Technology for Growth and Governance
24X7 CIO Lateral
thinking CIOs are using their tech knowledge to conjure up innovations that directly help businesses boost revenue and bottom lines. Their CEOs are impressed | PAGE 32
November | 07 | 2011 | `50 Volume 07 | Issue 06
BEST OF BREED
Guide to
Maximising Training Investment PAGE 18
I BELIEVE
Look at
Productivity, Not Cost PAGE 04
NEXT HORIZONS
Economics of
Cloud Computing Decoded PAGE 42
A 9.9 Media Publication
Þ Inbound Response Management
Priya Sharma, 1800 209 3062 022 - 67083830, Juniper@dnbindia.in
QFABRIC™ IS HERE and with it comes incredible transformation in the economics, management and performance of the data center network. All told, QFabric is up to 10X faster than the competition, amounting to 85% lower latency; all while requiring 27% fewer devices, consuming 56% less power and using 75% less floor space.* Start the transformation at juniper.net/qfabric
“You can virtualize your network, you can build one physical underlying network. The capacity is there, the tools are there…That’s the solution that Juniper’s putting forward.” ANDREW BACH, SVP, NETWORK SERVICES, NYSE EURONEXT
*PRODUCT COMPARISONS ARE BASED UPON PRODUCT INFORMATION THAT IS PUBLICLY AVAILABLE FOR CISCO’S NEXUS 7000 SERIES AND NEXUS 5000 SERIES PLATFORMS FOR A 6000 X 10GE PORT CONFIGURATION.
editorial yashvendra singh | yashvendra.singh@9dot9.in
Simplify Life The cue
for CIOs looking to innovate is to seed the right idea that makes life easy for all
N
ow this is what I call innovation! I recently met a senior CIO at his office in Gurgaon. What caught my attention was a large LCD at the reception, similar to the ones at the airport, displaying arrival and departure times. The CIO later explained it was a fleet management system. Deployed six months back, it had radically transformed the way his enterprise managed internal (employees) and external (fleet vendor, in this case) customers.
editor’s pick 32
There was no more sticking paper sheets on walls, and no more endless waits. The GPS would track the exact location of the cab, and any delay intimated through SMS. By developing an app for iPad, they could immediately log in the details once the journey was completed. This saved the vendor the hassle of sending invoices. In essence, it made life easy for everyone. We, at CTO Forum, have over the years been staunch proponents of such innovative IT.
Lateral Thinking CIOs are using their tech knowledge to conjure up innovations that directly help businesses boost revenue and bottom lines. Their CEOs are impressed
You, as technology leaders, can scarcely overlook its importance today. With emerging markets adding more than a billion customers to the global economy, CEOs worldwide have turned their attention to our home turf. The inherent cost-advantage that we have could be shortlived. The only way forward is to innovate for competitive advantage in the short-term and sustained growth and viability in the long-term. One way to fuel innovation could be to find an idea seeded anywhere and giving it an opportunity to expand. The CIO who deployed the fleet management system didn’t tell his team to focus on just the project and its deadline. He gave them the freedom to think beyond the project. Ideas flew thick and fast, and the result was there for all to see. They say in Google, employ-
ees invest 80 percent of their time in day-to-day work and the remaining 20 percent time is spent in ‘thinking’ not necessarily related to their work – a great way to incubate innovation. I believe for India’s CIOs these tough times are a blessing in disguise. The time is ripe to herald innovation in their enterprises, and in the process display business and leadership mettle. This issue’s cover story is yet another small step on our part to strengthen the spirit of innovation, and our way of acknowledging technology leaders who have implemented innovative IT. Let the ‘I’ in CIO stand for Innovation. No idea is a bad idea and every idea deserves a chance – but the one that succeeds is clearly the ‘right one’!
The Chief Technology Officer Forum
cto forum 07 november 2011
1
novemBER11 Cov e r D e s i g n by S h i g i l N
Conte nts
thectoforum.com
32 Cover Story
32 | Lateral Thinking CIOs are
Columns
using their tech knowledge to conjure up innovations that directly help businesses boost revenue and bottom lines. Their CEOs are impressed
04 | I believe: Look at Productivity, Not Cost The C level should look at value and productivity rather than cost. By Ashok Sethi
56 | View point: IT Leadership Two Days with Leading CIOs By Ken Oestreich
Please Recycle This Magazine And Remove Inserts Before Recycling
2
Copyright, All rights reserved: Reproduction in whole or in part without written permission from Nine Dot Nine Interactive Pvt Ltd. is prohibited. Printed and published by Kanak Ghosh for Nine Dot Nine Interactive Pvt Ltd, C/o Kakson House, Plot Printed at Silverpoint Press Pvt. Ltd. D- 107, MIDC, TTC Industrial Area, Nerul, Navi Mumbai- 400706
cto forum 07 november 2011
The Chief Technology Officer Forum
Features
50 | TECH for Governance Lean Principles & Compliance By Thomas Fox
www.thectoforum.com Managing Director: Dr Pramath Raj Sinha Printer & Publisher: Kanak Ghosh Publishing Director: Anuradha Das Mathur Editorial Executive Editor: Yashvendra Singh Senior Editor: Harichandan Arakali Assistant Editor: Varun Aggarwal Assistant Editor: Ankush Sohoni DEsign Sr. Creative Director: Jayan K Narayanan Art Director: Anil VK Associate Art Director: PC Anoop Visualisers: Prasanth TR, Anil T & Shokeen Saifi Sr Designers: Joffy Jose, NV Baiju Chander Dange & Sristi Maurya Designers: Suneesh K, Shigil N, Charu Dwivedi Raj Verma, Prince Antony & Binu MP Chief Photographer: Subhojit Paul Photographer: Jiten Gandhi advisory Panel Anil Garg, CIO, Dabur David Briskman, CIO, Ranbaxy Mani Mulki, CIO, Pidilite Manish Gupta, Director, Enterprise Solutions AMEA, PepsiCo India Foods & Beverages, PepsiCo Raghu Raman, CEO, National Intelligence Grid, Govt. of India S R Mallela, Former CTO, AFL Santrupt Misra, Director, Aditya Birla Group Sushil Prakash, Country Head, Emerging Technology-Business Innovation Group, Tata TeleServices Vijay Sethi, VP-IS, Hero Honda Vishal Salvi, CSO, HDFC Bank Deepak B Phatak, Subharao M Nilekani Chair Professor and Head, KReSIT, IIT - Bombay Vijay Mehra, CIO, Cairns Energy
14 a question of answers
14 |“Connect Everything, Empower Everyone” Kevin Johnson, CEO, Juniper,
shares his views on key technological disruptions in recent times in a candid discussion with Pramath Raj Sinha 42
42 | next horizons: Economics of Cloud Decoded Proper
24
24 | best of breed:An Open Letter to Your CEO Business needs to
deployment can provide significant savings By
stand up and take some responsibility too, it's not just IT's alone
Kevin L Jackson
By Marc J Schiller
RegulArs
01 | Editorial 08 | Enterprise Round-up
advertisers’ index Juniper Schneider SAS CTRLs Trend Micro Nokia
IFC, 17 5 7 12, 13 IBC BC
This index is provided as an additional service.The publisher does not assume any liabilities for errors or omissions.
Sales & Marketing National Manager-Events and Special Projects: Mahantesh Godi (09880436623) Product Manager: Rachit Kinger (9818860797) GM South: Vinodh K (09740714817) Senior Manager Sales (South): Ashish Kumar Singh GM North: Lalit Arun (09582262959) GM West: Sachin Mhashilkar (09920348755) Kolkata: Jayanta Bhattacharya (09331829284) Production & Logistics Sr. GM. Operations: Shivshankar M Hiremath Manager Operations: Rakesh upadhyay Asst. Manager - Logistics: Vijay Menon Executive Logistics: Nilesh Shiravadekar Production Executive: Vilas Mhatre Logistics: MP Singh & Mohd. Ansari OFFICE ADDRESS Published, Printed and Owned by Nine Dot Nine Interactive Pvt Ltd. Published and printed on their behalf by Kanak Ghosh. Published at Bunglow No. 725, Sector - 1, Shirvane, Nerul Navi Mumbai - 400706. Printed at Tara Art Printers Pvt ltd. A-46-47, Sector-5, NOIDA (U.P.) 201301 Editor: Anuradha Das Mathur For any customer queries and assistance please contact help@9dot9.in
I Believe
By Ashok Sethi, CIO, Sapient India The author leads Sapient’s IT Strategy and Enterprise Applications & Infrastructure groups. He has over 20 years of consulting experience
Look at Productivity, Not Cost of Services
For IT to complement business, the C level should look at value and productivity rather than cost A question that a CIO is often asked is: Are you able to convince your CEO about the budget that you want? I believe, the need to convince the top management over the budgetary requirements arises when the top management lacks the knowledge and interest in what is happening in
4
cto forum 07 november 2011
The Chief Technology Officer Forum
current challenge To continuously benchmark the cost of services internally against those externally
the outside world. It boils down to how aware the top management is of the goings-on in the enterprise firmament and whether it too wants to be on the same journey or not. IT is a journey without an end. Today, I am on Mac platform, tomorrow it could be any other, and you should be ready to support it. Cost is always a factor. But I would like to call it an investment rather than a cost. If the C level starts viewing IT as an investment and looks at the RoI and the value and productivity-gain taking place, I don’t think they will challenge the investment. We, therefore, don’t look at cutting capex. I think investments are required irrespective of where you are. There could be various models of operations. Capex can be converted to opex if you opt for different services. For instance, if you opt for cloud, it becomes an opex, while you have to buy the hardware. The objective is service and we need to loook at the cost of that service, and if we are to buy that service from outside, what will be the cost of procuring it. So, as a CIO, I am always benchmarking to find out the cost of that service internally. Can I get it at the same cost from outside with matching SLAs? If the answer is no, it means that service is not core to my business. On the applications side, we are evaluating which SaaS models will work best for us. We are looking at our ERP system once again — platform upgrades are coming in. On the technology side, I would say our primary focus is on security, which would go up to the mobile devices. As the whole concept of BYOD is catching up, mobile device management is becoming critical for us. Collaboration was a big theme for us last year, and we would be expanding it in the next year. People may say this is a cost, but I call it an investment.
The strategic bridge between your data centre and your business? You. Only StruxureWare for Data Centres enables a healthy, business-driven data centre. Tap in to the health of your data centre As an IT or data centre manager, you know that doing your job well means saving your company both time and money. Today, there finally is a way for you to be completely tapped in to the overall health of your data centre. StruxureWare™ for Data Centres gives you visibility across your entire data centre infrastructure so you can make informed decisions — not arbitrary ones — about your infrastructure. For example, you can plan proactively for needed capacity and streamline workflow management to improve your business agility and availability. In fact, now more than ever, infrastructure decisions are business decisions.
Now, make informed decisions about your infrastructure:
>
Plan proactively for needed capacity.
>
Blueprint data centre expansions and consolidations.
What’s more, StruxureWare for Data Centres communicates in real time with the leading virtualization platforms: VMware vSphere™ and Microsoft® System Centre Virtual Machine Manager. The software’s built-in automated response capabilities ensure that virtual loads always have healthy host environments. With your VMs on healthy hosts, you can focus on running your data centre more efficiently. The software also gives insight into PUE/DCiE trending over time, enabling you to make intelligent energy management decisions. With StruxureWare for Data Centres’ planning and reporting capabilities, who’s the company hero now? You are!
>
Streamline workflow management of your IT physical infrastructure to improve your business agility and availability.
>
Make changes knowing how they will affect your business.
>
Visualize change/capacity scenarios to improve your bottom line.
APC by Schneider Electric™ is the pioneer of modular data centre infrastructure and innovative cooling technology. Its products and solutions, including InfraStruxure™, are an integral part of the Schneider Electric™ IT portfolio.
>
View your current and historic PUE/DCiE and energy costs of subsystems to make intelligent energy management decisions.
An always available, efficient data centre
How Data Center Infrastructure Management Software Improves Planning and Cuts Operational Costs White Paper 107
> Executive summary
Tap the business value of your data centre! Learn how in our management software white paper. Visit www.SEreply.com Key Code 98152t Toll Free 1800 4254 877/272
©2011 Schneider Electric. All Rights Reserved. Schneider Electric, InfraStruxure, StruxureWare, and APC are trademarks owned by Schneider Electric Industries SAS or its affiliated companies. All other trademarks are property of their respective owners. • 998-4108_IN-GB Schneider Electric India Pvt Ltd, 9th Floor, DLF Building No. 10, Tower C, DLF Cyber City, Phase II, Gurgaon - 122 002, Haryana, India, Phone: +91 124 3940 400, Fax: +91 124 4222 036
LETTERS CTOForum LinkedIn Group Join over 900 CIOs on the CTO Forum LinkedIn group for latest news and hot enterprise technology discussions. Share your thoughts, participate in discussions and win prizes for the most valuable contribution. You can join The CTOForum group at: www.linkedin.com/ groups?mostPopular=&gid=2580450
Some of the hot discussions on the group are: Open Source vs Proprietary SOFTWARE Practically how many of you feel OpenSource Free software are best solutions than any proprietor software's?
ARE CTOs more interested in satisfying the CFO & Board rather than the consumer?
The CTO is aligned to the CFO and the Board in that order, the CTO will have to also be good at resume writing as he will not last too long. But then the question arises, is the CFO aligned to the Consumer? If he is not, then even he may be in hot water sooner or later.
I would rather mention that, you call should depends on the criticality of the application to serve the enterprise business requirement, as opensource application can have security breaches and lack of support in worst come senario
—Vishal Anand Gupta, Interim CIO & Joint Project Director HiMS at The Calcutta Medical Research Institute
cto forum 07 november 2011
The Chief Technology Officer Forum
http://www.thectoforum.com/content/ india-new-focusphishers
Stop living within the realms of IT
A CIO should just stick to the C and the O in the title Technology plays a big part in developing our country. But how are we faring, you and me... the senior technocrats? To read the full story go to:
WRITE TO US: The CTOForum values your feedback. We want to know what you think about the magazine and how to make it a better read for you. Our endeavour continues to be work in progress and your comments will go a long way in making it the preferred publication of the CIO Community.
6
Rajat Mohanty, CEO Paladion shares his insights into phishing in India and Middle East in a conversation with Varun Aggarwal
Opinion
Arun Gupta, Group CIO, Shoppers' Stop
Send your comments, compliments, complaints or questions about the magazine to editor@thectoforum.com
CTOF Connect
http://www.thectoforum.com/content/stop-livingwithin-realms-it C R Naraynan CIO, Tulip Telecom
ANALYTICS Drive more value.
Par for the course won’t differentiate you. With SAS Analytics, you can increase profits, reduce risk, predict trends and continuously improve the way you work. Decide with confidence. ®
Scan the QR code* with your mobile device to view a video or visit sas.com/india/golf for a free Harvard Business Review report.
For more information please contact Jaydeep.Deshpande@sas.com.
