@entitworld
@enterpriseitworld
@enterpriseitworld R S 2 0 | PA G E S 6 4 | V O LU M E 0 2 | I S S U E 0 7
WWW.ENTERPRISEITWORLD.COM
SEPTEMBER 2017
CONGRATULATES THE WINNERS OF CIO 200 AND VALUES THEIR CONTRIBUTION TO THE INDIAN ECONOMY AND INDUSTRY.
Information Management
Drive Digital Transformation Alaris S2000 Series Scanners Connected USB 3
Wireless Infrastructure
Wifi Hotspot
Mobile
Simple and Efficient
Smart Touch, Colour Touchscreen, EasySetup, Document Catalogue, Intelligent Barcode Reading
Desktop
Info Input LE bundled Free
Secure
Enterprise Network Security, Data Security
Productive
Embedded Perfect Page, Active Feed Technology (Patent Pending), Controlled Output Stacking
Reliable
Industry renowned Sure Path Paper Handling, Automated Exception Handling
Scalable
Web Scanning, Scan to Cloud, iOT, Driverless
Flatbed Scanners
available for specialty media for exception processing.
Simple information capture to streamline your process Imagine document scanning that speeds and simplifies your business processes. The Alaris S2000 Series scanners are built to let anyone capture information anywhere, with superior image quality and data accuracy. It’s the perfect solution when you need to get information into your business fast.
Please contact:
Kodak Alaris India Pvt. Ltd. Toll free: 1-800-228-989 Email: askme@kodakalaris.com
Š 2017 Kodak Alaris India Pvt. Ltd. The Kodak trademark and trade dress are used under license from Eastman Kodak Company.
EDITOR’S LETTER
CIO200 WAS ONLY THE BEGINNING Finally, we did the unthinkable, bringing
in the country’s leading IT Decision Makers together for India’s biggest CIO Summit. These CIOs, CTOs, CDOs, CISOs, and IT Heads have been instrumental in their organizational growth by creating right technology landscape to prosper. This has encouraged us to profile over 200 CIOs and IT Heads and finally come up the CIO200 Tech Summit & ChangeAgents awards 2017. The 200 CIOs were felicitated during the Summit on 8th of September. CIO200 brought the industry together for the award ceremony along with panel discussions and corporate presentations on unique technologies that would influence and better the enterprise IT. Riding on the back of the success of CIO200, we have multiple CXO initiatives in pipeline as engaging these CIOs is at the top of our agenda for the coming year. Apart from that, we will also be coming up with an exclusive security event which will be attended by CISOs from all over the country. We clearly understand the importance of the CISOs along with the CIOs because in today’s
NEXT MONTH SPECIAL
world in the entire IT infrastructure architecture, security isn’t a given. Without the right approach to security, you cannot go ahead with the rest of the business smoothly. In accordance with the current global threat scenario, such attacks may surface in the market and one needs to be prepared. It means one must make the strategy clear, the CIOs must take the CISOs on a single page while speaking to the board members on the entire architecture. This issue ponders upon the changing threat landscape in organizations through the cover story on Enterprise Security. We have also brought in a number of guest writers from the CIO Community who shared their valuable knowledge and understanding on topics like security and digital transformations. Last but not the least, the issue also features the CIO200 post – event coverage and an extensive collection of the best photographs from the event. Hope you will be happy reading this issue. If you have any feedback, please do not hesitate to send in.
S A N J AY M O H A PAT R A S A N J AY @ A C C E N T I N F O M E D I A . C O M
COVER STORY
SUPPLEMENT
Blockchain for Business
Digitizing Health
Blockchain is reshaping industries in diverse domains like BFSI, healthcare, retail, government and manufacturing. The underlying force behind Cryptocurrencies, it is being touted to power entire markets and bring in a new form of enforced reliability and transparency in business. We take a look at how Blockchain is finding new applications as it continues to evolve and be used in more innovative ways in coming times.
The story observes how digital transformation and technologies like IoT, SMAC and Robotics have been driving stakeholders in the domestic market towards making healthcare easily accessible and efficient for the billion strong population of India.
PLUS
Interviews and Case Studies
Catch interviews, guest articles and case studies of recent applications from the Industry stakeholders, IT/ITES Vendors and IT leaders and CIOs from the Enterprise IT World CIO Community.
Send in your inputs to sanjay@accentinfomedia.com
4
ENTERPRISE IT WORLD SEPTEMBER 2017
Are you facing these issues at your workplace?
Business Critical Apps Secured, Transparently Enable users to work faster with a highly secure, yet simple to use secure access solution.
Hardware free, zero configuration, self-service Manage remote access securely Domain joining simplified MPLS failover made easy Control Cloud Applications: Google, MS O365, ZOHO, Salesforce, etc. Know more about our next generation solutions Visit www.instasafe.com Email sales@instasafe.com Call +918880220044
We’ve got you covered!
CONTENTS VOLUME 02 | ISSUE 07 | SEPTEMBER 2017 | W W W. E N T E R P R I S E I T W O R L D . C O M
Publisher: Sanjib Mohapatra Editor: Sanjay Mohapatra Associate Editor: Chitresh Sehgal Designer: Ajay Arya Web Designer: Vijay Bakshi Technical Writer: Manas Ranjan Lead Visualizer: DPR Choudhary Visualizer: Ravish MARKETING Marketing Manager: Kajal Sharma kajal@accentinfomedia.com Asst. Marketing Manager: Rahul Ranjan rahul@accentinfomedia.com SALES CONTACTS Delhi 6/102, Kaushalya Park, Hauz Khas
COVER STORY
New Delhi-110016 Phone: 91-11-41055458
18
E-mail: info@accentinfomedia.com
HACKED YET? IT’S TIME TO RETHINK ENTERPRISE SECURITY
EDITORIAL OFFICE Delhi: 6/103, (GF) Kaushalya Park, New Delhi-110016, Phone: 91-11-41657670 / 46151993
With businesses relying more and more on their IT infrastructure to grow in a competitive environment, cybercriminals have been wreaking havoc in the corporate world.... INTERVIEW /32 Ctrls “I do not see there would be a single cloud provider who would fulfil all the needs.”
26
38
DATA CENTER
CXO SPEAKS
SIFY
“Sify: Scaling Enterprise Growth with next-gen technology” 6
ENTERPRISE IT WORLD
PRIME INFOSERV
Printed, Published and Owned by Sanjib Mohapatra Place of Publication: 6/103, (GF) Kaushalya Park, Hauz Khas New Delhi-110016
MORE INSIDE Editorial~ ~~~~~~~~~~~~~~~~~~~~~~~~~ 04 News~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 06 CIO200 Summit & Awards~ ~~~~~~~~~~ 34
“Building Security Framework for your Enterprise” SEPTEMBER 2017
info@accentinfomedia.com
61 DIGITAL DIARY
VFS GLOBAL
“Digital Transformation: The Floodgates have opened”
62
Phone: 91-11-46151993 / 41055458
Printed at Karan Printers, F-29/2, 1st floor, Okhla Industrial Area, Phase-2, New Delhi 110020, India. All rights reserved. No part of this publication can be reproduced without the prior written permission from the publisher. Subscription: Rs.200 (12 issues) All payments favouring: Accent Info Media Pvt. Ltd.
32
GUEST ARTICLE
INSTASAFE
“Using SDP to protect your mobile networks”
ITWORLD
ROUND UP
By 2020 there will be 21 Billion connected devices in India B Y S A N J AY @ A C C E N T I N FO M E D I A . C O M
Deloitte Predictions 2017 projects that the market for IoT in India is expected to grow from $1.3 billion in 2017 to $9 billion by 2020. The global market on the other hand is expected to touch $300 billion in next 5 years. Relative to the rest of the world software is the brain & India powers it. According to the industry estimates, by 2020 the highest adoption of IoT in India will be seen in industries such as utilities, manufacturing, automotive & commercial telematics, transportation and logistics. In addition to this, the Government has pledged to invest USD 1 billion for 100 smart cities over the next five years will be a key enabler for IoT 8
ENTERPRISE IT WORLD  SEPTEMBER 2017
adoption. This provides a huge opportunity to IoT players in India but there is a big challenge in terms of offering India-centric solutions and understanding how to fuel the growth of IoT business in this market. IoT can be an enabler of improved quality of life and can go a long way in creating smart and resilient cities of the future. MWCs have been at the vanguard of such implementations of various smart technology initiatives such as Smart Street Lighting, Parking, Waste Management, Integrated Building Energy Management System, Smart Metering, Integrated Security & Surveillance etc.
D ATA BRIEFING
USD 300 Bn Anticipated global market for IoT Technologies in the next 5 years Source: Deloitte
Everything you need to know to stop ransomware.
Know Your Enemy
Stop Ransomware Now
Ransomware is a $1 billion dollar business that often evades traditional anti-malware.
Sophos InterceptX is proven to stop ransomware in its track by blocking unauthorized encryption of files.
Stop Ransomware with Sophos Intercept X The proven CryptoGuard capabilities in Sophos Intercept X block ransomware as soon as it starts trying to encrypt your files, returning data to its original state: • Protects endpoints from ransomware attacks • Automatically rolls back encrypted file changes with no loss of data • Stops both local and remote file encryption
For more details visit www.sophos.com Tel: +91 79 66216838 Email: indiamarketing@sophos.com
ITWORLD // NEWS BRIEF
Oracle expands Cloud at Customer with new offerings
PTC, KPIT launch CoE to promote IIoT solutions PTC and KPIT Technologies announced the opening of a Center of Excellence (CoE) at KPIT’s campus located in Pune, India. Demonstrations at the launch included intelliAsset and solutions for smart cities, smart campus, and digital journeys. Customers who attended the launch event were given demonstrations on how to improve processes and service by integrating product definition through the Industrial IoT standards of Industrie 4.0. “It is important for companies to provide an integrated experience using Industrie 4.0 technologies,” said Probodh Chiplunkar, Head of Digital Business, KPIT. “Customers want the ability to forecast asset performance, predict changes, and prescribe action from a single application.” IoT solutions can offer a more seamless
experience for the user, and the user experience for operators and technicians is just as important as for management. During the inaugural event, KPIT illustrated how companies can put the power of the digital thread into action with demonstrations of smart, connected products in digital engineering, manufacturing, and service through solutions built on PTC technologies. Robbie Morrison, Practice Director, Extended PLM, KPIT said, “The digital thread links the asset from its origin to deployment and monitoring in the field.” “KPIT is building solutions aimed at providing value for discrete and process manufacturing industries and smart cities,” said Catherine Kniker, Chief Revenue Officer, Platform Business, PTC.
GLOBEL
Empowering organizations to move workloads to the cloud while keeping their data on their own premises, Oracle announced significant expansion of the breadth of services available through Oracle Cloud at Customer. The portfolio now spans all of the major Oracle PaaS categories and for the first time, also features Oracle SaaS services. Oracle Cloud at Customer is designed to enable organizations to remove one of the biggest obstacles to cloud adoption – data privacy concerns related to where the data is stored. While organizations are eager to move enterprise workloads to public cloud, many have been constrained by business, legislative and regulatory requirements that have prevented them from being able to adopt the technology. The services provide organizations with choice in where their data and applications reside and a natural path to easily move business critical applications eventually to the public cloud. “OCC is a direct response to the remaining barriers to cloud adoption and turning those obstacles into opportunities by letting customers choose the location of their cloud services,” said Thomas Kurian, president, product development, Oracle.
EVENTS
30 AUG – 02 SEP 2017
14 – 17 SEP 2017
24 – 27 SEP 2017
INT. CONF. ON AI APPLICATIONS AND TECHNOLOGIES (AIAAT)
MACHINE LEARNING, OPTIMIZATION & BIG DATA (MOD 2017)
EU CONF. ON ADVANCES IN DATABASES & INFORMATION SYSTEMS
Hawaii, United States Conference provides a platform for all researchers and engineers to share ideas, highly developed skills and successful practices to others.
10 ENTERPRISE IT WORLD SEPTEMBER 2017
Volterra (Pisa), Italy Workshop sessions and special sessions on all topics related to Machine learning, Optimization and Big Data including real-world applications.
Nicosia, Cyprus International platform for presentation of research on database theory, advanced DBMS technologies, and applications.
25 – 28 SEPT. 2017
Busan, Rep. of Korea Global event where policy makers and regulators meet industry experts, investors, SMEs, entrepreneurs and innovators. ITU TELECOM WORLD 2017
ITWORLD // NEWS BRIEF
Forcepoint empowers CISOs with Cloud-based behavior analytics
S/HE SAID IT
RAJESH JANEY,
PRESIDENT AND MD, ENTERPRISE DELL EMC
“There is an increased focus on reinventing business with organizations now investing in innovation with emerging technologies and the first step towards this innovation is modernization.”
