S P I N E
CTO FORUM
Technology for Growth and Governance
Growth Resetting for
FEELING THE PULSE | MANAGE CHANGE | THE HIDDEN LINK
Innovative IT architecture, agility and a spirit of risk-taking are fuelling the growth engine | PAGE 22
A QUESTION OF ANSWERS
Quality in Software PAGE 18 Volume 05 | Issue 24
VIEW POINT
Summer Thoughts PAGE 56
A 9.9 Media Publication
BEST OF BREED
Mobile Security PAGE 13
August | 07 | 2010 | Rs.50 Volume 05 | Issue 24
EDITORIAL RAHUL NEEL MANI | rahul.mani@9dot9.in
The Growth Agenda Stories that inspire.
A
few weeks ago amid torrential rains in Mumbai, I met a few very senior CIOs and IT strategists. The CIOs were from across the industry spectrum, providing me a peep into the growth plans of major businesses in different verticals. Economic recession has indeed impacted the industry. These business strategists have however bounced back and are busy preparing for a big leap –
EDITOR’S PICK 18
responding to the next growth opportunity. The industry is determined to put the bad times behind it. Manish Choksi, Chief of Corporate Strategy and CIO of Asian Paints, India’s largest paint manufacturer is a case in point: the negative sentiment didn’t deter the company from taking bold steps towards reexamining its strategy as well as its IT architecture.
Quality in Software
Dr. Bill Curtis, Director, Consortium for IT Software Quality (CISQ), talks about the need for standards in software development.
Choksi is laying out a roadmap for the future which includes a business continuity plan that will safeguard the company from not only IT related disasters but also other disruptions caused by natural calamities, labour strikes, logistical failures, etc. Subhakanta Satpathy who is the Vice President, IT at Axis Bank had a different story to tell. Despite the banking industry bearing the brunt of the economic recession, Axis Bank decided to take a very bold step to prepare itself for the next level of growth. The bank decided to move on to the next-generation core-banking platform from Finacle (Infosys). In the course of migration, the bank had to navigate through unchartered waters. Elaborate planning paid off and in May this year the bank
went live on the new platform, defying skeptics who thought the move was doomed to fail. Alpana Doshi, the CIO of Reliance Communications, one of India’s largest telecom service providers, is determined to live up to the growth plans of her company in letter and spirit. Doshi is ramping up the whole customer service infrastructure while the company prepares for the 3G launch, and at the same time has made a robust plan to launch new value added services. These stories are featured in this issue, reasserting the fact that corporate India is ‘resetting for growth’.
CTO FORUM thectoforum.com
07 AUGUST 2010
1
VOLUME 05 | ISSUE 24
AUGUST 10 THECTOFORUM.COM
C O V E R D E S I G N B Y: P C A N O O P
CONTE NTS
22 COVER STORY
22 | Resetting for Growth
COLUMNS
04 | I BELIEVE: FEELING THE PULSE Dr. Neena Pahuja CIO, Max Healthcare on how technology is ready to change the quality, reach and cost of healthcare.
Innovative IT architecture, agility and a spirit of risk-taking are fuelling the growth engine. We look at how savvy CIOs looked beyond the troughs of the recession, even making infrastructure investments.
56 | VIEW POINT: SUMMER THOUGHTS Focus on small things to make a big difference. BY STEVE DUPLESSIE
Please Recycle This Magazine And Remove Inserts Before Recycling
2
COPYRIGHT, All rights reserved: Reproduction in whole or in part without written permission from Nine Dot Nine Interactive Pvt Ltd. is prohibited. Printed and published by Kanak Ghosh for Nine Dot Nine Interactive Pvt Ltd, C/o K.P.T House, Plot Printed at Silverpoint Press Pvt. Ltd. TTC Ind. Area, Plot No. A-403, MIDC Mahape, Navi Mumbai 400709
40 | NEXT HORIZONS: THE SAAS ROMANCE When it makes sense to woo the cloud for security, and when it doesn’t. BY MATT SARREL
CTO FORUM 07 AUGUST 2010
FEATURES
thectoforum.com
VOLUME 05 | ISSUE 24 | 07 AUGUST 2010
www.thectoforum.com Managing Director: Dr Pramath Raj Sinha Printer & Publisher: Kanak Ghosh Publishing Director: Anuradha Das Mathur EDITORIAL Editor-in-chief: Rahul Neel Mani Executive Editor: Geetaj Channana Resident Editor (West & South): Ashwani Mishra Associate Editor: Dominic K Assistant Editor: Aditya Kelekar Principal Correspondent: Vinita Gupta Correspondent: Sana Khan DESIGN Sr. Creative Director: Jayan K Narayanan Art Director: Binesh Sreedharan Associate Art Director: Anil VK Manager Design: Chander Shekhar Sr. Visualisers: PC Anoop, Santosh Kushwaha Sr. Designers: Prasanth TR, Anil T & Suresh Kumar Designer: Sristi Maurya Chief Photographer: Subhojit Paul Photographer: Jiten Gandhi
18 A QUESTION OF ANSWERS
18 | Quality in Software. Dr. Bill Curtis, Director, Consortium for IT Software Quality talks about the need for
standards in software development. 13
53
REGULARS
01 | EDITORIAL 08 | ENTERPRISE ROUND-UP 49 | HIDDEN TANGENT advertisers’ index
13 | BEST OF BREED: SECURING YOUR MOBILE WORKFORCE Mobility is bringing benefits but are you taking the necessary precautions?
53 | HIDE TIME: DIPESH THAKAR, CTO, DESTIMONEY For a CIO who plans the road map for an organisation, it’s getting to the finish point that really matters.
VERIZON LG DELL SAS IBM CANON
IFC 05 07 11 17 & IBC BC
This index is provided as an additional service.The publisher does not assume any liabilities for errors or omissions.
ADVISORY PANEL Ajay Kumar Dhir, CIO, JSL Limited Anil Garg, CIO, Dabur David Briskman, CIO, Ranbaxy Mani Mulki, VP-IS, Godrej Industries Manish Gupta, Director, Enterprise Solutions AMEA, PepsiCo India Foods & Beverages, PepsiCo Raghu Raman, CEO, National Intelligence Grid, Govt. of India S R Mallela, Former CTO, AFL Santrupt Misra, Director, Aditya Birla Group Sushil Prakash, Country Head, Emerging Technology-Business Innovation Group, Tata TeleServices Vijay Sethi, VP-IS, Hero Honda Vishal Salvi, CSO, HDFC Bank Deepak B Phatak, Subharao M Nilekani Chair Professor and Head, KReSIT, IIT - Bombay Vijay Mehra, Former Global CIO, Essar Group SALES & MARKETING VP Sales & Marketing: Naveen Chand Singh National Manager-Events and Special Projects: Mahantesh Godi (09880436623) Product Manager: Rachit Kinger Asst. Brand Manager: Arpita Ganguli GM South: Vinodh K (09740714817) Senior Manager Sales (South): Ashish Kumar Singh GM North: Lalit Arun (09582262959) GM West: Sachin Mhashilkar (09920348755) Kolkata: Jayanta Bhattacharya (09331829284) PRODUCTION & LOGISTICS Sr. GM. Operations: Shivshankar M Hiremath Production Executive: Vilas Mhatre Logistics: MP Singh, Mohd. Ansari, Shashi Shekhar Singh OFFICE ADDRESS Nine Dot Nine Interactive Pvt Ltd C/o K.P.T House,Plot 41/13, Sector-30, Vashi, Navi Mumbai-400703 India Printed and published by Kanak Ghosh for Nine Dot Nine Interactive Pvt Ltd C/o K.P.T House, Plot 41/13, Sector-30, Vashi, Navi Mumbai-400703 India Editor: Anuradha Das Mathur C/o K.P.T House, Plot 41/13, Sector-30, Vashi, Navi Mumbai-400703 India Printed at Silverpoint Press Pvt. Ltd. D 107,TTC Industrial Area, Nerul.Navi Mumbai 400 706
CTO FORUM thectoforum.com
07 JULY 2010
3
THE AUTHOR has more than 24 years of software development, consulting and internal IT support experience.
PHOTO BY SUBHOJIT PAUL
I BELIEVE
BY DR. NEENA PAHUJA CIO, Max Healthcare
Feeling the Pulse
Technology is ready to change the quality, reach and cost of healthcare AFTER changing the transactional efficiencies in financial and manufacturing industry, I strongly believe that technology is ready for healthcare. With advancement of technology in medical devices and availability of strong analytical engines, the focus will move to early diagnosis. Also, the whole world is focusing on innovative ways to reduce healthcare costs. Coupled with that are steps for standardisation of
4
CTO FORUM 07 AUGUST 2010
thectoforum.com
CURRENT CHALLENGE HEALTHCARE IS AN INDUSTRY THAT WORKS 24X7X365. THIS NOT ONLY PUTS A LOT OF PRESSURE ON THE SYSTEMS BUT THE QUALITY OF LIFE OF CARE PROVIDERS.
information to enable portability of data. Healthcare providers are now creating strategies to convert their ‘Hospitals’ to ‘Care Providers’. The clinicians are relying more on IT systems as they now provide better performance, scalability, and reliability with techniques like auto load balancing, clustering and virtualisation. Healthcare is an industry that works 24x7x365, with virtually no ‘holiday’ across the year. This not only puts a lot of pressure on the systems but the quality of life of care providers. Some of the new collaboration techniques not only help in saving lives but help improve the work life balance for these clinicians. We at Max Healthcare have also started on a journey of implementation of a system to capture electronic health records of patients. The thought is also to integrate the fragmented data about patients in different forms to one window to bring-in focused care. The product will maintain complete patient history, information on all drug allergies and past medical records of patients. I strongly believe that over a period, we will be able to clinically aggregate this data and provide better care to our customers. Analytics on this data can help us move from curative to preventive healthcare. Also built-in support tools like the drug database can ensure that there are no drug-to-drug interactions on the patients. I also see an emergence of lot of low cost innovative tools to support data flow, handwriting and voice recognition. We will additionally see some new and small medical devices to reach the remote patient. I already see a large number of initiatives in healthcare industry across on dynamic queue and resource management to improve patient satisfaction.
LETTERS COVE R S TO RY
C LO U D C O M P U T I N G
S P I N E
CTO
CTOForum LinkedIn Group
FOR UM
Techno logy for
Growth and
Gover nance
July | 21 | 2010 Volum e 05 | | Rs.50 Issue 23
GE
LINKED
YOUT RHE
TO TROU BLE | FAST
IN
AD
TRAC
THE CLOU D
K | 10 STEP CIO HAND BOOK
ILLUSTRATION BY SANTOSH KUSHWAHA
Cloud is a fitting term for something so shrouded in mystery and hard to grasp. It is being pushed hard by the vendors and it is getting more and more difficult for CIOs to stay anchored and not be swept away by the buzz.
The clo
18
ud is gettin ore g mysm te look be rious,
CTO FORUM 21 JULY 2010
thectoforum.com
CTO FORUM thectoforum.com
fo
Volum e 05 | Issue 23
re you step shaky on this ground | PAGE 18
21 JULY 2010
www.linkedin.com/groups?gid=2580450
19
A QUEST ION OF
Clo
Media
Publicatio
n
ANSW ERS
ud is not a Prod uct PAGE 10
LITTLE
A 9.9
Join close to 500 CIOs on the CTO Forum LinkedIn group for latest news and hot enterprise technology discussions. Share your thoughts, participate in discussions and win prizes for the most valuable contribution. You can join The CTOForum group at:
GIANT S
Tanked All Up PAGE 30
GamInefosec Plan
One of the hot discussions on the group is:
CSO FORUM
HP VS. CISCO – BY STEVE DUPLESSIE I think you’re on to something here, Steve. I’ve been doing some work for HP lately and am impressed with the depth of networking equipment they can now offer. Essentially, 3Com gives them the core networking equipment to add to their existing edge switches. I've been covering enterprise networking for more than 20 years, and have followed Cisco since its inception. I’ve seen lots of would-be competitors (Bay, Cabletron/Enterasys and, yes, 3Com) fail to make a dent in Cisco’s market lead, but this time's story seems to be different... PAUL DESMOND, President of IT content firm Paul Desmond Editorial Services (PDEdit)
“From a risk management standpoint, any risk management activities should not exist in isolation, but should exist in a corporate context, as a part of an enterprise wide approach to risk management. The days of one department or function managing risks in its own little bubble are gone. Risks can impact an organisation at multiple touch points.”
Do non technology professionals make better CIO/ CTOs? Do you think CIOs need non-IT business experience? How does it help shape their careers? Does it have a big impact? Technology per se may be academically challenging to a CIO, but it should be adaptive enough to solve a business problem. The information push by the vendor is a part of the whole process in achieving information liquidity and much required agility in the value chain.
—Subrato Das VP-GSM-IT, Reliance Communications. Yes and No! CIOs or CTOs with business knowledge are not born. Thus, the question does not hold water. What makes sense would be to ponder whether the education and role play for each technology employee should be groomed around a business function thus creating true Chief "Information" Officers.
—Titus Sequeira Experienced Technical and Business Program Management Professional, Toronto, Canada.
OPINION
WISE BY FAILURES
Learn from your failures. Don't just preach, practice it!
Epiphany Organisational Resilience.
“By appraising failed projects, we learn what not to do the next time around. But by appraising successful projects, we learn what to do, and what to do better next time.” To read the full story go to:
WRITE TO US: The CTOForum values your feedback. We want to know what you think about the magazine and how to make it a better read for you. Our endeavour continues to be work in progress and your comments will go a long way in making it the preferred publication of the CIO Community.
6
CTO FORUM 21 JULY 07 AUGUST 20102010thectoforum.com thectoforum.com
In a one-of-its-kind feature, the CIO of Hero Honda Motors India, Vijay Sethi, interviews Ravi Sud, the company's CFO, on what role IT should play in an organisation and how he uses IT to solve other problems. To read the full story go to:
thectoforum. com/content/ my-trump-card
DARREN HARROP, Director,
Send your comments, compliments, complaints or questions about the magazine to editor@thectoforum.com
CTOF Connect
SHARAT MATHUR GM-IT, Centre for Railway Information Systems (CRIS)
http://www.thectoforum.com/ content/wise-failures
INTERVIEW INISDE
Enterprise
Commonwealth Games to go green in New Delhi Pg 10
ROUND-UP
Worldwide SaaS revenue to exceed USD 8.5 b in 2010. Rapid adoption
PHOTOS BY PHOTOS.COM
contributes to growth across markets. THE SAAS market is tipped to grow by almost 14.1% in 2010 surpassing the 2009 revenue of USD7.5 billion according to Gartner Inc. The rapid adoption of SaaS has contributed to growth in varying degrees across the enterprise software markets. There will be a shift in total SaaS revenue from just over 10 percent of the combined markets in 2009, to more than 16 percent of these combined markets in 2014. Gartner defines SaaS as software that is owned, delivered and managed remotely by one or more
8
CTO FORUM 07 AUGUST 2010
thectoforum.com
providers. The provider delivers an application based on a single set of common code and data definitions, which is consumed in a one-to-many model by all contracted customers anytime on a pay-for-use basis or as a subscription based on use metrics. "After a decade of use, adoption of SaaS continues to grow and evolve within the enterprise application markets. As tighter capital budgets demand leaner alternatives, familiarity with the model increases, and interest in platform as a service and cloud computing grows," said Sharon Mertz, research director at Gartner.
