S P I N E
CIO & LEADER.COM
06
TECH FOR GOVERNANCE
VIEWPOINT
BEST OF BREED
The ABCs of Cloud Compliance Pg 63
Meeting IRL (In Real Life) Pg 68
Business Planning During Storm Season Pg 16
Volume 01 Issue 06 June 2012 150
alter ego T R A C K T E C H N O LO G Y
B U I LD B USI N ESS
SHAPE SELF
CLOUD IS NOT A BOUNTY OF SAVINGS | THE CHANGING ROLE OF THE IT PRO
A look at how some of the top CIOs are displaying leadership qualities, in their other avatars, beyond the four walls of office Page 24
Volume 01 | Issue 06
A 9.9 Media Publication
CTO_Forum_260612 Size:213x283(bleed) 210x280 (Trim) 200x270 (Type)
Now with
‘Server Class’ Drives
` 4,50,000 for 36TB* * Taxes extra.
Network Storage for Business NVR for IP Surveillance - up to 48 cameras
- Built on world-class EMC® storage technology - Advanced storage, security, and content sharing that is easy and affordable - PC, Mac® and Linux®; 8TB to 36TB in a single array - Certified for Vmware®, Windows® Server, Citrix® XenServer - Protect and share your data from anywhere with Iomega Personal Cloud - Server class drives for higher reliabilty and performance - Video Surveillance ready - connects upto 48 cameras.
EDITORIAL YASHVENDRA SINGH | yashvendra.singh@9dot9.in
Beyond the Call of Duty The attribute of
leadership is not restricted to one’s professional life. This spirit of leadership spills over
M
ost often than not, leadership is difficult. I have realised that writing on leadership is equally difficult. That the road to leadership is less traveled is clearly brought out by the fact that we have hundreds of leadership models, innumerable courses and an inexhaustible literature on it, yet very few leaders. There are umpteen reasons for this. Leaders need to stay clam when the urge is to scream. They need to commit when the easier way out is simply procrastinating. They need to shoulder the burden of blame if things go
wrong when they can get away by blaming subordinates. Above all, they need to unite people with disunited ideas. Leadership certainly is tough. Writing on a subject like leadership is not easy either. There are as many aspects to the subject as there are theories, and I have found out that it is next to impossible to examine all of them. It is just like Krishna fighting the many hooded serpent. Whenever I write about one aspect of leadership, I feel there are two more that are equally important and need to be written about.
EDITORS PICK 24 Alter Ego
A look at how some of the top CIOs are displaying leadership qualities, in their other avatar, beyond the four walls of office
The topic of leadership, in the context of enterprise technology decision makers, that we decided to touch upon this time is one such that has not been discussed before (at least not in such depth). We, at CIO&Leader, are of the core belief that the attribute of leadership is not restricted to one’s professional life. This spirit of leadership spills over. So, in your spare time, you could be turning into a faculty member, an entrepreneur, or even a philanthropist, thereby displaying your leadership qualities in this other function. Through the cover story, therefore, we intend to showcase what some of India’s top CIOs are doing apart from their core professional responsibilities. The story also reveals other aspects of leadership, (compassion, for instance) that may not come out so evidently at the workplace. We hope this effort of ours
will be a small nudge for you to go beyond the four walls of office and display your leadership fervor in something you are passionate about. There are no two ways about the fact that leadership is something that nobody can ever understand completely. However, through CIO&Leader our endeavour will bring to you its myriad facets. So, continue to extend your support to us and let us know what you do apart from managing IT in your enterprise, and how do you extend your leadership abilities beyond the call of duty. We look forward to your feedback.
June 2012
1
JUNE 2012 24
COVER STORY
REGULARS
24 | Alter Ego
CIO & LEADER.COM
One of the attributes of a leader is to go that extra mile. A look at how top CIOs are displaying leadership qualities beyond the four walls of office
01 | EDITORIAL 06 | E NTERPRISE ROUNDUP 68 | VIEWPOINT 06
June 2012
Volume 01 | Issue 06
2
COPYRIGHT, All rights reserved: Reproduction in whole or in part without written permission from Nine Dot Nine Interactive Pvt Ltd. is prohibited. Printed and published by Anuradha Das Mathur for Nine Dot Nine Interactive Pvt Ltd, Bungalow No. 725, Sector - 1, Shirvane, Nerul, Navi Mumbai - 400706. Printed at Tara Art Printers Pvt ltd. A-46-47, Sector-5, NOIDA (U.P.) 201301
VIEWPOINT
BEST OF BREED
Meeting IRL (In Real Life) Pg 68
Business Planning During Storm Season Pg 16
Volume 01 Issue 06 June 2012 150
alter ego T R A C K T E C H N O LO G Y
CLOUD IS NOT A BOUNTY OF SAVINGS | THE CHANGING ROLE OF THE IT PRO
Please Recycle This Magazine And Remove Inserts Before Recycling
TECH FOR GOVERNANCE
The ABCs of Cloud Compliance Pg 63
B U I LD B USI N ESS
SHAPE SELF
A look at how some of the top CIOs are displaying leadership qualities, in their other avatars, beyond the four walls of office Page 24
A 9.9 Media Publication
COVER DESIGN BY ANIL T PHOTOS BY SUBHOJIT PAUL & JITEN GANDHI
SPECIAL LEADERSHIP SECTION PAGE 32A TO 46
MY STORY
34 | “Leadership is all about People”
Nandkishor Dhomne, CIO, Manipal Hospitals believes leadership is about understanding how one can perform in a team and get the xx desired result
33 | TOP DOWN IT INNOVATION IS VERY SHORT-LIVED Rajesh Uppal, CIO, Maruti Suzuki talks about how he has kept his IT department a step ahead of competition
44 | OPINION MOUNTAINS AREN'T CLIMBED WHILE SITTING INSIDE A TENT Success
40 | THE BEST ADVICE I EVER GOT “WHEN IN PROBLEM, KEEP OUT EMOTIONS”
doesn’t come if you only plan and do not execute
It is important to keep emotions out when dealing with any situation
41 | ME & MY MENTEE THERE IS NO SHORTCUT TO ANYTHING Structured learning plan has helped this mentor-mentee duo achieve great heights
36 | LEADING EDGE DEVELOPING BETTER CHANGE LEADERS
46 | SHELF LIFE LEADERSHIP ISN’T FOR COWARDS
Putting leadership development at the heart of a major operations' improvement effort paid big dividends
How to drive performance by challenging people and confronting problems
June 2012
3
www.cioandleader.com Managing Director: Dr Pramath Raj Sinha Printer & Publisher: Anuradha Das Mathur EDITORIAL Executive Editor: Yashvendra Singh Consulting Editor: Atanu Kumar Das Assistant Editor: Varun Aggarwal Assistant Editor: Ankush Sohoni DESIGN Sr Creative Director: Jayan K Narayanan Art Director: Anil VK Associate Art Director: Atul Deshmukh Sr Visualiser: Manav Sachdev Visualisers: Prasanth TR, Anil T & Shokeen Saifi Sr Designers: Sristi Maurya & NV Baiju Designers: Suneesh K, Shigil N, Charu Dwivedi Raj Verma, Prince Antony, Peterson Prameesh Purushothaman C & Midhun Mohan Chief Photographer: Subhojit Paul Sr Photographer: Jiten Gandhi
10 A QUESTION OF ANSWERS
10 | UNLEASHING ‘INNOVATION MOJO’ Todd Park, CIO of the US, on how he partnered technology with open-data initiatives to tap into talented innovators
60 | TECH FOR GOVERNANCE: THE ABC'S OF CLOUD COMPLIANCE
advertisers’ index
49 | NEXT HORIZONS: CLOUD IS NOT A BOUNTY OF SAVINGS Review before making any decision on changing your technology
4
June 2012
16 | BEST OF BREED: BUSINESS PLANNING DURING STORM SEASON If you don’t have a business continuity plan, put it on your immediate to-do list
iOmega HP-PSG Ricoh Cisco Schneider IBM Riverbed Microsoft IBM
IFC 5 8-A 9 14, 15 23 IBC BC
ADVISORY PANEL Anil Garg, CIO, Dabur David Briskman, CIO, Ranbaxy Mani Mulki, VP-IT, ICICI Bank Manish Gupta, Director, Enterprise Solutions AMEA, PepsiCo India Foods & Beverages, PepsiCo Raghu Raman, CEO, National Intelligence Grid, Govt. of India S R Mallela, Former CTO, AFL Santrupt Misra, Director, Aditya Birla Group Sushil Prakash, Sr Consultant, NMEICT (National Mission on Education through Information and Communication Technology) Vijay Sethi, CIO, Hero MotoCorp Vishal Salvi, CISO, HDFC Bank Deepak B Phatak, Subharao M Nilekani Chair Professor and Head, KReSIT, IIT - Bombay NEXT100 ADVISORY PANEL Manish Pal, Deputy Vice President, Information Security Group (ISG), HDFC Bank Shiju George, Sr Manager (IT Infrastructure), Shoppers Stop Farhan Khan, Associate Vice President – IT, Radico Khaitan Berjes Eric Shroff, Senior Manager – IT, Tata Services Sharat M Airani, Chief – IT (Systems & Security), Forbes Marshall Ashish Khanna, Corporate Manager, IT Infrastructure, The Oberoi Group SALES & MARKETING National Manager – Events and Special Projects: Mahantesh Godi (+91 98804 36623) National Sales Manager: Vinodh K (+91 97407 14817) Assistant General Manager Sales (South): Ashish Kumar Singh (+91 97407 61921) Senior Sales Manager (North): Aveek Bhose (+91 98998 86986) Product Manager - CSO Forum and Strategic Sales: Seema Menon (+91 97403 94000) Brand Manager: Gagandeep S Kaiser (+91 99999 01218) PRODUCTION & LOGISTICS Sr. GM. Operations: Shivshankar M Hiremath Manager Operations: Rakesh Upadhyay Asst. Manager - Logistics: Vijay Menon Executive Logistics: Nilesh Shiravadekar Production Executive: Vilas Mhatre Logistics: MP Singh & Mohd. Ansari OFFICE ADDRESS Published, Printed and Owned by Nine Dot Nine Interactive Pvt Ltd. Published and printed on their behalf by Anuradha Das Mathur. Published at Bungalow No. 725, Sector - 1, Shirvane, Nerul, Navi Mumbai - 400706. Printed at Tara Art Printers Pvt Ltd. A-46-47, Sector-5, NOIDA (U.P.) 201301 For any customer queries and assistance please contact help@9dot9.in This issue of CIO&Leader includes 16 pages of CSO Forum free with the magazine
Newsletter
This index is provided as an additional service.The publisher does not assume any liabilities for errors or omissions.
CTO FORUM thectoforum.com
07 MONTH 2010
4
ENTERPRISE
Strategic Techs to Assimilate Into Mgmt Tools Pg 08
PHOTO BY PHOTOS.COM
ROUND-UP
STORY INSIDE
Citrix Acquires Bytemobile The buyout
gives Citrix a toehold in the core infrastructure of 130 mobile operators CITRIX has signed a definitive agreement to acquire privately held Bytemobile, a provider of data and video optimisation solutions for mobile network operators. This acquisition gives Citrix a key strategic foothold in the core infrastructure of more than 130 mobile operators in 60 countries around the world, extending the company’s market reach, and enhancing the broader Citrix strategy of cloud services. With the advent of the Cloud Era, mobile operators are experiencing explosive growth in network traffic, driven by the combination of new consumer devices, rich multimedia content, and high speed 3G,
6
June 2012
4G and LTE networks. By joining forces, Citrix and Bytemobile will be able to offer these operators combined solutions that deliver a high quality user experience to mobile subscribers, while helping operators manage the exponential growth of mobile network traffic. The acquisition builds on a strategic partnership announced earlier this year that combined the Bytemobile Smart Capacity technology with the Citrix NetScaler line of cloud networking solutions. This transaction has been approved by the board of directors of each company and is expected to close during the third quarter of 2012.
DATA BRIEFING
$5.4
billion Is the global ECB disk storage revenue in the Q1 of 2012
ENTERPRISE ROUND-UP
THEY MARK SAID IT ZUCKERBERG This is a well-known fact, but one that continues to surprise. In several interviews and goals statements, Zuckerberg has made it clear that making money is not his first aim — connecting the world is.
PHOTO BY PHOTOS.COM
“Simply put: we don’t build services to make money; we make money to build better services.” —Mark Zuckerberg, Founder, Facebook
Financial Services to Spend Rs 37,700 crore on IT in 2012 Telecom to be the largest spending area THE INDIAN financial services industry (FSI) will spend 377 billion rupees on IT products and services in 2012, an increase of 17.4 percent over 2011 revenue of 321 billion rupees, according to Gartner, Inc. This forecast includes spending by insurers on internal IT, hardware, software, external IT services and telecommunications. Telecommunications equipment and services represents the biggest spending category, and it is forecast to reach 131 billion rupees in 2012, up from 113 billion in 2011. However, spending on software is expected to grow the fastest in 2012, with revenue totaling 34 billion rupees in 2012, up 28 percent from 2011 revenue of nearly 27 billion. This is being driven by very high growth in enterprise software applications such as financial and administration packages, and customer relationship management. “The real spend drivers will be the Indian retail bankers, although all financial services sectors including insurance and securities are increasing IT spend as they build out their infrastructures,” said Derry Finkeldey, principal research analyst at Gartner. “Mobile is really top of mind for CIOs currently, and enterprise spend on devices is increasing and expected to grow by nearly 50 percent in 2012. There is also a corresponding growth in mobile network services, of nearly 30 percent.”
QUICK BYTE ON SECURITY
Some user passwords of LinkedIn and dating site eHarmony were breached. The two companies haven't disclosed the number of accounts breached for their respective websites but there are guesstimates that these could run into thousands if not lakhs. June 2012
7
PHOTO BY PHOTOS.COM
ENTERPRISE ROUND-UP
Strategic Techs to Assimilate Into Mgmt Tools Capabilities to also become integral to future generations
“WE ARE already seeing the adoption of 'big data' within the IT and operations management [ITOM] industry. In particular, SaaS management providers now have to collect and synthesise large volumes of data,” said Milind Govekar, managing vice president at Gartner. “We also expect more nextgeneration analytics to come to the forefront to address an increasingly hybrid cloud environment. On the social front, IT service
desk social management tools will establish an interactive relationship with end users, enhance end-user productivity, provide a platform to share information and ideas, and market the value of IT to the business.” In the fourth quarter of 2011, Gartner identified the 10 technologies and trends that will have the biggest impact for most organisations in 2012. They are: 1. Media tablets and beyond, 2. Mobile-centric appli-
GLOBAL TRACKER
Mergers & Acquisitions
Business software company Yammer Inc
has agreed to sell itself to Microsoft for more than $1 billion, the Wall Street Journal reported. 8
June 2012
cations and interfaces, 3. Contextual and social user experience, 4. The Internet of things, 5. App stores and marketplaces, 6. Next-generation analytics, 7. Big data, 8. Inmemory computing, 9. Extreme low-energy servers and 10. Cloud computing. Media tablets and beyond. The media tablet market is seeing rapid device churn, which makes support and management both complex and expensive. With users broadening their use of personal devices for business applications and many organisations deploying mobile device management (MDM) to support different management styles in different ways, Gartner expects these factors to drive the adoption of tools to manage the full life cycle of mobile devices. Mobile-centric applications and interfaces. Managing applications and data is more important than managing devices. One application can support multiple devices that run different OSs. However, organisations should not assume that tools and OSs work the same way in mobile environments as they do on the desktop. Gartner recommends that IT leaders establish a mobile competency center to ensure there is sufficient focus on this area. Contextual and social user experience. Context-aware computing uses information about an end user's or an object's environment, activities, connections and preferences to improve the quality of interaction with that end user or object. Gartner believes that by 2015, 40 percent of the world's smartphone users will opt in to contextual service providers that track their activities. IT operations will need to extend their capabilities beyond technologies such as configuration management databases to include individuals’ social interaction information for social graph capabilities. The Internet of things. The Internet of things is a concept that describes how the Internet will expand as sensors and intelligence are added to physical items such as consumer devices and physical assets and these objects are connected to the Internet. It will likely become impossible for organisations to develop rules and discover relationships between these devices. As a result, machine and statistical learning technologies will likely be tools increasingly used by organisations using Internet-attached sensors and instruments.
