricted access areas, etc.

Impact incalculable.

Recent attacks

9ISSUE 16 | The Hub

Interview

Ammar Qurneh, CTO of Injazat Data Systems, speaks about his role and plans to enrich the company’s service offerings with a greater emphasis on quality

raring to go


areas of dynamic infrastructure, with sophisticated and secure tier 4 data center, I intend to capitalize on this success and ensure that Injazat remains to be the first choice for all clients. This will be achieved by remaining current with latest technology innovations and continue to invest and enhance Injazat’s service offering. As for my third objective, I’ll be focusing on our most important assets, which is our people. Providing training and maturing the skills of Injazat’s employees, as well as attracting top skilled individuals to be part of Injazat’s future growth and success.

What unique qualities do you hope to bring to the role? In my role, I am planning to lead the execution of Injazat’s mission by blending advanced IT solutions with clients’ domain business processes. This will be done systematically by evaluating strategic, business, technical and financial implications for all of our clients. Injazat will continue to drive progress and improvements with the objective of delivering efficient and effective services to our clients, while maintaining top quality and low cost.

What opportunities do you see within your new role?The current market remains relatively strong for ICT services. As such, I see large opportunities in cloud services and mobility. Additionally, cyber security, business intelligence and analytics are areas where Injazat will be focusing with

the objective of helping our clients reduce cost, while maintaining a high-level of security and quality. Furthermore, Injazat is now greatly investing in new technologies and innovative ideas, trying to bring optimal solutions for our clients.

How do you measure your success as a CTO?After joining Injazat and having the chance to interact with colleagues at all levels, I was impressed with the skills and competencies available within Injazat. As such, I believe we have the opportunity to be the number one choice for every client helping them solve complex challenges and exceed their expectations. My success is measured by client satisfaction, where additional opportunities are given to Injazat based on trust and quality of service.

“after joining injazat and having the chance to

interact with colleagues at

all levels, i was impressed with

the skills and competencies

available within injazat.”

Tell us a little about your background.I’ve been in the IT profession for over 18 years, supporting international government, defense as well as private sector clients. I hold a Master’s degree in Management Information Systems from Johns Hopkins University and a Bachelor of Computer Science degree from George Washington University. Prior to joining Injazat, I was an Executive Director working for an elite government organization (ADSIC), helping them in modernizing and implementing the ICT agenda for the government of Abu Dhabi.

What made you join Injazat Data Systems?Injazat, being a well-known government owned organization and supporting a heterogeneous mix of government domains, compelled me to believe that I can contribute to the overall goals of the organization, given my ICT background and knowledge in the government arena.

What will be the top three organizational objectives or initiatives that you plan to drive?Quality of work, client satisfaction and Injazat’s capabilities are my top priorities. I believe this can be achieved by understanding clients’ challenges, increasing transparency and providing competent professionals to address clients’ needs. Additionally, given that Injazat has a substantial market share in the

11ISSUE 16 | The Hub

Cyber-threats to any organization are usually blamed on outsiders – criminal programrs writing malicious code designed to pilfer your corporate intelligence, siphon your confidential customer information or raid your financial data. However, that doesn’t paint the whole picture when it comes to cyber-threats. The reality is that external actors are often given an easy route to that data – as naïve employees leave the organization’s vital doors wide open.

Against this precarious backdrop, Injazat Data Systems and Kaspersky Lab have partnered to introduce their cybersecurity education program in the United Arab Emirates. Both firms are in agreement that effective processes and technologies are needed for success in cybersecurity. However, they realize that without the right levels of training for staff – both average users and IT specialists – neither will achieve their full potential.

existing pain points identified by the security team and allows an instant focus on the most likely routes of a cyber-attack.

Using this information, Injazat and Kaspersky aim to provide assessments which focus on employees’ current knowledge of cybersecurity using assessment tools, knowledge tests and simulated attacks to understand how employees react to threats on a daily basis.

As part of the training, the cyber safety game workshop brings employees together to go through a one-day interactive session with experienced security professionals. They are able to interact in the game and discover the techniques used by the cybercriminal, not just from a business perspective but also a personal level through the many electronic devices we use on a daily basis in different situations.

Leaders of the Cybersecurity Awareness Program have defined a clear ethos as to what constitutes

The benefits of cybersecurity education are clear and long-lasting. Recent studies have shown that 80 percent of cyber-incidents within an organization are caused by user mistakes and ignorance, while educated employees can decrease the number of security incidents by 90 percent.