10% DATA BRIEFING
EXPECTED GROWTH OF INDIAN IT SECTOR IN 2010. SOURCE : NASSCOM
E NTE RPRI SE ROUND -UP
THEY MICHAEL SAID IT DELL Dell CEO, Michael Dell spoke to attendees of the Citrix Synergy user conference in San Francisco contending that the PC can never be killed off by mobile devices. Instead, he foresaw an interactive future where users own an increasing number and variety of devices, each capable of looking like the other via desktop virtualisation, served by virtual networks and the cloud.
Sify to partner with VMware on the cloud. To offer customised cloud-based solutions. SIFY has announced an alliance with VMware to allow the expansion of Vmware's Service Provider Program (VSPP) in India. It has also enabled Sify to provide ondemand cloud hosting services utilising the VMware vSphere 4 platform. This will allow Sify to offer greater degree of virtualised infrastructure to its clients, which can be customised as per customer requirements in a streamlined and simplified manner. In joining the global VSPP, Sify will allow Indian firms, of all sizes, to utilise the offered computing capacity in a secure way. Customers can use the service in the way of renting VMware licenses on a monthly “pay-asyou-go” basis. The model will mean that firms can operate within the confines of their firewalls and beyond, how they want, when they want and control the extent helping ensure a strict quality of service for all applications that are deemed to run, whether internally or in form of services. This agreement will help Sify leverage the fledgling cloud market in India by offering cloud-based and cost-efficient solutions , all tailor made as per requirements and more so , be available by means of a simple delivery model.
QUICK BYTE ON WLAN & DEVICES
"What’s converging is the data, not the device, It’s not clear that one device replaces another. Some are better for carrying with you. Others are for consuming content, others are better for creating content” —Michael Dell, CEO , Dell
According to a recent In-stat research, it has been estimated that the number of Wi-Fi devices will increase from 500 million in 2009 to over 2 billion in 2014. Devices include set top boxes, Blu-ray players, game consoles and others. CTO FORUM thectoforum.com
07 AUGUST 2010
9
E NTE RPRI SE ROUND -UP
and Data Centre Operations were two separate worlds. However, with increased focus on improved operational efficiencies with reduced IT budgets, the CIO has to optimise his IT infrastructure that hinge on three principles: Virtualisation, Consolidation and Rationalisation. There’s a Virtualisation of Servers, Storage and Desktops. There’s a Consolidation of Data Centres and Applications. And last, there’s a Rationalisation of Application Portfolio and Skills.
Application Retirement.
Raghu Kodali, VP, Product Marketing, Solix Technologies in an interaction with Rahul Neel Mani. FROM a CIO's perspective, how important is it to streamline the IT infrastructure while focusing on upgradation of key enterprise apps? How can CIOs do it without much disruption in their business processes? Application vendors provide periodic upgrades to their solutions which either provide better technology or better functionalities or both and occasionally also remove certain known issues with prior versions. While it is important that customers keep up-to-date with latest versions, the upgrade process by itself can become quite ponderous and seriously impact internal business processes if not well planned. The three
most important issues, from a CIO’s perspective, that must be incorporated in an upgrade plan are: Is the upgrade going to have an impact on any business process? Is the upgrade going to have an impact on current IT resources? Is the upgrade going to have an impact on application performance with current infrastructure? How important is it for a CIO today to look at consolidation of both application and IT infrastructure? Until recently, Application Management
Usage results of social networking sites
GLOBAL TRACKER
Social Networking sites reach a higher percentage of women than men, with 75.8
percent of all women online visiting a social networking site in May
2010 versus 69.7 percent men 10
CTO FORUM 07 AUGUST 2010
thectoforum.com
75.8%
69.7%
SOURCE: COMSCORE'S 2010 GLOBAL REPORT ON WOMEN'S ONLINE USAGE
What is so unique about Solix Application Retirement Appliance which makes it a compelling business buy? Solix heritage comes from Database Archiving and that continues to be the cashcow in our product portfolio. We added Test Data Management, Data Masking and Application Retirement within the Solix EDMS Suite, which provides customers a single metadata-based solution to cover Information Lifecycle Management as well as Application Testing. For Application Retirement, in particular, we have added functionalities that are specific towards migrating, retaining, compressing and querying and reporting on legacy data while at the same time decommissioning the source applications and the associated hardware and storage they came from. In addition to Solix EDMS for Application Retirement which is a software-only solution, we have introduced Solix ExAPPS, Industry’s first Application Retirement Appliance. How does it work? Please explain... There are six simple steps: Plug in the device and do the set-ups – takes no more than 30 minutes. Point the browser to the first candidate identified for application retirement Migrate data from this application to Solix Secure Archive (there’s an automatic 90% compression) and add application context to the legacy data Ensure that the legacy data can be accessed without the legacy application. Decommission the legacy application and the associated hardware. Build reporting tools that are required for this legacy data Point the browser to the second candidate and repeat the process.
E NTE RPRI SE ROUND -UP
BlackBerry unleashes new OS and smartphone.
The Torch introduces touchscreen in version 6.
RIM has unleashed BlackBerry 6, a new operating system for BlackBerry smartphones. BlackBerry 6 features a redesigned interface that works with a touch screen and trackpad, expanded messaging capabilities that simplify managing social media and RSS feeds, a new universal search tool, and a new WebKit-based browser. “BlackBerry 6 is the outcome of RIM’s ongoing passion to deliver a powerful, simplified and
optimised user experience for both touch screen and keyboard fans,” said Mike Lazaridis, president and co-CEO, Research In Motion. “Following extensive research and development to address consumer needs and wants, we are delivering a communications, browsing and multimedia experience that we think users will love, and we are thrilled to debut BlackBerry 6 on the amazing new BlackBerry Torch smartphone.” “With a new user interface, new browser and new handset design, the highly anticipated BlackBerry Torch and BlackBerry 6 deliver integrated and uncompromising capabilities for consumers and business professionals that preserve the industry-leading strengths of the BlackBerry platform while adding exciting new dimensions,” he added. The first smartphone to feature the highly anticipated BlackBerry 6 is the new BlackBerry Torch 9800 smartphone. Adept for socially connected consumers and packed with the tools business customers love, the new handset is the world's first smartphone to combine a BlackBerry keyboard with a full touch screen experience. The Torch Smartphone will be first to feature the new BlackBerry 6 OS combining new touch screen experience with easy-to-use keyboard and rich webkit browser, and will be first to offer Locations feature. Whether users choose to type out messages on the capacitive touch screen or easy-to-use BlackBerry keyboard, browse the Internet using pinch to zoom or fluidly navigate with the optical trackpad, the BlackBerry Torch allows them to communicate any way they want.
FACT TICKER
IDC predicts rise in server spend due to cloud. Complexity reducing clouds to aid growth.
IDC forecasts that server hardware revenue for public cloud computing will grow from $582 million in 2009 to $718 million in 2014. Server revenue for the larger private cloud market will grow from $2.6 billion to $5.7 billion in the same time period. "Many IT decision makers are seriously considering cloud computing as a way to dramatically simplify their
12
sprawling virtual and physical infrastructure," said Katherine Broderick, research analyst, Enterprise Platforms and Datacenter Trends. "However, there is still some lingering apprehension over issues like integration, availability, security, and costs. These concerns, and how they are addressed by IT vendors, will continue to guide the adoption of cloud computing over
CTO FORUM 07 AUGUST 2010
thectoforum.com
the next several years." IDC defines cloud services to be business and consumer products, services, and solutions delivered and consumed in real-time over the Internet. Additional findings from IDC's research include the following: According to recent IDC survey results, almost half of respondents, 44%, are considering private clouds Public cloud computing has lower ASVs than an average x86-based server Public cloud seems less likely to be broadly adopted than private Public clouds will be less enterprise focused than private clouds
GREEN TALK
THE ORGANISING Committee of Commonwealth Games, Delhi is striving towards staging the first ever "Green Commonwealth Games". The Beijing Olympics, 2008 and the recently concluded FIFA World Cup 2010 in South Africa undertook green principles and green technologies as a joint venture with United Nations Environment Programme (UNEP). As part of the first 'green' Games, the organising committee has decided to set up carbon neutrality kiosks at the Games Village and six venues where people can buy carbon credits to neutralise the harmful environmental effect of their activities. An estimated 100,000 to 150,000 tonnes of greenhouse gases will be emitted during the Oct 3-14 Games. The organising committee hopes to motivate athletes, delegates, spectators and others to offset their carbon footprint by investing in clean energy projects. Ranging from the 30% green cover which has been demarcated at all the sporting venues to rainwater harvesting systems and energy efficient lighting systems, the authorities have shown the willingness to be eco-conscious. Energy efficient lighting solutions such as CFLs, LEDs and TL5 are being incorporated in buildings which have been designed specifically to have daytime natural lighting to reduce the usage of electiricity.
BEST OF
Safety Gear: Taking the IT Disaster Recovery Test Pg 16A
ILLUSTRATION BY ANIL T
BREED
FEATURE INSIDE
1
DATA BRIEFING
billion
THE NUMBER OF MOBILE WORKERS WHO WILL ACCESS ENTERPRISE SYSTEMS WORLDWIDE BY 2010 SOURCE: IDC
Securing Your Mobile Workforce
Mobility is bringing a multitude of benefits but is your organisation taking the necessary precautions? BY AMRIT WILLIAMS
T
he rising tide of mobile computing, driven by the introduction of consumer devices such as the iPhone and iPad, is crashing against the shores of many an IT shop. Most IT organisations have lived on a diet of corporate policy restrictions and liberal use of the word “No!”. However, that attitude
won’t solve the problems posed by an increasingly mobile workforce. IT can no longer simply ignore the tsunami of remote intermittently connected computing devices that are used by the masses to access corporate resources, especially those that reside within and provided through a shared service or infrastructure
CTO FORUM thectoforum.com
07 AUGUST 2010
13
BEST OF BREED
MOBILE SECURIT Y
18.5%
(think SaaS or cloud-computing). THREATS #2 and #3 No doubt these devices offer tremendous benefits 10am – Views latest football scores on mobile phone. Tries to disable security setting that prevents a Flash to productivity, real-time information exchange and plug-in from running – since the website uses Flash. increased efficiencies throughout the value chain, but IT has been quite leery of their use as officially supported INCREASE IN computing platforms and they have every right to be conTHREAT #4 MOBILE HANDSET cerned as these devices are not built for the enterprise, 11:30am – Connects to partner network to provide preSALES IN INDIA they do not have an eco-system of technologies that supsentation and product demo. Unfortunately, one of the port them, and most organisations are still challenged to gaming applications that his kids installed last weekend (BETWEEN 2009 manage traditional computing devices, such as desktops launched an IRC bot that tries to send IRC packets onto AND 2010) and servers, that reside within their infrastructure. partner network. The risk is clear though as organisations must manSOURCE: GARTNER age and secure a large, complex, and globally distribTHREAT #5 uted, remote, and mobile computing environment all accessing 2pm – Leaves mobile phone at restaurant. Contains email addresses corporate assets in and outside the corporate network; the loss of visfor all contacts as well as architectural design plans for the next ibility and control again forces them to look at how they can better release of their product. maintain the health and security of their mobile computing environment – the endpoints that require access to corporate resources that THREAT #6 are housed inside of the corporate network and in the “cloud” 6pm – After checking into his hotel room, tries to download an animated screensaver that he thinks kids will like. It contains a number A day in the (risky) life of an executive with mobile computing of dangerous spyware programs including one of which opens up a devices: backdoor on his laptop. THREAT #1 8am – Checks email from home before flight to partner meeting. Managing security for the mobile workforce: Prints out boarding pass on airline website then clicks on ad with “Macro” and “micro” visibility: What’s on my (extended) network? – drive-by-download How are my (managed, yet roaming) computers configured? – What services are they accessing in the cloud? Should they be? Location-aware, OS-aware policies: Precise, targeted control (take bandwidth into consideration) – Get updates now Sync assessment and remediation regardless of location: Reduce gaps in coverage – Immediate remediation becomes critical
Privacy or National Security?
RESEARCH In Motion executives are fond of saying that their platform is more secure than other mobile providers. Impressed by its security characteristics and convenience of mobile working, I have considered it for a long time to get a BlackBerry. Finally, it is officially supported by China’s communication networks, however, I have to cancel this plan. According to a recent report, if you’re using your BlackBerry to send its highly touted encrypted emails to or from the Russian Federation, the
Peoples Republic of China; or, shortly, India, Saudi Arabia and the UAE, all of these security questions are moot. In order to promote its sales in China and satisfy Chinese government regarding “security threats”, I guess RIM has provided its encryption keys to China telecom, like it did in India. I am anxious about leakages when I make a plan to change my mobile. Of course, I know we sometimes need to sacrifice our privacy for national security. However, I should be notified
and confident that my privacy is protected properly. The best way is to reduce the chance that my private information is exposed to others. No matter how secure your platform is, when the encryption keys are exposed, no privacy can be guaranteed. I am also interested to see how RIM can protect the privacy of its BlackBerry device users when they give its encryption keys to the country's security agency. — By Ray Tan
Bottom Line: Managing mobile computing devices is no longer a discussion or a nice-tohave. It MUST be done. IT organisations need to know what they own and what their users (who have been granted authenticated rights to access corporate resources) own. Visibility is your most effective security tool. You have a distributed workforce; whether you like it or not, make sure your IT organisation can manage these resources. Simplify and consolidate your management infrastructure. You cannot control your users, but your systems management tools should be able to control their computing devices – anywhere they roam.
Reprinted with permission from Infosec Island
This article is published with prior permission from Infosec Island www.infosecisland.com
16
CTO FORUM 07 AUGUST 2010
thectoforum.com
A QUESTION OF ANSWERS
DR. BILL CURTIS
Why CISQ: IT executives need objective benchmarks of IT application quality.
18
CTO FORUM 07 AUGUST 2010
thectoforum.com
DR. BILL CURTIS
A QUESTION OF ANSWERS
DR. BILL CURTIS | CISQ
Quality in
Software
Dr. Bill Curtis, Director, Consortium for IT Software Quality (CISQ) and the co-author of Capability Maturity Model (CMM), in an email interview with Geetaj Channana, talks about the need for standards in software development
What was the thought process behind creating the CMM for software enterprises? By the mid-1980s most large projects that involved software were late, overbudget and defective. Although most organisations were focusing on better tools and methods or hiring better programmers, Watts Humphrey, who joined the Software Engineering Institute (SEI) after retiring from IBM, focused instead on improving software development processes. His critical insight in developing the Process Maturity Framework, the foundation for CMM, CMMI and the People CMM, was that no improvement program could succeed if developers were given unachievable commitments or baselines were not con-
trolled. Thus, rather than focusing on organisation-wide processes, he first focused on stabilising projects by developing the skills of project managers to plan and manage their projects. Only after projects were stable did he address standardised organisational processes and quantitative project management. This critical insight was a departure from existing models of improvement and led to the impressive success of the various staged maturity models built on his foundation. Watts asked me to replace him as Director of the Software Process Program at SEI in 1991. We took his framework, and all the best software practices the SEI had been collecting, and integrated them into
the original CMM. Unfortunately the Systems Engineering world built their own maturity model using different architecture and it was difficult to integrate improvement programs in large systems organisations when they were driven by different approaches. Around the turn of the century, CMMi was developed to integrate these different approaches into one model that could apply to any domain of engineering integrated into a large systems development project. I proved the applicability of Humphrey’s Process Maturity Framework to domains other than engineering projects by developing the People CMM for improving the capability of an organisation’s workforce.
