Cyber security - systems on high alert 14 2 - ITWeb
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Column Reportback PLUS
POPIA IN FORCE: A WIN-WIN CYBER SECURITY POPIA COMPANY NEWS
FOR BUSINESS AND SURVEY READINESS TOP JOBS
CUSTOMERS 2 6 SURVEY
14
SEPTEMBER 2021 | Issue 78
POPIA IN FORCE: A WIN-WIN FOR
BUSINESS AND CUSTOMERS
Cyber security -
systems on high alert
Covering the continent
Daily news and analysis of Africa’s key ICT markets.
www.itwebafrica.com
First with IT news. Every day.
www.itweb.co.za
326 Rivonia Boulevard, Rivonia, South Africa
Tel: + 27 11 807 3294
Fax: + 27 11 807 2020
IN THIS
ISSUE
CREDITS
As expected, South Africa’s ICT and telecommunications Column Reportback PLUS
markets have been dominated by discussion around the official
POPIA
Publisher
POPIA IN FORCE: A WIN-WIN CYBER SECURITY COMPANY NEWS
FOR BUSINESS AND SURVEY READINESS TOP JOBS
CUSTOMERS 2 6 SURVEY
14
JOVAN REGASEK arrival of POPIA.
jregasek@itweb.co.za As business owners battle on several fronts – including
lockdown measures, safety and security, labour issues and a
SEPTEMBER 2021 | Issue 78
Editorial Director difficult economic climate – it is a virtual given that the role of
RANKA JOVANOVIC technology to safeguard resources has become a hot topic.
rankaj@itweb.co.za In this edition, we delve into how alert South African POPIA IN FORCE: A WIN-WIN FOR
businesses are to security threats and the capability of their
BUSINESS AND CUSTOMERS
Editor security solutions in place. We also cover the level at which
CHRIS TREDGER businesses are prepared for POPIA and compliance. Going by
chris@itwebafrica.com the surveys we feature, businesses feel prepared and seem to
understand the basic implications of the legislation, but words
Sub Editors are just words… time will tell as to whether industries and
HEIDI HURWITZ sectors are really ready or not. More on this on Page 2.
We are proud to include in this edition a piece by Ayumi
Production Manager Moore Aoki, founder and CEO of the global non-profit Women Cyber security -
PETER CALORE in Tech, which is about women and their role in the tech systems on high alert
peter@itweb.co.za revolution.
Much food for thought.
Designers Enjoy the read!
SANE LOUW
ANA RADENKOVIC Chris Tredger
Editor
Business Development Director
CARYN BERMAN
caryn@itweb.co.za
Published by
ITWEB LIMITED
326 Rivonia Boulevard
CONTENTS
Rivonia
PO BOX 2785
Rivonia Cyber security survey 6
2128 2 POPIA Readiness 14
Web: www.itweb.co.za INDUSTRY INSIGHT
Tel: +27 (011) 807 3294 Women want to be decision-makers
Fax: +27 (011) 807 2020 in tech revolution 10
The rise and fall of data architecture 11
A F R I C A I N S I G H T 18
Printed by , a division of Novus Holdings SKILLS DEVELOPMENT
Invictus Capital wants SA graduates for
Copyright ©2021 by ITWeb Limited.
blockchain expansion 26
All rights reserved. No part of this
publication may be reproduced or
distributed in any form or by any
Digify Africa, Facebook offer free
means, or stored in a database or digital skills via WhatsApp 27
retrieval system, without the prior
written permission of the publisher.
Opinions expressed in this publication
are not necessarily those of the editors,
publisher, or advertiser.
COMPANY NEWS 3-5, 12-13, 20-21,23,25, 28
September 2021 | 1
COLUMN STORAGE
POPIA in force: A win-win for
business and customers
Both companies and customers benefit when firms are POPIA compliant and secure
permission to contact customers, as this ensures a target of willing clients.
monitoring of these processes to ensure they to store, use and protect the customer’s
are adhering to POPIA. personal information.
In doing so, they have an opportunity An evolution of the Promotion of Access to
to streamline their internal processes, Information Act, POPIA makes information
identify duplication of effort and address any management regulation more evident to the
vulnerabilities. collectors and users of personal information,
In addition, when organisations are POPIA and at the same time also provides an easy
compliant and secure permission to contact recourse of actions for the customers or data
customers, they can be assured of a more subjects.
targeted and willing audience with whom to The plethora of products, services and social
communicate their value proposition. artefacts as presented on digital platforms is
This means that resources previously used considered as the “global” marketplace where
for widespread “hopeful” marketing and customers can discover, explore, assess and
communications can now be optimised to choose according to whatever their specific
address only those likely to be interested in the needs and preferences are – just as if they were
MERVYN MOOI, DIRECTOR OF KNOWLEDGE
INTEGRATION DYNAMICS (KID) company’s products and services. visiting a typical shopping mall.
Many are discovering they store documents Although advertising of products and
T ech companies have long urged customers
to better manage and govern all the data
and personal information they hold. With the
and digital data that have not been relevant for
decades.
For customers, POPIA finally gives them
services are present, it is the customers
themselves who choose whether to wade
through the bouquet of products and
passing of the deadline for compliance with
the Protection of Personal Information Act
(POPIA), local organisations are taking this
seriously at last.
The flurry of demand for POPIA compliance
services is a long overdue move to better
govern all data. Many are discovering they store documents and digital
What local organisations are discovering
as they move to comply with POPIA is data that have not been relevant for decades.
that compliance simply formalises data
management best practice, and is a win-win
for organisations and their customers and/or
stakeholders.