“In the journey of digital transformation, we Global cybersecurity leader Forcepoint fortified its cloud security portfolio to empower security teams with new behavior-driven controls that simplify protection of employees, critical business data and intellectual property (IP). New capabilities now available across Forcepoint CASB, Forcepoint Web Security and Forcepoint Email Security ensure customers around the world can safely embrace, and continue to grow, their business in the cloud. The average time to detect a breach is 99 days with an average cost of $4 million; however, enterprises can shorten dwell time utilizing data and analytics. The firm expects by 2018 80 percent of endpoint protection platforms will include user activity monitoring and forensic capabilities — up from less than 5 percent in 2013, and estimates at least 25 percent of selfdiscovered enterprise breaches will be found using user and entity behavior analytics. “Approaching security through a human-centric lens helps organizations better understand indicators of normal cyber behavior and quickly identify activity and operations, such as shadow IT, that pose the biggest risk,” said Kris Lamb, vice president and general manager of the Cloud Security business at Forcepoint. “As enterprises and government agencies shift their applications to SaaS and cloud IT models, they require intelligent systems that quickly spot anomalies, assess risk and facilitate rapid resolution to protect users and their data in an increasingly zero perimeter world.”
QUICK BYTE ON
FINANCIAL
evaluate new age solutions for simplification and Automation of digital infrastructure, so that our team can spend more time on innovation.” MANDAR MARULKAR, CIO AND VICE PRESIDENT, KPIT
Global IT spending projected to total USD3.5 trillion in 2017, up 2.4% from 2016. Enterprise software market forecast to grow 7.6% in 2017, up from 5.3% in 2016. Spending on devices (PCs, tablets, and mobile phones) projected to grow 3.8% in 2017, to reach $654 billion. Source: Gartner Worldwide IT Spending Forecast 2017
12 ENTERPRISE IT WORLD SEPTEMBER 2017
ITWORLD // NEWS BRIEF
Vishal Sikka resigns from Infosys Hot Seat
IBM takes ex-CIO Jeff Smith to court for joining rivals AWS IBM has played the sue-card at Jeff Smith, its former CIO, because he’s trying to go to work for Amazon Web Services. Big Blue filed a complaint in a US district court in New York last week that says Smith “threatens to violate his one-year non-competition agreement by going into direct competition with IBM as a senior executive of Amazon Web Services, one of IBM’s main competitors in cloud computing.” The complaint also alleges Smith has already revealed some information to AWS CEO Andrew Jassy, violated directives not to retain presentations about IBM’s new cloud, and then wiped
EXECUTIVE
his company-issued phone and tablet before leaving the IT giant, “making it impossible for IBM to detect other communications with Jassy or determine if he transferred any other IBM information.” The filing says Smith’s knowledge of its future cloud is critical, because those plans will “help IBM evolve beyond its current status as a hosting-scale provider, making it more viable for IBM to match the cost economics of the market leaders.” IBM alleges Smith has plenty of access to trade secrets, so it will be fascinating to see how the State’s courts interpret the agreement.
In his notice of resignation to the Board, Dr. Sikka reiterated his belief in the great potential of Infosys, but cited among his reasons for leaving a continuous stream of distractions and disruptions over the recent months and quarters, increasingly personal and negative as of late, as preventing management’s ability to accelerate the Company’s transformation. Sikka has been appointed Executive VC effective today, and will hold office until the new permanent CEO and MD takes charge, which should be no later than March 31, 2018.In the new role, Sikka will continue to focus on strategic initiatives, key customer relationships and technology development. He will report to the Company’s Board. B. Pravin Rao has been appointed Interim CEO and MD reporting to Dr. Sikka under the overall supervision and control of the Company’s Board. Dr. Sikka commented, “I started my journey as the CEO of this iconic Company with a mission to transform it on the basis of software, especially [artificial intelligence], and innovation, enabled by education.
MOVEMENT
Vaishali Kasture will head Experian’s India business.
Citrix names Makarand Joshi as Area VP and Country Head India.
Huawei names James Wu as President South-East Asia.
14 ENTERPRISE IT WORLD SEPTEMBER 2017
Cisco ropes in Sameer Garde as President for India and SAARC region
MasterCard appoints Faiz Alam Shaikh as Director – Network
Omkar Realtors ropes in Khushru Bacha as Group CIO
Vedanta Resources ropes in Amitabh Mishra as Chief Digital Officer
NEWS BRIEF // IT WORLD
IDC recognizes 18 Smart City Initiatives in APeJ in 2017 SCAPA Benchmarking
IDC Asia/Pacific announced the winners of the 2017 Smart City Asia Pacific Awards (SCAPA) with New Zealand and Singapore leading the way in the most number of smart city initiatives recognized at four and three, respectively. Other winners include Australia, South Korea, Hong Kong, and China with two wins each. Malaysia, Taiwan and Thailand have been awarded with single wins. Now on its third year, SCAPA recognizes the most outstanding smart city projects in Asia/Pacific excluding Japan (APeJ) across a total of 14 functional smart city award categories. “Asia/Pacific smart city projects in the past year have exhibited strong national development focus with an increasing citizen-centric personalization combined with ‘low investment-high impact’ agendas – all in hopes of attracting the right mix of manpower talents and lucrative foreign-direct investments,” says Gerald Wang, Head of IDC Government and Education Insights Asia Pacific. Earlier this year, IDC identified the trends that will shape smart city programs in 2017 and beyond namely Sound City Economics; Risks Management, Citywide CyberSecurity and Compliance; Increased Visibility and Accountability, Future Citizens; SocioEconomics Infrastructure Transformation, The City Century; NextGeneration Infrastructures for Smart Cities, and Securing the Future; Securing Investments and Sustained Manpower Development. Provisioning for economic competitiveness where there is a notable increase in transnational competition for securing foreign direct investments and attracting the right mix of manpower talents to build and transform the local industries.
Network complexity, high-profile attacks drive growth for Skybox Security Skybox Security announced a 62% increase in sales in the first half of 2017 and 59 % rise in product transactions compared to last year. Strong demand is attributed to the need for security management tools that analyze complex data and prioritize actions to address compliance violations, exposures and security breaches. “We’re in a new era of cybercrime, highlighted by WannaCry and Petya,” said Skybox CEO Gidi Cohen. “Cyber attacks can be quickly and easily launched on a global scale because they’re underpinned by a ‘dark’ industry that’s been commercialized. This means future attacks are going to be faster, more frequent and will impact a much broader front. What’s needed are solutions that help security leaders more effectively
INTERESTING
use tools, increase staff efficiency and drive systematic processes so they can be more strategic in addressing risk.” In 2017, the company introduced major advancements to Skybox Security Suite, including support for hybrid and multicloud environments, as well as industrial networks. Skybox is on pace to grow its global workforce by 56 percent in 2017.
TWEET
#EnterpriseITworld recognizes our #CDO @connectpuneet amongst top #CIO200 who are changing enterprise landscape using #Digital @EntITworld ITC Infotech @itcinfotech Shows how CIO200 Tech Summit and Awards stood out as a major motivator and was endorsed by the Industry. Source: https://twitter.com/drharshvardhan
SEPTEMBER 2017 ENTERPRISE IT WORLD
15
ITWORLD // NEWS BRIEF
BOOK
SHELF
Enterprise Security Architecture: A Business-Driven Approach
GLOBAL UPDATE
82 percent ITSM Pros believe IT Roles will become more challenging in future
AUTHOR
NICHOLAS A SHERWOOD
PRICE
RS. 5265.00 (HARDCOVER) AVAILABLE AT
AMAZON.IN
About The Book The book shows that having a comprehensive plan requires more than the purchase of security software-it requires a framework for developing and maintaining a system that is proactive.
The majority of the workforce currently feels undervalued by management. More than 60 percent of respondents feel that current global and local political scenarios — like Brexit, the recent U.S. election and Australian immigration policies — will adversely affect recruitment for IT roles. Cloud technology continues to enjoy positive feedback in spite of a major outage. AI isn’t seen as a major job disruptor yet,
with only 16 percent of respondents saying it will affect IT jobs. Only 24 percent of ITSM professionals show confidence in the existing ITSM best practices, making a strong case for their revamp. With an incoming millennial workforce, 77 percent of ITSM pros believe IT teams will have to do more to manage the expectation gap between younger and older employees.
Key Features l Book provides a structured
approach to the steps and processes involved in developing security architectures. l Considers how some of the major business issues likely to be encountered can be resolved.
Mamba ransomware targets enterprises in multiple countries Kaspersky lab discovered that the group behind Mamba has resumed targeting corporations, so far mainly in Brazil and Saudi Arabia. The group gains access to 16 ENTERPRISE IT WORLD SEPTEMBER 2017
a network and uses psexec utility to execute the ransomware. For each machine in the victim’s network, the threat executor generates a password for the DiskCryptor utility. There is currently no way to decrypt data that has been
encrypted using DiskCryptor as the encryption algorithms are very strong. Unfortunately, there is no way to decrypt data that has been encrypted using the DiskCryptor utility because this legitimate utility uses strong encryption algorithms.
NEWS BRIEF // IT WORLD
MANAGEMENT
MANTRA
“Change before you have to.” – JACK WELCH, RETIRED CHAIRMAN AND CEO, GENERAL ELECTRIC
Electric cars to boost viability for domestic power sector The government’s focus on transforming mobility through a shift to electric vehicle will increase viability of India’s power sector which is witnessing a flat rise in demand, according to a research paper issued by Feedback Consulting. Electric vehicles segment also has the capability to become an important contributor to ‘Make In India’ provided a possible challenge from China is addressed, the paper entitled “The Dilemma of Choosing Electric Vehicle Vs Hybrids Vs IC based Auto Development in India” states. The paper says, “A new source of power demand in terms of electric vehicles will be highly appreciated by the power sector. It may lead to a more stable power demand and that too from a paying customer segment over the years and increase the viability of the sector”. The research pointed out that most power plants have operated at an average
capacity of 55% in last 3-4 years. Power demand rose 4.08% in 2016-17 than a year ago whereas the 12th Five Year Plan had factored in a growth of 7% in demand. This combined with an ambitious renewable energy targets and growth will lead to a serious case of oversupply and the viability of a crucial engine of the Indian economy, i.e. power sector, will be in serious question. India is at the same stage in comparison to China as it was in the solar industry 5 years ago. “Over the last 5 years, we have seen how the Chinese solar imports have dealt a death blow for our panels manufacturing industry and the Make in India story is a non-starter here. We need to make sure that we do not get trapped in a similar situation in the EVs story as there is every possibility that China will be presenting a huge competition to the Indian industry in this business as well,” the paper adds.
Matrix and Greytip Software announce technology partnership The partnership will enable organizations to seamlessly integrate their attendance capturing and payroll processing functions. Matrix brings extensive experience and varied devices to capture employee attendance. This information can now be processed easily and without manual intervention within the greytHR application (from Greytip) for processing accurate payroll and generating required statutory compliance reports. Girish Rowjee, CEO of Greytip said, “We are excited to partner with Matrix as this will enable our mutual clients to have a consolidated view of their attendance,
Canon Image Runner MFDs redefine office productivity Canon India introduces the third generation imageRUNNER ADVANCE series& a robust A3 colormulti-function device (MFD) iRC3020 engineered to deliver outstanding business documents, superb usability and workplace productivity. Canon recognizes the need of advanced printing solutions for seamless business execution. Targeted towards the emerging segment of start-up communities and SME’s in India the new range of multifunction devices deliver outstanding business documents, enhancing workplace productivity. The third generation Canon imageRUNNER ADVANCE series is designed to enable businesses to boost productivity and security. Ozawa, President and CEO, Canon Asia Marketing Group said, “I am happy to visit during this special year, which marks the 20th anniversary of Canon India. During those 20 years, Canon India has shown remarkable growth. India plays an increasingly vital role in the growth of Canon in Asia. Today’s launch of the third generation imageRUNNER ADVANCE series will further strengthen the important position of Business Imaging Solutions within Canon India’s total business and be a vital contributor to the overall growth of Canon. With regards to Canon Asia Marketing Group, we have set ourselves the goal of reaching a turnover of 10 billion USD by 2020 and we are positive that Canon India will be a fundamental contributor in realising this vision.” Kazutada Kobayashi, President & CEO, Canon India said, “Our legacy of two decades has further strengthened our commitment of providing enhanced propositions in our products and service outreach. We are delighted to announce that we have attained a double digit growth of 14% in H1, 2017, over the same period in the previous year. We are confident that this launch will enable us in empowering SMB enterprises in the country, thereby providing our contribution to the emerging India.”
HR and payroll information. Clients will no longer need to worry about integration hassles and will get real-time access to their attendance information within the greytHR web and mobile applications.” SEPTEMBER 2017 ENTERPRISE IT WORLD
17
COVER STORY
HACKED YET? IT’S TIME TO RETHINK
ENTERPRISE SECURITY 18 ENTERPRISE IT WORLD SEPTEMBER 2017
COVER STORY
With businesses relying more and more on their IT infrastructure to grow in a competitive environment, cybercriminals have been wreaking havoc in the corporate world. Time has come for Enterprise Security to redraw the game plan.