CTO FORUM thectoforum.com
07 AUGUST 2010
19
A QUESTION OF ANSWERS
Almost 20 years after CMM’s inception, how relevant do you think is it for enterprises? Where does it fall short? CMM and its successor CMMi have been adopted globally. CMMi is especially relevant to enterprises building large software-intensive systems. It remains the only comprehensive model available for guiding the improvement of software and system development organisations. It is often used in conjunction with other models such as ITIL or COBIT at the enterprise level to supplement their lack of depth in software development. Perhaps the biggest shortcomings of CMMi are its limitations in IT. CMMi was developed primarily by software and systems engineers from large aerospace projects with little experience in IT. It does not present practices such as portfolio management, shared resources and application deployment that are critical to executives managing IT applications. Many organisations, especially smaller ones, find the number of practices challenging, especially the large number of repetitious institutionalisation practices. Hopefully some of these issues will be addressed in upcoming revisions. Though, CMMi has a published record of successful implementations. How is CMMi different from Six Sigma? Is one better than the other or do they complement each other? There are three key differences between the CMMi and Six Sigma: CMMi is a staged process improvement model and Six Sigma is a process improvement tool bag CMMi applies to a specific domain (software and system engineering), Six Sigma tools can be applied to any domain, and CMMi specifies process areas that must be addressed within its domain while Six Sigma focuses on the performance of processes as
20
DR. BILL CURTIS
implemented without recommending specific best practices. Nevertheless, both Six Sigma and CMMi share the same heritage, they emerged from the quality practices pioneered by Walter Shewhart and his protégé W. Edwards Deming. Watts Humphrey once told me he was trying to figure out how to get software organisations to adopt the same statistical quality management and continuous improvement practices that he had seen work so effectively in other parts of industry. As I mentioned earlier, his critical insight was that he had to eliminate the problems that hindered their adoption, the first of which was poor project management. His Process Maturity Framework emerged as a staged improvement strategy that eliminates the barriers to continuous improvement through a staged transformation of the organisation’s processes. While some Six Sigma practices can be implemented at each maturity level, CMMi Level 4 is the full implementation of statistical process management, while CMMi Level 5 is a full implementation of plan-do-check-act based improvement and innovation. Why was CISQ formed? There is a growing sense of unease about the cost and about the risk of the software being developed and acquired by IT organisations. CISQ was formed to create industry standard measures of software size and quality for use in benchmarking, guiding internal development and evaluating the software delivered by outsourcers and package vendors. These measures must be defined to a level that can be automated in order to reduce the cost and subjectivity experienced with current measures such as Function Points. The following factors explain the rationale behind CISQ: IT applications are deeply embedded in most critical operations. The current quality of IT application software exposes businesses and government agencies to unacceptable levels of risk and loss.
CTO FORUM 07 AUGUST 2010
thectoforum.com
THINGS I BELIEVE IN Organisations find the number of practices in CMMI challenging. IT executives need objective benchmarks of IT application quality. People are fighting too many chaotic fires in organisations, thereby, reducing innovation.
Customers and providers of IT application software do not have a common basis for measuring, managing and evaluating the quality of the application software they deliver or maintain. IT executives need objective benchmarks of IT application quality based on industry standards and professionally-credentialed assessment services. Businesses, government agencies and their software providers need a forceful, open and objective voice to establish industry-standard metrics for measuring IT software quality and drive an industry-wide agenda for improving IT application quality. Major industry players such as
DR. BILL CURTIS
GM, AXA, US Department of Homeland Security, IBM, Capgemini and Tata Consultancy Services (TCS) are driving this forward to ensure the standard can and will be applied in practice. In fact, TCS became the first member. CISQ supplements CMMi by providing the automated quality measures needed in a mature development process. How will CISQ help the software industry achieve quality excellence? CISQ provides a neutral forum for all stakeholders in the IT industry to develop standard, automated measures of software
competing technologies that provide automated source code measurement and analysis. How will CISQ benefit the Indian IT industry? CISQ is an industry-led forum sponsored by SEI, the Object Management Group (OMG) and supported by NASSCOM in India. Indian outsourcers are beginning to see software quality measures written into outsourcing contracts as the equivalent of Service Level Agreements. If each customer uses a different definition for a quality measure, an outsourcer may be faced with 50 different definitions of
“Customers and providers of IT application software do not have a common basis for evaluating the quality of the application software.” quality. Measures will not be adopted into standard practice until they are automated, because of the prohibitive cost of collecting and reporting measures manually. If we can get product measurement to be a standard application development practice, weaknesses in software will be detected long before they become expensive defects that cause outages, security breaches, corrupted data and degraded performance. To support this objective, CISQ will: 1.Advise, educate and advocate to business and government leaders on the mission critical importance of IT application quality. 2.Develop a consistent quality measurement system that can be used by IT and business leaders to measure and report the software quality of multi-tier business apps. 3.Define methods and processes for using this quality measurement system in negotiating and managing the acquisition, development, or maintenance of IT application software. 4.Develop and promote professional licensing for those providing services to assess the quality of IT application software. 5.Promote the development of a market of
the same quality characteristic. If there is a standard measure used across customers, it is much easier for an outsourcer to train their people, develop appropriate methods and tools and manage their relationships. The alternative is a nightmare of expensive special adjustments for each different customer with no economy of scale in using measures to manage the delivery of software. How are standards like CISQ helpful in reducing the costs of the IT organisation in an enterprise? Automating standard measures of application size and quality dramatically reduce the cost and increase the adoption of software measures. Automated quality measures allow weaknesses in the software to be detected much earlier when they are 10 times cheaper to fix. When presented with objective measures on the quality of their work, application development teams learn much quicker and eliminate various types of defects in their work. Standard measures have also proven to reduce the time spent arguing in customer supplier relationships over what was expected versus what was
A QUESTION OF ANSWERS
delivered, thus reducing the overhead while improving the quality of acquired software. Of even greater importance than reducing IT costs are the business benefits of improved application quality. The cost of a retail website outage during peak business hours, of a security breach that compromises the confidential information of thousands of customers, or of the degraded productivity from slow application performance across 1000 white collar workers has harmful financial impacts on the business. Just as important, but harder to cost, is the competitive benefit from earlier releases of application enhancements because the application is easier to modify and test. Some say that standards reduce the level of creativity and innovation in an organisation – true/false? Why? There are two ways to hinder creativity and innovation in an organisation when implementing a standard. The first is to do a sloppy job of implementing practices so that no benefit is achieved and the problems hindering creativity and innovation do not change. The second way is to implement a thoughtless, bureaucratic mountain of practices that get in the way of everything. If an organisation uses the principles of lean thinking while implementing their improvements and understands the intent of the model, they should see impressive growth in opportunities for creativity and innovation. For instance, what really reduces the level of innovation in an organisation is that people are fighting too many chaotic fires and do not have the time to pursue creative solutions. This is the case in most immature software organisations at CMMi Level 1. Once they begin to mature and get control of how they spend their time, they can build the time into a project required for exploring alternative solutions and building experimental prototypes. We have seen this transformation in many organisations. CMMi Level 5 is a state of continuous search for innovative solutions that close the gap between an organisation’s current capability, and the capability they require to achieve the strategic business objectives. When the standard software measures that CISQ will develop are used to guide learning and product improvement, they will have this same impact on creativity and innovation.
CTO FORUM thectoforum.com
07 AUGUST 2010
21
RE SE T T I NG F OR GROW TH
ILLUSTRATIONS BY PC ANOOP
COVE R S TO RY
22
CTO FORUM 07 AUGUST 2010
thectoforum.com
Innovative IT architecture, agility and a spirit of risk-taking are fuelling the growth engine. We look at how savvy CIOs looked beyond the troughs of the recession, even making sensible infrastructure investments. inside 24 | The Colour of Change 27 | Defying Defeat 31 | Simple Rules, No Magic 35 | Tracking by Open Source 38 | Getting the Edge
CTO FORUM thectoforum.com
07 AUGUST 2010
23
COVE R S TO RY
RE SE T T I NG F OR GROW TH
MANISH CHOKSI
Chief – Corporate Strategy & CIO, Asian Paints
CASE STUDY | ASIAN PAINTS
Colour of
Change The
Asian Paints stays ahead in the game by managing change efficiently By Ashwani Mishra & Rahul Neel Mani
PHOTOS BY JITEN GANDHI
A
sian Paints, India's largest paints company with a turnover of Rs 6,680 crore, managed to raise its profitability and clocked positive revenue growth in FY200910. Profitability was up by 100 percent with a growth rate of 20 percent plus. The company did not reel under the recession blues as around 80 percent of its business focused on India alone. “We had one of the best years for our business last year and this was after a long time,” says Manish Choksi, Chief – Corporate Strategy and CIO, Asian Paints.
24
CTO FORUM 07 AUGUST 2010
thectoforum.com
To keep this momentum of growth, the paints-maker is looking at change in every sphere within the company. Take the instance of starting a commercial production at its new paint manufacturing facility in Rohtak, Haryana in April this year. The plant has an initial capacity of 1.5 lakh KL per annum and can be scaled to 4 lakh KL in future expansions. This plant is fully automated. So the time raw materials enter the plant to the time when finished goods leave the factory, there is no manual intervention. “We need such scale
and automation in every part of the organisation,” says Choksi. The challenge for the company is to meet the expectations of service and delivery of customers on various fronts like capacity, raw material procurement and even distribution. Choksi admits that if they miss a day of dispatch or unloading, they really do not have an inbuilt capacity to play catch up.
Looking within To iron out these issues, Choksi says that the IT within the company is undergoing a
RE SE T T I NG F OR GROW TH
process of re-examination. This will look at whether the systems are built in the right manner, and if they have the right business processes and how can they be used in a better and efficient way. For example, last year the company took a different approach to better its sales order process. Previously, the process was on a central SAP platform. That would mean dealers would call their local sales offices to place orders or the branch sales representatives would take the orders and call the local sales office. Today, the company has two call centres that do inbound and outbound calling to pick up sales orders. This call centre also handles customer support and service calls including complaints of consumers and dealers. “So these call centres are doing a large range of activities on a centralised basis. This allows us to have huge scalability,” says Choksi. The call centre also plays a significant role in project sales. Earlier when the company carried out project sales that involved sales to large building sites, they would typically deliver the material to the dealer who in turn would tell the transporter to deliver the same to various sites. Today the call centre is able to deliver this as a standardised process by proper authentication and verification. “This would not have been possible to manage effectively from a branch location,” says Choksi. The company has also made changes in its distribution model. They have gone for automatic tracking and retrieval system and have chosen distribution centres that are located near the manufacturing plant. Earlier, these centres were situated far away from the plants.
Continuous flow Asian Paints is in the process of developing a Business Continuity Planning (BCP) exercise end-to-end. According to Choksi, this is not merely IT disaster recovery (DR) but an exercise that will look and examine all the processes within the company and figure out the possible vulnerabilities that could cause disruptions. The next step is to plan the company and individual response considering various scenarios. This exercise would cover IT, assets (plants and offices) and people. The first part of this process would be to lay down a strategy and then make the necessary investments to implement the strategy. Choksi says that though technology will play a small part in this process, it will act as a key
COVE R S TO RY
Lessons from Failures
Companies are enabling plant maintenance with effective CMMS/ EAM implementation. By Shridhar L Kamath
I
n the last couple of decades, leveraging information technology has proven to be a winning strategy to support the growth and sustainability of manufacturing organisations. Use of IT in manufacturing operations to improve the efficiency and effectiveness of key performance enablers such as accounting and finance, sales, procurement of raw materials and spares, and planning, among others, has been validated across industries. In most organisations, maintenance of plant, equipment and facilities is also considered as an important enabler of performance and is sought to be enhanced through the implementation of a Computerised Maintenance Management System (CMMS)/ Enterprise Asset Management (EAM) system. In many cases, implementation of a CMMS/EAM is labelled a disaster and ends up with low levels of usage. In others, companies invest further resources to re-implement and set right the CMMS/ EAM to make it effective. In extreme cases, the CMMS/EAM is scrapped and the organisation reverts to its old ways of working. What can organisations do to prevent such failures?
Lessons from experience Our work with clients on repairing and enhancing usage and effectiveness of CMMS/EAM across industries and platforms has given us many valuable lessons which can help organisations make its implementation successful.
LESSON 1 Whose CMMS/EAM is it anyway? In many organisations, CMMS/EAM is implemented as one of the modules of an ERP system. Organisations prioritise the implementation schedule due to various factors such as business need, availability of resources, etc. Sales, Finance and Commercial (FiCo), Material Management (MM) are implemented on priority and the CMMS/EAMS module is implemented as an afterthought. The key driver for the implementation of the maintenance system is timely and accurate reporting of maintenance, repair, and operations transaction that impacts the book of accounts. The result is an implementation which focuses heavily on the commercial aspects of maintenance and emphasises the collection of relevant commercial data thereby burdening the maintenance engineer with increased data entry without improving work methods. The best bet to avoid a fiasco is to involve the users, the maintenance team in this case, right from the system selection process. The maintenance team has the best understanding of how to effectively keep equipment operational. They also have unique knowledge of the processes and data required to perform their job.
CTO FORUM thectoforum.com
07 AUGUST 2010
25
COVE R S TO RY
RE SE T T I NG F OR GROW TH
enabler. So the business units will define the recovery times of various functions, and technology will define how data can be recovered. “The other key challenge in this kind of exercise is to sustain it. It is easy to do strategy once, implementation once but business changes. So we are not only looking at being more efficient and scaling up but also being more resilient,” says Choksi.
Bringing intelligence When Asian Paints carried out its ERP implementation, they also looked at a data warehousing strategy for business intelligence (BI). However, Choksi says that with the amount of information that the company has today, they have not delivered intelligence to its employees in a manner that it can be used for business decision making. “We are doing more on transaction reporting but we need to do more in delivering information for decision making,” he says. The company is now looking at doing financial consolidation and also looking at business planning in an integrated manner so that it can help its employees deliver financial reporting in a better way. Simultaneously, the company is working out a strategy for business KPI monitoring and reporting. “We just do not want to provide dashboards but we want this intelligence to be translated into action,” says Choksi. Choksi is also keen to leverage social networking. He cites examples of companies that use Twitter equivalent micro-blogging technology to find out their daily activities on the field. He says that he would want to set a companywide system to know the activities of his sales force on a regular basis, and get continuous feeds. These feeds in turn would help in conducting social analytics. The analytics would be able to predict from a conversation that a dissatisfied customer would not buy from the company the next time. This kind of analytics will certainly help the company where the product purchase cycle is three to five years. Creating touch points with the customers to ensure that they can come back is a challenge that the company wants to overcome. “So behaviour sentiment analysis is where this world will go. The services industry will be the ones who will be far ahead of this curve,” says Choksi.
26
CTO FORUM 07 AUGUST 2010
thectoforum.com
The maintenance team can thus balance the commercial aspects and work methods and create the right specifications which will contribute greatly to a successful implementation.
LESSON 2 Think Improvement Often, CMMS/EAM implementation is considered as an added burden to current work by the user team and minimal support is provided to the implementation team. This leads to improper planning, under-estimation of effort required, sloppy design, hasty collation and uploading of data – a sure shot recipe for disaster. A CMMS/EAM implementation can be taken up as an excellent opportunity to overhaul and improve the maintenance system. The right set of senior experienced people should be provided to the implementation team with a clear set of goals which encompass the overall maintenance function. The team works to map and improve processes, bring in the user’s viewpoint into implementation and makes maximum use of the functionalities of the CMMS while ensuring that the value added to the maintenance function far exceeds the effort put in. Improvements can also be done to the CMMS/EAM functionalities to provide better flexibility to enter data, customised reports to understand and analyse performance and deliver value to the maintenance team. A risk assessment of the designed system and extensive testing can further bring out improvement actions which reduce risks of failure of the implementation Another strategy that can be used is to not disband the implementation team after go-live. The team discusses lessons learned from implementation and usage, and works for system optimisation and continuous improvement.