From the vendor or communicator’s point
of view, compliance safeguards them from (as owners of personal information) formal services, unlike the earlier situation where
penalties and customer comebacks, but in recourse to the acquisition, usage and the customer was bombarded by unnecessary
moving to comply, it also provides them with management of their personal information. information.
an opportunity to clean and revisit all the data Prior to the enactment of the Act, illegal The key to a genuine customer centricity
they hold. or unpermitted acquisition, usage and experience is just that − the customer dictates
In doing so, many are discovering they store management of personal information were what the client wants to see, purchase or
documents and digital data that have not been difficult to prove in a court of law, where consume. And it is at this juncture that
relevant for decades. people and organisations collected and the customer will render their personal
This storage and administration comes at handled other information of other people information to the supplier/vendor that they
a cost, so compliance initiatives have forced illegally, often in an unprotected and reckless buy from.
their hand to dispose of, or delete irrelevant manner. On the vendor and/or researcher side,
documents and information that has been Any exchange of personal information although it is worthwhile to analyse its
consuming resources. that may come into play between parties customers and market trends into finding
Compliance exercises also provide or when transacting business must be affinities, preferences and sentiments, careful
organisations with an opportunity to audit the managed from then on according to the consent and management of such information
security and efficiency of their business and regulations of POPIA, which includes would need to be had first from the customers
technical processes, and implement proper requesting customer consent for a vendor to effect analyses in a legal manner.
2 | September 2021
COMPANY NEWS
BUSINESS
New appointment at Why speech analytics is important for your
Networks Unlimited contact centre
underscores According to Scopserv, speech analytics is widely defined as the
importance of process of analysing recorded calls to improve communication and
governance future interaction. One of the primary objectives of a contact centre
Networks Unlimited recently is to improve customer satisfaction and customer experience. Within
appointed a risk and compliance this context, we find that speech analytics is being used to improve
officer, Siphokazi Mato, to ensure customer service strategies by analysing the essential metrics found
the company functions in a legal within recorded speech. The world is rapidly moving towards
and ethical manner. Compliance analytics, AI and other data tools, which are becoming more advanced
is a crucially important aspect of a but adding value to the core business of contact centres. Some speech
business, referring to the practice analytics results are widely used to encourage healthy competition
and processes of how a company between agents.
Siphokazi Mato, NU compliance adheres to established guidelines www.scopserv.co.za
officer and legal specifications.
www.networksunlimited.africa
FlowCentric
Technologies promotes
Infinidat builds Odette Pieters to COO
momentum with AIOps FlowCentric Technologies,
Infinidat, a leading provider of developer and international
enterprise-class storage solutions, distributor of business process
has delivered on its storage as management software and
a service (STaaS) strategy via solutions, announces the
AIOps technology and flexible promotion of Odette Pieters to
consumption models at petabyte chief operating officer. In this
scale. The company’s Neural position, Pieters will oversee the
Cache deep learning technology, company’s business operations,
Phil Bullinger, CEO of Infinidat AIOps offerings, strategic with a continued focus on business
partnerships and consumption- Odette Pieters development and commercial
based models have resulted in operations. Pieters joined the
significant momentum helping company in 2008 as services
enterprise customers simplify IT director.
operations. www.flowcentric.com
www.infinidat.com
EOH responds to media coverage alleging
imminent SITA blacklisting
New GM of HR at NEC EOH has been following the due process as set out by the State
XON emphasises Information Technology Agency (SITA) and is similar to other processes
talent as key focus the company has successfully completed with other stakeholders.
Ramona Adam joins NEC XON’s EOH has made its representations and followed all the required
leadership team and offers guidelines in this regard. SITA must now follow due process and make
more than two decades of its recommendations to DNT. Due to the fact that this matter is now
executive talent acquisition and attracting media attention, EOH is providing clarity regarding its
management expertise acquired multiple engagements with the SITA to date. It is important to note that
in Africa at global organisations. EOH has treated the SITA in the same transparent manner that it has
Adam managed executive talent engaged with all affected stakeholders.
acquisition and management for www.eoh.co.za
the business across 23 African
countries and the HR operations
Ramona Adam, GM of HR at NEC across 14.
XON
www.nec.xon.co.za
September 2021 | 3
COMPANY NEWS
SOFTWARE INDUSTRY SOLUTIONS
Personal data protection Huawei launches HMS Core 6.0 globally
compliance made easy Huawei has launched HMS Core 6.0 to app developers in Africa,
Being a global system, SAP Business introducing multiple new open capabilities and updating some existing
One has been GDPR compliant since services and features. As of now, HMS Core (APK) on all user devices
2018. Andre Adendorff, director has been updated to the 6.0 version. Consumers can access HUAWEI
of presales at Seidor Africa, says Developers at any time to get the new services and features. HMS
there are easy ways in which SAP Core 6.0 further opens up Huawei's advanced technologies in media,
Business One makes compliance graphics, telecommunications and other fields. For media apps,
with POPIA easier for organisations Huawei provides an AV Pipeline Kit with pre-set pipelines for video
that may be feeling the heat when it super-resolution, sound event detection and other media services to
comes to POPIA readiness. address audio/video app developers' pain points.
Andre Adendorff, director of
presales at Seidor Africa
www.seidorafrica.com www.huaweimobileservices.com
Transforming a complex procurement business
Dynamic Technologies into an automated, process-driven operation
and DVT windmill into When Griffin Procurement Services came across the process
Europe automation and enterprise content management solution – supplied
Software and technology group through Kyocera Document Solutions South Africa – it recognised
Dynamic Technologies is marking that the platform was exactly what it had been looking for. Griffin
its strategic expansion into selected Procurement Services decided to implement this ECM solution as
European countries, with group a standardised, automated and scalable platform that would save
company DVT setting up base money for the business and time for its people. Griffin Procurement
in the Netherlands, offering a Services is using the process-driven workflows to automate processes
range of nearshoring IT software across quoting, ordering and payments. Key features of the solution
and resource solutions for local include easy sharing of information, security through user and access
European markets. Mark Buwalda control, audit trails, centralised administration, collaboration and rich
Mark Buwalda was recently has been appointed senior business reporting capabilities.
appointed senior business
development director for the DVT
development director for the DVT www.kyoceradocumentsolutions.co.za
Netherlands operation. Netherlands operation.
