Hot Technology Trends for 2011 by ctof magazine

cTo forum

Technology for Growth and Governance

January | 21 | 2011 | 50 Volume 06 | Issue 11

plan security at design stage | Web 2.0 may break the cloud | complexity - a sure way to fail

Hot

Technology Trends for

Watch out for these key trends that'll steal all the news in the next twelve months. | Page 23

2011 next Horizon

Transformational CIO Page 29

I believe

External Linkages Will Change the Game Page 06

Volume 06 | Issue 11

A 9.9 Media Publication

a question OF ANSWERS

Anticipating Real Recovery in IT Page 16

editorial Rahul Neel Mani | rahul.mani@9dot9.in

From Page to Page:

Will Google rekindle as innovator?

bout 10 days ago, the world of technology was stunned when Eric Schmidt, 55, decided to step down as CEO of Google – bringing to an end a decade long era. In this one decade Google became the most powerful Internet company in the world. In 2001 Google had less than $100 million in annual revenue and today Google is $29 billion strong and employs 24,000 employees globally. Of course, a lot happened during this one decade. Facebook, Twitter, MySpace, Groupon etc.

came into existence. A decade ago there was absolutely no threat to Google’s search and advertising revenues. Perhaps that made Google a little complacent towards the idea that the Internet era was all about change – a change that kept users glued to you. Although people may have different views about the future of incumbent Google, I feel that Google’s $35 billion bank balance is under tremendous threat from the current players including Facebook which is

editor's pick 23 7 Hot Technology Trends for 2011

Some key technology trends that'll steal all the news in the next twelve months.

estimated to corner about $4 billion in advertising revenue during 2011. While Facebook is the current threat to Google but given the nature of Internet business, tomorrow it could be any other company. While Google has been able to secure its leadership position in the Internet space, its ignorance of the emerging trends in social networking [which Facebook and Twitter exploited] made it a foot-dragger. Will it be possible for Google to crush the popularity and following of Facebook? My answer is ‘No’. While Google may be surging ahead with its ‘Android OS’ in the mobile space, it hasn't been able to develop a compelling social networking platform to counter Facebook - a delay that is the writing on the wall. Will this leadership change help Google regain its supremacy, which it lost to newcomers? Will

Larry Page, the founder of Google and its CEO before Schmidt took over in 2001, be able to make Google nimble again? I don’t think that even Page can answer this question with conviction. Surely Facebook and Twitter have challenged Google’s supremacy in more ways than one. The tag of being a ‘cool’ Internet company doesn’t remain with Google anymore. The way Facebook has engaged with it users – half a billion and counting – is far more intriguing than Google. Also, Larry Page will have to transform from a ‘not-somanaged’ manager to a strategic leader and take some of the decisions imperative to rekindling the innovations that made Google Internet top dog in the first place.

The Chief Technology Officer Forum

cto forum 21 january 2011

january 11 thectoforum.com

C o v e r D e s i g n : s r i s t i m a u r ya

Conte nts

cover Story

23 | Seven Hot Technology Trends for 2011. Watch out for these key trends that'll steal all the news in the next twelve months.

cto forum 21 january 2011

The Chief Technology Officer Forum

No holds barred

38 | plan security at design stage Carlos Solari, VP Cyber

Technology and Services, CSC, talks about how organisations should deal with their security framework.

20 | Best of Breed: Web 2.0 may break the cloud In the cloud,

there is a good reason to be worried. By danny lieberman

34 | tech for governance: complexity - a sure way to fail.

By rafal los

regulArs

01 | Editorial 10 | Enterprise Roundup

16 A QUESTION OF ANSWERS

16 | Anticipating Real Recovery in IT Tom Murphy, CIO, Amerisource Bergen shares his advice for 2011.

Please Recycle This Magazine And Remove Inserts Before Recycling

Copyright, All rights reserved: Reproduction in whole or in part without written permission from Nine Dot Nine Interactive Pvt Ltd. is prohibited. Printed and published by Kanak Ghosh for Nine Dot Nine Interactive Pvt Ltd, C/o Kakson House, Plot Printed at Silverpoint Press Pvt. Ltd. D- 107, MIDC, TTC Industrial Area, Nerul, Navi Mumbai- 400706

advertisersâ&#x20AC;&#x2122; index NOVELL SCHNIEDER ACE DATA PTC DELL INSERT AIRTEL INSERT TATA COMMUNICATIONS MICROSOFT

IFC 05 13 15 AFTER 20 AFTER 24 IBC BC

This index is provided as an additional service.The publisher does not assume any liabilities for errors or omissions.

january 11 Conte nts

thectoforum.com

column

6 | i believe: External Linkages Will Change the Game Integrating internal capabilities with external linkages. By samrat das

33 | hidden tangent: BI in jeopardy! Watson by IBM beats humans at the popular game show. By geetaj Channana

48 | view POINT: Grow Up! The New World of Managing IT Stuff By Steve Duplessie

features

29 | next Horizons: transformational cio True transformation occurs within both the IT organisation and the business' core systems. By pam baker

www.thectoforum.com Managing Director: Dr Pramath Raj Sinha Printer & Publisher: Kanak Ghosh Publishing Director: Anuradha Das Mathur Editorial Editor-in-chief: Rahul Neel Mani Executive Editor: Geetaj Channana Resident Editor (West): Minu Sirsalewala Agarwal Senior Editor: Harichandan Arakali Assistant Editor: Varun Aggarwal DEsign Sr. Creative Director: Jayan K Narayanan Art Director: Binesh Sreedharan Associate Art Director: Anil VK Sr. Visualiser: PC Anoop Sr. Designers: Prasanth TR, Anil T, Joffy Jose Anoop Verma, NV Baiju & Chander Dange Designers: Sristi Maurya & Charu Dwivedi Chief Photographer: Subhojit Paul Photographer: Jiten Gandhi

cto forum 21 january 2011

The Chief Technology Officer Forum

advisory Panel Anil Garg, CIO, Dabur David Briskman, CIO, Ranbaxy Mani Mulki, CIO, Pidilite Manish Gupta, Director, Enterprise Solutions AMEA, PepsiCo India Foods & Beverages, PepsiCo Raghu Raman, CEO, National Intelligence Grid, Govt. of India S R Mallela, Former CTO, AFL Santrupt Misra, Director, Aditya Birla Group Sushil Prakash, Country Head, Emerging Technology-Business Innovation Group, Tata TeleServices Vijay Sethi, VP-IS, Hero Honda Vishal Salvi, CSO, HDFC Bank Deepak B Phatak, Subharao M Nilekani Chair Professor and Head, KReSIT, IIT - Bombay Vijay Mehra, CIO, Cairns Energy Sales & Marketing VP Sales & Marketing: Naveen Chand Singh National Manager-Events and Special Projects: Mahantesh Godi (09880436623) Product Manager: Rachit Kinger (9818860797) GM South: Vinodh K (09740714817) Senior Manager Sales (South): Ashish Kumar Singh GM North: Lalit Arun (09582262959) GM West: Sachin Mhashilkar (09920348755)

Kolkata: Jayanta Bhattacharya (09331829284) Production & Logistics Sr. GM. Operations: Shivshankar M Hiremath Production Executive: Vilas Mhatre Logistics: MP Singh, Mohd. Ansari, Shashi Shekhar Singh OFFICE ADDRESS Published, Printed and Owned by Nine Dot Nine Interactive Pvt Ltd. Published and printed on their behalf by Kanak Ghosh. Published at Bunglow No. 725, Sector - 1, Shirvane, Nerul Navi Mumbai - 400706. Printed at Silver Point Press Pvt Ltd, D-107, TTC Industrial Area, Nerul, Navi Mumbai 400706. Editor: Anuradha Das Mathur For any customer queries and assistance please contact help@9dot9.in This issue of CTO FORUM includes 16 pages of CSO Forum free with the magazine

The author brings more than 13 years of experience in operational management and IT services consultancy gained across multiple industries.

PHOTO BY Jiten Gandhi

I Believe

Samrat Das, CIO, Tata-AIG Life Insurance Company Ltd.

External Linkages Will Change the Game Building

the architecture to integrate internal capabilities with external linkages will deliver an all-in-one basket to the customer. In financial services, it is only a matter of time before selling in silos gets diluted, to be replaced by a holistic view of what the customer wants and can digest. Translating this into a technology roadmap, with the right external linkages is something that I'm very fascinated with and passionate about.

cto forum 21 january 2011

The Chief Technology Officer Forum

current challenge How do I integrate with my banks, with my registrars, with my demat accounts, with my mutual funds and then go and give the customer that single piece

Realising the architecture to bring the end customer this one single aggregated piece isn't about simply ensuring availability or even tapping the cloud. It's about how much forward looking am I in putting this external integration in place. How do I integrate with my banks, with my registrars, with my demat accounts, with my mutual funds and then go and give the customer that single piece. There are two pieces in the life cycle of any financial asset or set of products. One is about understanding the need, which is essentially the selling process and figuring out the right fitment. Second, once the fitment is there, continuously evaluating whether the product or the combination is aligned to the needs that the customer has, as the needs keep changing with life style, age and other factors. The first level then is the basic integration which is internal to the organisation. Today we are always talking about pieces within the organisation. What I'd like to see is the integration with the external links: The core competency of a bank can't be replaced by an insurance firm, as these are individual strengths, so how does one do this? Today the buzz word is all about SOA, but is that the best way to go forward? I don't know. Any application or framework that we build, we must ensure that it is open to assimilate and disseminate information. If the application is closed, at some point it will hit a wall and may have to be scrapped or may cost you heavily. The factor that will influence this trend in the market is awareness. People who were novices only yesterday have moved up the value curve rapidly today. This means that the demand for such integrated wrappers will only increase, be it in a year or in five years.

LETTERS COVE R S TO RY 12 T E C H B E H AV I O U R S

COVE R S TO RY 12 T E C H B E H AV I O U R S

“I keep every single piece of e-mail I've ever received”

“I’m always checking my iPhone when dining with my significant other”

CTOForum LinkedIn Group

S P I N E

CTO

Only if he ever listened to me, would he know that I need BONES, not Spaghetti.

Enough is enough, take all the mail out of the Dog House RIGHT NOW!

FOR UM

Techno logy for Growth and

Subhasish Saha CTO, Apeejay Surrendra Group

YES NO

CTO FORUM 07 JANUARY 2011

SELF ASSESSMENT

“If I don't weed out the unwanted ones from the important ones, it will be difficult to manage the emails.”

YES

THE CHIEF TECHNOLOGY OFFICER FORUM

January | 07 Volum

| 2011 | 50 e 06 | Issue 10

Do you keep every single email/ SMS that you receive? 16% YES

Lalit Wadhwani CTO, Frameboxx Animation & VFX Ltd.

ING IN THE ENT ERP

32A

Gover nance

THIS SAYS: You're a pack rat, and maybe even compulsive. On the plus side, you may be perceived as the top “institutional authority” within your organisation – the one who can be depended upon to keep track of everything that's happened over the years.

| SOCIALIS

YES

60%

SELF ASSESSMENT

NCIES

40%

“Not required. As I use it primarily for mails and messages and I get alerts for both. I do not keep it on always.”

ING OUT INEFFICIE

Are you always checking your phone even when you are with your significant other?

DIGG

THIS SAYS: You may be commitment and/or intimacy challenged. In the office, you may detach yourself emotionally from colleagues, ultimately hurting your career.

84% NO

THE CHIEF TECHNOLOGY OFFICER FORUM

CTO FORUM 07 JANUARY 2011

RISE

| WAYS TO AVO ID

What th about eyyousay

SCREWIN G UP

e 06 | Issue 10

Volum

Media

Priva Publicte Data,

Publicatio

Domain, Oppor tunity

PAGE 06

NEXT HORIZ ONS

Gettin

Righgt the Tablet

PAGE 43

www.linkedin.com/ groups?mostPopular=&gid=2580450

Some of the hot discussions on the group are:

Page 30

I BELIEV E

A 9.9

Join close to 700 CIOs on the CTO Forum LinkedIn group for latest news and hot enterprise technology discussions. Share your thoughts, participate in discussions and win prizes for the most valuable contribution. You can join The CTOForum group at:

NO HOLD S BARRE D

Cloud sC Lock You an in

What are the attributes of a good CTO? What are the prerequisites for a CTO role ? PAGE 55

I see the CTO role as that of a technology leader bridging the gap between the commercial requirements of the enterprise and the technology support of those requirements. An effective CTO should be able to guide the efficient implementation of IT whilst also using it to shape the commercial strategy of the business.

