Technology for Growth and Governance
October | 07 | 2011 | `50 Volume 07 | Issue 04
Enterprise mobility has blurred the line between office and home. It benefits the enterprise as NEXT HORIZONS
Go Green; Not Red PAGE 38
I BELIEVE
Forget the T of CTO PAGE 04
A QUESTION OF ANSWERS
Look at the Cloud Cost Arbitrage PAGE 10
A 9.9 Media Publication
employees now virtually work 24X7. What does it imply for a CIO? PAGE 24
Juniper’s revolutionary approach to network architecture is setting the stage for the next wave of innovation.
Game changing ideas are happening everyday. But in the connected world, those ideas often struggle to see the light of day, due to the enormous computational demand needed to make them real. Of course, this level of compute power is often held up by one thing: the network itself. Until now. The Juniper approach delivers unprecedented network performance. The type of performance that’s ready for new ideas and new development everywhere the network works. It’s time for a new network. To learn more, visit juniper.net/apacdatacenter
© 2011 JUNIPER NETWORKS, INC.
Þ For more details contact Priya Sharma, 1800 209 3062, 022 - 67083830, Juniper@dnbindia.in
editorial Pramath Raj sinha | pramath.sinha@9dot9.in
Going Mobile Mobility
is the latest tech disruption CIOs will have to brace themselves for
I
recently met the CEO of Juniper Networks, Kevin Johnson, in Delhi. During the course of our freewheeling discussion, the topic invariably (and expectedly) veered towards the latest buzzword in CIO circles – Enterprise Mobility. After all, along with cloud computing, this was a trend CIOs were yet to come to terms with. Johnson had an interesting take on the scenario. He said, “In my career of 30 years, I have seen several transitions.
There was a transition from mainframe computing to client server, and then a transition to web 2.0. All such technology disruptions seemed very complicated. It’s the same situation with today’s CIO. Every generation feels that the market trends during their time are the most complicated situation they have ever seen.” Enterprise mobility, fueled by business compulsions and a young workforce’s fad of BYOD (Bring Your Own Device), is
editor’s pick 24
24 x 7 CIO Enterprise mobility has blurred the line between office and home. It benefits the enterprise as employees now virtually work 24X7. What are its implications for a CIO?
proving to be the latest technology disruption for a CIO. He will have to prepare himself for unprecedented scenarios – an employee is frequently accessing an application he is not supposed to or a small device carrying the company’s sensitive information is lost. This issue’s cover story deals with the implications enterprise mobility will have on you, and the way ahead. I recollect an interesting analogy on enterprise mobility given by a CIO. He said, “It is like someone who owns a taxi. By running it for 6 hours every day, he gets a certain amount of revenue. If he runs the taxi on double shift (12 hours) daily, revenues are bound to go up. It’s the same with a BlackBerry. The more you access it beyond the 9-5 office hours, the more productive you will be!”
Johnson, with decades of IT experience behind him, was spot on with his observation on technology disruptions. The only difference is that such disruptions are happening increasingly fast and are few apart. You, as a CIO, need to be on top of these disruptions. To begin with, are you ready for a BlackBerry working on double shift? Happy reading.
The Chief Technology Officer Forum
cto forum 07 October 2011
1
OCTOBER 11 thectoforum.com
Cov e r D e s i g n by S h i g i l N
C o n t en t s
24 Cover Story
24 | 24x7 CIO Enterprise mobility
Columns
04 | I believe: Forget the T of CTO It is time to take stock for the CTOs — not of IT but self worth
has blurred the line between office and home. It benefits the enterprise as employees now virtually work 24X7. What are its implications for a CIO?
By CR Narayanan
48 | View point: Is it Time to Reclassify Storage? It is time to categorise SSDs By steve duplessie
Please Recycle This Magazine And Remove Inserts Before Recycling
2
Copyright, All rights reserved: Reproduction in whole or in part without written permission from Nine Dot Nine Interactive Pvt Ltd. is prohibited. Printed and published by Kanak Ghosh for Nine Dot Nine Interactive Pvt Ltd, C/o Kakson House, Plot Printed at Silverpoint Press Pvt. Ltd. D- 107, MIDC, TTC Industrial Area, Nerul, Navi Mumbai- 400706
cto forum 07 october 2011
The Chief Technology Officer Forum
Features
44 | Tech for Governance Future Enterprise: cyber warfare By david Hunter
www.thectoforum.com Managing Director: Dr Pramath Raj Sinha Printer & Publisher: Kanak Ghosh Publishing Director: Anuradha Das Mathur Editorial Executive Editor: Yashvendra Singh Senior Editor: Harichandan Arakali Assistant Editor: Varun Aggarwal Assistant Editor: Ankush Sohoni DEsign Sr. Creative Director: Jayan K Narayanan Art Director: Anil VK Associate Art Director: PC Anoop Visualisers: Prasanth TR, Anil T & Shokeen Saifi Sr Designers: Joffy Jose, NV Baiju Chander Dange & Sristi Maurya Designers: Suneesh K, Shigil N, Charu Dwivedi Raj Verma, Prince Antony & Binu MP Chief Photographer: Subhojit Paul Photographer: Jiten Gandhi advisory Panel Anil Garg, CIO, Dabur David Briskman, CIO, Ranbaxy Mani Mulki, CIO, Pidilite Manish Gupta, Director, Enterprise Solutions AMEA, PepsiCo India Foods & Beverages, PepsiCo Raghu Raman, CEO, National Intelligence Grid, Govt. of India S R Mallela, Former CTO, AFL Santrupt Misra, Director, Aditya Birla Group Sushil Prakash, Country Head, Emerging Technology-Business Innovation Group, Tata TeleServices Vijay Sethi, VP-IS, Hero Honda Vishal Salvi, CSO, HDFC Bank Deepak B Phatak, Subharao M Nilekani Chair Professor and Head, KReSIT, IIT - Bombay Vijay Mehra, CIO, Cairns Energy
10 a question of answers
10| Look at the Cloud Cost Arbitrage
Mark Egan, CIO, VMWare, shares his views on virtualisation and cloud strategy for an enterprise
38
38 | next horizons: Go Green; Not Red Going green can help organisations save money By william W Blausey Jr
14
RegulArs
01 | Editorial 08 | Enterprise Round-up
14 | best of breed: Customer Rejection Management?
JUNIPER SCHNEIDER SAS IBM
You must think from a customer perspective
This index is provided as an additional service.The publisher does not assume any liabilities for errors or omissions.
By Ian Gotts
advertisers’ index IFC, 23 05 IBC BC
Sales & Marketing National Manager-Events and Special Projects: Mahantesh Godi (09880436623) Product Manager: Rachit Kinger (9818860797) GM South: Vinodh K (09740714817) Senior Manager Sales (South): Ashish Kumar Singh GM North: Lalit Arun (09582262959) GM West: Sachin Mhashilkar (09920348755) Kolkata: Jayanta Bhattacharya (09331829284) Production & Logistics Sr. GM. Operations: Shivshankar M Hiremath Manager Operations: Rakesh upadhyay Asst. Manager - Logistics: Vijay Menon Executive Logistics: Nilesh Shiravadekar Production Executive: Vilas Mhatre Logistics: MP Singh & Mohd. Ansari OFFICE ADDRESS Published, Printed and Owned by Nine Dot Nine Interactive Pvt Ltd. Published and printed on their behalf by Kanak Ghosh. Published at Bunglow No. 725, Sector - 1, Shirvane, Nerul Navi Mumbai - 400706. Printed at Tara Art Printers Pvt ltd. A-46-47, Sector-5, NOIDA (U.P.) 201301 Editor: Anuradha Das Mathur For any customer queries and assistance please contact help@9dot9.in
I Believe
By CR Naraynan CIO, Tulip Telecom The author is a senior technocrat and a specialist in managing large-scale IT infrastructure
Stick to the C and O of CTO Recession has brought with it
some valuable lessons. It is time to take stock for the CTOs — not of IT but self worth Technology plays a big part in developing our country. But how are we faring, you, me and the senior technocrats? It is only in the last few months that I have started questioning myself, my abilities and my deliveries. This global recession, or whatever the world at large calls it,
4
cto forum 07 october 2011
The Chief Technology Officer Forum
current challenge To go beyond 'how we will reduce costs in IT' and engage in banter with our CFO and CEO colleagues on larger issues
has been, according to me, one of the most sensible and timely boons for everyone. I have taken pride in my ability to synchronise with and assist my organisation in achieving its vision and targets. But I questioned myself on these parameters. All of us, senior technocrats need to do self-evaluation now. The recession has given us this once in a lifetime opportunity to reassess who we are and what we can potentially do for our organisation. I believe we need to stop living within the realms of our IT world, go beyond 'how we will reduce costs in IT' and engage in friendly (and at times not so friendly) banter with our CFO and CEO colleagues on larger issues. I am not suggesting that we stop asking things like: How well is our technology working for us? What upgrades do we need and when? Can we stretch equipment life cycles? Perhaps we need to now think about: What do we need to do to beat this recession? I believe these fundamentals are beyond technology challenges. My humble pledge is not to wait for answers from others. We perhaps will be well served to forget what our designations state and stick to the C and O in the title. A chief officer is someone who will be part of the fundamentals, a key member of the think-tank; someone who is not just an implementer of visions, but an integral part of strategy formulation. The T (or the I) of our title will always remain second nature to us. I believe we can engage and play a pivotal role in shaping our organisation’s destiny and this global recession has set the centre stage for us. At the risk of sounding delirious, let me conclude by saying — go and enjoy the recession friends. It is the best free education for us, something that can infuse freshness in our abilities and help us leave an indelible mark on our organisations.
Scale up from 10 kW to 2 MW as fast as your business needs it Now, align your back-up power to your business strategy through scalable, modular back-up power and power distribution
The Symmetra PX 100 fits anywhere, with no rear access required. It is scalable up to 2 MW, giving you more power in a smaller footprint.
Right-sized, modular power – the key to virtualizing with true efficiency! If you haven’t already virtualized your servers, you’re probably seriously considering it. What you may not know about virtualization is this: modular power is critical to maximizing the gains made through virtualization. Otherwise, overabundant power simply negates the efficiency advances you’ve made. Now, combined with our new three-phase modular power distribution unit (PDU), the modular power you know from the APC by Schneider Electric™ acclaimed line of three-phase Symmetra™ PX UPS units is more flexible than ever. The new modular PDU lets you go up to 2 MW quickly in a modular, scalable fashion. Only APC by Schneider Electric gives you this means to scale up or down at the speed of business itself. What’s more, our modular power configures in parallel up to 2 MW, for enterprises with consolidated servers that are growing on a larger scale. In addition, the parallel-capable PX now can support system-level redundancy if you need it.
The PDU – modular power’s newest frontier Our truly modular PDU technology holds the key to enabling you to quickly align IT capabilities to your business needs — literally in a snap! With the plug-in modular PDU, you don’t need to schedule outages as the modules can be added easily without system interruption at any time of the day. And you no longer have to predict your future power circuit needs. In fact, you can add circuits as fast as you add the power modules themselves. That’s right-sized scalability and flexibility!
Modular PDU • High-density power in a fraction of the floor space • Up to 277 kW in a 1/2 rack footprint • Built-in advanced alarms and notification
Distribution module • Plugs directly into RPP and PDU products • Hot-swappable and safe • Available in single and three-phase
Scale up or down as your business demands Scaling up or down no longer means powering down or attempting to forecast future use. So now you ensure that your IT is truly in line with your ever-changing business strategy. A Scalable, Reconfigurable, and Efficient Data Centre Power Distribution Architecture White Paper 129
> Executive summary There is much confusion in the marketplace about the different types of UPS systems and their characteristics. Each of these UPS types is defined, practical applications of each are discussed, and advantages and disadvantages are listed. With this information, an educated decision can be made as to the appropriate UPS topology for a given need.
Contents Introduction
1
UPS types
2
Summary of UPS types Use of UPS types in the industry Conclusion Resources
7 7 9 10
Download a FREE copy of APC White Paper #129, ‘A Scalable, Reconfigurable, and Efficient Data Centre Power Distribution Architecture’!
Visit www.apc.com/promo Key Code 96682t Toll Free 1800 4254 877/272 ©2011 Schneider Electric. All Rights Reserved. Schneider Electric, APC, Symmetra, and InfraStruxure are trademarks owned by Schneider Electric Industries SAS or its affiliated companies. Schneider Electric India Pvt. Ltd., 9th Floor, DLF Building No. 10, Tower C, DLF Cyber City, Phase 2, Gurgaon - 122 002 Toll free 1800 180 1707 or 1800 103 0011 • 998-1762_D_IN
FEATURE Inside
Enterprise
Gartner Identifies 10 Key I&O CostCutting Actions Pg 08
Illustration BY shigil n
Round-up
Bringing Mobile Devices Into Security Infrastructure Explosive growth requires shift in enterprise security strategies
McAfee recently shared its vision for securing mobile devices in corporate environments. The threepronged approach for protecting mobile devices, mobile data, and mobile applications, is designed to help businesses and consumers manage their devices securely, as the threat environment quickly evolves. Attacks on smartphones are becoming more common, and according to McAfee Labs, new malware targeting Android devices jumped 76 per cent in the last quarter. The need to secure mobile devices from attacks has never been more important. McAfee is developing products and strategies to
6
cto forum 07 october 2011
The Chief Technology Officer Forum
allow businesses to bring these consumer devices securely into the IT infrastructure. “Mobile device adoption is exploding, and unfortunately, so are the threats targeting mobile platforms... we believe that the emerging mobile malware we are seeing today is just the beginning,” said John Dasher, Senior Director, Mobile Security for McAfee. We’re working hard to create new technology to help enterprises address the challenge of securely incorporating these new mobile platforms into their environment.” McAfee is unique in being able to bring mobile devices into the security infrastructure.
Data Briefing
$ 100k Average cost of social engineering incident
E nte rpri se Round -up
They JERRY YANG Said it Weeks after firing CEO Carol Bartz, Yahoo's board isn't looking for a replacement but instead for ways to sell the whole company, or parts of it. Silicon Alley Insider reported a memo from Jerry Yang, co-founder and former CEO, confirming that the board is looking at various offers to buy the company but assuring employees that Yahoo will survive.
photo BY photos.com
“While we will move with a sense of urgency, this process will take time. Months, not weeks”
Huawei Launches Telepresence Huawei’s enterprise business to clock $15 bn revenue by 2015
—Jerry Yang, Co-founder and former CEO,Yahoo!