*Requires reader app to be installed on your mobile device
SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. ® indicates USA registration. Other brand and product names are trademarks of their respective companies. © 2011 SAS Institute Inc. All rights reserved. S75378US.0611
FEATURE Inside
Enterprise
HP Helps Businesses Deliver on Cloud Computing Pg 10
illustration by joffy jose
Round-up
Mobile Devices Under Security Infrastructure Changing threat vectors
require shift in enterprise security strategies
McAfee recently shared its vision for securing mobile devices in corporate environments. The three-pronged approach for protecting mobile devices, mobile data, and mobile applications, is designed to help businesses and consumers manage their devices securely, as the threat environment quickly evolves. Attacks on smartphones are becoming more common, and according to McAfee Labs, new malware targeting Android devices jumped 76 per cent in the last quarter. The need to secure mobile devices from attacks has never been more important. IT security operations that were once smooth-running have recently come
8
cto forum 07 november 2011
The Chief Technology Officer Forum
under intense pressure to adopt new technologies and fully support completely new platforms, operating systems, and architectures. McAfee is developing products and strategies to allow businesses to bring these consumer devices securely into the IT infrastructure. “Mobile device adoption is exploding, and unfortunately, so are the threats targeting mobile platforms. We believe that the emerging mobile malware we are seeing today is just the beginning,” said John Dasher, Senior Director, mobile security for McAfee. “It’s a whole new world, and a challenge for IT to craft security policies that make sense while updating their infrastructure.”
Data Briefing
58% Growth in private sector data breaches
E nte rpri se Round -up
They AZIM Said it PREMJI
illustration by shigil n
Azim Premji Foundation (APF), run by the third richest Indian on his own money, is all set for a generous initiative. The foundation plans to start 1,300 schools across the country — two per district — which will be free, impart education in the local language and be affiliated to the state board.
Top 10 Strategic Technologies for 2012 To impact organisations' long-term plans significantly
“Quality education is fundamental to our becoming a developed nation. And the final crucible of learning is the classroom” — Azim Premji, Chairman, Wipro
Gartner defines a strategic technology as one with the potential for significant impact on the enterprise in the next three years. These technologies impact the organisation's long-term plans, programmes and initiatives. “These top 10 technologies will be strategic for most organisations, and IT leaders should use this list in their strategic planning process by reviewing the technologies and how they fit into their expected needs,” said David Cearley, Vice President and Gartner fellow. “Organisations should start exploratory projects to look at promised candidate technology and kick off a search for combinations of information sources, including social sites and unstructured data that may be mined for insights,” said Carl Claunch, Vice President and distinguished analyst at Gartner. The top 10 strategic technologies for 2012 include Media Tablets and Beyond, Mobile-Centric Applications and Interfaces, Contextual and Social User Experience, Internet of Things, App Stores and Marketplaces, Next-Generation Analytics, Big Data, In-Memory Computing, Extreme Low-Energy Servers and finally, Cloud Computing.
Quick Byte on Financial
According to the latest Kaspersky Labs report, since June 2011, a substantial decrease in the number of fake anti-virus programmes was observed. However, right now 10,000 daily attempts to infect users with Trojan-FakeAV are seen; back in June the figures were 50-60,000. —Kaspersky Labs
The Chief Technology Officer Forum
cto forum 07 november 2011
9
illustration by shigil n
E nte rpri se Round -up
HP Helps Businesses Deliver on Cloud Computing CloudSite, Hostworks and SingTel select HP to win race to the cloud
HP recently announced that companies in the Asia-Pacific and Japan (APJ) region are turning to HP for data centre services and solutions as they outpace other regions in the race to cloud-based computing models. Globally, the market for cloud computing will grow from $40.7 bn in 2011 to more than $241 bn in 2020. APJ is a particularly dynamic region in terms of growth in this area, where, according to Forrester Research, organisations are forming comprehensive cloud strategies faster than in North American and Western European markets. Many APJ organisations are still in the
early stages of deploying IT environments, and without the restrictions of legacy environments, they can move directly to servicebased, cloud-computing models. Many HP clients, such as CloudSite, Hostworks and SingTel, are rapidly transforming their businesses to offer cloud services to customers. “APJ-based companies are increasing their competitive advantage on a worldwide scale by transforming their data centres and moving to flexible cloud environments,” said Som Satsangi, Vice President, Enterprise Servers, Storage and Networking, HP India.
Global Tracker
Consumer Spending Worldwide
Context-Aware Technologies Will Affect
10
cto forum 07 november 2011
The Chief Technology Officer Forum
Source: Gartner
$96 bn of Annual Consumer Spending Worldwide by 2015
The percentage of organisations in AsiaPacific Except Japan who view the cloud as directly relevant to their organisations recently almost doubled over a 12-month period. As part of this trend, newly built enterprise-class data centres will double from 2010 to 2014, requiring specialised expertise to ensure that they are cloud-ready. In China there is limited data centre space available for hosting and managed services. Space that is available tends to experience power, cooling and reliability issues that put organisations at risk of service disruptions. CloudSite is a data centre development company that plans to build five data centres in China to support clients locally and abroad. They turned to HP to design a state-of-the-art 38,000 sq mt facility for cloud computing that is modular, highly energy-efficient and can scale to meet various client needs. “HP is the only company in China that has the expertise to deliver an end- to-end strategy for planning and building a data centre, while fast-tracking the project to help us meet our business goals,” said John Drossos, Chief Executive Officer, Cloudsite Development. “HP has proven to be a trusted advisor, working with us every step of the way to ensure that every resource counts and our facility exceeds our expectations.” To reduce power usage and accommodate fluctuations in local power availability, the facility’s cooling system uses an indirect outside air economiser, as well as hot and cold aisle containment. Each data centre floor houses IT space and an independent power and cooling infrastructure. Hostworks specialises in the provisioning of online, high-transaction websites, video streaming, complex web hosting and peak demand management for leading digital media companies and online transaction websites in Australia. Hostworks requires the highest levels of performance and flexibility to deliver new services and 24x7 availability, especially during peak times. The company selected HP CloudSystem to build, package and provision cloud services through a unified catalogue. Leveraging an underlying HP Converged Infrastructure, Hostworks’ Elastic Compute Infrastructure rapidly scales up and down without impact to resources, enabling its customers to only pay for what they use.
E nte rpri se Round -up
illustration by prince antony
Google to Offer Free Websites to Indian SMEs Tool powered by HostGator
Google India has announced the launch of a nationwide initiative to help small medium enterprises (SMEs) in India to get online with a free website, personalised domain and hosting. Called ‘India Get Your Business Online,’ this initiative aims to break down the barriers that stop small enterprises from getting online — by offering a quick, easy and free tool to set up and host a website. Google’s goal is to help 500,000 SMEs in India to get online in next three years through this programme, working with web hosting provider HostGator. Small business owners in India can log on to www.indiag-
etonline.in and use the tool to get a get a free, easy-to-build website and web hosting for one year powered by HostGator. Businesses also get a customised domain .in name and free tools, training and resources to succeed online. “Google has always believed in the power of the internet to help small businesses thrive and to make people's lives easier by making information more accessible and useful. We recognise India as a high growth and high potential internet market in the world and we’re committed to play the role of a catalyst to bring the benefits of the internet economy to small and medium businesses in India. We have received tremendous response to this initiative in other countries and we’re very excited to bring this initiative to India and empower local businesses as more and more Indian users get online,” said Nikesh Arora, SVP & Chief Business Officer of Google Inc. While India is home to an estimated eight million small and medium businesses, only about 400,000 have a website. The initiative is designed to bridge the information gap that exists online due to the lack of presence of local Indian businesses on the internet. Businesses often believe that getting online is too complex, costly and time-consuming; this perception prevents many SMEs from taking the first step towards building an online presence. Google India and HostGator plan to change that through this initiative. ‘India Get Your Business Online’ programme is also supported by Federation of Micro, Small and Medium Enterprises (MSMEs), popularly known as FISME. FISME, the non-profit organisation will work with Google India to help SMBs get online through direct customer outreach and events.
Fact ticker
IT Spending to Reach $2.7 Tn
Despite economic challenges, enterprises will continue to invest in IT Worldwide enterprise IT spending is projected to total $2.7 tn in 2012, a 3.9 per cent increase from 2011 spending of $2.6 tn, according to Gartner Inc. While enterprise IT spending growth is slowing (from the expected 5.9 per cent increase in 2011), analysts said it’s important to note that despite the global economic challenges, enterprises will
continue to invest in IT. Peter Sondergaard, Senior Vice President at Gartner and global head of Research said, “The days when IT was the passive observer of the world are over. Global politics and the global economy are being shaped by IT”. “IT is a primary driver of business growth. For example, this year 350 companies will each invest more
than $1 bn in IT. They are doing this because IT impacts their business performance.” Sondergaard said two-thirds of CEOs believe IT will make a greater contribution to their industry in the next 10 years than any prior decades. “For the IT leader to thrive in this environment, IT leaders must lead from the front and re-imagine IT,” Sondergaard said. “IT leaders must embrace the post-modern business, a business driven by customer relationships, fuelled by the explosion in information, collaboration, and mobility.”
Smart Cities
I
BM recently announced the launch of IBM Intelligent Operations Centre for Smarter Cities, a new solution designed to help cities gain a holistic view of information across city departments and agencies. This development is significant keeping in mind the current landscape in India. IBM’s Intelligent Operations Centre, part of the Next Big Wave Technologies offerings for India market, leverages analytical insights to monitor and manage city services through one central point of command so cities are better able to anticipate problems, respond to crises, and manage resources. The IBM Intelligent Operations Centre for Smarter Cities will allow cities to use information and analytics to make smarter and more timely decisions, helping local leaders manage a spectrum of events, both planned and unplanned, such as deploying water maintenance crews to repair pumps before they break, alerting fire crews to broken fire hydrants at an emergency scene, or anticipating traffic congestion and preparing redirection scenarios. The Intelligent Operations Centre is designed to optimise the operational efficiencies of a city and provide a unified view of all city agencies including energy, public safety, transportation, and water.
The Chief Technology Officer Forum
cto forum 07 november 2011
11
A Question of answers
PERSON' S NAME
The role of a CIO is constantly changing with disruptive trends in the space of technology. Kevin Johnson, CEO, Juniper, shares his views on the key technological disruptions in recent times in a candid discussion with Pramath Raj Sinha
Social Media and the CIO: Johnson feels social media is important for enterprise collaboration
14
cto forum 07 november 2011
The Chief Technology Officer Forum
A Question of answer
K e v i n J o h nson
Kevin Johnson | CEO, Juniper
“Connect Everything,
Empower Everyone” What according to you are the key emerging trends in information technology? The key trends in technology that are shaping business currently are mobile, social and cloud. Starting with mobile, we’re in an era where phones, tablets and mobile internet, etc., are being used by consumers and businesses to access information and data. While it was predicted that smartphones would catch on, it were the form factors mainly driven by Apple with touch capability and high-speed data connectivity and new range of applications that really unleashed the wave of consumer tech innovation. This is creating some interesting opportunities and challenges for the CIOs. First, it creates a new class of applications. In some way they are traditional business class applications that people want to access on
these mobile devices, and in other cases, these are a new set of applications that are used by the company to reach their customers or partners in different ways. Starbucks, for instance, has built a mobile payment application for loyalty card holders wherein you just pull out your iPhone or Android device and pay using it, while keeping track of all your personal information. While many CIOs say they do not allow personal devices at work, studies reveal, about 90 per cent employees have carried their personal devices to work and over 80 per cent have used that to access corporate data. Either CIOs put up restrictions on such behaviour or look for a solution to allow this in a secure manner. At Juniper, we did the latter. We changed our device policy and instead of Juniper paying for the device, we have the employees paying
for it. So they get to pick their device, but we have a solution that allows these devices to connect securely to the network. For this, we created a product called Junos Pulse that runs on most mobile platforms and allows secure connections to corporate data. If an employee loses the device. We can centrally wipe that device, we can also locate the lost device using GPS. The social trend is making inroads into the business in two key ways. First, businesses are using social tools to reach their customers better, evangelise better and to stay connected to their opinions. Companies are thinking how to utilise and leverage the social — the fact that people are connected. The other place where the social is helping is by enabling employees to collaborate. For example, at Juniper we use Salesforce.com’s Chatter. Chatter is like a business version of Facebook and
The Chief Technology Officer Forum
cto forum 07 november 2011
15
A Question of answers
allows employees to have a page that is within the company firewall. And it allows us, as a company, to put all the relevant content up there for the employees. It also allows employees from different geographies to gain from each others’ experience and collaborate. It is different from email, as it works in the Facebook manner. Cloud — in many ways is just a buzzword and every technology company in the world is putting up the term in some or the other product. But there are some fundamental drivers for cloud computing. In its simplest form it can be seen in the the infrastructure of the data centre — by centralising the storage and servers and by virtualising them for higher utilisation and then by automating the data centre. There are significant economics to be derived by just doing that. In addition to that, if you’re a midmarket firm and do not have the critical mass or scale to centralise, virtualise and automate your data centre, you will consider someone else to do it — a service provider or a SaaS-based application. There are also hybrid models for either disaster recovery or peak compute volumes. There is a lot more to unfold in terms of applications, to enable more advantage of cloud. The three trends also accompany security challenges for a CIO. What do you have to say about this? The interesting thing about mobile, social and cloud is that it could not have happened without the network. The fact is that the network is within the data centres and connects the data centres together for cloud computing, or is the network that enables the mobile internet, using which billions of devices are connected. That’s what Juniper Networks is focussed on — how to drive innovation that enables our vision called 'connect everything and empower everyone'. We are, therefore, mindful of such trends. We are also conscious that
16
cto forum 07 november 2011
K e v i n J o h nson
“The interesting thing about mobile, social and cloud is that it could not have happened without the network”
security becomes an important issue when you have everything connected, and the fact that these devices and technology are in many more hands around the world. Cyber threat is real and the changing technologies and threat vectors are evolving. Today, there is economics behind cybercrime and well-funded entities are indulging in it. Are you genuinely convinced about the economics of cloud? Is India just behind the curve for cloud computing? If you do the mathematics behind the economics of virtualisation, centralisation and automation, it is easy to prove that the economic benefits of this model are significant. If you then try to apply these economics to your IT operations, it is very difficult. Our Co-founder, Pradeep has this principle — centralise whatever you can, but distribute only when you must. And it is mathematically prov-
The Chief Technology Officer Forum
things I Believe in rends like T mobile, social and cloud could not have happened without the network yber threat C is real and the changing technologies and threat vectors are evolving hatever W market trends there are today, are creating the most complicated situation for the CIO
en that when you distribute things, it costs more and centralisation costs less. That’s the principle on which we engineer our technology. So when you look at cloud in that way, it seems simple to justify the investment. However, when the IT team says that we need to invest a few million dollars before we can save from this technology, it is a tough decision for the management. Given the trends, CIOs have too many trade-offs to worry about. Do you think life has become complicated for the CIO? Whatever market trends there are today, are creating the most complicated situation for the CIO. In my 30-year career, I’ve seen many significant technology evolutions and disruptions. You may say that they are accelerating, but they do build upon one another. So, while the number is much higher, they were still very significant even 20-30 years ago.
