cioandleader.com
A Question of Answers
Best of Breed
Viewpoint
Time is Ripe for Intelligent Networks Pg 14
Build a 'Social Enterprise' to Win in the 21st Century Pg 18
Back to Work Pg 68
09 T r a c k t e c h n o lo g y
B u i ld b usi n ess
Shape self
Seven Tips to Improve Patch Management | Keeping Safe in the Cloud
Turning a crisis into an opportunity is the hallmark of a true leader whom
Volume 01 | Issue 09
A 9.9 Media Publication
Volume 01 Issue 09 September 2012 150
CTO FORUM 210x280(TRIM) 213x283(BLEED)_27 Sep 2012
editorial yashvendra singh | yashvendra.singh@9dot9.in
Follow Worthy Leaders
Testing times present an opportunity for leaders to find new directions
T
he best time to gauge the measure of a leader is during a crisis. Challenging situations separate leaders from ordinary people. Those who can uphold their sense of perception even during trying times are the ones who will show the way forward to their organisations. I am sure, as enterprise technology decision makers, there would have been times when you too were confronted with challenging situations. In any ordinary individual such circumstances are bound to elicit emotions of frustration, anger, distress or disappointment. Not
in a true blue leader, who is built to handle just these situations. For a CIO, who also has leadership abilities, such testing times are an opportunity to display some real pluck. It is also a chance to get his way. During peaceful times, people put up stiff resistance to any kind of change. They want to maintain status quo. A crisis presents just that small window of opportunity when a CIO can push for the changes that we so desperately needed in the organisation. Technology leaders have also leveraged emergency situations to break down silos and start
editors pick 28 Others Follow
Turning a crisis into an opportunity is the hallmark of a true leader
working across functions, which may not be happening so easily earlier, for the common good of the organisation. However, this does not mean that you have to dive into any crisis head first. Several CIOs acknowledge the importance of providing a viewpoint by standing a step back from the arena of action. Just as in a mountaineering team where the team leader stays at the base camp rather than scaling the summit so that he can direct a response if any untoward incident takes place, an effective leader can play a crucial role by standing back. In this issue, we invited some of the top technology leaders to share their most exigent professional situations and how they overcame them. Several of you will be able to relate to their experiences. We hope our efforts will help others in getting better prepared to take on future challenges.
Finally, whatever anyone says, the truth remains that the traits needed for becoming a great leader have not changed much since Alexander the Great began his military expansion plans to reach the "ends of the world and the Great Outer Sea." So, while markets, processes, technologies and strategies may change, the basics of leadership would remain the same, always. As the famous author and speaker John Maxwel has said, “People don’t at first follow worthy causes; they follow worthy leaders who have worthy causes.� So stand tall and responsibly accomplish the critical assignments that will help grow your organisation even in the most challenging of situations.
September 2012
1
september 2012 28
Cover Story
RegulArs
28 | Others Follow
s p i n e
cioandleader.com
Turning a crisis situation into an opportunity is the hallmark of a true leader
01 | Editorial 06 | E nterprise Roundup 68 | viewpoint a QueSTion of anSwerS
BeST of Breed
viewpoinT
Time is Ripe for Intelligent Networks Pg 14
Build a 'Social Enterprise' to Win in the 21st Century Pg 18
Back to Work Pg 68
Volume 01 Issue 09 September 2012 150
09 T r a c k T e c h n o lo g y
September 2012
Volume 01 | Issue 09
2
Copyright, All rights reserved: Reproduction in whole or in part without written permission from Nine Dot Nine Interactive Pvt Ltd. is prohibited. Printed and published by Anuradha Das Mathur for Nine Dot Nine Interactive Pvt Ltd, Bungalow No. 725, Sector - 1, Shirvane, Nerul, Navi Mumbai - 400706. Printed at Tara Art Printers Pvt ltd. A-46-47, Sector-5, NOIDA (U.P.) 201301
shape self
Turning a crisis inTo an opporTuniTy is The hallmark of a True leader whom
Seven TipS To improve paTch managemenT | Keeping Safe in The cloud
Please Recycle This Magazine And Remove Inserts Before Recycling
B u i ld B usi n ess
A 9.9 Media Publication
Cover Design by shokeen saifi
Special leadership section Page 38A to 54
my story
40 | At BPTP, We Value Training a Lot Vilakshan Jakhu,
CIO, BPTP speaks with CIO&Leader on some of the industry firsts he has headed at BPTP, leadership lessons, training and using IT to xx the fullest
39 | Top Down Money Matters
Ashwani Khillan, CTO, MTS believes that making people realise how they contribute to the revenues is a big motivation factor
52 | opinion context in asian negotiations, When you get broken homes, when you call you father by his first name — you get a society far divergent from Chinese cultures where filial piety reigns
49 | The best advice I ever got “People matter the most” A CIO should always know the future of technology and its impact in the business that he handles
50 | ME & MY MENTEE A Symbiotic Relationship Professional confrontation can lead to value for the company
43 | Leading edge Leading in the 21st century Six global
54 | SHELF LIFE Taking people with you The book is not
leaders confront the personal and professional challenges of a new era of uncertainity
just about a thought on leadership. It is a workbook and a well developed organised
September 2012
3
www.cioandleader.com Managing Director: Dr Pramath Raj Sinha Printer & Publisher: Anuradha Das Mathur Editorial Executive Editor: Yashvendra Singh Consulting Editor: Atanu Kumar Das Assistant Editor: Varun Aggarwal & Akhilesh Shukla DEsign Sr. Creative Director: Jayan K Narayanan Sr. Art Director: Anil VK Associate Art Directors: Atul Deshmukh & Anil T Sr. Visualisers: Manav Sachdev & Shokeen Saifi Visualisers: Sristi Maurya & NV Baiju Sr. Designers: Raj Kishore Verma, Shigil Narayanan & Suneesh K Designers: Charu Dwivedi, Peterson PJ, Midhun Mohan, Prameesh Purushothaman C & Haridas Balan MARCOM Associate Art Director: Prasanth Ramakrishnan Designer: Rahul Babu STUDIO Chief Photographer: Subhojit Paul Sr. Photographer: Jiten Gandhi
14 A Question of Answers
14 | Time is ripe for intelligent networks Mahesh Gupta, VP, Cisco
India, talks about the need for networks to become intelligent 62 | tech for governance: seven tips to improve patch management Find patching to be an easy part of systems management
18 | Best of breed: build a ‘social enterprise’ to win in the 21st century Any journey needs a guidebook and the journey to social enterprise is no exception
4
56 | Next Horizons: fed finally embraces security US will ensure that agencies using classified computer networks protect info
September 2012
advertisers’ index Iomega IFC HP – PSG 5 Fujitsu 9 Schneder 12, 13 Wipro 26, 27 Riverbed IBC IBM BC This index is provided as an additional service.The publisher does not assume any liabilities for errors or omissions.
advisory Panel Anil Garg, CIO, Dabur David Briskman, CIO, Ranbaxy Mani Mulki, VP-IT, ICICI Bank Manish Gupta, Director, Enterprise Solutions AMEA, PepsiCo India Foods & Beverages, PepsiCo Raghu Raman, CEO, National Intelligence Grid, Govt. of India S R Mallela, Former CTO, AFL Santrupt Misra, Director, Aditya Birla Group Sushil Prakash, Sr Consultant, NMEICT (National Mission on Education through Information and Communication Technology) Vijay Sethi, CIO, Hero MotoCorp Vishal Salvi, CISO, HDFC Bank Deepak B Phatak, Subharao M Nilekani Chair Professor and Head, KReSIT, IIT - Bombay NEXT100 ADVISORY PANEL Manish Pal, Deputy Vice President, Information Security Group (ISG), HDFC Bank Shiju George, Sr Manager (IT Infrastructure), Shoppers Stop Farhan Khan, Associate Vice President – IT, Radico Khaitan Berjes Eric Shroff, Senior Manager – IT, Tata Services Sharat M Airani, Chief – IT (Systems & Security), Forbes Marshall Ashish Khanna, Corporate Manager, IT Infrastructure, The Oberoi Group Sales & Marketing National Manager – Events and Special Projects: Mahantesh Godi (+91 98804 36623) National Sales Manager: Vinodh K (+91 97407 14817) Assistant General Manager Sales (South): Ashish Kumar Singh (+91 97407 61921) Senior Sales Manager (North): Aveek Bhose (+91 98998 86986) Product Manager - CSO Forum and Strategic Sales: Seema Menon (+91 97403 94000) Brand Manager: Jigyasa Kishore (+91 98107 70298) Production & Logistics Sr. GM. Operations: Shivshankar M Hiremath Manager Operations: Rakesh Upadhyay Asst. Manager - Logistics: Vijay Menon Executive Logistics: Nilesh Shiravadekar Production Executive: Vilas Mhatre Logistics: MP Singh & Mohd. Ansari OFFICE ADDRESS Published, Printed and Owned by Nine Dot Nine Interactive Pvt Ltd. Published and printed on their behalf by Anuradha Das Mathur. Published at Bungalow No. 725, Sector - 1, Shirvane, Nerul, Navi Mumbai - 400706. Printed at Tara Art Printers Pvt Ltd. A-46-47, Sector-5, NOIDA (U.P.) 201301 For any customer queries and assistance please contact help@9dot9.in This issue of CIO&Leader includes 16 pages of CSO Forum free with the magazine
Enterprise
Round-up
story Inside
image by photos.com
90% of Downloaded Mobile Applications Will Be Free in 2012 Pg 08
43 Technologies That Will Impact Indian Cos in Next 10 Years Analysts
say Indian firms are more price-sensitive Transformational technologies such as virtualisation, cloud computing and data deduplication will enable new ways of doing business across industries, according to the Hype Cycle for information and communication technology (ICT) by Gartner, Inc. The Hype Cycle report identifies 43 key technologies and describes the ways in which they will impact business performance during the next 10 years. “Among the 43 technologies listed, 24 will mature within the next five years, and 20 of them will have a transformational or high impact on businesses,” said Sanish KB, research analyst at Gartner.
6
September 2012
“Some technologies, such as cloud computing, data deduplication and virtualisaation, enable new ways of doing business across industries, which will result in a major shift in industry dynamics and will also lead to the creation of a new and improved — and sustainable — ecosystem. Some technologies will become mainstream in less than two years. For example, new investments in immersive group systems are increasingly being replaced by investments in personal and executive systems. This is decreasing the scale of market and speeding up the rate at which these types of solution move off the Hype Cycle,” he said.
Data Briefing
26%
Will be the smartphone shipment market which China will account for in the year 2012
Enterprise Round-up
They Samuel J Said it Palmisano
image by photos.com
Palmisano was in Gurgaon to attend the IBM Smarter Cities Forum and he shared his thoughts for building smarter cities for a better tomorrow.
66% of Indians are Victims of Cybercrime Study finds consumer cybercrime costs $8 billion in India More than 42 million people fell victim to cybercrime in the past twelve months, suffering approximately $8 billion in direct financial losses, finds the latest Norton Cybercrime Report. The study was aimed at understanding how cybercrime affects consumers, and how the adoption and evolution of new technologies impacts people’s security based on on self-reported experiences of more than 13,000 adults across 24 countries. The 2012 edition of the Norton Cybercrime Report calculates the direct costs associated with global consumer cybercrime at $110 billion over the past twelve months. According to the Norton Cybercrime Report 2012, 66 percent of Indian online adults have been a victim of cybercrime in their lifetime. In the past 12 months 56 percent of online adults in India have experienced cybercrime, (more than 115,000 victims of cybercrime every day, 80 victims per minute and more than one per second) and the average direct financial cost per victim is $192 up 18 percent over 2011 ($163). Globally, every second, 18 adults become a victim of cybercrime, resulting in more than one-and-a-half million cybercrime victims each day. With losses totaling an average of $197 per victim across the world in direct financial costs, in the past twelve months, an estimated 556 million adults across the world experienced cybercrime.
QUICK BYTE social media
“If (leaders) are going to manage in the long term, they will need to build organisational support for their concepts and ideas. And you can only do that in a collaborative environment, with good team work and spirit. And you can’t dictate it and will it — you have to persuade people (to accept your ideas)” —Samuel J Palmisano, Chairman, IBM
A Gartner study says that companies are increasingly buying false ‘likes’ and social media reviews. The large population of Internet users flocking to social networks has put pressure on companies to increase their following, likes and reviews on social media networks. September 2012
7
image by photos.com
Enterprise Round-up
90% of Downloaded Mobile Apps to be Free Apple, Google,
Microsoft will continue to dominate Free apps will account for close to 90 percent of total downloads in 2012, according to Gartner, Inc. Worldwide mobile app store downloads will surpass 45.6 billion in 2012, with free downloads accounting for 40.1 billion, and paid-for downloads totaling 5 billion. “In terms of the apps that consumers are buying, 90 percent of the paid-for downloads cost less than $3 each,” said Sandy
Shen, research director at Gartner. “Similar to free apps, lower-priced apps will drive the majority of downloads. Apps between 99 cents and $2.99 will account for 87.5 percent of paid-for downloads in 2012, and 96 percent by 2016.” Gartner expects Apple's App Store to have more than 21 billion downloads in 2012, which is an increase of 74 percent over 2011 and indicates continued strong demand for mobile app content.
Global Tracker
By 2017, India plans to
develop supercomputers 61 times faster than Sequoia, the world’s fastest
supercomputer 8
September 2012
Source: PTI
Supercomputers
“Apple’s market share is the largest, considering its App Store accounts for 25 percent of available apps in all stores,” said Brian Blau, research director at Gartner. “The number of apps available is driven by an increasing number of stores in the market today that include platform owners, device vendors, communication service providers (CSPs) and others who want to offer core mobile app services. These stores will see their combined share of total downloads increase, but demand for apps overall will still be dominated by Apple, Google and Microsoft.” Besides a few major app stores from global OS vendors (such as Apple's App Store, Google Play and Microsoft's Windows Phone Marketplace), Gartner analysts said there are also stores from third parties that attract users with their brands or take advantage of the lack of dominant players in some markets. “Amazon has appealed to users with its strong brand, global presence and a good selection of high-quality content while Facebook’s recently launched App Center — supporting both mobile devices and desktops — will become a powerful competitor due to its strong brand and leading position in social networking and gaming,” said Shen. “In China, there is a boom market of independent Android stores, due to the lack of presence of Google Play and 'weak' stores from CSPs. We expect to see more new entrants to the market, aiming to deepen relationships with their customers and/or to capture some of this growth market.” Using an in-app purchase business model is a more effective method of converting casual app users into paying customers and then retaining them with good user experience and continued product updates. This is a different approach from upfront payment where users pay and download, and can be disappointed by the experience and never come back. In-app purchasing opens the door to a recurring revenue stream for developers, but app performance and design will always be the most important factor when attracting new users and keeping them satisfied. In-app purchases will drive 41 percent of the store revenue in 2016. While the market is moving toward free and low-priced apps, in-app purchases will drive downloads as well as app store revenue.
Enterprise Round-up
image by photos.com
Security Infra to Grow 8.4% in 2012 Demand is driven by the threat landscape
While the global economic slowdown has been putting pressure on IT budgets, security is expected to remain a priority through 2016, according to Gartner, Inc. Worldwide spending on security is expected to rise to $60 billion in 2012, up 8.4 percent from $55 billion in 2011. Gartner expects this trajectory to continue, reaching $86 billion in 2016. The security infrastructure market consists of the software, services and network security appliances used to secure enterprise and con-
sumer IT equipment. IT outsourcing (managed security services), secure Web gateway (appliance), and security information and event management (SIEM) are the fastest-growing security segments. Demand for cloud-based security is also impacting a number of key security markets, and above-average growth is expected for this new delivery model. “The security infrastructure market is expected to experience positive growth over the forecast period, despite risks of further economic turbulence,” said Lawrence Pingree, research director at Gartner. “Results from the 2012 annual Gartner CIO survey show increased prioritisation for security compared with 2011 and results from Gartner budgeting surveys published in June 2012 underline the fact that organisations globally are prioritising on security budgets.” Overall, 45 percent of survey respondents expected a security budget increase, 50 percent expected their budget to remain the same and only five percent expected their budget to decrease in 2012. This pattern varied little across regions, although some countries in emerging regions demonstrated a much-higher expectation of an increase. “Although security remains fairly resilient in tough times, the prolonged financial crises seen in the US and Europe have had some impact on IT security spending globally but to a lesser extent for emerging countries, such as Brazil, China and India,” said Ruggero Contu, research director at Gartner. It expects demand for security products and services to be driven by the persistent threat landscape and influenced by the increasingly targeted and evolving attack patterns that are growing in sophistication.
Fact ticker
APAC PC Shipments Decline 2.6% in Q2 2012 China
experienced the first negative growth Asia Pacific personal computer (PC) shipments totaled 30.3 million units in the second quarter of 2012, a 2.6 percent decline compared with the same quarter in 2011, according to Gartner, Inc. The most notable decline came from China’s PC market at 5.4 percent, marking its first year-onyear negative growth ever.
10
September 2012
“Gloomy worldwide economies have put a dampener on PC spending in the region over the past year,” said Lillian Tay, principal analyst for Gartner. “The wide array of alternate products entering the market is also affecting consumer spend, resulting in declining interest in PC spending.” The overall decline was
reflected in both the mobile PC and desk-based PC shipment segments, decreasing 3.7 percent and 1.7 percent respectively. The professional segment declined for the second time this year, down 8 percent in 2Q compared with the same quarter a year ago as organisations deferred PC purchases where possible and reigned in their expansion plans, preferring to be more prudent not knowing how the market situation will evolve with all the uncertainties. The consumer segment managed to show better results.
Communications
T
he goal of Unified Communications (UC) is to embed communications into business processes to deliver quicker and better decision making, to enhance collaboration across geographically diverse teams, and to improve overall efficiency to make enterprises more agile and competitive. There is an imperative need for effective convergence of various modes of communication; this need for convergence is also driven by the necessity to streamline business processes in line with latest collaboration technologies. The 2011 Indian UC market showed an increase in awareness of emerging trends in the industry like social collaboration, virtualisation, cloud communication, and mobile conferencing. The overall spending on UC in India has been estimated at $522.7 million in 2011. The extent to which these applications were put to use by enterprises showed a good y-o-y improvement over 2010. Currently, maximum deployment has been witnessed among large enterprises banking, service providers, government, and manufacturing are the primary adopters of UC applications. To discuss implementation of successful UC solutions and tackle associated challenges, the Frost & Sullivan will be hosting its 3rd conference in Mumbai, Bangalore, and Delhi.
