Eyes on APAC


May 15, 2017  7:13 PM

Cyber attack highlights supply chain vulnerabilities

Aaron Tan Aaron Tan Profile: Aaron Tan

The cyber attack on the computer networks of the National University of Singapore (NUS) and Nanyang Technological University (NTU) last week has once again cast the state of Singapore’s cyber security into the spotlight.

According to the Cyber Security Agency, the attack appeared to be the work of advanced persistent threat actors who were looking to steal information related to government or research. The two universities have close research links with Singapore government agencies through projects such as self-driving buses.

The attack should come as no surprise. With the removal of Internet access from the work computers of civil servants, it was only a matter of time before hackers find creative ways to access government-related information through so-called supply chain vulnerabilities.

What this means is that instead of targeting victim networks directly, cyber attackers simply exploit any software or network loophole of a victim’s suppliers or partners to get to the victim itself.

This has long been a concern in cyber security circles, since it can be difficult for organisations to enforce or prescribe specific cyber security measures for suppliers and partners – beyond broad service level agreements. Prior to the NTU and NUS incident, groups such as APT10 have already launched campaigns to steal data from organisations via their managed service providers (MSPs).

Besides MSPs, SMEs (small and medium sized enterprises) that provide services to large enterprises are also prone to supply chain attacks. Many SMEs do not have dedicated IT departments, let alone security teams to fend off potential attacks.

So what can organisations do? For now, there are few standards that address cyber security issues related to the supply chain. The Payment Card Industry Data Security Standard (PCI DSS) is one of them. It not only offers vendor management guidelines, but also specifies safeguards such as the use of encryption.

More importantly, organisations should put in place a vendor management programme that includes identifying the most important vendors and requiring strict documentation of controls and processes. The programme should also be integrated with an organisation’s compliance practices. You can find out more in this guide by SANS Institute.

As for SMEs, the Singapore government has been working with industry bodies to promote awareness of cyber security among smaller firms in recent years. But it is uncertain if these awareness programmes have the intended effect, going by the data breaches that continue to make headlines.

Beyond awareness programmes, more tangible support is needed to improve the cyber hygiene of SMEs. This could take the form of a shared service where experts conduct annual cyber security audits for SMEs to determine areas that can be improved. This will also address the shortage of cyber security expertise that many SMEs are facing today.

May 12, 2017  6:04 AM

Focus on business problems, not technology

Aaron Tan Aaron Tan Profile: Aaron Tan

A new survey by Gartner has found that CEOs in the Asia-Pacific region believe that “conventional technologies” such as cloud, ERP, analytics and CRM will help them to improve productivity, rather than “technologies that support digital transformation such as artificial intelligence (AI), internet of things (IoT) and robotics”.

“Asia-Pacific CEOs want to increase profit margins while maintaining sales growth, and they expect IT to play a strong role in this,” says Partha Iyengar, vice president and Gartner fellow.

“The problem is that Asia-Pacific firms aren’t moving fast enough to capitalise on this potential. Their focus on conventional technologies will likely have less of a transformative effect than more innovative technologies.”

This is despite their awareness and understanding of the major impact that these key digital business technologies will have on their industry, Iyengar adds.

I beg to differ. While cloud, analytics, ERP and CRM may be deemed by Gartner as conventional technologies, they form the backbone of any modern enterprise that powers the so-called innovative technologies like IoT and AI.

After all, IoT – at its core – is all about collecting data from sensors and devices to generate insights to solve a problem, improve a business process or predict when a milling machine will break down.

How else can this be done without the use of big data analytics – and even AI in more advanced applications? Plus, most of this data sits on ERP systems (including cloud-based ones) that are increasingly being augmented with machine learning capabilities.

Making the distinction between conventional and innovative technologies will not help organisations in crafting their digital strategy. Instead, the focus should be on identifying business problems and applying a suitable combination of technologies to solve those problems.

After all, who is to say that implementing cloud-based business applications will have less of a transformative effect if those investments can translate to improvements in customer experience, employee productivity and, in some cases, open new markets?


May 5, 2017  9:59 PM

Does open source still matter?

Aaron Tan Aaron Tan Profile: Aaron Tan

At the Red Hat Summit this week, scores of developers and business executives descended in Boston in one of the biggest gatherings of its kind in the global open source community.

The message to the thousands of participants was clear: the open source development model that brings together creators and users of software to solve business and societal problems is winning.

From Singapore’s myResponder app that activates volunteers within the vicinity of those suffering from heart attacks to the transformation of government services in Mexico, open source software has sparked some of the world’s most inspiring innovations.