"A CMMS/EAM implementation is an opportunity to overhaul the maintenance system”
LESSON 3 Manage Change
People make CMMS/EAM implementations successful. Creating a shared vision which has the buy-in of the team and is widely communicated goes a long way in creating a sense of purpose and enthusiasm in the team easing the pain of change. Simple initiatives such as town-hall meetings and celebration of milestones reached during implementation can further add to the level of involvement and ownership. Making people comfortable with the terminology and the use of computers to manage data is as essential as the training on the CMMS/EAM itself. Enhanced used of computers in maintenance management well in advance of the implementation can support the implementation later on. Maintaining data in the form which can be directly uploaded into the CMMS/EAM database further enhances the chances of success.
Concluding remarks As the world around us becomes more competitive, organisations become bigger and equipment and processes become more technologically advanced and complex, information technology will be the only way to sustain and continuously improve. A CMMS/EAM can go a long way in easing the effort required in maintenance. The only challenge is to get it right the first time. About the author: Shridhar L Kamath is managing consultant, PricewaterhouseCoopers
RE SE T T I NG F OR GROW TH
COVE R S TO RY
SUBHAKANTA SATPATHY Senior VP and Head of IT, Axis Bank
The stakes were raised for Axis Bank's planned CBS migration. By Rahul Neel Mani
W
hen you have eliminated the impossible, whatever remains, however improbable, must be the truth...Sherlock Holmes. Axis Bank, one of India’s premier private sector banks replaced the first generation Finacle Core Banking System with the latest version, bidding farewell to the legacy-proprietary systems and embracing open standards-
based architecture. The bank has lived to talk about its daring act. Today it stands ahead of the curve and claims that any bank which will migrate to the new version of Finacle CBS is at least 18 months away. While narrating this suspense thriller, Subhakanta Satpathy, Senior Vice President and Head of IT of Axis Bank, accepted that their decision to migrate was a very bold one and one that is not easy to justify. As
this was the first time that such a migration was being carried out, the possibility of a failure loomed large. In response, the bank took many precautions -— building adequate safeguards in the form of developing a robust business continuity plan and discussing the failover options many times. Still, it seemed like a gamble. “The moment of migration to the new system was like the one at a PSLV launch. We
CTO FORUM thectoforum.com
07 AUGUST 2010
27
COVE R S TO RY
RE SE T T I NG F OR GROW TH
all had goose bumps," says Satpathy. If the attempt to migrate failed, then all efforts at migration would have to pause for another six months as the next chance to migrate would come only then. "If things went wrong, we would have to wait for six months and put in the same amount of preparations again - that was an agonising thought!" he says. But the team wasn't ready to give up yet. They put various safeguards in place. The thought of rolling back to the old version of Finacle wasn’t really exciting. At the end, the migration was successful, though there
were a few initial glitches. “Three months on, we have not only produced an acceptable and convincing P&L statement and quarter ending [June 2010] report but also have trained approximately 7000 users using our captive training centre located in Hyderabad,” tells Satpathy. The story scores 10/10 in taking the plunge, 9/10 in mitigating the risk and 10/10 again in being the first bank to implement the new version. A clear case of an organisation behind ahead of its times. It deserves a mention in bold letters that the bank has become the
Beta Site for Infosys Finacle. Here’s the story with the rest of the details...
The Core Banking Story Axis Bank implemented the Finacle CBS nearly a decade or so ago. Perhaps, it was the first customer of Finacle CBS (as a bunch of solutions bundled in a brand) from Infosys. Unlike other banks, Axis Bank ran it in an absolute ‘captive’ model, without a single event of outsourcing to third party. Having exploited the earlier version to its maximum capabilities, the senior management was convinced that
INTERVIEW | BFSI
PRAVIR VOHRA
Chief Information Officer, ICICI Bank
“In the last two years we have built competencies, capabilities and skill sets and have invested in tools too” Q: What according to you is the role of the technology leaders’ office in an organisation's growth plans? A: The technology leader wears two hats, one is an equal member of the senior management team that gives you the ability to drive thought leadership, internal public opinion and create stakeholder lobbies. In India we do not have a sharp difference between the two roles; abroad there is a very sharp difference. In India we use these interchangeably. The other hat is constantly at the back of your mind, which is the awareness that the technology leader should have on what technology can do for his business. I always say that I am 90 percent a banker and 10 percent technology. I have been lucky in my life in the sense that somebody pays me to do something that I enjoy doing. When you say “Resetting for Growth” it is more of a business phenomenon. As a business we know that the world went through a slowdown. There were loans made in certain countries that affected financial markets, mortgages and consumer behaviour and so businesses got affected. But, did the people
28
CTO FORUM 07 AUGUST 2010
thectoforum.com
withdraw money less often? Salary credits would not stop and bill payments weren't affected. So, I think a big advantage that an IT leader has when he wears the second hat is that he is not in the stomach of the problem. He is affected by budgets but only in a limited way. And so, he can look at the world, as if it has not changed as dramatically as businesses feel. For eg. In ICICI, I have used these two years to build competencies, capabilities and skill sets; I have invested in tools too. We never got to do this when the business was running fast. Because, at that time our challenge was to quickly roll out solutions. We were doing quick and dirty kind of solutions. So, it was a great time for us. But, this whole concept is highly debatable as it depends on the capability of your company to increase spend. For instance, it cannot happen in an export oriented industry in the downturn. It also depends on your equation with your company board. We at ICICI bank were able to convince our board that it was a good time to make infrastructure investments. We have
RE SE T T I NG F OR GROW TH
it was time to migrate. “It wasn't mandated that we should be the first one to go for the new version, but there was an eagerness to implement it before it became the buzzword. Another big reason was that unlike other Finacle users, we are one of those users which use all possible modules of Finacle,” says Satpathy.
The Countdown Began Migrating to the new system was no easy task. In the life cycle of the first version of Finacle, the bank had already done a lot of customisa-
COVE R S TO RY
tion. On top of it, the technology and platform up the gauntlet. on which the system resided was purely Sensing the mood at the bank, Infosys legacy-proprietary technology. approached the bank and kept To migrate from proprietary to a very challenging proposal on open standards-based technology the table. The company wanted meant that a mammoth task of the bank to be the Beta Site to months: rewriting of codes lay ahead. “We migrate to this new version. In The period that believed this transition would take return, they [Infosys] promised the IT team at Axis to complete the migration in the years of efforts and there were Bank would have stipulated period of time with no guarantees of success,” says to wait to get their almost no assurance that it will Satpathy. next chance to Nonetheless, the bank had go right in the first instance. “No migrate. decided that it was time to pick company can give such an assur-
built two new data centres that will go live in August 2010. If you have been in the world as long as I have, you know these are typical business cycles that come and go, you need to find a way to even out the bumps and be ready for the phase of growth that is now coming. I do not know how much you can do for Resetting. If you have allowed the engine to run cold, people to quit and you have plugged the investments – then you would always be a year behind everybody else. But I think all people at senior levels have great ability. The amount of thinking that we’ve been able to do on how we will address inclusive banking may not be rocket science, but would not have been possible if everybody was running around helter-skelter. Sometime back, I got an invitation to speak to American CIOs and advice them on ICICI’s technology model. I was asked how the audience could do similar things. That is the time when I said that the basic thing that the CIOs need to do is invest in their company. A CIO who is there for three years is never going to be able to make a difference. It takes about a year or two to understand the psyche and DNA of the organisation and to be accepted in its fold. If you then decide to move on, nobody will trust you. Q: How does one influence the stakeholder’s lobby? How should it be generally executed? A: This question is similar to the classic one: how do you bring up a kid? At the end of the day, there is no secret sauce or science. It is primarily trust and value addition. Why will anybody in the company listen to me if they don't have trust in me. A lot of our colleagues quip that “business wants it like this”. We are happy as a team to play second fiddle because we do not want to take the sales, marketing and P&L pressure. A big thing about technology in a commercial organisation is that we don’t usually have any direct P&L responsibility so we are insulated from the other guy’s problem. We can always say that
6
he is unreasonable. I would like to quote one of the things that we have done here, with the benefit of hindsight. This was not really planned by us. Today I can look back and say that it worked. I learnt to speak two languages in ICICI bank. Some of my colleagues used to say that business is unreasonable and they do not know what they want, they keep giving change requests – all of which is true. And, I used to reply, if you think that the other person’s job is much better, I would move you there. They have their own challenges that you do not understand. As for the business colleagues, I remember a conversation with a person who is now a very senior officer. He complained that it took too much time (three months) to get a list of credit exposures of the bank. So I asked him to define exposures? He replied back saying that he meant the balances in these high value accounts. I enquired again, asking him, do you want to include guarantees that are issued, contingents liabilities, limits that are sanctioned but not drawn, shadow balances – cheques in clearing, etc. The idea is not to say that I cannot do it – it is just about explaining in simple English some flavour of the complexity of my other life. Even now, I give examples of their own world to non technology people, to make them understand the challenges faced by technology. For instance, how would you make senior people understand an outage? If internet banking is down – how can you make them understand that it will take 8-9 hours to bring it back up? That is the amount of time it takes to re-install software, re-boot systems. This is because the uneducated view of technology is – just press a button and it's started. If you can talk to the people in a language they understand, it creates a fair amount of trust. Of course with this, you would need to be successful, you will need to deliver projects on time, etc. But then all this is just the basic hygiene for any technology head.
CTO FORUM thectoforum.com
07 AUGUST 2010
29
COVE R S TO RY
RE SE T T I NG F OR GROW TH
“No company can give such an assurance. The primary responsibility was ours.” ance. The primary responsibility was ours. So we had to buffer for a failed attempt. The bank was prepared with plans A, B and C. Agreeing to be a beta site meant a lot. The entire business was dependent on CBS and anything could have gone wrong. The decision was bold and risky,” says Satpathy. The entire machinery working behind the transition was ready with a robust business continuity plan. Worst, what if, after the migration, users weren’t able to log into the system? Anything was possible. As part of the plan, the core implementation team decided to stop the non financial transactions for the initial 3-4 days of migration. On the day of migration, everyone was on
tenterhooks. Then the first flaw surfaced. “Till late in the evening, we were not able to provide log in to the users," says Satpathy. A technical glitch had brought operations to a standstill. "It was frustrating." At 7 pm, the problem had still not been resolved, and the company was now in a crisis. One option was to roll-back. The other was to listen to the bank's partners, which came up with some solutions but were waiting for the bank's consent. If the back rolled back, 15 months of hard labour of the entire team would have gone down the drain,” says Satpathy. The Risk Committee constituted to monitor the migration was also puzzled. After a lot of deliberations, it was decided to try the
Beta Site Didn’t Mean no Capex
A
xis Bank didn’t have to pay for the CBS licenses from Infosys. That arrangment was part of the deal. But there was an infrastructure upgrade involved. The bank had to invest in an expensive IBM Websphere Middleware. Another major chunk of investment was hardware and storage. To make the migration a success, at least 3-4 additional instances were required to run parallel in different stages. This meant an incremental investment in the hardware. The current production environment required one set. But now, another set
30
was required for development. Yet another set was required for user interface and testing. The last set was required to phase from the old version to the final Beta site. During some of the time, instead of just one CBS, the Bank was running four. The organisation might not have had a multi user environment for all the four sites but storage requirements were actually four times. Training: So far the bank has trained nearly 7000 users using its own captive training facility. The Bank’s training
CTO FORUM 07 AUGUST 2010
thectoforum.com
centre located in Hyderabad accommodates close to 800 trainees. "We conducted eight batches of 800 people each," says Satpathy. Risk Committee: A Risk Committee of four people including the CIO was constituted. "The Committee members knew each other very well. Each of us knew the other’s risk appetite; there was a lot of trust between us. The top management was aware about the happenings but gave freedom to the Risk Committee to do what it wanted," Satpathy said.
solution suggested by the partner. The ruse worked. Ultimately the users were able to access Finacle. “Because we weren’t able to do any transactions on the first day, we had to clear a lot of those in a short window during the night." The inability to process transactions during the day had a cascading effect; it took the bank the next three-four days to clear the backlog. "Frankly, the first week was slightly unstable, not because of the technology but because of the volume of transactions." Users didn't have the same same comfort levels as they had with the earlier version of CBS, as a result of which there was a dip in their efficiency. "If a banker was able to do 100 transactions an hour, in the changed environment, he could do slightly more than half," says Satpathy. "After a week's time, the situation came under control and by the end of May 2010, we were able to produce an acceptable level of trial-balance and profit and loss account statement to the management. We did a smooth quarter ending in June 2010.”
In hindsight Although the team succeeded in this tough task of migration, Satpathy wants to share his experience with his peers. “It is always advisable to migrate to a newer version of any software. But never be the first one and never be the last one. Our decision was bold but it was still a mistake to go live first and become a Beta Site. We survived because of our extensive business continuity planning and the tenacity displayed by our employees to endure the pressure. “The next bank which will migrate to this platform of Finacle cannot do it before 18 months from now. Now look at the opportunity knocking our doors. If we can convert this period into a business opportunity, we will simply be ahead of the curve,” concludes Satpathy.
RE SE T T I NG F OR GROW TH
COVE R S TO RY
ALPNA DOSHI Chief Information Officer, Reliance Communications
INTERVIEW | R COM
Simple Rules,
No Magic
Reliance Communication’s growth initiatives in the immediate future By Rahul Neel Mani
T
he pace of growth at Reliance Communications (RCOM) is faster than that of other leading telcos in India, says Alpna Doshi, CIO, Reliance Communications. In a chat with Rahul Neel Mani, she outlines the company’s IT plans and growth initiatives in the immediate future. Excerpts:
Q: What are the new technology developments in the telecom industry? Is RCOM positioning itself to be a leader in this space? A: When we are looking at technology deployments to prepare our technology base, we look at creating and using a shared architecture for both our wireless and enterprise
market segments. This shared architecture will effectively allow us to have subscribers from our consumer database and also help us to leverage these users for the enterprise segment, as some chunk of these consumers are a subset of the enterprise market. The other focus area for us is on the CRM space. We look at the basic criteria for CRM
CTO FORUM thectoforum.com
07 AUGUST 2010
31
COVE R S TO RY
RE SE T T I NG F OR GROW TH
usage and how the customer's needs can be addressed through this application. For example, if a call agent can reduce the time to respond to any query even by a few seconds, it is a relief for the customer. This holds good for our enterprise business as well. Within the IT sphere, I am monitoring more than 100 Key Performance Indicators (KPIs) regularly. This keeps my team excited and they want to improve their numbers. I in turn, conduct a customer satisfaction survey of these numbers and see their responses. So we try to connect everything from a customers’ standpoint and convert it to various KPIs and measure it. These would include things like provisioning time, number of trouble tickets generated, fault resolution time, etc. Day-to-day IT problem solving is a given and it should not take more than 30 percent of our time. The remaining 70 percent is the time that needs to be devoted to provide value adds to the business. At the end of the day, it is the IT team that is managing and understanding the various applications and solutions. So I look at various IT reports for all our businesses and see if I can help them analyse these reports. Business has no time to look at the technical aspects. So my focus here is to identify innovative architectures that can speed up things. Architecture convergence is one aspect that can bring in efficiency. So if I look at Globalcom, a division of Reliance Communications, we are merging the architectures from our acquisitions of Flag, Vanco and Yipes. This converged architecture will provide a great value add to the business in terms of getting rid of redundancy, faster resolution time as well as introduction of new technologies. Differentiating yourself from the competition is a key factor. We want to give a good deal of thought to the various functionalities of each of the systems that we have. We want to derive intelligence out of them and analytics is certainly a huge part of our differentiating game. Technology for me has always been the easy part as it can be made to work the way you want. To make people work is a challenge. So if we want to do anything at high speed for the business we need to introduce agile processes in the company. For this it is important to have knowledge of the existing business processes and how you can reduce them. So we started something called as “Coffee with the CIO,” to
32
CTO FORUM 07 AUGUST 2010
thectoforum.com
spend that extra time to meet with people and understand their pain areas, ideas, etc. Q: What has been the impact of such meetings over a cup of coffee? A: Well, I speak of many things that are professional as well as personal. I share my vision with them and also listen to their expectations from IT. On the personal front, I ask some of them where they stay, what are their hobbies, etc. This helps a lot. For example, if
an operations guy has to work past midnight in the office and does not get a transportation to go back home, then this is of great concern to me. If I can get these guys a transport service when they sit back late, they feel a sense of ownership and do not mind putting that extra effort. I give a lot of importance to people. Employees can do things beyond our wildest imagination. So it is not technology but people who change business.
