Briefing on the SolarWinds breach

What happened?

First reported on Sunday, software provider SolarWinds suffered a massive breach that has global implications on both public and private organizations. Acknowledged by SolarWinds, a supply chain attack trojanized the security vendor’s Orion product, which provides IT health and performance monitoring for large networks. The attack breached SolarWinds’ codebase and attached malicious code to Orion’s upgrade patch as early as last March. This allowed the attackers to create a backdoor to spy and steal data from government, critical infrastructure, and other major verticals for months.

Solar Winds has more than 300,000 customers worldwide, including most Fortune 500 companies, all five branches of the U.S. military, and several agencies, including the highest levels of the federal government. According to the company, less than 18,000 of its customers have installed the malware-laced Orion update. Thus far, the Department of Commerce and the U.S. Treasury are known victims of the breach, but more agencies and commercial enterprises are likely to disclose that their systems were compromised. U.S. officials suspect a Russian group known as APT29 is behind the intrusion campaign.

How can Centerity help?

Business continuity is one of the top objectives for supply chains, enterprises, and government agencies. Ensuring true 360-degree business continuity means monitoring three main pillars:

  • Health
  • Performance
  • Security

In addition to comprehensively monitoring them, it’s critically important to be able to correlate among the pillars and translate the outcomes to business impact. This pivotal ability to prioritize actions shortens mean time to detect (MTTD) and mean time to respond (MTTR) whether there’s a glitch, a bug, or a breach.

Learn more

To learn more about how Centerity approaches 360-degree business continuity, please read our Platform Overview or contact us.

Did you know Hackers can reduce your salary

Highlights

  • As we all use printers, we usually select them based on standard criteria; however, it appears we are missing the most important one.
  • Getting access to your internal network is a severe security risk creating an enormous potential opportunity for hackers around the world.
  • How can we fix something we are blind to that can happen behind our backs?
  • You have to be notified about critical events or misconfigurations and be able to automatically block any malicious devices or potential threats.

Why choosing a printer is not just a matter of ink?

Canon, HP, Epson, Brother. This is just a short list of the most popular printers. You and your company most likely own one of them if not a few. How did you choose the most reliable ones? Depending on the line of work and the business of the company, some of the main factors to consider will be price, service quality, printing volume & speed and perhaps color contrast.

However, since they are connected to your network, did you ever stop to think that besides those factors and feedback on forums, you will need to address something as critical as security protection? Think again.

Your printer is a threat!

Even if you review your paycheck on a regular basis with a magnifier to ensure all the numbers are correct, you need to be aware of the security breaches your printer is exposing you to. First, document theft or hijacking – a potential GDPR breach but also think about hijacking your paycheck and changing the numbers. Second, changing settings to alter and reroute the printer jobs and get valuable data. Third, printers exposuring your network via rogue device thus adding a new area of vulnerability.

What if, a hacker (internal or external) would find the first security breach and alter the numbers on your salary sheet? Instead of the real numbers, they would modify it and reroute the actual money to their bank account. How big of an impact would that be on your company? On your own salary as an employee or the entire company’s employees? Just think about the bad reputation or the potential financial damage to everyone.

Getting access to your internal network presents a severe security breach and vulnerability with an enormous potential threat from hackers around the world. Just read about “Stackoverflowin”1 to know the potential damage that could have done!

Protect your printer!

How can we fix something we are blind about and can happen behind our backs (and let’s just say we are not teachers)?

  1. Be notified about misconfigurations of devices and network, exposed assets & security postures and be alerted about malicious hardware and “uncontrolled” devices.
  2. Secure & Block – protect the “innocent” printers internally and externally by applying the relevant configuration (i.e., use complex password) and securing their USB interfaces. You can also validate the connection on the physical layer or generate “two-way” authentication, but the most important method is to identify and block any malicious device once discovered.

Conclusion

Now that we understand that choosing a printer is not just by the amount of ink it consumes. It can do much more than print expense receipts. It can facilitate a change to your (precious) salary and be a conduit to an even more critical organizational content. Centerity wants to offer a solution.

You have to be notified of critical events or misconfigurations and be able to automatically block any malicious device or potential threats. For this purpose, Centerity’s Cyber AIOps platform includes rogue device mitigation and observability modules. Centerity knows how to identify and block malicious hardware attacks as they happen, while keeping your printer’s configuration safe based on security best practices.

Want to protect your salary? Talk with us!

[hubspot type=form portal=3798741 id=8b1ac084-ba26-437a-af14-8404a8188f98]

A Rogue Device Sandwich

Writers: Stanislav (Stas) Siganevich, Retail Sector Manager and Snir Zarin, Solution Architect, Centerity.

I just wanted to have lunch but instead I’ve spotted a security breach. Does it make sense that a CISO needs to be physically present in a retail store to know about those threats?