www.dynamic-tech.com
Improving quality management in the contact
centre
Sage Intacct’s dimensional accounting, C3i, a multi-channel customer engagement services (BPO)
Exponant enables rapid financial insights provider, is an organisation that supports 80% of the world’s top
Cloud-based Sage Intacct has introduced a new accounting concept 20 pharmaceutical companies, in addition to 175 companies across
called "dimensional accounting" to handle the need for real-time multiple industries. Headquartered in Horsham and Pennsylvania, this
information. Dimensional accounting allows the tagging of any company has been a tier one client of Enghouse Interactive for the past
transaction with dimensional values. This is almost like metadata 20 years and was at risk of loss for the past four years. The company
for financials and allows you to slice and dice the accounting data for planned to migrate from Enghouse CCE version 8.0 to Avaya Oceana
greater insights, thereby enhancing your business intelligence. In Sage Contact Centre. With this new version of Enghouse, C3i has managed
Intacct, "dimensions" can be described as a grouping of related records to modernise its operations and take care of the quality of its services.
while "tags" are the detailed records or data within the dimension. www.enghouseinteractive.co.uk
Intacct comes with a number of default dimensions such as customers,
suppliers and products.
www.exponant.com Rubrik helps companies quickly recover from
ransomware attacks
Rubrik, the cloud data management company, has announced major
data security features that enable organisations around the world to
easily and accurately assess the impact of ransomware attacks and
ICT INSIGHT automate recovery operations to maintain business continuity. With
digital transformation accelerating as a direct result of the pandemic,
ransomware threats escalated exponentially as attackers found more
digital surface areas within businesses to infiltrate. In fact, year over
To read the FULL company releases, visit year (from mid-year 2019 to mid-year 2020), the total number of
www.itweb.co.za global ransomware reports increased more than 715%, according to
Bitdefender’s 2020 Mid-Year Threat Landscape Report. Rubrik’s data
Contact sales@itweb.co.za for any sales enquiries. security provides an important line of defence against these common
threats.
www.rubrik.com
4 | September 2021
COMPANY NEWS
NETWORKING SECURITY
ZTE releases Industry 5G Core White Paper Enghouse Vidyo bets on Veridas facial biometrics
ZTE Corporation has released the Industry 5G Core White Paper, to eliminate fraud in video conferences
which elaborates on an in-depth analysis and insights on the vertical Enghouse Interactive, a leading global provider of contact centre
industries and three private network deployment modes, and proposes and video collaboration software, and Veridas, a leader in biometric
the Industry 5G Core solution to enable digital transformation. With solutions for digital identity verification development, have unveiled
the acceleration of 5G commercialisation, 5G vertical markets have their joint video conferencing solution with facial biometrics. This
entered into the stage of large-scale developments. There are still integration, which has already attracted the interest of major financial
many vertical industries with fragmented requirements. The white institutions, allows agents to verify the identity of customers while
paper proposes the Industry 5G Core solution to empower the industry conversing with them remotely, in just milliseconds, and with an
with the i5GC product, integrate the cloud and network with the accuracy of more than 99.9%. The joint solution significantly increases
iCube product, and facilitate the rapid deployment and easy O&M of a fraud detection capabilities by comparing the customer’s face in the
private network with the ToBeEasy product. video call with the customer’s registration data, either a photo or an
www.zte.com identity document.
www.enghouseinteractive.co.uk
Rubrik, NetApp
host Data Protection
Summit
By taking a modern approach to
your data strategy, you don’t have
to choose between cost-effective High-performance NSsp 13700 firewalls are designed to protect the fastest, most
operations and agile, scalable complex environments.
data protection. This is one of the
messages relayed at the recent SonicWall triples threat performance,
Rubrik and NetApp Data Summit. dramatically improves TCO
www.networksunlimited.africa SonicWall has released three new high-performance firewall models
for enterprises and large organisations – NSa 4700, NSa 6700 and NSsp
Risna Steenkamp, GM: ESM 13700 – designed to accelerate network throughput and stop advanced
Division at Networks Unlimited cyber attacks. Featuring some of the highest port densities in their class,
the new appliances help enterprises keep pace with the speeds of their
growing networks.
Domains.co.za unveils uncapped VOIP solution www.sonicwall.com
for small business
Domains.co.za is proud to launch its latest innovative product for
the SME market: Cloud-based VOIP, powered by 3CX with uncapped Sybrin’s Passive Liveness Detection SDK is
calling powered by VOX Voice. This solution is set to change the built to conform to FIDO Alliance’s biometrics
telephony industry within the South African SME market forever! standards,
Boost your business’s communications with this fully managed, Sybrin announced the issuance of the official evaluation report by
cloud-based PBX phone system with its world-leading 3CX software, Fime confirming that the Sybrin Passive Liveness Detection SDK was
VOX carrier-grade voice and uncapped local and cellphone calls. SME successfully audited on both level A and level B attacks. The FIDO
businesses across SA have had to face many challenges over the past accredited biometric laboratory FIME tested the SDK against criteria
15 months. These range from load-shedding, copper cable thefts and based on FIDO Biometric Certification Requirements v1.1 (FIDO1.1)
remote working due to lockdown, which have caused complications and in accordance with ISO/IEC 30107-1 and ISO/IEC 30107-3:2017.
with traditional PABX systems. The FIDO Biometric Certification Requirements launched by the FIDO
www.domains.co.za Alliance are there to ensure that biometric subcomponents meet
globally recognised performance standards for biometric recognition
performance and Presentation Attack Detection (PAD) and are fit for
commercial use.
www.sybrin.com
To read the FULL company releases, visit
COMPANY NEWS www.itweb.co.za
Contact sales@itweb.co.za
for any sales enquiries.
September 2021 | 5
CYBER SECURITY
By ALISON JOB
Are businesses leaving their
perimeters unprotected?
of reference to perimeter and network (critical assets / threat model / industry
controls.” vertical and so on). This ensures high-
While 63% of respondents say they receive fidelity alerts. This provides us with a unique
alerts directly in dashboards or mailboxes, opportunity with 64% of respondents.”
a quarter (23%) centrally collect all logs and Thirty-eight percent of respondents are
send alerts from a SIEM solution. And 10% doing internal vulnerability scans and are
don’t receive any alerts at all. Dr Jacobs says, actively managing vulnerabilities. Some 29%
“It seems as if the majority of respondents do internal vulnerability scans themselves
understand the importance of monitoring mostly to receive a report for compliance
for alerts. Usage of a SIEM is indicative of a requirements, while 21% outsource this
SOC / cyber operations capability. It seems function to a third party and 13% don’t scan
as if not many respondents have a SOC (23%) for vulnerabilities within the environment
and therein lies an opportunity. The lack of at all.