ENTERPRISE ROUND-UP
IMAGING BY SHOKEEN SAIFI
Top Concern in Mobile Security? BYOD, Of Course! Yet BYOD adoption higher in BRIC
THE RAPID proliferation of consumer mobile devices is changing the traditional IT environment in enterprises, as 90 percent of enterprises have already deployed mobile devices, with smartphones being most widely deployed, according to a survey by Gartner, Inc. Eighty-six percent of enterprises surveyed said that they plan to deploy media tablets this year. Respondents came from organisations with 500 or more employees and an in-house data center in the United States; the United Kingdom;
Germany; Australia; Brazil, Russia, India and China (BRIC); and Japan. The survey was conducted in October through November of 2011. The survey centered on the deployment status of, and plans for mobile device adoption; bring your own device (BYOD) policy; and investment in data centers and adopting technology drivers, including hosted virtual desktop (HVD) for enterprise mobility. "Healthy growth in smartphone and media tablet shipments over the next five years will enable a much higher level of IT consumerisation than is currently possible," said Chae-Gi Lee, research director at Gartner. "Enterprises should recognise this and look to 'mobile enable' their IT infrastructure for employees to meet the growing demand for mobile device use in the enterprise IT environment." A further impact of consumerisation is the proliferation of BYOD in enterprises. Gartner's survey found that many enterprises are allowing personal mobile devices to connect to the enterprise network. BYOD demand was higher in the BRIC countries where more Generation Y (Gen Y) employees are working. With the proliferation of BYOD, there are many security issues for enterprises to consider before they invest in mobile computing. According to the survey, the top issues were "use of privately owned devices" and "deployment of new enterprise mobile platforms." Enterprises should focus on mobile data protection (MDP), network access control (NAC), and mobile device management (MDM) tools to support their BYOD and new enterprise mobile platform efforts. These technology factors are essential to establish a standard mobile platform for enterprises.
FACT TICKER
Significant Malware Increase Across All Platforms Three million new malware detected in '12 MAC malware was also on the rise, indicating that total malware could reach the 100 million mark within the year. “In the first quarter of 2012, we have already detected 8 million new malware samples, showing that malware authors are continuing their unrelenting development of new malware,”
8B
June 2012
said Vincent Weafer, senior vice president of McAfee Labs. “The same skills and techniques that were sharpened on the PC platform are increasingly being extended to other platforms, such as mobile and Mac; and as more homes and businesses use these platforms the attacks will spread, which is why all users, no matter
their platforms, should take security and online safety precautions.” Mobile malware raced up a significant incline during Q1 2012, with 8,000 total mobile malware samples collected. Financial profit is one of the main motivators for spreading malware on the Android platform. Nearly 7,000 Android threats have been collected and identified through the end of Q1, a more than 1200 percent increase compared with the 600 Android samples collected by the end of Q4 2011.
NETWORKING
H
alf the world will have access to 4G mobile networks by 2017 providing the high-speed Internet access needed to download videos and play games on smartphones, Ericsson said in a report on the telecoms market. A huge surge in data traffic has driven demand for high capacity networks as people on-the-go use smartphones like Apple's iPhone to surf the net. Data traffic, particularly video, is expected to grow 15-fold by 2017, the world's top mobile network equipment maker said in the annual report. While Ericsson said it expects 3G to remain the main technology for years to come, it reckons the demand for highspeed Internet access means operators will have to build new 4G networks to cope. By 2017, around 50 per cent of the world's population will have access to a 4G network a technology in which Ericsson has a dominant market share - up from around five per cent in 2011. "This revolution is driven by smartphones, by video, by cloud-based services, the Internet and end-to-end connectivity," Johan Wiberg, head of Ericsson's networks unit, said after publication of the report. Ericsson has a market share of more than 60 percent in LTE against a share of around 38 per cent overall in the mobile equipment market.
A QUES TION OF ANSWERS | TODD PARK
TODD PARK | CTO, UNITED STATES
UNLEASHING GOVERNMENT’S
‘INNOVATION MOJO’ Todd Park, CTO of the US, explains to McKinsey's Eric Braverman and Michael Chui how he partnered technology with open-data initiatives to tap into talented innovators across the government.
Innovation is a big part of your new role. But some would say the US government is not known for innovation—and we’re in an election year, which may be a difficult time to get things done. Do you see innovative things happening in the government right now? There’s an extraordinary amount of innovation happening in the US government, and I’d say the single biggest driver is that the government is embracing the idea of open innovation—unleashing the power of the private sector, the academic sector, the nonprofit sector, and the public in general to get a lot more done than if
10
June 2012
the government tried to do everything itself. There’s a rapidly growing array of stories we can tell along those lines. One story is the Health Data Initiative, which I was fortunate enough to co-found in 2010 with a team at HHS and the Institute of Medicine. We wanted to emulate what the National Oceanic and Atmospheric Administration had done with weather data: making it available in downloadable, machine-readable form, which led to all kinds of products and services— weather websites, weather apps, weather insurance—that have benefited the American people and contributed to economic growth and jobs. There’s a lot of data in the vaults of
HHS and its sister agencies—data on everything from the health of our communities, to the quality of our health care providers, to information about drugs, to Medicare claims data. The idea was to do three things: first, make data available that’s never been made available before, either to the public or to qualified entities, all while rigorously protecting privacy. Second, put out data in forms that are usable for developers. A lot of the data that HHS had made publicly available was in the form of books, PDFs, or static websites; we had to turn it into liquid, machine-readable data that could be accessible via application-programming interfaces.
TODD PARK | A QUES TION OF ANSWERS
US government: Unleashing the power of the private sector
June 2012
11
A QUES TION OF ANSWERS | TODD PARK
Third, educate entrepreneurs and innovators that the data exist and are accessible. To do this, we used tactics that were relatively unconventional for the government: code-a-thons, meet-ups, and gatherings called “Datapaloozas” that we began hosting in 2010. You used the term “liquid data,” which presumably means downloadable data that can be used by third parties. What are some examples of data that are publicly available but not liquid? Here’s a good example: at HHS we had an online directory of all the community clinics in America. You could go to the website and put in your zip code and pull up an HTML page listing the community clinics in your area. Third-party developers could, in theory, write a crawler [program] to extract and scrape that data—but any of us who’ve actually built crawlers know we do not want to use them for mission-critical activity. So we made the data available in a downloadable file, and now thirdparty developers can upload that data into their platforms. There’s a mobile and web app called iTriage, for example, that lets you enter your symptoms, then it identifies the best local provider and helps you book an appointment with that provider. iTriage uploaded our directory of community clinics, and within a year 115,000 Americans got connected to community clinics through iTriage. A lot of what you’ve just described involves changing the behavior of government and of citizens. What were some of the most successful techniques and incentives you used to do that? I think the Datapaloozas were key. The approach we took at HHS was to convene a group of 40 leading minds in the technology and health care arenas, and we put a pile of data in the room and said, “If you had this data, what would you do with it?”
12
June 2012
“It’s important to be cognizant and respectful of the need to protect privacy”
Over the course of about eight hours, they brainstormed different applications and services. At the end of the meeting, we challenged them to come to the first Health Datapalooza—90 days later—and see if they could actually build what they had just brainstormed. The two criteria for products and services at Datapaloozas are that they must provide concrete value and have a sustainable business model; the Datapalooza is not meant to showcase stuff that’s purely academic or theoretical. Well, these innovators showed up 90 days later with more than 20 brand-new or upgraded products and services. The Datapalooza had two important effects. One, it inspired entrepreneurs and innovators to get involved. Two, it gave us ammunition to liberate more data. Some folks within the government were adopting a “wait and see” attitude about data liberation. They weren’t ideologically opposed—it’s just that
THINGS I BELIEVE IN The US government is embracing the idea of open innovation. he two criteria T for products and services at Datapaloozas are that they must provide concrete value and have a sustainable business model. he lean T start-up model is the best riskmanagement methodology you can adopt; the cost of failing is exeedingly tiny.
they said, “We’ve got a lot to do, so why should we invest in this?” We invited them to the Datapalooza, and when they saw that in 90 days these amazing innovators had taken open data and turned it into fully functional new products and services to advance their mission, they were blown away. But some kinds of data are more sensitive than others. Would you encourage data liberation in parts of the government where the perceived risks are higher? It’s important to be cognizant and respectful of the need to protect privacy—but it’s totally doable. The data on HealthData.gov, which is our onestop shop for health data that anyone can download, don’t implicate privacy at all. It’s stuff like information about how to manage your asthma, the quality of our hospitals, smoking rates across communities.
TODD PARK | A QUES TION OF ANSWERS
The data that implicates privacy are under controlled access. One thread of this health data liberation movement is Blue Button— an initiative led by the US Department of Veterans Affairs working with the HHS and the Department of Defense—which allows veterans and members of the military to go to a secure website, authenticate themselves, and hit a blue button to download their own data. So you or I can’t get Mrs. Jones’s data, but Mrs. Jones can. Let’s talk about how you scale this. Many agencies might say, “I’d like to make my data liquid, but I have a lot of other priorities. How and where do I start?” HHS expended an extremely modest amount of effort and expense to engage in the activities I just talked about. The data was already in our vaults. As for marketing, we’re not talking about Super Bowl ads—it’s meet-ups, it’s code-a-thons, it’s Datapaloozas. About 20 new or upgraded apps and services debuted at the 2010 Datapalooza, 50 at the 2011 Datapalooza, and this year 230 companies have thrown their hat in the ring. The total taxpayer dollars spent building all these offerings? Zero. We didn’t give anybody a grant. We didn’t procure any of this stuff. We just took data that we already had, put it into the public domain, made it machine readable, and in a very inexpensive fashion let people know it was there. American entrepreneurs and innovators did the rest at blinding speed. We constantly talk about “Joy’s Law,” named after Sun Microsystems cofounder Bill Joy, who once famously said, “No matter who you are, most of the smartest people work for somebody else.” Let’s look ahead. You’ve been in this role for a couple of months. What’s at the top of your agenda? We’re going to clone the Health Data Initiative in other sectors, such as energy, education, and public safety. For example, we just launched Safety.Data.Gov with 700 data sets that relate to all aspects of safety: transportation safety, product safety, community safety, consumer safety, industrial safety. We hosted our first Safety Data Jam with 40 innovators.
So a big chunk of your agenda is replicating the Health Data Initiative. Anything else? Yes—fanning the flames of entrepreneurship in the government by using a philosophy called “lean start-up.” Government is obviously not a start-up, but initiatives to effect change are best thought of as startups: you want a small interdisciplinary team, you want to go to market with the simplest possible thing that consumers will actually use so that you can start learning from actual experience and then iterate rapidly. Cycle times of updating your product are days or weeks—not months—long. Contrast this with the traditional mode of making change happen in a large organisation, which is the “waterfall” process: spend six months coming up with some brilliant strategy, another six months doing a great operational plan, then six more months building a great systems plan. A year and a half later or more, you launch an aircraft carrier that sinks immediately. The mode of operation I used at HHS was not waterfall—it was the iterative, rapid-prototyping process. It worked incredibly well. How are you spreading that mode of operation across government? On May 23, we launched the Presidential Innovation Fellows program, which aims to bring in innovators from outside government to work with the best innovators inside government on lean start-up teams, with the goal of delivering significant business results in six months.
We constantly talk about “Joy’s Law,” named after Sun Microsystems cofounder Bill Joy, who once famously said, “No matter who you are, most of the smartest people work for somebody else.”
The entrepreneurs will be working on five projects: open-data initiatives; Blue Button for America, which is expanding to all Americans the capability we’ve made available to veterans; MyGov, a system that enables citizens to interact with the government using a single channel as opposed to having to spelunk our 1,200-plus Web sites; RFP-EZ, which will make it easier for the federal government to procure IT solutions from small technology companies; and the 20 percent Campaign, an effort led by USAID1 to transition foreign assistance from cash to electronic payments. The projects are exciting, but equally important is the cultural impact of these projects being executed in a lean start-up mode in a very high-profile way. We hope this will send a signal to others across government that you’re allowed to operate this way. Many private-sector entrepreneurs would say that to make this iterative approach successful, you have to be comfortable with failure. Absolutely. And I can say this from experience: if something that takes 18 months and costs a ton of money results in failure, that’s catastrophic. But if four days of effort by a three-person team doesn’t pan out, that’s completely acceptable, right? The lean start-up model is the best risk-management methodology you could adopt; the cost of failing is exceedingly tiny. Let’s say you’re successful with this group of innovators from within and outside government. How will you then build the capabilities of government employees so that they are able to say that they can do this themselves? Well, there are tool kits about how to do lean start-up. We also think mentoring—from folks who have experience doing lean startup in both the public and private sectors— will be a critically important element of the experience. But my hypothesis is that it’s less about training and more about signaling—giving people permission to do what they intuitively understand is the smart thing to do.
— By arrangement with McKinsey.
June 2012
13
DATA CENTER CORNER DATA CENTER PHYSICAL INFRASTRUCTURE
Optimising DC Infrastructure To stay competitive in today’s rapidly changing business world, companies must update the way they view the value of their investment in data center physical infrastructure. STORY ROI DCPI is the backbone of business, as its elements provide the power, cooling, physical housing, security, fire protection and cabling.
D
DCPI investments are made because they both directly and indirectly impact the three business objectives of increasing revenue, reducing costs, and better utilising assets. If the DCPI cost is low and the risk/cost of downtime is high, the business case becomes easier to justify.
14
June 2012
ata center physical infrastructure (DCPI) is the foundation upon which IT and telecommunication networks reside. It is the “backbone” of the business, as its elements provide the power, cooling, physical housing, security, fire protection, and cabling which allow the IT to function. Viewing DCPI as a whole rather than as individual components is essential to designing and deploying an integrated, understandable system that performs as expected. When individual elements are purchased in isolation from other DCPI elements, the end result is typically a complex and unpredictable DCPI system made up of multiple vendors’ products that haven’t been designed to work together. Management becomes more complex because a variety of management systems must be used to provide visibility to the entire system, and multiple service contracts become necessary. Most successful businesses today depend on a stable information technology platform. In order to maintain these IT business operations, four layers or building blocks must be present. In addition to the
DCPI, this includes the IT and the processes and people to support the operation of these systems. The IT includes data processing, storage, and communications systems, both hardware and software. Without appropriate planning and design of this technology, the network and ultimately the business cannot function. All processes for operating in this data center or IT environment must be clearly defined, well documented and standardised in a simple manner for all users to comprehend. When such processes are not effectively implemented, inconsistencies in the operation and maintenance of systems are inevitable leading to unexpected downtime. It is also necessary to have the people to support the operations. This includes having the appropriate staffing level and the right level of skill and training. In the absense of planned approach to staffing levels and training human error is inevitable.
Optimising DCPI to Improve Business Value Business value for an organisation, in general terms, is based on three core objectives - increasing rev-
DATA CENTER CORNER CUSTOM PUBLISHING
Assessment of DCPI business value is based on two core criteria: flexibility in business plans and TCO enue, reducing costs, and better utilising assets. Regardless of the line of business, these three objectives ultimately lead to improved earnings and cash flow. DCPI investments are made because they both directly and indirectly impact these three business objectives. Managers purchase items such as generators, air conditioners, security systems, and UPS systems to serve as “insurance policies.” Any network or data center faces the risks of downtime from power and thermal problems amongst many other risks. So how do these risks impact the three core business objectives above (revenue, cost, and assets)? Revenue streams are slowed or stopped, business costs/expenses are incurred, and assets are underutilised or unproductive when systems are down. Therefore, the more effective DCPI is in reducing downtime from any cause, the more value it has to the business in meeting all three objectives. Assessment of DCPI business value was based on two core criteria: availability and upfront cost. Increasing the availability (uptime) of the DCPI system and ultimately of the business processes allows Figure 1: An integrated DCPI system
d an ity re r Fi ecu S
ng bli Ca
Coo ling
er Pow
DCPI Racks and Physical Structure
DCPI Elements are combined into an integrated system
Mangement Cabling
Power
Racks and Physical Structure
Services
30 %
of DCPI usage is typically wasted due to poor planning, design decisions and product architecture
Table 1: List of availability considerations Availability considerations Are the components of each DCPI element manufactured in high volumes to improve the equipment reliability? Has redundancy been designed into the DCPI to minimize likelihood of component failure taking down the data center / IT systems? When a failure occurs, can it be recovered in less than an hour? Are all elements of the DCPI system designed to integrate together for seamless operations? Has the system been designed to drive out complexity? Has the system been designed with intuitive, simple interfaces and proactive management? Does the system have the ability to accept and effortlessly handle?
credit card processing company whose systems are unavailable – credit card purchases cannot be processed, halting the revenue stream for the duration of the downtime. In addition, employees are not able to be productive without their systems online. Minimising the upfront cost of the DCPI also results in a greater return on that investment. If the DCPI cost is low and the risk/cost of downtime is high, the business case becomes easier to justify. While these arguments still hold true, today’s rapidly changing IT environments are dictating two additional criteria for assessing DCPI business value. First, business plans must be flexible to deal with changing market conditions, opportunities, and environmental factors. Investments that lock resources limit the ability to respond in a flexible manner. And when this flexibility or agility is not present, lost opportunity is the predictable result. A second business value criterion that must be considered is the TCO. While upfront cost is still a very relevant factor, it simply does not tell enough of the story. It leaves the decision maker in the dark about long-term costs of a solution, including operating and maintenance costs.
Fire and Security Cooling BROUGHT TO YOU BY
a business to continue to bring in revenues and better optimise the use (or productivity) of assets. Imagine a
June 2012
15
BEST OF
BREED FEATURES INSIDE
Managing Millennials Pg 18
Why Android Dominates Mobile Market Pg 20
Business Planning During Storm Season If you don’t have a business continuity plan in place, put it on your immediate to-do list. If you have one, it is probably time to update it By Paddy Falls
W
e’ve all heard that “April showers bring May flowers.” But unfortunately, where Mother Nature is concerned, that’s not always the case. Too often, April showers spawn more threatening weather incidents such as severe storms and tornadoes. Once June rolls around, there is also hurricane season to contend with.