An MBA may not make you a CIO, but this can The CIOs of tomorrow are expected to be outstanding business leaders, not just good technical experts, who can collaborate and communicate in their professional environment ITNEXT invites you to participate in the 2-day Pocket CIO programme to equip yourself with strategic, technical and soft-skills needed for senior management roles. The training sessions will be hosted by experts, and will feature eminent CIOs. SESSIONS WILL COVER
Contemporary trends in a current technology area Delivering innovation or improving business outcomes through IT solutions Best practices for installing, operating and improving enterprise services/infrastructure Thinking strategically about IT Leadership in the corporate context Communication skills for top managers Visit www.next100.in to register for Pocket CIO programme. The full-day (9:00 am to 6:00 pm) program is entirely free of cost.* PRINCIPAL PARTNERS
NEXT100 BOOK PARTNER
KNOWLEDGE PARTNER
MUMBAI : 14th – 15th SEPTEMBER BENGALURU : 21st – 22nd SEPTEMBER NEW DELHI : 28th – 29th SEPTEMBER
TECHNOLOGY PARTNERS
SUPPORTING PARTNER
DATE & CITY
MEDIA PARTNER
APPLY NOW ! www.itnext.in/next100 EVENT BY
* Seats are limited at each location and will be offered only to qualified candidates
DATA CENTER CORNER MODULARITY
Maximise Benefits From Cloud and Virtualisation While the benefits of IT virtualisation technology and service delivery model are well known, their effects on the data center physical infrastructure (DCPI) are less understood. We provide insights into successful strategies for dealing with these effects. SUMMARY There are four effects or attributes of IT virtualisation — The rise of high density; Reduction of IT load and its Impact on PUE; Dynamic variation of IT loads; Re-look at the extent of redundancy required
12
W
ithout question, IT virtualisation the abstraction of physical network, server, and storage resources - has greatly increased the ability to utilize and scale compute power. Indeed, virtualisation has become the very technology engine behind cloud computing itself. While the benefits of this technology and service delivery model are well known, understood, and increasingly being taken advantage of, their effects on the data center physical infrastructure (DCPI) are less understood. Our aim is to describe these effects while offering possible solutions or methods for dealing with them. These effects are fairly long-standing not new and successful strategies for dealing with them exist today. There are four effects or attributes of IT virtualisation. The rise of high density – Higher power density is likely to result from virtualisation, at least in some racks. Areas of high density can pose cooling challenges that, if left unaddressed, could threaten the
September 2012
reliability of the overall data center. Several approaches for cooling high density racks exist. Perhaps the most common method is to simply “spread out” the high density equipment throughout the data center floor rather than grouping them together. By spreading out the loads in this way, no single rack will exceed the design power density and consequently cooling performance is more predictable. The principle benefit of this strategy is that no new power or cooling infrastructure is required. A more efficient approach may be to isolate higher density equipment in a separate location from lower density equipment. This high density pod would involve consolidating all high density systems down to a single rack or row(s) of racks. Dedicated cooling air distribution and/or air containment could then be brought to these isolated high density pods to ensure they received the predictable cooling needed at any given time. The advantages include better space utilization, high efficiency, and that it enables maximum density per rack.
DATA CENTER CORNER
CUSTOM PUBLISHING
Overall efficiency gets somewhat better with virtualisation but will get much better if physical infrastructure (PUE) is optimised too Reduced IT load can affect PUE – After virtualisation, the data center’s power usage effectiveness (PUE) is likely to worsen. This despite the fact that the initial physical server consolidation results in lower overall energy use. If the power infrastructure is not rightsized to the new lower overall load, physical infrastructure efficiency measured as PUE will degrade. To improve post-virtualisation PUE, the data center’s infrastructure efficiency curve must be improved (lowered) by optimising power and cooling systems to reduce the waste of oversizing and better align capacity with the new, reduced load. In addition to improving efficiency, optimised power and cooling will directly impact the electric bill by reducing the power consumed by unused power and cooling capacity.
Tips to realise the full energy-saving benefits of virtualisation Power and cooling capacity scaled down to match the load (e.g. turn off some cooling units or remove UPS modules from modular UPS) VFD fans and pumps that slow down when demand goes down Equipment with better device efficiency, to consume less power in doing the job Cooling architecture with contained or shorter air paths Capacity management system, to balance capacity with demand and identify stranded capacity Blanking panels to reduce in-rack air mixing of exhaust air with cold supply air Dynamic IT loads – Virtualised IT loads, particularly in a highly virtualised, cloud data center, can vary in both time and location. In order to ensure availability in such a system, it’s critical that rack-level power and cooling health be considered before the changes. Data center infrastructure management (DCIM) software can monitor and report on the health and capacity status of the power and cooling systems. This software can also be used to keep track of all the various relationships between the IT gear and the physical
50 %
reduction in energy use by combining moving air efficiently in a pressurised environment
infrastructure. Knowing such things as which servers, physical and virtual, are installed in a given rack along with knowing which power path and cooling system it is associated with should be required knowledge for good VM management. This knowledge is important because without it, it is virtually impossible to be sure virtual machines are being created in or moved to a host with adequate and healthy power and cooling resources. The two-way communication between the VM manager and DCIM software and the automation of action that result from this integration is what ensures physical servers and storage arrays receive the right power and cooling where and when needed. Lower redundancy requirements – A highly virtualised data center designed and operated with a high level of IT fault-tolerance may reduce the extent of redundancy. This effect could have a significantly positive impact on data center planning and capital costs. Those planning to build a new data center with “2N” redundant power and cooling systems, could consider building an N+1 data center instead. This would significantly reduce capital costs and simplify the design of the infrastructure. It’s the fault tolerance of a virtualised network that allows firms to consider this reduced infrastructure redundancy as a option now. Before making these types of decisions, of course, IT and Facilities management should always fully consider the possible impacts to business continuity.
Conclusion Virtualising a data center’s IT resources can have certain consequences related to the physical infrastructure. If these impacts are ignored, the broad benefits of virtualisation and cloud computing can be limited or Compromised. In some cases, implementing the solutions described above will keep a highly virtualised data center running with reliability, efficiency, and with flexibility to meet dynamic compute power demand.
BROUGHT TO YOU BY
September 2012
13
A Ques tion of answers | Mahesh Gupta
Mahesh Gupta | VP, Cisco India
Time is Ripe for Intelligent Networks
Given the evolution of technology, there is a need for networks to become intelligent. Mahesh Gupta, VP, Borderless Networks, Cisco India, talks to Varun Aggarwal to give more details What is the need to have intelligent networks for an enterprise? The initial way of security was to implement security on firewalls and then you put network security as one measure from stopping anybody, any intrusion or any thefts happening from the internet. Similar way you had physical security, if somebody cannot come through virtual means, if somebody comes through physicals means, you have physical security guard, that how you are protected. However, now people have started bringing in their mobile phones and tablets into the company. As authorized user, they come through the physical security gate. These devices could be productivity enabler or productivity damper. Depending on the way you perceive those devices, on the way you enable those devices.
14
September 2012
So now, the firewall policy needs to be intelligent. What access I should I be given on the network, should be decided by the policy deployed on the firewall. Because I am same user who has a corporate login ID and password, I can login to the network. But firewall policy and rule sets need to be different. What we are highlighting here is that, context aware policy is the need of the hour. We cannot have multiple policies being deployed in isolation and multiple security at gateways and access points at the wireless site, at work or multiple VPN gateways. We need to have one consistent policy which defines, that if someone logs in through his mobile, he should get access to certain resources, and if he logs in through his laptop, he should have perhaps a different access. Based on contextual information of the user, you apply the policy.
Take an example, you bring an iPad in to the office and you get full access. But the moment you take the iPad outside office, you don’t get access. How can you deploy that policy today? We can deploy that policy today using context aware policy enforcement using out latest innovation called Identity Services Engine. Same iPad- same user when he is on corporate network he gets different access, the moment he is outside he gets different access. That is the reason context awareness is becoming more important, because we are being more mobile, and as we go more and more mobile, these are all business productivity requirements. How have intelligent networks evolved over the last couple of years? So there are multiple aspects of intelligence on the network that
Need of the Hour: Firewall policy of any enterprise needs to be intelligent
A Ques tion of answers | Mahesh Gupta
are coming in. It starts with detecting what device is coming on the network. Based on that you need to apply the policy. You cannot just apply policy randomly. Network has to intelligently detect, if it is a laptop, is it a PC, because username is same – password is same. That’s first level of intelligence on network based on context awareness. Then you need to see traffic awareness: What data is coming out of the device? Is it a video traffic, is it voice traffic, is it data traffic or is it a critical application traffic? Depending upon this, the intelligent network treats to treat the data differently and provide right level of classification on the network. And as the data goes through the network, it needs to be identified whether the data requires WAN acceleration, does it need to multicast traffic? Does it need to broadcast traffic? Even when the number of users in an organisation has not grown, if every employee starts using one tablet, one mobile and they connect on the network, that means 3X number of devices which IT needs to support today. And that means 3X is traffic and because of these extra iPads and phones coming in, they may be accessing videos, they may be accessing many other things, which will increase significant amount of traffic on the network. So from troubleshooting to management overheads, all the more intelligence is required. What are the key trends in the networking space? Security inside cloud, BYOD and video are the three key trends in the network space. What is needed by the end user, what is driving the behaviour change and for this behaviour change what innovations are needed on the platform are the key areas that need to be addressed. We treat network as a platform. So, for video we have done enhancements across the portfolio as to how we treat video traffic differently. Four years back when we said video will be
16
September 2012
“Security inside cloud, BYOD and video are the three key trends in the network space” next voice, people laughed at us. And today if you see video is reality. BYOD is happening very much with most of our customers in the enterprise space. It is being adopted in not just IT, ITES but all verticals. Since smartphones are becoming common, the IT teams are looking at how to make the most of these devices. How can BYOD be efficiently managed? Customer generally gets stuck with one viewer mobile device management, the real problem starts when they realise that network traffic has suddenly gone up or wireless liability issues have started to come and people start complaining, then how do you troubleshoot and manage? So we segment this problem: 1. We say, you need to have context aware security policy enforcement on the network. Because today when you deploy MDM solution, a device needs to be provisioned to MDM solu-
things I Believe in Customers generally get stuck with one viewer mobile device management One of the important issues is how can we have wireless network stable in any environment Cisco’s innovation is at the network level to help the customers
tion otherwise MDM solution will not know about a new device on the network. Cisco is working with leading MDM players, like Mobile Iron, to build solutions. And the integrated approach is that moment you connect on to the network, Cisco network will detect there is a new device, which a mobile device, and makes so-and-so policy enforcement and if the device is not registered with MBM, it will redirect MDM framework which is the mobile device manager. Once it get provisioned through MBM, then, it can apply the security policies on the network. Then it can check user is coming from what type of device, what location and based on that what policy needs to be enforced. Take an example: If a doctor carries an iPad in a hospital, in a patient room, he can get full access on the same iPad. But the moment he goes to a coffee shop or outside, he will not be able to have the same access. But he can still be available on instant messenger, he
Mahesh Gup ta | A Ques tion of answers
can be available on his emails, but he cannot access the medical records. Therefore, with mobility to the doctors, availability and presence through communication tools such as video calls can be achieved and unnecessary access outside the organisation can be blocked. With this example what I am trying to highlight is that network security and policy enforcement, context aware policy enforcement, people are realizing that it is an important step as users come in that are controlled on my network that are coming in and start enforcing policies. 2. Next issue comes that how can we have the wireless network very stable in our environment. So people have deployed wireless for very limited usage, like email traffic or other traffic. And then wireless being on RF Frequency working on export free frequency zone, there are lot of other devices that work on the same frequency. It is an industry, scientific, medical zone on which multiple other devices operate. It could be a Bluetooth device, a microwave oven, a cordless phone. So everything which is wireless works on that frequency
zone. And it will interfere if it is on the same channel, it can interfere with the wireless network as well. That is one of the reason why wireless networks are not being very stable and can be unreliable. So Cisco has done innovation at the network layer where we have enhanced our network access points. We have hardware intelligence that does an RF Spectrum Analysis, and it can check if an interference is coming and if the interference is strong enough, it would change the channel automatically, so that it does not get impacted. If the network experiences interference from a third party network or a neighbour network
Four years back, when we said video will be the next voice, people laughed at us. And today if you see, video is a reality
or any other device, it will change the channel automatically and bring up the network automatically without IT intervention. Then there are special type of innovation for video stream, how do you treat the traffic differently that it is always available with good video experience, all of this is being done on the network platform. 3. When it comes to the third requirement, which comes in is of troubleshoot. When the user is on a wired network or a wireless network, can I search whether the user has logged on to network on how many devices? Today you have separate login through network management on LAN, switching, routing, there is separate network manager is there for wireless network, and then separate for security network, many different policy managers. So what we have done with Cisco prime LMS and NCS and ISC we combined this commercial thing and management functionality into one console and then it can cross launch different solutions from the same window and it can enable it to troubleshoot logging in from a laptop from a wired network through LAN switch.
Best of
Breed Features Inside
CMO + CIO = Mobile Success Pg 20
BYOD: How to Secure the Inevitable Pg 21
Build a ‘Social Enterprise’ to Win in the 21st Century Any journey needs a guidebook and the journey to the social enterprise is no exception
T
By Ben Pring and Paul Roehrig
hough western economies have become increasingly post-industrial, many organisations retain business and operating models that would look familiar to factory workers from the Industrial Revolution. Workers may now manipulate paper and code rather than iron and steel, but oftentimes the way in which modern work is done can seem surprisingly old-fashioned: People still travel to work; still work in shifts; still work in physical spaces that are typically unused for long stretches of the day; and
18
September 2012
illustration by photos.com
How Will BYOD Impact Your Contract?Pg 24 More
management | Best of breed
still use tools that reflect norms of eras long gone (“carbon copy” anybody?). Why? In spite of increasing economic pressures, old habits die hard, and these conventions are often at the root of some of the major challenges currently facing many enterprise decision-makers. As the free flow of data pervades organisations (at exponential growth rates, mind you) a clear distinction is apparent between those that are thriving in our new digital enterprise era and those that are stalled or sinking. With the emergence of the commercial Internet, interaction costs for knowledge work have plummeted to near zero, rendering oldworld industrial operating models obsolete.
Digits not widgets As digits, work can travel to people, can be done anytime and anywhere, and can be done with tools that reflect the norms, styles, and values of our modern world. And not just work; anything digitisable. Barnes & Noble, Blockbuster, Newsweek, American Airlines, and Kodak are among the well-known brands that have misread the early warning signs as value migrates to the digital world. These cautionary tales are being noticed by savvy decision-makers who recognise that to maximise the benefits new technologies offer and minimise the associated downsides new workflows, process structures, business models, and organisational structures are required. Organisations that understand this are embracing these new trends such as Amazon, Facebook, Ford Motor Co., the U.S. Intelligence Community, etc. are achieving and reinforcing success by embracing new ways to leverage social technologies and digital value chains. Key to the next chapter of competition is an understanding that the new world of “digital value webs” is quite different to the old world of “physical value chains” and that the new world requires work to be re-imagined in profound new ways; profoundly better ways.
Redefining work At the heart of this process of re-imagination is the objective of building what we call the “social enterprise," an organisation built to succeed in the 21st
With the emergence and maturation of the commercial Internet, interaction costs for knowledge work have plummeted to near zero, rendering old-world industrial operating models obsolete
century; not plod along from the 20th (or 19th) century and which reflects the digital age we live in. Outperforming 21st century businesses will rethink, reinvent, and rewire work with new organisational principles facilitated by application of social media, mobility, advanced analytics, and cloud computing. We refer to this as the SMAC stack: Use of the cloud will allow the social enterprise to be asset-light and agile, and to sense and respond to change in environmental factors; Mobile technologies are enabling the collapse of time and space, and the unplugging of the historically tethered; Social media adds a new layer of richness to all interpersonal interactions, and dissipates the arbitrary and artificial barriers between people in their work guise, time, and place; and Advanced analytics provides new insights and outcomes buried in the exabyte of data in which we now all swim. Each of these technologies in isolation may be transformative, but in combination, their impact on work can be profound. Winning 21st century will be the growth of businesses will look and feel public cloud services different because social collabomarket worldwide ration and mobility are built in 2012 into how critical work is done. By leveraging SMAC stack technologies and associated next-
20%
generation business models, organisations can re-invent themselves to become social enterprises, a firm type that is quite different from companies that have come before because social collaboration will be the norm amidst digital natives rather than the exception amidst digital immigrants.
The social enterprise blueprint Any journey needs a guidebook (nowadays an e-book or an App, as well) and the journey to the social enterprise is no exception. In working with organisations wrestling with questions about the future of their work, the following guidance provides a good place to start out on the social enterprise road: Target work for modernisation. For many organisations, the journey to the future of work should start with identifying work processes (and their enabling systems) that are ripe for reformation. Look for processes that meet these criteria: Emphasise your digital value chain. Begin with work that is already digitised but that can be injected with innovative social and mobile technologies; Empower globally distributed work teams. Target workflows between distributed team members to allow the enterprise to fully benefit from talent residing anywhere in the world; Let your customers guide you — really. If you are really listening to your customers, they are telling you where to start. Focus on interactions with employees and customers who have a millennial mindset and are willing to explore and utilise the emerging social sell/relate interaction models; Find needles in your haystack. Target Big Data tools at a specific work process to uncover new opportunities and risks previously unrecognised and unrealisable; and Look for “plateauing” processes and sun-setting systems. Seek out processes and systems where productivity improvements or brand differentiation has hit a wall. These are your urgent candidates for decommissioning or reconfiguring. Drop your asset anchors. The virtualized, dis-aggregated, asset-light, social enterprise will exist in a cloud-first world where information services from cloud services vendors will be more secure than any organisation
September 2012
19
B EST OF B REED | m o b i l i t y
models and will thrive in an can achieve themselves. Where era of acceleration and dynamwork teams participate in 24/7 ic volatility. follow the sun process flows; The successful 21st century where asset acquisition is the business will leverage new last resort; and where leaderservice models, implement ship stems from exploiting new will be the growth new commercial models for uncertainties rather than milkof infrastructure externalised business soluing conventional wisdom. as a service market tions, and deploy the SMAC By understanding, acceptworldwide in 2012 stack to be asset light and agile, ing, and embracing the new to to collapse time and space, re-imagine how work is done, to add new layers of richness companies can re-invent themto interactions, and to gain selves and re-establish their clairvoyance buried amidst the zettabytes relevance for the new world ahead. Social (soon to be yottabytes) of data in which we enterprises will exemplify leading edge now all swim. thinking about business and technology
45%
The social enterprise is far beyond “Facebook at work.” It will be born (or reborn) digital, global, and virtual. It will be designed for impermanence, built to fail fast and learn, and will value speed over perfection. As we have seen already, achieving this new business reality will not be simple, but enough firms are succeeding for all of us to realize the art of the possible.” — Ben Pring and Paul Roehrig are co-directors, Center for the Future of Work at Cognizant. — This article has been reprinted with permission from CIO Update. To see more articles regarding IT management best practices, please visit www.cioupdate.com.
