How to make your team unhappy by ctof magazine

S P I N E

CTO FORUM

Technology for Growth and Governance

October | 07 | 2010 | Rs.50 Volume 06 | Issue 04

DISMANTLE SILOS | SECURITY VS. ACCESS | CONSUMER APPS IN BUSINESS

MAKE YOUR TEAM

The smallest of your actions can have

a big impact on your staff – whether positive or negative. Look carefully before you step.|

PAGE 20

BEST OF BREED

Getting In

SHAPE PAGE 16 PAGE 13

NO HOLDS BARRED

Road to Volume 06 | Issue 04

INFORMATION MANAGEMENT PAGE 40

A 9.9 Media Publication

A QUESTION OF ANSWERS

Altering Economics of

CYBER SECURITY PAGE 12

EDITORIAL RAHUL NEEL MANI | rahul.mani@9dot9.in

The C-level Muddle Movements at top slots of the largest IT companies

n the past few weeks, the tech world has witnessed quite a few very surprising C-level movements, which has created ripples all across. The first surprise came when Mark Hurd, former CEO of HP, joined Oracle as its Co-President, Director and Member on Board. Larry Ellison, Oracle’s CEO and supposedly a good friend of Hurd, rendered all speechless with his conspicuous move. As an instant reaction to this coup, HP filed a civil

EDITORS PICK 40

complaint against Hurd. The case was later withdrawn. Striking back in vengeance, a few weeks later, HP declared Léo Apotheker, the former CEO of SAP, as its new boss. This, in turn, made Ellison “speechless”. The outspoken Oracle CEO was quoted in the WSJ (Wall Street Journal) as being at a loss for words. “I am speechless. HP had several good internal candidates. Instead they picked a guy who was fired because he did a bad job of running SAP,” said

Road to Information Management

Manoj Chugh, President India and SAARC, EMC Corporation in an exclusive conversation with Rahul Neel Mani talks about how the company grew both in size and stature.

Ellison. HP spokesperson, without making Apotheker available, retaliated, “Ellison’s comments don’t deserve the dignity of a response.” Ellison's impatience to react to HP’s move was obvious. SAP is Oracle’s biggest competitor in the business application domain. Apotheker has worked with SAP for over 20 years. And Ellison seldom misses a chance to take pot shots at SAP. A few years ago, Paul Maritz left Microsoft to join VMware. At the time of leaving, Maritz was leading the .Net framework– Microsoft’s dream platform to capture the developer community. His departure was a jolt to Microsoft, and it remains so even today. Forget about .Net, his exit gave jitters to Microsoft’s plans on the virtualisation front as well. Just as .Net is far from beating Java in the developer

world, HyperV is miles away from posing a formidable competition to VMware. This was ratified by a recent Goldman Sachs report, too. Similarly, Apotheker, however badly he may have handled SAP during his tenure as its CEO, will attempt to give a definite direction to HP’s software business, which currently features at the bottom of the list. And, Oracle that just engulfed Sun Microsystems will get a fillip from Mark Hurd’s appointment. I am not too sure whether these moves also instigate highvalue corporate customers to shift their loyalty, but there surely are implications which can be detrimental to competitors. What are your views?

THE CHIEF TECHNOLOGY OFFICER FORUM

CTO FORUM 07 OCTOBER 2010

OCTOBER 10 CONTE NTS

THECTOFORUM.COM

COV E R D E S I G E N BY A N I L T

HOW TO MAKE YOUR TEAM

20 COVER STORY

20 | How to Make Your Team Unhappy

COLUMNS

36 | NEXT HORIZONS: TWEETING AT WORK Top 10 mainstream apps/devices infiltrating the organisation.

The smallest of your actions can have a big impact on your staff – whether positive or negative. Look carefully before you step.

BY ROBERT MCGARVEY

52 | VIEW POINT: WELCOME TO THE THUNDERDOME EMC’s Greenplum acquisition. BY STEVE DUPLESSIE

FEATURES

Please Recycle This Magazine And Remove Inserts Before Recycling

COPYRIGHT, All rights reserved: Reproduction in whole or in part without written permission from Nine Dot Nine Interactive Pvt Ltd. is prohibited. Printed and published by Kanak Ghosh for Nine Dot Nine Interactive Pvt Ltd, C/o Kakson House, Plot Printed at Silverpoint Press Pvt. Ltd. D- 107, MIDC, TTC Industrial Area, Nerul, Navi Mumbai- 400706

CTO FORUM 07 OCTOBER 2010

44 | TECH FOR GOVERNANCE: DISMANTLING SILOS How to identify the 10 telltale signs and head off damaging information bottlenecks. BY MATT SWANSON

THE CHIEF TECHNOLOGY OFFICER FORUM

www.thectoforum.com Managing Director: Dr Pramath Raj Sinha Printer & Publisher: Kanak Ghosh Publishing Director: Anuradha Das Mathur EDITORIAL Editor-in-chief: Rahul Neel Mani Executive Editor: Geetaj Channana Resident Editor (West & South): Ashwani Mishra Associate Editor: Dominic K Assistant Editor: Aditya Kelekar Principal Correspondent: Vinita Gupta Correspondent: Sana Khan, Nipun Sahrawat

12 A QUESTION OF ANSWERS

12 | Altering the Economics of Cyber Security Larry Clinton, President and

CEO, Internet Security Alliance (ISA) on the changing face of the security landscape. 18

REGULARS

01 | EDITORIAL 08 | ENTERPRISE ROUND-UP 50 | HIDDEN TANGENT advertisersâ&#x20AC;&#x2122; index

18 | BEST OF BREED: GETTING IN SHAPE Dhanlaxmi Bank had to align its IT strategy with business goals.

40 | NO HOLDS BARRED: MANOJ CHUGH, PRESIDENT INDIA AND SAARC, EMC CORPORATION on being a preferred information management partner.

VERIZON IFC HP 5 SAS 7 DELL INSERT AFTER 16 HITACHI ADVERTORIAL 32-35 POLYCOM 39 ACE DATA 43 AVAYA 49 SYBASE 51 EMC IBC CANON BC

DESIGN Sr. Creative Director: Jayan K Narayanan Art Director: Binesh Sreedharan Associate Art Director: Anil VK Manager Design: Chander Shekhar Sr. Visualisers: PC Anoop, Santosh Kushwaha Sr. Designers: Prasanth TR, Anil T Suresh Kumar, Joffy Jose & Anoop Verma Designer: Sristi Maurya Chief Photographer: Subhojit Paul Photographer: Jiten Gandhi ADVISORY PANEL Ajay Kumar Dhir, CIO, JSL Limited Anil Garg, CIO, Dabur David Briskman, CIO, Ranbaxy Mani Mulki, VP-IS, Godrej Industries Manish Gupta, Director, Enterprise Solutions AMEA, PepsiCo India Foods & Beverages, PepsiCo Raghu Raman, CEO, National Intelligence Grid, Govt. of India S R Mallela, Former CTO, AFL Santrupt Misra, Director, Aditya Birla Group Sushil Prakash, Country Head, Emerging Technology-Business Innovation Group, Tata TeleServices Vijay Sethi, VP-IS, Hero Honda Vishal Salvi, CSO, HDFC Bank Deepak B Phatak, Subharao M Nilekani Chair Professor and Head, KReSIT, IIT - Bombay Vijay Mehra, Former Global CIO, Essar Group SALES & MARKETING VP Sales & Marketing: Naveen Chand Singh National Manager-Events and Special Projects: Mahantesh Godi (09880436623) Product Manager: Rachit Kinger Asst. Product Manager: Priyam Mahajan GM South: Vinodh K (09740714817) Senior Manager Sales (South): Ashish Kumar Singh GM North: Lalit Arun (09582262959) GM West: Sachin Mhashilkar (09920348755) Kolkata: Jayanta Bhattacharya (09331829284) PRODUCTION & LOGISTICS Sr. GM. Operations: Shivshankar M Hiremath Production Executive: Vilas Mhatre Logistics: MP Singh, Mohd. Ansari, Shashi Shekhar Singh OFFICE ADDRESS Published, Printed and Owned by Nine Dot Nine Interactive Pvt Ltd. Published and printed on their behalf by Kanak Ghosh. Published at Bunglow No. 725, Sector - 1, Shirvane, Nerul Navi Mumbai - 400706. Printed at Silver Point Press Pvt Ltd, D-107, TTC Industrial Area, Nerul, Navi Mumbai 400706. Editor: Anuradha Das Mathur

This index is provided as an additional service.The publisher does not assume any liabilities for errors or omissions.

THE CHIEF TECHNOLOGY OFFICER FORUM

CTO FORUM 07 SEPTEMBER 2010

THE AUTHOR HAS 27 yrs of Industry experience in the transportation vertical ( Airport and Airline)

PHOTO BY S RADHAKRISHNA

I BELIEVE

BY S.FRANCIS RAJAN VP, ICT, Bangalore International Airport Ltd

We need Game Changers There has never been a better time to change.

I BELIEVE that India is going to go places, with the growth curve taking a good climb. This is the opportune time for game changers to display their talents. It is my earnest belief that as CIOs we need to encourage our stake holders to be “game changers”. With every enterprise built now on ICT, staff has more insight, than a majority of non ICT state players, in organisation process across verticals.

CTO FORUM 07 OCTOBER 2010

THE CHIEF TECHNOLOGY OFFICER FORUM

CURRENT CHALLENGE ENCOURAGING STAKE HOLDERS TO BE THE NEW GAME CHANGERS FOR THE ORGANISATION

Also, it is definitely not a solo act. CIOs must be motivators and mentors to a nucleus group of “game changers”. But, change is never easy. It is always a challenge to maintain the very skilled ICT workforce, even for sustaining basic operations. So the way forward to ensure interest and challenge in the team which managing change is to innovate. When there is a collective effort to scrutinise an existing process, you would be amazed to see how well the team responds with multiple options to do a process differently. It is also very easy to get carried away. The best way forward is to list a select set of processes or services or products to be put on the “change table” for a makeover. Then you can list the top five issues to be looked at for “change”; rank them based on the impact to business and performance measures and finally choose the most impacting issue for change. CIOs should then fuel the team by triggering the need for urgent action and guide the team, for it is very important that everyone gets the vision right. You can judge the effect of change through a POC or pilot run. So, not every challenge is to be addressed, the team of game changers, needs to pick the right ones. And for better manageability the safe bet is not to have too many permutations and combinations to address the change. Since business is never static, the need for game changers could change the landscape of organisation outlook and hence needs to be encouraged. It is also equally needed to get the buy-in from the executive management, once a clear road map has been thought of and articulate the change effect as to how the transformation would happen.

LETTERS CTOForum LinkedIn Group Join close to 500 CIOs on the CTO Forum LinkedIn group for latest news and hot enterprise technology discussions. Share your thoughts, participate in discussions and win prizes for the most valuable contribution. You can join The CTOForum group at: www.linkedin.com/ groups?mostPopular=&gid=2580450

Some of the hot discussions on the group are: How do you treat your vendors - a partner, a service provider, or a mere salesman?

ARE CIOS THE RIGHT ARCHITECTS OF CHANGE MANAGEMENT

CIO has to understand what type of data brings the most value to the company. Dealing with some unwanted or unexpected change due to circumstances beyond control can lead to in-fighting and increased paperwork. For that CIO has to empower others to act, form a guideline to create a specific and communicating vision. At this time overlooking any one when developing a transformation plan will add significant risk to the change efforts.

It is situational. Partner relationship arises mostly in case of transformation and transition situations or long term Support commitments where stakes are involved from both side. This way it makes both parties go the extra mile with a smile. Else it is Service Provider or pure Sales vendor.

—Pankaj Sahni PGDBM, PGDCA, Prince 2, ITSM, ITIL The Cloud is all air and no substance I am a strong believer of cloud services however on the other hand there are not many players who have reached the maturity level. The way Google Apps shaping up and gaining market share on messaging it looks the game will change sooner than later.

—Manoj Sharma Vice President & Head IT at Jones Lang Lasalle

CTO FORUM 07 OCTOBER 2010

THE CHIEF TECHNOLOGY OFFICER FORUM

thectoforum.com/ content/makingseductivepromises-areality

USE BEFORE YOU PAY Transformation times for IT

“Cloud computing brings in elasticity in usage of services allowing pay per use models. Telecom, Virtualisation and Cloud computing together are here to transform IT.” To read the full story go to:

WRITE TO US: The CTOForum values your feedback. We want to know what you think about the magazine and how to make it a better read for you. Our endeavour continues to be work in progress and your comments will go a long way in making it the preferred publication of the CIO Community.

VMware is certainly not giving up its position in the hypervisor market but that’s not something the company banks on. Paul Maritz, CEO of VMware speaks to Rahul Neel Mani about how the company will rule the world in data centre automation and management space.

OPINION

VIVEK DHARIA, CIO at KNP SEC. PVT. LTD.

Send your comments, compliments, complaints or questions about the magazine to editor@thectoforum.com

CTOF Connect

www.thectoforum.com/content/use-you-pay SUNIL SIROHI VP, INFORMATION RESOURCES ORGANISATION, NIIT LIMITED.

STORY INISDE

Enterprise

A PlayBook for Work. Blackberry announces its answer to the iPad. Pg 10

ILLUSTRATION: SANTOSH KUSHWAHA

ROUND-UP

Global IT Debt to Cross $500 Billion.