While these open source powered initiatives are laudable, will they still accomplish their goals if the underlying technologies they are using aren’t open source?

In fact, most CIOs I’ve spoken with over the years don’t really care if a piece of software is open source or not. What matters more is that the software works as promised and solves their problems at a price that they are willing to pay.

During the summit, I asked Dirk-Peter van Leeuwen, Red Hat’s senior vice president and general manager in the Asia-Pacific region if open source still matters.

His take was that more than ever, companies can’t ignore the cutting edge innovations delivered at a rapid rate by open source communities if they were to compete in a fast-changing business landscape.

I agree to some extent, but I’d argue that those innovations aren’t necessarily exclusive to open source projects. With enough market demand, there will be suppliers – open source or not – that will develop what the market needs and at a pace that’s necessary to fulfil that demand.

I think the real strength of open source lays not so much in the final product, but the values of collaboration and participation espoused by the open source community in software development.

Even if businesses pick a piece of proprietary technology over an open source one, they would do well to embrace those values in tackling the challenges that come their way.

Do you think open source still matters? Tell us more in the comments!


April 27, 2017  8:54 AM

Automate, but not for the sake of it

Aaron Tan Aaron Tan Profile: Aaron Tan

In Singapore, where labour is scarce and expensive, automating work processes to improve our productivity and free up time for higher-value work seems like a no-brainer.

Yet, it is only in recent years that more companies, especially small and medium-sized enterprises, in the city-state are heeding the call to automate, due in part to efforts by the government to encourage organisations to improve the productivity of their workers.

Automation, however, is not just limited to factory floors, restaurant kitchens and airport terminals. There’s room for automation in the office, too.

In Singapore, 60% of managers still spend three hours a day processing work e-mails, according to ServiceNow, a supplier of cloud-based automation tools. Many of these e-mail requests, especially internal ones, simply involve the basic processing of straightforward items, like purchase orders or invoices, says ServiceNow’s senior director Chris Pope.

Globally, employees spend 40% of their time on administration work, going by ServiceNow’s 2016 State of Work Survey. That’s equivalent to two full days per week which could be used for high value work.

But why aren’t we automating these inefficiencies out of our organisations? Corporate culture plays a part – some people may be resistant to change. Others might not know that certain manual processes can be automated.

In fact, Pope says the biggest challenge in automating work processes is in understanding all the manual processes that take place within an organisation. “Since they are so ingrained within organisations, often, people don’t have an awareness of every single function.

“Today, with the advancement of IoT technology, there is the ability to build sensors into so many more areas of working life, allowing real time monitoring of systems and then seamless automation of response processes, without human intervention,” he says.

While there’s no doubt that automation will do us good, it also needs to make sense for companies from a cost and technology perspective.

I remember talking to the CEO of a Singapore-based laundry service that switched from bar codes to RFID (radio frequency identification) chips to automate the tracking of laundry items, only to revert to using bar codes again within six months.

The CEO was blindsided by the allure of tracking items in one fell swoop, which made sense from a productivity point of view, but not so much from a cost perspective as RFID chips are still more expensive than printing bar codes.

When you’re only making a couple of dollars from washing a shirt, tagging each item with an RFID chip that costs about 50 cents clearly does not make sense despite the improvements in productivity.

So, yes – go ahead and automate, but not for the sake of it. More importantly, know what you’re getting into. The resources wasted in implementing a bad decision for your company could have been put into more productive use.


April 19, 2017  6:56 AM

Celebrate digital transformation failures, not just successes

Aaron Tan Aaron Tan Profile: Aaron Tan

Unless you have been living under a rock, you would have heard of the term “digital transformation” that has been bandied around over the past few years by technology suppliers big and small.

And why does it make a difference now, given that organisations, including governments, have been embracing technology to improve work processes and meet other business goals since the invention of the computer?

While digital transformation has been happening for decades – Singapore’s national computerisation programme, for one, started in the 1980s – I think what has been driving the resurgence of the term in recent years is the democratisation of technology, including artificial intelligence, and cheaper access to computing power in the form of cloud services.

Together, these factors have enabled a wider pool of organisations – beyond large enterprises with deep pockets – to tap into the so-called SMAC (social, mobile, analytics and cloud) technologies that have the potential to transform industries in orders of magnitude compared to the last two decades.

Stories of such organisations abound. We recently reported on how Mojo Power is using cloud-based microservices to shake up the energy market in Australia, by delivering power consumption data in real-time to households. Another upstart, Ninja Van, is using automation and algorithms to improve customer service and optimise delivery routes, disrupting the logistics industry in Southeast Asia.

