F5 Networks recently unveiled a security report, a study, titled ‘The Evolving Role of CISOs.’ The study, done in collaboration with the Ponemon Institute, collected information based on interviews with senior-level professionals (CISOs and CISO-equivalent roles) from 184 companies in seven countries.
A key takeaway – there is a shift toward security as a business priority. Fifty seven (57) percent of the respondents say that their organizations have experienced big developments that are driving change in their attitudes about security programs. Next, 49 percent believe that their organization considers security to be a business priority. Cybersecurity exploits and material data breaches are contributing most significantly to the changing attitudes about IT security programs.
Some of the other takeaways include:
* CISOs believe in the importance of an executive-level security leader.
* Enforce policies that protect the organization from insider negligence.
* Assess the risks created by the Internet of Things (IoT).
* Hold third parties to a higher standard of security.
* Invest in technologies that enable the move from protecting the perimeter, to the protecting of the endpoints, applications and data over the next 24 months.
Parag Khurana, MD, F5 Networks, India and SAARC, said: “There is a changed security landscape. The cloud is rapidly transforming. Also, the enterprises are consuming applications very differently. Everything is now getting encrypted.”
According to the study, 72 percent of the attacks are on applications. There is 28 percent attacks on the user identities, and 44 percent attacks on the application itself. Even then, less seems to be happening to support this sector.
Till now, most of the security is network-centric. It is causing a shift in IT security. Today, the focus is on security from the applications point of view. F5 Networks promises to secure the access to your applications. F5 Networks is seeing more conversation on multi-cloud security.
According to the CISO report:
* With the number of cyber attacks on the rise, the role of the CISO will become even more critical.
* Current IT security strategy spanning a company is still very rare.
* Recognition of security as a business priority is still reactive.
* An IT security strategy is still very rare.
— 58 percent believe that IT security is a standalone function.
— 45 percent believe that security function does not have clearly defined lines of responsibility.
— 22 percent believe that security is integrated with other business teams in their organizations.
In India, 57 percent of the respondents say that there is a change in attitude due to the big developments. Next, 31 percent say that there will be more dependency on application security in the future, and 30 percent feel that there will be more dependency on end-point security in the future. Another 23 percent feel that there will be less dependency on network security in the future.
Things to do for CISOs
There are three things for CISOs to look at in future:
* On moving on to the cloud, what happens to the current security?
* How can multi-cloud environments work?
* How can they best protect the organizations from attack vectors that have now increased?
Enterprises definitely need to establish enterprise-class data centers, and have own control, and further extend that to hybrid models. Banking and financial services are the first movers to implement security. Next, the pharmaceutical companies are adopting security to protect their IP.
Sanjay Gupta, senior director of R&D, Mentor Emulation Division, Mentor, presented on the design verification trends and role of emulation.
Verification needs are expanding beyond traditional functional verification. SoC power analysis, coverage closure and DFT validations are critical. Vertical market segment focus is crucial as verification needs are different for different verticals. Verification teams are global teams. Veloce platform addresses the modern verification challenges.
Talking about the design trends, ~31 percent of designs use over 800 million gates and ~20 percent use over 500 million gates.Next, 72 percent of designs contain embedded processors, and 49 percent designs contain two or more processers, while 16 percent designs have eight or more processors.
As for ASIC/IC completion to the original schedule, 61 percent designs were behind schedule in 2014, which increased to 69 percent during 2016. The number of required ASIC/IC spins before production had become seven spins or more in 2016.
Regarding verification trends, as for more design engineers vs. verification engineers, design engineers were growing at CAGR 3.6 percent, while verification engineers were growing at CAGR 10.4 percent, from 2007-2016. The ASIC/IC verification engineers were spending 39 percent of their time at debugging, 22 percent each at creating test and running simulation, and testbench development, and 14 percent time in test planning.
SystemVerilog was a clear leader at the ASIC/IC verification language adoption, while Accelera UVM was a clear leader at the ASIC/IC testbench methodology adoption trends.
In power and coverage, 72 percent more designs wre actively managing power in 2016 as against 59 percent in 2007. Among the power intent trends, the UPF 2x was a clear leader among notations used to describe power intent. Functional coverage is just nearly on par with code coverage, followed by assertions and constrained-random simulation, as far as the ASIC/IC dynamic verification trends are concerned.
