Kings Of The Game by ctof magazine

S P I N E

CTO FORUM

Technology for Growth and Governance

K SOFTER SIDE OF IT | QUALITY OF EXPERIENCE | PITCHING IT SPENDING

F A

May | 21 | 2010 | Rs.50 Volume 05 | Issue 19

N T

ANNUAL BEST VENDOR SURVEY

TOP VENDORS I N SEVEN CATEGORIES F I G H T IT OUT FOR CUSTOMER SATISFACTION AND BRAND RECALL Volume 05 | Issue 19

BEST OF BREED

NEXT HORIZONS

A 9.9 Media Publication

Satisfaction Guaranteed PAGE 36

Managing Windows 7 Migration PAGE 13

EDITORIAL RAHUL NEEL MANI | rahul.mani@9dot9.in

Page from a Vendor’s Diary

What am I to a CIO? A friend, partner or a pesky salesman?

“I

know all about your company and products…don’t call me like this; I will call you when I need you,” said the CIO before banging down the phone. My call was short lived. There was a lull. I did not know what to do. I am one of those ‘pesky’ vendors who earn their living by making product sales calls. I have been doing this for over a decade. My bosses suggest that I become a 'trusted advisor' to CIOs. I really want to be a ‘trusted advisor’ but my sales

targets do not allow me to think about anything else but sell, sell, and sell. Achieving those targets is my first priority and perhaps the only way to keep myself afloat. Sad! But this is my story. There may be a few exceptions to this rule but in my career so far as a sales person, I have rarely made a successful entry into a CIO’s office where I am treated like a friend, a partner... an advisor. Is it so difficult working with CIOs in this day and age? I agree

EDITOR’S PICK 18

Kings of the Game More than 180 CIOs vote for their choice of the best vendor across seven different categories and three parameters in each.

that CIOs don’t have time for my sales pitches and that I should be sensible not to bother them too often. However, I want to find an answer to a very pertinent question: “How do I establish a relationship with you, find out your pain points, the new initiatives and strategies that you are working on without spending time with you? I want to be your ‘trusted advisor’. I know my market well. I can explain my company’s advantages and weaknesses, and most of my competitors, too. I can discuss other services and products from the competitors. Of course, I will be prejudiced towards my own product and services portfolio, but to establish that trust, I can walk that extra mile". But if they reach out to me only through an RFP or during those moments when you decide they actually need something, I don’t

think I will ever get an opportunity to build a ‘trustworthy’ relationship with the CIOs. We will always be at arm’s length. I strongly believe we need each other to survive and prosper. If I make mistakes you can tell me upfront. But treat me with respect. Allow me to work with you closely to understand your organisational needs and future strategies so that I can work out suitable solutions and nurture this relationship. Dear CIO friends – a little one-sided to make the point, but I hope you agree that there is merit to the thought... Here’s towards more meaningful and balanced relationships!

CTO FORUM thectoforum.com

21 MAY 2010

VO L U M N 0 5 | I S S U E 19

MAY 10 THECTOFORUM.COM

C O V E R D E S I G N : J AYA N K N A R AYA N A N

CONTE NTS

CTOFORUM

COVER STORY

18 |Kings of the Game

COLUMN

04 | I BELIEVE: TOGETHER WE RISE Suresh Kumar, CIO and Partner IT Advisory, Grant Thornton India on the benefits of participative leadership.

More than 180 CIOs vote for their choice of the best vendors across seven different categories on market share, satisfaction levels and brand equity. Let the best one rule.

52 | VIEW POINT: OPEN SOURCE: FREE OR COMMERCIAL? You Decide... BY DR. ANTON CHUVAKIN

FEATURES

Please Recycle This Magazine And Remove Inserts Before Recycling

COPYRIGHT, All rights reserved: Reproduction in whole or in part without written permission from Nine Dot Nine Interactive Pvt Ltd. is prohibited. Printed and published by Kanak Ghosh for Nine Dot Nine Interactive Pvt Ltd, C/o K.P.T House, Plot Printed at Silverpoint Press Pvt. Ltd. TTC Ind. Area, Plot No. A-403, MIDC Mahape, Navi Mumbai 400709

CTO FORUM 21 MAY 2010

thectoforum.com

36 | NEXT HORIZONS: SATISFACTION GUARANTEED QoE in a service is a much better indicator of its effectiveness than simple QoS measurement. BY HANK MARQUIS

VOLUME 05 | ISSUE 19 | 21 MAY 2010

www.thectoforum.com Managing Director: Dr Pramath Raj Sinha Printer & Publisher: Kanak Ghosh Publishing Director: Anuradha Das Mathur EDITORIAL Editor-in-chief: Rahul Neel Mani Editor (Online): Geetaj Channana Associate Editor: Dominic K Resident Editor (West & South): Ashwani Mishra Assistant Editor: Aditya Kelekar Principal Correspondent: Vinita Gupta Correspondent: Sana Khan DESIGN Sr. Creative Director: Jayan K Narayanan Art Director: Binesh Sreedharan Associate Art Director: Anil VK Manager Design: Chander Shekhar Sr. Visualisers: PC Anoop, Santosh Kushwaha Sr. Designers: Prasanth TR, Anil T & Suresh Kumar Chief Photographer: Subhojit Paul Photographer: Jiten Gandhi

28 TECH FOR GOVERNANCE

28 | Managing IT transformation on a global scale. Shell CIO Alan Matula

talks about the company’s never ending transformation process.

REGULARS

01 | EDITORIAL 08 | ENTERPRISE ROUNDUP advertisers’ index

13 | BEST OF BREED: MIGRATING TO WINDOWS 7 Third party tools to automatically upgrade from Windows XP to Windows 7.

49 | HIDE TIME: COL ARVIND SAKSENA, GROUP CIO AND HEAD HR, CONSILIUM SOFTWARE INC.

IBM REVERSE GATEFOLD APC IFC RED HAT 6-7 SIGNABYTE 11 WESTERN DIGITAL 17 VMWARE INSERT 27 MEGANET 39 IBM IBC MICROSOFT BC This index is provided as an additional service.The publisher does not assume any liabilities for errors or omissions.

ADVISORY PANEL Ajay Kumar Dhir, CIO, JSL Limited Anil Garg, CIO, Dabur David Briskman, CIO, Ranbaxy Mani Mulki, VP-IS, Godrej Industries Manish Gupta, Director, Enterprise Solutions AMEA, PepsiCo India Foods & Beverages, PepsiCo Raghu Raman, CEO, National Intelligence Grid, Govt. of India S R Mallela, Former CTO, AFL Santrupt Misra, Director, Aditya Birla Group Sushil Prakash, Country Head, Emerging Technology-Business Innovation Group, Tata TeleServices Vijay Sethi, VP-IS, Hero Honda Vishal Salvi, CSO, HDFC Bank Deepak B Phatak, Subharao M Nilekani Chair Professor and Head, KReSIT, IIT - Bombay Vijay Mehra, Former Global CIO, Essar Group SALES & MARKETING VP Sales & Marketing: Naveen Chand Singh National Manager-Events and Special Projects: Mahantesh Godi (09880436623) Product Manager: Rachit Kinger Asst. Brand Manager: Arpita Ganguli GM South: Vinodh K (09740714817) Senior Manager Sales (South): Ashish Kumar Singh GM North: Lalit Arun (09582262959) GM West: Sachin Mhashilkar (09920348755) Kolkata: Jayanta Bhattacharya (09331829284) PRODUCTION & LOGISTICS Sr. GM. Operations: Shivshankar M Hiremath Production Executive: Vilas Mhatre Logistics: MP Singh, Mohd. Ansari, Shashi Shekhar Singh OFFICE ADDRESS Nine Dot Nine Interactive Pvt Ltd C/o K.P.T House,Plot 41/13, Sector-30, Vashi, Navi Mumbai-400703 India Printed and published by Kanak Ghosh for Nine Dot Nine Interactive Pvt Ltd C/o K.P.T House, Plot 41/13, Sector-30, Vashi, Navi Mumbai-400703 India Editor: Anuradha Das Mathur C/o K.P.T House, Plot 41/13, Sector-30, Vashi, Navi Mumbai-400703 India Printed at Silverpoint Press Pvt. Ltd. D 107,TTC Industrial Area, Nerul.Navi Mumbai 400 706

CTO FORUM thectoforum.com

07 MAY 2010

I BELIEVE

BY SURESH KUMAR CIO and Partner IT Advisory, Grant Thornton, India THE AUTHOR HAS over 23 years of experience in leading an IT Function for one of the Big-4 advisory firms while managing service delivery for IT companies.

Together We Rise

The benefits of participative leadership I BELIEVE a CIO can be successful when the team s/he is leading is successful. Empowering the team members and creating the right work environment for them should be the top priority for any CIO. I am a strong proponent of the participative leadership style. The CIO as the leader of an IT team should involve team members in the decision making process, though the final decision rests with him. I believe, the participative leadership style is a sign of strength and must always be practiced with senior members of the IT team. A CIO is not expected to know everything – this is why you employ

CTO FORUM 21 MAY 2010

thectoforum.com

CURRENT CHALLENGE PRACTICING THE RIGHT STYLE OF LEADERSHIP FOR BETTER DECISION MAKING

knowledgeable and skilful employees. Using the participative style is of mutual benefit to the CIO as well as his senior team members – it allows team members to participate in important decisions and thus allows CIOs to make better decisions. While dealing with new or inexperienced employees, an authoritarian leadership style may be better suited. The CIO, as the leader of the team, is competent and a good coach. The CIO may also use this style when he has all the information to solve the problem, time is short and the employees are well motivated. Still, I would recommend using the authoritarian style rarely. If you want to gain commitment from your team, you should use the participative style. There is another leadership style – Delegative, which CIOs may use. In this style, the leader allows the employees to make the decisions. However, the leader is still responsible for the decisions that are made. This is used when team members are experienced in their line of work. They must be able to analyse the situation and should have the ability to determine what needs to be done and how to do it. The CIO must set priorities and delegate certain tasks. This leadership style must be used only when you have full confidence in the people working with you. In conclusion, a good leader uses all three styles, depending on what forces are involved between the followers, the leader, and the situation. Telling your employees that a procedure is not working correctly and a new one must be established (authoritarian); asking for their ideas and input on creating a new procedure (participative) and delegating tasks in order to implement the new procedure (delegative). The participative leadership style is best suited for the CIO leading a team of seasoned professionals.

LETTERS COVE R S TO RY

I N N OVAT I O N G R O W T H

CTOForum LinkedIn Group S P I N E

CTO FOR UM

Technolo gy for

STAY

All stories on innovation start from that eureka moment. But that's just the beginning. For SUCCESSFUL INNOVATION REQUIRES RIGOROUS DISCIPLINE AND A SYSTEMATIC APPROACH to turn bright ideas profitable. That is precisely what most of the Indian enterprises featured in this story have done.

UP AND RUNN ING | WILL THE CIO LOSE

CTO FORUM 07 MAY 2010

Governa nce

thectoforum.com

www.linkedin.com/groups?gid=2580450 CTO FORUM thectoforum.com

07 MAY 2010

SELF

10 CIOs who used innovati ve ways to increase profits and reduce costs for their companies PAGE

BEST OF

Volum e 05 | Issue 18

One of the hot discussions on the group are:

BREE

How do you treat your vendors – like a partner, a service provider, or a mere salesman?