Features Inside
Guide to Maximising Training Investment Pg 21
Best of
An Open Letter to Your CEO Pg 24
illustration by pc anoop
Breed
Strategic Value of PPM in Enterprise Pg 22
Get Set for e-Discovery % in SharePoint
30
Data Briefing
of Midsize Companies Will Use Recoveryas-a-Service by 2014, up from one per cent today
18
cto forum 07 november 2011
One of the most popular collaboration platforms, SharePoint adoption is set to accelerate in the months ahead
By Tom McCaffrey
A
solution like SharePoint provides a number of benefits for organisations, including real-time collaboration, decreased costs and improved operational efficiency. However, as more companies turn to this platform for business critical collaboration and document retention, they face proThe Chief Technology Officer Forum
found challenges related to e-discovery demands. This is a significant concern since research shows it is not a question of 'if' they will ever have to engage in e-discovery, but when. Nevertheless, there are a series of policies and simple practices organisations can implement to ensure the e-discovery process is seamless and efficient. Equally important, using
m a n ag e m e n t
One of the most important steps in preparation for e-discovery is the creation of a policy to effectively organise and manage information these same practices, companies can preserve, analyse, review and produce electronic data in accordance with applicable obligations when requested to help avoid fines or sanctions. One of the most important steps for an organisation to take in preparation for an e-discovery request is the creation and implementation of a policy to effectively organise and manage existing information thereby making it easier to search. It is important to build these guidelines around the content because SharePoint enables users and organisations to save an unnecessary amount of data. For example, if an organisation is coordinating with an archive or other information governance solution, it can decide what types of electronically stored information (ESI) can be kept and for how long. Ultimately, though, not all of the content stored on the SharePoint server will be relevant for e-discovery. In that sense, SharePoint is similar to email — there are only certain items which are truly relevant.
Retention Policies Implementation of the corporate retention policies in SharePoint both help an organisation achieve regulatory compliance and is the next step in preparing for e-discovery. Assuming your organisation has document retention policies in place, a company should require SharePoint site administrators to define the applicable retention categories in accordance with the policies for each site and folder. Further, a company should set up the folder structure so that only one retention category applies to each folder and its future contents. These sites and folders and their corresponding retention categories should be documented both within the SharePoint site
and included in the organisation’s data map. The top level of the site should also define criteria that people can use to determine the appropriate folder for content they are adding to the site. For any office document or loose file, the creator can be sure their name is listed in the file properties instead of using a copy of someone else’s file or the corporate template.
Ownership Once the SharePoint site structure is established, next comes the task of determining who owns the data within the platform. Identification of data ownership is important for e-discovery, since some of the data owners may ultimately become custodians in a matter or investigation. Why does determining data ownership matter, you may ask? Legal and IT are obligated to collect and produce relevant data for each custodian named in a matter or investigation, often within a two to three week window. Missing this deadline can result in fines and, potentially, loss of the case. It is much easier to find data if ownership structures are documented and in place. Knowing where to look can make the difference between missing a deadline or having the time to review data and determine case strategy. Because SharePoint can function as a file-share, in which anyone can have access to a certain folder, the administrator can and should manage who can access what folders and where information is ultimately stored. Making that decision involves defining who the data owner is, and that can be a complicated process. In SharePoint, an owner needs to be assigned to every data element. Since many people use a given SharePoint site, some steps should be taken to identify ownership of the data.
B E S T OF B R E E D
Often, the person with administrator rights to the site can be considered the owner.
Too Many Cooks What happens when you have a project team or department with many individuals contributing content, making edits and viewing content? SharePoint tracks both who last viewed or last edited content, which is information that can be used to determine custodians for the data. Or, all people with access rights to the content may be considered custodians. Wikis and blogs may be more straightforward than documents, since there are typically primary and secondary or contributing authors which become the data custodians. The final and perhaps most important action a company can take when preparing for e-discovery involving information on SharePoint is to ensure that all metadata is preserved. Failing to preserve metadata can result in fines and/or sanctions. But a fear of sanctions and fines should not be the only motivating factor for ensuring the preservation of an organisation’s metadata. Metadata identifies who last accessed a file/ sent a message, who created it, when it was created or accessed and who was on the distribution list for a message. This information, combined with the contents of a file or message determines who said what to whom and when, as well as who knew what and when they became aware of it. Metadata can be preserved through a tool that makes forensic copies of the content. The most common enterprise tool for preserving content and metadata is an enterprise information archive. Archives use special connectors to link to email servers and other application servers, such as SharePoint that copy and store both content and metadata. E-discovery tools built for collections also ensure both content and metadata are copied and preserved exactly the way they were in the original location. Organisations can make discovery from SharePoint more efficient and reduce risk by establishing clear protocols for accessing SharePoint sites and documenting the entire management process in terms of site structures, administrator access and employee access. This documentation must be kept current and should track whom had The Chief Technology Officer Forum
cto forum 07 november 2011
19
B E S T OF B R E E D
training
access to what sites and when. An organisation should also work with its legal team to describe in advance how it will define custodians with respect to administrator, author or viewing access rights. Legal and IT teams should work collaboratively prior to investigations and legal matters to determine how collections from SharePoint will be conducted.
$6.3
These systems take advantage of full text indexing of content and metadata and then apply advanced linguistic algorithms to identify relevant content. Expected Some tools take this process a step further, allowing review Online Music attorneys to classify documents Revenues by the from within the review set end of 2011 which then trains the software to efficiently classify other documents accordingly. This intelligent prioritisation is even more powerful in that it identifies gray content (meanThe ‘When’ ing documents that may be either relevant When the time comes to conduct Shareor non-relevant) and presents it to a human Point e-discovery, there are a number of for disposition, from which the learning third party tools that can help. Some tools process continues to refine itself. allow organisations to crawl through an SharePoint’s use is growing in populararchive and extract specific information. ity and the amount of data being created Some have the ability to do a proximity is growing exponentially, increasing the search, so, for example, you can look for the frequency of e-discovery requests from this word ‘discovery’ +/- any other specific words platform. Since organisations are obligated before or after it. More advanced discovery to collect and produce data from SharePoint services provide the ability to search by confor litigation and investigations, they can cepts, instead of just keywords.
bn
reduce the impact through proper planning, documentation and business processes. Structure, administration, alignment to corporate retention policies and proactive methods for assigning data ownership can help organisations reduce the possibility of fines and sanctions and have the time they need to develop optimal case strategies. Tom McCaffrey, Director of Archiving for Kroll Ontrack, is responsible for the overall business strategy and market evolution of the company's archiving and information management solutions. McCaffrey works with his team to bring expert products and services to market that help clients manage large volumes of data, reduce the cost of responding to investigations, litigation and regulatory requirements, and defensibly respond to requests for electronically stored information (ESI). —This article has been reprinted with permission from CIO Update. To see more articles regarding IT management best practices, please visit www.cioupdate.com.
Guide to Maximising Training Investment
A
For determining the business impact of training, it must be quantified in terms of value of investment fter 20 years of helping global organisations plan and deliver training and development, especially around project management and business analysis, I have found that there are some common failure points in the design, execution and application of
training. Furthermore, ESI International conducted a web-based transfer of learning survey in March 2011. This global study, Applying Training and Transferring Learning in the Workplace: How to Turn Hope into Reality, asked more than 3,200 training-related managers and leaders at government agencies and commercial institutions if they had a system to ensure trainees apply learning improve actual employee performance and generate positive business impact. Drawing from
20
cto forum 07 november 2011
The Chief Technology Officer Forum
this research and my own practical experience, I’ve outlined ways that CIOs can get the most out of training. Make the case for change: Before you tell individuals to go to training explain why they are attending training, what should they expect and what the organisation expects. This is often the most neglected area that connects a training class to an IT strategy and, more importantly, a business strategy. CIOs should put a strategic focus on employee development, and this means you need to implement change management in the following ways: Articulate the as-is state and articulate the 'problem' at all levels within the organisation Communicate the vision and reasons why a change in knowledge/skills/competencies is needed to support the company’s
Illustration by shigil n
training
B E S T OF B R E E D
mising returns, increasing agility, minimising risk or improving performance), you have to show the current state by identifying various qualitative and quantitative metrics and establish success criteria. These metrics become your dashboard to show improvement over time and help you to communicate with various stakeholders. Motivate your audience: Motivating employees to prepare for, attend and then successfully apply learning is an inherent and critical part of the learning process. According to the Transfer of Learning Survey, only 20 per cent of survey respondents indicate that there is a financial reward or incentive to training. This shows that organisational incentives may be out of touch with today’s workforce, and CIOs should re-examine their strategies for motivating a new, changing workforce. If monetary rewards are out of the question, then consider offering 'moments' that instill pride and serve as an incentive for an employee, like a lunch with the CEO. Also, the timing of recognition — perhaps during a company-wide meeting — is often more important than ‘what’ kind of recognition. Solve the manager puzzle: Managers clearly play an important role in ensuring that learning meets organisational objectives and is applied on the job. In fact, securing manager support was selected in the Transfer of Learning survey as the number two most important strategy for the transfer of learning. Managers must do more than simply endorse a training programme. Managers should have clear responsibilities and provide tactical support every step of the way, including developing a plan for learning and its application on the job and ensuring post-instruction reinforcement. Plan what happens after class: Preparing for training is one thing, but what happens after training? It is discouraging to find that almost 60 per cent of those surveyed indicate that they do not have a systematic approach to preparing a trainee to transfer or apply learning on the job. Rather they seem to rely on informal feedback or guesswork. This lack of pre-training planning casts further doubt on an application of learning methodology within organisations. Once training is over, the hard work begins. CIOs should ensure that there are post-learning strategies and tactics to reinforce change and spark dedication to apply learning. Post-learning aids abound today, such as post course discussions with the manager/team leader, on-the-job aids, informal support such as social networks or online forums, or communities of practice such as peer groups/ coaching. The trick is to organise and match up this array of posttraining aids to meet a learner’s specific moment of need. Communicate results of your measurement strategy: Showing the value of investment in training does not mean RoI is out of the picture. It just means that you can tie training to real, measurable business impact. To measure results, you need to define the business impact areas, which can be: increasing quality, increasing productivity, increasing employee engagement, decreasing costs, increas-
“Before you tell individuals to go to training explain why they are attending training and what they should expect from it” growth/future strategy Enact change management processes as part of skills development along with associated interventions, coaching and performance support systems Show your mind map and expected value: What is the framework for gathering requirements and managing your IT projects so that they align with business strategy? You may reply: “Ask my project management office (PMO)”. However, PMOs rarely can articulate the value and business outcomes of training. That’s where the CIO comes in. CIOs need to think and act in a very methodical, comprehensive way, developing a plan that brings about change across people, processes and tools, where training is one very important factor in overall success. Speak business, not IT: Clearly, CIOs need to define value of a training intervention in the context of the overall business strategy. Once the expected value is understood (often in four areas: maxi-
The Chief Technology Officer Forum
cto forum 07 november 2011
21
B E S T OF B R E E D
m a n ag e m e n t
ing revenue, increasing customer satisfaction, decreasing cycle time, decreasing risk and increasing effective communication. Then enact a measurement strategy. Course evaluations need to be completed by both the trainee and manager immediately post training and then 90 days out. After defining business impacts and developing tools and evaluations to measure specific results, CIOs can review high-level output that helps prioritise training and development investments based on this data. CIOs should be asking for the following data points: How do learners rank various courses by perceived impact on the organisation? Does training impact job performance? How does training impact the nine business impact areas defined above? What do learners report when it comes to manager engagement and support, or the availability of post-training resources? In any of the above examples, measurement output will show a predictive impact, a validated impact 90 days post-training and
then data adjusted for bias/self-reporting. Training is more important than ever to maximise the workforce, but determining the business impact of training must be quantified in terms of value of investment. Increasing the value of your project management and business analysis training means CIOs can and should develop a plan for building workforce competencies based on the business strategy driving IT strategy. Raed Haddad, SVP, Global Delivery Services for training firm ESI International, has more than 25 years of multicultural, project management expertise across a range of industries, including health care, technology, government, telecom and financial services. Haddad brings his insights to executive audiences worldwide in the areas of project management, talent management and performance improvement programme measurement. —This article has been reprinted with permission from CIO Update. To see more articles regarding IT management best practices, please visit www.cioupdate.com.
Strategic Value of PPM in Enterprise
It provides information that links business needs with business technology activities
R
egardless of its size, one of the key components of strategic investment management in any organisation is portfolio and programme management (PPM). PPM provides enterprise-wide focus on defining, gathering, categorising, analysing, and monitoring information on corporate assets and activity as they relate to technology implementation and management. PPM offers top managers a centralised and balanced view of various business technology projects and lays out the benefits and risks of each. In order to be effective, PPM is only realised by focussing on organisational structures, processes, information, and automation — in the process, bringing order to chaos. If a business has any hope of transforming its technology management, it must first structure and organise all of the disparate pieces of information held by the organisation.
22
cto forum 07 november 2011
The Chief Technology Officer Forum
Illustration by shigil n
By Faisal Hoque
B E S T OF B R E E D
m a n ag e m e n t
“The strategic role of PPM is nothing short of providing an enterprise with a tool for better aligning its technology spending with needs” It’s really no different than anyone trying to organise hundreds of photos on a hard drive, or clean out a basement. Management must discover what it has, sort it into logical piles, and assess the value of the individual items against some larger goal. Business technology portfolio management is essential. Managers of financial assets, for example, would not presume to act without a full understanding of all their holdings. Portfolio management is widely applied in other management functions as well, including strategic planning and new product development. Most business technology executives know of it, and many practice some form of it, but it has not often been granted the strategic role it deserves. Many companies don’t reap the full rewards because they see it only in financial terms, think of it as a software tool, or view it as a tactical approach for managing projects. At its best however, PPM takes all of a firm’s assets and activities into account. It is truly a more effective means of giving an entire company better information to develop strategies, manage risks, and execute plans. PPM unites an organisation’s efforts at every level. It is a completely different way of seeing, assessing, and planning the business — somewhat analogous to financial portfolio management. For example, in finance, an investor identifies and categorises all assets to form a portfolio, which provides aggregated views of individual investments. The investor might see that the portfolio is weighted too heavily in one industry, has redundant exposure to one type of security, carries a certain level of risk, and promises a certain level of return. The investor can set a strategy and construct a portfolio likely to achieve an appropriate balance of risk to return. In much the same way, business technology assets portfolios reveal what technology a company owns and what its various arms are trying to accomplish. Management can
use a portfolio approach to decide which activities are more likely to support the enterprise business strategy. The strategic role of PPM is nothing short of providing an enterprise (regardless of size) with a tool for better aligning its technology spending with current and future business needs. PPM creates information and insight to help management make such decisions as: Defining business improvement options and scenarios Analysing implications and impacts of potential initiatives Setting target allocations for investment categories Evaluating and making decisions on project requests Evaluating the health of business and technology assets Determining appropriate sequencing of major programmes Managing risk mitigation across the enterprise Identifying and resolving critical projectrelated issues Through its centralised view of all technology projects, a good business technology portfolio will make it easy to ensure that investments are well balanced in terms of size, risk, and projected pay-off. Used wisely, it will actually increase the value of technology by exposing projects that are redundant or risky while revealing how to shift funds from low-value investments to high-value strategic ones.
direction flowing down to meet suggested courses of action flowing up in a formal management process. PPM is, in fact, continuous. Strategic planning informs portfolio managers, who reassess programmes and projects. Information on the status of corporate assets, risks, and financial performance likewise influences subsequent strategic planning. PPM provides information that links business needs with business technology activities — enabling a converged viewpoint that is simply focussed on business outcomes, rather than advancing the interests of one group versus another. PPM allows an organisation to get beyond the incomplete approach of computing the RoI of individual projects. With a portfolio viewpoint, the payback of a project can be evaluated within the context of many projects contributing to a goal. The merits of individual projects are not seen in isolation but in consideration of their contribution to business capabilities that enable a strategy. Through a PPM implementation, no one group or project’s interest will advance at the expense of another.