16
June 2012
IMAGING BY: RAJ VERMA
Follow the Four C's of Success Pg 21
MANAGEMENT| BEST OF BREED
Business continuity and storm season From a business continuity perspective, the start of storm season is a good time to think about how well your business is prepared in case of disaster. Of course, statistically, your organisation is much more likely to be disrupted by the “little-d” disasters such as server crashes, network outages or even, yes, routine maintenance. But fair or not, it is the “Big-D” disasters such as tornadoes, hurricanes and earthquakes that make businesses sit up and take notice, and spur them to take action to ensure they are prepared, should the unthinkable strike. If you don’t have a business continuity plan in place, put it on your immediate to-do list. If you already have one, think about the last time you updated it. If it was more than a year ago, it is probably time to update it, or at least revisit it to ensure its relevance. Even if you last updated your business continuity plan six months ago, have you installed new servers since then? Or made other significant changes to your network infrastructure, such as introduced virtualization? If you have, then you need to take another look at your plan to make sure you are adequately protected. As you think about business continuity for your company, it’s important to keep the following in mind: 1. Take a pre-emptive approach to disaster recovery (DR) planning; 2. Define priorities; 3. Ensure solutions can protect applications no matter the network environment; and 4. Test the failover process. Let’s take a look at these four areas in some more detail.
your priorities #1 Define in a disaster Think about what business continuity means to your company. Does it mean getting all your data back if something goes wrong? Or does it mean ensuring that all of your business applications stay up and running? Too many disaster recovery plans are storage-centric and only focus on data rather than being business-focused on the applications. For those applications that are core to your business, what you really want is to be able to continue working as if nothing ever hap-
Even if you last updated your business continuity plan six months ago, have you installed new servers since then? Or made other significant changes to your network infrastructure, such as introduced virtualization? pened. At the other extreme, for some less critical back office services, it may be sufficient to not lose more than eight hours of data and have it back up within a day. What this means is that you need to prioritise the applications in terms of both potential loss of data, and time to becoming available again. The formal terms for these two business metrics are recovery point objective (RPO) and recovery time objective (RTO). An RPO of one hour means you could lose up to one hour’s worth of data for that application. An RTO of four hours means it could take up to four hours to make the application available to end users. One reason for prioritising your applications according to their RPOs and RTOs is that the cost of solutions for lower RPOs and RTOs is greater. A typical rule of thumb is that 80 percent of business continuity investment is spent on 20 percent of the most critical applications. One great way to define your priorities is to put together a “roundtable” of employees from different areas of your company. What is important to management? To accounting? To sales? To IT? You should focus on getting a measure of the potential financial loss to the business for every hour of data that is lost for an application, and every hour of downtime. One of the reasons for having broad representation is that it’s not only direct costs such as lost revenue from sales, but also indirect costs such as loss of reputation that need to be considered. The outcome of this analysis is a grouping of your business applications into tiers representing their business criticality. For each tier, different RTOs and RPOs define the level of protection required for any failure, including a disaster. For example: • Tier-1: < 10 seconds RPO, < 5 minutes RTO • Tier-2: <15 minutes RPO, < 1 hour RTO
• Tier-3: < 1 hour RPO, < 4 hours RTO • Tier-4: < 8 hours RPO, < 24 hours RTO
Take a preemptive approach to
#2 DR planning
Perhaps you don’t work in Tornado Alley or along the San Andreas Fault, so you think the chance of a “Big-D” disaster is extremely remote. While that may be the case, there is a very high chance that your business will be impacted several times a year by the “little-d” disasters such as software failure, network outages, server crashes or routine maintenance. The reality is you need protection from both the “Big-D” and “little-d” disasters, because either can be equally costly to your business.
Ensure solutions work no
#3 matter the environment
Virtualization has taken off in the last couple of years. In fact, Gartner estimates that by 2014, 60 percent of server workloads will be virtualised. That’s a five-fold increase from just four years ago. What this means for your business is that you need to make sure that your business continuity solutions work whether your environment is physical, virtual or a hybrid. Many companies that are virtualising still have physical servers for Tier-1 applications, due to issues of either vendor support or performance. Also, over time companies will tend to deploy different virtualisation technologies. Some may be using VMware for some of their Tier-1 and Tier-2 applications, but then find that it’s simpler to use the Hyper-V virtualisation that comes with their Windows servers for Tier-3 and/or Tier-4. If this is true for your company, it’s important that any DR solution extends across physical and any virtual environment in the same comprehensive manner.
June 2012
17
BEST OF BREED | MANAGEMENT
#4 Test the failover process A disaster recovery solution is no good if it doesn’t work as planned in a disaster. Or if your staff doesn’t know how to properly execute your DR plan. Remember all those fire drills you used to have in grade school? Your business needs to do the same with your disaster recovery plan and regularly test the failover process to ensure it works. If your solution isn’t working as planned, you need to figure out why and how to get it fixed so you’re not caught off guard if something goes wrong. Or if the process takes too long, it’s important to figure out solutions to shorten the recovery window. Every minute that your business is down is lost
revenue and productivity, so you can’t afford to be down for more time than anticipated during a disaster. A good rule of thumb is to test your disaster recovery plan quarterly in order to ensure that everything is working smoothly and you can execute it when you need to. The steps outlined above are critical steps that any company should take in business continuity planning. While the chances of your business being impacted by a major disaster might be relatively small, the chances of your organisation being down for any period of time are quite high and happen relatively frequently. Business continuity planning should be one of the first initiatives any company
should undertake. Much like insurance, you hope you’ll never have to deploy your plan, but you’ll certainly be happy it’s there when disasters, of whatever size, strike. —Paddy Falls joined Neverfail, a business continuity vendor, in May 2007 bringing 30 years of software industry experience. As group CTO, Falls is responsible for Neverfail’s technology development and product roadmap. Falls most recently served as the CTO and Co-Founder of UK-based iOra, a division of Corpora, which provides accelerated access and replication services to remote servers and laptops. —The article has been reprinted with permission from CIO Update. To see more articles regarding IT management best practices, please visit www. cioupdate.com.
Managing Millennials Statistics report that 75 million Millennials (individuals born between 1980-1999) have joined the workforce in the US
W
hich scenario best describes your current management frustrations with the twentysomethings entering your organisation? 1. You just explained appropriate corporate protocol only to discover their questionable comments sprinkled throughout Facebook, FourSquare and Twitter. 2. You are perplexed by their informal communication style, both written and verbal, with seemingly cryptic acronyms and expressive emoticons. 3. You spent thousands of dollars on new technology…for them; trained and accommodated them, but they end up leaving for the seemingly cooler company with a younger culture. 4. You keep seeing ear-buds when they’re hanging out in the office…actually, why does it look like they’re hanging out as
18
June 2012
PHOTOS BY PHOTOS.COM
By AmyK Hutchens
MANAGEMENT | BEST OF BREED
opposed to working? 2. Swap out Your Dashboard If any one of these scenarios, maybe all for a Leaderboard of them, resonates, you understand the Millennials want and expect frequent shift that is taking place inside organizafeedback -- they like knowing where tions as the U.S. Bureau of Labor Statistics they stand. But unlike Baby Boomers who reports that 75 million Millennials (individpreferred Quarterly Reports for Shareholders and X'ers who preferred uals born between 1980-1999) have joined the workforce. personalized Performance While many of today's leaders Reviews, Millennials want to are frustrated with the new genknow where they stand…in eration's demands, the Millencomparison to other Millenninials' introduction of a changals, minute to minute. Enter this generation's version of ing work dynamic isn't new. GLOBAL CONSUMER a Leaderboard. What must CIOs know to DIGITAL STORAGE NEEDS While similar to golf and leverage the strengths of MillenBY 2016 nial IT workers? poker where a player's standing is listed by strokes or 1. Integrate Your money, Millennials want to Workforce know their standing inside the The next generation has much to offer organisation. They want performance to be and gain from integrating with their predea game, and it's even more fun when you cessors. The Center for Creative Leadership ask them to design an app for that type of has predicted there are 7 critical skills feedback. Whether it includes filling out Millennials will need to be successful LinkedIn profiles to build an organizational presence online, increasing followers in future leaders -- leading people, strategic social media and impressions to landing planning, managing change, inspiring compages, completing management trainmitment, resourcefulness, doing whatever ing, or meeting project related deadlines, it takes. Digitally, and being a quick learner. Digitally. Millennials want to track, keep score and Baby Boomers and Generation X-ers, reward all players. Yes, all. while diverse in their own rights, are often highly competent in the first three skills; 3. Teach Leadership Millennials are experts in the last three. Millennials crave opportunities for advancement and are demanding that When organisations leverage these skillsets companies invest in their ability to grow. by creating cross-generational teams, comEmbrace this passion and dedication and panies launch over barriers. you will increase their loyalty and perforFor example, a Baby Boomer can mance levels. teach a Millennial how to make a well-reasoned, strategic decision (not a Millennial Unlike the Dilbert generation, today's colforte). In return, a Millennial can share lege graduates are more motivated to excel how digital marketing -- including a Faceand embrace working hard. But they want to book account to share cool videos with be surrounded by other hard working team consumers -- will build a more engaging members, thriving on new knowledge, new brand and consumer following in whole technologies, new trends and new friends. new communities on the Internet (not a Help them help themselves by investing in Baby Boomer's forte). their leadership skills. Conflict resolution, Millennials are confident navigating critical thinking, decision making, problem the Web, but may confuse being tech solving, communication skills are all areas savvy with having true information literacy. wherein this generation lacks expertise and When Baby Boomers and X'ers respect experience. By 2014, 50 percent of employMillennials' ability to search for data, they ees will be Millennials and almost all of the can then teach them how to verify statistics, Baby Boomers will have left their leadership positions. Unless the Millennials are ready confirm stories, ask critical questions to be promoted, organisations will face a and improve search strategies to yield daunting leadership gap. valuable results.
4.1zb
4. Share the Why… Then Show Them HOW Millennials are described as the Creative Class. Voluntarily bombarded with billions of bits of data, they have nine-second attention spans and a myriad of stimuli enabling quick, ingenious connections. How do you inspire these brilliant “connectors” to produce? Define and share the “why” at the core of what you and your organisation do. If you want to capture the energy, the passion, the creativity and profitable production of this generation, engagement in the “why” is essential. The value of smart, hard work for its own sake is meaningless. Purpose, beyond the paycheck, is what ignites them. That said, the “how” often requires a bit of guidance. Having led a rather directed life of over-protected, over-scheduled days, they admit they are frustrated by their inability to execute. Baby Boomers and autonomous Gen X'ers need to demonstrate how great creative ideas are only sustainable when companies can effectively take those ideas to market, and perhaps make a profit in the process. If you’re a Baby Boomer or X'er and you share workflow processes, supply chain management, and the why and how behind the cool gadget, Millennials will thank you. They'll thank you even more if you turn the teachable moment into a conversation, let them carry their phones while on a tour of the workplace, and then ask for their feedback on how to improve workplace efficiencies. And, try not to look surprised when they solve a bug you've been trying to eliminate.
5. Assimilate to a New Normal “9 to 5” is the title of a 1980 movie that debuted the year Millennials were first born; these are NOT their normal working hours. Millennials, Gen Y, EchoBoomers, Net Generation, Boomerang and Peter Pan Generation are all terms used to describe this next cultural force that demands a new way of being and doing. Millennials grew up with Internet-capable crib computers, and they have lived in a diverse network of interactive media such as text messages, blogs, global positioning and instant messaging. They are normal. It's just a new normal, and managers need to seek ways to respect and adapt. Here are some ideas:
June 2012
19
BEST OF BREED | MOBILIT Y
• Create opportunities for social interaction like Tuesday morning brainstorms, Wednesday afternoon product innovation scavenger hunts, and Thursday night softball that raises money for a cause. • Use technology to build culture and foster multi-disciplinary teams. Ask them to video record meetings and team exercises, edit for bullet points and highlights and then post their creation on the company intranet. It gets them excited and engaged and sustains the “why”. • Let them use their tech-tools to advance
their productivity, hold them accountable to high standards and publicly praise and encourage meeting and exceeding these standards. For technology leaders to drive growth and respond to the incredibly fastpaced changing world they must embrace, not resist, new ideas and more technologically creative approaches; innovative products; integrated organisations; open, less private, communication; connected communities; responsible, cause-oriented cultures. Most importantly, embrace these twentysomethings who thrive on technol-
ogy, change, social causes, teamwork, feedback and a personal life. The next generation is the challenge and the solution that will take your company successfully into the next era – one, while yet to be revealed, is far closer than you might think.
—AmyK Hutchens, Founder AmyK International, Inc., is a speaker, trainer and business strategist. — This opinion was first published in CIO Insight. For more such stories, please visit www.cioinsight.com.
Why Android Dominates ver the last few years, Android has cemented itself as the dominant force in the mobile market. And 2012 might just be its best year yet, according to IDC. The research firm says Android will secure 61 percent of the market this year and maintain nearly 53 percent by 2016. Meanwhile, every platform from iOS to Windows Phone 7 will be forced to battle it out for second place. But how did this happen? For years, Android has been called the second-rate version of iOS by some mobile customers. Although devices from Samsung and HTC have proved popular, no single Android phone has yet to match the success of Apple's iPhone. Still, with solid branding, a high-quality experience and some help from a boatload of vendors, Android is the top player in the mobile market. That won't change over the next several years. Here are the reasons why Android is so dominant today.
1. It's a numbers game after all When it comes to Android dominance, pointing to the sheer number of devices on
20
June 2012
IMAGING BY SHOKEEN SAIFI
O
There are little signs that another mobile OS will soon topple Android dominant position
MANAGEMENT| BEST OF BREED
store shelves and in users' hands is arguably the simplest reason for its success. There are now hundreds of different mobile device models running Android in one form or another, ranging from mobile phones to tablets and enterprise products.
2. Apple's only offering three devices Meanwhile, Android's chief competitor, iOS, while highly popular and extremely profitable for Apple, is suffering in market share, at least, because of Apple's policy to keep it in-house. Apple currently only offers the operating system on its iPhones, iPads and iPod Touch. Because of that, there's simply no way for Apple to keep up with Google's mobile operating system.
3. RIM's decline RIM was long a thorn in the side of Nokia's Symbian platform and Windows Mobile when that operating system had considerable market share. In the past year, however, RIM has watched its market share plummet to just 6 percent, according to IDC. What's
worse, that figure will drop to 5.9 percent by 2016. RIM's decline has helped Android
6. Vendor support
Google's Android platform would be nothing without its vendor support. With this in mind, Google has gone out of 4. BYOD The consumerisation of IT DECLINE IN WORLDWIDE its way over the years to bring as many vendor partners into is something that a host of WAFER FAB EQUIPMENT the fold as possible. Once in the CIOs have been forced to deal GROWTH IN 2012 Android fold, the search giant with. Although the iPhone has encouraged mobile device is the most popular product to be brought into the office, makers to invest as heavily as Android is also gaining some possible into the platform. It was a smart move that's paying serious ground with the BYOD trend. Without dividends. BYOD, it would be impossible for Android to keep up.
9%
7. Remember the Google factor
5. Microsoft is offering little competition Microsoft arguably has the best chance of one day overtaking Android. After all, its operating system, Windows Phone, offers the same kind of licensing strategy as Android. However, through 2012, the OS will only be able to muster 5.2 percent share, according to IDC. With Microsoft's poor competition, Android is surging.
It's important to acknowledge the value of Google's brand recognition on the success of Android. The search company's brand is trusted among third-party vendors and consumers alike. Without Google's immense resources and market influence, Android wouldn't be Android. — This opinion was first published in CIO Insight. For more such stories, please visit www.cioinsight.com.
Follow the Four C's of Success
CIOs have learned to manage the four components before embarking on any change initiative By Dan Roberts
C
hange doesn’t just happen. It needs to be driven with purpose and intent. For CIOs today, there’s no escaping change. Technology advancements such as consumer technologies and cloud computing models are forcing IT transformation. Meanwhile, IT is the lynchpin for crucial business change, be it growth in emerging markets, a need for more agile business models or increased dependence on collaborative, globally dispersed teams.