Gobal Information and communications technology solutions provider, Huawei today announced the launch of its Enterprise Business unit, to provide breakthrough business solutions in India. The launch also witnessed the unveiling of the highly anticipated HD Telepresence business system which leverages the industry’s best HD technologies and offers innovative and power-efficient solutions along with providing enriched functions and features. This transformation and the parallel foray in the enterprise business have offered Huawei new opportunities for strategic growth. Through unremitting efforts over the past two decades, Huawei has established its leadership in Communications and Techonolgy (CT). In its transition from a CT to and ICT company, Enterprise Business would be a major thrust for Huawei and is expected to clock $15bn revenue by 2015. Owing to the potential of the Enterprise business in India, Huawei will also strengthen its staff by 400 by the end of 2012. Staying true to its tagline, One World One Office, the Huawei Telepresence brings an immersive experience with HD video and directional sound; effectively transcending global boundaries between companies and partners.
Quick Byte on BROADBAND
A new report, conducted jointly by Ericsson, Arthur D Little and Chalmers University of Technology in 33 OECD countries, quantifies the isolated impact of broadband speed, showing that doubling the broadband speed for an economy increases GDP by 0.3 per cent. The Chief Technology Officer Forum
cto forum 07 October 2011
7
photo BY photos.com
E nte rpri se Round -up
Gartner Identifies 10 Key I&O Cost-Cutting Actions Expenses to reduce by 10% in 12 months and 25% in three years
As many IT organisations are under intense pressure to continue to implement cost-cutting initiatives, Gartner Inc, has identified 10 actions that can reduce IT infrastructure and operations (I&O) expenses by 10 per cent in 12 months, and as much as 25 per cent in three years. "I&O represents approximately 60 per cent of total IT spending worldwide, so with IT budgets remaining tight, it's no wonder that I&O cost-cutting pressure continues to be intense," said Jay Pultz, Vice President and distinguished analyst at Gartner. "When it comes to I&O cost reduction, there is no 'magic bullet', but best results can be achieved
by implementing as fully as possible the 10 key cost reductions we have identified." Gartner analysts said that due to priority conflicts and resource constraints, few I&O leaders said they have implemented 50 per cent or more of the total cost reduction opportunities these 10 key actions offer. The 10 key actions to implement to reduce IT I&O costs include: Action 1: Defer Noncritical Key Initiatives I&O leaders need to re-examine their key initiatives to determine which ones to focus on as near-term priorities. Action 2: Re-examine Networking Costs Because nearly half of the network expenses
Global Tracker
Online Video Consumption
180 million US Internet
8
cto forum 07 october 2011
The Chief Technology Officer Forum
Source: comScore
users watched online video content in August for an average of 18 hours per viewer.
go to telecom service providers (TSPs), network managers need to continue to renegotiate contracts with these vendors to ensure that their contracted rates are market-based. Action 3: Consolidate I&O I&O consolidation is closely related to standardisation, integration and virtualisation. Data centres are rising in importance, and Gartner expects this trend to continue throughout this decade. Action 4: Virtualise I&O Virtualisation software increases utilisation typically by fourfold or more. As with consolidation, virtualisation can be applied to many I&O platforms: Unix servers, storage, networking and client computing. Action 5: Reduce Power & Cooling Need New design approaches can result in data centres that utilise significantly less power, take up less space and cost much less. Action 6: Contain Storage Growth Gartner predicts that, by 2016, enterprises will install 850 per cent more terabytes than they have installed in 2011. With capacity growth far outstripping cost declines, tighter control is required. Multiple approaches need to be adopted — including the use of storage virtualisation, automated tiering and storage resource management (SRM) tools. Action 7: Push Down IT Support Support for end users and the enterprise typically is about eight per cent of total IT spending. To reduce costs, organisations need to drive those support calls down to the lowest tier. Action 8: Streamline IT Operations I&O accounts for approximately 50 per cent of the total enterprise IT head count. To contain head count and associated costs, these processes need to be streamlined and as efficient as possible. This typically entails implementing ITIL, the de facto standard framework in IT operations. Action 9: Enhance IT Asset Management ITAM by itself doesn't reduce I&O costs; however, it is a very effective tool to identify and assess cost reduction opportunities. Action 10: Optimise Multisourcing Sourcing is perhaps the most strategic decision facing I&O leaders today. The decision is not as simple as whether to outsource or insource all of I&O. IT leaders can make separate sourcing decisions for virtually any I&O component, system or function.
E nte rpri se Round -up
Illustration BY anil t
Net4India Launches Push Mail Services Foray brings it into direct competition with BlackBerry
Network and Application services provider Net4India has announced their strategic partnership with Finland based company, Smartphone Solutions to bring operator-independent push mail solutions equivalent to BlackBerry services in India. Net4India being a business email service provider, web hosting and domain name registration across the Asia-Pacific region, is looking forward to take its service to all handheld devices together with Smartphone Solutions, an independent
provider of next-generation mobile solutions for corporations and organisations. Net4 India has signed a valuable partnership with Smartphone Solutions of Finland to use their push mail solution, SmartMail for the first time in India. With this partnership, more than 200 mobile devices across different platforms, including Symbian, UIQ, Win Mobile and Android will be enabled for services including real-time access to emails, calendars, contacts and tasks with a mobile device. The agreement was signed by Smart Phone Solutions CEO Veli Holm and Net4India COO Desi S Valli here at an event. Finnish Minister of Economic Affairs Jyri Hakamies and Telecom Minister Kapil Sibal were also present. This service intends to bring easy and secure communication regardless of time and place and would extend solutions for organisations to improve efficiency and serve customers better. On this occasion, Desi S Valli, COO, Net4India, commented, “We are very pleased to join hands with Smartphone Solutions of Finland." "Currently Net4 India supports BlackBerry phones, but with the introduction of SmartMail flexible service that supports the entire range of handheld devices, Net4India is excited to take this first of its kind service to great heights in India," Desi S Valli, COO, Net4India said. "The best part of SmartMail is that it complies with the security norms set by the Government of India, therefore creating an example of expertise and authenticity," Valli said. "We look forward to this great liaison not just amid the companies but between Finland and India," he added.
Fact ticker
Nearly Half of Enterprises are Victims of Social Engineering $100,000 per incident loss
Check Point Software Technologies Ltd recently announced the results of a new report revealing 48 per cent of enterprises surveyed have been victims of social engineering, experiencing 25 or more attacks in the past two years, costing businesses anywhere from $25,000 to over $100,000 per security incident. The report, The Risk of Social Engineering on Information
Security, shows phishing and social networking tools as the most common sources of socially-engineering threats — encouraging businesses to implement a strong combination of technology and user awareness to minimise the frequency and cost of attacks. Socially-engineered attacks traditionally target people with an implied knowledge or access to sensitive infor-
mation. According to the global survey of over 850 IT and security professionals, 86 per cent of businesses recognise social engineering as a growing concern, with the majority of respondents (51%) citing financial gain as the primary motivation of attacks, followed by competitive advantage. “These survey results show nearly half of enterprises surveyed know they have experienced social engineering attacks; 41 per cent said they were unsure. Lack of security awareness is concerning,” said Oded Gonda, VP, Network Security Products, Check Point Software Technologies.
Tie-up
I
ntel recently announced collaboration with RCom to accelerate broadband penetration using the PC as a growth engine. The company also announced collaboration with ASUS to produce entry level Netbooks designed for the first time buyers, students and people on the go. Both RCom and Intel will aim to increase device footprint among internet subscribers across India by enhancing collaboration with OEMs, joint retail promotions and selling Intel Architecture-based devices through the RCom Stores. ASUS’ collaboration with RCom brings down the price of ASUS X101 Netbook from Rs 12,499 to Rs 9,999. Prashanth Adiraju, Director, New Platforms Business Group, Intel South Asia said, “Our endeavour is to bring new levels of affordability to the Netbook category without compromising on performance, usability or aesthetics.” “This initiative to make Reliance Netconnect available to consumers at a discounted price would help in increasing the adoption of Netbooks amongst the users,” commented Alex Huang, Country Head, Systems Group, ASUS India. "Reliance has rolled out Netconnect broadband services in over 1200 towns in line with its vision of 'Wirefree Broadband India'," said Kaushik Pillalamarri, Sr VP, Data & Devices, Reliance Communications. They were commenting on the developments.
The Chief Technology Officer Forum
cto forum 07 October 2011
9
A Question of answers
PERSON' S NAME
Harbinger of Virtual Change: Mark Egan, CIO, VMWare, talks of the exciting times ahead in the arena of virtualisation
10
cto forum 07 october 2011
The Chief Technology Officer Forum
M ar k E g an
A Question of answers
Mark Egan | CIO, VMWare
“Look at the cloud cost arbitrage” VMWare, the largest player in the virtualisation space is also one of its largest adopters. The company has virtualied 95 per cent of its workload. Mark Egan, CIO, VMWare, shares his views on virtualisation and cloud strategy for an enterprise in conversation with Varun Aggarwal Even though Virtualisation is picking up, when it comes to mission critical applications people are still not comfortable. How much time do you think that will take? We have three phases of virtualisation in VMware. In the first phase what you do is become accustomed to the technology. The customer goes into a testing environment, where they initially virtualise their tier-2 and 3 applications. This lets them get familiar with the technology. The sec-
ond phase is when you start running your mission-critical applications. That’s when you put your ERP, CRM, SAP systems and so on. That’s when you start saving a lot more money. The third phase is what we call the agility phase. It is more about speed. So virtualisation varies with the company and the phase depending on the industry. We have seen some companies that go really fast from stage 1 to stage 2 to stage 3. In the past few days what I have learnt is that in India, companies are
in either in phase one or two, where they are still familiarising themselves with the technology. There are certain beautiful examples here where 10 servers have been cut down to three. So money on hardware, software and power is saved. It is a proven thing. We have many customers who have moved their critical applications on a virtualised infrastructure. We, at VMware, are 98 per cent virtualised. Our ERP, CRM and mail are running in a virtual environment. We even have customers in India
The Chief Technology Officer Forum
cto forum 07 October 2011
11
A Question of answers
M ar k E g an
“Virtualisation is a key tenant of cloud computing... we recommend companies to have it in place”
who have virtualised their missioncritical applications such as SAP and Oracle. The first stage is to build confidence that virtualisation works well with peripheral applications and then move on to virtualising mission-critical applications. Most of our customers are moving from phase one to two. When you talk about cloud, how do define a true cloud? A lot of people deploy virtual servers and they say we have cloud. But is it really a cloud? I think cloud computing is a style of computing and virtualisation is a key attribute of cloud computing. Cloud computing is internet-based, you can pay-as-you-go and you can expand on resources. It is the notion that you buy what you want, as opposed to the more traditional way of paying more money upfront and licensing something. Virtualisation is a key tenant of cloud computing. If you want to put a cloud strategy in place for your company, one of the things we recommend is that you have virtualisation in place. It will bring in the whole concept of shared pool of resources as opposed to an application sitting on a server. Cloud computing is a term used very broadly, while I look at it as just a style of computing. Cloud computing is about taking this consumer experience to the enterprise, and making it easier to do business. When it comes to virtualisation, do you see cost being the motivating factor or are there others? Initially there is a desire to save money. A lot of savings at stage 1 are on the capex side, wherein there is reduction in hardware. When you start getting into the later stages you start saving a lot on opex. You save a lot on people costs. For instance, in my organisation we have only nine staff members to run the day-to-day
12
cto forum 07 october 2011
operations. If you compare this with my previous company, we had probably three times more people. Stages two and three are all about speed. You start seeing agility in these stages. With virtualisation you have a pool of resources, you just increase the pool and the applications consume only as much as needed. Virtualisation gives freedom and agility. Do you think managing virtual infrastructure often becomes a challenge? No, I don’t think so. Most people have figured out how to manage a virtual infrastructure and the growth in customers is proof that they are manageable. Because the turnaround time for projects is quicker post virtualising, the business demands more of it. You can provision and get an app running quicker. When you have the sales director or the CEO asking you to provision something in eight hours of time; then why don’t you implement
The Chief Technology Officer Forum
things I Believe in Build confidence that virtualisation works well with peripheral applications and then move on to virtualising mission-critical applications. Virtualisation is a key tenant of cloud computing. esktop D virtualisation is mature technology that is ready for high adoption.
more of this virtualisation? There would be the odd cases wherein they need to figure their way around managing a virtual infrastructure. However, today we have more than 1,800 customers in the Indian market and there are enough references that can talk about how an organisation can address an issue that it could run into. In addition, we already have our pre-sales, support, and technical teams to help out, whenever a customer runs into a problem. Most security products do not work in virtual environments. Is it a challenge faced by the entire industry? Having worked with Symantec, I can say that there are security products for the virtual environment. Virtualisation gives greater visibility into storage, network and server in a VM, as opposed to non-virtual environments, which are heterogeneous consisting of products from multiple
M ar k E g an
vendors. One of the things that we can offer with our management tools is visibility. The other good thing about our technology is that it provides an interface and you can communicate with a VM only through this secure interface. We have also partnered with key security vendors such as Symantec, McAfee and others to use their products in our environments. VMware has come up with its own suite of security tools, such as vShield that provides the ability to isolate your missioncritical environments from development environments virtually. When you talk of different types of virtualisation, such as server, desktop, network storage, which type do you think is currently in demand? Where do you see a lot of potential? I think we broadly see most deployments happening on the server side. It is a very mature market; you have companies now using virtualisation to set up private clouds within their data centres. Or you can also go to third party cloud service providers and get a public cloud service. Another mature but not as fairly deployed area of virtualisation is desktop virtualisation. If you think about some of the good use cases for virtual desktops, it would be for instance, a call centre. They don’t really need to have a PC there. You can give them a much more controlled environment with a virtual desktop, which can also be provisioned very quickly. Were they to have an issue with their environment, you can just recreate the virtual desktop in minutes. The whole idea of the IT staff going from PC to PC to fix them, goes away since all this is going on the server. While these are the two broadly deployed areas of virtualisation, VMware is working either directly or with partners on the server side on shared storage. We also recently made announcements at VMworld on the database side. We are now offering a virtual database solution as well as a virtual networking product. What kind of interest have you seen in database virtualisation? Our customers have been very receptive to our announcements at VMworld. What we are really trying to do is offer our customers choices. There is some unhappiness over
the status quo in this, and we feel that we have an alternative; the feedback is positive. Can you briefly explain how database virtualisation works? From a database perspective, you can think about the whole notion of sharing data, dealing with structured and unstructured data. Then there is this whole notion about Big Data, and how you can manage that. Traditional databases are geared to manage structured data wherein you have very fixed fields and so forth. However, unstructured data is really large today and this is where a virtual database product can help. Management of unstructured data virtually is where we feel customers will find value.