Highlights

  • It appears there are physical threats which are not covered by the standard security tools.
  • Only by arriving locally to one of our retail stores, I could identify a huge potential unknown security breach.
  • How easy is it to use a malicious device to penetrate our organization defenses? Quite simple to be honest.

Found it by chance

I’m hungry, I thought to myself as I was finishing with the last of the FW rules and distributing them to all of the stores. The daily dilemma of “where to get my calories today” was irrelevant today because yesterday the retailer I worked with to opened a brand-new store with a deli nearby that looks very promising.

As I was marching to the elevator, I remembered that I didn’t distribute the latest patches to the new equipment in that very store I was going to get my lunch from, but… it can wait an hour, I guess. When I entered the store the smell of the fresh baked bread and smoked meat fills my lungs and I joined the long line on my quest to fulfill my gastronomic desires.

The line was moving slowly, so I decided to try to catch up with all of the emails, though it’s not really possible. The reception in the store was not that good so connecting to a corporate WIFI sounded like the quickest solution (the bonus of being an information security officer), but when I was searching for a desired network in the list something caught my eye – an unknown network clearly transmitting from within the store with a really strong signal.

Red alert, red alert, all warning signs went off. I pulled my Laptop from the briefcase and left the line – my smoked beef sandwich will have to wait for me.

I started looking around to see if I can spot something or someone unusual. Everyone was pretty much busy with their food, god I’m hungry, except for one young lady that was sitting with a laptop, but without even a coffee cup in sight, right next to her there was a slightly displaced digital billboard that we had just recently installed. When I started walking towards her to see what she’s doing she must have noticed my corporate badge and quickly close the lid of the computer and started to go towards the exit. I checked my phone and… the network was still transmitting. I got a bit closer, just close enough to see a small black device sticking out of the network sockets that were in use by the billboard. When I pulled that sucker out, the unidentified network went down. Another one under the belt. A few moments later I was again in the line for that divine sandwich, feeling like a hero, wondering, why can’t I clone myself, though the thought of “why my NAC solution did not stop this” had me a bit (a megabit to be frank) worried.

“45!” the teller shouted. That’s me!!!! Oh joy!! “One Brisket with pickles and Coke please”, I approved the payment with my watch and the guy turned away to prepare my meal. In the meantime, I had nothing to do but to explore the POS in front of me, one of those I have to distribute with the latest patches once I get back to the office. Big screen, wireless payment terminal, the new Verifone model is prettier than the previous one I thought to myself, but wait, what is that I see? 3 shining USB ports just staring at me, without any barrier, just 20 centimeters from my hand, unsupervised, unprotected, exposed to the whole world for abusing. Sometimes I just wish I could unsee things, but this is not the case. In case you do not see an issue with this situation, let me draw a picture for you: Anyone, yes, anyone, a customer, a supplier, an employee, can connect a rogue device to this USB, oh, sorry, first lets say a few words about “Rogue Device”:

By definition, Rogue devices are malicious by nature. They are devices that have intentionally been compromised to carry out cyberattacks including data breaches, malware and ransomware attacks. Manipulating a peripheral device with a small computer, such as the Beagle Bone Board, allows bad actors to remotely gain access to an organization’s network by creating an out of band connection to bypass an air-gapped network. From here, data can be extracted, or malware/ransomware can be installed without the end-user knowing it, causing organizations to be vulnerable to both exfiltration and injection. Often, rogue devices help attackers perform man in the middle (MiTM) attacks, whereby the device intercepts the message from the victim to the entity. The consequences are impactful, and these attacks can even allow attackers to bypass biometric authentication.

Again, I pick up the phone, and realized our existing MDM and NAC systems can’t recognize those kind of devices, as they appear legit to the operating system. I guess I need to find a solution which can track those malicious hardware foes instantly, without visiting our entire retail store network on a daily basis. Dam, do you remember that I have not eaten yet??

My sandwich is packed and I’m all set to go. I start walking toward the exit when I pass the new digital billboard that is being installed and… oh my eyes!!!! Corporate network socket is just waiting there for anyone to connect to, but I’m hungry, so we will pick it up in the next episode.

Conclusions

As existing security tools are not covering the new era types of Rogue devices, we need to find a resolution to close this vulnerability and fast. Rogue devices are cheap and available to all, especially to bad guys with bad intentions. Any open hardware slot is similar to any open port. We can compare it to a closed but unlocked door which can be opened simply by turning the door knob, open it and get full access.

What can you do? A lot. Centerity’s Cyber AIOps Module for Rogue Device Mitigation can prevent those malicious hardware devices from penetrating your network. We will be more than happy to show you how simply you can avoid those kinds of attacks and keep your organization safe.