CMO + CIO = Mobile Success
There’s a new executive on the block that will soon be involved in mobility: the CMO
M
obility is the next big phenomenon that is already here. According to Cisco, there will be more mobile devices than people by 2016 based on UN projections that the world population will reach 7.3 billion within four years. While many enterprises are already leveraging a host of mobile applications, cloud computing and even Web 2.0 technologies that are largely powered and maintained by IT, there’s a new executive on the block that will soon be involved in mobility, if they aren’t already: the CMO. Recently Forrester Research stated that the enterprise mobility services market is one of the fastest growing segments in the IT services market. To remain competitive, enterprises must place mobility at the core of their business strategy, demanding a shift from an IT-driven to a consumer-driven agenda in which the CIO is no longer the sole gatekeeper. To imple-
20
September 2012
illustration by photos.com
By Fernando Alvarez
s e c u r i t y | B EST OF B REED
over innovation and change. To change those perceptions, CIOs ment an effective mobility strategy, there must be a meeting of the can help the CMO find an effective way to reach customers through minds between the CIO and CMO whose very relationship is changmobile channels. To do so, the IT department needs to find ways of ing in light of the changes mobility is bringing to the marketplace. making critical data, such as product information, available to the It shouldn’t come as a surprise that marketing budgets are by and mobile channels in a secure way. Even if the CIO has adopted a solid large bigger than IT budgets and growing faster every day. Sooner service-oriented architecture (SOA), those services are usually not or later, it is expected that IT spending by the CMO will outgrow suitable for mobile consumption, which calls for creating mobile or that of the CIO as confirmed in a recent webinar from Gartner, By even multi-channel services. If the CIO can also provide the tools 2017 the CMO will Spend More on IT Than the CIO. This finding to measure the success of mobile marketing activities, that will is especially interesting if you also consider the huge potential for surely win the heart of the CMO. At best, the CIO will even make it rapid growth in areas like mobile marketing given a significant possible to take the mobile marketing to the next level by enabling gap between consumer interest (about 23 percent spent on mobile) business transactions through the mobile channels. The and dedicated share of marketing budget (about one CMO needs the technical knowledge of the CIO and percent). Inevitably, the CMO will have more influence the CIO needs to learn how to embrace change. The than the CIO on the technology decisions made when CMO needs to understand the long term consequences purchasing mobile solutions for marketing and definof technology decisions and the CIO needs to rethink ing the mobile strategy to work with new channels like IT processes to be more agile. The CIO needs to learn social networks. To be effective, the CIO and CMO must will be the size of more about the world outside of the company and the work together to evaluate and choose mobile platforms software as a service CMO needs to understand the hard IT facts about the that have both a short and long term focus and work market worldwide in company internals. And in perhaps the most difficult with cross-platform solutions. They should also look to 2012 challenge of all, the CIO must develop, understand, create a mix of responsive websites that look good on manage, secure and, to some extent, support social all screen sizes and native apps for iPhone, iPad, and media initiatives launched by the CMO even though Android. Oftentimes, the CMO will focus on creating a social media itself resides in the Cloud and is beyond mobile strategy for B2C or B2B while the CIO focuses IT's direct control. Some say that cooperation between the CMO and on B2E. For example, how does the enterprise handle customers CIO is a core requirement for staying relevant. Whether that is true and employees who buy and bring their own devices? However, it or not, there is no doubt that an aligned marketing and IT team can makes sense for the CMO and CIO to formulate and implement a be very powerful in taking on the challenges and opportunities that joint mobile strategy. In many ways, this means that the CIO should mobile channels provide. think of the CMO as a very important client. Just one who is buying IT internally. However, as the Gartner webinar also pointed — This article has been reprinted with permission from CIO Update. To see out, the CIO will likely face a perception challenge from the CMO more articles regarding IT management best practices, please visit www. who thinks of internal IT as slow, negative, and preferring stability cioupdate.com.
$14bn
BYOD: How to Secure the Inevitable
Your approach to security needs to reflect reality in order for it to truly work By Kevin Flynn
T
he bring-your-own-device (BYOD) phenomenon is disruptive. It tears massive security holes into an already disintegrating perimeter. It causes IT administrators to lose sleep. Passing fad? Not likely. In fact, research shows that if the youngest generation of
workforce employees has anything to say about it, BYOD is here to stay. A recent Fortinet study underscores that fact. It found that Gen-Y employees are coming into the workplace demanding — not requesting — they be able to use their own mobile smart phones and tablets for
business-related functions. With the rapid acceleration of BYOD trends, it should come as little surprise that nearly three out of four of Gen Y employees maintain they use personal mobile devices for work. And why wouldn’t they? The technological equivalent of a Swiss Army Knife,
September 2012
21
B EST OF B REED | s e c u r i t y
that they required access to the Internet for email as well as a resource for information. This, too, created new challenges for IT administrators, now forced not only to provide necessary network infrastructure, but support, maintain and bolster it with security mechanisms against a burgeoning crop of viruses delivered both via e-mail attachments and over the Web. Firewalls and VPN technologies became a critical component of every organisation’s network.
image by photos.com
Flash forward
Network security technology has been critical to the successful implementation of every technological change over the last four decades
Flash forward another ten years, and you’ll see the same recurring theme, only this time with the emergence of Web 2.0. Now, instead of a one-way street, the Web enabled the free flow of communication between users, opening up worlds of possibilities for marketing, customer service and collaboration. And with the Web 2.0 phenomenon starting to gain traction, IT administrators predictably had to shift gears in order to accommodate an increasingly porous network perimeter that redefined network security as we know it. Application control and data loss prevention (DLP) technologies were soon deployed in the network.
Lessons learned these devices hold everything near and dear to users from photos of friends to music, maps and games.
Eating cake Call it having their cake and eating it too, but they want all these functions on just one device. More than half of Gen-Y users consider in no uncertain terms the ability to bring personal devices into the office and use them for work-related tasks a right — not a privilege. In fact, that expectation is so ingrained that more than a third of users said they have or would go against company policy in order to use their personal mobile devices for work. Is this attitude a testament to Gen-Y’s inflated sense of entitlement and expectation? Perhaps. But before you start pointing fingers at the younger generations, here’s something to think about: While disruptive, the concept of using your own device to lighten your workload is hardly a new one. What’s more, throughout the decades, it’s been network level security not
22
September 2012
the endpoint that has been instrumental in the transition of every disruptive trend. And because, historically, it has been the foundation of sweeping technological shifts, network security is sure to be integral in the transition to a BYOD environment. Look at it this way: In the mid-1980s, accountants started to bring their own PCs into the workplace in order to run Lotus 1-2-3 spreadsheets that would expedite their job functions. Users in the media world did the same with Macintosh computers for desktop publishing. In addition, users even wrote these devices off as office supplies. Needless to say, this trend did not go over well with IT administrators who preferred to maintain control at the helm of mainframes and dumb terminals. But, like it or not, IT administrators were eventually forced to adjust by crafting a network security architecture to support users’ PCs and Macs. Flash forward a decade to the mid-1990s, and you’ll see the same thing occurring with the advent of the Internet. Employees found
If history should be any guide, the lessons here are two-fold. Whether we know it or not, we’ve been here before. BYOD, like any other disruptive phenomenon, represents a continuation of previous trends in which the demand for technology helps shape the dynamic of workplace culture. And looking back, those companies that accepted technology’s inexorable forward march and adapted accordingly, are the ones that ultimately prospered. Those that dragged their feet either lost out to competitors or were forced to shutter their doors. The second and perhaps most significant lesson here is that network security technology has been critical to the successful implementation of every technological change over the last four decades. And subsequently, the network is and will continue to be key to security as the IT environment continues to evolve. Security will always surprise. Threats will change. A decade ago, who would have foreseen the proliferation of botnets? Or cyber espionage? Or the fact that almost a
b y o d | B EST OF B REED
for the successful and secure billion people would be putintegration of new technologies. ting their personal information Essentially, because all trafon Facebook and other social fic needs to pass through the networking platforms for the network, it is also the best place world to see? The big takeaway is organisations will have to will be the size of total to deploy security in a BYOD world. For one, the personal think holistically if they want public cloud services their IT environment to remain market in 2012, up from nature of such devices makes platform standardization safe. With regards to BYOD, $91.4 bn in 2011 practically impossible, and if that means taking a unified, the survey responses are any network-centric approach to indication likely to be met with security that will provide IT strong resistance. To that point, a network administrators a holistic view, as well as a security centric approach to BYOD actually platform on which to set and control poliprovides administrators the flexibility to cies, while allowing data to pass back and enable a greater variety of endpoint security forth as necessary between devices. approaches by serving as a central point of It’s no secret that the network will become control for just about everything. Security increasingly more complex and difficult to mechanisms such as application control, manage as a greater number of disparate network based ant-malware, Wi-Fi security, devices pass data through its gates. And, VPN, two-factor authentication, DLP, URL looking ahead, it’s only going to become filtering, stateful-firewalling, intrusion more so. Taking a page out of the history prevention and a slew of others can only be books, IT professionals need to instead realachieved on the network and not the client. ize that the network provides a cornerstone
$206b
The net-net? Network security has been and will continue to be an undeniably fundamental component for all IT functions, as BYOD and myriad other anticipated technological trends gain momentum. Holding fastidiously onto an antiquated per-user licensing model for security appliances is only going to create more challenges that will ultimately thwart the efficiency that BYOD was intended to bring in the first place. Your approach to security needs to reflect reality in order to truly work. And those that embrace its inevitable changes, while learning the lessons of the past, will be the ones that not only survive the BYOD trend, but will prosper from it in the long run. – Kevin Flynn is a senior product manager at Fortinet, an IT security vendor — This article has been reprinted with permission from CIO Update. To see more articles regarding IT management best practices, please visit www.cioupdate.com.
How Will BYOD Impact Your Contract? BYOD will have an impact on every facet of telecom expense management By Matt West
B
ring-your-own-device has evolved from trend to the new normal and with that discussions around the risks of implementing a BYOD policy in the enterprise have become intense. How can enterprises enforce secure remote access to corporate assets? What happens when an employee stores sensitive info on their tablet, then leaves it in a hotel lobby for anyone to see? And, how do we make sense of device and plan reimbursement? For all of its ergonomic and economic advantages, CIOs are
But is that actually true? The still struggling to reconcile risk answer is no. While the end with reward as they navigate game may be to shrink (even BYOD in their businesses. eradicate) the enterprise carThere is one risk that’s typirier agreement, we’re far from cally overlooked: the impact of BYOD on the carrier contract. was the increase in end reaching that goal. The implementation of BYOD and the Interestingly, this issue hasn’t user spending in the gotten much play. At face value, printer market in india transition of corporate responsible users (CRUs) to IRUs can it would seem that more indiin 2012 negatively impact your carrier vidual responsible users (IRUs, contract and negotiation leveras carriers call them) would age. With that in mind, CIOs mean less worry, less cost and should consider the follo-wing as they less contract complexity for the enterprise.
35%
September 2012
23
explore and evolve their BYOD strategy: It’s not going away any time soon. Most enterprises deploy a hybrid variation of BYOD that include both corporate and individual users. This has made carrier contracting and contract management more complex, requiring a deeper insight into who’s using what device, how and how much. It’s imperative that companies keep an accurate inventory of their telecom assets even as these numbers change on the path to BYOD. Know how many smart phones, voice phones, tablets and other devices are being used in the enterprise, and what the usage is per line (minutes, text messages, etc.). Without this knowledge, you can’t negotiate better discounts and incentives with your carrier. BYOD doesn’t mean you have to give up your volume discounts. Just because you support a BYOD policy doesn’t mean you can’t get credit for IRUs under your current carrier contract. It’s possible to still receive discounts for IRUs by requesting they use the corporate rate plan. Think of it like a “tell a friend” retail programme where you get a discount for every customer that names you as the referral
source. If you can get large numbers of IRUs to use your carrier/plan, you may get even bigger benefits in the way of credits to your corporate account. Be cautious of early termination fees. If you’re migrating large volumes of CRUs to IRUs, be sure to investigate the ramifications of your timing. Most carriers go to great lengths to make it difficult to terminate service. One of these measures is an early termination fee. Most carrier contracts specify early termination fees to protect themselves against abrupt terminations (especially when they involve large quantities of users). Some enterprises may
be able to absorb the penalty, but others may not. The wrong timing can deal a hefty blow to telecom budgets. Carriers are new at this, too. Carriers and enterprises alike are figuring out how to navigate the tactical and strategic implications of BYOD. This environment of uncertainty exacerbates the lack of transparency around pricing and terms within the wireless provider industry. Carriers are heavily motivated to protect the revenues they garner from large enterprise accounts, and this often comes in the form of hidden fees, unnecessary charges and less-than-fair pricing and discounts. It’s more important than ever before to benchmark carrier pricing and discounts to minimise disparity and eliminate overspending. BYOD will have an impact on every facet of telecom expense management, starting with the way carriers’ services are sourced and contracted. Mitigating this risk early on will give CIOs a leg up in getting the benefits that BYOD can deliver. — This article has been reprinted with permission from CIO Update. To see more articles regarding IT management best practices, please visit www. cioupdate.com.
BYOD Heralds the Most Radical Shift
T
Gartner believes that we are likely to see successful BYOD programmes in the coming years
he rise of bring your own device (BYOD) programmes is the single most radical shift in the economics of client computing for business since PCs invaded the workplace, according to Gartner, Inc. Every business needs a clearly articulated position on
24
September 2012
BYOD, even if it chooses not to allow for it. BYOD is an alternative strategy that allows employees, business partners and other users to use personally selected and purchased client devices to execute enterprise applications and access data. For most organisations, the programme is currently
limited to smartphones and tablets, but the strategy may also be used for PCs and may include subsidies for equipment or service fees, says a release from Gartner. “With the wide range of capabilities brought by mobile devices, and the myriad ways in which business processes are being
illustration by photos.com
B EST OF B REED | b y o d
reinvented as a result, we are entering a time of tremendous change,” said David Willis, vice president and distinguished analyst at Gartner. “The market for mobile devices is booming and the basic device used in business compared to those used by consumers is converging. Simultaneously, advances in network performance allow the personal device to be married to powerful software that resides in the cloud.” Mobile innovation is now driven more by consumer markets than business markets. Affordability is not only putting very powerful technology in the hands of consumers, but those consumers are also upgrading at a much faster rate. An organisation may better keep up with mobile technology advancements by aligning to the consumer, rather than the much slower pace of business technology adoption, with its long cycle of detailed requirements analysis, established refresh rates, and centralised procurement heritage. Consumers also enjoy equipment and domestic service pricing that often matches the best deals that an enterprise can get on behalf of its users, the release said. In a BYOD approach, users are permitted certain access rights to enterprise applications and information on personally owned to the mobile device, the costs of software, devices, subject to user acceptance of enterinfrastructure, personnel support and prise security and management policies. The related services will increase over time. device is selected and purchased by the user, Once companies start including file sharalthough IT may provide a list of acceptable ing, business applications and collaboration devices for the user to purchase. In turn, IT tools, the costs to provide mobile services go provides partial or full support for device up dramatically. access, applications and data. The organisaGartner believes that IT's best strategy tion may provide full, partial or no reimto deal with the rise of BYOD is to address bursement for the device or service plan. it with a combination of policy, software, “Just as we saw with home broadband infrastructure controls and education in the in the past decade, the expectation that the near term; and with application managecompany will supply full reimbursement ment and appropriate cloud services in the for equipment and services will decline over longer term. Policies must be time, and we will see the typical built in conjunction with legal employer favor reimbursing and HR departments for the only a portion of the monthly tax, labor, corporate liability and bill,” said Mr. Willis. “We also employee privacy implications. expect that as adoption grows Gartner recommends that comand prices decline employers was the gorwth of panies start with a standard polwill reduce the amount they printer market in india icy that would apply anywhere, reimburse.” in the second quarter and create customised versions While BYOD programmes of 2012 by country if necessary. can reduce costs, they typically “BYOD is not for every comdo not. As businesses look pany, or every employee. There to drive ever more capability
image by photos.com
b y o d | B EST OF B REED
The best strategy to deal with BYOD is to address it with a combination of policy, software, infra controls and education
7%
will be wide variances in BYOD adoption across the world — by geography, industry and corporate culture,” said Mr. Willis. “Most programmes are at the employee's discretion — they decide if they want to opt in. For the vast majority of companies it is not possible to force all users into a bring your own (BYO) program without substantial financial investments — and considerable support from senior management.” Despite the inherent challenges, Gartner believes that we are likely to see highly successful BYOD programmes in the coming years. Many businesses will expand beyond smartphones and tablets and embrace BYO for personal computers. Beyond PCs, it is likely that users will discover new uses for emerging devices not initially understood by IT planners, much like we saw with the iPad. “It won't stop with bring your own PC,” said Mr. Willis. “Bring your own IT is on the horizon. Once these new devices are in the mix, employees will be bringing their own applications, collaboration systems, and even social networks into businesses.”
