STRATEGIC ICT PARTNER
WHERE TECHNOLOGY MEANS BUSINESS
WWW.COMPUTERNEWSME.COM ISSUE 235 | AUGUST 2011
When service matters Emirates Airlines uses technology to focus on the customer
A CLASS APART Sharjah’s American University invests in a digital future www.computernewsme.com PUBLICATION LICENSED BY IMPZ
INSIDE
Securing parameters
|
AUGUST 2011
Document management
|
Computer News Middle East
1
Manufacturing technology
BusinessOne Super Broadband up to 100 Mbps
Experience high-speed Internet with BusinessOne Super on Etisalat’s state-of-the-art fibre optic network. Call today to find out how fast your business can go.
Work faster, work smarter Call 800 5800 or visit www.etisalat.ae/businessonesuper *Offer valid till 16 September 2011
T&C apply
Subscribe now and get 1 month FREE*
Contents ISSUE 234 | AUGUST 2011
6
Filling the technology stack
8
Force 10 will build Dell’s networking stack, but the company will still rely on Brocade for Fibre Channel technology.
Raising the bar
Pallavi Sharma discusses the process of security certification, the differences between the ISMS and ADSIC standards, and the future of compliance with Dr. Angelika Plate, director of strategic security consulting at helpAG.
10 Seeing promise in public clouds
SNIA’s recent CIO survey suggests that many companies are currently using or planning to use public cloud storage offerings in North America.
12 Round-up
18
We bring you a quick round-up of IT industry news.
CASE STUDY 22 When service matters
Emirates Airlines is a regional success story of global proportions. However, its continued success relies on being able to scale adequately across all continents, maintaining a consistent quality level and customer satisfaction. That’s why it has invested in upgrading its customer call centre.
A Class Apart The American University of Sharjah is making calculated investments in the latest that technology has to offer to make its mark in the higher education sector of the Middle East.
INTERVIEW 42 Planning for the post-PC era
In the first of a two-part series, Paul Maritz, CEO of VMware, talks about how virtualisation is one piece of the platform VMware intends to offer a mobile, cloud-enabled world.
FEATURES 24 Securing parameters
As our society mobilises and more individuals use smart devices to access corporate data, cyber criminals are developing more sophisticated malware that operates at faster speeds. CNME reports on how attack methods are changing and how security strategies need to evolve to keep up.
30 Record running
Document management systems (DMS) run the real danger of losing significance in the increasing noise around data lifecycle management solutions. However, if the need is true, organisations can benefit from DMS investments that can serve as the first step to comprehensive information handling.
36 Capital scope
When it comes to embracing cutting edge technology to enhance business processes, beat the competitor and please the customer, the manufacturing industry in the Middle East appears to be near the head of the pack. Pallavi Sharma discovers the specific need for these investments and the road that lies ahead.
INSIGHT 48 Learning from cloud outages
Sending your IT business to the cloud comes with a risk, as those affected by these 10 colossal cloud outages can attest.
52 Vacation interruptus
54
Planning on taking a vacation this summer? If you’re a tech manager, you may find yourself with unwanted baggage-guilt and anxiety over the status of your job. Here’s how not to let a tech crisis ruin a getaway.
Last Word
A look at what major events await you, what we’re reading, and a sneak peek at the contents of the next issue of CNME.
EDITORIAL
Where are all the cowboys?
Publisher Dominic De Sousa COO Nadeem Hood
Sathya Mithra Ashok Senior Editor Talk to us: E-mail: sathya@cpidubai.com Twitter: @computernewsme Facebook: www.facebook.com/ computernewsme
How does one become an entrepreneur? What sets an entrepreneur apart from anybody else? How does the entrepreneurial spirit take over an entire community of people to drive innovation across an industry, Silicon-valley like? And what does it take to bring all these elements together to make it a success? These are the questions that I have been mulling over the past month. It has always bothered me that the Middle East region remains relatively low on the scale when it comes to real small IT start-ups that sport product innovation. While we have been very good with services, and our end-user implementations of the latest in technology are top-of-the-rung, we do lack in small firms that do pure product development. There are several factors to this. There is the fact that such innovation demands long term capital commitment (apart from other resources) to R&D, along with an extended gestation period from development, to launch. Then there is the entire marketing effort to convince customers to buy into the product. And the cycle never really ends - you keep customising, keep changing and hope that every version is as much a success (or better than its predecessor). To really invest all that time, energy and funds, an entrepreneur needs one defining, driving idea that he/she believes will give him dividends over time. And it also helps if there is a supportive VC environment that can eventually provide some of the funds and take on some of the risks involved. However, in today’s environment, where everyone is looking for instant gratification, most entrepreneurs are driven to existing business ideas that have been proven to provide returns in a faster time. This would mean services, value addition to existing products, distribution and other complementary services to existing brand-value solutions. Can we change this? Can we actually foster an environment to help entrepreneurs with that game-changing idea to bring new ideas to the market? Can the Middle East be the platform for a next-generation Silicon Valley? Write to me (sathya@cpidubai.com) with your thoughts on entrepreneurship. Meanwhile, don’t forget to register for Cloud Congress 2011 at www. cloudcongressme.com. If you are an end-user who is thinking of or has already experimented with cloud technologies, and wants to talk about it to your peers, write to me (sathya@cpidubai.com) and we can find you a speaking slot at the conference. Happy reading and Ramadan Kareem to everyone.
Managing Director Richard Judd richard@cpidubai.com +971 4 4490126 Editorial Dave Reeder dave@cpidubai.com +971 4 4409106 Senior Editor Sathya Mithra Ashok sathya@cpidubai.com +971 4 4409111 Sub-Editor Pallavi Sharma pallavi@cpidubai.com +971 4 4409103
Circulation Database and Circulation Manager Rajeesh M rajeesh@cpidubai.com +971 4 4409147
Production and Design Production Manager James P Tharian james@cpidubai.com +971 4 4409146 Art Director Kamil Roxas kamil@cpidubai.com +971 4 4409112 Designer Analou Balbero analou@cpidubai.com +971 4 4409104 Photographer Cris Mejorada cris@cpidubai.com +971 4 4409108
DIGITAL SERVICES Digital Services Manager Tristan Troy P Maagma Web Developers Jerus King Bation Erik Briones Jefferson de Joya Louie Alma online@cpidubai.com +971 4 440 9100 Published by
1013 Centre Road, New Castle County, Wilmington, Delaware, USA Branch Office PO Box 13700 Dubai, UAE
STRATEGIC ICT PARTNER
WHERE TECHNOLOGY MEANS BUSINESS
WWW.COMPUTERNEWSME.COM ISSUE 235 | AUGUST 2011
Tel: +971 4 440 9100 Fax: +971 4 447 2409 Printed by United Printing & Publishing Regional partner of
If you’d like to receive your own copy of CNME every month, log on and request a subscription: www.computernewsme.com
When service matters Emirates Airlines uses technology to focus on the customer
A CLASS APART Sharjah’s American University invests in a digital future www.computernewsme.com pUBLICATION LICENSED BY IMpZ
INSIDE
SECURING pARAMETERS
|
AUGUST 2011
DOCUMENT MANAGEMENT
|
Computer News Middle East
1
MANUfACTURING TECHNOLOGY
© Copyright 2011 CPI All rights reserved While the publishers have made every effort to ensure the accuracy of all information in this magazine, they will not be held responsible for any errors therein.
ANALYSIS month in view
Filling the technology stack Force 10 will build Dell’s networking stack, but the company will still rely on Brocade for Fibre Channel technology.
D
ell’s acquisition of Force10 Networks will fill a critical networking hole as the company buys its way into building an integrated technology stack for data centres, analysts have pointed out. System vendors such as Hewlett-Packard, Cisco and IBM have been rounding out hardware to deliver a more end-to-end data centre package, and, analysts believe, Dell is moving in that direction as well. Dell offers servers, storage and services, and acquiring Force10 Networks would provide it with networking technology that could help the company offer an integrated hardware stack to automate the deployment of systems in data centres. Dell has acquired multiple companies to build out more end-to-end products, analysts said. Among the dozens of companies acquired in recent years, the key
acquisitions include services company Perot Systems, storage companies EqualLogic and Compellent and security company SecureWorks. Additionally, the company is already building data centres in multiple countries to host cloud applications and is also opening research centres for cloud reference architectures. “Dell has clearly said they want to have some intellectual property on the internal side,” said Cindy Borovick, research VP for IDC’s enterprise communications and data centre networks. “The question is: Do you build versus buy?” “By integrating the hardware stack, Dell wants to automate deployment and configuration of systems in data centres,” said Dario Zamarian, VP and GM of networking at Dell. Automation will help customers build data centres quicker and reduce manual processes in maintaining data centres.
Dell has said it is looking to offer cloud and security services, and is increasing its focus on managing data movement between the cloud and storage systems. But Dell will have to contend with heavyweights like HP and IBM, which started integrating servers, storage and networking technologies years ahead of Dell. HP last year filled its networking portfolio when it acquired 3Com in April for US$2.7 billion”
6
Computer News Middle East
AUGUST 2011
www.computernewsme.com
“Dell already offers networking products through its PowerConnect line, and Force10’s switches and routers would be complementary,” Zamarian said. Force10 also brings product design capabilities and an open operating system that could help Dell improve its networking products. “Dell also offers networking products such as switches from partners like Brocade and Cisco, and there may be product overlap in some cases,” Zamarian said. “The company will continue its relationship with Brocade though the nature of the relationship may “change in some dimensions,” he added.
HP works mostly with proprietary technology, and Dell is trying to provide open technology so its products work with multiple brands, which provides customers with flexibility
“One advantage with Force10 is its open architecture, and its FTOS OS used in Force10 products can be easily customised,” Borovick said. According to her, Dell can quickly adapt FTOS to deliver prepacked products to customers, who can then further customise the OS depending on their system and network configurations. “Dell will have to maintain a relationship with Brocade for Fibre Channel networking technology, for which Dell doesn’t yet have its own intellectual property,” she said. She pointed out that though Dell may be done acquiring
networking companies for now, it could look into buying application intelligence or security companies to boost the networking portfolio. Force10 is a relatively small company and had just a 2% share in the data centre market in the first half of 2011, behind Cisco, HP, Brocade and Juniper, according to IDC. “Force10 provides Dell ammunition to go after midmarket companies, but also fills out data centre pieces as it moves upstream to get larger and richer services deals,” said Greg Richardson, an analyst at Technology www.computernewsme.com
Business Research. By showcasing technologies through midmarket contracts, Dell is warming up to larger services contracts in enterprises. “Force 10 brings in the artillery to go after [more deals],” Richardson said. Dell has said it is looking to offer cloud and security services, and also is increasing its focus on managing data movement between the cloud and storage systems. But Dell will have to contend with heavyweights like HP and IBM, which started integrating servers, storage and networking technologies years ahead of Dell. HP last year filled its networking portfolio when it acquired 3Com in April for US$2.7 billion. “Dell is playing on a smaller scale as compared to HP,” said Charles King, principal analyst at Pund-IT. But at some point he predicts that the competitors will butt heads when seeking customers. “HP is being aggressive with converged solutions. The challenge is for Dell to make an effective pitch,” King said. “HP works mostly with proprietary technology, and Dell is trying to provide open technology so its products work with multiple brands, which provides customers with flexibility,” King said. But Dell’s integrated products may become a priority, which could affect relationships with partners such as Brocade and Cisco. “However, compared to HP, Dell is paying a lesser price for acquiring competitive technology,” he said. Dell and HP went on a bidding war last year for storage company 3PAR, which HP ultimately bought for $2.35 billion. Dell earlier this year paid $800 million to buy storage company Compellent, which was once a 3PAR competitor. “Dell’s been extremely savvy when it comes to acquiring companies at very competitive prices,” King said. “That’s another difference in what Dell and HP are doing.” AUGUST 2011
Computer News Middle East
7
ANALYSIS month in view
Raising the bar Now more than ever organisations are beginning to understand the need to certify their information security management systems. Pallavi Sharma discusses the process of certification, difference between the ISMS and ADSIC standards and the future of compliance with Dr. Angelika Plate, director of strategic security consulting at helpAG.
I
n an unsafe IT world companies are required to align their information security strategies with international regulations, standards and best practices when collaborating with business partners around the world. The need to comply with regulatory compliance standards like ISO 27001 and ADSIC is a significant driver for the predicted growth in the security software market across the globe. According to Dr. Angelika Plate, director of strategic security consulting at helpAG, “Organisations should think about the frequency of recent attacks and the sophistication with which these were conducted. They should think about Sony and RSA and other organisations that are suffering and understand the need and the benefits associated with security certification and compliance.” According to experts, the objective of regulatory compliance standards is to provide organisations with a common basis for maintaining information security, and this is particularly important where organisations wish to inter-connect electronically. Dr.Plate points out that the certification of an organisation’s information security management system (ISMS) is one means of providing assurance that the organisation has implemented a system for the management of information security in line with international standards. This also serves as a foundation for international trade. “Other benefits of certification for organisations include improved credibility and enhanced customer confidence, reduced need for multiple assessments and an opportunity for better monitoring of security applications through regular audits,” Plate adds. When dealing with a certified organisation, customers are reassured 8
Computer News Middle East
AUGUST 2011
Dr. Angelika Plate, Director of Strategic Security Consulting at helpAG
to define the scope for certification within their organisation. To be able to efficiently define the scope for certification it is essential that decision makers recognise the need to invest in the certification process.” The next step then is to think about where exactly the organisation sits based on a comparison across the controls and requirements from compliance standards. “Normally, organisations don’t just start from a blank slate, and the idea here is to encourage the ability to reuse all the work that they have done in the past. We want organisations to have to make as little change as possible but as much as necessary,” explains Plate. Risk assessment follows once the organisation has defined the areas of improvement based on the gap analysis
They should think about Sony and RSA and other organisations that are suffering and understand the need and the benefits associated with security certification and compliance” about the fact that the organisation has made the necessary investments to protect their information. In other words, they don’t feel the need to question the said organisation’s security policies. According to professionals, this is because compliance takes into account regular surveillance and audits of security standards to ensure that the requirements are maintained in the long run. Dr. Plate recommends that organisations identify the need for certification before embarking on the project, “The ISMS standards give decision makers the flexibility www.computernewsme.com
described earlier. “Businesses must then look into their assets and how they are placed. They must study how these assets may be affected in case of a security malfunction or breach, and also assess the likelihood of this happening. Based on this analysis, they can define a set of risks they are most vulnerable to and are most likely to face,” she adds. Naturally the next step is to think about what steps can be taken to protect organisations from these risks. Dr. Plate adds, “It is perfectly acceptable by the ISMS standards that an organisation accepts
certain risks because it may just be that they can do nothing about it.” She explains this further with a situation where an organisation with relatively poor physical security made minor investments to improve the lags. “They didn’t see any point in investing heavily in reshaping physical security entirely because they intended to move the premises to another location in a few months anyway.” The most important thing, according to Plate, is to understand that the overall idea of an information security system certification is independent of type, size or nature of the organisation. This is to ensure that the
standards remain comparable across all organisations that process information. However, there can be some notable industry specific inclusions. Addressing the challenges associated with the certification process, Dr. Plate says, “I think when it comes to certification, getting management support is one of the major challenges that organisations face. Without management commitment and support the project will not work, and if you don’t have that don’t even start.” She also points out that getting certified is not necessarily a hurdle, but maintaining the standards set down by the compliance regulations is. “Organisations are often enthusiastic when registering for certification but their ability to maintain the standard lapses with time. That message is sometimes very difficult to convey. It takes years to maintain these standards,” she explains. According to Dr. Plate, the recently compiled Abu Dhabi Systems and Information Centre (ADSIC) standards are not very different from the ISMS standards, in that the standards are a combination of the ISO 27001, ISO 27002 and other sources. “ADSIC and ISMS standards both require risk assessment, risk treatment and control implementation, in that the control guidelines across both these standards are quite similar with minor differences. Organisations can get certified across both standards,” she adds. However, the interpretation of these requirements is slightly different across the two compliance standards. “Where ADSIC concentrates on the technical side, ISMS concentrates on the managerial side. I think in the ideal world both should come together,” says Dr. Plate.
