cTo forum
Technology for Growth and Governance
February | 07 | 2011 | 50 Volume 06 | Issue 12
The 7 Habits of Highly Effective Presenters | DESKTOP VIRTUALISATION IS BECOMING MAINSTREAM | the decade in terror
The
New Age
Supply Chain From collaboration tools to RFID, Indian CIOs are utilising cutting edge technologies for supply chain management. | Page 30
Volume 06 | Issue 12
I BELIEVE
A 9.9 Media Publication
Shared Services Beyond IT Page 04
Next Horizon
Cloud Forecast 2015 Page 44
A Question of Answers
Delivering the Back End by UC Page 14
AD
editorial Rahul Neel Mani | rahul.mani@9dot9.in
Customer Service:
Different Chefs, Different Flavours
L
ately, I have changed the style of my column. Instead of writing on issues aligned with the features published here, I prefer to highlight some real-life instances, which could bring you useful insights. For quite some time now, I wanted to write about the different flavours of ‘customer service.’ One way or the other, we are all customers of a bank, a telecom service provider, an insurance company, a hospitality brand and so on. They all make tall claims
editor's pick 14
about the quality of their customer service. I have heard great stories about how they have evolved into a fully automated, self-service-based customer services - intuitive enough to resolve customer problems in as little time as possible. Are these claims real? Or is it just what they want to show to us. The first big myth of ‘Great’ customer service ruptured recently when India’s telecom industry embraced mobile number portability (MNP).
UC is all about Delivering the Back End
After strengthening Avaya's data business by snapping up Nortel Enterprise Solutions, Steve Bandrowczak, VP and GM Avaya Data Solutions, is now rolling out cutting edge technologies.
Social media sites are full of agonising tales from frustrated aspirants who tried switching service providers. I am yet to come across one individual who successfully switched over within time and without any trouble. However high these telecom and banking organisations may talk about the ‘self service’ capabilities of their web and interactive voice response (IVR) platforms, the truth is they are far from satisfactory. But there are organisations which have shown remarkable improvement by acting on the feedback. Here’s an example: I have been a frequent user of Easy Cabs – a radio taxi fleet operating in all major Indian cities. Not long ago, I had to spend as much as 20 minutes to get an executive to speak to me. Twenty minutes to book a cab! Was it worth it? How
much I thought of alternatives to Easy Cabs (and unlike Telcos, I was free to do so) but instead I preferred to give my ‘feedback’ to Rajesh Munjal, who heads technology and customer service for Easy Cabs. Like me, there may be hundred others who would have given their feedback. Today, I spend less than 40 seconds to book a cab. What changed this equation? Certainly not technology! It was the changed mindset and responsiveness to feedback that gave the customer service a whole new dimension at Easy Cabs. And that’s why I would say, different chefs, different flavours! Do you think an action like this can make a change? I would like to hear your stories.
The Chief Technology Officer Forum
cto forum 07 FEBRUARY 2011
1
february 11 Cov e r D e s i g E n by p c a n o o p
Conte nts
thectoforum.com
30 Cover Story
30 | The New Age Supply Chain
Columns
Indian CIOs are utilising cutting edge technologies for streamlining their supply chains. Not that they have options.
04 | I believe: Shared Services Have Potential Beyond IT Shared Services can make IT considerably efficient in large enterprises. By yogesh zope
52 | thought leaders: the decade in terror World War IV began on September 2001. By Raghu raman
Please Recycle This Magazine And Remove Inserts Before Recycling
2
Copyright, All rights reserved: Reproduction in whole or in part without written permission from Nine Dot Nine Interactive Pvt Ltd. is prohibited. Printed and published by Kanak Ghosh for Nine Dot Nine Interactive Pvt Ltd, C/o Kakson House, Plot Printed at Silverpoint Press Pvt. Ltd. D- 107, MIDC, TTC Industrial Area, Nerul, Navi Mumbai- 400706
cto forum 07 february 2011
Features
54 | tech for governance: Managing risk starts at the top Good risk governance starts in the boardroom By Faisal Hoque
The Chief Technology Officer Forum
www.thectoforum.com Managing Director: Dr Pramath Raj Sinha Printer & Publisher: Kanak Ghosh Publishing Director: Anuradha Das Mathur Editorial Editor-in-chief: Rahul Neel Mani Executive Editor: Yashvendra Singh Resident Editor (West): Minu Sirsalewala Agarwal Senior Editor: Harichandan Arakali Assistant Editor: Varun Aggarwal DEsign Sr. Creative Director: Jayan K Narayanan Art Director: Binesh Sreedharan Associate Art Director: Anil VK Sr. Visualiser: PC Anoop Sr. Designers: Prasanth TR, Anil T, Joffy Jose Anoop Verma, NV Baiju, Vinod Shinde & Chander Dange Designers: Sristi Maurya, Suneesh K, Shigil N & Charu Dwivedi Chief Photographer: Subhojit Paul Photographer: Jiten Gandhi
14 A Question of answers
14 | UC is All About Delivering the Backend Steve Bandrowczak VP and
General Manager, Avaya Data Solutions talks about the direction in which Avaya Data Solutions is headed. 44
44 | next horizons: The 7 Habits of Highly Effective Presenters By Alan Carroll
60
60 | NO holds barred: Manish Sharma, VP, APAC, NComputing on the company’s focus on enterprise virtualisation space
RegulArs
01 | Editorial 08 | Enterprise Round-up
advertisers’ index NOVELL IFC SCHNIEDER 05 ibm 07 SAS 11 ACE DATA 13 TATA COMMUNICATIONS IBC MICROSOFT BC
advisory Panel Anil Garg, CIO, Dabur David Briskman, CIO, Ranbaxy Mani Mulki, CIO, Pidilite Manish Gupta, Director, Enterprise Solutions AMEA, PepsiCo India Foods & Beverages, PepsiCo Raghu Raman, CEO, National Intelligence Grid, Govt. of India S R Mallela, Former CTO, AFL Santrupt Misra, Director, Aditya Birla Group Sushil Prakash, Country Head, Emerging Technology-Business Innovation Group, Tata TeleServices Vijay Sethi, VP-IS, Hero Honda Vishal Salvi, CSO, HDFC Bank Deepak B Phatak, Subharao M Nilekani Chair Professor and Head, KReSIT, IIT - Bombay Vijay Mehra, CIO, Cairns Energy Sales & Marketing VP Sales & Marketing: Naveen Chand Singh National Manager-Events and Special Projects: Mahantesh Godi (09880436623) Product Manager: Rachit Kinger (9818860797) GM South: Vinodh K (09740714817) Senior Manager Sales (South): Ashish Kumar Singh GM North: Lalit Arun (09582262959) GM West: Sachin Mhashilkar (09920348755) Kolkata: Jayanta Bhattacharya (09331829284) Production & Logistics Sr. GM. Operations: Shivshankar M Hiremath Production Executive: Vilas Mhatre Logistics: MP Singh, Mohd. Ansari, Shashi Shekhar Singh OFFICE ADDRESS Published, Printed and Owned by Nine Dot Nine Interactive Pvt Ltd. Published and printed on their behalf by Kanak Ghosh. Published at Bunglow No. 725, Sector - 1, Shirvane, Nerul Navi Mumbai - 400706. Printed at Silver Point Press Pvt Ltd, D-107, TTC Industrial Area, Nerul, Navi Mumbai 400706. Editor: Anuradha Das Mathur For any customer queries and assistance please contact help@9dot9.in
This index is provided as an additional service.The publisher does not assume any liabilities for errors or omissions.
The Chief Technology Officer Forum
cto forum 07 february 2011
3
I Believe
By Yogesh Zope VP- IT Services, Bharat Forge The author brings over two decades of industry experience and is currently leading a group-wide shared services initiative at Kalyani Group.
Shared Services Have Potential Beyond IT
Shared Services, while a simple enough idea, can make IT considerably more efficient in large enterprises. Ask me about my dream as a CIO and I'll say, make the service approach effective not just for the internal customer, but I would want to be able to take it to the outside world with the same effectiveness. The philosophy behind Shared Services is really simple, of course, but
4
cto forum 07 february 2011
The Chief Technology Officer Forum
current challenge What One needs to ensure is that the users should feel their requirements are taken care of
what I believe is that it can go way beyond IT. This is something that I'm trying to do at Bharat Forge as well, for instance, with the consolidation of safety processes and infrastructure. Getting technology people on board isn't going to be difficult at all, and I would like to at least help build the processes that can take shared services beyond IT. At Kalyani, the context of the recession gave us the right opportunity to initiate shared services across the group. A lot of effort had to be put into reducing costs and at the same time increasing the efficiency of IT and standardisation. Even from the security perspective, there is a lot of potential to standardise. We thought we'll involve most of the Kalyani Group companies and initially, we merely started with centralisation, which isn't really shared services. This was however soon followed with a governance framework to try and measure how well the services were being provided. The aim was full-fledged customer orientation. Typically shared services are applicable to only large companies – to get real benefit, the company has to be at least a $200 million group or larger, so one can exploit the potential of sharing services. Even the vendor community is really gearing up for this – what is cloud? Basically it is a shared services model. If you have a combination of private and public clouds, that is the way the industry is evolving. The primary reason is that it increases your overall efficiency and flexibility. Besides, corporates don't really have a choice and we are a case in point. Every time the group floats a new company, we have to provision the necessary IT and do it in an agile manner, otherwise the costs involved will be very high. What one needs to ensure is that the users should feel their requirements are taken care of. End user would be happy as they will get a homogeneous service across the group.
AD
LETTERS H OT T RE N D S
A few of my other predictions (IT security shifting to a risk-management approach, Windows 7 as the last big OS launch, the cloud forcing business to rethink the desktop) look promising but need more time before being accurately judged. My one big miss last year was with social networking. Social networking continues to bedevil my predictions. Two years ago, I believed enterprises would try to put the brakes on social networking. Last year, I thought that enterprises would start to worry about things like social engineering attacks launched over sites like Facebook. The risks of social-networking-based attacks are very real, but the attitude of the typical CIO seems to be that the benefits of social networking far outweigh S P I N E the risks. In the short term, at least, they’re probably right. So with 2010 out of the way, let’s look ahead to 2011.
ast year I forecast a 'continuingly' troubled economy, slow growth for IT spending and a mostly jobless recovery. According to Gartner, enterprise IT spending grew by only 2.9 percent in 2010. According to a Forrester IT spending survey, the vast majority of CIOs, however, reported that their budgets didn’t grow at all from 2009 through 2010.
Facebook’s prominence will spark privacy concerns
O
Y AT DES IGN
H
E | WEB
THE CHIEF TECHNOLOGY OFFICER FORUM
surprised if privacy concerns continue to ramp up. A friend of mine just got engaged, mentioning this in her status, and, predictably, she began seeing all sorts of wedding-related ads on her Facebook page. Another friend complains that once he mentioned caring for his elderly parent, he ended up getting all sorts of elder-care spam. Internet advertising and marketing firms have been optimising their ability to send you targeted ads for years. While they are slapped on the wrist from time to time, their efforts mostly continue unimpeded. However, the perception isn’t that Internet marketers are violating your privacy, but that the sites in league with them are. Now, sites like Facebook aren’t entirely to blame. If people don’t set their privacy settings properly, it’s pretty easy for spam spiders to scrape content. It’s also fairly easy for hackers to learn enough about you to steal your identity or launch targeted social engineer-
T TECHO NOLOG TREN Y DS FOR
STAG
CTO FORUM 21 JANUARY 2010
T
2.0 MAY BREAK
24
affairs, and anything like this would never get through the Congress. If the Internet will be regulated in the US, it will be by a US agency. Coincidentally, not long after the release of the diplomatic cables, the FCC voted on net neutrality. The initial regulations actually regulate Internet service providers, not the Internet itself. log The FCC ruling prevents service providers here has been plenty of fallout after y for Growth from blocking various types of content, but WikiLeaks released a classified video and Go allowsver them to offer tiered services. Taken of an air strike in Baghdad, documents nance current decisions as a whole, the FCC’s from the US Department of Defense about net neutrality do very little to regulate related to the war in Afghanistan and the Internet. diplomatic cables. One of the predictable reactions is a call to regulate the Internet. The UN is also considering creating a governing body to regulate the Internet. The UN effort is backed by the likes of China and Saudi Arabia, as well as less authorine area that could tarian nations such spark some regulaas Brazil and India. tion, though, is privacy. I don’t expect these As social networking efforts to go very far. continues to rise in The far right in this importance, with Facecountry already fears book now driving more UN meddling in US traffic than Google, don’t be
SECURIT
—Rajesh Uppal Executive officer (IT) and CIO Maruti Suzuki India
CTOForum LinkedIn Group
—Suresh A Shanmugam Head - Business Information Technology Solutions (BITS), Mahindra & Mahindra Financial Services
Governments will make noise about regulating the Internet but, other than Iran or China, they Tecwon’t hno
PLAN
“By nature and design of the internet it would be TOUGH FOR GOVERNMENTS TO REGULATE IT. All advantages to the internet far outweigh the problems it comes with it. It is just not practical.”
national Business School, the tech sector is adding jobs at an anemic pace and continues to shift many jobs overseas. I should note, though, that plenty of economists believe that Q4 2010 and 2011 will show improvement in the tech sector, even though the sector appears to be in the early phase of a major structural realignment. In one of the economy’s few bright spots, I predicted that smartphones would continue their rapid ascent, muscling out feature phones and even stealing market share from low-end laptops. IDC believes that by year's end, the smartphone market will have grown by 55 percent over 2009. A year ago netbooks were popular, but I accurately foresaw that popularity as a fad with a short shelf life. The netbook’s appeal has been undercut by both smartphones and tablets, most notably the iPad, and they could even face pressure from thin clients in the enterprise. Last year, I saw cloud security being a real rather than conceptual problem in 2010. This prediction is mixed. Enterprises continue to worry about cloud security, but cloud adoption continues to be strong, mostly in smaller companies, though. Meanwhile, many enterprises are side stepping the cloud security issue by cautiously adopting private clouds, and, if they use it at all, embracing the public cloud only for low-risk things, such as remote email access.
FOR UM
differently. According to TechServe, IT employment is up only 2.2 percent over 2009. TechServe said it is bullish on IT job growth, even though its report showed significant losses in such areas as data processing. Since agencies like Moody’s and lobbying groups like TechServe played pivotal roles in the collapse in the first place, take the fact that they are “bullish” with a grain of salt. They get paid for their optimism. According to economists from the Conference Board and Brandeis University Inter-
CTO
As for jobs, according to Moody’s Analytics, after losing more than 300,000 jobs in the depths of the recession, IT jobs grew by a substantial 15 percent in 2010 -- an impressive number, on the surface. Digging into the numbers, though, puts a damper on the optimism. Much of the growth is directly related to temporary stimulus money that is being used to build out broadband networks and much of the growth is confined to health-care IT, a sector that should continue to shine in 2011. The TechServe Alliance sees things
COVE R S TO RY
“Regulation will happen. THE PEOPLE WOULD DECIDE ON WHAT THEY WANT. It will take some time to get matured in India, but it will definitely happen in due course.”
THE CHIEF TECHNOLOGY OFFICER FORUM
CTO FORUM 21 JANUARY 2010
January | 21 Volum
| 2011 | 50 e 06 | Issue 11
25
THE CLO UD
| COM PLEX
WATC KEY TRH OUT FO ALL TH ENDS THR THESE TWELV E NEWS INAT'LL STEAL E MONT THE NE XT HS. | PAGE
ITY A SUR E
2011
23
WAY TO FAIL
NEXT HORIZ ON
Transfor mationa CIO l
PAGE 29
I BELIEV E
Volum e 06 | Issue 11
Externa Will Ch l Linkages Game ange the
PAGE 06
A 9.9
Media
Publicatio
A QUES TION OF
Antic Rea ipating in ITl Recover y ANSW ERS
PAGE 16
n
What are the attributes of a good CTO? What are the prerequisites for a CTO role ?
I see the CTO role as that of a technology leader bridging the gap between the commercial requirements of the enterprise and the technology support of those requirements. An effective CTO should be able to guide the efficient implementation of IT whilst also using it to shape the commercial strategy of the business.
Join close to 700 CIOs on the CTO Forum LinkedIn group for latest news and hot enterprise technology discussions. Share your thoughts, participate in discussions and win prizes for the most valuable contribution. You can join The CTOForum group at: www.linkedin.com/ groups?mostPopular=&gid=2580450
Some of the hot discussions on the group are: The Cloud is all air and no substance Do you think cloud is going to die a quick death of SOA or is it going to make big headway into the enterprise? Is it old wine in a new bottle? What does it lack in making a convincing case? Its real and all about today and tomorrow. However, you have to bring it back to a realistic service that gives tangible benefits. There are a great deal of 'cowboy' stories and not many who really understand it.
—Ronald Kunneman, Director at Digitra
Opinion
Private Data, Public Domain, Opportunity It's all about creating the value perception that drives the business “Mining public-domain data to create the value perception that drives business will increasingly occupy the minds of CIOs.” To read the full story go to:
WRITE TO US: The CTOForum values your feedback. We want to know what you think about the magazine and how to make it a better read for you. Our endeavour continues to be work in progress and your comments will go a long way in making it the preferred publication of the CIO Community.
