Telecom Review managed to secure an exclusive interview with Dr. Marwan Alahmadi; an industry veteran who after building and scaling Telecom and IT businesses that include launch CEO of Zain Saudi Arabia and founding CBO of the Enterprise Business at Mobily, is now aiming to disrupt the Cloud market in KSA.
In a brilliant interview, the charismatic CEO of Alkhalijiah for Consulting and Information Technology; a fast-emerging contender in the cloud space, shared his insights on how cloud computing is driving digital transformation and highlighted some of the differentiators of enterprise-grade cloud proposition versus traditional public cloud offering.
How will IT spending in Saudi Arabia evolve over the next three to five years?
Globally, IT spending has shown strong resilience over the past three years against the economic challenges that faced both the developed and developing economy. This is forecasted to reach $3.7 trillion in 2018 with a growth of over 6% when compared to 2017. When excluding communication services and consumer devices, the growth in IT spending compared to 2017 reaches as high as 8%. When putting this number into the context of GDP growth for 2018 forecasted by International Monetary Fund of 3.9%, this is by no means a small feat.
We can draw a similar albeit much healthier picture in Saudi where IT spending is expected to have a CAGR of 10% over the next three years.
However, IT spending trends in Saudi Arabia are unique and differs from global trends. For example, the mix of spending. While growth globally is slowing down on infrastructure and hardware with a CAGR of less than 1% forecasted 2018 and 2020, we are still seeing strong demand in Saudi Arabia with a similar CAGR of over 5%.
A similar comparison can be drawn on the share of software from IT spending, which is smaller than counterparts in the developed world and even worldwide. Hence, a significant increase in software spending is expected over the next three years.
What are the key drivers for the increase in spending in the Kingdom and how does this align with the National Transformation Plan and the Saudi Vision 2030?
There are many factors at play here but most prominent is the economical need underpinning the majority of IT modernization and transformation initiatives behind most of the IT projects in the Kingdom, whether in the private or public sector. Most important of which is the roadmap laid forth by the National Transformation Plan in specific and by the Saudi Vision 2030 as a whole.
The development of the IT sector is a prominent theme that transcends many of the ministerial and government entities’ strategic objectives and initiatives. This development is best captured by the NTP 2020 target of increasing the percentage of the IT industry’s contribution in the non-oil GDP from 1.12% to 2.24% by 2020.
A key objective to achieve this is to reduce the revenue leakage of the IT industry abroad by increasing the percentage of retained value of the IT industry from a baseline of 20% to a 2020 target of 40%.This, in turn, is being achieved by supporting national companies, boosting small and medium enterprises and most importantly, increasing investment in developing specialized Saudi human capital which will reduce the gap between supply and demand in the ICT sector.
We are already witnessing this through many government led fiscal and monetary stimulus being injected into the economy through the IT modernization projects under the NTP initiatives. Digital transformation, specifically plays a key role in the NTP with objectives of creating five common digital platforms across public entities and launching 29 digital initiatives in vital sectors.
The NTP also aims through this digital transformation to achieve the ambidextrous goals of increasing the effectiveness of government and public sector services while also achieving greater efficiency through the rationalization of IT investments through consolidation and eliminating duplications.
The same drivers and trends are also playing out in the private sector. Over the past three years, we have seen a greater move to increasing efficiency in IT spend through modernization projects. The big theme has been consolidation and centralization. For example, not long ago, over 60% of IT assets were in server rooms and closets.
However, today, the majority of large enterprises have invested in developing centralized small and medium-sized datacenters which bring with it considerable operating and capital savings. This trend is now evolving further as the desire for greater efficiency is driving CIOs to consider colocation and third party hosting in large and hyperscale datacenters. This is best evident in the Saudi market through the increased utilization of colocation providers over the past few years and the emergence of larger datacenter projects which are coming alive over the next three years.
However, when it comes to efficiency, there is only so much that co-location can offer you especially when considering that the largest ticket items on the CIO’s spend bill is still hardware, which is estimated at over two times the spend on software. Real efficiency here can only be achieved by adoption of cloud architecture and this is spurring the demand for this technology now. Globally, it is expected that within the next two years, cloud-based IT infrastructure spend will for the first time, outgrow the traditional on-premise hardware-centric architecture that is still dominant today.
What impact will this have on the CIO agenda and where does digital transformation fit into it?
Digital transformation is an umbrella term that describes how businesses transform their strategies, organization, processes and relationships with customers, employees and partners by adopting several emerging and established digital technologies with the end goal of achieving higher efficiency, better customer intimacy, and unlocking new value whether from innovative product and service offerings or through cross industry fertilization.
