June 2010
Vol 2 Issue 14 | A 9.9 Media Publication
Going
Upcountry Having established their presence in the metros, most vendors have turned their focus towards small cities and are experiencing enormous growth opportunities
Trusting the Cloud Securing the cloud to make it more trustworthy Page 18
Business Intelligence
How it can make an organisation really smart Page 24
Global Ambitions
Milind Tamhane of Digilink talks about global branding and expansion Page 10
editorial
Small Town is Big Business
Q
uick question: How many small and medium businesses are there in India? Quick question 2: How many of them are located in the metros? While there’s no general agreement on the answer to the first question (estimates range from a hundred thousand to several million), most people would not hesitate to say that the majority of SMBs are based in tier 2 and 3 towns. Three to five years back, many vendors in the IT industry in India – like their counterparts in other segments – set out to expand their footprint beyond these six cities: Delhi, Mumbai, Chennai, Kolkata, Bengaluru and Hyderabad. What they did was open more branch offices, sign up more distributors and dealers, roll out multi-city roadshows and improve post-sales support. With the large cities getting increasingly saturated in terms of their ability to consume technology, the common wisdom was that if India was to continue on its growth path, the next level of consumption surge would have to come from next-tier towns. Come to think of it: besides the six metros, there are close to 50 other cities in India with populations crossing or nudging one million. That’s a hell of a lot of consumers by any yardstick. And when you consider the all-round development happening in these towns – real estate, infrastructure, automobiles, education, etc – it’s only a matter of time that IT gets its rightful place as a high-consumption item.
sanjay.gupta@9dot9.in
Vendors’ efforts to expand into non-metros are paying off, but there’s still huge untapped potential
As a matter of fact, that time is ripe. According to a recent Ernst & Young report tracking the growth of small-town India, the share of consumption in non-metro cities has increased significantly over the past two years and is now more than 70%. However, there’s still huge untapped potential that exists for IT consumption in non-metros. While consumers are enthusiastic, most local businesses continue to shy away from investing in technology. Their reluctance results from a mix of the complex nature of technology, lack of localised applications and (often) poor tech support. There have been efforts to improve the situation by the likes of Microsoft and Intel on these counts, but there’s still a long way to go – many millions of businesses are yet to buy their first computer. Will you be there to lend a helping hand?
SANJAY GUPTA Editor Digit Channel Connect
sounding board sounding board June 2010
Vol 2 Issue 14 | A 9.9 Media Publication
n
Puneet Datta, Assistant Director – Marketing, BIS Division, Canon India: “In a couple of years, B, C and D-class cities will become a focus and integral part of market penetration plan of most companies. There is a lot more to be done in this area by vendors. A major investment on part of the vendors is to provide training facility in smaller towns.”
n
Rajesh Goenka, VP – Sales & Marketing, Rashi Peripherals: “Quantity comes from metro and quality from non-metro. While the metro pie is still pretty big, business in smaller towns is also growing at a rapid pace. In fact, today, Rashi has 54 branches all across the country and our focus is increasing in tier 2 and 3 cities. Also, the trend of using high-end technology (for example, wireless) is picking up in non-metros as well.”
n
Ravi Bharadwaj, General Manager - SMB, Dell India: “Dell has over the years worked actively and closely with partners to expand presence in tier 2 and 3 towns. Our PartnerDirect channel programme helps us cover about 200 such towns.”
Going
Upcountry Having established their presence in the metros, most vendors have turned their focus towards small cities and are experiencing enormous growth opportunities
Trusting the Cloud Securing the cloud to make it more trustworthy PAGE 18
Business Intelligence
How it can make an organisation really smart PAGE 24
Global Ambitions
Milind Tamhane of Digilink talks about global branding and expansion PAGE 10
Write to the Editor E-mail: editor@digitchannelconnect.com Snail Mail: The Editor, Digit Channel Connect, B-118, Sector 2, Noida 201301
DIGIT CHANNEL CONNECT
2
June 2010
contents
14
Vol 02 issue 14 | June 2010
Managing Director: Dr Pramath Raj Sinha Printer & Publisher: Kanak Ghosh Editorial Editor: Sanjay Gupta Copy Editor: Akshay Kapoor Sr. Correspondents: Charu Khera (Delhi), Soma Tah (Mumbai)
Going
Having established their presence in the metros, most vendors have turned their focus on small cities and are experiencing enormous growth opportunities
Upcountry
Design Sr. Creative Director: Jayan K Narayanan Art Director: Binesh Sreedharan Associate Art Director: Anil VK Manager Design: Chander Shekhar Sr. Visualisers: PC Anoop, Santosh Kushwaha Sr. Designers: Prasanth TR & Anil T Photographer: Jiten Gandhi Brand Communication Product Manager: Ankur Agarwal Sales & Marketing VP Sales & Marketing: Navin Chand Singh National Manager - Events and Special Projects: Mahantesh Godi (09880436623) Business Manager (Engagement Platforms) Arvind Ambo (09819904050) National Manager - Channels: Krishnadas Kurup (09322971866) Asst. Brand Manager: Arpita Ganguli Bangalore & Chennai: Vinodh K (09740714817) Delhi: Pranav Saran (09312685289) Kolkata: Jayanta Bhattacharya (09331829284) Mumbai: Sachin Mhashilkar (09920348755) Production & Logistics Sr. GM Operations: Shivshankar M Hiremath Production Executive: Vilas Mhatre Logistics: MP Singh, Mohd. Ansari, Shashi Shekhar Singh
18
Making the Cloud Trustworthy
Subbaram Gowra of Gowra Bits & Bytes on his company’s warranty management solution
Before enterprises can make more innovative use of clouds, security technologies, standards and interoperability must be improved
Get Smart with BI Business Intelligence solutions can help an organisation improve its productivity, quality, customer service levels and profitability
10
8
Streamlining Support
Global Ambitions
Milind Tamhane of Digilink talks about global branding and expansion
24
Channel champs Sr Co-ordinator - Events: Rakesh Sequeira Events Executives: Pramod Jadhav, Johnson Noronha Audience Dev. Executive: Aparna Bobhate, Shilpa Surve OFFICE ADDRESS
Others Editorial.......................................................... 02 TRENDS.............................................................. 30 application management............................. 12 Best of biz....................................................... 28 Networking..................................................... 23
advertisers index Samsung......................................................................IFC IBM............................................................................ IBC EMC............................................................................ BC Rashi Peripherals.............................................................1 Compuage......................................................................3 K 7 Computing................................................................5 iBall..........................................................................7, 33 Fenda.............................................................................9 Gigabyte.......................................................................11 Epson...........................................................................17 Supertron......................................................................21 Quick Heal....................................................................25 Cubix............................................................................27 Abacus.........................................................................29 India Anti-Virus.............................................................31 Consumermate..............................................................35
Nine Dot Nine Interactive Pvt Ltd., KPT House, Plot 41/13, Sector 30, Vashi, Navi Mumbai - 400 703 Phone: 40789666 Fax: 022-40789540, 022-40789640 Printed and published by Kanak Ghosh for Nine Dot Nine Interactive Pvt Ltd. C/O KPT House, Plot 41/13, Sector 30, Vashi (Near Sanpada Railway Station), Navi Mumbai 400703 Editor: Anuradha Das Mathur C/O KPT House, Plot 41/13, Sector 30, Vashi (Near Sanpada Railway Station), Navi Mumbai 400703 Printed at Silverpoint Press Pvt. Ltd, TTC Ind. Area, Plot No. : A - 403, MIDC, Mahape, Navi Mumbai - 400709
cover design : anil t
DIGIT CHANNEL CONNECT
4
June 2010
security Data Backup It is necessary for SMBs to more effectively respond to the challenge of efficiently storing, managing and protecting increasing amounts of business-critical data
Who’s
backing you up?
Vineet Sood
O
ver the past few years, the all enduring enterprise organisation has gone through many changes, constantly transforming the technology landscape. The pace accelerated and continues to throw at us new discoveries and breakthroughs. Consumerization of IT is one of the most radical and critical of changes, gradually changing employee expectations of technology at the workplace. Information is accessible at all times, both for personal as well as official use. But, do you know who has access to your confidential information? What would happen if one of your employees left his laptop in a taxi? When was the last time you backed up your data? What if a natural disaster struck and all the data was lost? Grim scenario, but it is very close to reality. For a small to mid-sized company, the situation is even more alarming as there is a large discrepancy between how SMBs perceive their disaster readiness and their actual level of preparedness. A recent survey suggests that SMB downtime costs their customers tens of thousands of rupees each year. As a result, SMBs can - and often do - lose business as a direct result of being unprepared for disasters. It is necessary for SMBs to more effectively respond to the challenge of efficiently storing, managing and protecting increasing amounts of business-critical data, and the best approach for them to integrate their backup environments is the one that efficiently meets the needs
DIGIT CHANNEL CONNECT
6
June 2010
of the specific environment. Personal information and company data is valuable and it is a scary scenario to even think that your most vital information could become your greatest loss in a matter of seconds. For a SMB, the challenge is greater trying to effectively manage information growth and at the same time trying to keep up with the latest technologies to protect its information, both internally and externally. As a small or mid-sized business, reputation, relationships and time are critical to success and downtime, or lost information can cause irreparable damage.
Problem areas But, despite acknowledging the fact that at least 40 percent of company data would be lost if computing systems were wiped out in a fire, the average SMB in India backs up less than 50 percent of company and customer data and out of that, only 23 percent back up on a daily basis and
Vineet Sood
To protect their data effectively and quickly, SMBs need a simple but powerful backup system that can automate backups at a reasonable cost.
With simplified data protection approach, SMBs can reduce the complexity, save time and increase reliability and availability, all at the same time.
40 percent backup in a month or less. The startling fact remains that though SMBs are well aware about outages and their impact, it hasn’t materialized into their preparedness, as practices indicate that this confidence is unwarranted. The average SMB has experienced three outages within the past 12 months, with the leading causes being virus or hacker attacks, power outages or natural disasters. It is not surprising that cost has been cited as the biggest barrier to adequate protection by SMBs. Growing storage costs are commonly blamed on the avalanche of information that needs to be secured, managed and retained. However, backup need not be costly and in a large number of cases, SMBs are not using the storage resources they have efficiently, which leads to unnecessary spiralling costs. The average SMB manages four or more different methods for backing up and storing information. It is no wonder they are so reluctant to perform backups more frequently.