You are an internet star and you didn’t even know

Written by: Matan Reiman, VP of Business Development, Cyber AIOps Lead, Centerity.

Many people wish to be an internet celebrity in order to gain fame, influence and notability. Although, it is still hard work to become one, there is a good chance that you already are one of those internet stars and you just don’t know it yet…

Highlights

  • While security professionals often lack visibility of their organizations’ internet exposed assets, hackers are always on the lookout for such targets and case easily detected them
  • The statistics around misconfigurations are alarming and cybersecurity teams struggle to keep up and stay on top of this phenomenon
  • Using the right tools and increasing cyber hygiene can keep your organization from harm’s way

Be an internet star for the right reasons

When it comes to your personal brand, increasing your internet presence is important and can be very exciting. The prospect of becoming a powerful known influencer can bring along both social and financial benefits. But when it comes to your organization’s IT infrastructure, online exposure is a whole different story. Instead of fame and glory, your organization is risking a feature in the Wall Street Journal but for all the wrong reasons.
The reality on the ground is that all security teams today face unknown unknowns. With 70%1 of attacks being perpetrated by external threat actors, its crucial to understand what your organization’s digital footprint looks like and which unknown internet exposures you may have which hackers can easily find.
An average security tech stack today includes dozens of tools as well as awareness programs aiming to increase cyber resilience and improve the security posture. Nevertheless, millions of sensitive assets end up unintentionally exposed to the web and pose imminent threats to organizations. Such unknown exposures are low hanging fruit that are “waiting” to be exploited by hackers.
With so many tools and investment that goes into security programs, how come such blind spots are so prevalent? Simply put, misconfigurations and human errors.The natural maturation of businesses as well as digital transformation processes often translate into business growth but also mean that your IT ecosystem and digital footprint are growing and are in constant flux.
Spinning up new cloud instances, frequent deployment of development environments and adoption of new software tools are just a few examples of ongoing activities which often remain under IT and security teams’ radars and can easily result in risky misconfigurations.
Traditional tools are built for your known network ranges. Once set up, they will detect vulnerabilities and misconfigurations within pre-defined environments. But all your other connected assets will remain in the dark.
The numbers around misconfigurations which lead to unknown exposures are overwhelming. On average 64%2 of organizations’ digital assets are unintentionally exposed to the internet and not monitored. It’s time to take control of your critical assets before someone else does.

What can you do?

Here are 4 tips for achieving complete and ongoing visibility of your external attack surface.

  1. Accept the fact that assessing vulnerabilities from the inside only is insufficient. If you want to stay ahead of hackers, you must also gain their point of view and observe your business from the outside-in.
  2. Periodic and limited discovery exercises such as penetration testing are insufficient. With the current rate of change, exposed asset discovery should be fully automated, continuous and done at an internet-wide scale.
  3. Your supply chain is part of your IT ecosystem and is a source for potential unknown exposures. You need a solution which can monitor and identify the risks caused by your business partners and contractors.
  4. Full visibility is a must but not enough. Actionable security insights enriched with your business context is needed for quickly eliminating unwanted exposures.

Our advice… ensure your organization’s fame is driven by its success and not because a cybercriminal has managed to gain access to your sensitive data.

Conclusion

By gaining better visibility and converting unknown unknowns into known risks in real time, organizations can significantly mitigate and reduce security risks.

Centerity Cyber AIOps platform, with its unique attack surface management module is designed exactly for this purpose. With no installation or set up required, this solution indexes billions of exposed assets across the entire internet and automatically maps them back to your organization. You get real time visibility and insights into every potential risk across all your environments and the supply chain.

You’ll probably be surprised by the results! Talk with us!

[1] Source: Verizon’s DBIR 2020
[2] Source: Reposify 2020

Remote IT Operations is the New Norm

IT in Times of Crisis

IT operations pros worldwide are instantly part of wartime environments.  They are supporting a massive number of people transitioning to remote work, shifting work models, and in most cases, extended hours.  While the COVID-19 virus is putting a severe strain on corporate networks, servers, and security policies, it may also be causing major traffic jams on customer-facing websites.  This is especially true for consumer-facing businesses in retail, healthcare and financial services.  Above all, the new IT reality is testing each organization’s ability to deal with the unexpected and unplanned1.

According to Accenture2, the transition that many leading companies have been pursuing towards digital businesses must continue and even accelerate during times of crisis.  Some of the critical business areas impacted are Operations, Commerce, User Experience, Supply Chain, Leadership, and the Workplace.  Each one of these areas is essential to business requiring a holistic approach to digital transformation.

While we hope there will not be another event of this magnitude, changes that became necessary during these last few months will persist – the IT evolution will need to adapt to this new reality.  Agility and adaptability are not buzz words anymore and have become an essential part of modern IT managements’ DNA.  IT systems must adapt to a new, ever-changing, ever-evolving reality, implying that many assumptions companies had regarding their information technology ecosystems are no longer valid.