6
cto forum 07 FEBRUARY february 2011
The Chief Technology Officer Forum
Eng Lin Goh, CTO, SGI in a conversation with Geetaj Channana on the evolution of the company after its takeover by Rackable, and their contribution to cloud computing and high-performance computing in the enterprise.
http://www. thectoforum.com/ content/hpcenterprise
Richard Ward, Head of Technical, WIN Plc
Send your comments, compliments, complaints or questions about the magazine to editor@thectoforum.com
CTOF Connect
http://www.thectoforum.com/content/privatedata-public-domain-opportunity K B Venkataramanan CIO, Viteos Capital Markets Services Ltd.
AD
feature Inside
Enterprise
Mobile application store revenue to surpass $15 bn Pg 10
ILLUSTRATION BY PC ANOOP
Round-up
Is Nokia reviewing its smartphone strategy? The company is looking to Android
and Windows Phone 7 for its future smartphones Recent reports have led one to believe that Nokia is considering a serious upheaval in its smartphone strategy, one that may include Windows Phone 7 or even Android in its explicitly MeeGo and Symbian future. The major shift in smartphone strategy will apparently be revealed at Nokia's investor conference on February 11, 2011. Nokia's latest CEO, Stephen Elop, a former Microsoft biggie, has confirmed in a recent report by Xbit Labs that some radical changes can be expected from the company: "Nokia faces some very significant challenges. The game has changed from a battle of devices to a war of
8
cto forum 07 february 2011
The Chief Technology Officer Forum
ecosystems and competitive ecosystems are gaining momentum and share. The emergence of ecosystems represents the broad convergence of the mobility, computing and services industries. Nokia must compete on an ecosystem-to-ecosystem basis. In addition to great devices, we must build, catalyse, and/or join a competitive ecosystem." While this is not a direct admission, it does concede that if other ecosystems (with WP7 and Android the most likely) seem to hold a market edge compared to the upcoming MeeGo and Symbian, it might just use them as well.
Data Briefing
81
million is the Number of Internet users in India
E nte rpri se Round -up
They Steve Said it ballmer
photo BY photos.com
Nokia and Microsoft have announced plans to form a broad strategic partnership that would use their complementary strengths and expertise to create a new global mobile ecosystem. Nokia and Microsoft plan to work together to integrate key assets and create completely new service offerings.
Wipro, McGraw-Hill partner for mobile learning The initial pilots in India will focus on the most critical needs for students and workers
"Ecosystems thrive when fueled by speed, innovation and scale. The partnership provides incredible scale, vast expertise in hardware and software innovation and a proven ability to execute.” —Steven A. Ballmer CEO, Microsoft
McGraw-Hill, a financial information and education company, and Wipro, a technology solutions provider, have entered into collaboration to develop an openstandard mobile learning platform, ‘mConnect’ designed to bridge the skills gap in emerging markets. According to the joint release, the initial pilots in India will focus on the most critical needs for India’s students and workers, like test preparation for entrance into universities and English-language training. The intention is to extend this programme later to other countries in Asia and in Africa. The companies have an opportunity to deliver high-quality, low-cost education to students and workers in rural areas and cities with limited access to resources, said Harold McGraw III, chairman, president and CEO, The McGraw-Hill Companies, in his statement. “In a country with more than 700 million cell phones, mobile learning will help level the playing field for education in India in ways never before possible. The success of our pilots in India will serve as a powerful example,” remarked McGraw III.
Quick Byte on CRM
According to Gartner, by 2015, onethird of spending on new CRM software will be SaaS. In 2009, 24 percent of the CRM software market was delivered by SaaS, and this rose to more than 26 percent in 2010, up from virtually zero in 1999. The Chief Technology Officer Forum
cto forum 07 february 2011
9
ILLUSTRATION BY anil t
E nte rpri se Round -up
Mobile application store revenue to surpass $15 bn Worldwide mobile application store downloads are forecast to reach 17.7 billion downloads in 2011, projects Gartner
Worldwide mobile application store revenue is projected to surpass $15.1 billion in 2011, both from end users buying applications and applications themselves generating advertising revenue for their developers, as per Gartner. This is a 190 percent increase from 2010 revenue of $5.2 billion. Worldwide mobile application store downloads are forecast to reach 17.7 billion downloads in 2011, a 117 percent increase from an estimated 8.2 billion downloads in 2010. By the end of 2014, Gartner forecast over 185 billion applications will have been
downloaded from mobile app stores, since the launch of the first one in July 2008. “Many are wondering if the app frenzy we have been witnessing is just a fashion, and, like many others, it shall pass. We do not think so,” said Stephanie Baghdassarian, Research Director at Gartner. “We strongly believe there is a sizable opportunity for application stores in the future. However, applications will have to grow up and deliver a superior experience to the one that a Webbased app will be able to deliver. Native apps will survive the Web enhancements only
Global Tracker
According to eEye's survey of 1,963 IT security pros, half of those surveyed reported compliance initiatives take up to 50 percent of their work week. 10
cto forum 07 february 2011
The Chief Technology Officer Forum
Source: eEye 2011 VULNERABILITY MANAGEMENT TRENDS REPORT
when they will provide a more-personal and richer experience to the ‘vanilla’ experience that a Web-based app will deliver,” she added. Gartner analysts said the hype around application stores in 2009 continued through 2010 with alternative offerings to the Apple App Store gaining some traction. Android Market, Nokia's Ovi Store, Research In Motion's (RIM's) App World, Microsoft Marketplace and Samsung Apps are the key competitors that saw the number of application downloads grow in 2010. Free downloads are forecast to account for 81 percent of total mobile application store downloads in 2011. This percentage has been decreasing since the first launches in 2008, and Gartner estimates free downloads will continue to decrease in 2011, but it will increase again from 2012 through 2014. Users will begin paying for more applications as they perceive values in the concept of mobile applications, and they become more trustful of billing mechanisms. In 2010, application stores' revenue is estimated to have reached $5.2 billion, both from end users buying applications and applications generating advertising revenue for their developers. The growth between 2010 and 2014 is forecast be over 1,000 percent. Application stores' revenue is split between the store owners (such as Apple, in the case of the App Store, or RIM, in the case of App World) and the application's developer. The average revenue share is based on a 70/30 split, with 70 percent going to the developer. By the end of 2014, advertising will be generating a little under a third of the revenue generated by application stores, up from 16 percent in 2010. “While the average number of downloads per device onto a smartphone will remain stable as the market grows, it must be assumed that media tablets will drive more downloads from consumers, boosting the overall average downloads per device,” said Carolina Milanesi, Research Vice President at Gartner. “We estimate that Apple's App Store drove close to nine application downloads out of 10 in 2010 and will remain the single best-selling store across our forecast period (through 2014), although to a lesser extent, as other stores manage to gain momentum,” she added.
AD
E nte rpri se Round -up
PHOTO BY PHOTOS.COM
Gartner Makes Predictions About BPM in 2011 and Beyond Business process defects will topple top companies
Between Between now and year-end 2014, an intensifying focus on process-related skills, competencies and competitive differentiators will increasingly separate process excellence leaders from the laggards among the Global 2000, according to Gartner. The research firm has identified some of its key predictions for business process management (BPM) in 2011 and beyond. “A key theme in our BPM predictions for 2011
is the rising focus on making business process improvement (BPI) a core competency of the organisation — and on the capabilities and tools required to gain that competency,” said John Dixon, research director at Gartner. “Increasing process skills in the Global 2000 will further separate the companies with enlightened process experts from those that are simply competent in the basics — and will intensify the negative repercussions and devastating consequences from public exposure of process weakness.” Dixon added that the practices, tools and resources that organisations will increasingly harness to boost their process excellence include business process competency centers (BPCCs), which Gartner expects to be adopted within the majority of organisations by 2012. “Those who embrace BPM can do things that others cannot,” said Dixon. “While this is true in 2010, by 2014, BPM will clearly deliver benefits to those who have the competencies, and deny a peaceful sleep to those who do not.” Other key BPM predictions for 2011 include: Between now and year-end 2014, overlooked but easily detectable business process defects will top 10 Global 2000 companies. Companies should build organisational competencies for business process excellence. Invest in the skills and roles (such as business process analysts), tools and techniques (for example, business process simulation), and organisation (that is, the BPCC) that are needed to analyse and improve processes. By 2015, context-aware computing will be used to rejuvenate at least 25 percent of “commodity” enterprise processes that are currently perceived as “low value.”
Fact ticker
Microsoft repairs critical Windows flaws Update also includes a memory bug in CSS
Microsoft issued two security bulletins on 11 Jan, 2011 repairing two critical flaws that affect all versions of Windows. The software giant also updated a security advisory, issuing a temporary automated workaround that if deployed, would block attackers from exploiting an Internet Explorer zero-day vulnerability. Microsoft released only two secu-
12
cto forum 07 february 2011
rity bulletins in January, repairing three vulnerabilities in Microsoft Windows and Windows Server. It was a quiet month compared to December, which saw a record breaking 17 bulletins. The first security bulletin addressed two critical vulnerabilities in Microsoft Data Access Components, a framework used by application devel-
The Chief Technology Officer Forum
opers to access Windows data stores. The vulnerabilities could be used in drive-by attacks or by tricking a person to visit a malicious webpage. The update is rated "critical" for Windows XP, Vista and Windows 7, and rated "important" for Windows Server 2003 and Windows Server 2008. In addition, Microsoft addressed a vulnerability in Windows Backup Manager. The vulnerability could allow remote code execution, but Microsoft said a user would have to visit a remote file system location or WebDAV share and open a Windows Backup Manager file.
Green solution
A top Korean information-technology service provider, LG CNS, has developed a solution to traffic headaches in megacities like Beijing and Seoul, leading to 16 percent more use of public transportation, 6 percent less carbon emission, and 24 percent traffic reduction. In these cities, the deployment of the LG CNS transportation payment system – a unified fare payment technology based on Smart Card - has had a drastic impact on transportation. Rising urban traffic congestion has led to huge demands for higher efficiency in public transit which in turn has resulted in improvements for the passengers, easing of taxpayers' burden, and reduction of carbon emissions. Examples include the one-fare system across all bus, highway and train systems, real-time bus information, and free transfers across all systems. The LG CNS Smart Card is an allin-one solution for traffic industries. The system is useful for ticketing as well as many other purposes such as data collection, and can be used in conjunction with credit card companies, banks, and mobile services. As the holidays approach, traffic only worsens, especially in the larger cities. Implementing the LG CNS transportation systems will ease congestion and make it a more enjoyable time of year for everyone .
AD
A Question of answers
Ste ve Ban d rowcz ak
Embracing change: Today the acceptance to technology is at a pace that we have never seen before.
14
cto forum 07 february 2011
The Chief Technology Officer Forum
Ste ve Ban d rowcz ak
A Question of answers
Steve Bandrowczak | Avaya Data Solutions
UC is all about
Delivering the Back End Avaya acquired Nortel Enterprise Solutions about 18 months ago. Steve Bandrowczak, Vice President and General Manager, Avaya Data Solutions, in a discussion with Varun Aggarwal, talks about the direction in which the Nortel business, now known as Avaya Data Solutions, is headed. Post the acquisition of Nortel, what have been the major changes in the Nortel business, and what are the new focus areas? At Avaya, we have spent about $600 million on R&D as part of the Data portfolio. Data business has become the 4th business unit in Avaya, and today it is the fastest growing business unit within Avaya. We have put in a significant amount into R&D and are now rolling out some leading edge technologies. After a year of acquisition, we have gone from being a niche player in the Gartner Magic Quadrant to now
moving up as the leader in the Unified Communications space. We’ve built various technologies that meet the needs which our customer demands in the future. There are three key components. One is called ‘always-on’ - it’s a technology that allows our customers to never have a service down even to upgrade or maintenance, the second component is scalability - the ability to be able to expand our customer networks within the same platform and within the same traffic. Thirdly, we are making sure that we have a fabric that allows our customers credibility across the virtual enterprise. The Chief Technology Officer Forum
cto forum 07 february 2011
15
A Question of answers
You have been a CIO yourself for many years. What do you think are the biggest challenges that a CIO faces today? Today the acceptance to technology is at a pace that we have never seen before. For example, when we used to roll out with laptops, desktop and other devices, the adoption rate was 12-24 months. Now when the iPhone hits the market it gets absorbed within days. This is something that the CIO has to deal with. CIO’s today should be able to embrace all the communication technology and make it a part of their portfolio. But it should fit into the enterprise in a secure and safe way so that it is a better fit for the overall business. So the first thing is what I call as the stimulation of technology. The second thing CIO’s are seeing is the amount and the rate of change in the business environment. Businesses today are changing at a rate we have never seen before. So to build the network or a strategy that for the next 3 years is not good enough. You have to put the infrastructure in place so that you can make changes, and then adapt to business changes in days and hours, not in months, quarters and years. And the third is that despite all these robust technologies, and all these data networks is the fact that CIOs have very limited operating expense and very limited budget. Networks need to be built and managed and CIOs have to do it cost effectively. The deployment also needs to have smaller foot prints and make sure that they have capital reduction to continuously spend equal to how much global data network grows. The average data network growth is close to is 60%. The CIOs can afford to add 60% of their cost from their IT budget so they can deploy technology that can absorb the cost and be able to scale and not increase the cost at an exponential rate.
16
cto forum 07 february 2011
Ste ve Ban d rowcz ak
“People can use a single device like the iPhone as their entire world for their business work as well as their personal work” What changes are you seeing in Unified communications? First of all the ability to utilise most of the communication channels, whether it is voice, video, data. I would also include things like twitter, Facebook, instant massager. CIOs have to be able to use those communication channels to carry out the business processes. The business process won’t change, the supply chain, receivables, payables those processes will remain the same. The way you engage your customer and the way the customer wants to be serviced (the internal customer or the external customer), the way he wants to be serviced is going to be through unified communications. So CIOs have to be able to create solutions that allows customers to
The Chief Technology Officer Forum
things I Believe in ou have to put Y the infrastructure in place so that you can make changes, and then adapt to business changes in days and hours, no longer months, quarters and years CIO’s have to be able to embrace all the communication technology and make it a part of their portfolio
communicate in the way they want to communicate, at the time they want to communicate and from the device they want to communicate. Today we are seeing many Avaya users having simple mode of device, they don’t need a laptop any more. They may use a single device like their iPhone as their entire world for their business work as well as their personal work. UC is all about taking your back end business and delivering it to individuals where they want to communicate. In the last couple of years, the market for telepresence solutions has slowed down. How do you anticipate the growth in the overall video conferencing market?
Ste ve Ban d rowcz ak
The large big room video conferencing market has slowed down. However, take a look at what’s happening to Skype, take a look at what’s happening in point-to-point video. We have seen an explosion in point-to-point technology. Like Skype we have our own video solution. We have the ability to federate with Avaya, which we have seen grow tremendously. Many of our large customers have tried our video network and point-to-point video and collaboration. So on the highend side, we have seen an explosion of video or point-to-point video. I don’t see the cost of telepresence going down but I see it slowing down as more pervasive, low- bandwidth, cheaper cost solutions become available. We have put up solutions in the market recently that have tremendously high quality, low- bandwidth. The reason why Skype works so well is because you set it up and the end user can use it very quick and very easy and it is very intuitive to use. So we have to make it low cost, low- bandwidth, easier for the consumers to set-up and use, and not need a whole IT department to set it up and support it. So what will be your key technology focus areas for 2011? We are helping our customers take collaboration integrate it with the back-end business process. That is what our entire focus is. Through collaboration, we can now add all communications vehicles on half of our business processes and help our customers to drive revenue, efficiencies and collaboration. So when you think about all the communication vehicles, whether you look at Facebook, Twitter, video, Instant Messaging, traditional voice, traditional email. And if you put all of these in a collaboration session and tie that to the back-end business processes, you are going to help IP organisations take their traditional business and the traditional processes and extend that to your end customer in the way they want to communicate with the enterprise whether through mobility, whether through android, iPhone, iPad, Skype, IVRs or even through traditional voice channels. You want to help manage all of these disruptive technologies and secure scalable way that helps the customers to drive productivity. Some of the trends that we see for 2011 are: Social media morphs from add-on to integrated: In 2010 many organisations recognised the no-longer-deniable importance of social media and responded by creating dedicated teams and procedures to monitor and engage in social media communications. The next phase of social media evolution will be for organisations to integrate social channels into the broader business processes of their support and sales centres. Organisations will also try to cut through the noise permeating the social media landscape by creating and carrying out clear, comprehensive social media strategies. Fit for purpose: For the past few years, enterprise deployment of collaboration technologies has been somewhat constrained by the size of the investment, some limitations in the interoperability of networks and devices, and user reluctance to learn or adopt the new capabilities. Those days are over. In the age of “fit for purpose,” vendors have designed collaboration capabilities that really do bridge the gap by
A Question of answers
“The reason why Skype works so well is because you set it up and the end user can use it very quick and very easy and it is very intuitive to use” being easy for both users and the IT staff that supports them. Going forward, fit-for-purpose collaboration tools will be characterised by lower upfront investment, improved integration with existing networks and devices, and far greater simplicity of use. This evolution will change the trajectory of technology adoption as both expenses and user concerns drop dramatically. Communications takes to the cloud: Cloud computing-based services for the enterprise are rapidly expanding beyond back-office processing and document management services to critical customerfacing business functions. Contact centre operators will begin to capitalise on the efficiency and flexibility offered by software as a service (SaaS), infrastructure as a service (IaaS) and platform as a service (PaaS) technologies. —varun.aggarwal@9dot9.in
featureS inside
Best of
The 3 Trends IT Can’t Ignore Pg 22 Presenting to Your Board of Directors: Telling the IT Storyeeks Pg 25
illustration BY anil t
Breed
10 Steps to Successful Organisational Change Pg 20
Emerging Technology % Adoption Trends for 2011
Data Briefing
24
organisations surveyed were testing application virtualisation in 2010
18
cto forum 07 february 2011
Your reasons for deploying latest technologies may differ from what’s driving your ongoing investment in established infrastructure.