—Faisal Hoque is the Founder and CEO of BTM Corporation. A former senior executive at GE and other multinationals, Faisal is an internationally known entrepreneur and thought leader. He has written six management books, established a non-profit research think tank, The BTM Institute, and become a leading authority on the
The Way It Is
issue of effective interaction between business
PPM improves the allocation of resources and reduces project failures through creation of a “single view of truth” about an enterprise’s operation. It generates a common vocabulary and metrics. It permits a comprehensive set of decisions to be made before action is taken, identifying and resolving conflicts. It allows strategic
and technology. His latest book, The Power of Convergence (AMACOM, May 2001), is now available. — This article has been reprinted with permission from CIO Update. To see more articles regarding IT management best practices, please visit www.cioupdate.com.
The Chief Technology Officer Forum
cto forum 07 november 2011
23
B E S T OF B R E E D
m a n ag e m e n t
An Open Letter to Your CEO
Business needs to stand up and take some responsibility too, it's not just IT's alone
By Marc J Schiller
Why You Should Listen to Me You’re likely wondering why you should listen to me, an author and consultant. After all, you have your own CIO with whom you can speak. Well, the fact of the matter is, we both know you don’t really listen to him — especially when it comes to hearing the hard messages. You’re tough, demanding, and don’t want to hear about problems. You want to hear about solutions. “Make it happen”— that’s your motto. To be fair, your CIO isn’t always that great at delivering the tough messages. But then again, can you blame him? You’re the boss. Everyone wants to please you. I’m an external consultant. I’ve got no axe to grind, no bonus on the line. It’s my job to “speak truth to power.” So here goes.
Illustration by joffy jose
A Basic Truth
D
ear Mr/Ms CEO, I know that you often get pretty frustrated with the IT group. I know you want your IT group to be successful. I especially know you want to get the greatest return on investment for every dollar you are spending on information technology. That’s why I’m writing this letter to you. I want to help you dramatically increase the RoI on every IT dollar you spend. No kidding. I’m talking about a 100x improvement in efficiency and efficacy. Interested? I figured you would be.
24
cto forum 07 november 2011
The Chief Technology Officer Forum
It’s easy to blame IT for everything technology-related that isn’t quite right. It’s especially tempting when it comes to delays or cost overruns on high-profile projects. That’s because a new system implementation acts as the perfect focal point for the many issues of the past. It’s as if all of the buried business and process issues of the past magically become an IT problem when a new system is implemented. It is this basic truth that sets the stage for everything I am about to share with you. Look, I know your IT group isn’t perfect. But you need to realise that the seeds of the problems you often face with large-scale IT projects were planted long ago. If you want to not only fix these problems, but turn your IT group into a powerful force for innovation in the process, you need to make some changes in the business. The good news is that the changes I’m talking about don’t cost a lot of money or require activities on the scale of a large system implementation. They are basic changes in mindset and attitude, combined with appropriate executive follow through. Since I know you don’t have the time or interest in a philosophical discussion of IT, I’m going to focus on the three really big and important things you can do to dramatically improve the performance and RoI of IT at your company.
m a n ag e m e n t
Number 1: Get a grip on reality. I mean it. Stop expecting your internal IT shop, with its limited resources, to design and deploy systems that have a similar look and feel to what comes out of Google and Apple. Those vendors have tens of thousands of programmers and designers working day and night on their systems. It had better look great when they are done. What’s more, not only do these companies have much greater resources than you do, they control the scope of what they deliver to the general public very tightly. By contrast, your internal IT team has to deploy systems across a complex corporate environment. This involves not only the tech work but also the highly charged political work of integrating systems with people and processes. Another common departure from reality comes in the expectation that high-impact corporate systems can be deployed quickly. Forget about it. Nothing important and valuable happens quickly. You may want things to happen quickly, and you may use your force of personality and position to get the IT team to agree to unrealistic deliverables and time frames, but that doesn’t mean it’s going to happen. Bottom line: Spare yourself, and your organisation, the pain of socalled failing projects. Instead, really listen to what your IT leadership says is a realistic schedule and budget.
B E S T OF B R E E D
“Stop expecting your IT shop, with its limited resources, to design and deploy systems that have a similar look and feel to what comes out of Google and Apple. Those vendors have tens of thousands of programmers working” episodic basis, but only you can make this a permanent part of your company’s professional development programmes. Number 3: Tie IT project metrics to senior business exec pay. That’s right, you heard me correctly. If you want those big IT/business projects to work wonders in the business, tie the outcome metrics of the project to the pay of the senior executives the project is serving. It’s amazing to watch. I know because I have seen it. When the senior executives have a direct and personal financial stake in the on-going success metrics of the system/business process — NOT, I repeat, NOT the on-time delivery date target of the system — the entire project rolls out differently. All of a sudden there is not only interest and attention to the project, but a genuine engagement at all levels of the organisation. That’s because no senior executive wants to be out on his or her own. So, they quickly cascade those metrics and bonuses down their organisation to ensure that everyone is working together in order to achieve a common objective. Bottom line: If you want your business people to really care about IT project success, put their money where your mouth is.
Number 2: Teach the business, first hand. The IT group wants to do a good job for the business. But in order for them to be successful, they have to understand the business. The problem is, no one ever teaches them about the business. (The quarterly town hall meeting is far from sufficient.) The IT team (and just about every other group, by the way) needs the opportunity to learn about the various aspects of the business beyond their departmental focus. They need to understand the goals, objectives, plans, organisation, challenges, opportunities and more of the other departments and functions they serve. In short: they need to get inside their ‘customer’s’ mind. To make this happen, create an on-going learning programme that teaches about the company’s strategy, operating model, competitive advantage, products, services, customers, distributors, competitors, logistics, manufacturing and so on. Make it a goal that no IT analyst in your company ever walk Is That Everything? into a requirements gathering session with users and ask those No, far from it. But it’s a great place to start. Besides, I know you painfully obvious questions like “what’s your role,” or “what have limited attention span. exactly does your group do,” because there was no way for them If you are interested in learning more, drop me a note atmjs@ to get that information on their own. marcjschiller.com and I’ll tell you about two addiAnd don’t stop with classroom learning. That’s just tional things you can do that will not only improve the beginning. If you want the IT group to really “get your RoI from IT but will also boost the morale of the it,” they need to walk in the shoes of their peers — or IT team. as close to that as possible. That means sending IT Thanks for listening. I’ve got to get back to the IT will be spent on guys now. people out with sales reps and customer service agents. It requires having them work in the warehouse with the Sincerely, public cloud inventory managers, and getting them to crunch numMarc J Schiller services in 2011 bers with the finance team. in emea Bottom line: For the IT group to really “get the business” on a visceral level, they need to experience the business, —This opinion was first published in CIO Insight. For more firsthand. The CIO may be able to arrange for this on an stories please visit www.cioinsight.com.
$16bn
The Chief Technology Officer Forum
cto forum 07 november 2011
25
Security Leadership Awards 2011 Recognising the best minds in Security Leadership & Innovation
In an attempt to recognise those individuals who have contributed and succeeded in pushing the boundaries when it comes to innovation in information security, CSO Forum, brings to you, the 1st Annual Security Leadership Awards. Judged by our esteemed council, the Security Leadership Awards bring those individuals to the forefront who are constantly innovating and pushing the boundaries of security within the enterprise.
C
M
Y
CM
MY
CY
CMY
December 2, 2011 ∞ Pune, India For details log onto
http://www.thectoforum.com/csosummit2011
K
About the Security Leadership Awards Security management is now recognised as a key business enabler. Forward-thinking security leaders have made tremendous progress in driving tighter linkages between business excellence goals and security actions. Their contributions need regular industry driven; peer-acknowledged awards to highlight the best successes; recognise the function and provide encouragement for future innovations in Security Management The Security Leadership Awards is a dedicated platform to recognise such security executives; their teams and organisations for outstanding achievement in the areas of risk management, data asset protection, compliance, privacy, physical and network security.
Highlights
• Six Award categories • Eminent jury members • Transparent nomination process • Awards ceremony on 2nd December, during the 4th Annual CSO Summit, 2-3 December, 2011 at Pune
Why participate
• Get recognised as a star by leaders of • • •
the industry Join an exclusive club of achievers Learn from successful peers in an exclusive knowledge forum Share your and your company’s success stories
Award Categories 1. Security Practitioner of the year 2. Security Innovator of the year 3. Security Project of the year 4. Security Organisation of the year 5. Promising star 6. Security Visionary of the year
Who can apply?
• CSO's and CISO's • Heads of Information Security /
Information Risk & Compliance and their team members of companies operating in India.
Nominations open! To nominate yourself or your CISO/CSO logon to http://www.thectoforum.com/csosummit2011 or contact Vinay Vashistha at +91 9910234345 or email at vinay.vashishta@9dot9.in
BEST OF BREED
c a s e s t u dy
Case Study | Bajaj Capital Ltd
Capitalising on Analytics Challenge:
Jijy Oommen and her colleagues at Bajaj Capital Ltd, implemented a software programme that took three people less than 45 days to build. The application is now used across the company and has significantly boosted customer retention
I
By Harichandan Arakali
n the hyper-competitive world of financial services, tarnished by crises past and on-going, success is as much about demonstrating transparency and integrity, as about meeting customer expectations in terms of monetary gain. How can technology help? Here’s a simple story about a less complicated, but far-reaching implementation that tackled the challenges of customer retention and employee attrition, de-linking them to some extent. In the process, this project at Bajaj Capital Ltd also boosted transparency internally by bringing customer data analytics to every person in the company who needs to maintain relationships with clients for service and ongoing business. Typically, in a large financial services group such as Bajaj Capital, the number of field sales personnel will be considerably large. This sales force will be the one that 'front-ends' the company's products and services from branches spread geographically across the country. “Our business is a retail-based business,” said Jijy Oommen, Group CIO at the company, “so the customer base is so large that retaining existing customers and sustaining business with them is a challenge.” Keeping track of existing customers, meeting their requirements, and serving new ones alongside, is a very serious exercise, keeping in view of large amounts of data and information that is constantly changing.
28
cto forum 07 november 2011
The Chief Technology Officer Forum
In such a large customer base, running into perhaps several tens of thousands, “while we keep acquiring customers, we keep losing some of them, at the end of the day the challenge is to make that funnel narrower and narrower,” she said. Then, given that transactions involve money, customers over a period of time develop 'comfort-level' with specific relationship managers of the company. In a competitive business environment, when such employees leave, customers who trust them tend to follow. At the sales and customer relationship management end, Oommen said attrition levels in the industry can be as high as 30 - 40 percent.
Client Search Engine Oommen’s team has leveraged the huge customer database in the company's back-end database, including complete transaction histories, behavioral patterns and so on. “We developed a tool exclusively for the sales team in last year, called the ‘Client Search Engine’ and the application is opened to the entire sales force of the organisation.” As the result, from their own locations, wherever they are, our sales people are able to do complete analysis of their customers’ profile and business with the company. Consider a small branch, with a team of 10 people trying to serve about 10,000 customers. Given the high
Photos by Subhojit Paul
Jijy Oommen, Group CIO, Bajaj Capital Ltd unravels the mystery of a simple software program that tackles attrition and customer retention
attrition levels across the industry, half the team could be new or in some cases, even the branch manager himself could be new to that branch. This is an important area where the Client Search Engine makes a huge difference. It doesn't matter how new a person is to the company. Depending on the access rights, one can get the customer details at fingertips, in a matter of seconds. With Bajaj Capital being in this business for close to half a century, the relationship management team can get information needed to reach out to a customer or help with a particular investment, be it a client who falls in the “new clients” category, who typically have a one to three-year relationship with the company or a client who started a few decades ago and continues to be loyal with the company. The search engine then also helps relationship managers recognize the customer loyalty, in the latter's case, and go the extra mile to help that longstanding customer. Matters also become more complex with the transaction numbers being fairly high, with the customers' needs ranging from tax savings to one-off, ad-hoc investments that might be over and above other systematic investments, and even trading requirements.
In 15 Seconds
COMPANY DASHBOARD Company: bajaj capital Ltd Established: 1964 chairman: K K Bajaj group companies: Bajaj Capital Insurance Broking, BHAC, ICOFP, Just Trade
“With this as the context, you can imagine the difficulty in opening up analytical capabilities to the end-user of the IT systems,” Oommen said. "What we've done is created a data repository using a custom-built ETL application at the back-end on high speed SAN and Intel Nehalem Class Processor based clustered blade servers”. “Further, we have integrated an analytical engine with this data repository and linked it with the enterprise application with a single sign-on interface.” At very high speed, a matter seconds, the analytical engine taps the customer profile database and the transaction history and brings up information dynamically based on the queries set by the user. The queries can be varied over a set of as many as 20 parameters.“They get the data view in two to 15 seconds, depending on the size of the data,” Oommen said. This immediately benefited the users by giving them information on 'active' customers the period over which these customers have been active, or ‘inactive’ or even 'long-inactive' relationships. The search engine thus gave us a chance to re-vitalise various customer relationships. It also gives them the ability to prioritize which relationships The Chief Technology Officer Forum
cto forum 07 november 2011
29
BEST OF BREED
c a s e s t u dy
“The application shows you just one page, with three different radio buttons and a few columns. Just run it and from that screen itself, you can view the complete transaction history of a customer” Jijy Oommen, Bajaj Capital Ltd
to act on first depending on the revenue potential, portfolio size, activity level, etc. “We took hardly 90 days to build the search and analytical engine with my colleagues comprising of a project manager and two developers from the team of 40,” she said. The product was so convincing and friendly to the user community that the senior business executives themselves decided to champion the implementation.