“This is an incredible opportunity for IT Managers today. I would encourage my peers to embrace this change and think of it as a great opportunity� There are relational databases today but even they have shortcomings. For instance, there is VMware, vFabric ,GemFire, wherein the databases can rest in the cache. If you are running a database for airline ticketing, instead of waiting for a server response, the response is driven out of the cache memory and updates can be made in transit, without losing anything. We are providing customers the option to manage their data using VMware data management or manage their current databases using our tools. What are your plans in India? VMware is very committed to investing in India. Today we have over 1,600 employees across various groups. From a product development perspective, we have
A Question of answers
a very mature organisation here. We have our call centres here from a technical support perspective. Half of the staff of my IT organisation is here in India, and we expect to expand it over time. India provides us two advantages: one, being able to tap into a very talented labour pool; and two, there is a great set of engineers and IT staff here. What suggestions on virtual environments and private clouds would you like to give to CIOs? I think there are three steps in terms of realising where you are now and how do you get to that future environment. The first step is to just inventory the services that you offer. For instance, how much does it cost to provide an email service and what kind of service levels are being offered. This is because today, you, as an IT organisation, are going to be compared externally. IT initially had a monopoly. But this monopoly has been broken. The second step we recommend is to architect for this new environment, which would have various end-user devices, the cloud, and so forth. A part of this architecting would be to virtualise to get the cost efficiency and flexibility in. The third phase is the cloud cost arbitrage. If you can get a service externally that meets your service levels and costs less than doing it internally, then you should opt for it. How big an opportunity is virtualisation for CIOs? This is an incredible opportunity for IT professionals today. Given all the technology that is out there and the proliferation of devices, they need to think about how they can bring consumer experience to the enterprise. They need to move beyond keeping the day-to-day business running and help the company increase business revenue, reduce costs and improve customer experience. I think it is a very disruptive time in technology. The status quo has been challenged. The whole notion of spending of lot of money on software and maintenance is being challenged by options such as SaaS. It is really exciting. I would encourage my peers to embrace this change and think of it as a great opportunity to be recognised as a business enabler as opposed to being IT that is restrictive.
The Chief Technology Officer Forum
cto forum 07 October 2011
13
Best of
Customer Rejection Management? Pg 16 IT Outsourcing Goes Rural Pg 18
Illustration by shigil N
Breed
Features Inside
CIOs, Cybercrime % and ‘Wetware’
Data Briefing
45
of it Heads view their cio as stewards; 45% as strategists; 10% as revolutionary
14
cto forum 07 october 2011
Insights from a Deloitte survey that covered about 1000 CIOs By Oestreich
D
riven by rapid advancements and integrations of new technologies and evolving business needs, the role of the CIO is shifting from steward to strategist or revolutionary, according to a new Deloitte survey of IT executives in the US According to the poll, 45 per cent of nearly 1,000 IT executives surveyed, say their own CIO is viewed as a steward while another 45 per cent say their CIO is a
The Chief Technology Officer Forum
strategist. The remaining 10 per cent claim their CIO is a revolutionary — a percentage Deloitte expects to grow as technology continues to change the way business is done. Among respondents who do not view their CIO as a revolutionary, 66 per cent believe that to be a revolutionary CIO requires four critical skills: industry knowledge, business knowledge, technological experience and staff development. "Two years ago the
securit y
B E S T OF B R E E D
Also highlighted in the report is the phenomenon of ‘wetware’, in which the weak link in the security chain is the human user
goal of the CIO was to cut costs and keep the lights on. They were stewards. They protected current assets and worked with available resources," said Suketu Gandhi, Principal, Deloitte Consulting LLP. "Mobility allows employees and resources to be available at any location; social platforms facilitate real time conversations; analytics provide virtually instant insights for better decision making; and cloud technologies provide a platform for services to be delivered at a moment's notice. "These combined technologies give the CIO the opportunity to be an active strategist and decision maker within their respective organisations, and can allow them to be a revolutionary force. The CIO will increasingly have the ability to actually change how business is conducted." The perception of the CIO within a company contrasts survey respondents' understanding of what IT head's primary contribution to an organisation should be. A majority (60%) of survey respondents think IT should facilitate growth and productivity — nearly twice as many respondents believe IT needs to be a competitive advantage (36%) for their company. The poll was conducted during Deloitte's Dbriefs Technology Executive series: 'CIOs as Revolutionaries: A Step Change in the Business-IT Relationship' on July 7, 2011.
Only a Quarter of Employees Bypass Security Policies
According to new research from security firm Webroot, only about 25 per cent of employees have tried to bypass company security policies while at work, while nearly all (95%) respect the importance of their employer's measures for protecting their network and customer information. "It is a pleasant surprise to learn that employees understand the need for
increased security and abide by corporate policy," said Jacques Erasmus, CIO for Webroot. "That said, employees at all levels still introduce risk to a corporate network through activities like surfing the web, shopping online, planning personal events and accessing personal email accounts while at work. As we see more and more malware being spread through the browser, such as Zeus and SpyEye which infects users' computers to track their keystrokes and steal their banking information, it is vitally important for companies to put in place suitable web security solutions and develop effective and secure web security policies to help protect their organisation." Surveying more than 2,500 employees in the United States, United Kingdom and Australia, Webroot also found that the executive or senior management staff performed non-work related activities during work at a higher rate than their subordinates. For example, 41 per cent of executives reported planning personal events such as vacations, weddings or parties while on the clock, while just 35 per cent of regular, full-time employees reported doing similar activities. Of those who skirt around corporate security policies, younger employees (those aged 18 to 29) reported a higher incidence of doing so but employees learn from their co-workers' mistakes: 26 per cent of respondents were aware of someone who received a warning as a result of breaking security policies 18 per cent were aware of someone who was fired Nine per cent were aware of someone whose computer privileges were reduced Eight per cent knew someone who was put on probation
'Wetware' Becoming Preferred Attack Vector
A new report, Cybercrime Futures, commissioned by the internet security company AVG reveals how the explosion in size and complexity of global cyber crime, combined with the surprising complacency of younger users, is putting lives at risk. The report, authored by the research agency, The Future Laboratory, reveals that while cybercriminals and malicious programs are becoming increasingly sophisticated and difficult to detect, users are, alarmingly, becoming less vigilant about protecting their online devices. The combination of these two factors presents a potentially disastrous cybercrime scenario. Also highlighted in the report is the phenomenon of so-called 'wetware', in which the weak link in the security chain is not the technology but rather the human user. The growing risk stems not just from technology (software or hardware) but increasingly from human action (wetware). It seems that increasingly cyber criminals are focussing on deceiving the human rather than the machine, fooling the user into downloading and installing malicious software by posing as anti-virus providers or another trusted source. This means of entering a user's computer bypasses the normal security checks, and makes the 'wetware' the weakest link. The key findings of the report were: - Cybercrime is on the increase as the tools and tactics that were previously used by hackers to cause disruption to machines and networks have been monetised by criminal gangs through bank fraud and ID theft. - Smartphones are no longer just phones, they are mini PCs, and consumers fail to realise that this makes them as vulnerable to cybercrime as a computer. Just four per cent of French internet and smartphone users are concerned about smartphone viruses. Money can be taken almost unnoticed through premium The Chief Technology Officer Forum
cto forum 07 October 2011
15
B E S T OF B R E E D
Securit y
rate SMS fraud; a crime which consumers are unlikely to spot. - Consumers are aware of the need for antivirus protection but nearly one in ten of those surveyed fail to keep their protection updated. Alarmingly, the 18-35 age group (often cited as the group which is most digitally aware) is particularly complacent about this. Increasing integration of the internet into physical systems makes us increasingly vulnerable to cyber-attack. The internet of Things will soon become part of our connected world, opening new opportunities for hackers to cause harm and havoc. The author of the report, Antonia Ward of The Future Laboratory, said of the findings, "It's clear that cybercriminals are getting more and more sophisticated, not only in their programming but also in their methods. The idea that they're moving from utilising weaknesses in the software to attacking the 'wetware' is a disturbing one, and demands that we respond by improving people's awareness of these rogue programs so that they aren't so easily deceived."
86%
Five key threat scenarios idenJR Smith, CEO of AVG Techtified in the report: nologies, said, "The potential - Car-hacking: Hackers could impact of cybercrime must not take control of your car's door be underestimated. After the businesses locks, dashboard displays and 2008 financial crisis, the OECD began to re-examine today's recognise social even its brakes - Jailhouse rocked: Prisoners potential 'global-shocks'. Alongengineering could be sprung from jail using side the threats you expect — as a growing only a USB stick financial crises, pandemics and - Health scare: Saboteurs social unrest, they also included concern could threaten the wellness 'cyber risks' for the first time. technologies we depend on to The British government alone keep us healthy has allocated GBP63m to fight cybercrime - Sniffers and blackouts: Burglars could this year." monitor your activities then reprogram your According to the report, the Generation home security systems from afar Y users, those who have grown up with an - Grid-Jacking: Scammers and terrorists awareness of digital threats, are the most alike could find opportunities in hacking reckless about not protecting themselves. into the Smart Grid. Almost half of UK's 18-35 year olds don't update their antivirus software. If they continue to behave like this as they grow older and gain more wealth and responsibility, — This article has been reprinted with permisthen we could witness a cybercrime disaster, sion from CIO Update. To see more articles affecting not just personal users but also regarding IT management best practices, please businesses and governments. visit www.cioupdate.com.
Customer Rejection Management?
The people who design operational processes must think from a customer perspective By Ian Gotts
E
very major organisation has some form of customer call centre. You may have renamed yours 'contact centre.' They are manned by staff that are trained, tooled-up with technology and incentivised to support customers. The centre is critical because it drives long term sales and protects repeat revenue. It may even be considered a 'profit centre.' But your customers are calling you less, and only when they really have to. I would suggest that CRM stands for 'customer rejection management' rather than customer relationship management; and this is by design. There are three strategies that companies are adopting that are driving customers away, giving you
16
cto forum 07 october 2011
The Chief Technology Officer Forum
less insight into your customers and their needs, and, ultimately, alienating them. These strategies are: Outsourcing: lets a call centre operator talk to your customers Self service: lets them find their own answers and Search/social networking: lets someone else help them All three strategies are driven by a cost-centre/cost-reduction mindset. But the one time you force your customers to contact you is when they don’t want to. This is called non-value demand. In other words, you are making your customers do something that has no real value for them. Either you make them call a number and sit on hold after they
have navigated through a labyrinthine list of menu options; or you make them go to an unintelligible website, register by entering a huge list of personal information, wait for a validation email, and then make them try to navigate your website — all with little or no guidance or step by step instructions. Sound familiar? Here are some examples of non-value demand: Report a fault or error in a product or service Fix a problem in a product or service Confirm or acknowledge a change of contract or other details Update personal details The opposite of non value demand is valuedemand. This is something initiated by the customer that they want for their benefit. They may not want to talk to you but it is worth their time and effort. Some examples are: Ask for an increase in credit limit Cancel a product or service Order a product or service Give feedback What makes both non-value demand and value-demand non-functional is that companies often compound it with poorly thought through, inadequately tested and inconsistently applied business processes. I am not just talking about the screens in the CRM application but the end-toend process: the customer journey. This makes the experience even worse for everybody. The customer is confused and frustrated. The call centre operator is uncomfortable and frustrated; i.e., the customer leaves the call upset, no matter how good, positive or cheerful your call centre person is.
Good Process Design
B E S T OF B R E E D
photo by photos.com
CR M
Put the customer at the heart of the situation; it is his journey
The explosive growth of social networking means that there is now a wide range of ways that a customer may get his question answered. They can call you, search your website, email you, search for the answer on a forum, post the question on a social networking site like LinkedIn or Facebook, or on a microblogging site like Twitter. This is the perfect opportunity for you to take a look at front office processes, and take a customer-centric perspective. Put the customer at the heart of the situation and think about their journey. The good news is that most of the back office processes can stay the same. This is the opportunity to take a faster, more effective yet proven approach to process capture/discovery, CRM design, and the adoption of new working practices for your customer facing staff. This can be done through interactive, collaborative process mapping sessions, rapid CRM system prototyping or role-based guided process walk-throughs delivering links to systems, videos, on screen entry, documents and forms, in the context of an endto-end process. Gone are consultants interviewing the staff and producing complex flowcharts that cover the entire wall of the project office. The
end to six to 12 month CRM/IT-centric projects. Say goodbye to offsite CRM systems training courses.
Just Theory? Is this approach just theory, you ask? No. It can be seen on every street in the UK in Carphone Warehouse stores, with an initiative they call ‘How2’. (Full disclosure: Carphone Warehouse is a Nimbus client.) If you can’t make it out of the office, Carphone Warehouse has documented its project in videos from several perspectives including a retail store, back office, the project sponsor. The results speak for themselves. Just from the deployment to 815 stores the ROI was 1100% in year one, customer satisfaction (NPS) was up 25%, an additional revenue of £5M in the first year and they’ve saved £50,000 per year on telephone support calls to stores. In fact, the company has just won a Gartner BPM Excellence Award in the Leveraging BPM Technology category. I’ll contrast this with the non-value demand experience of another UK retailer ... which shall go unnamed. The Chief Technology Officer Forum
cto forum 07 October 2011
17
B E S T OF B R E E D
CR M
60%
where to send it. Far better would have been to credit My family has just moved to the USA and before we our bank account or attach a cheque to the letter. left we rented out our house. We called the UK-based The people who design operational processes should retailer, 30 days in advance to cancel our TV/phone/ think about how it feels from a customer perspecbroadband service (value demand). The person at the companies who tive. Then how the effective use of technology can call centre was very helpful. A letter arrived in the post enhance the experience for everyone. The social media confirming the cancellation of the TV. The letter read: use CRM system revolution taking place is the perfect catalyst. "Sorry to hear you decided to cancel your subscription. are satisfied or Ahhh!! I feel better now. Who should I call to tell? Your viewing will stop on dd/mm/yyyy. (The date was very satisfied wrong: non-value demand contact required.) We are delighted that you want to continue your service etc., with their system —Ian Gotts is the founder and CEO of Nimbus (recently acquired etc., etc. (Wrong again...)." by TIBCO Software). He is the author of six books including, "ComSo we make a non-value demand call. A very helpful mon Approach, Uncommon Results, Why Killer Products Don’t and friendly call centre representative said that we would be receiving Sell" and two "Thinking of … " books on cloud computing. He is a prolific blogger separate letters from each department (telephone, broadband, TV) canwith a rare ability to make the complex seem simple which makes him a sought celling the services. Each, presumably, saying the other services would after and entertaining conference speaker. His book "Thinking of ... Offering a continue, confusing us or prompting more non-value demand calls. We Cloud Solution? Ask the Smart Questions" articulates the opportunities and the were advised to simply ignore these letters when they arrived. challenges ISVs face in their transition to cloud world. About a week ago we were sent a letter prompting another non—This article has been reprinted with permission from CIO Update. To see value demand call. There is a credit on the account and they wanted more articles regarding IT management best practices, please visit www. me to call them to let them know if we would like a cheque and cioupdate.com.