BY CHITRESH SEHGAL CSEHGAL@ACCENTINFOMEDIA.COM
A
former director of one of the world’s apex security agencies once said, “There are only two types of companies: those that have been hacked, and those that will be.” Enterprise security today has probably reached the cusp of its most menacing age. Attack viruses have been flying out one after another, security perimeters are being breached at an unprecedented pace. As per a recent study, enterprise security teams today are facing 244 new cyber threats every minute. Each passing day in the corporate world witnesses more than 500,000 new threats daily, an unpredictably sharp rise from a meager 25 new threats per day 10 years ago. These are indeed challenging times for security leaders in Enterprises globally. Increasing business pressures requires faster processing of more data and support for more devices than ever before. Companies are vying for tighter controls and locked down security to protect organizational IP and data which now moves across an increasingly complex ecosystem of networked environments, including IoT, cloud, mobile devices, users, and virtualized networks. According to Gartner, the rising number of cyberattacks has pushed cybersecurity spending on products and services to over $80 billion already and the figure is expected to cross a staggering $1 trillion in the next three years. Enterprise security today is no more an afterthought.
THE CURRENT SECURITY LANDSCAPE Enterprise breaches and new global threats have been on the rise due to enterprises increasingly embracing IT. These attacks can be attributed in part to the shift towards digital economies as well as the focus on digital transformation of enterprises. The surge in recent breaches can be directly linked to rise in mobility and BYOD in business, and an increased emphasis on embracing cloud and other third platforms. As Makarand Joshi, Area Vice President and Country Head, Citrix for Indian subcontinent, explains, “A majority of organizations are finding it difficult to maintain security across the network, devices and applications used in business. The fact that there is no defined location makes the danger involved manifold times more serious.” Surendra Singh, Country Director, Forcepoint adds, “Both the value and the volume of data are sprawling like never before, and end points are more vulnerable than ever. The security challenges are rising from the rapid integration of the digital and physical and it is being felt across enterprises.” Securing data and strengthening the infrastructure through has becomes an area which requires cautionary as well as preventive measures from the IT department. Kamal Brar, Vice President and General Manager of APAC, Hortonworks comments, “With many more points of access, both internal and external, you get an increase in cyber-attacks, ransomware, internal threats of data leakage, or privacy breaches. This problem will only SEPTEMBER 2017 ENTERPRISE IT WORLD
19
COVER STORY
SURENDRA SINGH, COUNTRY DIRECTOR, FORCEPOINT
“The security challenges are rising from the rapid integration of the digital AND PHYSICAL AND
IT IS BEING FELT ACROSS ENTERPRISES.”
MAKARAND JOSHI, AREA VICE PRESIDENT AND COUNTRY HEAD, CITRIX, INDIAN SUBCONTINENT
“The recent unexpected surge in cyber-attacks has compelled organizations to think beyond having a primary infrastructure and instead have layers of security.”
get bigger as India embarks on the path of digital transformation.” The enterprise security scenario in India too has come to the fore like western counterparts with recent high profile breaches. Gemalto’s latest breach level index reaffirms the picture with findings revealing that around 36.6 million data records were compromised in India during 2016, an increase of 14% compared to 2015. Adding to this is the aspect of Digital India initiative which confirms the criticality of a digital infrastructure for the future growth of Indian enterprises. The economy is growing at a GDP of 7% plus with massive projects being executed across domains. In the corporate world, cyber-attacks have been on a perpetual upward track. As per a recent Geo-malware survey conducted by Sophos Labs, India came out among the top 5 vulnerable countries in the world to malware attacks with a threat exposure rate of 16.9%, a big number compared to global levels. “This is testimony to the fact that as to how our burgeoning economy, with an almost unparalleled growth is attracting cybercriminals and attacks from all over the world. There has been no discrediting the fact that Indian enterprises are becoming victims,” adds 20 ENTERPRISE IT WORLD SEPTEMBER 2017
Sunil Sharma¸ Managing Director Sales, Sophos.
THE ENTERPRISE OUTLOOK With the increasing barrage of threats from malware, ransomware, and hackers on a daily basis, the security landscape too has evolved. As Anand Ramamoorthy, Managing Director, South Asia, McAfee puts it, “We have witnessed a paradigm shift in the cybersecurity discourse among enterprises with major emphasis being laid upon security preparedness and correctness. Enterprises have begun consolidating the number of cybersecurity vendors and the trend is to continue and accelerate.” The recent surge in cyberattacks has undeniably changed the outlook within organizations. Enterprises have started relying on proactive mechanisms to identify vulnerabilities and threats to fend off attacks and potential weaknesses. They are now adopting key trends in Cyber Security such as Machine Learning, Artificial Intelligence for proactive identification of vulnerabilities and pattern analysis in incident management, software defined security, ethical hacking and security event / incident management. “Organizations are ramping up security professionals with guided
learning paths enabling them on newer cyber security topics and up-skilling on existing cyber security knowledge,” further adds Arun Rajamani, Country GM, Pluralsight India. Despite the increasing number of data breaches, a vast majority of IT professionals still believe perimeter security is effective at keeping unauthorized users out of their networks. However, companies are also investing in new technologies that adequately protect their business. As per Rana Gupta, Vice President – APAC Sales, Identity and Data Protection, Gemalto, “Enterprises are gradually understanding that compromising the security of their data could undermine both the system and the trust that individual citizens have in the products and services they use every day, whether it be mobile devices, communications, banking, ID documents or shopping.” As networks shift towards hybrid, elastic, and borderless ecosystems, expand across cloud environments, and become meshed with other networked environments such as OT and critical infrastructures, security will have to continue to adapt. Rajesh Maurya, Regional Vice President, India & SAARC, Fortinet said, “Specialized firewall iterations will need to be integrated together for centralized orchestration and correlation; automation will need to compensate for the inability of human engineers to track the scope and scale of devices and data across the expanding network; and advanced analytics will need to anticipate threats in order to shorten the time to detection and response.”
A BOARDROOM LEVEL CHALLENGE A recent Global Forrester survey of 342 security leaders found that the largest cybersecurity challenge for CISOs was adapting to “the rapidly
COVER STORY
BHASKAR AGASTYA, COUNTRY MANAGER, SALES- IXIA
“Enterprises today are struggling with network blind spots caused by increased encrypted traffic on
their networks and migrations to public and private cloud environments.”
RAJESH MAURYA, REGIONAL VICE PRESIDENT, INDIA & SAARC, FORTINET
“Intent-based security that can recognize threats and understand the reason behind them will be critical to thwart
automated attacks with automated security.”
evolving nature of cyber threats.” In the wake of attacks like WannaCry and Petya, enterprises are fully aware that such attacks can cripple business functioning and even bring it to a complete halt. As Forcepoint’s Surendra Singh exclaims, “The recent cyberattacks are a wake-up call for IT security teams; it is time the C-Suite took note. Conversations in the boardroom remain largely muted when it comes to cyber-security as board members largely see IT security as a mere extension of managing IT infrastructure.” Lloyds of London recently published a report that put the economic cost of a global cyberattack at $68billion. This clearly reiterates the fact that there is a lot at stake for enterprises if their security is breached. IDC forecasts worldwide revenues for security-related hardware, software, and services will reach $81.7 billion in 2017, an increase of 8.2% over 2016. Global spending on security solutions is expected to accelerate slightly over the next several years, achieving a compound annual growth rate (CAGR) of 8.7% through 2020 when revenues will be nearly $105 billion. Bhaskar Agastya, Country Manager, Sales- Ixia, India said, “Most enterprises today are struggling with network blind spots caused by increase in
encrypted traffic on their networks and migrations to public and private cloud environments. Companies across verticals are now investing significantly in network security solutions to combat future attacks. The swift growth of digital transformation is forcing companies across all industries to proactively spend on security to shield themselves against known and unknown threats.” With the rise of mobility, carrying traditional IT over is difficult due to the sheer diversity of devices and consumer grade technology used in most mobile devices. A Global IT Security Study from Citrix and The Ponemon Institute found 69% professionals stating that their organization’s existing security solutions are outdated and inadequate, emphasizing the need to have a holistic look at the security posture. Citrix’s Makarand Joshi adds, “Organizations are increasingly looking to shift focus on securing their most important business assets — applications and data — to both simplify and strengthen security without compromising productivity. The recent unexpected surge in cyber-attacks has compelled organizations to think beyond having a primary infrastructure and instead have layers of security.
Therefore organizations are now open to devoting a certain amount of their investment to adopting software solutions that help keep their data centered, and data flow secure.” Organizations are actively looking at building an IT fortress that will not just protect them from breaches, but also guard their interests. As a result of security becoming a prominent boardroom discussion, CIOs opinions carry more weight and this is a constructive step in them getting a permanent seat in the board.
A NEW APPROACH TO SECURITY ARCHITECTURE Organizations are increasingly leveraging technologies like machine learning, artificial intelligence, cloud based monitoring, and analytics to safeguard their data. According to a Global IT security study, 60% Indian respondents stated that employees and third parties bypass security policies and technologies because they are too complex. Ensuring that their employees are not only fully aware about looming security threats but also fully comprehend the measures that they must take in order to help the organization safe guard their data is critical. “A remedial measure gaining prominence is embedding security in everyday processes. This also serves the purpose of simplifying the processes for employees. By adopting solutions that are secure-by-design, organizations can safeguard their data as it flows from device to cloud,” explains Joshi. Another important fact is that many organizations still use human workers to do security tasks that can be done better by automated, intelligent SEPTEMBER 2017 ENTERPRISE IT WORLD
21
COVER STORY
ANAND RAMAMOORTHY, MANAGING DIRECTOR, SOUTH ASIA, MCAFEE
“We have witnessed a paradigm shift in the cybersecurity discourse among enterprises with major emphasis being laid upon security preparedness and correctness.”
SUNIL SHARMA, MANAGING DIRECTOR SALES, SOPHOS
“Our burgeoning economy, with an almost unparalleled growth is attracting cybercriminals and attacks from all over the world
with Indian enterprises becoming victims.”
security systems. Automated systems can respond more quickly to sustained and intense attacks and can reduce costs, complexity, and errors. Networks can adapt to security demands in the blink of an eye. “Automation can help your cybersecurity team build proactive security that can respond immediately to potential threats. Intent-based security that can recognize threats or problems and can also understand the reason behind something will be critical to thwart automated attacks with automated security,” added Fortinet’s Rajesh Maurya. While some organizations fear a loss of control when they move much of their security response to an automated system, good automation gives employees visibility into the process. One of the biggest issues plaguing the cybersecurity infrastructure at any organization is dozens of cybersecurity tools from as many vendors. Many enterprises have too many security point tools and not enough time. In cybersecurity, each hour’s delay extends the window of opportunity for zero-day malware to wreak havoc on your endpoints. The effectiveness of all these security tools and widgets can increase if only they could 22 ENTERPRISE IT WORLD SEPTEMBER 2017
communicate with each other. Enterprises must rely on technologies such as Human-Machine learning to amplify the capabilities of the security teams.
TOP SECURITY PERSONNEL CONCERNS According to the KPMG CIO Survey 2017, around 18% CIOs in India faced a major security incident in the past two years. Thousands of new vulnerabilities are being disclosed every year. It is a mountainous task for Enterprise security teams to be in knowledge as to which ones need immediate mitigation. This has become a major challenge for InfoSec teams everywhere. Ravinder Arora, Head – Information Security, IRIS Software explains the issue at hand, “As no security team has the resources to patch every single one and even if they did, they’d still need to identify and address the most critical ones first. Not all vulnerabilities are created equal with some just being trivial, while others can be disastrous. Pinpointing the software that must be patched with the greatest urgency is essential. Unfortunately, many organizations lack a precise,
strategic, automated and systematic process for prioritizing their vulnerability remediation work. As a result, hackers constantly exploit common vulnerabilities and exposure (CVEs) for which patches have been available for weeks, months and even years.” Another key issue of concern to today’s ITDMs is the lack of right tools and solutions deployed by the organization. As Harish Menon, Corporate IT – ISMS & License Compliance at Raychem RPG observes, “The primary point that every cybercriminal looks for to access an organizations’ system is through an ignored gateway. The organizations typically understand the importance of vulnerability and risk management, but simply lack the proper tools and adequate staff to do an excellent job at it. By deploying security solutions just to maintain compliance, organizations are faced with a lack of visibility and awareness.” Undeniably one of the biggest issues though is the lack of cybersecurity talent at hand for Enterprise Indian. As per a recent McAfee Cloud Report, over 50 percent organizations reported lack of cybersecurity skills resulting in slowed adoption of cloud services, possibly contributing to the increase in shadow IT activities. 36% reported that they are experiencing a scarcity but are continuing with their cloud activities regardless. In the current cybersecurity landscape, enterprise InfoSec teams aim to ensure their users and critical business data are protected everywhere and have an ability to respond to threats as quickly as possible. “Enterprises would like to understand how, when and why people interact with data – and where this information travels,” Surendra continues, “Often questions
COVER STORY
KAMAL BRAR, VICE PRESIDENT AND GENERAL MANAGER OF APAC, HORTONWORKS
“A major concern for CISOs is detecting the exact time of an attack and understanding the
extent/damage caused due to the attack.”
like ‘How can we increase the agility of our cybersecurity systems and processes?’, ‘How can we monitor and protect our critical data that is inside and outside the perimeter?’ and ‘How can we quickly respond to a breach?’ come up while interacting with CISOs.” Another top concern for CIOs and CISOs today is the business and customer aspect with the C-Suite tag attached now. Ixia’s Bhaskar Agastya explains, “Based on our interaction with CIO/CISOs, we witness that they are concerned about a loss of reputation and vote of confidence amongst customers,” He furthers, “The other concern for CISOs is detecting the exact time of an attack and understanding the extent/damage caused due to the attack. To quantify attack both in terms of loss of revenue, marginal cost, opportunity cost and reputation/brand is a complex process. It is therefore imperative know when did the attack occur and not be oblivious to the situation.” Hortonwork’s Kamal Brar supports the trend, “Enterprises want to protect their customers and themselves against sophisticated cyber-attacks while balancing customer experience and satisfaction through data-based personalization. Security is now as much about keeping the lights on and the business functioning as it is about preventing theft. Insider threats and behavior analytics are also increasingly important topics.”