O
ur annual Emerging Technologies study (conducted by CIO Insight), which looks at roughly 40 new technologies and strategies (this year it’s 42), provides insight into the hardware, software and infrastructure solutions being evaluated and deployed by your peers. This kind of objective, random surveying allows us The Chief Technology Officer Forum
By Guy Currier
to gauge activity levels for each kind of “hot” technology you may wish to consider. It also gives us a glimpse into the future, by comparing the level of active testing to overall usage. A high level of active testing relative to overall usage—as we see this year for platform as a service (PaaS)—indicates a high likelihood of growth in the coming year or two. This is what we also expect for virtual desktop infrastruc-
e m e r g i n g t e c h n o lo g y
ture (VDI), for both private and public cloud computing, and for IPv6, among others. We split our list into five groupings, including computing technologies and strategies; networking and mobile; software (including application development); Web and collaboration; and security. Each has shown remarkable dynamism over the past year, as priorities and the business outlook have shifted, at times radically. For this report, we looked at both hot new technologies as well as more established, but still relatively new, solutions. We also asked survey respondents to evaluate technologies based on three key business drivers: improving business agility; creating cost savings or productivity enhancements; opening up new markets or opportunities for the enterprise. What’s most interesting about this year’s list of hottest emerging technologies is that, unlike many more- established technologies, neither business agility nor cost reduction are particularly driving growth. Interest in VDI, sure, is largely driven by expected cost savings, as with most virtualisation technologies. But VDI was not among the eight emerging technologies cited by our survey respondents as most likely to improve cost savings. In other words, though VDI is clearly on a strong growth path, the business benefits are not completely clear. Meanwhile, storage virtualisation—still emergent, but not growing as strongly as VDI—was most often cited for this goal, with 26 percent of respondents saying it will have an impact on cost savings. In fact, there is one commonality among the 10 emerging technologies that are showing the greatest promise: Their specific business benefits are not yet widely recognised. So, what we do next is turn to the performance of other new, but better-known, technologies for guidance. In addition to looking at newly emerging technologies, we also asked respondents to evaluate several of the more established, though still relatively new, technologies. These are solutions that were once on our “emergent” list but are now more widely used and understood. Looking at IT executives’ actual experiences with these solutions gives us some insight into what you should look for when stepping into new
technological territory. In the realm of cost savings, for example, server virtualisation very clearly leads the pack, for obvious reasons. This helps us to understand the interest this year in VDI. Smartphones, wikis and enterprise search, on the other hand, have all tracked particularly well when it comes to delivering business agility, compared to how they are rated against cost savings and the creation of new marketing opportunities. The common thread for these solutions is the collection and dissemination of business information across a disparate workforce. With this in mind, we expect that crowdsourcing and predictive analytics—two of
B E S T OF B R E E D
is becoming relatively common: It may be moved next year into our list of better-established technologies. But, we didn’t expect that application virtualisation was being so widely used. Nor did we expect to see nearly a quarter (24 percent) of respondents actually testing it in 2010, versus the 18 percent who were testing it in 2009. Elsewhere in the computing arena, cloud computing gets our attention, not because it’s common but rather because it’s still surprisingly uncommon, even with all the hype surrounding it. A larger percentage of respondents say they are evaluating or testing cloud computing—of both the private and the public variety—than are actually using it.
In the realm of cost savings, server virtualisation leads the pack, for obvious reasons. This helps us to understand the interest this year in VDI In networking, it’s certainly all about mobilour hottest emerging technologies—are also ity and the underlying strategies supporting likely to prove themselves beneficial to busiit. 3G is starting to reach widespread use. By ness agility. If agility is important to your contrast, 4G remains in its infancy. The real organisation, take heed. surprise here is network virtualisation, also What about new market opportunities? known as single-fabric networking, which is Now that the Great Recession has given already in use in 41 percent of the organisaway to a real, albeit anaemic, recovery, tions we surveyed. In addition, 17 percent of the ability for technology to open up new respondents say they’re currently testing or market opportunities has once again piloting network virtualisation, while another become a key business driver for many 24 percent say they’re evaluating or tracking decision-makers. Among the established it. Only 19 percent say that network virtualitechnologies, social networking, RFID, and sation is not at all on their radar. cloud storage are high performers in this Service-oriented architectures (SOA) area. We see all three as enablers in their of various sorts have held strong enough own ways. Social networking reduces barinterest over the past several riers to communication. RFID years that they might finally be enhances logistics. Cloud storreaching the mainstream. More age enables agility in the use than a third (35 percent) of of rich data. Similarly, we also respondents are using SOA and expect the new, emerging areas its standards. of cloud security, public cloud respondents Is Linux on the desktop reachcomputing, PaaS and 4G each have deployed ing the same territory? We to be business enablers. network don’t think so. While it’s more Peruse our full list of emergprevalent across organisations ing technologies, and you’ll virtualisation of all sizes than we would have discover some surprises. Storexpected, its overall activity level age virtualisation, for instance,
41%
The Chief Technology Officer Forum
cto forum 07 february 2011
19
B E S T OF B R E E D
e m e r g i n g t e c h n o lo g y
as the use of VoIP, emerging as is not high. Nearly half of our popular enterprise options. survey respondents said that Finally, expect a resurgence of their organisations have no interest in security technologies interest in Linux on the desktop. in 2011, driven by concerns over Not so XBRL, for which we have high expectations. More than respondents are the massive growth of mobility and social networking. This has twice as many respondents are using soa and made the newest authentication looking at XBRL than are curits standards and infrastructure security manrently using it, especially among agement technologies—such as those in large firms. This is a endpoint management, encrypharbinger of future growth. tion-key management and trustWhen it comes to collaboraed operating systems—very attractive. tion, hosted sharing tools such as Google As you look to the cutting edge in your Docs or SharePoint have leaped in activity own technology plans, we recommend three levels over the past year. This was likely key strategies: spurred by overall interest in cloud computFocus sharply on the business outcome ing. For collaboration tools overall, we see that an other-wise risky new technology cost savings as a direct driver for improving proposition represents. Risk is not risk, enterprise communications and collaboraproperly speaking, if it engenders the opportion capabilities. Indirectly, a year of staffing tunity for a flexible, efficient organisation and resource cutbacks likely have contributthat is poised for growth. ed to solutions for end-user self-help, as well
35%
Understand, using data such as you see in these pages, the relative strengths of the specific benefits you can expect from the various technology options available. Manage the fact that the unknown remains the unknown. As our most-emergent list shows, technologies that exhibit the most promise and greatest interest can be poorly understood in their early stages, in terms of their strengths toward specific business goals. In the final analysis, your sense and judgement must still prevail, even where the data is thin. And that’s why we call these technologies “emergent”: We haven’t fully seen them perform yet.
—This opinion was first published in CIO Insight. For more such stories please visit www. cioinsight.com
10 Steps to Successful Organisational Change CIOUpdate guest columnist Donn DiNunno of EM&I offers up his vision of what it takes to manage and succeed in the change game. By Donn DiNunno
S
ince the Tower of Babel, large organisational changes have had a tendency to fall apart during implementation. Even with modern engineering methods and technologies only about 1-in-3 of organisational change initiatives survive beyond their initial implementation. So can anything be done to improve the odds and avoid costly failures? Yes, here are some steps to change the trend and save you from losing critical momentum as you work to mature your organisation’s value and performance: Planning must be proportional: Big changes need plans that are commensurate with the effort. Some people may say, “Just
1
20
cto forum 07 february 2011
The Chief Technology Officer Forum
do it!” but exuberant activity without the necessary focus is a waste of energy. Planning has a secondary benefit -- people prepare for a change when they see or are involved in the planning activities. Plans pre-condition people to move toward a desired future state. Short-cuts rarely are: Don’t expect “quick hits” or sudden uniformity. Participants will experience frustration and ambiguity during the early stages. Let the things that come easily be the impetus for real change. Otherwise, it may be just as easy to revert to the old ways. Establish building blocks: Foundational tools and processes such as root cause analysis and risk management create a participative management style that builds trust. These modular build-
2 3
c h a n g e m a n ag e m e n t
ing blocks must be in place for an effective organisational change initiative to be fully adopted and adapted to your organisation. Allow multiple views: Everyone may not agree on the priority of the forces driving change (e.g., competition, customer demands, legislation, economic changes, etc.), but the impact of these forces must translate into a coherent strategy where each participant is “rowing in the same general direction." A common set of outcomes should be clearly established. Change is organic: Don’t implement change from the top-down. Change is best developed from within an organisation, not imposed by management. While limited participation can initiate a change, broad participation is needed soon after the start to carry the momentum to a successful end. It is always helpful when management sets a good example, but changes imposed by edicts usually result in changes that aren’t the ones intended. Link behaviours to goals: Consider the unintended consequences of these established outcomes. For example, if a goal is established to reduce the IT cost per user then don’t be surprised when the metric is reported as succeeding while costs go up! The unintended consequence may be that more users are covered in those IT costs (with poorer service or reduced performance), but the ratio of costs per user is indeed less. Change is not about comfort. It comes with a price, and that price should be evaluated from multiple perspectives to determine the likely impact and the desired new behaviours. Frame the change: Successful change strategies involve an intricate understanding of change enablers and drivers (e.g., goals such as commitment to customer satisfaction; a vision that is either shared or consistently supported; transformational leadership that facilitates change rather than imposing control; a decision-making process that empowers the workforce; individual development; purpose; and incentives that encourage teamwork.) A holistic roadmap is both a good planning tool and a way of reporting progress. Follow-up on small improvements: People need reinforcement especially when they are being asked to perform outside their comfort zones. Initial dips in productivity or missed targets are typical and how management deals with the outliers during the period of stabilisation is important if they want people to continue striving for improvement. The attitude that lessons learned are an investment in individuals rather than a spot on their permanent record is an important aspect of team building. Getting and giving feedback is a best practice. Change is not for everyone: Some people may not successfully transition to the new environment. They may hold fast to the previous ways that made them successful in the past or just not be willing to being retrained.
B E S T OF B R E E D
4
6
7
8
9
photo BY photos.com
5
People need reinforcement especially when they are being asked to perform outside their comfort zones Separating out the parts of the puzzle that don’t fit as the roadmap is implemented is a delicate operation, but necessary for the organisation to complete the journey. Also, the people who led the change may not be the best people to hold the gains and sustain the new practices. Establishing career plans is part of No.1 Planning. Even though there is 10 of them, it’s not a 10-step program: Finally, there are no sure-fire "Ten steps to success" when attempting an enterprise-wide organisational change. Each organisation is different and what works well for one may not apply to your organisation. In fact, each change within your organisation is different from previous changes. Some people may be ready to do it again – only better – and others may be stretched to the limit and need time to re-establish a comfortable baseline. If one or more of these rules is ignored will your change fail? Well, you’ve heard about failing to plan (No.1) that habits take time to become permanent (No.2), and certainly without a proper foundation (No.3) any engineering feat is unsound. And, yes, a few saboteurs (No.9) can sink the boat. Yet, the degree of complexity of your roadmap (No.7), participative style (No.5), linkage from behaviours to goals (No.6) and understanding of underlying forces (No.4 and No.8) are areas that can be refined as the change is implemented. Even the Tower of Babel succeeded in end.
10
—Donn DiNunno is quality director at EM&I, whose consultants specialise in the areas of strategy, governance, and engineering. —This article appears courtesy www.cioupdate.com. To see more articles regarding IT management best practices, please visit CIOUpdate.com.
The Chief Technology Officer Forum
cto forum 07 february 2011
21
B E S T OF B R E E D
c lo u d
The 3 Trends IT Can’t Ignore As computing moves into the cloud, new mash-ups are emerging that can be leveraged to increase IT's business value. By Daniel Burrus
N
photo by PHOTOS.COM
o one knows better than the CIO and IT department how quickly technology is evolving. For that reason, it’s imperative that CIOs be focusing not just on the changes that are happening today, but also on the technological trends that are emerging and shaping the future of your company and your industry. Why? Because the more anticipatory you can be in regard to technology and how to creatively use it for competitive advantage, the more the IT department will be seen as a strategic partner in the organisation’s future. As someone who has been accurately predicting the future of technology for over 25 years, I urge all CIOs to focus on the following three trends that are emerging and reshaping the business landscape as we know it:
1. Just-in-time training Thanks to cloud-based technology, we’re on the brink of a revolution in just-in-time training (JITT). This will enable people to use their laptops, cell phones, and tablet computers as a tool to receive training precisely when they need it. In the current training model used by many organisations, people receive training for a variety of things before they actually need the expertise, thus taking the people away from their jobs and costing the company a lot of money. With just-in-time training, companies can keep people in the field without the specific training. Then, when the person needs a
22
cto forum 07 february 2011
The Chief Technology Officer Forum
certain skill set to complete a job or do a task, he or she can receive the training for it in real time via cloud-based technology. For example, suppose your company specialises in selling and repairing commercial HVAC units. There a number of different units your repair staff needs to know how to fix. But rather than taking your people out of work and putting them in a multi-day training course, you keep them in the field without the specific training. When they
have to repair a unit they are not familiar with, they can receive the training on how to fix it in real time via their mobile device as they are servicing the unit. This approach cuts training costs dramatically but it does not mean the company eliminates all pre-training (training that occurs before there is a need for the knowledge or skill). There are some things all employees need to know in advance. But rather than rely solely on the pre-
c lo u d
look, what to open, what to touch, etc. Now training model, the company can do some you’re using the customer as your eyes, pre-training but do most of the training on ears, and hands in real time, servicing demand as needed. them anywhere in the world. This simple Let’s take this trend a step further. Suptechnology can save the company trepose the commercial HVAC repair person mendous amounts of time and money, all is onsite, servicing something he’s never while helping the customer immediately. worked on before. He uses the JITT module Realise that using cloud-based technology via his tablet computer – but he’s still confor just-in-time services goes way beyond fused about a certain aspect of the repair. repair. It could be used to train people on All he has to do is touch the “Help” icon new software, train salespeople on product on his screen and it immediately connects upgrades, instruct employees on new polihim to a master trainer live on the screen. cies and procedures, etc. And it’s different But instead of just telling the master trainer and better than a standard tutorial, because what the problem is, the repair person can the training can be accessed via any device, put on a headband that has a camera on the front (much like the headlights people use for camping). By wearing this digital, high-resolution camera that interfaces with the mobile device, the repair person can show the master trainer exactly what the issue is. Now that master trainer can see what the repair person sees, he can tell him exactly what to do. The master trainer can lead the repair person through the repair as if he were standing right there with the repair person ... anywhere, and at any time … and it offers an Talk about a dramatic savings and option for live help. Think of it like a help increase in efficiency! desk on steroids. But it won’t stop there. So, in reality, the applications for cloudRather than using this cloud-based techbased, just-in-time services are virtually nology only for JITT, companies will also limitless. be able to use it for just-in-time emergency While this may seem like an HR initiaservice. For example, let’s say your company tive, it’s really up to the CIO to spearhead sold some heavy equipment to a customer the effort. Remember that any time you talk in Italy. One of those machines has a probabout the use of technology, the initiative lem and now it’s down and needs to be has to be driven by the people who underrepaired. But the nearest service technician stand what can be done. So even though HR is in the United States. In order to fly the would use this technology, they would never technician to Italy at a moment’s notice, you drive the initiative because they don’t know have to invest both time and money. Addiwhat’s technically possible. Therefore, it’s tionally, during the coordination and travel up to the CIO. time, the machine is down at your customBut this is a good thing, er’s location, costing them time because by driving technologies and money as well. such as this, the CIO adds strateWith cloud-based technolgic value to the organisation. Any ogy, you can use a similar time you can look at the future system to just-in-time training and the evolution of technology where you turn your customer of IT services and see what can be done or how into your technician. You spending in India to use technology to increase simply tell them to put on the comes from efficiency, lower costs, or provide camera headband that came with the equipment. Then discrete services new products and services, you’ll be viewed as a highly-valued your master technician can member of the C-suite. direct the customer where to
B E S T OF B R E E D
2. Processing power on demand The increased bandwidth that our mobile devices now receive enables us to connect to the cloud-based technologies easier and faster than ever before. And one thing we know about bandwidth is that it will continue to increase. Because of this, we’ll soon be able to take advantage of another trend that I call processing power on-demand, or virtualised processing power. We have already virtualised so many things it only makes sense, that processing power will be virtualised, too. In other words, a mobile device only has a certain
The increased bandwidth that our mobile devices now receive enables us to connect to the cloud-based technologies easier and faster than ever before
70%
amount of processing power. But if you can tap into additional processing power via cloud-based technology, you can turn your mobile device into a super computer where you can do advanced simulations and crunch different data streams together to get real time analytics. Now your handheld device is as powerful and advanced as your desktop. Imagine the increase in productivity if each of your company’s employees had the capability to do complex work that required advanced processing power while they were on the road, armed with nothing more than their mobile device. What would that shift do to your company’s bottom line?