SOC / cyber ops capability usage leads me to “Vulnerability scanning should be
conclude that not many respondents action actively managed, and vulnerabilities
DR PIERRE JACOBS, HEAD OF OPERATIONS the events / alerts they see, and this in turn addressed. Only 38% of respondents actively
AND COMPLIANCE, CYBERANTIX
could mean that monitoring is done for manage and address vulnerability scans.
compliance requirements only.” It is interesting to see that there’s quite a
I TWeb, in partnership with CyberAntix,
conducted an online cyber security survey
in June that interrogated the current status
of South African organisations’ incident
response preparedness.
The survey aimed to establish which
security solutions organisations have What strikes me is the lack of reference to
in place. The survey looked into how
businesses are handling alerts, their alerting perimeter and network controls.
configurations and how alerts are responded
to. It also asked whether they’re scanning
their environment for vulnerabilities.
A total of 208 responses were captured,
with 56% of respondents being at executive
or middle management level, working across
a range of industries, with the majority of He highlights that this is only a healthy appetite to outsource vulnerability
respondents coming from the software and hypothesis, and one that is supported by the scanning to third parties. In my experience,
internet, computers and electronics and answers to the question below. outsourcing penetration testing is more
government sectors. Asked about the alerting configuration of common. This may be indicative that
The top five security solutions that their security solutions, 41% of respondents most respondents do not have a robust
respondents’ organisations had in place say some of the alerts are vendor default vulnerability management strategy and
were Antivirus (69%), Active Directory and they have configured some customised process in place.”
(50%), Web Application Firewall (45%), alerts to suit their organisation's specific Asked which compliance requirements
Endpoint Detection and Response requirements. 36% say a large amount of their organisation needed to adhere to or
(41%) and DNS Protection (35%). Dr alerts have been configured to suit their would like to adopt in the future, 68% said
Pierre Jacobs, Head of Compliance and organisation’s specific requirements. A POPIA, half (47%) said ISO 27000 and 37%
Operations at CyberAntix, says, “The quarter (23%) say all of the alerts are vendor said COBIT5. These were followed by NIST
respondents’ answers seem to indicate default and they haven’t configured any and GDPR, with 26% each.
that there’s a focus on endpoint protection customised alerts. “Government is mandated by DPSA to use
controls. Active Directory also seems to “It’s heartening to see that 36% of COBIT. POPIA is to be expected. It would be
be a concern. DNS protection is still quite organisations fine tuned their alerts. Alerting interesting to see how many respondents
novel, and I have only seen this at larger and use cases should be tailored to an will seek ISO 27000 certification,” he
organisations. What strikes me is the lack organisation’s cybersecurity requirements concludes.
6 | September 2021
CYBER SECURITY SURVEY
CYBER SECURITY
Which security solutions does your organisation How are you currently handling alerts from
currently have in place? these solutions?
5% Security Orchestration & Automated Response (SOAR) We are receiving
alerts directly
9% User & Entity Behaviourial Analytics (UEBA) from some or all
of these solutions
64% in dashboards or
11% File Integrity Monitoring (FIM) mailboxes.
17% All of the above
21% Privileged Access Management (PAM)
24% Security Information & Event Management (SIEM)
31% Intrusion Prevention System (IPS)
32% We are receiving alerts directly from some or
Network Threat Detection (NTD)
all of these solutions in dashboards or mailboxes. 64%
32% Single Sign On (SSO) We centrally collect all logs and send alerts from
a SIEM solution. 24%
35% DNS Protection No we are not receiving alerts at all. 8%
We receive alerts from a SOAR solution. 4%
35% Next Generation Firewall (NGFW)
41% Endpoint Detection & Response (EDR)
Please select the most appropriate option
45% Web Application Firewall (WAF) regarding the alerting configuration of your
security solutions.
50% Active Directory (AD)
Some of the alerts
69% Antivirus (AV) are vendor
default and we
have configured
41% some customised
alerts to suit our
organisation's
specific
requirements.
Some of the alerts are vendor default and we have
configured some customised alerts to suit our
organisation's specific requirements. 41%
A large amount of alerts have been customised to suit
our organisation's specific requirements. 36%
All of the alerts are vendor default and we have not
configured any customised alerts 23%
xx | September 2021
September 2021 | 7
CYBER SECURITY SURVEY
CYBER SECURITY
Are you currently responding to alerts, and how? Are you scanning your environment for vulnerabilities and
is this performed internally or procured from a 3rd party
service provider?
80
9% We outsource this to a 3rd party and vulnerabilities are
actively being managed.
70 12% We do not scan for vulnerabilities within the environment
61% at all.
60 12% We outsource this to a 3rd party only to receive a report for
compliance
50 29% We do internal vulnerability scans ourselves mostly to
receive a report for compliance requirements.
40 38% We do internal vulnerability scans and we are actively
managing vulnerabilities.
30 25%
20
11%
10
3%
0
Yes, we are Yes, we are Yes, we No, we do
responding responding respond to not
to alerts in to alerts in alerts but respond to
a timely machine long after all of the
manner time detection alerts
How regularly does your organisation perform Which compliance requirements does your organisation
vulnerability scans? need to comply to or would like to implement in the future?
80
Monthly 68%
70
67% 60
47%
50
37%
40
30 26% 26%
21%
20 16%
10
Monthly 67% 0%
Quarterley 21% 0
POPIA ISO COBIT5 NIST GDPR SANS PCI Other
Bi-Annually 8% 27000 DSS
Annually 5%
September 2021 | xx
8 | September 2021Protect YOUR data
from persistent threats
with a solution that
• PREVENTS
• DETECTS
• RESPONDS
CyberAntix SOCaaS solution is
customisable, reliable and scalable,
with support from industry leading
security vendors recognised in
Gartner’s Magic Quadrant as leaders
in their space.
FIND OUT MORE
www.cybe ra nt ix .co. z aINDUSTRY INSIGHT: TECH REVOLUTION
Women want to be decision-makers
in tech revolution
The business world must become more welcoming and safer for women,
so they can go all the way from the classroom to the boardroom, in all
sectors, including technology.