IT Outsourcing Goes Rural
Rural sourcing is emerging as a potential arrow in the quiver of global multi-sourcing strategy
R
ural sourcing, where US-based service providers establish delivery centres in low-cost regions outside of major metropolitan areas, is gaining increasing interest and attention in the marketplace. Potential benefits of rural sourcing can include competitive pricing, fewer time-zone and cultural constraints, and, in many cases, lower transition costs. Moreover, for US-based client organisations, particularly those in the public sector, the political appeal of 'keeping jobs at home' can be essential. This is not to suggest that the rural model is poised to compete toe-to-toe against the major Indian providers, much less displace traditional models of offshoring. However, for many client organisations, rural sourcing is emerging as a potential arrow in the quiver of a comprehensive global multi-sourcing strategy.
18
cto forum 07 october 2011
The Chief Technology Officer Forum
Illustration by shigil N
By Max Staines
outsourcing
Labour Arbitrage As with any sourcing model, the cornerstone of the rural approach is ready access to skilled labour at relatively low cost. Analyses conducted by TPI (Compass and TPI are owned by the same parent company, ISG, Inc) have found that the wage rates paid by rural sourcing suppliers can be 20 per cent to 40 per cent lower than those found in major metropolitan areas. According to TPI, rural-based service centres can also leverage existing infrastructure to achieve economies through a service delivery 'factory' framework of common best practice processes (ITIL and CMM), tools, training, operating models, and knowledge management disciplines. In addition, rural sourcing centres are well positioned to provide custom application development and testing services. But, the level of investment by rural firms is often less than the MNCs, so activities that are asset or investment intensive, such as remote infrastructure support, may not be good candidates for rural outsourcing, according to TPI.
Staffing Rural outsourcers draw technical talent from university towns in Arkansas, Michigan, Nebraska, New Mexico, North Dakota, and elsewhere, offering career opportunities and a lower cost of living. Quality of life considerations such as climate, recreational activities, and quality schools are becoming increasingly important competitive differentiators in hiring strategies. For underemployed residents of economically depressed areas, rural centres provide an attractive entry-level option. Compass recently analysed an outsourced help desk operation based in a prairie state that served a number of national clients. The service provider established a career path, whereby entry-level agents from the local community worked on smaller accounts doing first-level contacts, and then progressed to prestigious accounts and more value-added work.
Local Touch Discussions of rural sourcing have often focussed on political attitudes towards global offshoring. Indeed, attitudes about the national origin of service providers can have an impact on the effectiveness of ser-
vice delivery. For example, in conducting a survey of a major global retailer, Compass found that help desk users actively avoided dealing with agents in a Mexican operation in order to speak to an agent based in the Midwest. While the most common complaint against the Mexican agents was difficulty in communicating because of accents and 'cultural' differences, users also expressed a view that the desk in Mexico “didn’t understand the urgency of our needs and issues.” In other instances, Compass has observed that users will try to solve problems on their own or seek a
The rural model opens up the benefits of effective outsourced
delivery to mid range organisations that lacked it earlier colleague’s assistance rather than work with an offshore provider and deal with “someone who doesn’t speak English.”
The Competitive Treadmill Perhaps the biggest shortcoming of the rural model is scalability. Even the largest state universities in states like Arkansas, Kansas, Iowa, and Oklahoma can’t produce the level of talent emerging from the technical academies of Bangalore and Beijing. Over time, of course, the rural model will be subjected to the inexorable economic pressures of the sourcing marketplace. That’s already evident, as India is itself
B E S T OF B R E E D
adopting a 'rural sourcing' approach: recent media reports have described offshore providers such as Wipro establishing service centres in remote Indian villages as a way to, among other things, counter rising wage rates in Bangalore.
Assessing the Rural Option Assessing the viability of a rural sourcing approach requires an apples-to-apples comparison against alternatives — whether domestic, offshore, or internally managed. In addition to labour arbitrage, factors such as different management and training requirements, impact of different time zones, and savings associated with less travel, must be considered.
Market Presence So where does the rural model fit in today’s sourcing landscape? Monty Hamilton, CEO of Rural Sourcing (RSI), says the rural model opens up the benefits of effective outsourced delivery to mid range organisations that have heretofore lacked the scale and requirements to engage the major players. Such clients are attracted less by economies of scale as by 'economies of skill'. Ultimately, a best-of-both worlds approach may emerge. A senior sourcing executive at a New York-based media firm, who works with two major India heritage players and is somewhat sceptical of the rural model, told us recently that partnerships between a global provider and a rural operation could potentially leverage the scale and skills of the former, along with the local market knowledge and workforce connections of the latter. While much of the buzz around rural sourcing has been driven by political considerations; specifically, by the perceived 'Buy American' appeal of the model as an alternative to globalisation, ultimately, the success of the rural model will be determined by its competitive viability and, more importantly, by how that model is managed. —Max Staines is president of North America for Compass Management Consulting. —This article has been reprinted with permission from CIO Update. To see more articles regarding IT management best practices, please visit www.cioupdate.com.
The Chief Technology Officer Forum
cto forum 07 October 2011
19
Innovative Banking Case Study | ING Vysya Bank
Challenge:
When the IT team uses its technology expertise to deliver business innovation, customers can benefit, and sometimes spectacularly so. ‘ING Inwards’, helped the bank in doing just this. It drastically brought down waiting time for its corporate customers
T
By Harichandan Arakali
his is an innovative solution for any ING Commercial Banking customer — usually called ‘the corporate’ or ‘corporates’ — that makes their task of Receivable Management and Collections much easier. The Receivable Reporting Solution (RRS) has helped ING Vysya Bank’s customers achieve massive reduction in reconciliation and shipment TAT (Turn Around Time) from more than a week to just about two hours. Along with the flexibility that the bank offers to its corporate customers in setting up the solution with no changes to their ERP systems, the RRS helps make ING Vysya Bank project itself as being easy to deal with, in sync with the its “Jiyo Easy” message.
Customer Impact and Operational Impact ING Inwards substantially re-engineers the industry value chain as far as payments, reconciliation, shipment and notification are concerned for corporate clients and their distribution value chain. These clients typically ship goods after receipt of payment from the customer network, and through dealers. Here are some of the important challenges they face, and how the situation has changed with the deployment of ING Inwards.
20
cto forum 07 october 2011
The Chief Technology Officer Forum
c a s e s t u dy
Receivables Collection Then: Long lead time in collecting payment, especially when made through physical cheques. Typically involves a seven-day transit time to come from the customer to the corporate’s bank via the corporate. Now: Instantaneous credit through domestic electronic payments that can be triggered through the internet or through the 62,000-plus bank branches that support such payments, to the ING Vysya Bank Account. ING Vysya Bank supports Straight Through Processing (STP) of the payment, right from the payment gateway through to Credit to the Corporate Account.
Reconciliation and Shipment Then: Long lead time and FTE (full-time employee) intensive process in matching the payment credited by the customer against the invoice issued by the corporate, entering the information in their ERP software and shipping out goods. It’s manual, laborious and error prone.
COMPANY DASHBOARD Company: ING Vysya Bank Headquarter: Bangalore MD and CEO: Shailendra Bhandari Operations: ING Vysya Bank Ltd is an entity formed by the coming together of erstwhile Vysya Bank Ltd, a premier bank in the Indian Private Sector, and a global financial powerhouse, ING of Dutch origin, in Oct 2002.
B E S T OF B R E E D
Typically, this adds five to seven days to tabulate process and ship goods out; all activities done by the corporate. Now: All critical information such as remitter ID and invoice details are instantly available with ING Vysya at the time of receipt of payment. This is conveyed to the corporate and corporate’s customers through SMS, email reports and even through host-to-host hook-ups to the corporate/customers’ ERTP Systems. The resultant STP reduces TAT, error rates and processing cost. Overall, TAT reduces from more than days to less than two hours.
Notification Then: Mostly manual methods of notifying customers of receipt of payments and shipments made typically using paper or delayed emails, and done by the corporate. Now: Instant notification, through SMS and emails. This is done directly by ING Vysya bank, and not just to the corporate (who holds the banking relationship) but to the supply chain network of the corporate, even if they are not banking with us.
Security and Regulatory Impact ING Inwards provides the following risk mitigation advantages to its customers: 1. Payment through RTGS/NEFT represents final payment unlike cheque which are subject to realisation 2. Useful option where sales team wants to execute supplies after receipt of funds 3. Credit Monitoring as it helps to auto update receivable ledger of the corporate
The Creative Part Already available information: Leveraging existing RBI Systems in an innovative manner to secure more information (invoice number, invoice date, order number, etc.) about corporate payments that’s over and above the usual details (such as account number and amount) usually collected by the banking system is an important aspect. Flexible reporting framework: Flexible communication system whereby corporates can specify report formats as per their liking and have them delivered through multiple channels — SMS, email or Host-to-Host. Straight Through Processing: True end-to-end STP, right from receiving payment through NEFT and RTGS, to credit to bank account, to auto generation of MIS and even auto posting of MIS to the Corporate’s ERP System through Host-to-Host interfaces.
The Significant Benefits
Aniruddha Paul, Head, IT Change Delivery and Dharmaraj Ramakrishnan, Head, Core Banking at ING Vysya.
Payments made via RTGS and NEFT, which are more convenient than cheques that are subject to realisation Useful option where your marketing team wants to execute supplies after receipt of funds Allows auto update of ledger and therefore better credit monitoring The Chief Technology Officer Forum
cto forum 07 October 2011
21
B E S T OF B R E E D
c a s e s t u dy
uts down interest cost as cheque entails delay C of funds by two to three days depending upon instruments Cuts down the risk cost of the corporate; offers better commercial terms to customers/dealers Movement from paper to electronic mode of receipt Guaranteed remitter information Ease of reconciliation of account receivables
The Vision From a Year Ago Almost a year ago, when we first brought to your notice the innovative technology-led business transformation happening at ING Vysya Bank, via the case study ‘Pay-by-Wire Turbocharged’, we asked the standard question: What next? Here’s what Paul and Ramakrishnan had said then, showing they had already envisioned the RRS: “This particular innovation that we developed, has been built from a domestic electronic payments system and would be the bedrock of further innovations that we will do in future.” For instance, this could be about telling a corporate customer who relies on inward NEFT-based RTGSs from the vendor eco-system that “not only will we be able to process his payments the fastest in the country, but we also have mechanisms and systems that allow us to include the invoice details” that the vendor
22
cto forum 07 october 2011
The Chief Technology Officer Forum
“Our system makes the Payment and the information process faster” Aniruddha Paul, Head IT, Change Delivery, ING Vysya Bank
network is using to pay to the bank’s corporate customer. For example, take a corporate with say 5,000 dealers across the country. The dealer would make a payment and ask for delivery. Under normal circumstances, the dealer would have made a payment, taken the details about the payment, called up the corporate about the payment. “We are offering to the vendor as well as the corporate customer, the facility to make the payment, including some information; and then pass that information, processing it, to corporate ERP in a straight-through process. This is something that we can eminently do.” Otherwise, the vendor would have waited for confirmation of the payment, sent it to the corporate, who would have double checked, waited for the invoice details, and then would have processed the delivery. “With our systems, not only do you make the core payment faster but the surrounding systems kick in to get the information about the payment, and automatically post it to the corporate ERP systems in a straight-through process,” Paul said. Such innovations are helping ING Vysya Bank go after lucrative large corporate customers who were hitherto the domain of large multinational banks, Paul remarked. —Harichandan Arakali
enterprise mobilit y
Imaging by Shigil N
COVE R S TO RY
24
cto forum 07 october 2011
The Chief Technology Officer Forum
24x7
enterprise mobilit y
O I C
COVE R S TO RY
line e h t d urre fits the l b s a ility h me. It bene k 24X7. b o m ho ise wor r d y p l l r n a e a u t t En office yees now vir ? n e e betw emplo r a CIO ns fo rise as o i p t r a e t c i l n e ts imp i Gone e r a t Wha are the days when
dr a s hven By yas
ingh
work was confined to the four walls of office. As mobility steadily permeates enterprises, the line that marked the boundary where office finished and home began, has blurred. Driven by business compulsions, enterprises are realising the critical need of providing mobility support. According to IDC, the number of mobile workers worldwide is expected to go up from 919.4 mn in 2008, to 1.19 bn in 2013, reflecting a CAGR of 5.2 per cent. In the context of Asia-Pacific (excluding Japan), the penetration of mobile workers is expected to reach 37.4 per cent in 2013, as compared to 30.2 per cent in 2008. To deal with a more remote workforce, enterprises are augmenting their deployment of smart phones, laptops, and collaboration software. They are also putting in place mobility policies. These developments are bringing in new challenges for a CIO. Technology leaders now need to ensure the security of enterprise data and applications across a plethora of mobile devices, and 24X7 at that.
inside 26 | CIO and Mobility | 29 Efficiency Through Mobility 31 | Taking a Cautious Approach| 33 What Next in Mobility The Chief Technology Officer Forum
cto forum 07 October 2011
25
COVE R S TO RY
enterprise mobilit y
CIO & Mobility
With mobile employees increasing in corporates, CIOs are now virtually on the job 24X7. They have to ensure employees are helped and provided for in such a 24X7 work scenario by yashvendra Singh
26
cto forum 07 october 2011
The Chief Technology Officer Forum
The enterprise mobility market in India, which comprises network, data, hardware, applications and associated services, has shown exponential growth during the last three years. The fast growth has been on the back of factors such as declining costs, increased maturity of industry verticals towards adoption, increased start-up activity, and ecosystem play in market development. “India already has 840 million mobile phone subscriber base with 15 per cent smartphone penetration, and the tablet PC market in India sells about one lakh tablets per annum. All these point to good devices penetration, that is further fuelling the growth of enterprise mobility,� says a study by management consulting company, Zinnov. Add to this, a combination of demand side trends, and there seems to be no looking back, states the study. Industries leading the way in mobility services include banking, manufacturing, retail, hospitality and healthcare, while upcoming adopters like automotive, logistics and consumer goods companies are increasingly using mobile supply chain systems to streamline inventory management, replenish stock, track demand, and manage shelf space and storage in an optimal manner. As more and more employees are getting
COVE R S TO RY
enterprise mobilit y
exposed to next generation technologies and devices, the enterprises too are beginning to follow suit. As part of the study, Zinnov also interviewed 150 key IT decisionmakers in India to understand the softer issues driving enterprise mobility. According to them, the key reasons for mobility were push from management; collaboration among employees; getting more work time out of employees; pull from end users (customers or employees); and reducing communication costs. And, the business drivers for enterprise mobility were better customer service; productivity advantage; employee satisfaction; and competitive advantage in that order. The Zinnov study also found that increased adoption of majority of the mobile platforms is a key motivation factor for startups. As platform adoptability improves along with network penetration and connectivity, more business functions like ERP, CRM, SCM, sales force automation, unified communication and billing, too, are coming under the enterprise mobility ambit. This is coupled with maturing organisations that are trying to mobilise departments like HR, retail, customer service, finance and field service.