For those interested in getting involved in the process of establishing information security management standards, Dr. Plate informs us that a national committee has recently been formed in the UAE. Dr. Plate adds that involvement within the national committee will facilitate involvement in international standardisation. “This committee is managed by aeCERT,” she says. She believes that the region follows the same cycle in the adoption of compliance standards and certification as Europe did initially. “It takes time to build the understanding and the knowledge that security is not just a technical solution. So I think the realisation that security certification is needed is still growing in the region. Information security is a young subject and still needs to grow,” she adds. International Standards Organisation (ISO) is now working on developing a new compliance standard that focuses on a set of guidelines encompassing all management systems, from quality management down to food security management. Dr. Plate predicts that these standards will have an immense impact on the existing management systems. “They will combine all the management systems operating within an organisation. The revisions to the ISO 27001 standards are expected to be complete by 2013, and the ISO 27002 revisions may take just a little longer than that,” she adds. She also shed light on a new standard being developed that will focus on information security controls for the use of cloud computing services based on the ISO 27002 standard. The standard is currently in the “study period” and progress on it will be based on the decisions made at the end of this period.
Modern Malicious Malware Protection helpAG and CNME will jointly be conducting a roundtable on Modern Malicious Malware Protection on the 14th of September 2011. The event will
bring together prominent CIOs and IT decision makers from the banking and finance sector to discuss modern-day threats and the best ways to deal with
www.computernewsme.com
them. For further details on the event, and to register for the same, please visit www.computernewsme.com/ms/ helpag/index.html
AUGUST 2011
Computer News Middle East
9
ANALYSIS month in view
Seeing promise in public clouds SNIA’s recent survey suggests that many companies are currently using or planning to use public cloud storage offerings in North America.
T
hree quarters of companies are either currently using or plan on using public cloud storage offerings. What’s more, all organisations with more than 500 employees are using or planning the use of public cloud storage, mostly for e-mail, data protection and front-office applications like CRM, especially SaaS-based CRM solutions such as Salesforce.com.
10
Computer News Middle East
AUGUST 2011
That’s the upshot of a recent survey of 133 CIOs/CTOs and their operations staff in North America conducted by SNIA (Storage Networking Industry Association) and industry analyst firm, Storage Strategies NOW. The survey paints a picture of a technology that’s poised for takeoff – if providers can overcome user apprehension over two big concerns: security and performance. www.computernewsme.com
Anand Kapoor, VP of technology of WNS Global Services, a business process outsourcing firm in Mumbai, India, puts it this way. “Generally you see two sets of early adopters: smaller enterprises and SMBs that cannot afford the redundancy that an enterprise-class infrastructure would cost, and larger enterprises that need rapidly scaling infrastructure that is managed by organisations with core competencies related to storage,” says Kapoor. In a way, public cloud storage is like any outsourcing decision. Companies are faced with ever increasing storage requirements, many of which imply permanent retention of archives. So is it better to leave long-
term storage management for generic applications like e-mail and CRM to external organisations whose primary business is providing those services, leaving IT more time to focus on critical business applications. Clearly, many CIOs and CTOs believe it is, as per the report. Cloud access appliance manufacturer Nasuni’s CEO, Andres Rodriguez, likens public cloud storage to an electric utility. “You wouldn’t try to build and manage a power generation station in your back yard, so why try to recreate the economies of scale that the cloud storage provider has available?” he asks. “Speed of deployment is another issue,” says Hisam Ahmad, global head of architecture and engineering for T-Systems, a hosting service provider in Bonn, Germany, which uses as well as provides cloud storage access. “It takes time for an IT organisation to plan for increased data centre infrastructure, find a vendor and finance a storage acquisition, and then it has to wait months for installation,” he says. “We are seeing end-user organisations going around IT and directly contracting cloud storage and using it within days if not hours,” he adds. With many good reasons to deploy public cloud storage, what’s the downside? Fear of security breach, loss of control and access to critical data are major concerns, according to the SNIA/SSG-NOW study. Perpetuating these issues is the lack of a standard for public cloud data interchange. Each provider has its own version of an HTTP command structure that is foreign to existing applications. Modifying existing applications to use a proprietary public cloud is not feasible, so this relegates public cloud to only those applications that are already cloud ready. SaaS providers and Microsoft, for its Exchange email offering, have transparent interchanges developed and massively deployed, for example. Likewise, data protection and disaster recovery products that have a public cloud interface are available from a number of popular vendors and cloud service providers such as Nasuni and TwinStrata. WNS Global is addressing the security issue, according to Kapoor. “At WNS, our
primary concern is the security of data. All customers are segregated first at the network level and then, using technologies such as Multi-stor, we make sure there is complete segregation at the storage level,” he says. “As a result there is no part of the infrastructure that overlaps between customers.” So what will it take to make cloud storage viable for applications beyond e-mail, CRM and data protection? The answer is simple: cheap bandwidth. As tablets and smart phones become everyday business tools, new applications in many organisations will embrace browserbased HTTP application interfaces to primary storage. As more of these devices
(Cloud Data Management Interface) standard. This support notwithstanding, it is our opinion that the work being done by the Open Stack interest group – supported by Dell, Rackspace, NASA, Citrix, Cisco, Canonical and over 50 other organisations – will deliver the most useable interface code the soonest, offering a de facto standard that is likely to precede ISO standard adoption by years. The code can be obtained under the Apache 2.0 open source license. Short of widespread adoption of a standard set of interfaces, cloud storage users have access to a number of virtual and physical appliances to connect their existing
As tablets and smart phones become everyday business tools, new applications in many organisations will embrace browser-based HTTP application interfaces to primary storage. As more of these devices are deployed in business-critical applications served up over the Web, in a way, cloud storage automatically becomes primary storage, particularly if the storage is not maintained on the local device” are deployed in business-critical applications served up over the Web, in a way, cloud storage automatically becomes primary storage, particularly if the storage is not maintained on the local device. This is a good thing, until you run out of bandwidth. SSG-NOW is involved with a number of companies that are working at various levels within the TCP/IP infrastructure and it is our opinion that there is plenty of headroom in the existing and developing network infrastructure to handle the increased loads that the new generation of client devices will require. In addition to bandwidth, respondents to the SNIA/SSG-NOW survey were adamant that standards development is essential. Nearly four out of five respondents (78%) indicated that standards were either very important (47%) or important (31%) to their future deployment. The greatest support (53%) was for the SNIA CDMI www.computernewsme.com
systems using block storage or file storage interfaces. These provide several advantages. First, the appliance provides an interface to cloud storage; treating it is like any block or file storage system. Second, an appliance that provides a transparent interface to a number of cloud service providers is an insurance policy against either technical or contractual difficulties with a service provider. This has been referred to as the Hotel California syndrome - you can check out but you can never leave. Finally, these appliances offer WAN acceleration features like compression and network flow optimisations that address the bandwidth cost issue. With increased pressure to provide more storage at lower or similar capital and operating expenses, the catalyst to adopt a public cloud strategy will continue to increase adoption across organisations of all sizes. AUGUST 2011
Computer News Middle East
11
ROUND-UP month in view
Nominations open for ICT Achievement Awards 2011
Leading regional enterprise IT magazine CNME (Computer News ME) has announced that it is accepting nominations for the second annual ICT Achievement Awards 2011. CNME and its publisher CPI are again ready to honour exemplary ICT deployments, vendors/solutions and end-users from across the region. The Awards will be presented to deserving nominees across 20 categories at a gala dinner function, which will be conducted
in Dubai on the 9th of October 2011, the first day of GITEX Technology Week. The ICT Achievement Awards event this year will seek to outdo the success of last year’s event, which was attended by a 480 strong audience comprising CIOs, IT directors, IT managers and other senior IT decision makers, along with systems integrators, service providers, prominent vendors and other major industry stakeholders from across the region.
Like last year, this year’s ICT Achievement Awards will recognise outstanding performance across different categories, including various verticals from healthcare and hospitality to government and banking, covering end-users, deployments and vendors. “CNME’s ICT Achievement Awards 2011 is a platform not just to highlight the region’s best in the industry, but to also bring to the world’s attention the trendsetting projects being undertaken in the Middle East. Last year we received over 230 nominations across the 20 different categories. This year, we have changed a few categories and added other new ones. Key among these is the Future CIO Award, which will go to the most promising talent from IT mid-management or even from among the student base of the region,” explained Sathya Mithra Ashok, Senior Editor of CNME. Winners across the 20 categories will be chosen by an expert judging panel, comprising end-users, consultants, analysts and other unbiased industry observers. To nominate, register for the evening function, and for other details related to the event, please visit www.computernewsme. com/ictachievementawards2011
CIO Bahrain deploys EMC cloud services Kingdom of Bahrain’s Central Informatics Organisation (CIO) has selected EMC to complete a project involving consolidation and virtualisation, the starting point of its journey to cloud computing. The implementation is intended to result in a raft of benefits including, the unification of the government’s IT infrastructure, scalability for future applications and growth, enhanced security and the real ability to offer IT as a service. The new storage infrastructure, built by EMC, is designed to provide CIO with efficient utilisation of storage, while dramatically minimising management, costs and future investment. 12
Computer News Middle East
AUGUST 2011
The project comprises a new EMC family of unified storage, with improved capacity for each site to meet application and business SLAs. should be “EMC VNX is fully optimised for virtual applications, designed with the latest Intel multi-core processor technology. Additionally, EMC RecoverPoint will be implemented as a major replication component between the CIO’s two data centres (also including EMC storage and provisioning software) which will enable the CIO team to manage this virtualised environment. “At CIO, we believe in the vital importance of the use and exchange of information and our vision is to provide citizens with accurate and timely information and services. EMC is our ideal partner, and its storage solutions will www.computernewsme.com
add efficiency, agility and scalability to our IT infrastructure while allowing us to maintain control and ensure security of our data,” said Shaikh Salman Mohammed AlKhalifa, director general of IT at CIO. “To manage and secure its vast amount of information, CIO needs a storage infrastructure that is efficient, smart and secure. We are positive that the new infrastructure will enable CIO to start providing real improvements and benefits to all involved and continue the journey to the cloud, offering cloud services for the Bahraini government and improving its performance, in order to meet the growth of Bahrain IT services”, said Habib Mahakian, regional director, North Gulf, Levant and Pakistan area, EMC.
circle-line.eu
Acer recommends Windows® 7.
PC or Tablet? Choose both. • Genuine Windows® 7 Home Premium • 10.1” LED-backlit LCD display (1280x800) • 2GB DDR3 RAM, 32GB SSD • Dual 1.3 MP webcam with AV recording • WI-FI & Bluetooth 3.0 • Optional full size Keyboard Docking station • Simple social networking with Acer SocialJogger • Complete your new PC. Buy Microsoft® Office 2010
Life is full of choices: work or play, home or away, touch or type, accept or ignore. Why choose and get just half the experience?
Complete your PC
Complete your PC
Windows® 7. Your PC, simplified
Discover the new Iconia Tab W500 at your nearest computer superstore. Acer and the Acer logo are registered trademarks of Acer Incorporated. Copyright 2011 Acer Inc. All rights reserved. Microsoft, Windows and the Windows logo are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Other names and brands may be claimed as the property of others. Specifications subject to change without notice. Pictures are intended simply to illustrate the product.
ROUND-UP month in view
Sharjah government chooses IBM for e-services portal Sharjah Directorate of Information and e-Government has selected global vendor IBM to implement an electronic government portal. According to the company, the new services portal will enable Sharjah’s citizens, businesses, and government bodies to interact with government agencies 24 hours a day, 7 days a week. The portal will also offer rich informational content to individuals (citizens, expats, and visitors) and businesses operating within the emirate of Sharjah regarding the activities, service offerings, and major events of the various Sharjah Government departments. With the new solution, multiple user categories including individuals, as well as large and small enterprise owners and government bodies will be able to benefit from the use of online e-services available on the portal. The solution will be built on IBM WebSphere Portal Software and IBM pSeries Hardware, as well as IBM storage solutions, the entity said. IBM consultants will implement the project working with a team from the Sharjah department of Information and e-Government. IBM will draw on the innovative technology and expertise employed in many other e-government implementations both in the Middle East and across the world.
The programme is part of a growing trend by governments to use technology to re-orient their structures to better serve citizens. By consolidating information, providing more effective online resources, governments are improving information sharing and collaboration for the benefit of both citizens and government. “The Sharjah leadership recognises the importance of constant development, especially in the field of technology, in order to benefit our citizens”, said Sheikh Khalid Bin Ahmed Al Qassimi, executive director of Sharjah Directorate of Information and e-Government. “We have always recognised the benefits of drawing on the expertise and innovation of companies like IBM in order to draw on the latest technology to achieve our goals for growth.” The third largest emirate in the UAE, Sharjah is home to nearly one million people and is also known as the region’s cultural capital. The project is part of the government’s strategy to enhance the efficiency and the quality of the services offered to citizens. “We aim to provide a secure and integrated electronic information gateway in the emirate of Sharjah to offer e-services to individuals, companies and other governmental agencies,” said engineer Ohoud Ali Shehail, director of e-Government, Sharjah.