One-Page View "The application shows just one page, with three different tabs, and a few columns. From the same screen itself, you
can view the complete transaction history of the customer, since inception, also" she said. Starting in February this year, the application has been made available at every branch office of the company. “This project on the other hand, has been both cost efficient and time efficient. With a very little effort, it has given outstanding results. In the last few years, this would certainly top list the successful projects that gave us great satisfaction,” she said. The benefits have been quite visible as well, Oommen said, this year so far, in comparison with last year, in terms of customer retention and repeat business with existing customer
base, we have seen an improvement of 10 - 15 percent. Given that acquiring new customers and boosting business from them is definitely higher, retaining customers pays off, the longer the company is able to retain them. Finally, an important reason the project succeeded was that “it was ideated with the Group CEO,” Anil Chopra, from the start, whom Oommen considers her mentor. “Business doesn't have time to wait, right? Anything where they see quicker turnaround time, it certainly adds value for the business. It was probably one of the more satisfying ones for him as well, from an IT implementation perspective,” she said.
COVE R S TO RY
i n n o vat i o n
Lateral thinking CIOs are using their tech knowledge to conjure up innovations that directly help businesses boost revenue and bottom lines. Their CEOs are impressed
32
cto forum 07 November 2011
The Chief Technology Officer Forum
i n n o vat i o n
F
imaging BY suneesh k
rom putting real-time
COVE R S TO RY
inside
data into the hands of front34 | Taking on the Innovation Mandate line sales staff to beaming 37 | Real Innovations Real Impact accurate radiology images to 40 | Delivering Innovation surgeons who might be away from the hospital, to building business models that profitably allow thousands of small-transaction customers to send and receive money on their mobile phones, CIOs in some of India’s corporations are quietly ushering in an innovation revolution. Be it responding to the economic environment of the day or consumerisation of IT, “The new CIO will not just supply technology but will be responsible for sourcing technology solutions and developing services for business,” said Khalid Kark, a Vice President at Forrester Research Inc. “It will not matter who provides the technology — what is important is how these technology services get orchestrated to create value for the business,” Kark said. They are overhauling the mandate of the IT enterprise and shifting away from providing mere systems support to come up with business solutions based on their technology savvy. Their CEOs can’t have enough of it.
The Chief Technology Officer Forum
cto forum 07 November 2011
33
COVE R S TO RY
i n n o vat i o n
Taking on the
Innovation Mandate CIOs are no longer just the caretakers of your IT infrastructure. They have now donned the mantle of innovators and change makers By Harichandan Arakali
I photo BY Jiten Gandhi
nnovation — one of the most
bandied about, abused, and cliched terms in business today, worldwide. Yet, if one strips away the marketing and PR gobbledegook, the word does mean something: even with the simple definition that an innovation is a novel application of known knowledge to generate tangible value. In this context, by putting real-time data into the hands of front-line sales staff, to beaming accurate radiology images to surgeons who might be away from the hospital, to building business models that profitably allow thousands of small-transaction customers to send and receive money on their mobile phones, CIOs in some of India’s corporations are quietly ushering in an innovation revolution. Be it responding to the economic environment of the day or consumerisation of technology, “The new CIO will not just supply technology but will be responsible for sourcing technology solutions and developing
34
cto forum 07 November 2011
The Chief Technology Officer Forum
“What I'm looking for are productivity solutions that can be used from anywhere in the world.” VP Aiyappan Pillai
VP, Business Process Transformation, Tata Communications
i n n o vat i o n
services for business,” said Khalid Kark, Vice President, Forrester Research Inc. “It will not matter who provides the technology. What is important is how these technology services get orchestrated to create value for the business,” Kark said in a report titled, The New CIO — Embrace The Empowered Era Or Step Aside. CIOs are overhauling the mandate of the IT enterprise and shifting away from providing mere systems support to come up with business solutions based on their technology savvy.
Custodians of Converged Services
COVE R S TO RY
Interview
I Hear You Mr CEO W
hen Anil Chopra, Group CEO of Bajaj Capital Ltd, wanted to put near-real-time customer information in the hands of his front-line sales staff, his CIO turned out to be the perfect person to turn to. Jijy Oommen, the CIO and her team took less than two months to build an application that gave a one-screen view of vital customer information (see our Best of Breed Case Study). The easy-to-use application tackled two problems with one stroke — the need to enhance customer retention via superior service and the importance of empowering new employees in an industry with very high attrition rates.
ent search engine.
?CTO Forum: In general, what is the most impor-
tant thing you expect from Jijy, or someone in her position — a business technology leader? Chopra: I expect Jijy or and the other team members to have clarity of thought process, clear understanding of expectations and ability to deliver within a given time frame.
?CTO Forum: How does this project demonstrate
that technology leaders in your group are delivering on that expectation? Chopra: Execution of this project from ideation to launch has increased our confidence in our technology leaders and has given us an edge over our competitors. Generally, there are time overruns in IT projects. However, this project was executed and delivered earlier than promised and with not many bugs. Hence, it was easy to launch the same in the system as the architecture was so robust and user-friendly that team members learnt to use it like fish take to water. What excited me and my front-line sales staff was not the technology that went into delivering the required information or the fact that it would give us an edge over competitors, but the elegance and the user-friendliness of the whole solution. I am particularly happy about the project being delivered ahead of the promised deadline and that it was so intuitive that the end users, the sales and marketing personnel adapted to it quickly. That’s what I call true innovation.
“I'm not looking to merely manage infrastructure,” said VP CTO Forum: When this project Aiyappan Pillai, Vice President, was still at the ideation stage, Business Process Transformation, what were the attractions of Tata Communications Ltd. “What doing something like this? I'm looking for are productivity Chopra: Data mining is the key solutions that can be used from to effective engagement with anywhere in the world.” What existing clients. Over the years, he is seeking is a converged conI have been conceptualising nectivity model. This presupposes certain parameters and requesting that the underlying infrastructure our IT Team to apply those on our will be available just as much vast database of clients and share the without anyone's intervention. results with me. What will be important is the Whenever I carried these reports and shared them accessibility to the applications, with team members on the ground, they would no matter where a user is and exclaim “Wow Sir! Can't we get such useful reports what the application is. and MIS regularly?” “CIOs will be increasingly quesThese thoughts were haunting me for last few tioning how a service is delivered. years, and one fine day I decided to throw this chalModern technology services need lenge at our IT Team Head, Jijy Oommen. When I to reflect a certain intelligent and was articulating my expectations from the IT group, holistic approach”, said Baiju there was enthusiasm as well as impatience besides Gujarathi, Vice President for IT excitement in my voice. I was excited thinking about Governance at Repro India Ltd. the reaction of sales team members when they The objective will be to keep the would be equipped with this specially-designed cliend-user experience in focus at all times, he said. The end-user experience will be a strong determinant of what the services manshould view them as people who help bring aged by the CIO’s team should be like. technological solutions to business probIT today has become an intrinsic part of lems, Gujarathi said. Eventually, no matter most businesses. Business growth can be what technologies are adopted by the busisignificantly aided by IT. Therefore, the ness, they will connect with the information involvement of the CIOs is important and system at some point, he said. instead of seeing them as personnel that CIOs are increasingly seeing themselves maintain IT infrastructure and systems, one
?
as custodians of converged and businessenabling services, and their CEOs can’t have enough of it. “We are proud of our technology group,” Bajaj Capital’s Chopra summed up this sentiment, talking about his CIO and her team. Chopra’s enthusiasm for the data mining project reflects what top execuThe Chief Technology Officer Forum
cto forum 07 November 2011
35
COVE R S TO RY
i n n o vat i o n
Brave the winds of change or lose the game T
he CIO's role is about to change drastically and significantly, said Khalid Kark, VP and Research Director at Forrester Researc Inc, in a report, The New CIO — Embrace The Empowered Era Or Step Aside. CIOs who continue to manage technology and focus only on execution will not survive, Kark said. The ones who embrace this change and step up to enable the business, empower the employees, and encourage innovation across the organisation will succeed in this role. To succeed in this new empowered era, the CIO will need to move along the following five dimensions: From alignment to convergence: CIOs who can only take orders, who can't speak the language of the business, who can't step out of the proverbial back office and into the front lines will not last long. Forrester data suggests that more than two-thirds of IT leaders wait for business leaders to finalise their strategy before IT formulates its own. This is a recipe for failure. To succeed, the CIO will have to converge with the business and not think of IT as a separate discipline. From execution to innovation: Project execution and on-time delivery are not goals but table stakes today. Having this focus will not be enough. You must drive innovation and boost business-partner relationships. One way to do this is to reach out to business innovators and create zones that provide an environment for rapid innovation. Getting their input and providing services and advice will ensure that you are brought into the loop when new opportunities surface. From technology supplier to services orchestrator: The traditional
role of the CIO has been to manage the technology needs of the organisation. The new CIO will not just supply technology but will be responsible for sourcing technology solutions and developing services for business. It will not matter who provides the technology — what is important is how these technology services get orchestrated. From operations to business outcomes: A measure of a successful CIO used to be operational excellence. The primary task for the CIO was to ensure uptime and reduce cost by delivering services more efficiently. Today many CIOs are being measured on revenue growth, customer intimacy, and their contribution to innovation. This focus on business outcomes ensures the CIO is focussed on business priorities. From rules to guardrails: IT often enforces rigid rules and convoluted governance processes. IT must evolve new governance approaches that empower the business with providing 'guardrails' and education, reserving strict technology control for only the most critical technology assets. This will be a radical change — from layered technology management to new rules for ownership, accountability, and responsibility. The empowered era brings not just a change in technology but a change in attitudes, behaviours, and technical competencies within organisations. The empowered CIO spends a majority of his/her time in engaging and empowering users and customers while delegating and outsourcing technology management and operations. CIOs that are not willing to make this shift will fail. For Feedback: Mail to Khalid at incomment@forrester.com
“CIOs will be questioning how a service is delivered. Modern technology services need to reflect an intelligent and holistic approach” Baiju Gujarathi
VP, IT Governance at Repro India Ltd.
tives increasingly see to be the role of the CIO. Chris Potts, award winning writer, corporate strategist and mentor to CIOs, in a paper titled The Four Generations of Corporate Strategy for IT has said: “What matters most to executives is not how well people are exploiting IT, but how well the
36
cto forum 07 November 2011
The Chief Technology Officer Forum
enterprise is achieving its goals from all the investments it makes.” CIOs as agents of innovation are in a position to add serious value to two areas that Potts points out are interrelated: Operations and investments in change. “These investments are in two distinct but interrelated capabilities — operations, and investing in change — and IT is deeply integral to both of them,” he said. “Each demands a different leadership mindset, skills, and measures of success. There are tough creative tensions between them that cause a conflict of interest for anyone who is equally responsible for both,” he said. Well, CIOs are, and whenever they succeed in harnessing that creative tension to deliver business value via an innovative solution, to be sure, support from the CEO is a cinch.
XXXXXX
COVE R S TO RY
Real Innovations,
Real Impact
Technology gyan is easy. Delivering it as ‘applied gyan’ on the ground isn’t. CIOs in sync with organisations’ big-picture mandate deliver innovations that make a difference By Harichandan Arakali
E
arlier this year,
Neena Pahuja, CIO at Max Healthcare Hospitals, got a phone call from a wellknow radiologist on staff at the group and what he said surprised her: “Hey, you saved a life today.” What had happened was that the radiologist was part of a pilot programme in which Pahuja and her team were testing out delivering radiology images to the experts’ smartphones. The images would be detailed enough for the doctors to actually make some observations and diagnoses there and then, quite literally saving lives.
photo BY Subhojit Paul
Innovation That’s Saving Lives The pilot, now expanding across the Max Healthcare chain, had at such an early stage demonstrated that it could dramatically slash the time required for such processes in comparison with the conventional way of doing it, where the doctor would have to be physically present. The phone call was about a young patient who had been brought to the hospital following an auto accident in the early hours of one morning. The radiologist, who wasn’t at the hospital, was still able to look up the
radiology images and spot an internal bleeding, and make various recommendations that helped save the patient’s life. Pahuja is now orchestrating a much more ambitious deployment: “I am currently supporting a Radiology Information System implementation,” she said, “where we bring in integrated radiology systems with ‘voice recognition’ for radiology reports together with pathways for tele-radiology.”
“We pick the best practices for productivity improvement from other industries and also from the hospitality industry” Neena Pahuja
CIO, Max Healthcare
The Chief Technology Officer Forum
cto forum 07 November 2011
37
“This system will ensure standards for reporting, audited second opinions in instances of complicated cases from across locations and also integration with complete patient records as part of an Electronic Health Records system,” she said. The voice recognition additionally reduces the TAT (turn-around time) for reporting and also adds to better customer experience. The hospital chain would be formally launching the project soon, she said. As CIO, she has to help ensure that in an industry dealing with the lives of people, appropriate care and quality checks are performed before rolling new process/technology. For improving services, “we also pick the best practices for productivity improvement from other industries and also from the hospitality industry,” Pahuja said. She said her role had become the natural fulcrum of many of the projects that the hospital chain was rolling out, with the increased penetration of technology.
Business is the Mandate Pahuja’s ideas on CIOs being roped in increasingly to fulfill a business mandate via their knowledge of technology finds resonance with Kadab Mukesh, Chief Business Operations Officer at Tata Sky Ltd, one of India’s largest direct-to-home (DTH) satellite services. Mukesh firmly believes that any innovation must first have a solid business case. Once that happens, it is more a question of how and when that innovation is delivered. Kadab and his colleagues at Tata Consultancy Services Ltd, decided to go the cloud way to launch a customer self-help portal that would help the DTH services provider manage capacity cost-effectively without dropping service quality. “Keeping capacity idle indefinitely is expensive,” Mukesh had said, when CTO Forum first asked him about the portal in April. “In some areas, it’s cost-effective to raise capacity in-house while in others it isn’t. For example, raising capacity in call centres is hugely expensive. Traditionally, even in IT, raising capacity for self-service is expensive, he said. The portal, launched on Amazon’s cloud infrastructure, made it relatively easy for Tata Sky to scale up some capacity and scale down as required. This portal, accessed via the DTH provider’s website, allows sub-
38
cto forum 07 November 2011
The Chief Technology Officer Forum
“In some areas, it’s cost-effective to raise capacity in-house while in others it isn’t.” Kadab Mukesh
Chief Business Operations Officer, Tata Sky
scribers to make payments, change their preferences and keep track of their packages. “They use it a lot,” said Anil Eipe, a Project Director at Tata Consultancy, who supervised the deployment of the portal. “When I have around 200-300 concurrent users or sessions on a normal day, at the time of something like the cricket World Cup season, we saw that this would shoot up to 1,600-1,700 concurrent sessions.” This means at any given point in a day, as many as 1,700 subscribers would hit the portal at the same time. That such surges in usage are driven by broadcast events or programmes, the ability to dynamically allocate capacity would make a big difference. “What happened was that it came to a point where we needed agility in increasing the resources for a short duration,” Eipe said. “We weren't keen to buy that hardware and keep as an idle investment. We were looking for a model that could give us this benefit both commercially and technologically.” They found that model in the Elastic Compute Cloud service offered by Amazon Web Services, an Amazon.com company. What Tata Sky did was to ensure seamless integration with the back-end that was still residing in the DTH provider’s own data centre.