Commanding Heights In telecom, IT has evolved from being just a support function to a strategic growth partner. By Kasturi Bhattacharjee
IT
has come of age if gauged in terms of its contribution and position in the telecom sector. When telecom was still in its infancy, IT was merely a support function and contributed to the revenue in a limited way. The scope of work was limited to enablement of smooth operations and management of the major business driving functions. IT was viewed simply as the provider of tools facilitating the other mainstream functions of revenue generations. The initial focus was to provide basic provisioning of LAN, workstations, mail servers for employee connectivity and rudimentary ERP, billing and care functionality which had little direct impact on the revenues generated by the firm. Traditionally, the IT average spend by the telecom companies worldwide as a percentage of overall revenues ranged from 2.8% to 5.2% with average percentile hovering around 4.26%. Considering the role of IT as a support function, it was treated as an expense item necessary for business support. (IT spending as a % of revenues; Source: Metagroup)
IT in the mainstream In recent years, IT has become a key function with evolution of newer and disruptive technologies in the telecom space. The advent of new platforms coupled with changing lifestyles of the increasingly demanding users gave rise to a plethora of opportunities for IT. The constantly changing technical landscape forced the telecom firms to look for higher contribution from the respective IT departments. The firms now consider internal IT as a business driver capable of enhancing revenues rather than just a support function.
RE SE T T I NG F OR GROW TH
Q: Can you highlight an innovation that has been done by your team? What was the customer's reaction to the same? A: A good example would be our customer self service portal. We developed a portal that has enabled customers to easily buy services online, make payments, and troubleshoot as well. I would like to finish working with this portal by introducing unified billing. Work is already underway for this process. There are no telcos who offer unified bill-
ing to customers in India. Having separate bills for various services like mobile, landline, broadband etc. from a single provider for one customer is not required. One customer ID with all services hanging to it is the best answer. This is not innovation, but simple basics. If there are barriers, they are political in nature and exist within the organisation. In a transformation journey, there are two key areas that need to be kept in mind. One is technological transformation and the other
The role of IT is now not only limited to technological advancements but also extends to improving the bottom line of the operator. Challenges for today’s CEO include building fresh revenue streams while also maintaining the existing market share. Challenges include: Increasingly competitive landscape Integration and scalability of operations with new business ideas Constantly declining ARPU Multi-partner ecosystems Low revenue leakage percentage which is high on absolute amount Regulatory constraints
COVE R S TO RY
is cultural transformation. These two have to go hand in hand. So unified billing would be more of a cultural transformation aspect that needs to be in sync with the technology transformation. Q: How much of technology tweaking would something like unified billing require? A: You look at it at from a point of having five different systems, for example, that process
point for end-customers whether it used by agents or whether it is in the form of self-care. In the form of CRM support for agents, CRM engines assist call centre personnel to accurately provide required customer information and also help in problem management. CRM in this way is not only a technological tool for enhancing customer satisfaction but also a business tool for cross-selling services. In its other form as self-care portal, an efficient engine will enable customer info on the click, faster and automatic turnaround and service provisioning rather than adding costs to agent seats. Business intelligence: The launch of any new product or service is governed by two factors viz. requirements of the customer and the potential revenue generation capability. It is imperative for the operator to anticipate and identify where they are heading and preempt the needs and wants of consumers. The robust business intelligence systems of today are enabled to identify the exact customer requirements and reasons for churn for necessary proactive business actions. The other benefit of business intelligence systems is identifying significant patterns regarding the potential prospects, spending behaviours, specific bigticket schemes and low hanging fruits. Service Delivery Platform: SDP is the new stage device of IT which enables telcos to venture into data services and provide user-friendly features like mobile TV, games, video-on-demand, location based services, advertisements, social networking, m-blogging which will be the new area of competition. Telecom operators have made a conscious choice to have SDP engines enabled by IT so that customisations as required by market dynamics and business needs are made on the fly. Interconnect: The partner settlement engines are the major areas of focus for the service providers as ensuring accurate, regular reconciliations and settlements enable cash flows and are important for revenue generation. If settlement engines are not robust enough,
Concepts like differential billing based on customer’s age, gender and time of usage are a reality today
The success and survival of the telecom enterprise in the future will be governed by their ability to face these challenges and turn their weaknesses into areas of opportunities by leveraging the strength of IT. Today IT can overcome these barriers and drive growth of the telecom operators’ business by providing: Seamless billing schemes: Billing engines are at the centre of activity for any telecom operator. A good billing engine can quickly launch various complex schemes in minimal possible time, thereby resulting in reduced time-to-market. Concepts like differential billing based on customer’s age, gender, time of usage, location, mode of payment are a reality today because of superior IT functions. Revenue assured: The revenue assurance (RA) engines are not only limited to plugging simple leaks of call drops but drill further into the network layer and give a comprehensive report aligning the IT performance indicators with business drivers. Today RA reconciles various technology elements to enable assurance of margins and profitability of investments. Even a small percentage leak is very high in terms of absolute amount for a billion dollar operator. Customer Relationship Management (CRM): CRM is the touch-
CTO FORUM thectoforum.com
07 AUGUST 2010
33
COVE R S TO RY
RE SE T T I NG F OR GROW TH
“The negative part of outsourcing is getting locked in with a provider as one is unaware of the nitty-gritty of the services” the billing requirements for five different services. It certainly requires certain amount of work to make sure that everything is associated with a single customer ID. Now the aspect of which particular service organisation is going to address the subscrib-
ers becomes a question. So it does require quite a few changes. Let’s look at this from a CRM standpoint. Can the call agents offer a unified service to customers for all their queries of multiple services? So this would require a focused approach and clear capex
they will lead to a loss of revenue for the operators. They play a major role in case of content partners as they develop content and, in the event of errors in settlements, they can stop providing content, thereby disrupting services. Supporting call centres: Companies have to monitor their expenses on customer care centres as they involve huge investments in IT and personnel. The focus on resolving the calls via the IVR and reducing the calls transferred to agents will immensely reduce the costs involved. IT enables configuring of IVR on the fly so as to maximally utilise an agents’ bandwidth and customer connections are made quickly. Various call-centre specific systems like agent scheduling, tracking, comprehensive reporting are also enabled by IT. Management level reporting: Performance monitoring and tracking is very important for judging the health of the business. Reporting engines ensure there is synchronisation between circle level operations and corporate think tanks. State-of-art IT engines enable standardisation and drilling-down of reporting to the bottom most level with just a few clicks. Disaster Recovery: IT engines ensure business continuity by enabling parallell running data centres which can take over in case of disaster at the primary area. Every second of outage leads to huge revenue losses and customer dissatisfaction, so disaster recovery is essential for business growth. IT has not only acted as a business driver for external environments, it is a key function for internal employees of the telecom sector for information dissemination and productivity enhancements. Intranet: Intranet is a key tool for sharing company’s information, collecting valuable feedback from employees, establishing formal/informal discussion forums and a collaboration platform for all the departments. Providing facilities like leave management, payroll status-check, file timesheets and knowledge management automates employee admin processes and enable employees to focus on business tasks. Connectivity outside office: Today employees are available 24*7 through blackberry, VPN, conferencing and this is all enabled and supported by the IT department. It can be said that the IT function in the telecom sector is no longer just a support function and has become part of board level thinking as it enables not only the basic infrastructure required for business, but also provides directions for the next level of growth. About the author: Kasturi Bhattacharjee is Associate Director, Infocomm Practice , PricewaterhouseCoopers
34
CTO FORUM 07 AUGUST 2010
thectoforum.com
and opex investments to take this through. Or you need to have a strong executive sponsor to make it happen. Q: So who will be the executive sponsor in this case? A: I would like to see this from the customer side. So our customer service departments should really be the ones. As a CIO, I will put the plan into motion.. Q: It has become a norm to outsource entire IT operations and we have seen telecom companies like Airtel, Idea, etc. outsourcing their IT needs to service providers. RCOM on the other hand manages its IT by itself. So what according to you are the pros and cons of both these models in the telecom space? A: When outsourcing contracts are signed, there is a joint risk sharing. From this perspective, the contract management becomes a key part in the deal as the provider needs to manage the SLAs, finance, etc. I have been a consultant for most part of my career. The negative part of outsourcing is getting locked in with a provider as you are not aware of the nitty-gritty of the services being offered. The SLAs are adhered to but what if one wants to look at changing something — that's not possible. In my previous role as a consultant I was auditing a contract in Australia for a major telecom service provider who had outsourced IT operations to another partner. We diagnosed the network management system to the core. We deciphered that the code was written in such a manner to lock the telco and there was no way that the company could get out. This exposed the partner. At RCOM, we have a long term outlook. As IT is captive, we can maneuver our business as required without our intellectual property going out. Having internal IT saves a lot of bandwidth in terms of management of a contractor. We follow simple rules, and there is no magic needed. Our IT is always ready for the business.
RE SE T T I NG F OR GROW TH
COVE R S TO RY
PRAKASHA K N Head IT & Information Security, LG Soft India Pvt. Ltd.
CASE STUDY | LG SOFT
Tracking by
Open Source LG Soft India looked at Ruby on Rails for efficient project management By Geetaj Channana
T
he technology services industry is still one of the fastest growing sectors in the world. And as a company grows in size and acquires more projects, it become more and more expensive and difficult to manage multiple project across the enterprise. LG Soft was also presented with a similar problem.
The Challenge The company was growing and needed an integrated project management system to
ensure smooth delivery of projects. “It was getting more and more complex to plan engineering projects, track defects and issues and fill the engineers’ timesheet,” says Prakasha K N, Head IT & Information Security, LG Soft India Pvt. Ltd. “Many project management tools are available in the market but they are expensive and time consuming to implement.” This extremely complex environment and tight budget constraints prompted LG to look for options that were extremely effective but did not cost the world.
The Solution The company looked at implementing the Redmine Project Management tool. Redmine is a flexible project management web application written using Ruby on Rails framework. “It is a time, defect and issue tracker web application with mail and LDAP integration. It also has multiple projects and database support,” says Prakasha. This is also beneficial for the ITeS company as it is open sourced under the GPL license. Being open source has the benefit of eas-
CTO FORUM thectoforum.com
07 AUGUST 2010
35
COVE R S TO RY
RE SE T T I NG F OR GROW TH
ily available plug-ins. The organisation has also included plug-ins for effort tracking/ project planning, timesheet, risk and graphical reports in the implementation. They have also developed a treasure hunt module on it to gather new Ideas from employees across the organisation. Other plug-ins in the implementation include - Dashboard for tracking milestone; Risk management plug-in; Estimation and Requirement management plug-in; Bulk upload, time entries and other entries for bulk tasks.
The Benefits To start with, the organisation has already saved more than $100,000 on an implementation of about Rs. 100,000. Apart from the monetary benefits, there have been many tangible project and personnel management benefits achieved by the project. To start with, now the company can easily track each task assigned and provide its status with respect to milestones and engineers. For any project-based ITeS firm, it is extremely important to be able to correctly estimate the time and capture the requirements of the project. This tool has been immensely helpful on both counts for LG Soft. We have been able to improve drastically on both counts. Needless to say, it has helped in better project management also. Project managers now have a lot more control over the projects with easy to monitor dashboards and metrics. The need for project meetings has been reduced as a lot of communication about the project happens through the management tool. All the data for metrics analysis is captured automatically without manual intervention. The engineer's timesheets are directly linked to the projects to ensure seamless integration and control. Finally, the project also has Risk Management embedded.
Finally By thinking outside the box and taking a brave step by adopting an open source tool, LG Soft has been able to save thousands of dollars while improving efficiency in the organisation. A win-win on all counts.
36
CTO FORUM 07 AUGUST 2010
thectoforum.com
Full Blast
The Indian IT-ITeS industry is gearing up for disruptive growth strategies By Hari Rajagopalachari
T
he Indian IT-ITeS industry has emerged as a key growth engine for the economy, accounting to about 5.9% of the GDP and also contributing to increase in urban employment and exports. As per recent estimates by National Association of Software and Service Companies (Nasscom), the IT industry is expected to grow by 13-15% in the fiscal year 2010-11 compared to a low growth of 4-7% in the last fiscal year 2009-10. The IT/ITeS industry in India has evolved from a “Lift and Shift” model of moving headcount in and out of India for projects at the lowest end of the value chain, to one where Indian players are aggressively bidding for and winning large scale turnaround projects hitherto the domain of global behemoths. The upward movement in the value chain for the industry is expected to come through incremental and/or quantum growth. Incremental growth would be seen through innovation and expansion in the form of: Emerging consumer sectors like healthcare, government, engineering services, etc. Value innovation in service delivery like platform BPO. However, in order to move beyond incremental growth and ride the quantum growth wave, service providers need to focus on game changing and commercially viable Intellectual Property (IP) development. The Indian IT industry has an opportunity to innovate and reinvent itself using cloud computing in a manner similar to the two previous disruptions – the Global Delivery Model (GDM) and the Y2K –which it turned to significant advantage.
Government The potential for increasing GDP growth rates by increasing telecom and internet penetration is now well understood by governments worldwide. In countries like India it also holds tremendous potential to make growth socially inclusive especially in areas where mobile telephony, data services and rural banking converge. The increased IT spending by governments in developed and emerging economies has led to the government sector becoming a primary consumer of IT/ITeS services. As per IDC estimates, worldwide IT spending is expected to increase to US$ 1.48 trillion in 2010, which would be largely driven by the government sector. For example, total government spending for hardware, software, and IT services in Western Europe alone will increase from $56.6 billion in 2008 to $68.5 billion in 2013.
RE SE T T I NG F OR GROW TH
COVE R S TO RY
“With demand from clients on more value addition from outsourcing contracts, platform-based model would be of great help as they offer economies of scale and process standardisation.” The IT spending by India's public sector is expected to grow to US$5.1 billion by 2011, indicating a compounded annual growth rate (CAGR) of nearly 19% from 2007 to 2011. More than twothirds of the total IT spending will be undertaken by the central government, with state and local governments contributing to the rest of the spending. For example, increased spending by the Indian government on large turn-key IT projects like the Unique Identification (UID), Passport Seva etc. are attracting major global service providers. In view of the governments’ deep pockets and given the immense scope and scale of various national projects coming up around the globe, this sector would be a key area of growth for IT.