WAY FORWARD FOR CIOS AND CISOS Considering the fact that there is no defined
line that indicates the threshold of breach resistance organizations possess, it comes as a harsh but universally accepted truth that there is no exact antidote for security. The aim should be to organically build a culture of secure functioning, an effective program that educates employees is necessary as recent attacks have stemmed from phishing. “This has resulted in the need for institutionalization of a secure action plan gaining momentum. Specifically CISOs need to work to enable secure work environments that limit an organization’s risk profile; without placing undue restrictions on the ways people work,” Citrix’s Joshi adds. With proliferation of mobility, businesses are becoming perimeter less with increasing need of securing the critical data as it moves to the cloud and spreads across an array of systems and devices. As per Forcepoint’s Surendra Singh, “The CISOs can do so by adopting human-centric security approach to understand the rhythm of people in the organization and flow of critical business data and intellectual property – wherever it may reside.” Another important fact is the economic asymmetry of attacks which means it costs too little to attack, and too much to defend. Efficiency, automation and machine learning can be powerful weapons to redress this imbalance. Hortonwork’s Kamal Brar suggests, “Deploying modern data technologies to aggregate and automate activities like alerting, threat hunting and response orchestration with allow security teams to
RECENT BREACHES AND ATTACKS GLOBAL WannaCry: infected more than 230,000 computers in over 150 countries. Economic losses from the cyber attack could reach up to $4 billion Petya ransomware initiated in June 2017 and disrupted numerous banks, retail chains, hospitals and transport systems. Impacts were felt as far as Australia, Ukraine and Americas. Shadow Brokers first surfaced in August 2016, claiming to have breached the spy tools of the elite NSA-linked operation known as the Equation Group. Scorpene leaks 22,000 pages listing the combat capabilities and other information on the $3.5Billion Scorpene submarine and excerpts were leaked.
INDIAN 34 million citizens were affected by the massive data leak in Kerala of sensitive information such as income, name and date of birth, among top 10 breaches of 2016 worldwide. Union Bank of India was breached by cyber hackers. The hackers had managed to get past the bank’s security systems but the money trail was traced and the movement of funds was blocked. Aadhar details of 13.5 crore citizens were leaked and easily accessible from Government websites. 3.2 million Debit cards were compromised in India in October last year. SBI, HDFC Bank, ICICI, YES Bank and Axis were among the worst hit. Personal details of 1.4 million pensioners were hacked of a website run by the Jharkhand Directorate of Social Security. Cyber criminals hacked food and restaurant search engine Zomato’s website and stole 17 million user’s data. SEPTEMBER 2017 ENTERPRISE IT WORLD 23
COVER STORY
RAVINDER ARORA, HEAD – INFORMATION SECURITY, IRIS SOFTWARE
“Many organizations lack a precise, strategic, automated and systematic process for prioritizing their vulnerability remediation work.”
HARISH MENON, CORPORATE IT – ISMS & LICENSE COMPLIANCE AT RAYCHEM RPG
“By deploying security solutions just to maintain compliance, organizations are faced with a lack of visibility and awareness.”
rise above simple fire-fighting,” he adds. Gemalto’s Rana Gupta believes it’s often weak, static credentials that are exploited to gain unauthorized access to resources, or for a full-blown data breach and businesses looking to take a privacyfirst approach must control access, “Establishing
strong, two-factor authentication to any resource that holds value will eliminate this vulnerability.” An effective defense is built on a dynamic cybersecurity platform that is both open and integrated. McAfee’s Anand Ramamoorthy states, “Now, more than ever, the “new threat,
new widget” approach must evolve. The role of the CISO should be looking at ways to leverage security and privacy in a fashion which addresses consent, transparency and value.” People, processes and tools are an integral part of ensuring security compliance. Mobility trends like (BYOD) have now brought a paradigm shift in the way we access corporate information and hence a thorough understanding of security essentials is key to safeguarding corporate data on personal devices making security training necessary to help organizations rapidly respond to events. Pluralsight India’s Arun Rajamani adds, “Security Training for IT is essential for the security teams to develop their skills on a range of topics such as security engineering, security
KEY CYBERSECURITY STATS $90billion worldwide spending on information security is expected to reach in 2017, an increase of 7.6 percent over 2016, and to top $113 billion by 2020. $81.7billion worldwide revenues for security-related hardware, software, and services will reach in 2017, an increase of 8.2% over 2016. $68billion the economic cost of a global cyber-attack. $105billion Global spending on security solutions is expected to achieving a com-
24 ENTERPRISE IT WORLD SEPTEMBER 2017
pound annual growth rate (CAGR) of 8.7% through 2020 36.6million data records compromised in India during 2016, an increase of 14% compared to 2015. 500,000 threats daily and 244 new cyber threats every minute where enterprises typically saw 25 new threats per day 10 years ago 93% of Indian respondents highlight the overall focus on security with increasing investment in perimeter security
technologies 73% of all data breaches, ‘identity theft and financial access’ was the leading type of data breach in 2016. 69% Professionals say their organization’s existing security solutions are outdated and inadequate, emphasizing the need to have a holistic look at the security posture. 69% of Indian CIOs report an increase in their cybersecurity budgets over the last 12 months and almost three-fourths expect budgets to increase further in the next year.
COVER STORY
RANA GUPTA, VICE PRESIDENT – APAC SALES, IDENTITY AND DATA PROTECTION, GEMALTO
“Compromising the security of their data could undermine both the system and the trust that individual
customers have in the products and services.” ARUN RAJAMANI, COUNTRY GM, PLURALSIGHT
“Organizations are ramping up security professionals with guided learning paths on newer cyber security topics and up-skilling on existing cyber security knowledge.”
auditing, security testing, ethical hacking, network security etc. to proactively respond to security threats and enforce security standards.” Industry Veteran, Sophos’ Sunil Sharma believes all CIOs and CISO should follow the concept of synchronized security through instan-
66% believe that unauthorized users could access their network, rendering their perimeter security ineffective. 60% Indian Security personnel admit that employees and third parties bypass security policies and technologies because they are too complex. 50% organizations reported the lack of cybersecurity skills which has slowed adoption or usage of cloud services, possibly contributing to the increase in shadow IT activities. 36% reported that they are experiencing a scarcity but are continuing with
taneous sharing of threat, security and health information between firewall and endpoint helping eliminate the manual work of trying to figure out the who, what and when of a compromise. “A 360 degree analysis and response mechanism should be adopted which shows where the attack
their cloud activities regardless. 16.9% threat exposure rate of India which is among the top 5 vulnerable countries in the world to malware attacks. 10% minimum percentage of enterprises that will utilize the benefits of software defined perimeter (SDP) in order to isolate a sensitive environment, by the end of 2017. Sources: Citrix, Ponemon Institute, Gartner, EY, Forrester, Lloyds of London, Gemalto, IDC, McAfee, Sophos Labs.
came in, what it affected, where it may have stopped and recommended actions to prevent a similar attack in the future,” he adds further. With more and more companies relying on their information technology infrastructure to grow in a competitive environment, cyber threats have been increasing, which has forced businesses to reinvestigate their security infrastructure to better protect their environment. Today’s environments demand security teams to adapt systems and applications to be automated yet stringently controlled process. The aim of any organization should be to redefine its security approach keeping all the components of business in mind. Trends like mobility, cloud, third platform have signaled a paradigm shift in how enterprises of all sizes function today. Data is gold and at the heart of any process no matter how big or how miniscule for the organization, and it is imperative to identify and secure critical. Systems have changed from traditional perimeter security to human centric and holistic security concepts based on complete visibility, machine learning, automation of threat detection and response and collaboration among different tools working in tandem to ensure an organization is free from any disastrous breaches or attacks. In a highly competitive corporate environment where IT and Digital are the new enablers, they are also the most vulnerable areas for organizations in terms of business impact today. Leveraging digital without enforcing a well thought out security strategy is a sin in today’s security landscape. Cybersecurity Strategy now is at par with strategies for any other business area. It will be a crime in itself to neglect security today for any organization going digital, be it big or small. SEPTEMBER 2017 ENTERPRISE IT WORLD 25
DATA CENTRE
SIFY: SCALING ENTERPRISE GROWTH WITH NEXT-GEN TECHNOLOGY Bringing on the need for a comprehensive digital transformation partner
I
n today’s hyper-connected world, with the global business environment changing at warp speed, businesses and countries are trying to out-compete each other and keep pace with shifting consumer behaviors. This in an era, where product lifecycles are shortening and traditional business models are being upended. Technology is enabling innovation at rapid scale, making enterprises lean and theirresource usage more optimized. Given this scenario, many of today’s businesses lack the digital competencies required to aid organizational growth and maintain competitiveness. In organizations where IT is still treated as a siloed business process, IT administratorsmust invest valuable time and effort in managing the IT infrastructure as well as co-ordinate with sundry vendors to carry out periodic upgrades and changes to the IT infrastructure as and when necessary. If only there was a partner to lend a helping hand, while the organization could focus on what it does best: its core business. Enter Sify, India’s most comprehensive ICT solution and service providers.
SIFY – THE ICT PIONEER Sify started its journey in 1998 by being India’s first private ISP to bring internet into Indian homes. Pioneering internet access in homes and cybercafés, Sify played a vital role in the start of India’s digital transformation journey. As the digital landscape evolved,Sify scaled up the value chain in providing telecom, data centersand cloud services to emerge as a truly integrated ICT player. Underpinning this evolution was an innovative approach to solving business problems. As anICT pacesetter that has built business relationships with over 9000 organizations, Sify constantly strives to harnessknowledge
26 ENTERPRISE IT WORLD SEPTEMBER 2017
and expertise to keep its customers ahead. Being agile, Sifyhas a record of accomplishmentin taking on any challenge in the unified ICT space, by offering customized solutions to large, complex enterprises, SMBs, the Government and PSUs, as well as verticals in the realm of BFSI, Manufacturing, Retail, Healthcare& Pharma, Education, Media and IT/ITES.The company’s ‘Bring it on’ attitude, scalable portfolio of services and superior solutions have enabled Sify to enrich and simplify professional lives.
SINGLE WINDOW SOLUTIONS With a single window approach,Sify offersbusiness-oriented solutions on a pay-per-use model by integrating world-class services and resources. It assesses, creates, migrates, secures, manages and optimizes them so that the solution it delivers to its partners enables them to transform their businesses.Solutions by Sify enable organizations to improve asset productivity and contribute significantly to business growth.