“This project is significant because of what it will deliver to the people of Sharjah, simplifying their dealings with government agencies and increasing overall efficiency,” said Amr Refaat, GM, IBM Middle East. “This is among the best use of technology, and it underscores IBM’s commitment to support the Sharjah government in further realising its vision of a smarter government.” The government of Sharjah joins more than 600 organisations worldwide that IBM has worked with to help make the smarter planet vision a reality. The agreement was signed in the second quarter of 2011.
CFOs reigning over IT investments: Gartner In an increasing number of organisations, it’s not the CIO who’s deciding which IT projects should get funding — it’s the chief financial officer. A recent survey of 344 senior financial executives by Gartner and two financial management associations found that CFOs “authorised” 26% of IT investments. The survey also showed that 42% of IT organisations report to the CFO, and 33% to the CEO. 14
Computer News Middle East
AUGUST 2011
In a warning shot to CIOs, only 30% of the CFO respondents said they believe that IT provides clear business benefits, and only 32% said that they view the CIO as a “strategic partner.” “The study’s message is that IT needs to get much closer to business. Otherwise, what you are going to see is more of the control being taken away from CIOs,” said Gartner analyst John Van Decker. www.computernewsme.com
Van Decker acknowledged that the survey reflects the significant bias of CFOs and their differing view on what’s occurring in their organisations. Van Decker said,”The CIO’s job won’t disappear, but it could erode. If CIOs don’t become more businessoriented, business units will go off and do their own thing and involve IT at a minimum.”
Introducing Server room in a box
APC rackbased cooling draws in hot air from the rear, at its source, and then sends conditioned air out the front, ready to be used by adjoining racks.
APC integrated cooling future-proofs your IT room without breaking the bank Is your server room a barrier to adopting new technologies? Consolidation, virtualization, network convergence, blade servers — these new technologies improve efficiency, cut costs, and allow you to ‘do more with less.’ But they also bring high-density power, cooling, and management challenges that server rooms were never designed to handle. You’re relying on guesswork, depending on building air conditioning, or improvising remedies. So, how can you increase the level of reliability and control in your server room without spending a fortune? Introducing the APC by Schneider Electric™ total server room solution Now you can get power, cooling, monitoring, and management components that easily deploy together as a complete, integrated solution. Everything has been pre-engineered to work together and integrate seamlessly with your existing equipment. Just slide this proven, plug-and-play solution into most existing spaces — there’s no need for confusing cooling configurations or expensive mechanical re-engineering. The modular, 'pay as you grow' design lets you be 100% confident that your server room will keep pace with everchanging demands. Future-proof your server room easily, cost-effectively
If you have dedicated IT space . . . Get pre-validated, highdensity cooling as a single offering. APC InRow SC System combines an InRow SC precision cooling unit (up to 7kW capacity), NetShelter SX rack enclosure, and rack air containment system.
If you don’t . . . Introducing the NetShelter CX: portable server cabinets, with extreme noise reduction, designed for office environments.
APC takes the hassle out of configuring server rooms. Self-contained InRow™ cooling units, high-density NetShelter™ enclosures, and the APC rack air containment system combine to create a proper IT ecosystem in almost any environment. Rack-level monitoring sensors, intelligent controls built into the cooling unit, and integrated management software provide complete remote control and unprecedented visibility into the entire system. Simply add power protection (such as undisputed best-in-class Smart-UPS™ or Symmetra™ units) and you have a total solution for today, tomorrow, and beyond.
These solutions integrate power, cooling, and management in a secure, quiet, cooled enclosure that’s indistinguishable from other office furniture.
Download the White Paper, ‘Cooling Strategies for IT Wiring Closets and Small Rooms’, and get a chance to WIN a Lenovo® all-in-one touch screen PC! Visit www.apc.com/promo Key Code 89344t Call +9714 7099690 (Arabic) / +9714 7099691 (English) • Fax +9714 7099650 ©2011 Schneider Electric. All Rights Reserved. Schneider Electric, APC, InRow, NetShelter, Smart-UPS, and Symmetra are trademarks owned by Schneider Electric Industries SAS or its affiliated companies. All other trademarks are property of their respective owners. APC Middle East, PO Box – 53852, Dubai, United Arab Emirates • 998-2029_A4_GB
ROUND-UP month in view
Arab National Bank uses APC to build data centre Arab National Bank (ANB) in the Kingdom of Saudi Arabia has recently installed a Tier 3+ dark data centre by APC by Schneider Electric, a critical power and cooling services provider. The data centre is a strategic implementation, that must essentially support all mission critical applications and the IT infrastructure for clients of the bank. Kumail Dehradunwala, head of IT, ANB said, “At ANB, we are a true 24/7 financial institution, offering complete financial services to both our private and business customers. Our IT department manages key network components such as desktop computers and associated peripherals, servers and telephone systems.” “If our systems fail at any time, the consequences could be catastrophic and very costly. That’s why maintaining network uptime, is critical to the company’s success and directly impacts the return that our clients receive”. The new mission critical data centre supports ANB’s core banking system, numerous other critical financial applications as well as the main communication equipment and other essential data related services, ANB said. The purpose of the new dark data centre was to host all the services provided to ANB branches, Telemoney Centres, ATMs and
ANB customer services. ANB has around 900 ATMs, 178 branches, 78 Telemoney Centres and 5000 PCs kingdom-wide. “APC by Schneider Electric’s HACS (Hot Air Containment Systems) technology is truly provides much better efficiency for high density blade servers and helps eliminate hot spots to deliver long term scalability. The InfraStruXure Central management software’s ease of management, failure alerts and integration with the BMS solution helped seal the deal. APC’s reputation for reliability and the commitment from the local team also factored into our purchase decision” Dehradunwala explained. The installation consists of the extremely efficient InRow Cooling architecture with
HACS technology. Intelligent rack systems for better environmental monitoring and the highest level of security using rack access control and the ever reliable Netbotz cameras were also deployed. The installation of APC’s InfraStruXure Central, a monitoring system which collects, organises and distributes critical alerts, from anywhere on the network completed the entire solution. “The new ANB dark data centre has been built with long-term vision and a cost efficiency model quality, reliability, green practices and customer satisfaction. PUE (Power Usage Effectiveness) and Capacity and Change Manager implementation as the next step will complete the picture’’, concluded Dehradunwala. Mahmoud Al Husseini, VP of Saudi Business Machines (SBM) said, “We are very pleased to be associated with a project of this stature in the financial sector. APC’s solutions are unique due to the fact that their technology innovations are coupled with sound ROI business models, which was a key factor for SBM to tie up with APC’’. Additional solutions include Schneider Electric’s range of low voltage switchboards, Prisma Plus with stateof-the-art range of molded case and air circuit breakers, allowing continuity of service at all time, which is critical for such an installation.
CIOs believe desktop virtualisation remains risky: Ovum Research firm Ovum has released a new report into the perception CIOs have of desktop virtualisation. Ovum principal analyst Roy Illsley said, “desktop virtualisation can go a long way towards alleviating the pressure of PC maintenance costs, end-user flexibility and the proliferation of mobile devices for CIOs; however, the move away from business PCs towards desktop virtualisation has been hampered by a fragmented market”. “The general view is that as the market is relatively immature,” Illsley 16
Computer News Middle East
AUGUST 2011
said, “selecting the correct technology represents a significant risk because nobody wants to invest in the Betamax of the Desktop virtualisation world.” Ovum’s research indicates desktop virtualisation represents about 15% of the business PC market, but this figure is dominated by the traditional terminal services model (12%) and has been for the past decade. The new generation of virtual desktop infrastructure (VDI) technologies from vendors like VMware, Citrix, and Microsoft www.computernewsme.com
have less then 3% of the market, indicating that many CIOs are holding back on full virtual desktops. According to Ovum, most CIO-led deployments are small scale, and large deployments are “few and far between”. “We found that awareness of the benefits associated with desktop virtualisation is high and so defining a strategy centred on the user is the first step many should take. Then CIOs couldd select the best approach for users’ needs.”
CASE STUDY American University of Sharjah
A Class Apart The American University of Sharjah is making calculated investments in the latest that technology has to offer to make its mark in the higher education sector of the Middle East.
T
he American University of Sharjah (AUS) is a leading independent, not-for-profit co-educational institution. The University educates 5100 students representing over 75 nationalities. Founded in 1997 by His Highness Sheikh Dr. Sultan Bin Mohammad Al Qassimi, Member of the Supreme Council of the UAE and Ruler of Sharjah, the University aims to reshape the minds of the youth through science and education for the advancement of society and the improvement of the lives of future generations. Conscious of its higher goals, AUS regularly makes significant strategic investments in the latest technology for the benefit of the institution, the current student population and its faculty. “The educational sector is an extremely competitive marketplace. The eventual winners will be institutions that use technology not only to transform the learning experience, but also to reach out to potential students previously unable to access further education,” says Ashi Sheth, director of IT at the University. According to Sheth, IT at AUS is not just about managing computer labs anymore. “As more students continue to use independent handheld devices to access information, IT must come up with innovative ways to enable dynamic use of these devices and provide flexible education outside of the classroom. This often means that we have to work on developing the right applications to enhance learning across all available platforms.” Sheth and his team are well aware of the different needs of the varying AUS stakeholders that use technology provisions. For this very reason, AUS places great importance on the partners and developers it chooses to work with. Sheth believes that the most important element when deciding on a technology partner or developer is its ability and willingness to learn. “We want to work with vendors who take their time to understand the specific needs of the institution and the underlying requirement for a particular technology deployment. This also helps them get a handle on the kind of challenges we face.” According to him, AUS is always on the lookout for
18
Computer News Middle East
AUGUST 2011
www.computernewsme.com
Ashi Sheth, director of IT at the American University of Sharjah
vendors who are willing to commit themselves to the development and implementation of technology. Sheth believes that long-term partnerships are more beneficial to AUS, since it allows familiarity and personalisation to be built over time into a strictly business deal. This also ensures that the partner is well aware of the business needs, growth strategy and expectations of technology from the entire breadth of AUS. Making a difference “Four years ago, AUS wanted to leverage on the trend of supporting lectures with multimedia content. Also studies have have proven that students achieve up to a full grade better when they’re able to witness the practical application of a theory, especially when they can access the multimedia content at their leisure, “says Sheth At that time, the University maintained an inventory of DVD players, DVDs and TV screens on mobile platforms for sharing audiovisual content related to lectures. Not only did this necessitate managing the inventory, but also significant effort had to be directed to scheduling and monitoring the movement of the TV screens across the campus. Around the same time, platforms like YouTube began to gain significant popularity among students, who were increasingly getting familiar with the concept of video streaming. Seeing this change, AUS began to look for a solution that would enable the creation and sharing of digital data, which could be accessed by students anytime. It was then that AUS also began looking for a means for its faculty to conduct lectures from remote locations to cut back on lecture cancellations in cases where lecturers were travelling for work or an emergency. The need for a comprehensive solution was further highlighted when the University faced massive problems accommodating students for guest lectures that are held a few times a year. “As part of the Chancellor’s lecture series, the University hosts three or four guest lecturers a year and we found that no matter where these lectures were scheduled to be held, the venues were always over crowded because the attendance for these lectures was over whelming. This
amplified the need for a solution that could capture the lecture content, which could be shared across the Univeristy campus or accessed by students later,” explains Sheth. So two and a half years ago, AUS began looking out for a solution that offered video streaming as well as video conferencing. The question then was how AUS could optimise investment in a campus-wide video streaming technology when guest speaker sessions took place just a few times a year. And in answering that question, the IT team realised that the screens associated with the video streaming could be used for digital signage purposes for community enhancements the reminder of the year, to enable the optimal use of the investment.
and reduced managerial overheads and complexity,” says Sheth. In the fall of 2009, AUS chose the Cisco Show and Share social video system. The solution comprised 30 Cisco Digital Media Players and 20 Cisco Digital Signs. Cisco Digital Media Manager, Cisco Digital Media Encoder, and a Cisco Media Experience Engine complement Cisco Video Portal and Cisco Digital Signs. The Cisco Show and Share solution allows AUS not only to distribute real time and recorded events over the campus network and the Internet, but also to transcode files from one video format to another. Beyond simple video streaming, the solution offers video cataloguing, together with digital signage and campus messaging.
We want to work with vendors who take their time to understand the specific needs of the institution and underlying requirements for the particular technology deployment. This helps them get a handle on the kind of challenges we face” “As a University we print a lot of posters. But we had no central place where visitors, faculty and staff could go for information that AUS wanted to share with them. Of course, there was email, but this was not always an effective option due to time constraints,” says Sheth. The IT team also believed that the idea to use the digital signage technology for general campus communication would also help to reduce the institution’s huge printing costs. Team work Having decided what type of solution they required and how they would profit most from it, AUS began looking for the right vendor to provide them such a solution. “We looked at a number of vendors for video streaming as well as data signage but Cisco was the only vendor to come back to us with a single unified solution that also enabled live broadcasting. It may not have been the best, but ultimately we chose an integrated solution that enabled easier management www.computernewsme.com
It also integrates with Cisco collaborative applications such as Cisco WebEx. Sheth says, “The Cisco solution has especially benefitted the University’s courses for the local government in addition to the Executive MBA course. The classes for both courses are scheduled in the evenings and during weekends.” Students for these classes can now access content at their convenience instead of having to make the (typically) three hour drive to the campus. He also believes that the Cisco Show and Share solution is a powerful differentiator for AUS. It means students can access top-quality video-based content from anywhere. “In many ways, it brings the whole world into our physical and virtual classrooms. Meanwhile, AUS has the ability to control material that is under copyright, while providing public access to certain footage, such as films of university events, to students’ friends and family,” he adds. He points out that the solution was integrated with the existing storage AUGUST 2011
Computer News Middle East
19
CASE STUDY American University of Sharjah
environment as well. This means that all the videos and digital content, as well as activities related to the AUS website, Active Directory, the content management system and BlackBoard lead back to storage. “The integration with BlackBoard is structured in such a way that content can be streamed directly through the BlackBoard system, instead of having to go through the Show and Share Website,” Sheth explains. Sheth and his team are fast realising the the wider capabilities of the system and are working constantly to modify and restructure it to make it more relevant to the university’s changing needs. “We are making minor changes in network and storage capacity to enable multi tasking and also upgrading the core bandwidth capabilities. These changes are fairly straightforward and simple,” adds Sheth. As is with all technology deployments, the Cisco implementation at the University came with its share of challenges. “From the beginning, it was evident that we were early adopters of the Show and Share and Virtual Memory System technology. There weren’t many partners who were authorised to sell and deploy. Besides there were engineers who had no experience other than attending just a training course or two on the subject. So in our case, it was really a matter of learning with the partners and engineers,” he says. He points out that the initial version of the video streaming portal was not flexible. “What really convinced us between the review and the time of purchase in the fall of 2009 was that the new version of the technology was due to launch in the next six months, or before the end of year at least, and would help address this lack of flexibility.” It took the team about a year from the intial implementation in 2009 to upgrade to version 5.2, which offered a higher degree of granular control over access to content than Version 5.1 of the Show and Share portal, and protected copyright content. The faculty was also initially concerned that use of the Show and Share solution would discourage students from showing up to class. “We spent considerable time helping the faculty understand that students are more prone to focus and understand lecture content when it is available at their leisure,” says Sheth. 20
Computer News Middle East
AUGUST 2011
Ashi Sheth, director of IT at the American University of Sharjah
solution. With the additional capacity and resiliency of the latest storage upgrade and a virtualised server environment running over 100 production servers, all core business applications and AUS’s Learning Management System have been migrated to the ISITprovided NetApp environment. “The new system has given us the flexibility to plan IT services around the future vision of the University. The storage solution is compatible with the existing IT infrastructure and storage applications, and was integrated with the existing storage infrastructure as part of the project implementation,” Sheth explains.