But change is not only a constant companion; it is also an uncomfortable, even threatening, prospect to many people. Ask the many leaders who have launched organisational initiatives, only to see them wither on the vine or fail to meet intended goals. That is why you really can’t be an effective IT leader today if you can’t effectively initiate change, sell new concepts to your peers and staff, and help your teams manage complex change with confidence. Forwardthinking CIOs are doing just that by adher-
ing to four key components -- the four C’s -- for leading change:
IT Change Management: Four Secrets to Success 1. Commitment. Failing to achieve commitment is the single most important reason why CIOs cannot sustain change. Commitment means being bound emotionally and intellectually to a course of action. Too often, technology leaders think they’ve gained commitment when what they’ve really
June 2012
21
BEST OF BREED | MANAGEMENT
achieved is mere “compliance” -- people going along with a mandatory recommendation or new process without really believing in it. When people are committed, they believe in what they’re doing and are intent on completing the journey. The tough part is, you cannot force commitment; people have to make that jump themselves, even while their natural instincts scream at them to resist. CIOs can help lead people through change by expecting resistance, even inviting discussion and dissent, to air these misgivings and steer the negative emotions into positive ones. 2. Community. You cannot lead change by yourself. Change requires different people collaborating in diverse roles to purposefully drive change forward, leaving nothing to chance. The key roles for change management include: a change leader, change agents and change advocates. Change leaders sponsor and validate the change initiative. They need to convincingly convey the reasons for the change, paint a vivid picture of the end state and outline how to get there. Change agents, meanwhile, plan, facilitate and implement key change activities. They need to connect well with people, foster synergy and guide the plans associated with the change. Lastly, change advocates use their influence to drive change. These people are opinion leaders who can make or break the change effort because they have strong influence over other people. The IT leader needs to identify and engage the right people to play these roles. This group is often called the transition structure, and is sometimes formalised as a change management office. 3. Clarity. People cannot move toward something they cannot see – you need to help them see not only what they’re moving toward but why they should move in the
first place. People won’t commit to “a good idea” -- they need to understand why the change is necessary and why the current state is no longer viable. Spell out why it will be more costly, even at a personal level, to remain with the status quo. Then, communicate the steps involved, how risks will be managed and the support that will be provided, as well as the benefits that will result. People who have a “why” will accomplish almost any “how.” Next, clear the path that leads to the change. This means anticipating where obstacles may be, identifying them and working to eliminate them.
tively communicating those strategies and plans. We all assume we’re communicating when we send an e-mail, hold a town hall meeting or conduct a presentation. Some of us go further and employ two-way methods, such as small-group meetings and facilitated Q&As. But inspiring change requires more than these traditional methods. It requires creating opportunities for groups to voice their concerns, thus bringing obstacles to light and enabling them to gain commitment. Change also requires training, coaching and providing feedback, as well as opportunities for practice and learning. If you feel people still aren’t listening, try livening up your communications. You don’t need to be dry and direct – metaphors, analogies, narrative techniques and anecdotes go a long way toward describing the vision you’re trying to convey. Also, communication is not a onetime event but a strategy that pervades the entire change initiative. Effective change management is what stands between IT organisations that will succeed in the future and those that won’t. It is why some IT teams now anticipate stakeholder needs rather than just respond to them; help reshape business strategy rather than just support it; and consult on business process improvements rather than just provide system upgrades. If you remember nothing else, it’s that change doesn’t just happen. It needs to be driven with purpose and intent. Successful CIOs have learned to manage these four components before embarking on any change initiative.
PHOTOS BY PHOTOS.COM
Change also requires training, coaching and providing feedback, as well as opportunities for practice and learning
22
June 2012
Finding obstacles means assessing which groups will be most impacted and how much change they will need to endure across a range of categories, such as skills and processes. A change readiness assessment will help you know whether the conditions for success exist, such as cohesive leadership and sufficient resources. From there, you can determine areas of risk to the change initiative and develop a risk mitigation strategy. 4. Communication. The fourth component, communication, is the glue that holds the entire change initiative together. While IT leaders spend untold time strategising and planning, they spend little to no time effec-
—Dan Roberts is the CEO of Ouellette & Associates — This opinion was first published in CIO Insight. For more such stories, please visit www.cioinsight.com.
C O V E R S T O R Y | a l ter e g o
24
June 2012
One of the attributes of a leader is to go that extra mile. He is always willing to do more than what is required. This quality of going beyond the call of duty is not restricted within the four wall of office. The spirit of leadership spills over, and as a result, leaders end up doing other things that they are passionate about. Their abilities of working hard and multitasking enable them to do justice to their different roles. In this cover story, we intend to showcase what some of Indiaâ&#x20AC;&#x2122;s top CIOs are doing apart from their core professional responsibilities. There are CIOs who, in their spare time, become management faculties, turn to blogging and even do philanthropy, thereby displaying their leadership qualities in this other function. By Yashvendra Singh Photos by Subhojit Paul & Jiten Gandhi Imaging By Peterson
June 2012
25
C O V E R S T O R Y | a l ter e g o
the
mentor C R Narayanan, CIO, Tulip Telecom, feels there is much to learn and much to teach in life
A
t Tulip Telecom, C R Narayanan is busy ensuring that his company’s data centre matches global standards and provides seamless services to its customers. He also has his hands full in developing solutions and products in the areas of cloud and videoconferencing. However, once he steps out of Tulip, Narayanan is a changed man. His other passion (apart from technology) in life takes over. “I am deeply passionate about academics. I love teaching and enjoy the college environment,” says Narayanan, an engineer and an MBA (from FMS, Delhi) in Finance. Narayanan’s tryst with teaching started when he was in Alstom. As he recalls, “We used to have a session on knowledge sharing wherein people who had in-depth knowledge on a subject would share it with others. As I wasn’t too keen on technology, I used to talk about motivation and leadership. In any organisation, employees need to upgrade their managerial skills and move up. I helped them in this.” He was then approached by International Management Institute (IMI), Delhi, in 2005. The institute wanted to introduce a subject on ERP and since Narayanan had implemented and managed ERP projects, they wanted him to be the faculty. “For two years, I handled the entire course on ERP, set the question paper, and evaluated the answer sheets. It was by no means an easy job. For a three-hour lecture, I had to prepare for nine hours. But I was so passionate about it that I worked on it during the weekends,” says Narayanan.
26
June 2012
Narayanan’s stint with IMI ended in 2007 but his passion in academics didn’t stop there. Today, he is associated with Amity Business School and the Asia-Pacific Institute of Management. “I feel there is a lot of gap in the managerial skills of students today. The managerial skills required about 10 years back are very different from those required today. In the present scenario, technology and management go hand-inhand, and students have to be made aware of this,” he says. Narayanan has extended the leadership experience he has accumulated over the years to his teaching. “There are students in a class who are introvert. I help them develop their managerial skills and improve their confidence levels,” he says. Recalling an interesting episode, Narayanan says, “I once asked the institute to give me 10 students who lacked confidence and were the most introverts. These students used to spend two hours with me every fortnight and I would teach them subtle lessons on self improvement such as how to shake hands and how to maintain eye contact. Within six months, there was a perceptible change in these students.” Narayanan believes his teachings have helped him too. Applying what he teaches in colleges within his organisation has yielded encouraging results. Narayanan feels he will leave the corporate life in the next couple of years, and then spend more time in academics. “I feel there is much to learn and much to teach. I don’t want to get tied with just a single institution. I want to teach in as many college as I can,” he adds.
“ In the present scenario, technology and management go hand-inhand, and students need to be made aware of this” —C R Narayanan
“CIOs are not always good story tellers or toastmasters, and that is where I thought I could contribute and play” —Arun Gupta
a l ter e g o | C O V E R S T O R y
compelling
blogger Arun Gupta, CIO, Cipla, went beyond his role of a technology leader to create awareness amongst CIOs on various issues confronting them.
A
Many people know Arun Gupta for his specialities, which include -- ceating business value supported by technology, aligning IT with business, IT Transformation, turn around IT organisation and improve effectiveness, managing teams with focus on outcomes, strategic outsourcing and cost management, business process improvement and organisational efficiency and effectiveness. The list is no doubt both exhaustive and impressive but what it fails to include is that Gupta is also an avid blogger. For Gupta being a technology leader wasn’t enough. He wanted to share his knowledge on IT leadership with his peers, and this led to the birth of Oh I See (cio-inverted.blogspot.com). “I started my blog in 2005 when there was a big momentum around blogging. However, there were hardly any blog focusing on CIOs or IT leadership. Whatever content existed out there was prescriptive and created by researchers, columnists or academicians and not practitioners of IT,” avers Gupta. “So I decided to give a voice to the CIO experiences, challenges, pains, and opportunities. CIOs are not always good story tellers or toastmasters, and that is where I thought I could contribute and play,” he says. Gupta’s efforts certainly went a long way in helping the faceless CIO who struggles to speak out constrained by his/her ability to articulate and voice out what matters. Recalling some of his most hard-hitting blogs, Gupta says, “How to become a CIO; The story teller CIO; Engaging the Board; and Vendor lock-in are some of the most read stories.
These have also received the maximum comments offline and online. Many have been able to provoke action on the readers to create some personal change,” he says. Even IT vendors have acknowledged some of the musings and taken note of insights that Gupta portrayed from experiences across the industry. ‘Oh I See’ has readership in more than 50 countries now with the top five being US, UK, India, Canada and Argentina in that order. “Most CIOs love it, some disagree with my views and that is expected with the different experiences and frames of reference that all of us have,” he believes. Gupta normally writes over the weekend with the timeline to post being Monday evening (in-line with his largest audience by geography, the US, getting off to work). “A post typically takes anything from an hour to 3 hours to write. Managing time is about prioritisation,” he feels. On the subject of leadership in the context of a CIO, an issue that Gupta vigorously promotes through his blog, he says, “Leadership is a personal choice. It starts with intent, learning, taking the plunge and then sustaining results. It also boils down to setting and managing expectations while nurturing talent to drive the business agenda.” The tireless leader that he is, Gupta feels he will continue to write as long as he can. “I will continue to write as long as I can keep finding topics that matter to the CIO and there are many that keep coming back with new perspectives. I am also planning a book which will be the summation of the learning over many years,” he says. Besides, he has another strong reason to keep writing – Even seven years after ‘Oh I See’ was born, there are very few quality blogs for CIOs.
June April 2012
29
C O V E R S T O R Y | a l ter e g o
the
soci a l worker Neena Pahuja, CIO, Max Healthcare Group, feels engaging in philanthropy gives her satisfaction and helps in inculcating human values in her children
A
visit to Neena Pahuja’s LinkedIn profile reveals the wealth of experience she has. With close to three decades of working in various verticals, Pahuja is today undoubtedly amongst the top enterprise technology decision makers. As her profile says, “In over 27+ years of software development, consulting & internal IT support experience, I have advised and assisted organisations in achieving large-scale transformation using technology. My areas of expertise include IT roadmap planning, application development, product development, ERP & Supply Chain implementation, Analytical tools, financial planning, IT Strategy, Business Process Re-engineering, Change Management, security & compliance and now healthcare. I have managed global deliveries and also managed and directed engagements with clients in many industries including Steel, Auto, Insurance and Construction.” However, the one thing that her profile does not reveal is her penchant for philanthropy. “I don’t have too much time to spare. Besides, being a woman, I have to take care of the family too. Creating this work-life balance is challenging,” she says. While she has too much on her plate, Pahuja still
30
June 2012
ensures that she takes out time for what she believes in. Every month, Pahuja buys rice and dal packets and distributes them to poor people. She also collects clothes that are no longer used at home and gives them to the needy. “Everyday when I drive to office, I see slums, people on the roadside, and under the flyovers. These are people who are deprived of basic human necessities of life such as food and clothing,” says Pahuja. To contribute her bit, Pahuja regularly stuff her car with food and clothes. She then drives for 10-15 kilometers distributing the goods on the way. “I cover about 25-30 people on a single trip, and I make two such trips each month,” she says. “This not only gives me a great sense of satisfaction but also helps me in inculcating human values in my children,” Pahuja says. This trait of compassion in Pahuja is a hallmark of a true leader. Experts propounding leadership theories have cautioned against taking compassion as a sign of weakness. They believe compassion is all that differentiates leadership from dictatorship. Going forward, Pahuja intends to spend more time engaged in social service. “Once I leave the corporate world, I want to associated with an NGO that is involved in working with the poor,” she adds.
“Philanthropy not only gives me a great sense of satisfaction but also helps me in inculcating human values in my children” —Neena Pahuja
advts.indd 58
3/23/2010 2:32:15 PM
—MARTIN LUTHER KING, JR.
June 2012
32A
C&L SECTION
ION IAL CT EC SE SP SHIP ER AD LE
“The ultimate measure of a man is not where he stands in moments of comfort, but where he stands at times of challenge”
INTRODUCTION
CIO&LEADER This special section
C&L SECTION
on leadership has been designed keeping in mind the evolving role of CIOs. The objective is to provide an eclectic mix of leadership articles and opinions from top consultants and gurus as well as create a platform for peer learning. Here is a brief description of each sub-section that will give you an idea of what to expect each month from CIO&Leader:
34 MY STORY
The article/interview will track the leadership journey of a CIO/CXO to the top. It will also provide insights into how top leaders think about leadership
33
TOP DOWN
This feature focusses on how CIOs run IT organisations in their company as if they were CEOs. It will comment on whether IT should have a separate P&L, expectation management of different LoB heads, HR policies within IT, operational issues, etc. This section will provide insights into the challenges of putting a price on IT services, issues of changing user mindset, squeezing more value out of IT, justifying RoI on IT, attracting and retaining talent, and competing against external vendors
41
36
LEADING EDGE An opinion piece on leadership penned by leadership gurus. Plus, an insightful article from a leading consulting firm
ME & MY MENTEE
Cross leveraging our strong traction in the IT Manager community, this section will have interviews/features about IT Managers and CIOs talking about their expectations, working styles and aspirations. In this section, a Mentor and a Mentee will identify each otherâ&#x20AC;&#x2122;s strengths and weaknesses, opine on each otherâ&#x20AC;&#x2122;s style of functioning, discuss the biggest lessons learnt from each other, talk about memorable projects and shared interests
46
SHELF LIFE
A one-page review of a book on leadership
32B
June 2012
40
THE BEST ADVICE I EVER GOT Featuring a top CIO/Technology Company Head and the best guidance/ recommendation he received with respect to his personal or professional growth. The advice could relate to dealing with people, managing personal finance, and balancing work and life
TOP DOWN
RAJESH UPPAL
CIO, MARUTI SUZUKI
IT Innovation is Very ShortLived Rajesh
Uppal, CIO, Maruti Suzuki talks about how he has kept his IT department a step ahead of competition RAJESH UPPAL has been working with Maruti since 1985, and has seen the company transform significantly in the last 27 years. According to Uppal, ever since he joined, Maruti has always considered IT as a separate division and accorded crucial importance to it. "IT involvement at every level is very important and at Maruti I have experienced it right from the day I joined the company. IT has been a parallel organisation like Finance or Human Resource, and it had the liberty to enable business processes. Even now when I am at the board, we discuss different ways of how IT can help us in not only saving cost but also improving the business of the company," he says. Today, IT is becoming a commodity and as such CIOs don't need to invest much time into it. They need to focus more on the business dynamics and add value to the organisation. There are people now who can run your IT infrastructure, so a CIO today has to concentrate more on ensuring how he can strategise and analyse, says Uppal.
"Another important aspect for a CIO is to have trust. This enables him to get the job done much faster. To stay ahead of competition, one needs to keep learning and introducing programmes which are unique and innovative in the market. This is the only way to succeed in this ever crowded automobile market," avers Uppal. Sharing an example of innovation, he says, "I remember in 2006, we were the first automobile company to introduce a Dealer Management System (DMS). Today almost every automobile company has that system but since we were the first to introduce it in the country, we had the early mover advantage." Once Maruti realised that every company had deployed DMS, they acted fast and introduced a new model that leveraged technology in a much better way than the previous one. "Today, technology is only a part of CIO's job portfolio. What is more important is to come up with ideas and innovative strategies that can transform the business of the enterprise. As a CIO it is very important to understand that IT innovation is very short-lived so one has to keep on innovating and raising the bar," he adds.
â&#x20AC;&#x201D; As told to Atanu Kumar Das
June 2012
33
MY STORY NANDKISHOR DHOMNE
“Leadership is all about People” Nandkishor Dhomne, CIO, Manipal Hospitals, believes leadership is about understanding how one can perform in a team and get the desired result Nandkishor Dhomne, CIO, Manipal Hospitals is involved in IT strategies and oprational planning of the organisation. He manages core business, applications management, MIS, IT infrastructure, IT security, ITIL, and data centre operations of Manipal Hospitals. Prior to joining Manipal, Dhomne was working with GMR Group as AGM, IT, and was responsible for the IT strategy and roadmap of the firm.