The way out To protect their data effectively and quickly, SMBs need a simple but powerful backup system that can automate backups at a reasonable cost. With simplified data protection approach, SMBs can reduce the complexity, save time and increase reliability and availability, all at the same time. A good solution will also help them to better use their storage resources to further reduce the cost of protecting information. Every day, mission-critical data must not only remain safe, but must be accessible to the right people at the right time. Budgets must be met, whilst productivity levels are maintained or even improved. What’s more, compliance with regulatory requirements for the proper handling of sensitive data must be achieved and verified, and the existing resources should be optimised. For SMBs, money and staff time are at a premium, and there will always be something more pressing to do than manage backups. However, as data volumes increases, so does the risk to a company’s bottom line if that data isn’t protected. SMBs should look for solutions that offer simplified management, the ability to scale as their business grows, and make the most of their current investments to ensure that backup cost does not surge.n Vineet Sood is Head, Channel and Alliance, Symantec India
channel Q&A “We’ll help SIs/VARs streamline their business process with eSupport” – Subbaram Gowra, Managing Partner, Gowra Bits & Bytes
Subbaram Gowra, Managing Partner of Secunderabad-based Gowra Bits & Bytes shares with Charu Khera the company’s future plans and details on its software warranty management solution for SIs and VARs. DCC: Can you walk us through your professional journey?
I started Gowra Bits & Bytes as a retailing company way back in 2000. We moved on to the redistribution of components by 2004. But soon after, we thought that it was the time to transform; hence we partnered with IBM, which had very few partners during those days and we have been associated with them since then as a loyal end-to-end system integration company. Though challenges are always a part of any industry, but the channel fraternity is a very dynamic one and to be a part of the same, one has to be futuristic to succeed. But it feels good to experiment with new things and be different than others. DCC: How many vendors/brands are you currently dealing with?
IBM, Microsoft and Lenovo are the vendors we are directly associated with currently. Pharma-manufacturing/ R&D, hospitality, healthcare and telecom are the segments that are most profitable for our company. DCC: How do you look at the future for the company’s operations? What are your investment and expansion plans?
We currently are an end-to-end system integration company, but there are a lot of things planned as part of our future roadmap, like consulting and services to name a few. Retail and geographical expansion is also on cards in the near future.
DIGIT CHANNEL CONNECT
8
June 2010
DCC: Can you please brief us about some of your key achievements?
We have recently been awarded the Microsoft Gold Partnership 2010 and have also won Channel World Top-100 reseller recognition consecutively for the second year (2009 and 2010). In the past, we have also been awarded the Best Upcountry Partner award for South for IBM/Lenovo (2008). Recently, we have launched a support management solution called eSupport, which is a first of its kind software warranty management solution for System Integrators (SIs) and Value Added Resellers (VARs). DCC: Can you throw some light on eSupport?
eSupport has four key modules - lead management, through which one can manage customer leads, lead owners and could see a graphical view of the entire lead statistics every quarter, month or year end. Then, there is call management module, which would enable the support coordinator to load every post-sale call that gets registered and every call can be tracked by management. The third is warranty management module. One can monitor every post-sale call within or out of warranty, can have a dashboard view of all the support staff and get the status of pending as well as completed calls. The last module is AMC Tracking, through which one can track all ‘out of warranty’ assets and can also send AMC proposals respectively; thereby
eSupport is a great retention mechanism as the market is full of action and one has to be attentive. With eSupport, we would be able to help SIs/VARs streamline their entire business process without much of tweaking. We are targeting SIs/ VARs who use CRM/legacy solutions, which do not provide them full view of their aftersales processes.
getting repeat revenue out of the same customer base. This is based on client-server architecture priced at Rs 49,990 plus taxes (unlimited licenses) and we would soon be launching its web-based version, but the pricing would be higher than the earlier version. DCC: What would be your target verticals for eSupport & what’s your say on the competition?
We are targeting SIs/VARs who use CRM/legacy solutions, which do not provide them full view of their aftersales processes. Moreover, eSupport is a great retention mechanism as the market is full of action and one has to be attentive. Being a community member, we ourselves face similar challenges, which an SI/VAR would face and it was on demand developed in-house and once we achieved best practices, we thought we could take this to our community members also. In a nut-shell, with eSupport, we would be able to help SIs/VARs streamline their entire business process without much of tweaking, which happens in respect to CRM, as they are not engineered for our industry, targeting companies that focus highly on providing efficient after-sales services. As of now, we would not market eSupport through resellers and distributors, rather we plan to sell it directly in the Indian market.n charu.khera@9dot9.in
vendor speak
“We are looking to make Digilink a global brand”
– Milind Tamhane, Vice President - ITS Sales, Digilink
Already the no. 2 structured cabling brand in India, Digilink is setting its sights on overseas markets. Tamhane shares with Sanjay Gupta the company’s plans for 2010, the piping hot segments in structured cabling and the channel challenges DCC: Which category of structured cables are currently the hottest in India and why?
Cat6 has now become the industry standard. For fibre media, both singlemode and multimode 50-micron fibre are equally popular. The reasons are obvious: these media are cost-effective and yielding speeds support all upcoming technologies. DCC: In your experience, which vertical segments are driving the demand for cabling solutions? How have these segments evolved lately?
One has to consider two aspects: First, newer verticals embracing structured cabling as essential services; second, structured cabling itself has now got broadened and re-christened as Information Transportation System (ITS), which means even the design and usage of media like infrared, Wi-Fi and WiMax is now within the purview of ITS services. While we have planned residential projects, townships and commercial complexes as big new drivers, we also have educational institutes like schools considering ITS deployments as a must. Financial institutions are now spreading their wings in C-class cities and rural areas – which is yet another new vertical. DCC: Digilink currently has about 18% share in the structured cabling market in India as per IDC. What is your target for the year 2010 and what will be your top priorities?
Yes, Digilink ranks no. 2 in the SCS category and enjoys a market share
DIGIT CHANNEL CONNECT
10
June 2010
of 18%. This year we will be primarily focusing on the following verticals government (PSU), education, BFSI and healthcare. The top three priorities for Digilink are to strengthen our market share in the enterprise segment in India, promote the Digilink brand in SAARC and the Middle East, and ensure high brand visibility. DCC: What partner skills are lacking in realising the full potential of structured cabling?
There has been a considerable gap in the demand and supply for trained system integrators/IT solution providers. The technology changes at a rapid pace and so do the standards. We at Digilink have been encouraging partners to get more and more people trained in DCCE (Digilink Certified Cabling Engineer) courses. We also have corporate trainings for important clients at their premises and there are upgraded courses as well. DCC: Are you looking at expanding your partner base for any of your product lines?
At present, we are looking to make Digilink a global brand. We already have a good channel distribution network in countries like Sri Lanka, UAE and Bangladesh. Furthermore, we will look into capturing other global markets. DCC: What are the key challenges you think your partners face when they go out in the market? How are these different from those for active networking products?
The top three priorities for Digilink are to strengthen our market share in the enterprise segment in India, promote the DigiLink brand in SAARC and the Middle East, and ensure high brand visibility. There has been a considerable gap in the demand and supply for trained system integrators/ IT solution providers. The technology changes at a rapid pace and so do the standards. We at Digilink have been encouraging partners to get more and more people trained.
Most of the end users still would consider cost as their primary consideration despite the fact that small compromise on performance of the physical layer will jeopardise the entire network in long run. Our partners have this as the challenge in convincing the end users. DCC: Do you think the structured cabling segment suffers from lack of ample differentiation among different brands, thereby limiting partners’ ability to convince customers to go for a particular one?
The answer is yes and no. Yes, because superficially, there can be a hoard of brands equating their products with genuine products; however, a deeper analysis yields vast differentiations. DCC: Can you please share some of your key partner initiatives this year?
Our Empower Partner Programme has shown great results. Now we aim to build up on the programme by launching schemes for registered partners. One of the highlights of the programme is training on the latest technology in the ITS industry, which is provided to the partners along with demonstrations of products. We have just completed a 45-city road show, FITS 09, in which these training sessions were conducted. We have just launch a channel reward programme, Zip Zap Zoom 3. The programme is designed for Digilink VARs and SIs and will run from March 1 to June 30, 2010. This scheme is available through authorised Digilink distributors and Empower resellers. n
managed services Application Management
Dealing with
Application Complexity Today’s complex application environment demands automated tools that can ease the workload of IT managers Krishnan Thyagarajan
O
ver the past decade, it has been seen that both business and IT have made good advancements in learning how to work towards meeting common business objectives. Therefore, it is not surprising that both find a common bond at the applications level. During the past five years, IT operations management has become increasingly application centric along with infrastructure (servers, networks, desktops and storage) management. But, business applications management remains challenging because of the new trend of virtualisation, which has impacted IT management in a number of ways over the past few years and has made the environment more dynamic. This, coupled with the fact that applications are becoming more distributed and complex, is making application performance management a priority in the wish list of IT managers around the globe. Business owners have been the most enthusiastic
DIGIT CHANNEL CONNECT
12
June 2010
advocates of application- centric IT operations management among enterprises because of the role IT plays in adding value to the business process.
Importance of application management Application performance management solutions offer channel partners a lucrative opportunity to partner with their customers for solutions that will help them get the best out of IT investments. The heterogeneous environment of business and IT and the need for cost reductions has led to the demand for automated software for applications in order to fulfill vital business service objectives. An evolution to an automated environment is the need of the hour, as manual support is not very cost effective. Applications have grown more complex to manage without the requisite tools. Companies attempting to assign workforce at application-related
Krishnan Thyagarajan
Business owners have been the most enthusiastic advocates of application- centric IT operations management.