The solution helps to keep everybody engaged and increases transparency across all the stakeholders. We are a young university and it helps us present ourselves across a number of platforms, which is the biggest benefit that we have derived from this deployment” According to him, the solution has delivered on AUS’ expectations and validated the investment. “We were looking for a way to establish a more efficient and interactive learning process. I can see that we have achieved this in the content that is being uploaded and the way it is is being used. The solution helps to keep everybody engaged and increases transparency across all the stakeholders. We are a young university and it helps us present ourselves across a number of platforms, which is the biggest benefit that we have derived from this deployment,” Sheth adds. On the horizon In addition to the Cisco implementation, AUS has also recently successfully deployed a comprehensive solution from ISIT Middle East, a data storage and security solutions provider, to address specific centralised IT storage requirements. According to Sheth, the solution includes a clustered storage array at the main site and is designed in preparation for a disaster recovery (DR) site, which is under construction, enabling AUS’ environment to have a highly-available and scalable storage www.computernewsme.com
AUS has big plans for future IT growth and, according to Sheth, the team has over 28 IT projects in the pipeline for the next 12 months ranging from an upgrade to their wireless environment to investing in desktop virtualisation and cloud services for disaster recovery and back up. The University is also working on developing applications that can be screened on iPhones and other handheld devices and, according to Sheth, AUS is working wtih partners, as well as the University’s design program, to encourage students working with partners as well the university’s design program to encourage students to develop platforms that deliver dynamic digital content. Sheth also firmly believes that regional CIOs must embrace cloud computing in the near future. “Organisations cannot keep building Tier 3 and Tier 4 data centres. Not only is this expensive, but at some point the infrastructure will no longer be able to support expansion strategies.” He believes that technologies like virtualisation and cloud computing will not only help organisations reduce their carbon footprint but also the costs associated with it.
CASE STUDY Emirates Airlines
When service matters Emirates Airlines is a regional success story of global proportions. However, its continued success relies on being able to scale adequately across all continents, maintaining a consistent quality level and customer satisfaction. That’s why it has invested in upgrading its customer call centre.
A
quarter century ago, Dubai-based Emirates Airlines was launched with a $10m investment, twoleased planes and a single destination. Last financial year, it posted a profit of $1.69b, served 111 destinations and was the world’s largest customer of the A380. It’s fair to say that coping with scale successfully has been one of the main components of its growth strategy. “For a long time, we grew on a fairly ad hoc basis,” explains Karen BellWright, VP for retail and contact centres at Emirates Airlines. “We started a new route, opened a local sales office and local support, growing as the business in that territory grew.” However, longterm, that was not a strategy that could work on a global scale. “Now we have 57,000
22
Computer News Middle East
AUGUST 2011
employees worldwide – 165 nationalities – and service is central to our business.” What that means for Emirates is that its call centre business is not seen as a cost centre, but as a high profile element of its success. “That gives us pressure, but we do have full support at board level to make sure we can deliver.” An example of the problem that BellWright and her team face is this: new routes mean the roll-out of new aircrafts, and each aircraft requires a significant number of new crew members. “That’s the start – then we have to think about customer numbers and the support staff required, plus incountry support.” The speed of Emirates’ growth meant that the traditional cycle of upgrading regional and local call centres just made no www.computernewsme.com
sense any more. The airline opened one of the first call centres in the Middle East and grew that side of its business organically as new destination after new destination was opened up. “The problem was,” recalls Bell-Wright, “that serving nearly 70 countries posed an accessibility problem. How does a global company stay close to its customers? That’s the dilemma. We also took a more holistic view of our business – a crisis like the tsunami in Japan or volcanic ash in Europe doesn’t just affect our customers in Japan or Europe, but globally as we’re a joined-up business that has to look at the world as a whole” And growth has been speeding up. Last year, Emirates opened up six new routes and, by mid-2011, it has already announced
customer knowledge, which is critical. A customer’s key concerns are simple and we have to address them: they want instant accessibility and they want the operator to know who they are. To deliver that, we needed to give our operators the best tools – knowledge management is critical.” Bell-Wright points to the importance of senior management buy-in on projects like this. “We’re lucky that service is seen as central to our business, but we have to work at it.” What has clearly worked is achieving the airline’s key objective - how to scale without compromising customer service.
RIGHT: Karen BellWright, VP for Retail and Contact Centres at Emirates Airlines
another five for this year. “We needed a strategy that would allow us to grow globally but with consistency and quality of service.” The answer? The so-called Global Connect project, developed in conjunction with Genesys and handled as a managed service project by BT. “The idea was simple: virtualise our call centre activity globally, by linking our five global regional centres (Dubai, Mumbai, Melbourne, Manchester and New York City). We will also be integrating Guangzhou into the project.” Emirates’ relationship with Genesys started with Skywards, the airline’s frequent flyer programme. Genesys applications allowed the call centre to easily handle the complexity of multiple time zones, and allowed Bell-Wright and her team to work on quality issues across the group. “I won’t say we had problems but we wanted all of our call centres operatives, no matter where they were
The problem was that serving nearly 70 countries posed an accessibility problem. How does a global company stay close to its customers? That’s the dilemma. We also took a more holistic view of our business – a crisis like the tsunami in Japan or volcanic ash in Europe doesn’t just affect our customers in Japan or Europe, but globally as we’re a joined-up business that has to look at the world as a whole” based, to offer a consistency of service. So we devoted a lot of time to setting base-line standards and so on.” Although she recalls some managed services problems with the worldwide rollout of Global Connect, she is notably pleased “to have a relationship with a market leader like Genesys”. Now the global virtualised call centre is working well. “I’m not saying we’re perfect but we’re in a much better position to have
And the result? “The outcome has been great. We have a more stable infrastructure. We have better performance management. And our operators have no excuse not to perform to our high standards, because they have every tool they need. Our job now is managing our people. What we’ve achieved is critical to Emirates going forward: we’ve matured our customer contact environment and tools in order to manage our business better.”
BY THE NUMBERS
1.8% is the average percentage of airline revenue spent on IT in 2010
Source: Airlines IT Trends Survey 2010
56% of the respondents of the Airlines IT Trends survey expect an increase in spend in 2011 with only 10% expecting a decrease.
37.9%
70%
will be the average ticket sales through direct airlines sales channels by 2013
of all airlines will have capability to sell tickets through mobile phones by 2013, as compared to 18% in 2010
www.computernewsme.com
AUGUST 2011
Computer News Middle East
23
FEATURE Security
Securing parameters As our society mobilises and more individuals use smart devices to access corporate data, cyber criminals are developing more sophisticated malware that operates at faster speeds. CNME reports on how attack methods are changing and how security strategies need to evolve to keep up. Security technology failures go through a predictable sequence: initial discovery by security professionals, followed by wide scale abuse by teenage vandals and, finally, appropriation by criminal enterprises. Now that the teenage vandals have largely dropped away, we are left with professionally executed attacks motivated solely by money. In less than five years, e-crime has changed from an anomaly into an industry,” says Michael Barett, CISO at PayPal in his efforts to characterise the new cybercriminals.
To say that Barett is correct in his description of the latest cybercriminals would be an understatement. Cybercrime has changed from being a battle at the user’s desktop, where antivirus and security software are effective in repelling attacks to being a battle encompassing the entire organisation, its network and brand identity. Costin G. Raiu, director, global research and analysis team, Kaspersky Lab says, “The amount of malware has constantly increased for the past 15-20 years, mainly due to the boom that cybercrime has known since early 2000. Cybercrime
BY THE NUMBERS
Source: Trend Micro, Global Cloud Security Survey, June 2011
1200 IT decision makers from U.S., UK, Germany, India, Canada and Japan surveyed
24
Computer News Middle East
itself is gaining popularity, because it is profitable, low risk and easy to do. Despite the best efforts of security companies and operating system developers, e-crime is still growing and poses a huge problem for individual users, corporations and governments around the world.” According to Justin Doo, security practice director for emerging regions at Symantec, “The lack of an international framework that protects users and prosecutes cyber criminals, coupled with the fact that most malware attacks originate from outside the victim’s territory, means
AUGUST 2011
93%
50%
43%
of respondents are using various cloud computing services
of respondents had concerns over security of data or cloud infrastructure
of respondents reported a security lapse with their cloud provider
www.computernewsme.com
Justin Doo, Security Practice Director for Emerging Regions, Symantec
that these perpetrators have no fear of being caught. “The lack of a common law related to cyber activity and the consumerisation of attack toolkits has significantly reduced the complexities associated with generating malicious code or content. Cyber criminals are selling crime packs for this very task, essentially developing their own black market. These guys are well aware of the difficulty in invading multiple samples and therefore generating new attack modules at faster speeds is also part of their strategy,” explains James Lyne, director of technology strategy at Sophos. Doo believes that attackers have also realised that it is much easier to target global brands because of the sheer number of stakeholders connected to the brand’s identity, network and domain. “It is virtually impossible for consumers to tell whether or not they’ve found the original brand or its authorised partners online. The Internet continues to harbour traffickers in counterfeit goods, fraudsters aiming to divert traffic away from legitimate sites and attackers aiming at identity theft,” adds Mirza Asrar Baig, CEO, IT Matrix. “Organisations aren’t taking security policies seriously and often permit business units to drive technology without placing the appropriate security measures to protect the network and data in place. This makes the idea of targeting organisations, a lot more appealing,” agrees Nick Black, technical manager, Trend Micro. The growth of the digital universe and
the mobility this entails also contributes to the increasing volumes of malware activity. According to the IDC Digital Universe Study 2010, the digital universe grew to 800 billion gigabytes, a 62% increase since 2008 and will expand to 35 trillion gigabytes by the year 2020. Lyne points out that last year Sophos witnessed around 95,000 unique malware samples a day and today they’re witnessing close to 150,000 unique samples a day. Security professionals believe that this trend is likely to continue as more identities become available online. “Attackers now know that a planned and targeted attack will almost always be successful. As long as there is data to be stolen and profit to be
can then create a sub-domain that includes this variation of the legitimate domain name.” Phishers have also been known to register bogus domain names using credentials stolen from their victims with IP addresses linked to multiple compromised PCs that are part of a botnet, which act as proxy connections to a botnet. These act as proxy connections to a handful of services that host pages of up to 20 fake Websites at a time. Doo also points to the advent of “whaling” where malware is embedded within a single communication module, typically email, targeting senior executives of a particular organisation. The idea is for these emails to be forwarded across other
Organisations aren’t taking security policies seriously and often permit business units to drive technology without placing the appropriate security measures to protect the network and data. This makes the idea of targeting organisations, as opposed to individuals, a lot more appealing” made, we’re going to see rising numbers,” he adds.
Intruder alert Over the last few years phishing scams, where the attackers send out enormous amounts of spam including links to fraudulent Website controlled by the attackers, have garnered much attention in the cyber world. Phishers rely on the fact that because spam filters analyse billions of email there is a probability that at least some would get through. According to Baig, phishing is not purely a technology problem but a combination of social engineering and technology prowess, the phishing email must entice the victim to act on it and at times voluntarily provide sensitive information for the attacks to succeed. “Phishers may even use the IP address of the server to confuse victims and may go as far as to register fake domain names, which are typically a variation of the legitimate institution’s domain name. They www.computernewsme.com
Costin G. Raiu, Director, Global Research and Analysis Team, Kaspersky Lab
executives in the organisation who act on it based on its source. “These attacks are normally architected keeping in mind even the most minute details, such as language and grammar, and makes them difficult to detect because they come from a trusted source from within the organisation.” AUGUST 2011
Computer News Middle East
25
FEATURE Security
“While generic email blasts remain popular, they’re also being supplanted by targeted, brand based solicitations. The malware is embedded in a carefully crafted unique email that targets users by leveraging on the trust they place in well known brands, particularly banking institutions,” adds Baig. Termed brand hijacking, these attacks not only lead to direct financial losses but can also cost an organisation loss of intellectual property and eventually may affect the brand’s reputation and customer loyalty. Security firm, MarkMonitor reports that phishing and malware attacks severely undermine consumer confidence and, due to the fear of becoming the victims of identity theft, of becoming the victims of identity theft over 150 million U.S customers don’t bank online. The company also reports that more than 400 brands are attacked each quarter and expects the trend to accelerate as identity theft continues to be lucrative, employing a wide range of tactics including distribution (VOIP, drive-by downloads), infrastructure tools ( botnets, fast-flux DNX) and credential theft schemes such as man-in-the-middle attacks. Experts have also witnessed an increase in what IT security professionals call ‘hacktivism,’ a term popularly used to describe security breaches and hacks carried out to correct a moral injustice. “The good news is that as end point security companies evolve and provide organisations with more intelligent data , organisations are more empowered through knowledge to recognise threats,” says Alfred Huger, VP of development, cloud technology group at Sourcefire.