The Cloud is all air and no substance Do you think cloud is going to die a quick death of SOA or is it going to make big headway into the enterprise? Is it old wine in a new bottle? What does it lack in making a convincing case? Its real and all about today and tomorrow. However, you have to bring it back to a realistic service that gives tangible benefits. There are a great deal of 'cowboy' stories and not many who really understand it.

—Ronald Kunneman, Director at Digitra

Opinion

Private Data, Public Domain, Opportunity It's all about creating the value perception that drives the business “Mining public-domain data to create the value perception that drives business will increasingly occupy the minds of CIOs.” To read the full story go to:

WRITE TO US: The CTOForum values your feedback. We want to know what you think about the magazine and how to make it a better read for you. Our endeavour continues to be work in progress and your comments will go a long way in making it the preferred publication of the CIO Community.

cto forum

The The Chief Chief Technology Technology Officer Forum Forum 21 january 07 november 2011 2010 Officer

Eng Lin Goh, CTO, SGI in a conversation with Geetaj Channana on the evolution of the company after its takeover by Rackable, and their contribution to cloud computing and high-performance computing in the enterprise.

http://www. thectoforum.com/ content/hpcenterprise

Richard Ward, Head of Technical, WIN Plc

Send your comments, compliments, complaints or questions about the magazine to editor@thectoforum.com

CTOF Connect

http://www.thectoforum.com/content/privatedata-public-domain-opportunity K B Venkataramanan CIO, Viteos Capital Markets Services Ltd.

feature Inisde

Top 10 Telecom Predictions for 2011 Pg 12

Enterprise

illustration by prasanth tr

Round-up

Mobile Enterprise Apps to Take Off

Ninety percent plan to implement them in 2011 A new

Kelton Research sponsored by Sybase highlights that this year 90 percent of IT managers surveyed are planning to implement new mobile applications and nearly one in two believe that successfully managing mobile applications will top their priority list. As a result both hosted and on-premise mobility solutions powered by a strong mobile enterprise application platform are valuable options for businesses to seriously consider in 2011. A majority (82 percent) of IT managers share the belief that it would be beneficial â&#x20AC;&#x201C; not detrimental â&#x20AC;&#x201C; to host more of their mobile applications in the cloud. Nine in ten (90 percent) IT managers reported they will implement new mobile applications this year,

cto forum 21 january 2011

The Chief Technology Officer Forum

with almost a quarter (21 percent) looking to introduce 20 or more applications into their organisation. In addition, they anticipate supporting about eight different mobile platforms or operating systems by the end of 2011. Mobile mismanagement: Despite the enthusiasm and flexibility shared by IT departments, many are currently not being strategic about mobility. Almost half of respondents (46 percent) who do not have a mobile strategy in place did not expect to hire staff to specifically deal with their enterprise mobility strategy while nearly the same number of respondents (45 percent) admitted they did not have a plan or timeline in place.

Data Briefing

Million media tablets were shipped worldwide in 2010

E nte rpri se Round -up

They Eric Said it Schmidt

photos by photos.com

Eric Schmidt will step down from the role of Google CEO in April, he will be the succeeded by Larry Page, who is one of the founders of Google. Eric Schmidt made these comments speaking to some reporters and later on his twitter page.

Dell Launches Printers in India Initial offerings includes single and multifunction color and monochrome laser/LED printers

“Larry is ready. It’s time for him to have a shot at running this. Day-today adult supervision no longer needed!” —Eric Schmidt, CEO, Google Inc.

Dell has announced the launch of printers in India, introducing a comprehensive range of printing devices for home offices, small and medium businesses and workgroups. The range of printers being launched include : Dell 1130 and Dell 1130n (Rs 6500 and Rs 16000) – These monochrome single function printers offer printing speed of up to 19 pages per minute on the 1130 and 24 pages per minute on the 1130n. Dell 1133 (will be available in the market for Rs 11000) – The multifunction (print, scan, copy) monochrome laser printer prints up to 22 pages per minute (A4) with a maximum monthly duty cycle of up to 12,000 pages. It comes standard with a 250sheet paper drawer and 64 MB RAM. Dell 1250C (will be available in the market for Rs 17000) – The world’s smallest single-function A4 color laser-class printer features LED printing technology. It performs at speeds of up to 12 pages per minute mono and 10 pages per minute color and can produce prints at a maximum monthly duty cycle of up to 30,000 pages. Other models include 2230d (Rs 22,000), 2330d (Rs 25,000) and 2330dn (Rs 30,000).

Quick Byte on Digital Health Records

There will be a stronger emphasis on healthcare personalisation and contextualisation in 2011. Focus will be on initiatives that accentuate patient centricity, promote personal health management in service redesign, and support more intelligent healthcare business analytics. The Chief Technology Officer Forum

cto forum 21 january 2011

illustration by pc anoop

E nte rpri se Round -up

Top 10 Telecom Predictions for 2011 To test the nerve of telcos in Asia Pacific

The Asia /Pacific (excluding Japan) or APEJ telecom services market is expected to reach $283 billion in 2011, representing a growth rate of 7.5%. The following are the top 10 Telecommunications Predictions in 2011 from IDC. 1. Socialytic Applications will transform the collaboration market IDC predicts that 2011 will be the year where the trend of combining social media with business analytics (BA) will make its mark across most of the key enterprise applications in use today. 2. Mobilution â&#x20AC;&#x201C; Mobility will make a leap into IT

Enterprise mobility has been on the agenda for years â&#x20AC;&#x201D; today however, IDC is seeing what we call a "perfect storm" created by the evolution of different areas of technology combining to create a revolution in mobility. It truly is everything going mobile and IDC believes 2011 will be a catalyst year for this. 3. The death of the IP Phone as we know it Video has transformed the way businesses communicate internally and externally with their clients and partners. The popularity of video and smart devices in the era of mobilution will lead to the death of the IP Phone. 4. The rise of the Asian MNCs

Global Tracker

Worldwide PC shipments

Worldwide PC shipments totaled 93.5 million units in the fourth quarter of 2010, a 3.1 percent increase according to Gartner. 12

cto forum 21 january 2011

The Chief Technology Officer Forum

93.5 million

A changed new world order is upon us and is one where the influence of Asian MNCs in the ICT market will change the way market leaders operate and conduct themselves. "Adjust or Vanish" will perhaps be the key takeaway for all major ICT players competing in the Asian century. 5. Telecom services providers will return to IT Telecom operators' foray into newer areas was largely driven by the stagnation or even decline of many of the traditional telecom services that led telcos to look into new areas for their next leg of growth. The promise of cloud technologies, mobility and many other technologies will mean that Telcos will return to IT in 2011. 6. Virtualised desktops will pave the way for Workplace-as-a-Service If there is one thing that everyone that has tested virtual desktop can agree on is its sheer complexity. With the popularity of iPads in the B2B world and the expected entry of alternative media tablets and other mobile devices, client virtualisation is expected to generate great interest, proof-ofconcept and demands in 2011. 7. Power of the datacenter will surface in a SP-Enabled cloud world Almost 90% of telcos in the region now have a cloud strategy, or at least have expressed interest to enter into the cloud marketplace and we expect an acceleration of this trend in 2011 and beyond. 8. Value partnership with IT vendors will tackle the lucrative SMB market IT companies are increasingly looking to partner with Telcos to increase their penetration in the SMB space, which continues to be the largest segment in terms of total number of addressable opportunities. 9. Telecom service providers will look to Cloud Computing for operations There is a whole new sub-industry emerging which revolves around the software, hardware, and services network equipment providers that are serving telcos and the transformation of their products/technologies into money-making cloud services. 10. Next Gen Optics 100G will be essential in a highly-networked marketplace Network equipment vendors have been developing commercial 100G DWDM transceivers paving the way for the first wave of commercial launches in 2011.

E nte rpri se Round -up

photo by photos.com

Big Shakes in Top Tech Companies Apple, Google and HP face new leadership challenges

In one week, Apple, Google and HP have announced major shifts in their top management team. To start with, Apple CEO, Steve Jobs sent a letter to Apple employees telling them that he has to take prolonged medical leave of absence from Apple. Though he would stay on as the CEO of the company, and take part in strategic decisions, the day-to-day operations will be handled by Tim Cook – who is the COO of Apple. But, this moves looks temporary as he wrote in a message to Apple employees, “I love Apple so much and hope to be back as soon as I can.”

Jobs is a cancer survivor and underwent a liver transplant in the recent past. The second big news has come in the form of Eric Schmidt stepping down as the CEO of the search giant Google. He will pave the way for Larry Page, who is co-founder of Google. Starting April 4, Larry Page, will take charge of Google's day-to-day operations as CEO. Sergey Brin, the other co-founder of Google, will devote his energy to strategic projects, in particular working on new products. Eric Schmidt will assume the role of Executive Chairman, focusing externally on deals, partnerships, customers and broader business relationships, government outreach and technology thought leadership. Internally, he will continue to act as an advisor to Larry and Sergey. Commenting on these changes, Larry Page said, “Eric has clearly done an outstanding job leading Google for the last decade. The results speak for themselves. There is no other CEO in the world that could have kept such headstrong founders so deeply involved and still run the business so brilliantly.” Google also reported a 26% increase in profits over the same quarter last year. HP has also announced a change in its board after the un-ceremonious exit of their exceptionally successful CEO, Mark Hurd. There was a lot of debate over how Mark Hurd was ousted from HP and the close to $35 million severance that was paid to make him go. Joel Hyatt, Robert Ryan, John Joyce and Lucille Salhany will be moving out of the HP board. They will be replaced by Meg Whitman, the former eBay chief humeet Banerji, CEO of Booz & Co; former General Electric exec Gary Reiner; Patricia Russo, who ran Alcatel-Lucent; and Dominique Senequier, CEO of AXA Private Equity.

Fact ticker

Cloud Computing is the Top Tech Priority of 2011 Business Leaders Looking for IT to Drive Revenue Growth

CIOs’ IT budget projections for 2011 are globally flat, with a weighted average budget increase of 1 percent. While CIOs do not report IT budgets returning to their 2008 (pre-recession) levels, the number of those experiencing budget increases in 2011 outnumbered those reporting a cut by almost three-to-one.

cto forum 21 january 2011

CIOs expect to adopt new cloud services much faster than originally expected. Currently, 3 percent of CIOs have the majority of IT running in the cloud or on SaaS technologies, but over the next four years CIOs expect this number to increase to 43 percent. In a further positive development revealed in the survey, CIOs may be

The Chief Technology Officer Forum

able to reallocate IT budget savings, rather than simply returning them to the organisation in 2011. CIOs anticipate the ability to fund infrastructure changes and new projects by reallocating resources within that budget. CIOs see the introduction of Internet service-based technologies as changing that equation and releasing between 35 to 50 percent of infrastructure and operational resources for innovation and growth. This is creating a new CIO success cycle, one based on creating and realising new sources of value, in addition to costeffective IT operations.

CDMA IPHONE

After waiting for three-and-a-half years Verizon Wireless customers will finally get their hands on Apple's iPhone next month. The US wireless operator ended months of speculation and anticipation from impatient consumers by announcing that it would begin selling the iPhone on February 10 at the same prices as AT&T. The new device puts an end to AT&T's three-year-old status as the exclusive US provider for the iPhone but leaves questions over how much Verizon Wireless would be able to capitalise on the deal with Apple. For one, Verizon did not say what it would charge for its iPhone data and service plans when the phone goes on sale. There were expectations that it would trump AT&T by offering the device with unlimited data service plans. Verizon likely will announce those prices before pre-orders begin, said Verizon Wireless Chief Executive Daniel Mead, who is preparing for "unprecedented" demand. In addition, Verizon's first iPhone customers may buy a phone that is outdated only months later if Apple upgrades the iPhone on its typical early summer launch schedule. One upgrade in the new device compared with AT&T's iPhone 4 is that it will act as a so-called personal hotspot, which could connect as many as five different devices to the Internet via the phone's shortrange Wi-Fi radio.