SIFY’S INTEGRATED TRANSFORMATION CAPABILITIES COMPRISE OF THE FOLLOWING SERVICES:l Network Services: Sify’s suite of network services goes beyond enabling business applications to help adapt to rapid growth, data intensive applications, information security threats and evolving technologies. l WAN l DC & Cloud Interconnect l Managed Network & Security Services l Edge Services l Data Center Services: Sify’s network today connects 45 DCs across India, includ-
ing Sify’s 6 Tier 3 DCs in Chennai, Mumbai, Delhi and Bengaluru. l Colocation Services l Managed Hosting l DC Migration l DC IT Services l Data Center Transformation l Cloud & Managed Services: Sify offers Public, Private and Managed Cloud services, leveraging enterprise-class technology to guarantee high availability, performance, scalability and security. l Enterprise Public Cloud l Enterprise Private Cloud l Cloud-based Disaster Recovery l Managed IT Services l
Applications Integration Services: Sify
DATA CENTRE
offers the entire range of consulting-led IT software application services and products to diverse domestic and global clients. l SAP Services l Microsoft Solutions l Oracle Services l e-Learning l Forum Nxt: End-to-end SCM Solutions l Talent Management Solutions l iTest: Online Examinations l Skype for Consumers l Technology Integration Services (TIS): Sify’s TIS offerings are well aligned and integrated with its core strength in telecom and data center space. l Network Integration l Enterprise Security Services l Collaboration Services
l
End-user Computing Services
INDUSTRY EXPERT Sify’s expertise makes it the ideal technology partner to manage the full spectrum of the IT needs of all organizations, across sector and scale.With rich insights, experiences and partner alliances, Sify continues to build a world of converged ICT ecosystems, which assure a competitive advantage to its customers.Sify’s unparalleled success in offering technology solutions to enterprises would not be possible without the unflinching support of its robust stakeholder ecosystem. Possessing the best of technology partnerships with industry leaders in IT hardware, networking, and applications, Sify sets high standards in quality, reliability and durability in providing technology enablement solutions. OEM partners also value Sify as an important cog in their GTM strategy. Sify along
with its technology partners have displayed prowess in many DC transformation projects by implementing best-of-breed solutionsenabling customers to experience the best-fit solution to address their business demands and de-risk the transformation.
AWARDS AND RECOGNITIONSify has won multiple awards as a leading service provider in many categories from leading industry publications. Gartner has recognised Sify in its highly sought after Magic Quadrant - Cloud Enabled Manage Hosting for four consecutive years i.e. 2013 to 2016. Amongst the multitude of awards won by Sify, the coveted Business Superbrand of the Year 2016-17 and WCRC’s Brand of the Year title stand out.
SEPTEMBER 2017 ENTERPRISE IT WORLD 27
CISO VOICE // SRF
THE HACKER’S TARGET OF CHOICE: MANUFACTURERS “Cyber attacks on manufacturing companies are on the rise as attackers attempt to steal valuable intellectual property and information.”
T
he manufacturing sector is now one of the most frequently hacked industries, second only to healthcare, a new report says. Healthcare which has a wealth of exploitable information within electronic records, moved into the top spot in the rankings, replacing financial services, which dropped to third place in IBM X-Force Research’s new 2016 Cyber Security Intelligence Index. Manufacturing rose from third place in last year’s report, which offers a high-level overview of the major threats to IBM’s clients’ businesses worldwide over the past year. Manufacturing includes automotive, electronics, textile, and pharmaceutical companies. Automotive manufacturers were the top targeted manufacturing sub-industry, accounting for almost 30% of the total attacks against the manufacturing industry in 2015. Chemical manufacturers were the second-most targeted sub-industry in 2015, according to IBM. Many manufacturing companies are behind the curve in security because they have not been held to compliance standards like financial services has, with the Payment Card Industry Data Security Standards and The Gramm-Leach-Bliley Act, or in the case of the healthcare industry, with the Health Insurance Portability and Accountability Act, Lutgen says. “Because of that, they [manufacturers] tend to be a little laxer with security in terms of some other industry verticals.” “As a result, there is a lack of adoption of key information security practices that have become standardized procedures across most industry verticals,” Lutgen says. For example, only 33% of survey respondents indicated that their organizations were performing annual penetration testing within their IT groups. Manufacturers have unique security issues to deal with as they move 28 ENTERPRISE IT WORLD SEPTEMBER 2017
toward increased automation. “Network Security is becoming increasingly relevant in industrial plants. Factor in emerging trends in the business [such as bring-yourown-device (BYOD) and the Internet of Things (IoT)] and the touch points for potential security threats are increasing at exponential rates.” Said Aberdeen, “Ensuring the Security of Industrial Networks in an Insecure World” One of the better-known attacks to affect the industrial manufacturing sector in recent years was the Stuxnet computer worm, which was discovered in 2010. Stuxnet was designed to attack industrial programmable logic controllers, which allow the automation of electromechanical processes such as those used to control machinery on factory assembly lines. By exploiting zero-day vulnerabilities, the program aims at machines using the Microsoft Windows operating system and networks. The emerging IoT is drawing lots of attention these days, and it certainly presents potential security risks for manufacturers. With the IoT, an enormous number of corporate assets and end products will be linked via networks to provide a steady flow of data about where the objects are located and how they are being used, among other things. Many manufacturers are already creating IoT strategies or implementing related technologies, for applications such as remote asset tracking, fleet management, energy data management and heavy equipment performance monitoring. With IoT, manufacturers will not only be making and selling products, they will be offering lots of new services to provide customers with information about those products and how they’re being used. Companies will need to address challenges such as ensuring data privacy and security, to safeguard customer information
RAJEEV VERMA, Chief Manager Information Security, SRF
as well as meet regulatory compliance requirements. That includes security networks as well as sensors and other technologies used to track and monitor products and machines.
DEFENSIVE STRATEGIES There is no better strategy than paying attention to information security. This might be seen as expenses rather than investment but we should understand there is a requirement to keep the data secure for a smooth and worry-free production. If we understand that we can correlate investing in information Security as a profitable deal. Sikich’s report clubbed with personal thoughts offers manufacturers some advice about how to mitigate threats: l Have a dedicated information Security Team lead by an information security leader. l Give space to information security team rather than more alignment towards production driven decisions. l Conduct an annual IT risk assessment to properly understand where threats are originating from. l Perform annual penetration tests to simulate the threat of someone trying to break into your organization’s network. l Conduct ongoing vulnerability scanning throughout the year to help the organization stay up-to-date with new threats.
CXO SPEAKS
Amitabh Mishra, Chief Digital Officer, Vedanta Resources
A QUIET REVOLUTION IS BREWING AT VEDANTA “Early discussions at the company revolved around the meaning and scope of Digital, its feasibility, and relevance to the company.”
W
hen you think ‘Digital Transformation,’ what comes to your mind? You probably think of GE, a pioneer of the industrial internet of things, or Accenture, Cognizant or Capgemini and the likes, who’re investing heavily into developing capabilities and practices in this space. Or perhaps you think
of the ‘traditionally digital’ industries of retail, telecom and media. But did you know that Vedanta – the oil & gas, power, mining and metal processing conglomerate – is making aggressive moves in this space? Vedanta? Really? Yes, really. There’s strong commitment from management, and intense activity at the ground level. Digital is an IT initiative that was talked about at Vedanta for almost two years, until now, when leadership took a deep breath, hit
the ‘reset’ button, and started the journey anew with focus and vigor. What that has meant is the following: l Hiring of Chief Digital Officers l Group-wide workshops on Digital l Education of senior leadership on what Digital means and how it can help innovate and disrupt l Brainstorming and ideation sessions involving employees across diverse functions such as operations, engineering, finance and IT l Formulation of a staffing strategy l Prioritization of initiatives that can bring the greatest benefit to business Early discussions at the company involved basic discussions around the meaning and scope of Digital, its feasibility, and relevance to the company. Basic misconceptions abounded – e.g. was Digital the same as digitizing documents? Was Digital was any different from IT? How exactly were the following relevant to business: analytics, 3D modeling, simulation, IoT, AI, robotics and automation? However, once digital leaders were hired across different companies within the group, the movement gathered momentum. Quite soon, Digital workshops were happening, ideation meetings were creating excitement and momentum was building.Top managers bought into the strategy and lent their wholehearted support. At Sterlite Copper, for example, we worked out a 3-year Digital Strategy, outlining clear initiatives, timelines and business benefits. The next step was to agree on an organization strategy that best fit our requirements. It was not in our interest to create a bloated Digital organization that didn’t provide a clear, long-term career path to employees. On the other hand, adopting a 100% outsourced strategy was not going to work, either. In the end, we settled on a middle path, a combination of limited hiring and engaging partner teams. The other important question we’re pondering is: where does IT go, and how does the IT organization work with the Digital team? How would reporting work? Can we staff the Digital team with some folks from the IT organization? That is something that’s still being figured out, but our thought process is that IT will play a central and fundamental role in the Digital strategy. In conclusion, here are a few lessons from the early days of a Digital Revolution at Vedanta: l Transformation takes time. It pays to be patient. l Bring people along; don’t be an extreme radical. l Educate leadership; don’t be fazed by fundamental questions. l Formulate a strategy for quick wins. l Execute, communicate, communicate – and repeat the cycle. l Celebrate small successes. SEPTEMBER 2017 ENTERPRISE IT WORLD 29
INTERVIEW // KODAK ALARIS
TAKING COMPLEXITY OUT OF INFORMATION CAPTURE According to IDC, less than 0.5% of data is ever analysed or used. This presents companies with a monumental challenge to tap into the value of their data through efficient digitalization. Siddhartha Bhattacharya, Vice President, Global Marketing at Kodak Alaris Information Management believes the answer is simple: digital transformation starts with information capture. And that is where KAIM’s newest offering the IN2 Ecosystem fits in.
30 ENTERPRISE IT WORLD SEPTEMBER 2017
KODAK ALARIS // INTERVIEW
for managing growth, mitigating risk, and reducing costs.
SIDDHARTHA BHATTACHARYA,
VICE PRESIDENT - GLOBAL MARKETING, KODAK ALARIS INFORMATION MANAGEMENT
“Information capture is at the very crux of digital transformation as deriving meaningful insights is only possible if the data is captured in a precise manner.”
What is the USP of the recently introduced IN2 Ecosystem? Today, businesses are dealing with an exponential growth of data, which includes an influx of digital documents in various formats and from multiple sources. 90% of this data not tabled in a structured manner resulting in Data Chaos. To top that, the amount of data generated in the past two years alone exceeds the amount that has been generated in the history of mankind. For decades, Kodak Alaris has been at the forefront of finding new and better ways to digitize information. Information capture is at the very crux of digital transformation as deriving meaningful insights is only possible if the data is captured in a precise manner. Our expertise is grounded in decades of imaging science and technology excellence. Building on this momentum, the IN2 Ecosystem will take the complexity out of information capture, providing companies with an integrated approach of scanners, intelligent software and a robust portfolio of partners and services. The fundamental principles of this new model are namely, the Right fit through customizable solutions configured to fit customers’ business goals, the Right experience by an acute focus on simplifying work, from acquisition to ownership and the Right results to transform data into usable information and thereby, drive business value. The IN2 Ecosystem is not limited to Kodak Alaris products and services, but most notably is designed to leverage the expertise of partners to connect, configure and create new solutions that cater to unique customer requirements. How will the IN2 Ecosystem help enterprises in terms of business value? Data is central to knowledge, and in today’s
world the ability to harness the power of data efficiently presents companies with a wealth of business potential. The IN2 Ecosystem presents companies with the key to unlock this potential through accurate capture of essential data, throughout the information lifecycle. It enables businesses to mine content for insights and intelligence, which is then routed into business processes. This ecosystem approach delivers transformational benefits through improvements in productivity, reliability, efficiency, scalability and the simplicity, ease of use and superior user experience through contemporary design. How significant is the role of networks in storage? Can you elaborate? Storage networks provide a centralized repository for digital data that can be accessed by many users, and they use high-speed connections to provide fast performance. The benefits of storage networking can include improved performance, reliability and availability. It can enable greater collaboration among workers, and it can simplify some IT management tasks. Storage networks also make it easier to back up data for compliance and disaster recovery purposes. In addition, they can free up valuable server CPU cycles for more important tasks. A storage network solution can protect company’s data from user error and malicious intent, theft, natural disasters and system failures. Storage network lets enterprise easily add new storage resources anywhere across the enterprise — one can plug in a new box or slot in new disks without ever powering down a server. IP Storage network delivers predictable performance, provides security for storage data flows between data centers, contains failure domains, and maximizes uptime. These attributes are essential
How has been the response to the IN2 Ecosystem in the Indian market so far? : India has been especially receptive to the IN2 Ecosystem. Post the launch of the platform in late April this year; customers are seeing the value proposition with more clarity. They now realize how the new IN2 Ecosystem is poised to solve their problems and challenges in a more streamlined manner. If we talk about a couple of cases in the India market, a large manufacturing company utilizes Kodak Alaris hardware and software solutions to improve the performance of their Shared Services Center; Qwizpad, a Chandigarh based Independent Software Vendor (ISV), has embedded Kodak Alaris’ high speed scanning solutions to optimize its offerings for the education sector. Kodak Alaris has helped Qwizpad increase scale and efficiency with its high-end production scanners, and derive valuable insights from the content with ease, thereby allowing them to service their customers better. Which sectors do you believe will be major endorsers of the IN2 Ecosystem? We focus on five horizontal areas which are paper intensive- Mailroom Automation, Records Management, Forms Processing, Customer On-boarding and Accounts Payable, which we believe can truly harness the power of data chaos. For sectors that rely heavily on these functions, such as large BPOs and Enterprises, BFSI, Healthcare, Government, etc., we provide a holistic framework that enables them to ease the process of scanning and placing this data into digital records and deriving intelligence from it. By addressing the complexity at these common sources, organizations can deliver tremendous improvements to the customer experience and improve the company’s bottom line. Do you have any new developments in the pipeline for customers in India? The new IN2 Ecosystem will open up a new set of opportunities for our customers to make their digital transformation vision a reality. Through a well-equipped network, Kodak Alaris will enable customers to turn data into a powerful competitive advantage. SEPTEMBER 2017 ENTERPRISE IT WORLD
31
INTERVIEW // CTRLS
“I DO NOT SEE THERE WOULD BE A SINGLE CLOUD PROVIDER WHO WOULD FULFIL ALL THE NEEDS.” With the growth of complexity in managing and monitoring enterprise class infrastructure and applications, there has been growth in the datacenters. One of the trends which is picking up is community cloud created by the datacenter providers. The other one is datacenters managing and harmonizing multiple clouds and giving customers, the need based solutions. Find what Sridhar Pinnapureddy, Founder & CEO, CtrlS Datacenters is saying about it. Excerpts…
Briefly tell us about CTRLS journey so far? We have got about 1200 people working with us in 12 countries. In India we have about six data centers, the sixth datacenter is going live in Hyderabad soon. Our strategy has been on the community cloud development, which worked very well for the banking and manufacturing industry. Pls. put some lights on operations in Dubai, US and other countries. It all started with the Indian MNCs asking for services and space outside India. That is how we started in Dubai and US but over a period, our global MNC customers like SAP or large SI and services companies or fortune 100 companies, felt that if we are present in many other countries, it would add a lot of value to them. That is how the thought started and we developed and worked on the strategy and decided to be presence in 40+ counties in next 2 years, most of them would be the tier-2 countries from the cloud adoption perspective. These are the South-East Asia countries where we are present in all the six countries with some of the large clients in those countries. However, at present, we are in Australia, New 32 ENTERPRISE IT WORLD SEPTEMBER 2017
Zealand, Middle East, Africa, South America, apart from South East Asian countries. There are too many dilemmas for customers, while pursuing the journey of cloud to digitization, what are your thoughts around that? The biggest dilemma that I hear from many of the CIOs is that what do I do after I outsource everything…. I have been running the show so long, so what to do after this. I give you an example, being a serial entrepreneur with eight organizations, I also think in the same lines. The first one which was very close to my heart, I did not want to give it to my managers in terms of decision making but I realized that it was limiting my growth. That is where the progressive CIOs take decision. The biggest benefit is not in terms of cost - from CAPEX to OPEX but the creation of the bandwidth. The bandwidth, which gets free from your day to day schedule, could be used for the productivity improvement of your business. The other dilemma is that I have a datacenter why to touch it unnecessarily, if it is running smoothly – especially if you have invested in a couple of years ago now it is fine and running smoothly.