3. Creative application of technology For both of these trends and others to fully emerge, CIOs have to consider what their people would do with the technology. It’s no longer enough to just deploy technology; CIOs also need to consider how they can creatively apply the technology to their company in order to gain competitive advantage. This is certainly a major mindset shift for many organisations, since most CIOs The Chief Technology Officer Forum
cto forum 07 february 2011
23
B E S T OF B R E E D
c lo u d
So while you want to listen to what people in the organisation are asking for, realise that what they’re not asking for is the bigger and better capabilities – the things they don’t even know are possible up the telephone, have a short conversation, and IT departments have historically been and lose a million dollars. viewed as the implementers. But today, The difference is not the phone; it’s what that’s not enough. You need to show the the person said on the phone -- how they C-suite how you can creatively apply any used the tool. Therefore, the creative applitechnology and maximise its use. Therecation of the tool is often more important fore, you need to go to your internal custhan the tool itself. tomers (all the people using the technology As you likely know, there are literally thouin the enterprise) and ask what they want sands of features in Microsoft Word that technologically. you can select. Most people are using only By all means, give them what they ask for, seven to ten features. And your competitors but realise that they will under-ask because are using the same features, which means they don’t know what’s technically possible. you’re not getting any true competitive So while you want to listen to what people advantage. So IT needs to ask, “What feain the organisation are asking for, realise tures would be great for our sales group [or that what they’re not asking for is the bigHR, or accounting department, or logistics ger and better capabilities – the things they people, etc.] to use -- features that are so don’t even know are possible. buried in the software that no one knows The key is to go to the next level and give they exist?” people the ability to do what they currently Most IT departments don’t ask those can’t do, but would want to do, if they only questions because they’re too busy making knew they could. After all, people really sure everything is connected, working well, didn’t ask for an iPhone or a Blackberry. and safe. The hidden need was the ability to access But there’s another vital role that IT must their email and internet without being tied undertake -- the creative application of to their desktop or laptop. Similarly, people tools so your company can gain competididn’t ask for an iPad or for app-driven tive advantage from the tools you already TV, but that’s where we’re going because have. Who in your organisation is worksomeone is asking what would people really ing on that? Who is looking at want to do. the tools you already have and This is about putting existing asking if they are being undertechnologies together and using used? Chances are the answer them in a creative way. So, for is, “No one.” As such, it’s safe IT, this is about creatively applyto say that all your tools are ing the tools you already have. growth of pc underutilised. After all, it’s not always the tool, Therefore, you need to but how you use it. For exammarket in india implement a communication ple, some people can pick up in q4, 2010 vehicle that engages the difthe telephone, have a short conferent groups you serve in the versation, and make a million enterprise such as sales, logisdollars. Other people can pick
16%
24
cto forum 07 february 2011
The Chief Technology Officer Forum
tics, purchasing, accounting, HR, etc. and you need to engage them in helping them understand the power of the tools they have access to. One suggestion is to automatically show them a “feature of the day” and how it can make their life easier. This is about giving them information in short, fun, engaging ways rather than a hundred-page document detailing all the features (which no one will read anyway). Some software programs have such features where you get a tip per day. Perhaps you can customise that idea and apply it internally so that the different groups get information tailored specifically to them and their needs. Many CIOs and others in the IT department will say they are too busy to address any of these trends. They’re too busy to look at just-in-time training, processing power on demand, or the creative application of existing tools. But if you don’t drive the initiatives, your competition will. Ultimately, whoever drives these trends within an organisation will be perceived as a significant contributor to the enterprise, i.e., someone worth keeping and someone with a high value in the marketplace. That’s why the CIO should own these initiatives and bring value to the organisation as it relates to selecting and implementing technology, as well as how the company uses it. In this way, the CIO can drive results to the bottom line and be a key contributor to the organisation’s success.
—Dan Burrus is one of the world’s leading technology forecasters and business strategists, and is the author of six books, including the highly acclaimed Technotrends, which has been translated into over a dozen languages. He is the founder and CEO of Burrus Research, a research and consulting firm that monitors global advancements in technology-driven trends to help clients better understand how technological, social, and business forces are converging to create enormous, untapped opportunities. —This article appears courtesy www.cioupdate.com. To see more articles regarding IT management best practices, please visit CIOUpdate.com.
m a n ag e m e n t
B E S T OF B R E E D
Presenting to Your Board of Directors: Telling the IT Storyeeks If you’re summoned to answer to your board of directors, it’s critical that you understand the top issues your directors are looking at today. By Arthur Langer
photo by PHOTOS.COM
C
IOs often talk about “having a seat at the table.” This usually means reporting directly to the CEO and being engaged in all key strategic meetings within the firm. But many CIOs still do not report directly to their CEO—a controversy that continues to be discussed at many senior management meetings. At the same time, an increasing number of CIOs tell me they are being asked to present to their company’s board of directors—the ultimate “seat” of exposure. Here are four key points for you to bear in mind: 1.Boards are most likely interested in hearing about ideas for ways in which the CIO can assist the organisation’s growth, both operationally and strategically. They’re less interested in reviewing your budget. 2.Board members are concerned about security, particularly how the CIO is providing protection against security risks and the exposure of confidential information. 3.Boards are acutely aware of the dangers facing the data the organisation stores. An emerging area of CIO responsibility is known as “e-discovery.” This involves understanding how much data is available and the legal exposures of retaining such information. 4.Boards need to understand the type and
amount of data the company has stored. The CIO needs to do more with data analytics. This involves aggregating and interpreting organisational information in order to directly influence business decisions. These are big-ticket issues that can make or break an organisation, so you need to be thoroughly prepared when you walk into the boardroom. Here are some expert tips: Research each board member. What is his or her background? What does each one tend to focus on? Speak with executives who have presented to the board in the past; they might provide suggestions about how the board meetings are conducted. Reach out. Try to get to know your board members. Attempt to speak with them before the board meets. This will allow you to ascertain what they are thinking and what issues
appear to be at the top of their individual agenda. They might also be able to help you sell your ideas to other board members. Watch your time. Never assume you will be afforded the time you need—or even the time that’s been allotted for your presentation. Board meetings tend to run over schedule, and your presentation time could be significantly reduced. Therefore, be sure to have multiple versions of your presentation—especially one version that can be presented within tight time limits. Tell stories and keep it simple. Try to express your position through a story that relates how the organisation can excel as a result of your ideas, efforts and operation. Stories that clearly show how success can be attained are very attractive and can quickly gain the attention of the board. Overall, you must be direct with your board: Do not speak in vague terms. Take responsibility for problem areas. Always articulate your plans to fix problems. And never, ever blame your staff for what is ultimately your responsibility. —Art Langer is senior director of the Center for Technology, Innovation and Community Engagement at Columbia University. This opinion was first published in CIO Insight. For more stories please visit www.cioinsight.com.
The Chief Technology Officer Forum
cto forum 07 february 2011
25
Case Study | Videocon
VTL’s Unified Platform Pleases Customers, Boosts Revenue Challange:
With a simple idea of using a common platform for both Customer Care and Voice Value Added Services (VAS), Videocon Telecommunications Ltd.’s Ajay Satyarthi implemented the first of its kind, state-of-the-art single IVR architecture to minimise cost and to optimise Core Network resources. By Harichandan Arakali
N
ot every idea that a CIO comes up with has to be a technologyintensive and complex in implementation, to be called an innovation and perhaps more importantly also help boost revenues. Ajay Satyarthi, Senior General Manager - IT at Videocon Telecommunications Ltd. (VTL), part of telecommunication division of $4 billion Videocon group, showed this, when he tweaked some existing, proven architectures to achieve superior results. VTL is licensed to offer pan-India GSM mobile services across the nation, covering 22 circles (regions as geographically designated by the nation's telecommunications regulator). In the hyper-competitive mobile phone services market in India, new entrants, such as Videocon have to find innovative ways to attract and retain customers. Technology will play a major role across the operations from making it very easy for customers to get the information that they need, to monitoring and tracking trends to react quickly to opportunities. As a more recent entrant into the market, VTL chose to outsource many of its requirements to get its show off the ground quickly. In the mobile phone business, the customer contact centre is central to ensuring both customer care and value added service are delivered well.
Single IVR Platform “Nowhere in the country is a wireless services provider using a common IVR with both the customer care calls and the value added services calls running on the same platform,” Satyarthi says. This is something unique, he says. The advantage is “on one side, we are actually catering for the call centre, which is a cost centre for us, while on the other, a revenue generating application is running on the same platform.” “Other operators have either the one or the other, but not the both sets of calls running on the same technology and on the same platform” he says.
Dynamic Allocation “What happens is that we build a common IVR platform and instead of terming it a contact centre IVR or VAS IVR, we call it a unified IVR platform,” Satyarthi explained. At the heart of this model is the dynamic allocation of ports to both the applications: What this means is that if for instance the contact centre is receiving a lot of calls at a particular time and the VAS is relatively free, the ports of the VAS IVR will get dynamically allocated to the contact centre application and vice versa.
26
cto forum 07 february 2011
The Chief Technology Officer Forum
c a s e s t u dy
COMPANY DASHBOARD ompany: Videocon C Telecommunications Limited Business: GSM mobile services in 22 circles Lineage: Part of $4 billion Videocon Group with interests in Household Consumer Goods, Oil & Gas, Retail, Telecom, DTH and the Power sector.
Ajay Satyarthi, Senior General Manager - IT, Videocon Telecommunications, tweaked an existing technology to boost customer satisfaction and revenue generation
Similarly, the VAS IVR will pick up ports from the customer contact centre side and therefore generate more revenue. This not only ensures that congestions are eased on both applications, ensuring customers' calls aren't dropped, but also improves the contact centre's revenuegenerating capability by dynamically boosting the call-handling capacity at the VAS IVR end. With few or no calls dropped, customer satisfaction is high as well. On the VAS IVR too, all the services are run on the same single IVR platform. In the traditional set up, each VAS, be it music on demand, caller back ring tone or a voice portal or a full-track song, each service would have its own IVR – that's the standard process. “What we've done is to build a common IVR to capture caller’s choice no matter which VAS a customer is interested in,” Satyarthi said. This is simply done by prompting the customer to select a choice by pressing a number, which would then route the caller to that particular service
Eliminating Problems As of today this hasn't been done elsewhere. Operators are struggling to do a consolidation migration to these kinds of platforms, Satyarthi says. When Satyarthi was building the architecture for the VAS and the contact centre, having joined VTL from an incumbent competitor, he decided to
Brand Equity: Rated among India’s Top 15 Business Houses, listed among the 100 Emerging Giants of the World in a Boston Consulting Group study and rated in the Top 15 'buzziest brands’ in India by agencyfaqs in 2010.
B E S T OF B R E E D
pick up all the existing problems faced by various operators and ensured that his architecture eliminated all of them. For instance, there was a problem of publishing multiple numbers for multiple VAS. At the operator's end, reconciliation and management of the IVRs, their port capacities and other operational issues – he decided to identify all the problems and resolve them first. At one point, it was difficult to convince the VAS providers that they can work on standards based platforms “Today, neither my music-ondemand nor my CRBT VAS provider has its own IVR,” Satyarthi said. “They use our platform and we've exposed VXML 2.0 and 2.1 APIs to these partners, so they just bring in their application. They connect to the centralized IVR platform, the responsibility of rating, charging, reconciliation lies with VTL instead of them as was the case in a traditional setup..
Better Deals Obviously this means that we've got better revenue sharing model from the VAS partners. In the conventional system, they would have had to invest in the software and the hardware for the IVR to provide VAS, which they have avoided with VTL, Satyarthi said. The unified platform also meant that Satyarthi was able to negotiate more attractive contracts with his system integrator Wipro and the technology provider Avaya, he said. “We have played on the volumes, by consolidating the calls of both the VAS and the contact centre.” In a traditional setup, about 60 percent of the calls are from the customer care end of the platform while the rest are usually from the VAS side. So in the conventional set up, one would have negotiated for the volumes – in terms of minutes handled by the contact centre outsourced service provider – of the customer care
The Chief Technology Officer Forum
cto forum 07 february 2011
27
B E S T OF B R E E D
c a s e s t u dy
“Nowhere in the country is a wireless services provider using a common IVR with both the customer care calls and the value added services calls running on the same platform.” Ajay Satyarthi, Senior General Manager - IT, Videocon Telecommunications
calls separately and the VAS volumes separately. What VTL did was to negotiate rates based on the combined volumes, reducing its costs of handling all the calls.
Set to Exceed Targets VTL set itself an initial set of targets that included getting 25 million customers in the first phase of implementations. The rate at which the mobile phone services provider is adding customers today, “we will probably far exceed that,” Satyarthi said. He wanted a cost optimized solution and knew what the problems were and what the available solutions were. VTL initially started with a centralized model with the option of decentralization if needed. Today they run out of one data centre in Chennai, with a clear idea of what volumes the existing model can handle and at what point they will have to start decentralization. The initial target was that the IT must support VTL's business and yet have a cost model that was sustainable over the next 10 years.
“The way we've done our contracts with our partners, we're managing them on SLAs and KPIs,” Satyarthi said. “There is an agreement with the SIs that says the system has to be available for a certain percent of the time and reliability has to ensure for a certain percent of the time”, he said. With mobile number portability being implemented in India, “Our systems were MNP compliant from the word go,” he said. “We don't work on number series or circle specific numbers. Today it is intra-circle and tomorrow it will be inter-circle. We will be faster in these areas, as our systems were architected in such a way,” he said. While VTL didn’t participate in the 3G spectrum auctions, the company’s IT enterprise is geared up to support multiple options to expand vertically as well as horizontally in the coming months and years, he said.
AD
Indian CIOs are utilising cutting-edge technologies for streamlining their supply chains. Not that they have options. By Varun Aggarwal and Yashvendra Singh CLAY MODELING BY PC ANOOP, Prasanth TR Sristi Maurya & Joffy Jose PHOTOS BY Subhojit Paul
The New Age
Supply
Chain
n ideal situation for a CIO would be to deliver his company’s products to the targeted customer at the right time and price, and be left with zero inventory. This calls for an ideal supply chain, which in turn depends on several factors including a country’s infrastructure. While CIOs in India can’t do much to improve the overall infrastructure in the country, some of them are trying to make their supply chains as efficient and futuristic as they can. Escorts, for instance, is planning the next level of evolution in its suppply chain. “Collaborative software is the way ahead for supply chains,” says Vipin Kumar, Manager and Head, IT, Escorts. “Manufacturers and distributors want more transparency and insight into each others’ operations so they have better understanding with respect to production, dispatch and inventory. The answer to this is deployment of collaborative tools.” Over the next three years, Escorts plans to put in place a
30
cto forum 07 february 2011
The Chief Technology Officer Forum
portal though which the vendor and distributors can collaborate. At JK Tyres & Industries, “The future of supply chain management would be a combination of the conventional approach of automation (ERP) and the new approach of collaboration tools,” says SS Sharma, Chief General Manager, IT. “This integration of the traditional and modern approaches can be facilitated by hand-held devices to provide immediate access to information wherever you are,” says Sharma. To sustain the customer base as well as profitability, the entire supply chain process at JK Tyres was recently integrated using SAP R/3 modules such as Sales and Distribution and New Dimension SAP modules such as Advance Planning and Optimization. Daya Prakash, Head, IT at LG Electronics says, “RFID as a technology is evolving, and it won’t be late before we see large scale adoption in the years to come. We are already using RFID for tagging high-value items and barcoding the rest.” “We’ll also be testing GPS tracking systems and mobility solutions to improve our SCM further,” he says. With the global economic situation remaining fluid, cost pressures on enterprises continue. As supply chain is considered an overhead, streamlining it will directly add to a company’s bottom line. Those CIOs who have transformed their supply chain into a demand-driven value network, capable of adapting to market trends, have improved their company’s revenues and brand equity. Others have no option but to follow suit.
CO V E R S TOR Y
IMAGING BY ANIL T
s u p p ly c h a i n m a n ag e m e n t
The Chief Technology Officer Forum
cto forum 07 february 2011
31
CO V E R S TOR Y
s u p p ly c h a i n m a n ag e m e n t
Building the
Supply Chain of the
Future
Getting there means ditching today’s monolithic model in favor of splintered supply chains that dismantle complexity, and using manufacturing networks to hedge uncertainty.
IMAGING BY PC ANOOP
By Yogesh Malik, Brian Ruwadi and Alex Niemeyer
32
cto forum 07 february 2011
The Chief Technology Officer Forum
any global supply chains are not equipped to cope with the world we are entering. Most were engineered, some brilliantly, to manage stable, high-volume production by capitalising on labour-arbitrage opportunities available in China and other low-cost countries. But in a future when the relative attractiveness of manufacturing locations changes quickly—along with the ability to produce large volumes economically—such standard approaches can leave companies dangerously exposed. That future, spurred by a rising tide of global uncertainty and business complexity, is coming sooner than many companies expect. Some of the challenges (turbulent trade and capital flows, for example) represent perennial supply chain worries turbocharged by the recent downturn. Yet other shifts, such as those associated with the developing world’s rising wealth and the emergence of credible suppliers from these markets, will have supply chain implications for decades to come. The bottom line for would-be architects of manufacturing and supply chain strategies is a greater risk of making key decisions that become uneconomic as a result of forces beyond your control. Against this backdrop, a few pioneering supply chain organisations are preparing themselves in two ways. First, they are “splintering” their traditional supply chains into smaller, nimbler ones better prepared to manage higher levels of complexity. Second, they are treating their supply chains as hedges against uncertainty by reconfiguring their manufacturing footprints to weather a range of potential outcomes. A look at how the leaders are preparing today offers insights for other companies hoping to get more from their supply chains in the years to come.