A Question of answers

tom mu rphy

CIOs Need to Focus on: The least sexy but the most important thing is to truly understand your supply and demand

cto forum 21 january 2011

The Chief Technology Officer Forum

Tom mu rphy

A Question of answers

Amerisource Bergen | CIO, Tom murphy

Anticipating

‘Real’ Recovery in IT The economy in 2011 might look a lot like that of 2010. Amerisource Bergen CIO Tom Murphy advises you to use the year ahead to sharpen your skills in governance, social networking and cloud computing, in order to best position your enterprises for a “real” recovery in 2012 and beyond. New technologies are emerging at lightning pace. Economic pressures are bogging down strategic planning. Demand on IT is escalating to untenable levels. Sounds daunting? Well, CIOs had better buckle up, because these are some of the challenges AmerisourceBergen CIO Tom Murphy sees on the horizon for 2011. Murphy, a former CIO at Royal Caribbean, is deep into a multiyear, multi-

million-dollar SAP implementation at AmerisourceBergen, the $78 billion pharmaceutical services giant. He’s also looking to strengthen governance policies and go deeper into social networking and cloud computing. Murphy recently shared his predictions and priorities for 2011 with CIO Insight contributor Brian P. Watson. What follows is an edited, and condensed version of their conversation.

2010 brought many challenges for CIOs. Will 2011 be a repeat? I don’t see any significant change economically, at least in terms of the focus on “doing more with less.” But, looking ahead, the pressure to keep pace with technology growth is going to increase exponentially. How do you do that when you can barely get enough money to upgrade a server,

The Chief Technology Officer Forum

cto forum 21 january 2011

A Question of answers

tom mu rphy

“If you're transparent about what it takes to run the day-to-day operation and what you're working on that's non discretionary, that leaves you with "X" amount of time and resources for the discretionary”

let alone start looking at alternative sourcing, social networking, etc.? It’s going to add a lot of pressure. And demand on IT from the business keeps going up. What does that mean for planning? CIOs need to have a well-understood, transparent governance process that controls the input of [business] demands. It’s very unsexy, but very important in being able to meet the demand. If you’re transparent about what it takes to run the day-to-day operation and what you’re working on that’s nondiscretionary, that leaves you with “X” time and resources for the discretionary. If you’ve put into place a solid governance model that engages the business in that conversation, they can understand where that demand is coming from. [Businesspeople] are living under the same limitations, right? You’re trying to break the [impression] that IT has endless dollars to do anything. [Instead you want to say]: “Hey, business partner! You need to work with me to figure out what the highest priorities are in this organisation, because these times of constrained resources are never going to change.” It doesn’t necessarily take the pressure off, but it changes the pressure, and it helps to spread some of the pressure to the business while taking it off IT. It doesn’t mean Joe Director isn’t giving Jane Business Analyst a hard time because he can’t get what he wants. But, it does level-set the organisation in a way that shows we’re all in this together. The staffing situation also seems daunting. What’s the reality around available talent and the jobs CIOs need to fill? We’re having a hard time finding qualified applicants—particularly SAP resources, which is the bulk of what we’re hiring. On average, it takes three to four months to fill a technical SAP position. That’s way too long. The conventional wisdom is that there are so many resources out there.

cto forum 21 january 2011

But “relevant skills” is the operative phrase. When companies downsized, they weren’t downsizing their top performers. Hiring in 2011 will be very limited, and it will be limited to those critical positions with which you need to operate your organisation. Therefore, the bar will be very high. A lot of companies still see IT as a good place to look for high-cost, lowperceived value, just because of a lack of understanding of what IT does. And that’s a dangerous place to be. Are there any bright spots? What’s going on inside the mind of the CIO right now? I’m probably one of the few CIOs with a bright spot. My company didn’t back off of this huge SAP investment. While anyone who’s done one knows it doesn’t necessarily equal a bright spot, at least it’s something new, and it’s giving me new opportunities. My leadership team has allowed me to build a new organisation called Integrated Business Services, which is a conglomeration of business process and analytic resources, as well as traditional IT resources.

The Chief Technology Officer Forum

things I Believe in IOs need to C have a wellunderstood, transparent governance process that controls the input of [business] demands. he “doing T more with less” pressures are going to continue. here’s T tremendous power in reworking social networking tools.

So, in that sense, I’m having the time of my life. But that’s highly, highly unusual right now in the marketplace. There’s a perfect storm around us and ahead of us: continued outsourcing—or near-sourcing or ruralsourcing—with the chance to do more; financial pressures for the corporation; and the perception that IT is very, very expensive and low-value, or [that it’s] harder to monetise that value [than it is for other business areas]. Couple [these factors] with the youngest generation [entering the workplace], whose expectations of IT are very different. They don’t believe in IT as a function. It’s truly integrated into everything they think and everything they do—that really amps up the utility model to a significant degree. As you get to know that generation and feel where this thing is going, you have to ask how relevant the role [of the CIO] will be in the future. We have to evolve the role of CIO. We’ve been accustomed to the need to change and adapt for the last 20 years. But we need to

tom mu rphy

continue to integrate with the business, and to break the perception of IT as a separate entity that’s not part of the business. [We’re] just like marketing, sales, or the supply chain. I’m pressing hard to eliminate this notion of “us” and “them.” If we can integrate and be perceived as adding value to the operation of the organisation, then our place will be secure. Which technologies will make a true impact in the enterprise next year? If you look at what we’ve done with human sourcing—looking for the lowest-cost sourcing models that can still meet the needs of the organisation—I see that the cloud is going to create the same type of model for platforms and technology. The “doing more with less” pressures are going to continue. The limited resources are going to continue. The skills gap from where we are and where we need to be is going to grow. You’re going to have a new generation whose expectations are highly amped. So what do you do? Companies are looking for opportunities to move their low-value-add but highoverhead applications and technologies to a reliable environment. That allows you to eliminate a bunch of costs from your balance sheet, to smooth out your costs over 12 months (which CFOs like), and not have to worry about that skill set any more. It just becomes another sourcing model, akin to the human sourcing model, in that it will complicate the governance of IT, but it will simplify the technical aspects of IT. That’s the bet. Obviously, none of this happens without risk, but all the pressure points are right for a more concerted push to move this stuff out. Social networking (or collaborative) tools are similar in terms of hype versus reality. Will enterprise adoption change in 2011? You now have this mass of Internet-enabled population, this kind-of-new way of communicating, a new generation of workers coming in who grew up with [social media]— and most traditional companies that have treated this stuff like the plague. And yet, look at LinkedIn, for instance: It is, in a sense, the perfect knowledge-management

tool—the kind we’ve talked about for 20 years but haven’t done a good enough job building ourselves. There’s tremendous power in reworking social networking tools into true business tools. We have to figure out which parts we want, how we get them, and how we piece them together into something that makes sense. There are new protocols and standards being developed because this is so serious: You wouldn’t see this happening if social networking didn’t have real legs. The new technologies that are coming are at the very core of how the Internet works, and they’re coming because of the explosion of social networking, the new capabilities we’re seeing, this new way of communicating. There are pieces of it out there. It’s going to be an organic, grassroots kind of thing that you prove out on a small scale. If you

A Question of answers

transparency that makes a lot of people very uncomfortable. For me, it’s all about transparency. The second is to explore social networking tools. They’re coming fast and furious, and you should investigate their capabilities and how they might apply to your company. If it becomes a competitive disadvantage, you don’t want to start from scratch. The CIO is absolutely responsible for looking ahead and avoiding risk caused by something you didn’t see coming. The last is to look at all the sourcing models you have—both human and asset—and develop a strategy. You might not have the money to actually implement or build, but you can put a strategy together, knowing what you know about the business today and where it’s going, so that you don’t get caught flat-footed. India wages are changing. China, Latin

“The new technologies that are coming are at the very core of how the Internet works, and they’re coming because of the explosion of social networking, the new capabilities we’re seeing, this new way of communicating.” can show a return associated with this type of a model, then you might be able to move that forward. Given all of this change, what key things should CIOs expect to do in 2011? The first thing is the least sexy: To truly understand your supply and demand. [Then you can] put in place governance that incorporates ... the business into the decisions around how to apply your supply to your demand. That is fundamental, but it’s amazing how few companies have actually done it. Once you’ve done that, you can focus on where you have ample supply to go after the real value-add. It requires a degree of

America and Eastern Europe are evolving. These are all things we should be watching. And, of course, the cloud introduces platform options. So CIOs should build a strategy around both platform sourcing and human sourcing. Those are three things I would do. One is foundational; the other two are strategic look-aheads, anticipating a time when the economy will really recover, and people will look at how they can separate themselves from the competition.

—This interview was first published in the CIO Insight. For more stories please visit www. cioinsight.com

The Chief Technology Officer Forum

cto forum 21 january 2011

Best of

Breed

Feature Inside

Bridging the Gap Between Data and Insights Pg 21

Illustration by pc anoop

Web 2.0 May Break the Cloud In the Cloud of rich Web 2.0, there is a good reason to be worried. By Danny Lieberman

cto forum 21 january 2011

The Chief Technology Officer Forum

here are some good reasons why cloud computing is growing so rapidly. First of all there are the technology enablers: Bandwidth and computing power is cheap. Software development is more accessible than ever. Small software teams can develop great products and distribute it worldwide instantly. But cloud computing goes beyond supply-side economics and directly to the heart of the demandside – the customer who consumes IT. Consuming computing as a utility simplifies life for a business. It’s easy to understand (unlike data security technology) and it’s easy to measure economic benefit (unlike governance, risk and compliance activities). Cloud computing is more than an economic option; it’s also a personal option. Cloud computing is an interesting, almost revolutionary consumer alternative to internal IT systems due to it’s low cost and service utility model. Current corporate IT operations provide services to captive “users” and empower management (historically, information technology has its roots in MIS – management information systems). When IT vendors go to market, they go to the CxO executives. All the IT sales training and CIO strategies are based on empowering management and being peers in the boardroom. Sell high, don’t sell low. After all, employees don’t sign checks. But cloud computing is changing the paradigm of top-down, management-board decision-based IT. If you are a sales professional and need a new application for your business unit, you can acquire the application like a smart phone and a package of minutes. Cloud computing is a service you can buy without a corporate signature loop. An employee in a remote sales office can sign up

B E S T OF B R E E D

c lo u d

side (PHP, SQL) and 3 on the for Salesforce.com ($50/month client side (Javascript, HTML, for 5 sales people) or Google CSS) turns developers into Apps (free up to 50 users) and frequent searchers for answers manage software development on the Internet (many of which on github.com (free for Open of the top are incorrect) driving up the Source). malware use frequency of software defects So far – that’s the good news. web to arrive relative to a single language But – in the Cloud of rich Web 2.0 application services, we are on user systems development platform where the development team has a better not in Kansas any more. There chance of attaining maturity and is a very good reason to be proficiency. More bugs mean worried. With all the expertise more security vulnerabilities. of cloud security providers – the Web 2.0 Back end data base servers interfaced to service they provide is only as secure as the front end scripting languages like C# and application software itself. PHP comes built-in with vulnerabilities to The current rich Web 2.0 application develattacks on the data tier via the interface. opment and execution model is broken. But the biggest vulnerability of rich Web Consider that a Web 2.0 application has 2.0 applications is that message passing is to serve browsers and smart phones. It’s performed in the UI in clear text – literally based on a heterogeneous server stack with inviting exploits and data leakage. 5-7 layers (database, database connectors, The multiple interfaces, clear text mesmiddleware, scripting languages like PHP, sage passing and the lack of a solid underJava and C#, application servers, web servstanding of how the application will actually ers, caching servers and proxy servers. work in the wild guarantee that SQL injecOn the client-side there is an additional hettion, Web server exploits, JSON exploits, erogeneous stack of HTML, XML, Javascript, CSS exploits and application design flaws CSS and Flash. On the server-side, we have: that enable attackers to steal data will con2-5 languages (PHP, SQL, tcsh, Java, C/ tinue to star in today’s headlines. C++, PL/SQL) Passing messages between remote proLots of interface methods (hidden fields, cesses on the UI is a really bad idea, but query strings, JSON) the entire rich Web 2.0 execution model is Server-side database management based on this really bad idea. (MySQL, MS SQL Server, Oracle, PostAsk a simple question: How many ways are greSQL) there to pass an array of search strings from On the client side, we have: a browser client to a Web server? Let’s say at 2-5 languages ((Javascript, XML, HTML, least two – comma-delimited strings or JSONCSS, Java, ActionScript) encoded arrays. Then ask another question Lots of interface methods (hidden fields, – do Mozilla (Firefox), Webkit (Chrome) and query strings, JSON) Microsoft IE8 treat client data transfer in a Local data storage – often duplicating uniform, vendor-neutral standard way? session and application data stored on the Of course not! The list of Microsoft IE server data tier. incompatibilities or different interpretations A minimum of 2 languages on the server

80%

Passing messages between remote processes on the UI is a really bad idea, but the entire rich Web 2.0 execution model is based on this really bad idea.

of W3C standards is endless. Mozilla and Webkit transmit UTF-8 url-encoded data as-is in a query string sent to the server. But, Microsoft IE8 takes UTF-8 data in the query string and converts it to? (Yes question marks) in an XHR transaction unless the data has been previously url-encoded. Are browser incompatibilities a source of application bugs? Do these bugs lead to software security vulnerabilities? Definitely! So, it’s really easy to develop cool Web 2.0 applications for seeing who’s hot and who’s not. It’s also cheap to deploy your totally-cool social networking application on a shoestring budget. Facebook started with a budget of $9,000 and so can you. But, it’s also totally easy to hack that really cool rich Web 2.0 application, steal personal data and crash the system. A standard answer to the cloud security challenge is writing the security into the contract with the cloud service provider. Consider however,who is the customer of that cool social media application running in the cloud on some IaaS (infrastructure as a service). If you are a user of a cool new free application, you cannot negotiate or RFP the security issues away, because you are not the customer. You generate content for the advertisers, who are the real customers. With a broken development and execution model for rich Web 2.0 applications, the cloud computing model of software as a service utility is not sustainable for all but the largest providers like Facebook and Salesforce.com. The cost of security is too high for the application provider and the risk of entrusting valuable business IP and sensitive customer data to the cloud is unreasonable. Your best option is to hope that your cool Web application will succeed small-time, make you some cash and enable you to fly under the radar with a minimal attack surface. Like your first girl friend told you – it’s not you, it’s me. — Danny Lieberman is a serial technology innovator and leader – implementing ideas from brain to business. Since 2003, Danny has been doing data security consulting and data protection/ information assurance projects using data loss prevention/ extrusion prevention technology. This article was first published on www.infosecisland.com. It is reprinted here with prior permission.