Another one is that cost benefit analysis, when do they do that not every time the benefits are certain – especially if you do partial outsourcing, you won’t see the benefits of the cloud. It would be as expensive as it would be inhouse. So, overall, these are things are going on in the minds of the CIO community. It is multiple clouds these days, how to manage and harmonize them all? Yes, we are seeing it. There are many cloud providers. There is Azure, AWS, Google, etc. The away I see it: all the CIOs would eventually drift towards a couple of large public cloud provider - one, who would give them scale and the other one who would be services led. Both would be required to run an organization. I do not see there would be a single cloud provider who would fulfil all the needs. For example, Microsoft may offer a good deal on Office 365 solution over Azure. We would give a good deal on the industrial solutions with better SLA. So, there are options but there is a confusion. On one side, you are outsourcing to create bandwidth to make yourself free but at the same time, you are getting into complexity of managing multiple cloud providers. So, this is a
CTRLS // INTERVIEW
SRIDHAR PINNAPUREDDY,
FOUNDER & CEO, CTRLS DATACENTERS IN CONVERSATION WITH SANJAY MOHAPATRA, GROUP EDITOR, ACCENT INFOMEDIA PUBLICATIONS.
“For the most popular business application layer like SAP, Oracle or SQL, etc. whether it is on
AWS or Azure or Google cloud, it does not matter. You are getting a new age managed services provider ”
lot more complex. What are the benchmarks for the cloud providers? So, there will be multiple cloud providers, you want to get the best of the both worlds, best of the bandwidth. How would you address? We see ourselves playing a major role which is apart from providing datacenter services and cloud services. We have developed centers of excellence for all popular cloud platforms. Now you can depend on them to deliver seamless service, across all public cloud platforms giving a single SLA for all your applications, including the security layer. And, for the most popular business application layer like SAP or Oracle, or SQL, etc. whether it is on AWS or Azure or Google Cloud, it does not matter. You are getting a new age managed services provider, born in cloud and developed complete organized systems and processes to address that need of the enterprise. I give an example of one of the largest conglomerates in one of the South East Asian countries. This company has their own datacenters. They have a telecom company, the largest manufacturing facility, etc. Their natural feeling would be ‘why should I outsource as I have everything’? But issues are obviously there! So, the chairman was
determined that for him, if he wants to leapfrog to the next level of growth, he needs to adopt it quite aggressively, so, we could help them in upgrading the data center. So, if you want to do the migration under the circumstances given above, we can help you by buying back the equipment in your data center and absorb the workforce and give them career path. What about the security aspect of the cloud story or hosted story? The security landscape has changed during last three years. Before this the BFSI sector were targeted. But now even a small manufacturing company or a small business is targeted. There is no more traditional mafia where he is calling you for protection money or hafta in hindi. It is now a new age organized crime that is using cyber warfare. We have seen 100s of organizations getting affected. When we checked with cybercrime department, the do not have any bandwidth to go after these miscreants. What does it mean for all of us is that we need to step up our defense system. Till few years ago simple firewall, IPS, IDS or at the most DDoS protection was enough but today it won’t work. Today you need a lot more protection than what it was considered. CTRLS has invested in a massive cyber security
lab. We have invested in over 28 tools. Over 40+ information controls we need to deploy sooner or later – especially financial applications have no option but to deploy these 40+ controls from the compliance perspective. These controls are from the perspective of internal security because we have seen a lot of internal security breaches happening by the disgruntled employees, suppliers, ex-employees, people who have access using mobile devices, etc. I am glad to say that more than 18 banks have taken this service from us and about 50-60 large organizations are protecting their ERP systems. And for community clouds, we have come up with bundled versions. For example, for our banking community cloud, we have 40 information controls by default. Our ERP cloud comes with about nine information controls, which we feel is good for the manufacturing industry. What is your vision 2020? My vision is by 2020, we will have presence in at least 40 countries and would like to be a different cloud services and datacenter player. A player who provides deep expertise and industrial solution. We will be an industrial solution provider using cloud technology rather than cloud instance provider. SEPTEMBER 2017 ENTERPRISE IT WORLD 33
CIO200 SUMMIT & AWARDS
HISTORIC LANDMARK FOR INDIAN IT:
CIO200 TECH SUMMIT & CHANGEAGENTS AWARDS 2017
Unprecedented in scale, the inaugural CIO 200 Tech Summit gathered IT Leaders from across the country to deliberate on the theme of Digital Transformation of Enterprises. CIOs/ CTOs/ CISOs and IT Heads from across verticals were recognized for their contributions to their organization’s transformation at the inaugural ChangeAgents 2017 Awards.
I
t all started with an idea to gather the IT power house of the country under one roof. The Enterprise IT World CIO200 Tech Summit and ‘ChangeAgents 2017’ Awards took place in the national capital of India on 8th September 2017 at the Crowne Plaza Hotel in Okhla. The Summit set an unprecedented milestone for the Indian IT industry where over 200 of the top CIOs, CTOs, CISOs and IT Heads from organizations pan India converged to a single venue. The CIO200 Summit was themed around ‘Digital Transformation of Indian Enterprises’. The inaugural ChangeAgents Awards 2017 reiterated the theme by recognizing Cybersecurity Leaders who have been at the core of the transformation in their organizations, thus acting as true transformation catalysts in their roles as the ‘ChangeAgents’ of their organizations. Constructed as a daylong knowledge sharing platform, the summit set a landmark in magnitude with an influential gathering of IT C-Suites from major economic sectors like BFSI, Manufacturing, Automotive, Healthcare, Aviation, Hospitality, IT/ ITES, Electronics, FMCG, Education, as well as Government enterprises. Apart from the Enterprise IT CIO Community, the Summit witnessed delegates from the IT Ministry, IT Vendor community, and academicians who shared their knowledge and vision with the Enterprise IT Leaders. Perhaps, the biggest proof of the success of CIO200 was in the sheer amount of Information Technology experience and expertise present under one roof on the day. The 34 ENTERPRISE IT WORLD SEPTEMBER 2017
CIO200 Summit and ChangeAgents were held on the back of a six month long CIO initiative by Enterprise IT World, wherein the editorial team reached out to IT Leaders in different geographies and trades and profiled them, observing their work in digitally transforming their enterprises. A brainchild of the Enterprise IT World Group Editor, intended to acknowledge the work of Indian IT Leaders and further empower them through knowledge sharing, tech presentations and panel discussions. Another crucial motive of the Event was to motivate these IT Leaders by recognizing them with the tag of ChangeAgents, thus helping them surge in their quest for better technology to take Enterprise India to greater heights. Decision Makers profiled during the 4 months CIO Initiative of the Enterprise IT World Magazine were recognized for their significant contributions in the year 2016-17 and their technology plans for the coming business year. Speaking at the event Sanjay Mohapatra, Publisher, Enterprise IT World explained the idea behind creating CIO200 Summit, “CIOs are playing and will continue to play a pivotal role in transforming India’s digital topography with their potential to harness IT as an enhancer than an enabler. The objective of the CIO200 Tech Summit is to empower the CIOs and ITDMs to address the technological gaps in their organization’s infrastructure and help them find solutions. We are honored to organize CIO200 awards to felicitate the best IT skilled brains of our country.” Speaking at the event Sanjay Mohapatra,
Publisher, Enterprise IT World explained the idea behind creating CIO200 Summit, “CIOs are playing and will continue to play a pivotal role in transforming India’s digital topography with their potential to harness IT as an enhancer than an enabler. We are honored to organize CIO200 awards to felicitate the best IT skilled brains of our country.” The event, designed to connect key pillars of the industry, was supported by Industry leading technology companies CtrlS Datacenters, Sify Technologies, Canon India, Schneider Electric, Tata Docomo Business Services, IBM, Kodak Alaris Information Management, InstaSafe and ItSimple. Business leaders from the vendor came forward to address the challenges faced by IT leaders in enterprises through knowledge exchange around the theme of Digital Transformation and leveraging third platforms and new technologies. At the awards, the vendor community connected with the attendees and engaged them with glimpses of new technologies and discussions revolving around their present challenges and enterprise IT needs. The summit witnessed the apex IT decision makers brainstorming on the emerging digital trends in the country’s enterprise IT landscape through panel discussions on ‘BI and Analytics for better decision making’ and ‘Digital Transformation of the Indian Manufacturing Industry’. The knowledge sharing discussions revolved around topics such as ‘Innovation at the Entry
CIO200 SUMMIT & AWARDS
level’; ‘Empowering Digitization with Cloud; and ‘Future of Digital Transformation of Large Enterprises’ . The sessions featured prominent IT industry business leaders including Sridhar Pinnapureddy, Founder & CEO, CtrlS, K Bhaskar, Senior Vice President, Canon India, Sandeep Majumdar, Chief of Operations – North, Sify Technologies, Manish Gokhale, Director, Business Development, Schneider Electric, Vivek Naidu, Vice President, Information Management, Kodak Alaris India, Shaheen Meeran, COO
(Co-location), CtrlS Datacenters and Ashish Srivastava, National Head – BTL Marketing, Tata Docomo Business Services, and Nilay Srivastava, Business Manager, IBM Cloud among others. The two day event closed curtains with a DC Visit for the attendees to the CtrlS Tier IV Data Center in Noida on the 9th where they were given a tour of the entire premises and brushed up on the latest data center technologies and how they can be leveraged. The event was an immense success on the back of heartwarming praise from the
CIO Community for holding a grand platform where they could connect with like-minded peers and discuss their present challenges and future possibilities. This marks the end of a successful ChangeAgents CIO Initiative by Enterprise IT World. The CIO Community forms an integral part of our publication and we will continue to engage these IT Leaders and interact with them in our aim to address their challenges and empower them through the other such events in the future. SEPTEMBER 2017 ENTERPRISE IT WORLD 35
CIO200 SUMMIT & AWARDS
Sanjay Mohapatra, Chief Editor, Enterprise IT World welcoming the attendees and shedding light on the idea behind ChangeAgents200.