James Lyne, Director of Technology Strategy, Sophos
The malware problem is not necessarily larger but seems to have gained more visibility over the last few years. The good news is that as end point security companies evolve and provide organisations with more intelligent data they are more empowered through knowledge to recognise imposing threats” One step ahead Florian Malecki, senior product marketing manager at SonicWALL feels that as cybercriminals are using increasingly sophisticated attack techniques and exploit kits to perform targeted attacks security solutions developers and providers must also evolve to counter these attacks using a layered security approach. Addressing the suitability of security applications and solutions that are currently
Prominent security breaches in 2011 RSA- the Security Division of EMC, revealed that they were the target of an Advanced Persistent Threat (APT) and that information extracted from their systems during the attack was related to RSA SecurID two-factor authentication products. This attack targeted the highest profile product of the company and trade secrets were compromised.
26
Computer News Middle East
AUGUST 2011
available in the market, Black says, “Some are and some are not suitable. It is important that organisations are serious about security, and partner with and industry-leading security vendor who invests in solutions catered to combat both current and future cyber criminal trends. Businesses must start challenging their security provider. This is because implementation and ongoing support are becoming critical to provide the agility to protect both organisations its against constantly evolving threats.” Waseem F Hattar, IT security manager at eHDF on the other hand believes, “Existing solutions cannot be judged based on the
Sony- a sophisticated intrusion hit its data centre in San Diego. Data on all 77 million registered accounts was stolen including user names, e-mail addresses, login IDs and passwords. Although no credit card data seems to have been stolen, the attack cost Sony $171 million. Most importantly, due to the extent of the attack, Sony was forced to suspend services for two-and-a-half months.
www.computernewsme.com
vendor or the type of product because what may be a suitable solution today, may not be as effective tomorrow.” Raiu recommends building user awareness in the organisation. “Begin with a few short days with users defining how best to use the Internet- secure browser, setting passwords and the importance of not disclosing any personal or financial information over the Internet. This can be followed by giving them a list of well known security resources like antivirus packages and firewalls, and setting up a certification program to encourage users to teach others.” Hattar agrees, “Awareness campaigns must be conducted regularly on a monthly or quarterly basis. This makes the organisation’s employees aware of the impact of downloading and scanning documents, and sharing critical corporate information with companies or parties not inside the same domain.” Doo believes that although organisations can indulge in regular security campaigns to educate users, these
Why is CommVault positioned as a leader in the 2011 “Magic Quadrant for Enterprise Disk-Based Backup /Recovery” Report?* The 13,500 customers worldwide who trust us to solve their data management challenges could answer this question for you 13,500 different ways. But if you don’t have time to poll them, get the full Gartner report and more at commvault.com/ITLeaders. Or, to set up a personal conversation about how we can help you, call our middle east office in Dubai at +971 4 3753491. Backup & Recovery > Archive > VM Protection > Deduplication > Snapshot Management > eDiscovery
1207 Al Thuraya Tower 2 PO Box 502224 Dubai UAE Headquarters: 2 Crescent Place Oceanport, NJ 07757 Regional Offices: Europe Middle East & Africa Asia-Pacific Latin America & Caribbean Canada India Oceania www.commvault.com n
n
n
n
n
n
n
n
n
©1999-2011 CommVault Systems, Inc. All rights reserved. CommVault, the “CV” logo, Solving Forward, and Simpana are trademarks or registered trademarks of CommVault Systems, Inc. All other third party brands, products, service names, trademarks, or registered service marks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice. * The Magic Quadrant is copyrighted 2011 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner’s analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the “Leaders” quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
FEATURE Security
will not help much unless the information to be shared is presented right. “Most IT users within an organisation are not tech savvy and therefore the most important task is to simplify the information being relayed to them. Personally, I suggest alerting employees about how the malware content may affect not only the business but also their personal lives. At the end of the day, end users pose the biggest threat to security within an organisation.” Professionals also say that the importance of establishing security policies at an organisational level grow in proportion with the size of the organisation, the reason being that larger organisations have more complex networks which makes them harder to secure. As Hattar says, “Security policies will help in defining user behaviour and need not be completely technical. They can be related to basic activities like email or document sharing, which can mitigate risks by controlling data movement.” Lyne adds, “Do the basics well, run up to date endpoint security, use strong passwords, patch your OS and applications. Also, organisations should look to deploy these controls across different platforms such as tablets and other handheld devices with the appropriate configuration.” He recommends using a blended and complete set of security controls. “The more layers you can run, the tighter the net around your system and the harder it is for the attackers to slip through the holes,” he adds. Practical picture One needs to only look at the recent spate of
Waseem F. Hattar, IT Security Manager, eHosting DataFort
attacks on companies like Sony, RSA and others to see firsthand the serious implications of an attack, both financial and reputation-related (see box outs for detail). Many professionals believe that changes and advances in technology are adding to the challenges of businesses and consumers. “The increase in applications and work environments moving into the cloud, the use of Web 2.0 applications, mobile devices, social networking sites, and the simultaneous growth in online transactions, poses a growing risk to enterprises and makes individuals more vulnerable to malware attacks,” says Malecki. There are multiple security solutions currently available in the market. Professionals feel, however, that the best solution would seamlessly integrate a dynamic range of technologies including cloud, heuristics, firewalls and application security.
Prominent security breaches in 2011 Citibank- a hack devised by simply altering the bank’s URL was used to steal 360,000 customers’ credit card details including names, account numbers and email addresses. Citigroup suffered about US$2.7 million in losses from 3400 of these accounts.
28
Computer News Middle East
AUGUST 2011
Lockheed Martin- It was reported that attackers got hold of the algorithm for tokens used by Lockheed Martin, the US government’s top information technology services provider. They used these to install a key logger on one or more computers within the organisation. The firm’s Maryland data centre was targeted. The backup data centre in Colorado was believed to be secure.
www.computernewsme.com
According to IDC, fewer than 10% of organisations globally make use of behavioural Host Intrusion Prevention System (HIPS) technology. Security technology therefore needs to be adaptable and more cost effective to use, so that these new solutions can be run by organisations within their resource and budget constraints. Lyne warns organisations against making the security infrastructure too restrictive. “Keep it simple, make sure you are doing the basics on each platform, and look for technologies that can work as effectively across a wider range of platforms, providing minimal increase in costs. Make sure you keep updating users on the threats they will face on these platforms too. It’s not all well and good spending all your time protecting the PC, only to have the CEO get socially engineered into sending out sensitive data on his Mac,” he states. Doo believes that industry standards like ISO 27001 and ADSIC are notable initiatives to help organisations realise the importance of securing their infrastructure and information. Hattar says, “Although a scenario that guarantees 100% security does not exist, by investing in the right platforms organisations can prevent the damage that its users and other stakeholders may be subject to in the event of an attack.” Huger believes that aggressive security measures are no longer optional but a mandatory requirement, given the rapidly evolving threats. “It is not a question of whether or not the situation will change, but how soon it will change. Organisations can no longer allow security policies to take a back seat to other technology strategies,” he adds. Lyne concludes, “Compliance regulations demonstrated by ADSIC in the region are starting to develop and many businesses operating internationally are now subject to security compliance requirements in contracts with other overseas organisations. This will encourage the development of a robust security policy framework. As the threat landscape continues to evolve, the role of the chief information security officer will move from a technical one, to one involving the management of business risk and financial impact.”
Vertical focus Document management
Record running Document management systems (DMS) run the real danger of losing significance in the increasing noise around data lifecycle management solutions. However, if the need is true, organisations can benefit from DMS investments that can serve as the first step to comprehensive information handling.
I
n the growing noise that surrounds the subject of data management and the need to integrate big data into organisational functioning, it is easy to forget the seemingly simpler topic of document management. However, for companies of a certain size, document management systems (DMS) can prove to be an effective starting point for managing the majority of their structured information. “Data management is a broad field of study, but essentially it refers to the process of managing data as a resource that is valuable to an organisation or business. Databases are for structured data, whereas DMS is specifically suitable for managing information found in unstructured data contained in documents and files like Word, PowerPoint, Excel spreadsheets, PDF, and other popular formats. While document management is a subset of data management, whether an organisation needs document management or data management depends greatly on the scope, type and quantity of its
30
Computer News Middle East
AUGUST 2011
www.computernewsme.com
information assets,” says Mahesh Vaidya, CEO of ISIT. For a significant number of enterprises in the Middle East, DMS proves to be the first step in the process towards comprehensive management of an organisation’s data lifecycle. In other words, achieving effective management of documents in a company can help companies in achieving efficiencies across the organisation’s multiple divisions. “Effective document management within organisations allows customers to manage information to simplify and streamline their document processes. All organisations have documents. Many have elaborate document management solutions that facilitate the capture, storage, management, and delivery of those documents to meet the needs of their business operations. Some have very informal or even manual approaches that meet their needs,” says Dan Smith, GM for integrated marketing for the Middle East and Africa region of Xerox’s developing markets operation. He adds, “The following four considerations are essential to ensuring longterm success of an organisation’s business operations and the document management approach that supports the business – effective and consistent capture and classification, management and processing, delivery, formatting and presentation, and finally, storage, retention and disposition.” Initial use of DMS can increase the organisational value of information work – accelerating time to market, and improving decision making and idea generation - by
BY THE NUMBERS
enabling better organisation of, and access to, information and providing tools for more effective collaboration and overall information management. According to Smith, no matter what size or what industry they are in, customers can reduce costs and grow their business through smarter document management. Market dynamics In truth, DMS has been around and been talked about in the Middle East and global market longer than their data management peers. However, adoption of DMS remains relatively small, and currently might even
Mahesh Vaidya, CEO of ISIT
In the Middle East, the technology landscape in the document management space is changing rapidly. The economic downturn of 2008 has changed the global economic outlook and, as a result, enterprises are forced to re-evaluate their technology investments. Technology evolution in the Middle East document management market has been driven by the changing regulatory environment, risk management requirements and user preferences for broader content management functionality” be outpaced by larger data management systems or enterprise content management (ECM) solutions. “In the Middle East, the technology landscape in the document management space is changing rapidly. The economic
downturn of 2008 has changed the global economic outlook and, as a result, enterprises are forced to re-evaluate their technology investments. Technology evolution in the Middle East document management market has been driven by Source: Gartner
7
$5.1
6
80%
was the number on the top ten technology strategy priorities assigned to document management by 1600 CIOs in a survey conducted in 2010
billion in worldwide software licence revenue is what the enterprise content management (ECM) market is expected to exceed by 2013
is the number of core functionalities identified within ECM: document management, document imaging, records management, workflow, web content management and document-centric collaboration
of enterprise information is unstructured content, 90% of which is unmanaged – representing a huge opportunity for ECM vendors
www.computernewsme.com
AUGUST 2011
Computer News Middle East
31
VERTICAL FOCUS Document management
Challenges related to DMS include issues surrounding document traceability years after creation, lack of integration and collaboration between various departments
the changing regulatory environment, risk management requirements and user preferences for broader content management functionality. The convergence of traditional document management and more comprehensive ECM is increasingly evident, with collaboration and process management now considered a standard document management feature,” says Vaidya. Vendors like Xerox remain confident about the potential in the market. Says Smith, “Companies are becoming more receptive to adopting document management solutions. Sectors that are more interested in selecting these solutions are diverse; they come from different industries, communications, manufacturing and trading. Some industries have specific requirements, for example those architects, engineering consultants and project managers involved with the booming regional construction industry have a requirement to work collaboratively, store, revise and share a large number of documents. Any sector offering services on a contractual basis to its customers needs to keep copies of those contracts, even for relatively small companies. Over a number of years, the volume of paper can be significant,
“There exists a plethora of vendors offering technology and services to assist with many aspects of document management. Listening to all these vendors can result in confusing and contradictory messages. A knowledgeable partner, who can work as a consultant to refine the business requirements and develop a suitable solution, potentially using technology from several vendors is what an enterprise needs to get the best out of any DMS investment.” and can benefit from digital storage. Many trading companies in the region use paper based records of transactions, leading to a mountain of paper work.” He adds, “Customer call centres need quick and easy access to information. If a service operative cannot answer the customer query on the initial call then a follow up is 32
Computer News Middle East
AUGUST 2011
required, which can be prone to error (ie., the customer does not get called back). This can be time consuming, expensive and can adversely affect customer satisfaction. All of this can be addressed by an effective DMS.” The existing problems with the appeal of DMS is compounded by challenges that plague them. www.computernewsme.com
Vaidya points out, “In an informationintensive society, efficient document management is especially critical to enable organisations across verticals to effectively create, capture, store, retrieve, distribute, archive and dispose of content. The common document management challenges faced by enterprises include avoiding documents duplication, improving information visibility, ensuring the security of critical information and reducing the overhead costs of printing, reproducing and distributing of paper documents. There are also the issues surrounding document traceability years after creation, lack of integration and collaboration between various departments, poor efficiency and accuracy of procedures, and strict regulatory requirements causing a slow approval process.” “Enterprises need to choose a right document management solution to manage the enterprise wide data. The DMS should
VERTICAL FOCUS Document management
be a comprehensive suite with strong document management, imaging, scanning, records management and BPM capabilities. It should be a complete capture solution for production and distributed scanning, well integrated with ECM and BPM. Management should cover check-in/check-out, version control, library services like folder/subfolders, access controls and sharing. Imaging should include capturing, transforming and managing paper documents, with a focus on high-volume imaging. Organisations will also require certified records management to comply with regulatory and legal policies for long-term archival of content, and enterprise class search capabilities including profile, index, date based and full text search. There should be strong integration capabilities, with support for web services, Java-based API, URL-based integration and enterprise-class security conforming to security norms of banks, financial services organisations and BPOs. The product suite should provide strong security features, like access permissions on folders and documents through control lists, with support for user, group and rolebased rights. Audit trail facility of all actions should be there in the system,” explains Vaidya. “There exists a plethora of vendors offering technology and services to assist
the big bang all at once approach, which can increase the risk.”
Dan Smith, GM for Integrated Marketing for the Middle East and Africa Region of Xerox’s developing markets operation
with many aspects of document management. Listening to all these vendors can result in confusing and contradictory messages. A knowledgeable partner, who can work as a consultant to refine the business requirements and develop a suitable solution, potentially using technology from several vendors is what an enterprise needs to get the best out of any DMS investment. This will ensure a suitably sized solution is deployed to fulfill the current and foreseeable requirements,” points out Smith. He adds, “Implementation needs to be handled in a professional manner. Typically, a pilot is run whereby one smaller manageable part of the business is targeted, rather than
Gartner’s top five tactical content management actions When Gartner did their annual survey of CIOs in 2009 they found the following three business priorities topped the list: • Improve business processes • Reduce enterprise costs • Improve enterprise workforce effectiveness Gartner says that enterprise content management can help achieve these business priorities and in some instances is a core requirement to achieving them. According to the analyst firm, what is required is a clear focus on tactical actions that can bring modest to significant benefits.