From a CIO perspective, the challenge is how to best adopt and adapt to these digital technology trends and help his organization to accelerate its maturity and achieve its digital potential. The portfolio of these technologies vary depending on which vertical the CIO is working under. It includes established technologies such as cloud, big data and analytics along with more sophisticated machine learning models that support action- based insight strategies as well as internet of things and process automation.
The term has been expanded to include other emerging technologies such as 3D printing, distributed ledgers, drones and robotics among others, which as stated, can have different degrees of impact depending on the vertical.
The adoption of these technologies vary across industry and across businesses within an industry, and follow very different curve depending on the potential of the technology for the vertical.
Established technologies such as cloud and big data - as a prelude in many cases to deeper analytics - already feature highly on most CIO top priority surveys and are aligned with the trend we are seeing in Saudi Arabia and globally. These technologies have become foundational to a digital transformation and represent the first step in the digital journey for most organizations.
However, just as these technologies are enabling CIOs to unlock new value by facilitating closer integration of their local IT systems, it is also enabling the integration and assimilation of IT systems beyond the borders of the organization. We are seeing the implementation of these digital technologies start to morph into platforms that offer greater agility and collaboration across the value chain, whether with suppliers or end customers.
A case in point is the emergence of a government cloud that stretches across all ministries and government entities. The evolution also stretches beyond the platform when one considers how these platforms now collaborate in ecosystems that work together to deliver a portfolio of heterogeneous services, but in a homogeneous experience. This all signals to the CIO that the requirements of tomorrow’s IT architecture will exceed the boundaries of his organization. Just as the internal IT silos have been amalgamated into an enterprise platform, the enterprise will also need to rethink its role within the new ecosystem it finds itself part of, and how to live in a world with blurred industry boundaries.
Why are cloud technologies one of the key forces behind digital transformation?
First, there is a direct economic incentive in the form of cost optimization. Organizations can leverage the power and performance of enterprise grade IT infrastructure without the capital expenditure of managing and controlling their own hardware. Companies that adopted cloud services experienced a 19% average increase in process efficiency, 17% reduction in IT maintenance cost and 15% reduction in IT spending.
Together, cloud benefits can lead to a 20% increase in company growth. The flexible cost structure and the ability to do more with less present a compelling argument. Agility comes in close second and it has two parts to it: scalability and innovation.
Cloud enables organizations and business to closely match the growth in demand in the market with the investment in IT infrastructure. Cloud can also be used as a platform to deliver and experiment with new services resulting in 20% average improvement in time to market. A key take here is also reducing the dependency between growth and staffing, which is a key expense for many IT organizations.
Third is security. In a cloud deployment, security is a shared responsibility. A cloud service provider offers resiliency and protection at the infrastructure and application level to minimize the risk of a breach, and can help address compliance requirements. Obviously, the cloud architecture offers other benefits such as greater mobility, collaboration, and fundamentally, it enables greener IT with a lower environmental footprint.
How is the market in Saudi responding to this growing demand for cloud services?
The market for cloud services in the Kingdom is in early growth stage. This is best evident when considering, for example, that share of public cloud service revenue is a percentage of IT spend where the percentage is only a tenth of the global average. The main challenges that impeded this growth in the past, such as regulatory requirements, CIO confidence and availability of national cloud providers, are quickly being resolved.
Three developments support our forecast. First, the introduction of government cloud as part of the NTP is acting as a catalyst nationally and triggering several large private sector enterprises to follow this footstep. Second, the CITC has taken a progressive step with the introduction of the cloud computing regulatory framework earlier this year; hence, establishing cloud computing as a viable option for government agencies, enterprises and consumers alike and boosting CIO confidence in this transition.
Finally, several global technology vendors have either signaled or are actively working on building a cloud node in the Kingdom to meet the fast-growing demand we forecast. All of this strongly indicates the tectonic shift in favor of cloud computing that we anticipate in the coming three to five years.
The majority of of CIOs in KSA are predicting that cloud will be the top investment priority to 2020. In your expert opinion, do you envisage a multi-cloud approach to be adopted by enterprises in the next few years? What are the various migration routes to cloud that CIO can consider?
Based on the projects undertaken by Alkhalijiah, the majority of cloud-based deployments in Saudi Arabia to date have revolved around private cloud deployments as well as the addition of disaster recovery and business continuity capabilities to the enterprise IT architecture. A similar picture is mirrored when assessing open bid projects in Saudi Arabia today.
This is to be expected since the former - private cloud architecture - represents the first step for the CIO to unlock the value from cloud while maintaining control of IT services, ensuring regulatory compliance and gradually building the in-house cloud capabilities. Alkhalijiah, for example, has helped a local company build one of the largest private cloud deployments globally, built on the Virtustream xStream cloud management software.