Platform-BPO Ready-to-market platform based offerings would serve as the backbone for growth and help showcase expertise. Platform BPO, a bundling of technology, consulting and BPO, helps in creating and delivering transformational value using strategies such as global sourcing, technology innovation and process optimisation; thus enhancing operational efficiency and also helping the customers to move from a capex to opex model. The real advantage of platform-based BPO is that it can and does appeal to mid-sized and small companies. With demand from clients on more value addition from outsourcing contracts, platformbased model would be of great help as they offer economies of scale and process standardisation. Platform BPOs are also becoming important in the context of integration. The BPO subsidiaries of most large IT companies that were separate entities until a few years ago are now being integrated with the parent company to leverage the opportunity presented in the integrated IT and BPO space. Clients are moving from the standard deals towards transferring ownership of processes and are increasingly showing preference to purchase services from one established end-to-end solutions provider instead of going to different vendors for different services.
value proposition from being merely an enabler of competitive strategy to becoming a source of competitive advantage. Gartner estimates the market for cloud services will grow from US$70.8 billion in 2010 to $150.1 billion by 2013. The compound annual growth rate (CAGR) varies widely between different types of services, but overall CAGR has been calculated at 26.5%. Other studies suggest that the market is entering a period of acceleration in terms of cloud adoption - from 15-25% of organisations making the move today to 25-45% in three years' time. According to a recent study by Zinnov, the current US$ 110 million-cloud computing market in India is forecasted to reach about US$ 1,084 million by 2015. There are several multinational and Indian companies entering the cloud space and trying to drive business relevance of its solutions for both Indian and global customers. According to a recent CII-PwC survey, about 60% of the service providers are open to using cloud computing and nearly 56% of clients surveyed were open to the concept of cloud computing primarily for its advantages like lower implementation time, easier product maintenance and faster delivery. Cloud computing has allowed the smaller Independent Software Vendors (ISVs) access to customers that they could have never had otherwise. This has allowed smaller ISVs to be based on cloud platforms (such as Azure, App Engine etc) and make themselves available to global customers, thereby, significantly reducing their cost of sales. This has also increased the flexibility for end customers and increased the choice of products and services. The benefits of the cloud are not just being tapped by smaller companies. Bigger companies are vying for large cloud computing deals, creating private clouds and are looking at creating separate service lines for cloud computing. However, in order to generate sustainable strategic advantage, it makes sense for service providers to look beyond linear growth and focus on game changers in the form of commercially viable IP (intellectual property) creation.
Cloud Computing Cloud computing in one of the key technology/focus areas in the IT/ ITeS sector and many enterprises are keen to use it as a platform. Implementing cloud computing as a platform will help enterprises save capital cost by directing them towards operational costs. The innovation that cloud computing offers is expected to raise IT’s
About the author: Hari Rajagopalachari is India Leader for Technology Practice PricewaterhouseCoopers
CTO FORUM thectoforum.com
07 AUGUST 2010
37
COVE R S TO RY
RE SE T T I NG F OR GROW TH
BSES Power ensures smooth migration of live billing data for one lakh customers By Ashwani Mishra CASE STUDY | BSES
T
he utilities business value chain has several unique business functions that are not typically seen in other industries. Even within enterprise-wide functions that are common across other industries, the critical processes and Key Performance Indicators (KPI) differ for utilities. Each of the business functions within the utility has multiple business processes and sub-processes. For example, the asset management function has sub-processes like plant engineering and asset maintenance, that is, plant maintenance and operations. Operations in a utility are usually very complex, requiring huge amount of data to be managed under stringent regulatory conditions with a very wide and demanding customer base. For Delhi-based BSES Power Limited, a company with an annual turnover of around 8169 crore, the situation was no different. “To ease out the work of the operations team within the company, we initiated automation of
38
CTO FORUM 07 AUGUST 2010
thectoforum.com
business processes enabling better customer care, and covering automation through implementation of ERP, SAP IS-U/CCS,” says Karan Singh, VP-IT, BSES Power Limited. IS-U/CCS is an industry solution from SAP which addresses the needs of a customer oriented utility company. The solution encompasses Customer Relationship Management (CRM) and Business Warehouse (BW). The project was called as Enhanced Data Generation for Enterprise or EDGE that was conceived and implemented targeting one lakh consumers in Phase-I towards migration from legacy application to ERP. The modules successfully implemented included Billing, Device Management, Financial and Contract Accounting and Customer Service. “As ISU has hardly been implemented in India by any enterprise because of its complexity, cost and availability of skill sets, it became a challenge for us to migrate our existing billing data and make it live for one lakh customers,” says Singh.
The implementation was achieved by first mapping the business process, preparing a Business process document(BPD), taking a signoff from business, mapping as-is process to required process and then automating the same in SAP ISU/CCS. The EDGE framework was developed by keeping in mind a customer centric view that allowed the team easier tracking of customer behaviour and usage pattern. The integrated system is flexible and future proof and can be configured to handle changing business needs and demands. It can handle concurrent users and millions of customer accounts. “Some of the most innovative aspects of this project were seamless migration of live billing data from legacy to ISU/CCS with zero glitch and the handling of change management issues without any operational pause,” says Singh. The total cost of the project was around 21 crore and the company expects to recover the RoI within a year or two.
COVE R S TO RY
RE SE T T I NG F OR GROW TH
Action in the Corridors of Power
Electricity distribution utilities are finding new areas for IT deployment By Sambitosh Mohapatra, and Debasis Mohapatra
D
1104 feeders were covered by the project. This initiative provided the utility a complete visibility of its customers across various categories in its electrical network. It further helped the utility to establish a base for future deployment of solutions to manage its network assets as well as for advanced metering initiatives. Under the Restructured APDRP1 of the Government of India, more and more utilities are undertaking these initiatives. Enterprise Resources Planning (ERP): In 2006, a private sector utility in Northern India felt the need for a standardised solution with faster response time, automation and integration; application for managing planned / unplanned maintenance and breakdowns; improved application / control for asset management; better project capitalisation; integrated mechanism for reporting; mechanism for traceability and tracking of transactions, and employee self-service facilities, among others. The ERP initiative of the utility was also driven by the emerging concept of Smart Grid. The second phase of IT implementation experience ERP initiative focused on implementation of SAP IS-U in the areas Despite operational and implementation related complexities, utiliof customer care management, connection management, meter ties in India are gradually agreeing to commit upfront investments management, meter reading, revenue billing, revenue recovery, in IT and operational systems given the level of increasing customer revenue collection and energy auditing is under way. Through these expectations and regulatory standards. These systems aim to reduce initiatives, the utility intends to achieve standardised business prohuman interface in operations and increase manpower productivity. cesses in billing and customer services and enhanced decision supSome of the major technologies and systems being deployed in port for regulatory and statutory compliances. Indian utilities are as follows: Advanced metering: An electricity distribution utility in Northern Prepaid meters: Prepaid metering is slowly and gradually gaining India initiated a pilot project in 2009 on advanced technology metera foothold in the Indian Power Sector. A number of government / ing by installing ‘smart meters’ in 500 households. The objective public and private owned electricity distribution utilities in India of this experiment was to study the feasibility of installing smart have embarked upon such initiatives. This initiative across India is meters in India. From this study it was inferred that this technology in the nascent stage and the scale of prepaid metering in most of can help the utilities drastically cut losses due to power theft and these utilities is restricted either to a few pilot implementations or a improve interaction with the consumer. Through the use of smart select category of consumers. Studies worldwide has shown signifimeters the pattern of consumption can be known which can help cant benefits of prepaid metering both from the consumer and utiliregulatory bodies introduce “time of the day” pricing — higher rates ties point of view; however, it will be sometime till such results are during peak hours and lower during non-peak hours. experienced in India where there is a need to change the The utility has received feedback from 500 consumers mindset of customers who are still used to the post-paid with most of them being happy with this initiative. The metering systems. cost of a smart meter is considerably higher than regular Customer indexing and GIS database: In 2006, a stateNumber of smart meter but the benefits from this are more than the cost owned utility in Western India implemented a Geographmeters installed involved considering the power shortage scenario in the ical Information System (GIS) for better management of during a pilot utility’s coverage area. electrical network and customer services. In phase one project in 2009 of the project, eight major towns under the geographical by a utilitiy in coverage area of the distribution utility, comprising 55 About the author: Sambitosh Mohapatra is Associate Director Northern India electricity distribution feeders were included for updatand Debasis Mohapatra is Senior Manager, Energy Utilities ing and verifying consumer data. In phase two, another and Mining Practice, PricewaterhouseCoopers
ue to the inherent nature of its business, the electricity utility industry, especially organisations providing services of distribution and retail supply, face some unique challenges in implementing IT solutions.The unique differentiating factor is that unlike other products and commodities, electricity cannot be stored. Also in this sector, customer categories are varied and complex – across voltages, rate slabs and type of connections. Electricity pricing and services are subject to oversights from central and state regulators unlike other products or commodities. Controls in organisations and their outcomes also vary depending on whether the organisation is held by the Government or public or private. Unlike other products, it is difficult to attach a differentiator to the electricity being supplied; differentiation, though, can only be made in customer services – faster connections, speedier complaint resolution, etc.
5oo
CTO FORUM thectoforum.com
07 AUGUST 2010
39
NEXT
HORIZONS
AUTHOR SAYS
Security as a Service – It makes sense to have email and Web threat protection in the cloud
O The SaaS Romance
When it makes sense to woo the cloud for security, and when it doesn’t. BY MATT SARREL
40
CTO FORUM 07 AUGUST 2010
thectoforum.com
ver the past few years, more and more businesses have turned to software as a service (SaaS) to bring down costs. One category of offerings, which we'll call "security as a service" deserves special consideration. More and more traditional software security vendors are developing and enhancing their service based offerings. These offerings typically include protection against Web and email threats, monitoring of inbound and outbound network traffic and assessing an externally facing website for potential vulnerabilities. While all vendors argue the appeal of reduced costs, only a few vendors argue that their solutions are better offered as a service. This is a market in transition. I've been testing security solutions for years so I've been lucky enough to have a good vantage point for this transition. Most of these solutions were software only. Then many added centralised management and some shipped on appliances. The earliest security as a service offering merely moved this centralised management console into the cloud. This was a good start, but fell short of leveraging all of the advantages of the cloud. Offerings have gradually matured to utilise the strengths of the cloud. For example, Panda
N E G O T I AT I O N S
Security saves local processing power by analysing malware in the cloud, not on the desktop. Many other vendors also make use of a cloud based infrastructure to conduct deeper and faster malware analysis. They can have more horsepower than what a single client site can provide plus integrate threat information from many clients to create an accurate understanding of the threat landscape.
Pros & cons Although more and more security functionality is being built into these offerings, security as a service still has its pros and cons. Firstly, many solutions still require a software agent to be loaded onto each end point. This is almost a necessary evil so look for solutions which automate deployment and updates of software agents. Remote workers are a natural choice for security as a service but they aren't on your network so why do they need to use your internal security services? They can access the solution provider's data centre just as well (or better than) yours so let them. Look for SaaS solutions that try to improve the security process, not those that merely claim lowered TCO and fast ROI. It makes sense to have email and Web threat protection in the cloud primarily because that traffic flows across the Internet and can be cleaned before even entering a corporate network. It also makes sense to apply some basic traffic rules, such as those that drop denial-of-service (DOS) attacks for the same reason. Carrying it a step further, however, it does not make much sense to deploy a firewall in the cloud. Such devices require immediate access to all network traffic and relaying such traffic back and forth between a SaaS provider would make network services mind-numbingly slow for users. Likewise, solutions that are heavily tied to internal resources, such as authentication and access-control software, also work better on-site. Always negotiate an SLA when contracting for security services. What happens
if you are routing all Internet traffic through a security service provider and somehow service is compromised? It's unlikely that a SaaS provider will fail completely. What's more likely is that there might be a performance glitch so an SLA is imperative if you are going to get your money's worth. Here's the rundown on a few recently updated security as a service offerings:
95% ORGANISATIONS EXPECT TO
NEXT HORIZONS
ligence network analyses hundreds of millions of suspected malware files every day.
Symantec Hosted Services
Symantec offers Hosted Endpoint Protection (antiGROW THE USE OF malware, software firewall, HIPS for Windows desktops laptops SAAS and servers) as well as email, Web, and instant messaging security via MessageLabs. It gets interesting when a company subscribes to multiple services and can then begin to assess threats McAfee Security SaaS across multiple vectors in order to mount a McAfee offers a number of outsourced unified defense. services such as endpoint, email, web, and network protection in an outsourced model. McAfee SaaS Total Protection offers much Zscaler Cloud Services more than a snappy name. This basically Unlike the others mentioned above, Zscalreplaces McAfee's traditional suite of onsite er was built from the ground up as a cloud security software to protect endpoints from security service. The solution requires neiemail and web threats. ther hardware nor software to be installed at a client site and provides integrated Web and email security. Keeping an eye Panda Security Cloud Protection on performance, the company has over This service protects endpoints against 40 data centres around the world and its email and Web-based threats. This is the offering is built around a multi-tenant third major enhancement to Panda's platarchitecture. The Web based management form which means that it's mature. Early GUI has a very Web 2.0 look and feel with on, Panda realised that the way to go is to flexible dashboards. have an extremely lightweight client agent that merely communicates with a big time cloud infrastructure that does all the heavy lifting. This minimizes the burden placed on user systems. Panda's collective intel-
MAINTAIN OR
While all vendors argue the appeal of reduced costs, only a few vendors argue that their solutions are better offered as a service.
— About the author: Matt Sarrel is executive director of Sarrel Group, a technology product test lab, editorial services and consulting practice specialising in competitive intelligence. He has over 20 years of experience in IT and focuses on high-speed large scale networking, network security, information security, and enterprise storage. He can be reached at matt@sarrelgroup.com, Twitter: @ msarrel. This article has been published with prior permission from www.cioupdate.com.
CTO FORUM thectoforum.com
07 AUGUST 2010
41
NO HOLDS BARRE D
MAHENDRA NEGI
DLP should be a
decision based on
Requirements Mahendra Negi, COO & CFO, Trend Micro has been acknowledged as one of the top Internet analysts in Japan. In a freewheeling discussion, he touches upon various issues that concern the information security industry. Do you think that information security should be centralised or that parts of it should be managed centrally? This is a topic where we struggle to reach a consensus. The discussion is especially important to us as we are more sensitive to this issue, because as a security vendor, we cannot afford to have a security breach. As we transition towards the knowledge industry, I think decentralisation is almost inevitable. The line between employee and contractors, outsourcing and vendors will eventually blur and there will be more of telecommuting global organisations. This trend is being driven by business requirements, and you can't say no to that. That's when we need to figure out what are the security risks involved and how are we going to address them.
42
There is a lot of buzz around deploying DLP. What is your experience on this? I think there are two kinds of users. One user thinks of compliance. They feel if they do not have a DLP solution then the compliance auditors will point it out. The other user thinks about his enterprise risk and data loss; for example, a small outsourcing company like a chip design company which gets the requirements from a major customer. If it’s only a 50 employee company, it will be disastrous if an employee leaks critical information to a competitor. The company may even have to shut down. However, since it is a 50 employee firm, the management doesn't bother despite the issue being very critical to them. At the other extreme, from my perspective, 75 percent compliance
CTO FORUM 07 AUGUST 2010
thectoforum.com
is good. I tell our auditors: it’s not a painting competition where I have to stand first; I'm fine if I pass, for that I'm willing to cut some corners. So in my mind I do this calculation: frequency of occurrence of an event and the impact of that event. Look, if that event occurs every 50 years but has large impact as compared to an event that happens every day but has no impact, are you going to do something about that? However, for certain events, I will have to self-insure. For example, if I have to store data for 10 years and I store it only for eight since nobody asked for it. And then one day somebody asks for it, I am done! I may even lose hundreds or thousands of dollars in compliance in addition to other hassles. And such events happen once in five years.