Application performance management solutions offer channel partners opportunity to partner with their customers for solutions that will help them get the best out of IT investments.
problems are finding the cost is too high. Application management helps IT focus on the most important aspects of system integrity, i.e. the point where business processes and technology infrastructure converge. The focus on applications elevates performance levels which results in higher systems reliability and lowers operating costs. Application management solutions have matured over time and vendors are constantly improving their solutions to keep up with the latest IT technology trends being deployed. A good application performance management solution must offer a series of feature sets called the five dimensional model described in a recent Gartner report. They are: measuring end-user experience, user-defined transaction profiling, application component discovery and modeling, application component deep-dive monitoring and lastly, it should possess configuration management database. The last feature is critical because the former features generate large data sets and they have to be correlated and filtered to provide intelligence to the IT managers.
The road ahead The demand for application performance management is expected to grow and this offers both vendors and partners a tremendous opportunity that can be used as leverage to reinforce their commitment to ensuring that their customers have the best of breed technologies to stay competitive. Customers have to do their due diligence when it comes to choosing the appropriate solution. With IT environments being heterogeneous, support for technologies from multiple vendors is an important feature to consider when making a purchase. Also, ease of use and implementation are going to be some key attributes of any APM solution, which must be light and easy to deploy and its footprint must have negligible resource consumption. It is definite that integration and centralization are key factors in application management. Business owners and decision makers should have the bandwidth to identify and resolve any problem in the application management area from a single location. The applications are the point of convergence where the business, using its sophisticated information technology, delivers quality to its customers. Therefore, to have a plan, tactic and solution in place, makes more sense for larger enterprises. n Krishnan Thyagarajan is MD, India Sub-Continent, Quest Software
cloud computing Application Management
Wake up and smell The new paradigm of application management should also include private cloud management services
T
he technology landscapes of today’s enterprise hardly bear any semblance to that just a few years back. Massive strides of advancement in storage and high performance computing along with the nascent cloud computing platform have been game-changers for today’s CIO. Traditionally, application management has been a CIO’s way of tapping into the steady state operations of the organisation, and a means of obtaining a systemic and systematic methodology and tools that offer visibility into realtime metrics that help manage the key aspects of applications. These components are monitored for availability, performance of key business processes, and SLA compliance. While the core nature of application management
remains unchanged, the ground realities of both the application management service provider and the technology decision maker must now change to factor in the cloud realm.
The altered IT landscape The CIO’s world now moves from a full on-premise one to that resting in three logical units of a unified cloud environment – on-premise, private cloud and the public cloud. Before moving into the realm of addressing application management across these three ecosystems, the CIO would have to stabilize a unified cloud environment where virtualised systems and applications are moved between private and public sections of the hybrid cloud based on policy and compute requirements and the rest is retained on-premise. But, there are some business pain points faced by any customer wanting to be part of the ‘new world’, like, complex data integration between the clouds and on-premise systems and applications, analytics challenges due to disparate data sources, and, complex IT infrastructure management needs due to new cloud monitoring requirements. The IT service provider will now need to expand his offerings to include the need for industry focused solutions to address business pain areas either or both on premise and cloud platforms, conversion/migration to private and public clouds, data management solutions
Darshan Nandi
The ground realities of both the application management service provider and the technology decision maker must now change to factor in the cloud realm.
The CIO’s world now moves from a full onpremise one to that resting in three logical units of a unified cloud environment – on-premise, private cloud and the public cloud.
for the complex integration to meet the new landscape along with business intelligence and analytics solutions and a more sophisticated IT infrastructure management. The technology pain points to be addressed now comprise of the traditional, viz. monitoring Service Level Agreements (SLAs) in real-time and to detect non-compliance, understanding the nature, severity and business impact of incidents, rapid triage of performance issues and assigning the fix and diagnosis of the RCA of incidents and speedy remediation. The unconventional comprise of the next generation Remote Infrastructure Management, a single view of systems via ITIL-based operations frameworks, consistent and high-quality service definitions created via detailed service development process, continuous improvement through adherence to an operations maturity model and a flexible delivery model that optimizes resources and delivery locations.
The solution The new application management solution should be able to address the traditional requirements of proactive performance management before end users are affected, the ability to monitor transactions in real time and detect problems quickly and the capability of understanding the business impact of problems and fix them quickly. It should also include private cloud management services wherein the service provider helps customers manage existing cloud environments along with private cloud management, in addition to the more conventional service offerings of desktop in a cloud management, enterprise shared platform management, infrastructure management in a public cloud as well as public cloud monitoring and management. The public cloud management service offerings will include the typical vendor management and operational level agreements aspects, administration and configuration management support of virtual resources, server OS monitoring, application services management, middleware services management, web infrastructure management, message queue management as well as the new remote database management. In conclusion, only the CIO who scales his vision and models up to the hybrid environment will help his business tide the economic realities of today. n Darshan Nandi is Operations Head, InKnowTech India
DIGIT CHANNEL CONNECT
13
June 2010
cover story Market Expansion
Going
Upcountry Having established their presence in the metros, most vendors have turned their focus towards small cities and are experiencing enormous growth opportunities Charu Khera
DIGIT CHANNEL CONNECT
14
June 2010
cover story Market Expansion
M
ost vendors are chanting a new mantra these days – to target B, C, and D class cities. For them, it is not metros, but tier-1 and 2 cities that are appearing as highly lucrative destinations. Many of these IT vendors now have a strong upcountry base and their increasing upcountry focus have enabled them to do healthy business in such towns and capture a larger market share in the country. Not only vendors, many national distributors such as Redington, Ingram Micro, as well as System Integrators (SIs), box pushers and Solution Providers (SPs) have expanded their reach in B, C and D-class cities. And those who haven’t, are not far from reaching out to smaller towns. Though metros have always been the focus for all IT vendors, when it comes to making money and capturing the larger pie of market share, industry watchers believe that with the changing times, more growth can be expected from tier-1 and 2 cities. Figures also indicate that these cities have been showing healthy and posi-
tive trends towards growth. Puneet Datta, Director – Marketing, Canon shares that in 2009, 50 percent of their sales were from B- and C-class cities. “This year, we expect 70 percent of our profits from B, C and D class cities. Infrastructure cost in smaller towns is low, acquiring manpower is easy, and many entrepreneurs are springing up in such towns. On the other hand, metros are getting over crowded, and vendors in metros are more focused on maximising their share of available market, whereas in B and C class cities, vendors have the opportunity to create the market and opportunity for growth,” he says. He adds that in a couple of years, B, C, and D class cities will become a focus and integral part of the market penetration plan of most companies. “There is a lot more to be done in this area by
vendors. A major investment on part of the vendors is to provide training facility in such smaller towns,” adds Datta. Canon’s BIS division currently has 120 partners in B and C class cities, as compared to 35 in metros.
Factors driving growth
“Due to high demand and low requirement of investment in terms of marketing and branding, the RoI in smaller towns is high.” Gautam Ghosh, Country Manager, ViewSonic Technologies India
“Infrastructure cost in smaller towns is low, acquiring manpower is easy, and many entrepreneurs are springing up in such towns.” Puneet Datta, Assistant Director – Marketing, BIS Division, Canon India
There are number of factors driving this trend—one, vendors can experience lower cost of operations in smaller cities; second, businesses in B, C and D class cities have managed to achieve operational ef ficiency and increased time to market; three, manpower recruiting costs is slightly lower in smaller cities. Also, attrition rate is minor in B and C class cities as compared to metros. Smaller cities also have a sizeable population as compared to metros, so the competition for labour is limited vis-à-vis the metros. Connectivity is also not an issue any more in B and C class cities. Few other reasons for the move towards smaller towns are low real-estate prices, quality talent pool, economically viable, and lower wage levels among others. Not only vendors, distributors as well as SIs and SPs have been aggressively branching out to these smaller cities. Rajesh Goenka, VP – Sales & Marketing, Rashi Peripherals believes that quantity comes from metro and quality from non-metro. “While the metro pie is still pretty big, the businesses in smaller towns are also growing at a rapid pace. In fact, today Rashi has 54 branches all across the country and our focus is increasing in tier-2 and 3 cities. Also, the trend of using high-end technology (for example wireless) is picking up in non-metros as well. So, both metros and B and C class cities are important and vendors should equally focus on both for overall success and growth,” he says. Most vendors that have expanded their presence in tier-2 and 3 cities agree that the infrastructure in such cities has become comparable with that of metros and gone are the days when partners in small cities had no good infrastructure and latest technologies. Vendors can now bank upon this advantage quite well. Ravi Bharadwaj, General Manager SMB, Dell India also believes that there is an immense opportunity that can be tapped in B- and C-class cities. “Dell has over the years worked actively and closely with partners to expand presence in tier-2 and 3 towns. Our PartnerDirect channel program helps
DIGIT CHANNEL CONNECT
15
June 2010
cover story Market Expansion us cover about 200 such towns,” he adds. Adding to his thoughts is Samik Roy, Head - Growth Applications, Oracle India. “After studying the Indian market and understanding customer requirements, we realised there was enormous growth opportunities in tie-1 and 2 cities. We now work with more than 1,000 partners across the metro and B and C class cities,” he says. Shriram Krishnamachari, Head – Channels & Distribution (India and SAARC), Adobe Systems says that tier-I and II cities contribute significantly towards their market share. “We also foresee immense opportunities in tier-1 and tier 2 cities and will continue to reach out to our audiences there,” he adds. Not only IT, but sectors such as
bouquet of hardware, software and services offerings. Anoop Nambiar, Country Manager - Business Partner Organisation, IBM India says, “Smaller cities offer enormous untapped potential and small and medium enterprises offer great business opportunities in these markets. We have already strengthened our presence in tier-II cities such as Kochi, Jaipur, Nagpur, Bhuwaneshwar, etc. By starting our hub in these cities, we are able to better cater to the requirements of surrounding tier-III cities as well. Simultaneously, IBM is also looking to build a wide-reaching tier-2 channel partner network in major cities across the country.” According to Rajan Sharma, GM, Gigabyte India, tier-1 and 2 cities are
chain, spread, availability and best possible RoI on selling the products. Also, as part of our expansion plans, we will be appointing at least 53 more partners in the tier-2 locations by the end of this year.”
Saturation in metros?
