The growing use of artificial intelligence and big data has put a strain on hyperscale datacentres, particularly traditional, standardised storage infrastructure that has been unable to adapt to different I/O requirements.
Standardised storage, while offering backward compatibility and portability, use a generic block I/O interface that host software such as an operating system has no control over. That means the host would not be able to manage the physical storage according to varying performance needs.
To solve this problem, open-channel SSDs (solid-state drives) were developed to expose the internal parallelism of SSDs to a host, enabling these devices to support I/O isolation and more predictable latencies.
Chinese cloud service provider Alibaba Cloud has taken things further when it announced that it has developed AliFlash V3, a dual-mode SSD that supports both open-channel mode and native NVMe mode (mainly for compatibility purposes), as part of an new storage platform that closely integrates hardware, firmware, drivers, operating system and applications.
The integration is done via the platform’s user-space open channel I/O stack called Fusion Engine that was released in January 2018.
The platform, which Alibaba claims will reduce read latency by 75%, and improve overall storage performance by as much as five times, also supports all levels of customisation – from generic block devices that require no modification to applications, to highly customised software/hardware integrated systems.
The impetus to develop the new storage platform stemmed from Alibaba’s own experience with running applications on standardised hardware like NVMe SSDs. It found that its e-commerce, financial and logistics applications, for example, required features that were not available in standard SSDs.
Moreover, because the company’s application requirements change frequently, its storage infrastructure must be agile and adapt quickly to changing demands. However, due to long production cycles of standard SSDs, it could take quarters to obtain new product releases from SSD suppliers.
Alibaba has written a specification for its dual-mode SSD platform, and is working with different SSD and firmware suppliers in an effort to build an ecosystem around its platform.
Shu Li, senior staff engineer at Alibaba’s infrastructure services team, says the platform is expected to be widely deployed in Alibaba’s datacentres, serving both internal and external customers in future.
In a world where data is more readily available than ever, having analytical skills that will help you to make sense of data in day-to-day tasks is instrumental in career progression.
But going by a recent survey conducted by Qlik, a data analytics software provider, only 20% of employees in the Asia-Pacific (APAC) region are confident in their data literacy skills, that is, the ability to read, work with and analyse data.
Diving deeper into the study, some 49% admitted to feeling overwhelmed when reading, working with, analysing and challenging data, while 81% of workers don’t think they have adequate training to be data literate.
Not surprisingly, most full-time workers (72%) said they would be willing to invest more time and energy in improving their data literacy skills, if given the chance.
While the overall numbers are worrying, workers in some countries fared better than others. India appears to be the most data-literate nation, where 45% of respondents said they were confident with data.
Business leaders including C-level executives and directors in India (64%), Australia (39%) and Singapore (31%) were also most confident about their data literacy levels.
At the other end of the spectrum was Japan, where just 6% of workers classified themselves as data literate.
One of the reasons for this disparity lies in access to data, according to Paul Mclean, Qlik’s data literacy evangelist in APAC.
For example in APAC, on average 59% of junior level employees said they have sufficient access to data. Comparatively, 82% of senior managers and 85% of directors in APAC have sufficient access to data.
Looking at a country perspective, 88% of Indian workers believed they have all the data sets they need to perform their jobs to the highest possible standard – which is higher compared to other countries in APAC.
The numbers were lower in Australia (60%) and Japan (28%). This inequality is holding people and businesses back.
Employees can only become data literate if they can access data and integrate it into their everyday work lives – basically learning by doing, Mclean said, calling for organisations to level the playing field and empower every employee, across every level of the organisation, the right to use and access data for their respective roles.
But why aren’t employees getting access to all the information they need to do their jobs well? Part of this could be – rightly or wrongly – concerns over employees misusing sensitive information, as well as knowledge hoarding practices that give managers a false sense of superiority over their colleagues.
These managers may think that such practices will offer job security, but the opposite is true. They can be easily replaced or moved to another position, if an enlightened management that sees the benefits of information access can’t force them to release the data they’re hoarding to others.