The scale of maintenance backlog has created a systemic risk. GLOBAL IT debt will total approximately $500 billion in 2010, with the potential to rise to $1 trillion by 2015, according to Gartner. Gartner defines IT debt as the cost of clearing the backlog of maintenance that would be required to bring the corporate applications portfolio to a fully supported current release state. "Over the last decade, CIOs have frequently seen IT budgets held tight or even reduced. The reaction has been to still deliver quality of service for operational services and to use any potential project spend to deliver new functionality," says Andy Kyte, vice president and Gartner fellow. "The bulk of the budget

CTO FORUM 07 OCTOBER 2010

THE CHIEF TECHNOLOGY OFFICER FORUM

cut has fallen disproportionately on maintenance activities â&#x20AC;&#x201D; the upgrades that keep the application portfolio up-to-date and fully supported. There is little problem if this is done in one year, but year after year of deferred maintenance means that the application portfolio risks getting dangerously out of date." Gartner analysts said one way to characterise this backlog of deferred liability is to see it as a debt incurred in previous years that will need to be paid off at some time. This is a hidden risk for many organisations, and given continued tight economic conditions, this IT debt is growing, and so is the associated business risk.

DATA BRIEFING

59.8% Predicted combined share of Symbian and Android by 2014. SOURCE: GARTNER

E NTE RPRI SE ROUND -UP

THEY JIM SAID IT BALSILLIE

PHOTO: PHOTOS.COM

Talking to Reuters in a briefing ahead of the launch of RIM's PlayBook, the new BlackBerry tablet, Mr. Balsillie, RIM’s co-CEO, said the PlayBook and the QNX architecture powering it mark the arrival of the first fully functioning Internet experience in a mobile package. In short, RIM’s device is a "game changer," he says.

On a New Flight. IBM signs business and IT services agreement with Jet Airways. JET AIRWAYS and IBM have signed a strategic ten-year business transformation and information technology (IT) services agreement. Valued at $62 million, the agreement will help the airline achieve growth by aligning the company's IT with business strategy. As part of the deal, IBM will provide cutting-edge technology solutions to transform the airline's business areas such as airport operations, direct distribution and frequent flier programs. This engagement will help Jet Airways improve and integrate its IT systems to deliver a differentiated customer experience and improve its operational efficiency. IBM will support Jet Airways with IT Infrastructure and application support services including employee transition, data centre operations, central helpdesk support, server and storage operations, internet security services through the use of Tivoli suite, network management, SAP and other operating systems. "Jet Airways will have access to industry expertise and knowledge, which are essential for sustaining growth and leadership in the competitive global market." says Sameer Batra, Vice President, Distribution Sector, IBM India/South Asia.

PHOTO: PHOTOS.COM

QUICK BYTE ON WORLDWIDE MOBILE EMAIL SUBSCRIBERS

“People say it’s about a couple of hundred thousand apps and we say, how about 10 million Flash apps. It’s an interesting new dialogue. We’re a VPN with a bunch of interfaces and efficient presentation, that’s our game. This is just a natural extension to it in a world that’s gone super-fast to Web and media.” —Jim Balsillie, Co-CEO, RIM

According to IDC, worldwide mobile email subscribers will increase to 250 million in 2014. Success of smartphones — such as the Apple iPhone, BlackBerry and Google's Android — will help maintain strong growth in smartphones and subsequently mobile email usage. THE CHIEF TECHNOLOGY OFFICER FORUM

CTO FORUM 07 OCTOBER 2010

IMAGING: JOFFY JOSE

E NTE RPRI SE ROUND -UP

A PlayBook for Work. A real ‘iPad killer’ or a sheep in wolf’s clothing?

IT'S WAR With Apple laughing all the way to the bank with runaway success of the iPad, the war of the me-toos has just begun. RIM currently have a stranglehold on the business and enterprise smartphone market, their newly announced tablet, named “PlayBook”, could run into troubled waters amongst the business community as their BlackBerry devices also face increasingly stiff competition from the iPhone. Now let us look at the PlayBook. In RIM's own words it is a “Business Driving, Flash Loving, App-Rocking, Device-Pairing, Multiprocessing, Multitasking, Uncompromised Browsing, Enterprise Ready Professional Tablet.” Phew ! That's a pretty stretched out

description if anything. But is it really worth all the hype and hoopla? The PlayBook looks aesthetically designed and portable, not to mention ultra thin and seems convenient for both work and play. Measuring less than half an inch thick and weighing less than a pound, the BlackBerry PlayBook features a vivid 7” display. At its heart, the BlackBerry PlayBook looks the part of a multitasking powerhouse. Its performance is jointly fuelled by a 1 GHz dual-core processor and the new BlackBerry Tablet OS which supports true symmetric multiprocessing. There is support for Adobe Flash Player 10.1, Adobe Mobile AIR and HTML-5. The

GLOBAL TRACKER

Internet usage increase

The number of people in the United States who do not use the internet at all decreased by 6

36% 30%

percent to 30 percent as compared to a 36 percent two years ago. SOURCE: THE UNITED STATES DEPARTMENT OF COMMERCE'S NATIONAL TELECOMMUNICATIONS AND INFORMATION ADMINISTRATION SURVEY.

CTO FORUM 07 OCTOBER 2010

THE CHIEF TECHNOLOGY OFFICER FORUM

BlackBerry PlayBook also features premium multimedia features to support high-quality mobile experiences. It includes dual HD cameras for video capture and video conferencing that can both record HD video at the same time. For those BlackBerry PlayBook users who carry a BlackBerry smartphone, it is also possible to pair their tablet and smartphone using a secure Bluetooth connection. This means they can opt to use the larger tablet display to view any of the email, BBM, calendar, tasks, documents and other content that resides on (or is accessible through) their smartphone. When connected over Bluetooth, the smartphone content is viewable on the tablet, but the content actually remains stored on the BlackBerry smartphone and is only temporarily cached on the tablet (and subject to IT policy controls). With this approach to information security, IT departments can deploy the BlackBerry PlayBook to employees out-of-the-box without worrying about all the security and manageability issues that arise when corporate data is stored on yet another device. So, RIM have managed to stack all of it in there and say, “ Perfect for either large organisations or an “army of one”, the BlackBerry PlayBook is designed to give users what they want, including uncompromised web browsing, true multitasking and high performance multimedia, while also providing advanced security features, out-of-the-box enterprise support and a breakthrough development platform for IT departments and developers. The incredibly powerful and innovative BlackBerry PlayBook is truly a game-changing product in the growing tablet marketplace. But what remains to be seen is how the market laps up this impressive offering, which is quite contrasting to BlackBerry's last dud, the much-hyped Storm, featuring BlackBerry OS 6. RIM's Mike Lazaridis has labelled the PlayBook a "professional tablet," and said the initial push came from RIM's traditional corporate customers wanting the Canadian smartphone manufacturers to “amplify” the BlackBerry.

—Nipun Sahrawat

E NTE RPRI SE ROUND -UP

PHOTO: PHOTOS.COM

Is Stuxnet a Start to the Cyber Warfare Era? Experts believe that Stuxnet manifests the beginning of the new age

THE RECENT Stuxnet worm attack is sparking lots of discussion and speculation about the intent, purpose, origins and -- most importantly â&#x20AC;&#x201C; the identity of the attacker and target. Kaspersky Lab has not seen enough evidence to identify the attackers or the intended target but confirm that this is a one-of-a-kind, sophisticated malware attack backed by a well-funded, highly skilled attack team with intimate knowledge of SCADA technology. Kaspersky believe this type of attack could only

be conducted with nation-state backing. "I think that this is the turning point, this is the time when we got to a really new world, because in the past there were just cyber-criminals, now I am afraid it is the time of cyber-terrorism, cyberweapons and cyber-wars," says Eugene Kaspersky, co-founder and chief executive officer of Kaspersky Lab. Speaking at the Kaspersky Security Symposium he described it as the opening of "Pandora's Box." "This malicious program was not designed to steal money, send spam, grab personal data, no, this piece of malware was designed to sabotage plants, to damage industrial systems," he says. "I am afraid this is the beginning of a new world. 90-ies were a decade of cyber-vandals, 2000's were a decade of cybercriminals, I am afraid now it is a new era of cyber-wars and cyberterrorism," Kaspersky adds. Researchers at Kaspersky Lab discovered two of the zero-day vulnerabilities the worm exploits, which they reported directly to Microsoft. The analysts then worked closely with Microsoft during the creation and release of the patches for these vulnerabilities. In addition to exploiting four zero-day vulnerabilities, Stuxnet also used two valid certificates (from Realtek and JMicron) which helped to keep the malware under the radar for quite a long period of time. The worm's ultimate aim was to access Simatic WinCC SCADA, used as industrial control systems that monitor and control industrial, infrastructure, or facility-based processes. Similar systems are widely used in oil pipelines, power plants, large communication systems, airports, ships, and even military installations globally.

FACT TICKER

Software to Surpass $232 B. Analysts Say Revenue Is Rising but Recovery Is Patchy. WORLDWIDE enterprise software revenue is on pace to surpass $232 billion in 2010, a 4.5 percent increase from 2009 revenue of $222.4 billion, according to the latest forecast from Gartner. The enterprise software market is projected for continued growth in 2011 with revenue forecast to reach $246.6 billion. Through 2014,

the market is expected to reach $297 billion at a five-year compound annual growth rate (CAGR) of 6 percent. "After declining 2.6 percent in 2009, the worldwide market for enterprise software is recovering well with signs of continuing growth on the horizon," says Joanne Correia, managing vice president at Gartner.

Some regions will fare better than others with five-year CAGRs to 2014 varying from 2.7 percent in Western Europe to 11.5 percent in Asia/Pacific and Latin America. "China and India continue to be the growth engine of the software market in the region and currently represent the largest and the fourth-largest software markets in Asia/Pacific," said Yanna Dharmasthira, research director at Gartner. "India has much local market potential, while the country's continuing integration with key global economies is generating software revenue growth in all key industries."

MOBILE TECH

ARM has unleashed the Cortex-A15 MPCore processor that delivers a 5x performance improvement over todayâ&#x20AC;&#x2122;s advanced smartphone processors, within a comparable energy footprint. In advanced infrastructure applications the CortexA15 processor running at up to 2.5GHz will enable highly scalable solutions within constantly shrinking energy, thermal and cost budgets. The Cortex-A15 processor is now available for licensing and is targeted at manufacture in 32nm, 28nm, and future geometries. As the latest addition to ARM's Cortex-A family of processors, the Cortex-A15 MPCore processor will enable a new and vast array of products ranging from nextgeneration smartphones, tablets, large-screen mobile computing and high-end digital home entertainment devices through to wireless base stations and enterprise infrastructure products. The Cortex-A15 extends the capabilities of the ARM Cortex-A Series by adding efficient hardware support for OS virtualisation, soft-error recovery, larger memory addressability and system coherency. The Cortex-A15 also enjoys full application compatibility with other Cortex-A processors. This enables immediate access to an established developer and software ecosystem including Android, Adobe Flash Player, Java SE, JavaFX, Linux, Microsoft Windows Embedded Compact 7,etc .

THE CHIEF TECHNOLOGY OFFICER FORUM

CTO FORUM 07 OCTOBER 2010

A QUESTION OF ANSWERS

L ARRY CL I N TO N

LARRY CLINTON | INTERNET SECURITY ALLIANCE

Altering the Economics of

Cyber Security Larry Clinton, President and CEO, Internet Security Alliance (ISA) in conversation with Anthony M. Freed on the changing face of the security landscape.

recently had the opportunity to discuss information security issues with Larry Clinton, Internet Security Alliance (ISA) President and CEO. ISA is an international multi-sector trade association established in collaboration with Carnegie Mellon University in 2000. ISA represents an array of organisations concerned with information security from the aviation, banking, communications, defence, education, financial services, insurance, manufacturing, security and technology sectors, and has several member companies based in India. ISA advocates a modernised social contract between industry and government creating market based incentives to motivate enhanced security of cyber systems, and pro-

CTO FORUM 07 OCTOBER 2010

THE CHIEF TECHNOLOGY OFFICER FORUM

vides its members with a range of technical, business and public policy services to assist them in fulfilling their mission. The ISA mission is to combine advanced technology with the economic realities and help create effective public policy leading to a sustainable system of world-wide cyber security. Mr. Clinton has led ISA since 2007, and is frequently called upon to offer expert testimony and guidance to the White House, Congress and numerous Federal Agencies on policy and legislative efforts. We are extremely fortunate Mr. Clinton has set aside some time from his very busy schedule to offer some insight into the critical role ISA plays in shaping the future of cyber security.

The Internet Security Alliance (ISA) and American National Standards Institute (ANSI) recently released â&#x20AC;&#x153;The Financial Management of Cyber Risk: An Implementation Framework for CFOs (sponsored by Symantec)â&#x20AC;? - what is the crux of the message your organisations are presenting in this report? That many enterprises are not fully appreciating the financial risks created by poor cyber security, and therefore not making the needed investments to protect themselves. Too many organisations simply view cyber security as an operational/ technical issue when in reality it is much more. It's an enterprise wide risk management issue that needs to be tackled in a comprehensive fash-

L ARRY CL I N TO N

A QUESTION OF ANSWERS

Cyber Security: Too many organisations simply view cyber security as an operational/ technical issue.