Challenges for verification include larger, more complex chips, as well as the increasing software content. Transistor count for select ICs will likely reach 15 billion gates by 2022.
Vertical segments are facing constant innovation. In networking, SDN emergence is driving complexity, size, and port count. There is an increased importance of software. Networking is driven by Big Data, cloud and mobility.
Safety is critical verification for automotive design. Veloce delivers the functional safety verification. Emulation has moved to virtualization with Veloce2. Data-center friendliness and enterprise-level usage are prime. Veloce Strato has accelerated and moved on to the application age, and has a vertical market focus.
Crystal chip is the brain of the Veloce emulation platform. A chip is designed exclusively for emulation: fast compile and efficient, full visibility. The chip, system and software are architected together to optimize the emulation capabilities and productivity. The Veloce Strato offers the lowest cost of ownership.
Veloce power app offers low-power verification at SoC level where power controls come from the application software, handles large SoC (RTL/Gate) with full visibility, performs complete verification (e.g. OS boot) and shows accurate power numbers based on real switching activity.
You can also do low power verification with Veloce. There is broad UPF 2.x support and UPF 3.0 support is planned by the end of 2017. Veloce coverage app has comprehensive SVA assertion support, SV functional coverage, code coverage, standard UCDB support and merged with simulation UCDB, and flow to enable XML merge with other platforms.
Anoop Saha, Mentor, did a presentation on Veloce vertical solutions at the Emulation Conference in Bangalore.
Veloce solutions are used across networking, storage, multimedia, mobile, CPU, automotive and military aeronautics. Veloce is structured around verticals to be segment focused, identify and address segment specific challenges, and identify gaps early on.
Veloce solutions are connecting the DUT to the external stimulus. iSolve speed adaptors connect real-life systems with the emulator. The Virtualab peripherals — VirtuaLab is the software representation of a speed adaptor. The Veloce transactor library – Veloce compatible verification IP. Transactors (VTL) to integrate with users UVM testbench and lower the abstraction layer.
In networking, for instance, the network switch is driving complexity. There is shift to SDN driving chip size and high port counts. Next, 5G is also driving new technology
and standards. Veloce for networking is offering solutions on top of core emulation platform. The verification flow is expanding to include Lab system validation. As of now, SDN is said to be creating a methodology shift. Mentor is said to be the only vendor with a complete offering.
Verification can no longer ignore firmware. Emulation enables earlier firmware development. Software debug is done with Codelink. The Veloce power app is used for broad base analysis. Veloce also offers complete solution for multimedia.
There has also been an industry shift from spec to benchmark. Many new apps target benchmarks for mobile devices. Examples are the AnTuTu benchmark, Geekbench for CPU and GPU benchmark, GFXBench, a GPU graphics centric benchmark, Android smartphone and tablet benchmark, etc.
Mentor, A Siemens Business, held a one-day conference on emulation in Bangalore and Hyderabad. I am thankful to my friends, Veeresh Shetty and Montu Makadia, for helping me attend this conference.
Shankar Bhat, Director, Engineering, Qualcomm India Pvt Ltd, in his keynote, titled 5G and Beyond – Emulation Challenges, said that a shrinking time to market, and stringent DPPM requirements drive the future of verification. Verification scope will extend from just hardware verification to software enablement. The emulation footprint in verification will significantly improve.
He added that mobile has been making a leap every 10 years. Today, it is redefining everything by creating the connectivity fabric for everything and bringing new levels of on-device intelligence. The long-term vision is to transform everything through intelligent connected platforms.
There is likely to be $12 trillion worth of 5G-related goods and services in 2035. Mobile is driving technology nodes and innovation. Verification focus has expanded from functionality to coverage to performance, on to power to yield and DPPM (defective parts per million). There is an over 30 percent NRE (non-recurring engineering) cost on design verification and emulation.
Post silicon validation and software testing time has been shirking. The post silicon test content, and software need to be fully validated before silicon arrival. Here, emulation plays a significant role in software readiness.
Regarding the key verification challenges, these are:
* Increased complexity: Test counts have increased, and there are much complex power structure and power domains. Also, there are challenging performance scenarios.