photo BY S radhakrishna
i n n o vat i o n
Innovation in Financial Inclusion
“A CIO can do a lot to bring banking to the under-banked in India” Umesh Jain CIO, Yes Bank
Helping people help themselves is demonstrated even more spectacularly when it comes to financial inclusion. “What can a CIO do to bring banking to the underbanked in India — at least at the level where people can only transact in a few tens of rupees or a couple of hundred rupees at a time. The answer as showed, is, ‘a lot’,” says Umesh Jain, CIO, Yes Bank. In a three-way partnership with Obopay Inc, a mobile payments technology platform provider, and Nokia OYJ, one of the largest makers of mobile phones in the world that has also invested in Obopay, Yes Bank is rolling out a mobile payment service that allows people to use their cell phones to make make purchases, pay bills and send money to one another. Yes Bank and Obopay India introduced their mobile-phone-based service last year, initially with a prepaid instrument. This service established a platform that enabled transfer of money using the mobile phone
photo BY Jiten Gandhi
COVE R S TO RY
i n n o vat i o n
“I personally think it will enable, if not more, at least 15 minutes of productivity improvement per person per day at MindTree” Sudhir Kumar Reddy CIO, MindTree Ltd
in a secure manner, according to a company statement. The bank had received the regulatory approvals from the Reserve Bank of India to act as the Issuing Bank and the custodian of funds under these services. The prepaid mobile payments service was initiated as a pilot in Pune, and then extended to Chandigarh, Mohali, Panchkula and Nashik. “Everyone is gung ho about the mobile phone today,” Doraiswamy PP, Executive Vice President at Yes Bank, told CTO Forum in an interview in May. "The kind of reach that the mobile channel has can't be matched by even the internet or ATMs or any other channel today," he said. When the bank finalised its partnership with Obopay in 2008-2009, it also decided that it will initially start with a prepaid instrument. How this works is as follows: With the bank according Nokia the status of 'Banking Correspondent,‘Nokia’s individual retail shops are enrolled as ‘agents’ that the people looking to use the mobile banking service with Yes Bank can approach. 20,000 Transactions a Month: With the prepaid service, which is not dissimilar to using a prepaid coupon to top-up the cellphone, customers would download Obopay’s application on their cell phones, which would be activated once their registration with the bank was successful. They would basically make a deposit with the Nokia 'agents' and then get to use the mobile application to make payments. When they have exhausted a deposit, they can go back to an agent and make a fresh
deposit and start again. On customer request, they are also being issued ATM cards using which they can withdraw the money as well. After the pilot launch in mid February 2010, by May the bank was hosting about 48,000 customers in Pune, Chandigarh, Panchkula, Mohali and Nashik and ramping up services in these cities gradually, according to its statement. Yes Bank by then already had customers make some 20,000 transactions a month, worth a total of about Rs 17 lakh, giving an average 'ticket size' of Rs 85 per transaction. Therein lies another unique advantage of the cellphones: Just as people in India are used to topping up their mobile-phone credits with coupons valued at as little as Rs 25, Yes Bank's successful experiment is allowing them to transact in amounts as small as Rs 100. Already, "We're working on integrating our bank account transaction processes with the mobile platform," Doraiswamy had said. “Obopay's low-cost business model is built around an open, scalable technology platform and a rich and diverse partner ecosystem,” Navi Radjou, Executive Director of the Centre for India and Global Business at the Judge Business School, Cambridge University, said in a blog for the Harvard Business Review in October
COVE R S TO RY
2009. In a conversation with Carol Realini, the CEO of Obopay, Radjou said, partnerships including the one between Yes Bank and Obopay “encourage a more frugal mindset among consumers, who embrace their ‘pay before’ spending paradigm (via prepaid mobile accounts) as opposed to the ruinous ‘pay after’ model (with credit cards) which fuelled the financial bubble” that led to the current recession.”
Innovation That Says ‘Be Yourself’ “Today, 22 per cent of employees say that they have used a non-IT-provisioned service over the web to perform their job function — not to update their Facebook accounts, but to do real work,” has said Khalid Kark, of Forrester Research. Sudhir Kumar Reddy at MindTree Ltd, a computer services provider based in Bangalore, is one of the CIOs who is proactive in combating this sentiment. He championed and launched a portal at MindTree, called The People Hub that he expects will go way beyond the company’s existing intranet, and have much more far-reaching results for its employees. He hopes it will make working at the IT and product engineering services provider a lot more fun, in addition to making life more convenient and productive. The benefits of this portal are that “I personally think it will enable, if not more, at least 15 minutes of productivity improvement per person per day at MindTree,” he said. Reddy expects the portal will be very people-friendly and that he can deliver whatever his business stakeholders want much more efficiently. The beauty of this platform is that "everything is like a miniapp," which means that adding a new one would take more like a week for delivery rather than months, he said. "It means I'm really giving business agility to the organisation," he said. This is something that is very close to Reddy’s heart: “Is it possible to let people be themselves and still get the best out of them? How do we create an environment that enables this?”
40k
is the estimated number of patents filed and owned by IBM
The Chief Technology Officer Forum
cto forum 07 November 2011
39
COVE R S TO RY
i n n o vat i o n
Delivering
Innovation Successful Indian companies across verticals have evolved great innovation strategies. This is extremely relevant to today’s CIOs By Rishikesha T Krishnan
I
ndia: Increasingly an nnovation-
driven market. What’s common between Tata Motors, Bajaj Auto, Biocon, Titan and Pantaloon? Of course, they are all large and successful Indian companies. But, consider the following: Tata Motors wasn’t even in the car business 20 years ago. Yet, today it is India’s third largest car manufacturer and well ahead of top brands like Toyota, Honda and Ford in terms of volumes. It has created robust product platforms around the Indica, Indigo, and Nano brands, specifically designed for the Indian market. Until 10 years ago, Bajaj Auto was an insignificant player in the motorcycle industry and still largely dependent on scooters and autorickshaws. Today, it is the second largest motorcycle company in the country and a strong leader in more powerful and stylish sports bikes. The root of Bajaj’s success was the development of the Pulsar, a bike that combined power, style and fuel
40
cto forum 07 November 2011
The Chief Technology Officer Forum
economy based on its DTSi technology. Biocon entered the biopharmaceutical business in 1998. Today it is regarded as India’s leading biotech company. It is well ahead of other Indian companies in the production of biosimilars, and may launch India’s first locally-developed novel biotechbased drug in the next few years. It has used product and process innovation to exploit its core capability in fermentation technology. Titan’s turnover has shot up to the one billion dollar mark in the last few years riding on the back of accelerated growth in the jewellery business. While its purity plank attracted customers, they also liked the designs the company has created to address the mass market. Pantaloon (Kishore Biyani’s Future Group) is one of the country’s foremost multiformat retailers with a national footprint. The company has constantly experimented with new formats, based on a culturally-embedded and intuitive understanding of the Indian consumer.
What’s common among these five companies is that they have attained leadership positions thanks to their well developed and executed innovation strategies. While the importance of innovation in global markets remains clearly visible — Toyota’s success with the Prius and Apple’s cash balances of more than $75 bn based on the success of the ipod, iphone and ipad underline this once again — the emergence of innovation as a differentiator in the Indian market is of relatively recent origin. Innovation will be even more important for Indian companies and multinationals targeting Indian and other emerging markets in the years to come. While there may be a fortune at the bottom of the pyramid, to quote CK Prahalad’s evocative idea, getting to that treasure will need an ability to understand emerging customer needs well, design products and services to meet these needs, and to find processes and business models to deliver these products and services at an affordable cost.
i n n o vat i o n
What does this mean for IT Infrastructure? Information Technology (IT) plays a role in today’s innovation scenario in multiple ways: Ideas are the basic and most critical raw material for innovation. Employees across levels and functions can be great sources of new ideas. IT systems that capture, process, catalogue and archive ideas make the innovation process more robust. Innovation is all about processing information in creative ways. Understanding customer purchase and usage patterns depends on the generation and communication of timely and accurate data from the point of sale. Capturing data on the failure of past products or shortcomings in service delivery help identify areas for improvement, new product and service ideas as well as prevent the repetition of past mistakes. Mining service records can be a great source of inputs. Successful innovation is all about mixing and matching different ideas. Databases containing ideas generated in the past can often be re-used. So can components and parts from earlier products. Product development is a complex exercise. A car or even a motorcycle has hundreds of parts. Changing the design of just one of these can have consequential implications for the design and functioning of other parts. Product Life Cycle Management (PLM) solutions have emerged as important tools to manage this complexity over the life cycle of a product. Very few innovation efforts are today undertaken by companies on their own. Tata Motors has worked with a large network of vendors to redesign components to bring down the cost of the Nano. Biocon’s innovation efforts involve collaborations with large pharmaceutical companies, Many companies are keen to embrace a culture of open innovation, and IT provides the collaborative platforms for people within the company and outside the company to contribute to the company’s innovation activities. IBM has
COVE R S TO RY
“For CIOs the past was about ERP, CRM, e-commerce, supply chain management and security. The future is about providing IT support to support innovation” Rishikesha T Krishnan
Prof, Corporate Strategy & Policy IIM, Bangalore
held web-based global innovation jams where it invites users from all over the world to share their ideas and co-create new solutions to problems. Capturing the value of innovation depends on execution excellence. Without management of the supply chain — both at the front end and back end — innovation will result in piled up inventories, stockouts, or the wrong product at the wrong place at the wrong time. IT support for logistics, supply chain management and inventory management become critical in an innovation-driven business strategy. For example, Titan creates hundreds of new watch models every year and has hundreds of retail outlets across the country. These are just some of the ways in which IT is involved in the innovation process. In addition, IT is increasingly involved in the core functionality itself. What does this mean for CIOs? For CIOs, the past was about ERP, CRM, e-commerce, supply chain management, and security. The future is about providing the IT support to support innovation. As we explained above, IT plays an impor-
70%
global 2000 organisations will have at least one gamified application by 2014
tant role in facilitating innovation. Clearly, the information needs of innovation-driven companies are challenging due to their scope and complexity. But the bigger challenge comes from the need to be flexible and adaptable. Innovation is all about change, agility and responsiveness. This means that it is difficult to foresee how innovation will unfold in the future. The needs of innovation teams in companies are bound to evolve in different directions. While the implications for technology point to flexible architectures based on an array of customisable plug-and-play tools, I see the biggest challenge not in the technology but in the ability of the CIO to understand the innovation strategy of the company and be proactive in providing the best technology support that the innovation programme needs. Innovation efforts in companies will flourish or flounder depending on how innovative their CIOs are! Are CIOs ready to take on this challenge? (Ed. Note: This paper was first published in the CTO Forum Red Book 2011) Rishikesha T Krishnan is a Professor of Corporate Strategy and Policy and the Jamuna Raghavan Chair Professor of Entrepreneurship at the Indian Institute of Management, Bangalore. He is the author of the book ‘From Jugaad to Systemic Innovation. The Challenge for India.’
The Chief Technology Officer Forum
cto forum 07 November 2011
41
NEXT
HORIZONS
Feature Inside
Economics of Cloud Computing Decoded Pg 44
photo by photos.com
W Tablets Rule Technology Trend Nine out of 10 organisations in North America are in some stage of adopting tablets for employee use By Guy Currier
42
cto forum 07 november 2011
The Chief Technology Officer Forum
e know that, in a certain sense, tablets aren’t exactly 'emerging'. Tablet PCs have been around for years, even if we only mark the introduction of the Microsoft Tablet PC platform as a starting point. But since the current definition of ‘tablet’ refers to the form factor, operating system approach and connectivity model of the iPad — and since, in our survey, we were able to make this distinction clear — we’re confident in being able to say that tablets represent one of the fastest-growing new technologies we’ve ever measured. The CIO Insight 2011 Emerging Technology Adoption Trends Study was fielded from September 6 to October 7, 2011. A random selection from corporate parent Ziff Davis Enterprise’s lists of readers and site visitors were invited by email to participate in the online study. The survey was completed by 382 respondents involved in new technology acquisition in organisations with 50 or more employees; each respondent was asked which of 41 emerging technologies their organisation is currently using, testing, or investigating, and what benefits they were expecting from this activity. The survey also
ta b l e t s
asked about current use and experienced benefits of a smaller list of recently emergent but better-established technologies. Unified communications (UC) is also surging this year — at last. In our 2010 study, roughly one out of four organisations with 50 or more employees showed no interest in UC. This year, that’s dropped to only about one in six. Even more notable, the percentage of respondents who are actively testing or piloting UC rose from 18 per cent to 27 per cent. What’s interesting about this is that it clearly shows an acceleration in adoption of UC, both in the number of organisations using it and in the scale of their UC deployments. The same can be said of IPv6 and locationbased applications: current testing levels are historically high for both of these — though for completely different reasons, of course. IPv6 is a required evolution in the structure and functioning of the internet that has essentially been put off as long as it can be at this point. So organisations are, by necessity, looking to begin deployments. The interest in location-based applications, on the other hand, is really the result of a maturing in our capacity to understand how much more can be done (beyond just providing maps or coupons) with the knowledge of where a worker or customer is. The disparate reasons for their emergence notwithstanding, IPv6 and location-based applications are two technologies that are likely to show accelerated adoption in the months and years to come. Not so for private clouds, however, even though it ranks No. 3 on our most-emergent list this year. It achieves this position because its adoption rate is strong, with roughly as many respondents testing (25%) as currently using (24%) private clouds. With private clouds, what we see is strong — but not accelerated — growth. Predictive analytics, an extension of the wave of business intelligence adoption that’s been sweeping through the enterprise since mid-2010, is also a strong-but-steady emerging area. Improved and increased data sources and 'mass-market' use of BI reporting, such as from web analytics or marketing-automation applications, are creating a host of new opportunities for businesses. Wireless services branded as '4G', however, might represent a different situation. So far as high-speed wide-area
data communication goes, 4G is almost by definition the only game in town, as alternatives such as WiMAX (also touted as a 4G-calibre option) and regional or 'muni' WiFi have not caught on. Given the increasing focus of the enterprise on mobile distribution of applications and data, clearly it’s been necessary to address wireless bandwidth. And in this, 4G excels. However, the availability, usability, and (especially) power issues associated with 4G might be giving organisations pause, not enough to take 4G off our list of most-emergent technologies for the second
“So it’s not surprising to see that tablets are recognised as helping with all the three major business goals today. This is what is making them such a hotly developing area of IT. This ‘cure all’ image is driving UC and private clouds as well” year in a row, but enough to keep growth from accelerating, particularly as some reassess the return on their 4G investment. In addition to exploring the market-based factors in the adoption of emerging technology, one of the key features of our Emerging Technology study year after year is the attention we pay to the business benefits that are driving interest in and deployments of the latest and greatest in IT. Whatever the economic conditions, your organisation is probably pursuing all three goals of profitability, versatility and growth — at least for different initiatives — and our survey can show you which new technologies are likely to be best for achieving each of these goals. This is especially true of the more-
N E X T H OR I Z O N S
established technologies we asked survey respondents about (those that are relatively new, but not new enough to call 'emerging'). For example, you might not associate an application infrastructure technology such as service-oriented architecture (SOA) with business growth. But it seems that in the era of distributed computing, big data and mobile applications, the interoperability that SOA provides means opportunities for the initiatives running on them. More respondents cited this as promoting business growth than any other of the moreestablished technologies we asked about. Cost savings are a particular benefit organisations have experienced from storage virtualisation, cloud-based storage, and desktop Linux; but for storage virtualisation and Linux at least, the benefit is definitely not business growth. Neither is it business versatility, a benefit closely related to costsavings. Business versatility has risen in importance recently as companies understand that the ability to react quickly to market conditions and opportunities is one of the chief protections they have against business risk. Here is where smartphones, in particular, show promise. After all, the reasons for technological progress are benefits-based. We didn’t jump on tablets because the iPad happened to have a particular feature set, any more than we jumped on virtualisation because VMware’s ESX Server 3.0 had achieved a particular performance level. Both tablets and virtualisation had been around for years. What made these emergent was the swiftness of the market’s reaction. So it’s not surprising to see that tablets are recognised as helping with all three major business goals today. This is what is making them such a hotly developing area of IT. This 'cure-all' image is driving UC and private clouds as well. But, inversely, you might find real benefits even from technologies that are considered niche (at least for now). Some examples include video VoIP if you seek more flexibility in your operations or service offerings, or user self-service if you want to manage IT costs. — Guy Currier is Senior Editor/Research for CIO Insight. — This opinion was first published in CIO Insight. For more stories please visit www. cioinsight.com.