September 2012
25
C I O & L E A D E R c u s t o m s erie s | W i p ro
T BYOD Offers Value for Enterprises
Wipro’s BYOD approach enables CIO’s to leverage power of mobility and make future workplaces to be location, device and application independent
26
September 2012
he unprecedented growth of end consumer devices including smartphones and tablets has created a sense of urgency in the minds of the CIOs. They are formulating strategies that can help them embrace the growing trend of Consumerization in their enterprises. Mobile devices have unarguably resulted in better connectivity, mobility and flexibility for the end users and have also increased the reach for enterprises. As per a survey conducted by Wipro, 60 percent of the employee’s use a smart phone at work while another 31 percent are willing to use these devices at work. Companies are, therefore, increasingly allowing employees to ‘bring their own devices’ within the work premises. However, managing the scale and diversity of devices and data security has become primary concern for enterprises. On the surface, its looks like that an enterprise only needs to allow smart phones and devices at work culture, as a part of BYOD adoption. But it is just a tip of the iceberg. As a technology leader and enabler, a CIO will have to retain and attract top talent who highly-value and know their devices. Data security and protection of intellectual property is also a challenge. With the proliferation of mobile OS’s like iOS, Android, BlackBerry and Windows, there is growing need to support multiple device types without increasing cost or complexity. Today’s enterprise scenario demands a strict security policy to be in place before a full access BYOD is enabled for the
W i p r o | C IO & L E A D E R c u s t o m s e r i e s
employees. There is a huge risk of exposing sensitive company information to various devices. Although not allowing choice of personal device for a BYOD program, will be a huge hindrance for successful adoption of the program by the employees. In today’s ever changing world of personal technology data security is directly linked to device security. While it is relatively easy to observe security protocols and processes for wired networks, it is complex for mobile devices. Resource accessibility and network connectivity are perplexing issues for enterprises. Allowing a personal mobile device to access office data, applications, mails and collaboration tools using the enterprise network, poses a very high security risk. Bandwidth allocation and Quality of Service (QoS) also become very critical. As various platforms and devices at workplace begin to grow, enterprises will have to collaborate applications, Monitor devices and its usage. Enterprise need to craft an access policy of devices based on the level of employees, partners and contractors. For e.g. a hosiptal can extend its wireless network for employees on a personal device, limiting access based on roles. A doctor can be given complete access to use personal device in hospital premises and limited access off the premise for crucial information.. At advance level the hospital administrator can be granted full network access to applications with new collaboration services. BYOD solutions are not just technical in nature. They impact multiple functions like HR, finance and legal. Protecting sensitive data is the priority and hence the need to monitor the flow of data in and out is absolutely necessary. It is important to have well defined agreements with employees to address the issue of what happens to corporate data when an employee separates or loses the device. Though the device is personal, loss of a device can impact business and productivity. An enterprise must define the level of support it will offer BYOD users and the expectations that it has from the BYOD users. Despite challenges, BYOD adoption has a great value to offer to enterprises. It gives the freedom to employees who may want to
“As platforms and devices at work begins to grow, enterprises will have to collaborate applications, monitor devices and its usage. They need to craft an access policy based on level of employees, partners and contractors.” — Anuj Bhalla, Vice President and Global Business Head, System Integration and Maintenance Services, Wipro
use the device of their choice- be it make, brand, OS, hardware specs, capacity etc. Besides one can use feature rich handheld devices to access corporate applications. Employees may not need multiple devices for office and personal use The other major benefits include cost reduction in hardware maintenance and software licensing which have been one of the major concerns for all enterprises be it small or large. Similarly, it reduces the pressure on IT infrastructure by automating routine user support tasks like user provisioning, application management, device capacity monitoring and roaming detection. BYOD adoption ensures all devices in an enterprise are bound by the corporate policy. BYOD adoption ensures relevant ROI in a short time span. A Wipro study says that it helps an enterprise to lower the power consumption, resulting in up to 80 percent fall in electricity bills. WAN bandwidth can be optimized with various virtualization tools and adoption can help in saving 40 percent of the hardware costs. The administrators major worries like device theft, training and technical support of large variety of devices are reduced to a great extent. Increased employee productivity and faster response times are one of the best incentives for a BYOD initiative. Planning a BYOD strategy goes a long way in establishing a strong business case and measuring ROI for the implementation. Strict policy and process monitoring measures, if included only adds to the strong case for BYOD. Security becomes a priority with device registration and the definition of
baseline security policies (device certificate based authentication, encryption, secure mobile gateway, password policy etc.) Similarly, selecting the right technology partner to manage the entire ecosystem of mobile computing platforms, networks and applications can help keep enterprises secure and at the same time flexible to meet employees demands. Wipros innovative BYOD approach enables CIO’s to leverage power of mobility to the maximum, Our smart solutions are helping the future enterprise workplaces to be location, device and application independent. Our rollout of prepackage mobile apps are easy to customize , quick to deploy and cost effective than in house applications. Wipro offers 360 degree BYOD portfolio across entire IT life cycle including design, deploy, manage and sustain.. Wipro provides not only BYOD consulting but helps enterprises in device purchase, infrastructure upgrade, application porting, policy writing and manages services. Our single partner interface, working at the backend with the best in class OEMs worldwide, is helping enterprises increase accountability and integrate service delivery to ensure a seamless BYOD experience. http://www.wipro.com/cio_report/lp.html
September 2012
27
C O V E R S T O R Y | O t h ers F o l l o w
Turning a crisis into an opportunity is the hallmark of a true leader whom
28
September 2012
O t h e r s F o l l o w | C O V ER ST O R y
Coming out of a difficult situation triumphant is what makes leaders stand out from the crowd. There are numerous situations in the life of a CIO when he has to lead from the front. He not only has to prove his mettle to the management but also has to come across as a role model for others to follow. he has to ensure that his team members look up to him in the future. We spoke to some of the top CIOs and asked them to share the most challenging moment in their careers, and how they emerged stronger and more respected from the situation. We hope their stories will not only be interesting reads but also help you prepare better for challenging times ahead
by Atanu Kumar Das design by shokeen saifi imaging Peterson PJ
September 2012
29
C O V E R S T O R Y | O t h ers F o l l o w
Shanmugham Suresh, Head – IT, Mahindra & Mahindra Financial Services
Delivering Rural Connectivity with Ease S Shanmugham overcame the challenge of rural financing by leveraging it
hanmugham Suresh has been associated with Mahindra & Mahindra since the last 14 years. The company is one of the largest non banking finance companies in India and concentrates on business in rural and semi-urban locations. Shanmugham is responsible for IT across all the financial services entities of M&M including retail and corporate loans, mortgages, liability products, insurance and reinsurance broking, proposed insurance manufacture, proposed MF and proposed bank. M&M Financial Services was facing a unique problem in rural financiing industry — that of delivering speedy services to customers. As Shanmugham was managing a team of around 300 employees, he needed to update them on a daily basis about the requirements of the customers in different remote locations across the country. This was also challenging. “To solve the issue of rural financing, I developed a unique model — the first in rural financial industry
30
September 2012
— to demonstrate reach and speedy services all the times,” says Shanmugham. He launched the Electronic Point of Sale (EPOS) Transaction model through GPRS, VSAT and CDMA connectivity at the rural level, which ensured speedy transactions in remote locations. Shanmugham also launched, for the first time, a unique dynamic currency conversion solution, which addressed the availability of rural cash issues. M&M’s IT strategy includes achieving connectivity with all branches and mobility connection through its executives. By launching this new model, Shanmugham not only put in place a CRM system to assist e-business and the cross selling of the company’s other products and services but also improved the credit market risk management of M&M. He also overcame the challenge of team management. “Once I deployed the solution, the problem which the team members faced about getting daily updates on tansactions taking place in the rural
locations was resolved. M&M witnessed speedy transactions and could also provide effective services to the customers,” says Shanmugham. The projects include activities like interfacing with steering committee through operating committee, dealing with customers for gathering mobile project requirement needs and managing vendors for solution deployments. As the point of sale (POS) hub supports acceptance of signature and pin-based credit/debit prepaid cards, it needed a GPRS terminal. Shanmugham’s initiative led to the deployment of the first GPRS terminal in the Indian NBFC space. The launch of EMI on POS was equipped to handle POS terminal application certification including network interfaces using Ethernet terminals PC-based cash register on CDMA/ LAN network. “There was centralised storage with distributed data capture, of merchant acquiring solutions which was a very innovative approach in the project,” he added.
Dashboard Company: M&M Financial Services established: 1991 headquarters: Mumbai, Maharashtra products: Financial Services employees: 9,700+
Shanmugham Suresh Head —IT, M&M Financial Services, developed a solution that ensured profitability in the rural market for the company
dashboard Company: Mother Dairy established: 1974 Headquarters: New Delhi Products: Dairy products, edible oils and fresh fruits
Annie Mathew CIO, Mother Dairy, feels that it is very important to speak your mind out before jumping into any project
32
September 2012
image by Subhojit Paul
Employees: 3,000+
O t h e r s F o l l o w | C O V ER ST O R y
Annie Mathew, CIO, Mother Dairy
Courage to speak is very important A Despite facing multiple hurdles, mathew delivered a crucial project on time nnie Mathew has been the CIO of Mother Dairy since 2005 and is responsible for all information technology related development of the company around the nation. She championed the migration to a new-age ERP in the company. She pioneered the implementation of SAP and took up the most challenge of managing process issues and people issues in the new systems environment. Before joining Mother Dairy, Mathew worked for Bharat Shell and brought in Sun-Systems ERP across the company's numerous locations. According to Mathew, there have been numerous projects which proved to be tough and challenging for her career. Mathew recalled one such project that she felt could motivate future CIOs and help them deal with such difficult situations in their lives. Mathew was involved in a SAP implementation project in one of her previous organisations where her
role as a consultant was in integrating the manufacturing systems and SAP. The project was getting delayed and there were concerns how the project would get implemented on time. She needed to intervene immediately to ensure that there was no further delay in the project. Eventually a meeting was called by the client where all the shareholders were grilled as to why the project was getting delayed and why were things not working as per the scheduled plan. “Nobody pinpointed the problems. There was silence for for at least 30 minutes. Finally, I spoke and pointed out that the processes being demanded by the user teams were so horribly complex that unless some attempt at simplification was made, there was no hope of achieving even the delayed timelines. There was no other way but to start reworking on some specifics that needed to be removed, ” says Mathew. Nobody expected that Mathew would point out all these project
details to the client. However, to everyone’s surprise, the client understood the problem and asked the team members to re-look at the processes and change them so that the project could meet its deadline. “One of the key things that I learned from that incident was that it is very important to speak up and let people know what is there in your mind and then take things forward from there,” Mathew says. “One has to have the courage to speak their mind and if one doesn’t speak, people will never understand what the problem is and things will never get resolved. It will all end up in a big blame game,” she says. According to Mathew, it is also important to understand that a CIO should communicate the problem to the team so that all are on the same page. “These are very basic things but CIOs tend to miss out of communicating the same to the team members,” she adds.
September 2012
33
C O V E R S T O R Y | O t h ers F o l l o w
UC Dubey, Executive Director (IT), Iffco Tokio
Deploying CRM for better profitability U dubey overcame the challenge of Managing the customers and channel partners
Dubey joined Iffco Tokio General Insurance Co Ltd as Executive Vice President (IT) in 2005 and was promoted to the post of Executive Director (IT) in 2010. Dubey is responsible for evaluating, selecting, procuring and implementing IT hardware, software and services in order to provide IT support in achieving strategic business goals. He has been designed, developed and implemented a business logistics system providing a standard work flow for policy creation, printing, and issuance for streamlining the process and to monitor turnaround time. Iffco Tokio General Insurance was established in 2000 and the company was growing and maturing in those days. Like any other BFSI company, Iffco Tokio was also driven by IT and it needed full support for ensuring efficient operations and growth. During the last seven years, Dubey's team have supported the business by providing various IT solutions with effective enterprise-wide implementations.
34
September 2012
One of the difficult projects which showed Dubey’s leadership skills was the implementation of Siebel customer relationship management (CRM) in record time. “Iffco Tokio was struggling to have proper customer contact information and the channel partners were not managed in a proper manner. I knew that we had to get the project deployed at the earliest if we wanted to ensure that we are on track to achieve better profitability for the company,” says Dubey. The CRM was deployed for effective customer contacts, channel partner management, customer services, and call centre activities. The service desk, an Iffco Tokio-compliant IT service management software was implemented as were desktop and server management solutions. Also deployed was a document management system (DMS) to create an electronic document repository for the easy and efficient storage and retrieval of documents. A CRM-based point of sale (POS)
solution was rolled out for major retail products and claims processing system including e-survey. A self service portal was set up for online sales of new policies and renewals. He strengthened IT security measures through information security management system (ISMS) audits and ISO 27001 certification. In coordination with other group companies, he achieved a procurement advantage through rate contracts and MOU for hardware, software, networking and services. After the deployment of the CRM, Iffco Tokio witnessed proper information about its channel partners and customers and thus provide improved and effective services. Dubey is currently evaluating mobile computing, single sign on, identity and access management and cloud computing. “I feels that a CIO’s endeavour should be to provide an effective and efficient IT setup to enable the business to achieve its designated goals,” adds Dubey.
Dashboard Company: Iffco Tokio established: 2000 headquarters: Gurgaon, Haryana Products: Insurance
image by Subhojit Paul
employees: NA
UC Dubey Executive Director (IT), Iffco Tokio, believes in providing an effective and efficient IT set up to enable the business to achieve its goals
Santhosh Babu Founder, OD Alternatives, feels the leadership curriculum should have two parts -- the being part and the doing part
Santhosh Babu, Founder and Managing Director, OD Alternatives
CIO should increase his influence in the network Santhosh Babu, Founder and MD, OD Alternatives speaks to Atanu Kumar Das about different aspects of leadership
36
September 2012
O t h e r s F o l l o w | C O V ER ST O R y
How can a CIO enhance his interpersonal skills? A CIO must understand his organisation as a complex living system and not look at it in a traditional manner. He should be able to increase his influence in the network in order to enhance his interpersonal skills. The idea is to be able to communicate in a manner where he can garner as much knowledge he can from his peers, seniors and subordinates. Being a Leadership Guru, what will be your advice for a CIO looking to evolve into an ideal leader in his organisation? There are two types of problems that a CIO would face in an organisation. One is technical problem which can be dealt with his knowledge of the subject and other is adaptive problem and this is a real challenge. Here he would need to question the existing paradigms and beliefs in order to find the right solution. This is where the true leadership quality of a person evolves.
dashboard coompany: OD Alternatives established: 1999 Headquarters: New Delhi Products: Leadership training
Honing one's leadership capability is imperative for future success. In your view, what are the best ways of honing one's abilities? The best ways to hone one's skills is to focus on personal growth and also to focus on adding value to the organisation and the people around. A CIO should be aware of the impact of his actions in the longer ecosystem of things and this way he will communicate in the proper manner. One has to be aware of the positive and negatives of his action and this will ensure that he does things which will make the organisation benefit. This way he also hones his skills to the optimum level. Who has been the one leader that has been an inspiration for you and what have you learned from him? I am always inspired by Bob Marley
--- the singer --- his ability to motivate and inspire people has always been awe inspiring for me and I always try and follow some of the principles of this singer in my life. What kind of curriculum should a CIO pursue to boost his leadership skills? In terms of curriculum, I always believe that there should be two parts to it --- one is the doing part and the other is the being part. Most of the curriculum in India focuses on the doing part and that doesn't help but if there would be the being part then he would learn core values, beliefs, assumptions and life's purpose. Can you suggest some courses or books that can assist a CIO in being a leader? I would suggest two books which would definitely help a CIO. The first one is 'Immunity to Change: How to Overcome It and Unlock the Potential in Yourself and Your Organization' by Robert Kegan and Lisa Laskow Lahey and 'Leadership on the Line: Staying Alive through the Dangers of Leading' by Martin Linsky and Ronald A Heifetz. These two books would go a long way in helping a CIO understand the dynamics of leadership and assist them in their day to day professional and personal lives. Do you feel that there are enough institutes in India providing courses/degrees in leadership programmes? I do not feel that there are any institutes which is offering the right way of teaching leadership roles. Almost all the institutes only teach the 'doing' part and no institutes teach the 'being' part. We at OD Alternatives have come up with a programme called 'Vision Quest' which focuses on the 'being' part and we have taken inspiration from ancient
tribes to formulate this programme. There are times when the ancient people who faced problem would go alone to the jungle and talk to the nature to come to a solution. So we have also made a programme where we give a situation to a CIO and make him stay alone with himself and then he comes up with a solution which no institutes can teach. The 'Vision Quest' retreat helps the CIO to decide what is the life he wants to emerge and what is the life that is waiting for him. And this can be achieved if he is willing to give up what comes in the way. There comes a time when one must leave family, friends and work behind and go off alone looking within to discover the changes in the circle of life. The 'Vision Quest' is an ancient rite of passage ceremony, enabling CIOs to engage in an ageold ceremonial pattern: completion of an old life, movement through the threshold of the unknown and return to the world reborn. Many successful people reach in a point in their life when despite all the success they know there is something that is missing. They know they have achieved more than they thought or dreamt. Now it is about leaving a legacy. The idea is to have a programme that will enable a CIO to perform at his best without sacrificing his achievements. The progamme will enable the CIO to operate from a foundation that is anchored solidly in what is most important and most enduring (fulfilling) in his life. This will enable the CIO to evaluate his personal leadership style, enhance his personal credibility, recalibrate his expectations and show how to develop a committed organisation. As Joseph Campbell rightly said, “You must give up the life you planned in order to have the life that is waiting for you.�
September 2012
37
FOR THE FIRST TIME IN INDIA!
2012
DO DO YOU YOU KNOW KNOW A FUTURE A FUTURE CFO? CFO? NOMINATE YOURSELF OR YOUR COLLEAGUES TODAY!
The CFONEXT100 is a first-of-its kind initiative from CFO India magazine, to identify and recognise 100 of the brightest rising stars in the field of finance – future CFOs. A 35 – member strong jury of leading CFOs – most of them winners of our CFO100 programme will identify, evaluate and pick the winners.
If you are a CFO or a non-finance professional – please nominate a team member/ colleague by sending us the name, email id and contact number of the nominee on
cfonext100@cfoinstitute.in
APPLY NOW
If you are one of our future winners, please apply at
www.cfoinstitute.in/cfonext100
Event by
The winners will be felicitated at a gala event in Mumbai in December 2012.
ion ial ct ec se Sp ship er ad le
“Innovation distinguishes between a leader and a follower.”