Sure, those companies were born in the digital age and would undoubtedly take to digital transformation like a duck to water. But it isn’t just upstarts that have been making waves in digital transformation. Big boys like DBS Bank in Singapore and oil and gas giant PTT in Thailand are harnessing big data analytics to reduce trade anomalies and better understand customer needs, respectively.

One question that is often overlooked when we read about these success stories is: how did they do it? Perhaps more importantly, how did they overcome any resistance to change? And for companies such as traditional general insurance firms that have built their businesses around agents, how did they walk the tightrope between selling direct to consumers over the internet and ensuring their agents continue to keep their rice bowls?

Oftentimes, it’s never about the technology that determines whether an organisation is successful with any digital transformation effort. Building a culture of change is just as important – if not the most important ingredient – for success. After all, if people are resistant to change, you’re never going to get any buy-in, even if the benefits are obvious.

I remember driving a digital transformation pilot project years ago at an organisation that wanted to reach out to young consumers who were adept at using instant messaging (IM) as a form of communication. The idea was to roll out a live chat widget on the organisation’s website so customers can connect with service reps, some of whom had not used IM tools before.

The project was supported by the CEO, and I had put in place a change management plan that included training service reps on IM lingo and working with affected staff on the operational changes required to support an additional service channel.

While almost everything went according to plan and the pilot service was well-received by young customers, the culture of maintaining the status quo among some service reps and senior decision makers meant that the project did not go beyond its experimental phase.

These anecdotes hardly make it into the stuff we read on digital transformation, which tend to focus on success stories. Yet, I’d argue that such ‘failures’ should be celebrated, and are just as important in helping organisations understand what it takes to succeed in digital transformation.


April 10, 2017  1:54 PM

Will you trust a machine?

Aaron Tan Aaron Tan Profile: Aaron Tan

In the science fiction drama series Humans, Laura feels displaced by Anita, a humanoid robot known as a synth that was bought by her husband to help with the household chores.

Imbued with human-like intelligence, Anita – and the rogue code in her that powers her alter ego Mia – does a great job at being a nanny to the kids and washing dishes. But unlike her fellow synths, she has a sense of consciousness, to the point of being manipulative at times.

While synths may appear to be far from reality, they don’t seem too far-fetched, given the rate at which artificial intelligence (AI) is advancing.

Consider Erica, the well-known human-like autonomous android that says she (or it?) wants to explore the outside world in a recent documentary produced by The Guardian.

Erica even cracks robot jokes and desires to move her arms and legs – which her creators at ATR Institute in Kyoto say will happen someday.

The thing is, Erica’s main creator Hiroshi Ishiguro created her not only for the oft-cited purpose of automating mundane tasks for humans, but to understand what makes us human, including what it means to interact with others, be creative and have a personality.

Assuming Ishiguro gets his way in representing humanity in robots, how should we interact with humanoids? What impact would they have on society, besides making us more efficient?

Should we treat them as humans, partnering us on factory floors and trading floors? Will they succumb to failings such as greed that have plagued mankind for thousands of years? Can we trust them to take care of our children?

Over the weekend, I had a conversation with my wife about whether she would trust a humanoid like Anita to take care of our son, like a nanny or domestic helper would. She couldn’t give me a clear answer, although I suspect she is wary of the bond that may form between the humanoid and our son – like how Laura felt in Humans.

And how should we interact with them? Do we bark out orders because they are machines and hence there’s no need for pleasantries? A friend recently recalled an executive who was criticised by his business associates for passing curt instructions to his personal assistant (PA) who was copied in his emails. The thing is, that executive’s PA is an AI programme and not a human being.

Today, discussions on human-machine interactions are mostly centred on feedback loops that enable us to correct the mistakes of machines, like how we would with a child. The social, cultural and psychological impact of AI is often not discussed enough, primarily because most of the rhetoric on AI today is shaped by technologists and business people, not anthropologists.

I believe that impact will be intertwined with how we view a robot, which may not be a person or a machine after all. As Dylan Glas, a robotics researcher at ATR, puts it, a robot may be a new oncological category for which we can’t describe at present. The Japanese believe robots could even have souls like all things do.

Lest you think we still have time to think things through, or that humanoids like Erica will never see the light of day, remember it was just over 20 years ago that the idea of a tablet computer was conceived by the creators of Star Trek. Before you know it, the Ericas and Anitas could well be in our midst. The question is, how will we cope with them?


April 6, 2017  5:54 PM

Hello world!

Aaron Tan Aaron Tan Profile: Aaron Tan

Welcome to IT Knowledge Exchange. This is your first post. Edit or delete it, then start blogging!


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: