Tuesday, September 04, 2018

ISODA announces new management committee for 2018-2019

The tenth AGM of ISODA (Infotech Software Dealers Association) announced N K Mehta as its Chairman and Gunasegharan Krishnan as the association’s President for this year. 

The Infotech Software Dealers Association (ISODA) concluded its Annual General meeting last week in Mahabalipuram. 
It was 10th year of the formation of ISODA incepted in 2008 by a handful of channel companies and its owners primarily to fight the taxation structure for software industry at that time. 
ISODA has now grown into a full-fledged and active IT association encompassing over 180 members including channel companies, tech OEMs and others. 
Prashant Jain of JNR Management Resources and ISODA member presided over the election of new management committee (MC) at 10th AGM 

My immediate priority as the chairperson of one of India’s Premium IT Associations ISODA is to create a five year leadership plan, for a better focus on long term vision and thus make a visible difference for ISODA and its members.
N K Mehta
Chair Person, ISODA
N K Mehta, Managing Director, Secure Network Solutions became the Chairman, after being the Vice Chairman last year. Gunasegharan Krishnan, Director, eCaps Computers became the President after being the Vice President last year. 

….


Wednesday, April 18, 2018

Are you FAST enough for SAST & DAST?

Banking and Financial Sector companies have come a long way from the conventional banking system to modern means of providing various services to the customers at their finger trips. Long days of wait for cheque clearances, long queues at tellers and the rate of which each transaction used to occur is long gone. Now you have Internet Banking System, Mobile Banking System, and Interactive Video Customer Services. Opening of bank accounts through tablets right from the customer’s home, online transactions through NEFT (National Electronic Fund Transfer), RTGS (Real Time Gross Settlement), IMPS (Immediate Payment Service), payment wallets and several such new features have modernized and simplified banking activities. Technology brings fantastic benefits.
However, the IT teams of these financial sector organizations who are into modernization face tremendous challenges. On the customer front, they need to ensure intuitive, colourful and easy to use customer interfaces that ensure their customers do not have to be computer savvy to use their applications. But on the back-end, it all ends-up with millions of lines of coding, software development and integration to multi-channel interfaces.
Not all off-the-shelf applications can be utilized in all banking environment. Bespoke development is required to meet the specific needs of the local regulations, target customer base and modes of interaction.
Secure coding practices are now incorporated as a first lesson in programming. Any ‘bug’ unintentional or intentional brings risk and exposure that may result in downtime, data loss and financial implications. Constantly evolving threats mean the development team can never conclude ‘Our product is ready to be launched’!
Scanning of source code, identifying vulnerabilities of the code and remediating the gaps are important factors of source code analysis. Prevention of application layer vulnerabilities and Web security breaches mean half-the-battle won.
Banks have realized the need to ensure highest security to the customer data and transactions while adopting the modern technologies. Security begins right from the first step of development of the software application. Therefore, Static Code analysis becomes the first step in Application Security. Similarly, once the application goes online, the behaviour of the application in various scenarios (the running state) need to be tested for any vulnerabilities as well. Together, Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools are key in the Bank’s IT Security armoury. And both these tools should be tightly integrated throughout the Software Development Life Cycle (SDLC).
Here is a simple checklist: Are you launching custom developed web and mobile applications for your customers? Are you handling critical data? Are you fast enough to adopt SAST and DAST?
~ M.K. Mohan

Knocking-off NAC, just not yet!