Twin challenges The stakes couldn’t be higher. “In our industry,” says Jim Owens, the former chairman and CEO of construction-equipment maker Caterpillar, “the competitor that’s best at managing the supply chain is probably going be the most successful competitor over time. It’s a condition of success.” Yet the legacy supply chains of many global companies are ill-prepared for the new environment’s growing uncertainty and complexity.
A more uncertain world Sixty eight percent of global executives responding to a recent McKinsey survey said that supply chain risk will increase in the coming
five years. And no wonder: the financial crisis of 2008 dramatically amplified perennial sources of supply chain uncertainty—notably the trajectory of trade and capital flows, as well as currency values—even as the crisis sparked broader worries about the stability of the financial system and the depth and duration of the resulting recession. While many of these sources of uncertainty persist, it’s important to recognise that new, long-term shifts in the global economy will continue to pressure supply chains long after more robust growth returns. The increasing importance of emerging markets tops the list of these uncertainties. Economic growth there will boost global energy consumption in the coming decade by about one-third. Meanwhile, the voracious appetite of China and other developing countries for such resources as iron ore and agricultural commodities is boosting global prices and making it trickier to configure supply chain assets. Worries about the environment are growing, too, along with uncertainty over the scope and direction of environmental regulation. These long-term trends have knock-on effects that reinforce still other sources of uncertainty. Growth in developing countries contributes to volatility in global currency markets and to protectionist sentiment in the developed world, for example. What’s more, different growth rates across various emerging markets mean that rising labor costs can quickly change the relative attractiveness of manufacturing locations. This past summer in China, for example, labor disputes—and a spate of worker suicides—contributed to overnight wage increases of 20 percent or more in some Chinese cities. Bangladesh, Cambodia, and Vietnam experienced similar wage-related strikes and walkouts. Finally, as companies in
CO V E R S TOR Y
s u p p ly c h a i n m a n ag e m e n t
Better Visibility Can Help Achieve Higher Efficiency Before Order to forecast
Order
Ship to order
Supply to forecast Finished good Supplier
After
Order Order to forecast
Work in process
Supply to forecast Component Supplier
INFOGRAPHIC BY Sristi Maurya
Rising complexity Manufacturing and supply chain planners must also deal with rising complexity. For many companies, this need means working harder to meet their customers’ increasingly diverse requirements. Mobile-phone makers, for example, introduced 900 more varieties of handsets in 2009 than they did in 2000. Proliferation also affects mature product categories: the number of variants in baked goods, beverages, cereal, and confectionery, for instance, all rose more than 25 percent a year between 2004 and 2006, and the number of SKUs at some large North American grocers exceeded 100,000 in 2009. ANOTHER UNCERTAINTY: Protectionism could change the economics of a supply chain at the stroke of a pen. Our research suggests, for example, that the total landed cost of making assembled mechanical products such as washing machines in a given low-cost country could plausibly swing up to 20 percent given different tariff scenarios. Meanwhile, globalization brings complexities as rising incomes in developing countries make them extremely desirable as markets, not just manufacturing hubs. Efficient distribution in emerging
cto forum 07 february 2011
The Chief Technology Officer Forum
Assembly
Customer
Component Inventory
developing markets increasingly become credible suppliers, deciding which low-cost market to source from becomes more difficult.
34
Customer
Finished good Inventory
markets requires creativity, since retail formats typically range from modern hypermarkets to subscale mom-and-pop stores. In Brazil, for example, Nestlé is experimenting with the use of supermarket barges to sell directly to low-income customers along two tributaries of the Amazon River.
Meeting the challenge In such a world, the idea that companies can optimise their supply chains once—and for all circumstances and customers—is a fantasy. Recognising this, a few forward-looking companies are preparing in two ways. First, they are splintering their traditional monolithic supply chains into smaller and more flexible ones. While these new supply chains may rely on the same assets and network resources as the old, they use information very differently—helping companies to embrace complexity while better serving customers. Second, leading companies treat their supply chains as dynamic hedges against uncertainty by actively and regularly examining— even reconfiguring—their broader supply networks with an eye toward economic conditions five or ten years ahead. In doing so, these companies are building diverse and more resilient portfolios of supply chain assets that will be better suited to thrive in a more uncertain world.
From one to many Splintering monolithic supply chains into smaller, nimbler ones can help tame complexity, save money, and serve customers better. Let’s look at an example.
Splintering supply chains: A case study A US-based consumer durables manufacturer was losing ground to competitors because of problems with its legacy supply chain. Years before, the company—like many global manufacturers—had sent the lion’s share of its production to China while maintaining a much smaller presence in North America to stay close to the majority of its customers. One legacy of the move: all of its plants, relying on a unified production-planning process, essentially manufactured the full range of its thousands of products and their many components. Now, however, increasingly volatile patterns of customer demand, coupled with product proliferation in the form of hundreds of new SKUs each year, were straining the company’s supply chain to the point where forecasting- and service-related problems were dissatisfying key customers. In response, the company examined its portfolio of products and components along two dimensions: the volatility of demand for each SKU it sold and the overall volume of SKUs produced per week. Armed with the resulting matrix, the company began rethinking its supply chain configuration. Ultimately, the company decided to split its one-sizefits-all supply chain into four distinct splinters. For high-volume products with relatively stable demand (less than 10 percent of SKUs but rep-
CO V E R S TOR Y
resenting the majority of revenues), the company kept the sourcing and production in China. Meanwhile, the facilities in North America became responsible for producing the rest of the company’s SKUs, including high- and low-volume ones with volatile demand (assigned to the United States) and low-volume, low-demandvolatility SKUs (divided between the United States and Mexico). Ramping up production in a higher-cost country such as the United States made economic sense even for the low-volume products because the company could get them to market much faster, minimize lost sales, and keep inventories down for many low-volume SKUs. Moreover, the products tended to require more specialized manufacturing processes (in which the highly skilled US workforce excelled) and thus gave the company a chance to differentiate itself in a crowded market. However, the company didn’t just reallocate production resources. In tandem, it changed its information and planning processes significantly. For the portfolio’s most volatile SKUs (the ones now pro-
IMAGING BY PC ANOOP
s u p p ly c h a i n m a n ag e m e n t
CO V E R S TOR Y
s u p p ly c h a i n m a n ag e m e n t
duced in the United States), the company no longer tried to predict customer demand at all, choosing instead to manufacture directly to customer orders. Meanwhile, managers at these US plants created a radically simplified forecasting process to account for the remaining products—those with low production runs but more stable demand. For overseas operations, the company continued to have its Chinese plants produce finished goods on the basis of long-run forecasts, as they had done before. The forecasts were now better, though, because planners were no longer trying to account in their models for the “noise” caused by the products with highly volatile demand. Together, the changes helped the company reduce its sourcing and manufacturing complexity and to lower its cost of goods sold by about 15 percent. Meanwhile, it improved its service levels and shortened lead times to three days, from an average of ten. Quality also improved across the company’s full range of products.
How many splinters? The first question for organisations exploring multiple supply chains is how many are needed. Answering it requires a close look at the way the supply chain assets that a company uses to manufacture and distribute its products matches up against the strategic aspirations it has for those products and their customers. This requirement seems obvious, but in practice most companies examine only the second half of the equation in a sophisticated way; they can, for example, readily identify which products they see as leaders on cost, service, innovation, or (most likely) some combination of these. Fewer companies seriously examine the operational trade-offs implicit in such choices, let alone make network decisions based on those trade-offs. Oftentimes, a good place to start is to analyse the volatility of customer demand for a given product line against historical production volumes and to compare the results against the total landed cost for different production locations. This information provides a rough sense of the speed-versus-cost trade-offs and can even suggest locations where supply chain splinters might ultimately be located. Of course, companies must carefully check these broad-brush analyses against customer needs. The consumer goods company, for instance, found that packaging innovation was a differentiator for
36
cto forum 07 february 2011
The Chief Technology Officer Forum
some of its products and thus configured a single production line in the new, lower-cost location to make packaging for several markets quickly. By contrast, in automotive and other assembly-based industries, we find that the customers’ responsiveness and the complexity of individual products are important inputs that help determine where supply chains might be splintered.
Second-order benefits While dividing a supply chain into splinters may seem complicated, in fact this approach allows companies to reduce complexity and manage it better because operational assets can be focused on tasks they’re best equipped to handle. At the same time, the added visibility that a splintered approach offers into the guts of a supply chain helps senior managers more effectively employ traditional improvement tools that would have been too overwhelming to tackle before. After the consumer durables maker divided its supply chain into smaller ones, for example, it was able to use formerly impractical postponement approaches (producing closer in time to demand to keep holding costs low). The company’s US plants now combined various SKUs into semifinished components that could quickly be assembled into products to meet customer orders. Indeed, the lower inventory costs this move generated partially offset the higher labor costs of the US factories. Likewise, the global consumer-packaged-goods maker found that after splintering its supply chain, it was more successful at applying lean-management techniques in its plants.
Use your network as a hedge The advantages that multiple supply chains confer are most valuable if companies view them dynamically, with an eye toward the resiliency of the overall supply chain under a variety of circumstances. Will the various strands of a particular global supply network, for example, still make sense if China’s currency appreciates by 20 percent, oil costs $90 a barrel, and shipping lanes have 25 percent excess capacity? It’s critical for organizations to determine which of the many questions like these are right to ask and to invest energy in understanding the global trends underpinning them. In fact, we believe that the ability of supply chains to withstand a variety of different scenarios could influence the profitability and even the viability of organizations in the not-too-distant future. In light of this, companies should design their portfolios of manufacturing and supplier networks to minimize the total landed-cost risk under different scenarios. The goal should be identifying a resilient manufacturing and sourcing footprint—even when it’s not necessarily the lowest-cost one today. This approach calls for a significant mindset shift not just from operations leaders but also from CEOs and executives across the C-suite. At the consumer durables manufacturer, for example, senior executives worried that its reliance on China as a hub could become a liability if conditions changed quickly. Consequently, the company’s senior team looked at its cost structure and how that might change over the next five to ten years under a range of global wage- and currency-rate conditions. They also considered how the company could be affected by factors such as swinging commodity prices and logistics costs.
CO V E R S TOR Y
s u p p ly c h a i n m a n ag e m e n t
While China remained the most attractive manufacturing option in the short term, Mexico was preferable under several plausible scenarios. The company determined that while China remained the most attractive manufacturing option in the short term, the risks associated with wage inflation and currency-rate changes were real enough to make Mexico a preferable alternative under several plausible scenarios. Consequently, the company has begun quietly building its supplier base there in anticipation of ramping up its manufacturing presence so that it can quickly flex production between China and Mexico should conditions so dictate. A North American industrial manufacturer chose to broaden its footprint in Brazil and Mexico to hedge against swings in foreignexchange rates. In particular, the company invested in spare capacity to make several innovative, high-end components that it had formerly produced only in Europe and the United States because of the advanced machining and engineering required. The investment is helping the company hedge against currency swings by quickly transferring production of the components across its global network to match economic conditions. Moreover, the arrangement helps it better support its supply partners as they serve important growth markets. Making these kinds of moves isn’t easy, of course, since any alterations to a company’s supply chain have farranging implications
throughout the organisation. For starters, such changes require much more cooperation and information sharing across business units than many companies are accustomed to. Nonetheless, the rewards are worthwhile. By creating more resilient and focused supply chains that can thrive amid heightened uncertainty and complexity, companies will gain significant advantages in the coming years. —Yogesh Malik and Brian Ruwadi are principals in McKinsey’s Cleveland office; Alex Niemeyer is a director in the Miami office. The authors wish to acknowledge Sebastien Katch for his valuable contributions to this article. "This article was first published in January 2011 on The McKinsey Quarterly Web site, www.mckinseyquarterly.com. Copyright © 2011 McKinsey & Company. All rights reserved. Reprinted by permission."
The Chief Technology Officer Forum
cto forum 07 february 2011
37
CO V E R S TOR Y
s u p p ly c h a i n m a n ag e m e n t
Leveraging the Power of Mobility
veready Industries ranks amongst India’s top FMCG companies. Its product portfolio includes dry cell batteries, flashlights, compact fluorescent lamps, packet tea and mosquito repellant. Ensuring its product availability across the country, Eveready has set up a huge distribution network. Out of a total universe of 7.3 million FMCG retail outlets, the company is present in 3.3 million retail outlets across India. This implies that Eveready is present is towns with a population density of even less than 5000. This huge network is serviced by 4000 distributors (van operators, wholesalers and retail stockists) who further deploy a sales force of 5500 people.
The Challenge
SNAPSHOT
Company: Eveready Industries India Ltd Business: Manufacturing Size: More than 1000 employees Turnover: 1050 crore CIO: Arup Choudhury
Project: Implementation of a secondary sales reporting system
38
cto forum 07 february 2011
For any company in the FMCG industry, it is very important to keep track of the secondary movement of goods. As Arup Choudhury, CIO, Eveready Industries says, “We need to monitor on a continuous basis, which distributor is stocking what. The field force also needs to be equipped with off-take data of the beat to be covered, competitor information, new product launches and promotional activities.” The company had been gathering this information manually, which led to heavy reliance on an individual sales person's judgment and often resulted in human errors. That was when Eveready thought of using a mobile phone to link salespeople with the headquarters’ servers, and their distributors.
The Implementation Eveready decided to come up with a solution that The Chief Technology Officer Forum
“This project has used a simple mobile technology to catapult the organisation into a different level” Arup Choudhury CIO, Eveready Industries
s u p p ly c h a i n m a n ag e m e n t
The Takeaways The implementation has resulted in yielding valuable data for the company, which when mined properly helps in generating important information like affinity analysis to decide product placement strategies. Better product placement and historical information of
retail outlets in turn leads to an increase in sales revenue. The project has also helped in planning promotional activities effectively as Open Market Rate for any beat is now available instantly. This helps as sales force has more touch-time with retailers and can spend quality time with family since all field reporting excel templates have been eliminated. They just need to fill out the java applet for send an SMS at the end of the day. Rest of the process is automatically taken care off by the data warehousing and mining tools. “In a nutshell, this project has used a simple mobile technology to catapult the organisation into a different level, way ahead of competition. Better quality of life for the sales force, no more filling up excel sheets, decision making process has been reduced to minutes from months, better product visibility, increase in sales turnover,� says Choudhury.
IMAGING BY ANIL T
could make use of a mobile phone as every employee was already using one. A small, Java-based application was thus set up for the mobile phone to capture sales, inventory and forecast data. There was a central portal which could be used by head office to enter promotions and product launches. The master data was synced with the ERP system to get the latest information. By doing this, the company captured the primary, secondary, and forecast information into a data warehouse and used a reporting tool to generate meaningful information from it. The entire project took about 6 months for implementation.
CO V E R S TOR Y
The Chief Technology Officer Forum
cto forum 07 february 2011
39
CO V E R S TOR Y
s u p p ly c h a i n m a n ag e m e n t
Forecasting
Growth abur, which ranks among India’s largest FMCG firms, has been clocking robust growth over the last four years (a CAGR of 18 percent in net revenues and 33 percent in PAT). However, despite the strong growth, the management felt there was still room for incremental growth by bringing in supply chain efficiencies. It was observed that as a result of lost sales (due to shortage of stock), Dabur was losing as much as 6 percent revenue. The company was losing another 10 percent on account of damaged goods. It was, therefore, concluded that streamlining the supply chain could lead to an addition of Rs. 50-75 crore to Dabur’s bottom line.
The Challenge
SNAPSHOT
Company: Dabur India Business: FMCG
Size: More than 1000 employees Turnover: 3400 crore CIO: Anil Garg Project: Automating Forecasting
40
cto forum 07 february 2011
When the management decided to make its supply chain more efficient, it was easier said than done. Given Dabur’s vast product portfolio, its supply chain was far more complex than other FMCG companies in the country. “We have a diverse product portfolio with more than 800 SKUs spanning multiple ‘shelf life’ -- foods, personal care, home care and healthcare products, fragmented and multi-tiered distribution network with more than 10 plants, over 40 warehouses and about 1500 distributors. We also have a large fragmented front end and seasonal products with significant sales skew,” says Anil Garg, GM – IT, Dabur India. Besides, the company was straddled with legacy systems. Sales forecasting, the key to any FMCG comThe Chief Technology Officer Forum
“With SAP APO implemented, our entire forecasting is now automated. The entire sales volume plan is generated by the system once you input the growth target." Anil Garg GM, IT, Dabur India
s u p p ly c h a i n m a n ag e m e n t
pany in meeting demand, and preventing over/ under production was being done manually. “This entire process was filled with under utilisation of information which resulted in significant costs across multiple value levers,” says Garg. Low forecasting accuracy was leading to excess inventory, high operational costs and lost sales.