The Unexpected Demand Scenario

What happens when operations support systems such as remote access or VPN systems suddenly expand from serving 25% of the company to 100%, becoming business-critical?  As workloads shift and secondary systems become business-critical, performance management becomes the only way to cope with the lack of resources in an on-premise or hybrid operating model.

Capacity planning is usually completed in advance according to trends with relatively constant consumption dynamics.  In on-premise and hybrid architectures, new purchases may take months to provision.  The only answer to cope with existing systems constraints and maintain regular operations is to have automation through an AIOps platform that can: (1) detect and even predict these new demands on systems; (2) detect performance problems proactively; and (3) execute remediation measures automatically to keep the systems performing optimally.

Deal with the New Reality

In the new reality, the transition from traditional, static, rules-based monitoring to dynamic AIOps is essential.  Modern IT management teams can no longer wait for trends to become obvious as future operating behaviors will become more dynamic, more frequent and less predictable.  Traditional monitoring and event management systems are based on static thresholds that primarily rely on assumptions derived from past experiences.  As operating scenarios change rapidly in the new paradigm, dynamic behavioral analysis becomes the new doctrine for modern IT Operations.  The manual adjusting of alert thresholds, the lack of correlation across interdependent domains, and reactive alarms are no longer acceptable when an average company may have more than 2,500 performance metrics per unique business service.

Driverless, IT Operations

Proactive analytics and automated responses are the new norm and ensure optimal system performance. Functionality like these will allow modern IT management teams to rapidly adapt to these new, unexpected realities without serious disruptions to current operations.

Centerity offers a modern AIOps platform married with Cyber AIOps capabilities that automatically learns the behavior of critical applications and business processes by using machine learning on a Big Data, Time-Series platform that can adapt dynamically without the need for human intervention.

As a result, IT management is empowered to adapt to new, unexpected realities in a matter of days without disrupting current operations.

  1. https://blog.opsramp.com/coronavirus-it-operations-reading-list?utm_campaign=FY20%20Q1%20-%20Spring%202020%20Newsletter&utm_source=hs_email&utm_medium=email&utm_content=85497904&_hsenc=p2ANqtz-8e4Hu79oscIEjeueRk3vIvEAaSJ7MlGL7vG3PDGQOiT7JJfdzlVsxoaHX3C8Gr_1VIJMFz9k-5Qc6zfoe3Bjr7AnRkMQ&_hsmi=85497904
  2. https://www.accenture.com/us-en/about/company/coronavirus-business-economic-impact

Centerity Brings Business Value To APM

The Centerity AIOps Platform

Centerity is an AIOps Platform that Delivers Dynamic Service Views and Business Service Level Analytics for Digitalization and Digital Transformation Initiatives to the business constituents responsible for these services. Each Dynamic Service View calculates the performance and availability of a critical business service as shown below.

Centerity Complements APM Solutions

APM solutions like AppDynamics, Dynatrace, Instana, and New Relic trace the execution of business transaction through the custom code that implements these transactions. Metrics like response time, calls per second and error rate are collected for each transaction, tier and application monitored by the APM tool. Centerity complements APM tools in the following respects:
  • APM tools cannot cover the entire IT stack down into virtualized and physical hosts, networking and storage – Centerity can
  • APM tools cannot roll up the performance and availability of the entire stack into Dynamic Service Views for business constituents – Centerity does this and incorporates the transaction and application metrics from the APM tools into the DSV’s.
The manner in which Centerity complements the APM tools is shown in the image below. The transaction, tier and application metrics for an application is which part of a business service monitored by Centerity are the top three layers in the Dynamic Service View. Centerity itself monitors the entire virtual and physical infrastructure that supports the applications including the VMware environment, the virtual and physical network and the storage. Centerity is therefore uniquely able to translate IT infrastructure metrics, and application level metrics from APM tools into value for the business constituents who rely upon the entire IT stack to work correctly in order for the business service to deliver revenue or other business results to the business.

The Layers of a Centerity Dynamic Service View

Centerity is able to build the Dynamic Service Views out of the layers that comprise each business service by having a comprehensive platform that collects events, logs, and relationships from across the entire stack. The platform then builds the relationships in real-time over time and applies AI to automate anomaly detection.

The Centerity AIOps Platform

Centerity Functional Overview

Summary

APM tools are excellent at helping the teams that develop and support custom applications in production ensure that their code is working and performing as it should be, and in pointing to issues in the code when there are problems. Centerity integrates in with the APM tools, to combine APM metrics with infrastructure metrics into valuable Dynamic Service Views for business constituents.  