For a deeper discussion on why information – and data for that matter – wants to be free, check out this seminal work by Professor Polk Wagner where he talks about intellectual property and the mythologies of control.
From 25 May this year, organisations across the ASEAN region will have to comply with the General Data Protection Regulation (GDPR), which will apply to any company that collects the personal data of European Union residents.
In the run-up to the looming deadline, a number of technology suppliers have been touting the importance of identifying, managing and protecting the personal data of EU residents, using various data protection and management technologies.
While there’s no doubt that tech suppliers are helping to raise awareness in the market about the GDPR, taking a technologically centric approach to GDPR compliance will further accentuate the dangerous view that data protection is an IT and security issue, and not a business issue.
As we all know by now, data protection and cyber security aren’t merely technology issues. When businesses get fined for data breaches, they are the ones that will draw flak for putting their customers’ personal data at risk, not their legal or IT teams. In some cases, CEOs have even resigned after public backlash over data breaches that took place under their watch.
In a bid to sell their technology tools, some suppliers have over-simplified their messages to suit their offerings, sometimes without having a full understanding of data protection principles and the requirements under the GDPR.
Instead, data protection – and GDPR compliance for that matter – should be approached from a risk management and governance perspective, with technology tools as enablers, not solutions.
Data protection laws such as the GDPR are complex, and can impact a broad range of business roles, including legal, audit, HR and finance, not just IT. In achieving GDPR compliance, organisations should focus on getting these roles to work together in ongoing efforts to ensure governance, risk and compliance (GRC) across an organisation, and not be distracted by the noise in the marketplace.
At Computer Weekly, we strive to provide in-depth coverage of issues, challenges and trends facing today’s IT leaders through original, independent and targeted content.
To ensure that our stories meet the needs of our readers in the APAC region, we’ve formed our inaugural APAC CIO Advisory Panel, an independent body tasked with providing strategic advice to our editorial team.
Please join me in welcoming the founding members of the panel comprising senior executives across leading organisations across the region.
Eugene Yeo, Group CIO, MyRepublic
Eugene is group chief information officer at MyRepublic. His primary focus is on driving customer centricity and operational efficiencies across regional operations of the company, through the use of innovative technology and efficient business processes.
Combining his experience in enterprise software development with a deep understanding of ISP operations, he leads the development of customer-centric, agile OSS/BSS platforms and operational processes that allowed for the stratospheric growth of the company across the Asia-Pacific region.
He is a regular keynote speaker at TM Forum events globally, and sits on the advisory panel of various startups and educational institutions across the region.
Dr Kwong Yuk Wah, CIO, NTUC
Yuk Wah is the chief information officer of Singapore’s National Trades Union Congress (NTUC). She is also the chief data protection officer of NTUC, its affiliated unions, as well as the Ong Teng Cheong Labour Leadership Institute.
Under her leadership, NTUC was a winner of the National Infocomm Awards (NIA) 2014 for the most innovative use of infocomm technology in the private sector. She was awarded the ASEAN CIO Award 2015.
Yuk Wah had also worked in Singapore’s public sector where she started her career at the National Computer Board, and held various management positions at the Infocomm Development Authority. She was also vice president of planning at Singapore Airlines.
Lee Kee Siang, CIO, National Library Board
Kee Siang is the chief information officer and director for resource discovery and management at Singapore’s National Library Board (NLB).
As the CIO of NLB, he provides leadership in formulating IT strategies and work plans to transform NLB’s service capabilities. He also sets direction for the design and implementation of organisation-wide IT policies and standards to ensure alignment of service outcomes, strategies and resources at all levels.
Kee Siang is also a member of the Technology Advisory Committee of the Casino Regulatory Authority of Singapore, NHB Digital Resource Panel and Honorary Auditor of the IT Management Association.
Manik Narayan Saha, CIO, SAP Asia Pacific and Japan (APJ)
Based in Singapore, Manik leads a global multinational and multicultural IT organisation. As part of the senior leadership team in APJ, he is responsible for SAP’s internal IT services to 28,000+ staff in the region.