What in your view is being a leader all about? Leadership is all about people. Leaders are those who attempt to influence others' behaiviour. Leadership means achievement and the bottomline is to make the team work for a common objective. There are at least 18 to 20 key characteristics of a leader. Let me point out some of them which are absolutely vital. Firstly, a leader should have integrity and honesty. Secondly, a leader should possess the courage to recognise the risk and proceed without fear. A leader should understand his own weakness as it is one of the most important traits of moving forward. A leader should always lead by setting examples. Another important thing is to be able to communicate properly. A leader should also believe in teamwork and should be decisive when it comes to making a choice. Finally, I feel a leader should be sensible and should understand the feeling of others. What are the key ingredients that make a CIO a leader? Apart from the points that I mentioned, for a CIO to become a leader, he/she should have strong business knowledge and a vision which will help him to align business with the IT infrastructure. What was the point in your career that transformed you from being a technologist to a technology leader? I think this happened in 1998 when I was working
34
June 2012
with Apparel Export Promotion Council (AEPC) in Delhi. I went through a major transformation from thinking technology to thinking business. This was the firm where I got exposed to business challenges. I should thank my boss, Anurag Mathur, who gave me a free hand in coming up with business solutions by implementing IT solutions in various departments. I would interact with business heads from different verticals within the organisation and would come up with solutions which I would then discuss with Mathur before coming up with a relevant solution. I think it was a path breaking exercise for me and in the coming years it helped me immensely in aligning IT to enhance the business of the organisation that I was with. Who has been the big influencer in your life? Who do you look up to as a role model for leadership? Anurag Mathur has been a great influence in my life who has taught me many things. The most important of them was to find solution to any problem — on a short-term as well as long-term. During my tenure with AEPC, I have had many experiences which would not have been possible without Mathur. By giving me the liberty to work on my own, he instilled a level of confidence which otherwise would have been hard to garner. How do you increasingly align IT to business? In my role as a CIO in this organisation, I spend
NANDKISHOR DHOMNE | INTERVIEW
5POINTS 1
Integrity and honesty are key attributes of a leader
2
A leader should possess the courage to recognise the risk and proceed without fear
3
Once you become a leader, understand your weakness as it is one of the most important traits needed to move forward
4
PHOTO BY RADHAKRISHNA
To be able to communicate properly and set examples for others to follow are also vital for leadership
5
A compassionate leader is one who is sensible and understands the feelings of others
more time with the business leadership within the organisation. I understand their requirements and give them suggestions. I try and understand the company's long-term business plans and the immediate challenges and provide them with data availability and analytics. We have also formed a committee within our firm which takes decisions on different perspectives where IT can help the business grow to a new level. We work on both structured growth of the business
as well as unplanned alignment which may arise in day-to-day functionalities. How do you foresee leadership five years down the line in the context that information technology dynamics are changing so rapidly? I think CIOs role has to go beyond technology and that has already started happening. CIOs will now be more responsible for process management and I have heard
many people now referring to CIO as Chief Process Officer. In the next couple of years, CIOs will have to showcase their leadership by playing multiple roles. He/She has to contribute to the topline and bottomline. A CIO always has to ensure that data is available for decision making process. He/She has to come up with innovative thoughts to enhance the business of the company. â&#x20AC;&#x201D; As told to Atanu Kumar Das
June 2012
35
LEADING AARON DE SMET, JOHANNE LAVOIE, AND EDGE ELIZABETH SCHWARTZ HIOE
Developing Better Change Leaders
Putting leadership development at the heart of a major operations' improvement effort paid big dividends By Aaron De Smet, Johanne Lavoie, and Elizabeth Schwartz Hioe
FEW COMPANIES CAN avoid big, periodic changes in the guts of their business. Whatever the cause—market maturation, a tough macroeconomic environment, creeping costs, competitive struggles, or just a desire to improve—the potential responses are familiar: restructure supply chains; rethink relationships among sales, marketing, and other functions; boost the efficiency of manufacturing or service operations (or sometimes close them). Such changes start at the top and demand a relentless focus on nitty-gritty business details from leaders up and down the line. Too often, however, senior executives overlook the “softer” skills their leaders will need to disseminate changes through-
36
June 2012
out the organization and make them stick. These skills include the ability to keep managers and workers inspired when they feel overwhelmed, to promote collaboration across organizational boundaries, or to help managers embrace change programs through dialogue, not dictation. One global industrial company tackled these challenges by placing leadership development at the center of a major operational-improvement program that involved deploying a new production system across 200 plants around the world. While the need for operational change was clear—the performance of the company’s factories was inconsistent and in many cases far below that of competitors in
terms of efficiency, productivity, and cost— so too were the organizational obstacles. Drives for improvement, for example, carried a stigma of incompetence; current performance was considered “good enough”; conflict tended to be passive-aggressive or was avoided entirely; and shop floor employees felt that they were treated as cogs and that their supervisors were enforcers. The effect of all this on employees was disengagement, a lack of trust in senior management, and a pervasive fear of making mistakes—a worry reinforced by the company’s strong culture of safety and of risk aversion. These challenges were impossible to ignore, and that was probably a blessing in
A A R O N DE S ME T, JO H A N N E L AV OIE , A N D E L I Z A BE T H S C H WA R T Z HIO E | L E A DIN G E DGE
ILLUSTRATION BY PHOTOS.COM
Making sourcing more efficient
disguise: the senior team had to look beyond technical improvements and focus on helping the company’s leaders to master the personal behavioral changes needed to support the operational ones. To that end, the company mounted an intense, immersive, and individualised leadership programmme 1 The results are still unfolding, but after three years the company estimates that the improvement program has already boosted annual pretax operating income by about $1.5 billion a year. Furthermore, executives see the new leadership behavior as crucial to that ongoing success. Indeed, the senior executive who launched the program believes that without the inclusion
of leadership development, it would have made only half the impact it actually did. She adds that the company has seen a tenfold return on its investment in each of the dozens of leaders trained thus far.
Scenes from the front lines of change In this article, we’ll share the stories of three such leaders and examine how the changes they made in their leadership styles contributed to improved business results. Then we’ll step back and offer a few general leadership-development principles that we hope will be useful to other organisations contemplating large-scale, transformational changes.
An executive we’ll call Annie is the company’s director of sourcing and logistics. Her charge: to help the sourcing operation improve its performance, from the mid- to the first quartile, without additional resources. Annie and her supervisor (the group’s vice president) concluded that the way to achieve this goal was to create a single global sourcing system instead of relying on the existing patchwork of regional and divisional ones. This approach would improve efficiency, take advantage of cheaper sources, and cut interaction costs. But that meant engaging a global group of stakeholders, many of whom preferred acting independently. Some even mistrusted one another. The vice president knew that this problem would be very difficult for Annie; as he put it, “she used to move too fast, and people would miss her train.” Somehow, Annie had to build the skills—and quickly—to engage her colleagues on a journey where turning back was not an option. Annie realised she needed to engage them not just intellectually but also emotionally, so they would become committed to the new approach and understand why it was better, even though many saw it as threatening to their autonomy and their ability to tailor services to local needs. Annie also recognised that she had a strong tendency to do all the work herself to ensure that it was done quickly and correctly. Learning to overcome that inclination would help her to articulate a more inspiring vision and bring more people on board. Along with a colleague who was going through leadership training at the same time, Annie worked on a number of skills, such as how to keep discussions focused on solutions and how to build on existing strengths to overcome resistance. She also developed 20 coaching vignettes, which helped her bring to life the mindsets and behavior that had to change. These moves helped Annie establish the new vocabulary she needed to encourage colleagues to identify and eliminate issues that were getting in the way of the new sourcing approach. As more than 1,000 employees across four regions adopted the new system, operational efficiencies quickly started to appear. What’s more, the effort encour-
June 2012
37
L E A DIN G E DGE | A A R O N DE S ME T, JO H A N N E L AV OIE , A N D E L I Z A BE T H S C H WA R T Z HIO E
aged interpersonal interactions that helped some employees overcome long-standing barriers to collaboration. The vice president highlighted the way the effort had encouraged North American employees to begin openly addressing issues they had with colleagues at a logistics service center in India, for example, and to move beyond mistrusting the workers there and resenting them for holding “exported jobs.” Such engagement skills spread across the network and began to take hold. As collaboration improved, the cost savings grew: within 18 months, the sourcing group had eliminated the need for 50
the company’s new production system. In the past, the industrial giant would have assigned engineers steeped in lean production or Six Sigma to observe the shop floor, gather data, and present a series of improvements. Conor would then have told plant employees to implement the changes, while he gauged the results—a method consistent with his own instinctive command-and-control approach to leadership. But Conor and his superiors quickly realised that the old way wouldn’t succeed: only employees who actually did the work could identify the full range of efficiency improvements necessary to meet the oper-
As the new atmosphere took hold, workers began pointing out minor problems and additional areas for improvement specific to their corners of the plant; within just a few months its yields increased to 91% from 87% positions (and helped the workers who held them to get new jobs elsewhere in the company). In the same time period, benchmarking suggested that the group as a whole had achieved first-quartile performance levels. What’s more, the experience strengthened Annie as a manager. “My answer might have been right before,” she says, “but it got richer. . . . I feel more confident. It is not about needing to prove myself anymore. I have much greater range and depth of influence.”
Boosting yields at a factory Conor, as we’ll call one European plant manager, needed to boost yields using
38
June 2012
ational targets, and no attempt to get them to do so would be taken seriously unless Conor and his line leaders were more collaborative. Workers were skeptical. A survey taken at about this time (in 2009) showed that plant workers saw Conor and his team as distant and untrustworthy. Moreover, the company couldn’t use salary increases or overtime to boost morale, because of the ongoing global economic crisis. Conor’s leadership training gave him an opportunity to reflect on the situation and provided simple steps he could take to improve it. He began by getting out of his office, visiting the shop floor, and really lis-
tening to the workers talk about their day-to-day experiences, their workflows, how their machines functioned, and where things went wrong. They’d kept all this information from him before. He made a point of starting meetings by inviting those present to speak, in part to encourage the group to find collective solutions to its problems. Conor explained: “As I shared what I thought and felt more openly, I started to notice things I had not been aware of, as other people became more open. We’d had the lean tools and good technology for a long time. Transparency and openness were the real breakthrough.” As the new atmosphere took hold, workers began pointing out minor problems and additional areas for improvement specific to their corners of the plant; within just a few months its yields increased to 91 percent, from 87 percent. Today, yields run at 93 percent.
Closing a plant Pierre, as we’ll call him, was managing a plant in France during the darkest days of the global financial crisis. His plant was soon to close as demand from several of its core customers went into a massive and seemingly irreversible tailspin. The company was in a tricky spot: it needed the knowhow of its French workers to help transfer operations to a new production location in another country, and despite its customers’ problems it still had €20 million worth of orders to fulfill before the plant closed. Meanwhile, tensions were running high in France: other companies’ plant closures had sparked protests that in some cases led to violent reactions from employees. Given the charged situation, most companies were not telling workers about plant closures until the last minute. Pierre was understandably nervous as he went through leadership training, where he focused intently on topics such as finding the courage to use honesty when having difficult conversations, as well as the value of empathic engagement. After a lengthy debate among company executives, Pierre decided to approach the situation with those values in mind. He announced the plant closing nine months before it would take place and was open with
A A R O N DE S ME T, JO H A N N E L AV OIE , A N D E L I Z A BE T H S C H WA R T Z HIO E | L E A DIN G E DGE
employees about his own fears. Pierre’s authenticity struck a chord by giving voice to everyone’s thoughts and feelings. Moreover, throughout the process of closing the plant, Pierre recounts, he spent some 60 percent of his time on personal issues, most notably working with his subordinates to assist the displaced workers in finding new jobs and providing them with individual support and mentoring (something other companies weren’t doing). He spent only about 40 percent on business issues related to the closure. This honest engagement worked. Over the next nine months, the plant stayed open and fulfilled its orders, even as its workers ensured that their replacements in the new plant had the information they needed to carry on. It was the only plant in the industry to avoid violence and lockouts.
Lessons observed While every change programme is unique, the experiences of the industrial company’s managers offer insights into many of the factors that, we find, make it possible to sustain a profound transformation. Far too often, leaders ask everyone else to change, but in reality this usually isn’t possible until they first change themselves. Tie training to business goals. Leadership training can seem vaporous when not applied to actual problems in the workplace. The industrial company’s focus on teaching Pierre to have courageous conversations just as the ability to do so would be useful, for instance, was crucial as Pierre made arrangements to close his plant. In the words of another senior executive we spoke with, “If this were just a social experiment, it would be a waste of time. People need a ‘big, hairy goal’ and a context to apply these ideas.” Build on strengths. The company chose to train managers who were influential in areas crucial to the overall transformation and already had some of the desired behavior—in essence, “positive deviants.” The training itself focused on personal mastery, such as learning to recognize and shift limiting mind-sets, turning difficult conversations into learning opportunities, and building on existing interpersonal strengths and managerial optimism to help broadly engage the organization.
Change programmes falter when early successes remain isolated in organisational silos. The company deployed its leadership-development programme globally to create a critical mass of leaders who shared the same vocabulary Ensure sponsorship. Giving training participants access to formal senior-executive sponsors who can tell them hard truths is vital in helping participants to change how they lead. Moreover, the relationship often benefits the sponsor too. The operations vice president who encouraged Annie, for example, later asked her to teach him and his executive team some of the skills she had learned during her training. Create networks of change leaders. Change programs falter when early successes remain isolated in organizational silos. To combat this problem, the industrial company deployed its leadership-development program globally to create a critical mass of leaders who shared the same vocabulary and could collaborate across geographic and organizational boundaries more effectively. When Annie ran into trouble implementing the changes in some of the company’s locations in Asia, the personal network she’d created came to her rescue. A plant manager from Brazil, who had gone through the training with Annie, didn’t hesitate to get on a plane and spend a week helping the Asian supply chain leaders work through their problems. The company allowed him to do so even though this visit had nothing to do with his formal job responsibilities, thus sending an important signal that these changes were important. Another tactic the company employed
was the creation of formal “mini-advisory boards”: groups of six executives, with diverse cultural and business perspectives, who went through leadership training together. The mutual trust these teammates developed made them good coaches for one another. Pierre, for example, reported getting useful advice from his board as he finalized his plans to talk with his plant employees. The boards also provide much-needed emotional support: “The hardest part of being at the forefront of change is just putting your shoes on every day,” noted one manager we talked to. “Getting together helps me do that.”
Aaron De Smet is a principal in McKinsey’s Houston office. Johanne Lavoie is a senior expert in the Calgary office. Elizabeth Schwartz Hioe is an associate principal in the New Jersey office. The article has been sourced from McKinsey Quarterly.
June 2012
39
THE BEST ADVICE I EVER GOT
ONE OF THE best advices I ever received was from my Spiritual Guru. He told me “whenever you're faced with a tough situation or a problem to deal with, keep emotions out of the situation.” I think it is very important for an individual to keep emotions out when he deals with any situation as it enables him to be more objective and take right decisions. Some people would argue that it is very difficult to keep emotions out when you have a problematic situation, but I strongly believe that it is easy if one tries a little and clears out his or her mind. By doing this, he can look at the problem in an objective manner and without involving any emotion. From the moment I started to adopt this advice from my Spiritual Guru, I have witnessed amazing results. There have been times where I have been through tough situations and once I keep my emotions out of the situation, I am able to find solutions which are not only effective but also long lasting. I believe that people are slaves to habits and it is very important to break them and try and do things that enables them to be free to do anything that they would like. Both in personal as well as professional life, people need to be flexible and should do things with an open mind and be open to adopt or embrace new ways of life. Another important thing that I would like to point out is that today the scope of
40
June 2012
PHOTO BY SUBHOJIT PAUL
“When in problem, keep out emotions”
J S PURI
EX CIO, FORTIS & MENTOR, STRATEGIC MANAGEMENT SOLUTIONS
leadership is changing as we are witnessing new technologies being developed. Today, a leader has to have the agility of thought and action and that is the way he can inspire others. Communication, transfer of knowledge, cooperation, collaboration and teamwork are the most essential things to have when one wants to be a leader and it is very important to understand that today a CIO needs to be more effective in the business dynamics of the company. In doing all this, I have witnessed that one faces numerous problems and we can easily find the solutions if we don't involve our emotions between them.
Here I would also like to add that, the role of the CIO is changing fast that if the CIO doesn't buck up, his job would be taken away by the CFO. The role of the CIO is now getting more close to working like the CFO and taking business decisions. I believe that it is high time that Indian CIOs start to get out of their 9 to 5 mode of job and start building a culture where they interact with each vertical head of their company. This would help them to try and find solutions to how this culture can evolve their business. — As told to Atanu Kumar Das
ME & MY MENTEE
MENTOR
ANIL SAINI
CIO, RICOH INDIA
MENTEE
NAVEEN GULATI IT MANAGER RICOH INDIA
There is No Shortcut to Anything What do you look for in a mentee? ANIL SAINI Very simple things, common sense and desire to learn and grow. Domain knowledge is another big asset that makes a person learn fast with adequate hard work. It is very important for the person to be patient and a good listener. What do you look up to in your mentor? NAVEEN GULATI Key qualities that I look up to in my mentor are that not only does he recognises my strengths and abilities while creating more opportunities for me, but also guides me to improve upon my weaknesses. He often sets examples for me to look up to, both professionally and personally, helps me learn from my mistakes and become independent. Besides handling IT, the way he is able to work together with all the functions (be it service, marketing, human resource, supply chain management, finance etc) is a unique trait that I look up to and embark upon the same. How do you identify and prioritise areas where you think your mentee needs to focus on for further professional development? ANIL SAINI Regular reviews and talks with the team makes you on top of things and gives you the edge to delegate greater responsibilities to the mentee making him grow further both in the technical domain as well as to sharpen his business and management skills. Delegation with independence has helped Naveen to grow
into a able manager who can take care of his team and the running the IT operations of the company. However, it is very important to do regular reviews and provide feedback wherever necessary. Do you think your mentor spends enough time with you? How do you think your mentor could contribute more towards your professional growth? NAVEEN GULATI One of Anil's strong fundamental is "there is no shortcut to anything. PERIOD." It is this learning that I always carry around with me whenever I'm stuck at something. Thus he does spend sufficient time to mentor and coach me through the challenges, but ensures that I work my own ways out to find solutions to any difficult situation. By working together to develop a structured learning plan to reach the achievement of my specific objectives, and their evaluation criteria, I believe Anil has already contributed significantly towards my professional growth. It is the same key principle that both Anil and I carry along on this never ending journey of our professional growth. How do you think your mentee can take on more responsibilities and take more/ bigger decisions? ANIL SAINI I have tried to involve Naveen in various areas of IT operations, be it ERP, CRM and other business application or managing the data center. I have
June 2012
41
ME A N D M Y ME N T E E | A NIL S A INI & N AV E E N GUL AT I
division. As my mentor, Anil only coaches and guides me on the assigned tasks; gives directions and shares his vision. It is then up to me and my team to further explore means and methods of driving the idea and bringing out results. As the mentor he ensures that we are heading in the right direction and executing the corporate strategies correctly. Such work environment not only allows me to take most of the key decisions myself, but also have groomed my decision making capabilities in a great way.