Metho D d in the

MADN ESS

PAGE 13

A 9.9

Media

Public

ation

NEXT HOR IZONS

Danc

ing ELEP HANTS

PAGE 44

CONGRATULATIONS

May | 07 | 2010 Volum e 05 | | Rs.50 Issue 18

THE C? | DO IT YOUR

Growth and

ide s ins 24 | No More Delay dence

Join close to 400 CIOs on the CTO Forum LinkedIn group for latest news and hot enterprise technology discussions. Share your thoughts, participate in discussions and win prizes for the most valuable contribution. You can join The CTOForum group at:

A QUES TION OF

Harak

ANSW ERS

THEiriNon ET

PAGE 10

CTO Forum magazine has really attained great heights in the past half a year. To be candid, we regularly interact at CIO forums both in India and abroad and the feeling is same across. Some of the features, articles and surveys are very meaningful. Accept my hearty congratulations. BLV RAO, Vice President -Networks & Systems, Infotec Enterprises, Hyderabad

In IT, it is all about partnerships. We will not be able to satisfy our end customers unless all pieces of the jigsaw puzzle fit together perfectly. A closer comparison is with an orchestra or a stage play. The end result is totally dependent on each participant performing its role as per the plan. If all partners work towards joint objectives, we will never have to open the contract papers for missing deliverables or SLAs.

—Asmita Junnarkar Chief Information Officer at Voltas Limited.

Corrigendum We had published a wrong photograph of Mr. Suneel Aradhye, CIO, Essar Steel, on the cover and the cover story in the May 07 issue of CTO Forum. We apologise for the error and deeply regret any inconvenience it might have caused. The correct pictures are published below for your reference.

In today's business world the use of words like service provider, system integrator etc. are no longer valid. The complexity and specialisations required in any industry are challenges that need "collaboration" with specialists for continued success. I have followed one simple golden rule - there is no "I” and “You" with those who work with you - even though they may be from different organisations. Only genuine collaboration and partnership bring success. I consciously avoid using the word "vendor" in all my interactions.

—KR Sreenivasan CIO and CQH, Tata Capital Limited.

CTOF Connect

The creator of 'Suicide Machine', Gordan Savicic, believes that connectivity and the social experience offered by web2.0 companies go against the grain of human freedom. In an interaction with CTO Forum, Savicic talks about what motivated his team to design the noose that would allow users to strangle their virtual identities. To read the full story go to:

thectoforum.com/ content/harakirinet

OPINION Suneel Aradhye CIO, Essar Steel

SENSE OF DIRECTION

Sandeep Paliwal

Speed is of essence, but of little use unless you are headed on the right path.

Head IT, Essar Steel

“I believe it is essential to maintain the delicate balance between being futuristic and delivering fast enough before the requirements change in the future” To read the full story go to:

WRITE TO US: The CTOForum values your feedback. We want to know what you think about the magazine and how to make it a better read for you. Our endeavour continues to be work in progress and your comments will go a long way in making it the preferred publication of the CIO Community. Send your comments, compliments, complaints or questions about the magazine to editor@thectoforum.com

AMRITA GANGOTRA Director IT (India and South Asia), Bharti Airtel

http://www.thectoforum.com/content/sensedirection

CTO FORUM thectoforum.com

21 MAY 2010

STORY INSIDE

Enterprise

New web-based smart metering system from CSIRO remotely controls energy use. Pg 12

ILLUSTRATION BY SANTOSH KUSHWAHA

ROUND-UP

SaaS on the Go. More than 95 percent

organisations will maintain or increase the use of SaaS in 2010: Gartner.

MORE THAN 95 percent of organisations expect to maintain or grow their use of software as a service (SaaS), according to a survey by Gartner. Survey respondents cited significant integration requirements and a change in sourcing strategy as the top two reasons for adoption followed by high total cost of ownership (TCO). However, Gartner found that most companies still do not have policies governing the evaluation and use of SaaS with only 39% of respondents indicating that such a policy or process exists, up just 1% from 38% in 2008.

CTO FORUM 21 MAY 2010

thectoforum.com

The survey was conducted in December 2009 and January 2010 and involved 270 IT and business management professionals. "SaaS applications clearly are no longer seen as a new deployment model by our survey base, with almost half of those surveyed affirming use of SaaS applications in their business for more than three years," said Sharon Mertz, research director at Gartner. In terms of expected investment levels in SaaS solutions over the next two years, an average 53% of organisations expect to increase investment levels slightly and 19% significantly.

DATA BRIEFING

$12.6b WILL BE THE MARKET SIZE OF ENTERPRISE CLOUD SERVER HARDWARE IN 2014. â&#x20AC;&#x201D;Source: IDC

E NTE RPRI SE ROUND -UP

THEY CRAIG SAID IT MUNDIE It’s Open Source versus Microsoft all over the world. It is a love and hate relationship where Microsoft doesn’t shy away from saying that commercial software is its business model. Here’s what Craig Mundie has to say:

Apollo Hospitals, Cisco forge alliance. To accelerate access to affordable and high-quality healthcare. APOLLO Hospitals and Cisco have formed an alliance to help transform healthcare through ICT. The joint initiative will help drive inclusive growth and well-being by accelerating access to affordable and high-quality healthcare via the Cisco HealthPresence Extended Reach technology. "At Apollo Hospitals, we constantly endeavour to introduce new models to help make quality health care accessible to the masses. The alliance with Cisco will revolutionise the delivery of health care in India," said Sangita Reddy, Executive Director — Apollo Hospitals Group. The integration of Cisco's desktop based technology with Apollo Hospital's "Medintegra" will enable a cost effective tele-medicine solution. As part of this initiative, Cisco and Apollo have collaborated in Raichur (Karnataka) to demonstrate how healthcare in rural areas can be transformed. Using this technology, doctors do not need to visit a telemedicine room to connect with patients; they can now consult patients from an Internet enabled laptop. Apollo Hospitals and the Apollo Telemedicine have started deploying hundreds of theese solutions across their remote clinics and super-specialty hospitals, enabling patients to access any doctor at any point of time across the Apollo system.

PHOTOS BY PHOTOS.COM

QUICK BYTE ON UNIFIED COMMUNICATIONS MARKET

“Microsoft has no beef with open source. We happen to like and will continue to pursue commercial software as a business model that Microsoft believes in. Ultimately, the market will tell us if that choice is a good one.” —Craig Mundie Chief Research and Strategy Officer, Microsoft

Infonetics Research has released a new report which forecasts worldwide revenues for the unified communication market will drop by 4% in 2009, but will rise by more than 100% over the next four years to top US$1 billion by 2013. CTO FORUM thectoforum.com

21 MAY 2010

ILLUSTRATION BY PC ANOOP

E NTE RPRI SE ROUND -UP

Camlin Books Orders Online. Reduces delivery time and idle inventories. REMOVING latency in supply chain and reducing the idle inventories can cause nightmare for the IT organisations of conventional businesses. Camlin, India’s stationary major, grappled with a similar problem. The company had a standard practice wherein sales representatives (SR) visited the retailers to collect orders during

the day. Normally all SRs would contact 15-16 retailers in a day, consolidate all the orders, confirm the order and inform the depot either by fax, phone or by personally visiting the depot. “The order cycle, from booking the order to the dispatch, took six to eight working days besides facing challenges such as illegible fax, errors in punching

GLOBAL TRACKER

According to IDC, worldwide media tablet shipments will grow at a CAGR of 57.4%

Media tablet growth rate 2010: Units 7.6 million 2014: Units 46 million

CTO FORUM 21 MAY 2010

thectoforum.com

orders, unprecedented delays and supply of wrong products,” says V.K. Marathe, Senior General Manager, IT, Camlin. The IT team at Camlin thought of a revolutionary solution to bridge this gap. The idea was to enable the Area Managers (AM) to directly punch data in the SAP systems. “To facilitate such communication, a module was made available in the SAP systems using which the AM could punch his orders online. To enable this, a communication media was created through which the SR/ Dealer could book the orders and upload the dealer stock. We provided a laptop to all the Area Managers for online order booking and also reduce the order cycle time,” says Marathe. The solution was developed in-house from concept development till training and implementation. With this implementation, the company's sales force can see a daily report on billing details, order status, stock position, customer outstanding, status of product availability against order through an auto generated email. The home grown system is also able to provide a report through which the logistics department can know the pending sales order status and present stock and deficit. “We have given a facility to them wherein in the same report they can send a request to purchase department for new purchases. They an also send a request to production department for production based on sales order booking,” says Marathe. After successful implementation, the company expects reduction in order cycle time and increase in repeat orders. It will help Material Resource Planning (MRP) reduce stocks and the production/purchase can be controlled. This application took an investment of approximately Rs. 15 Lakh and one man month to develop. “We implemented it in just eight man days throughout the country and the RoI is not very far,” says Marathe. The company is now planning to start order booking through windows-based mobile phones using the same solution.

E NTE RPRI SE ROUND -UP

PHOTO BY PHOTOS.COM

News Travels Faster, Safer. PTI replaces World Space satellite news delivery model with reliable Internet-based system.

PRESS Trust of India (PTI), India’s premiere news agency, has a subscriber base beyond geographical boundaries. PTI sells content to its subscribers through various delivery channels like satellite, Internet, terrestrial links etc. World Space was PTI’s strategic partner in delivering content directly to subscribers through satellite. But due to certain changes in World Space delivery models in 2009, PTI had to relook at the strategy and the biggest challenge before the agency was to maintain

continuity and explore alternatives to World Space. “Initially World Space offered us alternate up-linking facility from Melbourne instead of Singapore. But there was no technical support available in India. It was an alarming situation which called for an immediate need for an alternative delivery channel amidst uncertainty. Our subscriber base is very large and scattered across disparate locations. The solution needed to be foolproof,” says Tridib Bordoloi, CIO of PTI.

Apart from engaging with major service providers viz. Shyam, Airtel, HCL, Hughes Communications etc., PTI’s software development team was set cracking to deliver a reliable, cost effective and easy to operate solution. After almost two months of work, PTI was ready with its answer to World Space. “The delivery mode we proposed was the Internet which, in the contemporary era, is the basic information gateway. There is no need for a receiving station at the subscriber’s end or a transmission setup at our end,” says Bordoloi. There wasn’t any recurring cost apart from one time technology investment in hardware (servers for ensuring high availability) and software (operating systems and MS Exchange server). All that a subscriber needs is a PC with basic configuration, Internet connectivity and a static IP. There is absolutely no change in news management process or software at the subscriber’s end. The technical sizing was done for provisioning a robust and futuristic architecture. After piloting and testing across PTI offices in Chennai, Kolkata, and Mumbai and at a few subscriber premises the solution has been successfully rolled out.

GREEN TALK

Smartphones rule.

Converged device market doubles in the first quarter. GROWTH of the worldwide converged mobile device (Smartphones)market, has more than doubled that of the overall mobile phone market in the first quarter, a sign that the segment is in high-growth mode again. According to the IDC Worldwide Quarterly Mobile Phone Tracker,

vendors shipped a total of 54.7 million units in the first quarter of 2010 (1Q10), up 56.7% from the same quarter a year ago. In contrast, the overall mobile phone market grew 21.7%. Converged mobiles accounted for 18.8% of all mobile phones shipped in 1Q10, up from 14.4% in

CTO FORUM 21 MAY 2010

thectoforum.com

1Q09. The Smartphone market's growth is impressive, too, when contrasted to the 38% growth in the fourth quarter. "2010 looks to be another year of large-scale consumer adoption of converged mobile devices," says Ramon Llamas, Senior Research Analyst with IDC’s Mobile Devices Technology and Trends team. "Consumers will gravitate to Smartphones not just because the devices

themselves look 'cool' and 'slick', but because the overall experience aligns with their individual tastes and demands. Users are seeking – and finding – experiences that are intuitive, seamless, and fun. Already, we've seen what Palm's webOS and Google's Android can do. This year, we expect updates for BlackBerry, Symbian, and Windows Mobile to spark greater Smartphone demand with their offerings."

PHOTO BY ROGER LOVELL

FACT TICKER

new web-based smart metering system has been developed by CSIRO (Commonwealth Scientific and Industrial Research Organisation) - Australia's national science agency and one of the largest and most diverse research agencies in the world to enable householders, small businesses and electricity retailers to remotely control energy use over a broadband Internet connection. The aim is to help small-scale energy users cut energy use, costs and carbon emissions. The system will give householders the flexibility to cut back their electricity use at times when it’s needed elsewhere on the grid. CSIRO has worked with energy service company, Energy Response, and hardware designer, Saturn South, to develop a system able to aggregate a large number of smaller users. Until now this has been logistically impossible and cost prohibitive. The system involves installing a mini smart-meter in a household or business electrical switchboard, which can then be managed remotely from a centralised control platform. CSIRO has estimated projected cost savings for Tasmania, where the new demand side technology was developed. It found the State’s annual electricity expenditure could be cut by $10.9 million, even if less than 10 percent of Tasmanian customers used the system.