This is why women need to be involved in ever-growing technology economy.
decision-making and innovation processes. If we want to investigate and fix the “leaky
Diversity and inclusiveness are essential in pipeline”, we have to fund programmes that
every single industry. will cover all aspects of this leaky pipeline.
The gender gap in technology is preventing The gender gap in technology is preventing
women from playing a full role in shaping the women from playing a full role in shaping the
future of society. Helping women and girls future of society.
to advance is not only good for society, and Education is key, and the crucial stage
ethical, but smart and good for the economy. is early adolescence – between 12 and 14 –
When you empower women, you empower because studies have shown this is when
whole communities and nations. almost half of young women are inclined to
Women’s involvement in science, lose interest in STEM-related subjects.
technology, engineering and mathematics Companies should focus on providing them
(STEM) in South Africa and other African with information about possible jobs, as well
countries does not translate into strong as giving them access to mentorship and role
participation of women in the tech sector. models. Women who are mentored feel more
Ayumi Moore Aoki, Founder and CEO of
the global non-profit Women in Tech Women currently account for only 23% of the supported and have the personal confidence
T echnology is the fastest-growing,
most lucrative industry in history –
increasingly, it is becoming the force behind The gender gap in technology is preventing
every single other industry. Fields such
as coding, UX design and analytics drive women from playing a full role in shaping the
innovation, opportunity and growth in all
spaces, including manufacturing, farming
future of society.
and finance.
Without a doubt, tech is the future of
work. But women are underrepresented in
technology and they risk being left behind. STEM professionals working in South Africa, to achieve their dreams. Businesses should
We must add more women to the tech sector and only 17% of STEM leadership positions – also reskill women already in the workplace
if we want them to strengthen the industry and these percentages are lower for women and give them opportunities to climb the
and the economy. of colour. career ladder.
Technology is part of every single aspect There are so many reasons for this, ranging When women do go into tech, many drop
of our lives. Not only does tech drive our from cultural norms, unconscious biases, out. We need to make the environment more
economy, it also invents our future. Products online or offline harassment and a lack of self- welcoming and safer for women, and we need
and services are being developed based on the confidence, which hinder girls’ and women’s to encourage them and mentor them because
perspective of only one half of the population full participation. we want women going all the way from the
– men. Fixing the ‘leaky pipeline’ classroom to the boardroom, in all sectors,
A good example is the fact that we have The digital acceleration fuelled by the including technology.
about 230 million pregnancies in the world COVID-19 pandemic represents a historic We also need to address salary disparity
every year, but there are no car seatbelts opportunity to get more women involved and discrimination in the workplace. Once
designed for pregnant women. The single in tech. Educating, empowering, upskilling women are in the STEM workforce in South
largest cause of maternal death is car and reskilling women will help them to get Africa, they earn 28% less than their male
accidents. Even women who are not pregnant ready for the future of work and will allow colleagues, which means they have to work
have a 70% higher chance of being injured in them to work remotely, be financially for two-and-a-half more hours a day to earn
a crash than a man because engineers have independent, drive their own businesses, the same salary at the end of the month,
designed seatbelts as if women are small men. make their own choices, and be part of the which is absurd.
10 | September 2021INDUSTRY INSIGHT: DATA MANAGEMENT
The rise and fall of data architecture
There is a long way to go to regain trust in architecture. For this to be
possible, we need business to change how it perceives data architecture.
I have been an architect for 15 years
now, specialising in data and solution
architecture. In the beginning of my
What did it boil down to? This process
was not adding value.
approach they had to follow.
You only realise the impact of rules if you
yourself are bound by them. By being bound
career, architecture was a well-respected The watershed moment to my own rules, I was quickly able to see
discipline, revered even. I had a great relationship with this client, so that some of it was not workable and placed
The industry has changed over the we had a serious heart to heart, and meeting too much burden on the delivery team.
years though. We have encountered new of minds. In this discussion, I realised
technologies, such as cloud and big data, and that as an architect, I had become too far Giving up control
explored new development methodologies, removed from my team. Of course, there was a downside. I could
such as agile and micro-services. I was no longer current with the not do it all. We had a team of close to
Somewhere along this journey, based on technology and programming languages. 40 developers and analysts working on
my own experiences, I feel that we have lost I was unfamiliar with their challenges and different platforms and technologies.
our reverence for architecture. I have seen unaware of the burdens that governance As an architect, I was all about control,
many architects become disconnected from and architecture placed on them. trusting in the rules and processes, and not
their true calling and purpose. I have seen many architects become the people. So, it was anathema to me to
The result? Delivery teams not hiring disconnected from their true calling and give this up and bring other people into my
architects, or entire companies removing purpose. ‘kingdom’.
the architect job title from their vocabulary.
And in some cases, architects ruling and
dictating, rather than serving and enabling.
Where did it go wrong?
For many of us, myself included, we did
not even realise it was happening. My own I have seen many architects become disconnected
moment of self-realisation came at the
behest of a client of mine. I had been tasked
from their true calling and purpose.
with the formulation of the roadmap and
architecture for the next five years.
I was having great fun putting it all
together, lots of great pictures and bundles
of rules and standards. And it all came I realised that as an architect, I needed We had to compromise, and I had to
together in a glorious, epic document! to be visible on the floor. I needed to let go. We brought in a new architect, to
It didn't end there. Once completed, I got engage with the team on a regular basis. take over ownership of a large swathe
involved in further amendments. I was also Most importantly, I had to once again of my original domain. I brought up and
drawn into meetings with the rest of the be responsible for delivery. By taking trained team leads to fulfil some of my
enterprise architects for other initiatives. ownership of delivery, I was once again functions.
Meetings and design sessions daily, and accountable. You will be amazed at what This allowed me to have a very clear focus
conferences at remote locations every this does to your perspective, when you are on a stream of the delivery, one that I was
month. All very important, and all very accountable for something. responsible for. I then worked with the new
necessary. Having re-joined the delivery team architect and team leads.