“Naveen has evolved into a very able manager who can take most of the day-to-day decisions on his own” also exposed to various business users as the point of contact for understanding their needs with respect to ERP and other business applications. He is now chairing meetings with various departments of our company is able to take able decisions. Does your mentor delegate enough tasks and responsibilities to you? How often do you take key decisions yourself? How would you like the situation to change (if at all)? NAVEEN GULATI “With great power comes great responsibilities.” This is the message Anil drives all across the
42
June 2012
Are there any conflicts between you and your mentee? If so, how do you resolve them (you may also cite one or two instances)? If not, what do you think is the secret of your smooth working relationship? ANIL SAINI Naveen has evolved into a very able manager who can take most of the day-to-day decisions on his own. However, there are times when there is conflicting views on some of these decisions. We resolve this by plain simple old trick - discussion. We talk and sort it out and this end of the day, it helps both of us to become better managers'. Here is an instance, Naveen decided do a long pending major upgrade on our email system and sent a mail to whole company that email will be down on a Tuesday. Now, my point was that this cannot be done on a weekday and I told him to recall the decision and do the activity on Saturday. We talked and discussed and he understood that whatever the emergency may be, business of the company should not suffer. The email was recalled and the activity was successfully done on Saturday night with Naveen and his team working non stop from 6:00 pm to 8:00 am in the morning. Naveen is also an excellent .NET developer and has evolved in to the software architect of the company. We have healthy discussions around application architecture. Please describe your working relationship with your mentor and how the two of you address key challenges together or resolve any conflicts of opinion. NAVEEN GULATI Working with Anil is a lot of fun and joy, as against stressed out regular IT job roles, as he strikes the right balance between personal values and professional ethics. He remains open to any new ideas and thoughts and keeps encouraging everyone around to open up and contribute. This ideology ensures a unique 360 degree flow of innovations from all across and allows me to constantly strive harder to implement new innovative ideas in our division. However, this is not as easy as it sounds. I always need to come up with good and strong reasoning behind
A NIL S A INI & N AV E E N GUL AT I | ME & M Y ME N T E E
doesn't always take things without discussing and debating the pros and cons. What are the two or three key things you have learned from your mentor? NAVEEN GULATI Even within a short duration of my association with Anil (about four years) there are lot of values that I've learnt and incorporated. Two to three is a small number to summarise, yet some of the best values that I've derived include: • Don't keep your domain knowledge and vision limited to your division (IT). Always keep looking for opportunities to work together with other business divisions and drive them through technological innovations. • Don't look for a job from me (your mentor, Anil). The skills that you'll inherit will develop you to get any job you want! • Innovate!! If you are not growing, then you stagnating. What are the challenges and constraints for a mentor/CIO to devote more time and effort for the development of their immediate juniors? ANIL SAINI This is very challenging. I am involved in so many things that it becomes difficult to spend time with the team. Blackberry Messenger is big savior to keep contact with your team at all times. I also try to spend some time with team even if it is a smoke break.
“Working with experienced mentor can bring you a clearer career plan and higher visibility” every new idea and there is a lot of debate (at times heated !!!). But that's one of Anil's qualities to push people to dig more into themselves and develop their mind to process inputs from multiple directions. He always remain open to new thoughts and that is what makes our relationship more "comfortable" to work together and trap new opportunities and challenges. What are the two or three key things you have learned from your mentee? ANIL SAINI Naveen is a very good listener and takes the advice in the best of the spirit. He is open to ideas but
What are your views on the need for a mentor for IT managers in realising their full potential? NAVEEN GULATI Working with an experienced mentor can bring you a clearer career plan, higher visibility in your industry, an increased knowledge of intricate aspects of your business, greater pleasure in your work, increased productivity and builds your support network for professional growth and future career opportunities. An attentive and observant mentor can also help you to identify your strengths and talents. With their wisdom, knowledge and experience, he/she may see opportunities that you could have easily missed out. Please share your views on the role you think a CIO can play in mentioning IT managers and take them to the next level. ANIL SAINI CIO can expose the talent in his team to take on much greater responsibilities and guide them to take independent decisions. However, it is important that the team is not left on its own after delegation. It is very important to give feedback regularly. —As told to Atanu Kumar Das
June 2012
43
OPINION DAVID LIM
Mountains Aren’t Climbed While Sitting Inside a Tent Success doesn’t
come if you only plan and do not execute SETBACKS can happen at anytime, and they have a habit of giving you any warning. But what matters more is what you do about them that produces a good result. In 2009, we (my climbing partners Grant Rawlinson and Mohd Rozani) had planned to visit a remote glacier in the Central Tien Shan mountains in Kyrgyzstan. The “Heavenly Mountains” as they are know, stretch over a zone including parts of Kazakhstan and far western China. It’s the most northerly mountain range with any peaks over 7000-metres. After some years of research, the benefit of a couple of aerial reconnaissance missions on our 2000 and 2005 climbing expeditions, we identified a number of handsome pointy peaks in the 4000-5000-metre range that were still ‘ virgin’ peaks. While up to 500 people may summit Everest each year, it’s amazing how little attention the hundreds of yet to be climbed mountains of the world get. And that suited as fine. The mindset of a climber attempting these remote peaks however, needs to be different. These days, Everest is about maximising success by the employment of sherpas, fixed rope, large numbers of bottled oxygen, weather reports via satellite phones and all manner of means to help the average climber on the trade rout succeed. After all, very little documentation of climbs have ever been made of peaks that well, haven’t been climbed before. Our Kyrgyz Army helicopter dropped us off at the 3950m point of the Mushketova Glacierand chukka-wukka-ed its way down the glacier and disappeared from view. So there you are, the only humans in a hundred square kilometres and a four-day walk to the nearest road should anything happen. And if
44
June 2012
ABOUT THE AUTHOR David Lim, Founder, Everest Motivation Team, is a leadership and negotiation coach, best-selling author and twotime Mt Everest expedition leader. He can be reached at his blog http:// theasiannegotiator. wordpress.com, or david@ everestmotivation. com
you’ve forgotten something, there isn’t a 7-11 around the corner. After some exploratory walks, we focused on climbing a straightforward snowy peak. The weather was fine, the skies blue, and we puffed our way up a pretty ridge to top out in the late morning. We called the 4468m peak “Kongsberg Peak” after one of our premier expeditionsupporters, and returned to our humble tents below on the glacier. A peak that had merely an “X” marked on the map now had a name. A real teachable moment happened a couple of days later when we awoke to attempt an ascent of the peak adjacent to Kongsberg Peak. It snowed all night, and at 3.30am when we began to prepare for the ascent, it hadn’t stopped. This was not lethal weather, but just unpleasant and difficult. Rozani announced from theconfines of his other tent that he wouldn’t be venturing out that day. And so I sat there, rocking back and forth blowing some warmth into my fingers. For a few moments, self-doubt and pessimism set in. That is, until Grant looked to me and said, with a hint of sarcasm, “Dave, mountains aren’t climbed while sitting inside a tent”. I turned to him and said, “You’re right. Let’s just go and see what happens”. And so we did, picking our way in darkness across the glacier, with the glow of our headtorches; checking in with each other every hour or so. This non-stop team communication carried on as dawn broke. Then at 7am, something happened— the sun came out, and the clouds broke apart. Within a short space of time, we were bathed in the warmth of a fantastic sunrise. Soon we climbed, unroped up a rocky ridge, and made the summit in brilliant weather. We named the 4447m peak
D AV ID L IM | O P INIO N
POINTS TO PONDER
Resilience Peak for obvious reasons, and returned to camp, elated that we had taken such a risk that morning. But more importantly, we had chosen to take our chances (versus being pessimistic), communicating as a team, and pulled off the second virgin peak ascent of the expedition. Later in discussions, we realised that mindsets on mountains mirror situations in life. How are you communicating in times of challenge? It’s about building trust by transparently communicating fears, opportunities, risks and progress. At a critical point in the morning, Grant had supported the idea of for moving ahead, and assessing the situation as the elements of the climb revealed themselves. By just taking that chance to go, instead of bemoaning our bad luck with the weather, we positioned ourselves to reach the top when it mattered. On our return, we explored the mindsets of success with Rozani, and several days later, as a united team of three, tackled our hardest climb yet on that trip, and summitted the 5000-metre Majulah Peak, the highest virgin peak yet climbed by South East Asian mountaineers. I don’t think this was by chance. You get more successful on purpose, not by accident.
ILLUSTRATION BY PHOTOS.COM
• Mindsets on mountains mirror situations in life • The challenge is about building trust by transparently communicating fears, opportunities, risks and progress • You get more successful on purpose, not by accident • Setbacks can happen anytime, but they have a habit of giving you any warning • What matters most is that what you do about setbacks, that produces a good result
Mindsets on mountains mirror situations in life. How are you communicating in times of challenge? It’s about building trust by transparently communicating fears, opportunities, risks and progress But most importantly, when it comes to seizing opportunities in the face of uncertainty, you won’t find success by sitting inside your tent DAVID LIM IS A LEADERSHIP AND NEGOTIATION COACH AND CAN BE FOUND ON HIS BLOG http:// theasiannegotiator.wordpress.com, OR subscribe to his free e-newsletter at david@everestmotivation.com
June 2012
45
SHELF LIFE
“Courage is about clarity and mindfulness—clarity as to what you believe and mindfulness in the execution of those beliefs in the culture” — MIKE STAVER
Leadership Isn’t for Cowards How to drive
performance by challenging people and confronting problems
YOU are a leader. Maybe you lead a team of two or three people, a department, or even a company. Whatever the scope of your leadership, the pressure is on. You have been entrusted with the great responsibility of messing with people's lives. Every decision you make, regardless of whether it creates tremendous profits for your company, can breed discontent among your subordinates—which in turn, can spell your demise. Every day is a tightrope walk between fiscal results and their human consequences. Are you able to keep your balance? With his new book, Leadership Isn't for Cowards, Mike Staver drives home the unique concept that managers/leaders are 'messing with people's lives.' The book pushes you to have the courage to be an impactful and successful leader, while focusing on the 'must haves' in business AND the 'should haves.' Leadership Isn't for Cowards offers straightforward, practical advice for leading courageously and driving performance—while also creating a great place to work. Courageous leadership means toughen-
46
June 2012
ing your approach by being rigorous in the application of your values through the company culture. It means confronting and challenging people, and not letting them get away with being less than you know they can be. The manageable steps on the path to courageous leadership include: • Identifying your core values and evaluating the extent to which you are leading in alignment with them • Discovering where you are allowing circumstances to define you and limit your influence • Learning to overcome your own negativity by changing your external behaviors • Utilising recognition and acknowledgement to elicit higher performance from your followers Staver has taken us to a unique place in the practice of management and leadership. Over the years, Mike has been able to get to the exact heart of every issue that he explores in his speeches and writings. He brings a unique perspective to issues like customer service, company focus, and numerous other top-
ABOUT THE AUTHOR Mike Staver is CEO of The Staver Group and provides keynote presentations, executive coaching, consulting, and workshops. His clients have included Leading Real Estate Companies of the World, Cisco Systems Inc., Amplifon USA, Med One Capital, Inc., and more.
ics. Staver has divided this book into eight sections covering areas such as how today’s leaders are messing up with people’s lives, how one needs to accept the circumstances, how to take action and how to take responsibility. He also deep dives into areas such as committing to new habits, analysing if you’re too harsh or an over-recogniser. Staver makes you confront tough questions such as Do you know what you’re doing? How much of an impact are you really having? Are you a coward? Is culture overrated? How Great Is Denial? What Are You Pretending Not to Know? Are You Honest? He makes you introspect with these questions so you can directly attack your problem areas. He suggests 3 steps to get you started: 1. Identify the areas in your business or life where a gap exists between your current reality and your desired reality. 2. Align yourself with a person or a group of people who can commit to holding you accountable for closing that gap. 3. Make a specific commitment to the outcome(s) you want. Assign dates to them.
NEXT
IMAGING BY RAJ VERMA
HORIZONS
FEATURES INSIDE
Cloud is Not a Bounty of Savings Review your environment, your goals, and your business drivers before making any decision on changing your technology By Barbara Rembiesa
48
June 2012
The Changing Role of IT Pro Pg 50
O
rganisations that chose to â&#x20AC;&#x153;go to the cloudâ&#x20AC;? do not necessarily bring about dramatic savings and IT efficiencies that outweigh or eliminate the need for asset management. In fact, the adverse effect may be the case based on the added risk surrounding data security, access, data transfer and backup along with agreements that include terms that are unclear or misunderstood by parties unfamiliar with this new licensing model. This in turn may lead to an increase in resources at every level.
MANAGEMENT | NEXT HORIZONS
Cloud licensing models are not new Cloud computing is the newest trend in software licensing, but truly the base model for cloud licensing has existed for some time. It’s a new twist on a billing model that has existed since mainframes came into existence -- capacity based computing. The difference in this new model is the vast array of service providers, complexity in licensing schemes and of course the formidable drive aimed at taking more of a share of your organisation’s IT budget and creating a reliance on outsourced service providers. There is much debate in the marketplace on savings opportunities based on migrating to the cloud outside the enterprise. Most CXOs say that the cost savings are extremely important when considering migration to the cloud. Based on IAITAM research though, few companies have realised the projected savings. This could be attributed to poor pre-planning for the implementation, failure to calculate true ROI, or simply the savings are not there. Many cost factors not considered are: • Ongoing training for internal staff and external resources on organisational requirements; • Legacy systems and the integration necessary to be fully functional; • Compatibility issues whether they were “oversold” or improperly assessed; and • Uptime and productivity to fit the needs of the enterprise. Instead of looking at the terms of the agreement for your savings, take a long look at your business needs and what drives your business. Are you looking purely for financial savings and a reduction in IT overhead? Are you looking for increased productivity? Are you looking to mitigate risk from internal unmanaged assets? Let’s take a closer look at items to consider for those three business drivers:
Financial savings • Will your hardware be affected? Will you need to replace existing systems or will there be a reduction in on-premise assets? • Will your software cost go down? Will your existing licensing schemes change or will there be added software necessary to reach out to the cloud? • How are you being billed? Do the charges
show a savings in comparison to your internal SLA’s? • Is ongoing training included?
Risk mitigation
• Is your data more secure? Does the outsourced model add or maintain the security for your data in accordance to your Increased productivity OF CONSUMER CONTENT security requirements? • Is the ability to access data WILL BE STORED • Do you reduce the risk of easier? With this ease of IN CLOUD BY 2016. software noncompliance or access does it also create a PRESENTLY, IT STANDS AT increase it? How does this shift new security risk that did not ONLY SEVEN PERCENT in licensing affect your curexist previously? rent software configurations? • Will your staff be more effiDoes it require you to purchase cient? Will the cloud applicaadditional software to support access to tions and hosting provide your workers your outsourced data or a combination of with efficiencies that were not available software and upgraded hardware to access with the enterprise’s environment? Will the cloud solution? there be more complications to data access because of the increased security • Will you need additional ITAM or addiprotocols? tional security measures to safeguard new device types? Does your organisation have • Is access to your data time sensitive? What policies regarding data access for employprovisions are in place to ensure that the ees, and how about non-employees or data is available when needed? contract personnel? • Will roles change within your organiza• Has the new model been adequately testtion? How will this affect your IT support ed and vetted to guarantee that it meets team, IT asset management (ITAM) or or exceeds your current data security end user business units? Will there be a standards? decrease in staff or will they shift roles • Who owns the data? because of added oversight needed? The above obviously is not a full list of • Who will manage the data? Is there an requirements when considering moving to internal team dedicated to oversee operathe cloud but, instead, a few thinking points tions and audit? Who will manage back to allow you to build a full list to incorporate up and restoration? How does this model into your return on investment calculations. fit into your disaster recovery program if In a dream world, everyone could move to one should impact either your facilities or the cloud and find tremendous savings and those of the cloud provider? never have any down time; but remember, just like software applications, there is no silver bullet or one-size-fits-all solution. Review your environment, your goals, and business drivers before making any decision on changing technology, because as many have discovered in the current environment, without the aid of modern technology your organisation will cease to exist.