THE CHIEF TECHNOLOGY OFFICER FORUM

CTO FORUM 07 OCTOBER 2010

A QUESTION OF ANSWERS

ion and not just outsourced to the "techies" in hopes that they will find a magical solution. The fact is that virtually every department in a modern organisation owns data – the finance guys have data, the HR people have data, the legal compliance people have data – but they generally don't think it's their job to secure their own data – that's the job of the IT guy at the end of the hall. Unfortunately most IT shops are viewed as cost centres, which especially in tough economic times are already underfunded. These departments are carrying more responsibility and getting fewer resources, many organisations are blind to the risk that creates for the enterprises as a whole. How would you characterise the current state of cyber security and the effect it has on our economy? It's very difficult to precisely assess the impact of poor cyber security on our economy but it is almost certainly enormous. In 2004 the Congressional Research Service estimated that American businesses had lost $46 billion dollars due to poor cyber security. When President Obama released his Cyber Space Policy Review in spring of 2009 it cited a study claiming US businesses had lost $1 trillion dollars just in the value of stolen intellectual property from cyber attacks in the previous year. Even if we assume for the sake of argument that the study the President cited is off by $500 billion dollars that still means that American businesses lost hundreds of billions of dollars in intellectual property theft. And that would not even take into account economic losses from downtime, inefficiency, customer dissatisfaction, or shareholder discontent following publicised breaches – which have been documented in the literature. In addition, we know that many organisations that have been subject

CTO FORUM 07 OCTOBER 2010

L ARRY CL I N TO N

to successful attacks, but may not be yet aware that malware is residing on their systems. We have to realise that virtually every aspect of our economic structure is now linked to and reliant on these modern electronic information systems. So, by any measure the lack of cyber security is an enormous economic problem. The ISA has long advocated market incentives as the best approach to security innovation what role do you see the private sector playing in overall security efforts? The ISA was founded on the assumption that since the private sector owns and operates the vast majority of the cyber systems it is their responsibility to take a leadership role in protecting it. The private sector needs to continue to develop the technologies, standards and practices not only to drive innovation and digital service, but to protect it as well. Probably the single most underreported fact in the cyber security field is how well the private sector has done this job. There are a range of studies going back years that show that if we would simply implement the standards practices and technologies we have already developed, we could prevent or mitigate the vast majority of cyber breaches. Earlier this month the US Secret Service in conjunction with Verizon published a study showing that adopting existing best practices could have stopped 94% of the 900 actual cyber breaches they studied. Free Market solutions to many security vulnerabilities are readily available, but how can we guarantee moving forward that the best products become the most widely utilised? There are a range of issues that need to be addressed including the outdated corporate structures we discussed above which inhibit the

THE CHIEF TECHNOLOGY OFFICER FORUM

THINGS I BELIEVE IN Most IT shops are viewed as cost centres. American businesses have lost hundreds of billions of dollars in intellectual property theft. Biggest barrier to adopting effective cyber security practices in the corporate space, is cost.

proper risk management of cyber security to the seductive trade off that exists between operating secure systems and operating ones that are completely user friendly. But several studies have shown the biggest barrier to adopting effective cyber security practices in the corporate space, is cost. This problem is compounded by the fact that cyber security economics is not well understood – mostly due to the fact that people make simplistic assumptions that do not fit with the facts. Perhaps the most common of these is the assumption that if enterprises are losing money from cyber attacks they will naturally make the investments to stop the cyber losses. The evidence clearly indicates that is not correct. All the evidence demonstrates that the number of cyber vulnerabilities attacks and loses are increasing dramatically. However, several large recent studies have also

L ARRY CL I N TO N

documented that between half and 2/3rd of American companies are actually deferring or reducing their investments in cyber security. We now know that many enterprises are mis-analysing the effect of cyber security on the bottom line and that's part of the problem. We also know that many organisations

There was a time when some smaller companies assumed that they were too small to attract the attention of attackers. However attacks are now often automated so size doesn't matter. Indeed the recent research shows that smaller firms are every bit as likely to be attacked as larger ones.

“Probably the single most under-reported fact in the cyber security field is how well the private sector has done its job.” tolerate a degree of insecurity-cyber or otherwise – after making a cost benefit analysis and determining that although there are economic losses due to poor security, if the cost of becoming secure is greater-they will tolerate the insecurity. While this may be fine-even appropriate – for a corporation legally obligated to maximise shareholder value, it is clearly not in the public interest, and poor cyber security may even create – does create – significant national security issues. So the government does need to have a role. It's just that government can't just try to impose 20th century (actually 19th century) models like regulatory mandates to a 21st century technology like the Internet. ISA advocates a modern Social Contract wherein government assists in determining what practices work (much like they do with drugs at the FDA) and then provides the market incentives to bridge the gap between the corporate interest in security and the public interest. SMBs, healthcare, legal, financial and in the education sector have all experienced an increased demand for information security, while their organisations are requiring budget cuts across the board - can smaller entities really expect they can afford to keep pace with hardware, software and the required expertise?

And of course every small business in the world has the same goal – to become a big business. So even if smaller firms could free up capital to bolster their cyber security my guess is that most of these companies are going to use extra capital for additional sales and marketing much more likely than for improved cyber security. In addition, most of the cyber security apparatus that have been developed through things like ISACs are generally too sophisticated and require too great of a time commitment to be attractive to smaller companies. The good news is that there is progress being made. For example, the ISA has proposed an alternative information sharing model designed to provide smaller firms with easily usable data to protect themselves. We were pleased when Melissa Hathaway cited our proposal in the Cyber Space Policy Review Obama published a year ago, but we have had a very hard time getting our friends at DHS to provide the government side of the assistance we need to make things work. However, I'm happy to report that we now seem to have some traction on this proposal and I'm optimistic we can get something done. However, in the end I think at least for smaller firms the best way to get them to enhance their cyber security is by integrating cyber requirements into government programs like SBA loans or even as tax credits.

A QUESTION OF ANSWERS

This latest report is addressed to CFO's - is it difficult to effectively translate the vernacular of IT and network management into the language of enterprise-wide risk abatement? Well let's not just blame the IT guys for "geek-speak"-although they certainly do have a language of their own – and assuming everyone will learn that language is probably not going to work. But so do the lawyers. And so do the finance guys. In fact jargon is pretty endemic to most professions. What we are really saying in our report is that all the entities involved in corporate cyber security – IT-legal-compliance-HRfinance-communications-operations – everyone needs to all be taking responsibility for cyber security on an enterprise wide basis. We do specifically reference the CFO because s/he usually has cross departmental responsibility, but we note the job of leading the group could be given to another cross-departmental person such as the Chief Risk Officer. The core of our approach is that everyone gets involved in an enterprise-wide cyber risk group with an enterprise wide cyber security budget and that they meet regularly to discuss and resolve their common problem. When they are talking together regularly they will learn how to communicate and the enterprise itself will be the better for it. If one reads the chapters of our most recent publication one of the things that jumps out at you is that each of these various departments have their own unique issues with respect to cyber security. These need to be, and we think can be, melded together into a functional system that receives the necessary support from the entire organisation. How do financial regulations such as SarbOx and some SEC mandates relate to IT and network security decisions, and should they be reported as presenting a material risk to shareholders? This is an area the ISA Board is very interested in, which is how can we elevate this discussion to the Board level or the shareholders. We are currently looking into this topic as a potential "phase III" of our financial management of cyber risk project. Frankly we are looking for entities that might help us with this analysis.

THE CHIEF TECHNOLOGY OFFICER FORUM

CTO FORUM 07 OCTOBER 2010

A QUESTION OF ANSWERS

L ARRY CL I N TO N

As to the preliminary question as to how SOX is effecting cyber security, we think there are mixed results. Clearly there was some low hanging fruit that SOX may have initially helped harvest and thus created some improvements. However, we are also hearing that the complexities of the regulatory and auditing systems are now having a counter-productive effect on cyber security. ISA is very interested in analysing this area better and I expect we will have more to report on it in the future. There seems to be little legal precedent established regarding liability in the electronic data access chain - what effect on security best practices will the courts have when they do finally weigh in? This really depends on how the courts weigh in, and my own guess is that it may take quite awhile to get a clear picture on the liability question. The partisan divide in the cyber security

field is between the consumers who say the vendors ought to be liable because they sell vulnerable systems and the vendors who say that no one wants to pay the cost of fully secured systems and the consumers typically ignore the vendors' suggestions about security. So when a breach occurs who is liable? ISA believes a better answer is to develop a system wherein we use the market to motivate improved cyber security. We already know what works, we just have to implement it. We also know that the main barrier is cost – and not that much. Finally we have a well developed system of using market incentives including procurement, awards, SBA loans, insurance etc. to successfully motivate pro-social behaviour. We simply need to apply these incentives to the cyber security space and motivate the practices of standards that we know will work.

public policy to create a sustainable system of cyber security. Core to this notion is that we need to mature our understanding of this issue to appreciate that cyber security is as much an economic and strategic issue as it is an operational technical one. So we are focused on altering the economics of cyber security. The main reason we have so many attacks is all the economic incentives currently favour the attackers – attacks are easy, cheap, you can steal billions and your chances of getting caught are slim. If we can increase the cost to the attackers and simultaneously increase the profitability of good cyber defence we believe we can create the sustainable system of cyber security which will make out nation and our economy the envy of the world in the 21st century, just as we were in the 20th century.

What's next on the ISA's agenda? ISA's mission is to integrate advanced technology with business economics and

— Anthony M. Freed This article is published with prior permission from www.infosecisland.com.

BEST OF

BREED

AUTHOR SAYS:

â&#x20AC;&#x153;Organisations that choose to outsource can utilise internal IT for mission-critical programs.â&#x20AC;?

he critical need for corporate wireless help desk services to support thousands of mobile devices is placing a tremendous burden on the IT department. This can be detrimental for companies struggling to provide quality wireless help desk service internally, as they often lack enough personnel who are skilled in using advanced mobile device management and remote troubleshooting tools. It isn't surprising that IT professionals are expected to wear different hats for various IT issues and responsibilities. But the truth is, many end up fielding incessant calls to address employees' wireless device and plan complaints or other time-consuming requests. These user requests can easily eat up 70 to 90 percent of an IT professional's workday. With the explosive growth in mobile devices, and along with it the increased need for support services, the IT team is trying to manage a critical area without specific wireless expertise. Their other assigned job responsibilities are eclipsed by activities such as trying to stay up to speed on the latest mobile devices, platforms and plans. As a result, the IT department operates inefficiently and becomes distracted from larger, strategic company issues. Meanwhile, IT staff frantically tries to keep up with one-off requests. Outsourcing wireless help desk services is one way to ease the burden on IT. Here are five reasons that this best practice strategy works.

ILLUSTRATION: ANOOP PC

IT teams try to manage a critical area without specific expertise

Five Reasons to Outsource Wireless Help Saving your team from service nightmares. BY JOHN SHEA

16B

CTO FORUM 07 OCTOBER 2010

THE CHIEF TECHNOLOGY OFFICER FORUM

WIRELESS HELPDESK

REASON NO. 1 The complete package An outsourced wireless help desk can work in tandem with a wireless expense management (WEM) solution to handle all steps of the corporate mobility life cycle and eliminate piecemeal service for an employee base. This includes offering a self-service wireless portal that addresses employees’ needs from their initial device request (making sure their selected phone is approved for their role) to helping them choose a rate plan that aligns with the company's carrier volume discounts. The portal is integrated with the company's WEM solution to ensure that all new data and updates are centrally captured and tracked for reporting. Wireless help desks also handle ad hoc troubleshooting, resolve repair and warranty issues, and ensure that security measures are taken. For example, they can issue an over-the-air (OTA) remote kill to a device if the device is lost or stolen, and provide integrated Mobile Device Management (MDM) capabilities. Additionally, mobile device recycling with a no-landfill policy is also available for securely wiping devices.

BEST OF BREED

IT teams are not equipped with the skills needed to address the mobile device and application issues that typically flood a help desk. customer satisfaction results, and required wireless help desk personnel to pick up calls in under 90 seconds at least 85 percent of the time. These types of measures allow the IT department to focus on revenue-generating and protecting programs rather than burning time troubleshooting to resolve wireless problems—and likely taking a customer satisfaction hit in the process. Instead, managers can redeploy IT staff to complete higher priority projects in their core competency areas.

REASON NO. 3 Proactively avoids a heart attack bill

Excessive charges from unexpected international usage or unanticipated data usage on devices without optimised data plans can result in a very high wireless invoice— that is, a "heart attack" bill. By using REASON NO. 2 real-time wireless usage management to Ensures high-quality service with catch unanticipated wireless behaviour the low impact on IT moment it happens, a wireless help desk It's hard for the IT team to maintain a posiprovider can then take immediate action to tive reputation when it's struggling to fight curb the activity. fires and unable to focus on other priorities. Real-time wireless usage management Typical enterprise IT teams are not equipped uses agent software on the mobile device with the advanced skills needed to address to report usage back to the help desk in a the array of wireless ordering, as well as the variety of areas, including voice, data, text, mobile device and application issues that roaming, etc. This data is then automatitypically flood a help desk. Nor can they poscally compared to the company's sibly stay up to speed on the everwireless contracts (and other expanding range of devices and information) so that action can mobile applications that continube taken immediately to curb ously hit the market. excessive costs. Conversely, when wireless OF AN IT For example, if a global comhelp desk is outsourced, IT manpany has an employee based ages the outsourcer and builds PROFESSIONAL'S in the United States who flies service-level agreements (SLAs) WORKDAY IS to London on a business trip into the contract to generate consistent results, without having to EATEN UP BY USER without an international rate plan and tries to make a call do all the legwork. For example, REQUESTS when he arrives, the wirea large financial services comless help desk can receive an pany in the United States sucalert as soon as the call is initiated. It can cessfully secured SLAs that required their then take immediate action to add the outsourced wireless help desk to yield international plan or send a message to a minimum "four out of five" rating for

>70%

the employee asking him to refrain from using the device while abroad.