20A

cto forum 21 january 2011

The Chief Technology Officer Forum

d ata c u lt u r e

B E S T OF B R E E D

Bridging the Gap Between Data and Insights Companies must begin to adapt a 'data culture' if they are going to benefit from its onslaught.

By Chris Miller

rom Facebook feeds and YouTube videos to sales and customer data, individuals and enterprises have become constant generators of digital content. In fact, according to a 2009 blog post by Andreas Weigend in the Harvard Business Review, more data was generated in 2009 than in the entire history of mankind. This onslaught of data is making it difficult for companies and executives to get the insights they need and make business decisions. It is also putting a strain on IT infrastructure with 55 percent of respondents reporting a slowdown of IT systems in a recent survey commissioned by Avanade. According to the report, conducted by Kelton Research, more than half of business and IT executives report they feel overwhelmed by the amount of data their company manages. And, many report they are often delayed in making important decisions as a result of too much information. Despite the fact that employees and management are overwhelmed by big data, they are still asking for more, and they want it even faster â&#x20AC;&#x201C; 61 percent of executives say so. And, one-in-three say they desire even more sources of data in order to perform their job better. This desperation for getting the right information to make business decisions is placing more pressure on executives to consume even more data; forming an addiction to data in absence of good business information. In order to address these challenges and start deriving true business value from all this data, companies must develop a data culture where executives, employees and strategic partners are active participants in managing a meaningful data lifecycle. IT organisations play a key role in making this possible. Over the last 10 years, IT organisations have really started to

morph themselves from just keeping the lights on into true value creation. Providing and maintaining a strong core infrastructure is important but, how does IT add to the business and contribute value? Companies see this happening when IT can provide the tools that enable people to access actionable information that leads to business decisions. This is one of the key challenges with big data: how do companies identify all the sources and creators of data? How do they filter out the stuff that is not important and then, get into the hands of the people who make decisions?

So what do we do? Today, most organisations are either in Phase 0 (not even thinking about it) or, they are in the process of trying to identify all their different data sources. Companies are also investigating where (and at what cost) to harness new sources of data. For example, many The Chief Technology Officer Forum

cto forum 21 january 2011

B E S T OF B R E E D

d ata c u lt u r e

organisations are looking to invest in customer relaemployees and customers) are more accountable for the tionship management (CRM) software to take advandata they are creating. tage of new data sources like Twitter, Facebook, etc. In Distributing: Because different data is intended for fact, findings show that 67 percent of executives have different levels, locations and business units, companies invested or are seriously considering investing in CRM Executives have must utilise a distribution mechanism that is both autoin the next 12 months. mated and intelligent. invested or So how do we get from where we are today to where Applying: Overall, businesses must evolve from data considering we want to be? It’s clear many companies lack the basic analysis to insight to prediction. Applying the right data measures to manage big data, but see huge potential investing in crm in the right case is crucial to this evolution. Some organbenefits if they can learn to leverage it effectively. Busiisations may even find opportunities to monetize data in in next 1 year nesses must employ a holistic approach to data managenew ways and create competitive differentiation. ment – a new approach for many – that focuses on the Searching: This is a critical foundation for tackling the entire data life cycle. This will enable businesses to turn data first big data problem. Companies must introduce comprehensive tools into usable information and ultimately into true business insights. that allow employees to find the right real-time data from across A few key steps in the process include: both structured and unstructured sources. Identifying: Today, every business is a digital company and every This “data culture” where executives, employees and strategic customer or employee is a content producer. The first step to creatpartners are active participants is crucial for managing a meaningful ing business value is to prepare the enterprise to be able to quickly data lifecycle. Tomorrow’s successful companies will be equipped accommodate new data sources, to understand where the data is to harness new sources of data and take responsibility over accurate coming from, who is creating it and where the content lives. data creation and maintenance. This enables them to bridge that gap Filtering: The second step is to determine what data is important between raw data and business insights. and what data does not matter and provide tools and data manage— Chris Miller is the CIO at Avanade. He guides Avanade’s development ment policies that enable staff to effectively filter data for relevance of technical infrastructure and applications architecture. quickly. It is vital to consider how the company will use the data. To see more articles on this or any topic affecting IT today, please visit Next, companies must identify what filters to apply, how to categowww.cioupdate.com, a premier destination site for CIOs, CTOs, and IT rise the data and then, establish processes so that producers (all executives from around the world.

67%

h ot t re n d s

COVE R S TO RY

Hot Technology Trends for

2011

ILLUSTRATION BY Sristi Maurya

Watch out for these key trends that'll steal all the news in the next twelve months. By Jeff Vance

ast year I forecast a 'continuingly' troubled economy, slow growth for IT spending and a mostly jobless recovery. According to Gartner, enterprise IT spending grew by only 2.9 percent in 2010. According to a Forrester IT spending survey, the vast majority of CIOs, however, reported that their budgets didn’t grow at all from 2009 through 2010. As for jobs, according to Moody’s Analytics, after losing more than 300,000 jobs in the depths of the recession, IT jobs grew by a substantial 15 percent in 2010 -- an impressive number, on the surface. Digging into the numbers, though, puts a damper on the optimism. Much of the growth is directly related to temporary stimulus money that is being used to build out broadband networks and much of the growth is confined to health-care IT, a sector that should continue to shine in 2011. The TechServe Alliance sees things

differently. According to TechServe, IT employment is up only 2.2 percent over 2009. TechServe said it is bullish on IT job growth, even though its report showed significant losses in such areas as data processing. Since agencies like Moody’s and lobbying groups like TechServe played pivotal roles in the collapse in the first place, take the fact that they are “bullish” with a grain of salt. They get paid for their optimism. According to economists from the Conference Board and Brandeis University Inter-

“By nature and design of the internet it would be tough for governments to regulate it. All advantages to the internet far outweigh the problems it comes with it. It is just not practical.” Rajesh Uppal — Executive officer (IT) and CIO Maruti Suzuki India

cto forum 21 january 2010

The Chief Technology Officer Forum

national Business School, the tech sector is adding jobs at an anemic pace and continues to shift many jobs overseas. I should note, though, that plenty of economists believe that Q4 2010 and 2011 will show improvement in the tech sector, even though the sector appears to be in the early phase of a major structural realignment. In one of the economy’s few bright spots, I predicted that smartphones would continue their rapid ascent, muscling out feature phones and even stealing market share from low-end laptops. IDC believes that by year's end, the smartphone market will have grown by 55 percent over 2009. A year ago netbooks were popular, but I accurately foresaw that popularity as a fad with a short shelf life. The netbook’s appeal has been undercut by both smartphones and tablets, most notably the iPad, and they could even face pressure from thin clients in the enterprise. Last year, I saw cloud security being a real rather than conceptual problem in 2010. This prediction is mixed. Enterprises continue to worry about cloud security, but cloud adoption continues to be strong, mostly in smaller companies, though. Meanwhile, many enterprises are side stepping the cloud security issue by cautiously adopting private clouds, and, if they use it at all, embracing the public cloud only for low-risk things, such as remote email access.

h ot t re n d s

A few of my other predictions (IT security shifting to a risk-management approach, Windows 7 as the last big OS launch, the cloud forcing business to rethink the desktop) look promising but need more time before being accurately judged. My one big miss last year was with social networking. Social networking continues to bedevil my predictions. Two years ago, I believed enterprises would try to put the brakes on social networking. Last year, I thought that enterprises would start to worry about things like social engineering attacks launched over sites like Facebook. The risks of social-networking-based attacks are very real, but the attitude of the typical CIO seems to be that the benefits of social networking far outweigh the risks. In the short term, at least, they’re probably right. So with 2010 out of the way, let’s look ahead to 2011.

Governments will make noise about regulating the Internet but, other than Iran or China, they won’t

here has been plenty of fallout after WikiLeaks released a classified video of an air strike in Baghdad, documents from the US Department of Defense related to the war in Afghanistan and diplomatic cables. One of the predictable reactions is a call to regulate the Internet. The UN is also considering creating a governing body to regulate the Internet. The UN effort is backed by the likes of China and Saudi Arabia, as well as less authoritarian nations such as Brazil and India. I don’t expect these efforts to go very far. The far right in this country already fears UN meddling in US

COVE R S TO RY

“Regulation will happen. The people would decide on what they want. It will take some time to get matured in India, but it will definitely happen in due course.” Suresh A Shanmugam — Head - Business Information Technology Solutions (BITS), Mahindra & Mahindra Financial Services

affairs, and anything like this would never get through the Congress. If the Internet will be regulated in the US, it will be by a US agency. Coincidentally, not long after the release of the diplomatic cables, the FCC voted on net neutrality. The initial regulations actually regulate Internet service providers, not the Internet itself. The FCC ruling prevents service providers from blocking various types of content, but allows them to offer tiered services. Taken as a whole, the FCC’s current decisions about net neutrality do very little to regulate the Internet.

Facebook’s prominence will spark privacy concerns

ne area that could spark some regulation, though, is privacy. As social networking continues to rise in importance, with Facebook now driving more traffic than Google, don’t be

surprised if privacy concerns continue to ramp up. A friend of mine just got engaged, mentioning this in her status, and, predictably, she began seeing all sorts of wedding-related ads on her Facebook page. Another friend complains that once he mentioned caring for his elderly parent, he ended up getting all sorts of elder-care spam. Internet advertising and marketing firms have been optimising their ability to send you targeted ads for years. While they are slapped on the wrist from time to time, their efforts mostly continue unimpeded. However, the perception isn’t that Internet marketers are violating your privacy, but that the sites in league with them are. Now, sites like Facebook aren’t entirely to blame. If people don’t set their privacy settings properly, it’s pretty easy for spam spiders to scrape content. It’s also fairly easy for hackers to learn enough about you to steal your identity or launch targeted social engineer-

The Chief Technology Officer Forum

cto forum 21 january 2010

COVE R S TO RY

h ot t re n d s

ing attacks (if you’re a big fish). As Facebook cements its position as the social networking site in 2011, it won’t be long until Facebook (and other sites like LinkedIn) are pressured to do more to protect your privacy and thwart would-be spammers and hackers. (And, yes, I’m hoping three times is the charm with social networking. We’ll see.)

State-sponsored attacks become more widespread

ecurity experts used to worry about sleep-deprived teenagers in their parent’s basements. Now, they must worry

“A person can write anything without knowing its importance to the company. It is very difficult to control, the only thing that can help is proper education and guidelines.” —Atul Luthra CIO, ABC Consultants

cto forum 21 january 2010

The Chief Technology Officer Forum

about state-sponsored attackers backed by the likes of China, Russia, Israel or even large organised crime syndicates. One of the cables in the WikiLeaks diplomatic dump traced the Google attack of early 2009 to a source everyone expected already: China, specifically, a top Chinese propaganda minister. In the summer of 2010, the Stuxnet worm targeted the SCADA systems that control power plants, factories and the like. Although there isn’t a paper trail to prove this, most security insiders believe that the worm originated in Israel and was intended to disrupt Iran’s nuclear program. According to security firm Imperva, North Korean cyber-spies have begun mimicking the hacker community, using botnets to attack US government agencies. Expect more state-sponsored cyber-attacks in 2011. And don’t be surprised if some of these originate in the US, which considered but dismissed a Stuxnet-type attack during the Iraq war on Iraqi infrastructure and which continues to use cyber-attacks to jam the communications of Iraqi insurgents and the Taliban.