Cybersecurity education and awareness is therefore the must-have element of security and is essential for all organizations. Building a highly educated workforce is key to mitigating cybersecurity risks at all levels in every part of the organization.

Injazat and Kaspersky’s Cybersecurity Awareness Program offers a holistic and practical training approach, which covers a cyber safety culture assessment, cyber safety games workshop, a skills training platform and interactive protection simulation.

The firms’ structured Cybersecurity Awareness Program focuses on an organization’s

Injazat Data Systems and security firm Kaspersky have partnered to provide cyber crime awareness and education in the United Arab Emirates.

aligned against crime

Insight


an effective cyber defence culture among employees. First and foremost, they believe that awareness is fundamental to any organization’s efforts in combating threats. They realize that the biggest challenge is changing the behavior of employees – executives, managers and staff. With a weak security culture, any organization is doomed to face problems.

The course leaders understand that both user ignorance and a blame culture for cyber incidents must be eradicated. Users need to be guided as to the basic dos and don’ts, and be given the appropriate

guidance and support, so that they are able to not only prevent the risks of incidents, but also have the confidence to admit if they haven’t followed guidelines.

What’s important is to ensure that employees of all levels are not a liability in terms of protection, but an asset that can collaborate with IT security to assist proactive solutions.

The program is offered to three grades of end-users, starting at Level 1, which teaches cybersecurity fundamentals. This course is relevant to any enterprise customer looking to improve

the level of general employee knowledge, and is aimed at regular PC users, managers, executives, junior IT and junior IT security employees.

Level 2, teaching digital forensics, targets employees from enterprises that or have their own security operations centre and or deploy CERTs, who may find themselves working on incident response.

Malware analysis and reverse engineering constitutes the Level 3 course, and is designed for employees from enterprises that maintain a skilled team of malware analysts and researchers.

Atif Albraiki has been heading the Applications Delivery division

in Injazat Data Systems for the past year. In this capacity he leads, manages, and directs the application delivery services to meet market demands.

Prior to joining Injazat, Albraiki worked at Zakum Development Company (ZADCO) and C4 Advanced Solutions (C4AS). He

assumed many roles in these organizations, where he was later appointed as Applications Group Manager in C4AS. In that capacity he led software development delivery capabilities for one of C4AS’ main managed services account. He led and ensured the successful delivery of various software development projects to meet client demand.

Albraiki holds Bachelor degrees in Computer

Engineering and Information Management and Technology (both with honors) and a Master’s degree in Computer Engineering from Syracuse University, Syracuse, New York, USA. He is also a Certified Project Management Professional (PMP) under the Project Management Institute (PMI) and a Certified Information Technology Infrastructure Library (ITIL) Foundation v3 practitioner.

Atif Albraiki, Head of Applications Division

EMpLOYEE SpOTLIghT


news

Injazat Plays for lifeInjazat sponsors the eighth edition of the annual “Play for Life” football tournament organized by the Imperial College London Diabetes Centre (ICLDC) in partnership.

The Play for Life, now in its eighth year, has again attracted 320 players representing 16 of Abu Dhabi’s leading organizations.

The annual event helps promote a healthy lifestyle creating the opportunity for corporate team members to play together and experience the benefits of exercise.

It is part of Imperial College London Diabetes Centre’s (ICLDC) public health awareness campaign, ‘Diabetes-Knowledge-Action’ under the patronage of Her Highness Sheikha Fatima bint Mubarak.

Injazat expands secure cloud offeringIn the UAE alone, cloud services are expected to grow at a rate of 43.7 per cent until 2016 according to a report from the International Data Corporation (IDC). Injazat’s new breed of cloud technologies provide the performance, scalability and accessibility that users demand, which, in turn, will lead to increased awareness of the opportunities offered by cloud computing. Furthermore, the robust and secure Injazat cloud framework, together with enhanced security services, will have a significant and positive impact on organizations’ time-to-market, compliance and costs.

Injazat has recently seen a significant uptake of high-performance cloud technologies which has quickly become a major focus for both government and enterprise customers across the UAE. The enhanced portfolio of secure cloud services is

designed to provide maximum uptime and flexibility with the highest levels of data security.

