Being responsible for South Africa’s 19 national parks takes a lot of hard work, especially because there are severe connectivity problems in the country. Kamal Pillay, Chief Information and Technology Officer of SANParks, tells Intelligent CIO how is looking to overcome this.
Could you provide some background details about your current position at SANParks and what are the main challenges?
My responsibility is to modernise the technology at SANParks. We have a number of legacy applications that we have to modernise, and it’s not common to everybody. So that is one of the main challenges. We also have significant connectivity challenges, meaning that service providers don’t want to invest in infrastructure because it’s not worthwhile. Our priority is to try and improve the customer’s experience from a digital perspective and we are trying to improve connectivity, but with that comes the challenge of gathering data, plus there are other spin-offs like analytics.
What are some of the biggest challenges you encounter in terms of data centre/infrastructure management?
As well as data centres, we use cloud services, but again, to get to the data centre, you need connectivity. For some of the parks in the northern regions, there is reduced satellite connectivity so connecting to the parks is a challenge. But we are looking at all of our infrastructure, redesigning it and using more modern technology. For example, we’re looking at software-defined networks and have started rolling it out. My vision is to move to a connected park, so you have a ‘smart park’. We are targeting our millennial customers so when they go to the parks, they have connectivity. That is our main challenge, but it is a general problem across Africa, not just at SANParks.
How is Datacentrix – to whom you recently awarded a five-year contract for the full outsource of your network and infrastructure services across more than 100 sites – helping to address these challenges?
Datacentrix is our partner on two fronts. They have been appointed to assist us in modernising our OpenText platform. They’ve been appointed to assist us with this transition and to also help us digitise more products and identify challenges and optimise it. The second phase of the project will be to automate all of our records. So, all of our structured information will be sitting in the OpenText platform and Datacentrix takes that responsibility.
Are there any emerging trends within the infrastructure space? What would you identify as some of the key talking points?
We have been engaging with service providers and working very closely with Microsoft. We already use the Azure Cloud and will be provisioning further services. We also have an IoT implementation which works well for us. The other aspect within the infrastructure is cybersecurity, which is a high priority of ours. As a tourist visiting our parks, from the time of making the booking online to coming into our parks and having the experience, is important. So, we have to make sure that the data your data is safe.
You have provided training and development to ensure a range of cross-disciplinary teams are developed effectively. How have you put this into practice?
One of my objectives and challenges is to standardise a number of applications. We have a number of initiatives when looking at training and development. Our change of management strategy is very effective, and it is important that we get that right from the word go. Because of the remoteness of the parks, you can’t bring in a management learning system to run a YouTube video, because it’s difficult. What we do is that we engage people on an ongoing basis, and we have much more positive responses because people come and engage with you and ask questions. You also have the normal process of developing manuals. What we have learnt at SANParks is that people love to be in your face and learn and ask questions and it’s the most effective way.
What is the best way to tackle the skills shortage in IT?
We have a very active post-graduate programme in South Africa. I have trained a number of graduates and the best way is to get them into the environment so that they can work alongside you and your team and get that market experience. Getting an academic achievement is fantastic, but it has to be supplemented by work experience. Therefore, graduate programmes are very important.
Can you provide an update regarding the security compliant measures that have been implemented for credit card payments?
We work very closely with Mastercard and Visa and are currently undergoing a PCI DSS compliance to that all of our organisation is compliant. We do not store any credit card details; all payment card details go through Payment Gateway and that is why we do an annual compliance check. It’s a very tough process but it has its merits and one of my first objectives when joining SANParks was for it to be PCI compliant.
Are there any other recent implementations that you can talk about that you have been involved with?
We’re getting our customer management solution in place, and we’re working with a service provider on that. There are a number of other opportunities that we’re looking at from a modernisation perspective. We will be fully implementing Wi-Fi in all of our parks and have a really connected park. We are a public entity, so we don’t have the luxury of having all of the capital to just invest and fast-track our programmes. The OpenText implementation for us meets all of our compliance requirements.
What are the security implications when running the software?
As part of our modernisation programme, we have an outsource service provider that has established a security operation centre that looks at proactive management of our security. In any organisation, you have the risk of a hack but there are management responses to it and tasks that have to be executed daily. You can have the most modernised platform, but if you’ve got a server sitting in the corner that you don’t patch, you can get through the network quite easily. We have a very strong stance on that, and from a PCI perspective, it addresses a number of security requirements. Even the devices that we look at implementing from an infrastructure perspective are PCI compliant, so it meets all those requirements.
What do you see as some of the biggest cyber threats facing Africa?
We always ask ourselves if we’re ready from a cybersecurity perspective. You’ve got to remember though that people want data. They want access to it, and if it’s financial data, then it’s even better. Those are the common threats, but it’s not just in South Africa, it’s all over the world. If you look at where some of the security threats emanate from, it’s not from Africa, it’s from the US, the UK or Russia. But what happens is that, if you don’t have the security measures in place, you’re at risk. What it boils down to is people management and effective management of resources. It’s easy to get access to your systems, so as an organisation, it was critical that we had a security operation centre, which monitors all of our logs and it works exceptionally well.