F A

CTO FORUM 21 MAY 2010

thectoforum.com

ANNUAL BEST VENDOR SURVEY

COVE R S TO RY

B E S T T E C H N O LO G Y V E N D O R S

Top vendors in seven categories fight it out for customer satisfaction and brand recall

Who are vendors? Are they

salesmen, partners, consultants or service providers to CIOs?

We believe they are a bit of all. They are consultants when they are telling you about solutions to problems that you may be facing; they are salesmen when they push their boxes and services to you, they are partners when they implement their product in your organisation, and they are service providers when they fill loopholes in the implementation. More than 180 CIOs contributed to this survey with inputs on what they bought last year, their satisfaction with the purchases and what they plan to invest in. According to that we have rated vendors in seven categories based on market share, satisfaction levels and brand equity. The categories are: Business Intelligence, Cloud Computing, Networking, Security, Storage, PC/Servers and Virtualisation.

By Geetaj Channana

21 MAY 2010

COVE R S TO RY

B E S T T E C H N O LO G Y V E N D O R S

WINNERS BUSINESS INTELLIGENCE Market Share: SAP Satisfaction Index: Oracle Brand Equity: Oracle

ORACLE WINS A TOUGH RACE

Users prefer Oracle BI over SAS and IBM in customer satisfaction.

he businesses are growing complex and so is their reach. They are crossing borders and continents and becoming truly global in nature. The competition is red hot too in this global environment. On top of that there are cost pressures. BI tools, at least try to, link business and technology to ensure the organisations are competitive in the market. Working more like decision support systems, they make use of data mining, predictive analysis and other tools to aid business leaders. But this, still remains a niche area of investment for companies and they rely

systems. Also, especially in the case of BI, it is important to have the correct result matrices in place. You must know what you want the system to find for you and how it can be plugged into your current systems.

Satisfaction Index 71%

69% 48%

IBM

Microsoft

53% 45%

SAP

SAS

Oracle

VENDOR SPEAK “Our acceptance in the industry is a result of the complete, open and integrated BI platform we offer. It helps our customers make informed and actionable decisions for optimised performance across their enterprise.” SOMESH BHAGAT

Senior Director, Marketing Oracle India

CTO FORUM 21 MAY 2010

thectoforum.com

mostly on their ERP vendors to provide such tools. This resonates in our results too. Most respondents (44%) have bought business intelligence offerings from SAP, but the satisfaction levels are higher in products from Oracle (71%) and IBM (69%). More people are also inclined towards specialised offerings from Oracle (24%) and IBM (23%). This certainly implies that specialised offerings are more beneficial but are more difficult to implement on proprietary

“Most of our applications are based on Oracle, thus the flexibility and performance is higher. It also offers us good value for money.” Anil Bhatia

Senior Group Manager, ICT Greater China & South Asia, Japan & Korea Regions, S T Microelectronics

B E S T T E C H N O LO G Y V E N D O R S

ome say it is a new name being given to services that have been available. Others say that it is more hype than substance. There are concerns about security and standards on the cloud, but that is not stopping vendors from pushing it more and more. Many technology vendors have cloud based offerings. Some are talking of pri-

COVE R S TO RY

MICROSOFT – ALL IN THE CLOUD But Salesforce.com leads the customer satisfaction index. Brand Equity 34%

31%

18% 10%

VENDOR SPEAK “Four years ago, we talked about software and services. That was when we saw the potential of cloud. With Azure, we are ready to offer possibly everything as a cloud offering.” VIKAS ARORA

Group Director - Cloud Services, Microsoft India

WINNERS CLOUD COMPUTING Market Share: Microsoft Satisfaction Index: Salesforce Brand Equity: Google

5% Google Salesforce.com Microsoft

Reliance

Akamai

vate clouds, while others are bullish on public clouds. The buy-in from CIOs is though not very promising. Only 45 out of approximately 180 respondents actually made an investment on the cloud in the last one year. Thus, we would take these results with a pinch of salt. They are more indicative than conclusive. Microsoft rules the roost with their cloud offering in the last one year with 38% of all users, who bought cloud services, opting for Microsoft. But, Salesforce leads the customer satisfaction index for the group who have voted. Nine out of 10 people who bought Salesforce were "very satisfied" with the service. But, more people are looking at Google as their cloud partner in the coming year. 34% of people who did not buy Google services are gearing up to invest with them in the coming year. What the data indicates is the market is pretty confused with the solutions on offer. They know the solution well, but do not know how can it plug into their organisations and benefit them. The concerns regarding standards and security are keeping organisations from opting for the cloud.

“Nobody else gives us as many benefits as Salesforce. Also, the users are aware of the product, that’s why it is easier for us to take it to the community.” Suresh A Shanmugam

Head - Business Information Technology Solutions (BIS), Mahindra & Mahindra Financial Services Limited

COVE R S TO RY

B E S T T E C H N O LO G Y V E N D O R S

WINNERS NETWORKING Market Share: Cisco Satisfaction Index: Cisco Brand Equity: Cisco

CISCO CONNECTS THE NETWORKS

No close opponent to challenge the supremacy of the networking czar.

ow irritating is it to hear from a customer support executive who says he cannot help you out because their network is down? It is very easy to lose customers due to bad infrastructure. A weak network can result in poor overall reliability of the IT infrastructure and can directly affect the productivity of the systems, as well as employees. Networks are like the veins and arteries of the body. It is necessary to ensure that communication does not stop in the

VENDOR SPEAK “We are honoured to receive this recognition. As the network becomes the platform and Internet becomes all pervasive, we are uniquely positioned to meet the demands of the customer. ” NARESH BALWANT WADHWA President and Country Manager – Cisco - India and SAARC.

CTO FORUM 21 MAY 2010

thectoforum.com

Satisfaction Index 87%

83% 71% 71%

70%

57% 47%

Netgear D-Link Cisco

Avaya Brocade Juniper

24x7 environment. Also, as with security, storage and virtualisation, networking is a specialist’s job. It is extremely important to have a secure and robust network to ensure smooth functioning of all application and devices in the organisation’s IT infrastructure. It is not only important to have a good product, it is also necessary to have a good management console that provides control even in a heterogeneous environment. Cisco provides all these features, and more. It is a winner on all three counts in our survey — market share, satisfaction and brand equity. 76% of all customers, who bought networking products, chose

“Cisco has helped us optimise our network with a wide range of technology and products, strong after sales service and frequent technology upgrades.” Upal Chakraborty CIO, DLF Limited.

Cisco. A distant second was D-Link with a score of 39%. On satisfaction, 87% of all Cisco customers were "very satisfied" with their products. D-link, which was second on sales, had 57% "very satisfied" customers. On brand equity Cisco is again on the top with a score of 33%.

B E S T T E C H N O LO G Y V E N D O R S

COVE R S TO RY

BIG THREE RUN NECK & NECK

Cs and servers are the most common purchases that all organisations make, almost every year. Eighty-six percent of all respondents have bought these products for their organisations in the last one year. Sixty eight percent of all respondents bought HP products, closely followed by IBM with 65%. To clarify — a total of more than 100% in the scores — companies bought products from more than one vendor in a year. On the satisfaction front, IBM came up trumps with 73% respondents were "very satisfied" with their purchases. HP, on the other hand had only 52% of their customers were "very satisfied" . The surprising statistic though was that 23% of all respondents, who did not buy any products in the past year, were willing to buy Dell in the coming year. Dell was closely followed by HP and IBM with 19% of respondents who had

A close fight between the top three server vendors reveals a lot.

Brand Equity 23% 19%

19%

18%

6% 2% HP

DELL

IBM

SUN

HCL

not bought their products in the past year, willing to buy them now. Similar to the cloud, where we had three different brands coming up trumps on three measures – this category, too,

VENDOR SPEAK “Our solutions continue to provide meaningful innovation to customers. Also, we’ve enabled partners with more education and support from HP, so that their able to provide the best customer experience to our customers.”

“We chose HP because of its sturdiness, reliability and service support. We are happy with the performance and the support we have received.” K.B. Singh

VP IT, BSES JV Reliance Infrastructure Ltd.

RAJESH DHAR

Director, Industry Standard Servers, HP India

WIPRO

WINNERS PC/ SERVERS Market Share: HP Satisfaction Index: IBM Brand Equity: DELL

has three winners. But, unlike the cloud, where there was a lot of confusion, the three different winners in this market signified how there was no clear leader in the category and how cut-throat the competition was.

CTO FORUM thectoforum.com

21 MAY 2010

COVE R S TO RY

B E S T T E C H N O LO G Y V E N D O R S

DIAL SYMANTEC FOR SECURITY Leads the pack by a great margin on all fronts.

ow important is security in organisations? It’s a no brainer. Many organisations have specialists Chief Security Officers and we also have a special supplement with this magazine for these professionals. The importance of security got reflected in all parts of our survey. Forty-nine percent of all respondents were interested in security products and 41% were looking at buying them in the coming year. But, when it came to products and vendors the experts ruled the stage in security. Symantec was the clear winner in this category with 63% of all respondents opting for their products. A distant second was McAfee with 38% of respondents buying their products. In terms of satisfaction, Symantec was on top again with 71% of all buyers claiming to bevery satisfied with their purchase.

WINNERS SECURITY Market Share: Symantec Satisfaction Index: Symantec Brand Equity: Symantec

Satisfaction Index 71%

In terms of brand equity, Symantec was the winner again with 29% of all users, who did not buy products, interested in buying them in the next year. But, McAfee was not far behind with a score of 25%. Microsoft, which is a rela-

57%

22%

Symantec

Microsoft

McAfee

Trend Micro

VENDOR SPEAK “As the threat landscape evolves and customers shift to adapt to new technologies and technology consumption, we continue to invest in future growth areas that will help to reduce cost and complexity for our customers. ”

“Symantec has robust point solutions that were always good as individual standalone solutions. They also have a strategic commitment and a future roadmap of integrating these solutions to ensure complete risk management.” Japjit Singh Sandhu

Vice President - Information Security, VFS Global Services Pvt Ltd.

VISHAL DHUPAR Managing Director, Symantec India

tively new player in this category, scored 14% on brand equity, with a satisfaction index of 22%. This clearly signified that Microsoft needs to tighten its screws if it wants to compete.

B E S T T E C H N O LO G Y V E N D O R S

his is such an important part of technology that it is taken for granted at times. To put things into perspective on the importance of storage — mankind generated 5 million Terabytes of data from its origin till 2003. It grew 100 times by the year 2008 to 511 million Terabytes and doubled again to 1 billion Terabytes by 2009. This means we create the amount of data created from mankind’s origin till 2003, in every two days in the current scenario. All this puts a lot of pressure on storage mediums. From all our respondents who bought storage products in the past year, HP was their first choice – with 38% opt-

EMC ON TOP FOR SATISFACTION, BRAND RECALL

HP’s high market share doesn’t deter the reputation of information expert.

Brand Equity 37% 27%

ing for its products. But, EMC has the best satisfaction scores, with 82% "very satisfied" customers. EMC is also the company that has the best brand equity among all

VENDOR SPEAK

Head IT, PVR Limited

16% 17% 9%

Market Share: HP Satisfaction Index: EMC Brand Equity: EMC

Atul Luthra

30%

14%

WINNERS STORAGE

“Our business demands real time availability of data along with high uptime. As we are growing at a fast pace our storage system should also be scalable and adaptable to growth. We found that EMC met our needs well”

COVE R S TO RY

“Our cohesive support network enables us to fully exemplify EMC's core promise to customers and contribute towards enhancing EMC’s brand equity”. MANOJ CHUGH

President, EMC India & SAARC and Director – Global Accounts, EMC Asia Pacific & Japan (APJ)

EMC

IBM

Hitachi

Dell

Sun

NetApp

players, with 37% of all customers who have not bought EMC products, interested in buying it in the next one year. This again signifies the importance of experts in this area. EMC being an expert, holds a lot of respect in the CIO’s mind, but does not sell as much as some of the other vendrs.