With 19 years of experience and expertise in technology, Manik is a prominent keynote speaker at events, and provides thought leadership on a wide range of topics ranging from IT Strategy, artificial Intelligence, digitalising operations, process excellence and enterprise innovation.
Manik is a member of the INSEAD Alumni Network and a Regional Ambassador of the INSEAD Directors Network for Singapore. He was also the founding fellow and is currently serves as a vice-president for Ideation Edge Asia, a non-profit organisation.
Nigel Lim, Regional IT Manager
Nigel is regional IT manager (Asia & Oceania) at one of Japan’s largest trading companies. His division is responsible for managing the regional portfolio of IT programmes and projects as well as governance and compliance. He is also leads the company’s consulting practice.
In previous roles, he has been accountable for various portfolios of IT including service delivery, application support, infrastructure operations and compliance.
Nigel is a Chartered Fellow of the Chartered Management Institute, UK, and has more than a decade of experience managing IT. An energetic visionary, he is passionate about organisational excellence and delivering sustainable value.
Gary Adler, Chief Digital Officer, MinterEllison
Gary has had 19 years of IT experience, with 10 years in senior management roles. He has a finance and accounting background but made the move to IT in the late 90s, initially focusing on infrastructure. Gary has worked in the investment banking, insurance, mining and professional services sectors in both Australia and the UK.
In recent years, Gary played a lead role in the technology strategy which successfully brought together the global merger of Australian firm Freehills and UK and Asian firm Herbert Smith, before moving to lead Australian firm, MinterEllison in mid-2015.
Over time, his focus in IT has varied from managing technical portfolios to enterprise-wide strategy and planning roles. As Chief Information Officer, and more recently Chief Digital Officer, Gary’s focus at MinterEllison has been on bringing a new legal operations model mindset to ‘Big Law’ via emerging technologies such as data analytics and AI to streamline delivery of legal services to the firm’s clients and workforce.
With more businesses expecting enterprise-grade mobile devices to last longer than the average consumer smartphone replacement cycle, keeping those devices secure is a growing challenge.
According to a survey by Zebra Technologies, 51% of businesses want their mobile computers to last more than five years, some of which are still powered by legacy “green screen” Telnet-based systems or Windows mobile operating systems.
Getting support for these older operating systems is next to impossible, given that those systems have reached their “end-of-life” where software and security updates are no longer provided.
Even for a modern mobile operating system (OS) such as Android, security updates usually end after three years – well short of the five or more years that enterprises need. This gap between OS and hardware lifecycles can create an exposure to ever-present security risks, said April Shen, director of enterprise visibility and mobility at Zebra Technologies Asia-Pacific.
While some enterprises may look to replace their mobile devices with newer ones to take advantage of the latest – and more secure – versions of operating systems, some may be reluctant to do so, given that many enterprise-grade mobile devices are built to be rugged and hence can last longer.
So what can enterprises do? Like companies such as Rimini Street that provide third-party support services for enterprise software, Zebra Technologies, through a product called LifeGuard, delivers regular security patches on a monthly or quarterly basis.
“All security updates that we release also come with detailed release notes that share guidance on the specific vulnerabilities being addressed as well as detailed installation instruction,” Shen said. “All of this has resulted in a unique, industry-leading level of OS security support.”
But that does not mean that all of LifeGuard’s security patches, which address various threat severity levels, need to be applied all the time. Shen said businesses should evaluate the patches in accordance with their IT policies to determine if the patches are required.
“We also understand that software updates may carry a certain level of functional risk. For example, customers may want to assess the individual vulnerabilities addressed in each release, as they may already have taken steps to mitigate some of these vulnerabilities through measures (such as application white listing and lock task mode).”
Of course, there will come a time when enterprises will need to replace their devices for good. That will set off a chain of tasks such as porting existing apps to the new devices and operating system, and testing the apps before deploying them.