Managing Mobility While mobility permeates enterprises, it also has implications for a CIO. With users able to access applications from anywhere on a plethora of mobile devices, it becomes a challenge for a CIO to ensure that sensitive data is kept secured. As Mukesh Kumar, CIO, TPG Wholesale says, “CIOs can’t ignore enterprise mobility. From a business perspective, it is beneficial, but from a security perspective, it is definitely a challenge. It’s a tough decision to make — which device to allow and which to restrict. Carrying a mobile device is a personal behaviour and is hard to stop. A CIO can’t even have a restrictive policy, as it will signal a wrong organisational culture for the younger generation.” Parminder Singh, CIO, BPTP, considers enterprise mobility an opportunity, which, if leveraged in the right way, can yield dividends. “From a CIO’s perspective, enterprise mobility is emerging as a challenging opportunity that needs to be managed. By leveraging it, we can improve efficiency and deliver more,” he says. “In BTPT, for instance, when customers pay remittance, there can be an instant SMS acknowledging receipt. Besides, a customer can enquire the next due date of payment through an enterprise mobile
platform. In fact, I can carry all my customer-facing processes on the enterprise mobility platform thereby improving my customer satisfaction level,” he says. However, he too agrees with Kumar on the issue of security. “The biggest issue of enterprise mobility is security as the applications have to be exposed. In case a device is lost, the financial information can fall into wrong hands. So, any CIO looking to embrace enterprise mobility would have to have a robust and secure middleware. While the backend is secure, the middleware needs to be insulated from threats,” says Singh.
A Framework in Place Kumar feels while the security policies around enterprise mobility are still evolving, it is important for a CIO to at least have a framework in his organisation. “A CIO should decide which platforms to allow and which to restrict, and then build security and applications around them. There is still uncertainty with respect to which platform will lead the market, making it tough for a CIO to decide where to invest,” he says. “Technology has a curve, and mobility is at the peak of this curve. Security, on the other hand, follows the technology curve. So we will have to wait for some time to see which technology gains eminence,” says Kumar, who was SVP, IT at the Oberoi Group before joining TPG. Recalling his strategy while at Oberoi Group, he says, “We decided to allow BlackBerry, Symbian, and iPad, while restricting Android, as it was still in the nascent stage. A CIO has to selectively provide access to platforms.” Singh feels a strict level of monitoring would be needed, and a CIO would have to put such a system in place. “I remember when we rolled out laptops in our organisation, they were given on the basis of hierarchy and role. So, all the sales pergh P n i sonnel were S T r inde Officer, BP m r given laptops, a P rmation fo while those at In f Chie the back office were given desktops. Mobility will start like that. But a CIO will have to put a superior level of monitoring in place,” he says. “When going for a mobile management strategy, a CIO would have to look at three aspects – what can I enable; what platforms can I tab; and the security aspect,” says Singh.
so are rms e r e “Th y platfo ply m in mant it is si bring tha ible to tion.” isa oss imp tandard s
Is Standardisation passé? But what about standardisation? When all the CIOs are talking about standardising their IT infrastructure, the divergent The Chief Technology Officer Forum
cto forum 07 October 2011
27
COVE R S TO RY
enterprise mobilit y
Increasingly Mobile M ore US internet users will access the internet through mobile devices than through PCs or other wireline devices by 2015, according to a report from IT analytics firm International Data Corporation (IDC). The company's Worldwide New Media Market Model (NMMM) forecast that as smartphones begin to outsell simpler feature phones, and as media tablet sales explode, the number of mobile internet
users would grow by a compound annual growth rate (CAGR) of 16.6 per cent between 2010 and 2015. The report noted that the impact of smartphone and, especially, media tablet adoption will be so great that the number of users accessing the internet through PCs will first stagnate and then slowly decline. Western Europe and Japan will not be far behind the US in following this trend, the report noted. Worldwide, the total number of internet user will grow from two billion in 2010 to 2.7 billion in 2015, when 40 per cent of the world's population will have access to its resources, while global business to con-
“CIO ente s can't rpris From e moignore pers a busin bility. benepective i ess defin ficia t is itely l, but chall a secu enge rity Muk ” esh K u
mar C TPG, IO, Whole sale
mobile platforms – Android, iOS, BlackBerry – are making life tough. “If today someone asks me can I bring in standardisation in my IT infrastructure, my reply would be ‘No’, given the fact that there are multiple platforms,” avers Kumar. Agrees Singh when he says, “When it comes to standardisation, no matter how much we say, it is impossible to achieve. There are so many platforms that it is simply impossible to bring in standardisation. However, I do profess that at an industry level such platforms are secure.” While mobility has a significant cost advantage from a business perspective, another noteworthy fact is the cost optimisation within
28
cto forum 07 october 2011
The Chief Technology Officer Forum
sumer (B2C) ecommerce spending will grow from $708 bn in 2010 to $1,285 bn in 2015 at a CAGR of 12.7 per cent, IDC researchers noted. Americans are using mobile devices and notebooks to access the mobile web more than ever before, according to a recent report from the Pew Research Centre. Cell phone and wireless laptop Internet use have each grown more prevalent over the last year, the report found, with nearly half of all adults (47 per cent) going online with a laptop using a WiFi connection or mobile broadband card. The report, based on a daily tracking survey on Americans use of the internet, also found use of non-voice data applications on cell phones grew dramatically over the last year.
the enterprise mobility ecosystem, which acts as a double bonanza for the industry. “Companies today are optimising their mobility investments with innovative approaches such as pay per use models which will bring down operating costs. Majority of the IT decision-makers we spoke to see this happening over the next two years itself, which speaks well for the industry,” adds Praveen Bhadada. Today, an individual carries at least three devices – a laptop, a tablet and a phone. There are several apps being developed for mobile devices. The fact is that mobile is emerging as a viable platform in enterprises. Going forward, CIOs will have to imbibe information security within their overall IT framework. It is beyond doubt that mobility is blurring the physical boundary between office and home. It is giving way to 24x7 workers. It also has serious implications for a CIO, who too is now virtually on the job 24x7. He has to ensure that employees are helped and provided for in such a 24x7 work scenario. Kumar, however, thinks otherwise. He says, “For the sales team out there on the ground, it is definitely advantageous as it allows them to access information and applications on the go. But if one was to analyse the actual cost benefit ratio, it is yet to emerge as a strong case. I feel enterprise mobility is being driven more out of the fear of losing out to competition rather than anything else. Allowing people in the hospitality industry to make reservations from their mobile devices, is more out of the need to stay abreast with competition. It is a marketing investment.” “While I would say the CIO was always on 24x7 duty (earlier there was maintenance work and backup during the weekends), it has now gone beyond 24x7. A user can call my IT help desk at any time. Our help desks, which used to work from 10 am - 7 pm, have already started working much earlier and end later,” adds Singh.
enterprise mobilit y
COVE R S TO RY
Efficiency
Through
Mobility Lowe Lintas mobility roadmap envisages moving most applications to mobile platform to make the organisation more efficient
By Varun Aggarwal
Predictions about PC applications moving onto the mobile or the smartphone have been doing rounds for quite some time. However, the fact remains that when it comes to enterprises, smartphone usage is limited to corporate email access. Very few organisations take the leap and deploy enterprise applications for mobile. Similar was the case with media and communications major, Lowe Lintas. Though 22 per cent of the company’s employees were using Blackberry smartphones, the primary usage of the device, apart from making calls, etc., was to access corporate emails. No other enterprise application was accessible on the device. This was when Pravin Sawant, CTO, Lowe Lintas, decided to better utilise the mobile. “Twenty two per cent was a significant number for the organisation, as it covers the entire top and middle management. However, we noticed that they were primarily used only for accessing emails. We wanted to explore other opportunities where we could also utilise them for enterprise application,” Savant said. Savant created a complete mobility roadmap with the BlackBerry team and presented it to the board. “With the help of the RIM team, we were able to articulate a long term roadmap. There are so many reasons that a potential IT initiative doesn’t achieve its set goals, and so we’ve taken our management along with us while preparing a long-term mobility roadmap so that we don’t hit bottlenecks at a later stage.” Employees being the most important asset for a media and advertis-
ing organisation like Lowe Lintas, anything that improves employee efficiency, would have a lot of positive impact on the entire operations. The company, therefore, decided to first look at capturing some of the transactions, and at a later stage in the roadmap, look at how mobility can facilitate decision-making and improve collaboration within the organisation.
The Pilot Phase “In our industry, we have high human contribution, therefore time sheets application becomes very important to keep track of how the human assets are being utilised. Plus, from a compliance perspective, we need to keep a log of how different clients are billed, based on the various time slots allotted to them,” explained Savant. In Phase 1, as a pilot, the company focussed on the time sheet application. Even though updating a time sheet is very important, for various reasons it used to get delayed, as some employees preferred to fill it once at the end of the week, while some would struggle to find time to fill it. “We thought if the application is available The Chief Technology Officer Forum
cto forum 07 October 2011
29
COVE R S TO RY
enterprise mobilit y
over BlackBerry, then it takes away the need for an employee to be on the office premises and connected to their laptop and internet,” Savant said. Now with the application on their BlackBerry, employees can update it whenever convenient. “There have been two major benefits. Firstly, we’ve been able to save a lot of time. Secondly, with more time, employees can pay a lot more attention to the quality of data entered,” Savant elucidated.
of users and the content is shared only among the specific group.
Overcoming challenges
Consumerisation of IT is one of the biggest challenges for the IT team at Lowe Lintas. The company chose to start their mobility journey with BlackBerry owing to its highly secure platform. “We chose RIM as a strategic decision since BlackBerry device penetration was highest in our organisation. Tomorrow, if users come to me and ask for applications on other platforms such as Android or iOS, I’ll at Work in progress least have the groundwork ready,” Many more applications are in Savant explained. the mobile route. Take for examThere are multiple technologies ple the employee requisition from RIM that Lowe Lintas intends application. This is a complex to leverage in order to overcome the chalworkflow process for Lowe Lintas wherelenges related to consumerisation of IT. in there are different stages of approval: For example, RIM has introduced a head of HR; head of a business unit and technology called BlackBerry Balance. finally the CEO. With multiple approvals, It enables BlackBerry smartphones to be there ought to be delay. used for business and personal purposes “Now, we’ll be enabling these approvals on without compromise. When connected to an the BlackBerry. Considering 22 per cent of our organisation's BlackBerry Enterprise Server employees already have a BlackBerry, this means or BlackBerry Enterprise Server Express, specific that all the approvers would already have a one and IT policies along with features built into the device they can clear an application using their BlackBerry, software help keep personal information separate and thereby reducing the lead time to the entire approval probusiness information highly secure. Users cannot copy cess,” Savant said. For the larger workforce, the company is data from business partition to the personal partition. Also, creating an online leave application module. So, all the leave appliwhen a user leaves the company and takes the device along, cations and approvals would also be enabled on BlackBerry. the Blackberry Balance can wipe out the Business data from the device remotely, leaving the user’s personal Transaction to data intact. collaboration For users using a non-BlackBerry device, Savant opined, “These applications take care of RIM would soon be launching a technology our transaction and approval related applicacalled Ubitexx in India that is a multiple tions. Now, what we’re also considering is device platform management tool. The to take our collaboration portal (intranet multi-platform management integrates portal), which is based on Microsoft iPhone, iPad, BlackBerry, Google SharePoint Server 2010, and build an Android, Windows Mobile and Syminterface so that all the updates on the Pravin Sawant bian smartphones according to portal can also be accessed through Chief Technology Officer, mobile compliance in corporate a BlackBerry.” Lowe Lintas networks. Administrators can “Then we’ll also be leveraging launch and manage an unlimited the MS SharePoint Server platform number of smartphone models overto enable these capabilities by building the-air using a web-based console with software disdashboards. We do not want to just port all the online tribution and group-based policy management. data to the mobile, because you need to take into consideration the usability aspect. So, we’ll pick up only the data that is essential to a particular user and port it onto his BlackBerry,” he added. Lowe Return on Investment Lintas is also looking at building certain Business Intelligence appliFor the time sheet application, the payback period for the company cations through which senior managers can track the progress of a has been just four months. Moreover, now that the company has certain project or a campaign using their BlackBerry. built the basic blocks for mobility, it wouldn’t have to go through “In our industry, we need a lot of content from third party webthe learning curve again for other applications that it is now sites and collaboration tools to pool in ideas and best practices from working on and therefore the ROI would be much shorter on various sources. We will be building team sites specific to a team or these applications. a group of people working on a certain project,” Savant said. “Even if we do not consider the hard benefits, the soft benefits like The integration of SharePoint Server with the BlackBerry gives a the time saved in completing a process is a good enough business user a single interface where he can actually collaborate with a group case for us,” concluded Savant.