Android becomes the new Windows

ccording to research from Gartner, Android overtook the iPhone in 2010 to become the most popular smartphone platform in the US and the third-most popular handset (behind Symbian and BlackBerry) in the world. As Google continues

“Countries need to have better security controls and discipline. They must have a constant review OF their information security infrastructure. And they must go in for periodic audits.” —Boman Nakra Chief Information Officer, Credit Agricole Corporate & Investment Bank.

to build out the Android Marketplace, and as it pushes both Android and Chrome into a variety of non-PC devices, Android looks like a good bet to be the Windows of the mobile world. However, I expect that operating systems in general will become much less important over time. One of the major changes ushered in by smartphones is the importance of the app. In the next couple of years, devices will emerge that will

h ot t re n d s

be, essentially, limited-purpose app delivery devices. That’s pretty much what a Kindle is, after all, a connected device with a very specific function. Android is well positioned to be the Windows of the post-PC era, but the real winners will be the developers of apps, like Facebook or game makers like Angry Birds, that people can’t live without.

“Collaboration technologies will drive the cloud and mobility, especially with the advent of 3G. They will become more habit and culture. Mobility will see a lot more adoption in the field force. It may actually make life easier with the maturity of the cloud.”

Mobile and cloud conspire to drive IT crazy

y itself, cloud computing should make life easier for IT ... eventually. The key word being “eventually.” There will be plenty of fits and starts during the transition to cloud-based computing. One thing that is worrying IT is highoctane smartphones made even more powerful with the cloud. Some security pros believe that smartphones will actually improve security, since users will be less likely to store sensitive data on them. However, if your organisation doesn’t have easy remote access in place, don’t be surprised if users start migrating data to their own personal clouds, where they can then access it from whatever device they please. Of course, this is a headache for IT – especially since the freebie cloud services don’t offer the fine-grained security befitting enterprise computing. Microsoft, for instance, has been hyping its cloud storage service, SkyDrive. SkyDrive and Windows Live are supposed to make it easy for people and groups to store documents and collaborate via the cloud. The trouble is that SkyDrive’s sharing controls are blunt instruments, and, of course, data in

COVE R S TO RY

Vipin Kumar — CIO, Escorts Agri Machinery Group

SkyDrive is protected only by user names and passwords, which doesn’t pass muster in regulated industries like health care and financial services. There have also been instances where employees have connected to their employers’ networks with their own personal smartphones only to later find that their employers have remote wiped their phones, removing everything – company data and otherwise. Companies will argue that it’s within their right to do this, especially when, say, an employee is terminated. However, consumer advocacy organisations and a few intrepid individuals may well push back. Legally, remotely wiping a device you do not own or subsidise is a grey area, but does IT really want

to trade one headache, worries over data leakage, for another, the threat of a lawsuit? Either way, IT will grapple with issues such as these as the cloud and smartphones continue to invade the enterprise.

Smart grids actually get smart

f you’ve followed tech trends even casually the past decade or so, you’ve been hearing about smart power grids for years. Nothing much has come of it. A recent New York Times story summed it up well: “A popular dictum from the power industry: if Alexander Graham Bell, the inventor of the telephone, could see how his technology had evolved over the last century, how would he react?” Of course, he’d be astonished. I say if Thomas Edison, the pioneer of power distribution, were afforded the ability to time travel to today, how would he react?

The Chief Technology Officer Forum

cto forum 21 january 2010

COVE R S TO RY

h ot t re n d s

He’d shrug and say that nothing much has changed. In fact, the big news about technology and power grids this past year is how easy it is for hackers and malware like Stuxnet to undermine them. “Some of the early attempts at smart grids didn’t work out so well,” said Deborah Magid, director of Software Strategy for IBM’s Venture Capital Group. “Standardisation efforts are all over the map, and if you go to ten different utilities, you’ll find ten different IT infrastructures.” Just as each power plant has its own infrastructure, early smart grid efforts have evolved in a similar piecemeal, disconnected fashion. Much of the disorder is due to the fact that the market is in such an early stage of development. The Obama administration has committed $4 billion for smart grid proj-

“There is no doubt Android is hot. But, Windows has created history which will take a while to be overtaken. Android will grow in mobiles and tablets.” —Sarabjit Singh Anand Head IT-India, SouthAsia and GSSC, Standard Chartered Bank

cto forum 21 january 2010

The Chief Technology Officer Forum

ects, and IBM, Cisco, Microsoft and others are all investing in the space. For IBM, its smart grid strategy is part of its larger “smart planet” strategy, which includes smart water metering, intelligent transport systems and even “smart buildings.” In 2011, expect to see these several of these “smart” visions transform into realities.

2011 is the year of the tablet

he iPad was the hot device this past year, and, predictably, this year’s CES convention was chock-full of newly launched tablets from Motorola, Asus, Dell and others. In fact, CES's Chief Economist, Shawn DuBravac, estimates that more than 100 new tablets were on display at CES this year. “Today, 90 percent of individuals are accessing their computing infrastructure via PCs and 10 percent are accessing via a widely dispersed combination of virtual desktops, cloud PCs, zero clients and more. In less than 10 years, I expect that ratio to be reversed,” said Jeff McNaught, chief marketing and strategy officer for Wyse, a provider of cloud client computing solutions and thin clients. McNaught points out that the last few years have seen several shifts in what is the hot, musthave consumer device of the moment, but there is one constant: none of them have been PCs. A few years ago the GPS was all the rage, followed by the iPhone and Android. Everyone was buzzing about the importance of netbooks in 2009 and then the iPad in 2010. “Businesses and consumers have more choice than ever regarding how they access and manage their computing infrastructure. This choice is a direct

“Although iPad is not in India, Samsung Galaxy Tab is doing pretty well. Now that they are 3G enabled, it becomes a powerful communication device.” —Arup Choudhry Chief Information Officer, Eveready Industries

result of a new generation of end point devices, and infrastructure advances in virtualisation, cloud computing, and networking,” McNaught said. The PC isn’t going to disappear, but its status as the go-to computing device for consumers and businesses is under siege. That’s it for 2011. Be sure to come back next year to see how I did. —Jeff Vance is the founder of www.sandstormmedia.net, a copywriting and content marketing firm. If you have ideas for future stories, contact him at jeff@ sandstormmedia.net. This article appears courtesy www.cioupdate.com. To see more articles regarding IT management best practices, please visit CIOUpdate.com.

HORIZONS

Features Inside

Are You Driving the Business Agenda for 2011? Pg 31

photo by photos .com

Are You a CIO of Transformation? True transformation occurs within both the IT organisation and the business' core systems. By Pam Baker

oday, the IT infrastructure is the backbone and accelerator of a company's business transformation," explained Jean Cholka, CEO of the global IT services provider Freeborders. "Thereby, having the right leader in the IT organisation in place is critical to a company's success." This transition in IT's role was fuelled by a number of converging storm fronts: a worldwide recession, an increasingly geography-diverse and mobile workforce, and a rise in customers opting for more virtual contact than physical face-time. Companies that operating mainly from a brick and mortar presence quickly saw it turn into a tomb while Web-based companies found themselves capsizing, bereft of actionable data in a surging sea-change. It was and is IT that saves the day but it does so by changing its stripes while on the run. "Anyone who wants to be a transformational leader for a major organisation needs to understand that people can't wait for transformational results," said Will Marlow, director of Communications at LogiXML, a business intelligence and reporting software company. "They need results all along the The Chief Technology Officer Forum

cto forum 21 january 2011

N E X T H OR I Z O N s

leadership

way, and your legacy will be the result of the sum of all those results combined."

Transformation on demand True transformation occurs within both the IT organisation and the business' core systems. Resistance is futile since resistance in this economic climate leads to financial ruin. Oddly, it is the business side that endorses the mantra "transform or die." "The push-back was always greatest from IT and not the business," said Stuart Zimmerman, principal of CCZ Consulting. While IT knows enough to see change as a threat to their jobs and their relationships within the organisation, business users usually see changes as "refreshing opportunities to improve their jobs." It is a bizarre twist that the threat really works in reverse: "IT roles will change but not necessarily go away while jobs for users are often more susceptible to being automated away," said Zimmerman. The transformational CIO must recognise this irony and convert it into energy that can carry the company forward. Partly, that's a matter of reassuring IT folks that they won't work themselves out of a job (although such assurance may not be possible in the current economic climate). It is truthful, however, to inform IT staff that hiring and retention programs are on the upswing and both new jobs and promotions in old jobs swing on the success of completed projects. It is no exaggeration to say that no one is hiring or promoting IT people without a recent list of successfully completed projects. That said, the transformational CIO must inspire and motivate on the one hand and shove with the other. "The key to IT transformation is to start with senior level company or divisional management and know just how far you can push," said Zimmerman. If this approach sounds familiar, that's because "transformational leadership" has been around for decades. A 2004 analysis by Timothy Judge and Ronald Piccolo at the University of Florida and published in the Journal of Applied Psychology found that transformational leadership is nothing new. It tracks back to a similar style promoted in 1921. So, no, it isn't that the leadership style is new, what's new is CIOs have to do it ... not just CEOs. For example, in healthcare the CIO "needs to be a leader, innovator and strategic

cto forum 21 january 2011

The Chief Technology Officer Forum

thinker," said Mike Tucker, general manager PBM Products & Technology-Payer Solutions at IMS Health. This used to be just the CEO's job description. He says the scale of healthcare reform is incredibly broad and the CIO needs to be constantly learning about regulatory and industry trends; looking for opportunities to advance critical areas of change. "In the past, the healthcare CIO has been a cost and project manager. The new healthcare CIO needs to be a thought leader as well as an operations expert." These days, CIOs are not encouraged to be transformational leaders, they are expected to be. Further, transformation is expected to be delivered immediately and on-demand.

perspective and measure on-going cost, value and quality of service. "Detailed, actionable metrics such as direct/indirect and fixed/variable will be favored over basic IT-specific measurements like utilisation and performance. Only then will the CIO be able to bridge the chasm that currently exists between IT and their business partners." Once that chasm is bridged, the IT team and its CIO become invaluable to the business, not because of their technical knowledge, which can easily be replaced by outsourcers, but by their ability to form and hone the business' competitive edge. This becomes the IT team's formidable differentiator. The message to the IT team then is, "This is how you compete and win!"

If this approach sounds familiar, that's because “transformational leadership” has been around for decades. Old, new and 'tween The transformational CIO has read the writing on the wall (in this case, outsourcing docs). He knows that IT jobs have fled overseas and he knows that his team knows this, as well. Therefore, the motivation to put the business' welfare over that of the IT department's is mostly absent. Yet, the CIO cannot muster change unless he can first rally his troops. The best way to do that is to eradicate the fear first. While few CIOs can unequivocally promise no layoffs, nearly all CIOs can ease uncertainty by clearly presenting the team's actual circumstances and offering a means to successfully compete. Spell out to your teams that IT is increasingly being viewed as any other service provider to the business. This means they have to deliver end-user services (email, telecom etc.), business services (applications) and infrastructure (compute, storage, etc.) all the while being "price, quality and value comparable to external service providers" said Sunny Gupta, cofounder, president and CEO of Apptio. The transformative CIO will have to manage their IT portfolio from a services

The ABCs of transformational leadership According to Bonnie McEwan, visiting lecturer in Management and Leadership, Milano The New School for Management and Policy in New York City, there are three key things a leader must focus on if they aspire to be truly transformational: 1 Always remember that the transformation is two-way : You will be changed along with your followers. Transformation is a process and its power lies in the exchange (and the changes) that take place between people. 2 Great leaders are also great followers : Transformational leaders know when to step back and let another take the lead. It is especially useful to embrace your follower role when you are seeking to develop the leadership abilities of others. Since leaders are at or near the top of the organisational hierarchy, it can be difficult to see what's really happening on the ground, where the work of your organisation takes place. Followers often see realities that leaders miss, so it's important to allow your best followers to take the lead

leadership

sometimes, and even encourage them to mentor you. 3 Be very clear about the transformation you seek: Know what it looks like, and describe it for your followers. This is more than just your vision. It's a shared view of a transformed reality that you all strive for together. Talk about the transformed reality every day, as that's what inspires people to move forward. Model that new reality in everything you say and do; make it tangible for your followers. Indeed, bringing about transformation is a hands-on job. "The leader can't be a faceless name behind emails but must interact with the team frequently and with the members of the organisation IT is serving," said Mike Honeycutt who has worked in IT for the University of North Carolina at Asheville for 28 years.