“Both metros and B and C class cities are important and vendors should equally focus on both for overall success and growth.” Rajesh Goenka, VP – Sales & Marketing, Rashi Peripherals
retail, BFSI, ITeS, telecom, etc have huge growth prospects in B- and C-class cities. Mandeep Gupta, Country Manager – Channel Business, Emerson Network Power says, “With the burgeoning growth of retail, telecom and domestic sectors, tier-1 and 2 cities provide a huge opportunity for the organised power solution vendors. Looking at the prospects, Emerson intends to increase its channel base by 20 percent in B and C class cities.” Biggies in the industry such as IBM too have been expanding its footprint in tier-2 and 3 cities with a
DIGIT CHANNEL CONNECT
16
June 2010
big opportunity areas for the company. “These cities are giving us consistent 50 percent plus growth against our overall growth of 25-30 percent. The customer segment is getting more informed in smaller towns and hence RoI is getting better for top brands. Our focus on high-end products in smaller towns have also seen immense acceptance. B and C class cities are now more preferred by vendors, are given more focus by establishing postsales service centres, giving technical support to partners, customer education, channel interaction, supply
“We also foresee immense opportunities in tier-1 and tier 2 cities and will continue to reach out to our audiences there.” Shriram Krishnamachari, Head – Channels & Distribution (India and SAARC), Adobe Systems
While it is too early to state that tier- II and III cities have been giving more Return On Investment (ROI) to all vendors as compared to metros, it is evident that there is some sort of saturation happening in the Indian metro cities in terms of overall sales for all IT products and ser vices. “As such, Asus has been actively involved in reaching out to B and C class cities, which still hold tremendous growth potential as well as a demand for IT products. We have already started extending our reach to B and C tier cities through various channel initiatives like channel meets, technical seminars and advertising in local media. We have come to understand that the majority of sales in the Indian market will be driven by the newly educated and demanding population inhabiting in the smaller cities. With growing needs of the ITES and BPO industry that is now shifting to the smaller cities of India, we feel that we will definitely get better RoI on investing our time and resources in the smaller metros on a long term basis,” opines Vinay Shetty – Country Head, Component Business, Asus. Gautam Ghosh, Country Manager, Vi e w S o n i c Te c h n o l og i e s I n d i a , sharing his plans with respect to expansion in smaller towns, says, “ViewSonic is focusing on B, C and D class cities, as there is a demand for new technology, which is not being catered by all the vendors as seen in the metros. Due to high demand and low requirement of investment in terms of marketing and branding, the RoI in smaller towns is high. Looking at the increasing demand, we also plan to provide resident engineers in B and C class cities, where new service centres cannot be opened.”
Challenges prevail Expansion in B, C and D class cities has certain challenges and though some companies have been reluctant in going there full strength, they sure do have plans in store. Acer plans to open 350 retail stores
cover story Market Expansion and a vendor can also sometime be a cause of concern.
The path ahead
by the end of 2010, with expansion on the channel retail front primarily focussed on the tier-2 and 3 cities. As for the challenges of addressing customers in B and C class cities is concerned, S Rajendran, CMO, Acer India says, “National distributors have also been aggressive in reaching out to smaller towns and this has resulted in higher growth in the consumer PC business. But a key challenge sometimes with addressing
C and D category towns is the lack of proper infrastructure to reach out on multiple platforms - information, products along with soft aspects such as training, hands-on demo, etc. But we are getting these challenges addressed though increase in market coverage through own managed sales force and are also co-opting our tier-1 partners for better addressal and focus.” Lack of proper communication between a partner (in B or C class city)
“National distributors have also been aggressive in reaching out to smaller towns and this has resulted in higher growth in the consumer PC business.” S Rajendran, CMO, Acer India
For those (vendors/distributors/ SIs) that are optimistic about their expansion plans in B, C or D class cities, the future seems bright. The growth in B, C and D class cities is going to be more evenly spread and will not only be concentrated to a few cities. Considering the simple f actor that the number of B, C and D class cities in India is huge, returns for vendors through expansion in these small cities could also be considerably huge. The point is clear – vendors who want to promote sales in this fast-growing business segment and capture a larger market share, will have to shift their focus towards smaller towns. However, they have to play smart and choose the right market for their product. It won’t be long before we see almost everyone shifting their focus towards B, C or D-class towns. n charu.khera@9dot9.in
DIGIT CHANNEL CONNECT
17
June 2010
security Cloud Computing
Making the
cloud trustworthy Before enterprises can make more innovative use of clouds, security technologies, standards, and interoperability must be improved
DIGIT CHANNEL CONNECT
18
June 2010
A
t this early stage in the development of public clouds, the offerings are a mix of commodity consumer and mainstream enterprise applications that deal with relatively nonsensitive data such as email, instant-messaging services and Web-based shared spaces and those that handle more sensitive data like Salesforce.com and EMC’s Mozy. But if cloud computing is going to meet enterprise needs for confidentiality of customer data and compliance with legal directives, it will have to provide increased levels of security to support more sensitive enterprise applications. Public cloud computing also introduces new stakeholders into the security equation – third party service providers, infrastructure vendors and contractors – and loosens the control that IT has on each of these three areas. If cloud computing is to succeed as an alterna-
tive to the corporate data center, IT departments will require relationships with cloud providers that allow them to trust cloud services and verify events in the cloud. It will have to effectively support a high level of security, similar to current control-centered models, and be implemented in a way that allows enterprises to develop confidence in extending portions of their own data centers into a public cloud.
Scalability and Multi-tenancy Public cloud computing describes a computing architecture that extends the service-oriented approach into a marketplace model. Providers offer services that “run in the cloud” as they are accessible using Internet Protocol and are location independent, meaning that users have no need to know where the underlying IT resources exist.
security Cloud Computing Cloud services have two hallmarks: They are scalable (the required resources of storage and computing power can be increased or decreased based on customers’ needs), and they are multi-tenant (they provide simultaneous, secure hosting of services for various customers utilizing the same cloud infrastructure resources). Today’s cloud computing comprises three types of services: n Software as a Service (SaaS). An application is hosted as a service provided to customers. Examples include Salesforce. com’s Web-based CRM application and Gmail and Google Docs from Google. n Platform as a Service (PaaS). The combination of software and infrastructure services with application development tools so that Web applications and services can be built and hosted. n Infrastructure as a Service (IaaS). Facilities commonly provided locally, by a desktop computer or a data center, are offered as remote resources so that a customer can define and manage computational or storage tasks. But before cloud computing can live up to its promise for the enterprise, it needs further refinement, especially in the area of security. To date, most of the public cloud-oriented applications have been consumer-centered applications built on commoditized data storage and transaction processing. At this initial stage, the applications and data being processed in clouds are predominantly non-sensitive, and the cloud services offer minimal or only generally available security. The cloud offerings themselves are proprietary computing islands, with few standards and only limited possibilities for interoperability. Trends in information growth will only make the problem more pressing for enterprises. The IDC study, “The Expanding Digital Universe,” notes that while individuals will create most digital information, corporations will be responsible for the security, privacy, reliability, and compliance of at least 85 percent of
the rapidly expanding digital universe. It is clear that public cloud computing must become more secure if it is to become more accepted by the enterprise. With this progression, trust and verification will again be the key security enablers. Enterprises will need to assure the confidentiality, integrity and availability of their data as it is transmitted, stored or processed by third parties in the cloud services chain.
Public cloud computing introduces new stakeholders into the security equation and loosens IT’s control.
Security is the Big Question Mark Taking advantage of cloud computing means major changes for enterprise IT organizations. The biggest will be reduced control even as they are being tasked to bear increased responsibility for the confidentiality and compliance of computing practices in the enterprise. This makes security a major issue as IT departments look at cloud services and providers.
Changing relationships A key issue for cloud computing is that aspects of traditional infrastructure security move beyond an organisation’s control and into the cloud. This will lead to fundamental changes in the number and roles of security stakeholders as enterprises turn over control of security infrastructure and processes to outside contractors. Trust relationships between the various cloud stakeholders need careful consideration as public cloud computing evolves to manage sensitive enterprise data. Conventional data centers have based security on fortresslike structures that protect the data within secure physical, hardware, and software infrastructures: their security rests primarily on controlling access by users and maintainers of the data and infrastructure. In cloud computing, a data center still exists – somewhere – but who controls it? Cloud computing diffuses many of the traditional corporate security boundaries and
substitutes transient chains of custody for the data, with major implications for security and trust for sensitive enterprise data and applications. The sharing of control raises many questions of responsibility. How will you know which employees of your cloud provider have access to what information and applications? That access needs to be fine-grained with only a selected and controllable few having broad access.
Standards
If cloud computing is going to meet enterprise needs for confidentiality of customer data and compliance with legal directives, it will have to provide increased levels of security to support more sensitive enterprise applications.
Public cloud computing must become more secure if it is to become more accepted by the enterprise.
Before sensitive and regulated data move into the public cloud, issues of security standards and compatibility must be addressed including strong authentication, delegated authorization, key management for encrypted data, data loss protections, and regulatory reporting. How will these requirements be met across individual cloud infrastructures and across multiple clouds chosen by the consumer as best practices? Existing cloud service providers may become the de facto models around which security and federation of authorization controls might emerge. Or answers may come from work currently being conducted by various agencies to questions such as which existing standards could be applied to cloud computing, what gaps exist, and what new standards need to be developed.
Portability between public clouds While cloud computing conveys a promise of open architecture and easy integration, the early cloud offerings have tended to create security “silos”. Enterprises will require information and identity portability between varying clouds so that they can mix and match their services in an open, standards-based environment that permits interoperability. Portability will become a major issue as more complex services get delivered by multiple cloud infrastructures. Clouds will have to talk to each other securely.
Confidentiality and privacy Business units are already tasking IT departments to protect their data in the private and public clouds, with the expectation that sensitive information will either be desensitized or deployed with verifiable access authorization to protect its privacy and confidentiality. IT organisations have historically not developed the capability to effectively identify and classify users and sensitive data. Without this ability, they will face hurdles in extending security function-
DIGIT CHANNEL CONNECT
19
June 2010
security Cloud Computing alities to cloud environments. How will your cloud provider ensure confidentiality and privacy? Recently, one cellular provider was embarrassed, for example, when its employees viewed Barack Obama’s past phone records. How will such incidents be prevented? How will you protect against insider threats, like an employee of the cloud provider walking off with sensitive enterprise information? Cloud providers will have to address this fundamental responsibility.