Recorded EMA Webinar – A Look at the Changing IT-to-Business Landscape

In an era of digital transformation, stakeholders like business planners and executives find themselves increasingly dependent on IT services not only for routine business operations, but also for evolving their business models to become more competitive and more customer-aware. At the same time, IT executives and innovators find themselves increasingly pressured to show value and accelerate service delivery while minimizing costs and eliminating IT inefficiencies. This combination echoes Dickens’ “It was the best of times, it was the worst of times…” in its mixture of innovative opportunity with outstanding pressures to perform faster and more effectively without breakage or loss.

 

Recorded EMA Webinar – A Look at the Changing IT-to-Business Landscape

In an era of digital transformation, stakeholders like business planners and executives find themselves increasingly dependent on IT services not only for routine business operations, but also for evolving their business models to become more competitive and more customer-aware. At the same time, IT executives and innovators find themselves increasingly pressured to show value and accelerate service delivery while minimizing costs and eliminating IT inefficiencies. This combination echoes Dickens’ “It was the best of times, it was the worst of times…” in its mixture of innovative opportunity with outstanding pressures to perform faster and more effectively without breakage or loss.

 

Digital Transformation In Retail

It really has to work all of the time

Overview

The retail industry has changed significantly over the past decade and it keeps on evolving further and faster by adopting new, cutting edge technologies while transforming from a classic store to an omnichannel business that is not limited to one country or to the physical world at all.

While these businesses strive forward, some of them open new online or offline stores every day, their infrastructures can’t sometimes keep up with the pace.

The modern store is a vast collection of technologies: Points of Sale, Self-checkout kiosks, payment and security systems and operational technologies like refrigerators and baking ovens. Most of these technologies are not limited to the store and rely on many different backend systems which in their turn rely on other systems which often span multiple vendors and service providers. This huge, interconnected network of technologies is very hard to keep track of and when problems start you need to be ready to identify and solve them fast or suffer the consequences.

The State of Online Commerce

Digital transformation is no longer about if enterprises will transform, but about when. Companies that have not embraced transformation, such as Kodak, Blockbuster or Borders have disappeared, and even technology companies like Nokia, that have failed to change with the times, are now struggling to survive.

Source: Profitindustry.com May 2019  

The accelerated pace of economic change is compressing the lifecycle of businesses and those that don’t digitally transform will be rendered irrelevant; and it will happen with remarkable speed, and with little warning.

Digital transformation is not just about technology; it’s about redefining your entire business strategy. The degree of difficulty is compounded by the dearth of experienced resources. According to Forrester, in 2017, 74% of companies have a digital transformation strategy, but only 15% have the skills and capabilities to implement it.

The Changes Driven by Digital Transformation

Digital Transformation is a disruptive process and it will not only “transform” your IT department but also will change all aspects of your business, including; the way you relate with your customers, your partners, and your suppliers.

In this document, we will focus on the intrinsic technological requirements, not the business process aspects of the process.

At its core, Digital transformation drives some key changes:

  • Every key business process of the company and the interactions with every key constituency are implemented in software and are rapidly evolved to maintain competitive advantage online.
  • Data driven applications are deployed on cloud-based infrastructure and every facet of the supply chain is connected through the cloud.
  • Real-time data analytics for notifications and abnormality detection (AIOps).
  • Big Data to optimize system performance in reaction to change.
  • Users now must have a connected device to see the necessary information on cloud.
  • Applications should be able to adapt to different environments (on-premise, Cloud, containers, etc.), detect and inform environmental changes and proactively change their behavior accordingly.

The Omnichannel Approach

The term OmniChannel refers to better introspection of the customer experience by understanding where, when, how, and of course, what he/she wants. It means offering the customers a real-time, on-demand, cloud-based, self-service experience through the convergence of all the channels. With information coming from virtually everywhere (on premise, cloud systems, IoT, mobile applications, etc.) and in real time, it is critical to have applications that can provision these sources of information efficiently, and in real time.

OmniChannel may include:

  • Online browser based applications
  • Mobile applications (owned and 3rd parties)
  • Kiosks
  • Telephone Interactive Voice Response
  • Social media
  • Help desk
  • Physical locations (branches, plants, etc.)

One of the most critical components of the OmniChannel strategy is the backend.

As with any other multi-technology support (IoT, Cloud, on-premise, Mobile, etc.) it needs a myriad of connecting elements and workflows to pull, push and normalize the information flows. The business in turns needs to guarantee that these business flows are working correctly, as they are becoming the bloodline of the digital business.

An OmniChannel approach at a Global Fast Food Restaurant

What Happens When Things Go Wrong?

Online systems in retail directly support the revenue generation of the company, and when they are not working correctly also damage the reputation of the company, and the ability to retain customers. So an outage does not just represent a one-time loss of revenue, it often causes customers to leave and to never return.