COVE R S TO RY

B E S T T E C H N O LO G Y V E N D O R S

IF IT’S VIRTUALISATION, IT’S VMWARE Most customers strongly consider buying it in the next year too.

as it been a buzz word or what? Vendors have projected it as one of the biggest revelations of all times. A lot of new investments in the server buying space have been driven by virtualisation. It has become more important since public and private clouds have been introduced. Companies have saved millions in capital expenditure, operating costs, energy and real estate by virtualising their servers. Though some claim that management costs can be high, the technology is still wooing a lot of CIOs, who think that its benefits outweigh the tradeoffs. It is also one of the few technologies that the CIOs are interested in and have it in their investment priorities. Thirty-eight percent of CIOs are interested in virtualisation and 35% have it as their investment priority. While virtualisation has grown in importance in businesses, there has been one company that has remained an undis-

WINNERS VIRTUALISATION Market Share: VMWare Satisfaction Index: VMWare Brand Equity: VMWare

Market Share 59%

31% 25% 12%

VMware

“We are exploring VMWare because it is a proven technology for virtualisation in the Windows and Linux environments and is on the forefront of R&D.” S.S. Mathur

GM-IT, Centre for Railway Information Systems.

puted leader in this space — VMWare. It has gone through its own ups, downs and acquisitions, but has continued to be the top choice of the Fortune 100 companies. The same got reflected in our survey. Most respondents who bought VMWare (59%), were very satisfied with it (79%) and out of those who did not buy it, 42% admitted that they strongly considered buying it in the next year itself. Next to VMWare was Microsoft. Out of

Microsoft

Citrix

Oracle

all respondents who bought Virtualisation products, 32% bought Microsoft, and 42% were very satisfied with their purchase. 21% would strongly consider buying Microsoft products in the coming year.

VENDOR SPEAK “This is a result of the trust that CIOs across the country have placed on VMware’s most advanced offerings, unmatched network of technology partnerships and our proven track record.” T. SRINIVASAN

Managing Director, VMware India & SAARC

T E CH F O R G OVE R NAN CE

G LO B A L I T

POINTS

NAME: Alan Matula DESIGNATION: Vice President and CIO COMPANY NAME: Royal Dutch Shell EMPLOYEES: 101,000 REVENUE: $278.2 billion

MANAGING IT TRANSFORMATION

ON A GLOBAL SCALE Shell’s Executive Vice President and CIO Alan Matula talks about the company’s never ending transformation process. LEON DE LOOFF, PARTNER AT MCKINSEY&COMPANY

CTO FORUM 21 MAY 2010

thectoforum.com

G LO B A L I T

Over the last decade,

Shell has been undergoing an IT transformation that is remarkable for the scope of change it is seeking in one of the world’s largest and most complex organisations—one with 25 business portfolios and operations across more than 100 nations. The transformation is defined by four phases, says Alan Matula, executive vice president and group CIO.

The first was about going back to basics— allowing Shell’s IT leaders to better align IT with the business units by stabilising operations, establishing project discipline, and tracking costs, people, and assets. Matula says that this solid foundation is essential to any successful IT transformation. In the second phase, the targets were costs and complexity. Shell rationalised and consolidated infrastructure, substantially reduced the number of business applications, improved procurement procedures, and aggressively off-shored. It also strengthened governance by recognising that a real dialogue with the businesses was needed and recruited high-grade talent to conduct it. Investments in the future formed the third phase: innovation, functional improvements, and business- driven multiyear investment programs to help the businesses meet their targets. Shell implemented strategic sourcing to consolidate hundreds of suppliers, leaving just 11 key partners with whom it outsourced selected functions. Matula says the change in direction allowed Shell to work with suppliers, “doing things that are not only good for Shell but that also are innovative in the marketplace and help the industry.” Shell is now geared up for the harvestand-sustain phase, to ensure that the benefits of its IT investment are realised. “IT is more important and intense than ever before and that requires an ongoing effort to transform IT and improve its agility, to make the business more productive and competitive”, Matula told McKinsey’s Leon

de Looff in a recent interview covering Shell’s IT transformation, challenges, and the many lessons learned so far. Q: Shell has been in the midst of an IT transformation for several years now. Can you tell us about how it started and about the approach you took? It was a phased approach that started in the early 2000s with a drive to get back to basics. I was very fortunate to be a part of that effort from the beginning, continuing over the four phases, since I held positions as a business CIO and now as group CIO. The phases addressed specific goals: back to basics, rationalisation and consolidation, investing in the future, and harvest and sustain. Q: What do you need to launch an IT transformation at this scale? You have to start out with a solid foundation that builds credibility with the business. That includes stabilising operations, implementing project discipline, tracking costs, assets and people. If you don’t have the foundation, then don’t even start. Q: What did Shell do to be sure that the businesses were aligned on this? Right from the start, we deliberately put “business at the centre” of what we do. But the key is that we have been able to strike a balance between an IT foundation that is standard across business units, while differentiating and catering to specific business needs—areas like high-performance computing for our exploration businesses.

T E CH F O R G OVE R NAN CE

Q: Did the move back to basics stir up any resistance from the businesses? And if so, how did you deal with that? Alan Matula: We made the application portfolio transparent, showing the businesses the real cost and the complexity of what they had. They figured out pretty quickly that it didn’t fit the changing business models and competitive conditions in the industry, or the globalization agenda the company had set for them. Q: It must have been complicated given your historical legacy? You have to remember, we came from a nation-based operating model that was successful for many years. We’re turning that model on its head. So you basically go nation by nation, region by region, and replace a lot of the legacy assets and start to initiate your standardisation agenda to attack costs and complexity. Q: CIOs debate whether IT should follow business change or lead it—in your case, for example, by furthering Shell’s globalisation through IT standardisation. What is your view? I see it somewhat differently. IT is like cement to the standardisation activities. If you don’t cement changes with IT, then over time they will erode and revert back. IT provides the transparency that you need for driving standardisation in a large, diversified corporation like Shell. Q: You’re now a few years into the campaign. What has changed? We went from hundreds of national enterprise resource programs to about six to eight core platforms that do the heavy lifting in terms of business transactional capability. For example, we now have one HR system, one health system, and three or four big application landscapes per business sector. Q: And what about the applications that have to be tailored for business needs? In addition to the core platforms, we divided the business into portfolios around key sectors such as upstream, downstream, and corporate functions. But to really align IT directly to the business strategy, you need to go one layer deeper. So for downstream operations, that means retailing and manufacturing; for

CTO FORUM thectoforum.com

21 MAY 2010

T E CH F O R G OVE R NAN CE

G LO B A L I T

We started with the idea that we wanted 70 percent of our spending to be external. Of that, we wanted 80 percent to be focused on the top 11 suppliers. upstream, it’s exploration and production. In total, we have 25 business portfolios. Q: Are these managed differently? That’s where we’ve put our key talent in terms of IT capability. Because of their business domain knowledge, these are the people who really get a seat at the table with business leadership teams. They understand the business strategies and can create the differentiating IT on top of the business transactional layer. A lot of what we consider competitively differentiating is kept in house. Even though you read a lot about outsourcing, the key differentiating systems are still kept and managed specifically within Shell.

Q: What role is IT playing in Shell’s innovation efforts? We review each of our major portfolios every 18 to 24 months, focusing on the key technologies needed to stay in the game as well as what is needed for competitive differentiation. We have done some very innovative things—in telematics, for example, using wireless technology to monitor auto fuel consumption and efficiency. But the key to innovation is having a real dialogue at the business-portfolio level to understand where technology is important. That means a change of mind-set and skills, moving from a focus on the basic infrastructure of business administration to a position as close to the business leaders’ needs as possible.

Q: Stepping back a bit, how does a CIO Q: What was the reasoning behind conbuild the business case—one that demsolidating suppliers and outsourcing? onstrates the benefits of a broad transHow did your thinking evolve? formation that involves major investWe actually tested outsourcing early in ments and a lot of change? phase two, but we backed away from it We’ve learned for sure that when you because we didn’t want to outsource IT make the business case, you have to problems we hadn’t fixed. Once we were ensure accountability for delivery of the comfortable with our progress, benefits. You need the names we started the third phase. We of the people who are going spent almost a year bringing in to extract the gains. Then you suppliers—10 or 15 of them— need to track benefits on an ongoing basis. We’re piloting CORE PLATFORMS exploring what was working, what wasn’t, and what needed quarterly monitoring where FOR HEAVY changing. It was then that we you look at an applications LIFTING IN BUSINESS latched onto multi-sourcing portfolio and examine where as a model. For example, in benefits are materialising and TRANSACTIONAL infrastructure, we now have where they aren’t. Beyond CAPABILITY three suppliers that are capable that, you have to have the of providing services across right people at the business the board. This provides us interface. They are invaluable. with flexibility and agility as we evolve the You will not find a CIO who doesn’t strugdelivery model to respond to the changing gle with finding talent for the business IT market and Shell business needs. We interface. We’ve invested in our IT people benchmark the suppliers, and we have writthrough a learning program delivered by a ten contracts that are very flexible. business partner program.

6-8

CTO FORUM 21 MAY 2010

thectoforum.com

Q: Is there an optimum number of suppliers for a company like Shell? Things do not stay the same forever. But to give you a sense of our thinking, before we consolidated our infrastructure suppliers, we had about 1,500 different contracts, covering licenses, hardware, and services, with an outsourcing model that was very fragmented. We’re now down to three infrastructure suppliers, and these are an integral part of what we call our ecosystem of key suppliers. Q: Was there a driving philosophy behind the new outsourcing model and the new ways of working with suppliers? We started with the idea that we wanted 70 percent of our spending to be external. Of that, we wanted 80 percent to be focused on the top 11 suppliers. We put those 11 into three groups: First, there are the foundation suppliers, those in which we make long-term bets— Cisco, Microsoft, Oracle, and SAP. Then there’s the infrastructure group, with three bundles—AT&T, HP, and T-Systems—for networks, end-user computing, and hosting of storage, respectively. And finally we have four application services suppliers—Accenture, IBM, Logica, and Wipro. What we’re doing differently is bringing all 11 of them together to work as a collective. Q: Tell us more about that last point. About two years ago, we began meeting with the ecosystem suppliers every quarter. We started out slowly, defining golden rules and how we operate, with the ambition of actually doing things together that not only are good for Shell but that also are innovative in the marketplace and help the industry. Q: What kinds of innovation? The boundaries between the traditional sup-

G LO B A L I T

pliers are blurring. Some traditional hardware suppliers are going into software and vice versa. Others are getting into the data centre business. As we started to give our top 11 suppliers some big challenges, that gave rise to some innovative approaches. You’re starting to see all suppliers wanting to play differently by collaborating to improve the overall delivery to Shell. I think it’s going to be an exciting time as we continue to push current industry norms to drive greater degrees of collaboration, change, and innovation. Q: You think of IT in terms of phases. What is the next frontier for IT transformation at Shell? The next phase in our transformation will be a shift to harvesting the benefits from the assets we have put in place—a new system for HR should last 15 years. So the goal now is to leverage these assets to improve business performance. That’s a different model of change. It forces us to be more intimate with the business, actually putting business operations and IT operations side by side. In the project mode of recent years, you could keep some distance as you restructured, but in the harvest-and-sustain mode, you have to work to optimise the business processes, with IT delivering business performance improvements. The structural approach will be different, and that’s what we’re now exploring. Q: Going forward, since you’re trying to capture benefits outside IT, you need a different steering mechanism and metrics beyond just reducing IT unit costs, right? The pressure to reduce unit costs will never go away in IT. But when you get to harvest and sustain, it’s about smarter demand management, to make sure you are using only the IT that you require and are doing only the IT projects that you need to do. It’s also about a different set of metrics on the business side, and the ultimate art of this is talking to the businesses in their own terminology, to show exactly where IT contributes to their goals. We’re testing a couple of portfolios to see if we can do this. It’s something that every CIO would love to be able to do. Q: Are you doing your own IT research to develop innovations for the business?