The Implementation Dabur decided to improve forecasting. The company that was already running SAP ERP for many years now, decided to implement SAP’s Advanced Planner and Optimizer (APO). To ensure the accuracy of SAP APO, historical data was deconstructed to derive the baseline sales and impact of ATL/ BTL inputs. The entire project was divided into different phases—diagnosis, design, build and implement, and finally run (go live). The SNP (Supply Network Planning) module was implemented for production planning & dispatch planning. Dabur decided to use 30 months of historical data for forecasting plus 6 months data for validation. Tests were run over the 30 months historical data to check if the forecasting was aligned with actual planning. The last 6
CO V E R S TOR Y
months data was used to validate the results. The entire process of diagnosis, design, build and implementation took about 8 months and project went live in April 2010.
The Takeaways Dabur greatly benefited from SAP APO with perceptible business outcomes. For instance, post this deployment, lost sales opportunities which were accounted at about 6 percent were reduced to 3.75 percent; error forecast was reduced from 85 percent to 40 percent. The forecast accuracy increased from just 25 percent to over 60 percent. According to Garg, the entire exercise was completed within 8 months because of the business-benefit led approach rather than a mere IT-led approach. “With SAP APO implemented, our entire forecasting is now automated. The entire sales volume plan is generated by the system once you input the growth target. All other calculations including required capacity expansion, markets where we can get more business etc is all generated by the system in real times,” explains Garg.
Unlocking
Value he Escorts Group is among India's leading engineering conglomerates. It operates in the high growth sectors of agriculture machinery, construction and material handling equipment, railway equipment and auto components. The company, especially its agriculture machinery division, has been witnessing good growth over the last two-three years. As Vipin Kumar, Manager & Head, IT, Escorts AMG (Agri Machinery Group), says “When the world was grappling with recession, we actually ended the year with a profit. Last year (FY 2009-10), we recorded a profit of Rs137 crore.”
The challenge While the company was increasing its bottom line, there was still a huge amount of cash that was blocked in inventories. A crucial element of growth – production planning – was being done manually. A fortnightly planning for production was being done based on the feedback from territory managers and production planners, who in turn relied on just their experience. “We did not have insights into market demand as a result production was not aligned with the market. Our vendors were not clear about our production plans, and large numbers of our tractors were accumulated into the sales chain,” says Kumar. The Chief Technology Officer Forum
cto forum 07 february 2011
41
CO V E R S TOR Y
s u p p ly c h a i n m a n ag e m e n t
SNAPSHOT
Company: Escorts AMG
Business: Manufacturing Agriculture Machinery Size: More than 1000 employees Turnover: 2500 crore CIO: Vipin Kumar Project: Implementing a Supply Chain Solution
The challenge was accentuated by the company’s growing network of suppliers spread across the country. Escorts has a network of 800 dealers and 150 territory managers across 32 locations in India. The company’s supply chain comprises over 350 suppliers.
The Implementation Given the situation, Escorts decided to re-implement i2, a supply chain software solution. While the company was already using i2 for generating supplier schedules, it was only partially implemented and users were accessing only some of the features of the application. The solution was deployed across all four manufacturing facilities of the company in Faridabad. Escorts has two tractor manufacturing plants, and two component manufacturing facilities. To enable a smooth transition, a 12-member team from various departments in Escorts was put in place. This team received support from a team from i2 Technologies, the vendor that implemented the project. The implementation was completed successfully in about 8-9 months.
The Takeaways The deployment led to improved cross-functionality
“The cost of project was nothing when compared to the returns. Net cash realisation went up by as much as 500 percent” Vipin Kumar Manager & Head, IT, Escorts AMG
amongst teams. Different departments such as marketing, production, and purchase started working in tandem. This enabled better forecasting of sales and the related production planning. Escorts aligned itself with the market demand. The result was the inventory came down from 12-13 days to 7 days. Production planning that was earlier done on a fortnightly basis was now done on a weekly basis. The quality of the products also improved. “The cost of project was nothing when compared to the returns. Net cash realisation went up by as much as 500 percent,” says Kumar.
42
cto forum 07 february 2011
The Chief Technology Officer Forum
AD
NEXT
HORIZONS
Features Inside
Are You Driving the Business Agenda for 2011? Pg 49 The 7 Habits of Highly Effective Presenters Pg 51
Illustration by anil t
A
Cloud Forecast 2015 IT leaders share their views on what’s best—and what’s worst—in today’s cloud computing environment.
By Tony Kontzer
44
cto forum 07 february 2011
The Chief Technology Officer Forum
t long last, the hype behind cloud computing has become reality. Companies of all sizes have discovered the benefits of the cloud and are flocking to it in all its forms—public, private, as-a-service, as-a-platform, as-aninfrastructure. Yet, even as enterprises step up their use of cloud computing solutions, numerous factors need to be resolved before the cloud becomes a viable option for mission-critical applications. By 2015, CIOs and other IT leaders interviewed by CIO Insight say they expect many of these issues to be sorted out. Specifically, in the next five years, maturity is expected in three key areas: n the contracts offered by cloud suppliers; n the tools to govern cloud resources; and n interoperability between cloud technologies. (For top tips from these industry leaders, read BOX Cloud Check List) Many CIOs see the value in cloudbased products and services. At the same time, they’re finely attuned to the cloud’s shortcomings when it comes to delivering secure and reliable options to existing storage and application needs, especially
AD
N E X T H OR I Z O N s
c lo u d
for their mission-critical requirements. At the top of the wish list for Yuvi Kochar, vice president of technology and CTO for The Washington Post Co., is contract language that covers the service guarantees he seeks. Kochar staunchly supports using resources in the public cloud. But, he’s increasingly concerned about the portability of the ever-growing volume of critical business data he’s putting in the hands of cloud providers. Kochar says he has no assurances that pulling data from providers will be as easy as giving it to them. “It’s worrisome that we’re all jumping on this thing,” he says. “There are no contract agreements that talk about bandwidth when you’re leaving, but they offer a lot when you’re coming in.” Kochar has plenty of experience to back up his claims. He’s overseen a flood of cloud deployments at The Washington Post. Applications ranging from performance management and recruitment automation to travel services and expense management have been handed over to a variety of niche software-as-a-service (SaaS) providers. Web sites such as the recently sold Newsweek and the politician profile wiki WhoRunsGov.com have been entrusted to Amazon.com’s Elastic Compute Cloud (EC2) on-demand computing service. Kochar also has been evaluating GoogleApps and Microsoft’s Business Productivity Online Standard (BPOS) Suite as possible messaging and collaboration platforms, and he has seen the company’s research and development group make good use of EC2 to fill temporary processing needs. Given The Post’s confidence in cloud technology, it’s especially frustrating for Kochar that cloud vendors haven’t begun
CIO for The Schumacher offering the level of service Group, Lafayette, La., a phyguarantees their customers sician-owned company with need. “Am I ready to put my more than 1,500 employees ERP system in a public cloud that manages emergency environment with whatever of business departments for nearly 200 promise Amazon might give processes of hospitals across the United me in an agreement?” he the schumacher States. Menefee has overseen asks. “Probably not.” an aggressive cloud strategy Improved service guargroup Are on that has Schumacher running antees aren’t the only thing cloud more than 80 percent of its Kochar wants to see from business processes in cloud cloud providers. He says solutions today, many of them there’s a “very i Cloud Forecustom applications built using Salesforce. cast 2015 intense need” for tools to monicom’s Force.com platform-as-a-service tor and manage applications in the cloud (PaaS) environment. in real time. Without them, he has to rely Menefee is looking at potentially moving on cloud vendors to report uptime and the home-grown apps that run Schumachdowntime statistics. Waiting for them to er’s physician portal, SQL servers and develdo so increases the risk of providing a poor opment environment onto Amazon’s EC2. customer experience. “If a story doesn’t Not that he doesn’t allow conventional bestcome up on a site fast enough,” he says, of-breed vendors to pitch for the company’s “the reader’s probably gone.” business—he just rarely selects them. “Nine Kochar’s concerns should be addressed times out of 10,” he says, “the cloud-based over the next few years, says Daryl Plumsolutions are winning.” mer, managing vice president and fellow Despite his enthusiasm for the cloud, for IT consultancy Gartner. He says that by Menefee echoes Kochar: He would like 2015, cloud vendors will understand that more capabilities for governing cloud CIOs need to be able to audit cloud-based solutions, especially given Schumacher’s systems and receive guarantees about expectation that accounting rules related to providers’ liability should their systems the cloud are likely to come under scrutiny experience failures. Such assurances will in the coming years. Menefee also says be injected into service-level agreements cloud providers will need to lower the costs embedded in contracts. He also says that of contract renewals, as CIOs come under IT executives’ calls for tools that help them pressure to reduce what they spend with govern how—and with whom—employees their vendors. provision cloud resources will be answered. Neither of these issues represents MenePlummer adds that he expects to see fee’s chief cloud concern. That honor goes “cloud brokerages,” or intermediaries, to the challenges he faces on the identity emerge to help enterprises get what they management front, where havoc is being need from the cloud. wrought by the numerous logins and passThat’s good news for Douglas Menefee, words that employees need to access various applications. He’s tackled the issue in part by deploying a single sign-on offering from Symplified. But, the burden of connecting the various services still falls heavily on IT. Menefee believes there’s no reason that corporate cloud environments can’t benefit from the same kind of identity verification processes used by Web 2.0 sites such as Facebook, which lets users tie third-party applications to their Facebook pages simply by using their Facebook logins. “They need those prebuilt connectors,” says Menefee. “I don’t want people coming
Web sites such as the recently sold Newsweek and the politician profile wiki WhoRunsGov.com have been entrusted to Amazon.com’s Elastic Compute Cloud (EC2) ondemand computing service 46
cto forum 07 february 2011
The Chief Technology Officer Forum
80%
AD
N E X T H OR I Z O N s
c lo u d
to IT asking to build connectors. If we could just transfer the consumer Web into business, we’d be in great shape.” Elsewhere, CIOs are seeking other cloud integration advances. Frank Wander, corporate CIO for The Guardian Life Insurance Co. of America, has implemented a variety of SaaS services, with the latest being ServiceNow’s IT service-management application. Yet, when it comes to infrastructure, Wander believes establishing a virtualized private cloud is the right first step while waiting for infrastructure-as-a-service (IaaS) providers to be able to handle Guardian’s complex environment. In the meantime, he’d like to see tools for transferring workloads between a company’s internal cloud and external cloud resources such as EC2, which he’s considering tapping for temporary processing capacity to perform risk analysis. “That type of bridging software, where we could take a workload and move it into the cloud seamlessly, would be a great help,” says Wander. Help is on the way there, too, says Dan Kusnetzky, distinguished analyst with the Kusnetzky Group. Today, vendors backing standards such as VMware’s Open Virtualization Format (OVF) and the Linux-centric kernel-based virtual machine (KVM) infrastructure claim their machines are the most reliable. By 2015, one or the other is likely to have established widespread acceptance, making the transfer of virtual machines much easier. “Those battles should have been fought by then,” says Kusnetzky. Meanwhile, Citrix Systems in October introduced a cloud-bridging tool, OpenCloud Bridge. However, because it requires that both sides of the data transfer be running Citrix’s NetScaler server technology, it’s not compatible with many cloud services. Even small companies find that the cloud can’t do all they need. Mountz Torque, a San Jose, Calif.-based maker of custom fastening tools, moved its entire business onto NetSuite’s small-business cloud service in 2006 after the vendor added a stock-management feature. Now, CFO Gregg Johnson, who also acts as the 60-employee company’s one-man IT shop, says he wouldn’t even consider bringing anything back in-house. That said, he’d love to see NetSuite integrate with Success Factors, a cloud-based
48
cto forum 07 february 2011
The Chief Technology Officer Forum
Cloud Check List Cloud computing will have matured significantly in the next five years. Five years ago, the cloud computing discussion was
in its relative infancy. Big companies recoiled in fear at the thought of giving up any precious data to nascent cloud services. Amazon.com’s Elastic Compute Cloud was just a twinkle in some developer’s eye. Salesforce. com had yet to launch its cloud-based application development platform, Force.com. Fast-forward to the present day. Corporate America is tapping the cloud for everything but the most sensitive mission-critical applications. Amazon’s EC2 has become the dominant ondemand computing capacity resource for companies of all sizes. And many of Salesforce.com’s customers are using Force.com to build just about every application they need. So, what do the next five years hold? Industry analysts and IT decision-makers interviewed by CIO Insight expect cloud providers to offer an array of tools for governing their cloud services. These will make it possible for enterprise users to monitor cloud performance, manage cloud resources efficiently, comply with policies and regulations, and perform legal discovery, also known as “e-discovery.” Standards will evolve, enabling cloud services to communicate readily with each other, and making it efficient to transfer workloads between various clouds. And, perhaps most importantly, contracts with cloud providers will finally offer IT buyers the assurances they need that their data is safe, portable and accessible around the clock. These are things you’re likely already demanding of your cloud providers. But, what else do you need to know? Here’s a five-point check list: Accept that many cloud providers already are better at security than you are. What’s more, that gap is widening. “The broad issue of all cloud security being weak is gone,” says Yuvi Kochar, vice president of technology and CTO for The Washington Post Co. Private clouds should not be your end game. Public clouds provide the greatest economies of scale and the most elasticity. “Use the private cloud as a stepping-stone,” says Daryl Plummer, Gartner managing vice president and fellow. “If it’s your last step, you failed before you even began.” Know how to structure contracts. Don’t rely on vendors to think of everything. “You want a good contract, and you’ve got to spend time on it,” says Frank Wander, corporate CIO of The Guardian Life Insurance Co. of America. Understand the workloads you’re supporting. Before you choose cloud providers, have detailed knowledge of your application requirements, where data resides and which apps share physical resources. “The IT environment has gotten very complex, and there are organisations in which I suspect CIOs don’t know all that’s running,” says Dan Kusnetzky, distinguished analyst with the Kusnetzky Group. Seek coordination (not control) of cloud resources. Those who try to put the kibosh on a business unit’s rogue adoption of cloud services are on the same fruitless path as the CIOs who fought Web browsers and voice over IP. “Business units are not going to let you take back control,” says Gartner’s Plummer. “You can’t put the horse back in the barn.”
1 2 3 4 5
performance appraisal application Mountz recently began using. Given NetSuite’s past willingness to add to its service for Mountz, it’s likely the vendor will deliver on his wish, which will only strengthen his support for the cloud. “I don’t see how anyone can go wrong with cloud computing,” says Johnson. A growing number of big-company CIOs
agree, and as cloud vendors bend to their will with a steady flow of management tools, assurance-packed contracts and increased interoperability over the next few years, that number will only get bigger. —This interview was first published in the CIO Insight. For more stories please visit www. cioinsight.com
ma n ag eme n t
N E X T H OR I Z O N S
Are You Driving the Business Agenda for 2011? CIOs need to help drive the innovation agenda and set the pace for the rest of the organisation to follow. By Larry Bonfante
1 2 3
Here’s a personal holiday story. At the end of 2008, when all of us were planning for what turned out to be an extremely challenging 2009, my team and I decided to make a conscious effort to go on the offensive and made a video starring our clients. We highlighted the tremendous value-adds the entire enterprise was seeing from the technology investments we had made. We marketed the fact that we had completed all of our projects on time, on budget and on value for seven years running. We proactively reorganised IT (instead of waiting for the Grim Reaper to knock on the door), lowering our headcount and reducing our budget, while also streamlining our operation and improving client satisfaction. The Chief Technology Officer Forum
cto forum 07 february 2011
49
photo by photos.com
T
hose of you who read my column regularly know that I don’t believe that IT is separate from “the business.” I’m not a fan of all that “alignment” hooey. Rather, I believe that IT is a critical core component of the business. Therefore, if we are truly part of the leadership of our organisations, there shouldn’t be a whole lot coming down the pike that surprises us. We should have been engaged with our business partners in strategy discussions, and therefore should be very clear on what the upcoming fiscal year has in store for our enterprise. That said, the economic turmoil of the past few years has taught us that a certain level of surprise is endemic to any company. I am not a fan of always reacting to what happens. I believe that there are three kinds of people in this world: n those who make things happen; n those who watch things happen; and n those who wonder what happened As CIOs, we should help drive the enterprise agenda, instead of waiting to be told what we need to focus on. For example: If we know our organisations are going through tough times, we should proactively look for ways to reduce our operational cost structure. If we know that we will need to innovate to survive, we should help drive the innovation agenda and set the pace for the rest of the organisation to follow. If we know that we need to identify new revenue streams, we should explore opportunities to leverage the technologies we have implemented to generate new revenue.