34
Computer News Middle East
AUGUST 2011
The five tactical actions to consider are: 1. Stop using the email system as the document management system 2. Take paper out of the process 3. Use content management to retain users and customers 4. Federate multiple content management applications 5. Consider a hosted or SaaS solution for tactical deployments
www.computernewsme.com
Future perfect? Despite the many advantages that a DMS or ECM can bring to an organisation, the increasing popularity of larger data management systems and data lifecycle management solutions can undermine adoption of these comparatively basic systems. While that is one fear, other experts in the industry believe that as with most other solutions of the past, companies will adopt technologies piecemeal, and therefore DMS can become the first step towards achieving more comprehensive information management across organisations. “While there are apprehensions in the market that document management will lose importance to the more comprehensive data management, it is important to understand the scenarios in which each system fits in. The purpose of a document management solution is primarily to digitise and archive files, and ensure compliance by tracking and managing new documents throughout their lifecycle, as they are written, revised, and updated. An ideal document management solution also includes advanced imaging and scanning capabilities (for digitisation of hard copy files), which a data management solution may not include. Which system is best suited to an organisation’s requirements is entirely dependent on the nature of the information assets of the organisation,” says Vaidya. In other words, DMS can add huge benefits to an organisation only if its need has been rightly identified, and the suite with the right set of functionalities has been chosen for implementation. This places a lot of onus on customers doing the right internal and external research. The responsibility lies equally with the chosen vendor partner also to lead a customer the right way, and prevent them from overspending on technology that they might not need. That might appear to be a tall list to fulfil. However, if enterprises are willing to invest the time and effort to decide between a DMS and an information lifecycle management solution, and deploy it right, they might find that their work has not been entirely at vain.
VERTICAL FOCUS Manufacturing
Capital Scope When it comes to embracing cutting edge technology to enhance business processes, beat the competitor and please the customer, the manufacturing industry in the Middle East appears to be near the head of the pack. Pallavi Sharma discovers the specific need for these investments and the road that lies ahead.
A
recent global study of small and medium-sized discrete manufacturers worldwide revealed that the industry is struggling with increasing complexity, global competition, rapidly changing business environments, and volatile raw materials prices. IDC Manufacturing Insights, a study conducted by IDC on behalf of Infor and IBM, in July 2010 interviewed decision makers in over 700 small and medium-sized enterprises in the manufacturing industry across four sectors in eight countries. The Insights study reported that complexity in the manufacturing sector is 36
Computer News Middle East
AUGUST 2011
attributed to a number of new factors such as low visibility into demand forecasting, the challenge of properly bidding for a project, and project profitability. The study states that manufacturing organisations struggle to ensure customer fulfilment because of complex and global supply chains that make control over the customer experience very challenging. Lack of clear visibility into market demand coupled with global competition is also seen to make the idea of developing profitable new products a dangerous guessing game. In addition to this manufacturers are under enormous pressure to lower costs. www.computernewsme.com
While the study reports on global challenges, the truth is that the Middle East’s manufacturing industry is not very different from its peers anywhere else. As challenges abound, the industry is finding that it can get a reliable helping hand from technology. “Discrete manufacturers, now more than ever, need to to leverage IT to address operational challenges. In many cases it will be up to the CEO to make this alignment a priority because it takes time and resources to communicate effectively; internally. There are, of course, technology solutions to improve internal communication and collaboration, but
this process must start with both the CEO and the CIO prioritising the initiative to understand the business needs that enterprise applications must service,” explains Andrew Kinder, director product and industry marketing at Infor. “Today, it is hardly a question of whether to have connected and reliable IT systems and solutions in place or not. It’s only a debate about when and whom to engage with to ensure that your organisation makes the most efficient use of its technology. The idea of imagining an organisation without IT is as alien as it can get,” adds Mansoor Sarwar, senior consulting manager – ERPX3 – manufacturing at Sage Software.
Custom needs IT professionals believe that the technology demands of the manufacturing industry are unique.“Manufacturing industries work in tandem with the economic state, in that they require flexibility and agile practices to meet fluctuating demand. Most of these organisations start as medium sized companies and their investment in technology grows with the demand for their products in the market,” explains Girish Dani, business head-security services (MEA), Tech Mahindra. IT professionals believe that the challenges associated with cost reduction and growing customer centricity are also unique to this industry. These concerns sometimes involve labyrinthine complexities that necessitate the need to invest in technology solutions to make business process management and decision making simpler. For instance, challenges in the process
Today, it is hardly a question of whether to have connected and reliable IT systems and solutions in place or not. It’s only a debate about when and whom to engage with to ensure that your organisation makes optimal use of its technology. The idea of imagining an organisation without IT is as alien as it can get” world include having to deal with poor quality or variability of ingredients, and in some cases dealing with contaminated products. This may ultimately result in recall, which can be costly not only in terms of time, effort and dollars, but also in brand equity and safety. Further challenges to keeping spend low include the rising cost of energy, which has an impact on operating expenses, and the intricacies involved in process implementation when outsourcing. For asset intensive industries, energy consumed by machinery is definitely just a cost of doing business. However, when a business does want to reduce the money it is spending on energy, the only way to do so might be to reduce consumption, which means reducing output. That is not a desired outcome. Process manufacturers, therefore, are often forced to bear the difference between planned and actual costs, and much of this could be attributed to energy consumption. For many industries in the region, especially after the recession, there has been significant shift in power from the producer to the consumer. This is true for the manufacturing sector as well and this
transformation has led to another challenge. “As customers become more demanding, inventory tends to be pushed back up stream. Many distibutors today are willing to carry fewer inventories. But in turn they expect a faster turnaround from their suppliers. “This leaves fewer buffers all around, particularly in process industries where limited shelf life of products and vendorspecific requirements for product lots are prevalent. This places additional requirements on manufacturers to manage expiration dating, provide better forecasts and more reliable and accurate schedules,” explains Dani. “Many of these challenges are often intertwined. The ability to control material and input costs is dependent on the ability to forecast demand and negotiate price. If a supplier is assured of a predictable flow of orders he is far more willing to negotiate on price,” he adds. Quality investments According to Dani all of this necessitates the need for manufacturing companies to invest in intelligent solutions that enable a high degree of scalability and automation, as well as aid in resource utilisation and
BY THE NUMBERS
Source: Acronis Survey, March 2011
3000
25%
20%
IT managers surveyed in SMEs across 13 countries
say their organisation’s servers are already virtualised
say IT infrastructure is being managed in the cloud
www.computernewsme.com
60% believe they have ample provisions for back up and disaster recovery
AUGUST 2011
Computer News Middle East
37
VERTICAL FOCUS Manufacturing
inventory management. “The industry requires predictability in internal systems, and therefore needs to invest in business intelligence, data warehousing, SCM, ERP and CRM heavily,” adds Dani. Sarwar says, “We have recently revamped our internal networking and upgraded it to the latest switches and hubs. A state of the art storage management system has also been procured. We have also connected our factory on a dedicated line and have managed to get the terminal services configured on devices belonging to all our staff who travel frequently. All this has enabled us to have a centralised file server and mail server, which is always up-to-date and everyone is connected, irrespective of their geographical location. The improved network infrastructure and sophisticated storage management means the most expensive asset of our organisation, i.e., information and data are secure and readily accessible at all times” Based on the improved network infrastructure, Sage then went on to implement a leading ERP application that covered the organisation’s operations from all aspects. “Following the implementation of this solution, we, for the first time in the organisation’s life, have an actual visibility of the bottle necks in our production cycle. We have been able to gain a real computation of our actual costs of each unit product of a specific brand, and aspects like labour and machine efficiency, which are breakable to each unit product,” he says.
Girish Dani, Business Head - Security Services (MEA), Tech Mahindra
38
Computer News Middle East
AUGUST 2011
With the information provided by the ERP implemenation, decision makers at Sage are in a better position to focus on business growth. “The implementation helped us realise which products were no longer feasible, based on product profitability reports that monitored marginal costs in comparison to market share contribution. We can now focus on productivity and strategy, instead of spending time on compiling the reports from mountains of data. Our bottomline has improved significantly and our storage costs have reduced by an impressive 15%. We expect to recover our investment in the ERP solution in just 18 months, which is fairly quick for an ERP product,” says Sarwar. Manufacturing industries are also investing in technologies like virtualisation and cloud computing to leverage on storage and energy cost savings. Perma-Pipe Middle East has invested in WAN acceleration devices, server consolidation and virtualisation. “WAN acceleration devices have helped speed up data centre access for our branches and reduced operating expenses by eliminating the need for costly line upgrades. With server virtualisation, we have eliminated several servers, thereby reducing power and energy consumption. In addition to this, on the IT administration front we have achieved lower redundancy and higher availability,” says Vishal Sood, the company’s IT manager. According to Sood, the organisation is currently undertaking a desktop virtualisation project and expects to benefit from further reduction in IT administration www.computernewsme.com
Mansoor Sarwar, Senior. Consulting Manager – ERPX3 – Manufacturing, Sage Software.
overheads, with data consolidation and central management of user issues. A significant aluminium manufacturer, Dubai Aluminium (DUBAL) has made significant investments in business intelligence, storage and security solutions. “Making these investments seemed like natural progression for growth and productivity, and we have already witnessed better productivity and integration across the organisation,” adds Ahmed AlMulla, VP of IT at Dubal. Levelling out As is the case with any technology implementation, the manufacturing industry too faces its share of issues that need to be worked out when deploying the latest technologies to enhance business operations. Zaki Sabbagh, CIO, Zamil Industrial Investment Corporation believes that this is
I get the support I need Trend Micro Worry-Free Business Security is easy to install, easy to maintain. It just works, and that leaves the customer free to do what they do best.
Trend Micro Worry-Free Business Security Fast, Effective, Simple http://www.smeadvisor.com/ms/trendmicro/index.html
VERTICAL FOCUS Manufacturing
only natural given the rapidly evolving nature of technology. “Given the speed at which technologies today turn obsolete, decision makers in the manufacturing sector are often concerned about the ability for a solution to contribute to the organisation’s long term growth and compatibility with different platforms. What makes this situation worse is that organisations often have to work with a variety of solutions or software to suit specific business needs, and must therefore make sure they invest in platforms that can be seamlessly integrated and can adapt to the organisation’s future needs well,” he explains. This is one reason why the manufacturing sector is very particular about its choice of vendors and the technology solutions each has to offer. “We try to minimise working with too many technology providers to reduce the complexities associated with working across multiple technology vendors and developers. Our choice consists of one or two vendors that can develop an integrated platform and a comprehensive solution,” says Sabbagh. According to him, this helps the organisation reduce the footprint, optimise its use of resources in terms of skills and technology and helps companies build a better relationship with vendors through direct engagement. It also enables them to develop a future roadmap of IT investments and strategies in collaboration with the
Zaki Sabbagh, CIO, Zamil Industrial Investment Co.
40
Computer News Middle East
AUGUST 2011
Ahmed AlMulla, VP of IT at Dubal
support the implementation of technology. Vendors need to concentrate on delivering better standards of service, especially in terms of skills availability and time taken to respond to queries and errors.” Despite these glitches, most IT professionals are satisfied with the rate at which vendor knowledge and understanding of the nuances of the manufacturing industry is maturing. “We are witnessing the growth of more specific vertical knowledge among vendors, as well as workshops and seminars that create a platform to share best practices and meet industry experts to enhance the use of the latest technologies,” adds Dani.
Many of these challenges are often intertwined. The ability to control material and input costs is dependent on the ability to forecast demand and negotiate price. If a supplier is assured of a predictable flow of orders he is far more willing to negotiate on price” vendors who understand the business needs better than a new vendor would. Managing the resistance to change is also a major challenge that most enterprises have to deal with. “In the case of virtualisation and cloud technologies the way of administering the server changes due to the placement of another operating system layer within the infrastructure. To most users this is another layer of complexity. This can only be addressed with proper communication and education,” says Sabbagh. Other decision makers recommend hiring a change management consultant or conducting a series of workshops to help manage this process. A majority of the professionals point to the lack of vendor support and service capabilities as a major issue that needs to be dealt with at a regional level. “The region lacks a culture of legislation associated with IT contracts. This may be because the region functions on trustbased relationships. But this leaves customers no means to protect themselves against falling service levels,” he adds. AlMulla agrees, “Vendors in the region lack a comprehensive plan and resources to www.computernewsme.com
On the whole, decision makers believe that the manufacturing industry is now making the transition from investing in point solutions to larger investments in long term operational technologies. As the market continues to recover from the recent global slump, and the demand for products continues to increase, IT investments that enhance business operations, shorten production life cycles and guarantee greater customer satisfaction will also increase. Izzy Azeri, senior VP and GM, Americas at Acronis says, “The manufacturing industry may not have as many regulatory or compliance requirements as other industries. While some industries may be a little more hesitant to deploy some new technologies, the manufacturing sector seems to see the cost-benefit analysis of that pretty easily, and they’re deploying them much more quickly than other industries.” IDC Manufacturing Insights predicts that the industry will invest in a combined approach of internal skills development and training, and external consulting and technology to address the future.
Q&A Paul Maritz Ernesto Baca
Planning for the post-PC era In the first of a two-part series, Paul Maritz, CEO of VMWare, talks about how virtualisation is one piece of the platform VMWare intends to offer — a mobile, cloud-enabled world.
42
Computer News Middle East
AUGUST 2011
www.computernewsme.com
C
EOs can come across as the chief sales officers in interviews, aggressively repeating bullet points that may or may not answer the question at hand. Paul Maritz, CEO of VMware, is not that type of guy. From appearances, he is a deep thinker with a philosophical bent. Before becoming CEO of VMware, where he replaced founder and CEO Diane Green in 2008, Maritz was best known for his 14-year stint at Microsoft. At VMware, Maritz has helped his company solidify a dominant position in virtualisation, but as he made clear in a recent interview, he has no intention of standing still.
Q: People know VMware – your strength in both server and desktop virtualisation – but what’s your strategy going forward? A: We’re at an interesting juncture in our history. The company has obviously been very successful and continues to have a very compelling value proposition, which is kind of remediating the sins of the clientserver generation. So people have bought our technologies to deal with server sprawl and have saved a lot of capital expense by consolidating servers – and in the process found that they can actually address some operational efficiencies as well. And that’s what has really propelled our company. It’s a great position to be in. But we’re also cognisant of the fact that, unless we think ahead, we will be seen as the closing chapter of the client-server generation instead of the opening chapter of the next generation. We believe there are fundamental shifts happening in the space at the moment. And having been very successful, we’ve – for better or for worse – managed to attract the attention of some very well-funded and entrenched competitors. We have a target painted on our backs by them at this point. This is not a time for us to be sitting on our laurels and congratulating ourselves. We have to gird our loins for the next lap of the journey. And because we are a very successful, but still a medium-sized company – and we have determined competitors – we have to use change to our advantage. We have to ask: What are the fundamental things that
are changing in the world, and how can we get aligned with those changes and use that to our advantage?