—steve Jobs
September 2012
38A
Introduction
CIO&LEADER This special section
on leadership has been designed keeping in mind the evolving role of CIOs. The objective is to provide an eclectic mix of leadership articles and opinions from top consultants and gurus as well as create a platform for peer learning. Here is a brief description of each sub-section that will give you an idea of what to expect each month from CIO&Leader:
40 My Story
The article/interview will track the leadership journey of a CIO/CXO to the top. It will also provide insights into how top leaders think about leadership
39
top down
This feature focusses on how CIOs run IT organisations in their company as if they were CEOs. It will comment on whether IT should have a separate P&L, expectation management of different LoB heads, HR policies within IT, operational issues, etc. This section will provide insights into the challenges of putting a price on IT services, issues of changing user mindset, squeezing more value out of IT, justifying RoI on IT, attracting and retaining talent, and competing against external vendors
50
43
Leading edge An opinion piece on leadership penned by leadership gurus. Plus, an insightful article from a leading consulting firm
ME & MY MENTEE
Cross leveraging our strong traction in the IT Manager community, this section will have interviews/features about IT Managers and CIOs talking about their expectations, working styles and aspirations. In this section, a Mentor and a Mentee will identify each other’s strengths and weaknesses, opine on each other’s style of functioning, discuss the biggest lessons learnt from each other, talk about memorable projects and shared interests
54
SHELF LIFE
A one-page review of a book on leadership
38B
September 2012
49
The best advice I ever got Featuring a top CIO/Technology Company Head and the best guidance/ recommendation he received with respect to his personal or professional growth. The advice could relate to dealing with people, managing personal finance, and balancing work and life
Top Down
Ashwani Khillan
CTO, MTS
Money Matters
One of the biggest challenges faced by any manager is to motivate his team members. I believe that translating the impact of an employee’s work into direct revenue terms can be a great way to motivate people. You need to make them realise where are the revenues coming. However, you also need to translate the revenues in simpler terms that an engineer or a young team member can clearly understand. For example, if you tell them that the BTS they are managing contributes to X amount and any error or delay can cost the company Y amount per hour, then the employee gets to know how his work directly impacts the company. Most employees work towards the company’s progress. If their efforts are effectively translated into revenue terms, then they know exactly how much contribution they’ve made to the company progress and this is a big motivation for most employees. This was especially important for us because back in 2008-09 when we
photo BY suresh
Ashwani Khillan, CTO, MTS believes that making people realise how they contribute to the revenues is a big motivation factor
started offering data services, there weren’t many trained professionals to work on the technology an d in order to make people who are used to working on voice based service to transition to data services, a lot of motivation is required. We realised that this was a very effective way to motivate employees. In our IT department, whatever initiatives we take are focused on two key areas—initiatives that increase revenues and initiatives that save costs. In both the cases, the employee knows how he’s contributing towards organisation’s growth. There have been many initiatives that we’ve taken in this regard. For example, in 2009 we started charging our customers based on the websites they’ve visited. This required Deep Packet Inspection, a concept that was completely new in India. With this, we were able to offer customised data packages wherein instead of calculating their total data usage, we gave them unlimited free access to specific websites that they most often access. Similarly, we were also able to do authentication implementation in network, which ensures no revenue leakage by stopping cloning. We were also the first to successfully implement EVDO Rev-B that increased the peak data rate upto 4.9Mbps within same spectrum. All such initiatives directly impacted the top and bottom line of the orgainsation. — As told to Varun Aggarwal
September 2012
39
My Story Vilakshan Jakhu
“At BPTP, We Value Training a Lot� Vilakshan Jakhu, CIO, BPTP speaks with CIO&Leader on some of the industry firsts he has headed at BPTP, leadership lessons, training and using IT to the fullest Vilakshan Jakhu is the senior VP and CIO of BPTP. He is responsible for brand building, business planning for handling customer base with KPIs of loyalty development and management.
40
How do you compare the way you run IT with the the way it's run by other real estate sector companies in India? We were the first real estate company in India to implement SAP in totality, which simply means the final balance sheet is computed from the ERP. I headed that implementation. Many companies have SAP in place but their balance sheet still comes from 'Tally'. We have been running a private cloud for the last four years. There are no physical servers dedicated to any physical process. Every server we have is fully virtualised, whether it's SAP, middleware etc. This is also an industry first. BPTP's CRM is cloud based. We evaluated Microsoft Dynamics, Oracle Siebel, Salesforce and even SAP. It took us three years to finalise the vendor. We are again the first real estate company in India to have implemented a completely customer service oriented CRM solution. What we are doing is cutting edge. The Oracle applications are integrated with the SAP applications using a middleware, which is again unique but not the only one in India. Hero MotoCorp is the only other company to have done this kind of an integration. Our physical documents will soon get digitised. The contract is being finalised and our document digitisation will begin soon.
September 2012
Lessons on the importance of organising training sessions as a thought exchange process. Usually employees have a thinking pattern on how certain activities are worked out. For e.g. A construction engineer has a standard idea of constructing the building. May be, he would not think about the concept of using bricks from soda ash. Although not available easily, they are cheaper, more sturdy, light weight and efficient than the conventional bricks. These ideas can also come from employee who has not worked for the real estate sector. Training plays an important role especially at BPTP, a seven year old young company formed in 2005. Most of the employees here do not have a real estate background. It works in our favour because ideas of employees from different genres can be gelled together. But they have to be trained accordingly in a uniform environment. Leader has to play a role in actualising these training programmes. BPTP organises such training programmes on a regular basis. We have leaders coming from different walks of life with various working styles. For e.g. We just hired a person who was in Singapore, working with a resl estate company. He comes with a totally distinct approach to work. To complete a particular assignment, he is ok with a few middle level project managers and groundsmen and he will be good to go. He does not expect a big team of specialists. Employees
V i l ak s h a n J ak h u | I n t e r v i e w
5points 1
Every server we have at BPTP is fully virtualised
2
Our physical documents will soon get digitised and we are in the process of finalising the contract
3
BPTP is using ERP to optimise cash flows
4
We are one of the few companies in the business which send out an electronic demand letter
5
We are now getting into trending analysis on what’s the best way to convert customers coming through SMS or email, phone call or any other medium
like these can bring in fresh air in the organisation and again training sessions can be the best place to facilitate such thought exchange process. How are you leading different teams in using IT to the fullest? One more learning from a leadership angle is about using IT to the fullest. It will only remain a tool to complete the daily tasks until the users identify and take advantage
of all the available functionalities in a given system. For e.g. We have the world's best ERP system. But are we using it as an ERP system? Are all the business users actually checking the SAP reports on a regular basis or are they still relying on a dump of Excel and then processing that information. Maturity is something that comes into play here. I believe core systems like ERP gives RoI in five years and not three years as claimed by some vendors.
In the first five years, the team is still trying to grapple with the regular functionalities and regularising them. We had built about 200 reports in the ERP but the amount of reports actually pursued were only 60. However, this loose approach has changed. BPTP is using ERP to optimise cash flows. Moreover, we have completely automated a host of functions using the SAP system, which were hitherto lying idle
September 2012
41
I n t e r v i e w | V i l ak s h a n jak h u
“The current scenario is different. People are not throwing cheques at you. The customer has to be acquired by offering attractive deals, taking him for site visits, interaction and persuading him on why our property is the best” and unused. In the current scanrio, our cash flows, reconciliation is happening at the back end which is automated, form 16 is digitally signed. This has made the core departmental function fully automated. We understand how the CFO needs to be empowered with the required systems, what his deliverables are and thus we are more cognisant of putting the right systems in place for him to fulfill the needs of the promoters, shareholders etc. What according to you is leadership from a customer service perspective? In 2005, during the real estate boom, people were so keen on buying real estate properties that they would slip in cheques below the shutters of the closed shop of the broker or the respective agency handling real estate buying. By doing that, they wanted to be the first ones to make the payment to make sure they have the property entitlement. The objective was to take the advantage for the booming real estate market. The current scenario is different. People are not throwing cheques at you. The customer has to be acquired by offering attractive deals, taking him for multiple site visits, constant interaction and persuading him on why our property is the best. How does that change the IT systems we have? About an year back, we executed an internet advertising campaign and suddenly we had 400 leads per day and it was too much for BPTP's sales team. We could not call up those customers. So it was a huge failure. But after the CRM implementation, the leads automati-
42
September 2012
cally flow into the CRM system in the accounts of the sales team member. If he does not reply to the customer within four hours of getting the lead, it will move to another team member and the sales team member who could not respond will be penalised. The CRM system equips the sales team to handle the increasing amount of leads. We are now getting into trending analysis on what’s the best way to convert customers coming through SMS or email, phone call or any other medium. We are also trying to find out whether the potential customer is more likely to be your customer when he is sending an SMS or email or making a phone call etc. This kind of data is now being built using analytical reports in Siebel. This is the reason we selected Siebel and not SAP or Microsoft Dynamics. Can you share any particular IT initiative that comes from your business savviness? The customer wants to know when is the next payment-demand due for the property he bought from BPTP. The usual process would have the customer calling the customer service, the customer service associate would put the call on hold, open the SAP system and inform the customer about the date. We have made a simple use of technology to make this process more efficient. This initiative, no matter how small it looks has improved BPTP's cash flow. We are one of the few companies in the business which send out an electronic demand letter and an SMS, the moment a demand is generated in the system. The real estate sector still has companies that courier the demand letter, which takes some time to reach the customer. An email accompanied by an SMS has improved the cash flow of the company because an email/SMS is faster than a speed post. The customer doesn’t have a problem in making the payment early if he has excess money. This initiative was my idea becasue I understood the end to end process of how payment demands are generated in the system. I also had an understanding of how other real estate companies approach this process. Share your thoughts on interacting with people having knowledge of ‘ground situation’? Regular dialogue with the CEO, CFO is important but it's equally important to keep your ear to the ground and be in constant touch with the ground guys. I spend a considerable amount of time with the MIS employees in our sales team, whose job is to track which real estate properties are being launched, what rate they are currently offered at, what other brokers are doing. So he is the feeler for the market.
Leading Dominic Barton, Andrew Grant, and edge Michelle Horn
Leading in the 21st century Six global leaders confront the personal and professional challenges of a new era of uncertainty. By Dominic Barton, Andrew Grant, and Michelle Horn It is often said said that the principles of great leadership are timeless, or based on immutable truths. But when we meet with the men and women who run the world’s largest organisations, what we hear with increasing frequency is how different everything feels from just a decade ago. Leaders tell us they are operating in a bewildering new environment in which little is certain, the tempo is quicker, and the dynamics are more complex. They worry that it is impossible for chief executives to stay on top of all the things they need to know to do their job. Some admit they feel overwhelmed. To understand the leadership challenge of our volatile, globalised, hyperconnected age more clearly, we recently initiated a series
of structured interviews with the leaders of some of the world’s largest and most vibrant organizations. Excerpts from six of those conversations appear below. The leaders— Josef Ackermann, formerly of Deutsche Bank; Carlos Ghosn of Nissan and Renault; Moya Greene of Royal Mail Group; Ellen Kullman of DuPont; President Shimon Peres of Israel; and Daniel Vasella of Novartis (see sidebar, “Leaders on leadership”)— represent a diverse array of viewpoints. All are grappling with today’s environment in different ways. But the common themes that emerged from these conversations— what it means to lead in an age of upheaval, to master personal challenges, to be in the limelight continually, to make decisions
under extreme uncertainty—offer a useful starting point for understanding today’s leadership landscape. After presenting the ideas of these leaders on leadership, we offer a few additional reflections on the topic. They draw in part on the interviews, as well as on our experiences with clients; on conversations with dozens of experts in academia, government, and the private sector; and on our review of the extensive academic and popular literature on the subject. All reinforce our belief that today’s leaders face extraordinary new challenges and must learn to think differently about their role and how to fulfill it. Those who do may have an opportunity to change the world in ways their predecessors never imagined.
September 2012
43
illustration BY photos.com
L e ad i n g e d g e | D o m i n i c B a r t o n , A n d r e w G r a n t , a n d M i c h e l l e H o r n
Leading in an age of upheaval A convergence of forces is reshaping the global economy: emerging regions, such as Africa, Brazil, China, and India, have overtaken economies in the West as engines of global growth; the pace of innovation is increasing exponentially; new technologies have created new industries, disrupted old ones, and spawned communication networks of astonishing speed; and global emergencies seem to erupt at evershorter intervals. Any one of these developments would have profound implications for organisations and the people who lead them. Taken together, these forces are creating a new context for leadership. Josef Ackermann: We experienced a tremendous shift in the global balance of power, which manifests itself in our business.
44
September 2012
In the 1980s, over 80 percent of Deutsche Bank revenues were generated in Germany. In the mid-1990s, they still accounted for about 70 percent. Today, Germany, despite its continuing economic strength, stands for 38 percent of global revenues. Over the years, people in our headquarters, in Frankfurt, started complaining to me, “We don’t see you much around here anymore.” Well, there was a reason why: growth has moved elsewhere—to Asia, Latin America, the Middle East—and this of course had consequences on the time spent in each region. Managing risk also has become much more complex for banks. It’s not only market risk; there is more and more political and social risk. Increasingly, financial markets are becoming political markets.
That requires different skills—skills not all of us have acquired at university; how to properly deal with society, for example, a stakeholder that has immensely grown in importance since the financial crisis. Carlos Ghosn: I don’t think leadership shows unless it is highlighted by some kind of crisis. There are two kinds. There are internal crises that arise because a company has not been managed well. Then there are external crises, like the collapse of Lehman Brothers or the earthquake in Japan or the flood in Thailand. In that case, you are managing your company, and all of a sudden there is this thing falling on you. Business schools may prepare people to deal with internal crises. But I think we need to be more prepared for external crises, where it’s not the strategy of the company that is in question; it’s the ability of leaders to figure out how to adapt that strategy. We are going to have a lot more of these external crises because we are living in such a volatile world—an age where everything is leveraged and technology moves so fast. You can be rocked by something that originated completely outside your area. I think one of the reasons Nissan has been able to cope with external crises better than some of our competitors is that we have a more diverse, multinational culture. We don’t just sit around waiting for the solution to come from headquarters. We are accustomed to always looking around, trying to find out who has the best ideas. Our people in the US talk to our people in Japan on an equal level. We have a lot more reference points. Ellen Kullman: These days, there are things that just come shooting across the bow— economic volatility and the impact of natural events like the Japanese earthquake and tsunami—at much greater frequency than we’ve ever seen. You have to be able to react very quickly. And the world is so connected that the feedback loops are more intense. You’ve got population growth and the world passing seven billion people last year, and the stresses that causes, whether it’s feeding the world, creating enough energy, or protecting the environment. We matched our focus, our research and development, and our capital expenditures up against megatrends like these over the last five years. This is the future, so we need to understand how our science relates to it.
D o m i n i c B a r t o n , A n d r e w G r a n t , a n d M i c h e l l e H o r n | L e ad i n g e d g e
Shimon Peres: The
last two decades have witnessed the greatest revolution since Genesis. States have lost their importance and strength. The old theories—from Adam Smith to Karl Marx—have lost their value because they are based on things like land, labor, and wealth. All of that has been replaced by science. Ideas are now more important than materials. And ideas are unpredictable. Science knows no customs, no borders. It doesn’t depend on distances or stop at a given point. Science creates a world where individuals can play the role of the collective. Two boys create Google. One boy creates Facebook. Another individual creates Apple. These gentlemen changed the world without political parties or armies or fortunes. No one anticipated this. And they themselves did not know what would happen as a result of their thoughts. So we are all surprised. It is a new world. You may have the strongest army—but it cannot conquer ideas, it cannot conquer knowledge.
Mastering today’s personal challenges The rigors of leadership have prompted many leaders to think of themselves as being in training, much like a professional athlete: continually striving to manage their energy and fortify their character. There is a growing recognition of the connection between physical health, emotional health, and judgment—and of how important it can be to have precise routines for diet, sleep, exercise, and staying centered.1 Moya Greene: The first criterion is: do you love it? It’s a seven-day-a-week job. I think that’s true for anyone in these roles. If you don’t love the company and the people— really love them— you can’t do a job like this. I’m pretty energetic. I start at five in the morning. I don’t even think about it anymore; the alarm goes off and I’m up. I go for a 30-minute run. I do weight training three mornings a week. I try to eat well, but not too much. I’m a big walker—that’s my favorite thing. I try to get a good walk every weekend. I go on walking vacations. I’ve usually got three or four books on the go. I’ve given up on novels. I can’t get through them no matter how good they are; there’s no way I’ll finish before there’s some kind of interruption. So I read poetry now: the collected works of Ted Hughes, Emily Dickinson. I’m working my way through
Philip Larkin. You can take a Larkin poem and read it on the bus in 15 minutes. The good ones stay with you and will come back to you. That’s what I like about poetry: you get a little shot of mental protein without a lot of time. Josef Ackermann: Just to give you an idea of my calendar for the next ten days: Berlin tomorrow, then Seoul, then Munich, then Frankfurt, then Singapore, then the Middle East. I’m almost constantly on a plane. With all this traveling, physical stamina has become much more important. I remember a time when after flying to Hong Kong you could take a whole day off to recover. Today, right after landing you
written-memo form. I think people who constantly use their BlackBerry or iPhone easily lose sight of the big picture. It also helps me enormously that I can sleep anywhere, whether I am in a car or an airplane. If you’re unable to relax quickly, I think you can’t be a CEO for a considerable length of time. Some people do meditation or yoga. I don’t do any such thing. I think you have it in your DNA or you don’t. Dan Vasella: I talk to my team about the seductions that come with taking on a leadership role. There are many different forms: sexual seduction, money, praise. You need to be aware of how you can be seduced in order to be able to resist and keep your
“You need to be aware of how you can be seduced in order to be able to resist and keep your integrity” —Dominic Barton rush to your first meeting. And maybe you already have a conference call in the car on your way into town. You are lucky if you get enough time to take a shower. And of course, with all the new information technology, you are constantly available, and the flow of information you have to manage is huge; that has added to the pressure. You are much more exposed to unforeseen shifts and negative surprises and you have to make quick decisions and respond to or anticipate market movements around the world. So you have to have a very stable psyche as well. I see more and more people these days who just burn out. I’m not a tech freak. I use my iPhone and send text messages, that’s it. I still like to have paper in front of me and I do a lot in
integrity. Every CEO needs someone who can listen—a board member, an adviser—someone to whom he can speak in total confidence, to whom he can say, “I’ve had it; I’m about to resign.” Or, “I really want to beat this guy up.” You need someone who understands and can help you to find the balance. Leaders often forget the importance of stable emotional relationships—especially outside the company. It helps tremendously to manage stress. Your partner will do a lot to help keep you in sync. You have to be able to switch on and switch off. Are you entirely present when you’re present? Can you be entirely away when you’re away? The expectation is that your job is 24/7. But no one can be the boss 24/7. You need to have a moment when you say, “I’m home now,” and work is gone.
September 2012
45
L e ad i n g e d g e | D o m i n i c B a r t o n , A n d r e w G r a n t , a n d M i c h e l l e H o r n
“Every CEO needs someone who can listen—a board member, an adviser— someone to whom he can speak in total confidence, to whom he can say, ‘I’ve had it; I’m about to resign.” —Michelle Horn Carlos Ghosn: Leading
takes a lot of stamina. I became CEO at 45. But I was working like a beast. You think, “So I work 15, 16 hours a day; who cares?” But you can’t do that when you are 60 or 65. And now companies are more global. So you have jet lag, you are tired, the food is different. You have to be very disciplined about schedules and about organizing everything. Physical discipline is crucial, for food, exercise, sleep. I live like a monk— well, maybe not a monk, but a Knight Templar. I wake at a certain hour, sleep at a certain hour. There are certain things I won’t do past a certain time. Ellen Kullman: I spend a lot more time on communication, more time out at plant sites, in sales offices, with customers, in our research laboratories. I’m bringing my board of directors to India in a couple of weeks to help them really see the issues we’re facing. That’s where I get my energy from. It’s contagious. I come away from these engagements with ideas, energy, and a real sense of focus on where we as a company need to go. That’s part of what drives me. Shimon Peres: The mind of a leader must be free—a mind that can dream and imagine. All new things were born in dreams. A leader must have the courage to be a nonconformist, just like a scientist. He must dream, even if he dreams alone or if people laugh at him. He must not let his heart falter. Today, the separation between generations is stronger than between nations. Our children
46
September 2012
say, “Please don’t impose upon us your own arrogance—the world you created, wounded by war, corrupted by money, separated by hatred. And don’t try to build artificial walls between us and other youngsters.” Because they were born in a new age. For them, the modern equipment of communication is what paper and pen are for us. They can communicate much more easily and don’t feel all this hidden discrimination that we were born with and find so difficult to get rid of.