Or so I told myself. again, I realised what I as an architect had I believe that the role and approach of
And then my manager came to me quite been doing wrong. I was making rules and architecture is changing. Architecture
concerned. All told, I had been away from standards that I, myself, did not have to should now be based on the concept of
the team for close to a year by this stage. follow. Or suffer the burden of. servant leadership. We are changing how
I was essentially working as a remote I became aware of various flaws in my we engage with teams. Where once we
solution architect − one that was only architecture and processes. Issues that were remote, we are now actively engaged
creating documents, and not helping slowed down delivery and hampered and this is having a noticeable benefit to
the team in their day-to-day development. Issues caused by me being our delivery. However, the battle is not yet
deliverables. out of touch with my developers, and the won.
September 2021 | 11COMPANY NEWS
FINANCIAL TECH FORUM
How to achieve Costs to consider when
consistent arbitrage thinking of a top ERP
returns in crypto- implementation
currency “Never has there been a better time
Arbitrage is the act of buying to deploy an ERP solution than right
something in one market and selling now,” says Heinrich de Leeuw, MD,
it for a higher price in another. Jon Seidor Africa. “ERP software and
Ovadia is the CEO and founder of services have improved dramatically
Ovex, which offers an arbitrage in recent years. It is no longer an
service that guarantees its investors enormous expense, nor does it take
safe returns. “And Ovex’s enormous ages to implement. The solution
level of liquidity means we can brings operational areas together to
guarantee capital.” overcome the challenges.”
Jon Ovadia, CEO and www.ovex.io Heinrich de Leeuw, MD, Seidor www.seidorafrica.com
founder of Ovex Africa
Synresins makes 90% ROI with SYSPRO 8 Costs to consider when
upgrade thinking of implementing
After the deployment of SYSPRO 6 for more than eight years, there ERP
was a need to get a software solution that complemented the dynamics “Although priced for SMEs, this
of the growing business at Synresins. Transactions were slow to does not mean these solutions are
process and timely reports difficult to generate. Synresins became lightweight in terms of functions and
the first company to upgrade to SYSPRO 8 in Africa in 2018. It has capabilities,” says Elaine Havenga,
20 active users spread across finance, production and supply chain head of marketing, Seidor Africa.
departments. “Despite the teething problems we experienced during “They come with rich functionality
the upgrade, I would highly recommend SYSPRO 8 as it has great and are able to support a business’s
features. If there is SYSPRO 9, I don’t mind being the first company to accounting and financials; sales and
upgrade,” said Mira Shah, CEO of Synresins. customer relationship management;
www.syspro.com Elaine Havenga, head of purchasing and operations.”
marketing, Seidor Africa www.seidorafrica.com
Ovex now has a 100% risk-free way for you to
make extra income Epicor: supply chain digital acceleration
Up to now, earning staggering amounts of money in crypto-currency critical to fruitful post-pandemic economy
has only been possible for people with large bank accounts. Unless you Cloud prioritisation among midsize essential businesses accelerated
bought Bitcoin back in 2012, choosing Bitcoin as a strategy to make from 25% consideration in 2020 to 94% adopting cloud this year.
extra income meant you would need a serious amount of dough to get Seventy-five percent expect their business to be fully recovered from
into the market. (One Bitcoin is currently valued at nearly $35 000.) the impact of COVID-19 by 2022; 61% expect to expand in size and
But Ovex’s ingenious method of running its arbitrage services has scale over the coming three years; and 55% expect to create new jobs.
opened the possibility of making extra income to everyone: Firstly, the This is according to Epicor Software Corporation’s annual Insights
arbitrage system itself consistently brings in ROI for investors. And, Report. The key takeaway is that leaders of midsize businesses across
secondly, it now has a high-paying referral programme for anyone the supply chain are bullish about growth fuelled on investment in
who brings the company new business. cloud-ready technologies. The survey finds essential business leaders
www.ovex.io are leaning into the accelerating forces of COVID-19 to ‘leap forward’.
www.epicor.com
To read the FULL company releases, visit
COMPANY NEWS www.itweb.co.za
Contact sales@itweb.co.za
for any sales enquiries.
12 | September 2021COMPANY NEWS
BUSINESS
UBU International reduces fees to 0% to help EOH closes off its inherited legacy issues, holds
small businesses accountable those responsible
Digital marketplace and payments provider UBU International dedicated In reference to the recent article, EOH can confirm it has filed civil
July to help secure the future of the food and drink outlets by zero-rating claims and is suing a number of former EOH executives, including
its fees across the board and by providing the functionality to easily offer Asher Bohbot (former CEO), John King (former CFO), Jehan Mackay
touchless mobile payments and both ‘order and collect’ and ‘order and (former head of Public Sector) and Ebrahim Laher (former head of
deliver’ services to its customers. UBU’s zero-rated fees include the EOH International) for a total of R6.4 billion in damages incurred by
costs for marketing businesses registered on the platform, as well as the EOH. When the new EOH board mandated ENSafrica to conduct a
transactional fees of up to 4% that businesses are forced to pay to accept comprehensive investigation into the large public sector contracts,
contactless payments or credit and debit cards. "The effects of the new they committed to be transparent on the process and the outcomes,
regulations are devastating," said UBU MD Tony Mallam. and co-operate with authorities, prosecute where there was
www.ubuinternational.com wrongdoing and implement the correct and appropriate governance
frameworks.
www.eoh.co.za
Sybrin’s Passive Liveness Detection SDK
conforms to FIDO Alliance’s biometrics
standards SYNAQ introduction and services
Sybrin has announced the issuance of the official evaluation report SYNAQ has summarised its value proposition in a video posted. The
by Fime confirming that the Sybrin Passive Liveness Detection SDK company identified several points, including: World-class e-mail that
was successfully audited on both level A and level B attacks. The FIDO means business – SYNAQ is committed to innovating and developing
accredited biometric laboratory FIME tested the SDK against criteria amazing solutions that drive your business forward.
based on FIDO Biometric Certification Requirements v1.1 (FIDO1.1) Deliver more for less: Partner with SA’s fastest-growing IT cloud
and in accordance with ISO/IEC 30107-1 and ISO/IEC 30107-3:2017. company and grow your service offering without a high capital
The FIDO Biometric Certification Requirements launched by the FIDO investment. Secure and seamless from end-to-end: We deliver
Alliance are there to ensure that biometric subcomponents meet advanced business e-mail solutions that allow your enterprise to
globally recognised performance standards for biometric recognition communicate, comply and collaborate flawlessly.