As for demand for disaster recovery, it is traditionally driven by corporate and in some cases application policies that require these systems to live beyond organizational boundaries, whether logically or physically. Public cloud spending to date has been dominated by software as a service (SaaS) applications with few organizations venturing and buying infrastructure as a service (IaaS) from local and, in some cases, global providers.
This is quickly changing, and the discussions we are having with CIOs regarding their IT and digital strategy strongly suggest that larger public hybrid and virtual private cloud deployments are very much on the agenda.
However, the migration route, when it comes to applications and workloads, will differ in Saudi Arabia when compared to how cloud adoption ramped up in developed markets. A marked shift is underway from what has been traditionally an on-demand infrastructure play to managed cloud environments.
Traditionally, cloud projects were characterized by the availability of low-cost IT infrastructure which suited project-based development including the needs of DevOps types. Public cloud providers dominated here. However, in Saudi Arabia, the driver for the acceptance of cloud by Enterprise IT extends beyond just realizing the economic benefits of cloud and demand migration without sacrificing enterprise-class qualities such as security and resiliency.
Today, CIOs enjoy a private and even on-premise architecture. The net is a shift up the stack with an increased emphasis on application availability and assurance, as well as the return of managed cloud.
Coinciding with this shift away from pure-play infrastructure and to managed cloud adoption is a change in CIO key priorities, again, as the focus shifts up the stack. IT is increasingly concerned about infrastructure modernization as what industry analysts IDC termed platform 2 to ensure core business applications realize the efficiency, resiliency, performance and agility of their cloud-native counterparts.
Application automaton plays an important role here because of the highly skilled application-specific expertise required to administer complex mission-critical application sets such as SAP. Run-time application automation not only speeds deployments, upgrades and automation (agility), but also minimizes the need for highly paid staff and reduces the costs associated with human error.
It’s more than just tuning applications and the infrastructure, however. Managed Cloud model enables operations to deliver true IT-as- a-service. To this end, managed services play an important role here in planning, guiding and augmenting resources to assist IT in navigating the change, which is more than can be offered by many of the global cloud providers.
Alkhalijiah partnered with Virtustream after studying the cloud vendor space and assessing the right platform for CIOs in Saudi Arabia that meets the need for a managed cloud offering and could deliver on the promise of enterprise grade security and resilience - not just at the infrastructure level but also at the application.
What would differentiate a service provider built on Virtustream cloud management software when competing with some of the global players in this space?
Virtustream has been ranked among the top public cloud providers by many market research firms. For example, Ovum ranked Virtustream in the same league as AWS and Microsoft when it comes to market impact in the IaaS decision matrix in 2017. Forrester classified Virtustream as a leader in the hosted private cloud wave last year.
However, the Virtustream proposition outperforms the generic global vendors on several key dimensions that are most relevant to the CIO in Saudi. The proposition offers a broad range of cloud, infrastructure, and application-managed (e.g. SAP) services delivering true consumption-based pricing built on the µVM technology with controllable fixed costs and capacity guarantees.
Another important dimensions is that it is designed for mission-critical enterprise applications from the ground up, offering greater infrastructure-level resiliency and disaster recovery (DR) designed into infrastructure. Hence, it is one of the few technology vendors that can offer guaranteed application performance SLAs.
It is also one of the few platforms that offers compliance with the global industry regulations of various verticals such as Health (HIPAA), Energy (NERC/CIP), Financial (SOC1/2), Food and Beverages (FDA, PCI) and Manufacturing (FISMA/NIST, ISO). This means that with Virtustream an organization has automated continuous compliance for applications, including SAP (e.g. FedRAMP, ITAR, HIPAA.)
The comprehensive logical and physical security offered on the platform such as Intel TXT, geo-fencing, continuous compliance monitoring and encryption is a unique differentiator compared to the generic infrastructure providers.
Finally, the Virtustream public cloud supports complex IT environments with managed services, hence, delivering on the promise of IT-as-a-Service. The unique capabilities of Virtustream have made it the go to choice for government cloud in the UK, US and other markets. For example, in the US, Virtustream is a recognized partner of SAP National Security Services (NS2). The NS2 is supporting US Government entities and private companies such as defense contractors, telecom carriers, and major financial institutions that have special information assurance and security needs.
A subtle point relates to the objectives of retaining IT revenues in the Kingdom and controlling IT value leakage. Virtustream’s business model enables local partners to capture most of the value from public cloud service revenue and facilitate the build-up of local capabilities and skills, at the same time offer the local node provider access to a global network of federated cloud providers.
What are the tradeoffs and risks associated with migration to the cloud and how can these be mitigated?