36%
There is debate in the marketplace on savings opportunities based on migrating to the cloud outside the enterprise. Most CXOs say the cost savings are important when considering migration to cloud
— Before founding IAITAM, Barbara Rembiesa held key positions in both the financial and consulting sectors. She has implemented and supervised asset tracking projects and discovery tool implementations. — The article has been reprinted with permission from CIO Update. To see more articles regarding IT management best practices, please visit www. cioupdate.com.
June 2012
49
NEXT HORIZONS | MANAGEMENT
The Changing Role of the IT Pro You’ve chosen a profession where you stand at leading edge of transformational change
By Shawn Edmondson
A
ccording to the U.S. Department of Labour Statistics, IT professionals have very little to worry about when it comes to job security. Aside from healthcare-related services, IT ranks at the very top of nearly every list with respect to long-term job prospects.
Even so, I believe that this macroeconomic view hides an important microeconomic truth for IT professionals today: Despite the stability of the IT job market, there is nothing particularly stable about the role. In fact, it’s a role that’s very much in flux. What I mean is that, despite considerable demand-side growth, IT professionals have a formidable supply-side challenge. Outsourcing, automation and, most recently, cloud computing have forced IT pros to move “up the stack” to deliver differentiated value to business. Moving up the stack means upping the game. While demand for IT professionals will almost certainly redouble over time, so will business line expectations. There are two reasons for this. First, IT is increasingly entwined with how companies create and sustain value and business advantage. IT has shifted from a tactical necessity for keeping the lights on to a strategic weapon for seizing opportunity through Web, mobile and social commerce, and brand engagement. Second, consumers of IT services now have choice. Corporate IT used to be your cable company; they made you wait and there was little you could do about it. Today,
50
June 2012
IMAGING BY SHOKEEN SAIFI
Macro vs. micro – a role in flux
Amazon, Salesforce.com and others are just clicks away. This sort of competition creates the free market effects that drive quality of service (QoS) and increased value on the demand side, while forcing supply-side participants to up their game or fade away. So what does this mean for IT pros?
Credit goes to Forrester analyst Glenn O’Donnell for the words that I believe encompass the fateful choice they must make: “Be the automator, not the automated.” IT continues to deliver value by automating away the infrastructure and underlying complexity that has traditionally stood in
MANAGEMENT | NEXT HORIZONS
the way of application value. By doing so, it delivers the speed and agility business lines need to make IT a true strategic weapon. As participants in this transformation, IT professionals must decide whether they want to be a catalyst or a casualty -- among the disruptors or the disrupted. If you’re among the former, here are the patterns you should be driving toward: • On-demand: Where infrastructure, middleware and application are available when you need them ... on demand. No more waiting on IT translates to dramatic improvements in business agility. • Self-service: Where all of these services are available in a catalog, like an enterprise app store, which enables self-service requisition and provisioning to replace tickets and protracted wait times. • Elastic: Services are priced and consumed on an elastic basis like, dare I say it, a utility. You purchase and consume only what you use, which reduces the economic barriers to IT and improves capacity utilisation for cost and energy efficiency. • Abstraction: Where complexity of infrastructure and underlying operating systems and middleware is hidden
applications and managing runtime environments. Don’t forget that simplicity demands complexity. Elegant interfaces are enabled by treAVERAGE STORAGE OF mendous complexity that is DATA PER HOUSEHOLD hidden from the end user. That BY THE YEAR 2016. complexity is yours to keep. The PRESENTLY, IT IS AT 464 difference is that your customGIGABYTES. ers now expect a single button to push instead of a hundred knobs and dials. Your challenge is make the complexity disappear. So, be heartened by the job prospects. You’ve chosen a profession with enduring Automation, abstraction and relevance. But also know that you stand at self-service leading edge of transformational change. Automation, abstraction and self-service Whether that sounds scary or fun may delegation all point to a certain creative determine whether you’ll be among the destruction of traditional IT roles, however automators or the automated. and begs the question: Is this like designing yourself out of a job? I think the answer — Shawn Edmondson is the VP of Product is no. It’s just the opposite. It makes you a Strategy rPath, which automates the assembly, leader in redefining how IT delivers value. provisioning and update of OS and middleware And don’t forget that there’s plenty of platforms. work to do in architecting and implement— The article has been reprinted with permission ing these new delivery models. And there from CIO Update. To see more articles regarding will continue to be plenty of work in definIT management best practices, please visit www. ing and enforcing policies, building new cioupdate.com. through standardization and automation so developers and business users can get out of the weeds to focus on applications. • Application centricity: Which is all that really matters to business, by the way. By reimaging IT in the image of today’s leading cloud providers, IT can get out of the weeds to focus on delivering the application value.
3.3 tb
THOUGHT LEADERS GAUTAM KAPOOR |
The author is GAUTAM KAPOOR, Senior Manager, Deloitte Touche Tohmatsu India Private Limited
Data Privacy in India
Until we as citizens do not demand our right to privacy and are aware of our rights, implementation of any privacy legislation is bound to be unsuccessful WHILE we may appear to be a very private nation, the story is very different when we are behind a computer armed with a keyboard and a camera--we all of a sudden lose our shyness and are very prolific. As can be seen from this: Facebook announced that the number of active registered users in India more than doubled to 46 million in 2011. India now accounts for the second largest Facebook user base in the world accounting for almost five percent of Global Users, a growth of 132 percent in 2011. Who do we share with? I don’t think many of us care. Personal information is often shared freely with everyone, many a times by us, without thinking twice. How many of us have changed our Facebook profile to private? All of this information is shared without us realising who is looking at it for information or for malicious intent. Our younger population, the gen-x, defines its social status by the number of Facebook friends one has! More the better. More means you are more socially acceptable. Public life is organised without much thought to safeguarding personal data. One round of some of the ‘underground’ markets can get you
54
June 2012
all the personal information you were looking for. In India, the concept of privacy in the social sphere is not as prevalent as it is in Europe or the United States. And here lies our challenge (or opportunity!). Many of us may not know that the right to privacy is implicit in the fundamental right to life and personal liberty under Article 21 of the Constitution of India. It is a “right to be let alone”. A citizen has right to be left alone, and to be free in one’s private space, a right to safeguard the privacy of his life, family, marriage and education among other matters. The Supreme Court of India has also maintained this stance in some of its recent rulings. Many of the affirmative rulings on right to privacy, as decided by Indian courts, deal in context of State’s actions denying the citizen their right to personal privacy. Hence the barrage of SMS also continues leading to utter chaos. On one side we have citizens who are completely unaware of their fundamental rights, a society which very tolerant or ignorant, and on other we have lack of legislation and its adherence. The IT Act 2000 (subsequently amended in 2008) has provisions (43-A and 73-A) dealing with data
"Many of us may not know that the right to privacy is implicit in the fundamental right to life and personal liberty under Article 21 of the Constitution of India"
protection. The Government in April 2011 published a set of rules on ‘Sensitive personal data and reasonable security practices’ which covers many aspects of data privacy such as privacy policy; collection of information covering consent, purpose, intent and retention, opt-out mechanism (i.e. you can withdraw your consent to sharing of data); disclosure of information to third party; transfer of information to other countries; maintaining ‘reasonable security’ practices to ensure your data is secure from any breach, etc. This legislation does give some much needed push to data privacy issues in India although its adherence and implementation is turning out to be a big challenge for the industry especially the segment which is very customer data centric such as banks, insurance, BPO, clinical trial, etc. Industries are now left to implement data privacy controls for its huge customer base which may need a lot of investment in terms of time and money. On other hand all is not lost on the end user front. The society is increasingly adopting IT enabled services such as Internet/mobile banking etc. Government’s push towards e-governance projects such as passport seva,
GAUTAM K APOOR | THOUGHT LE ADERS
filing of income tax returns online is also adding to an increased adoption of IT enabled services. With the increase in adoption of these services also comes an increase in the understanding of data security. More and more citizens are becoming sensitive to the issues that impact their personal rights and data security. Any new legislation is bound to fail without active involvement of the citizens. It is a must for every citizen to become aware of their right to privacy and what the IT act provides as provisions for protecting this fundamental right. Until we as citizens do not demand our right to privacy and are aware of our rights, implementation of any privacy legislation is bound to be unsuccessful. Remember while the Supreme Court has ruled on right to privacy before but none of the rulings have been regarding personal data or due to breach of privacy by another private citizen. Hence it’s paramount that we as citizen demand our right to privacy not only from State but also from various industries and corporate
It is a must for every citizen to become aware of their right to privacy and what the IT act provides as provisions for protecting this fundamental right bodies which strive and make money on our data. For the industry it’s now almost mandatory to have a comprehensive privacy framework. Industries/segments handling customer data must start by assessing their current privacy practices and identifying gaps in compliance. They need to have a clear path of how the practices would be implemented in the business and how to
sustain the same in future. Some may require a complete overhaul of their systems/ processes as traditionally we have not considered the privacy while establishing our processes. It’s a paradigm shift which we must accept and address with urgency. —The author is Gautam Kapoor, Senior Manager, Deloitte Touche Tohmatsu India Private Limited.
EVENT
Cache More Relevant Now With data consumption rising, the amount of bandwidth that network operators have to make available is monstrous
Delegates are all ears while Andresen shares his views on the changing IT landscape.
Jonathan Andresen VP, Marketing, Asia-Pacific, Blue Coat Systems, throwing light on how companies can increase performance through caching.
Participants discussing the benefits of caching content.
G
iven the rise of devices that allow people to access data on the go, the consumption of data is only set to increase. In this scenario, it becomes imperative for CIOs to be able to scale or strategize to control bandwidth to avoid overflow. With more and more apps being created everyday, instant access has become a standard, and anything less impacts quality of service or brand value. Against this background, CTO Forum, in conjunction with Blue Coat, organised a round table conference on the subject of
58
June 2012
web caching. The event witnessed top technology decision makers, who work directly with India’s top carriers, deliberating on the issue. According to Jonathan Andresen, VicePresident - Marketing for Asia-Pacific, Blue Coat Systems, "This means only one thing
– that much more data is crossing IT networks and taking up bandwidth.”” Unfortunately, increasing data consumption and static bandwidth cannot go hand in hand. As per Andresen, the number of Internet subscribers is increasing causing performance problems for Internet users that expect content to always be available, from streaming movies to downloading music or file sharing. “One needs to focus on how to deal with this exponential consumption. Ask any
BLUE COAT | E VEN T REPORT
analyst, be it Gartner or Yankee group, they will tell you that customer experience is now one of the biggest and most important differentiators for carriers now. The user experience, download times, and call drops are becoming the issue that carriers are focusing on globally,” comments Andresen. "Network traffic is also changing with a strong preference toward video,” he says. While changing paradigms like HTML 5 which has full video support, we are seeing the market change a lot in the last few years. So, we find a lot of customers, who are global carriers, saying that video is a problem. This problem exists in the mobile and fixed line world as well. If one takes the example of North America. One of the biggest services that is consumed is NetFlix, which is by no means a light service. This is not something that is going to change – in fact it will only get more pronounced. Video is already 51 percent of global traffic. Ask any analyst believe and they say it will grow to over it will grow to over 91 percent of global Internet traffic by 2014 – that is only two years away. Given all the above, Andresen believes that Caching as a concept is more relevant now ever before from an ROI perspective. “The first reason to move into caching is the high cost of the bandwidth, which is a big reason to invest in caching anyway -- especially with repetitive content. Thousands of users are going to use the same websites, watching the same videos, so why are we paying for this repeatedly?" he questions. "Backhauling is becoming important because it’s becoming more expensive for carriers. People are downloading more content and you have to backhaul this traffic. It’s better to have local caching points to leverage that cache content closer to the user and save on international or even domestic bandwidth. If you go towards 4G which will come at some point here, customer satisfaction becomes even more important,” explains Andresenerson. Andresen went on to touch upon Blue
CIOs during the round-table discussion.
Audience listening to Andresen with rapt attention.
Delegates paying keen attention to Andresen as he talks about the challenge that video would pose in the next two years.
Coat’s caching solution – CacheFlow –, which is a caching appliance that sits at the carrier Internet gateway. According to him, customers have achieved up to 90 percent bandwidth savings for dedicated content caching. So if you have only one type of application that you want to cache, you can get 90 percent savings. If they have a mix of applications, you get close to 50 percent which is still a lot when you monetize it. “By caching content closer to the user, CacheFlow can deliver 50 percent faster response times and users actually experience the difference. We had a deployment in a firm in New Zealand, a carrier, who experienced
at least 30 percent performance increase. We also had a successful case in Jordan where we saw close to 90 percent browsing performance increase," Andresen said. According to Andresen customers looking at Value Added Services (VAS), and that's where caching can help especially if there is visibility into what traffic users are going to and packaging solutions around the use cases to monetize it for carriers. A lot of carriers are looking at this as an option now as they see the financial benefit of expanding their service offerings and lowering their fixed bandwidth costs, Andresen adds.
June 2012
59
TECH FOR
ILLUSTRATION BY RAJ VERMA
GOVERNANCE
65% DATA BRIEFING
of hacker attacks are motivated by financial fraud
The ABCs of Cloud Compliance Choosing a cloud provider that has obtained a SOC 2 report will reduce the risk any user organisation faces By Caroline Lowden
60
June 2012
C
COMPLIANCE | TECH FOR GOVERNANCE
Cloud computing is providing many businesses with a cost-
effective, low-maintenance approach to store and maintain customer data. Eliminating on-site servers frees up resources and money allowing businesses to invest in additional products without hindering their workflow or sacrificing security. More cloud, more regulation
This increased reliance on the cloud is creating more focus on regulation, as cloud vendors need to demonstrate that their infrastructure is secure. While the specific regulations, and degrees to which businesses must prove due diligence, vary depending on the industry, the changing nature of standards and reporting procedures can create confusion across the IT landscape. As more companies use cloud providers as data and processing centers, they properly include these providers in their compliance audits. Beyond meeting the requirements needed to operate, regulatory compliance can be a deciding factor for potential customers evaluating cloud providers. With concerns over identity theft and data security lingering, businesses are more likely to select a cloud provider that can demonstrate it has stricter processes and policies in place. If your business is either currently evaluating cloud providers, or contemplating a move, understanding the latest standards and compliance requirements can be critical to finding the best fit. And, while compliance can be a complex subject, asking a few basic questions can help you understand just how prepared a potential provider is to securely house your data.
What do these letters mean?
HIPAA, PCI/DDS, FISMA … to businesses just starting to grasp regulatory guidelines, these letters can look more like a “Words With Friends” board. To your cloud provider, these letters represent the regulations that form the basis of data security compliance. The American Institute of Certified Public Accountants (AICPA) has issued several auditing mechanisms to ensure cloud providers are compliant with such regulations. As with the regulations they incorporate, the dynamics of the AICPA’s reporting tools will change over time. However, companies evaluating the cloud should focus on a few primary reporting tools. The Statement on Auditing Standards No. 70, better known as SAS 70, provided an auditing standard enabling service organisations to demonstrate they have adequate controls and safeguards in place to host and process cus-
tomer data. With a SAS70 report, user organisations (and their auditors) could feel comfortable over the portion of controls outsourced to third parties as they relate to financial reporting. However, the resulting reports were often misused by user organizations looking for assurance over non-financial reporting elements, including security criteria. In 2010, the AICPA introduced the Statement on Standards for Attestation Engagements No. 16 (SSAE 16) to bring financial reporting guidelines and processes up to date. The SSAE 16 report offers a broader description for auditors than required with SAS 70, and requires providers to compose a written assertion about their security systems, controls and objectives. Ultimately, an SSAE 16 audit results in a Service Organisation Control 1 (SOC 1) report, summarising the accuracy of the organisation’s statement on its financial reporting measures. To specifically address criteria for evaluating controls in non-financial areas, the AICPA issues SOC 2 and SOC 3 reports. These reports summarise IT infrastructure and software-related controls, including security, availability, processing integrity, confidentiality and privacy, and are commonly referred to as Trust Services Principles and Criteria (TSPC). Cloud providers looking to ensure their facilities and procedures enable client compliance will need a SOC 2 report. Likewise, SOC 2 reports use fixed evaluation criteria that enable potential customers to compare cloud providers’ specified controls. Organisations that display the SOC 3 seal meet all trust services criteria included within their SOC 2 report without exception, allowing auditors to provide an unqualified, or clean, opinion.