REASON NO. 4 Offers round-the-clock availability and expertise An outsourced wireless help desk offers employees 24/7 access to subject matter expertise on the latest mobile devices and plans. It also offers them access to scalable call centers depending on changing support needs, which dramatically eases the burden on a company's IT department. This greatly accommodates global employees who may not be working in the same time zone as the company's internal IT department.

REASON NO. 5 Provides seamless device replacement Wireless help desk providers can offer immediate device replacement when needed, often with overnight delivery if the particular problem isn't resolvable via phone or remote access. This eliminates the need for an IT department to keep a large stash of the latest devices on hand. Plus, they do not have to deal with a high volume of impromptu shipping logistics. A company's wireless help desk services typically span a broad range of needs that often require specific expertise and time-intensive activities. With internal IT resources already stretched thin on various responsibilities, these additional services can paralyse the entire department. Organisations that choose to outsource their wireless help desk services can utilise their internal IT department's services for more mission-critical programs that leverage their specific strengths and will, ultimately, bring more value to the organisation. — John Shea is Chief Marketing Officer at Rivermine. This article is published with prior permission from www.cioinsight.com.

THE CHIEF TECHNOLOGY OFFICER FORUM

CTO FORUM 07 OCTOBER 2010

CASE STUDY | DHANLAXMI BANK

Getting In Shape CHALLENGE:

To meet the EXPANSION and GROWTH plans, Dhanlaxmi Bank had to align its IT STRATEGY with business GOALS to expand its OPERATIONS across India.

CTO FORUM 07 OCTOBER 2010

THE CHIEF TECHNOLOGY OFFICER FORUM

hrissur-based Dhanlaxmi Bank has transformed significantly in the last couple of years. The Bank underwent a major rebranding exercise under the leadership of an aggressive management, recruited experienced people across functions, and introduced products and processes that were needed to catapult it amongst the top five private sector banks. It expanded beyond its home state of Kerala by opening branches in cities and towns across India. Last year, it opened 66 new branches and 350 ATMs. Today, it is one of the fastest growing private sector banks in India with business exceeding Rs. 13,000 crore and a pan India network of 272 branches, 435 ATMs covering 136 centres across 14 states. To meet the expansion and growth plans, technology infrastructure and applications witnessed a considerable change. â&#x20AC;&#x153;We are a born-again bank and want to create everything from scratch,â&#x20AC;?

C A S E S T U DY

COMPANY DASHBOARD COMPANY: Dhanlaxmi Bank HEADQUARTER: Thrissur, Kerala MD AND CEO: Amitabh Chaturvedi OPERATIONS: As of September 14, 2010, it operated through a network of 272 branches and 435 ATMs covering 136 centres across 14 states in India. The company was formerly known as The Dhanalakshmi Bank Ltd. and changed its name to Dhanlaxmi Bank Ltd. in August 2010.

PHOTO BY JITEN GANDHI

MURALIDHARAN R, IT, President, Information Technology and Operations, Dhanlaxmi Bank has adopted FinnOne to manage the bank's retail lending business.

says Muralidharan R, President, Information Technology and Operations, Dhanlaxmi Bank. In the last nine months, the bank has put in place a new data centre, virtualised its servers, revamped the network architecture, made branch office operations effective through deployment of thin clients, and cut down on partners so that it has few service providers to manage. For this financial year, retail lending has emerged as the key focus area for the bank and considering the high volume of loan transactions in retail assets business, it required a robust end-to-end solution that could improve turnaround time. To meet this business strategy, the bank deployed FinnOne to manage its retail lending business in July this

BEST OF BREED

year. The choice for adopting FinnOne was made after the IT team realised that the solution would help them in managing all stages of loan application process, right from defining products and entering applicant details to verifying, approving and disbursing loans, and from maintaining repayment details to loan closure. The core lending platform will help the bank to service its retail customers more efficiently and improve productivity. “Deployment of FinnOne has helped us in streamlining our processes and put in place a systematic maker/ checker facility. It has also enabled our team to create solutions and services within the scheduled time frame,” says Arvind Hali, Head, Retail Assets and Credit Cards Group, Dhanlaxmi Bank. In addition to deploying FinnOne, the Bank migrated to the latest version of FlexCube (2009 version) during the same month. The new version will provide the bank with a platform for excellence in products and services and is expected to significantly improve speed, efficiency, ease of use, customer convenience, control and compliance.

MAKING RESOURCES AVAILABLE MOST of the activities that the branches conducted had an effect on the production environment. So if one had to carry out a balance enquiry or print statements, the transaction would interrupt other processes and this impacted the production servers. To address this concern, the Bank decided to go for a virtualised environment and virtualised 36 of its existing 54 servers. This resulted in

improvement in end-of- day operations. “We used to spend nine hours carrying out end-of-day operations and unless one followed a military like discipline, they could not complete it,” says Muralidharan. The end-of-day operations now take around two to three hours. It has also freed human resources who can now be available to customers for a longer time.

“The earlier version was useful as a customer service tool but lacked efficiency for customised customer service,” says Muralidharan. Dhanlaxmi Bank became the first bank in the country to migrate to the new Java version of FlexCube and in fact, it was operating as a beta site for sometime before getting absorbed within the commercial environment. Moving forward, the Bank is also looking at deploying a customer relationship management (CRM) solution and has already finalised a service provider. It also has plans to invest in enterprise integration platform (EAI). —Ashwani Mishra

THE CHIEF TECHNOLOGY OFFICER FORUM

CTO FORUM 07 OCTOBER 2010

HOW HOWTO TO MAKE MAKE YOUR YOUR TEAM TEAM

CTO FORUM 07 OCTOBER 2010

THE CHIEF TECHNOLOGY OFFICER FORUM

M O T I VAT I O N

COVE R S TO RY

The smallest of your actions can have a big impact on your staff â&#x20AC;&#x201C; whether positive or negative. Look carefully before you step. I N SIDE

THE CHIEF TECHNOLOGY OFFICER FORUM

CTO FORUM 07 OCTOBER 2010

5 COVE R S TO RY

M O T I VAT I O N

WAYS TO ENSURE YOUR Y YO UR IT STAFF STA T FF W TA WILL BE UNHAPPY P PY

You can start by dismantling their robots in front of their eyes. BY PATTY AZZARELLO

hat is at the top of the list is for people is to feel like their work matters; that it counts for something. The companies who create meaning for the work keep their employees engaged and productive through the business downturns and budget cuts I recently heard part of an interview with Dan Ariely about his new book, The Upside of Irrationality. He talked about a test he did to measure how important meaning was in one’s work. The test was to complete a task repeatedly, until you wanted to stop. The task was to build a Lego robot. When you completed it, you were asked if you would like to build another robot. In one case, the robot you built was placed to the side so you could admire it while you built the next one. In the other case, if you said you’d like to build another, they dismantled the one you just built right in front of you, gave you back the pieces and said, "Okay, build another one". Talk about draining all meaning out of someone’s work.

People want their work to matter I’m sure I am doing a disservice to Ariely’s work by taking this out of context, but this is one of the best metaphors I have heard for taking the meaning out of someone’s work. It also got me to thinking, what are all the ways we drain meaning from our employees work? Dismantle their robots right before their eyes — maybe even without recognising we are doing it? How can we build up the meaning instead?

Changing your mind all the time - Say someone completes a project you said was really important, but the IT priorities changed since you first assigned the task. Now, instead of accepting the work and thanking them, you cancel the project and ask them to do something else instead. Later you change your mind again, maybe even back to the first thing. Robot parts are flying at this point!

CTO FORUM 07 OCTOBER 2010

THE CHIEF TECHNOLOGY OFFICER FORUM

Let people finish things. Consider the full cost of changing your mind. If you really have to change your mind, thank people for the work, and communicate a reason why their work still counts, even though you have changed your mind.

Vipin Kumar

Not accepting something different than you'd do it - Be careful here, just because it isn’t like you would do it, doesn’t mean that it’s not good enough, or maybe even better. You are far more likely to create meaning if you accept good work, than if you tweak it to death. IT is detailed. While you may have to insist that certain processes like Change Control are followed to the letter, where there is room for interpretation. Let the intelligent technicians use their own judgment. Consider the alternative. If everything you delegate is done the same way as you do it, you will never find a better way of achieving something.

Skipping the closure - The urgent customer issue or demand has disappeared because the business either won or lost the deal that was making this special IT project necessary and urgent. When you no longer feel the urgency, there is a temptation to never go back to collect the work because it no longer matters. But, just because it no longer has its original business meaning, and you have moved on to other things, doesn’t mean you should take the meaning away from the people that did the work. Find the value in the completed work, even if the project has to end. What processes worked well? Which didn’t? What techniques were developed that could be used on subsequent projects? You can’t always let people finish things but don’t switch them out of a task before you have wrung the last piece of value out. It’s so much easier to just move on to your next urgent thing, but you are sacrificing your team’s motivation an ongoing performance and support if you skip this step. Save the robot as a resource.

Not being clear about the strategy - This is probably the biggest and most common hazard I have seen. Ambiguous strategy causes lots of wasted time and energy working on the wrong things, or waiting

CIO, Escorts Agri Machinery Group

They are Humans NOT MACHINES

e have to remember that though they are working on lifeless computers, the resources in your IT department are human. They also want and deserve appreciation. This is the worst for resources that are a part of support services. Those employees in the organisation that are not technologically oriented are the worst for the support team. They try and pass on the blame of the smallest of tech related problems to the IT team, in spite of the best efforts of the team to make the employees’ work life easier. On the other hand, when there are no errors in systems, it gets grossly unnoticed in the eyes of the organisation. Do not let it be a thankless job for your team. To ensure that the service team is not de-motivated you must have process based approach. This will not only help you track your problems better – but would keep your staff happy too. Also, it is important that your team is appreciated by business leaders for the work that they are doing in keeping the business running smoothly and they feel a part of the team rather than some hidden cogs in the wheel that nobody notices.

for decisions to be made. It is really demotivating for people to deliver work into a strategic black hole. That is like throwing their robots directly into the trash can. Make the strategy clear. It’s what creates meaning for the work. Make sure the IT department knows the top 10 business priorities for this year, for example. Show the connections between

the top ten business priorities and the top IT projects. “The reason we are building a new data centre is because we expect much higher business volumes due to our expanding in to the far East and that means supporting more hardware ”or “The reason we are implementing ITIL Incident, Problem and Change processes is because the business as a whole is focused on reducing execution risk, in order to compete against a new, more nimble competitor." Similarly, if IT services of projects are cut, show how this is based on the business no longer needing the deliverable.

Not connecting the dots - Even if the strategy is clear to you, don’t expect your staff to automatically see how their work fits into supporting the big picture. You need to spell it out and show them why their work matters. If you never connect the dots about how their work specifically supports the overall strategy, there is no meaning in it for them. Otherwise, they are just putting their robots on a conveyor belt to be used for unknown purposes. Ensuring that all your employees understand how the business works, and how their work helps move it forward, motivates and enables them make better decisions and add more value. Make it explicitly clear how each service that IT delivers benefits the business. The more specific you can be the more motivated the staff will be. Saying, “The business would fail without the IT department” may be true, but it isn’t very motivating for the desktop support team with salespeople shouting at them every day. Saying, “It is important that we keep the sales laptops running at 99%+ availability now that the sales force are using them to close business faster using the Web-based ordering system. Networking, Firewall, ERP support - that goes for you too!” ... is much more likely to have a positive effect. The bottom line is with or without financial rewards, your employees will do better work, faster, if they can personally see why it matters. — Today Patty is the CEO of Azzarello Group, an organisation that helps companies develop and motivate their top performers, execute their strategies and grow their business. This article is printed with prior permission from www.cioupdate.com.

THE CHIEF TECHNOLOGY OFFICER FORUM

CTO FORUM 07 OCTOBER 2010

COVE R S TO RY

M O T I VAT I O N

HARMONY IN

RS R S SI ST TY T DIV DV DI IVVEEER I IT Y R Motivate and Retain Different Generations. BY DAVE WILLMER

CTO FORUM 07 OCTOBER 2010

THE CHIEF TECHNOLOGY OFFICER FORUM

esearch for our company’s recent white paper Workplace Redefined: Shifting Generational Attitudes During Economic Change found that 40 percent of workers of all ages say they’re more inclined today to look for new opportunities outside their firms. To help keep employees happy and improve retention, it’s useful to understand generational preferences in the workplace. You may be surprised to learn, for example, that baby boomers (born from 1946-1964), Generation X (born from 1965-1978) and Generation Y (born from 1979-1999) are not that different when it comes to what they seek in an employer and how they measure job satisfaction. Following are some tips, based on key findings from the white paper, that can help you boost employee loyalty: Recognise that salary matters - Many workers feel their pay levels have not kept pace with the contributions they made during the downturn. Of those surveyed, 37 percent said they are not fairly compensated for having assumed a greater workload. Employers should always aim to keep salaries in line with or slightly above what competitors are offering.