At the beginning of each year, we carve out key technology areas or domains that we want to mine—things like sensors, high performance computing, new ways of working. We work with the external providers as well as internally searching for areas where we can make disruptive, differentiating strikes. In terms of structure, we have put all IT technology research into a projects-and-technology organisation with a chief technologist whose job is to look for those technology strikes that add the most business value. We want to send the message that the CTO is a business partner at a very different level from standard IT. The projects-and-technology organization is split from the rest of the IT function, and there’s a cut line between the big technology plays and supporting staff—20 percent of the total staff— versus the more incremental activities that remain in the traditional IT line, or 80 percent of the staff. Q: You have recently changed how you govern IT, with the business unit CIOs now reporting to the IT function and no longer to the business heads. Is this the optimal model? It’s really about maturity. In the early

It’s going to be an exciting time as we push industry norms to drive collaboration, change, and innovation.

T E CH F O R G OVE R NAN CE

phases, there was no way you could consolidate IT under one function. We needed to build credibility with the businesses, and they needed to take ownership of their project portfolios. In today’s phases, maturity starts to blossom. The CIOs get more and more credibility. As long as they still have that seat at the business table, are heavily engaged, and serve on business forums and leadership teams, then that is what is really important. If that starts eroding, then we’ll go back to the previous model. Q: The change in governance more or less coincided with the start of the recession? That’s right. I now have more levers to pull when it comes to costs and agility. The new governance model has allowed us to move faster and make decisions without working across different business lines to get everyone to agree. Furthermore, we can move IT resources around easier and more quickly. Q: In the financial crisis, some CIOs have focused primarily on cutting IT spending, while others have focused on IT’s important role in cutting business costs. What has been your experience? You have to do both. We have, for example, made use of the network for telephone calls, and we have transformation projects in place that use technology so we can work virtually. But it’s a balance. You need to keep driving down pure IT costs on a unit basis while also providing technology that drives business costs down. Of course, it’s always hard to tell that latter story, since it’s often difficult to determine the full cost of a business process. Q: While you have pushed standardisation and sourcing to the maximum level, is it still possible to squeeze more costs and inefficiencies out of IT operations? There are new models emerging, based on cloud computing and software as a service, that are going to have an impact. Beyond that, we have to be a lot more selective about what projects we do, and most of all we have to work for continuous improvement to get the full potential from our IT assets. Q: What are the lessons you have learned from this transformation? What

CTO FORUM thectoforum.com

21 MAY 2010

T E CH F O R G OVE R NAN CE

G LO B A L I T

might you have done differently and what would you tell other CIOs? IT is more important and intense to the enterprise than ever before, and that essentially requires an ongoing effort to transform IT; there is always another phase. To support that mental model, the first thing is to never lose the perspective that you’re here to make the business more productive and more competitive. Our catchphrase, “business at the centre,” keeps us grounded. Our position today is a reflection of the tight integration that we have with the

business, combined with the efforts of key support functions like HR, finance, and procurement. A second thing is that you’re only as good as the talent that you have. For instance, in the robust sourcing of infrastructure and applications we have put in place, the people at the interface are very important. They manage the critical supplier relationships with CEOs and top executives at these firms, and they have the technical know-how to help guide the suppliers. Finally, if you don’t have the basics right, you won’t have any credibility. It only

takes one bad “go live” on a project or a flaw in your basic delivery capabilities to set you back very quickly.

This article was first published in McKinsey on Business Technology, Spring 2010 issue and is also available on The McKinsey Quarterly Web site, www.mckinseyquarterly.com. Copyright © 2010 McKinsey & Company. All rights reserved. Reprinted by permission.

Securing the Mobile Workforce

SSL VPN and return on investment. A possible combination. BY DARIO FORTE

t the current point in the history of information security, companies have spent a lot of time analysing various options for remote access to their information systems. Many of them have begun with IPSec-based systems to interconnect different sites. It all seemed rather simple at first, but as the number of sites (and clients) that needed to be interconnected increased, scalability and interfacing problems began to emerge. Many companies then tried to scale (or actually replace) IPsec with PPTP (point-to-point tunnelling protocol). But a dual problem arose in this case: inadequate tunnel security level, and difficulty in selecting permission and access types after the connection had been established. PPTP in particular caused serious problems in terms of intrinsic security, with repercussions on daily operations.

CTO FORUM 21 MAY 2010

thectoforum.com

SECURIT Y

T E CH F O R G OVE R NAN CE

Client needs It seems almost superfluous to mention it, but right now companies need to ensure that their mobile work force has maximum access to their information systems while also guaranteeing maximum security. Demands for network access are now many and varied and contain a series of unknowns that must not be underestimated. While the problem is rather simple to outline from the security standpoint, there are inner areas of criticality that must not be overlooked. One of these is hidden costs. One of the commonly recognised problems is the question of administration costs. These costs include those incurred during implementation, which are directly proportional to the difficulty of deployment. And we must also factor into the equation the fact that the number of virtualised, terminal-server-based and, obviously, directory-based infrastructures is increasing. For these reasons, many companies have started to turn to "alternative" VPN systems, for example, those based on the SSL protocol. Many implementations of this type are commercial, while others are open source. The author has often met with clients who have attempted a "homemade" implementation based on Linux, and then moved on to more "solid" commercial options. The latter are usually based on dedicated appliances and provide a series of additional advantages that we will discuss one-by-one below: 1 The hardware has been designed for a specific purpose. It might seem obvious, but an SSL VPN appliance designed with ad hoc hardware provides superior performance and improved scalability with respect to an analogous system based exclusively on software; 2 The use of dedicated appliances indirectly favours rationalised organisation of security management. Since we are talking about appliances, the devices are managed by the final client's networking department. This means better organisation in terms of access management and secure connections, which, technically speaking, are often already handled by the network staff; 3 With the adoption of an appliance, it is the vendor who becomes the sole client interface, with consequential pre-sale and post-sale savings of time and money. Furthermore, given that the provider represents a single, unified commercial interface, a partnership may be established (and consolidated), something which is not exactly automatic in the current moment in history; 4 Disaster recovery and business continuity. Thanks to their implementation architecture, SSL VPN-based appliances allow very quick restoration of connectivity in the event of a security incident or-worse yet-loss of network segments. This provides further assurances of preserving business continuity; 5 Virtualization and management of access gateways from a single point. Most of the options available on the market allow for the creation of multiple access gateways handled by a single appliance. This expands governance capacity of a large number of widespread mobile elements from a single control point.

Virtual Private Networks using the SSL protocol will soon become one of the de facto consolidated standards for security of privileged communications and remote access. Observations in terms of security: authentication method Password-based authentication presents a host of problems. First and foremost among them is the unlikelihood of knowing whether a password has been compromised. If a hacker succeeds in guessing a password, the legitimate owner often is unaware that his or her credentials-or entire identity-have been stolen. Sharing a password among a group is another area of risk in this type of authentication. Among other possible problems, it is also true that passwords that are hardest to guess are also the hardest to remember, and forgotten passwords add to administrative costs in providing services to people who need to recover their passwords. Furthermore, since passwords are not necessarily easy to remember, users generally use the same one at different work stations. The hacker just has to guess it once to gain multiple accesses. And of course there are those who write down their passwords to make sure they won't forget them, an open invitation to disaster. Hardware-based authentication keys resolve all these problems by eliminating the interaction between user and password. Users are provided with a physical device (security token) that must be present for authentication to be accomplished. These devices are often protected by a PIN, similar to that for an ATM card, so that they cannot be used if they are stolen or lost, creating a two-tiered authentication process. Hardware authentication keys are difficult to violate and practically impossible to share (without physically giving the device to someone else). The users "credentials" are memorized in the token and since the password resides there, the user only has to remember his or her PIN to access the network. If the token is lost or stolen, it is completely unusable and, as is the case with ATM cards, it is blocked after a certain number of incorrect attempts at entering the PIN. Security tokens for VPNs is still rare and generally difficult to implement. To meet the growing demand for this type of authentication, many VPN SSL systems provide built-in security tokens.

Return on Investment The Return on Investment for these systems usually is calculated by assessing the following series of factors: 1 Savings on implementation costs. During the preliminary feasibility study, estimated or actual costs for a "traditional" option (such as those mentioned at the beginning of this article) are compared to

CTO FORUM thectoforum.com

21 MAY 2010

T E CH F O R G OVE R NAN CE

SECURIT Y

those for the SSL VPN alternative; 2 Savings in terms of administration costs. Another element to take into consideration when comparing options and calculating RoI regards the administration costs of the new option with respect to others. The possibility of centralized administration of the VPN is certainly something to be assessed in terms of cost management; 3 Savings v. Green Computing. In certain cases during my work as an advisor, I have had occasion to estimate, together with the client, the impact on energy consumption of one option with respect to another. It is clear, for example, that the greater the virtualization and throughput capacity, the greater the potential energy efficiency.

Rent or buy?

Security on the Move

xtending Security to Mobile Devices: PDAs and smart phones are becoming standard business tools storing sensitive business information and enabling email on the move. This makes them vulnerable to attack from malware authors seeking out new ways to defraud users and steal confidential business data. The growing mobile virus threat: Mobile viruses and spyware remain a relatively small problem compared to the much larger amount of malware targeting Windows computers. With increased uptake of mobile devices, the risks to business reputation, communication and continuity are

Another question of much relevance to those who make the expenditure on how the provision of technology is formulated. Living in a period of limited or even frozen budgets, some propose these technologies as a service and/or pure rental. And it is a choice worth considering, given that we are talking about core infrastructure of the client companies. Some opt for the traditional solution since they want to avoid any further interference on the part of suppliers or service providers. Others instead seek alternative methods of provision, working out a plan with the service provider to ensure they get the most out of their planned investment. I can confidently affirm, on the basis of my direct experience, that service provider and final user have a complete array of commercial options available to them making a win-win result quite easily achievable. Another very important aspect to keep in mind in building a VPN are the service levels that will be demanded of the network. If the information traveling over the VPN is of critical importance to the company, it is necessary that the network be dimensioned appropriately to ensure the desired level of performance, which can be achieved by establishing the proper bandwidth for the network. However, something that is even more important to guarantee is that the performance provided by the network is constant over time and ensures an information flow that will meet company needs. In the case of VPNs on public infrastructure, different service providers often enter into play and it is not possible to predetermine the route that the information will take in travelling from one node to another. In this case it is only possible to ensure adequate bandwidth, but it will not be possible to dictate a minimum service level because it is not possible to control the intermediate carriers. Thus, this type of VPN can only be used for mission critical applications in which an interruption or slowdown in data flow will not

CTO FORUM 21 MAY 2010

thectoforum.com

slowly becoming more serious. Risks include data theft, disruption of mobile phone networks, and the hijacking of phones to send unauthorized revenue-generating SMS messages. SophosLabs has already identified over 200 examples of malicious mobile code. How these devices get infected: Mobile devices can be infected in many ways including email, MMS, external memory cards, PC synchronisation, and even via Bluetooth. Windows and Symbian users are at the greatest risk. The ability for users to add their own software to devices running these operating systems makes them more vulnerable than the closed operating systems used on BlackBerry

(RIM) and many Linux-based devices. Implementing a security strategy: Make sure your security policy includes a strategy for mobile devices, covering: Threat management – identification and removal of viruses, spyware and spam. Device access control and management – enforcing a password policy and application management. Data protection – encryption of sensitive data on devices and remote data deletion. Network access control – controlling VPN connections across public networks, validation of devices when they connect to the corporate network. —Source: sophos.com

produce serious consequences. The appeal of this type of networking solution is its relatively low cost. If a constant flow of information is vital, it will be necessary to opt for a VPN that is supported by a single carrier. In this case a Service Level Agreement can be drawn up specifying important parameters such as minimum and maximum bandwidth and the time slots in which an above-average connection quality is guaranteed. The costs of this type of VPN are strictly linked to its geographical extent, the guarantees included in the contract and the choice of carrier.