Injazat’s new service will play a key role in optimizing business efficiencies in the UAE, further supporting its efforts to establish the UAE as a regional leader for advanced technology adoption. The offering builds on the company’s eight-year track record of market leadership and its pioneering approach to managed services. Injazat continues to

augment key technology sectors such as cloud computing to accelerate the development of Abu Dhabi, in particular, into a full-fledged knowledge-based economy under the Emirate’s Economic Vision 2030 development strategy.

Injazat will also offer secure cloud services to businesses across the Middle East, delivering local support combined with a mature framework of integrated processes and governance.


Mubadala and IBM will establish the joint venture through Injazat Data Systems, which will be the exclusive provider of Watson technology in the region. The companies will collaborate to deliver powerful Watson cloud-based cognitive computing to healthcare, retail, education, banking and finance organizations. The new joint venture will also create a broad regional ecosystem of partners, entrepreneurs, start-ups and app developers who will apply Watson in innovative ways throughout MENA.

Watson represents a new era in computing in which systems are able to interact in natural language, analyze large volumes of unstructured data, respond to complex questions with evidence-based answers, and discover new actionable patterns and insights.

The availability of Watson in MENA demonstrates Mubadala’s strong commitment to spurring

The three-level security training program, which targets employees from government entities, IT specialists, Emirati talent and fresh graduates, offers an educational platform to raise awareness on topics related to cyber security including cyber forensics, malware analysis, and reverse engineering.Injazat and Kaspersky Lab specifically developed the program to support businesses as they promote the role of cyber security in their operations, which is key to protecting the infrastructure and intellectual property of government entities and the private sector. The first level of the program is a two day course that introduces cyber security fundamentals, different types of attacks and gives a comprehensive picture of the threat landscape. The second level consists of two courses, discussing malware analysis and reverse engineering. The third and final level, similarly broken down into two courses, covers advanced malware analysis and reverse engineering. Upon successful completion of the broad curriculum, certification is given to attendees.

Injazat and Kaspersky lab to offer security training program

IBM and Mubadala to bring Watson to the Middle East & North Africa

innovation and growing the technology ecosystem throughout the region. The collaboration with IBM exemplifies Mubadala’s philosophy to capitalize on investment opportunities in various industries such as Information and Communications Technology (ICT) to support the diversification of Abu Dhabi’s economy and strengthen its competitive position in high-growth sectors both locally and internationally. IBM, in turn, will draw on Mubadala’s deep regional market knowledge to drive the adoption of cognitive computing technology across MENA.

To advance Watson, IBM has two dedicated business units: Watson, established for the development of cloud-delivered cognitive computing technologies that represent the commercialization of “artificial intelligence” or “AI” across a variety of industries, and Watson Health, dedicated to improving the ability of doctors, researchers and insurers to surface new insights from the massive amount of personal health data being created and provide turnkey solutions to deliver personalized healthcare.

IBM is currently working on hundreds of projects to expand Watson’s industry domain knowledge, as well as teaching the system new languages such as Arabic, Spanish, Brazilian Portuguese and Japanese.


About USInjazat Data Systems is an industry recognized market leader in the GCC region for Information Technology Outsourcing, Data Center and Managed Services. The Injazat Data Center is both Tier IV design and ISO 27001 certified, a distinction that differentiates it as one of the unique facilities in the region.

IT outsourcing:We offer end-to-end IT services to enableour clients to build and manage highly available IT platforms to meet theirbusiness and security objectives.

Enterprise Cloud Services:Injazat supports your business with a pay-as-you-go approach without upfront capital investment, delivered locally from its UAE Data Center.

Data Center Managed Services:We offer a wide range of managed services out of our Tier IV design and ISO 27001 certified Data Center, which provides a highly reliable and secure platform, along with world class 24/7 delivery.

Learning and Development:The Injazat Institute aims to enhance the competency of UAE professionals and improve their ability to support their organizations.

Enterprise Applications:We collaborate with clients to align their organizations’ applications with business priorities and operational requirements.

Consulting and Business Process Outsourcing:Our portfolio of consulting solutions and project management will help drive revenue your growth and maximize operational and organizational efficiency.

Cyber Security Managed Services:Injazat has a wealth of experience andknowledge with the architecture, design and Implementation of security based solutions. Injazat has a strong team to understand the security policies relevant to an enterprise and to architect an end to end solution based on the business requirements, meeting the UAE specific security policies.

Our ServIceS

A Mubadala Company

the hub - issue 16

Documents