* Long simulation time: Simulator efficiency is not scaled. It is not able to complete all verification before tape out.
* Software enablement: Software expects fully verified design and settings.
* Customer enablement and DPPM reduction.
Emulation has several advantages. It has significantly faster run time, 1000X+ compared to simulation. It mimics hardware and closure to silicon. There is quick test portability between platforms.
Emulation will play significant role in design qualification, in both pre- and post-silicon phases. Software enablement will help achieve faster time-to-market. The challenges faced by emulation are a high NRE cost, limited debug capability, compilation time is still high, there are limited power verification capabilities. There are higher hardware costs as well in gate level verification, as it is difficult to fit the full SoC into the FPGA.
Emulation will play a significant role in hardware and software co-simulation. Tool portability is key. Verification will use multiple tools and flow. There will be the interpretability of tests, and data will be critical. EDA companies need to develop cost-effective emulation platforms.
Earlier, welcoming the audience, Ruchir Dixit, Technical Director-India, Mentor, said that the status quo is uncomfortable. He compared the cost of laying a metro network in Bangalore, which can cost between Rs. 8,000-14,000 crores. For emulation, while, it was expensive, it was about time that developers got used to it.
SAP announced the creation of a digital ecosystem with the SAP Leonardo portfolio, exclusively for India. SAP Leonardo is a digital innovation system for rapid, scalable transformation. It includes analytics, blockchain, machine learning, IoT, Big Data, data intelligence and SAP cloud platform using design thinking services. Bill McDermott, CEO, SAP, says, “SAP Leonardo will unlock the full potential of the intelligent enterprise.”
Deb Deep Sengupta, President and MD, SAP India Subcontinent, said, there are four traits that set the top 100 global companies from the rest, and have a digital mindset. These traits are:
* The companies are focused on true transformation.
* The companies invest in bimodal architecture.
* The companies transform customers facing function first.
* The companies are talent driven.
The mantra for achieving digitization is by intelligently connecting people, things and businesses to drive the outcome. Sengupta cited examples of Jio, Tata Group and Trenitalia, Italy. He added: “IoT sensors report issues in real-time for Trenitalia. The maintenance costs are down 8-10 percent using this process. SAP is also driving the IoT revolution. We plan to invest Euro 2 billion in IoT till 2020.”
Sengupta outlined the the architecture for doing digital today, from S/4 HANA to SAP Leonardo, on to SAP IoT Connect 365, and on to the Intelligent Edge.
SAP Leonardo delivers new capabilities
Neeraj Athalye, Head – S/4HANA I GST Adoption I Leonardo, SAP Indian Subcontinent, said: “Leonardo is a digital innovation system. The innovation needs to result in tangible benefits. A company also needs to integrate.”
SAP Leonardo delivers new capabilities in machine learning, IoT, Big Data, and analytics. It is open, extendable and ready to be woven into every facet of your business. SAP Leonardo also allows for rapid implementation and seamless scaling the existing SAP platform and application portfolio.
There are all the ingredients to make an innovative business process. Customers solve all common problems. All of the components have been added to the accelerator. An accelerator can be used to redirect maintenance needs, optimizing inventory levels, and ensure consistent temperatures with pre-set tolerances.
SAP IoT Connect 365
SAP IoT Connect 365 is a managed, cloud-based service that simplifies IoT connectivity for enterprises, government and people. The solution makes it easy for enterprises to connect their IoT devices and gateways over cellular networks, through a web GUI or a web service API. A part of the Leonardo technical services, this solution was first launched at SAPPHIRE, and represents tremendous opportunity for mobile operators.
Through SAP IoT Connect 365, SAP provides full connectivity management ranging from provisioning and activating SIM cards to defining usage thresholds for devices or groups of devices to streamline their data consumption. By using a neutral SIM card, enterprises will be able to forego lock-ins to a single mobile operator and benefit from the use of the radio network of operators that will be capable of giving the best price/performance for their needs.
What sets this solution apart is the simple business model, ease of integration, better management of connection costs and a mobile data service that leverages technologies to their best possible use. The solution has a number of customers in trial and one of the first ones to use it is a global automotive customer that is utilizing the SAP IoT Connect 365 to connect their test fleets.