Shen said because LifeGuard continues to provide legacy OS security support for one year in the form of quarterly updates, enterprises will have enough time to migrate to the newer OS smoothly and securely.
The catch is LifeGuard is only available for newer Android-based devices from Zebra. Legacy products may either have LifeGuard support or some lesser security support profile.
Singapore Airlines (SIA) has been on roll lately with a slew of announcements that it hopes will cement its position as a leading carrier amid stiff competition from premium rivals and low-cost carriers alike.
Last week, SIA said it would launch the world’s first blockchain-based airline loyalty digital wallet app that will unlock the value of miles accumulated by customers in its KrisFlyer frequent flyer programme.
When ready, the digital wallet app, which has been tested in a proof-of-concept exercise with KPMG and Microsoft, would enable KrisFlyer members to spend their miles at participating merchants. The app will ride on an SIA-owned private blockchain involving only merchants and partners.
Hailing the digital wallet as ground-breaking, SIA’s CEO Goh Choon Phong said the initiative is a “demonstration of the investment we are making to significantly enhance the digital side of our business for the benefit of our customers”.
Under SIA’s recently unveiled Digital Innovation Blueprint, the airline hopes to become the world’s leading digital airline, supported by partnerships with Singapore’s key research institutions, universities and government agencies.
But more than just spurring digital projects and driving innovation, as most of such blueprints entail, SIA’s digital transformation programme is focused on building an open innovation culture across through staff involvement and supporting employees through digital training, such as in digital innovation and design and agile methodologies.
A digital innovation lab is also being set up to enable staff to work with innovative companies including start-ups, established incubators and accelerators, to stimulate new ideas and facilitate collaboration in a creative environment.
Such efforts are laudable, as digital transformation requires a major shift in employee mindset and organisational culture, which can be difficult to achieve especially for one of the world’s top airlines that has a lot more to lose should things go south.
Whether SIA can truly become the world’s leading digital airline remains to be seen, but one thing is clear – by putting employees at the centre of its digital transformation blueprint, rather than spewing buzzwords like IoT and AI as some others have done, the airline is setting itself up for success.
Despite recent advancements in deep learning, which has its roots in neuroscience, it not a dramatic breakthrough in artificial intelligence as it is sometimes portrayed.
That was the key point made by Tomaso Poggio, a renowned professor at MIT’s department of brain and cognitive sciences, and artificial intelligence laboratory, at the EmTech Asia conference in Singapore this week.
Poggio argued that many of the concepts behind deep learning were developed in earlier decades, and that for artificial intelligence to achieve the next breakthrough, we would have to solve the problem of understanding how the human brain works. “That goes beyond deep learning,” he said.
Machine learning and deep learning, for example, is still based on the premise that machines learn from large datasets to solve a problem, answer a question or perform a task. Human learning, however, does not require one to even look at dozens of images to learn what an object is for the first time.
“There must be the ability to synthesise programmes on the fly based on a set of small routines,” Paggio said, adding that his team will be exploring this research area using neuroscience and cognitive tools over the next five years.
Besides the research community, private sector companies such as Google are also looking into the possibility of having machines learn from smaller datasets, or even from a single example.
“If you’ve seen something just once in the morning, you’ll definitely be able to recognise it again, but machines have a hard time doing that,” said Oriol Vinyals, research scientist at Google Deepmind.
When applied in real-world settings, Vinyals said this would allow a robot, for example, to process its environment and perform an action without codifying all the possible actions that it can take.
In this guest post, Prakash Sadagopan, director of field systems engineering at F5 Networks Asia-Pacific, discusses mobile security issues and what enterprises can do to stay secure.
The boom of mobile applications—whether it is for ride sharing or couch surfing—has superseded traditional services and revolutionised convenience, as we know it. This is especially prevalent in Asia Pacific, home to over half of the world’s mobile subscribers. Asia is also leading the charge in mobile app revenue, with the figure expected to increase to $57.5bn by 2020.