“We chose RIM as BlackBerry penetration is highest in our organisation with 22% owning one”
30
cto forum 07 october 2011
The Chief Technology Officer Forum
Taking a
Cautious Approach In conversation with Yashvendra Singh, Nareshchandra Singh, Principal Research Analyst, Gartner, on mobility in enterprises, its repercussions, and the way ahead
Enterprise mobility is a reality CIOs have to contend with. What could be some of the challenges technology leaders would have to encounter as mobility pervades corporates? The biggest challenge for a CIO is that there will be a huge legacy infrastructure. Traditionally, corporates have a wired network in place and it is tough to replace it as changing the infrastructure calls for capital expenditure. A CIO will have to tackle the question as to what is the optimum level of mobility that needs to be provisioned in his organisation. He will have to take a call as to what extent he wants to deploy the
The Chief Technology Officer Forum
cto forum 07 October 2011
31
COVE R S TO RY
enterprise mobilit y
technology. The second big challenge is to ensure that the quality of infrastructure deployed is up to the mark, as it has a direct bearing on access. This would again entail more investments. The third big challenge for a CIO is where to keep his data and resources and ensure that they are under control. There is an issue of external threats in case devices go out of hand. For instance, employees take laptops home where they use it for purposes other than official such as visiting music or gaming sites that threaten information security. So what is the way out for a CIO? The CIO must put in place a multi-layered and a well-architected security infrastructure. To begin with, s/he must profile his workforce – which all groups are there in his organisation and with which functionalities. He would then have to look at the network requirement of each group and design it for optimum utilisation. While there are many mobility management solutions available in the market, he should look at different technologies from an overall IT perspective and then relate them to mobility.
The work-life balance situation does arise but the pros outweigh the cons. So while people work more, the experience is better. Working outside the domain of the four walls improves productivity. Besides, working away from office also helps in cutting down on travel time. Travelling takes time both from office and individual time. What are the top points a CIO has to keep in mind before formulating an enterprise mobility strategy? Device management is a key need but a CIO has to look at it from a comprehensive approach. Security does not end with making the device secure. The device also accesses and connects to the application. So the security should be at the device level, and application level. One would then have to secure all the layers. Then comes the area of identity management. The CIO would have to keep a tab on the person behind the device and his pattern of access. If suddenly someone accesses lots of critical data, a CIO should immediately take note. How would emergence of cloud impact enterprise mobility? Cloud-based services and applications could be important with respect to mobility. Corporates could put the content being used in private cloud. From a corporate’s perspective, this has an advantage. The data will not reside on the device, and the device could be managed and secured from a centralised point.
But then where does standardisation fit in the scheme of things? CIOs have long been talking about standardising their IT infrastructure, something which now seems implausible. What are your views on this? Going forward, it will be tough to bring in standardisation. New platforms and applications are emerging every day and achieving standardisation of IT seems tough. What trends do you see emerging in enterprise From a security standpoint too, it is a chalmobility? lenging situation for a CIO. He needs to The biggest drivers for the enterprise mobility market be practical while allowing access to are the devices themselves. The ability of devices such crucial information of the company. as tablets, notebooks, smart phones and PDAs (perAll the new platforms that are sonal or provided by the office) to connect to the emerging may not be secure. It network wirelessly is replacing the traditional is difficult to secure the infrafixed products. structure from threats that The need to connect information with the outlurk in Android. side organisation is also driving this trend. Going There are sevforward, there would be more and more content Nare Principa shchandra eral organisations that sold at Android’s market place and Apple’s App l Researc S h Analys ingh don’t allow Android store. In terms of security, mobile content t, Gartn er devices access to official will become the most risk prone domain. email exchange. HR applicaCIOs will have to increasingly include tions, payroll applications and SAP are mobility in their overall security strategy. seldom available on android platform. Until a platEnterprise mobility could be in the context of form is perceived to be secure, CIOs will have to take a cautious infrastructure within the office, which means the network that conapproach. Apple is seen to have taken a more serious approach to nects the devices could be wi-fi. security, which is why corporates are more open to iPhone, iPad Then it could be from the perspective of having access to differand App store. ent application while on the move. Enterprise mobility can also be looked at in the context of business applications that have mobility. From an office point of view, the wireless LAN infrastructure is Enterprise mobility is good for a corporate as working growing rapidly. It is growing at double digit rate in the last twohours of an employee increase. But isn’t it detrimental for three years compared to wired LAN. an employee who is now virtually on the job 24x7?
“Secur it not endy does making with secure devices also ac . Devices conneccess and applicat to the tions”
32
cto forum 07 october 2011
The Chief Technology Officer Forum
enterprise mobilit y
COVE R S TO RY
Three years from now, there would be consolidation in the mobility space with only three vertically integrated smartphone makers left in the fray By Ernie von Simson
August is usually a slow somnolent month; a torpid time to loll at the beach, play with the kids, or read empty novels, certain that nothing strenuous can happen before Labour Day. This August was different. The IT sector’s dynamic mobile business suffered three major reversals: Apple lost Steve Jobs; HP abandoned both WebOS and its tablet (and will probably sell its industryleading PC business); and Google may abandon android neutrality with the acquisition of Motorola Mobile. Any of these three could cause major disruptions that may not be visible for three years. The Apple CEO transition from Steve Jobs to the highly regarded Tim Cook raises questions. Can the greatest innovator since Thomas Edison be succeeded by any chief operating officer? Wall Street remains upbeat assuming the company surely has a threeyear product pipeline. But the history of Steve’s previous replacement in 1985, paints a less optimistic picture. Sales and profits rose for the first years under John Sculley, masking the essential stagnation that relegated Apple to a minority market share until Steve returned in 1997. Will that happen again? Can any CEO hold to a fixed product pipeline against big money competitors like Google and Microsoft? HP’s abandonment of the mobility market and possible sale of its PC business reawakens questions about the company’s strategically destructive zig-zags over the last 20 years. CEO John Young forced out the leader of the company’s successful computer business to push more R&D emphasis on the traditional instrumentation business — the same business his own successor spun off a few years later. Carly Fiorina bought the Compaq PC business over the loud objections of several insiders and was herself ousted. Her
successor Mark Hurd bought Palm and cut R&D. Now his successor wants to abandon Palm’s WebOS and spin off PCs. After all those turns, HP’s ratio of market capitalisation to revenues is now 0.4 — versus 2.0 times for IBM and 3.1 times for Microsoft. Are the lions gathering? Will there be an HP at anything like its present scale three years from now? Google’s acquisition of Motorola Mobile could signal the end of the independent smartphone companies as the sector follows Apple and RIM: integrating processor, operating software, hardware, and even apps. As a rule, the company that controls the platform can eventually control the rest. That was certainly evident when Microsoft’s move into productivity apps during the 1980s placed WordPerfect, Lotus, and Borland at an extreme disadvantage. And, again, once Oracle moved from database into apps, it eventually absorbed Siebel and Peoplesoft. Three years from now, there could easily be three vertically integrated smartphone makers: Apple, Google/Motorola, and Microsoft/ Nokia with the positions or alliances of RIM, HTC, Samsung, and the rest yet to be determined. Potentially destructive change has been a constant in the IT industry. For the mobility sector, change comes faster and rattles more destructively. —Ernie von Simson is the senior partner in the CIO Strategy Exchange and the author of The Limits of Strategy an inside analysis of the success and failure of IT companies over the past 30 years. This article has been reprinted with prior permission from CIO Update. To see more articles regarding IT management best practices, please visit www.cioupdate.com.
The Chief Technology Officer Forum
cto forum 07 October 2011
33
E V E N T R E P ORT
hp
Event
A Leap of Faith
CTO Forum and HP hold a three-city leadership event on taking the leap between exceptions & business standards The esteemed panel engaging the audience with their views on leadership
Delegates agreeing with Dr Pramath Raj Sinha, MD, 9.9 Media on creating a fine balance between exceptions and standardisation
Satish Pendse, President, Highbar Technologies and Ashish Chauhan, Deputy CEO, Bombay Stock Exchange
A
n issue that often comes up for discussion in the CIOs' leadership journey is their role in bridging the divide between capability and performance of individuals and building highly productive and outstanding teams. CTO Forum in partnership with HP, organised a multi-city leadership event namely, 'Take the Leap', in
34
cto forum 07 october 2011
The Chief Technology Officer Forum
Mumbai, Chennai and Hyderabad. Breaking away from the conventional format and keeping technology aside for the duration of the programme, the sessions were focussed purely on how CIOs should
handle the trade-offs between driving performance versus trying to use technology to drive productivity of the organisation. Setting the context for the discussion, Dr Pramath Sinha, MD, 9.9 Media, asked the
hp
panel, “How do you trade-off equipping an individual or function with the best technology and tools they deserve against ensuring compliance to organisation-wide standards and benchmarks that drive efficiency? How 'flexible' do you need to be? What works and what does not? How do you actually do it? Where do you start?” Trade-offs largely depend on the organisation's culture. How open is the culture? Are we open to deep dive into a technology area that allows a variety of devices. Along with these trade-offs, CIO’s often have to make exceptions for certain users and business divisions. But often, making these exceptions create a huge problem since the moment you make one exception the floodgates open and it is difficult to say no to others demanding similar exceptions. In certain cases, even if you have a blanket policy, you are bound to make exceptions. Explains, Ashish Chauhan, Deputy CEO, BSE, “Handling customisations for a particular user is another big challenge. Ours is a highly restrictive environment and we usually do not allow exceptions. However, the world is moving ahead and there are situations where we have to allow for exceptions. But somewhere we need to maintain a balance between giving what the user wants and providing it to them without losing too much. If you become too restrictive, then you might limit the growth of your organisation. And, if you are too open then you might put your organisation in jeopardy, exposing it to security threats, among other things.” Elucidating the need for change, Satish Pendse, President, Highbar Technologies, said, “When the internet came, we restricted access to the internet but now you cannot think of doing anything without it. Any revolution of this nature, faces resistance from the IT community itself, because CIOs believe that putting restrictions is
E V E N T R E P ORT
Delegates listening to the intense discussion at the venue
Trade-off was the key discussion point during the event as CIOs shared their ways of handling them
Shashi Kumar Ravulapaty, Senior VP & CTO, Reliance Commerical Finance making his point
Tejas Shah, Head, Information Technology at AXIS Asset Management Company LTD along with Manikkam Subramanium, Head IT, Henkel CAC
Delegates paying close attention to panellists' views on the new age leader
all about power. Later, we realise that not everything is so business-critical that you must perforce restrict it. You will have no choice but to allow new
technologies. Some would allow it early, while others later. If you do not allow change, then you would be isolated in your organisation.” The Chief Technology Officer Forum
cto forum 07 october 2011
35
E V E N T R E P ORT
wipro
Event
Open Resources
CTO Forum withWipro recently conducted a two-city tour to talk about the evolving state of Managed Services Panelists engaged in intricate discussions on Open Source based Managed Services
Delegates questioning Wipro on their open source-based managed services offerings
Panelists enlightening the delgates on proactivate employees service strategies
I
n the age of the modern enterprise, more and more CIOs are looking to outsource select processes to third party service providers. In this scenario, platform independence and reduction of capital expenditure makes the value proposition even stronger. A key question, therefore, in front of CIOs is, “Since we are looking at minimising dependencies in terms of platform, in-house maintenance, and so on, how many of you would like to go to the next step and look at open source tech-
36
cto forum 07 october 2011
The Chief Technology Officer Forum
nologies being delivered, as opposed to proprietary technologies?” Wipro currently offers some interesting open source-based managed services solutions, which can help in further cost savings even in a managed services scenario. “In the current landscape, there are those
who support open source from a cost savings perspective, and some who are wary of the same for various reasons, such as accountability, stability, integration, and change management,” explains Lini Karanth, Wipro. Citing an example from an Openoffice implementation at HDFC Bank, Karanth explains, “If you were to look at the enterprise-wide deployment of OpenOffice at HDFC Bank, it was a bold move on part of their CIO. By Bold, I would refer to the fact
wipro
that people were used to a conventional Word interface, and here, they had something different. Change management can be a long and tiring process, however, in the case of HDFC Bank, change won.” Bank employees soon got used to the new user interface, and are using OpenOffice with great ease. “This is a situation where open source won. We have also seen a lot of traction in the government where open source usage is only increasing. This is a huge boost to the open source community and the proliferation of this idealogy across enterprises,” furthers Karanth. Apart from looking at how open source software is making a mark in being delivered through managed services, the other topics of discussion that garnered a lot of attention at the events were those on end user transformation services and enterprise mobility. “There is a limit to the amount of service requests that IT help desks can handle. Petty things like password resets, for example, can be troublesome for IT management who are obviously bogged down by more pressing matters. At Wipro, we are really pushing the employee selfservice strategy, and we are finding better and more automated ways of end user customer satisfaction. It's one thing defining a process, but it's quite another thing making it work. In our case, we have, and we want, to extend this to our customers, or enterprises that are looking for better ways to manage end user technology woes,” explained NVR Mohan, Wipro. End user transformation services look to complement enterprises' efforts to improve customer satisfaction and productivity by delivering pre-emptive, proactive and justin-time resolution. “At Wipro we are looking at bringing in more efficient ways at servicing technology issues, all within the bounds of an organisa-
E V E N T R E P ORT
Team Wipro was responsible for bringing to you their customisable and unique offerings
Waseem Khan, Head, IT, Mastek and S Sathiyamurthy, PCS, sharing some tips on enabling technology consumers with NVR Mohan
Team Wipro interacting with delegates at the event
tion, and without going to the vendor, until there is something that cannot be resolved by a component of the process, and requires vendor involvement,” explains Mohan. Wipro is offering proactive support, self-healing, self-service, service desks and problem management — all of which are process-oriented layers of hierarchy in regard to the above. With multi platformed mobile devices coming into the picture, IT managers can have a field day trying to deal with this segmentation. Add to this minimal standardisation, and one ends up with a management nightmare. However, true governance in this sphere is the only key
to devising data policies and exceptions for managing mobile devices. Wipro's range of solutions definitely did a good job of impressing the attendees. Obviously, CIOs today are looking for significant cost savings wherever possible — however they are fairly hesitant in some regards. But then again, which CIO isn't — at the time of evaluating new technologies. The evenings ended with very interesting conversations on the topics of discussion. Although there are a number of issues in these emerging spaces, there is definitely scope — for technologies that can help make a difference to the way your enterprise ticks. The Chief Technology Officer Forum
cto forum 07 october 2011
37
NEXT
HORIZONS
ABOUT AUTHOR
William W. Blausey Jr is SVP and CIO for Eaton Corporation, an $11.9 bn company dealing in electrical components and systems for power quality, distribution and control
Illustration BY shigil n
G Go Green; Not Red Going green can help organisations
save money, comply with increasingly strict environmental regulations and enhance their public image
by william W Blausey Jr
38
cto forum 07 october 2011
The Chief Technology Officer Forum
reen IT is without question one of the one of the most sweeping trends in IT today. The industry enthusiasm isn’t hard to explain. The recent recession and its after effects, along with rising energy costs, have made reducing capital and operating expenditures a higher priority than ever. Properly conceived and implemented, green IT efforts can help organisations save money, comply with strict environmental regulations and enhance their public image. Yet adopting green intentions is often simpler than acting on them. Here are a few reasons why: Friction with corporate objectives: Most executives, recognise the importance of environmental responsibility. Yet at the end of the day, their chief responsibility is to serve the interests of the company’s owners by maximising profitability. After all, the greenest possible data centre would contain no servers, yet a company with no servers would have little prospect of success. Green IT isn’t something that companies simply adopt or don’t adopt. Friction with competing priorities: Going green would be much simpler if only it were free. In reality, however, every green IT project has a price tag. With capital budgets stretched thinner than ever, organisations
green it
must weigh green IT projects against other potential investments. For example, assuming you can’t afford both, should you install solar panels on the roof of your data centre or open a new branch office? Unfunded mandates: Green IT efforts often impose unfunded financial burdens on data centres. These sometimes result from senior managers announcing a corporate sustainability initiative and then failing to increase the IT and facilities budgets accordingly. In other cases, however, government environmental regulations are to blame. For example, UK’s Carbon Reduction Commitment Legislation, which officially went into effect on April 1, 2010, requires roughly 5,000 of the nation’s largest organisations to measure and report their annual energy consumption. Yet, few companies are equipped to assemble such figures at present. Acquiring that capability will cost money that many British data centre managers will have to take from existing capital budgets. Misaligned departmental priorities: At most companies, the IT department is responsible for purchasing hardware but the facilities department pays the power bill. As a result, IT managers often choose the most affordably-priced products rather than the most energy-efficient ones, which tend to be more expensive. A similar dynamic discourages IT departments from adopting renewable energy sources and other green power technologies because maintaining availability is one of IT’s most important jobs. But green solutions may add complexity (and therefore risk) to IT operations. Thus, IT decisionmakers have little incentive to implement green power technologies. If everything goes right, the facilities department will get most of the credit for lowering energy spend. If anything goes wrong, however, IT will receive all of the blame for increasing downtime. Viable green solutions: While there are many sound reasons for wanting a greener data centre, then, realising that goal cost effectively is easier said than done. Just the same, most organisations can benefit from at least some green strategies in some circumstances without compromising corporate growth or IT reliability.