N E X T H OR I Z O N S

13.7%

Yes, the transformational —Pam Baker's published credits CIO must have a strong vision include numerous articles in leadand be able to communicate it ing publications including, but not effectively to the team but that limited to: Institutional Investor is the starting point not the magazine, IT World, Linux World, compound end-point. The CIO must posannual growth Internet News, E-Commerce Times, sess an equal mix of charisma, LinuxInsider, NY Times, and Knightof enterprise business acumen, people Ridder/McClatchy newspapers. skills, motivational ability, conShe has also authored several mobility viction, and courage. His comanalytical studies on technology mitment to the organisation and eight books. Baker also wrote and the team must be unwavand produced an award-winning ering and his knowledge of documentary on paper-making. things outside IT forever growing. She is a member of the National Press Club "It may be hard for some technology lead(NPC), Society of Professional Journalists (SPJ), ers to keep a business focus, but descending and the Internet Press Guild (IPG). To see more into the morass of IT minutiae severely limits articles on this or any topic affecting IT today, the CIO's sphere of influence," said Jeffrey please visit www.cioupdate.com, a premier desBreen, CEO of Cambridge Aviation Research tination site for CIOs, CTOs, and IT executives and formerly CTO of the Yankee Group. from around the world.

Are You Driving the Business Agenda for 2011?

We should be very clear on what the upcoming fiscal year has in store for our enterprise. By Larry Bonfante

hose of you who read my column regularly know that I don’t believe that IT is separate from “the business.” I’m not a fan of all that “alignment” hooey. Rather, I believe that IT is a critical core component of the business. Therefore, if we are truly part of the leadership of our organisations, there shouldn’t be a whole lot coming down the pike that surprises us. We should have been engaged with our business partners in strategy discussions, and therefore should be very clear on what the upcoming fiscal year has in store for our enterprise. That said, the economic turmoil of the past few years has taught us that a certain level of surprise is endemic to any company. I am not a fan of always reacting to what happens. I believe that there are three kinds of people in this world: those who make things happen;

those who watch things happen; and those who wonder what happened As CIOs, we should help drive the enterprise agenda, instead of waiting to be told what we need to focus on. For example: 1.If we know our organisations are going through tough times, we should proactively look for ways to reduce our operational cost structure. 2.If we know that we will need to innovate to survive, we should help drive the innovation agenda and set the pace for the rest of the organisation to follow. 3.If we know that we need to identify new revenue streams, we should explore opportunities to leverage the technologies we have implemented to generate new revenue. Here’s a personal holiday story. At the end of 2008, when all of us were planning for what turned out to be an extremely challenging 2009, The Chief Technology Officer Forum

cto forum 21 january 2011

N E X T H OR I Z O N s

business

my team and I decided to make a conscious effort to go on the offensive and made a video starring our clients. We highlighted the tremendous value-adds the entire enterprise was seeing from the technology investments we had made. We marketed the fact that we had completed all of our projects on time, on budget and on value for seven years running. We proactively reorganised IT (instead of waiting for the Grim Reaper to knock on the door), lowering our headcount and reducing our budget, while also streamlining our operation and improving client satisfaction. What was the result of this approach? Our team received 100 percent of the capital project dollars we had requested, while others in our organisation struggled to get their projects approved. We were identified as business leaders in driving effectiveness and efficiency throughout the entire organisation. This was a total team effort. (I’m just the

As CIOs, we should help drive the enterprise agenda, instead of waiting to be told what we need to focus on guy who gets to write about it.) Instead of having a group of people who were demoralised and scared of what lay ahead, we had a team of invigorated and motivated people who performed at an even higher level than we had in the past. So my question to you is this: Are you

sitting around anxiously waiting to see what Santa will be leaving for you under the IT tree? Or, are you busy elves, driving the agenda at your enterprise “North Pole”? Before I sign off, I would like to take advantage of this forum to thank the talented and dedicated members of my team who have made this our best year ever. I hope that all of you are blessed to work with such amazing people. Wishing you happy holidays and a successful 2011.

— Larry Bonfante is CIO of the United States Tennis Association and founder of CIO Bench Coach. He can be reached at Larry@CIOBenchCoach.com This opinion was first published in CIO Insight. For more such stories please visit www.cioinsight.com

hiddentangent Geetaj ChannanA geetaj.channana@9dot9.in

The author is Executive Editor, CTO Forum

BI in Jeopardy! Watson by IBM beats

humans at the popular game show In India, not many would know a popular American game show called ‘Jeopardy!’ So, to set the context – Jeopardy! is a quiz show that touches art, history, world play, pun, science, sports, movies and everything else. The twist is that instead of being asked questions, the contestants are given answers for which the contestants have to give questions. It is now in its 27th season in the United States. For instance, one of the clues given to contestants was – “This mystery author and her archaeologist hubby dug in hopes of finding the lost Syrian city of Urkesh.” The solution was – “Who is Agatha Christie?” Now that you know the show – I am sure you understand how difficult it is for a computer to get the solutions for the clues that are presented. Not, if the computer is Watson. Watson, named after Thomas J. Watson, the founder of IBM, is the latest Artificial Intelligence (AI) machine created by IBM to answer questions posted in natural language. Very similar to the onboard computers featured in Star Wars and Hitch Hikers Guide to the Galaxy. Besides the really smart AI software that took four years in the making, the machine is powered by 10 racks of IBM Power 750 servers with close to 3,000 cores running at 80 teraflops, and 15 terabytes of RAM. Over the

last four years, its developers have fed all kinds of information, including books, encyclopaedias, dictionaries, novels, plays and lots more into it to help it solve with ease all kinds of riddles thrown at it. The machine uses multiple algorithms to come at a solution; the solution that is computed by most number of algorithms is given the highest probability rating. This is what is given as the answer. In 2007, when the team tested its capabilities for the first time it gave correct answers only 15% of the time. Now, when it went against two of the all time best Jeopardy champions in a demo round, it came out trumps with winnings of $4,400, the two champions Brad Rutter and Ken Jennings went home with earnings of $1,200 and $3,400 respectively. During this game, none of the contestants got a question wrong but it was the contestant hitting the buzzer the fastest, who won. Watson, had its own pneumatic finger to push the button. A full show of Jeopardy! is planned for February 14, 15 and 16 where Watson will play the champions again. Now, imagine a resource like Watson available to your enterprise to solve problems or give faster insights into data that was difficult to think of before. Currently, you fight with dashboards and reports to give you all the BI data that you need, and

creating a new query can be quite difficult if not sometimes impossible. For BFSI and Telecom companies, such a resource could be invaluable to ensure that they are always ahead of the competition and are able to get valuable insights into their customer data. How about fraud detection? The possibilities are endless. What IBM would need to demonstrate is that this machine is fully capable of cross indexing and providing solutions to enterprise data and not just smart answers to seemingly impossible trivia questions. Also, it will be important to understand where and how this machine get its data in the organisation, and how long will it take to configure this to individual needs. While you ponder over this question, and try to imagine the capabilities of the machine – I’ll go back to solving today’s Sudoku. Or rather I would leave it to Google Goggles to do it for me. Yes, my phone may not answer Jeopardy! questions, but it can certainly solve this Sudoku puzzle. The Chief Technology Officer Forum

“Watson, is the latest Artificial Intelligence (AI) machine created by IBM to answer questions posted in natural language.”

cto forum 21 january 2011

T E C H FOR G O V E R N A N C E

i n n o vat i o n

POINTS

If necessity is the mother of invention then profit is the father of innovation best results come from releasing the thinking mind

illustration by Binesh sreedharan

It is the deviating thoughts that create innovation The key is to weigh each idea against hard business parameters

Mastering Innovation

There is no perfect solution

Unlike 'Eureka!' moments that come and go, innovation is achieved through creative thinking, planning and processes. By Pam Baker

cto forum 21 january 2011

The Chief Technology Officer Forum

i n n o vat i o n

T E C H FOR G O V E R N A N C E

clouds," explained Wasserstein. "Eventually you see shapes, then objects, then relationships between objects." This is the same process that occurs in a successful brainstorming session aimed at creating innovation. There are a number of tools and exercises designed to enable creative thinking -- the very root of innovation. Among the most commonly used is Force Fitting, an exercise where two objects are randomly selected from a collection of unrelated items. The team must then think of connections between the two. This exercise enables the brain to see familiar objects from a different perspective and forces it to "fit" the two can innovate, we're done as a species," said together; to find their connections. This Dan Keldsen, president of Information drags the mind away from its more comfortArchitected, a boutique consultancy focused able, predictable ruts and into the realm of on the intelligent use of content, knowledge possibilities (and, hopefully, profits). and processes to drive innovation. Mind mapping is a useful tool in accomBefore you can successfully deploy the plishing the same thing but between next steps in the innovation process you ideas, rather than objects. Generally, any must release yourself and your team from tool, even a pen and cocktail napkin, can the notion that you must individually or serve to help you and your team visualise collectively produce a "Big Idea." In the concepts and the possible connections end, you may arrive at a Big Idea, but to do between those concepts. so you need to first remove any pressures There are tools such as eBeam and to produce such a thing. Indeed, you must PaperShow that are specifically designed remove anything from the mindscape that to capture, file and share your paper and can impede creative thought. board scribbles. Other tools such as PhatPad "The hard part about all this is counterfor iPads work like paper. Even with a tech intuitive because the best results come conversion, some teams find paper and pen, from releasing the thinking mind," said chalkboards and whiteboards too clumsy for Nat Wasserstein, managing director at Linthis work and prefer more traditional mind denwood Associates, a crisis management mapping software such as MindMeister, firm. "So the 'brain' in brainstorming isn't XMind, MindManager, Basecamp, FreeMreally the part that analyses, deduces, or ind, Mindomo and SmartDraw instead. applies reason." The best ideas for innovation will lie inside the connections formed. Often, they Discard the box will be completely unexpected. Whereas "Thinking outside the box" was a phrase logic and analysis may lead innovation once filled with possibilities. It could still teams to build a more competitive product, be useful if it had not become such a climind mapping can lead them chĂŠ. It is the deviating (no, not to creating a new market. To devious!) thoughts that creassist with such break-away ate innovation. Therefore, all thinking, there are tools such as familiar paths and structured Blue Ocean Strategy that aid the thinking must be discarded at social innovation process beyond the the beginning of the innovanotion of an existing market and tion process; the mind must networking current competitors. be open to free association. users have Some innovation teams find "The best way to describe received breaking out of the workplace this is to consider what itself to be the most productive happens when you lay on malware means of brainstorming. the grass looking up at the

In the quest to compete in a "new and

improved" world, innovation became a catch-all term for anything that is different from that which came before. But change for change's sake is not innovation and innovation, as new and shiny as it may be, is not the same thing as invention and invention is not the same thing as discovery. Mastering the innovation process begins with understanding these important differences. "The big thing to understand is that unlike discovery and invention, innovation is a process that can be planned for and controlled," said Carl Frappaolo, innovation expert and director of Knowledge Management at FSG, a non-profit consulting firm specialising in strategy, evaluation and research. If necessity is the mother of invention then profit is the father of innovation. Typically, an invention addresses a need while an innovation appeases one or more desires (including the desire to use an invention). "There's a reason everything is compared to sliced bread," chuckled Frappaolo. "It's the most successful innovation yet. The simple act of slicing bread for the convenience of customers led to huge and profitable changes in the baking industry." Sliced bread was an innovation that satisfied the consumer's desire for convenience and the company's desire for a differentiator that would lead to increased sales. Need never entered the equation. Invention and discovery didn't either since both breads and knives already existed. Yet this seemingly unremarkable innovation oft cited in the old adage "the best thing since sliced bread" is the benchmark for other innovations and inventions. The first step in mastering innovation, then, is to understanding it is not a series of "Eureka!" moments that end in a massive single undertaking. To think this way is to doom any chance of eking creative thoughts from your own mind or your staff's. "If people think only Edison, Jobs and Gates

40%

The Chief Technology Officer Forum

cto forum 21 january 2011

T E C H FOR G O V E R N A N C E

i n n o vat i o n

"We do sit and brainstorm and we also like to go home, think on our own and come back," said Alex Shapiro, CarBuzz App Marketing director. "On a very different level, we've come up with great ideas when we've had company outings like playing paintball."