M O T I VAT I O N

The Robert Half Technology Salary Guide (available at www.rht.com/SalaryCenter), as well as association and government reports, can help managers stay on top of trends. Bonuses and other financial rewards should be offered whenever possible to show appreciation for employees’ hard work. Companies with tight budgets might consider extra time off, gift certificates or public praise for an achievement. Reassess benefits packages - Benefits were also rated a chief priority for workers of all ages. All generations considered healthcare coverage a key concern, rating it a 9.1 out of 10 in importance. The next most

Suresh Shanmugam,

National Head BITS and CIO, Mahindra Finance

he generation gap in the workforce exists. Managing workgroups consisting of a wide age range presents a number of challenges, but it also can yield significant opportunities. Due to the differences in work history, experience and the manner in which they communicate, each of these age groups have unique opinions. These opinions could vary from a product deployment to business strategy etc. Younger employees expect constant challenges and motivation. That requires

valued benefit was vacation/paid time off. While you may still be evaluating recent healthcare reform legislation and how it will impact your firm, there are steps you can take now to address the other priorities. Research your current vacation and paid time off allotment to employees. Is it competitive with other employers? Staff members who’ve worked long hours during the recession as well as those nearing retirement age may be particularly interested in more personal time. Health care can also be an affordable option to add to give your firm an edge. Promote your company’s stability - The recent economic downturn prompted more employees to pay attention to their employers’ financial performance. All generations surveyed rank working for a stable company and having a strong sense of job security as most important in their current work environment.

Nonjudgmental COMMUNICATION managers to learn new ways of coaching, mentoring and communicating expectations. Acknowledging generational differences offers companies access to a wider array of creative ideas and, perhaps most important, ensures the firm's talent pool is fully tapped. A large part of managing the intergenerational workforce is change management. Managing such change would include acknowledging the different climate today’s workers are in from times past. It has been suggest-

ed organisations should focus at least some of their human resource activities on working with the new generation of workers, determining their views on working, reward and workplace preferences. As managers, we cannot afford to fail in taking advantage of the benefits a multigenerational workforce can offer. We need to set a standard for open, nonjudgmental communication. Demonstrate respect for all workers as well as knowledge and awareness of the differences that exist in the workplace.

COVE R S TO RY

As the recovery unfolds, it’s critical to let your staff know of your firm’s business plans and goals for growth. Informing employees that the future looks bright and that you have a solid strategy going forward can be motivating and help with retention efforts. Also solicit staff input and include them in the planning stages for projects, so they feel their ideas are valued and that they have an impact on the process. Provide learning opportunities Employees have learned that keeping their abilities current is critical to their professional success. Gen X and Gen Y workers, in particular, said one of their top postrecession career plans is to enhance their skill sets to become more marketable. Investing in training programs can be a wise move to build job satisfaction and loyalty. Technology professionals, in particular, want to remain on the cutting edge. In fact, it can be essential when dealing with hardware and software products that can become obsolete quickly. Providing challenging work on the job, including opportunities to get involved in new projects and gain additional skills, is another useful move for employers. Motivating and retaining workers of all ages will become more of a concern as the economy gains momentum. By taking steps now to reinforce your position as an employer of choice, you can build loyalty and avoid losing top talent. This can give your entire firm a competitive advantage because you will have a knowledgeable, skilled base of IT professionals ready to help your company address future opportunities.

—Dave Willmer is executive director of Robert Half Technology, a leading provider of IT professionals for initiatives ranging from e-business development and multiplatform systems integration to network security and technical support. The company has more than 100 locations worldwide and offers online job search services. This article is published with prior permission from www.cioupdate.com.

THE CHIEF TECHNOLOGY OFFICER FORUM

CTO FORUM 07 OCTOBER 2010

COVE R S TO RY

M O T I VAT I O N

PERFORMANCE IMPROVEMENT IMPRO IMPROV EMENT AND THE

CIO CI IT heads have a large role to play in organisational reforms. BY MATT PODOWITZ

erformance improvement is a top business priority in the “new normal” as organisations seek to perpetuate the cost savings they achieved during the economic downturn and leverage even greater value from their existing assets. While many performance improvement efforts are undertaken informally and within individual departments, others represent board-level initiatives and span the entire operations of the company. Performance improvement initiatives can touch almost every department within a company. But these diverse and disparate initiatives have a few things in common: A goal of re-examining and streamlining processes for both efficiency and effectiveness. Involvement of individuals with deep seated resistance to change, often resulting from fear of losing their jobs. A high degree of dependence on existing or new IT. Because IT is almost always involved, significant opportunities exist to improve the execution and outcome of these initiatives by leveraging four “hidden talents” of most CIOs.

Eyes on the forest and the trees Unlike many other core business functions, IT touches most every department within the company in a significant way. As a result, most CIOs have a big picture view of company operations (and challenges) that is as broad as the CEO’s. However, since most CIOs are involved in significant business process improvement initiatives and large-scale information systems deployments, they often also have a solid understanding of how things work in and between most departments.

CTO FORUM 07 OCTOBER 2010

THE CHIEF TECHNOLOGY OFFICER FORUM

This combined breadth and depth of perspective gives CIOs insights into where the greatest potential performance gains are to be had; both within a given department and in the processes that flow across multiple departments of the company. This unique CIO perspective is too important to go unleveraged, and it makes the CIO an ideal leader for performance improvement initiatives or, at the least, a valuable member of the project committee.

Agents of change Almost any business executive or manager will agree that large-scale systems implementations (such as ERP, CRM and sales force automation systems) are among the most stressful business events they have experienced. The reason for this is simple: such implementations require fundamental changes in process and culture and often organisational structure at every level of the company. As a result, managing the acceptance (and resistance) to that change is usually a critical factor in the ultimate success or failure of the project. Most CIOs have served as the sponsors or leaders of such large-scale systems implementation projects and thus have cultivated their ability to both proactively and reactively manage the natural resistance to any significant process, organisation or technology change. Equally significant is the experience most CIOs have with managing the expectations of their fellow business executives and boards of directors during strategic discussions and budget cycles. Even when outside change management specialists are expected to play a role in a performance improvement initiative, the typical CIO’s experience as an agent of change can greatly facilitate both the planning and execution of change management efforts that are so critical to the success of performance improvement projects.

Technology enablement and enablement of technology Most performance improvement in today’s business environment comes from implementing better business processes and maximising the degree of automation of those processes. Many business applications are designed to facilitate both goals: Incorporating industry and departmental

best-practices and automating not only core processes, but many of the ancillary processes that historically have been handled manually. Whether performance improvement initiatives will involve implementing new business applications or simply take advantage of those that already have been put in place, the CIOs familiarity with the company’s business applications (including unutilised or under-utilised capabilities) and those used by others in the industry can be instrumental in developing achievable programs of performance improvement. On the other side of the equation, and a stumbling block for many company initiatives is the disconnect between expectations for IT and the resources required to fulfill those expectations. Most CIOs are masters of managing such disconnects and rallying scarce IT resources to support major projects. By placing CIOs at the helm of performance improvement initiatives, IT’s opportunity and ability to contribute will be maximised.

Program and project leadership Performance improvement initiatives are among the most complex and difficult to manage initiatives that companies can undertake. In fact, performance improvement initiatives can be just as complicated from a management perspective as large scale systems implementations -- which are often led by CIOs or by others who eventually go on to become CIOs. Many CIOs already have both the expertise and experience required to manage large-scale, complex corporate initiatives. As the leader of a performance improvement initiative or as a member of the project committee, this inherent CIO talent can be leveraged to improve the efficiency and the effectiveness with which the project is undertaken and improve the chances for a successful outcome. As companies embark on performance improvement initiatives, it is well worth determining whether the CIO possesses some or all of these four talents and exploring how they might be leveraged by placing the CIO in a leadership role. Companies that find their CIO lacks these abilities may want to consider cultivating them by involv-

Rishi Kapoor Director IT, Metlife

All in the FAMILY

ersonally whenever I work with people, I take it as a moral responsibility to help them achieve something so that they will remember me as a mentor. In last 15 years of my people management career, I have had only one attrition, that too for the better. The person who left got a very good opportunity. I have a different style of management, my team is the extension of my family. I encourage everyone in my team to work the same way. God has been kind, that I have such a team that they think of this place as their home. It is very important, when you are spending 12-14 hours a day, five times a week, that you consider it a home. Otherwise, it will simply not cut it. We keep doing lot of things together. For instance, there is a get together at my home every other month where all the team members are invited. It is a very personal affair, nothing to do with office. I make sure that the team has a good time and they gel together outside of office. This has ensured that I have never had to make a conscious effort to motivate my team. But, whenever I get time, I reach out to each member and interact on a personal basis. I try and understand them and their families.

ing the CIO in the performance improvement initiative in some capacity other than a leadership role. —Matt Podowitz is a strategic management consultant at Grant Thornton. This article is published with prior permission from www. cioupdate.com.

THE CHIEF TECHNOLOGY OFFICER FORUM

CTO FORUM 07 OCTOBER 2010

COVE R S TO RY

M O T I VAT I O N

WINNING INNING THE NEW WAR FOR IT

TA ALLLEEEN NTT N Use Valour for Neglected Warriors. BY THERESA WELBOURNE

CTO FORUM 07 OCTOBER 2010

THE CHIEF TECHNOLOGY OFFICER FORUM

nstead of an outright war, smaller less conspicuous battles will be waged for a new class of people -- the neglected warriors of the recession. These people are likely to be recruited away and quickly conferred with the hero status they so richly deserve by their new bosses. These newly minted heroes will help their new organisations thrive as the pace of change continues to escalate; all to your chagrin. Neglected warriors are people who harnessed their internal energy to successfully drive many initiatives forward during the recession. However, with their good deeds came little or no recognition and IT is full of them. As a leaders you can either sit by and watch as neglected warriors are poached away, or you can be proactive and try to keep them. The subset of neglected warriors was discovered through employee engagement research and numerous case studies. Neglected warriors are employees with a high sense of urgency and are compelled to move forward. The diagnostic tool (called Valour) used in the winter 2010 Leadership Pulse study provides an estimate of the prevalence of neglected warriors. The definition of the word valour is: “Strength of mind and spirit that allows one to conquer danger with firmness.” The four major components of the Valour survey are: Val = value, that employees feel valued by their manager and peers; O = sense of ownership in the job and organisation; U = sense of urgency; and R = rewards, that they are fair and related to performance. Valour focuses on the “engaged in what” question by diagnosing the percent of employees

Figure 1: Val-O-U-R 2 x 2 Matrix Low Urgency High employee Value, ownership, rewards

Low employee Value, ownership, rewards

High Urgency

Figure 2: Result for Leadership Pulse sample Low Urgency High Valor

ENTITLED

55%

17%

22%

HEROES

DISENGAGED NEGLECTED WARRIORS

High Urgency

High Valor

Low Valor

moving the company forward or keeping it “standing still.” This is done via the interaction effect predicting performance, which tells the story about the “conditions under which” improving scores is good or bad for performance. The 2 x 2 matrix in Figure 1 plots the results of the interaction effect (see arrows for direct ion of intervention needed to improve performance). Improving only the Val-O-R scores for the entitled makes them even more entitled without simultaneously increasing their sense of urgency. It is much harder to instill a sense of urgency than it is to influence value, ownership and rewards. In order to move the entitled group, they need to know that their current performance level is not rewarded (thus moving them down on value, ownership and reward). If successful, moving these groups down on Val-O-R will increase their sense of urgency and allow for positive progression. The neglected warrior class, however, is different. They have a high sense of urgency, they are moving forward, but they need to be appreciated. Our work finds that small efforts can move these individuals from neglected warrior to hero (or fully engaged) status. How are managers and leaders doing today? In order to answer this question, we ran the Valour survey with the Leadership Pulse sample. The results for the 470 people who took the winter 2010 survey are in Figure 2. Figure 2 shows that six percent of the sample reported being in the entitled group, 55% are fully engaged, 17% are disengaged and 22% are the neglected warriors. These employees are at high risk of being poached because they have no good reason to stay. For the information industry sample we find the results in Figure 3 and in Figure 4.

Figure 3: Valour 2 x 2 results for information Figure 4: Valour 2 x 2 results for industry classification technology workers High Urgency Low Urgency High Urgency Low Urgency

58%

11%

29%

High Valor

Low Valor

0% 9%

56% 35%

Battle lines

Satish Pendse

CIO, HCC Group and President, Highbar Technologies

Mentoring YOUNG TALENT

or the young generation of employees it is important to have an environment that has a mix of work and fun. Another key factor for employees in this age range is that they are always on the look-out for a value addition in their career chart. I have observed that often, their view of career goals is short term. As a senior it is my responsibility to guide them and give them a larger picture and accordingly mould their future growth. Also, it is essential to have constant connect with this generation. We must address their grievances and creates a feeling of being wanted. Your team must be convinced that there is value for them in terms of career opportunities. There has to be a feeling of fairness, transparency and openness across all the employees of the organisation. Training and skill enhancements should be conducted at regular intervals.

When examining these subgroups, it becomes clear that being in an IT position increases the probability of being in the neglected warrior class. Thus, as the economy picks up, these are the people at higher risk of being poached or recruited away. The key to winning the battle neglected warriors is to find them and quickly recognise them for their efforts. Recognition for these self-motivated people includes listening to them, giving them more influence over their departments, engaging them in discussions with the leadership team, and efforts focused on creating more of a sense of ownership around their job, department and company are highly powerful interventions. These employees represent an organisation’s best opportunity for quick talent wins. They are people who need just a little recognition to convert them to hero status. We suggest starting your own efforts to win the war for talent with the neglected warriors, not with the entitled and disengaged. Those latter two groups are the ones that usually get the most attention from HR but they do not represent the fastest path to performance. In fact, it may be better for many of the people in the entitled and disengaged groups to seek career opportunities elsewhere. In the new war for talent speed is critical. Waiting as your highest potential talent walk out the door is not a winning strategy for today's high-change business environment. —Theresa Welbourne is the founder, president, and CEO of eePulse, an employee engagement consultancy. She also is editorin-chief of Human Resource Management, the Journal. This article is published with prior permission from www.cioupdate.com.