Happiest days of Networking? Desktop wired to a face plate, wired back to the switches and you must be physically present to access the local or corporate network resources. Then came the flexibility of laptops. You can carry it wherever you want. Presentation at a customer place, no issues. Design your presentation, off-you go, attach to the projector at the conference room and deliver a presentation. But back to the office network, you need that magic RJ-45 Ethernet cable to get hooked to the corporate network. One file server, and one print server, and somewhat advanced networks you used to have mail servers.
Then came the wireless networks. Laptops needed a PCMCIA card to make your connection wirelessly. Yet, some control with the network administrators. Introduction of built-in wireless devices, introduction of smart phones, tablets and umpteen other devices resulted in complete loss of control and administrators now with sophisticated designations as ‘Security Administrators’ started feeling the heat.
Network Admission or Access Control (NAC) is all about right people accessing right resources in compliance to the corporate security policies. No more and no less.
You want your employees to be connected 24×7? Mail clients on mobile, fancy mails tags such as ‘Sent from Outlook for Android or Sent from iPhone’? Now you are talking about what to control. How would you restrict an employee downloading a corporate email attachment to the phone and then sending it back to his or her personal email address?
Access to Corporate resources through mobile apps, Web based applications, Time and attendance, Sales and CRM from anywhere, anytime from any device, you are talking about a wide spectrum to monitor and control.
NAC is not the newest of technologies in the block. It has been there for at least two decades. Now why this renewed focus? Wireless infrastructure allowed employees, contractors and guests to access Corporate network. However, you want to restrict Guests to only access Internet and not the Intranet. You may want to allow contractors to Extranet, but not to access your internal file servers. Employees need to access certain resources, but only when they are in certain locations. Access to corporate applications from an Internet Café means a complete clean-up of session after your complete your work or risk of losing corporate data to outsiders. Organization’s decision to BYOD (Bring Your Own Device) may spell doom to CSOs and may mockingly become Bring Your Own Death (BYOD).
Protecting sensitive data, improved productivity, flexibility in BYOD, ease of deployment and ease of management are the factors a CSO to consider before deciding on a NAC solution.
Simple questions to ask yourselves before picking-up a NAC solution:
Can it provide complete visibility? Do I get detailed reporting for compliance? Can it offer context-aware policies based on user role, time, location and the kind of device he or she is accessing the corporate resource from? How much overhead it brings to the administration and management. Can the process of onboarding a user, enrolment and logging be completely automated to bring seamless experience to the users? How can I integrate with existing MDM (Mobile Device Management) solutions?
Now, we can call its NAC 2.0. A rejuvenated NAC. Or NAC reborn! Whatever you may choose to call, don’t knock-off NAC from your IT security budget. Not just yet!
~M.K. Mohan

Make way for SDP

My grandfather often used to recollect his father’s advice: Never buy lands beyond what your eyes can see! Obviously, beyond your direct vision of your lands, nobody knows who is utilizing them, and how. Drawing the analogy to the modern-day Network Managers, you can’t manage the network you can’t see.
Modern day networks are large and complex with disparate systems, security and monitoring tools. Often, these tools are purchased and deployed to address one immediate requirement with no deep-down thinking or long term thought process. Network managers are left with so many stove-pipe solutions and many places to look at when it comes to troubleshooting. Compliance to various security agencies and government requirements mean more and more security tools.
Put together can these tools are able to still leave them with a good night’s sleep is still a question. Network Visibility is becoming a key discussion point in all IT discussions. How much you know about your network and how well is the question!
From a legacy (is it too early to call it a legacy?) data center where rows of racks are stacked with switches, routers, VPN concentrators, firewalls, Intrusion Prevention Systems and log analysis appliances, to the newer data centers that have hundreds of virtualized components due to the advent of Software Defined Networking (SDN) and Network Functions Virtualization (NFV), getting the complete picture of what’s going where is still a puzzle.
Newer threats such as encrypted attacks, malware, ransomware and even the hardware related bugs that can be exploited by hackers only add to this complex picture of lack of visibility in your networks.
Of course, we have SIEMs, Log analysis and network monitoring tools. But they pose a challenge of media limitations (1G tools in a 10G network), domain or scope of these tools and constant need to upgrade and update them calling for a downtime, and therefore, time gaps in networks being protected.
When networks scale very fast, these security tools don’t. While data at rest is handled through encrypted storage solutions, data in motion remains vulnerable always.
Therefore, the resulting network in present shape, leaves several blind spots, inconsistent view of traffic, veiled encrypted traffic and constant contention for access to traffic.
The solution for these challenges is the Security Delivery Platform (SDP). Instead of looking at point solutions, it aims to provide visibility across the entire infrastructure. You have inline security tools (eg. Firewall) and non-inline tool (eg. SIEM) that needs access to the traffic through TAPS (Traffic Access Points). Limitation of limited TAPS need to be overcome to have better visibility.
Total visibility means not only seeing everything, but also not to miss something that’s very important too. With network traffic growing exponentially, challenges of sophisticated threat patterns and malware that comes in encrypted forms, directing right and meaningful traffic to the right security tools is the only way to have a greater control of your network.
Government agencies, financial sector companies, Healthcare, Media, ecommerce and even technology companies are turning to Secure Delivery Platform (SDP) to address the above challenges. Need to maintain total network visibility on-premises in your data centers and in Cloud means time has come to make way for SDP!
~M.K. Mohan

Friday, January 23, 2015

Tuesday, December 23, 2014

Another article published by Gulf Daily News in Your Views Section today - "Facing Challenges"