The path from tools to process While the process may begin with free association thinking, it ends with hard business decisions. "People see connections in brain-storming sessions and together they take these idea fragments and make connections between them until several complete and innovative ideas emerge," explained Keldsen. "From there you have to make hard decisions on which of those ideas you will pursue or implement." Think of it this way, Edison came up with thousands of variations on the light bulb but only a few were commercially viable and

those are the ideas that came to fruition. The key is to weigh each idea against hard business parameters: production or implementation costs, emerging trends, potential success or failure rates, and existing business intelligence, to name but a few. Don't worry if obstacles lead to a fresh brainstorming session as this is common and often smarter than just dumping a new idea out of hand. Indeed, a cycle of improvements is to be expected throughout the life of any idea. Once the innovation process is completed, begin implementation of the ideas that made it through the evaluation gauntlet. Do not, however, limit yourself to implementing one idea at a time. Why? "There is no more dangerous an idea than for it to be the only idea you have," said Keldsen. After all this begin again ... wash, rinse, repeat. There is no perfect solution and, even if there were, the questions themselves will change over time. The process of inno-

vation must therefore continue endlessly if you are to survive and prosper. —A prolific and versatile writer, Pam Baker's published credits include numerous articles in leading publications including, but not limited to: Institutional Investor magazine, CIO.com, NetworkWorld, ComputerWorld, IT World, Linux World, Internet News, E-Commerce Times, LinuxInsider, CIO Today Magazine, NPTech News (nonprofits), MedTech Journal, I Six Sigma magazine, Computer Sweden, NY Times, and Knight-Ridder/McClatchy newspapers. She has also authored several analytical studies on technology and eight books. Baker also wrote and produced an award-winning documentary on paper-making. She is a member of the National Press Club (NPC), Society of Professional Journalists (SPJ), and the Internet Press Guild (IPG). To see more articles on this or any topic affecting IT today, please visit www.cioupdate.com, a premier destination site for CIOs, CTOs, and IT executives from around the world.

Complexity A Sure Way to Fail The end result of difficult to use security products is clear - security breaches are rampant. By Rafal Los

here has been a good deal of griping lately about what "us security people" are calling the "dumbing down" of products in whatever product space. By this of course I mean products that seemingly drop advanced features to make themselves "easy to use" by the general end-user. While almost every single product's marketing page has "Ease of Use" as one of the check-box features, it's rare that this actually manifests itself in the real products. The end result of difficult to use security products is clear - security breaches are rampant. You don't have to take my word for it, do a search. Even though simplicity isn't the end goal of product development teams, it's important that the end user's ability to do something meaningful in the product with as little confusion, keystrokes, mouse clicks or "RTFM" as possible be weighted just

cto forum 21 january 2011

The Chief Technology Officer Forum

as heavily as the product's ability to perform it's advertised key functions. In the end if the product has amazing features no one can figure out - they won't be used. I have some experience with product teams, so I thought I would weigh in, and impart some of the things I've learned in my years with interacting directly with, and supporting product teams.

Dumbing Down Security? First and foremost, I don't think that products that make themselves simple to use are necessarily "dumbing down security" in any way. In fact, I would argue quite the opposite. In a well-done product, simple to use features make security more accessible, more usable and therefore - more consumable by a wider range of people. In the end, doesn't that benefit everyone? If you want "dumbed down security" you can certainly find it

securit y

T E C H FOR G O V E R N A N C E

throughout the products out there. I won't argue that there aren't products that have become so "simple to use" that the added value to security is minimal, but I wouldn't blame that entirely on the simple to use principle. In fact, I would blame the product teams for not working hard enough to make those features that are required to make security potent better activated by all that simplicity.

Transparent, Simple

it's cool to be a command-line ninja, let's face it - there aren't many of them out there... and enterprise as well as personal security shouldn't be directly proportional to one's ability to perform scriptfu at the machine level. Every security product should aspire to be the "Easy Button" but without losing too much capability to actually perform security tasks and do the things that need to be done to protect the user, the system or the enterprise from threats. How does that balance happen? Careful research combined with extremely seasoned security products managers combined with a team that performs usability testing and provides frank and honest feedback to those products teams. This balance also gets feedback from people that use these products everyday. Remember, it's not OK to be told to go read the manual because you're too dumb to understand "product X"... if it's not readily evident (and not some super-advanced feature like teleportation) and the vendor can't tell you why it's not readily evident - then maybe they're doing it wrong. Voice your opinion and tell them. Simplicity and transparency in perfect harmony with capability - this is the secret recipe for the perfect security product... ensuring uptake (adoption rates), usage (end-user use), and ultimately a safer experience.

Striking a Balance

—Rafal Los is Security Evangelist, Blogger, and WebAppSec SME at

Photo by photos.com

Ultimately, I've debated over and over that in order to have a meaningful impact, security must be transparent to the user, and as simple as possible. Complexity doesn't enable the user, and we all know what happens when we give end-users too many knobs, buttons and switches ... they either freeze like the deer in headlights and make no decisions - or make poor ones based on guesses ... either way things go poorly. In the case of security administrators (or analysts) the more complex we make products the more we force people to specialize. This specialization makes it almost certain that when a company needs to hire that 1 person who understands their firewalls, IPSs, DLP devices and everything else that they will be good at one product and have to read manuals for the rest. That's not a very good sign ... I'm not saying we have to have interfaces for security devices designed for the 6th grader in all of us - but it would help if the many devices, and mechanisms out there didn't require a Master's degree and a vendor certification to operate properly. "Out of the box" things should be usable ... and if they're not we should ask why, rather than simply accept that we're too dumb to use them properly. Transparent security is the pinnacle of the security mountain because it's a true test of simplicity and design power. If your anti-malware widget on your laptop can install simply and give you warnings when "things are going amok" with an intelligent analysis that doesn't require you to be a PhD in security jargon then it's a win because you'll know whether to hit the "block" or "accept" buttons ... right? It's even better if those decisions are made for the end user without intervention, all while not interrupting legitimate work or play. While I know we're not there (yet) and maybe we'll never be ... it's something to aspire to.

I've debated over and over that in order to have a meaningful impact, security must be transparent to the user, and as simple as possible.

In the final analysis - it's really all about striking a balance. Making products simple, transparent while making them powerful and giving them meaningful positive impact on security posture. While

Hewlett-Packard (HP) Software. Rafal also owns Boundariez Consulting. This article was first published on www.infosecisland.com. It is reprinted here with prior permission.

The Chief Technology Officer Forum

cto forum 21 january 2011

no holds barre d

C a r lo s S o l a r i

DOSSIER Name: Carlos Solari Designation: Vice President Cyber Technology and Services Organisation: CSC Present Job Role: Overarches management of the delivery of cyber solutions and services for CSC's customers throughout the public and private sectors. Previous Job Role: White House CIO

Plan Security

at Design Stage Carlos Solari Vice President Cyber Technology and Services, CSC in an exclusive conversation with Rahul Neel Mani speaks on how organisations should deal with their security framework at the design stage.

cto forum 21 january 2011

The Chief Technology Officer Forum

Carlos Sol ari

You’ve spent a lot of time with the US Army and a few years at the White House. You have seen almost all aspects of information security. What is it today and what would it be tomorrow? Out of the many things that are affecting the industry one that catches the attention instantly is the convergence. Everything has gone the IP way. It is not over yet. For the first time in the US, there are two very important types of commercials which I talk about. One is, TV as a computer and an IP computer. It is important to understand because if someone is going to sell you a TV (that is a computer), the network on that ground should be able to deal with it. The second one is moving to the IP-based 100 m/sec capacity for mobility. Mobility without constraints and 4G are enabling the smart devices extremely powerful. The last point is Cloud. In the past we had to depend on physical isolation of the data center. But we see the developments of today the layer which was used to gain access to the network is slowly withering away. These things are leading to a complete transformation of how IT is deployed and used. But unfortunately the security considerations have not kept pace with these developments. It still remains an afterthought for a vast majority of organisations. ‘We’ll think about that later’ is still the syndrome. The biggest question that arises here is how we design the security architecture in a corporate. The practitioners have to understand security at the protocol level and then design security architecture intended for ‘service’ and not just a ‘box’. From the past where we had separate infrastructures to the present where we have mobility with 4G, and the cloud, you’ll see a complete transformation of the infrastructure, the modalities of how we do information security. So, the main concerns are whether we have designed the security according to the modalities or we have forced ourselves to design it. At CSC (Computer Sciences Corporation), we talk about security and the role that it plays in the enterprises of today. CSC also works as a managed service providers to many large, prestigious organisations across the world. We’re looking forward to work with good partners and OEMs to make security a key compo-

nent of the overall IT architecture and also deploy security in the cloud. For a moment, let’s not talk about the technological aspects at all. The community at large, the professionals tend to ignore small things that later on become big problems. I would like you to comment upon those small things that should be carefully implemented so that they don’t become large problems at a later stage. If more security managers start testing and validating before they deploy anything, the industry, consisting of the developers and product makers, is going to start paying attention. That is going to do something bigger than other things. So far there has been little or no change in the industry’s behaviour. I strongly believe that the change in industry’s behaviour by being a good gatekeeper will be a great first step.

NO HOLDS BARRED

to a commercial service organisation to look at it on a 24*7 basis. Any incident that took place on our network was informed to us instantaneously. That little model served us well on many occasions. As we look into the future, we can think of many things that can be done by a managed security service provider (MSSP) to integrate all those technologies and deliver a service to help detect the problems. I believe that a lot of things that MSSPs have done traditionally in the past can be utilised to integrate everything together and provide as a service at different levels like bronze, silver gold, platinum. For example, if someone asks for platinum level service that would mean security on a 24*7 basis. I think that’s one of the solutions we at CSC are also going to provide extensively. Going forward, the important thing for us is creating a good mark for ourselves.

“As we look into the future, we can think of many things that can be done by a managed security service provider (MSSP) to integrate all those technologies and deliver a service to help detect the problems.” The practitioners have been making efforts to address point problems with point solutions. But they fail to reach to the fundamental - the root cause of the problem. So, what are those fundamental problems and are there any possible solutions towards those problems? It is a fact that enterprises can’t be the invader because they don’t have enough resources. They can’t afford to operate information security as they don’t have enough people who know about the technology. When I was the CIO at the White House, we actually took the services of Bruce Schneier who is the most coveted name in information security industry today and also runs Counterpane Internet Security, which does end-to-end security management for organisations. We actually decided to outsource our security services

This is more about logical security. Can it be also extended to the convergence which is happening in logical and physical security? I think we’ll have to look at converging logical and physical security functions. The days for separate physical and logical security functions are over. I strongly believe that we have to hook the wagon to that horse because it is the horse that has to do the running for us. This market has got lot of potential but there are a lot of complexities too. It is still evolving. I read your comments in one of your last interactions with the media and came across a term “intrinsic security”. So, tell us about the ideal security model for an enterprise - both in logical and physical terms.

The Chief Technology Officer Forum

cto forum 21 january 2011

No holds barre d

C a r lo s S o l a r i

Yes, I did use this term but at the same time I caution it can be misunderstood and not correctly used. “Intrinsically Secure” - we try to convey this term as a process where you think about security at the point of design. So, in an enterprise you need to identify your assets, risks and then develop network architecture accordingly. In the past we have been doing the opposite to it. For example, in many cases a system administrator has almost the same level of access controls as the end users. So, we would require more of those who have greater access to much stricter configuration controls, limitations on what they can do, monitoring on what they can do etc. That will bring in the right kind of security design and framework. We will have to look at different kinds of things that would go into the intrinsic design of the security so that the firewalls, intrusion detection systems are more effective. Everyone is aware that cyber attacks seem to be growing faster than the sophistication

of cyber security, which is still in a nascent stage. What could possibly be the new forms of cyber attacks? How should we be thinking of safeguarding ourselves? It is a fact that today the attacks and malware is more generalised – like attack operating systems, commercial applications etc. The notion that you can design ‘zero-day’ threats for things that run, we’ll see more of that. It takes a lot of sophistication so we’ll know that a threshold has been breached. That threshold is a ‘wakeup’ call. And now that it’s proven that it can be done, it should make the countries remindful of that it can be done and it will be done. The other one is the core question of ‘privacy with social networking’. What have we given up? It’s an interesting topic. Because some argue that we never really had it in the past. In the future it’s all about reputation which is represented by your job and by the money you have in your account. Figuring out a way how we deal

with reputation and protecting privacy is going to be a transformation that we have to make it happen. It can end up in a long debate as privacy is a very controversial issue. What are the main challenges deemed with human aspects of the data and network security? I have always emphasized on the fact that awareness is a very important tool. But let’s depend less on awareness and more on intelligent systems. So, we need to get better at figuring out how we approve a security without thinking about educating our end users. The attackers have to figure out how to trick people so I would say that our money is better spent on developing smarter systems than on educating people on how to see the attacks.