performance and presentation attack detection (PAD) and are fit for www.synaq.com
commercial use.
www.sybrin.com
DebiCheck: The next
chapter
Moving away from It is hard to believe that EDO has
physical offices to already been discontinued for new
desktops as a service uploads for two months on 1 July
Many businesses are adopting long- 2021, and that DebiCheck has been
term solutions to empower employees flying solo for this time. We sat down
with new flexible work policies, says with resident DebiCheck expert,
Troye CEO Helen Kruger. As a result, Vaughn Hechter, head of Customer
we see an increasing need to scale Services for NuPay and Delter, to
up quickly while providing a secure, get a better understanding of how
productive environment to meet the market has been responding to
long-term demands for flexibility. DebiCheck, and where there is more
This is where DaaS brings value to IT. Vaughn Hechter, head: Customer room for improvement.
Services at NuPay and Delter
www.troye.co.za www.altron.com
Helen Kruger, CEO, Troye
ACS walks away with
prestigious award
We are extremely proud to announce
that ACS’s Card Personalisation
Division has once again been awarded
ICT INSIGHT
the prestigious Entrust Financial
Instant Issuance partner of the year To read the FULL company releases, visit
award in the EMEA region. Entrust
annually bestows awards on its
distribution partners in the various
www.itweb.co.za
Contact sales@itweb.co.za for any sales enquiries.
regions they operate in, including the
Nico Els, GM: Card Americas, EMEA and Asia Pacific.
Personalisation at ACS
www.altron.com
September 2021 | 13POPIA READINESS
By ALISON JOB
Digitisation and secure data destruction
key elements of POPIA compliance
(58%) and fines (45%). “Although 59% paper-based processes. “Digitisation and its
of respondents were concerned about associated processes must be embraced by all
reputational damage, only 42% of businesses as it offers solutions that provide
businesses are digitally mature. Companies reliability and productivity for organisations.
must embrace digitisation and secure It simplifies the methods and governance
data destruction methods to assist with related to POPIA by keeping track of
compliance,” says Akaloo. retention periods, making sure the risks are
While 63% of responding organisations minimised and to ensure that it does not fall
said they would be ready to fully meet into the wrong hands,” adds Akaloo.
the POPIA requirements on 1 July, 17% Three quarters of respondents (76%) said
were already compliant and 13% said they they used access control as part of their data
wouldn’t be ready in time. protection policy. 57% used encryption,
Asked to identify the measures that they 54% used auditing and logging and 49%
have in place around POPIA compliance, 69% used data loss protection. Some 45% used
KEVIN AKALOO, SOUTH AFRICA’S NATIONAL had measures to ensure the individual whose two-factor authentication and 42% used data
HEAD OF SALES - PRIVATE AND PUBLIC data is being collected gives consent for data classification and handling. Only 22% used
SECTOR, IRON MOUNTAIN collection. Some 60% had a compliance cloud access security brokers.
officer, 58% had records of processing Seventy-three percent of respondents
I TWeb, in partnership with Iron Mountain,
conducted a POPIA Readiness Survey to
find out how well prepared organisations are
for POPIA compliance.
A total of 397 responses were captured,
with 66% of respondents being at executive
or middle management level, working
Companies must embrace digitisation and secure
across a range of industries, with 20% of data destruction methods to assist with
respondents coming from the software and
technology sectors. compliance.
The good news is that nearly half (45%)
of respondents said their organisations were
well prepared for POPIA compliance, while
43% said they were somewhat prepared
but could be more so. Five percent said
they weren’t at all prepared. Kevin Akaloo, activities which describe their purpose, have a process in place to safely and securely
South Africa’s National Head of Sales - type of data collected and the technical and destroy physical records, data and devices at
Private and Public sector at Iron Mountain organisational measures taken to ensure their the end of their lifecycle in order to reduce
says, “Interestingly, 74% of respondents’ security and 58% had procedures to provide e-waste and comply with POPIA. Only
decision makers and staff are familiar with individuals with a copy of all data relating 9% of respondents said their organisation
the POPIA regulation. I’m glad to see this as to them. Fifty-eight percent said they had didn’t have such a policy/process. Akaloo
compliance is ultimately the responsibility of measures to ensure logging and monitoring comments, “South African businesses
all departments.” of data processing and alteration of personal are paper-overloaded and there are risks
However, some 29% of survey respondents data, while 51% had procedures to delete associated with that such as external people
felt that overall responsibility for complying personal data in the event of a “right to be or disgruntled employees finding the
with POPIA should rest with a member of forgotten” request or if an individual objects information and misusing it. We recommend
the board or senior management, while to the processing of their data. that businesses deploy shredding solutions
18% of respondents felt that IT should be Digitising the business is regarded as key that securely destroy IT assets and
responsible, and 17% said a dedicated POPIA to POPIA compliance. 42% of respondents documents onsite or offsite to the point
team should carry the responsibility. said their organisation had an advanced where information cannot be recovered.
Top concerns regarding data management digital maturity, 27% said expert and a They should also consider building their own
aligned to POPIA emerged as reputational quarter (25%) said it was intermediate. virtual warehouses for record management
damage (59%), complexity of compliance 7% of respondents reported a reliance on purposes.”
14 | September 2021POPIA READINESS SURVEY
POPIA READINESS
How well prepared is your organisation for POPIA What are your concerns regarding data management aligned
compliance? to POPIA?
59% 58%
60
Well prepared
50 45%
43%
45%
40
30
21%
20
Well prepared 45% 10 5%
Somewhat, but should be more 43%
I don’t know 6% 0
Not at all 6% Reputational Complexity Fines Staff Our I don't
damage of awareness physical know
compliance is a data makes
concern it difficult to
manage
Which department in your organisation has Is your organisation embracing the POPI regulations
overall responsibility for complying with the in order to build customer trust?
POPIA?