Immediate revenue loss, stock market crashes and reputation damage cause retailers billions of dollars of damage every year!

The Centerity Solution

The Centerity AIOps Platform has a proven history in supporting business service outcomes across complex enterprise and managed service environments. Centerity is built on strong operational analytics and data mining, as well as powerful discovery, visualization, and dependency insights. Highlighted features include the following:

  • Deep and Broad Integrations: Centerity integrates with the tools and platforms that you rely upon.
  • Dynamic Service Views: Simple to understand gauges that show the service quality for each critical business service
  • Real-time Analytics: Advanced management & tactical dashboards maintain SLAs for critical processes.
  • In Context: Constant alignment between IT data and business objectives.
  • Consistent User Experience: Detect user experience degradation before your users do.
  • Traffic Analysis: Analyze bandwidth consumption and data flow; filter by application, packets, protocols, etc.
  • AI-driven Anomaly Detection: Machine learning for digital services moves the performance discipline beyond thresholds

The Centerity AIOps Platform

Centerity Functional Overview

Centerity’s Dynamic Service Views translate technical metrics and their impact on business services and resultant consequences.  Each gauge represents the availability, performance, throughput and error rate of the entire stack of software and hardware supporting each digital business service.

Unified Dynamic Business Service Views

When service levels degrade, Centerity provides a bird’s eye view of how the operation of each layer that supports the digital business service is impacting the overall service level.

Drill Down Into Each Layer of a Digital Business Service

Learn More about Centerity

To learn more about the Centerity AIOps Platform please visit – https://performance.centerity.com/aiops-and-aiops-platforms

To learn more about Centerity and Digital Transformation, please visit – https://performance.centerity.com/digitization-digitalization-and-digital-transformation

Author
Stanislav (Stas) Siganevich
Retail Sector Manager, Centerity
StanislavS@centerity.com

 

Digital Transformation in Latin America It’s A Digital World

We all spend many hours talking about digital transformation at work. At home we book our movie tickets on our phones, make payments using internet banking, and grocery shop on Amazon.

Statistics show that 71% of shoppers in the US and up to 91% in APAC countries prefer to shop online and this tendency is growing around 23% year over year. Up to 58% of these operations are performed via mobile devices like phones and tablets.

Latin American markets are the most active and are shifting from consuming largely global companies’ products towards their local products. For example, in Mexico (growing 7% in electronics shopping and 20% in online services between 2017 and 2018), local shops are taking the leading position in the ranking of purchases orders while global players, such as Amazon and Wish, are relegated to 4th or 5th place. In Brazil, the situation is similar; there are currently 66.4 million eCommerce users, with an additional 28.2 million users expected to be shopping Online by 2021. By 2023 these 94.6 million eCommerce users will spend an average of over $300 yearly online.

Growth rate of e-commerce sales in selected Latin America 2017-2018 (Source: Statistica)

Growth rate of e-commerce sales in selected Latin America

Where will you be in 5 years?

Digital transformation is no longer about if enterprises will transform, but about when. Companies that have not embraced transformation, such as Kodak, Blockbuster or Borders have disappeared, and even technology companies like Nokia, that have failed to change with the times, are now struggling to survive.

The accelerated pace of economic change is compressing the lifecycle of businesses and those that don’t digitally transform will be rendered irrelevant; and it will happen with remarkable speed, and with little warning.

Digital transformation is not just about technology; it’s about redefining your entire business strategy. The degree of difficulty is compounded by the dearth of experienced resources. According to Forrester, in 2017, 74% of companies have a digital transformation strategy, but only 15% have the skills and capabilities to implement it.

The concern for many businesses is that they’ve already fallen behind and may be too late to get started. Digital speed

Companies that are not agile enough or cannot adapt to economic tides may end up stranded in shallow waters. Today’s consumers have countless options so keeping up is the only way to remain relevant, to survive. 

roughlyeightintenamericans
expectedlatammarket

Digital transformation will enable your company to:

  • Generate additional sources of revenue online
  • Be more agile in pursuit of new markets and opportunities
  • Improve interactions with customers, partners, suppliers and employees
  • Increase efficiency
  • Improve business decision making
  • Implement better governance

To have real impact the transformation must become a part of the fabric of the company and championed by leadership.

A complicating factor is that digital transformation may mean different things to different industries, and a valuable benefit for banking, may not apply to healthcare.

The following is an example of applications for different verticals.

Digital Transformation benefits by Vertical Market

Digital Transformation benefits by Vertical Market

The Tao of Transformation

Digital Transformation is a disruptive process and it will not only “transform” your IT department but also will change all aspects of your business, including; the way you relate with your customers, your partners, and your suppliers.

In this document, we will focus on the intrinsic technological requirements, not the business process aspects of the process.