Viable access controls Information governance requirements
ments to host their applications and data in the cloud directly. This creates several problems for the IT organizations with reduced internal and external control. The business units’ activities multiply the IT department’s compliance challenges even while legal and compliance departments are expecting the IT departments to be able to report on and demonstrate control over sensitive information. Additionally, a cloud provider’s SAS-70 compliance must be carefully assessed by each enterprise customer to see if the certification meets the compliance policy established by their own enterprise. Reporting will be a key requirement for any cloud environment where
Sensitive data in the cloud will require granular security, maintained consistently throughout the data lifecycle.
The foundational infrastructure for a cloud must be inherently secure whether it is a private or public cloud or whether the service is SAAS, PAAS or IAAS.
will need to be balanced with the users’ desire for efficient yet robust access control. Users and corporations will expect transparency and convenience of access. For many clouds such as those delivering popular services to the general public, a token-based approach may not be tolerated by the users. Another major pain point is the lack of delegated authorization. While some cloud services provide for delegated strong authentication that enables access control based on user identity, few, if any, provide delegated authorization to enable access control based on the content of the information itself. This capability is turning out to be increasingly important given the advent of Web 2.0 where fine-grained entitlements for authorization management and control will be most essential.
Compliance Many business units are being drawn into using cloud services by the attractive economics, bypassing IT depart-
DIGIT CHANNEL CONNECT
20
June 2010
Personally Identifiable Information (PII) and other sensitive or regulated data live. Who will be accountable for ensuring compliance is met – you or your cloud provider? Will you have access to log data from the cloud environment where your company’s information lives so you can correlate it with events in other systems? What if someone steals data from your cloud-based system in an attempt to break into systems in your company’s internally managed data center? How do those events get correlated? Who is accountable if there’s a breach of PII? Will you even know where your information is physically located? These questions could potentially create an issue for compliance with international regulations.
Security service levels As all types of data will end up in the clouds, there will be an increasing need for varying security service levels that match the sensitivity of different types of
IT departments will require relationships with cloud providers that allow them to trust cloud services and verify events in the cloud.
data. The real challenge will be mapping security levels to information or business processes so that they can be transferred to the cloud at the lowest possible cost, but the highest necessary level of security.
Principles for Securing the Cloud Public cloud computing requires a security model that reconciles scalability and multi-tenancy with the need for trust. As enterprises move their computing environments with their identities, information and infrastructure to the cloud, they must be willing to give up some level of control. To do that, they must be able to trust cloud systems and providers, and verify cloud processes and events. Important building blocks of trust and verification relationships include access control, data security, compliance and event management – all security elements well understood by IT departments today, implemented with existing products and technologies, and extendable into the cloud.
Identity security End-to-end identity management, thirdparty authentication services, and federated identity will become a key element of cloud security. Identity security preserves the integrity and confidentiality of data and applications while making access readily available to appropriate users. Support for these identity management capabilities for both users and infrastructure components will be a major requirement for cloud computing, and identity will have to be managed in ways that build trust. It will require: n Strong authentication: Cloud computing must move beyond weak user name-and-password authentication if it is going to support the enterprise. This will mean adopting techniques and technologies that are already standard in enterprise IT such as strong authentication (multi-factor authentication with one-time password technology), federation within and across enterprises, and risk-based authentication that measures behavior history, current context and other factors to assess the risk level of a user request. Additional tiering of authentication will be essential to meet security SLAs, and utilizing a risk-based authentication model that is largely transparent to the users will actually reduce the need for broader federation of access controls. n More granular authorization: Authorization can be coarse-
security Cloud Computing grained within an enterprise or even a private cloud, but in order to handle sensitive data and compliance requirements, public clouds will need granular authorization capabilities (such as role-based controls and IRM) that can be persistent throughout the cloud infrastructure and the data’s lifecycle.
Information security In the traditional data center, controls on physical access, access to hardware and software and identity controls all combine to protect the data. In the cloud, that protective barrier that secures infrastructure is diffused. To compensate, security will have to become informationcentric. The data needs its own security that travels with it and protects it. It will require: n Data isolation: In multi-tenancy situa-
protection to meet the enterprise’s own needs as well as regulatory policy mandates. For some categories of data, information-centric security will necessitate encryption in transit and at rest, as well as management across the cloud and throughout the data lifecycle. n Effective data classification: Cloud computing imposes a resource trade-off between high performance and the requirements of increasingly robust security. Data classification is an essential tool for balancing that equation. Enterprises will need to know what data is important and where it is located as prerequisites to making performance cost/benefit decisions, as well as ensuring focus on the most critical areas for data loss prevention procedures. n Information rights management: IRM is often treated as a component of identity,
Building a Trustworthy Cloud tions, data must be held securely in order to protect it when multiple customers use shared resources. Virtualisation, encryption and access control will be workhorses for enabling varying degrees of separation between corporations, communities of interest and users. In the near future, data isolation will be more important and executable for IAAS, than perhaps for PAAS and SAAS. n More granular data security: As the sensitivity of information increases, the granularity of data classification enforcement must increase. In current data center environments, granularity of role-based access control at the level of user groups or business units is acceptable in most cases because the information remains within the control of the enterprise itself. For information in the cloud, sensitive data will require security at the file, field, or even block level to meet the demands of assurance and compliance. n Consistent data security: There will be an obvious need for policy-based content
DIGIT CHANNEL CONNECT
22
June 2010
a way of setting broad-brush controls on which users have access to which data. But more granular data-centric security requires that policies and control mechanisms on the storage and use of information be associated directly with the information itself. n Governance and compliance: A key requirement of corporate information governance and compliance is the creation of management and validation information – monitoring and auditing the security state of the information with logging capabilities. Here, not only is it important to document access and denials to data, but to ensure that IT systems are configured to meet security specifications and have not been altered. Expanding retention policies for data policy compliance will also become an essential cloud capability. In essence, cloud computing infrastructures must be able to verify that data is being managed per the applicable local and international regulations (such as PCI and HIPAA) with appropriate controls, log
collection and reporting. Sensitive data in the cloud will require granular security, maintained consistently throughout the data lifecycle.
Infrastructure security The foundational infrastructure for a cloud must be inherently secure whether it is a private or public cloud or whether the service is SAAS, PAAS or IAAS. It will require: n Inherent component-level security: The cloud needs to be architected to be secure, built with inherently secure components, deployed and provisioned securely with strong interfaces to other components, and, finally, supported securely, with vulnerability-assessment and change-management processes that produce management information and servicelevel assurances that build trust. For these flexibly deployed components, device fingerprinting to ensure secure configuration and state will also be an important security element, just as it is for the data and identities themselves. n More granular interface security: The points in the system where hand-offs occur – user-to-network, server-to application – require granular security policies and controls that ensure consistency and accountability. Here, either the end-to-end system needs to be proprietary, a de facto standard, or a federation of vendors offering consistently deployed security policies. n Resource lifecycle management: The economics of cloud computing are based on multi-tenancy and the sharing of resources. As a customer’s needs and requirements change, a service provider must provision and decommission those resources – bandwidth, servers, storage, and security – accordingly. This lifecycle process must be managed for accountability in order to build trust.
Conclusion Cloud computing promises to change the economics of the data center, but before sensitive and regulated data move into the public cloud, issues of security standards and compatibility must be addressed including strong authentication, delegated authorization, key management for encrypted data, data loss protections, and regulatory reporting. All are elements of a secure identity, information and infrastructure model, and are applicable to private and public clouds as well as to IAAS, PAAS and SAAS services. In the development of public and private clouds, enterprises and service providers will need to use these guiding principles to selectively adopt and extend security tools and secure products to build and offer end-to-end trustworthy cloud computing and services. Fortunately, many of these security solutions are largely available today and are being developed further to undertake increasingly seamless cloud functionalities. n Courtesy: RSA
networking Convergence n Align IT investments closely with business strategy and goals. n Deploy new applications quickly and enable them to communicate and collaborate effectively. n Allocate more of the budget for network expansion by lowering operational costs through virtualisation of IT resources. n Move the business environment from transactions to interactions. n Maintain network health and continuously improve performance.
Building intelligent
networks
With an intelligent network platform, organisations can get the best out of collaboration and business process applications Ashok Kumar
T
echnology-enhanced collaboration is the next wave of opportunity for innovation and transformation for businesses. In fact, collaboration is one of the most important tools to help increase an organisation’s agility and deliver new levels of productivity. The Economist Intelligence Unit predicts that by the end of this year, 62 percent of employees will work with teams in different locations, and by 2011, 30 percent of the global workforce will work remotely. To corroborate this, take the average employee - he carries a PDA and a laptop, and is constantly connected to colleagues, partners and customers via e-mail, IM, Twitter, Linkedln and a host of other web 2.0 applications. In addition, with close to 14 billion devices connected to the Internet, we are in the midst of an evolving digital culture where employees are looking for a secure and stable network to help them remain productive no matter where and when they work. To meet these expectations, businesses need to create a cohesive strategy that keeps its separate parts working as a whole towards its overarching business goals. Yet many enterprises have grown their IT infrastructures in ways that isolate resources to support individual transactions. This approach results in silos of information and appli-
cations, hampering access to networked resources. And enabling interaction can only be achieved by generating a strategically planned IT evolution.
Need of the hour Today’s intelligent networks have to be built with strategic roadmaps steering them toward peak technical and business performance. So, if organisations want to stay competitive, they have to migrate to more resilient, flexible architectures that support expansion and adapt to the changing marketplace requirements. With an intelligent network as a platform being utilized as a tool for change, businesses can achieve new efficiencies, integrate network collaboration and business process applications and increase productivity. Moreover, when companies virtualise crucial network functions and improve collaboration, they get more from their resources and can move and manage assets with greater flexibility. Using this approach, an enterprise can evolve to an intelligent network that makes the most of resources, applications and business processes and enables IT to add value to the organisation’s business. Going in for advisory services to plan the network while integrating new technologies can: n Seamlessly integrate technologies such as voice and video into a secure converged network.