4%
60 55%
Finance
9% Nobody in particular 50
11% Other
40
13% Legal
17% A dedicated POPIA team 30
23%
18% IT 18%
20
29% A member of the board or senior management team
10
2% 2%
0
Completely Somewhat Neutral Somewhat Completely
agree agree disagree disagree
xx | September 2021
September 2021 | 15POPIA READINESS POPIA READINESS SURVEY
Does your organisation have the following in place when Digitising your business will help you easily comply with
it comes to POPIA compliance? POPIA regulations. What is the digital maturity of your
organisation?
9% None of the above
50
42% POPIA
50% Procedures to delete personal data in the event of a “right to be
forgotten” request or if an individual objects to the processing of their
data 40
57% Records of processing activities which describe their purpose, type of
data collected and the technical and organisational measures taken to
ensure their security
57% Procedures to provide individuals with a copy of all data relating to
30 26% 25%
them
58% Measures to ensure logging and monitoring of data processing and
alteration of personal data
20
60% Compliance officer - only necessary for public authorities or companies
that process data as a core activity on a large scale
69% 7%
Measures to ensure the individual whose data is being collected gives
consent for data collection
10
0
Advanced - Expert - paper Intermediate - Beginner -
some scanning all shredded some scanning very paper
and some and cloud and some based with
shredding but storage shredding but onsite filing
mostly onsite mostly onsite and storage.
filing and filing and No shredding
storage storage of any paper.
Regarding any Information Governance measures that have Which of the below does your organisation use as part of its
not yet been implemented in your organisation, what are records management/data protection policy?
the main reasons for not implementing them?
Lack of time/
staff resource 1% Other
32% 11% I don't know
22% Cloud Access Security Brokers (CASBs)
41% Data classification and handling
44% Two-factor authentication
49% Data Loss Prevention (DLP)
Lack of time/ staff resource 32% 53% Auditing and logging
I don't know 19%
56% Encryption
Lack of awareness from key decision makers 16%
Lack of financial resource 16% 76% Access Control
Siloed/outdated information on personal data (PII) we store 12%
Other 5%
16 | September 2021 September 2021 | xxRETHINK HOW YOU DO BUSINESS From the everyday to the extraordinary - store, manage and transform how business gets done. 0861.476.668 | IRONMOUNTAIN.CO.ZA © 2021 Iron Mountain Incorporated. All rights reserved.
REPORTBACK: AFRICA SECTION
About Africa …
ICT Insight is proud to feature a recap of the biggest stories from Africa’s
ICT and telecommunications landscape.
I n this synopsis of top recent headlines
published by both ITWeb Africa and
ITWeb, we look at key developments
Ethio Telecom is partnering with
Ericsson to expand its 4G services into
the South West region of Ethiopia during
Operations Support Systems (OSS)
systems to the more advanced and high-
capacity Ericsson Network Manager
within Ethiopia’s ICT space, and progress 2021. According to the companies, (ENM).
made with 5G rollout, as well as advances Ericsson Radio System products
in innovation and telecommunications and solutions will be used for this Global Partnership for Ethiopia
in growing markets like Egypt and deployment. The core expansion will announces new leadership
Botswana. take place in Ethio telecom’s regional The Global Partnership for Ethiopia
datacentres and the datacentres in Addis (GPE) has appointed Anwar Soussa as
Ethio Telecom, Ericsson launch Ababa. Through this partnership, Ethio the Managing Director of its Operating
4G network for South West telecom will modernise its network Company in Ethiopia, effective 1 July
Ethiopia by transitioning from the current 2021. Anwar is currently the Managing
18 | September 2021REPORTBACK: AFRICA SECTION
Director of Vodacom DRC and the the island nation’s 5G capacity and its IBM to invest US$1bn in partner
Chairperson of Vodacash (M-Pesa), global standing among African countries ecosystem to drive AI, cloud adoption
a position he has held since 2017. progressing with this technology, IBM has fine-tuned its corporate go-
According to a statement released to the after deploying my.t 5G zones and to-market strategy – underpinned by
media, Soussa will report to the Board opening the network to public use. The a global investment of US$1-billion
of the Ethiopia entity and the Safaricom telecommunications firm announced - to leverage open hybrid cloud and
PLC CEO. An excerpt from the statement the deployment of four 5G Experience Artificial Intelligence and strengthen its
reads:“He has cemented Vodacom Zones in Ebène, at the University of partner ecosystem. A mature, value-
DRC as the largest Vodacom operation Mauritius, at Bagatelle Mall and La centric partner ecosystem is vital to
outside of South Africa by driving City Trianon. Sherry Singh, CEO of the company achieving its objective to
operational performance, crossing the Mauritius Telecom, launched the zones establish itself as a leading open hybrid
US$500m in service revenue mark for this month at the Hennessy Park hotel, cloud and AI firm. To this end, it has
the first time in 2020. Anwar will lead Ebene, together with Deepak Balgobin, simplified engagements, streamlined
the Ethiopian Operating Company on Minister of Information Technology, go-to-market strategies, and designed
behalf of the Global Partnership for Communication and Innovation. Singh specialised Build, Service and Sell tracks
Ethiopia Consortium.” said the local mobile market is already with tailored offers to help speed time
saturated and 5G is mainly used in to value. In 2018, IBM identified hybrid
Mascom details strategy to large companies around the world to cloud as the dominant force in the
dominate in Botswana connect millions of devices “in the IOT industry and has since introduced new
Mobile operator Mascom Wireless universe”, but 5G compatible devices technologies and in 2019, acquired Red
has unveiled new products and are that not numerous today. Hat in a landmark US$34-billion deal.
services as part of a strategy to
dominate Botswana’s growing ICT and
telecommunications markets. Mascom
Wireless CEO Dzene Makhwade-Seboni
confidently stated the company’s
intention: “Mascom is committed to
providing innovative and exciting
products and services with a sharp
focus to ensure it retains the number
one spot as the leading digital service
provider and the provider of choice
to all users.” The latest offering is an
upgrade on MySurf launched in 2019 as
a business broadband package to a triple
play home and business broadband.
Another product is Mascom Chat, a
WhatsApp-based interface through
which customers will be able to check
their account balances and purchase
airtime and data services.
Mauritius Telecom rolls out 5G
Experience Zones
Mauritius Telecom has entrenched
September 2021 | 19You can also read