The Chief Technology Officer Forum
cto forum 07 november 2011
43
N E X T H OR I Z O N s
c lo u d e c o n o m i c s
Economics of Cloud Computing Decoded Proper deployment of cloud can provide significant savings, better IT services and reliability By Kevin L Jackson
44
cto forum 07 november 2011
The Chief Technology Officer Forum
illustration by prince antony
C
loud computing, as defined by the National Institute of Standards and Technology, is a model for enabling “… convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” NIST is implying the economies of scale that go with cloud computing when it refers to a pool of configurable computing resources. Cloud computing is often referred to as a technology. However, it is actually a significant shift in the business and economic models for provisioning and consuming information technology (IT) that can lead to a significant cost savings. This cost savings can only be realised through the use of significant pooling of these “configurable computing resources” or resource pooling. According to NIST, this capability is an essential characteristic of cloud computing. Resource pooling is the ability of a cloud to serve multiple customers using a multitenant model with different physical and virtual resources dynamically assigned and reassigned according to demand. Cloud computing economics depends on four customer population metrics. They are: 1 Number of Unique Customer Sets 2 Customer Set Duty Cycles 3 Relative Duty Cycle Displacement 4 Customer Set Load These metrics drive the cloud provider’s ability to use the minimum amount of physical IT resources to service a maximum level
of IT resource demand. Properly balancing these factors across a well characterised user group can lead to approximately 30 per cent savings in IT resources, and enables the near real-time modification of the underlying physical infrastructure required for the delivery of the desired “illusion of infinite resources” synonymous with a cloud computing user’s experience. When implemented properly, the cloud computing economic model can drastically reduce the operations and maintenance cost of IT infrastructures. A 2009 Booz Allen Hamilton (BAH) study concluded that a cloud computing approach could save 50 to 67 per cent of the lifecycle cost for a 1,000-server deployment. Another Deloitte study confirmed that cloud deployments
c lo u d e c o n o m i c s
30%
N E X T H OR I Z O N S
es to a community made up of more than 25 agencies. delivered greater investment returns with a shorter Using the BAH study as a guide, and assuming that payback period when compared to the traditional oncommunity cloud economies mimic those expected premise delivery option. from a hybrid cloud, transitioning IT services from an In considering cloud computing for the Intelsavings on agency-owned IT infrastructure to the GSA IaaS platligence Community, security is an obvious concern. form should deliver benefit cost ratios of approximately Given the legal and operational concerns, classified IT resources 7:1. Cloud computing provides some strong benefits information should always be processed in properly through cloud and economic incentives. protected and certified IC private or community computing Selecting a public, private, hybrid or community cloud clouds. If a secure cloud model can be designed, ecoimplementation will depend on a customer’s specific nomic savings can certainly be realised. economics application, performance, security and compliance When used to process unclassified information, sharrequirements. Proper deployment can provide signifiing cloud computing resources can nominally provide cant savings, better IT services and a higher level of reliability. the operational advantages of a private cloud with a cost closer to that of a public cloud due to the expected economies of scale from Lower Costs combined user communities. Cap-Ex Free Computing The federal government is currently deploying a federal commuDeploy Projects Faster, Foster Innovation nity cloud. Officially referred to as the General Services AdministraScale as Needed tion Infrastructure as a Service Blanket Purchase Agreement (GSA Lower Maintenance Costs IaaS BPA; item No. 4 in the White House CIO’s “25 Point ImpleResiliency and Redundancy mentation Plan to Reform Federal Information Technology Management”), this Government Wide Acquisition Contract (GWAC) vehicle is designed to implement a community cloud economic model to support the federal government. — This article is printed with prior permission from www.infosecisland.com. The Office of Management and Budget (OMB) expects this comFor more features and opinions on information security and risk managemunity to provide approximately $20 bn in cloud computing servicment, please refer to Infosec Island.
E V E N T R E P ORT
juniper
Event
The New Age CIO
CTO Forum hosted Juniper’s CEO, Kevin Johnson, to discuss the changing role of a CIO Consumerisation of IT and security in the network were the key areas of discussion during the event at New Delhi
Delegates interacting with Juniper representatives during the networking dinner
Kevin Johnson sharing his thoughts on the latest trends in the IT industry
T
he CIO is today expected to be more than just a technology expert. It is expected that s/he will understand the complexities of the business at hand and also the intricacies of various functions within the organisation, all the while crafting technology solutions for the enterprise. It is also expected that the solutions that the CIO builds today will stand up to whatever challenges the future throws up at the business. To give crucial insights into these challenges that the CIOs are facing and how
46
cto forum 07 november 2011
The Chief Technology Officer Forum
CIOs across the world are handling them, 9.9 Media invited Kevin Johnson, CEO of Juniper Networks, for a highly interactive discussion held in New Delhi on September 28, 2011. The discussion was moderated by Dr Pramath Sinha, Founder and
Managing Director, 9.9 Media, who tried to clear the air around cloud computing asking Johnson if he was genuinely convinced about the economics of cloud. Replying to this, Johnson said, “If you do the mathematics behind the economics of virtualisation, centralisation and automation, it is very easy to prove that the economic benefits of this model are significant. If you then try to apply these economics to your IT operations, it is very difficult.”
juniper
He elucidated saying, “Centralise whatever you can but distribute only when you must, is our core principle. And it is mathematically proven that when you distribute things, it costs more and centralisation costs less. That’s the principle on which we engineer our technology. If you then apply to the compute and storage infrastructure, you centralise all the servers and save the additional management cost across multiple data centres. If you virtualise the servers, utilisation goes up from 15-20 per cent to 70 per cent. When you further automate, you get higher magnitude of benefits.” Johnson added, “So when you look at cloud that way, it seems simple to justify the investment. However, when the IT team says that we need to invest a few million dollars before we can save from this technology, it is a tough decision for the management to go for it. There is a dilemma that people have to think through.” Apart from cloud, consumerisation is another big trend that is giving CIOs sleepless nights. Showing his concern over consumerisation of IT, Sachin Jain, CIO, Evalueserve, asked, “In an organisation that deals with a lot of sensitive data, is it realistic to allow personal devices at the workplace as they could potentially lead to information leakage?” Addressing Jain's concerns, Johnson replied, “There would always be certain data that you don't want to allow on personal devices of your employees. However, with the help of tools like Junos Pulse, you can access your desktops remotely using an SSL connection without storing anything on the personal device.” Another concern that came to light during the discussion was around security. Neena Pahuja, CIO, Max Heathcare, asked if Johnson believed network and security would ever merge into a box. “We have security technology that runs on the network. We have many large service providers who are using our security technology to secure mobile networks.
E V E N T R E P ORT
Sanjeev Prasad, CIO, Genpact putting up a question to Juniper's CEO, Kevin Johnson
Delegates paying close attention to Kevin Johnson as he talked about the changing IT landscape
Delegates interacting with each other post the discussion
Dr Pramath Raj Sinha, MD, 9.9 Media and Anuradha Das Mathur, Director, 9.9 Media, interacting with the delegates
In the US, 90 per cent of mobile traffic is secured using our security technology,” Johnson told the audience. “We think security on the client devices are also important because when we think about botnets, that malware code gets installed on a client device and having antimalware on that device can help secure the device. So, you need security
on the device, network, and also in the computer layer. We have a technology that provides security in the VMWare hypervisor. It provides security within VMWare across virtual machines. Over the next 10 years, we’ll see more innovation in the ways we protect ourselves against threats. We need to simplify things for the customer,” he added. The Chief Technology Officer Forum
cto forum 07 november 2011
47
N O H O L D S B A RR E D
Wo lf gan g Wi t tm e r
“Approach Cloud
Step-by-Step”
HP is focussing big time on private cloud. Wolfgang Wittmer, Senior VP and Interim GM, Enterprise Servers, Storage and Networking, HP, discusses with Yashvendra Singh what cloud signifies for a CIO and his enterprise
48
cto forum 07 november 2011
The Chief Technology Officer Forum
As cloud slowly but surely permeates enterprises, how do you see the CIO’s role transforming? In large companies, I don’t see CIOs abolishing their data centres. Even if a majority of items are outsourced, a CIO will play the role of the auditor and controller and will continue to have a budget. He will also do his best to reduce costs on external data centre. His other role would be making sure that the entire corporation has a cloud engagement plan. In the past, IT organisations provided 100 per cent of the services to a company. Tomorrow, businesses that are self-sufficient might go for cloud services from somewhere else without letting the IT department know. They can call it grey IT. I personally know customers whose seismic data link or sales force management is not managed through the IT department. Likewise, if the business manager has enough funds, he can sign with
Wo lf gan g Wi t tm e r
salesforce.com and the entire organisation is off IT department. How informed are the CIOs about the evolution of cloud? What is their maturity compared to different geographies? I see service providers, telecom and finance industries’ CIOs much up-to-date. I don’t think every company has a cloud plan. There are companies wherein some of the data centres and IT infrastructures are seven years old. I have not come across any CIO who said he has directly moved from a very old way of doing business to the cloud. There are several intermediary steps with the first being data centre consolidation. Telecom operators in India, for instance, do exactly the same thing these days. They consolidate, and once there is a consolidation from 25 data centres to three, the next level is virtualisation; then they automate and the last step is the cloud. This is also how we advise large corporations to proceed with respect to cloud. At what stage is India presently? Where does the bigger market lie — public, private or hybrid cloud? For HP, it is the private cloud. Our focus is the enterprise customer and commercial accounts and they all have ideas and plans to implement cloud to beef up their flexibility. However, I would not underestimate the public cloud. But we also need to first define what is a public cloud. People ask if salesforce.com is a public cloud or not. I say yes, it is a public cloud. If you take all the service providers as cloud, then the public cloud may be bigger than private cloud. CIOs spend 70 per cent of the budget on maintaining the infrastructure, and only 30 per cent is left for new deployment. How does this ratio change by implementing cloud?
At first, implementing cloud would lead to an increase in cost. The 70 per cent might go up to 80 per cent before going down. So, where is this investment? As I mentioned before, companies need to undertake data centre consolidation and virtualisation in their journey to cloud. You need to get hypervisors, you need to move into a larger data centre. Once, this is done, there can be savings on the maintenance costs. You can trim your team that runs software updates, optimisation, system management and virtualisation. We have seen system management manpower reduced from 1,200 to 11. We need less people. In India, it may not be too compelling right now, but labour may not remain cheap forever. What is equally important is cooling and energy conservation. So when people
“I have not come across any CIO who said he has directly moved away from a very old way of doing business to the cloud” leave office by 6 pm, I may not need 300 servers up and running. With only 10 per cent of the people connected, I can use a technology through which servers are automatically shut down, thereby reducing energy costs. I have seen data centres consuming energy worth a million dollars a year, and one can buy a lot of servers and storage with that amount. The third element basically involves buying additional agility. For instance, how much does it cost for re-cabling the data centre? There are cases where you have a certain
N O H O L D S B A RR E D
job today and different job tomorrow. In a traditional data centre you may need to add or remove servers or recable. About 10 per cent of the servers break while being physically moved or for whatever reason. In cloud, there is no such removal or addition of servers. Is the additional push on the cloud because of the pressure that the PSG division has faced in the last six months or so? Is it a strategy to propel HP to the next level of growth? The HP strategy is definitely to push cloud solutions and deployments. The reason is because we have the most complete portfolio. We have networking, servers, storage, network management solutions and we also have the outsourcing option. Some of our competitors miss the storage and some servers. So, it is obviously the portfolio to address this market. Besides, this is an important market. Whatever reports you read, be it Gartner or others, you find cloud is affecting the market very much. Do you think cloud will see consolidation in the market with just two-three players? Further consolidation I don’t see happening. It happened in the 70s and 80s. We are living in a consolidated industry with four-five big players. While the companies are big, the market is not growing. There are start-ups coming in, and there is opportunity for them to acquire startups, as we have done in the past. When will cloud reach inflection point? We do a lot of business. We do more business by selling individual products. I don’t want to give the impression that what we sell today is just cloud. We have servers, storage, networking products. When will the SLAs be defined so well that each and every CIO says, I have no risk? I think it will take more than two years for that to happen.
The Chief Technology Officer Forum
DOSSIER Company: HP Established: 1939 h eadquarters: Palo Alto, California, US divisions: Hardware, Financing, Services, Software employees: 3,24,600
cto forum 07 november 2011
49
T E C H FOR G O V E R N A N C E
compliance
5
POINTS
now Who is in K Charge in Your Organisation now Your K Organisation and Industry now Your K Business Processes
Illustration BY shigil n
P erform a Gap Assessment reate a C Remediation Plan, Remediate, Assess, and Repeat
Methodology for Due Diligence
Compliance is not a one-time assessment. It is a continual cycle that requires maintenance on a regular basis By David Sopata
50
cto forum 07 november 2011
The Chief Technology Officer Forum
compliance
If you are in charge of IT and/or security and
you do not have that compliance and/or auditor twinkle in your eye, you might twinge each time someone says PCI, HIPAA, ISO, GLBA, SOX, or any other regulation or evil acronym that might be thrown your way Depending on your environment and your experience with compliance, the hardest part is knowing what applies within your organisation. If faced with an auditor, or even worse, a court room, you will have to show due diligence and due care. As they used to say at the end of every GI Joe cartoon: “Knowing is half the battle!” Due diligence is just that: knowing, researching, and understanding what regulations apply within your organisation and how your organisation complies with them. Due care is the act of implementation and remediation of issues found and showing that the proper controls are in place and are effective. Please note that this is a high level methodology to compliance. Additional assessment and expertise may be required depending on the size of the organisation and what regulations were found to apply to the organisation. 1 Know Who is in Charge in Your Organisation Who within the organisation is normally in charge of compliance? Within more mature organisations, someone within the legal department generally holds the title Chief Compliance Officer. This person would be in charge of researching and identifying what compliance frameworks and regulations that would be required. Internal auditors would be responsible for ensuring that the controls identified within the organisation are effective and running. Even if you are a seasoned Compliance Officer, rarely is it advisable to do it alone. Reliance on others within the organisation, third parties, and management approval may need to be called
upon to ensure you are headed down the right path.