What the future holds
Ashok Kumar
Today’s intelligent networks have to be built with strategic roadmaps steering them toward peak technical and business performance. An enterprise can evolve to an intelligent network that makes the most of resources, applications and business processes and enables IT to add value to the organisation’s business.
Such a converged IT architecture transforms the network into a platform for network service delivery while optimizing business applications, enhancing collaboration and virtualising resources. Using an architectural approach also allows for a new conversation to take place - businesses can talk about capabilities and how these capabilities are leveraged across the enterprise to deliver business value instead of just talking about products and features. Because the network often transports data, controls the entire communication system and enables the mobility of the workforce, it becomes crucial to maintain the ongoing health of a network. For example, imagine a high profile customer making an online transaction based on the current stock market price. In the middle of his net banking process, the network suddenly fails, causing a downtime of ten minutes. During this time, the stock price has fluctuated and the customer incurs a huge loss because his transaction did not take place in real time. In the BFSI sector, such a scenario is unacceptable. Such an incident can best be avoided by allowing experts to assist in monitoring the network, resolving problems and managing changes. In the future, as the organisation adapts to change, the lifecycle begins anew - continually evolving the network and improving results. Hence, a successful business will be one that has a structured path for growth. So, the need of the hour is a plan that combines customized technology solutions and services that not only helps meet business challenges of today, but also maximizes the future potential of technology investments. n Ashok Kumar is Vice President, Cisco Services, Cisco, India & SAARC.
DIGIT CHANNEL CONNECT
23
June 2010
business intelligence
Get Smart with
BI
Business intelligence solutions can help an organisation improve its productivity, quality, customer service levels and profitability Durai Rajasekar
I
n the last decade, many enterprises across sectors have moved to centralized IT solutions, and have consolidated countrywide operations through IT investments. This has majorly improved operational performance, reduced the cost of operations, and increased reach to customers. Currently, these enterprises are looking at enterprise-wide Business Intelligence (BI) solutions, to leverage their present investment in IT infrastructure for improving productivity, quality, customer service levels and profitability. Transaction systems automate business. BI systems analyse business performance, and help the firm to enhance business by optimizing all risks. It offers the functionalities of visualising transaction data in tabulated forms and contents associated with trend charts and graphs, so as to pin-point the problem areas of business as well as the growth areas. It helps users at all the three levels of business—strategic, tactical and operational, to view and analyse data as per the relevance of each function, and facilitate them to make decisions. It offers monitoring key indicators of business
DIGIT CHANNEL CONNECT
24
June 2010
continuously, and receiving automated alerts whenever the threshold limit or target is exceeded or not achieved.
How is enterprise-wide BI different? Some conventional ERP (Enterprise Resource Planning) systems help businesses automate transactions through data capture at operational level, and ensure data and business integrity are maintained through orchestrated business processes and rules. They have MIS systems to complement and verify if the transaction processing is complete at the operational level, and provide periodic static reports to management, which are statistic and statutory in nature. So why should an enterprise spend on BI? The differentiator here is that a BI solution provides a unified view of data extracted from multiple transaction systems such as SCM, CRM etc., and provides analyses and information support for MIS/DSS/ESS users. Information engineering across the entire organisation precede a good BI implementation like what business
business intelligence BI systems analyse business performance, and help the firm to enhance business by optimizing all risks.
process engineering does for a good ERP implementation. However, integration of BI and ERP can provide tremendous value to organisations in various areas such as inventory holding analysis, inventory movement analysis, cash requirement analysis, price variance analysis, production optimization analysis, and cost analysis for products, operations, purchases and so on. All this is easily delivered on a BI platform which comes with a dash board, score card, balance score card, alerts, work flow for issue resolution, digital dash board for top management view, and so on. While ERP is deployed for standardization of processes and integrity of data, a BI solution is deployed for standardization of information and unified view of same data. Moreover, BI is a highly customizable platform. Because information and analysis requirement varies among businesses and wholly depends on data models, data marts built for BI also vary and hence the whole BI platform will get customized for the business. Therefore, information engineering will have to precede deployment of BI solutions.
Who needs enterprisewide BI? A frequently asked question is which size of businesses will need to deploy BI. A business, whether big or small, faces the same risks, but at different scales. Perhaps a lower level of investment and TCO will be the key for small businesses. The other part of the question is at which level is BI to be employed. When it comes to the use of BI, it is a necessity at every level, with a different set of purpose at each level. While at CEO/CFO level, the information requirement is for strategic initiative purpose (eg: Why my product sales is not picking up
DIGIT CHANNEL CONNECT
26
June 2010
in the southern region?), at the tactical level, it is required for tactical decisions (Which are the channels in the southern region that do not perform well in certain product sales), and at operational level, it is purely for transaction-based decisions (Who will pick up stock of which product and at what time?) Though it’s a general idea that BI comes as an overpriced IT tool which makes it a luxury, it is actually a different case in reality. Generally, the TCO for a BI solution should not exceed a certain percentage of TCO of the ERP system itself. But in terms of ROI to the organisation, it is higher, because the return on BI investments takes into account leveraging the investment in the ERP system also. (e.g: Price variance for the same raw material with the same quality and delivery commitment from two unconnected vendors, detected through BI, will bring enormous cash benefits to the organisation using BI if these procurements operations are decentralized for strategic reasons. The savings in rationalization of this price variance alone will pay for the investment in BI, at one go.) Thus, the ROI on BI can be measured by judging the quality and effectiveness of decisions which the users take. This is based on the most recent and real-time data coming from ERP systems, and the improvement in revenue or saving in cost that result due to such decisions. The whole need of a BI implementation depends on the percentage of use of ERP data by various decision makers in the organisation, and whether the data is coming directly from the system or through tabulated forms using spread sheets and intermediary manual processes.
Challenges The implementation of BI in an enterprise cannot be confined to only corporate
The whole need of a BI implementation depends on the percentage of use of ERP data by various decision makers in the organisation BI solutions offer monitoring key indicators of business continuously, and receiving automated alerts whenever the threshold limit or target is exceeded or not achieved.
offices, or a few analysts, or any selected geo, or a set of customers. Today, IT penetration has already reached far and wide in any enterprise. This definitely has thrown a challenge to solution providers in terms of both sales and service delivery. The recent global meltdown and the fear of loss of business from European and Pan American markets have been good for Indian IT companies, who have invested in innovative BI solutions. These have now emerged as a ready-to-use solution to enterprises, which are turning aggressive in pushing sales and need BI to know where to push what. Enterprises continue to analyse TCO and ROI, as long as the solution offered can justify that the product will sell. The other challenge is with SMBs, which will take some more time, because BI is still finding its feet with large enterprises, which have already invested heavily in IT infrastructure and which have just started looking at BI. SMBs will continue to be followers of adopting either ERP or CBS systems. But then there are still a handful of SMBs who have a foresight and thirst for innovation and early adoption, and such SMBs will also look out for BI, though not all. From a typical Indian perspective, the main challenge is to move users away from the hard copy report-based decision support to online interactive analysis-based decision support, and justify benefits in relation to the investment. To wind up on the life and future of BI, here is a brief gist of a Gartner paper published in 2009, predicting these developments in the business intelligence market: n Because of lack of information, processes, and tools, through 2012, more than 35 percent of the top 5,000 global companies will regularly fail to make insightful decisions about significant changes in their business and markets. n By 2012, business units will control at least 40 percent of the total budget for business intelligence. n By 2010, 20 per cent of organisations will have an industry-specific analytic application delivered via software-as-a-service as a standard component of their business intelligence portfolio. n By 2012, one-third of analytic applications applied to business processes will be delivered through coarse-grained application mashups. n Durai Rajasekar is Senior Vice President, Ramco Systems.
best of biz Image Management
Why
Business ID Matters
Having a business email account is vital to project and promote a professional image of the organisation Shekhar Kirani
E
-mail has undoubtedly emerged as one of the most popular communication mediums online and it has revolutionized how businesses interact and transact with each other. According to a market research firm, person to person email daily volume surged to 210 billion messages in 2008. There are several reasons why e-mail has become an integral part of our lives today. It is fast and delivered instantly. No other method of communication can provide this speed of service. Besides, it is inexpensive compared to telephone calls, faxes or even couriers. Email is also easy to filter. The subject line on an email makes it easy to prioritize
DIGIT CHANNEL CONNECT
28
June 2010
messages. The reader can identify critical correspondence quickly and deal with it immediately, unlike regular mail which needs to be opened and reviewed first. Having a business email account not only provides a business an easy and inexpensive mode to manage and conduct business, but it is also critical to project and promote a professional image of the business itself.
Creating the right impression A business e-mail address plays an important role in how individuals or organisations actively market their products, services or skills. It helps to communicate useful information about the user of the address in the case of the company name being used in the email is the same as the domain name. Several free email providers can provide you an email address, but what counts is the image that your company email address projects to the people you interact with. For example: support@ yourcompanyname.com On its face, a business email address may seem like a small aspect of your company’s online presence, but your email address can say a lot about who you are and what you do. A generic email address may give your customers the impression that the business is small or that you are not keen about investing in the image of your business.
Shekhar Kirani
A business e-mail address helps to communicate useful information about the user of the address in the case of the company name being used in the email is the same as the domain name. Having a business email account is critical to project and promote a professional image of the business itself.
Having a business email address, unlike a generic email id, is also an inexpensive form of advertising for your business. Every time you or anyone in your company sends out an e-mail, it serves as a reminder of who you are and what your business is called. Once you get a business email id, it is also important to drive the discipline of having all the employees of the organisation use the business email id. If your employees are not using your business domain name in their email address, you could have your business correspondence end up in other people’s personal email accounts where it might not be regularly checked. After getting a business email address, you should consider providing your business and contact details in all your emails. The easiest way to do this is to set up a standard email signature which is automatically added to the bottom of all your outgoing emails. When you register your business domain name with an authorized registrar or reseller, you may have the option of procuring a business email package with it for a nominal fee. You can select a business email package that best meets your requirements. The size of your business will help determine the mailbox size, i.e. the number of emails that you will probably need to store.