The (now 24/7) public face of leadership Nearly everyone we spoke with commented on the challenge of dealing with constant scrutiny and of acting as a connector in a complex ecosystem. As the face of the organisation, leaders must be prepared to address the immediate, practical concerns of the job while also maintaining and articulating a long-term vision of the organisation’s purpose and role in society— all against a backdrop of 24-hour financial coverage, ubiquitous blogs, and Twitter feeds. That means learning new modes of communicating across today’s far-flung networks and working harder to craft clear, simple messages that resonate across cultures. Josef Ackermann: CEOs have become highly public figures. And media scrutiny has become very personal. Particularly in our home market, Germany, it’s always, “Ackermann says this” or “Ackermann’s doing that”—even if I personally had nothing to do with it. You are the institution you lead.
After I became CEO, the former head of the Bundesbank one day took me aside and gave me some advice: “From now on, you must remember that you are two people. You are the person whom you and your friends know, but you are also a symbol for something. Never confuse the two. Don’t take criticism of the symbol as criticism of the person.” Dan Vasella: People have a legitimate demand for access to the CEO. But you have to modulate that so you avoid overexposure. You’re a product. And the press will paint you as either a hero or a villain—whatever sells. If they paint you as a hero today, you should be prepared to be painted as a villain tomorrow. Not everything you do will work out every time, and you have to accept that people will be unfair. Moya Greene: A decade ago, I’d have said that it was harder to be a public official than an executive in the private sector. But the tables have turned. It’s tough these days to be the CEO of any business—even a very successful one with a balanced view of the corporation’s position in society. My public-sector experience has helped me to understand how easily sound policies can be derailed by small, symbolic things. It may not matter that the policy change you are advocating is the product of fantastic analytics or years of brilliant stakeholder management; the tiniest little spark can become a flash fire—something that takes hold and transforms perceptions in ways that don’t seem rational. If you work in the public sector, you learn the value of developing antennae for popular perceptions and keeping them finely tuned. I spend about 15 percent of my time trying to help our own people understand how good we are at what we do, which isn’t always easy, because there is so much negativism in the press. I see good internal communications as a way to punch through and get our message out, to tell our people— who are the most powerful ambassadors for our brand—“Stand up and be proud.” Carlos Ghosn: In business, there are no more heroes. The media has become a lot more negative about corporate leaders over the past ten years. Small mistakes get blown up into huge things. I cannot imagine myself today doing what I did in Japan in 1999, when I stood up and said: “We’re going to
D o m i n i c B a r t o n , A n d r e w G r a n t , a n d M i c h e l l e H o r n | L e ad i n g e d g e
get rid of the seniority system. We’re going to shut down plants. We’re going to reduce headcount. We’re going to undo the keiretsu system.” I had a lot of criticism. But there were also people who said, “Let’s give him the benefit of the doubt.” Today, if I were to stand up and try to do something like that, I would get massacred. I would need much more emotional stability and certainty. Leaders of tomorrow are going to have to be incredibly secure and sure of themselves. Leaders of the future will also need to have a lot more empathy and sensitivity— not just for people from their own countries but for people from completely different countries and cultures. They are going to need global empathy, which is a lot more difficult. Shimon Peres: Words are the connection between leaders and the public. They must be credible and clear and reflect a vision, not just a position. The three greatest leaders of the 20th century were Winston Churchill, Charles de Gaulle, and David Ben-Gurion. Each had a brilliant mind and a brilliant pen. Their ability with a pen demonstrated many things: curiosity, memory, courage. They understood that you lead not with bayonets but with words. A leader’s words must be precise and totally committed.
Decision making under uncertainty A final theme is that leaders must increasingly resist the temptation to cope with chaos and complexity by trusting their gut. At a time of extreme volatility, past experience is an unreliable guide to future outcomes. Leaders must create cultures of constructive skepticism and surround themselves with people who bring multiple perspectives and have no fear of challenging the boss. Josef Ackermann: It is a paradox: on the one hand, you have to be more confident and secure, but on the other, you have to be a lot more open and empathetic. You need to listen, but then when you make a decision, that’s it—you must be a very hard driver. Usually, these are not attributes you find in the same person. Once you have done the analysis and made the decision, then you have to learn to simplify the decision in communicating it to others. Everything’s complex, but once you have decided, sometimes you need to simplify so much it’s
almost a caricature. You must say, “Nothing matters beyond this.” You must reduce everything to zeros or ones, black or white, go or no-go. You can’t have too much nuance. In a crisis, you have to be able to do all of these things—listening, deciding, and then simplifying—very quickly. That is what makes leading in a crisis so interesting. And because you have to move so fast, you have to empower people to make decisions themselves. That’s the best way to restore calm. Moya Greene: When I came here, we were running out of cash. I was grappling with decisions that would determine whether
have to take the sword and cut through the Gordian knot and make a decision, despite any uncertainties. But the question is: are you being led by the context or do you lead? Are you being led by your followers and are they choosing for you? Or do you choose and do you lead? I think you have to be aware of the context, and what people expect and hope for. But as a leader, you’re not there to feed people with all the things they hope for. Your job is to persuade people to do the things you believe will be the right direction for the long term. People want you to lead. And if you lead, you will hurt. You will satisfy
“Words are the connection between leaders and the public. They must be credible and clear and reflect a vision, not just position” —Andrew Grant or not we could stay in business. But you cannot position your company in the broader social and economic fabric of the nation if all you do is look at the financial dimensions of performance. You have to look at what your customers think, what your employees think, and what you can do for your customers. Daniel Vasella: As a leader, to whom can you express your doubts—and should you? In which situation is it appropriate and when not? I believe that you have to be able to express doubt in your team and with a board. If you don’t—and you pretend—then you are playing a role, which eventually leads to an unhealthy situation. That’s not to say you should act like you’re in a confessional. At some point [in decision making], you
sometimes. You will celebrate and you will blame. That’s all part of your job. Josef Ackermann: Problems have become so complex today that you have to collect the expertise and opinions of a lot of people before you can make a sound decision. Some people say, “Don’t decide until you have to.” I have a completely different view. I hate to be under time pressure. I think it is important that you aren’t confronted with a situation where you haven’t heard anything on a particular issue for half a year—and then suddenly you have to make a quick decision. on the basis of an executive summary. I believe in personal leadership, but no CEO can do it all on his own. You need the expertise, judgment, and buy-in of your team.
September 2012
47
L e ad i n g e d g e | D o m i n i c B a r t o n , A n d r e w G r a n t , a n d M i c h e l l e H o r n
Preparing for a new era of leadership It’s never been realistic to break leadership into a fixed set of essential competences, and that’s particularly the case in today’s complex, volatile environment. Still, the themes our interviewees sounded represent a rich set of opportunities for leaders to boost their effectiveness. To close, we’d like to amplify and extend those themes by emphasising three skills that can help leaders thrive in today’s turbulent environment, which for many has prompted a reexamination of fundamental assumptions about how they do their jobs, while underscoring the importance of leading with a purpose. Resilient leaders, as Shimon Peres reminded us, are those who have “ambition for a cause greater than themselves.”
1. See with a microscope Over the next two decades, McKinsey research suggests, the conditions of the late 20th century—cheap capital, low interest rates, a global demographic dividend, and a gradual decline in commodity prices— will either be reversed or seesaw violently. Managing the immediacy of these changes, while also staying alert for the inflection points that signal bigger, long-term “trend breaks,” will require leaders to see the world in multiple ways at once. In different ways, many leaders have told us they’ve needed to develop a facility for viewing the world through two lenses: a telescope, to consider opportunities far into the future, and a microscope, to scrutinize challenges of the moment at intense magnification. Most of us are naturally more comfortable with one lens or the other; we are “farsighted” or “nearsighted,” but rarely both. In times of complexity, leaders must be able to see clearly through either lens and to manage the shift between the two with speed and ease. Leaders must use the telescope to watch for long-term trends, dream big dreams, imagine where a company should be in five or ten years, and reallocate resources accordingly. The accelerating pace of technological innovation makes this aspect of a leader’s role more important than ever. The microscope, too, affords a critical perspective. Leaders must force their organisations to challenge conventional wisdom; consider the implications of unlikely,
48
September 2012
The mind of a leader must be free—a mind that can dream and imagine. All new things were born in dreams. “long-tail” scenarios; and focus on pressing issues in minute detail. As firms grow larger, leaders must work harder to stay in touch with the front line and view themselves as “chief reality testers.”
2. Compete as a tri-sector athlete Many of the forces buffeting leaders in the private sector—slow growth, unemployment, sovereign indebtedness—can be addressed only in concert with the public sector and are heavily influenced by the actions of groups that are neither commercial nor governmental entities. When governments play an ever more active role in regulating markets, and social movements can spring up in a matter of days, corporate leaders must be nimble “tri-sector athletes,” to borrow a phrase from Harvard political scientist Joseph Nye: able to engage and collaborate across the private, public, and social sectors. Leaders of governments and nongovernmental organizations must likewise break out of their silos. Issues such as infrastructure, unemployment, education, or protecting the environment are too complex and interrelated to deal with in isolation. Many of the leaders with whom we spoke said they have learned the value of examining their business decisions in a social and political context. Even those wary of open-ended discussions say they find it useful to think about managing a “triple bottom line” that reflects their organisations’ performance in the public, private, and social spheres.
3. Stay grounded during a crisis Everyone we interviewed agreed that modern leaders spend far more of their time firefighting than their predecessors did. Coping with externally generated crises, many argued, has become a key part of the modern leader’s role. In an age when crisis is the new normal, global organisations need leaders who are able to act quickly and calmly amid chaos. Many leaders highlighted the value of “stress-testing” members of the top team to gauge their ability to cope with crisis. We heard again and again that otherwise competent managers can’t always perform in moments of extraordinary pressure. The chief executive of one of the world’s largest companies marveled at how, in the face of a cash flow crisis following the collapse of Lehman Brothers, two of his top reports “shattered like glass.” The emotional and physical stamina demanded of leaders today is extraordinary. Many of those we interviewed reserve crucial decisions for moments when they know they will be rested and free from distraction. They also talked about sequencing decisions to focus on key issues first, not after they have been depleted by lesser matters. We are intrigued by the growing body of research in psychology, sociology, and neuroscience that highlights the importance of “decision fatigue.” The implication of this research is that trying to make too many decisions at once diminishes the ability to make wise decisions at all. If the burden of leadership in the modern age seems overwhelming, the potential benefits are overwhelming too. Large organizations— if led well—can do more for more people than they have at any other moment in history.
Dominic Barton is McKinsey’s global managing director Andrew Grant is a director in McKinsey’s Singapore office Michelle Horn is a principal in the Atlanta office
The best advice I ever got
“People matter the most” The best advice I have ever got is that “in the end it is all about people.” I have got this advice from my friends, family, my bosses as well. We should all understand that if you do not have the right set of people working with you, then you are more likely to fail. I have had experiences in my life where I have failed because I did not have the right set of people working for me in the organisation. One can lead a team which has the right set of people, otherwise it becomes increasingly difficult. There is saying that a captain is as good as a team of players and the captain cannot alone win you matches. One has to understand that people management and getting the right set of people ensures the growth of an organisation and a good leader also cannot do anything productive or effective if he doesn’t have a able team to lead. A CIO should always know the future of technology and its impact on the business that he/she handles. Today, a CIO should have the commercial acumen and should be able to perceive what is beneficial for the business. But above all, what matters the most is the way a CIO manages his team. A CIO should be able to take the best out of the team and give them a free hand to be able to understand what kind of inputs can come from the team members. There are a lot of CIOs who would do things on their own and this affects the
Anup Vikal
Head IT & Stategy, Interglobe Enterprises team members in a negative manner as they are unable to put forward their own thoughts into action. I also believe, that a true leader's skill sets is defined by the way he/she can manage people and this is one of the greatest asset one can have and I have learned this from my experience of working with numerous multinational companies, in India as well as abroad. I also believe that there are numerous advices that one gets in his professional life and the way to growth is to take only those advices which would help him lead a team in a professional manner. A CIO should always respect his team members and always try to encourage them
to work as leaders. This way he ensures that new leaders are being nurtured in the organisation. In terms of challenges for a CIO today, I believe that he/she has to constantly keep on upgrading skills and competencies. A CIO should be always aware of the constantly changing technologies. And finally, business models are changing very fast, so a CIO should have the right skill-sets to adapt to new business models and look for innovative ways to enhance the business potential of the organisation and thus constantly keep on learning and enhancing their potential. —As told to Atanu Kumar Das
September 2012
49
me & my Mentee
MENTOR
KK Chaudhary
Senior Vice President – Group Head IT & IS, LANCO Infratech
MENTEE
R Sreenivas Reddy
DGM - Corporate IT, LANCO Infratech
A Symbiotic Relationship What do you look for in a mentee? KK Chaudhary Mentee shoud always be respectful, both on a personal note and also on mentor’s boundaries (time, other constrains etc). He also needs to be inquisitive — should ask as many questions as possible on the issue of discussion, but mentor should not get feeling of being checked on his knowledge. He should listen — especially when mentor points to the weakness in mentee that may affect the overall objective of mentoring. Mentee should be prepared — should not only discuss the problem, but propose various solutions also. Finally, he should add value to mentor — in his professional as well as personal growth. What do you look up to in your mentor? Sreenivas Reddy He should be authentic and set as an example. Having travelled the path that I want travel, he should help me to learn from his experience and mistakes too. He should know my strengths and weaknesses — should help me to exploit my strengths and overcome my weaknesses. Since we are in an ever changing technology field, mentor should have a strong inclination towards learning new things, always and should challenge us with new updates. How do you identify and priorities areas where you think your mentee needs to focus on for further professional development? KK Chaudhary By observing him at work and during his interaction in various meetings/discussion.
50
September 2012
How do you think Reddy can take on more responsibilities and take more/ bigger decisions? KK Chaudhary I carry out ‘stress’ test for him. Give him more work (that in my assessment, he is capable of doing) than others and observe his reactions and quality of result. Are there any conflicts between both of you? If so, how do you resolve them? If not, what do you think is the secret of your smooth working relationship? KK Chaudhary There is no conflict as such. But by mentee is the oldest (length of service) in my department and has been instrumental in setting up most of the IT infrastructure. Probably he has a feeling that his contribution has not been duly recognised and he seems to have turned arrogant – tries to push his points through sometimes even ridiculing/questioning the ability of others. I opened up communication with him and discovered that there were some interpersonal issues. After some indirect counselling sessions, he seems to have changed and his peers have started sharing their points of view on any issue of difference of approach and opinion. The agreed solution is generally more valuable than what we independently thought of. He has realised on how others feel about him and has turned supportive. The trust relationship built because of this has been the secret of my smooth working relationship.
photo BY suresh
photo BY a prabhakar rao
K K C h a u d h a r y & R S r e e n i va s R e dd y | m e & m y M e n t e e
“Mentee should be prepared — should not only discuss the problem, but propose solutions”
“We both believe that professional confrontation can lead to a better value to the organisation”
Sreenivas Reddy I freely share my thoughts and concerns with my boss and he challenges with critical questions. We do discuss, debate on pros and cons of various options available to achieve certain objective and mostly on the implementation aspects. But most of the times it leads to a better solution & better implementation plan. We both strongly believe that professional confrontation can ultimately lead to a better value to the organisation.
and monthly – In fact he has Open-Door-Policy, we are allowed to go and discuss anytime. Whenever we share any new thought, he is as excited as we are. That gives lot of encouragement. As per the trends and future requirements, mentor should guide us to upgrade our self, even before the need arises in the organisation so that we can be more valuable to the current organisation in preparing the IT roadmap and we can also be more valuable individuals.