Shaheen Meeran, COO – Co-location Business, CtrlS Datacenters performs keynote duties
Sandeep Majumdar, Chief of Operations – North, Sify Technologies talks about changing roles of CIOs.
K Bhaskar, Director, Enterprise Solution Division, Canon India addresses the audience.
36 ENTERPRISE IT WORLD SEPTEMBER 2017
CIO200 SUMMIT & AWARDS
V.V.R. Babu, retd. Group CIO, ITC and Founding Member of TiE, Kolkata recognized with Lifetime Achievement Award by Group Publisher and Editor. Collected by Gaurav Dubey, Sr. Manager IT Infrastructure & Security, ITC on behalf of Mr. Babu.
Manish Gokhale, Director, Business Development, Schneider Electric gives a tech talk on ‘Innovation at the Entry level’
Vivek Naidu, Vice President, Information Management, Kodak Alaris India talks on “Future of Digital Transformation for Large
Nilay Srivastava, Business Manager - IBM Cloud conducts a presentation on ‘Empowering your Digitization with Cloud’
SEPTEMBER 2017 ENTERPRISE IT WORLD 37
CIO200 SUMMIT & AWARDS
Panel Discussion: BI and Analytics for Better Decision Making
(L to R) Manohar Bhoi, President Technology, Electronic Payment & Services; Jagdeep Singh, CISO, Rakuten India; Prof. Mausam, Asst. Prof. Artificial Intelligence, IIT Delhi; Ritu Madbhavi, CIO, FCB Ulka Advertising; Ranjan Kumar, GM Sales – IT Division, Schneider Electric; Anshul Dureja, MD & CEO, Creating Values (Moderator)
38 ENTERPRISE IT WORLD SEPTEMBER 2017
CIO200 SUMMIT & AWARDS
Sanjay Mohapatra, Group Editor, Accent Info Media interviews Sridhar Pinnapureddy, Founder & CEO, CtrlS Datacenters.
Panel Discussion: Digital transformation of Manufacturing Industry
(L to R) Rajeev Pradhan, Vice President, Arshiya International; Amit Kapil, Group CIO, Caparo; Atul Govil; CTO & Head (SAP & IT) - Corporate at India Glycols; Manish Gokhale, Director – Business Development, Schneider Electric; Sandeep Panda, CEO, InstaSafe; Milan Kumar, ex-CIO, Volkswagen India (Moderator) SEPTEMBER 2017 ENTERPRISE IT WORLD 39
CIO200 SUMMIT & AWARDS
REUNIONS AND
40 ENTERPRISE IT WORLD SEPTEMBER 2017
CIO200 SUMMIT & AWARDS
NEW CONNECTIONS
SEPTEMBER 2017 ENTERPRISE IT WORLD
41
CIO200 SUMMIT & AWARDS
CHANGE AGENTS
Sridhar Pinnapureddy, CEO, CtrlS Datacenters giving away the award to Sudipta Biswas, Prime Infoserv
Sridhar Pinnapureddy, CEO, CtrlS Datacenters giving away the award to Dr. Sunil Gupta, Ministry of Steel, ERU
Sridhar Pinnapureddy, CEO, CtrlS Datacenters giving away the award to Srinivas Rao Muppaneni, AP and Telangana State Co-op Bank
Sridhar Pinnapureddy, CEO, CtrlS Datacenters giving away the award to Ritu Madbhavi, FCB Ulka Advertising
Sridhar Pinnapureddy, CEO, CtrlS Datacenters giving away the award to Subbarao Hegde, ApOn India
Sridhar Pinnapureddy, CEO, CtrlS Datacenters giving away the award to Suresh Iyer, Bluestar
Sridhar Pinnapureddy, CEO, CtrlS Datacenters giving away the award to Arun Goyal, HCG Enterprises
Sridhar Pinnapureddy, CEO, CtrlS Datacenters giving away the award to Zuzar Tinwalla, Standard Chartered Bank
Sridhar Pinnapureddy, CEO, CtrlS Datacenters giving away the award to Avinash Velhal, Atos
42 ENTERPRISE IT WORLD SEPTEMBER 2017
CIO200 SUMMIT & AWARDS
AWARDS 2017
Sridhar Pinnapureddy, CEO, CtrlS Datacenters giving away the award to Debashis Singh, Mphasis
Sridhar Pinnapureddy, CEO, CtrlS Datacenters giving away the award to Rajesh Garg, Rolta
Sridhar Pinnapureddy, CEO, CtrlS Datacenters giving away the award to Srinivas Anappindi, CSS Corp
Sridhar Pinnapureddy, CEO, CtrlS Datacenters giving away the award to Amitabh Mishra, Vedanta Resources
K Bhaskar, Canon giving away the award to Vivek Dharia, KNP Securities
K Bhaskar, Canon giving away the award to Chekuri Venkat Vamsidhar, Kony India
K Bhaskar, Canon giving away the award to P Sarangi, Exide Industries
K Bhaskar, Canon giving away the award to Rao Poduri, Daimler India
K Bhaskar, Canon giving away the award to Bharat B. Anand, Ministry of Home Affairs
SEPTEMBER 2017 ENTERPRISE IT WORLD 43
CIO200 SUMMIT & AWARDS
K Bhaskar, Canon giving away the award to Parveen Kumar Sharma, Vianaar Group
K Bhaskar, Canon giving away the award to Darshan Appayana, Happiest Minds
K Bhaskar, Canon giving away the award to Khushru Bacha, Omkar Realtors & Developers
K Bhaskar, Canon giving away the award to Parna Ghosh, UNO Minda Group
K Bhaskar, Canon giving away the award to Prakash Kumar, BMW India
K Bhaskar, Canon giving away the award to Shalabh Garg, Religare Enterprises
K Bhaskar, Canon giving away the award to Upkar Singh, FIS
K Bhaskar, Canon giving away the award to Satyanarayana Kasturi, Essar Projects
K Bhaskar, Canon giving away the award to Sandeep Kulkarni, Panasonic India
44 ENTERPRISE IT WORLD SEPTEMBER 2017
CIO200 SUMMIT & AWARDS
Sandeep Majumdar, Sify Technologies giving away the award to Rishi Sareen, Ecom Express
Sandeep Majumdar, Sify Technologies giving away the award to DV Seshu Kumar, Orient Cements
Sandeep Majumdar, Sify Technologies giving away the award to Glory Nelson, Spice Jet
Sandeep Majumdar, Sify Technologies giving away the award to Dhananjay Prasad, MM Innovations
Sandeep Majumdar, Sify Technologies giving away the award to Sachin N Karkhanis, Concorde Motors
Sandeep Majumdar, Sify Technologies giving away the award to Chitaranjan Kesari, Lodha Group
Sandeep Majumdar, Sify Technologies giving away the award to Prashant Bokil, The Mandhana Retail Ventures
Sandeep Majumdar, Sify Technologies giving away the award to Kamal Goel, Anand Rathi
Sandeep Majumdar, Sify Technologies giving away the award to Manohar Bhoi, Electronic Payment & Services
SEPTEMBER 2017 ENTERPRISE IT WORLD 45
CIO200 SUMMIT & AWARDS
Sandeep Majumdar, Sify Technologies giving away the award to Atul Govil, India Glycols
Sandeep Majumdar, Sify Technologies giving away the award to Anand Ruhela, Kwality Limited
Vivek Naidu, Vice President, Kodak Alaris giving away the award to Kumar Prasoon, Al Safeer Group
Vivek Naidu, Vice President, Kodak Alaris giving away the award to Amit Kapil, Caparo
Vivek Naidu, Vice President, Kodak Alaris giving away the award to Rajeev Pradhan, Arshiya International
Vivek Naidu, Vice President, Kodak Alaris giving away the award to Rajeev Khade, Adient India
Nilay Srivastava, IBM giving away the award to Prasenjit Mukherjee, BSES Power
Vivek Naidu, Vice President, Kodak Alaris giving away the award to Sanjay Singh Gahlod, Oriental Rubber Industries
Vivek Naidu, Vice President, Kodak Alaris giving away the award to Anil Sharma, Pepsico India
46 ENTERPRISE IT WORLD SEPTEMBER 2017
CIO200 SUMMIT & AWARDS
Vivek Naidu, Vice President, Kodak Alaris giving away the award to Mahesh Patil, Skoda Auto India
Vivek Naidu, Vice President, Kodak Alaris giving away the award to Sanjay Tiwari, Suryoday Small Finance Bank
Vivek Naidu, Vice President, Kodak Alaris giving away the award to Sandesh Govalkar, ING Investment Management
Vivek Naidu, Vice President, Kodak Alaris giving away the award to Gururaja Rao Adoni, Telenox Technologies
Vivek Naidu, Vice President, Kodak Alaris giving away the award to Subhash Gaitonde, CapitaWorld
Vivek Naidu, Vice President, Kodak Alaris giving away the award to Dr. Sunil Kumar Pandey, Institute of Technology and Science
Vivek Naidu, Vice President, Kodak Alaris giving away the award to Deep Chandra Joshi, Mylan Pharmaceutical
Vivek Naidu, Vice President, Kodak Alaris giving away the award to Dr. Makarand Vishnu Sawant, Deepak Fertilizers
Nilay Srivastava, IBM giving away the award to Himanshu Rastogi, MediAssist
SEPTEMBER 2017    ENTERPRISE IT WORLD 47
CIO200 SUMMIT & AWARDS
Nilay Srivastava, IBM giving away the award to Milan Kumar, Nihilent Technologies
Nilay Srivastava, IBM giving away the award to Faiz Alam Shaikh, MasterCard
Nilay Srivastava, IBM giving away the award to Arvind Kumar, Skygourmet Catering
Nilay Srivastava, IBM giving away the award to Raghunath Bal, Ahuja Constructions
Nilay Srivastava, IBM giving away the award to Sunil K Sonare, Sadbhav Engineering
Nilay Srivastava, IBM giving away the award to Satish Mahajan, VFS Global
Nilay Srivastava, IBM giving away the award to Deepak Kalambar, Marvel Data Services
Nilay Srivastava, IBM giving away the award to Ajay Kumar Ajmera, Banswara Syntex
Nilay Srivastava, IBM giving away the award to Ashok Tiwari, Varroc Lighting Systems
48 ENTERPRISE IT WORLD SEPTEMBER 2017
CIO200 SUMMIT & AWARDS
Nilay Srivastava, IBM giving away the award to Mayank Bedi, VST Tillers & Tractors
Nilay Srivastava, IBM giving away the award to Sharad Agarwal, JK Tyres
Nilay Srivastava, IBM giving away the award to Lokesh Vishnoi, Rail Vikas Nigam
Nilay Srivastava, IBM giving away the award to Anil Ranjan, Macawber Beekay
Nilay Srivastava, IBM giving away the award to Sanjay Garde, JK Papers
Nilay Srivastava, IBM giving away the award to Sanjay Mahajan, Satin Credit Care
Nilay Srivastava, IBM giving away the award to Bohitesh Mishra, Simpa Networks
Nilay Srivastava, IBM giving away the award to Manish Gaur, Patanjali Ayurved
Nilay Srivastava, IBM giving away the award to Tanmoy Mukhopadhyay, A2Z News Channel
SEPTEMBER 2017 ENTERPRISE IT WORLD 49
CIO200 SUMMIT & AWARDS
Sanjib Mohapatra, Publisher, Accent Info Media Group giving away the award to Devendra Rajguru, ICICI Lombard
Vivek Naidu, Vice President, Kodak Alaris giving away the award to Harish Menon, Raychem RPG
Vivek Naidu, Vice President, Kodak Alaris giving away the award to Pragnesh Mistry, Raychem RPG
Sandeep Majumdar, Sify Technologies giving away the award to Dabinder Pal Singh, Om Logistics
Sanjib Mohapatra, Publisher, Accent Info Media Group giving away the award to Suresh Kondamudi, CleverTap
Sanjib Mohapatra, Publisher, Accent Info Media Group giving away the award to Prakash Chowdhary, ICICI Lombard
Sanjib Mohapatra, Publisher, Accent Info Media Group giving away the award to Bipradas Bandyopadhyay, Zuari Infraworld
Sanjib Mohapatra, Publisher, Accent Info Media Group giving away the award to Paresh Goswami, Chiripal Group
Sanjib Mohapatra, Publisher, Accent Info Media Group giving away the award to B L Verma, Sri Lal Bahadur Shastri Rastriya Sansrkit Vidyapeeth
50 ENTERPRISE IT WORLD SEPTEMBER 2017
CIO200 SUMMIT & AWARDS
Sanjib Mohapatra, Publisher, Accent Info Media Group giving away the award to Vishal Anand Gupta, Religare Life Insurance
Sanjib Mohapatra, Publisher, Accent Info Media Group giving away the award to Vishwajeet Singh, Aptech
Sanjib Mohapatra, Publisher, Accent Info Media Group giving away the award to Dr. Ashish Bhardrwaj, Laureate Education Group
Sanjib Mohapatra, Publisher, Accent Info Media Group giving away the award to Joyjit Ghatak Roy Chowdhary, Bennet University
Sanjib Mohapatra, Publisher, Accent Info Media Group giving away the award to Jyoti Chopra, Glaze Trading
Sanjib Mohapatra, Publisher, Accent Info Media Group giving away the award to Punit Rastogi, Transport Corporation of India
Sanjib Mohapatra, Publisher, Accent Info Media Group giving away the award to Manish Sharma, PeopleStrong
Sanjib Mohapatra, Publisher, Accent Info Media Group giving away the award to Shibu V Kurian, 10K Info Data Solutions
Sanjib Mohapatra, Publisher, Accent Info Media Group giving away the award to Jagdeep Singh, Rakuten India
SEPTEMBER 2017 ENTERPRISE IT WORLD
51
CIO200 SUMMIT & AWARDS
Sanjib Mohapatra, Publisher, Accent Info Media Group giving away the award to Deepak Gupta, JK Tyres
Sanjib Mohapatra, Publisher, Accent Info Media Group giving away the award to Rajeev Verma, SRF
Sanjib Mohapatra, Publisher, Accent Info Media Group giving away the award to Sumit Singh, Wockhardt Hospitals
Sanjib Mohapatra, Publisher, Accent Info Media Group giving away the award to Mahanthi Partha Sarathi, Nisarg IT Solutions
Sanjib Mohapatra, Publisher, Accent Info Media Group giving away the award to Pinkesh Ambavat, CRIF Highmark
Alok Gupta, President, PCAIT giving away the award to Anindya Ray Sarkar (BFSI)
Alok Gupta, President, PCAIT giving away the award to Dipak Rout, Arihant Capital Markets
Alok Gupta, President, PCAIT giving away the award to Vinod Pandey, GHCL
Alok Gupta, President, PCAIT giving away the award to Janardhan Reddy, CXO Analytics
52 ENTERPRISE IT WORLD SEPTEMBER 2017
CIO200 SUMMIT & AWARDS
Alok Gupta, President, PCAIT giving away the award to Niraj Pandit, Simpolo Group
Alok Gupta, President, PCAIT giving away the award to RamiReddy Puli, Dr. Reddy’s Foundation
Alok Gupta, President, PCAIT giving away the award to Sanjeev Jain, Integreon Managed Solutions