Conclusions Virtual Private Networks using the Secure Socket Level protocol will soon become one of the de facto consolidated standards for security of privileged communications and remote access. In a period when the mobile work force is undergoing continual and dynamic evolution, long implementation and administration lags are not an option. Furthermore, security protocols are now reaching a state of consolidation that should facilitate the choice of technology, allowing the client to concentrate more fully on the added features and commercial aspects of the services provided.

—Dario Forte; CFE, CISM, CGEIT, Is the Founder and CEO of DFLabs, a European firm specialising in Governance Risk and Compliance. This article is published with prior permission from Infosec Island.

HORIZONS

FEATURE INSIDE

Softer Side of IT: The importance of interpersonal skills

ILLUSTRATION BY SANTOSH KUSHWAHA

A Satisfaction Guaranteed

The Quality of Experience in a service is a much better indicator of its effectiveness than simple QoS measurement. BY HANK MARQUIS

CTO FORUM 21 MAY 2010

thectoforum.com

Pg 38

re you measuring the right things for your e-services? Many CIOs aren't, and even those who claim to measure IT value and report on e-services understand the concepts poorly. Why is this important? Because customer perception matters, and QoE is the most significant single factor in a real-world evaluation of the user experience and, therefore, the key to your success. Simply put, if you are not measuring satisfaction across the five dimensions of a service (tangibles, reliability, responsiveness, assurance and empathy) from the point of view of customers then you are not measuring service (and you have only vague predictions about what your service experience will be like). While all physical products deliver a service at some level, services are not the same as durable goods or products. Service quality is based on the experience of consuming QoE. Product quality is based on ensuring physical characteristics are as designed QoS. Here is an easy way to know if you (or someone you know) understand service QoE:

QOE

If you don’t know that customer satisfaction and quality are not the same; if you can't explain the relationship between satisfaction and quality; or if you don’t know about the five dimensions of service quality, then you are not measuring QoE. If you measure technical operational status like page loads, response times or availability then you are not measuring QoE. Instead, you are trying to predict satisfaction with regard to a single dimension of service quality QoS. If you ask customers if they are satisfied with your technical support then you are not ing QoS and the two are not the same. measuring service quality you are measurUnlike manufacturing quality, which is ing satisfaction with one part of one dimenloosely defined as quantitative conformance sion of a service. to specifications, service quality is, well, Services have several inherent characterqualitative. Quantitative refers to measuring istics that make them different from goods, the amount of something. When you meanot the least of which is intangibility: You sure the "uptime" of a transmission link, cannot capture, store, hold or otherwise application or server, then you are making examine a service as you can a physical a quantitative measurement. QoS refers to product. The act of producing a service is a these quantitative and possibly predictive performance that marshals all the systems measurements, however not to measuring (people, process, technology, etc.) it takes to service quality. deliver that service. QoE refers to measuring distinctive charWhile you can make sure a product meets quantitative criteria before it's consumed, a acteristics or dimensions of something or service is produced and consumed simultasomeone. Qualitative research aims to gathneously. Therefore all you can do inside the er an understanding of human behaviour provider is prepare for its production, and and the reasons for that behaviour. Qualitaall your internal measurements are nothing tive research means the why and how of more than predictions of what you think the decision making, not just what, where, customer QoE will be. when (quantitative). When you measure the An easy analogy and example of a service perceptions of satisfaction ― the opinions and QoE is a musical concert; formed by the user while conthink about your favourite persuming the service ― then you former. If you quantitatively are starting to measure QoE. measure the bands instruments The trap that most service pro(the drums, guitars, horns, etc.) vider organisations fall into is to SERVICE to make sure they are tuned and measure the technical operationDIMENSIONS ARE al systems and equate "uptime", positioned properly, you are setting the stage for a quality perTHE BEST MEASURES "capacity" and other technical formance. But the performance aspects of service production to OF QOE. has not yet occurred, so all you QoE. This is wrong on a numare doing is preparing. Moreber of fronts, not the least of over, even with all the instruwhich is to miss completely the ments tuned (QoS) the performance (QoE) concepts of the human-centric elements of isn’t always of high quality, is it? We have all service production and consumption – QoS seen (and heard) a performer's "off-night." does not equal QoE. Trying to call operaYou simply cannot measure service qualtional status quality also fails because it does ity until after its delivery and consumption, not take into account that service quality can and your measurement must be from the only be ascertained after its production and point of view of the customer. Anything else subsequent consumption, and only from is not measuring service QoE, it is measurthe point of view of the customer.

NEXT HORIZONS

“Services have several inherent characteristics that make them different from goods, not the least of which is intangibility: You cannot capture, store, hold or otherwise examine a service.”

How to measure QoE You need to measure satisfaction across the five dimensions of a service. If you satisfy customer expectations for each of the five dimensions that you have achieved an acceptable QoE. You measure service quality retroactively to its production and consumption, and you have to ask your real customers their opinions. Note (and this is important) that you must use a valid method for qualitatively assessing customer perception. Simple coming up with a list of things you (or your team) thinks is interesting is most likely not going to cover the five dimensions. There are numerous proven systems for measuring service quality, use them, don’t roll your own. Measuring QoS technical operational metrics is part of the answer. Measuring the human QoE elements of the service is also required. You can set the stage for quality through strategy, design, transition and operation of the service. Process, technology, people and other service assets must be properly positioned, trained and ready. How to report (and use) QoE Service quality should be reported to customers according to satisfaction across the five dimensions, on other words, in QoE terms. For each dimension, there are several levels relating to satisfaction: expected, perceived, and desired. QoE (the sum of dimensional satisfaction) is easy to understand when plotted as a zone spanning expected (lower level) desired (upper level) and perceived (actual.) If service delivery falls in the zone between expected and desired, the customer is satisfied with that dimension. If all dimensions are "in the zone" then service quality is acceptable. Anything "out of the

CTO FORUM thectoforum.com

21 MAY 2010

NEXT HORIZONS

Q0E

zone" indicates a mismatch and an area for the service provider to investigate. Most service provider organisations produce reports that are one-way: the provider prints it and the customer ignores it. Few reports relating to service quality actually get utilised in any meaningful way. However, service QoE reports as described above are understandable, in layperson terms, and

actionable from both customer and provider perspective. It is easy to map service dimensional failures into provider organisations since there is a direct correlation to gaps in service delivery indicated by quality failures and common organisational functional areas and processes. Now customers cannot only explain their needs for a service,

but their service provider can take action on those needs.

Hank Marquis is practice leader for Business Service Management at Global Knowledge. You can reach Hank at hank.marquis@ globalknowledge.com. This article was first published in www.cioupdate.com

The Softer Side of IT Your interpersonal skills and connections with your team go a long way in ensuring that your systems are running fine. BY DAVE WILLMER

hen you’re evaluating the talent in your team, their technical abilities take the top priority: Can they code well? Are they keeping your network secure? Can they help your firm get the most out of its databases? However, question remains, do you also consider their soft skills? Sometimes these can get pushed aside, especially if interpersonal abilities are not essential for all members of your staff to be successful in their positions. In fact, soft skills may not have been critical for you, either, earlier in your career. However, as you move up the corporate ladder, and especially when you manage others, soft skills gain in importance. While you certainly need a solid technical foundation to succeed in your role, the way you interact with others can also play a tremendous part in your effectiveness. Consider the following, somewhat subtle, components of your soft skills repertoire to ensure you truly possess the full range of interpersonal abilities needed to be successful at a senior level: Your level of connection — If you have an open-door policy, yet employees rarely stop by or contact you unless it’s absolutely essential, that may be a sign you are not as approachable as you think you are. You don’t have to be everyone’s best friend, but you want your IT staff to feel comfortable asking you questions or letting you know of problems. Often, it’s merely a matter of making yourself more available. If

CTO FORUM 21 MAY 2010

thectoforum.com

your door is constantly closed, or you fail to respond promptly to e-mails or voice mails, others may believe (rightly or wrongly) that you don’t want to hear from them or are too busy to be disturbed. Top executives eliminate barriers by having a visible presence in the department, interacting with employees as frequently as possible and encouraging people to contact them directly rather than being screened by an assistant first. They also openly solicit employee input on new projects and business challenges, and then follow through and implement the best ideas. Your work style — Also, consider your mind-set at the office: What is your typical reaction when an initiative doesn’t go as well as

SOF T SKILLS

anticipated? For instance, if staff implements a new feature on the company website that proves problematic, do you criticise or look for what can be learned from the experience? A positive approach that looks at a failed project or suggestion from all angles can give employees motivation at a time when they might otherwise feel discouraged. Your staff looks at you as an example for how to behave at work. If you are supportive and enthusiastic, they are likely to display those behaviours in their own interactions with co-workers, managers and vendors. Your ability to relate to others — Accelerated deadlines and heightened expectations can make it challenging to remain patient and understanding. However, this is precisely the time when you need to listen intently and be willing to consider new ways of explaining things if others don’t comprehend your message. For instance, if you are discussing a budget issue with a financial manager, but he or she can’t seem to see your perspective on a complex point, consider if you can approach the impasse from a different angle. Is there another way you could be clearer? Visual aids such as charts and diagrams, for example, might resolve any communication problems. Remember, too, that when you’re dealing with junior employees, they, most likely, lack your level of expertise on a topic what’s obvious to you might not be obvious to them. A little empathy can go a long way toward fostering better working relationships and maintaining morale.

NEXT HORIZONS

Your motivational capability Successful leaders also bring out the best in those around them. When they introduce a new project or business goal, they explain the big picture and individual roles in the effort. They are passionate about what’s ahead, even in the face of challenge. Do these qualities describe you? One of the keys to motivating employees is to give them the autonomy and resources to do their jobs. If your past staff have not met your expectations, it can be particularly difficult to hand over responsibility. Yet, as a leader, you should be focusing on larger issues, not on the processes involved in accomplishing the team’s IT work. Keep in mind, as well, that micromanaging impedes the progress of projects and can deflate spirits. By allowing employees to think independently and be creative, you demonstrate trust, which can inspire people to do their best work. You may find that it’s worth investing time in formal soft skills training. Many professional and business associations offer seminars and courses specifically designed for managers and executives wanting to hone these abilities. The steps you take can have big payoffs in terms of better working relationships and your overall effectiveness on the job. —Dave Willmer is Executive Director of Robert Half Technology, a leading provider of IT professionals for initiatives ranging from e-business development and multi-platform systems integration to network security and technical support. This article was first published on www. cioupdate.com

BREAKING

THE BARRIERS Steven Leonard, President Asia Pacific/Japan, EMC Corporation, spoke to Rahul Neel Mani at length about the company’s latest vision — 'Global Storage Federation' and other areas which will take EMC to the next level of growth.