THE CHIEF TECHNOLOGY OFFICER FORUM

CTO FORUM 07 OCTOBER 2010

COVE R S TO RY

M O T I VAT I O N

BOOSTING PRODUCTIVITY OF KNOWLEDGE

RA K KEERS WORK The key is identifying and addressing the barriers workers face in their daily interactions.

BY ERIC MATSON AND LAURENCE PRUSAK

CTO FORUM 07 OCTOBER 2010

THE CHIEF TECHNOLOGY OFFICER FORUM

re you doing all that you can to enhance the productivity of your knowledge workers? It’s a simple question, but one that few senior executives can answer. Their confusion isn’t for lack of trying. Organisations around the world struggle to crack the code for improving the effectiveness of managers, salespeople, scientists, and others whose jobs consist primarily of interactions— with other employees, customers, and suppliers—and complex decision making based on knowledge and judgment. The stakes are high: raising the productivity of these workers, who constitute a large and growing share of the workforce in developed economies, represents a major opportunity for companies, as well as for countries with low birth-rates that hope to maintain GDP growth. Nonetheless, many executives have a hazy understanding of what it takes to bolster productivity for knowledge workers. This lack of clarity is partly because knowledge work involves more diverse and amorphous tasks than production or clerical positions, where the relatively clear-cut, predictable activities make jobs easier to automate or streamline. Likewise, performance metrics are hard to come by in knowledge work, making it challenging to manage improvement efforts (which often lack a clear owner in the first place). Against this backdrop, it’s perhaps unsurprising that many companies settle for scattershot investments in training and IT systems. Since knowledge workers spend half their time on interactions, our research and experience suggest that companies should first explore the productivity barriers that impede these interactions. Armed with a better understanding of the constraints, senior executives can

COVE R S TO RY

M O T I VAT I O N

get more bang for their buck by identifying targeted productivity-improvement efforts to increase both the efficiency and effectiveness of the interactions between workers. Among companies we’ve surveyed, fully half of all interactions are constrained by one of five barriers: physical, technical, social or cultural, contextual, and temporal. While individual companies will encounter some obstacles more than others, our experience suggests that the approaches to overcoming them are widely applicable.

Physical and technical barriers Physical barriers (including geographic distance and differences in time zones) often go hand in hand with technical barriers because the lack of effective tools for locating the right people and collaborating becomes even more pronounced when they are far away. While these barriers are on the wane at many companies given the arsenal of software tools available, some large, globally dispersed organisations continue to suffer from them. One remedy implemented by some organisations is to create “communities of practice” for people who could benefit from one another’s advice—as the World Bank has done to help the 100 or so of its planners who focus on urban poverty to facilitate discussions on projects to upgrade slums. The communities feature online tools to help geographically dispersed members search for basic information (say, member roles and the specific challenges they are addressing) and sometimes use the latest social-networking tools to provide more sophisticated information, including whom the members have worked or trained with. By supplementing electronic tools with videoconferences and occasional in-person meetings, communities can bridge physical distances and build relationships.

Social or cultural barriers Examples of social or cultural barriers include rigid hierarchy or ineffective incentives that don’t spur the right people to engage. To avoid such problems, Petrobras, the Brazil-based oil major, created a series of case studies focused on real events in the company’s past that illuminate its values, processes, and norms. The cases are discussed with new hires in small groups—

If valuable interactions are falling victim to time constraints, executives can use job roles to help identify employees that knowledge workers should be interacting with. promoting a better understanding of how the organisation works and encouraging a culture of knowledge sharing and collaborative problem solving. (To benefit further from such approaches, companies should include knowledge sharing in performance reviews and ensure that team leaders clearly communicate acceptable response times for information requests. The communities of practice described above can help too: employees are far more likely to give timely and useful responses to people in their network.)

Contextual barriers Employees who face contextual barriers struggle to share and translate knowledge obtained from colleagues in different fields. Complex interactions often require contact with people in other departments or divisions, making it hard for workers to assess a colleague’s level of expertise or apply the advice they may receive. Think of the disconnect that often occurs between a company’s sales department and its product-development team over customer data. The two groups frequently struggle to communicate because they think and talk so differently about the subject (sales staff devote attention to customer insights while developers focus on product specifications). To overcome contextual barriers, organisations can rotate employees across teams and divisions or create forums where specialists in different areas can learn about one another’s work. The US National Aeronautics and Space Administration (NASA), for instance, holds a biannual “Masters Forum” to share knowledge across disciplines. About 50 employees from different parts of the agency attend the meetings to hear other NASA colleagues talk about the tools, methods, and skills they use in extremely complex projects. The sessions are lightly moderated and very interactive. Similarly, managers at Ecopetrol, a Colom-

bian gas and oil company, have found that technical forums not only break down the natural barriers between occupations but also facilitate knowledge sharing across geographic boundaries. Moreover, the forums build trust, which encourages employees to share information more freely.

The barrier of time The final barrier is time, or rather the perceived lack of it. If valuable interactions are falling victim to time constraints, executives can use job roles and responsibilities to help identify the employees that knowledge workers should be interacting with and on what topics. In some cases, companies may need to clarify decision rights and redefine roles to reduce the interaction burden on some employees while increasing it on others. Boston-based Millennium Pharmaceuticals, which develops drugs for cancer treatment, did just that. When it found that researchers didn’t have time to share lessons from their experiments, it created a small group of scientists to act as “knowledge intermediaries.” Based on meetings with company scientists as well as presentations, these employees summarise findings and submit them to an internal database. They also act as brokers by sharing knowledge across groups. The company reckons that this practice, combined with other initiatives, has boosted success rates for the company’s research and reduced the time needed to make key decisions. — Eric Matson is a consultant in McKinsey’s Boston office; Laurence Prusak is a visiting scholar at the University of Southern California Marshall School of Business and a former senior adviser to McKinsey. This article was first published in September 2010 on The McKinsey Quarterly Web site, www.mckinseyquarterly.com. Copyright © 2010 McKinsey & Company. All rights reserved. Reprinted by permission.

THE CHIEF TECHNOLOGY OFFICER FORUM

CTO FORUM 07 OCTOBER 2010

HORIZONS

FEATURES INSIDE

Social Networking Woes: Is your corporate data at risk? Pg 38

T Tweeting at Work Top 10 mainstream apps/devices infiltrating the organisation. ILLUSTRATION : SANTOSH KUSHWAHA

BY ROBERT MCGARVEY

CTO FORUM 07 OCTOBER 2010

THE CHIEF TECHNOLOGY OFFICER FORUM

he war is over and, in case you missed it, IT lost. The once ferocious attempt to guard the corporate perimeters against unapproved devices and applications is sputtering to an end because, frankly, all but myopic IT diehards recognise this is battle that's already over. “Workers are adopting the tools they believe will help them get their jobs done,” said Chris King, a spokesperson at security firm Palo Alto Networks. He added: “It’s foolish for an IT executive to stand in the way. The benefits cannot be denied and besides the workers will just figure out a way around you anyway.” Gary Curtis, chief technology strategist at Accenture, corroborated this: “Employees absolutely want to choose what technologies they use in the workplace. In fact, an Accenture survey of the millennial generation, those aged 18 to 27, revealed that one-third of the respondents said they expect not only to use the computer of their choice, but also to access the technology applications of their choice – 32 percent and 34 percent respectively.” And it will only get worse. In research conducted for Unisys, workers expressed a staggering employee willingness to pay for their devices if they got to choose them. Reports Unisys: “Nearly one-third (32 percent) said that they would be willing to pick

CON SUME R TECH

up the full cost. Twenty-one percent said that they would pay up to half of the cost, and another 21 percent said that they would fund up to 30 percent of the cost.” This is not just hypothetical, it is already happening. Ahmed Datoo, VP of Marketing for Zenprise, which develops tools to manage enterprise mobile devices, said that perhaps caused by tight budgets and the recession, more businesses are actively encouraging employees to bring their own devices to work, especially mobile phone and tablet computers. That might save money but it raises security issues. For instance, employees understand their employer will wipe their BlackBerry if they are terminated. But wiping their iPhone with its personal photos, IMs, music library? Not so fast. There are real problems raised by the consumer devices for the enterprise, in other words, but it is happening regardless. (Zenprise and its competitors are deploying selectiveiPhones and BlackBerries. Companies may wipe tools to zero in only on businessneed to build out their own Android secuowned data.) rity enhancements. So, what devices should you be alert to? Skype - The go-to favourite of road warriors Here’s a round-up of the top 10 devices/ calling home but now more IT execs report tools tagged by security experts as most increased Skype use inside the company. likely to be snuck into enterprise, with or Sometimes this is driven by department without IT’s permission: managers who want to push down expenses. There's also Google Voice. iPhone - Probably public enemy No.1 as senior-level executives have bought iPhones, Google Talk - Or pretty much any other then demanded IT support them. What are IM tool. Increasingly essential to millennial, you going to say besides, yes, sir? who may prefer IM over email, certainly over making voice calls. Every company iPad - “A huge topic of conversation,” said needs a flexible IM policy, said Datoo, but not that much of a the experts security worry because its ability to interface with enterprise grade GMail - Nowadays when apps is limited. employees grumble about the corporate servers (anything from Mac computers - A surprise EMPLOYEES lost email to delivery delays and on the list but as Apple picks up WANT TO USE THE file size limit barriers), they are iPhone and iPad users, some of likely to act, by ditching the corthem want to also use Apple comCOMPUTER OF porate email and switching to puters, said security firm Safend's THEIR CHOICE a personal GMail account. The VP of Product Management, Edy only way to fight back is to beef Almer. He pointed to surveys that up in-house email. show as many as two-thirds of large enterprises reporting they expected to Twitter - There’s no stopping microsee big jumps in Mac deployment. blogging because even if it is blocked on desktop computers, employees can do it Android phones – These devices continue from mobile phones. With Twitter, the main to win enterprise fans, said Jason Wong, concerns are inappropriate disclosures Product Marketing manager for Antenna (revealing product secrets or violating SEC Software, a developer of mobility tools. But, rules). Education is the cure. Android, as currently configured, has less built-in enterprise grade protection than do Facebook - Same as for Twitter, though

NEXT HORIZONS

Employees understand their employer will wipe their BlackBerry if they are terminated. But wiping their iPhone with its personal photos, IMs, music library? Not so fast. There are real problems raised by the consumer devices for the enterprise, but it is happening regardless.

32%

Facebook raises more security issues (malware camouflaged as friendly apps, for example). Location-based services (LBS) (Foursquare, GoWallah, etc.) - “LBS are changing the social media landscape,” said Paul Liu, CIO at IT consulting firm Freeborders. But can LBS notifications themselves may reveal corporate secrets -- possibly. Employees need to know when it is better to turn these tools off. Are all these tools potentially frightening? Do they pose security risks? You bet. But the IT mission today is to find safe ways to integrate these technologies (often with limits) into the IT infrastructure; having accepted that just saying “no” is not an option.

— Rob McGarvey has written over 1500 articles for many leading publications—from NY Times to Harvard Business Review. McGarvey covers CEOs, business, high tech, human resources, real estate and the energy sector. This article is published with prior permission from www.cioupdate.com

THE CHIEF TECHNOLOGY OFFICER FORUM

CTO FORUM 07 OCTOBER 2010

NEXT HORIZONS

SOCIAL N E T WORKI NG

Social Networking Woes Is Your Corporate Data at Risk?

communicating over long distances and at great speed, but viruses and Trojans can be sent, received and installed on your network with similar immediacy. If the ever-growing list of social networks and applications undergo no real scrutiny from busi businesses the breach in the defenses of corporate networks will come under even greater assault as hackers, phishers and fraudsters exploit employees to take control of business networks. Businesses need to be investigating how they can protect themselves from existing threats from social networks, and ensuring that they are defended against new threats as and when they arise. Then there are attacks on the applications that allow us to make Sesand receive voice and video calls online. Toll fraudsters use Ses sion Initiation Protocol – or SIP – (which many networks use to control multimedia activity) to defraud businesses out of huge sums of money. Many businesses wrongly assume that they must be protected he need for secure use of social networking applicafrom such fraudulent activity because they have locked down their tions while at work is something that we at Network IP private branch exchange to their SIP provider, but all this does is Box have discussed regularly. effectively ‘out source’ their security posture to the SIP trunk providprovid We recently published data which demonstrates er whose attitude to security is very likely to very differdiffer how much employees love to access social ent to their own. (Those in any doubt over the extent of networks while at work, and our free security guides on toll fraud need only look at the $55 million toll fraud ring Facebook and Twitter suggest ways in which business that was shut down by the US government in June 2009). owners can mitigate the risk involved in allowing access In short, the threat from social networks and applicato these websites. OF FIRMS tions is growing and businesses know it. The difficulty PricewaterhouseCoopers (PwC) has just released a MONITOR THE seems to be in persuading those in the boardroom that study which reveals that only 32 per cent of firms monithe risk the business is being exposed to is worth investtor their employees’ use of social networking sites, a figUSE OF SOCIAL ing in strong and flexible data security solutions. ure which is dismal enough, but when you consider that NETWORKING With the FSA handing out increasingly large fines and PwC also noted that only 31 per cent of UK firms would SITES the ICO being given not just fines of up to £500k but be spending more money on data security you would be also the ability to jail those responsible, it is probably forgiven for wondering if these businesses take their nettime to look anew at security to ensure companies are safe. work security seriously at all. There is often a business case for allowing social network use at work. These sites are increasingly being used for business purposes and so blocking them may not be the answer for everyone. But businesses should only allow access to these sites if they —This article is published with prior permission from www.infosecishave the safeguards in place. Social networking can be great for land.com