The Cloud Security Alliance has identified several barriers holding back cloud adoption. At 73% of companies, the security of data is the top concern holding back cloud projects. That’s followed by concern about regulatory compliance (38%), loss of control over IT services (38%), and knowledge and experience of both IT and business managers (34%).
As stated before, most of these challenges have been addressed in Saudi Arabia. The progressive push from the government through the NTP initiatives and platforms, the regulatory framework chartered by the CITC earlier this year and the pragmatism of CIOs in cloud migration strategy has placed Saudi in a unique position both regionally and globally to leverage public cloud offering in the near future.
Security is already a high concern on the CIO’s agenda. How will transition to a cloud architecture help address these concerns?
There is a collective understanding within the IT industry that over 90% of all cyber security breaches come as a result of human error. This was born from research by IBM in 2014 and has since been validated by many agencies. For example, according to Experian, 66 percent of data protection and privacy training professionals that were surveyed labeled their employees as the "weakest link" when attempting to safeguard their organization from cyber threats.
Moving to a hybrid-cloud or all-cloud system can help mitigate these risks and offer many advantages to organizations such as easier access to system updates and patches, real-time health and availability status monitoring, and most importantly, ability to leverage shared security responsibility to enhance security beyond one company.
Vendors usually identify and correct vulnerabilities and bug fixes in software version updates. This process is time-consuming, and can fall through the cracks. When using cloud services, the cloud service provider is responsible for the updates, which are immediately pushed down in a seamless or almost seamless way. This helps to ensure that systems remain protected against known vulnerabilities.
Another benefit is receiving an alert when, for example, a server fails. This could help avoid potential threats and the loss of critical "up" time. Cloud services can automate this task by providing real-time status accessible from anywhere and alerting that a system vulnerability has been identified.
Finally, keeping pace with threats requires expertise and capital. Cloud providers use economies of scale to enhance their solutions and provide high levels of security for their shared infrastructure. They take the burden of the risk of threats, investing money, time and resources to build and maintain highly-secure cloud platforms that benefit millions of customers. As a client, you get access to multiple layers of security at a fraction of the cost.
Through the partnership with Virtustream, Alkhalijiah is bring to Saudi Arabia a new software-as-a-service proposition, Viewtrust, which provides continuous proactive monitoring of risks across enterprise cloud and non-cloud environments to address cyber and IT operational risks.
Can you outline to us what benefits the new risk management product, Viewtrust, provides to large enterprises?
There are two key benefits to the Viewtrust proposition. First it is datacenter and cloud agnostic. This means whether your IT architecture is deployed in a datacenter on premise as application specific hardware, a private cloud or hosted in a public or hybrid cloud, Viewtrust can still be adopted and can work across application managed services, infrastructure managed services or cloud management platforms.
Second, Viewtrust is designed to address not just cyber risks, but also compliance and IT operational risks. CIOs today face a number of challenges when it comes to compliance management such as controlling compliance maintenance costs and fostering collaboration in preparation for an audit package.
Another challenge relates to risk management, and to manage asset location and identifications, and how to best understand the impact of mission risks. Finally, there is a growing need when it comes to security and risk for continuous monitoring of evolving threats and to be able to produce trending logic from multiple data feeds.
Viewtrust addresses these challenges by reducing the effort and cost of maintaining compliance while facilitating efficient and collaborative audit practices built on analytics and automation. When it comes to risk management, Viewtrust uses a standard-based framework for proactive risk management. This enables the IT department to automate risk analysis based on predefined threats and impact values, and then prioritize mitigation based on the business impact analysis.
A CIO can effectively have a 360 degree view of each asset within his enterprise, offering him both risk and vulnerability real - time monitoring even when the volume of data grows. That is why Viewtrust has been chosen by the US Defense Information Systems Agency for its Enterprise Mission Assurance Support service, for example.
What role will disaster recovery play in IT risk management and what strategies for DR are enterprises and government adopting?
Disaster recovery can be simply defined as the process and planning associated with building a data and application strategy that proactively acknowledges risk. In a sense, it is like insurance for your IT environment when risks materialize. Disaster recovery is a fundamental part of the IT risk management strategy for any CIO and is essential to business continuity.
There is growing demand for DR in Saudi Arabia, and Alkhalijiah can offer clients a holistic approach to risk management and disaster recovery that stretches beyond just offering hosting in Alkhalijiah’s DR public nodes. Alkhalijiah can offer complete risk assessments and business impact analysis, and work with clients to identify critical systems and functions, recovery time objectives and recovery point objectives cumulating in the cumulating to develop a DR recovery strategy and plan.
Alkhalijiah has partnered with both Commvault and Actifio to enrich its offering in the risk management space by including datacenter backup and recovery solutions from two partners who are both recognized as leaders and visionaries by Gartner in 2017.