N E X T H OR I Z O N s
ma n ag eme n t
What was the result of this approach? Our team received 100 percent of the capital project dollars we had requested, while others in our organisation struggled to get their projects approved. We were identified as business leaders in driving effectiveness and efficiency throughout the entire organisation. This was a total team effort. (I’m just the guy who gets to write about it.) Instead of having a group of people who were demoralised and scared of what lay ahead, we had a team of invigorated and motivated people who performed at an even higher level than we had in the past. So my question to you is this: Are you sitting around anxiously waiting to see what Santa will be leaving for you under the IT tree? Or, are
you busy elves, driving the agenda at your enterprise “North Pole”? Before I sign off, I would like to take advantage of this forum to thank the talented and dedicated members of my team who have made this our best year ever. I hope that all of you are blessed to work with such amazing people. Wishing you happy holidays and a successful 2011. —Larry Bonfante is CIO of the United States Tennis Association and founder of CIO Bench Coach. He can be reached at Larry@CIOBenchCoach.com —This opinion was first published in CIO Insight. For more stories please visit www.cioinsight.com
The 7 Habits of Highly Effective Presenters
I
Alan Carroll breaks the ice by explaining the importance of building rapport. By Alan Carroll
n the past several columns I have discussed the art of listening, which is mastering the inflow of communication. Now, I will shift to the art of delivering your communication, which is mastering outflow. There are seven characteristics of a highly effective presenter and I will use the acronym RAPSORE to help you remember each of these characteristics. The first letter “R” stands for rapport. A definition of rapport is a harmonious, empathetic, or sympathetic relation or connection to another self … an accord or affinity. In other words, a close relationship in which people understand each other’s feelings, ideas and communicate well. As I pointed out earlier the purpose of the mind is survival and the survival of whatever the mind considers itself to be. If you Google the top fears human beings have you will discover that the No.1 fear is public speaking or, using IT terminology, speaking in
50
cto forum 07 february 2011
The Chief Technology Officer Forum
itself by creating a psychological defence the "public domain." When you speak in the or, in IT terms, a firewall. Building rapport public domain you are making yourself open, is essential for effective communication visible and vulnerable to others. You are putbecause rapport disables the firewalls and ting yourself on display to be judged, evaluated allows for maximum throughput of your and assessed by the audience. If you say to communication. your mind that we are going to play a game in This will increase your effectiveness. which you get to be open, visible and vulnerable the mind will respond by saying, “No way!" Public speaking is an open, visible and Tools & techniques vulnerable game. Because of this, the vast So what specific techniques can you use majority of human beings to build rapport? One of the spend their entire life just sitroles and responsibilities a ting in their chair. They don’t speaker plays in managing have the courage to stand up in the conversation from the front of the audience and confront of the room is being a worldwide front their fear of annihilation. host or hostess. By treating However, if you do stand up the audience as guests buildsmartphone in front of the audience, how ing rapport becomes the natusales growth in will the mind, which is conral thing to do. 2010 cerned about survival, protect There is another raport itself from exposure in the building formula which works public domain? It protects just like magic: Imagine
72%
each person’s firewall is made up of bricks and every time a person communicates, it removes a brick from their firewall. Every time a brick is removed it opens up a hole through their firewall and therefore, you have greater access to the private domain in the other person. The more bricks you remove the greater is your throughput. As a master communicator you want to be in the brick pulling business. You start pulling bricks as soon as you walk through the door of the presentation. This is the unofficial connecting and gathering phase of the conversation. Do not wait for the official start of the conversation to build rapport. Two simple techniques that are commonly used to build rapport are walking up to a person, shaking their hands and introducing yourself. By doing this two major bricks are removed from your firewall, the other person’s firewall and the group firewall. What do I mean by the group firewall? Imagine each person’s firewall is composed of 25 bricks and say there are 10 people in the room. The total number of bricks in the group firewall would be 250. Every time a communication takes place in the space a brick is taken out of the group firewall. When this occurs the flow of energy and communication increases and the space becomes lighter. What do I mean by the space becomes lighter? The analogy to explain this would be a hot air balloon: There are two ways to make a hot air balloon go up. One is to increase the hot air and secondly, drop ballast. Every time you remove a brick it reduces the ballast in the gondola and the space gets lighter. You want the space to be as light as possible because it promotes the free flow of communication, openness, humour and creativity. In the above connecting and gathering scenario the first brick re moved is in the exchange of names and the second brick is through physical touch. A person’s name is very important and if you can remember a person’s name it is an excellent rapport building skill. One method you can use to remember a person’s name during the introduction is to repeat the person’s three times. For example, “Hello, my name is Richard,” you say. “Hi Richard, my name is Bill, says Bill." You say, “Bill, what do you do for the XYZ data storage company”? “Are you in sales, Bill?" "Have you been with them
N E X T H OR I Z O N S
photo by photos.com
ma n ag eme n t
You build rapport by being a host or hostess and getting the audience to communicate long?", etc. You get the idea. By repeating the name three times in the first two are three sentences it will be enough to retain it in your short-term memory. Shaking hands, e.g., physical touch, is a form of non-verbal communication that creates, among other things, a feeling of safety. Many cultures have a physical social dance they do when meeting each other. For example, in the US shaking hands is common. In Europe kissing on the cheek and I have even seen men in Saudi Arabia greet each other by touching noses. A psychological reason for all this physical touching is that it alleviates fear and reduces the supposed threat from the other person. The shaking of the hand communicates that you are not holding a weapon and therefore, not dangerous. In training presenters I have always encourage them to shake hands and meet as many people as possible in the room. I suggested that they especially want to meet people they don’t know because any feared attack will usually come from the person with whom you have the least rapport. Before I conclude, I want to share with you one more technique that builds intimacy and rapport. I refer to this as the "sharing of the self." Often in watching people communicate they focus on dumping data into the space between them, which is very impersonal. I believe that your stories and
experiences about the data are more interesting to the audience then the data itself. Why? Because sharing personal stories and experience establishes your credibility, reveals your humanness , lowers the firewalls, promotes participation and is a great way to hold the attention of the audience. So, in conclusion, a key element to mastering the outflow of your communication is to reduce the psychological firewalls in the space. You dismantle firewalls by building rapport. You build rapport by being a host or hostess and getting the audience to communicate. That completes the letter ‘R’ and next time I will share with you the letter ‘A’. Thank you and the best of luck in all your communications. —Alan Carroll, author of The Broadband Connection: The Art of Delivering a Winning IT Presentation and the founder of Alan Carroll & Associates, has been a successful public speaker, sales trainer and corporate consultant since 1983. Clients include: Cisco Systems, Synoptics Communications, Symantec Corporation, Digital Equipment Corporation, Unocal Corporation, Covey Leadership Center, BP Chemical, Peak Technologies, Vantive Corporation, Jet Propulsion Laboratories, Lucent Technologies, HP, Symbol Technologies, etc. This article appears courtesy www.cioupdate.com. To see more articles regarding IT management best practices, please visit CIOUpdate.com.
The Chief Technology Officer Forum
cto forum 07 february 2011
51
ThoughtLeaders Raghu Raman |
Raghu Raman is an expert and a commentator on internal security.
The Decade in Terror
World War IV began on 11 September 2001. The past decade, 2001- 2010, was one during which World War IV began. Over the last 100 years, the world has witnessed three major “world wars” and we are now at the beginning of the fourth one. The world was largely oblivious to the cataclysmic changes during the world wars even though the signs were there for all to see. Unfortunately, very little has changed. Each of these four world wars—of which two are well known—had peculiar characteristics. The First World War began in the summer of 1914 and ended four years later with millions dead, wounded and displaced. Devastation of this scale was possible because of technological advances in weaponry characterised by their automation. Technologies such as machine guns and artillery barrages essentially automated killing to an extent unimaginable until then. The Second World War (1939-45) was characterised by mobility. Fighter aircraft, long-range bombers, submarines, fleet carriers and blitzkriegs enlarged the theatre of operations. At its peak, World War II saw more than 100 million military personnel mobilised all over the world and every major nation participating in the con-
52
cto forum 07 february 2011
flict. With over 50 million fatalities, this war was the deadliest conflict in all history. Automation which was predominant during WW I was refined and provided mobility during WW II. The crescendo of this lethal combination was best demonstrated by the atomic explosions in Hiroshima and Nagasaki, where more than 200,000 were killed by a nation attacking them from halfway across the world. The Third World War or the Cold War began immediately after the victors of WW II divided up the spoils of the war and continued the bifurcation across the globe. East and West Germany, the Koreas, the Soviet Satellites, Vietnam, Cuba, most parts of Africa and many parts of Asia were forced to join this proxy war between the two superpowers and their allies. The essential characteristic of the Cold War was subterfuge. Cloak and dagger operations, murky overthrowing of governments, funding of terrorist movements (who would, of course, be rechristened as freedom fighters if they won), deniable black ops and unsavoury links between causes ranging from ideological to downright criminal were the essence of this war. While the Cold War may not have caused as many casualties in a similar
The Chief Technology Officer Forum
“The world was largely oblivious to the cataclysmic changes during the world wars even though the signs were there for all to see. ”
time frame as both the earlier wars, its damage potential has been very high and exacting. Virtually every conflict in the world today can trace its roots in the Cold War and many of those conflicts will continue to take their toll for the foreseeable future. The Cold War ended with the fall of the Soviet Union in early 1990s, and had the unintended consequence of laying the foundation of World War IV—global radical fundamentalism and terrorism. With the Soviet Union crumbling, the sole remaining super power could project its power unopposed into any part of the world that suited it, and the US did exactly that. Former global powers stood mutely as the US demonstrated that it could attack any nation unilaterally without even the fig-leaf of a UN sanction. Until, on 11 September 2001, the Al Qaeda struck back and sounded a rallying call of “franchise” terrorism. It is not that terrorism had not been used before this instance. West Asia, Sri Lanka, and, at closer home, Punjab, the North-East and the Kashmir valley had echoed with blasts and terror attacks, but 9/11 was a harbinger of WW IV in many other ways. To begin with, the sheer scale, elaborate planning and audacity of the attacks
R ag h u R a m a n
were without precedence. Secondly, the Al Qaeda had taken the battle into the strategic base of their enemy instead of limiting it to a theatre defined by them, thus out-flanking considerably superior forces. Thirdly, it had used a small body of troops to achieve an objective far beyond its capabilities in conventional terms. These three subtle elements indicated the paradigm shift of the new war that we face now. Essentially, the terrorists had managed to pull off an operation that combined the guile and planning of Cold War operatives, the cold professional execution capability of Special Forces and demonstrated the strategic ability to mount a “turning move” by opening a new front in the ground of their own choosing. The punch drunk reaction of the most powerful country in the world was not because of the power of the punch; instead it was testimony to the fact that the US was fighting WW IV with the doctrines and structures
of the previous wars. The US carpet bombing of Afghanistan and its vision of WMDs in Iraq were manifestations of not having made the orbital shift between the old and the new wars. But the US was not alone in this time warp. The Madrid bombing indicated another surprising paradigm shift of the global terror war. Unlike conventional forces, which seek strong command and control channels, the Al Qaeda and other terrorist groups encourage loose affiliations and “cut-outs” in its command and control structures, providing the broad philosophy and resources and leaving the actual operations to local units. The London and Mumbai attacks reinforced this shift when countries with some of the most powerful armies of the world were cumbersome in their response to this new paradigm. The rapid growth of terrorism as a preferred tool of waging war is testimony to its efficacy and a guarantee of its sustained proliferation. Thus demanding that in-depth intelligence and
Thought Leaders
surgical utility of force be the essential characteristic of WW IV—rather than absolute superiority of force. There is reasonable certainty that the years to come will see an escalation of strategic terror that will affect the whole world directly and indirectly. And yet, we fight WW IV with the same structures that stood us in good stead during the previous wars. The focus of most nations is still on adapting the conventional structures rather than developing more suitable ones from scratch. Our armies and para-military forces are still organised and trained based on erstwhile “all-out decisive war” doctrines rather than newly developed ones that focus on pre-emptive action rather than overwhelming force. And until we go back to the drawing board and redevelop structures based on intelligence rather than force, we will continue fighting the war on terror with sub-optimal results. —This article appears with prior permission from Mint
“There is reasonable certainty that the years to come will see an escalation of strategic terror that will affect the whole world directly and indirectly”
T E C H FOR G O V E R N A N C E
g ov e r n a n c e
5
POINTS
usiness model B risk competitive risk integration risk misalignment risk governance model risk
Managing Risk
Starts at the Top Good risk management and governance start in the boardroom By Faisal Hoque
54
cto forum 07 february 2011
The Chief Technology Officer Forum
g ov e r n a n c e
Intensified concerns about risk
management, auditing and fraud detection, and corporate governance have sensitised boards and top management teams to adopt an even more active role in the oversight of business strategy and key enterprise activities. Significant regulations including Sarbanes-Oxley, HIPAA, and the Patriot Act have further raised the stakes. Failures to meet the required attestations, unintended violations of privacy and confidentiality, or heightened vulnerabilities to identity thefts are likely to invite adverse reactions from regulators and from the stock market. As business technology becomes embedded in core organisational processes, control systems, and decision support systems, it is vital that boards appreciate the material risks due to technology and understand the risk-mitigation strategy. An enterprise-wide perspective is needed to guide the use of business technology in implementing effective and economical enterprise risk management systems that facilitate both management control and an ability to audit performance. With greater complexity in the processes and structures for managing business technology (for example, outsourcing, offshoring, and applications and website hosting), there is a need for more sophisticated models of enterprise-wide risk assessment that factor in not just the internal risks, but also the risks inherent in sourcing and external partnering. Boards and top management teams must provide active oversight over how business technology risks impact the business, and ensure the effectiveness of the governance systems in mitigating these risks. The board must remain vigilant always looking at both the business and technology sides of their organisation. Strategic risk refers to the risks facing the firm due to poorly envisioned or executed business strategies. Within business technology management (BTM), the focus is on risks at the intersection of business technology and business strategy.
T E C H FOR G O V E R N A N C E
The management of regulatory compliance has always been an area of board oversight. However, the strategic importance of information and the nature of current business technologies have raised the stakes regarding the privacy, security, and confidentiality of information. In particular, there is heightened sensitivity to safeguarding not just sensitive corporate transaction data, but also data about customers, employees, and business partners. The pervasiveness of business technologies has made it far easier for unauthorised pilferage of such information and data. In addition, with heightened concerns about terror, regulations increasingly compel organisations to furnish more data than before. The management of compliance requires attention to the following issues: Prevailing regulations. Maintaining and protecting data about transactions, customers, employees, and business partners. Alerting stakeholders about incidents of unauthorised access. Providing the affected stakeholders with assistance. The potential for economic sanctions and the threats to business continuity due to non compliance. Effectiveness with regard to managing data in conformance with the regulations and stakeholder expectations. The cost of responding to the compliance expectations.
Regulatory compliance refers to corporate adherence to different regulatory expectations related to financial reporting and data management. Poor regulatory compliance invites liabilities of civil or criminal punishment and shareholder lawsuits. There are other forms of risks, including systems and sourcing risks. Although those forms of risk are likely to be managed by business and technology executives, the management of strategic risk and regulatory compliance must reside at the board level. What strategic risks must be managed at the top? Some of these risks include the following: Business model risk– This refers to the robustness of the business model and how well it is being executed. Competitive risk– This refers to the ability to sustain competitive action and retaliation. Investment risk– This refers to the ability to manage business technology spending in a business environment where capital is scarce and technologies are volatile, expensive and not easily —Faisal Hoque is an internationally known understood. entrepreneur and author, and the founder and CEO of BTM Corp. His previous books Integration risk– This refers to the include Sustained Innovation and Winning The risks of inadequate integration between 3-Legged Race. BTM innovates business technology investbusiness models and enhances ments and business processes. financial performance by conMisalignment risk– This verging business and technology refers to inadequate alignment with its products and intellectual between business technology increase property. spending and business priorities.
117%
Governance models risk– This refers to the risks of inadequate participation and involvement of business and technology executives on key BTM decisions.
in mobile downloads expected by 2011
—This article appears courtesy www.cioupdate.com. To see more articles regarding IT management best practices, please visit CIOUpdate.com.
The Chief Technology Officer Forum
cto forum 07 february 2011
55
T E C H FOR G O V E R N A N C E
securit y
Giving ISO 27001 Business Context
I
ISO 27001 is the most comprehensive information security framework available today. By Danny Lieberman
SO 27001 is arguably the most comprehensive information security framework available today. Moreover, it is a vendor neutral standard. However – ISO 27001 doesn’t relate to assets or asset value and doesn’t address business context which requires prioritising security controls and their costs. This article discusses the benefits of performing an ISO 27001 based risk assessment exercise using techniques of threat modelling. An organisation that follows this methodology will reap the benefits of improved data security and achieving readiness for ISO 27001 certification.
Why is threat analysis beneficial for ISO 27001? Quantitative threat analysis using the popular PTA (Practical Threat Analysis) modelling tool provides a number of meaningful benefits for ISO 27001 risk assessments: Quantitative: enables business decision makers to state asset values, risk profile and controls in familiar monetary values. This takes security decisions out of the realm of qualitative risk discussion and into the realm of business justification. Robust: enables analysts to preserve data integrity of complex multi-dimensional risk models versus Excel spreadsheets that tend to be unwieldy, unstable and difficult to maintain. Versatile: enables organisations to reuse existing threat libraries in new business situations and perform continuous risk assessment and what-if analysis on control scenarios without jeopardising the integrity of the data. Effective: helps determine the most effective security countermeasures and their order of implementation, saving you money. The Practical threat analysis calculative model is implemented in a user-friendly Windows desktop application available as a free software download at the PTA Technologies web site. You can download the Practical Threat Analysis library for ISO 27001 for free; the library is licensed under the Creative Commons Attribution License. The importance of providing business context to ISO 27001 and making it accessible to any sized business
56
cto forum 07 february 2011
The Chief Technology Officer Forum
The ISO 27001 library we developed for PTA is a full implementation of the ISO 27001 standard and is extremely accessible to any ISO consultant or business wishing to certify to the standard. ISO 27001 is the information security risk assessment standard for certification and sets the requirements that an organisation must fulfil in order to establish an information security management system. The standard continues to gain a reputation for helping organisations improve their business practices and protect information assets. ISO 27001 is increasingly popular because of compliance regulation and the growing need to reduce the operational risk of information security. The ISO organisation has also recently (October 2010) taken measures to make ISO more accessible to SME by “providing practical advice for small and medium-sized enterprises (SMEs) on how to achieve the benefits of implementing an information security management system (ISMS) based on the International Standard ISO/IEC 27001″ – see the ISO news release: ISO/IEC 27001 information security explained for small businesses
securit y
The role of compliance Governance and privacy compliance regulation like SOX, GLBH and PCI are fueling demand to improve information security practices. Regulatory compliance has become a trend trickling up and down the supply chain of customers and suppliers. The tall wave of customer data breach incidents over the past 3 years has poured additional fuel on the supply chain. Once the exclusive domain of large institutions; many SMEs are now performing security risk assessments as their customers call on them to manage their data better and prove it by certifying to ISO 27001.