Let us take a look at the technologies, services, and department-level changes you can employ today to green your IT department.
1 Implementing Virtualisation Though many organisations use virtualisation primarily to simplify hardware management, enhance business continuity and conserve data centre floor space, it can also significantly reduce power and cooling costs
Properly conceived and implemented, green IT efforts can help organisations save money, comply with strict environmental regulations
N E X T H OR I Z O N S
Energy Star-compliant products often cost more than comparable devices.
3 Freeing Stranded Power & Cooling Capacity Trimming waste from power and cooling systems can be a safe and economical way to reduce energy consumption and greenhouse gas emissions. For example, many data centres rely on aging uninterruptible power systems. Replacing them with newer, more energy-efficient models is a low risk, relatively low cost way to save money on power and shrink your carbon footprint. What’s more, many electrical utilities offer financial incentives that can accelerate your returns on a UPS investment. Returns on high-efficiency backup systems can be substantial. In the 1990s, a typical UPS was generally only about 80 to 82 per cent efficient under standard loading conditions. Today’s models, however, routinely achieve 92 to 95 per cent efficiency, and newer technology UPS systems with advanced energy savings capability like systems with ESS can save you even more. Similarly, equipping your air handling system with a variable frequency drive (VFD) is another affordable means of recapturing stranded power.
4 Leveraging Free Cooling by consolidating underutilised yet energyhungry servers. Indeed, a properly-architected server virtualisation solution can lower server energy consumption by up to 82 per cent, according to tech analyst firm Gartner. Of course, virtualisation usually imposes significant upfront hardware, software and services expenses, but Gartner estimates that most companies recover such costs within 24 months. As a result, adoption of virtualisation is increasing rapidly.
2 Deploying Energy Star Servers Standardising on servers that qualify for the federal government’s Energy Star designation can help you free up stranded power capacity. Servers that meet Energy Star requirements use 30 per cent less power on average, according to the US Department of Energy and the US Environmental Protection Agency, which jointly administer Energy Star. However,
Most data centres chill hot exhaust air from servers and then re-circulate it. Facilities that utilise 'free cooling', by contrast, simply pump hot internal air out of the building and pipe cool external air in. The end result can be a dramatic drop in cooling costs. In fact, based on the results of a ten-month experiment involving nearly 900 heavilyutilised production servers in a high-density data centre, Intel Corp asserts that free cooling techniques can reduce the total amount of power a typical data centre uses for cooling by approximately 67 per cent. That could save a 10 MW data centre roughly $2.87 mn a year. However, free cooling isn’t an option for every data centre, as external air temperatures are simply too high in some locales to cool servers properly.
5 Using Enterprise Monitoring When it comes to data centre energy consumption, IT managers have long agreed The Chief Technology Officer Forum
cto forum 07 October 2011
39
N E X T H OR I Z O N s
green it
with the old adage that “you can’t manage what you can’t measure.” Yet, until recently, the only way to deliver energy usage data to network operations centres was to install interfaces between IT management systems and building automation systems. Armed with such figures, organisations can measure their power efficiency against comparable organisations and set realistic efficiency targets. The PUE metric can help with this task. Developed by The Green Grid, a technology industry non-profit consortium dedicated to raising data centre efficiency, PUE expresses the amount of power used for power quality and cooling by dividing the total power entering an IT facility by the total power used by IT equipment in that facility, as follows: PUE = (Total Facility Power) ÷ (IT Equipment Power) Thus, for a data centre that consumes 1,000 kW of power, of which 400 kW is used by IT equipment: PUE = 1000 ÷ 400 = 2.5 Combined, newer energy metering tech-
nologies and metrics like PUE can help companies benchmark their power consumption
6 Raising Server Inlet Temperatures
69% of American
temperatures can shorten the lifespan of UPS batteries, potentially resulting in higher maintenance and replacement costs. Companies must decide whether or not the savings associated with higher inlet temperatures justify such risks and expenses.
companies had For years, conventional wisgreen programs dom has held that data centre thermostats should be set at in 2010, up from roughly 72 degrees. Accord—William W. Blausey Jr is SVP and 53% in 2009 ing to recent studies by the CIO for Eaton Corporation, an $11.9 American Society of Heatbn global technology leader in elecing, Refrigerating and Air-Conditioning trical components and systems for power quality, Engineers (ASHRAE), however, most data distribution and control. In this role, Blausey is centres can safely operate at temperatures responsible for the enterprise IT strategy and as high as 80 degrees. Raising data centre execution. Blausey assumed his current position temperatures even a few degrees can save in January 2006 after serving as VP, Information you thousands of dollars a year, depending Technology, for Eaton’s Fluid Power Group since on the size of your facility. 2001. He earned a bachelor’s degree in computer science from Bowling Green State University in However, should cooling systems in an Ohio and is located in Cleveland, Ohio. 80-degree Fahrenheit/26.67-degree Celsius —This article has been reprinted with permission data centre fail, IT and facilities managers from CIO Update. To see more articles regardwill have significantly less time to react before ing IT management best practices, please visit their servers reach thermal shutdown. Addiwww.cioupdate.com. tionally, operating your data centre at higher
THIS DIWALI, GIVE YOUR EMPLOYEES THE GIFT OF KNOWLEDGE Let your employees start a new journey of knowledge and enlightenment. Get the most out of your gadgets by demystifying technology and staying updated on latest softwares and gadgets
INDIA’S MOST READ TECHNOLOGY MAGAZINE
Pick the latest copy of Digit at: News stands near you Any Landmark or Mediamart store Online at thinkdigit.com/store To
avail
a
discounted rate for your organization, contact subscriptions@thinkdigit.com or call 96500 63053
Sourabha
at
NO HOLDS BARRE D
PERSON' S NAME
Cloud is altering
IT industry While enterprise acceptance of public cloud is still uncertain, private clouds are increasingly emerging as a viable option. Rebecca Parsons, CTO, ThoughtWorks, tells Yashvendra Singh, how cloud computing will have a significant impact on the Indian IT market
42
cto forum 07 october 2011
The Chief Technology Officer Forum
How is ThoughtWorks doing globally and in India? We're doing quite well, operating generally in a close to sold out state in most parts of the world. There's been some fluctuations, and we are still concerned about potential impacts from the GFC. However, our business tends to be on the value-creation side of our clients, and these projects tend to be seen as vital to take advantage of a recovery.
Your view of the software scenario in India? The India IT market, and this has been true of ThoughtWorks India as well, has been focussed for quite some time on off-shore and outsourced work. The local market, however, is increasingly becoming a factor in the Indian IT market, as new business innovation increases in here. ThoughtWorks India is seeing this trend in our business as well.
R e b e c c a Parsons
This innovation is being partially driven by the increased usage and availability of mobile phones and the mobile internet. It's an exciting time to be in India. The role of the cloud is also altering the IT industry in India. Two aspects of the cloud are particularly relevant as enablers of innovation: elasticity and the low barrier to entry. The low barrier to entry simplifies the process of getting an idea out to the market, while the elasticity of the cloud infrastructure allows new enterprises to scale, potentially quite rapidly, to respond to a market burst. One question about the cloud is the extent to which it will change computing for large enterprises. There's still a lot of uncertainty about enterprise acceptance for using public cloud infrastructure, but private clouds are also an option. The answer to this question will have a significant impact on the face of the Indian IT market, particularly those organisations focussed on the global rather than the local market. How has the software testing industry evolved in the last 10 years? Automation across the spectrum of testing has advanced significantly in the last 10 years. Ten years ago, I would frequently come across QA managers who were actively hostile to the thought of test automation, feeling that overall quality would be compromised if tests were automated. Today, there is increasing acceptance of the value of automation in reducing the drudgery of testing, allowing QA professionals to focus on the aspects of testing requiring experimentation and interaction. What are the latest trends in RFID tagging? After the initial introduction and euphoria of RFID, it became clear to most corporates that the price point outweighed the benefit promised by the technology. Early adopters such as Walmart and Marks & Spencers
were primarily one offs with limited usage. Over the past few years, the technology utilised to produce RFID tags have undergone significant change with the result that RFID tags are now at a price point below a dollar each. We feel that the price point will still fall further and once it reaches a 50-65 cent price point, will start appealing to corporates. Recent advances such as error rates and the ability to withstand physical forces have also made RFID tags operationally feasible. The retail and manufacturing industries need to watch these trends closely. Additionally, continued improvement in the
“Continuous Delivery has the potential to radically transform an enterprise by allowing it to experiment often”
NO HOLDS BARRE D
initiatives, empowers citizens to participate in a way they couldn't previously. The same applies to business, where the barriers to entry to information on markets, as well as to businesses in general, are declining. The potential is huge. With the new calendar year just a quarter away, what would be the hot enterprise technologies in 2012? The first to find mention would have to be Continuous Delivery. While a number of the techniques making up Continuous Delivery have been around for a while, the publication of Jez and Dave's book has crystallised attention on the issue. Continuous Delivery has the potential to radically transform an enterprise by allowing it to experiment often, yet safely, to respond quickly to opportunities and business risks, and increase its understanding of the needs of its customers — internal and external.
operational characteristics and in the price point will open up additional applications for RFID.
Please explain why would these technologies find favour in enterprises? The goal of Continuous Delivery is to make deployments boring. At its heart, Continuous Delivery allows enterprises to quickly release new features to its customers, with a significantly reduced risk of encountering problems.
How can technology help create social impact? There are many ways technology creates social impact. In its simplest form, technology is a productivity enhancer, allowing organisations to do more with less, or to scale in ways that they couldn't without technology. Take something simple like donations. NGOs survive through donations. It's easy to see how an easily searchable website can increase the potential for donations. However, technology has far greater potential. Access to information, enabled by the internet as well as open data
What could be some of the challenges for a CIO going in for these technologies? Adopting Continuous Delivery requires a lot of work. Many enterprises have highly customised server environments and little to no automation in their deployment processes. It also requires greater communication and collaboration between the software development and the operations organisation. The DevOps movement is attempting to change this, but there are significant social and organisational challenges.
The Chief Technology Officer Forum
DOSSIER ompany: C ThoughtWorks Inc. E stablished: 1993 eadquarters: h Chicago, US i ndustry: IT consulting, management consulting E mployees: Over 1700
cto forum 07 October 2011
43
T E C H FOR G O V E R N A N C E
securit y
5
POINTS
breaches of various types claimed 431 million adult victims last year 7 3 per cent of adults in the US alone incurring estimated financial losses of US $140 bn Remote controlled aerial vehicles which can automatically detect and compromise wireless networks have been developed. e very company in every industry of significant size, with valuable IP, contracts or trade secrets is potentially under attack
photo BY photos.com
The total cost last year resulting from cyber attacks associated with viruses, malware and identity theft is estimated at $US 388 bn.