Replacing traditional with unconventional
A dynamic playground for mobile apps, the sharing economy has nestled itself into almost every corner in the region—and it makes no differentiation, be it an emerging market such as Indonesia, or an established economy such as Singapore.
In Indonesia, home care portal Seekmi connects individuals to professional services at the touch of a button. With a platform of over 250,000 listings and a fleet of 5,000 service vendors, Seekmi provides a wide array of on-demand services including photography and plumbing. Last year, it raised multi-million dollar funding and made plans to expand its services across more cities.
In Singapore, we regularly see Uber Eats riders on their oBikes and Mobikes, completing their trips and delivering an assortment of food to their customers. These riders have no stake in any of the businesses—from the restaurants, or their mode of transport—but provide an ever so popular service. Today’s sharing economy has evolved to a point where jobs can be created, and completed, all just by owning a single app.
The underlying danger of DDoS
These success stories are a testament to the prowess of the sharing economy, which is quickly gaining traction across the region due to the speed and convenience it delivers. However, our increasing reliance on apps might also lead to our downfall. Consumers willingly offer personal information to shave off precious minutes of waiting. This is great, until they realise that the sharing economy also means an entire ecosystem of authenticated devices and data that are interconnected—a treasure trove for cyber criminals.
DDoS attacks caught the world’s attention with the Mirai botnet, which crippled the internet and brought down sites such as Amazon, Github, PayPal, Reddit and Twitter. If DDoS can easily take out large websites, one can only imagine the havoc it will cause if and when apps such as Uber, Obike and Seekmi are suddenly made unavailable.
Our dilemma: safety or convenience?
Connectivity is a double-edge sword today as it enables the level of convenience in our lives, and yet provides cyber criminals the platform for exploitation. The benefits the sharing economy bring to improving one’s standards of living are endless.
However, sharing economy apps achieve this intelligence by uploading customers’ personal information such as gender, age, interests and even credit card details to the cloud for data analysis and service improvements.
So what happens when enterprises face the unexpected wrath of a DDoS attack? Enterprises lose revenue in reduced web traffic and have to bear the high costs of remediation process. More severely, customers who once trusted enterprises would view the organisations as unreliable. In our information overload age, it only takes one website crash to send customers running to another vendor.
The key to keeping safe
Convenience is the biggest motivator in an increasingly impatient world. It is worrying that users of sharing apps surrender their credit card information and passwords too readily. Now more than ever, businesses need to strengthen their stance against DDoS. It may seem to be a daunting task; however, a practical first step could be to cultivate a culture of awareness.
Cyber security is slowly but surely becoming a priority for many organisations, especially in the wake of recent events, including oBike’s as well as AXA’s data breach. Yet, IT continues to struggle to gain a foothold in boardroom discussions and drive the point that proactive cyber security strategy is a necessary investment.
Given the option between building on an existing security framework and investing in business ventures, it is almost a no brainer for executives to choose the latter. A Ponemon Report on APAC app security finds that only 17% of IT security budgets are dedicated to app security. The only real change enterprises have to make is recognising that they have to carry great losses that extend beyond monetary means during a security breach, and that at any time, a breach could happen.
With the right mindset comes the right steps to security. Enterprises should bear in mind that security monitoring and observations are imperative. From prioritising what needs protection to ensuring your IT programme timely and effectively identifies security breaches, every step counts towards a safer future for a business.
Enterprises should also carry out active measures to protect both end users and businesses, starting from digital hygiene practices. This can range from password renewals every six months to conducting regular patching exercises. Deploying web application firewalls (WAF) also protects web applications and application programme interfaces against a variety of attacks, notably injection attacks and application-layer denial of service.
Lastly, enterprises should adopt a cyber security infrastructure that creates on-going conversations across all business units and functions. This will ensure a varied and multi-faceted opinion in identifying critical vulnerabilities in security and building towards a more robust secure strategy in an enterprise. Simple yet effective, these measures could save you a trip to the emergency room and help keep sharing safe.