26% of Crm software delivered through saas in 2010
T E C H FOR G O V E R N A N C E
Choosing the most cost-effective controls Using a quantitative threat model enables a risk analyst to discuss risk in business terms and construct an financially justifiable set of security controls that reduces risk in a specific customer business environment. A company can execute an implementation plan for security controls consistent with its budget instead of an all-or-nothing check list implementation that may blind side you into thinking you’re secure just because you comply. Since it’s based on ISO 27001 – you get the best of both worlds; a prioritised security plan and ISO 27001 certification readiness.
The need for effective risk reduction
How ISO 27001 maps to a threat model
Despite the importance of privacy and governance regulation, compliance is actually a minimum but not sufficient requirement for risk management. The question is: What security controls should a firm implement after a risk assessment? An ISO 27001 certification process can be as simple or as involved as an organisation wants but there are always far more available controls than threats. As a result, organisations, large and small, find themselves coping with a long and confusing shopping list of controls. You can implement the entire check list of controls (if you have deep pockets), you can do nothing or you can try and achieve the most effective purchase and risk control policy (i.e. get the most for your security investment dollar) with a set of controls optimised for your business situation. However, implementing additional controls does not necessarily reduce risk. For example, beefing up network security (like firewalls and proxies) and installing advanced application security products is never a free lunch and tends to increase the total system risk and cost of ownership as a result of the interaction between the elements and an inflation in the number of firewall and content filtering rules. Firms often view data asset protection as an exercise in Access Control that requires better permissions and identity management (IDM). However, further examination of IDM systems reveals that IDM does not mitigate the threat of a trusted insider with appropriate privileges and the majority of IDM systems are notorious for requiring large amounts of customisation and may actually contribute additional vulnerabilities instead of lowering overall system risk. The result of providing inappropriate countermeasures to threats is that the cost of attacks and security ownership goes up, instead of risk exposure going down.
The ISO 27001 contains 185 items in 11 sections, where each item has a reference number, and describes a security policy and a corresponding security control. For example Item 6.1.5 is a “Confidentiality agreements” security policy with the following control: “Requirements for confidentiality or non-disclosure agreements reflecting the organisation’s needs for the protection of information shall be identified and regularly reviewed” We needed to map the ISO 27001 data model to the PTA threat model that is composed of threats, vulnerabilities, assets and countermeasures. Unlike PTA, the ISO 27001 model does not refer to particular threats or assets. We observed that the top-level items in each section mapped nicely to PTA vulnerabilities and that the sub-items were controls that translate directly to PTA countermeasures. For example the ISO item 06.1 ” Internal organisation; information security is lacking or not welldefined” is a vulnerability mitigated by the countermeasures: 6.1.1 Management shall actively support security within the organisation through clear direction, demonstrated commitment, explicit assignment, and acknowledgement of information security responsibilities. 6.1.2 Information security activities shall be coordinated by representatives from different parts of the organisation with relevant roles and job functions. 6.1.3 All information security responsibilities shall be clearly defined 6.1.4 a management authorisation process for new information processing facilities shall be defined and implemented. 6.1.5 Requirements for confidentiality or non-disclosure agreements reflecting the organisation’s needs for the protection of information shall be identified and regularly reviewed. 6.1.6 appropriate contacts with relevant authorities shall be maintained. 6.1.7 appropriate contacts with special interest groups or other specialist security forums and professional associations shall be maintained. 6.1.8 the organisation’s approach to managing information security and its implementation (i.e. control objectives, policies, processes, and procedures for information security) shall be reviewed independently at planned intervals, or when significant changes to the security implementation occur. After mapping the ISO 27001 data model to the PTA threat model, we then used the import entities from text
The result of providing inappropriate countermeasures to threats is that the cost of attacks and security ownership goes up, instead of risk exposure going down.
The Chief Technology Officer Forum
cto forum 07 february 2011
57
T E C H FOR G O V E R N A N C E
securit y
Here is how you would use the ISO 27001 PTA library for a risk assessment (after installing the PTA Professional Edition freeware on your Windows PC) Step 0 – Fire up the programme Step 1 – Load the ISO27001.2.thl library into your own work week is threat model or just open the ISO27001.2.thm data Using the PTA ISO 27001 library in a risk consumed by model in its entirety assessment project complaince Step 2 – Create assets with valuations The standard specifies that the organisation should Step 3 – Enter the costs of countermeasures; the PTA ISO use a systematic approach to risk assessment. The PTA initiatives 27001 library that we provide is agnostic; we understand ISO 27001 library provides a systematic, and quantitathat each organisation has their own estimates of how tive approach to risk assessment and adds value with much a control policy should cost. an optimised risk mitigation programme. Doing a Step 4 – Run the Optimised Countermeasures report. You have just risk audit process with the PTA ISO 27001 library is faster, easier, built a cost-justified plan of controls compliant with ISO 27001. more robust and lot more fun than with an Excel spreadsheet. Step 5 – Refine the model. Don’t stop here; return to the model An ISO 27001 risk assessment with PTA involves a two-stage process: periodically and test the effectiveness of your risk mitigation proStage 1 is a “first cut” review of the existence and completeness gramme. For a practical methodology of software security assessof key documentation for Security Policy and Information Security ment see our article “Make your business secure by making your Management System (ISMS). This is done by cycling through the software secure” PTA threat model, tagging top-level vulnerabilities with a status and storing appropriate documentation in the model, while linking to the appropriate entity. —Danny Lieberman is a serial technology innovator and leader. Danny’s software security business, Software Associates provides enterprise inforStage 2 is a detailed, in-depth audit that tests existence and mation protection to clients in Europe and the Middle East. effectiveness of control policies as well as their supporting documentation. Controls that already exist would be marked as “Already Implemented” in PTA Professional Edition countermeasures detail This article is printed with prior permission from www.infosecisland.com. screen. Controls needing work would be tagged with an actionFor more features and opinions on information security and risk management, please refer to Infosec Island. required status (see the tagging option of the PTA tool).
file functions in the PTA desktop application in order to load an Excel worksheet of the ISO 27001 check list into a baseline PTA threat model of vulnerabilities and countermeasures and pack it as a PTA library.
50%
AD
NO HOLDS BARRE D
Manish Sharma
DOSSIER Company: NComputing Established: 2003 Services: Desktop virtualisation for both Windows and Linux operating systems head office: Redwood City, California, US
Desktop Virtualisation
is becoming mainstream Manish Sharma, Vice President, APAC, NComputing talks to Varun Aggarwal about the company’s focus on the enterprise virtualisation space
60
cto forum 07 february 2011
The Chief Technology Officer Forum
Manish Sharma
While NComputing has been able to grab some large projects in the education sector, the enterprise segment is a completely different ball game. How do you plan to compete with companies such as VMware and Citrix in this market? While we established our credentials in education early, and lead in the sector, we also already have a strong presence in enterprise and public sector organisations. In fact, we’re involved in what is arguably the world’s largest cloud and virtualisation deployment – here in India - with ESIC (The Employee State Insurance Corporation) comprising some 30,000 NComputing virtual desktops. While enterprise is very different from education, it faces similar challenges: managing the high cost of desktop computing from acquisition through life cycle and replacement; providing employees with desktop access to applications and information for maximum productivity; ensuring integrity and security of information; and, of course, ease of management. Desktop virtualisation solves many of these challenges. Regardless of whether the impetus is to move from paper-based systems or to solve the problems of legacy PC infrastructures, our desktop virtualisation significantly reduces cost of acquisition (up to 75 percent lower cost) compared to legacy PCs. It also vastly reduces ongoing support costs (up to 75 percent reduction in support and maintenance), and massively reduced energy costs (up to 90 percent lower energy requirement). These strategic ROI advantages are delivered without any trade-off in performance. Moreover, because there is no data residing on the virtualised client side, and all application rights and user permissions are maintained centrally, security and data protection are significantly enhanced. Our solutions are very well placed for broad adoption in enterprise – both at the large enterprise and SMB environments. Our competitive challenge does not lie with VMware and Citrix, in fact we complement and extend virtualised server environments; so their growth and success helps our growth and success. Our virtualisation software, vSpace, enables enterprises to optimise virtual desktop deployments by providing multiple end users with simultaneous access to a single operating system instance of either Windows or Linux. It not
only integrates into virtualisation server deployments based on VMware, Citrix and Microsoft offerings, but can also extend their value by changing the typical virtual desktop structure from one user per virtual machine to thirty users. What opportunity do you see in the desktop virtualisation space in India? What kind of growth do you expect in the near future? NComputing was founded with the goal of making desktop virtualisation affordable for everyone. Since its inception, the commpany has been redefining the economics of desktop computing. Although the overall market for virtualisation in India is nascent, desktop virtualisation is emerging as one of the major technology trends in enterprise, government and education. The huge economic advantage in both cost of acquisition and ongoing main-
NO HOLDS BARRE D
$250 billion worth of energy per year is spent on powering computers around the world. As organisations search for practical and immediate ways to save money and reduce the IT impact on global climate change, they are increasingly turning to NComputing virtual PCs. Other examples include server consolidation through virtualisation (can typically cut number of servers and hence electricity usage by 20-40%), LCD monitors (use 80% less electricity compared to traditional CRTs), Solar charging laptops and mobile devices (solar is build into the shell), fuel cell batteries for laptops, low-cost solar and wind-based generators for remote locations and cloud computing. What are the key technologies you'd be focusing on when it comes to enterprise computing in 2011? We are rolling out a vertical market solution
“Although the overall market for virtualisation in India is nascent, desktop virtualisation is emerging as one of the major technology trends” tenance of desktop virtualisation is propelling the technology towards mainstream. Moreover organisations are increasingly aware of their environmental footprint and are deploying virtualisation as a tool to reduce power utilisation and computing waste. In fact, India is leading the world in large scale desktop virtualisation deployments. In less than 3 years, we have deployed over 3,50,000 virtual desktops in Indian subcontinent. As far as future growth is concerned, we will continue to lead in the education vertical and play an increasingly important role as a key technology partner to business throughout India. What are the key eco-friendly technologies that are creating an impact on computing devices? From the perspective of NComputing’s technology, our virtual desktop devices create truly green computing environments. For example our devices produce vastly less e-waste than PCs and use up to 90% less energy. Research shows that more than
strategy this year. This vertical market strategy will comprise out-of-the-box solutions based on NComputing virtual access devices and vSpace virtualisation software together with fully integrated and pre-configured software, hardware, peripherals and OS environment. So that all a business needs to do is literally take it out of the box and go. We will also extend Windows platform support to include 64-bit support with vSpace, our desktop virtualisation software. This will deliver greater efficiency of CPU resources and accelerated graphic and video application performance to give a complete PC-like experience. It will also provide a simple and seamless upgrade path from Windows Server 2003 to Windows Server 2008R2 64-bit. This enhancement means we will offer the industry’s broadest platform support which enables customers to harness all the performance and cost advantages of desktop virtualisation in heterogeneous environments with significantly less management and IT support requirements. —varun.aggarwal@9dot9.in
The Chief Technology Officer Forum
cto forum 07 february 2011
61
Author: Ramachandra Guha
Hide time | BOOK REVIEW
“I chose people who were both thinkers and doers”
Pure Thought, Solid Action A one-of-a-
kind anthology, featuring the giants of modern Indian thought, and their ideas and perspectives. Possibly one of India’s best known living historians, Ramachandra Guha has carved himself a unique position in the pantheon of chroniclers. He dwells on the more “modern” parts of the timeline, giving readers both perspective and an up-close look at Indian history. Three years ago, his book India After Gandhi: The History Of The World’s Largest Democracy had won high acclaim for its fresh insights into modern India. In his most recent work, Guha captures the ideas and passions that drove the “makers of modern India”. History, they say, is etched in what men and women write and what they say. Therefore, Guha pored over speeches, letters, petitions and essays of leaders of modern India, and drew an elaborate matrix of the complex library of thought, of that time. He has selected a diverse group of people, from Mahatma Gandhi, Jawaharlal Nehru, Rabindranath Tagore and BR Ambedkar, to many important, but lesser known, thinkers and leaders. Guha also talks at length
62
cto forum 07 february 2011
about the women who shaped modern India. Take Kamaladevi Chattopadhyay and Tarabai Shinde, for instance. Chattopadhyay founded many progressive institutions, like the National School of Drama, the Sangeet Natak Akademi (Music and Drama Academy) and the India International Centre, while Shinde was possibly one of India’s first votaries of gender equality. One is struck simply by the depth and expanse of the philosophy of the writers that the historian has featured. They demonstrate foresight and liberal thinking easily considered radical for that time. For instance, in the initial years after independence, India chose a mixed model of economic development, where the Centre played a dominant role. Guha also draws the reader’s attention to India’s own internationalist leanings in the first half of the twentieth century. Today, the world has become infinitely closer, allowing people to understand the planet’s rich ethnic, social, cultural and ideological diversity. India’s role in
The Chief Technology Officer Forum
ABOUT THE REVIEWER
Mahesh Ravi is the Managing Editor for India Now magazine. He can be contacted at mahesh. ravi@9dot9.in
the formation and functioning of the Non-Aligned Movement and its current active engagement with the G-20, illustrate the country’s eagerness to engage with the world and making it peaceful, stronger and economically vibrant. In putting together this book, Guha proposes that “the tradition of the thinker-activist persisted far longer in India, than elsewhere.” He speaks of five significant transformations that are currently underway. For one, he says the industry and the services sector are increasingly contributing more to the economy. Then he says India is more stable as an independent nation, its democracy is firmly established as the central political system, urbanisation is rising, and a universal social transformation is taking place. He forcefully argues that the political leaders in India themselves were the activists on the road to Independence. He notes that the thinkers differ in their perspectives, but they are all “always instructive.”
AD
VIEWPOINT Steve Duplessie | steve.duplessie@esg-global.com
The Nirvanix Storage Cloud – Who Knew?
I’ve long been a proponent of proper marketing as an often neglected or overlooked critical success factor for start-ups. When done right, proper marketing identifies market opportunities, product specifications, and aligns sales efforts. Most of the time, however, these are not done right. They are afterthoughts and are only invoked after a company screws up nine ways from Sunday. Nirvanix did the behind the scenes parts well–they figured out what market opportunities exist for cloud storage, they figured out the products/technologies required to serve that market, and then they did a strange thing – they forgot to tell the world about it. Thus, I was stunned when I had a recent update from the company once new CEO Scott Genereux came aboard and dragged long time marketing sidekick Steve Zivanic with him. I was stunned at just how much the fledgling entity had going for it, and more stunned that I didn’t know. The Discovery: n 700 Customers, and I’m not talking mom & pop shops. I’m talking
64
cto forum 07 february 2011
huge enterprise accounts including GE, Comcast, NBC/Universal, SwissCom, Fox, Cisco, VMware, Logitech and a ton more. n Big Quantities–several multi-PB consumers including NBC/Universal–putting all of their movie inventory on their sites. n Interesting Applications–Cisco (and others) keeping their Global Tech Support log files for open cases for customers and accessing them in real-time. n All the right consumption models–via a cloud gateway, via the public cloud, or via a hybrid software offering that even lets you add your OWN existing storage into your hybrid cloud. You pick and choose what’s right for you, not what’s right for your vendor. n They have 7 (5 Nine) data centers operational. The company claims to outperform every competitor, from the poor man’s cloud (Amazon) to EMC’s Atmos offering and everyone in between. Most customers have done an evaluation of the alternatives, and still come back to Nirvanix. So, while it remains to be seen who
The Chief Technology Officer Forum
About the author: Steve Duplessie is the founder of and Senior Analyst at the Enterprise Strategy Group. Recognised worldwide as the leading independent authority on enterprise storage, Steve has also consistently been ranked as one of the most influential IT analysts. You can track Steve’s blog at http://www. thebiggertruth.com
the runaway victor will be, it’s clear that early on–for storage services–these guys are kicking butt and doing it despite the fact that they haven’t bothered to tell anyone along the way. The new team will change that–they are nothing if not aggressive promoters– and I suspect that we’ll be hearing a lot more success stories soon. What’s the prognosis now that I’ve been blown away? If they can reach critical mass–which they are well on the way to doing–someone is going to take them out. Every account they land at this point is one that looked at the big boys and made a business decision to go Nirvanix. Hit a couple thousand customers and the bankers will come sniffing. Finally, one major reason they are winning these deals is that they have designed the services to be “enterprise” ready. Secure, multi-tenant, highperformance, distributed services that can support the mission-critical nature enterprises demand is what separates them from that pack at this point. Imagine how well they would be doing if they told someone?
AD