Image Matters Clearly, prior to doing any business on the Internet, which includes transacting using your business email id, you will need to select and register a domain name. The domain name represents your company’s brand and identity on the Internet. Selecting the right domain name increases your visibility on the net. A .com domain name offers you one of the best options because it helps lend instant visibility and credibility for your brand online, both in India and globally. A .com is appropriate for businesses of all sizes and it is one of the most widely used domain name extensions around the world too. In a world where impression counts, it is vital that you make the right one with a business email address. A business email address introduces your business to potential customers and helps your customers to remember you each time they receive an email from you. It promotes your business in a sustained and cost-effective way unlike any other online marketing tool. n Shekhar Kirani is Country Manager, VeriSign
trends Sahore promoted as D-Link’s Sales Head-India & SAARC
D
-Link has announced the promotion of Rajesh Sahore as Sales Head-India & SAARC. Sahore has been the channel face of D-Link since 2007 and was successful in establishing D-Link as the ‘Channels Most Preferred Networking brand’ in India. In his new role as Sales Head for India & SAARC region, Sahore will be instrumental in driving sales and marketing strategies, demand generation and exploring untapped market. Sahore has an experience of over 18 years in active solutions selling, network integration, consulting and key account management. His past experience includes successful stints with reputed organisations like Cabletron Systems
T
Rajesh Sahore, D-Link
Pte., Cisco Systems India, Allied Telesyn International Asia Pte.n
McAfee lists top 5 malware & spam trends in Q1 2010
M
cAfee has unveiled itsMcAfee Threats Report: First Quarter 2010, which uncovered that a USB worm has taken the No. 1 spot for top malware worldwide. Spam trends show that email subjects vary greatly from country to country with diploma spam out of China and other Asian countries on the rise. Earthquake news and other major 2010 events drive poisoned Web searches, and U.S.-based servers host the majority of new malicious URLs. Threats on portable storage devices took the lead for the most popular malware. AutoRun related infections held the No. 1 and No. 3 spots due to the widespread adoption of removable devices, mainly USB drives. A variety of password-stealing Trojans rounded out the top five. Those include generic downloaders, unwanted programs and gaming software that collects statistics anonymously. Unlike past studies, the popularity of these threats ranked consistently worldwide. One of this quarter’s biggest discoveries was that China, South Korea and Vietnam have the most significant diploma spam, which promotes the purchase of forged documents to establish qualifications for items such as jobs. Singapore, Hong Kong and Japan have exceptional rates for delivery status notification spam, indicating a possible issue with preventative mail-filtering capabilities. “Our latest threat report verifies that trends in malware and spam continue to grow at our predicted rates,” said Mike Gallagher, Senior Vice President and Chief Technology Officer of Global Threat Intelligence for McAfee.
CORRIGENDUM
In the May 2010 issue on Virtualisation Special, the content of the news item “Fujitsu launches Celsius workstation portfolio” (Page 24) did not match the headline. The corrected news is being carried in this issue. The error is regretted.
DIGIT CHANNEL CONNECT
30
June 2010
Printer, copier & MFP market grew 36% in Q1 of 2010 he combined printer, copier and multifunctional product (MFP) market in India totalled nearly 0.8 million units in the first quarter of 2010, representing 35.7 per cent growth over the first quarter of 2009, according to Gartner. “Most of the major vendors experienced significant shipment increase in the first quarter of 2009. Shipments by HP, Canon and Samsung, the top 3 vendors, contributed 76 percent of the total market in Q1 2010,” said Vishal Tripathi, Principal Research Analyst at Gartner. “Canon registered 93 percent growth, followed by Samsung with 54 percent and, in midst of an ongoing shortage of materials, HP still managed to register 26 percent growth as compared to Q1, 09 shipments. Though Xerox also registered a substantial 166 percent shipment growth, it only represents 1.8 percent of the total market in terms of shipments. Increased government spend in Q1 added to the total growth of the market,” he added. Ricoh, with 25 percent market share, has emerged as the No.1 vendor in A3 Flatbed Copier/MFP in the first quarter of 2010, followed by Canon with 19 percent market share. Samsung, with 40 percent market share, was the leader in A4 Flatbed category, ahead of Canon with 28 percent market share. The page printers market in India grew 73 percent in Q1 2010. n
Canon India launches 15 new prodcuts
C
anon India has announced the launch of 15 new products, expanding its range to 82 IT peripheral products from its printing division. With the launch of these new products, Canon expects the new products to contribute over 50% to the printer division’s revenues in 2010. The new range includes 2 single format Inkjet printers, 3 all-in-one printers, 2 laser printers, 6 projectors, 1 scanner and 1 laser Multi-function device. Each of the newly launched printers has Wi-Fi. Canon aims to capture a 50% market share of the wi-fi printing market in India by end of 2010. According to Kensaku Konishi, President & CEO Canon India, “To align with our corporate ‘green commitment’ and need for cost reduction in printing by businesses and convenience in printing for home users, our new products launched today feature auto duplex printing, wi fi capabilities and network capabilities ready for enterprise and home printing.” n
trends Kingston unveils HyperX ‘blu’ memory modules
K
i n g s t o n Te c h n o l og y C o m p a ny h a s announced the release of an entry-level line of HyperX memory modules for overclockers and gamers. The HyperX ‘blu’ memory modules have a new look, run at standard JEDEC speeds and timings, and have headroom for enthusiasts to push the performance envelope. “The enthusiast community knows the HyperX name is synonymous with high speed, high quality and stylish design. HyperX blu enables us to bring these features to market at a lower price point. HyperX blu is the latest addition to
the HyperX family in our ongoing strategy to match HyperX products with the various enthusiast market segments,” said Ann Bai, DRAM Memory Sales Director, APAC Region, Kingston. HyperX blu is available in DDR3, 1600- and 1333MHz 4- and 2GB kits of two. This series is also available in DDR2 800MHz, single modules and kits of two. Kingston HyperX memory is backed by a lifetime warranty and free technical support. n
Channel fraternity in Bareilly faces curious cases of thefts
T
he computer fraternity of BCDWA (Bareilly Computer Dealers Welfare association) has been witnessing strange incidents of theft since the last few months. So far, three cases of similar nature have been reported in the region. According to Manas Pant, Ex-President, BCDWA, “A Dell laptop has been stolen from AP Sales Corporation two days back. The incident was caught by the CCTV and as per the footage; the theft was executed by a lady.” Looking at the pace with which these accidents have been increasing in the channel community over the past few years, associations are expected to play a larger role. Associations should have a forum where such information can be shared and appropriate actions can be decided upon to solve such issues. “Most often, stolen items are sold at places out of reach from the place of incident, and if all dealers in the region have the information as well as the serial number of the stolen item with them, they can track such items and report the incident to the police,” explained Pant. The entire channel fraternity of Bareilly has been protesting against the incidents. “We have now approached the DIG/SSP of Bareilly, NK Shrivastava, who has assured us of effective actions,” added Pant. n Charu Khera
HP rolls out contest for its channel partners
H
ewlett-Packard (HP) India has announced a contest for all its channel partners across India called “Win With HP AiOs - It Pays you Back”, which is woven around the company’s latest LaserJet printers. A HP channel partner can register on www. hp.com/in/win and answer three simple questions in order to win prizes such as bikes, LCDs, digicams and much more. The contest is open till 31st June 2010 to all HP channel partners. n
DIGIT CHANNEL CONNECT
31
June 2010
trends Canon hosts ‘Wings of Glory 2010’ in London
C
anon India rewarded its topperforming channel partners in its 8th annual ‘Wings of Glory 2010’ programme by taking them for a six day excur sion to London. The program acknowledged those partners who grew higher than the respective division which they represent and did a business of more than Rs 2 crore with Canon annually. Canon India’s President and CEO, Senior Vice President, all Directors across all the businesses were part of this exciting trip. Canon also invited the spouses’
of the partners to join this trip to build and nurture a better bond. According to Alok Bharadwaj, Senior Vice President-Canon India, “Our initiative, ‘Wings of Glory’ seeks to acknowledge the top performing par tners of Canon for their year around hard-work and to motivate them to outperform themselves each year. ‘Wings of Glory’ is Canon’s Annual Property that focuses on growth and business benefits of their valued partners. This concept has been well accepted by the partners and they find it inspirational and encouraging.” n
Worldwide mobile PC shipments grew 43% in Q1 2010
W
orldwide mobile PC shipments totaled 49.4 million units in the first quarter of 2010, a 43.4 percent increase from the first quarter of 2009, according to final results by Gartner. This year-over-year growth is the highest the mobile PC market has experienced in eight years and represents about $36 billion in end-user spending. Shipments to the consumer segments continued to be the main growth driver, but there was an uptake in the professional segment. Gartner expects to see higher growth in the professional market toward the end of 2010 and into 2011 as part of a larger refresh cycle. “Mini-notebook PCs were a big part of the bump in mobile PC shipments in the first quarter of 2010, with shipments growing 71 percent over the same period last year,” said Mikako Kitagawa, Principal Analyst at Gartner. HP continued to be the No. 1 vendor in worldwide mobile PC shipments, as it accounted for 19.2 percent of shipments in the first quarter of 2010. However, HP and Dell were the only vendors in the Top 5 to grow below the industry average. ASUS and Acer experienced the strongest growth rate among the top-tier vendors with shipment increases of 113 percent and 48.4 percent, respectively. Gartner analysts said this growth was driven by sales in the low-end consumer market.n
WD appoints Redington as ND
W
estern Digital (WD) has announced the appointment of Redington (India) as a National Distributor (ND) to sell WD’s full range of internal and external products in the country. Now, WD will expand its reach through Redington’s extensive network of over 18,700 channel partners in India. “Strengthening our channel base is one of our focus areas for 2010 and we are keen to work with a firm that brings deep domain expertise coupled with a pan India footprint. Redington (India) Ltd. has an established capability in these markets and will provide immense value to our offerings. We are delighted to have
DIGIT CHANNEL CONNECT
32
June 2010
Redington as our distributor, and look forward to a long and mutually beneficial relationship” said Sushil Bandi, Country Manager for the Indian Subcontinent, Western Digital. “The Indian economy is witnessing a digital revolution with people becoming increasingly aware of technology and its impact on our lives. With the boom in digital content just at it nascent stage, we expect demand of information storage across businesses and households to see a sharp increase. This partnership will prepare us to meet high expectations of this fast-growing market segment,” said Khwaja Saifuddin, Director Sales – MEA & South Asia, Western Digital.n