DOSSIER NAME: Mahendra Negi DESIGNATION: COO & CFO, Trend Micro
MAHENDRA NEGI
NO HOLDS BARRE D
CTO FORUM thectoforum.com
07 AUGUST 2010
43
NO HOLDS BARRE D
MAHENDRA NEGI
It should be a decision based on requirements. You're based out of Japan, but travel to India quite often. So what are the trends that you see in India vis-a-vis Japan, in terms of security, awareness and types of threats. Japan is a small country but with a higher level of security awareness. We wouldn't have the same frequency of security events as India, but use of IT in India is more innovative because there are many constraints in India. Indian businesses have to work around such constraints and so in some ways that is a challenge they face but that is also what the hackers will exploit. I think the big difference is that evolution in India is much faster. Security is a process: absolute security is a myth and will always be. We now see more sophisticated SQL and blended attacks. The cycle of hackers exploiting loopholes and solution providers creating solutions to counter then - will this keep going on or is there any other solution? We have to follow the hackers, because for us to cover all possibilities is too expensive. Assume you have to break into a house with 20 windows: if we make it completely bulletproof and you walk in through the door, isn't all that protection a waste? We would have to figure out that you have entered and react fast upon it. One interesting development is the new detection rate coming from third party vendors. We considered detection as the only metric, but the other metric is time to retaliate. 99 percent detection is nothing if you take 6 months to protect. So time-to-protect, from the first time the threat was analysed, is critical to ensure a comprehensive solution. What are the different kinds of attacks we may observe three years down the line? Three years down the line when we recruit employees mid career, especially if they are from big organisations, would we ask about the strategy document? One of the major realities of this business is you can't have strategy documents of all kinds; hence, an investment that make an organisation agile is a good
44
CTO FORUM 07 AUGUST 2010
thectoforum.com
“One of the major realities of this business is you can't have strategy documents of all kinds; hence agility of the organisation is the biggest investment.� investment. Vectors might change, technology might change, so we have to evolve, otherwise we might be out of business. Hackers are always one step ahead because they are the ones who will exploit usability. In my view, an unconnected computer is safest. Dial up is better than broadband, which is better than wireless but people are driven by usability. That's why there's the need for cloud. The CFO wouldn't care what name we give it; he is driven by the cost whereas some people are driven by its usability. So if usability is driving cloud adoption, then security needs to catch up because hackers will exploit usability. So what we need are "invisible bodyguards". If you wanted to go to Chandni Chowk (in Delhi) for a stroll but due to the high crime rate in Delhi, the invisible bodyguard warns you not to and you heed his warning, then you are safe. However, if you're flanked by bodyguards, it'll take the fun away. Hence, if we made security very hard to use, then people won't use the Internet. We want to make it as unobtrusive as possible, giving freedom to users.
Where do you see the shift from the host-based platforms heading to? If you shift from the host, you have to go to the cloud, there's nothing in between, and from our experience we have been arguing for a number of years on this. Our concept was that enterprises need to block the threat from coming in rather than detect it. Ten years ago we identified that most threats came from email, and today 90 percent malware comes from the Web. Ultimately, it may be that the host may become irrelevant, because if everything moves to the cloud at some point of time, the device is just an access tool. What is your opinion on white listing? White listing and black listing are solutions but neither of them is a silver bullet. White listing is a major task, even vendors such as Microsoft don't digitally sign. You can't rely on this completely. What if the white list got compromised? What if someone did not digitally sign their file; there are so many updates being delivered everyday. So white listing is a
MAHENDRA NEGI
good option but not a silver bullet. Same is the case with black listing. Our objective is to provide security that fits. If you are a much disciplined organisation then this can work, but for a decentralised organisation it’s tough. If your white listing and black listing did not work, you need to have a hybrid model. As the volume of files to be scanned is large, you also can't depend on some regular blocking update. Enterprises are focusing on virtualisation. One of the things enterprises do is that they create images to replicate things fast. Could this practice compromise the security of the organisation? We have specific solutions to address this. The other issue is that the Virtual Machine is on the move, because we're not just talking about anti malware. The customer wants to protect his content, but he doesn't care about what name you give it, because it's all the same from his point of view. In a virtual machine, when the servers move, the policy addressing the physical
server isn't relevant because what you want to address has already moved, and you can't keep changing firewall policies. The beauty of virtualisation is that it is based on the peaks and troughs of resource allocation. So we need to address such issues and how security moves with the virtual machine. The other issue is that if there are 200 machines in the server, are you going to scan 200 times? This will put such a strain on the resource of the enterprise that the whole purpose of virtualisation will go for a toss. So we have to address all these issues, which is how we are doing with VMware. As a CFO, I had the same challenges: some virtualisation is slam dunk for me, and some worries me, as there is sensitive customer data. I worry about security; if your sales presentation gets corrupt then you are in a problem. So I worry about security. The vendor must explain how these concerns are being addressed; this is what we are doing with VMware. When VMware goes to customers, we have all the solutions to the problems mentioned. As virtualisation gets prevalent, new
NO HOLDS BARRE D
issues will come up. But these would be a combination of the ones we are already addressing: the resource utilisation issue, the management of virtual images as they move around, the updating, and so on. In our current product line, we have special security tools for virtual environments. In the enterprise desktop scanner, the new version is virtualisation aware. The problem today is that if your end point environment is partially virtualised, what do you do with your security solution? No one wants to deal with it. The IT manager wants to manage everything with one tool. If you use the existing tool, you'll immediately run into resource problems in the virtual environment because each virtual machine will be treated as an end point. Even though it will theoretically work, in practice it'll destroy the virtualisation effort. So our new products are virtualisation aware. As soon as they detect that your machine is partially virtual, the virtual machine will be covered by the other tool that removes the resource problem.
5
POINTS
DO YOU EXPLORE NEW IDEAS AND PROCESSES? WHAT IS YOUR LEVEL OF RISK TOLERANCE?
ILLUSTRATIONS BY PHOTOS.COM
HOW CRITICAL IS THE CHANGE? CAN THE RISK BE MITIGATED? HOW DO YOU PLAN FOR AND IMPLEMENT CHANGE?
MASTER CHANGE Even if change is important, establishing the right culture can take time. It may be worth the wait.
46
CTO FORUM 07 AUGUST 2010
thectoforum.com
BY MIKE SCHEUERMAN
C H A N G E M A N AG E M E N T
When a company hires a
consultant to assess their systems, they are really asking if everything is being done well. They’re also asking is there is anything that should change – and therein lays the rub. Change is difficult for many people and particularly hard if you don’t know why things should change.
I’ve had the opportunity to see the inside of many companies and one thing I’ve noticed is that every one of them has an optimal rate of change. For example, I recently had the pleasure of working with a great company where there were many long term employees. The executive management team had been with the company nearly twenty years. I was asked by the CEO to assess their technical capabilities and readiness for a growth spurt that he expected because the economic conditions were right for a series of acquisitions. As I went about interviewing the staff, I found that many of them had no idea why I was there and were nervous about what my report might mean for them. I found that the line managers where doing their job as they had always done it without taking a critical look at why they did it a particular way. The problem wasn’t that they were unintelligent people, but rather that they had no experience with doing their job in a different way. Additionally, when a major change was suggested, it was endlessly discussed in committees until the suggestion died of boredom. This is an example of a culture that was ossified and change was an anathema. There are many companies out there with that same kind of mindset. The attitude is that change upsets people and therefore it’s a bad thing. In these kinds of cultures the only way to inject change is to show that change can be a positive thing by initiating changes that bring a large benefit to a small
T E CH F O R G OVE R NAN CE
3.How critical is the change to the company strategy? If the change is incidental to the operation of the company, easing the change in a bit more slowly may be more acceptable. However, if it’s mission critical, the company may support a more rapid change because everyone will understand that the change is important to growth or even survival.
cross-functional group. Those changes can be easily absorbed and the small group becomes the seed for spreading the word that change doesn’t hurt. One of the risk factors in initiating change is understanding the rate of change the organisations can absorb. It’s a bit like planting ground cover, a few little plants here and there, wait awhile and pretty soon they’re everywhere. The same thing happens when you introduce change in an organisation. If you gradually introduce the change and let everyone get used to it in small increments, the change will be more likely to be accepted. But if you try a big bang and change everything at once, people get uncomfortable and odds of making a successful change go down. There’s no easy answer to changing an organisation’s attitude toward change. You have to understand the organisation, its goals, and its culture to assess what rate and volume of change it can absorb. While evaluating your own organisation's tolerance for change you will want to think about:
4.Can the risk be mitigated, if not eliminated? Lowering the risk by putting together detailed plans for change and phasing the change in will help by giving the company a chance to absorb the changes more gradually.
1.Does your company routinely explore new ideas and processes? There is always some risk in doing new things, but if they openly accept change, the organisation is probably more attuned to risk evaluation and does things that generally mitigate risk.
About the author: Mike Scheuerman is an
5.How does your organisation plan for and implement change? Does it have a formal change process or is it ad hoc? More companies are finding that a formal change process is desirable particularly in light of the regulatory requirements of Sarbanes Oxley. Preparing the company for continuous change is one of the things can be done to reduce the risk of change. Putting mechanisms in place to respond positively to change and take advantage of it will give the business a better chance of survival in a world that is constantly changing. Knowing the organisation and using your best judgment on what rate of change can be absorbed is the best way to keep the company moving forward. independent consultant with more than 30 years experience in strategic business planning and implementation. His experience from the computer room to the boardroom provides a broad spectrum view of how technology can be integrated with and contributes significantly
2.What is your organisation’s level of risk tolerance? Some organisations are much more risk averse than others.
to business strategy. Mike can be reached at mike@scheuerman.org. This article has been published with prior permission from www. cioupdate.com.
CTO FORUM thectoforum.com
07 AUGUST 2010
47
T E CH F O R G OVE R NAN CE
C I O - C F O R E L AT I O N S
The Hidden Link Showing the link between technology and revenues will help you get more money out of your CFO
BY GREG BAKER
B
usiness income gets generated in two basic flavours: higher sales or lower costs. This year, sales growth is clearly the focus as customer wallets start to open a bit wider. And to support growth across the business, most IT leaders now face a conundrum: how to meet higher user demands with budgets still very tightly held. In conversations with other CFOs, I have found that financial funding correlates not only to strategic initiatives, but also to teams and people being associated with making money for the business.
Open communication I realise that P&L forecasts are not things IT professionals think about first thing in the morning. And it’s true IT investments rarely take a straight shot into future revenues and income. But to facilitate this association, IT leaders need to know where their business is making money and growing. They can most effectively do this with open communication with sales leaders and their CFO. By engaging in ongoing conversations about business goals and objectives, you can start to target where to align your time, people and capital. And that’s precisely where the IT alignment path begins. To accomplish this task, I recommend three basic steps: Ensure projects are aligned. Today its table stakes to align your projects with a core business strategy. But that alone doesn’t guarantee funding. You need to show that money spent on IT today helps your organisation earn more money tomorrow. Review your results. An important next step is making time for post-launch analysis. This is perhaps the most common oversight I’ve seen. I just can’t understand why some IT teams consistently stop short of reviewing their projects and publicising how they contributed to increased revenue. An IT team I heard about recently provides a great example of how it should be done: They implemented an ERP system and followed-up with metrics from finance that showed a dramatic improvement in receivable collections and cash flow after the new system went live. Because they took time to review their results, this diligent IT team associated its efforts with positive financial metrics all year long. Share successes. Successful IT leaders must be good story tellers and be able to back up their stories with facts that resonate with business leaders -- like how sales rose 30 percent after a new distribution centre came online. The best IT story tellers are able to pinpoint an exciting business event, and show -- in non-technical terms -- how IT helped make it happen. Examples of this kind of team spirit also make a CFO much more comfortable approving future funding requests.
48
CTO FORUM 07 AUGUST 2010
thectoforum.com
Charge forward not back Some time ago it was popular to allocate IT overhead costs and charge them back to specific business units. Often, the result of these efforts were complaints that the charges were unfair. The net result was IT was viewed as a tax collector. Instead of doing charge-backs, more leaders today are working to associate their support with high potential profit areas. While it may take more thought, you can creatively do this by showing things like: How many sales leads marketing gets from the IT-enabled website? How many new customers were acquired since a product launched? How much airfare costs fell with a new videoconferencing system? Branding IT as an enabler of revenue growth creates more interesting conversations around the office and (take it from me) helps loosen a CFO’s grip on the cheque book. Aligning IT with revenue fuels faster innovation by focusing IT resources where the business action is. Sharing business objectives also boosts team morale because IT is more tightly associated with business wins. Be patient, but persistent; it takes time to transform your image from a cost centre to a profit centre. Doing so demands quality time spent with sales, operations and finance leaders. It’s all about asking questions that demonstrate IT wants to learn about sales and income trends, and how their efforts later reflect on the income statement. It’s about making everyone believe your core competency is supporting customer needs and business growth, not just blinking lights in the data centre. When you can draw clear lines between your IT costs and business income, you make IT far more relevant in the process. And I’m willing to bet next year’s budget gets bigger as well. About the author: Greg Baker is the chief financial officer for Logicalis.
HIDDENTANGENT GEETAJ CHANNANA geetaj.channana@9dot9.in
THE AUTHOR IS Executive Editor, CTO Forum
Customer is Always Right
The role of IT in enhancing customer delight THIS TIME my column is more about questions than answers and I would like to get as many opinions from CIOs who are reading it, as possible. We have this enormous refrigerator that looks like a cupboard – with the freezer on the left and the refrigerator compartment on the right. The refrigerator is as good as it is unique. There are only about six of the same kind in our locality (as told to me by the technician who came to repair it). The boon of uniqueness is also the biggest curse for such devices. The problem started when we wanted to get the refrigerator serviced. The experience was nothing less than horrifying. How difficult should the process be? You call the customer service helpline – they take down the complaint – give you a complaint number and send the technician home. Not so. It took six disconnections and 45 minutes to lodge that complaint. And, when the engineer actually landed up, he had no clue of what part to check and the source of the problem. He was not an expert on these kind of refrigerators (though he knew the number of such refrig-
erators in the locality). He was also ill informed and not prepared to handle the problem. He left with the promise of sending an expert – who never came. We promptly received a SMS stating “You complaint no. 12345 has been closed successfully, thanks for contacting customer support.” There are a couple of problems here – one in the form of an ill informed customer executive with a system not equipped to capture all the details and second in the form of processes that are not tight enough. They are probably designed to help the customer – but clearly they are not working. Can technology not help us here? We all talk of Business Intelligence and better dashboards on ERP, why are we not talking enough about customer help systems? The customers generally contact one of the least paid and trained employees in the organisation – the customer support executive. I know it is the most mundane job in the enterprise, but can we not empower the employee to be extremely well informed of the customer? Some telecom companies and
“We all talk of BI and better dashboards on ERP, why are we not talking enough about customer help systems.”
banks probably do a better job of this than most FMCG or consumer durable companies. A good system could help the organisation in not only saving money, but increasing customer delight, making the customer come back for more. Also, I feel that the processes are not strong enough to ensure that the complaint loop is closed properly. There are easy workarounds for employees to bypass the complaint process and there are no proper checkpoints and alerts. Even if these things are built in the system, probably the system is not reviewed on a periodic basis to ensure that they are working optimally. I would be delighted to know if any such processes and reviews exist in the customer relations software that are used. If yes, what are they and how are they managed? If not, are there any other solutions that you use to ensure that your customers are always delighted when they contact your company? Do share your experience! I am sure many of us here can benefit from the knowledge.