What are the two or three key things you have learned from Reddy? KK Chaudhary Two key things I’ve learned from Reddy are: There is always a better way of doing something – bring in ideas and press for discussion Good learning quality – he is a prolific reader and is open to accept challenges. Sreenivas Reddy There are many things that I’ve learned from Chaudhary. Some of these include: Always gives constructive feedback Always insists on the root-cause, which sometimes because of the work pressure we tend to ignore but we have realized it’s importance and also saves lot of time and irony at later days. The importance of the documentation – Be it process, policy, procedure, responsibility or an incident Practicing Knowledge sharing as a discipline How do you think Chaudhary could contribute more towards your professional growth? Sreenivas Reddy Chaudhary spends lot of time with us, both formally and informally. We do have knowledge sharing sessions weekly
What are the challenges and constraints for a mentor/CIO to devote more time and effort for the development of their immediate juniors? KK Chaudhary Availability of time – not showing up in time due to work pressure may be disastrous in mentee-mentor relationship. Patience – Mentee may not show up the development as expected. He may not be immediately grateful for mentor’s kindness, attention, and friendship. Mentor should have patience and do everything to understand the reason for delay in desired level of improvement. Does Chaudhary delegate enough tasks and responsibilities to you? Sreenivas Reddy Most of the times I am only told about the objective/goal or management directive and then he allows me to decide on the most suitable solution. He gives me complete freedom in selection and implementation of the solution and never interferes as long as it is in line with the group’s objective. —As told to Varun Aggarwal
September 2012
51
OPINION David Lim
Context in Asian Negotiations When you get broken homes, when you call your father by his first name — you get a society far divergent from Chinese cultures where filial piety reigns We do business with people that we like. It doesn’t mean we won’t do business with slimeballs, but all things being equal, we award contracts, work with and – especially in the area of return-on-investment type of intangible – people we like. In Asia, a common mistake is assuming that we, across from the Big Lakes or far from Anglo-centric powers, are just one big group of people who think and behave alike. I can tell you right-away that a Chinese business person from Malaysia, Singapore, China or HongKong will have enough cultural and national biases to make even dealing with ONE Asian race – say Han chinese – pretty tricky at times. Let’s focus on less obvious aspects of doing better in negotiations for example. One of the first things we normally do is to build rapport. This is a complex mix of reaching out through language, gestures, actions, words and protocols designed to bring ourselves closer to another person – even if it’s someone we have some misgivings about. In Asian cultures where the Chinese race dominates, certain threads and cultural underpinnings are key in understanding how rapport works. However, in this article, I want to move away from the more conventional information about do-s and don’ts which are based on more obvious customs and business etiquette. Instead, let’s go deeper into the Asian psyche. HIGH /LOW CONTEXT: Small things, signs gestures mean a lot in a societies which place hierarchy and respect for rank. First time meetings where you bring a small token or gift that represents your nation or company are welcomed and often a sign of courtesy . We tend to be a bit more higher context than in industrialised Anglo-centric cultures FACE: Enough said. You create rapport by giving appro-
52
September 2012
ABOUT THE AUTHOR David Lim, Founder, Everest Motivation Team, is a leadership and negotiation coach, best-selling author and twotime Mt Everest expedition leader. He can be reached at his blog http:// theasiannegotiator. wordpress.com, or david@ everestmotivation. com
priate face to all staff present. Going over the head of someone in a negotiation process may lead to loss of face and you will not win that person’s support or influence in the future. Here’s an extreme example when it can go wrong. An acquaintance of mine was once assigned to close a multi-million-dollar deal in China. For three days, he had to wine , dine and entertain the buyers. When he fell ill on the fourth days, he excused himself from the evening sessions. Upon his return to Paris, his boss told him that the Chinese feedback included a retort that the harried executive had not shown them enough ‘face’ when in China. They lost the deal. POWER-DISTANCE: Geert Hoftstede’s studies in the concept of power distance in culture continues to fascinate me. For many years he measured and studied employye values across cultures. The term “low” and “high” power distance refers to the relative inequality of the distribution of power within a society, culture or organisations. Many Sacndinavian countries for examples have a ‘low’ power distance culture, with fewer layers between the boss and the shopfloor worker. Culturally speaking, Scandinavian countries are also egalitarian in terms of wages, and standards of living. These countries score hovers around 30 on Hofstede’s scale India has Power Distance (PDI) as the highest Hofstede Dimension for the culture, with a ranking of 77 compared to a world average of 56.5. This Power Distance score for India indicates a high level of inequality of power and wealth within the society. This condition is, to some extent accepted by the population as a cultural norm. India has Power Distance (PDI) as the highest Hofstede Dimension for the culture, with a ranking of 77 compared to a world average of 56.5. China by com-
parison is also high at 80, and Singapore is not very far behind too; and reflect’s the countries distribution of power both political and wealth. So in this context in an everyday negotiation, understand that in high-power distance countries, there are likely to be many more gatekeepers with who you may need to win over before you actually get to negotiating with the economic buyer. In a low-power distance context, far less rapport-building energy may be required. The higher hierarchy in Indian and many East Asian cultures also suggest that approaches to negotiation may require the unpeeling of the proverbial onion — discerning just who is the economic buyer mad who are the influencers involved in the process. CONFUCIAN PRINCIPLES: Though not explicit, many East Asian companies are still run with the ethics and thinking of the ancient Chinese philosopher from more than 2000 years ago — who outlined how we should live, run governments ,and lead a household. These include principles that championed respect for elders, filial piety, a strong work ethic, and effective governance of the state. You can’t effectively negotiate any Chinese who has some Confucian exposure, and not realise its influence. So in the context of a negotiation — respect your elders, though you may diplomatically disagree with their position. And when it comes to filial piety — that’s a phrase that’s almost NEVER used in Anglo-centric societies. When you get broken homes, a culture which focuses on individual freedoms over collective interests, when you call your father by his first name (and he’s OK with it) — you get a society far divergent from Chinese cultures where filial piety reigns. It extends to taking care of your parents even if you don’t get along with them. In a family run business (and many of the largest Asian busineses are still family-owned), understand the power dynamic of the matriarch or patriarch, and ask if the Harvard-educated eldest son will really ride roughshod over his father…no matter what he says.
illustration BY photos.com
D av i d L i m | OPINION
In a family run business, understand the power dynamic of the matriarch or patriarch, and ask if the Harvard-educated eldest son will really ride roughshod over his father…no matter what he says So if you wish to get of on the right foot, think about these when building rapport with Asian decision makers — show some respect, be open, listen when the oldest/ eldest at the table speaks, understand the context of the familial situation. You’ll be mutually respected in liked. It makes a good impression. These are just some of the lovely complexities that make up negotiating in Asia. DAVID LIM IS A LEADERSHIP AND NEGOTIATION COACH AND CAN BE FOUND ON HIS BLOG http:// theasiannegotiator.wordpress.com, OR subscribe to his free e-newsletter at david@everestmotivation.com
September 2012
53
SHELF LIFE
“We’ve said that our formula for success is build people capability first, then we will satisfy more customers and make more money” — David Novak
Taking People With You
The book is not just a thought on leadership. It is a workbook and a well developed organised plan
Book shelf
of a manager, aspiring to be a business leader, is always overloaded with books inculcating leadership skills. Churned out regularly by authors, these books mostly fail in helping a managers to climb the leadership ladder. One of the primary reasons was that the authors themselves were not real leaders who had never laid the foundation and run an excellent business. Often they were observers, who were never under any kind of pressure to increase profitability and run business seamlessly. Ironically, sometimes they did not even have a close access to the leaders they were writing about. The second reason was that even leadership books by credible authors, often, do not explain the thorough details on what they recommend. A good reason, therefore, to like Taking People With You: The Only Way to Make Big Things Happen by David Novak was that it was extraordinarily good on these critical issues, where other leadership books disappoint. David Novak is the Chairman of the Borad and CEO of Yum! Brands. Yum! Brands or Yum! is a
54
September 2012
United States-based Fortune 500 corporation. Yum! operates or licenses Taco Bell, KFC, Pizza Hut, and WingStreet restaurants worldwide. Based in Louisville, Kentucky, it is the world's largest fast food restaurant company in terms of system units— nearly 38,000 restaurants around the world in more than 110 countries and territories. Yum! Stock had witnessed a rise of 16 percent a year on average. Novak, keeping the facts in mind, had earned the right to express his thoughts over leadership. In his book, Novak reveals that the fundamentals of communication, encouragement, and recognition have helped him lead Yum to big success. The book is not just Novak's thought on leadership, but a well developed organised plan. This is more of a workbook, then a book. It provides exercises, worksheets and other tools to help executives from any size company bring people with them. Novak has himself recommended reading a chapter a day. His approach is less about literally taking people with you, as in promotions and carrying them into your inner circle, than it is about inspiring
ABOUT THE AUTHOR David C. Novak became CEO of Yum! in the year 2000. He has also held senior management positions at PepsiCola Company, including Chief Operating Officer, and Executive VP of Marketing and Sales
them to sign on to your vision of the future – a vision that includes them. The book highlights that leadership is not all about techniques, but about deep nature, traits as a human being, and most importantly how you connect with people around you. Novak tries to make readers do psychoanalysis, mostly of the time by, themselves. It is a hard task to do as being honest with oneself can leave one exhausted. Besides, introspection, the book also talks about strategy, structure, action plans and execution. The core of the book was on human experience of leading. Novak's most strong subject was the value of recognition. The writer was particular about publicly recognizing good performance. Though recognition costs nothing and has staggering value, still most of the managers are clueless about this basic fact of human nature. Of all the business leaders, who consistently perform and gain attention, hardly anyone wrote good books. Novak is an exception. Taking People With You: The Only Way to Make Big Things Happen is a must in the book shelf of aspiring business leaders. —By Akhilesh Shukla
NEXT
Do You Have What It Takes To Lead IT Pg 58 Data is The Perimeter For Cloud Security Pg 59 More
image by photos.com
HORIZONS
Features Inside
Feds Finally Embracing Security The US government will coordinate information sharing and ensure that agencies that use classified computer networks protect info By Paul Kenyon Bonfante
56
September 2012
L
ast Fall must have been a time for wound licking in the West Wing of the White House, particularly as it considered the fallout from the WikiLeaks Affair and the vast number of US diplomats who were being embarrassed on a weekly basis by the publication of embarrassing or just plain stupid “private� communications. It was time for an executive order which directed all US government agency heads who have to deal with classified information to designate an ex-pat senior official
se c u rit y | N E X T H O R I Z O N S
to oversee their organisations activities around the sharing and protecting of their sensitive information. These guardians of security have also been tasked with implementing a program to detect insider threats once the task force as finally ground to a conclusion. President Obama’s executive order was the result of a seven-month review by his administration in which the White House sought to find a proper balance between security and the need for agencies to share classified information. Under the executive order, the government will coordinate information sharing and to ensure that agencies that use classified computer networks protect information. Each agency will have a senior official oversee classified information and be insider attacks. Our view is that it is about responsible for safety measures. time the White House has caught up on Several departments and agencies, includideas and technology that many corporate ing the Pentagon and the CIA, have already clients have known about for several years. taken steps to control people's ability to place classified data on disks or removable memory devices, as well as limiting the What enterprises already know number of users with permission to use Establishing a least privilege environment such devices. Specifically, the order manis the first step to achieving an IT environdates Attorney General Eric Holder and the ment whereby everyone can still be proUS director of national intelligence, James ductive, while at the same time remaining Clapper, to establish an Insider Threat secure. The White House, of course, may Task Force to find ways to deter and detect not be taking this route to better security security breach. Against the backdrop of for all the right reasons, as there is an arguexisting government agencies, some critics ment to show that it is simply looking to have questioned the need for yet another avoid another WikiLeaks Cablegate by creatagency to deal with security matters, but it ing more agency oversight and security for is worth noting that it has been almost six data stored on classified networks. years since the inception of WikiLeaks, yet It is worth noting that the executive order the government has only just begun to idensigned by President Obama creates a numtify methodologies to combat insider threats ber of new inter-agency governing bodies within the military. that will work together to oversee the protecThe bottom line here is that the governtion of classified information across federal ment needs to move swiftly if it is maintain agencies and departments, while at the credibility — especially in an election year. same time balancing the needs of federal Earlier in 2011, the White users that have permission to House revealed language on access it. The order also makes new legislation directing private federal organisations responindustries to improve computer sible for the sharing and protecsecurity voluntarily and have tion of their classified informathose standards reviewed by the tion, as well as mandating that of all social Department of Homeland Secuthey designate a senior official media reviews and rity (DHS). to oversee these tasks. other forms of The government, all the way In addition, agencies and engagements will be from federal to state, and down departments must willingly profake by 2014 to city levels, clearly has plenty vide information for indepenof work to do on preventing dent assessments of their com-
Our view is that it is about time the White House has caught up on ideas and technology that many corporate clients have known about for several years
15%
pliance with security policy and standards, as well as implement an insider threat detection and prevention programme, which is where the Insider Threat Task Force enters the frame. In addition to the task force, the executive order also sets up a series of committees to ensure agency compliance with the security measures and to facilitate interagency coordination. The Senior Information Sharing and Safeguarding Steering Committee will have overall responsibility for the new policies and be held accountable for department and agency compliance. Senior officials from the DOD and NSA will jointly act as a new Executive Agent for Safeguarding Classified Information on Computer Networks to develop technical policies and standards to protect classified information. The plan is for this executive agency to also be responsible for third-party assessments of agency compliance. It’s also worth noting that, as officials were laying the groundwork for the new policies, the Insider Threat Task Force has been working informally since June of last year to clarify policies in several priority security areas. For example, a number of departments and agencies already have standardised policies for removable media, limiting the number of users who are permitted to use such devices. To beef up their online identity management, administrators of classified systems have also enacted measures to strengthen online identity management policies and their ability to track information being accessed by these users.
Will this work? So will the executive order stop sophisticated attacks, as exemplified by complex and targeted malware such as Stuxnet and Duqu? This is debatable, but the use of augmented security layers enterprises have been using for years such as privilege management can greatly assist in this regard. Effective privilege management allows IT professionals to control who has access to specific applications running on the corporate IT platform, as well as the underlying data. This means, for example, that if the admin team only run their control and security software from within the network perimeter on known PCs, then access to those applications can be locked down to
September 2012
57
N E X T H O R I Z O N S | se c u rit y
specific on-network and even on-workgroup computers. Then, even if a set of admin account credentials are compromised by hackers or other external (and unwanted) agencies, they cannot use those credentials from the Internet. They would still have to gain physical access to the terminals used by the admin staff. This security methodology revolves around the principle of least privilege, which, in turn, translates into a least risk scenario since the attack surface of the network is significantly reduced. In view of the looming elections, there is an argument that the DHS should take a leaf out of the security industry’s best practices by adopting this least privilege approach.
But how should the White House go down this path? Our observations are that the President needs to designate a senior official to be charged with overseeing the project, as well as implementing an insider threat detection and prevention programme on a
percent, Windows Vista was at multi-agency basis. In parallel 54 percent, and Windows Server with this, the government and 2008 was at 53 percent. its agencies also need to ensure Whether or not all of this that their information is propactivity is going to result in the erly classified, as well as start death of the insider threat is a researching into the many types will be the size of moot question. The eradication of data leak prevention (DLP) worldwide security technology that are available to spending by the year of the insider threat depends upon two things: The first is the today’s businesses. 2014 education of people working in Coupled with regular selfgovernment and the realisation assessments of current security of people working in governarrangements — as well as not ment that all of the information they deal being afraid to bring in external advisers with is sensitive and has to be protected. — this cannot help but engender a positive The second is the determination of IT approach to data security in all its various security departments to implement regimes shapes and forms. of least privilege to avoid the influx of superThe final step that needs to be taken is to users who have been able to easily bypass implement a policy of least privilege a prosome of those internal security controls, it cess that is easier to implement than many all looks very easy. Unfortunately, it is not, professionals think. Researchers found that, hence the President’s intervention. when analysing published Windows 7 vulnerabilities through March 2010, 57 percent —Paul Kenyon is a security specialist at Avecto. were no longer applicable after removing — This article has been reprinted with prior peradministrator rights. mission from CIO Update. To see more articles In comparison, Windows XP was at 62 regarding IT management best practices, please percent, Windows Server 2003 was at 55 visit www.cioupdate.com.
$86bn
Do You Have What It Takes to Lead IT? The skills required to be a true agent of transformation are not technical
By Larry Bonfante
I
’m so often asked about the competencies required to be a successful CIO in the 21st century that I chose to make this a main topic of my book “Lessons in IT Transformation.” It seems that many CIOs are more focused on acquiring the latest and greatest technology services and solutions than they are on building their personal skillsets. However, the skills required to be a true agent of transformation are not technical (or
58
September 2012
even business-related); rather, you need to develop skills in human dynamics. Let’s review a few of these key CIO competencies. First of all an effective CIO has to be able to get a diverse group of stakeholders to embrace and align around a common vision and purpose. With so many people in every enterprise having their own personal agenda, this is no small task. Getting alignment requires the key competency of managing
through influence. We have to get people to want to do what we are asking of them, because oftentimes we aren’t in a position to demand their compliance. We also need to be able to develop key partnerships — both within our own organisations as well as with outside third parties — with those who can bring the skills and resources we need to complement our existing talent base. More than at any time in our history, great accomplishments are
c lo u d | N E X T H O R I Z O N S
image by photos.com
the result of great alliances, getting various groups to come together to work on a common goal. Perhaps the most important role of the CIO is that of relationship manager. We must be able to become trusted advisors for our internal clients and our external consumers. We need to be the “go to” people they seek out whenever they are starting a new business initiative and need our expertise to help drive their success. CIOs need to be incredibly effective communicators. We need to be able to motivate and inspire people to take action. We need to communicate in terms they understand and in ways that motivate them to take action and support our directions. Finally we need to be able to drive complex and challenging change efforts, and convince people to step out of their comfort zones, take risks, and do things that require courage. Are you up for the challenge?”
We must be able to become trusted advisors for our internal clients and our external consumers
—Larry Bonfante is CIO of the United States Tennis Association and founder of CIO Bench Coach, LLC, an executive coaching practice for IT executives. — This article was first published in CIO Insight. For more stories please visit www.cioinsight.com.
Data is the Perimeter for Cloud Security What is needed is an infrastructure that’s designed to deliver digital signatures
By Mike Gault
T
he cyber security market in 2012 is estimated at $60 billion, yet adding more and more layers of perimeter security may lead to a false sense of security and be completely useless against a determined system administrator working on the inside. The end result is that your data might be secure or it might not — you simply have no way to prove it. Shawn Henry, FBI
veteran of 24 years and now president of CrowdStrike Services had this to say about integrity at the Black Hat conference this year: “These days, you can’t just protect the information from being viewed. You also need to protect it from being changed or modified.” This leads to the question: Would you know if an attacker or your own system administrator got to your data? Traditionally, the ‘integrity’ component of
the CIA triad of data security [confidentiality, integrity, availability] has focused on protecting the integrity of data. But proving the integrity of data — knowing you have not been compromised — is equally if not more important. We have been nibbling around the edges of this with checksums and other one-way hash algorithms but have yet to create truly scalable, rock-solid mechanisms to prove integrity. It’s as though we have taken
September 2012
59
N E X T H O R I Z O N S | se c u rit y
a car that holds our most precious cargo and wrapped it with increasing layers of protection but we fail to create a way to monitor the brakes or onboard computers for tampering or other untoward acts.
Many experts have come to the conclusion that all networks will eventually be compromised, so security should be focused on protecting data and less about the perimeter — i.e., what is required is a data-centric focus on security. What is needed is an infrastructure that’s designed to deliver digital signatures for data at scale, ensuring that verification of the signatures does not require trusting any single party. Donald Rumsfeld famously compared the difference between known unknowns and unknown unknowns. Digital signatures that are essentially ‘keyless’ have the power to convert one unknown — “Is my security working?” — to a known: “I have proof that my applications and data have not been compromised and that proof is independent from the people operating those systems.” So what is a keyless signature? In a nutshell, a keyless signature is a software-generated tag for electronic data that provides
image by photos.com
Data is the new perimeter
proof of signing time, entity, and data integrity. Once the electronic data is tagged, it means that wherever that data goes, anyone can validate when and where that data was tagged and that not a single bit has changed since that point in time. The tag, or signature, never expires and verification relies
only on mathematics – no keys, secrets, certificates, or trusted third parties – just math. And we can all trust math. — This article is printed with prior permission from www.infosecisland.com. For more features and opinions on information security and risk management, please visit Infosec Island.