T ILLUSTRATION : JOFFY JOSE

BY SIMON HERON

CTO FORUM 07 OCTOBER 2010

32%

THE CHIEF TECHNOLOGY OFFICER FORUM

NO HOLDS BARRE D

PERSON' S NAME

ROAD TO

INFORMATION MANAGEMENT This year EMC completed its 10 years in India. EMC has come a long way from being a storage box pusher to a preferred information management partner. Manoj Chugh, President India and SAARC, EMC Corporation in an exclusive conversation with Rahul Neel Mani talks about how the company grew both in size and stature. We bring to you this conversation in two parts. Here is part one:

CTO FORUM 07 OCTOBER 2010

THE CHIEF TECHNOLOGY OFFICER FORUM

M A N OJ C H U G H

The emergence of storage as the lifeline of information infrastructure in Indian enterprises is known to everyone. What has been the role of EMC in the last ten years? Where this industry was and where it is today, a lot of water has flown under the bridge. The development has never been chronicle. Traditionally, Indian IT has been a lot more focused on outsourcing. When we look at the domestic IT Industry, very little attention has been given to the decisive shifts that have occurred due to the deployment of technology which delivered value. India is one of the few markets where domestic IT players work more overseas and that’s why foreign IT vendors like us play a pivotal role in shaping the destiny of Indian industry. EMC was a very late entrant in the Indian market. In the last 10 years that EMC has been in India, it has helped the Indian enterprises tremendously in shaping their information infrastructure. In the year 2000, EMC entered in India with selected technologies and a few large customers. It remained same for the next three years. In 2003 EMC announced US$ 100 million investment in India. The key goal was to grow the Network Attached Storage (NAS) market that didn’t even exist as a category. It wasn’t easy for us to speak in a language which Indian enterprises weren’t familiar with. NAS, at that time was just 35 percent of market. Direct Attached Storage (DAS) ruled it with 65 percent. Organisations, at that time, were more focused on technology than their information infrastructure. The slow growth of information was another factor which determined the usage of network attached storage. There has been a dramatic change in the last five years. NAS today commands 85 percent of the external storage market and EMC is singularly responsible for this shift. It was an unprecedented event.

According to you, EMC is to be given the credit of introducing network storage in India. Why weren’t the other players able to capitalise on it? At that time, the industry focused on technology and not on information. IT companies were helping organisations computerise and thus offered a full suite of technologies, products and solutions. EMC is a specialist company. Our job was to educate the organisations about the importance of their information and deploy the right set of infrastructure to store, protect and access information. EMC has been at the forefront of information and thus we were able to convince that there needs to be an infrastructure approach to information rather than a tactical approach. The first sector that resonated well with our value proposition was telecom because of the enormous growth of customer data and thus the need for an information infrastructure. Network Storage, in its initial phase, was driven by the telecom sector. After deploying and stabilising on the Core Banking System (CBS) even the banks have taken the infrastructure approach to their information to manage and protect the latter. Apart from educating the Indian enterprises on information infra-

“NAS today commands 85 percent of the external storage market and EMC is singularly responsible for this shift.”

NO HOLDS BARRE D

structure, EMC focused on forging strong partnerships. Seven years ago EMC had customers in just three cities. Today we have customers in 80 cities. Without the partners and their ability to scale, we would not have been successful. A few years ago we involved academia in this. Approximately 150 educational institutions in India today offer Information Management and Technology as part of their curriculum. EMC has helped in both designing curriculum and training the faculty. Another thing why EMC was able to tap a lot of the Indian market was due to its ability to tap the talent. We reorganised our business almost every 18 months. At one point we had just two segments – enterprise and commercial. Then sensing demand, we changed our strategy and divided businesses according to geography. A lot of acquisitions have made EMC’s portfolio look huge suddenly. How do you derive value from these acquisitions? EMC is a very acquisitive company. We have acquired many technology companies over the past few years. One thing that goes slightly unnoticed is our ability to utilise the available talent from those companies. EMC may have started as an enterprise storage company but soon it expanded the market segments. From 2005-06 the company started addressing mid-market segment with products which had features of very high end systems. With our acquisitions like Legato, Documentum and RSA, we have been able to deliver a significantly higher value to the customers, which also helped us in getting into the newer market segments. There were a few areas left which EMC didn’t address – specifically in the consumer space. But with the acquisition of Iomega, we have started delivering the EMC value in that segment as well. Of late there has been a lot of buzz

THE CHIEF TECHNOLOGY OFFICER FORUM

DOSSIER COMPANY: EMC Corporation INDIA LAUNCH: 2000 SERVICES: Information Management

CTO FORUM 07 OCTOBER 2010

NO HOLDS BARRE D

M A N OJ C H U G H

around data backup, recovery and archival using the data deduplication technologies. EMC’s acquisition of Data Domain has filled in this gap very successfully. In the last many years, EMC has moved away from a single technology – select customer syndrome to an end-to-end player cutting across consumers, midmarket and high end systems. Also, it has moved away from core storage technology to the larger information infrastructure domain including back-up, recovery, archival, deduplication etc. How does VMware gel with the current business strategy of EMC? From a go-to-market perspective, VMware is a partner of EMC. Our products, solutions and technologies weave very well in virtualised environment. Going forward as we help customers deploy private cloud, our ability to work with virtualisation technologies like VMware will play an important role in helping customers leveraging their infrastructure better.

CTO FORUM 07 OCTOBER 2010

THE CHIEF TECHNOLOGY OFFICER FORUM

What has EMC done to ensure timely support to their customers in India? In seven years, we have grown from merely three cities to 10 cities. Setting up a services footprint for these cities wasn’t easy. Today EMC has more than 15 spares and logistics centres across India. We have over 200 engineers providing implementation support and services to the customers. EMC has over 1500 customers in India today, which exclude the Iomega customers. All in all it has been a momentous journey. In terms of investments, there have been four announcements so far. In 2003, when EMC for the first time invested US$ 100 million in the Indian market, there has been significant increment on that front. The 100 million became US$ 250 in the second round in 2005. In year 2006 it was US$ 500 million and last year EMC made its single biggest announcement taking the investment to US$ 2 billion.

How has the company reacted to customers demands? One secret that can ascribe to this huge success is our ability to remain close to our customers. Everything that we did was directed by our customers. We listened and acted upon our customers’ advice. Initially our customers hesitated to buy EMC because of the prohibitive costs. A lot of them told us to be more affordable. Based on the feedback, in 2004 EMC launched 12 new affordable products. Majority of those products were focused on mid-market. Those arrays were fitted with advance features but within customer budget. It was a remarkable shift, which allowed us to go after a market which was otherwise out of our reach. Customers felt they were heard. That was also the first time that EMC introduced a range of products which were not just storage but also backup, recovery etc. – the whole range of information management. The journey continues even today. —Rahul.mani@9dot9.in

Interview continues in the next issue...

POINTS

STEP 1: Meet and tell your team STEP 2: Examine team leader compensation STEP 3: Begin a talent exchange

PHOTO: PHOTOS.COM

STEP 4: Be the facilitator STEP 5: Publicly acknowledge efforts

DISMANTLING

SILOS 44

CTO FORUM 07 OCTOBER 2010

THE CHIEF TECHNOLOGY OFFICER FORUM

How to identify the 10 telltale signs and head off damaging information bottlenecks. BY DIANE L. KATZ

T E A M M A N AG E M E N T

T E CH F O R G OVE R NAN CE

at all or receive inadequate resources. When you tell your managers that service levels coming from your organisation are inconsistent, you get finger-pointing and a lack of accountability. A manager who is a team player appears unhappy or doesn’t stay. Your internal customers line up behind one of your managers or another—rooting for opposing teams.

When I think of silos, I think of driving

down a road outside Chicago, where such structures stand tall, seemingly independent of what is going on around them. Relate that image to corporations with a division or a team that stands walled off from what is happening inside other divisions or teams. Our current economic situation seems to be driving the increasing formation of work silos, resulting in a lack of communication and cooperation between two entities in the same business at a time when such collaboration is needed more than ever. Resources are certainly less abundant than they had been. And resources can mean people, materials or budgets—anything that is needed to get the job done. One manager does not have enough resources to handle the workload, but another manager chooses not to share his or her resources. Yet, they are both working toward the same overall goals. It could be that one manager needs an additional person in his or her group. The manager on the other team sends over the lowest-performing employee. When the receiving manager sees that this newest member is a poor performer, he or she loses trust in the other manager. Another cause of silos is when one leader instructs a team—directly or indirectly—to mistrust another group. The danger here is that such mistrust can grow so intense that two divisions end up being more competitive with each other than they are with external competition. Internal competition can be motivating, but not at the cost of organisational goals.

10 Telltale Signs of Silos Silos are deadly to the overall results of an organisation when they adversely affect the consistent flow of information. Perhaps one manager does not get the information that is needed to get the job done. Or, worst case, misinformation is transmitted from team to team. It is easy to see how this can undermine a business.

9 10

One Organisation’s Very Tall Silos

Here’s an example of how silos can lead to poor decision making. Let’s look at a large organisation with more than 10,000 employees whose CIO has been in the job for four years. There are five direct reports in a matrix organisation built around internal client groups, development, support and service. The CIO meets with the team infrequently— perhaps once every six to eight weeks. All departments and clients want their Some significant layoffs have occurred over systems to be state of the art, and they want the past three years, so resources are slim. it now. As the CIO, you and your IT staff are The direct reports meet without the CIO pulled and pushed to deliver. At times, one once a month, at the CIO’s request, and he division puts pressure on you or your staff thinks this is enough to enable teamwork. to work harder for them and less hard for The five direct reports would all like the another division. That puts undue stress on CIO’s job one day, but the CIO has given your employees and on you. no indication that anyone is being considSilos grow in their destructiveness when ered. Instead, he tacitly encourages internal senior management either is not aware of competition. Now that resources are at a how rampant they are, or chooses to look premium, there is a constant jockeying for the other way, hoping the problem will go people and budget. Each direct away on its own. The first step report meets with the CIO inditoward dismantling your silos is vidually and pleads his or her spotting them. Here are the 10 case. The CIO doesn’t respond telltale signs that let you know to any of them, instead encourthat your organisation is runaging them to resolve it among ning amok with work silos: TELLTALE SIGNS themselves. Managers never come up THAT LET YOU The CIO has pet projects, with collaborative solutions. KNOW THAT YOUR based in part on the preferences One manager badmouths another consistently. ORGANISATION IS of the president, and these get a boost in resources. Instead People complain that they WORKING IN SILOS of letting everyone know how don’t have the information resources are being allocated, the they need to get the job done. CIO makes decisions in private and does not When errors occur, everyone blames openly discuss the rationale. everyone else for the mistakes, rather Because of this, the direct reports are than taking responsibility for their actions. more and more mistrustful of each other. You hear complaints that your organisaThey think that their meetings without the tion has unfair pay practices. CIO are a waste of time because the “real” There is minimal or no exchange of talent business is done in their one-one time with between teams. the CIO. At first, there was open discussion Your managers complain that when askof issues but as mistrust grew, less inforing for resources, they either get no help

1 2 3 4 5 6 7

THE CHIEF TECHNOLOGY OFFICER FORUM

CTO FORUM 07 OCTOBER 2010

T E CH F O R G OVE R NAN CE

T E A M M A N AG E M E N T

mation was openly discussed. Over a six-month period, there was open disagreement without resolution—and even some misinformation. The group was deteriorating, and it filtered down into the ranks. Members of one team began bad-mouthing another group. Bottom line: People were wasting time and precious productivity.

Steps for Eliminating Silos If this example sounds a bit like what’s happening in your organisation, take heart. Fixing the silo problem takes time, and you need to be consistent. Here are some steps you can take: Meet with your team and tell them that you are fully aware of what is happening, that you want all of them to function as a team, and that you will be taking various steps to ensure that this will happen. Examine the compensation plans of your team leaders. Are they being paid to cooperate or compete? If it’s the latter,

1 2

you need to explain that they will be evaluated mostly on their cooperation, not on competitiveness, which can be destructive. Meet with your team at least once a month and ask questions, such as: a. “What collaborative teamwork have you used to help various projects succeed?” b. “Do all the players have sufficient information to get their jobs done?” c. If the responses are “none” or “no,” it’s your job to analyse how information can flow better and faster. But do not get into who is wrong. When appropriate, begin a talent exchange between managers. This will make your organisation more attractive to employees, will support cross-training and will expand the knowledge base in your organisation. If one of your managers complains about another one, bring them both into your office, sit them down and explain that you want them to settle their issues. Be the

4 5

facilitator; do not be the decision-maker. Publicly acknowledge efforts that succeeded through collaboration. Develop a decision-making process for the allocation of resources, and let every team member know what that process is. Be transparent about pet projects. If there are poor performers on any of your teams, encourage managers to coach, train or fire them, rather than hand them off to each other. Monitor movement among teams in your organisation to ensure that this happens. You can still encourage internal competition. Just make sure the competition doesn’t get in the way of meeting organisational goals. Silos may be good on the farm, but they don’t work in the office.