What is the vision for the much talked about EMC Global Storage Federation (GSF)? The whole concept of GSF is to break free from the server farms and make the storage geography agnostic. The biggest challenges facing the organisations today are latency (when the data travels) and the coherence in data cache. Today we can think of data synchronous capabilities up to very short distances (e.g. 200 kilometres). With Global Storage Federation we are trying to stretch it to maximum — a 1000-2000 kilometres and even more without any signs of latency. This is what EMC is looking at promoting cloud computing where the organisations don’t need to have an active or passive data centre or a disaster recovery (DR) site as such. GSF will uphold an active-active environment approach. A company that has one data centre in Tokyo and another in Singapore can look at them as a part of one single unit. The compute environment will see them as one pool of resources. At EMC, we are just fixing the nuts and bolts before we over promote, or over sell, GSF. How did this vision come into being? It all began with the simple premise of how we can change the concept

CTO FORUM 21 MAY 2010

thectoforum.com

of physical and virtual infrastructure layers. We were trying to see how we can merge the physical infrastructure into the virtual one. We wanted multinational, multi-location corporations, which have physical data centre at one or more places, to be able to see the entire storage environment from hundreds of thousands of kilometres away. Until now it was possible to just move the compute environment in different flexible ways, but it was impossible to move two terabytes storage in a similar way. So, in order for cloud computing to become more real, we have to be able to overcome this limitation and thus make cloud computing a viable option for users. A company can operate from anywhere, but the entire set of storage resources should appear to it as one set of resources. Also, as long as a company has a replication solution, they should not bother about backup or DR. That was the basic idea when we

EMC

DOSSIER NAME: Steven Leonard DESIGNATION: President Asia Pacific/ Japan ORGANISATION: EMC Corporation PRESENT JOB ROLE: Responsible for driving EMC’s growth and leadership in APJ, enhancing partner relationships and product development in the region

started putting together our thoughts on GSF. Conventionally, corporations have been very DR-oriented. How will that mindset change? It is a very valid point. It will call for a lot of change including the issues related to governance, risk and security. The boards of directors of almost all the companies will come back asking stern questions because DR and business continuity are the board’s responsibility and not just that of a CIO. We have to begin with a great deal of education to convince the users. For a matured set of companies, who have replicated information on their network, there is actually no need for a DR. In cases where companies are swamped by regulatory requirement to backup the information, we propose deduplication. In such cases the data backup blues will go out of the window because there will be a different approach. It is indeed going to be a long-term education journey but so was it for everything else at some point – be it virtualisation or deduplication. Being the industry leader in storage and having onefourth market share, what is the company's roadmap going to be in areas other than GSF? There are a few areas that we will be investing our money and resources in. First area is information security because if we are talking about cloud, the adoption and success depends on how secured the environment is. We are investing a lot both organically and in R&D and through accusations in order to strengthen our information security portfolio. Second focus area for us is virtualisation. Any cloud strategy has to be essentially built on the virtualisation

layer. VMware has done some acquisitions on its own. VMware, EMC and Cisco recently announced a relationship in which we moved some of the IT management suites over to VMWare so that they can incorporate it in their data centre. If we look at the storage piece, we are working proactively to show that all our arrays would make more use of the solid state. Most of EMCs storage that goes out of the door will be solid state, fibre channel and SATA drives to give users a high-performance and high density type of relationship between flash and SATA drives. That is going to be the story in our high-end all the way to mid-range and low-end storage arrays. Another big area for us is the Backup and Recovery Systems (BRS). Around nine months ago when EMC acquired Data Domain, we wanted it to be a US$ 1 billion business in one year. Based on the first quarter results, we seem to be pretty much on the track to achieve it. This year our R&D allocation is close to US$ 2 billion and much of these bucks will go into the areas talked above. Will this momentum continue over the next few years?

“Average IT spend across all portfolios in a user organisation is three to six percent of the total revenue”

NO HOLDS BARRE D

Absolutely! I do not want to be arrogant but certainly would like to be optimistic. Some of these areas that we spoke about - the storage of information, intelligence storage, information moving between tiers, fully automatic software, next generation backup, deduplication, virtualisation, and virtual desktops – are currently getting disproportionate allocation in the user organisations. Average IT spending across all portfolios in a user organisation is 3-6 percent of the total revenue. The areas mentioned above are getting a big chunk of these budgets. We believe we are in the right areas and we will continue to make investments in these areas. Based on our inputs from CIOs, there is a radical change in the way IT is now consumed? It is more service/solutions oriented. How is EMC adapting and aligning to this change? In many of our existing relationships, CIOs are talking to us about transforming the traditional IT models and move to a service-oriented relationship instead of a traditional capital-investment, depreciation relationship. In cases where customers find it most relevant, EMC is going down that path. That’s where the concepts like Private Could and EaaS (Everything as a Service) also hold a lot of relevance. The VCE (VMware, Cisco and EMC) relationship is to create a Built-Operate-Transfer (BOT) model. That whole scenario is designed to allow users to adopt the server, the computer, the network or the storage. That would be a prepackaged block for which the customers will be charged on the basis of consumption. EMC will have different models for different needs of the customers from different market segments.

CTO FORUM thectoforum.com

21 MAY 2010

LITTLE GIANTS

LAKSHMI VILAS BANK

COMPANY DASHBOARD COMPANY: Lakshmi Vilas Bank ESTABLISHED: 1926 HEADQUARTERS Karur, Tamil Nadu NUMBER OF EMPLOYEES 2,800 CUSTOMERS 2.5 million NO OF OFFICES 271 ATMs 168 spread over 14 states and 1 union territory

LAKSHMI VILAS BANK

GOES VIRTUAL

Storage virtualisation and dynamic provisioning reduced operating costs and IT-related risks for non-disruptive volume expansion at Lakshmi Vilas Bank. BY VINITA GUPTA

CTO FORUM 21 MAY 2010

thectoforum.com

LAKSHMI VILAS BANK

AKSHMI VILAS BANK, one of the banks in South India has implemented an Enterprise Storage Solution, a centralised system that the bank is using to consolidate all its business databases into one single platform for managing and protecting vital customer data.

LITTLE GIANTS

Implementation in a Nutshell COMPANY: Lakshmi Vilas Bank

The need With the increase in the business of the bank, it was found that the existing infrastructure was not sufficient to take care of the complexities that were emerging, such as business continuity requirements, data size, application tiering, instant copies of the data base for testing new products and MIS. Therefore, it was necessary for Lakshmi Vilas Bank to go for enterprise storage and also upgrade the present P Series servers of IBM. “Managing the data was a major issue with the increase in business and consequent increase in data size. It required a lot of capacity planning discussions to estimate the future data size of the bank. The database of various applications running in the bank was lying in a distributed manner and was difficult to manage and operate. The same has now been consolidated and centralised using new enterprise storage solutions in the data centre”, says B.Murali Nair, Chief Technology Officer at Lakshmi Vilas Bank According to him, the biggest challenges were technical. The configuration of the system was extremely critical in this enterprise storage project.

Centralised storage To solve the problem, the bank opted for Hitachi storage virtualisation with Hitachi dynamic provisioning. The end-to-end implementation started in October 2009 and was completed by April 31st 2010. To ensure seamless implementation, the project was divided into phases. The first step involved revamping of data cabling at the data centre followed by upgrading the core switch and then the server and storage implementation. Each of these was a separate project and the project management was handled by different project managers. Virtualisation enabled the management of all assets in one single, virtualised pool, while thin provisioning and business continuity services helped improving storage utilisation. The bank’s prior IBM DS4800 storage solution is still been used for their non critical application like intranet, leave management etc. To further reduce banking transaction time and improve the accessibility of data between branches and different channels like Netbanking and ATM, the bank has also upgraded their Core transaction Server from IBM P5 series

SOLUTION: Hitachi’s Enterprise Storage Solution BENEFITS: Increase in overall efficiencies Increased turnaround time Tiering of application-critical, non- critical Easy to introduce Service Oriented Architecture (SOA), Data warehousing and CRM projects Integration of various delivery channels Ease of introducing new products More time window for branches to operate

to IBM P6 series. It has also been seamlessly integrated with the new storage solution.

Increased turnaround time The new solution has made database management much easier and ensures timely availability of database to various departments in the bank. The administrators can now easily create instances of the database and make them available to users in the departments like offsite surveillance, ant-money laundering and product development team. This was not possible earlier as the same database instance was used by all departments and they had to wait for their turn. The result was huge time losses and delays. “Thus operational efficiencies increased, turnaround time and redundancies improved and it made it easier for virtualisation to be implemented. Thus we could observe a lot of improvement in the overall operational efficiencies and operational costs,” said Nair.

“MANAGING THE DATA WAS A MAJOR ISSUE WITH THE INCREASE IN BUSINESS. IT REQUIRED A LOT OF CAPACITY PLANNING DISCUSSIONS TO ESTIMATE THE FUTURE DATA SIZE OF THE BANK.”

Facilitate future IT projects This solution is an important cog in the wheel, leading up to the implementation of a CRM solution. It will start by facilitating efficient critical data management and help the bank to embark on projects likedata warehousing, data mining, business intelligence and channel integration (SOA). —vinita.gupta@9dot9.in

CTO FORUM thectoforum.com

21 MAY 2010

THINKINGBEYOND CHRIS CURRAN | chris.curran@diamondconsultants.com

CHRIS CURRAN is Diamond Management & Technology Consultants’ chief technology officer and managing partner of the firm’s technology practice. He writes the CIO Dashboard blog at www.ciodashboard.com

Hit the Ground Running

As a new CIO, if your assessment is not done in the first three months or so, the honeymoon is over. AS A new CIO, you have two choices for learning about your organisation. You can “hit the road” and meet with most or all of the leaders, stakeholders and a sampling of others, to get a broad picture, or along with the meeting and greeting, you can focus your efforts on key functions and relationships to ferret out the problems. A broad approach will uncover issues but won’t allow you enough time to dig in before moving on to your next meeting. Furthermore, if your assessment is not done in the first three months or so, the honeymoon is over and the problems are yours, whether you know them or not. So, you have to get it done fast. At Diamond Consultants, one of the common questions we get is how to assess the health or maturity of an IT organisation. We have developed extremely comprehensive models, and tools to develop these assessments. But for a new CIO, you don’t have the time for such a detailed and comprehensive assessment in your first 100 days. To address this, I’ve distilled our best

CTO FORUM 21 MAY 2010

thectoforum.com

thinking into five questions that can serve as a proxy for a more detailed assessment. With these five questions, you can develop a good view of what’s going on and where the hot spots are. The questions are: Do Business and IT Leaders Regularly Interact? By regular, I don’t mean “Hey, nice to see you” in the coffee line regular. And, I don’t mean executive status meeting regular. I mean, is there a regularly scheduled time during which real issues are discussed and concrete planning is discussed – not in large groups, but one on one. I worked with an insurance CTO who had a weekly meeting with the head of strategy – now, we’re talking. Here are some of the regular meetings you should look for: CTO/chief architect – head of strategy CTO/chief architect – head of new product/service development Head of Apps – business unit/ functional leaders

Head of Ops/Infrastructure – head of customer service IT person responsible for people – head of HR/recruiting IT Controller – corporate controller The other thing to explore is what kind of regular meetings your predecessor had with key leaders – CFO, Controller, Head of HR, business unit leads, etc.

60% of IT leaders said their projects don’t deliver their planned scope.

Has Scope Been Cut for Any of the Top five Projects? “On-time, On-Budget” has got to be one of the most over used and largely useless measures of project success. The reason is that many times this magic is done by cutting scope. In Diamond’s 2010 Digital IQ survey, 60% of business and IT leaders said that their projects don’t regularly deliver their planned scope. So, just bypass the scope-budget metrics and go straight to the scope. Its the business capabilities that a project’s sponsor wants anyway. Cutting scope cuts business value and customer satisfaction.

T H I N K I N G B E YO N D

BUSINESS OF IT

Does the IT Leadership Group Operate as a Team? As follow-on to the first question, how regularly does the IT leadership team meet and interact? Are the meetings just the CIO’s staff meeting that follows a meaningless agenda or are they real issues-based interactions? The second part of this question is how well the team’s skills complement each other and how well each leader’s traits and skills align with their assigned jobs. Is the leader assigned to manage and track the IT portfolio really a better innovator and planner? Are Any of the Top IT Support Issues Recurring? MIT’s CISR’s research shows that firms who don’t have a stable service platform can’t do much else well. So, have a look at the top 10 or 20 high priority service tickets over the last few month and see if there are any patterns in who is logging the issues, what kinds of issues they are, how long they take to resolve, etc. You will also learn a lot about the organization’s attitude toward service, process maturity, staff, etc. Can Business Sponsors Simply Describe Business Cases? Every company has a different approach to business cases. One grocery company I worked with was satisfied with a “we know it’s a good project” to justify an investment (not advocating that, BTW). Instead of getting into the specifics, just ask the business sponsors to explain what they are getting out of the projects. See how simply they state the objectives, if there are any business metrics attached and make sure you can actually measure them. With these five questions, you will learn about alignment, processes, projects, people, service and support and most importantly, business value. Let me know what you think and other ways you have seen CIOs get up to speed quickly.