Future Enterprise:
Cyber Warfare Cybercrimes are no longer restricted to stealing trade secrets. According to industry estimates, we could be looking at a full blown cyberwar by david Hunter
44
cto forum 07 october 2011
The Chief Technology Officer Forum
sEcurit y
T E C H FOR G O V E R N A N C E
The main players in this game of cat and mouse currently include three broad groups, each with different motivations, although overlapping to a degree. First: The state sponsored hackers — China, Iran, Russia, Estonia, Israel — recently upping the cyberwar stakes with its Stuxnet attack on the nuclear facilities of Iran, Indonesia, North Korea and Syria. At the same time dictatorial regimes across the world, from Syria to Saudi Arabia have introduced extreme punitive measures to monitor and control access by dissidents, particularly during the Arab Spring. And they have often coerced US and European technology companies to assist them, including Siemens — in the crosshairs for assisting the autocratic Government of Bahrain track down dissidents. Second: The White hats — independent freelance hacker groups such as Anonymous/LulzSec. Their aim according to India, South Korea, Vietnam and Canada, their manifesto is to expose the corruption ASEAN, the International Olympic comand greed inherent in the play-books of mittee and an array of companies from big business and rogue regimes powered defence contractors to high-tech enterby hyper-capitalism and intent on plunprises including Google, with most of the dering the natural resources of the planet. victims unaware of the breaches. They also support whistleblower groups This represents a massive loss of economsuch as WikiLeaks and social activist ic advantage possibly the biggest transfer of groups in general. IP wealth in history. Currently every comThird: The Black hats — with much more pany in every industry of significant size, clearly defined goals, from overtly criminal with valuable IP, contracts or trade secrets is to destructive and anarchistic. They are potentially under attack and this will inevimarshalling their attacks primarily on the tably extend to smaller organisations such Midas riches of credit card and financial as strategic hi-tech start-ups in the future. databases across the globe, at the same At the national level it involves exposure of time as China and Russia are sensitive state secrets includinghacking other government's IP, policy intentions and decisions email and trade secrets. covering all levels and functions Cyber Hackers now make of government such as trade, up a complex substratum of defence and industry policy. adults victims of social crime, composed of an The stakes are huge: a challenge to economies and global cyber attack in ad hoc combination of hackers and security experts, each with markets. From both an enterthe us incurred a fiercely competitive agenda. prise and state perspective financial loss But already fragmentation is therefore this is an intolerable extending to inter-cyber warfare situation; but because it has of $140 bn between these rapidly evolvexploded at such speed, the ing networks of dysfunctional response to date has largely society, at the same time overlapping with been fragmented and ineffective. global terrorist groups. But this is about much more than ruthless The world's superpowers are already criminal intent to pillage credit cards, steal introducing new cyber-policies to despertrade data or bring down unpopular sites. ately protect their intellectual property, On a global scale, cybercrime has the poteninfrastructure and financial assets, as well tial to morph into full blown cyberwar!
No enterprise, no matter how small
or benign, will be safe from cyber attack in the future, with an estimated 250,000 site breaches reported in the last few years including — EMC's RSA Security unit, the Public Broadcaster PBS, Sony's PlayStation network, Apple administration password database, the International Monetary Fund, South Korea's largest banks, the Spanish Police, US Senate, Texas Police Department, the CIA, Turkish and Malaysian governments, Google's Gmail, the Nokia forum site and Citibank's Credit Card accounts. In the latest Norton Cybercrime Report, it was reported that breaches of various types claimed 431 million adult victims last year, with 73 per cent of adults in the US alone incurring estimated financial losses of US $140 bn. As a criminal activity, cyber incursion is now almost as lucrative as the illegal drug trade. The total cost last year, including lost productivity and direct cash losses resulting from cyber attacks associated with viruses, malware and identity theft is estimated at $US 388 bn. The security firm McAfee report listed a range of cybercrime technologies deployed including denial of service attacks, malware, spam, phishing, social site engineering, mobile phone viruses, botnets and phone sms Trojan messages. Also more recently, hacking drones — remote controlled aerial vehicles which can automatically detect and compromise wireless networks, by locating a weak spot in a corporate internet connection have been developed. To make matters worse, the first flaws in the advanced encryption standard used for internet banking and financial transactions as well as government secure transmission, have been discovered. But most worrying, security experts from McAfee have now discovered the biggest series of cyber attacks to date, involving infiltration of the networks of 72 organisations around the world including the UN, the governments of the US, Taiwan,
73%
The Chief Technology Officer Forum
cto forum 07 October 2011
45
T E C H FOR G O V E R N A N C E
sEcurit y
as control the flow of information within their populations, but the attempt is bogged down. The European Convention on Cybercrime is moving at glacial speed because EU governments are reluctant to share sovereign IT information with other powers, even if friendly. The new US Cyber Manifesto has also been stymied. The policy aims to support open access to the internet while at the same time pursuing a policy of aggressive physical deterrence against any foreign powers such as China and Iran or organisations like WikiLeaks, which attempt to penetrate US computer systems. But this policy is meeting resistance from vested US business interests on issues of regulatory control and government surveillance of business system security. China on the other hand appears to be going for the jugular. It has established The State Internet Information Office with the express purpose of regulating and controlling its vast internet population and had even considered building an alternative internet to sidestep the US controlled ICAAN. Cybercrime may also be made a lot easier by the ubiquitous application of cloud technology in the future. Most major corporations and government agencies will be using at least one cloud to store and process its operational data, leased from Google, Cisco, IBM, Amazon, Microsoft, HP, etc. Already several of these clouds including Amazon have been breached and others have had outages. Gaining access to data from a dozen major information sources would be a lot easier than penetrating thousands of individual databases. The first generation of software agents appeared in the nineties and were used to trawl the web, applying basic search procedures to locate information resources such as online shopping or travel sites and locating the best prices. The second generation emerged around five years later. These programs were smarter, incorporating artificial intelligence that enabled them to make decisions more autonomously to meet their operational goals. They were deployed mainly in simulations of interactive population behaviour and interaction in a variety of environments shopping malls, supply chains as well as
46
cto forum 07 october 2011
The Chief Technology Officer Forum
disaster and conflict areas. In addition, they possessed superior negotiation and decision logic skills, using game theory and semantic inferencing techniques. But the third generation agents will be something else again. These will be based on complementary combinations of advanced AI techniques such as ‘evolutionary algorithms', that allow them to constantly improve their skills; 'neural networks' for superior pattern recognition and learning; ‘bayesian logic' for powerful inferencing capabililty; ‘ant foraging' to help find the most efficient paths through complex
From now on cyberspace will be the new corporate and state battleground and cybercrime, the main risk protagonist. The threat of all out cyber war is now an urgent issue network environments and ‘swarm' technology, allowing individual agent intelligence to be amplified by working cooperatively in large groups. They will increasingly also be capable of tapping into the enormous computational intelligence of the web, including the public databases of mathematical and scientific algorithms, eventually allowing their intelligence to be amplified by a factor of a hundredfold. This Uber-level of intelligence will transform Agent swarms into formidable cyber strike forces, which could operate under deep cover or in sleeper mode, transforming into harmless chunks of code until a cell and attack was activated and could also
replicate rapidly if additional forces were required. Although this might sound like science fiction, the AI techniques involved, such as evolutionary algorithms, neural networks and swarm architectures have been in common use in business and industry for over ten years. The capacity to harness them in cyber strike force mode is only a matter of time. Future conflicts will not be about destroying an enemy armed with billion dollar hi-tech armaments such as tanks, jets and warships, but will be played out largely in future cyberspace. What value a sophisticated weapons system if it can be disabled by an elite cyber hacker with a Stuxnet-type virus? What value armies of highly trained soldiers if their command and control centres can be disabled with a few keyboard strokes and a swarm of smart software agents? What value the trillions of dollars spent on containing Al-Qaeda if the economic and logistical systems supporting the attack can be thrown into disarray by a powerful artificial intelligence algorithm? But the CEOs of major corporations and military commanders of the major powers are still coming to terms with the mindblowing ramifications of cyberwar. Cyberwars are more likely to flourish in times of food and critical resource shortages, with countries and enterprises desperate to secure access to critical supply information. That time is not far off, with estimates of critical food shortages and rising prices as early as 2013, with a follow on spike in global conflict highly likely. One thing is certain. From now on cyberspace will be the new corporate and state battleground and Cybercrime the main risk protagonist. The threat of all out Cyber war is now an urgent issue that transcends lines between individual enterprises or governments. Unless a global cyber security framework, binding both the private and public sectors can be engineered, a world of disorder will rapidly emerge a turbulent world, where change has ceased to be beneficial and becomes ultimately destructive. —This article is printed with prior permission from www.infosecisland.com. For more features and opinions on information security and risk management, please refer to Infosec Island.
c E r t i f i c at i o n
T E C H FOR G O V E R N A N C E
Following Steps to Become ISO 27001
The best way to prepare for certification audit
By Dejan Kosutic
I
f you think writing a bunch of information security documents is enough to get ISO 27001 certificate, you're wrong. You need to implement all the activities described in your documentation, but that's not all — you also need to follow certain steps in the final phase of your ISO 27001 project.
ISO 27001 Certification Process
these problems were resolved — this process is called corrective actions. It is recommended to take preventive actions too, to try to prevent problems before they happen.
Mandatory Steps for Finishing the Implementation
How to Test ISO 27001 Implementation?
After finishing all your documentation and implementing it, you need to perform these mandatory steps in your ISO 27001 project: Internal audit Management review Corrective and preventive actions The purpose of internal audit is that someone independent checks out whether your Information Security Management System (ISMS) is working properly. (Read more about internal audit here Dilemmas: with ISO 27001 & BS 25999-2 internal auditors.) Management review is actually a formal way for management to take into account all the relevant facts about information security and make appropriate decisions. The point with ISO 27001 is to reach such decisions as part of a regular decision making process. Finally, the company needs to correct all the problems detected by internal auditors, managers or someone else, and document how
However, before undertaking these mandatory steps, it is useful to check whether everything is in place. This step is not required by ISO 27001 (at least not in such an explicit way), but in my opinion it significantly increases the chances for successful certification. Doing the ISO 27001 test (or check) means that everyone who has a role in ISMS has to check whether everything he/she is responsible for really functions as required by the standard, and by the company's documentation. All these steps might seem complicated or you may think of them as costly overhead. But, believe me, they do serve their purpose — if implemented properly, you will see that they will actually increase your level of information security.
Illustration by PC Anoop
Let's start first with the certification process itself — it is divided in two steps: Stage 1 and Stage 2 audit. In Stage 1 audit (also called Documentation review) the certification auditor checks whether your documentation is compliant with ISO 27001; in Stage 2 audit (also called Main audit) the auditor checks whether all your activities are compliant with both ISO 27001 and your documentation. Therefore, you need to pay attention to both writing appropriate documentation for your needs, and to really committing to implementation information security in your company. (For details on required documentation, steps in the audit and how to deal with nonconformities read this article How to get: certified against ISO 27001?).
—This article is printed with prior permission from www.infosecisland.com. For more information please refer to Infosec Island.
The Chief Technology Officer Forum
cto forum 07 October 2011
47
VIEWPOINT Steve Duplessie | steve.duplessie@esg-global.com
Illustration by PC Anoop
Is it Time to Reclassify Storage?
It is time to categorise SSDs
SSDs have existing since time began, but it seems like we need to categorise a whole new sector. Sorry, old SSD guys. Traditional storage architectures have always been talked about in terms of block vs file, tier 1 vs tier 2, and modular vs monolithic. Those characterisations seem less relevant to me now. I still like the terms scale-out and scale-up. It seems that we also need to classify storage by its use cases as well as its attributes moving forward. ‘Performant storage’, ‘classic storage’, ‘copied storage’, and ‘archival storage’ might be better descriptors. Performant Storage is storage used for high performance applications. This is a way to categorise the new (gold?) rush of vendors using lots of solid state chips to serve data to systems, either all by their lonesome or in combination with spinning disk (automatically self-optimising). Bottom line, this genre serves data out of flash (or RAM, but a solid state device). It doesn’t always have to house/store that data in that solid state device, but it should always serve it out of there in order to be as fast as is conceivable.
48
cto forum 07 october 2011
There are vendors that sit in the server (Examples: Fusion I/O, LSI, Virident, Marvell, etc.) and those that spend their time outside of the server in a network (Examples: Violin, Pure,Solidfire, Nimbus, WhipTail, Nimble, NexGen, Avere,Viking, XIO, Texas Memory, etc.). There will be other caching types who sit in front of classic stuff (Cache IQ, GridIron), and so on. At this point, I’m not delineating the ‘how’–mostly the ‘why’. Classic Storage is just that: the spinning disk we know and love. Some is faster than others, some scales out, up, and down. Yadda yadda yadda. There is a LOT of classic storage getting face lifts with SSDs these days, but I’m not sure that can be the answer in the long term. Having said that, this is the lot with all the money and all the customers, so by default they are the ones in the best position to re-invent. If I need to list these guys out, you are reading the wrong blog. I spoke about Copied Storage in a previous blog. In short, I may not ever need Performant Storage after
The Chief Technology Officer Forum
About the author: Steve Duplessie is the Founder of and Senior Analyst at the Enterprise Strategy Group. Recognised worldwide as the leading independent authority on enterprise storage, Steve has also consistently been ranked as one of the most influential IT analysts. You can track Steve’s blog at http://www. thebiggertruth.com
the fact — but I probably need copies of that data to sit in some other storage architecture that houses that copy and serves it throughout the rest of my environment (test/dev, warehouses, backup, etc.). This ‘tier’ is more about management than anything else. So far, the only guys I’ve seen dedicated to this space are Actifio. I suspect there will be more. This is a big, interesting (read $$) space. Archival Storage sort of exists as long term retention storage. It probably needs to continue to be a hybrid of cheap spinning disk (maybe even with some solid state, at least to write to) and (gasp!) giant piles of tape. Finding the right record(s) is the key to this slice. The cloud fits nicely here. This is Nirvanix or Nasuni in the cloud, Seven Ten, all the big guys with their archival offerings (EMC, NTAP, HDS, IBM, HP, etc.), Bridgehead, and a million software players. Seems to me that you can’t just use ONE thing for all use cases.
ANALYTICS Build on your future.
SAS® Analytics help you discover innovative ways to increase profits, reduce risk, predict trends and turn data assets into true competitive advantage. Decide with confidence.
Scan the QR code* with your mobile device to view a video or visit sas.com/india/build for a free Harvard Business Review report.
For more information please contact Jaydeep.Deshpande@sas.com.
*Requires reader app to be installed on your mobile device
SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. ® indicates USA registration. Other brand and product names are trademarks of their respective companies. © 2011 SAS Institute Inc. All rights reserved. S75378US.0611