Software and silicon design company Synopsys has just published an interesting report that classifies chief information security officers (CISOs) into four archetypes or what it calls “tribes”.
Through in-person interviews with 25 CISOs from some of the world’s largest firms, such as Facebook, Goldman Sachs, Cisco and Starbucks, Synopsys grouped CISOs into different tribes based on whether their organisations viewed security as enablers, technology, compliance or cost centres.
Each tribe demonstrates specific characteristics or “discriminators” that fall into three domains: workforce, governance or controls – equivalent to the clichéd phrase, people, process and technology.
In Synopsys’ model, membership in one tribe is mutually exclusive with membership in other tribes. Each of the 25 CISOs fits into one of the four tribes, although he or she may share common discriminators with those in another tribe.
Tribe 1: Security as enabler
Organisations in this tribe are the most mature of the lot in their approach to security. Far from being a cost centre or a compliance checkbox, security in Tribe 1 is seen as a pathway to good business. They take a business-focused approach towards security, which isn’t seen as just a technical issue. Compliance is viewed as a planned effect. CISOs in this tribe also get in front of the problem by influencing the standards by which they will be judged.
Tribe 2: Security as technology
CISOs in this group typically begin their careers as technologists and tend to turn to technology to solve every security problem. They also try to understand the business, but have not reached the “senior executive gravitas” of Tribe 1. Their penchant for problem-solving also leads them to take on the toughest business challenges on their own rather than delegating tasks.
Tribe 3: Security as compliance
Although compliance requirements can get organisations to do something about security, they have a tendency to foster a checklist mentality, where security is viewed as yet another box to be ticked. It has been proven that compliance is not a panacea to every security problem, and it certainly can’t keep out determined hackers. Yet, organisations in this tribe continue to under invest in security in spite of compliance requirements.
Tribe 4: Security as cost centre
Organisations in this tribe may not even have CISOs. Their security leadership may exist down the pecking order or in middle management. Because security is seen as a cost centre, it “never drives budget creation and in some sense has a thick glass ceiling imposed on it”. It’s a tough job for security professionals in organisations that belong to this tribe where security is viewed in the same vein as the IT helpdesk.
In its report, Synopsys did not reveal the number of CISOs in each tribe, but it fears that “Tribe 4 may be very large, meaning there’s plenty of room for security improvement in the world”.
What type of CISO are you? Tell us more in the comments!
Hyundai, along with a handful of key investors, is pumping more money into Grab, Southeast Asia’s largest ride-hailing service in an effort to bring its mobility services to the region.
The South Korean car maker is already dabbling in car-sharing on its own in the US, Netherlands and Austria, where its Ioniq electric vehicles are available for rent in major cities such as Amsterdam and Vienna.
Hyundai did not reveal how much it is investing in Grab, which it will be working with to develop a new mobility service that will make use of its Ioniq vehicles. Other investors in this Series G funding round – Grab’s largest so far – include China’s ride-hailing giant Didi Chuxing, SoftBank and Toyota Tsusho.
Grab operates the largest ride-hailing network in Southeast Asia and is one of the most frequently used mobile platforms in the region with over 3.5 million daily rides. The Grab app has been downloaded onto over 77 million mobile devices, giving passengers access to the region’s largest land transportation fleet comprising over 2.3 million drivers.
This latest round of investment by industry bigwigs should bolster Grab’s position in Southeast Asia where it competes with key rivals such as the embattled Uber in markets like Singapore and Malaysia, as well as Go-Jek in Indonesia.
It also comes at a time when interest in ride-hailing and car-sharing is growing, particularly in Singapore where a new electric car-sharing scheme called BlueSG was launched with much fanfare in December 2017.
Besides offering ride-hailing services and possibly a car-sharing programme in future through the Hyundai partnership, Grab has also partnered with self-driving startup nuTonomy in a driverless car trial in Singapore.
Elsewhere in Asia, China’s Baidu has reportedly developed its own self-driving Apollo platform that has been undergoing testing in cars on public roads since late last year.