Q: Tell us about the changes you focused on. A: We have a sort of simplistic way of looking at the world, which is to say that we’re not subscribers to the reverticalisation of IT. We don’t think that the profound thing that’s going on in the cloud era is a “bigger box” theory of IT – that you’ll get a complete vertical stack from a single vendor. We think that the cloud, whether private or public, is actually the antithesis of that. The cloud is
that could be virtualised are virtualised and are running on virtual infrastructure and predominately on VMware. That number is growing at about 10% a year, which means that a substantial number of our customers are no longer using virtualisation on the fringes of their data centre but are really starting to use it as a central strategy – not just for running tier 2 and 3 applications, but for tier 1 applications as well. We refer to that as our “breadth play” and obviously we need to continue that – we need to do everything that we can to enable it to continue. But then we’re going to have
This is not a time for us to be sitting on our laurels and congratulating ourselves. We have to gird our loins for the next lap of the journey. And because we are a very successful, but still a medium-sized company – and we have determined competitors – we have to use change to our advantage”
about a new horizontal stratification of IT – and we need to align ourselves with that. Those horizontal stratifications, simply speaking, are about a fundamental transformation of infrastructure into a new, more automated layer. A transformation of how applications are developed on top of that, and then finally, a transformation in how the results of applications are delivered to the end-user. We think profound change is happening in all three of those layers. Obviously, our business today and the vast bulk of our revenues come from the infrastructure layer. The good news in our favor is that virtualisation as a technique to transform infrastructures is no longer something that we have to evangelise. That’s well accepted, and you know, if you look at the Gartner hype cycle, I think virtualisation is kind of out of the slough of despond, and we’re kind of on this slope of enlightenment, just about to reach the plateau of productivity. So if you believe Gartner’s numbers, if you look at the number of x86-based server applications – and this is sort of the real metric to use – Gartner would say that in the world today 40% of the survey applications www.computernewsme.com
to start executing a depth play, because eventually we’ll run out of server applications to virtualise. So we need to allow people not only to virtualise but to do more things in the context of virtualisation, start to tackle issues relating to operational efficiency, resiliency, and security within virtualisation.
Q: How does that strategy align with your current product offerings? A: So we’re moving to say we have vSphere, which we are continuing to improve to enable it to host as many of the server applications in the world as it possibly can. In other words, let’s get as close to 100% as possible; let’s make sure we remove any technical roadblocks to getting to the 100%. We have a few customers who are at 100%, but most are still way short of that. But then, in addition, we are building toward a suite of products that will allow us to execute the depth play. We want to allow them to not only increase the quantity of virtualisation, but the quality of virtualisation. And that’s why we basically think of ourselves as building suite of five products at the infrastructure level. AUGUST 2011
Computer News Middle East
43
Q&A Paul Maritz
The next one is vShield, which is really the framework into which virtualised edge functions plug. Because as you build out this pool of virtual capacity, all these servers and storage and networking elements are now linked together through virtualisation. We’re going to move things around within that pool to improve efficiency and resiliency, so we’ll not only move things around to load balance, but we’ll move things around too for availability reasons, etc. The protective functions around an application – the firewall, the load balance, the antivirus engine, the data loss engine – they’re going to have to move with it so that all of those functions today that are typically encoded in a physical device that’s clamped onto a wire somewhere have to be freed from that wire and have to move around in the pool as well. We need a framework for that to enable that to happen. That’s vShield, and we’re working with all the usual suspects in the industry to get them to turn their functions from physical appliances into, figuratively speaking, virtual appliances that can plug into that framework: virtual load balances, firewalls, routers, antivirus engines, etc.
Q: What about a workable framework for virtual appliances? A: The third element you can think of – and I use this term very loosely – is the user interface to that infrastructure. In other words, how does the producer of that infrastructure expose it to his customers? How does he make it easy for people to come, on the one hand, to provision the applications into that pool, associate policy with those applications into how they should run, and then give them metrics back as to how they’re performing and consuming infrastructure? That is what we call vCloud Director, which is the layer that adds the user interface, where you can basically describe your workloads, associate policy to them, and get metrics reported back as to how much infrastructure they’re consuming, and so on, which allows an internal IT organisation to start behaving more like an internal service provider to internal customers. 44 Computer News Middle East
AUGUST 2011
You know, a guy who says “we take no liabilities” isn’t someone you can do substantial business with over time. If we’re going to really do this, we have to have people who are willing to engage in enterprise quality” The fourth element is our Site Recovery Manager. It’s a suite of software that addresses cross-site disaster recovery, because that’s one of the common uses for this new infrastructure, where you have two active sites backing each other, etc. Site Recovery Manager provides the layer of functionality in terms of allowing you to have cross-site continuity.
Q: vSphere, vShield, vCloud Director, and Site Recovery Manager. What’s the fifth part? A: The fifth part is monitoring and management of the big pool that you’ve created. It’s an interesting one because it www.computernewsme.com
speaks about this issue of a new horizontal stratification of IT that I was talking about. Imagine trying to do this on a vertical silo basis. In other words, you try and find the app and then you manage all the way from the app down to the hardware underneath it. Now when you create that pool you’re essentially cutting that stack right through the middle. And the pool provider on the one hand is going to know less about the apps, and the apps, of necessity, know less about what’s going on inside the pool. If you’re the custodian of that pool, you can’t look at any one individual app and know that your pool is healthy. What’s more, if you turned on all of the logging capability of all the elements down in that pool, it throws so much information at you, that if you’ve got hundreds of servers and hundreds of storage areas there, you’ll never be able to make head or tail of the information coming out of it. You need to look at a different way of managing and monitoring in this cloud-based horizontal stratification of the world, so we’ve invested in a product called the vCenter Operations suite, anchored on a technology that we acquired last year, which takes a statistical analytic approach to how you monitor and manage infrastructure.
Paul Maritz
Q: How does that help customers? A: What it says is you’re the end-user, don’t try and figure out which of these logs is really important, which is not. Just give it all to us, just give us absolutely everything you’ve got, we’ll [manage] it, we’ll build a statistical model of your infrastructure and we’ll tell you when we think your giant pool is going outside of the bounds of what we’ve historically seen as normal. It’s a statistical model, so every now and then it’ll give you false positives. In other words, it’ll say, We think you’ve gone outside the bounds of normal. And you’ll say, Don’t worry, it’s just the end of the month. And it will learn from that. But what we’ve found it that model tends to be much more sensitive than humans to important changes in the environment. It will start to detect that drift outside of normal before a human will detect it. It will say, Look, here are the five things that have driven the model outside of normal, we think you need to go look at these five things.
Q: Would you say that these five elements together provide management of the private cloud? A: Yeah. We’re deliberately very precisely trying to build up a cloud infrastructure suite, and I’ll explain how we see it being applied in a hybrid cloud model. We are not subscribers to the belief that all of the world’s computing is going to be either internal or external. Q: Yes, most customers we talk to say they’re most interested in the private cloud. So how did customers inform your vision of the cloud? What are they telling you that they want? A: What they said to us in essence is: We would like to make business decisions rather than technology decisions about when we run things internally or externally. And we’d like to be able to change our mind about that, so we’d like to be able to take something out of the external cloud and if we don’t like it we’d like to be able to take it back, and vice versa. And we want to deal with a set of service providers who are willing to talk the enterprise language. 46
Computer News Middle East
AUGUST 2011
You know, a guy who says “we take no liabilities” isn’t someone you can do substantial business with over time. If we’re going to really do this, we have to have people who are willing to engage in enterprise quality. We actually have about 1,000 service providers today who license vSphere from us and are operating some kind of service. We know that because we have an alternative licensing model for service providers, where they can essentially rent our software rather than paying up front for it. We know that very accurately.
The question is, if you ever had to cash that check, is there something to really go sue or not? So we’ve created this partnership that we call the vCloud Data Center Partnership and recruit credible enterprise service provider partners. Today we have Verizon and Terremark. Verizon, SingTel in Asia, Colt in Europe. Colt is the City of London telephone company that carries all the fiber-optic cable for the financial industry in Europe. Or Softbank in Japan, which is the second largest telecom operator in Japan.
When and if you are ready, there will be this community ecosystem of external service providers. And it is important that it is an ecosystem, so you are not beholden to any one of them. They will keep each other honest. They should be ready when you are ready, to allow you to make business decisions about whether you want to take an application or set of applications, and run those in an external cloud. And if you don’t like it, take it back again and move it somewhere else” Q: Many global cloud service providers, of course, are going with open source virtualisation solutions. A: We have a lot [of providers] who like the quality of our software, and they like it because it’s familiar to what people have internally. So we have about 1,000 folks who are operating all sorts of businesses on a service provider model. Within that community, what we’ve elected to do is to try and pick a very small subset of them who are committed to have the same suite in their public clouds. In particular, that user interface is going to be common between the two. The way that you describe and secure and manage your workloads will look the same internally versus externally. What’s more, there are people who are not only willing to talk enterprise, if you like, but they have the means to back it up. In other words, it doesn’t help for a vendor to say, we’re willing to accept liability. www.computernewsme.com
Those are the four anchor tenants, and there’s Bluelock, a small guy that we put in there just to keep them honest and show them that things can actually get done in as short of time scale as [they’re] accustomed to. We’ll expand that by probably another three or four over the next several months. Interestingly, those companies have started to discuss among themselves forming a consortium so that somebody can say, I want to deal with one entity that can give me coverage in Europe and Asia. Because there’s always going to be regulatory reasons why certain things have to be done in certain jurisdictions independent of technology. How do I work with somebody who says, If the Singapore government requires me to do certain things in Singapore, I can do that, or Japan, or whatever? For the second part of the interview, please read the September 2011 issue of CNME.
INSIGHT Cloud Ernesto outages Baca
Learning from cloud outages Sending your IT business to the cloud comes with risk, as those affected by these 10 colossal cloud outages can attest.
A
s a concept, there’s a lot to like about the cloud. Drop those bulky servers and get yourself a big, white hard drive in the sky. Someone else handles the upkeep and lets you put your data where you want it. Even the word “cloud” itself brings to mind a heavenly (if slightly fluffy) fantasy. The reality is, of course, a mixed bag. What you gain in avoiding upkeep, you lose in control. And the security concerns are considerable. But nowhere is the nightmare as vivid as it is when your external cloud service goes down. Just ask any of the businesses affected by Amazon Web Services’ high profile outage earlier this year. “We were pretty blown away,” says Nick Francis, whose startup, Help Scout, had
48
Computer News Middle East
AUGUST 2011
launched just one week prior to Amazon’s problem. “We definitely weren’t prepared.” Francis wasn’t the only one caught offguard. Big-name properties like Reddit and Foursquare fell flat when Amazon’s cloud service sputtered. “The cloud has been sold as this magical thing that just works and is totally reliable,” says Lew Moorman, chief strategy officer of Rackspace, a cloud provider that’s seen its fair share of outages. “The truth is that buying through the cloud is another way of buying computing, and computing is inherently flawed. If you want to make sure those flaws don’t hurt you, you have to plan ahead.” To help keep your business pain-free in the cloud, we offer these hard-earned lessons at the hands of 10 of the worst cloud storms the Web has weathered. www.computernewsme.com
Colossal cloud outage No. 1: Amazon Web Services goes poof Freeing yourself from network maintenance gruntwork is a chief selling point for doing business in the cloud. The downside? Standing by helplessly when your cloud vendor’s routine configuration change grinds your business to a halt. That is what many AWS customers experienced this past April, when Amazon’s Northern Virginia data centre suffered a glitch and – to use the technical term – went totally nutso. The error started during a network upgrade, when a misrouted traffic shift sent a cluster of Amazon EBS (Elastic Block Store) volumes into a remirroring storm, as they sought out available boxes into which they could insert backups of themselves
STRATEGIC ICT PARTNER
– perverse, I know. That set off a series of events that ultimately took down much of the company’s U.S. East Region. The problems persisted for about four days. But while many businesses struggled, others such as Netflix took the storm in stride. The key to survival? Designing your systems with these types of failures in mind. “Our architecture avoids using EBS as our main data storage service, and the SimpleDB, S3, and Cassandra services that we do depend upon were not affected by the outage,” Netflix engineers wrote in their “Lessons Netflix Learned From The AWS Outages “ blog post. Stateless services and multiple redundant hot copies of data across availability zones were key to avoiding AWS cloud fail pain. Think you have to be a Netflix-size business to stay safe? Think again. Twilio, a company that helps developers integrate communications into their Web apps, uses Amazon’s EC2 to host the core of its infrastructure – yet April’s outage had little to no impact on its stability. Says Evan Cooke, Twilio’s co-founder and CTO. “We built an infrastructure around the idea that a host can and will fail, so we don’t rely on any single machine or single component in the core architecture itself.”
Colossal cloud outage No. 2: The Sidekick shutdown in 2009 Smartphones make it easy to access your data on the go, but just because something has “smart” in its name doesn’t mean it can’t be dumb. Case in point: the T-Mobile Sidekick screwup, circa fall 2009. The Microsoft-owned Sidekick suffered a nearly week-long service outage that left users without access to email, calendar info, and other personal data. Then, adding insult to injury, Microsoft confessed it had completely lost the cloud-stored bits and wouldn’t be able to restore them. Evidently, the good ol’ gang from Redmond had forgotten to make backups. The technology may have evolved since then, but the lesson remains the same: When it comes to crucial data, never assume
someone else is automatically protecting you. Says Ken Godskind, VP of monitoring products for AlertSite, a SmartBear company, “Organisations using the cloud can’t just assume that all the responsibility for business continuity planning has somehow been transferred to the provider.” Colossal cloud outage No. 3: Gmail fail Of all cloud services, Google’s Gmail presents an opportunity to replace your highmaintenance Exchange servers with a cheap, dependable email service backed by Postini. What’s not to like? A rash of irksome outages, the most recent of which had 150,000 Gmail users signing into their accounts only to find blank slate – no emails, no folders, nothing that indicated they were actually looking at their
“When you look at broad averages, the cloud will have a lot more operational success than you would as an individual,” says AlertSite’s Ken Godskind. “It’s just that when you go to Web scale, the impact of failure is amplified in a much greater way.”