CTO FORUM 21 MAY 2010

thectoforum.com

The Perfect Marriage

Business and IT alignment is the holy grail of strategic planning – at least for the CIO. IMAGINE a world in which each and every activity over the next three years guarantees that the organisation moves closer to its goals and objectives. To achieve this requires that the underlying people, processes and technologies take you in the right direction on every project – simple in concept, difficult in practice. The secret to achieving this is to have IT and the business drive enough detail into the strategic plan to enable the architects to respond with an appropriate business design. Many things get in our ways toward this goal, but I have three favourites. See if they sound familiar.

Clip-Art Strategy I know you’ve done this before. I’ve seen it innumerable times. You’ve documented your business strategy using a clip art diagram of puzzle pieces or the façade of a Greek temple – you couldn’t resist labelling those Doric columns with your goals, showing how they support your vision statement on the capital. Sometimes this is followed by a second slide that lists a jumble of other goals and objectives including items like “We will be the least cost producer in our industry”, “We will meet or exceed all compliance and regulatory commitment”, or “We will be number one in our market”. This clip art approach to documenting a strategy is a sign that not enough detail has been generated. IT has an impossible task in generating an aligned response to such a strategy.

Just Give Me a Web Site This barrier arises because IT has taught the business to use “IT speak”. Vendors are also part of the problem – promising simple solu-

tions to complex needs. Frustrated business users jump immediately from their high level strategy to technical solutions. Some of my favourites include, “All I need is Salesforce.com”, “Let’s use the cloud” and “Just give me a web site.” This approach totally misses out on answering the question “What business problem are we solving?”

Fire and Forget Invariably, projects get launched and six months later someone asks, “Why are we doing this project?” or “Remind me what I get when this project is completed”. These are difficult questions to answer when you jump from a clip-art strategy directly to a set of technical solutions. There just is not enough detail available to answer those questions. Our response to all three barriers is to ensure that the business strategy is defined in sufficient detail to enable IT to respond with technical solutions. IT can subsequently justify why those projects are important and sufficiently measure progress in business (not technical) terms. We use business “capabilities” to fill the gap between a clip-art strategy and the technical solution. This means that IT needs to learn “business speak”, to capture the strategy in business terms – the operational, organisational, product, and information capabilities needed to achieve the business strategy. Ultimately, driving the business strategy to the level of capabilities forces the business to answer the question “what business problem are we solving” and allows IT to respond with an appropriate solution. That’s alignment. —Guest post by Dave Baker, Diamond’s Chief Architect

“IT and business should drive enough detail into strategic plans to enable an appropriate business design.”

HIDE TIME | BOOK REVIEW

Co-Author : Harbir Singh

“Think in English and act in Indian.”

Rest of the world has a lot to learn from the way companies are run in India, says the book.

IT IS NOW clear that the “unbridled pursuit of self-interest”, hallmark of the American model of economic development, popularly called the “Washington Consensus”, has very often led to self-inflicted injuries. The initial success of the US model, according to The India Way, published by Harvard Business Press, is thanks to constant restructuring of companies through job cuts and outside hiring. Now that the whole world feels the painful pinch of that model, the authors—four of them—look at how companies around the globe could take some big tips from businesses in India. Drawing on extensive interviews with some 105 business leaders in the country, the book says that the Indian approach to “running companies centred on a concern for multiple stakeholders and their needs, not just the narrower needs of shareholders”. It is this sense of mission, while preserving the heart of the capitalist mode of development, that makes

CTO FORUM 21 MAY 2010

thectoforum.com

the “India Way” too irresistible a proposition to dismiss, says the book. “Companies following the India Way go well beyond not doing hard to the social fabric to actually pursue social improvement …” says the book co-written by professors Peter Cappelli, Harbir Singh, Jitendra Singh and Michael Useem of the Wharton School India Team. The authors say the essence of the Indian Way is embodied in the thinking that the business leaders of the country “think in English and act in Indian”. They quote Tata Sons’ executive director R Gopalakrishnan as saying that “For the Indian manager, his intellectual tradition, his y-axis, is Anglo-American, and his action vector, his x-axis, is in the Indian ethos. Many foreigners come to India, they talk to Indian managers, and they find them very articulate, very analytical, very smart, very intelligent – and then they can’t for the life of them figure out why the Indian manger can’t do what is prescribed by the analysis.”

ABOUT THE REVIEWER

ULLEKH NP is consulting editor, CFO India. He has earlier worked with news organisations such as Mint, DNA, The Hindustan Times and India Today. Over the years, Ullekh has written on a wide range of subjects including politics, business, advertising, art, travel, culture and people.

Harvard Business Press; Rs 695.

Offering An Alternative

The practices in the India Way they have dwelt at length on in the book include holistic engagement with employees, improvisation and adaptability, creative value propositions and broad mission and purpose. They also discuss what the India Way means for global businesses ad their leaders. “The place to begin adapting the India way is for leaders to pay attention to the process of creating strategy, to focus on the business on a task … what are we better at than our competitors? … succeeding with the India way begins by developing an answer to that question,” says the book. For sure, the book will help Indian businessmen understand themselves in the global scheme of things. It will also inspire managers elsewhere as they look for ways to compete in a changing world. Given India’s remarkable growth in these turbulent times, chances are not unlikely that home-grown business practices may soon become the country’s biggest export, after Yoga!

HIDE TIME | CIO PROFILE

Think Big, Think Smart! COL ARVIND SAKSENA

ONE noticeable consistency in Col Arvind Saksena is his zest for change and thinking beyond the obvious. He believes in looking at things at a macro level, and then systematically changing them through a disciplined and well planned approach. In his career of 34 years, he has conceptualised and nurtured ideas which have brought about revolutionary change. Col Saksena credits his schooling and army training for the disciplined approach he has in life. â&#x20AC;&#x153;Whether it is a vacation or a professional decision, you can derive the maximum out of anything only if it has been carefully thought through.â&#x20AC;? After his service with the armed forces Saksena chose to step over to the civil side in 2001 and began work with Captain Gopinath at Air Deccan. Air Deccan started out with just two to three aircrafts that time. The whole concept of running a low cost airline was based on maximum exploitation of IT. The changes introduced by Saksena brought about a sea of change in the Indian airline industry. Where on the one hand, a mechanism was

SERVING THE NATION: Selected for both the Indian Administrative Services and the Defence Forces, a younger Arvind chose the latter for a better quality of life it offered. He served in the Air Defence Artillery, dealing in sophisticated equipment and super computers to mitigate airspace violations. His career in the army reached an epitome with him commanding an entire unit at the time of the Kargil conflict. He recalls that battling the enemy in that rocky mountainous terrain taught

him many a valuable lessons in life which helped him personally and professionally. To push oneself to the limit of absolute endurance, to manage and motivate the team in hostile environments and above all to optimally utilise resources were some invaluable learnings which stayed with him. It was this experience which helped Saksena at every step of the way when he chose to step over to the civil side in 2001 and began work with Air Deccan.

CTO FORUM thectoforum.com

21 MAY 2010

PHOTOS BY SUBHOJIT PAUL

Group CIO and Head HR, Consilium Software Inc

HIDE TIME | CIO PROFILE

Snap Shot developed for enabling passengers to travel with simple printed tickets, on the other hand, it became possible to book tickets over mobile phones. With this one stroke, Air Deccan became accessible and made roadway in to getting over 60 million users. At the same time, the airline established an in-house contact centre for the first time in the country. All other airlines at that time preferred outsourcing their call centres. Through this decision Saksena was able to achieve a lower attrition rate and was able to create a healthy pipeline for growing organisation. The call centre employees, fluent in the aviation lingo, were quick to grab opportunities in the same industry when offered better jobs. Under Saksena, Air Deccan entered the Eastern sector as well. Satellite linkages were established with the poorly connected sister states of the North East in 2005. The benefits of this success were huge and directly reaped by the common people. Soon after, other airlines took the same route. Interestingly, it was only a 50 member team that worked with Saksena in the IT function at Air Deccan with him directly reporting to Captain Gopinath. With Air Deccan’s merger with Kingfisher, Arvind moved on to join Consilium Software, a company which develops Unified Communications software and solutions. In this organisation, he introduced ideas which were new and uncomfortable. With shooting real estate prices and high attrition rates, combined with traffic problems in Bangalore, he started encouraging people to work from home. Although such an understanding is not unheard of, however, there are few organisations that trust their employees to make it a policy. This resulted in nose diving of attrition and increased employee satisfaction. Parallely, work from the clients’ site was encouraged for many benefits it brought to

CTO FORUM 21 MAY 2010

thectoforum.com

Arvind has a great supporter in wife Neelam, who is a great singer and an even better cook. They enjoy travelling and had a great time when they went back packing across Europe! An avid reader, he enjoys reading all kinds of books. Some of his favourites are The Secret by Rhonda Byrne, Winning by Jack Welch, The Japanese Wife by Kunal Basu, Chicken Soup for Golfers, and The Lost Symbol by Dan Brown. He also enjoys playing golf and is a gifted keyboard player. Whenever he is able to steal some time for himself, Saksena enjoys creating aircraft models and tiffany lamps. He also indulges in philately.

the company. Not only did it lead to greater mind sharing and increased client visibility but also in real time feedback of the ground reality. “You have to be able to look at the larger picture and know where you want to reach; otherwise you will only be reacting to circumstances,” he says. —Sana Khan

VIEWPOINT DR. ANTON CHUVAKIN | anton@chuvakin.org

Open Source: Free or Commercial?

ILLUSTRATION BY PC ANOOP

You Decide...

DOES Open source software that is freely available for download and use is one of the greatest things happened to technology. Don’t let the rest of this post fool you, I am 100% pro open-source. But can you just assume that open source software is FREE software? One of the biggest misconceptions is that open source is free. It is not— remember you need smart ladies and gentlemen like yourselves to install, configure, and support it. That aside, there is no reason why open source software should not be used to meet security or compliance requirements. Before settling on a solution (commercial or open source), you should do a full cost analysis including some risk-based elements. Do not shy away from it. Know this: Going through the exercise will pay off in spades by showing the team when and where open source is strategic. Before considering an open source software package, check with your legal team to see if your company

CTO FORUM 21 MAY 2010

thectoforum.com

has a position on any of the plethora of open source licenses under which software is typically licensed. Once you have the green light it’s time to do your cost analysis. Here are some things to consider: Do you have to acquire equipment for this software to run? Be sure to include network infrastructure to support it. How much of your time is required to keep it up to date? Estimate it, then use your salary plus bonus, and add anywhere from 15-25% for a benefit load. This will get you in the ballpark. Do you need to hire staff to keep it up to date? Will someone else in your company have to support it? Same calc as above for these questions. Will you need a second tier support contract from the open source group to handle advanced support issues? The base formula should be: Total Cost = (Total Man-Days * Estimated Daily Salary Costs) + Initial Hardware Cost + Hardware Upgrade Cost + Annual Support Contract.

DR. ANTON CHUVAKIN: He is a security expert in the field of log management and PCI DSS compliance and is an author of books "Security Warrior". This article is published with prior permission from Infosec Island

Whereby: Total Man Days = the total man-days to be spent per year. Initial Hardware Cost = the capital needed for project related hardware. Hardware Upgrade Cost = your current hardware is probably on a 3 or 5 year lifecycle. Estimate costs of replacement and divide by the normal lifecycle to get an annualised cost. Annual Support Contract = the annual cost of second tier support group that writes the software. Now you have something to compare to your commercial-off-the-shelf vendor’s estimate. In most cases, freely downloadable, open source software can be more expensive than commercial software. That doesn’t mean you shouldn’t use it, or that it always negatively impacts your business. On the contrary, this exercise will help you document all of the costs and risks associated with deploying the package. Besides, on a personal note… if it goes down at 4am on a Sunday, isn’t it nicer to scream at someone’s face and then go back to bed? :-)