6 7 8

—Diane L. Katz, Ph.D., is president of The Working Circle (www.TheWorkingCircle.com). This article is printed with prior permission from CIO Insight.

The Security vs. Access Paradox Delicate balance between network security and user access. BY MATT SWANSON

here is only one foolproof way to protect your networked computer systems against electronic snooping, hackers, unauthorised access, stolen passwords, denial-of-service attacks and other security breaches ... unplug them. That clearly isn’t a practical solution. In fact, most companies these days are compelled to open their systems to people inside and outside their organisations in order to do business effectively. The evolution of modern business has created increased dependence on network-based assets for everything from e-mail and customer contacts to order fulfilment and billing. This demand creates a paradox for CIOs and IT administrators. While networks exist for the purpose of sharing information, every open avenue for network access is a potential security gap. Access and security are always at opposite ends of the scale – too much of

CTO FORUM 07 OCTOBER 2010

THE CHIEF TECHNOLOGY OFFICER FORUM

one weighs against the other. The key to effective network administration is finding and maintaining the right balance. The IT department typically places greater emphasis on the security side of the ledger, which is to be expected because data protection involves concepts, techniques and technologies that are not well understood by most members of the organisation. Ensuring the protection of sensitive company data and applications is a responsibility that can’t be taken lightly. What’s more, network security isn’t just an imperative business practice, it’s the law. A growing number of federal, state and industry regulations require that organisations take measures to protect data from destruction, loss, unauthorised alteration or other misuse. Failure to do so can result in stiff penalties and costly litigation.

SECURIT Y

Over the years, IT has traditionally focused on perimeter-based security, with firewalls, access controls, intrusion detection solutions and other measures designed to create a wall around the network. However, the rapid growth of virtualisation, cloud computing, mobility and wireless technologies is making it nearly impossible to establish a hard perimeter anymore. New technologies have fundamentally altered IT’s customer base, as well as user expectations of what IT should deliver. An increasingly mobile and outsourced user It’s a simple fact that if people think netcommunity means IT must provide network security is keeping them from doing work and application access to a dynamic their jobs, they will seek the services and workforce with differing needs and operataccess they need from a less secure source. ing from numerous locations. In addition, They will install their own software, downthe proliferation of smartphones, netbooks load shareware, buy a laptop connect card or and hosted applications has made workers an AirCard, and get on their smartphone or less reliant upon their employers for their iPad and start doing business. You may have technology needs. a very secure network, but if your customers More and more employees are making are constantly finding workarounds then their own buying decisions about the devicyou have won the battle but lost the war. es and applications to maximise productivity, and they naturally want the IT support that will help them do their jobs. Cooperative effort This trend obviously imposes significant So how does an organisation balance its burdens on the IT department. It’s hard security imperatives against user access to manage equipment you don’t own, and needs in this era of distributed and open harder still to secure and support a diverse networked systems? collection of hardware and software that is Certainly, it’s vital to have a comprehenliterally changing every day. The natural inclisive strategy in which a variety of measures nation is to lock down the network and pro-- including firewalls, intrusion prevention, hibit the use of all devices and applications VPNs, VLANs, endpoint security, and more not expressly sanctioned by the organisation. -- are synchronised to create a globally disHowever, this is precisely where IT must tributed defense. But technology is only part walk a fine line. of the answer. With all security policies and Most important, and more practices, there is naturally going difficult to achieve, is the creto be some tradeoff between ease ation of comprehensive and of use and safety. However, secuunderstandable security poliCOMPANIES rity measures can be countercies developed in concert by the

75%

productive if they are too severe. CONSIDER GRC TO folks who run the network and Just as people will prop open a the ones who have to use it. IT BE A TOP PRIORITY locked door when it meets their administrators have to make a IN THEIR SECURITY needs, users will find ways to conscious effort to meet with circumvent security policies and their customers, internal and LANDSCAPE procedures they perceive as too external, to find out what they cumbersome or that prevent need to do their jobs. them from accessing the network resources It isn’t easy. In fact, it can be a downright they need. painful process. IT’s customers – the people If you don’t believe it, see how many who actually do the business of the business employees keep a copy of their network pass-- are usually not very security-savvy. They word hidden underneath their keyboard. know where to click and they know how to

PHOTO: PHOTOS.COM

Changing focus

T E CH F O R G OVE R NAN CE

“More and more employees are making their own buying decisions about the devices and applications to maximise productivity.” use the tools they need for their jobs, but they don’t understand what goes on behind the scenes. On the other hand, most network experts never really understand their customers’ jobs and what they need to work efficiently. The lack of communication and understanding between the two groups can lead to some hostility. With two-way communication, IT can understand how network modifications can help customers do their jobs, and users can understand why certain restrictions are necessary to keep the network secure. Through the use of questionnaires and interviews, CIOs can gain insight into the organisation’s culture and its ability to meet various security standards and requirements. IT must also share complex security principles in a simple manner. Policies that are overly technical and difficult to understand can actually be a barrier to effective security. This two-way communication provides a crucial starting point in the development of an effective security policy that provides maximum security with minimum impact on user access and productivity. It isn’t a “one-and-done” process, however. Because organisations are constantly changing, security policies must be updated regularly to reflect new business directions, technology upgrades and resource allocations. In the end, even the most comprehensive security policy is ineffective if users won’t support or comply with it. Striking a balance between security and access is the best way to avoid unplugging the network or customers unplugging from your IT office. —Matt Swanson is principal consultant for Emtec Federal Services. This article is printed with prior permission from www.cioupdate.com.

THE CHIEF TECHNOLOGY OFFICER FORUM

CTO FORUM 07 OCTOBER 2010

HIDE TIME | BOOK REVIEW

Author: Bill Bryson

“Houses are where history ends up.”

Home is where the history is A book

that claims everything miniscule in your house has a story to tell. Read it to fall in love with your home all over again.

THERE'S only one guy who can make history sound like a full moon party on Koh Phangan Island - Bill Bryson. One would have to thank Bryson’s state of doldrums (when he’s at home) for his latest masterpiece. Titled ‘At home: A short history of private life’ (it could so easily have been named ‘At a British Home’), the book is a diligent and systematic investigation into the history of whatever constitutes an Englishman’s house. The plot is his house, a former rectory in Norfolk. He goes around with an avid eye for every minute detail. Say, something as innocuous as a staircase. He traces back what made the humankind upgrade from a ladder to a staircase. Why of all the spices do we only have salt and pepper on our dining table? The book documents some beyondbelief facts from the history about things that are so close to us that we, often, take them for granted. Say,

CTO FORUM 07 OCTOBER 2010

a light bulb, a toilet seat, or a fork. The question is not merely how and when it was invented, but why was it invented to start with? What made us realise the need for an instrument having two or more prongs or tines, for holding, lifting food? While reading the history of inoffensive things we possess in our homes, the book reminded me of the omnipresent mobile book vendors who sell titles like “Astonishing facts you may not know” by reading out excerpts from the book - What makes leaning tower of Pisa lean? This book being from the desk of Bill Bryson it surely isn’t purely about facts unlike other I-would-shower-you-with-factstill-your-eyebrows-go-vertical books. It’s about storytelling with brushes of alluring humour and jaw-dropping ‘rats-have-sex-up-to-20-times-a-day’ facts. The book is breathtaking in its scope: be it histories of indoors lighting, of the clergy in England, of building materials, of food preserva-

THE CHIEF TECHNOLOGY OFFICER FORUM

ABOUT THE REVIEWER

Anoop Chugh is the assistant editor of CFO India Magazine. You can reach him at anoop. chugh@9dot9.in.

tion, of the effects of the Industrial Revolution or of the cornered toilet seat. The book is best summarised in Bryson’s own words, “The history of household life isn’t just a history of beds and sofas and kitchen stoves, as I had vaguely supposed it would be, but of scurvy and guano and the Eiffel Tower and bedbugs and bodysnatching and just about everything else that has ever happened. Houses aren’t refugees from history. They are where history ends up.” We recommend the book to anyone who enjoys being at home, intrigued by gentle history and is always inquisitive to know reasons behind why things are called what and what made us invent them to start with. —Anoop Chugh

HIDDENTANGENT GEETAJ CHANNANA geetaj.channana@9dot9.in

THE AUTHOR IS Executive Editor, CTO Forum

The Phone Support Saga

Speed of change in the mobile space has kept the support team on their toes. WITH many different kinds of smartphones in the market – it becomes an IT manager’s nightmare to support all of them. It started with some Nokias and Blackberry offering email on their device. This was the time when there was Blackberry connect for Nokia and users could get their Blackberry email on Nokia’s business phones like the 9300 or 9500. This is the time when Nokia decided to leave the Blackberry banner and chose to have its own mail offering. They obviously thought they were better. How well has it fared? After about four years of its launch, the Nokia offering is finally getting some traction on their E-series phones – just that it is still far from being a preferred platform. That, was still not too difficult for the IT department back then. The only thing that they had to do was set up Blackberry servers in some cases. That was nothing in comparison to what was in store for them. During the time Nokia and Blackberry were fighting it out – there came the iPhone and changed the game again. With a better user experience

CTO FORUM 07 OCTOBER 2010

and going forward, an integration with Outlook, it has catapulted into being one of the most preferred platforms. This also brought a cultural shift where employees started demanding support from the device at work. Till this time the employees did not care too much about the device they had – nor were there any compelling consumer devices that gave them the option of doing their work efficiently. The iPhone changed things from ground up. Now, not only did the IT department had to support the phone, but they had to increase security on their networks to ensure that the apps and the internet usage from the device did not cause havoc on their network. Usage policies had to be drawn for application and phone usage on office networks and for office emails. By this time they were supporting three major formats – Symbian, Blackberry and the iPhone. They were already supporting more operating systems on devices than on desktops in an organisation. Just when they were getting their air back – along came Android and opened

THE CHIEF TECHNOLOGY OFFICER FORUM

"During the time Nokia and Blackberry were fighting it out – there came the iPhone and changed the game again."

the doors to the public cloud even more. But, by this time organisations had realised that this was going out of hand. While some have got third party companies to manage their mobile policies – other have strict guidelines about the devices they can support. But now, they are going to face a dilemma that will be difficult to handle – the Windows Phone 7. Being launched this week, this device will change the ground rules again. It has got a refreshing new interface – which claims to be a lot more people centric. Better integration with Microsoft Office, Sharepoint and Outlook is also being touted – though without copy/ paste support. The phone’s interface is divided into hubs rather than being a collection of icons. It relies on the users’ tendency to look for everything with one glance at the phone. The whole screen of the phone is divided into only about six hubs that can be increased by new third party applications. Something extremely exciting to look forward to – and another thing that you may have to support. All the best!

VIEWPOINT STEVE DUPLESSIE | steve.duplessie@esg-global.com

Welcome to the Thunderdome

PHOTO: PHOTOS.COM

EMC’s Greenplum acquisition

I GET to say I told you so! I recently blogged about battles yet begun about the industry vs. Goliath (Oracle) and how if folks don’t wake up to what Oracle is doing with Exadata, a whole lot of people who love to sell infrastructure are going to be out of luck. I mentioned Greenplum and Vertica specifically as key ingredients to stem the threat–because they can eliminate the need for the heart of Oracle’s attack–the database. Greenplum builds a database designed from the ground up for massive scale–the kind required by data warehouses and BI systems. They do it far more effectively and a billion times cheaper than systems using the Oracle RDB to keep track of, and provide analysis on everything. With that in the arsenal, EMC now has a shot to at least stem the tide of Oracle Exadata defections–and even more, can offer a more compelling overall solution to the problems of massive data sets. The issue will be simple–Oracle knows how to sell

CTO FORUM 07 OCTOBER 2010

this stuff, EMC (traditional) doesn’t. Oracle DW/BI people speak that language–to the right buyer–who is not the infrastructure buyer! The BI/DW buyer is a business apps person–not someone who cares in the least about spinning disk or cache or whatever. EMC will either need to teach their high-end force a new language and the ways of a new customer set, or figure out how to keep that separate from the mainstream as they have done with their other successful software acquisitions. My guess is they will do the latter, but I don’t know yet. Unlike VMware or Documentum, for example, this play directly affects EMC’s bread and butter hardware offerings. When Oracle sweeps the floor with an Exadata deal, they sweep out Symmetrix, HP boxes, IBM, etc., and there really isn’t a heck of a lot to be done about it. This is perhaps why EMC did what they did–and I give them credit for seeing it for what it is and doing something

THE CHIEF TECHNOLOGY OFFICER FORUM

ABOUT THE AUTHOR: Steve Duplessie is the founder of and Senior Analyst at the Enterprise Strategy Group. Recognised worldwide as the leading independent authority on enterprise storage, Steve has also consistently been ranked as one of the most influential IT analysts. You can track Steve’s blog at http://www. thebiggertruth.com

about it. Why let Oracle dictate the game? With VMware, Springsource, and Greenplum, one can make some pretty compelling software arguments as to why this combination is the face of massive data set management in the future. I love the play. Kudos for a brave move. After Data Domain, I’m not going to challenge their ability to pull off the execution again. I’m just dying to see this play out. It’s like a heavyweight fight in the making. Interesting final note – Oracle owns Sun, Greenplum was founded by some Sun folk, Scott McNeally is on the Greenplum advisory board…….