SAP IoT Connect 365, delivers choice and flexibility to enterprises, laying the foundation for a well-connected, cost-efficient, and secure environment.
Athalye added: “We make the enterprises connect their devices over the cellular network. Data must be encrypted and secure. We follow all of the global norms of data security. Data does not understand boundaries and should be governed. SAP has stringent norms for data center approvals.
“Our core is also GST compliant. Customers are filing their GST returns as per the Indian norms. On-premise ERP, digital compliance and GSTN are integrated. In fact, every SAP customer is GST compliant.”
Standard Chartered Bank is developing the power of the interconnected strategy. StanChart is also redefining banking with connected thinking. Digital is combining with technology to trigger different touch points. Standard Chartered Bank also opened its new Global Business Services (GBC) center in Bangalore, early this month.
Kwan Chee Sun, Head, Standard Chartered Global Services, India, said that the fourth industrial revolution — the digital age — blurs the lines between digital, biological, etc. The bulk of the increase will happen in the technology space. He referred to Smile To Pay, a service offered by KFC and AliPay started in China.
Dr. Michael Gorriz, Group CIO, said that Standard Chartered had been discussing the future of banking for ages. How will StanChart look like 10 years down the road?
He said: “Five years ago, smartphones became pervasive and changed the face of banking. Banking is about basic services — store, lend and borrow money. We are now experiencing a world of digitised money. Technology has broken down the barriers. In future, digital will be dominant in bank-customer relations. Data and analytics will help banks to serve customers better in the future. We are now investing US$ 3 billion in improving our global footprint.
“We partner with fintech companies and incorporate them into our atmosphere. We have also built up an accelerator lab. Currently, we have a challenge with legacy systems. In the future, we would like an adaptive landscape. Investment in APIs is critical.”
Trends in banking
Designed for SMEs, Standard Chartered’s Straight2Bank (S2B) is a fully-integrated Internet banking platform that allows you to perform all your transaction and information.
Talking about technology trends in banking, he said: “The Straight2Bank app has an interface for commercial and corporate customers. Digital payments are engrained into the interface. There will be data-driven business models. Big Data can help us gaining insights into the real needs of customers. Next, fraud detection is important for us. Also, blockchain is helpful in bringing transparency into banking.”
Gorriz noted that StanChart currently operates in 68 countries. The learnings among the different markets are exchanged quickly. StanChart supports over 9 million customers today in retail banking.
James Dolphin, CIO, Retail, Private Banking and Wealth Management, said that banks create and convey trust, adding: “Cavalier people generally write the best software. We are now competing for software engineering talent.” He added that banks had been mistrustful to open source for a very long time. That scenario was changing.
Dolphin noted that the current scenario of software development resembled the waterfall vs. agile development of software. Digital product owners tell the team what needs to be done. The team of engineers have two weeks to change their minds, if needed. “We are now looking at areas where the engineers and software developers can run speed, or, be on a run-on condition. Our engineers should have the ability to create something very quickly.”
In a presentation made via video, Tom Siebel, CEO, C3 IoT, said that IoT is about the sensoring of value chains. Smart, connected products are today transforming companies. The C3 IoT platform allows the company to collect and analyze data.
Focus on data
Shameek Kundu, chief data officer, Standard Chartered Bank, during a chat, said: “Data will be very important. We are working on expanding the credit transaction data. We are also working toward building a safer infrastructure for the bank. In Singapore, we have combined geospatial infrastructure with real-time offers. This exercise is building on the data asset.”
Regarding the smaller traders, he said: “We can bring small manufacturers into our stream. Having access to good data will help us in expanding credit. Technology can play a big role in all of this. Our strengths are the advantage of investing in technology and improving on our footprint.”
As for blockchain, he noted: “Blockchain is a way to build trust. We have invested in Ripple, and worked with AIG. Our priority remains to upgrading on services and technology to serve customers.” Standard Chartered Bank made a strategic investment in Ripple, a leading distributed ledger company, last September. The investment will accelerate the Bank’s digitisation agenda in distributed ledger technology as it explores new ways of adding value to its clients and the industry.
He continued: “We actually went open source in banking. As the customers’ needs evolve, there will be a need to invest in technology. We recognize that we have to work at the customers’ requirements and then, meeting them. Technology companies are also building specific solutions to support for our services.”