Facing challenges

New country, new people, new work environment, opportunity to learn a new culture and a tax-free salary package; a dream for any expatriate to choose to work in the Gulf countries. However, the initial excitement fades away if homework is not done properly. Later, it turns into a challenge as well.
Income of an expatriate has to be divided into three '“ one portion to spend for living here, one portion to be sent home to take care of their parents or family left behind, and the third goes into future planning '“ as most of them have pension-less jobs offering no security post retirement.
So the direct conversion of dinars into home currency might have created an excitement, but when the same gets divided into three portions, it makes you blink at the stark reality. One has to lead a below average life here to save for the other two portions.
The income tax-free package too turns out to be an illusion as huge expenses are involved in annual travel back home and buying gifts for near and dear ones.
Insurance, investments in mutual funds, equities or properties, home loan, personal loan and equated monthly instalments eat away any of your desires of leading a comfortable life. And most importantly, when one works long enough in the Gulf and returns home he or she realises that all their lives were squandered thinking about tackling the future, with no focus on the present.
People from developing economies get excited about the improved conversion rates on their currencies. They have apps installed on smartphones or laptops to constantly check the current rate.
But stop for a moment and think whether the increase of one point (or one unit) gives people back home any increased buying power. Does the cost of living offset the additional income?
Websites that offer free financial consulting, retirement planning and investment tips scare you when they calculate and present that you need few tens of thousands of dinars today to lead a better post-retirement life. And how in the world the average earning expatriate is going to generate this few tens of thousands of dinars in one go?
Gulf countries do not offer citizenships or long-term residence permits. A few avenues have opened up such as residences for business owners and property investors. However, not all expatriate employees can avail of these benefits.
Dollar pegging keeps inflation under control, which makes employers to keep the salary levels same for several years altogether.
Therefore, the financial growth is fairly static over the years while the industry's salary standards grow constantly, if not dramatically, across the world.
So, after spending several years, one may find their peers back home are more or less getting the same salaries as you do and are lucky enough to spend their lives with their families.
Mohan Krishnamurthy

Saturday, August 23, 2014

Launching Almoayed ICT, Kingdom of Bahrain

Sunday, 10th August 2014

Almoayed Group is one of the leading ICT solutions providers with more than three decades of dedicated ICT and associated technologies experience in Bahrain, the GCC and Middle East region.
It was established in Bahrain in 1982 by chairman and founder Nabeel Almoayed, with the vision to develop, deploy and support innovative, quality and sustainable ICT solutions and services that meet the needs of valued customers in Bahrain and the region.

The company has since established a track record as a leader in the IT sector. It has played an integral role in the development of the kingdom’s “technology infrastructure”, and in the process has developed a wide range of strategic partnerships and alliances with technology industry leaders such as Cisco, IBM, Avaya and EMC, just to name a few.

Almoayed Group is now proud to introduce Almoayed ICT – a consolidation of the various existing divisions and group subsidiaries currently operating within the Information and Communications Technology (ICT) sector.

The newly-registered entity will incorporate Almoayed Data Group (ADG), Almoayed Telecom (Amtel), Almoayed Networks (Amnet) and other subsidiaries under one unified structure. “Our aim is to create a platform for future growth,” said executive director Dr Nawaf Almoayed.


“Unifying our various entities is a key part of our long-term strategy, and will provide us with the necessary framework to achieve our growth targets.

“The new entity will be better geared to serve our customers by combining resources and expertise under one roof and will serve to reinforce our position as a turnkey solutions provider for all our customers’ ICT requirements.”

The ICT sector has been identified as one of the key sectors and prioritised for development by the government of Bahrain in its National Economic Strategy.
With this news Almoayed ICT reaffirms its commitment to Bahrain Economic Vision 2030 by providing the latest in cutting-edge technologies and IT infrastructure requirements for the kingdom.
With a highly experienced, qualified and dedicated workforce, Almoayed ICT is at the forefront of service and quality.

“The ICT industry is inherently one of the most dynamic and fast-changing industries, and our organisation has evolved pro-actively over the past three decades,” said Almoayed Group Chief Executive Parag Bhave.
“We are proud of our history that is synonymous with Bahrain’s development and progress in the past 30 years and our technological capabilities continue to evolve and grow.
“Our customers depend on us to build and deploy effective and reliable solutions and to provide comprehensive, trustworthy business support.

“Under Almoayed ICT we will be better positioned to provide a more comprehensive and wider range of solutions to our valued customers covering all fields of ICT.”