At its core, Digital transformation drives some key changes:

  • Every key business process of the company and the interactions with every key constituency are implemented in software and are rapidly evolved to maintain competitive advantage online.
  • Data driven applications are deployed on cloud-based infrastructure and every facet of the supply chain is connected through the cloud.
  • Real-time data analytics for notifications and abnormality detection (AIOps).
  • Big Data to optimize system performance in reaction to change.
  • Users now must have a connected device to see the necessary information on cloud.
  • Applications should be able to adapt to different environments (on-premise, Cloud, containers, etc.), detect and inform environmental changes and proactively change their behavior accordingly.

The OmniChannel

The term OmniChannel refers to better introspection of the customer experience by understanding where, when, how, and of course, what he/she wants. It means offering the customers a real-time, on-demand, cloud-based, self-service experience through the convergence of all the channels. With information coming from virtually everywhere (on premise, cloud systems, IoT, mobile applications, etc.) and in real time, it is critical to have applications that can provision these sources of information efficiently, and in real time.

OmniChannel may include:

  • Online browser based applications
  • Mobile applications (owned and 3rd parties)
  • Kiosks
  • Telephone Interactive Voice Response
  • Social media
  • Help desk
  • Physical locations (branches, plants, etc.)

One of the most critical components of the OmniChannel strategy is the backend.

As with any other multi-technology support (IoT, Cloud, on-premise, Mobile, etc.) it needs a myriad of connecting elements and workflows to pull, push and normalize the information flows. The business in turns needs to guarantee that these business flows are working correctly, as they are becoming the bloodline of the digital business.

An OmniChannel approach at a Global Fast Food Restaurant

An OmniChannel approach at a Global Fast Food Restaurant

ERP and digital transformation

ERP systems are in the core of this transformation, as they manage the supply chain and often the order to cash process as well. SAP, the global leader in ERP systems is helping its customers drive Digital Transformation with its own Digital Transformation Platform shown below.

sapdigitaltransformationplatfomr

The industry’s response to the pressures generated by digital transformation

It is an imperative for modern enterprises to compete online and to digitally transform their operations. This places demands upon the scarce resources (people) that can build and operate these digital applications, business services and systems.

The technology industry has responded to the demand to implement business processes in software with a set of innovations. The architecture of applications is being further distributed and simplified around a microservices model. The process of delivering software into production is being automated as much as possible through CI/CD. At each layer of the technology stack new languages, services, and data architectures are being invented to meet new needs. Finally the operation of the environment is now automated.

Innovations and Dynamic Behavior across the Entire Technology Stack

Innovations and Dynamic Behavior across the Entire Technology Stack

An unprecedented situation in the modern enterprise:

  • Enterprises must compete and execute online as software vendors (Revenue, Cost Efficiency, Time to Market, Agility, Quality of Service, End User Experience)
  • An unprecedented pace of innovation in processes and technology to support the business imperative of digitization creates previously unheard of levels of complexity and diversity.
  • Time to market and agility pressures are causing applications to be architected around microservices and released multiple times a day with CI/CD processes leading to more change in production than ever before.
  • The need for continuous availability and performance is driving dynamic behavior in virtualized and cloud based compute, networking and storage services.
  • All of this has to work flawlessly all of the time and is beyond the scope of any single monitoring vendor to monitor

A new set of requirements for making sure it all works all of the time

Many companies still monitor their services using siloed tools. These tools are inefficient, providing a bottom-up view, which fail in modern applications and business services, where multichannel, containers, and multi-cloud environments are the new de-facto service architecture standard. A new concept in monitoring is required; one that can comply with the following conditions:

  • The entire stack must now be monitored in the present (1 Min – 1 Sec) to be able to detect service quality issues in real time.
  • Relationships across the stack must be determined in instantly
    • What talks to what (traces and flows)?
    • What runs on what?
    • What is a component of what?
  • AIOps must be deployed to leverage relationships for automated root cause analysis and remediation.
  • The results of system monitoring must be made relevant to business constituents.

It is not sufficient to monitor the IT infrastructure, application, and business services as separated silos. In real digital transformation, all the services components must be observed, correlated, and presented in a single dimension, and easily understood by both IT and the business, supplemented by predictive behavior analysis.

AIOps platforms at the core of Digital Transformation

Business outcomes cannot be adequately supported and achieved while IT organizations remain in siloed pockets with redundant tools and technologies. For this reason, AIOps Platforms now complement the conventional, siloed IT monitoring systems to cope with the torrent of incoming monitoring data and to discern abnormalities automatically.

 By targeting thousands of components from the infrastructure, application and business layers simultaneously, AIOps can correlate, predictively analyze, and self-repair any irregularity, while presenting pertinent visualizations to both key stakeholders and IT operations personnel to quickly understand business service performance.