— rahul.mani@9dot9.in

E V E N T R E P ORT

P e r f o r m a n c e M at t e r s

Performance Matters: How do you Manage it Importance of numerous internet-enabled business activities 42

cto forum 21 january 2011

The Chief Technology Officer Forum

Nick Evered, Regional Vice President â&#x20AC;&#x201C; Asia & India, Compuware meets with the participants of the round-table discussions before the event.

martphones are increasingly becoming a prime medium to access internet based business activities. However, the enterprises are not yet ready to understand the impacts, risks and opportunities arising from use of internet and smartphones. To address similar challenges, CTO Forum and Compuware organised an evening roundtable session with the theme - â&#x20AC;&#x153;Performance Matters: How do you manage it?â&#x20AC;? on 15 Dec, 2010 in Mumbai. This being the last roundtable organised by CTO Forum in 2010 witnessed some top CSOs of the city in the audience.

P e r f o r m a n c e M at t e r s

E V E N T R E P ORT

Suresh A Shanmugam, Head - Business Information Technology Solutions (BITS), Mahindra & Mahindra Financial Services makes a point.

Participants found great value in discussions after the round-table.

Participants listen intently as Nick Evered discusses web performance management for the enterprise.

The event emphasised that the business leaders today understand how the success of their business depends on the performance and availability of numerous internetenabled business activities. However, there is general frustration with the level of relevant performance and availability of information from the IT team. Moderating the session, Geetaj Channana, Executive Editor, CTO Forum started off by sharing some insights of the industry on mobility and performance management challenges of the CIOs. Nick Evered, Regional Vice President â&#x20AC;&#x201C; Asia & India, Compuware stressed upon the growing importance of application visibility and optimisation of customer experience in business. â&#x20AC;&#x153;As the technology advances, businesses will have to keep pace with the

Faraz Ahmed, CISO & Head - Regional IT, Reliance Life Insurance, shares his thoughts during the discussion.

staggering increase in the change of technology. The solution lies in tracking the application transactions from end to end,â&#x20AC;? he highlighted. He shared research insights on the performance of the online interactions of some the Indian financial institutions which was a big learning insight for the CIOs present. In conclusion he said that in today's dynamic business environment, the performance of various application creates a huge business impact which must be addressed by the CIOs. Suresh Shanmugham, CIO, Mahindra and Mahindra, accepted that bridging the gap between customers and enterprise through mobility is an on going process among most companies. The session was followed by an interesting discussion on various steps taken by the Indian companies

to mitigate the challenges and the delegates also shared some of the best practices in their respective organisations. Such interactive sessions provide ideal ground for the the technology experts to share experiences and gain insight on the emerging trends. The Chief Technology Officer Forum

cto forum 21 january 2011

Author: Raghuram G. Rajan

Hide time | BOOK REVIEW

“Technological advances can be extremely disruptive”

Final Call The author fears the financial turmoil may reappear as our tendency to take risk in association with unabashed greed get better of our prudence

Fault Lines Fault Lines is another forewarning by the economist and author – Raghuram G Rajan on financial skeletons still hidden in our insatiable wardrobes. The author fears, the causes that had led to the financial crisis of 2007 might have not been fully addressed; hence the financial turmoil may reappear as our tendency to take risk in association with unabashed greed get better of our prudence. It might be a momentary financial relief but what’s the guarantee that it’s not the proverbial calm before yet another storm, this time much larger in its magnitude. There weren’t many takers to his warning note (white paper) when last time he had foreseen a financial crisis in the making in early 2007. This time ignore him at your own peril. In Geology, fault lines are breaks in the earth’s surface where tectonic plates come in contact or collide resulting in great stress around these fault lines. The author has

cto forum 21 january 2011

used the same metaphor as the title of his book cautioning about the fault lines that have emerged in the global economy; and its impact on the financial sector. The author has cited three major reasons for the fault lines that could prove ominous for the world economy. A) Political stress: Like every financial crisis even the financial crisis of 2007 was a direct result of domestic political stress in the US. The author believes a lot of political decisions taken in the economic powerhouses were popular instead of being financially prudent. B) The second set of trade fault lines emanates from trade imbalances between countries stemming from prior patterns of growth. C) The final set of fault lines develop when different types of financial systems come into contact to finance the trade imbalances. It generally happens when two financial systems based on two different principles come into close contact distort-

The Chief Technology Officer Forum

ABOUT THE REVIEWER

Anoop Chugh is the assistant editor of CFO India magazine. You can reach him at anoop. chugh@9dot9.in

ing each other’s functioning. The author cites how still-unresolved fault lines lead to the just-abated crisis and we should be wary of them or another depression would pop-up its ugly face again. Through the book Rajan has tried to address certain unanswered questions such as – why are poorer developing countries like China financing the unsustainable consumption of rich countries like the US? Why did Federal Reserve keep rates so low for so long? Or more importantly why did financial firms make loans to people who had no income? At times the writing would seem highly pessimistic, for sceptics, but one would guess times are such you have be distrustful of the sudden recovery. Is it all a sham? A must read word of warning.

Hide time | CIO Profile

Confessions of a Shopaholic SUNIL MEHTA An IT veteran with over 28 years of industry experience, Sunil Mehta, Senior VP and Area Systems Director (Central Asia) at JWT has played varied roles in IT and Business before and during his stint at JWT. A Systems Director, a numismatist, an ex-CEO or be it an acupuncturist; the feathers in Sunil’s hat have always been colourful. Having known him for over a decade ‘A Silent Gladiator’ is what I would like to term Sunil Mehta. With his soft ever smiling personality he can easily mislead you to treat him like one at sea, but his accolades and work speak loud. To be featured amongst the TOP 10 from India and one of the TOP 50 Global CIOs – 2009 by InformationWeek, US is no common feat. A lateral thinker, who likes to tread where no one has dared, Sunil believes in being innovative and creative when it comes to implementations. This has resulted in him having many firsts to his name in terms of implementations which have broken standard norms and have not only been the first in the country but globally too.

Passions: His limited edition collection of pens and watches is what he takes pride in. His other interests are travelling and eating. He was instrumental in setting up the telephone helpline 1090 with the Mumbai police and is actively involved in other cyber initiatives with Mumbai Police. like father like son: Extremely passionate about

his children Sunil takes great pride in relating that his son who is currently working in the US, already has a few patents to his name. IT runs in the blood. One thing that Sunil Mehta has never missed is the graduation ceremonies of his son. With a whole family foodies, the Mehtas like to visit all kinds of joints and explore different cuisines.

He strongly believes that you cannot treat IT as a pure technology solution or implementation; it has to be a business initiative. “If you take a business perspective of the solution to be implemented and think in terms of how the business will benefit progress and grow, it will surely The Chief Technology Officer Forum

cto forum 21 january 2011

PHOTOs BY jiten ghandhi

Senior Vice-President and Area Systems Director (Central Asia) at JWT.

Hide time | CIO Profile

Snap Shot be a success.â&#x20AC;? He strongly advocates that the participation of the business heads is most important for the success of any solution; only when they have the vision and the strategy that the implementation gets its due credit. Be it personal or professional, there are some moments in life which bring that smile and make you feel complete. On the professional front there have been many such moments but one that gave him true joy was at a recent gathering. He met the marketing director and chairman of his former work place Business India and they happened to mention the system that he had written nearly 20 years back. The appreciation that the system was not only still being used but was also working smoothly was worth many awards. A Certified Information Systems Auditor, Sunil Mehta has a B.Sc in Statistics from Bombay University, a post-graduate degree in Finance and PG Diploma in Systems Management. A complete family man, Sunil loves to be with the family as often as possible, but due to his hectic work schedule there is not much that the family can do. A trader (Stocks) wife with two children, boy working as a senior product manager in the US and the girl who has just completed class 9th make for a happy family photograph. Getting the family together for any group activity is a herculean task as the son spends time in the US and the daughter is busy with school. An unusual confession that one will rarely find being made by a man is what Sunil Mehta startled us with. He confessed to being a shopaholic and claimed to know the best shops around the world like the back of his hand. He is the one in the family who makes sure that all their wardrobes (i.e. the wife and the daughter) are well stocked. Be it cosmetics, jewellery, home dĂŠcor, curios,

cto forum 21 january 2011

The Chief Technology Officer Forum

An Initiator: Sunil believes in experimenting and trying out new untouched avenues. For example they develop products to suit their business needs (advertising industry) as not much is available off the shelf. Sharing an experience he mentioned how they joined hands with a vendor and invested heavily in terms of time, effort and educating the vendor, but the product could not be developed as the company went bankrupt. Still they did not get disillusioned and tried another vendor who turned out to be unethical. Then they funded a group of five dynamic youngsters who wanted to set up their own business, they too did not last for long and disintegrated. Not the one to lose focus, with strong grit and faith they have again tied up with a local vendor to work on the product â&#x20AC;&#x201C; a complete solution as he wants to show that Indian vendors are also capable. Motto: Nothing is impossible, it can only be difficult but not impossible. Coming from a services industry where there is no room for a NO, he also follows it in his work.

antiques, electronics, Sunil Mehta is the one who knows what his family likes best. Though he has his favourites like the US for variety, Sri Lanka for value for money etc., but now prefers to pick luxury items in India as there is a good variety and good value for money being offered. - Minu Sirsalewala Agarwal

VIEWPOINT Steve Duplessie | steve.duplessie@esg-global.com

Grow Up! The New World of Managing IT Stuff Dynamic IT is still an illusion, and if you think virtualisation has come a long way, think again.

We recently did some absolutely brilliant work segmenting the overall IT market by users’ sophistication with server virtualization techniques and implementations. We looked across every industry and every major IT function to categorise Laggards, Followers, and Leaders–what they mean, and more importantly, what are the specific concerns, challenges, requirements, or downright show-stoppers for each group within each industry sector, within each maturity segment. We looked across Servers, Storage, Networking, Security, and the Application organisations within IT. Guess what? The answers differ based on who you talk to! We segmented the market into categories, based on primary metrics: 1.Scope of Deployment – the % of servers that have been virtualized. 2.Virtual Production Ration – % of VMs in production. 3.Efficiency – consolidation ration of VMs per physical machine. 4.Workload Penetration – deployments across multiple workload.

cto forum 21 january 2011

Takeaways: Server virtualisation is becoming ubiquitous. BUT, and this is a big but 58% of organisations have virtualised less than 1/3 of their servers. Thus far IT owned applications dominate what’s being virtualised. File/Print, etc. 59% haven’t virtualised ANY “mission-critical” applications. Those who do virtualise are able to document increased return on investment as they become more advanced. “Dynamic IT” is still an illusion. Very few are truly engaged in utilising the advanced capabilities of virtualization yet. There will be an avalanche of growth over the next 24 months–but it IS NOT going to come from the “leaders”. When speaking with ESG’s management guru, Bob Laliberte, it became clear to me. Bob called it perfectly, he said: “A laggard IT operation ‘monitors.’ A follower ‘manages.’ A leader ‘automates.’” Brilliant in its simplicity, it is

The Chief Technology Officer Forum

About the author: Steve Duplessie is the founder of and Senior Analyst at the Enterprise Strategy Group. Recognised worldwide as the leading independent authority on enterprise storage, Steve has also consistently been ranked as one of the most influential IT analysts. You can track Steve’s blog at http://www. thebiggertruth.com

completely accurate. Whether we’re talking about managing a virtual environment or a backup process, it’s all true. For an advanced society, we sure do spend a ton of time “monitoring,” don’t we? How do you monitor something that isn’t real? And why bother? If our management techniques are stuck in medieval times, how do we expect to ever truly reap the rewards of “dynamic IT?” It’s bullshit. We never will. We can put all the VMware in the world all over our environment and without the ability to AUTONOMOUSLY manage it, it will always suck. Why? Because it will always come down to the lowest common denominator–the ultimate point of failure–a person’s ability to make the right decision at the exact right time and execute it perfectly. It’s unreasonable. You need to become the architect of the OUTCOME, not the guy who fixes the leak. You architect. Tools monitor. Tools manage. Tools automate your plan. Then you are truly valuable.