“Gigabyte Summer Sensation” launched
G
igabyte announced a brand new version of its channel incentive programme titled “Gigabyte Summer Sensation” for its registered motherboard reseller partners in India. Effective from April 1 - June 30, 2010, this scheme is open to all registered resellers who buy Gigabyte motherboards from authorized Gigabyte distributors in India, which are Avnet (India), Ingram Micro, Redington (India) and Neoteric Infomatique Ltd. In Mumbai, Bangalore, Hyderabad, Kolkata, Chennai, Delhi, Punjab and Chandigarh, the scheme is valid only if the products are brought from Gigabyte premium partners. This is the 5th consecutive channel incentive program from Gigabyte and it is designed to reward loyal reseller partners for their excellent sales performance over the quarter and to increase brand traction for Gigabyte in the channel during the promising peak summer buying season. “We hope the attractive scheme will help expand our present base of registered motherboard reseller partners, especially in newer B, C and D class locations,” says Rajan Sharma General Manager – MB, Gigabyte India. n
trends Fujitsu expands Celsius portfolio
F
ujitsu has announced an expanded portfolio of Celsius workstations specially optimized for Adobe. Now optimized for Creative Suite 5, Fujitsu’s Celsius W380, Celsius W480, Celsius M470-2 and Celsius R570-2 provide design professionals with a comprehensive selection of Celsius workstations ideally
suited for their needs. All the systems have been specially configured to ensure optimum performance and stability for creative professionals working in online, print and video media. The workstations come preinstalled with a unified product design based on Fujitsu’s intensive field tests. n
Panduit and Datacraft partner to provide UPI based solutions
P
anduit has signed a partnership agreement with Datacraft to offer a comprehensive suite of integrated services and Unified Physical Infrastructure (UPI) based solutions to address diverse physical infrastructure needs of clients across Asia Pacific and Japan. This partnership will extend Panduit’s physical infrastructure solutions to the multinational corporations and small-medium enterprises sectors in this region. From now on, Datacraft will be able to provide end-to-end service to clients who wish to move their physical datacentre to a virtual datacentre. This service will enable its clients across all 13 countries in Asia to enjoy the benefits of virtualisation, like simplified operations management and increased availability, all at lower risks. n
McAfee to acquire Trust Digital M
cAfee has announced that it has entered into a definitive agreement to acquire privately owned Trust Digital, which is a technology provider of enterprise mobility management and security software. McAfee expects that this acquisition will extend its endpoint market, addressing a wide range of mobile operating systems. Following the completion of this proposed acquisition, McAfee expects to couple Trust Digital’s enterprise mobility management solution with McAfee’s endpoint protection capabilities to deliver a comprehensive mobile security solution. Customers will benefit from centralized management and reporting of the integrated technologies through the McAfee ePolicy Orchestrator (ePO) console. n
Anti-Virus
Net Protector
Anti-Spyware
NP AV
Anti-Malware
r
Protectdyigoitual life!
Anti-Spam
AntiVirus
Anti-RootKit
Keeps your Data, OS,& PC Safe
Anti-Hijack
Email Backup
e
Of
FireWall
Admin Console for LAN
URL Filtering
NP
AV
PC-Optimizer
ne
rp
at
e
Co
STOP VIRUS
or
Browser Repair
ss
m
fic
Ho
Internet Security
e
B
i us
Detects, Removes, Prevents Viruses, Trojans, Worms, Spywares & Malwares
Mobile Scanning
w
Ne
Wanted Dealers
antivirus
AntiVirus
Scanning Started
(020)
24466222
com
india
Net Protector
NP AV
Web secure
09272707050
Net Protector Maximum Security
2010
sales@indiaantivirus.com
Daily Updates
DIGIT CHANNEL CONNECT
33
June 2010
security Cyber Crime
Knowing is
Preventing A mechanism that can unravel the real persona of an alias is the way to keep cyber crime at bay Dr Antonio Nucci
DIGIT CHANNEL CONNECT
34
June 2010
T
he Internet has become the central ner vous system for our networked life. As a global network of loosely connected IP-based networks, it reaches everywhere and provides a common platform for communication to governments, businesses and consumers. With the Internet, however, a new kind of criminal has emerged—the cyber criminal. The pervasive nature of cyber crime today threatens loss of proprietary corporate information to the loss of life. Various forms of cyber crime have emerged, from predators exchanging child porn and scammers stealing identities to countries attacking countries.
The US FBI estimates that various types of computer crimes in the U.S. now cost the industry about US $400 billion, while officials in the Department of Trade and Industry in Britain said computer crime rose by 50% in 2006 over 2005. It is estimated that only 5% of cybercriminals are ever arrested or convicted because the anonymity associated with Web activity makes them hard to catch, and the trail of evidence needed to link them to a cyber crime is hard to unravel. The CERT Coordination Center estimates that as much as 80% of all computer security incidents remain unreported.
Combating the threat There are certain steps to be taken before
security Cyber Crime we can successfully combat cyber crime. First, it is important to increase our understanding of the many languages and dialects (protocols, applications and services) being spoken in the cyber world. Network traffic monitoring and measurement is increasingly regarded as an essential function for understanding and improving the performance and security of our cyber infrastructure. With networking technologies and services evolving rapidly, as witnessed by the explosive growth of the Web, accurate network traffic monitoring is required to ensure security in a cyber world. Second, it will be timely to promptly identify and tag cyber users and communities of cyber users whose activity and content may harm the safety and transparency of the cyber world. Third, it is critical to gain visibility into who is the real person behind an alias or cyber-identifier used to enter the cyber world. A critical problem in this digital world is knowing with whom you are interacting.
The weak links Critical to the success of a network monitoring tool is its ability to accurately—and on a real-time basis— identify and categorise each flow of packets associated with a transaction and connection by application. Identifying network traffic using port numbers was the standard in the recent past. This approach was successful because many traditional applications used port numbers assigned by or registered with the Internet Assigned Numbers Authority (IANA). The accuracy of this approach, however, has been questioned because of the evolution of applications that do not communicate on standard ports. Many current-generation P2P applications use ephemeral ports, and in some cases, use ports of well-known services such as Web and FTP to make them indistinguishable to a port-based classifier. Techniques that rely on inspection of packet contents have been proposed to address the diminished effectiveness of port-based classification. These approaches attempt to determine whether or not a flow contains a characteristic signature of a known application. Studies show that such approaches
DIGIT CHANNEL CONNECT
36
June 2010
work very well for today’s Internet traffic, including P2P flows. In fact, commercial bandwidth management tools and network security appliances use application signature matching to enhance robustness of classification and deep inspection of packet content even in the case of encapsulated protocols within each other.
Newer threats Ye t , r e c e n t ly s e ve ra l t h r e at s appeared to use this technique to hide their presence and break through firewalls and other security devices. The progress in hardware acceleration has allowed packet content inspection techniques to run at speeds as high as 40 Gbps and have made them the most commonly used approach to gain visibility into any Internet stream. Nevertheless, packet-inspection approaches face two severe limitations. First, these techniques only identify traffic for which signatures are available. Maintaining an up-to-date list of signatures is a daunting task. Information is rarely fully updated and complete. Furthermore, the traditional ad-hoc growth of IP networks, the continuing rapid proliferation of applications of different kinds, and the relative ease with which almost any user can design and infiltrate a new application to the traffic mix in the network with no centralised registration, contribute to this gap. Second, packet inspection techniques only work if full packets (header and payload) are available as inputs and are completely harmless whenever coarser information is provided. Unfortunately, only a few service providers today have equipped their networks with packet inspection appliances, while a majority of them have access only to traffic flows extracted directly from the routers, either sampled or un-sampled. To overcome these two fundamental problems of packet content inspection appliances, research has focused on a new family of techniques called ‘flowfeatures-based analysis.’ The common goal of these techniques is to identify which application class a traffic flow belongs to when using traffic flow information only.
The shortcomings These techniques achieve the flowapplication class mapping by extracting and analysing hidden properties of the flow, either in terms of ‘social
With networking technologies and services evolving rapidly, accurate network traffic monitoring is required to ensure security in a cyber world.
Reconstructing today’s missing links between the cyber ID and the real person will make the cyber world a safer place to visit.
It will be timely to promptly identify and tag cyber users and communities of cyber users whose activity and content may harm the safety and transparency of the cyber world.
interaction’ of hosts engaged in such a flow or the spatial-temporal behavior of several flow features. These features range from flow duration and number and size of packets per flow to interpacket arrival time. A variety of more sophisticated data mining algorithms have been proposed on top of such framework, such as supervised and un-supervised machine learning, clustering and graph-theoretical approaches. These help increase the detection rate while decreasing the false-positive rate. However, these techniques lack a fundamental attribute that make them impractical from an operational perspective—a precision identification of the application responsible for the observed flow in contrast to packet content inspection techniques. This is a fundamental question to answer, as today’s network operators must know the nature—legitimate or malicious—of any single bit of information flowing through their pipes. Furthermore, as the application classification process might still be prone to classification errors, these techniques are not reliable for content billing or for robust application security. The ideal solution should leverage the merits of the packet content inspection techniques by guaranteeing high accuracy in classifying application-specific traffic, while providing the robustness of the flow-based behavioral analysis techniques.
Know your cyber world While governments have increasingly expressed their concerns about the cyber threat to public safety and national security, we still have not done enough to shed light on the cyber world and its users. The cyber infrastructure must not be thought of as just the physical infrastructure made of optical fibers, servers and routers. Rather, it is about protocols, applications and services being used to enable communications among any number of end points (users). We must discover who is behind a nickname, Mac or IP address, or VoIP number—perhaps by using biometric techniques to profile users’ communication as they access the cyber world. Reconstructing today’s missing links between the cyber ID and the real person will make the cyber world a safer place to visit. n Antonio Nucci is CTO, Narus Inc.