 When properly integrated into a broader capability for data assimilation, integrations, and automation, AIOps can align IT with business in a very concrete way.

Gartner’s View of AIOps Platforms

AIOps_Overview

The features that distinguish AIOps platforms from less advanced implementations of machine learning include the following:

  • Assimilation of data from cross-domain sources in high data volumes for cross-domain insights.
  • Access multiple data types, e.g., events, KPIs, logs, flow, configuration data, etc.
  • Capabilities for self-learning to deliver predictive, and/or prescriptive and/or if/then actionable insights.
  • Potential use as a strategic overlay that may assimilate multiple monitoring tools and other investments.
  • Integrations that can help unify stakeholders and bridge the political divides across IT and between IT and business stakeholders.
  • Support for private cloud, public cloud, SAAS, and on-premise, in one platform.
  • The ability to deliver on multiple use cases, such as business service performance and availability management, as well as integrated support for change and change impact awareness, and enabling more successful cloud migrations, resulting in greater optimizing of critical business outcomes.

An Introduction to Centerity

The Centerity AIOps Platform has a proven history in supporting business service outcomes across complex enterprise and managed service environments. Centerity is built on strong operational analytics and data mining, as well as powerful discovery, visualization, and dependency insights. Highlighted features include the following:

  • Deep and Broad Integrations: Centerity integrates with the tools and platforms that you rely upon.
  • Dynamic Service Views: Simple to understand gauges that show the service quality for each critical business service
  • Real-time Analytics:Advanced management & tactical dashboards maintain SLAs for critical processes.
  • In Context: Constant alignment between IT data and business objectives.
  • Consistent User Experience: Detect user experience degradation before your users do.
  • Traffic Analysis:Analyze bandwidth consumption and data flow; filter by application, packets, protocols, etc.
  • AI-driven Anomaly Detection: Machine learning for digital services moves the performance discipline beyond thresholds

The Centerity AIOps Platform

centerirtyaiopsplatform

Centerity’s Dynamic Service Views translate technical metrics and their impact on business services and resultant consequences.Each gauge represents the availability, performance, throughput and error rate of the entire stack of software and hardware supporting each digital business service.

Unified Dynamic Business Service Views

unifieddynamicbusinessserviceviews

When service levels degrade, Centerity provides a bird’s eye view of how the operation of each layer that supports the digital business service is impacting the overall service level.

Drill Down Into Each Layer of a Digital Business Service

Drill Down Into Each Layer of a Digital Business Service

How Centerity can help you with your Digital Transformation

Centerity helps you improve the top line business results (revenue, market share, customer satisfaction) of your digitalization transformation projects, and helps you minimize the number of disruptions and the cost and time to repair those disruptions.  By providing a holistic view of both infrastructure and business through relevant visualizations enterprises can maintain command before, during, and after the transformation.

Before the transformation:

  • Centerity automates the discovery of legacy business communication flows and ascertains application service topologies accurately, saving the time and risk associated with performing this manually.
  • Centerity pinpoints performance bottlenecks and establishes standards before the service transformation so that you can compare before and after situations, ensuring that you are fully prepared to go live successfully.
  • Centerity distinguishes traffic patterns so that you can plan your services migration steps more cost-effectively, minimizing your expense during the migration.

During the transformation:

  • Centerity highlights application behavior anomalies and detects fluctuations in the application performance, compared to history, ensuring exceptional performance from day one, keeping the project on a positive track.
  • Centerity ensures a stress-free transition by monitoring new architectures, such as micro apps, containers, and multi-cloud resources as well as their relationship with legacy architectures, such as the mainframe, distributed storage, or on-premise resources.
  • Centerity’s flexible and intuitive interface will allow your technical resources, to economically adjust legacy interfaces and build fresh ones for the migrated systems. Developing interfaces can often be an unexpected, time consuming, expensive step in the process.

After the transformation:

  • Centerity’s Dynamic Service Views for the migrated services result in IT infrastructure metrics pictured in a way business partners can understand, allowing everyone to work together efficiently in “the new world”.
  • Project costs are considerably reduced, as well as the ongoing cost of ownership thanks to Centerity’s ability to integrate virtually any infrastructure technology and third-party software tools.
  • Proactive analytics reveal valuable insights for all areas of the business, including commercial transactions, purchase tickets, point of sales performance, etc.

Summary:

Centerity should be considered before, during, and after your digital transformation project to insure you achieve your objectives at a suitable cost and effort. Learn more about Centerity at www.centerity.com.

Authors:

The following people at Centerity contributed to this paper:

John Reuben – Director of Strategic Relationships, Americas. JohnR@centerity.com

Mariano Grinfeld – Systems Engineer. MarianoG@centerity.com

Tony Kenney – Systems Engineer. TonyK@centerity.comVIEW OUR PRODUCTS