The Biggest difference between SAS70 and SOC2/3 One of the biggest differences between an old SAS70 report and a new SOC 2/3 report is that management of the service organization cannot decide which controls they will test. Service organisations can select which criteria to evaluate (security, availability, confidentiality, processing integrity or privacy), but they must meet the
June 2012
5
POINTS
CLOUD IS providing a low-cost approach REGULATION IS getting focus CLOUD PROVIDERS needs to comply to certain regulations COMPLIANCE ENSURES that data is secure UNDERSTANDING YOUR requirement is the key
61
COMPLIANCE | TECH FOR GOVERNANCE
criteria established within the standard for each one. Gone are the days of the SAS70 report that leaves you wanting to know more. So what should I look for in a potential provider’s SOC 2 report? It is not enough to select a service provider with a SOC 2 report -- you must actually read the auditor’s opinion and make sure it is unqualified. A qualified opinion could mean that the provider failed to provide adequate, operational controls in a particular area. One quick gut check for an unqualified report is to see if the company displays the SOC 3 seal. If they do not, this could be a red flag that their SOC 2 report is qualified, since the AICPA does not grant use of the SOC 3 seal unless your SOC 2 report opinion is clean. Choosing a cloud provider that has obtained a SOC 2 report will reduce the risk any user organisation faces, as the report will provide an in-depth view into the provider’s controls to meet compliance and any gaps that could elevate your risk. The SOC 2 report also outlines controls the user organisation should put in place, and can provide clarity around what services it provides to its customers versus what precautions customers must take on their own. By closely examining such controls, you can immediately identify which providers have the highest compliance standards already in place as compared to those with mechanisms in the works. Finally, make sure the report covers the criteria you find relevant to your organisation. While a SOC 2 report can be a great asset to finding a suitable provider, it is not a one-stop solution to ensure complete compliance. Different industries require different levels of security, confidentiality and privacy, and the SOC 2 report may not emphasize the principles most relevant to specific regulations. Likewise, the SOC 2 is not all-inclusive enough to serve as a single source for compliance across all standards, or replace the need for additional certifications.
What time period does your SOC 2 report cover? – As regulatory dynamics are consistently changing, simply having a SOC 2 report on hand does not necessarily mean it is in line with the latest policies. Verify the dates the provider’s most recent SOC 2 reports were completed, and look for any significant lapses between completions. What physical and logical security procedures are in place to protect and maintain your IT infrastructure?– Any provider you consider should be able to immediately identify the security and availability criteria it has in place to host and control data access. Be sure to ask for specifics surrounding the controls in place at both physical and virtual storage centers, as well as the people and procedures responsible for enforcing such policies. How are physical resources shared and, if necessary, destroyed?– If a provider shares physical resources with outside organisations, define the specific controls in place to prevent unauthorised data access from a partnering company. Compliant providers should have dividing mechanisms in place to prevent crossorganisation access, and be able to easily separate credible users from questionable ones. Additionally, should you need to remove or destroy some of your data down the road, you should inquire into how the provider ensures information is fully eliminated and not accessible to outside users. While outsourcing data and operations to the cloud can bring a wealth of benefits, businesses also must be aware of the regulatory requirements involved in transitioning to the cloud. Understanding what requirements must be taken into consideration, and the questions to ask potential providers, can make sifting through the regulatory abbreviations less complex and intimidating. Ultimately, the goal of compliance in the cloud is ensuring your data is as secure, confidential and private as possible. By doing your due diligence, your company can find the right cloud provider that will protect your customers’ data and prevent additional headaches down the road.
The goal of compliance in the cloud is ensuring your data is as secure, confidential and private as possible
Additional questions to ask What additional compliance questions should I ask a potential cloud provider? Entering the evaluation and assessment process with extensive knowledge of your regulatory requirements, system description and services you plan to outsource to the cloud will further help you ask targeted questions to candidate providers regardless of your industry. To verify a certain provider is compliant and will protect your customers’ data to the fullest, be sure it can answer the following questions confidently and clearly:
— Caroline Lowden is the director of Internal Audit for Cbeyond, a leading cloud and network services provider to more than 62,000 small businesses throughout the U.S. She can be reached atcaroline.lowden@cbeyond.net. — The article has been reprinted with permission from CIO Update. To see more articles regarding IT management best practices, please visit www.cioupdate.com.
June 2012
63
TECH FOR GOVERNANCE | SOCIAL MEDIA
Tips for Social Media Crisis Response A successful social media crisis response strategy can be put in place by adhering to nine tips NEIRA JONES
N
ot impressed with LinkedIn's social media crisis response after more than 6M user passwords got leaked on 6th June? Read on... In one of my February posts, I wrote about incident response and the importance of addressing the media in a timely manner. Whilst the draft NIST report SP 800-61 gives really good guidelines on the positive aspects of fully and effectively communicating important information to the public, I feel there is some mileage to be had by exploring the use of social media when tackling incident response. After all, we've all seen how quickly news can spread on twitter here or here... So, should you be breached, you would no doubt have a crisis communication process already in place, but does it include social media?...
Social media crisis response brings a new dimension to crisis communications: speed. My previous post highlighted how to prepare for traditional media (training, mock interviews and press conferences, prepared statement structure, do's and don'ts, etc.). With social media crisis management, time is of the essence: the first 24 hours are crucial as this is when people will cast their digital nets out and frantically search for information. I am assuming at this stage that you have an established and tested incident response plan
64
June 2012
IMAGING BY SHOKEEN SAIFI
The need for speed...
(if not see my previous posts on the subject). You need to be prepared: the internet does not wait for your CEO to respond, the news will spread with or without your involvement. You have however a chance to take control. So assuming incident response is already well established in your organisation, you
are in good shape as you have most of the building blocks in place. One easy block to add (now!) is a web page dedicated to a potential crisis/ breach. Having this prepared with an easy structure to follow will enable you to control the flow of information very quickly.
SOCIAL MEDIA | TECH FOR GOVERNANCE
The structure of your web page should follow what I call The Three As and it should include the following sections (IMHO): • ACKNOWLEDGMENT: This early, you may not know much, but you could look at: Who attacked you? Why? etc.; When did it happen? How did it happen? How widespread? What/ who does it affect? How did you find out? • APOLOGY: all too often, organisations do not acknowledge that their customers/ partners/ stakeholders/ etc. may be worried/ could be inconvenienced/ need to be reassured. Even if you don't know much at this stage, show you feel the pain and that you are trying to make it go away... Acknowledgement that you are listening and seeking answers buys a lot of time and more importantly can quell anger and resentment. • ACTION: again, at this stage, you may not know a lot, but you need to share what steps you propose to take/ have already taken to 1) determine what happened and 2) prevent it from reoccurring and 3) Maintain the trust of your customers/ stakeholders/ partners/ etc.Design your web page with this structure so content can easily be dropped in when needed.
• ADVOCACY: it is not new that in any kind of crisis communication, third party experts (these can be industry commentators, journalists, experts in your field, etc.) will be the most trusted group: seek them out and give them the information. Also seek out your allies and partners and keep them informed. And finally, take a deep breath, trust your employees to be your advocates. There is limitless untapped value in personal social networks... If you want your employees to be your advocates, be sure they know first (before the media and external parties) what messages are going to be delivered. They can not only alert you to opportunities but also to crisis issues via their own networks. The key word here is enablement. • ADHESION: facing a crisis situation does not mean you have to surrender your corporate values. Be sure your messages are constructed within the framework of your corporate image as now is not the time to surrender caution and governance. In addition, be clear about your limits: you cannot solve every problem for everyone, so you'll have to think of way of pacifying part of your (unhappy) audience when solutions cannot be found quickly.
Head for spread...
Check the decks...
With your web page, you now have a single, So now that you've achieved speed and simple, point of referral. But having a web spread, you've got a couple more things to page doesn't necessarily mean people seekdo before you become the de facto informaing information will find it... You need to tion hub for the crisis at hand. This is perbecome the central hub for information on haps the scariest step because this is where the crisis. As with everything in life, you you have to open up... can't do this on your own. Yet again, I have Three More As for you Again, I offer Another Three As: and these are about stacking the odds in your favour: • AMPLIFICATION: use all the social media avenues available to you: twitter, • ANALYSIS: you have to monitor real time Facebook, YouTube, Google+, LinkedIn, content on the various networks in order blogs, etc. Use these to direct information to categorise and prepare the type of conseekers to your crisis web page. Do this tent needed on your web page. often (at least two or three times a day to • ANSWER: invite comments and answer cater for the different time them (on your web page). Yes, zones, and be under no illuvery scary, but bear in mind sion: the world is watching that not inviting comments you even if you only operate will have a negative impact on in one country/ time zone). your brand. It is however posKeep your webpage updated ORGANISATIONS INTEND sible to manage comments very as and when you know more successfully by remembering TO SUPPORT FLEXIBLE and amplify it by using all the a few things: not every comWORKSTYLES BY 2013 tools at your disposal (e.g. crement requires a reply and you ate your own hashtag first). must know when to disengage;
93%
Having a web page doesn't necessarily mean people seeking information will find it. You need to become the central hub for information on the crisis. As with everything in life, you can't do this on your own if a hostile ring leader emerges, it is best to take the discussion out of the social media sphere and engage directly; there is never any harm in specifying your rules of engagement (e.g. no foul language allowed); Keep up with the Joneses: if a negative blog entry is posted, respond with a positive entry from your CEO, etc. • AGGREGATION: as you're getting the hang of it, you are now ready to become the de facto information hub by posting all stories on the crisis on your web page (positive or negative). You will rapidly realise that you cannot control the conversation. You are however in complete control of where the conversation appears on your web page: make sure your opinion and your content has prominent and favourable placement. Here we go, to recap, a successful social media crisis response strategy can be summarised by 1) The Need For Speed 2) Head For Spread and 3) Check The Decks... As ever, the best line of defence is being prepared...Until next time.
— This article is printed with prior permission from www.infosecisland.com. For more features and opinions on information security and risk management, please visit Infosec Island.
June 2012
65
TECH FOR GOVERNANCE | CLOUD
The Path to NoOps is Through the Cloud
F
Automation through a consistent, elastic environment is a key component to success
BY RAFAL LOS
it's still an unreachable state given today's conditions in developirst a quick refresher - NoOps does not actually mean "No ment. Many of these organisations don't have the automation, Ops" as in "no operations" ... that would be silly... instead the knowledge, or the understanding of risk to get them to a state NoOps focuses heavily on the extreme levels of automation where they're rapidly releasing code that is risk averse. So what and workstream optimisation to achieve new speeds in rapid is the single most valuable piece of technology that can push a deployment. development closer towards a NoOps methodology? I believe it's NoOps' focus is on leveraging automation, from development the adoption of cloud computing. While many of the security folks through deployment and beyond, to increase the speed at which who read this blog are probably shaking their heads right about applications can be brought through the release loop. now, read on and let me convince you. Organisations are finding efficiencies that can provide them enhanced levels of speed from several releases a year to several releases a week, potentially all while finding innovative ways to From a Security Angle reduce risk to the application. From a security angle, adopting cloud services - or compute as a Keep in mind that reduced risk isn't simply talking about 'security' service - initially sounds dangerous. There's nothing quite like givhere. Risk can come from a failed deployment due to a configuraing up that control you have over your environment right now to tion error or deployment environment inconsistency. Risk can come some vendor or 3rd party where you can't actively touch or change from a successful attack due to an exposed security issues which security settings. went unchecked. Risk can come from poor performance under genThis would be totally true if that control I'm referring to wasn't eral or special conditions... again an issue which went unchecked a complete illusion security professionals have deluted themselves through the SDLC loop. The risk to the application is into believing. Be honest with yourself - how just as great from a failed deployment script as it is from muchdirect control do you have over your environment a successful SQL Injection attack - either way the appliright now? cation suffers a catastrophic failure. For security organisations who have already started makAn application that cannot be deployed to meet cusing the shift from a control-based to a governance-based tomer requirements is on some levels just as much security methodology having a level of trust in a 3rd party LINKEDIN FACES CLASS a failure as losing data through database exfiltration service is easier than those who are still stuck thinking they ACTION LAW SUIT FOR using SQL Injection - either way your customer will ever had control of their own dominion in the first place. ALLOWING HACKERS TO lose trust in your ability to deploy resilient and operaLet's pretend that you can no longer execute the secuUSE ITS ACCOUNT tional code. NoOps sounds like a great idea in theory, rity policy of the various environments your applications and many organizations I'm working with today fancy get deployed to - what's left? What if you could simply it something they would eventually like to get to but dictate that policy, and govern its execution through
$5 mn
66
June 2012
CLOUD | TECH FOR GOVERNANCE
real-time telemetry? Is your Infrastructureas-a-Service (IaaS) provider doing their job delivering a low-risk environment? You can easily validate policies as 'enforced/not-enforced' without having the ability to make changes or perform changes yourself... and it may even be more valuable to have someone else make the actual technical security changes while you provide the business context and govern the policy. Furthermore, think about the huge benefits to overall risk reduction you can make when you can fully automate the deployment of virtual machines for development, testing, and production systems - all from base images which were built with security from the ground up. This is a radical new approach to development where the developers and operations engineers get to deploy quickly while having security "infused" throughout the release process from requirements, to development, to build and deploy and post-release monitoring... without having to have someone from the security team constantly showing up at the last minute slowing down the release process.
Lower risk is all about not having to change too much from a functional state. This can easily mean that if you've got a working and stable, scripted and configured development environment you need to be able to transport that to the build/test environment and then onto production in a hurry without having to spend time manually making configuration changes and scripting new bits. Ultimately we want choice, consistency and confidence (the 3 C's) in the available environment to get from start to finish and back to start again with minimal pain and manual tweaking. As an example, HP's Converged Cloud story supports this line of thinking exactly. Being based on OpenStack - how's Converged Cloud delivers choice and consistency whether you're deploying a private cloud in-house, a public cloud, or a hybrid cloud environment. Having all of these delivery options for you be consistent works for towards the goal of deploying faster. Furthermore, having standardised on OpenStack the customer has choice to move from one vendor to another, and even to/from the HP Cloud Service (HPCloud.com) if necessary or required. Confidence comes from having the ability to build security and resiliency into the compute services that will be leveraged to enable more rapid delivery of less risky applications.
IMAGING BY SHOKEEN SAIFI
From the Developer/ Operations Angle
Confidence comes from having the ability to build security and resiliency into the compute services Developers have the ability to code and package an application once and deploy to various incantations of the cloud service, whether it's private, public or hybrid - by abstracting the model from the technical implementation it becomes more simple to create successful deployments from development, to test, and ultimately to release and back again. Why do I feel that a converged cloud strategy is one of the most important factors in enabling NoOps? If you believe that NoOps is about automation, not the elimination of operations functions, then you must believe that automation through a consistent, elastic environment is a key component to success... and less risk. â&#x20AC;&#x201D; This article is printed with prior permission from www.infosecisland.com. For more features and opinions on information security and risk management, please visit Infosec Island.
June 2012
67
VIEWPOINT KEN OESTREICH
PHOTO BY PHOTOS.COM
Meeting IRL Why the Valley’s so Cool
IRL IS A reference you see on twitter — it means “In Real Life.”. Sometimes we underestimate the value of meeting in real life. It’s more convenient to email than to pick up the phone. And more easy to call than to arrange to have lunch. And for those of us addicted to Twitter, we feel as if we have our own community of followers and frequent commentators at our fingertips. The value of meeting in real life struck a chord a few weeks ago while in Santa Clara at the Cloud Connect conference. Many of the speakers, start-up stars, consultants, bloggers and tweeps were all known to each other. Its a very clubby bunch... but mostly online in the virtual world. Once at the conference, there was this explosion of meetings and meetups in the hallway, over lunch, over drinks, even over Falafels (you know whoyou are). And then there was a re-launch party given by CloudScaling Inc.: Open bar, DJ, packed room, endless conversation groups — a who’s-who of the Clouderati, hangers-on, and maybe even cloud groupies. But symbolically, this party
68
June 2012
was important. It not only signaled that “the valley is back”, but also illustrated to me the importance that all of these people, from all over the country,needed to meet in real life. In fact, I bet that the majority of the “who’s who” in cloud - top consultants, bloggers, influencers - where all there, congregating. No, not the Masters of Industry. But the people doing the work, the innovation, the evangelising. Yes, it was clubby. And surprisingly small, if you think about it as an entirely nascent-but-growing industry. These people were performing and important social and economic function. They were exchanging ideas, opinions, information. Where is the industry going? Which are the hot companies this month? Who got hired where? Where is so-and-so working now?
What makes the Valley so cool - and so hard to replicate Every so often I hear that a local government is looking to replicate Silicon Valley. High-speed optical networking. Tax breaks. Cheap commercial real estate. Attracting VCs.
ABOUT THE AUTHOR: Ken Oestreich is a marketing and product management veteran in the enterprise IT and data centre space, with a career spanning start-ups to established vendors.
What theyReally need to do is host more parties. I say that tongue-incheek, but in reality it is the social networking component to the valley that makes all of the difference - the talent fluidity, the idea fluidity. And that’s really hard to legislate. Back in 1990’s, AnnaLee Saxenian authored a prescient book, “Regional Advantage: Culture and Competition in Silicon Valley and Route 128.” The thesis is why two regions, both with many great schools, and many great corporations, evolved so differently. In the prologue she wrote The valley is very fast-moving and start-ups have to move fast. The whole culture of the Valley is one of change. We laugh about how often people change jobs. The joke is that you can change jobs and not change parking lots. There’s a culture associated with that which says that moving is okay, that rapid change is the norm, that it’s not considered negative on your resume... So you have this culture of rapid decisions, rapid movement, rapid changes, which is exactly the environment that you find yourself in as a start-up.
Networks are complex. Your network performance management shouldnâ&#x20AC;&#x2122;t be. Decomplexify it with Riverbed Cascade.
Go to www.Riverbed.com/Cascade to see how Riverbed is Decomplexifying network performance management by enabling end-to-end visibility into the performance and troubleshooting of critical business applications. For any queries, please contact marketingindia@riverbed.com or +91 9845652826, +91 80 40300567