Colossal cloud outage No. 4: Hotmail’s real hot mess Of course, Microsoft hasn’t always provided the greatest advertisement for its big push for the cloud, either. Witness Microsoft’s Hotmail service, which experienced database errors of its own at the end of 2010, resulting in tens of thousands of empty inboxes at the turn of the new year. The error, according to Microsoft, stemmed from a script that was meant to delete dummy accounts created for
Freeing yourself from network maintenance gruntwork is a chief selling point for doing business in the cloud. The downside? Standing by helplessly when your cloud vendor’s routine configuration change grinds your business to a halt” own inboxes. To Google’s credit, it provided regular updates and promised a quick fix. But repairs took as long as four days for some of the affected users. “How could this happen if we have multiple copies of your data, in multiple data centres?” Google VP of engineering, Ben Treynor asked in a blog posted at the time. “In some rare instances, software bugs can affect several copies of the data. That’s what happened here.” Google ended up having to turn to actual physical tape backups in order to restore the data. Ultimately, the company’s multilayered data protection did work, but not without leaving thousands of users locked out of their email for days. This is a reason to look carefully at your own data safeguards and think about setting up a backup or offline-access solution now, before an urgent need arises. www.computernewsme.com
automated testing. The script mistakenly targeted 17,000 real accounts instead. It took Microsoft three days to restore service for most of those users. An unlucky 8% of affected emailers had to wait an extra three days before their data was back where it belonged.
Colossal cloud outage No. 5: The Intuit double-down Intuit hit a rough patch last year when its cloud-connected services, including popular platforms like TurboTax, Quicken, and QuickBooks, went offline twice within a single month. The worst case was a 36-hour outage in June. A power failure evidently caused things to go haywire, with the company’s primary and backup systems getting knocked completely off the grid. It only added insult to injury, then, when another apparent power failure hit Intuit AUGUST 2011
Computer News Middle East
49
STRATEGIC ICT PARTNER
INSIGHT Cloud Ernesto outages Baca
weeks later. Among other issues, the second outage appeared to cause an abnormally high rate of obscenity-laden shouting. “25 hours downtime is hard to swallow,” one user tweeted at the time. “The truth is, there are better solutions than a single cloud if you need absolute availability,” says Chris Whitener, chief strategist of HP’s Secure Advantage program. “It’s not necessarily that you have to duplicate everything, but even putting one extra step in there – maybe backing up crucial data yourself – can make all the difference.” Colossal cloud outage No. 6: Microsoft’s BPOS oops It’s hard to be productive when your cloudbased productivity suite bites the virtual dust. That’s what happened to organisations relying on Microsoft’s business cloud offering recently: The service, named – in true Microsoft style – Microsoft Business Productivity Online Standard Suite (BPOS), started to stutter in early May. Paying customers’ email was delayed by as much as nine hours as a result. Two days later, just when it looked like BPOS was in the clear, the delay returned and outgoing messages started getting stuck in the pipeline, too. If that weren’t enough, Microsoft experienced a separate issue that prevented users from logging into its Webbased Outlook portal as well. “I’d like to apologise to you, our customers and partners, for the obvious inconveniences these issues caused,” Dave Thompson, corporate vice president for Microsoft Online Services, wrote in a blog. Colossal cloud outage No. 7: The Salesforce slipup Just four days into the new year, Salesforce. com reported a full-on failure of its data centre, meaning services, backups, the whole nine yards were kaput. “The reality is that cloud-based data centres go down, too,” says Tim Crawford, CIO of All Covered, a division of Konica Minolta. “That has always been the case and will always be the case. We have to be realistic about it.” 50
Computer News Middle East
AUGUST 2011
Crawford says successful cloud computing requires a different mind-set than traditional server setups: “It’s up to you”, he suggests, “to decide whether your business’s data can endure occasional downtime – and if not, to make sure your configuration has the resiliency needed to avoid it,” he says. “When you pick a cloud provider, you need to do your homework to understand how they’re providing those services and if they’re able to build a level of redundancy as good or better than what you’re able to do on your own,” Crawford says. “If the answer is no, then why are you using them?” Colossal cloud outage No. 8: Terremark’s terrible day Terremark’s luck turned sour on St. Patrick’s Day, March 17, 2010. The company’s vCloud Express service took a nosedive that day, with a Miami-based data
Colossal cloud outage No. 9: The PayPal fall-down PayPal fell for real in the summer of 2009, leaving millions of merchants around the world with no way to sell their stuff. The service was completely unavailable for about an hour and remained spotty for several more. PayPal said hardware failure was to blame. It’s a rare kind of outage, no doubt – but with all the sales lost, this unfortunate interruption easily earns a spot in cloud computing’s hall of shame.
Colossal cloud outage No. 10: Rackspace’s rough year When you provide cloud services to Web presences like TechCrunch and Justin Timberlake, you’d better believe people are going to notice when your servers stop working.
An hour of downtime may not sound like much, but when your company holds the keys to the customer service operations of tens of thousands of businesses, more than a few of those organisations are bound to view those 60 minutes as a lifetime. Salesforce.com learned this the hard way when its data centre shut down last January” center going offline for about seven hours. Users were unable to access data stored in the centre for the entire period. Not to get overly redundant, but this brings up the value of redundancy – having your crucial data available on multiple servers in different data centres or, even better, different regions. You could also take the extra step of spreading it among different providers as a failsafe. “You can pick a series of vendors to host a workload – one as a backup or two as a backup, and then another as your primary,” suggests Harold Moss, CTO of IBM’s Cloud Security Strategy program. www.computernewsme.com
Rackspace suffered four high-profile failures throughout 2009, adding up to hours of offline time for the company’s customers. One blip was bad enough that Rackspace had to pay out nearly $3 million in service credits to its users. Rackspace called the incidents “painful and very disappointing” and promised to “execute at a high level for a long time” after. All considered, the biggest lesson here may be that no single server, centre, or service is 100% reliable. If you don’t build your business with that in mind – well, my friend, you’re just walking around with your head in the cloud.
INSIGHT Tech support
Vacation interruptus Planning on taking a vacation this summer? If you’re a tech manager, you may find yourself with unwanted baggage – guilt and anxiety over the status of your job. Here’s how not to let a tech crisis ruin a getaway.
T
hese days the need for time off takes a back seat to job survival and the need to be needed, says Judy Arteche-Carr, MD with Arteche Global Group, a prominent management consultancy company. That situation can be particularly acute in high tech. “Businesses’ perception of IT is high-availability, and that extends to managers,” she explains. It’s true that IT systems have become essential to business operations, but the successful functioning of the IT department shouldn’t rest on any one person’s shoulders – especially if that person is vacationing, ill or otherwise unavailable. 52
Computer News Middle East
AUGUST 2011
“It’s a bad sign if the organisation won’t be able to survive without the boss for a week,” says Arteche-Carr, pointing out that “relying on one person increases risk.” Aside from the health of the company’s IT function, there is the health of the IT staff to consider as well. “For employees who don’t take vacation, burnout can be high. Even an efficient employee will lose focus,” she says. Vacations serve as mini tests to prove if a department can function when key players are away. The results can either be comical or turn out to be a serious wake-up call to organisations. To prime your mental pump www.computernewsme.com
before your own vacation, or to help you do a better job prepping for the next time you take time off, read this compilation of anecdotes about good vacations gone bad and the lessons tech managers learned from them.
Remember to show your backups the basics Because Matthew Laping is the sole member of the IT department at Alumni Research, a small company that publishes alumni directories, the company’s tech-savvy CEO and a data specialist who is also a power user usually fill in as needed for Laping when he is away. Laping typically hands them the keys to the server room and a list of admin passwords before he leaves town. That was the case a few years ago when Laping took a vacation to Disney World. Shortly after arriving at Disney, Laping got a call from the CEO and the power user saying one of the servers that provides Web services to Alumni Research’s 300 clients was down. After connecting to the server from his notebook Laping determined that the server’s network interface card (NIC) had to
be rebooted, which required nothing more than pressing a button. The only problem was that nobody back in the office could find the right button. “The CEO and the power user were mortified that they couldn’t figure out which button to push,” says Laping, that was because this particular machine was a Dell rack server with a flat design rather than the tower configuration with which the men were more familiar. The two kept pushing a button that was for adjusting the display and when nothing happened, they panicked. In the end, everyone agreed that the easiest solution would be for Laping to physically fix things himself. “I had to drive two hours back to push a power button,” says Laping, recalling that he turned right around and got back on the road once the NIC was up and running again. Lesson learned: Even with smart devices, wireless services and VPN technology, not every problem can be dealt with remotely; make sure your backups know the basics – like how to power down servers.
Don’t forget to delegate your decision-making authority T.J. Whelan was minutes away from arriving at his in-laws’ house with his wife and kids, having driven two hours from Washington. Just as he was pulling into the driveway around 9 p.m., his phone started buzzing with texts from the network manager at the Washington law firm where Whelan is MIS manager. The messages said there was no connectivity to the Microsoft Exchange cluster. That meant that attorneys in the firm’s two U.S. offices and two overseas offices were completely cut off from email. Whelan called the network manager – who was also supposed to be on the road heading to his own holiday destination but had never gotten out the door – and learned there was a major failure in the SAN containing the Exchange information stores. The network manager contacted Dell support, which confirmed that the disks had failed but also reported that it might be a while before replacement parts could be
located, because they were older models. As MIS manager, Whelan was the only one able to oversee the process of getting replacement disks from Dell, since he alone had all the purchase and warranty information. He spent most of the next morning on the phone with Dell, ate a quick holiday meal and packed his family back in the car to return early to Washington. Whelan headed to the office, where he and the network manager decided to begin rebuilding the Exchange environment on a
significantly compounded the problem. By dialing in via modem from his laptop in the hotel room, Gray was able to fix the glitch after having a conversation with the database vendor. But then he had to process all of the previous day’s data as well as the current day’s data, which took time. Had the operations department followed the proper procedure and initially called Gray’s designated backup, rather than trying to reach him directly, the problem wouldn’t have escalated overnight.
Before packing your bags, appoint a secondin-command (and probably a third) and make sure everyone in your organisation knows who those people are and how to reach them”
spare server rather than waiting for Dell to locate parts. Two days later, Exchange was back up. Lessons learned: Always make vendor contact information and warranty information easily accessible to your backup. In addition to that, be mindful that waiting too long to refresh equipment can lead to an interrupted vacation.
Designate a No. 2 and disseminate that info widely J. Alan Gray has racked up quite a bit of vacation time in the 39 years he’s worked at CareFirst Blue Cross Blue Shield in Washington, D.C. – and he’s learned a lesson or two along the way. Gray, who is currently a lead systems architect, remembers years ago when a database glitch kept him away from a well earned vacation. After encountering a problem with the database, someone in operations left a message for Gray – at his home number, since it was a Saturday. On Sunday, Gray was contacted on vacation via pager – having never received the message – and that one-day delay had www.computernewsme.com
Lesson learned: Before packing your bags, appoint a second-in-command (and probably a third) and make sure everyone in your organisation knows who those people are and how to reach them. “Mandatory vacations are considered a best practice in IT security,” says Randy Grein, a senior network engineer with a municipal government agency in Seattle, who used to perform independent IT security audits for businesses when he worked as a consultant. “Make no mistake,” Grein says, “the practice is not so employees will stay fresh and happy in their jobs, it’s to protect the companies they work for from fraud and other types of misbehavior – or simply from over-relying on one individual,” he adds. “IT employees with duties that involve data security, compliance, access control and related procedures can raise the suspicions of auditors if they consistently don’t take time off,” Grein elaborates. “By enforcing mandatory vacations”, Grein says, “companies should be better able to detect such activity or discourage it from happening in the first place.” AUGUST 2011
Computer News Middle East
53
Last word
Next issue SEPTEMBER 2011
Technology focus:
Project management
Technology focus:
IT governance
IT governance implies a system in which all stakeholders, including the board, executive management, customers, and staff have clear accountability for their respective responsibilities in the decision making processes affecting IT. However, even in its most basic form, is governance understood among IT teams in the Middle East and, more importantly, are its principles being applied? CNME investigates.
Tools that help or no tools to help, project management remains one of the biggest challenges faced by CIOs and IT teams as a whole in the region. CNME asks why project management remains an issue across organisations, and brings forth ways in which teams can handle IT projects better going forward.
You don’t have to be brilliant to come up with ideas that improve your company, according to these authors—you just have to be looking. They advocate blocking out some of your best thinking time for your own personal improvement,
54
Computer News Middle East
AUGUST 2011
Cloud Congress 2011
9th October 2011 Dubai (Venue to be confirmed) www.computernewsme.com/ ictachievementawards2011
The demands of the media and broadcasting industries from their IT investments are very different from any of their peers in other sectors. Real time focussed and data intensive as they are, they are forced to look for solutions that are highly specialised and customised to cater to their specific needs. Question is, are they getting what they need and, if not, how are they making do within their IT teams?
The Idea Hunter
14th September 2011 Dubai (Venue to be confirmed) http://www.computernewsme.com/ms/ helpag/index.html
ICT Achievement Awards 2011
Media and broadcasting
Andy Boynton and Bill Fischer:
LOCAL Modern Malicious Malware Protection – roundtable for the finance and banking industries
19th to 21st September 2011 Dubai (Venue to be confirmed) www.cloudcongressme.com
Vertical focus:
WHAT WE’RE READING
Events
and going through multiple drafts to find what works. Some other advice is to never immediately reject an idea when one is presented to you, and to seek out the black sheep, whose wild theories might turn out to be practical after all. The Idea Hunter – How to Find the Best Ideas and Make Them Happen (Jossey-Bass)
www.computernewsme.com
Black Hat, Abu Dhabi 12-15 December 2011 Emirates Palace, Abu Dhabi, UAE www.blackhat.com
INTERNATIONAL VMworld 2011 29th August- 1st September 2011 and The Venetian, Las Vegas, Nevada- U.S.A http://www.vmworld.com/index.jspa
Online
For the latest in news, analysis, features, case studies, and blog articles on trends and issues in the ICT industry across the globe and in the Middle East, please visit www.computernewsme.com
Our solutions + your customers = great business!
Global sourcing - local support In a world of technologies, focusing on the ones that deliver benefit is good for your business. That’s why FVC partners with global IT leaders to bring the most effective, most transformative products and technologies to you, our channel. From telepresence to network traffic management, WAN optimisation to information security, we’re the leading VAD in MENA, supporting products with logistics, implementation and training. Let us be your partner of choice for tomorrow.
workshops@sme.sas.com For a free workshop on Business Analytics* * rst 10 requests