CTO FORUM thectoforum.com
07 AUGUST 2010
49
THINKINGBEYOND CHRIS CURRAN | chris.curran@diamondconsultants.com
CHRIS CURRAN is Diamond Management & Technology Consultants’ chief technology officer and managing partner of the firm’s technology practice. He writes the CIO Dashboard blog at www.ciodashboard.com
Thoughts on IT Cost Cutting Avoid wax build-up in your IT organisation DURING a recent business re-org, one of our long-time insurance clients took the opportunity to strengthen their enterprise IT function by centralising it. One of their first orders of business is to review the IT estate for opportunities to simplify.
1 2 3
D (30%)
4
D (50%) ND (50%)
ND (70%)
Cost
Value
value
IMPROVING THE VALUE OF IT Current State future State
D: Discretionary, ND: Non-Discretionary
50
Before I get into Diamond’s answer to this, I thought it would be interesting to see what others would do. So, I asked the Twitter #CIO crowd for their top 3 ideas for IT cost cutting. In addition to the tongue-in-cheek “Fire the CIO and CTO” answer, there were several good ideas offered. Thanks to @mcgoverntheory, @ dougnewdick, @sethgrimes, @jtbauer, @elliotross, @vpsingh, @smith_ marty and @chrisonea for their thoughts. How To Cut IT Costs – CIO Twitter Community Perspective: Eliminate buildings and promote telecommuting HW/SW maintenance and 3rd party licenses, telecom, virtualisation and open source Not use process as substitute for competence Spend less on consulting Rigorously scrutinise business cases before and check the actual benefits after IT projects I had an IT boss who said he’d fire half his staff if he could. IT advisor replied (privately), Yes, the wrong half.
CTO FORUM 07 AUGUST 2010
thectoforum.com
Organisations wait to Simplify the IT estate, resulting in something my partner Paul Blase calls “waxy buildup.”
Review all maintenance contracts, cut wasted spend We are looking at less space & more virtual teaming Would get virtual machines, and a tool to manage VM’s To summarise these proposals, they centre on spending less on physical assets, making better use of staff and more fully leveraging tools to work smarter.
Diamond’s IT Cost Optimisation Framework Most CIOs I talk with think they can improve process consistency, reduce or eliminate lower priority initiatives and get higher levels of productivity while reducing costs through simplification. This is a big goal, but one I have seen some do successfully as long as they do the right things in setting up, building accountability for a staffing the resulting roadmaps. We think that there are four basic techniques leaders have to lower overall IT cost – we have seen some real improvements as some of our clients have applied them. 1.Environment Simplification - A
COST CUT TI NG
banking client reduced the complexity of its deposit process by 75% to reduce the number of systems to two. 2.IT Organisation Design & Sourcing - A major school district established a competitive bid process which resulted in negotiated savings of over 15%. 3.IT Spend Analysis & Portfolio Management - A major North Ameri-
can insurer analysed its IT spend and was able to reallocate $300M in “non-discretionary” spend to strategic projects. 4.Delivery Throughput - A financial services company implemented an SDLC framework to move to a more mature level of process discipline using CMMI, and standardise the competency requirements of
T H I N K I N G B E YO N D
solution delivery staff and expect a 10-20% improvement in project delivery efficiency. Simplifying the IT estate is something that many organisations wait to do, resulting in something my partner Paul Blase calls “waxy buildup.” Whether you wait 3-5 years or or try to keep the house tidy every year is your choice.
Inside the Huddle
Connecting Strategy with Execution WE'VE hit the point in the summer in the US when football training camps are almost upon us—one of our favourite times of the year. Football, in our opinion, more than other American sports, exemplifies the three dynamics we at Diamond use in assessing a company’s “Digital IQ”—Strategy, Mobilisation, and Execution. Well in advance of a football team’s next game, the coaching staff must put together an overall strategy. In the days leading up to the game, the coaches and players then walk through every detail and scenario they might face—preparing for battle by mobilising all available resources and assigning appropriate accountability. On game day, if the initial strategy proves to be sound and each player effectively fulfils his role, the team will walk off the field with a win, having executed the game plan. Among the 724 respondents in our third annual Diamond Digital IQ study, we found that effective mobilisation—with a single, clear organisational roadmap and assigned leadership and accountability—was the strongest indicator of high performance. All
football teams have separate coaches for the offense, defence, special teams, and various positions, but success comes down to the level of detail in the preparation. On any given Sunday in the NFL, a game-changing play could depend on a single block by an offensive lineman. Consequently, the lineman must remain accountable to the team as the game’s outcome hangs in the balance. In the corporate world, too many companies struggle with the mobilisation phase, leaving them with no way to connect strategy and execution. For example, detailed planning and budgeting of finances, time, and resources often take place too late in the game and an organisation winds up backtracking—and backtracking is expensive. In Diamond’s Digital IQ study, more than two out of three of the highest-performing respondents indicated they have a single roadmap for their overall corporate strategy. This compares with less than half of the lowest-performing quartile. Moreover, 54% of top performers indicated they could mobilise the proper resources to execute the
roadmap, compared with 25% of the bottom-quartile respondents. The majority of business and IT leaders believe there are only two parts: strategy and execution. As a result, they are not able to get the maximum value from their initiatives. Where does the responsibility for this reside? Is it the CIO’s fault for focusing too heavily on internal-facing projects? Does blame reside with the CEO for failing to champion technology? We’re seeing more innovation today than at any other point in the history of information technology, but “putting pen to paper” is a long stretch from going to market. At the beginning of football season, every team is tied in the standings and hope abounds among each team’s fans. A team will stay competitive throughout the season if it gets all three facets—strategy, mobilisation, and execution—right. But the team that executes best will always be in position to win, and execution depends on meticulous mobilization. So where does your organisation’s “Digital IQ” sit in the standings?
Effective mobilisation - with a clear roadmap and assigned leadership - was the strongest indicator of high performance.
—Coauthored by John Sviokla, vice chairman of Diamond Management & Technology Consultants.
CTO FORUM thectoforum.com
07 AUGUST 2010
51
Author: Alan Axellrod
HIDE TIME | BOOK REVIEW
“His life is a true example to the business environment”
Lead like Mahatma
Do no evil, and many more lessons
GANDHI, a CEO? Can this saint-like figure from the pre-independence era with his message of nonviolence and loving the enemy inspire new age business leaders?! Well, this is how I reacted when I first saw the book at a bookstore. The answer, surprisingly, is yes. Authored by Alan Axellrod, this inspirational book looks at Gandhi, born in 1869, in a modern light, focusing on his leadership style that can serve as a guide to aspiring as well as existing CEOs. It tries to corelate Gandhi's thoughts and actions to a modern day complex business environment and identifies truth, non-violence, the philosophy of do or die and sacrifice as critical traits that a CEO should focus upon. But aren't the complexities of today's businesses vastly different from those of the times that Gandhi lived in? Not so. According to the author, the variety of circumstances in which Gandhi fought make his canvas of struggles bear much similarity to the multinational business
52
environment of the twenty-first century. In order to tackle the growing uncertainties and complexities of today's business, Axellrod takes a deep look into Gandhi's philosophies by breaking down his leadership strategies into 14 key facets and 100 lessons, each illustrated with quotes from Gandhi and representative situations from his life. It analyses the importance of a stress-free ‘human value oriented’ work culture rather than a nervewracking and unorganised targetspecific enterprise civilisation. It says that a leader, like Gandhi, must act with the well-being of every stake holder in his mind. Seeking to effect change, Gandhi stressed on ways to change outcomes rather than ways to change people. The author identifies this approach as an example for anybody whose job is to lead an organisation through change. One of the most interesting topics the author discusses in this book is the essence of truth in today’s
CTO FORUM 07 AUGUST 2010
thectoforum.com
ABOUT THE REVIEWER
Jatinder Singh is working as senior correspondent with IT Next, a magazine for aspiring CIOs.
value-driven economy. Going by Gandhian values, he suggests that a great CEO needs to be transparent in his approach in order to guide and inspire people in an effective way. He has justified its relevance by citing examples from the sudden collapse in 2008 of many major banks and venerable security firms, which, for decades, were evading the truth. The author, however, fails to expound on the complications that a transparent business model may lead to during recessionary times. With all due credit to Gandhi, however, one must not forget that aspiring for a full-fledged, utopian model within the present day business model may result in some very unintended consequences. The book is recommended for second generation entrepreneurs and business leaders who are trying to make their presence felt in any industry. Written in a simple and lucid style, it aims to be of value to young CEOs who are aspiring to become people leaders.
HIDE TIME | CIO PROFILE
Going For Perfection DIPESH THAKAR
WELL begun is half done? Maybe, but for one CIO who plans the road map for an organisation looking many years in future, it’s getting to the finish point that really matters. Meet Dipesh Thakar, CTO, Destimoney (earlier known as Dawnay Day AV), a financial services provider. Building the basic infrastructure and getting the processes right is important for him, but that’s just the first of the three phases of his planned tenure in an organisation. The second phase is all about optimisation of costs and time. However, the one that gives him a high is the third one, when it’s time to enable the organisation in a way that gives it an edge over others and fetch “disproportionate returns” in the process! Thakar got his hands into all-things-IT at an early age. While still in college, he assembled computers for businessmen in his locality. His curiosity about technical devices had been stirred much earlier — during his school days — when he recalls he was interested in how things work, though he never topped in class. One of his favourite periods was NCC; particularly those when his NCC instructor would teach survival tactics. “Even today, I
HOME IS WHERE THE HEART IS Thakar come from a traditional Gujrathi family where the religion and respect for elders are very important values. A family person Thakar likes to spend time with his extended family. Playing on his X Box or cards with his wife, Bhumil, and parents is his recipe to unwind. As also going on long drives and meeting friends and peer group.
PRACTICE TILL YOU ARE…. His favourite book is Outliar! by Malcom Gladwell. “I liked it because of the 10,000 hour rule that it talks about. You can be perfect in anything if you practice it for 10k hours.” A TRIP IN THE DARK Thakar’s most memorable trip to date remains his trip to Phuket. “We ventured into the sea in kayaks visiting the caves in total darkness,” he recalls.
remember his emphasis on ‘discipline and high morale’ which always brings success,” Thakar says. Over the years, Thakar’s roles have seen him build skills in areas ranging from IT infrastructure to application management to IT strategy and governance. How does
CTO FORUM thectoforum.com
07 AUGUST 2010
53
PHOTOS BY JITEN GANDHI
CTO, Destimoney
HIDE TIME | CIO PROFILE
Snap Shot one manage to work on keeping the lights on in the organisation while keeping abreast of the latest in technology? “The trick lies in aligning personal goals with those of the organisation,” says Thakar. “With every project I undertake, I put my soul into its execution to make it successful.” Thakar was instrumental in setting up the entire IT platform for Brics & Destimoney from scratch and he considers that as among his most important achievements. Thakar finds much personal satisfaction in trying to increase the financial literacy in masses so that quality of life improves for the society, a goal wherein he shares passion with his employer. “I believe, what we do at Destimoney is to take financial products to the masses and I believe IT platforms can play a huge role in this,” he says. A CIO’s life may be hectic but Thakar still makes the time to participate in activities where his technical background comes of use. At Mumbai Police’s Cyberweek, he was involved in programs to spread awareness. Along his colleagues, he worked to sensitise not only his company’s employees but also his neighbourhood about the importance of securing information assets. “I have conducted many quizzes in office and outside,” he says. Thakar’s bagged the best employee award twice: in 2003 from Birla Sunlife Securities and in 2006 from Dawnay Day AV. But you won’t find him broadcasting that on his Linkedin profile. “My larger goal in life is to remain humble as I grow,” he says. When he talks to you with that beaming smile on his face, you know he means it. —By Aditya Kelekar
54
CTO FORUM 07 AUGUST 2010
thectoforum.com
Saluting the cops: Thakar credits the Mumbai police for actively campaigning on the need to be alert about not just security issues, but information security issues too. “Some of the government officials are very knowledgable and dedicated,” he says. Thakar feels that after the 26/11 terrorist attack, the Mumbai police have really got their act together. Technology to the rescue: Putting his tech skills to good use, Thakar’s worked actively with the Bombay Technology Club to share best practices when it comes to information security. The right path and the comic stuff: “Argument is bad but discussion is good,” Thakar quips. Ask him why. “Because argument is to find out who is right and discussion is to find what is right!!” For all his serious talk, Thakar loves Hindi movies that make you double up with laughter. Jo Jeeta Wohi Sikander and 3 Idiots are among his all-time favourites.
VIEWPOINT STEVE DUPLESSIE | steve.duplessie@esg-global.com
Summer Thoughts
ILLUSTRATION BY SURESH KUMAR
Focus on small things to make a big difference
SUMMER is a good time to re-evaluate things. I’m spending a lot of time on the beach this summer. Waves crashing in all around you have a way of clearing the mind, I find. Mother Nature is simply awesome. When you watch the relentless force of the ocean, it makes you realise that you are absolutely powerless to change things that big. All you can do is watch and try to survive. Makes me realise that what we are really meant to do is focus on the small things that we can affect — because aiming too high is a fool’s errand. In our business, it’s the same thing: if we focus on issues too large to effect real change, we’re wasting time. If we focus too myopically without understanding how our actions fit (or don’t) into the bigger picture, we’re wasting time. If your job is to rake the beach, but you do it as the tide is coming in, you wasted time. If your job is to keep the tide from rising, you are really wasting time. IT administrators can be beach-
56
rakers. Senior executives like to focus on altering tides. In IT, we spend way too much time on both ends of the spectrum. We either spend all our time on myopic efforts that have little bearing on the overall mission at hand or too much time trying to change the way our entire business operates in order to fit some neat IT process. Neither works. Instead, it seems to me that it would be better for all concerned if we occasionally re-evaluated our situation and adjusted to current realities. It sure would be better for your mental health, if nothing else. The easiest way to evaluate your situation, regardless of what that situation is, is to ask yourself “WHY?” Ask it over and over, like a two-yearold. Why are you doing what you are doing? Is what you are doing relevant to the overall mission? Is the overall mission reasonable and attainable? If, at any time, your answers are at odds with your intent, it’s time to stop. The key, of course, is honesty.
CTO FORUM 07 AUGUST 2010
thectoforum.com
ABOUT THE AUTHOR: Steve Duplessie is the founder of and Senior Analyst at the Enterprise Strategy Group. Recognised worldwide as the leading independent authority on enterprise storage, Steve has also consistently been ranked as one of the most influential IT analysts. You can track Steve’s blog at http://www. thebiggertruth.com
You can convince yourself that you simply must find a solution for interplanetary replication, but you aren’t being honest. If you are, you’ll discover that you are wasting time. There are 1,000 problems to be solved in your data centre. Half of them don’t matter, but which half? Try to focus on ones that matter — that lead to a positive outcome. Stop keeping yourself away from the beach with the family because you can’t figure out lunar snapshotting. Ask yourself this: “What problem am I trying to solve? Why? If I don’t solve it, what is the real implication? If I do solve it, what are the real benefits?” If the answers are shaky, move on to another problem to be solved. There will always be another problem, as sure as there will always be another tide. Work to live, my friends, don’t live to work. It’s easy to find yourself on the wrong side of that equation. Summer is a good time to re-evaluate. Surf’s up.