Software Business in the Middle East

Gitex started two days ago - it is the largest IT exhibition in the Middle East. Besides the exhibition, Datamatix Group has organized the conference to discuss different issues in IT across the region. I participated on the first day as a speaker and as a moderator. Moderator is the guy, who basically administers the day - introduces the speakers, communicates to participants to motivate them asking the questions, keeps track of time spent for each discussion, invites everybody for coffee break or lunch etc. We had two presentations that are worth talking about - in both of them speakers made very valuable points.

IT Forecast for the Next 5 Years

The first presentation was made by Ghassan Mayassi, Business Advisory Director in Oracle Middle East and Africa . He talked about predictions on different IT related issues in the Middle East. The materials he presented and the way he answered the questions showed just incredible experience in large IT projects implementation across the region. I have summarized some of the points below that are the most remarkable for me:

• Customer Service - although companies claim they wish to make improvements in their customer service, it is far away from saying that majority of companies are really ready to invest into such improvements.
• Using Information - data that companies have are underutilized. Companies do not use the information they have in their organizations to analyze it and adjust their business accordingly. Another issue is that data in many companies are not managed properly, and IT managers in business organizations would finally start working on cleaning their company data in order for the senior management to trust the information collected by the company. Otherwise the question might arise why to invest into IT if there is no way we can use the information to improve our business.
• Outsourcing - more and more companies have problems accepting the services or work done by outsourcing companies. It causes the disappointment on the result of the outsourcing work. From software development point of view it matches to what I think about outsourcing to the company you cannot control. It also matches recent news about some companies closing their offices in India. Another interesting forecast was made - India will not remain the largest country for outsourcing, as there are several other countries that get more and more outsourcing work. Examples are Egypt, Jordan, Mauritius, China, Philippines, Mexico. Interesting point is that we also have development of our project in Egypt - although it is not outsourcing, but pricing for development is attractive over there. Today I got news about Egyptian outsourcing market that confirm this prediction too.
• Remote Workers - even if you offer a very good package to your developers, they might still be not attractive to relocate to Dubai due to very high cost of living here. This note aligns with what I wrote some time back about minimum salary for software developer in Dubai. As an option, companies start looking to have people working remotely. Difference between salary and expenses might be larger in Egypt than in Dubai due to expenses over here, and so there is no special reason why to move here from your home country.
• VoIP - more and more users start using Internet Telephony and free programs like Skype. It might force traditional Phone Companies to adjust their pricing policy. I think it is specially true for UAE - prices are higher for phone calls and Internet here than in Europe. From other hand, VoIP is still not allowed here by law, but this cannot last forever.

Security Landscape Update

Mark Sunner, Chief Security Analyst from MessageLabs, made a fantastic presentation talking about statistics on spam, viruses and phishing based on the data collected by their company. The presentation was extraordinary and extra-scary as long as you see the latest trends with the security related issues. MessageLabs provides services to the customers to scan their e-mails before they land in the user inboxes. Basically, each e-mail sent to the user comes first to MessageLabs Data Centre and then it is forwarded to the customer’s inbox if it has not been recognized as spam, or no viruses found in it. Some points that I think are remarkable from Mark’s presentation:

• Statistics from MessageLabs - 71% of all e-mails are recognized as spam. Virus is found in each 72nd e-mail. Phishing attack is found in each 112th e-mail.
• Money Laundry - have you ever got a message that suggests you to buy some stock for a very cheap price? I’ve always wondered what the point is in such e-mails. What happens is that people, let’s call them bad guys, select some stocks that are not very expensive and buy them. Then they send out that spam e-mails asking everybody else to buy them too. As result, if many people buy these stocks, the price goes up. The price increases not much probably, but those bad guys are not interested in making profit on stock, they are simply want to wash dirty money. And here comes interesting point. Those who know that this e-mail is sent out trying to motivate others to buy the stocks to increase their price, they also know that price goes up, because there always be people who react on such e-mails, and they might buy it just to use the situation to make some money too on stock price raise.
• Spam - as you also might notice, the latest spam messages contain their spam text in pdf files. Pdf files are sort of standard format used in business, so many spam filters allows such e-mails to reach the users.
• Phishing - the fact that statistics of phishing attacks is almost the same as two years back, but the attacks becomes more targeted. The attacker gets personal details from public records or from social networks like LinkedIn, Xing and others. Then they send an offer via postal mail requesting additional confidential information. Or they simply attack the targeted individuals as they have their contact details with e-mail address etc.
• Malware in some cases have their own anti-virus software - something interesting. Mark pointed that in some cases malware uses cracked version of Kaspersky Lab. Malware software scans the infected computer and kills all other viruses and malware because it wants to have all resources of the infected computer for its own.
• MS Word files seem to be the most popular in using in the trojan attacks, 64% of all attacks are done using .doc files.
• Toolkits for targeted attacks - there is a way when literally everybody can buy a trojan targeted for either special purpose or special individual. The report shows that the majority of such orders are performed in Russia and Ukraine, where guys made toolkits to create such trojans. Although officials know about those guys, and those guys also know that officials know about them, there is no legal base in these countries to stop those bad guys. The targeting individual people is even worse, because it normally takes some time between new virus comes and anti-virus software gets the updates to catch the new virus. If the virus is not the massive one, then anti-virus company has a very little chance to release a new signature for catching the new virus as it will probably never reach the anti-virus lab.
• Instant Messaging (IM) - looking at MSN Messenger, Yahoo Messenger, Skype and Google Talk, it is not so attractive for bad guys to create spam or some kind of viruses for, because the target audience is relatively small. With the merge of MSN and Yahoo IM Services it might be more attractive as from one messenger you might probably reach users of another one. If it happens that Skype and Google Talk will merge their services, and then merge them further with MSN and Yahoo, it might happen that spam and virus sending will occur massively over the messengers too - something similar to what we have now with e-mails.