IT Leaders and CIOs irrespective of regions are going through a very tough time. Challenges are manifold for them. They need to learn from each other. We spoke to Ts. Saiful Bakhtiar Osman, Head of IT – APAC, Ascent Group, Singapore, to understand his way of working and managing the challenges. Excerpt.
“We need to really work closely with the business in understanding what should be the financial implications, marketing outcome, etc. Any technology we are going to focus must be useful to the organisation. It must contribute to the overall profitability of the organization.”
Ts. Saiful Bakhtiar Osman, Head of IT – APAC, Ascent Group, Singapore
What is the trend in this finance sector as far as technology adoption is concerned?
Lately there has been a lot happening – especially in terms of the innovation and technology. But what I can say is that as the technology is evolving, we the IT leaders need to always catch up, keep up with the latest and best, so that we are not left behind. The threat landscape is also growing rapidly. It is very important for us to always be vigilant and updated in terms of the security technology that would enable us to protect our environment. All these things are coming together and happening whether it is in Malaysia or Singapore or around Asia Pacific.
The NBFCs have evolved over the years and technology has enabled the sector but has challenges too, what is your opinion?
In terms of technology, yes, we need to be prepared in every angle – especially during pandemic where the hybrid working environment was prevalent.
Traditionally people go to office but now people are working in hybrid mode. So, the basic thing is that we need to keep abreast with the latest technology. We need to make sure that all aspects of the connectivity and access to our systems is secure as the potential of thread is bigger. We need to really take care in terms of the security, authentication, and access.
I can see that most of my colleagues have a lot of PCs. They are already mobile. But in some organizations, they were not ready when they moved from work to home environment. They did not have devices which later they procured, and it is a reactive measure. But we were proactive and 100% of our workforce were ready for this and we just had to move their locations from office to home or a remote place. We added security with multi-factor authentication. We had control of reducing potential threat. During the pandemic, we allowed our workforce to access all our services only through Citrix platform.
Citrix allowed us to have the secured connectivity which solved the secure access of our servers and systems. Not only it reduced the risk but also it was easier for us to monitor and manage the productivity.
Now the pandemic is not over, what is kind of preparedness for this phase?
In terms of the preparation: the management is always given emphasis on the safety of our workforce. We already have flexy work and hybrid work policy. Since we have enabled them with technology and devices, they are able to deliver day to day activities. From our side, we need to protect all our resources and devices. So, it is very important that all the endpoint devices, PCs and laptops have the latest patches from Microsoft or other OSs and updated signatures from the antivirus providers so that our devices are protected.
Deliberate attacks from the hacker group happening and ransomware penetration is on rise. In 2021, 90% of organisation were attacked by ransomware or some sort of malware. What is your future defence strategy?
In terms of protection, we already have the tools. E-mail is the biggest entry point of attack. We need to have a good e-mail filtering so that we can filter all the spam messages, malicious e-mails, and spurious and malicious attachments. By having the filter, we ensure higher chance of protecting ourselves against the measure attacks. From what I understand is when ransomware attack happens, they enter the system and lurk for the most fragile time to infect the entire system. So, the first level of protection is protecting e-mail and second one is protecting the browser. We also have a few tools in terms of browsing protection. We also have tools in terms of isolating the attacked surface.
The browsing protection tools filter all the traffic and sends the traffic into the sandbox. This concept is very good for me because whenever there’s any malicious code or Trojan, it gets detonated in the sandbox. This practice mitigates the risk of your environment being compromised.
What about BCP?
Currently our ITDR is our BCP because we are 100% on cloud. Currently we are utilising the global footprint of our cloud which is Tensing. All our systems are in Singapore region. So just in case anything happens to our main system in Singapore region, we have additional two data centres in the same region, which is quite good in terms of availability. But in case all three goes down, instantly we will shift the workload to our system and servers in Japan region. Switching between Singapore region and Japanese region is quite instantaneous – almost zero downtime.
What new technologies are you evaluating including RPA to AI?
Currently our focus is around analytics because we are a finance technology company having Fund Solutions, Corporate Solutions and Fintech Solutions. We manage our own funds, and we are in this business for a long time. We have a pool of capable analysts. By having analytic tools, we are able to provide better reports in terms of forecasting, daily pricing, etc. Good analytics tool is very important for us as it not only helps us service our customers but also our payment partners. Using analytics we can consolidate reports into dashboard, which is easier to present to the management. We are looking at creating a dashboard for the management, whereby a single click can provide them entire view of the entire portfolio and other things of their interest..
As a senior IT Leader, what is the biggest challenge you want to mitigate for your CEO?
Personally, I think a CIO has to be an allrounder. He needs to understand the operation. We are no longer the cost centre of organisation because by leveraging the technology we enable organizations to have more profit and sustainable. So, in order to do that, we need to really work closely with the business in understanding what should be the financial implications, marketing outcome, etc. Any technology we are going to focus must be useful to the organisation. It must contribute to the overall profitability of the organization.
Human churning is happening in a big way, finding skillsets is very difficult, how do you handle the situation?
It is a big challenge in our organisation – not just to finding the right skillset but the right skillsets in the security area. We are now working with our technology partners to provide services’ experts to assist us in protection on cloud. We currently have interim solution though, but we are seriously looking at hiring an experience hand to join our team.
Any future project you are working on now?
Now we are busy in setting up new country offices. Recently we received the licence from Abu Dhabi. Next target for us is to open office in the USA. Currently we have offices across the APAC region including Australia, Japan, Mauritius, Hong Kong, China, Malaysia, India and Singapore is the HQ.
We are working on country specific regulatory compliances in our new locations. We have consolidated IT resources in Malaysia and India. From these two locations we manage all the sites.
What is your advice to the CIOs?
My advice is that “you need to work closely with the management and try to talk their language, so that whatever proposal you give is supported by them. All the proposals should be based on right risk assessment.