Rapid 7 Analysis of Data Breach Incidents 2010 witnessed three times higher number of incidents as against the first half of 2012
By Pierluigi Paganini
S
ecurity Firm Rapid 7 has published an interesting analysis on government data breach reported from January 1, 2009 to May 31, 2012. The document present a worrying scenario in which 268 incidents exposed more than 94 million records containing sensible information. This type of incident is really dangerous due the nature of information exposed that could represents
60
September 2012
the starting point for further attacks. Marcus Carey, security researcher at Rapid7, declared: “Our analysis puts a spotlight on the need for improved security operations and testing. It also analyses specifc threats that government entities are facing, because knowing these threats is key to be able to reduce risk.” In US all states have adopted laws requir-
ing that companies victims of incident to notify information to their customers in order to proper response to the event. Recently, Senate Republicans have introduced draft legislation known as the “Data Security and Breach Notification Act of 2012 (S.3333)” to propose a national recognised procedure to respond to data breaches. Governments networks are privileged targets for several type of attackers, for-
eign state-sponsored hackers, hacktivists and cyber criminals, and in every cases the principal objective is cyber espionage, are increasing in fact the attacks to expose government information or to steal intellectual properties in critic sectors such as the defense. The Report of Rapid 7 has been published few days after the publication by Symantec of the document on the "Elderwood project" that describe the ongoing impact of cyber espionage operations and attacks part of the famous Op. Aurora. 2010 was the year with the high number of incidents publicly reported, a number three times higher of the number of incidents reported in the first half of 2012. Despite 2010 was the year with highest number of incidents, the major number of records exposed is related to 2009, in particular in the month of October 2009 76 million US veterans’ personally identifiable information (PII) was exposed after a defective hard drive was sent to a government vendor for repair and recycle before the data was erased. The Report proposes the division of data breaches in the following categories: Unintended disclosure – Sensitive information posted on a website, mishandled, or sent to the wrong party. Hacking or malware – Electronic entry by an outside party, malware, and spyware. Insider – Someone with legitimate access intentionally breaches information – such as an employee or contractor. Physical loss – Lost, discarded, or stolen non-electronic records, such as paper documents. Portable device – Lost, discarded, or stolen laptop, PDA, smartphone, portable memory device, CD, hard drive, data tape, etc. Stationary device – Lost, discarded, or stolen stationary electronic device such as a PC or server not designed for mobility. Unknown or other. Going in the details of the data proposed by Rapid 7, the number of incidents and reported PII records exposed during the period of observation are: Unintended disclosure – 78 incidents exposing 11,783,776 records Portable device – 51 incidents exposing 80,706,983 records Physical loss – 46 incidents exposing 296,710 records
image by photos.com
se c u rit y | N E X T H O R I Z O N S
Government’s networks are privileged targets for several types of attackers Hacking or malware – 40 incidents exposing 1,082,749 records Insider – 39 incidents exposing 177,399 records Stationary device– 6 incidents exposing 250,650 records Unknown or other – 8 incidents exposing 5,906 records The data proposed in my opinion demonstrate that this type of incidents could be sensibly reduced with an opportune awareness campaign, as seen a great number of incidents is related to misconduct of users, that not intentionally, apply an adequate protection to their data. Excluding hacking
attacks made by foreign governments and cyber criminals that exploit 0-days vulnerabilities, with the definition of best practices and the adoption of a behavior compliance to the current standard in matter of security it is possible to avoid data breach incidents, or at least reduce the number of exposed information. That consideration is an imperative in government environments to avoid dramatic incidents that could expose homeland security. — This article is printed with prior permission from www.infosecisland.com. For more features and opinions on information security and risk management, please visit Infosec Island.
September 2012
61
TECH FOR
TECH FOR GOVERNANCE | STORY NAME
2.9mn Data Briefing
Seven Tips to Improve Patch Management Find patching to be an easy, straightforward, and enjoyable part of systems management By Casper Manes
62
September 2012
image by photos.com
GOVERNANCE
Number of PCs sold in India in Q2 of 2012
A
s ec u r i t y | T E C H F O R G O V E R N A N C E
As a security consultant, one complaint I hear frequently from my
customers is that patching is a pain. The amount of time many companies spend on patching, the problems they have deploying patches, the perception that patching causes problems, and a general lack of understanding about what it takes to patch, all combine to make patching such a major issue. This generally means patching is not carried out for months and security is put at risk. However with proper planning and a patch management strategy, patch management is not such an issue after all. I have helped numerous customers implement patch management and there are seven tips that I adopt:
1
Have senior management make patching a priority
If admins are allowed to patch (or not) as they see fit, and if you are expected to “do the best you can” with patching, you’re doomed to fail. Senior management must set the expectation that patching is critically important, mandatory, and they will need to support that.
2
Implement a patch management solution
Part of that support from senior management will include implementing a patch management solution. The free ones are worth every penny you pay for them, which is not to say that they are not useful, but they typically focus on the operating system, and leave the applications out in the cold. A patch management solution is the best way to automate the testing, patching, auditing, and reporting steps that manual patching makes so painful.
3
Include third party applications
Your patch management system must be able to deploy patches for your third party applications. Media players and readers, line of business applications, and the various utilities that are found on practically every workstation, and many servers, must also be patched.
4
patch at all, but you roll the dice every time you do. Designate a sampling of key users and servers, and deploy patches to them early so that you can be sure that the patches play nicely in your environment before you patch all the systems.
5
Create a patching window that is inviolate
Set a regular patching window that takes priority. Publish it so that other business units can plan around your patching activities, and make sure that the senior management support includes supporting the patching window so that you can get workstations and servers updated quickly.
6
Ensure 100% compliance
Never assume a patch is deployed successfully to every system. Your patch management solution should be able to report on the status of all systems, that patches are deployed successfully, and you should spot audit systems to be absolutely certain you’ve covered everything.
7
Ensure you can roll back
Even with testing, there’s a chance you will deploy a patch only to later find out that it causes a problem. Choose a patch management application that can roll back or uninstall patches that it pushes out, just in case a problem is discovered late in the game. If you take these seven tips to heart and implement them in your environment, you will find patching to be an easy, straightforward, and enjoyable part of systems management. —This guest post was provided by Casper Manes on behalf of GFI Software Ltd. — The article is printed with prior permission from www.infose-
Testing is not optional
cisland.com. For more features and opinions on information
It’s better to deploy an untested patch than to not
security and risk management, please visit Infosec Island.
September 2012
5
POINTS
Never assume a patch is deployed seccessfully to every system Choose a patch that can roll back or uninstall patches It is better to deploy an untested patch than to not patch at all set a regular patching window that takes priority supporting the patching window is a very important step
63
T E C H F O R G O V E R N A N C E | s ec u r i t y
Cybersecurity Executive Order: Do We Need it? Threat-based cyber security is the fastest growing sector in the IT security industry
S
ince the collapse of the Congressional attempt to pass the Cybersecurity Act of 2012 there has been mounting pressure for the Obama Administration to “do something”, that something being the imposition of a regulatory regime to protect critical infrastructure. But the Cybersecurity Act of 2012 failed because it was fatally flawed. Federal News Radio reported that they had obtained a copy of a proposed Executive Order that would attempt, through executive fiat — as Steve Bucci at the Heritage Foundation terms it — to impose most of the measures called for by Senators Lieberman and Collins. Bucci raises an important point: “[Regulation] is exactly the wrong approach for dealing with a fast-moving and incredibly dynamic field like cybersecurity. Give hackers — whether working for themselves or for another nation-state — a static standard, and they will waltz around it and have their way with the target entity.” Congress has gone through several dozen cybersecurity bills in the last three years, not to mention the failed attempt to pass a data breach law which dates back to 2005. Even as they revise and re-write, there have been dramatic changes in the defensive posture of our critical infrastructure providers. Let’s look at the proposed Executive Order as
64
September 2012
image by photos.com
By Richard Stiennon
The last thing we need is another hastily-designed and open-tointerpretation framework
cloud | TECH FOR GOVERNANCE
revealed by Federal news Radio. There are ten sections of the draft. Most of them call for nebulous voluntary information sharing or requirements that DHS create frameworks within three months. I can just see the scramble that will occur, after multiple extensions to the due date are granted. Because telecom carriers are identified as critical infrastructure you can see where resistance to information sharing comes from. Binding the Department of Homeland Security to ISPs and phone companies is a slippery slope and they have resisted sharing information because of the legal liabilities due to privacy violations. You can predict where the anti-SOPA movement will come down on this issue. So, the draft Executive Order attempts to remove those liabilities. But those “liabilities” are privacy protections, and any attempt to bypass them will be perceived as an egregious extension of the Patriot Act. The last thing we need is another hastily designed and open-to-interpretation framework. Look at the regulatory burden that Sarbanes-Oxley created for publicly traded companies. The only section of SOX
Industrial Base (DIB) have that touches on cybersecurity developed their own methodolomandates the use of a cybersegies that turn traditional IT risk curity framework such as ITIL management frameworks on or COBIT, yet public companies their head. Instead of an asset are still suffering constant sucof gartner’s revenue and vulnerability approach — cessful breaches. came from research as proposed in all cyber legislaThe good news is that while wing in the second tion to date — these new methCongress dithered, the IT quarter of 2012, up security industry developed. As from 50 percent in 2011 odologies focus on the threats. Threat based cyber security is Bucci points out, cybersecurity the fastest growing sector in the is dynamic. As new threats have IT security industry. developed– from cyber crime, The rapid uptake represented by 100 to nation state espionage, to weaponized percent annual growth rates indicated that malware targeting uranium gas centriwithout a single regulation or Executive fuges– the industry has reacted. There are Order the problem is being addressed. now tools that collect intelligence, identify Forcing utility operators, banks, and earth previously unknown attack attempts, and resources companies to comply with framealert network operators to successful intruworks based on outmoded asset and vulnersions, giving them the ability to track down ability methodologies will distract them and eradicate them. Major security vendors from implementing threat based defenses. already gather threat intelligence from hunThe draft Executive Order, if issued, will do dreds of thousands of deployed devices. much more harm than good. New firms are even actively infiltrating and gathering information from hacker and — The article is printed with prior permission cyber criminal forums. Cutting edge busifrom www.infosecisland.com. For more features nesses that I have visited in the financial and opinions on information security and risk and technology sectors and the Defense management, please visit Infosec Island.
61%
Keeping Safe In The Cloud With all the hacking stories, will the world return to NAS or burning DVDs for data backup? By Ben Kepes
T
his year has seen a seeming storm of examples of security breaches of cloud services. As is often the case when people have vested interests in a particular technology, many naysayers have pronounced that these security breaches spell the end of the cloud. Heck, even Apple co-founder Steve Wozniak went on record saying: “With the cloud, you don’t own anything.
You already signed it away through the legalistic terms of service with a cloud provider that computer users must agree to. I want to feel that I own things… A lot of people feel, ‘Oh, everything is really on my computer,’ but I say the more we transfer everything onto the web, onto the cloud, the less we’re going to have control over it.” Some might suggest a degree of self-interest in that case, Wozniak is actually chief scientist for a storage company, but beyond
that, there seems to be a lot of hand wringing and naysaying about the cloud. First up was Dropbox, which reported a breach of its systems that could have compromised users passwords. As I said in a post reflecting on the Dropbox issue: “…amazing functionality doesn’t mean that the product is robust or secure, and the issues that Dropbox seems to be facing over time indicate a corporate culture that has, at least in part, stemmed from an imma-
September 2012
65
T E C H F O R G O V E R N A N C E | s ec u r i t y
illustration by photos.com
When possible, encrypt. If possible, make your data unreadable by others ture approach towards building a product and building a company. It’s a subject I’ve opined on previously when it comes to Dropbox and one which would appear is shared by others.” The key differentiator here is consumer as opposed to business-ready tools. Now, I’ve stood up and complained about vendors who simply stick a “trusted provider” label on their products in a bid to heap fear, uncertainty and doubt upon competitor services, but there is clearly a difference between a tool designed for consumers to share music and photos, and a true enterprise-level service.
Honan had linked his Google and Twitter accounts with iCloud, along with enabling the remote wipe feature that Apple products come with. The hackers managed to infiltrate his twitter, change his Google passwords and remotely wipe all of his Apple devices – a nightmare indeed. So with all these horror stories about services ostensibly run on the cloud, will the world return to having a NAS under the desk or burning DVDs to back up their data? Clearly not, but it is worth reiterating the hard truths of cloud computing as Derrick Harris over on GigaOm wrote about — the fact that, at least to an extent,
cloud users may have to accept some loss of control over their data when they sign up to a cloud service. That’s not necessarily a bad thing – but it is something they need to be mindful of. The other thing that Harris points out is that people are generally the problem. In the Honan example, hackers simply called Apple support and, using some social engineering, managed to have Honan’s password reset. Having said that, there are some key things that cloud users need to think about to ensure security of their data. We went into these in detail in the security chapter of the CloudU certificate, but Harris has written a post detailing the six ways to ensure your data has the best chance of staying safe in the cloud. Harris’ top six tips are: Be smart about passwords and security questions. When possible, encrypt. If at all possible, make your data unreadable by others Use two-factor authentication, because two passwords are better than one If you need it, back it up — duplicate your data wherever possible Delete it when it’s done – don’t have sensitive information sitting around in the Cloud when you’re done with it — The article is printed with prior permission from www.infosecisland.com. For more features and opinions on information security and risk management, please visit Infosec Island.
White Hat Hackers, Black Hat Hackers What would be gained by changing the language used to describe cyber security? By Jim Palazzolo
W
hat color hat are you wearing today? Are you happy with your life and the way things are around you? Deciding, for research sake, do you wear a grey colored hat today or are
66
September 2012
you angry and vengeful, deciding to go with a darker colored black hat? Does anyone care about the hats anymore? It may seem like a trivial question, but I do remember some time back reading or hearing a reference that basically stated: If
you give public attention to your adversary, the stronger they get by giving them recognition. We keep using terms like “Hacker” and “Black Hat”; and, I understand the need to continue to classify the behaviour. However, are we inadvertently giving individuals
s ec u r i t y | T E C H F O R G O V E R N A N C E
too much inherited power by recognizing them in context and connotation? I’ll admit I’ve been having a very tough time finding my own words to express this thought. In my head it’s very black and white. You’ve either committed a crime, or you have not; meaning: Just because you’ve thought about getting back at your old boss does not make you a bad person, nor does successfully completing a pen test make you a wanted criminal; but, the raw act itself, what did you, or a group of individuals do? Did you break the law, or did you not? It seems is so much simpler to look at it in those terms: black and white. I think the ecosystem of cyber security is simply moving in that direction naturally; so, I’d like to give it another nudge. I can’t remember the last time that I read an article that specifically stated a group of “Black Hat Hackers” broke into a bank’s infrastructure and stole a large sum of money. Rather, most articles seem to simply state: “a group of individuals broke into a bank’s infrastructure and stole a large sum of money.” But what would be gained by changing
would you have left? Would you the language, and what would buy something where the adversimply change by changing the tisement sounded like this: language used to describe cyber “Are you experiencing broken security? Would you no longer headers that are affecting your like your job because you’ve lost overall network performance? the romantic espionage side? will be the global Do you have emails that are Would you come to work if spend on security in you couldn’t claim that you the year 2012, up from sending users to destinations they do not want to go to? Then were a hacker? Would chang$55 billion in 2011 get our new shiny network trafing the language change the fic manager” overall surface of behavior in So what can we deduce from the ecosystem itself? Would this random thought? For starters, lanhacktivists continue to hack into systems guage truly drives the industry. Whether if they were no longer given a name out of fear, profit, or protection, it is clear like “hacktivists”? that the language used has a way of drawing From my understanding, if you go back in customers to spend their money on your to the manifesto and other literature, the products and services. term “Hacker” simply meant someone who So it is very clear that the language we liked to tinker with things and make them use has a very direct affect to the ecosystem do things that they were not designed to do; we work within. The real quest will be in and, they enjoyed the journey of discovery. choosing what to say. I can hear it now, large cyber security vendors shouting, “They are Hackers! Evil, malicious, and devious people who — The article is printed with prior permission wish to overthrow your empire!” All of from www.infosecisland.com. For more features that just to protect their profits. I mean, if and opinions on information security and risk you took out all the fearful language, what management, please visit Infosec Island.
$60bn
VIEWPOINT Steve Duplessie | steve.duplessie@esg-global.com
illustration by raj verma
Back to Work
Here are some of my thoughts on human behaviour I was very lucky in that I spent a good month on the beach forgetting everything I’ve ever known about IT. I was not so lucky in that my brain can’t stop observing and questioning human behaviour, in IT or anywhere else. I can spot someone from NJ in seconds now. I can tell a driver is from Connecticut within one stupid maneuver. Useful? Not really. But interesting nonethe less, at least to me. I currently do not look like I’m an IT geek. I’m far too tan for that. Thus I will be incognito for at least another few weeks. Here are some of my current thoughts, in no specific order, and absolutely no coherent pattern – other than that in one way or another they all relate to the odd ways in which humans – and companies (collections of humans) do things: It’s funny to watch people who recently arrive on vacation, and how long it takes them to slow down. They are in a rush to get nowhere. They freak out when it takes 45 minutes for a hippy chick to bring them a check after their lunch and lose it over bad service – but they have nowhere to go.
68
September 2012
People hold grudges. A lot of the big OEMs are not at all happy with the way Seagate gouged them after the Thailand floods, and are quietly plotting retribution. Karma is a bitch. If Amazon ever gets its pricing model coherent and rational, it truly could be the biggest infrastructure cloud business ever – for a long time. However, they still don’t have it nailed. Lot of bad press on them screwing people to “recover” data lately. Businesses won’t tolerate that for long—the ease of setting up will be outweighed by the outrageous bills eventually. Funny thing is, they could own the world if they figure it out. Speaking of Amazon, is there any reason to shop anywhere else? My UPS guy is probably going to be invited to family functions I see him so often. Just a few years ago that type of consumption model didn’t exist—and now I don’t buy any other way. That gets me to think that it’s insane that core infrastructure companies still don’t offer customers a legitimate cloud consumption model. Why can’t I buy EMC or NTAP or HP/Dell/IBM etc. as a pay as you go service? Sure they
About the author: Steve Duplessie is the founder of and Senior Analyst at the Enterprise Strategy Group. Recognised worldwide as the leading independent authority on enterprise storage, Steve has also consistently been ranked as one of the most influential IT analysts. You can track Steve’s blog at http://www. thebiggertruth.com
have “offerings” but they aren’t serious, or mainstreamed. I get how it’s hard to give up the tradition – but if you don’t, aren’t you afraid someone will? Amazon and Nirvanix won’t be the only ones who give the people what they want. Speaking of those unwilling to give up the ghost, we are due for an upheaval. We haven’t had a class extinction in the infrastructure business for a few decades – since the minicomputer era. I love entrepreneurs. I love anyone who will take on the establishment and try to upset the money train. Most are clueless. Like the moron who decided to go swimming 500 yards off shore this summer, in known Great White shark infested waters off Cape Cod, in known seal inhabited areas. Balls, yes, but the brain of a newt. Of course he was attacked. He was playing the big fishes game, and in that case, I root for the fish. Darwinism works — in life and in business. Occasionally, however, someone spots a new opening or opportunity where you can play the big fishes’ instincts and habits against themselves.