T E C H FOR G O V E R N A N C E
it is in the third step where we dig even deeper and perform business process mapping to understand each process within each department. This helps to shed light on what systems and information are being used every day within the organisation. This can be of the utmost importance in that it potentially can bring out even more regulations and compliance frameworks that maybe could not have been determined within the second step. The business process mapping itself entails interviewing each line of business or department. The objective is to understand what type of information is collected, stored, transmitted, and processed within the environments. This is accomplished by following the flow of information from creation to destruction. Not only must there be tracking of electronic information, but also of paper and other forms of media.
2 Know Your Organisation and Industry The second step to compliance is understanding what your organisation does and what industry (ies) your organisation fits into. In many ways knowing this information can help in the first stage of gathering the different regulations or frameworks. 4 Perform a Gap Assessment When working through the other steps, additional regulations and control frameAfter all of the previous steps have been works may be uncovered so don’t panic if completed, it is then time to analyse and you do not find everything in the first stage. determine what compliance and regulation Many online industry websites have a list of requirements truly apply within the organiknown regulations and possibly can provide sation. This is where additional expertise some guidance on how they would apply and research would be needed to underwithin each organisation. stand what specific data applies or needs Some additional factors that may play into to be protected by each regulation or comthis include where your organisation does pliance framework. What processes and business. There are many Local, State, Fedsystems would potentially need additional eral, and possibly Internal Regulations that requirements and controls in place to an organisation would have to follow. become compliant? Another factor is how your organisation This is where a detailed gap assessment receives revenue. Does the organisation for each regulation and control framework work on cash only, take credit cards, or have would take place. It is to ensure that each an e-commerce site? Maybe your organisaregulation applies within the organisation is a publicly traded company or a nottion, and to identify what additional confor-profit organisation. What type of controls would need to be put in place. tracts does your organisation currently have 5 Create a Remediation Plan, with its customers, service providers, and other third parties? Remediate, Assess, and Repeat At this stage, it is essential to After performing the gap interview upper management assessment and understandto gather as much information ing what controls apply and increase in the and detail about the organisaare missing, the due care portion as possible. number of newly tion of compliance has been completed. There is now a discovered 3 Know Your Business clear understanding of what is malware for expected of the organisation. Processes The organisation must create The third step and the first step Android and implement a plan of rememay seem redundant; however,
30%
The Chief Technology Officer Forum
cto forum 07 november 2011
51
T E C H FOR G O V E R N A N C E
compliance
diation to start becoming fully compliant. This is the start of the due diligence portion of the process, and it should be an ongoing process. The plan may include implementing technical controls such as encryption technologies or policies and procedures to ensure controls are defined, followed, and enforced. More assessments may need to be done as well, such as a vulnerability assessment, penetration testing, and policy reviews. Additionally, a risk management
programme may need to be developed to ensure that different risks are identified, addressed, and remediated. Compliance is not a one-time assessment. It is a continual cycle that requires maintenance on a regular basis. Just as regulations and compliance frameworks can change, so can the organisation. Acquisitions, mergers, and new services or products may introduce new regulations within the organisation. As with any regulation or compliance
framework, if it is not maintained it can fluctuate from compliance to non compliance even within a given day. So the question is…Does your organisation show due care and due diligence?
— This article is printed with prior permission from www.infosecisland.com. For more features and opinions on information security and risk management, please refer to Infosec Island.
Lean Principles & Compliance The top priority of a compliance programme is to “document, document, document”
I
n the October 2011 issue of Harvard Business Review is an article, entitled 'Lean Knowledge Work', where authors Bradley Staats and David Upton explore the issue of whether the lean knowledge principles derived from the Toyota Production System can be applied to knowledge work. While there is no one definition of ‘lean’ it has generally included “numerous approaches to improving operations, all based upon the same principles; relentless attention to detail, commitment to data-driven experimentation and charging workers with the ongoing task of increasing efficiency and eliminating waste in their jobs.” The authors began by noting that most people in the business world believe that ‘knowledge’ based work does not lend itself to lean principles. The reason for this is that knowledge-based work is not repetitive and cannot be repetitively defined. The use of a knowledge-based decision-making calculus involves use of expertise and judgment, which as the authors put it, is
52
cto forum 07 november 2011
The Chief Technology Officer Forum
photo BY photos.com
By Thomas Fox
“locked inside the worker’s head.” However, the authors posit that much knowledge based “can be articulated”. Moreover, many knowledge-based activities have nothing to do with applying judgment but “can be streamlined to continually find and root out waste.”
T E C H FOR G O V E R N A N C E
compliance
‘Wastes’ that can “eat up huge amounts of time” include printing documents, requesting information and other routine administrative tasks This would also hold true for the location where any problem From my own corporate experience, such knowledge should be arises. It should be resolved in that location. Lastly, do not let captured in a Knowledge Management (KM) system or the company problems fester and grow. They should be resolved as soon as risks losing such knowledge when senior employees retire or move possible as they arise. on to other assignments. Under KM a base of knowledge should be available to a wide 5. Plan for an Incremental Journey number of employees to draw upon and not be limited to being The authors suggest that you start small on your journey to lean; as inside the head of a limited number of employees. you probably will not get it right the first time. Further you should The authors draw upon six principles to make knowledge-based write down your lessons learned in the process so you will have a organisations lean. They are: record of what worked and what did not work so that at least you will not have to redo that part of the process. 1. Eliminate Waste Moreover, the lean process implementation is not one set in stone. The authors point to several ‘wastes’ which are endemic to a knowlBe nimble and agile so that you can respond to opportunities to edge-based organisation and can ‘eat up huge amounts of time.” improve the process as they arise. These include printing documents, requesting information needed Also remember that not every lean approach works for every knowlto make decisions, setting up meetings and other routine adminisedge-based task or system. Lean focusses on the more repetitive trative tasks. While recognising that most employees in corporate work so spend your time and efforts there. America today do not have any administrative support to handle such tasks, the authors suggest that employees not focus simply on 6. Engage Your Managers eliminating large, obvious forms of waste but on small waste which The authors believe that lean principles result from ‘bottom up they termed “nickels [of waste] that no one has bothered to pick up.” improvement’. However, middle managers should be engaged with their teams, both through education on its benefits and with support 2. Specify the Work throughout the project. My corporate experience in a legal department is that very little Additionally and not surprisingly, senior managers must be long knowledge is written down. Usually there is no attempt at anything term champions for any such change. resembling KM. However, the authors suggest that employees start For employees to take innovation seriously, senior management with the repeatable parts of a process and codify them. must actively support the process. You do not have to specify everything, but certain parts of a proSuch a sea-change will require man-power investment, training cess could be specified and made available for others to learn from and monetary investment all of which senior management must or draw upon in future work or transaction. actively support. There must be a clear, long term commitment from 3. Specify How Workers Should Communicate with One Another such senior management to the project. The authors note that in a knowledge-based system, ‘many probThis article presents a new way for many in a Compliance or Legal lems are too big or too complex for one person to tackle’ so that Department to think through the challenges of a compliance proorganisations may use teams to perform knowledge-based work. gram, whether based on the Foreign Corrupt Practices Act (FCPA), This can also be true in the compliance context where the Complithe UK Bribery Act or both. ance Department may work with a Legal Department, an internal I continually press that the top priority of a compliance proCompliance Champion, or external third parties going through a gramme is to “document, document, document” all the while vetting process or others. understanding that a compliance programme is very much proWhen multiple parties are involved it is imperative that good comcess driven. The lean approach can be used in many of the promunications be carried out throughout the entire process involved. cess steps where documentation is the key. The authors suggest three guidelines: (1) Define who The discretion and expertise brought to bear in should be communicating, how often and what should compliance programmes can then be overlaid on this be communicated; (2) Create a shared understating of system. In today’s economic reality, this approach what is being communicated; and (3) Resolve any discan help a corporate compliance department deliver a agreements with facts. data centres more robust, and economical compliance product. 4. Address Any Problems Which Arise Quickly
40%
The authors advocate that if a problem crops up, it should be resolved by the employee who created it. This is because that person usually has a quicker and more expeditious solution. If such a person cannot do so, a team member should work on it or at least participate in the resolution.
54
cto forum 07 november 2011
The Chief Technology Officer Forum
to refresh or subscribe to third party services in 2012
— This article is printed with prior permission from www.infosecisland.com. For more features and opinions on information security and risk management, please refer to Infosec Island.
securit y
T E C H FOR G O V E R N A N C E
MFP and Security Beyond Compliance The fun things that you can find on MPF devices and how it might affect compliance By David Sopata
Illustration BY shigil n
One of the bigger risks that had been publicised in a CBS TV news broadcast from a while back is the fact that these devices are storing these image files on onboard hard drives. The news cast showcased some sensitive personal identifiable information (PII) and even sensitive investment reports of a high profile investment firm.
P
rinters, copiers, and fax machines have become more complex over the years. I find that this is largely due to a Dilbert comic strip character named 'The Feature Creep' who would annoyingly want to cram more and more features into a new product line. These devices are doing more than what they were intended to do while opening additional security risks. Not only do these multi function printers (MFP) scan, copy, fax and print, but now they can send email, host web-based administrative pages, and even tell you when the ink is low.
PCI does not say I need to protect my printers, who cares! Compliance in many cases is one of the biggest drivers for security. Compliance may not exactly require you to secure your MFPs or other devices but it might be around the corner. Here are some general questions to ask when trying to understand the criticality of these systems and show some due diligence: Are these devices accessible on the network? If so, how is ‘Administrative’ access controlled? How long are the image files retained on these systems? If the device was compromised could you actually capture sensitive data? If a hard drive fails, does the replacement process follow the normal standard for securely destroying the disk? What are some of the services enabled
on these devices? Is there an administrative website, SNMP client, SMTP server? How about the accounts and passwords of the administrative websites, are they set to default accounts and passwords? Ideally if you had answered ‘No’, or ‘I don’t know’ to these questions more than likely some of the issues may need to be addressed.
My vendors made me do it! In many cases MFPs and other such devices are quickly configured and are plugged into a network. Vendors try to sell these devices with more features while the customer may not have considered the risks involved. One example of these features is the ability to send faxes or scanned documents through email. This sounds like a good economical feature however internal policy may state that anonymous emails are strictly forbidden. Now that disgruntled employee has a way to send threatening or harassing emails through the printer to that one person he/ she does not like. Additionally in order to even securely wipe the internal hard drive on these devices it may require voiding warranties or service contracts if the only way to securely wipe the hard drive is by totally dismantling the device. Some vendors are currently taking a proactive approach in implementing security features, however, there really are no best practices currently developed for MFPs and other devices. — This article is printed with prior permission from www.infosecisland.com. For more features and opinions on information security and risk management, please refer to Infosec Island.
The Chief Technology Officer Forum
cto forum 07 november 2011
55
VIEWPOINT
illustration by PC Anoop
Ken Oestreich
IT Leadership
Two Days with Leading CIOs I’m writing this at Logan airport as I fly home after two days in Boston, attending EMC’s IT Leadership Council. Senior EMC staff and IT leaders from some of the world’s largest and most respected companies had attended the council. What made it unique was the quality of interactions as well as the heady topics. EMC’s leaders and practitioners interacted with leading customers on IT transformation, IT as a service, managing IT change, and cloud computing futures. But the conversations were rarely about technology, and did not touch on product at all. Rather, they focussed on challenges facing IT today and its renewed role in supporting the business. It’s hard to summarise all of the themes from all of the sessions, but following are my personal takeaways and ‘high points’: IT transformation isn’t about technology: Almost everyone was in agreement on this. The technology problems can be solved. But the real barriers to IT reinventing itself lie in the area of new operational and organisational models, evolving roles
56
cto forum 07 november 2011
and skills, and new financial models. Often-heard was “My technology is ready. My people are not”. IT leader’s focus to support business agility: Yes, IT agility and infrastructure agility were still points of conversation. But more important was providing business agility — the ability to help lines-of-business — be more productive, more profitable and more competitive. IT will compete for business: Users are turning to external service and cloud providers because of pricing and/or convenience. Sometimes termed ‘shadow IT’, internal IT now has to think of itself as having to ‘win the business’ from lines-of-business. It has to reinvent itself as a competitive internal service provider (and/or service broker) to the business. Public cloud isn’t (always) the panacea: There were more than a few customers – mainly banks, government contractors and the like – for whom the public cloud is simply a nonstarter, usually due to regulations and compliance needs. But private cloud remained appealing. IT must move away from a ‘hero’
The Chief Technology Officer Forum
About the author: Ken Oestreich is a marketing and product management veteran in the enterprise IT and data centre space, with a career spanning start-ups to established vendors.
culture: IT heroes used to embody all of the organisation’s tribal knowledge, and could parachute into a problem and solve it at any time of the day or night. But this SWAT culture has to make way for the ‘new guard’, consisting of IT staffs trained as generalists, who can work with increasing levels standardisation, automation and shared infrastructure. Marketing? In IT? As IT shifts to become an internal service provider that competes for business, it’s also faced with acting like a business unit, replete with marketing functions. Financial transparency is important: To compete, to forecast, and to model, IT has to know its per-unit costs, whether or not chargeback/ showback is implemented. IT is having ‘new and unfamiliar’ conversations: IT is talking on business agility, inbound and outbound marketing skills, competing against consumer service, and/or brokering them among other things.. Much debate was had over whether IT is going through a transformation or an evolution. My answer? Evolution takes an awfully long time.
CLOUD
H AV E A V I S I O N N O T C L O U D E D B Y F E A R
Welcome to CloudSec 2011 – The Cloud Security Event Of The Year HAVE A VISION NOT CLOUDED BY FEAR is an ancient Cherokee proverb that is timely and apt for organizations that are concerned about cloud security today. Cloud computing has arrived but it introduces transformational risks and threats that require new security strategies and solutions to manage these challenges. CloudSec 2011 has been specially designed for CXOs and senior managers with cloud security responsibilities.
City: Mumbai Date: 24th November 2011 Venue: ITC Grand Maratha City: Delhi Date: 25th November 2011 Venue: Le Meridien
Event highlights include:
Time: 9:00 am - 4.00 pm
• Thought leadership and predictions on cloud security • VIP summit programme and networking lunch • Keynotes and panel discussion by global and regional security experts • Top threats to cloud computing today • Best practices and guidelines for cloud security • Free gifts and prizes to be won
Admission: FREE. Seats are limited.
Supported by:
WHO SHOULD ATTEND A premier conference tailored for CXOs, Directors and Senior Managers with cloud security responsibilities. Powered by:
For Registration call: +91 99999 01218 Or visit: www.cloudsec.co.in