Sandeep Majumdar, Sify Technologies giving away the award to Yatish Bhatia, ICICI Lombard
Alok Gupta, President, PCAIT giving away the award to Vivek Jadhav, VFS Global
Alok Gupta, President, PCAIT giving away the award to Austin Gomes, People Interactive (Shaadi.com)
Alok Gupta, President, PCAIT giving away the award to Binoy Mathunni, ScoreUp Sports
Alok Gupta, President, PCAIT giving away the award to Prashant Jadhav, Franke Fabre India
Alok Gupta, President, PCAIT giving away the award to Ravi Mundra, Adani Gas
SEPTEMBER 2017 ENTERPRISE IT WORLD 53
CIO200 SUMMIT & AWARDS
Alok Gupta, President, PCAIT giving away the award to Gyan Prakash, Hofincons Industrial Services
Alok Gupta, President, PCAIT giving away the award to Venkata Ramana Ratnakaram, BFIL
Alok Gupta, President, PCAIT giving away the award to Rajeev Singhania, Orane Consulting
Alok Gupta, President, PCAIT giving away the award to Dhiraj Chawla, Shib Dass & Sons
Alok Gupta, President, PCAIT giving away the award to Irshad Saifi, Havells India
Alok Gupta, President, PCAIT giving away the award to Lavesh Verma, Jamna Auto
Alok Gupta, President, PCAIT giving away the award to Sunil Kumar, Mynd Solutions
Alok Gupta, President, PCAIT giving away the award to Randhir Singh, Max Life Insurance
Sanjay Mohapatra, Group Editor, Accent Info Media giving away the award to Jasmine Gorimar, Boehringer Ingelheim
54 ENTERPRISE IT WORLD SEPTEMBER 2017
CIO200 SUMMIT & AWARDS
Sanjay Mohapatra, Group Editor, Accent Info Media giving away the award to Ravinder Arora, IRIS Software
Sanjay Mohapatra, Group Editor, Accent Info Media giving away the award to Badar Afaq, Antara Senior Living (A Max India Enterprise)
Sanjay Mohapatra, Group Editor, Accent Info Media giving away the award to Balvinder Banga, DBS Schenker India
Sanjay Mohapatra, Group Editor, Accent Info Media giving away the award to Sourabh Tiwari, Bombay Dyeing
Sanjay Mohapatra, Group Editor, Accent Info Media giving away the award to Ankush Kaura, DCM Shriram
Sanjay Mohapatra, Group Editor, Accent Info Media giving away the award to Manoj Rana, Samsung
Sanjay Mohapatra, Group Editor, Accent Info Media giving away the award to Ashok Kumar Mohanty, Haldirams
Sanjay Mohapatra, Group Editor, Accent Info Media giving away the award to Akshay Kumar Sahani, Alaf
Sanjay Mohapatra, Group Editor, Accent Info Media giving away the award to Manish Kumar Sinha, Vectus Industries
SEPTEMBER 2017 ENTERPRISE IT WORLD 55
CIO200 SUMMIT & AWARDS
Sanjay Mohapatra, Group Editor, Accent Info Media giving away the award to Ajay Yadav, Arshiya Rail infrastructure
Sanjay Mohapatra, Group Editor, Accent Info Media giving away the award to Mahendra Panchal, India First Insurance
Sanjay Mohapatra, Group Editor, Accent Info Media giving away the award to RajKumar Nair, Kanakia Spaces Realty
Sanjay Mohapatra, Group Editor, Accent Info Media giving away the award to Aryan Panchal, Pratham Enterprises
Sanjay Mohapatra, Group Editor, Accent Info Media giving away the award to Amit Jaokar, Choice International
Sanjay Mohapatra, Group Editor, Accent Info Media giving away the award to Debashish Pal, Jaypee Hotels
Sanjay Mohapatra, Group Editor, Accent Info Media giving away the award to Arindham Singha Roy, East India Udyog
Harish Sharma CL, Toyota Financial Services with his ChangeAgents Award
Sanjay Chowdhary, Hamdard Laboratories with his ChangeAgents Award
56 ENTERPRISE IT WORLD SEPTEMBER 2017
CIO200 SUMMIT & AWARDS
POST AWARDS PARTY
SEPTEMBER 2017 ENTERPRISE IT WORLD 57
CXO SPEAKS
BUILDING SECURITY FRAMEWORK FOR YOUR ENTERPRISE
BY SANJAY@ACCENTINFOMEDIA.COM
M
ajor milestones of building a Security Framework for any enterprise is Risk Assessment, Risk Analysis, Risk Treatment and Compliance. The initial baseline assessment is an abbreviated version of a more full-blown “Risk or security assessment/analysis.” The assessment is only as good as the honesty and knowledge of the people who answer the questions and the experience and knowledge of the persons interpreting the answers. For example, just because an Organization has policies, does not mean that the policies are being followed or even enforced. It is still necessary to assess at a more detailed level by testing a policy to see if people are in compliance with it. After the report is complete, an Organization must deal with the number one issue to a successful security program: Management commitment .Each organization will find the level of Management commitment very different. It may be easy to get the needed buy-in because of an incident causing financial loss, or it may be difficult because Management does not understand all the risks, as the baseline report points out. Presenting them in a Business context will help management understand. In either case, be prepared by understanding management’s business expectations and use the sample questions as indicated in Annexure 1 to educate management to the security concerns. Until security matters as much to management as the bottom line the users will not make security policies, guidelines and procedures a priority. As the security program grows, it will be equally important to have management’s buy-in throughout all levels of the organization – from executives to line managers.
ANNEXURE 1: BASELINE ASSESSMENT OF COMPANY SECURITY STATUS. l Are company policies defined to address business use of company resources, covering such things as explicit and appropriate e-mail privacy or Internet usage policy? Are they enforced consistently, if at all?
58 ENTERPRISE IT WORLD SEPTEMBER 2017
l Are the company’s operating systems up-to-date with the most current security patches to prevent exposure to known hacking vulnerabilities? Do you know which vulnerabilities can be exploited to access your system? l Is your company able to detect a computer crime, and can you gather evidence that can prove to the court, media, or stockholders how the crime was perpetrated and who committed the crime? l Does your company allow remote access from home or wireless? Are employees working only from the corporate office? What methods do employees use to access the network? Have they created any methods you are not aware of, such as remote control or modems on a desktop? l What is sent across the company network? Do the transmissions include vital or confidential information? l Is there a definition of “incident”? Has an incident response plan been created to handle critical incidents? Does management want to have ability to criminally prosecute on incidents, making it necessary for evidence to stand up in the legal system? l Are all users authenticated and authorized to use the company network? l Are all of the entry points into the company known and documented? Does that include the ones that exist because of technology, such as modems, personal Internet connections, extranet connectivity, and any others? Security will be cast in the same light as insurance. Security, like insurance minimizes what one has at risk. A company spends money to have security, because it is not willing to accept the risk associated with all of the vulnerabilities that put the business at risk. Security does not increase business profitability unless a company can show that its security provides an advantage over its competition. For most companies, security does not generate revenue. It is a cost of doing business. Security will be viewed as an expense, but must be seen as necessary cost of doing business. With the huge dependency today on data, it is no longer an issue of whether a company can afford to provide security measures, but whether the company can afford not to.
CXO SPEAKS
SUDIPTA BISWAS,
VICE PRESIDENT AND CISO, PRIME INFOSERV
“After the report is complete, an Organization must deal with the
number one issue to a successful security program: Management commitment .”
Next step is budget to back the efforts of the security program, which includes appropriate salaries to hire security professionals or the necessary security consultants who can assist in continuing management education, technology evaluation, procuring tools, forming policies & procedures and can help to complete the building of the security infrastructure. The budget should be provided for a team that will coordinate & implement a successful Security project. The team will build the corporate security framework or plan and present it to management for continued commitment and potential additional budget needs. A security awareness program begins to take shape at this point, simply to keep manage-
ment informed of security architecture and funding needs. This communication could be formal or informal. Making it more formal will make the process of keeping management informed, consistent and timely. The security awareness program is key milestone for building a robust Security Framework & is required throughout the security programs lifecycle, regardless of whether the process is made formal or not. The security awareness program may find it necessary to illustrate examples to management of recent incidents and legislation or regulations to help understand the importance and justify continued budgetary and administrative support for security. The plan should include prioritization of
activities to build the perfect security Programme. Depending on the organization, it may be necessary to use formal assessment to help prioritize actions, build support (management commitment using the security awareness program), or to identify additions or changes to the framework. Enterprise wide risk assessments can be very labor intensive. It is very important to set expectations and a goal for the assessment. This can be difficult, especially if no other assessments have ever been done. However it is extremely essential to strike a balance between Risk Assessment and business need for Risk treatment / mitigation. It may so happen that Management may like to accept some of the risks considering its impact SEPTEMBER 2017 ENTERPRISE IT WORLD 59
CXO SPEAKS
on their Business. There is a common saying in Security Parlance “How much is too much?” Assessments come in many forms: from the formal enterprise wide assessment that covers the entire corporation and its processing environment to smaller targeted assessments of selected platforms. For example, penetration tests or vulnerability scans can be performed against the company’s external access points to find exposures to unauthorized entry. Another example might be an analysis of host operating systems to determine their status and whether they are missing security patches or are improperly configured. A formal corporate risk assessment could arguably be identified as the Number one requirement to build a security program. How can a company identify what needs to be done, where the framework is incomplete, what to prioritize, what is missing from policy, essentially what to tell management, without one? It is true that each element in the infrastructure and the risks that pertain to them will affect other elements, and each risk will in turn affect how the complete framework should be managed. However, many companies do not have the luxury of time, money, or commitment to get into an enterprise wide risk assessment. Smaller targeted assessments with a specific goal in mind can be pursued first to get a security process off the ground. Smaller, less formal assessments can identify gaps in basic security components such as application development, servers, or the network. The simple assessment can help identify basic best practices that are missing but, as a matter of due diligence, should be followed. This gives the plan a place to start without needing the more complex formal or enterprise wide assessment first. In such a situation, the more formal complete enterprise wide risk assessment can be prioritized for a later date.
LAW AND ORDER: POLICIES, PROCEDURES, STANDARDS, AND GUIDELINES Every world needs some form of law and order. Corporate security policy provides the backbone, the roadmap or recipe for this Security Framework. It defines where a company is and where it wants to go. It establishes baselines to which business processing must adhere to. The baselines are the prescribed security controls specified for each component (hardware/ software) in the data processing environment in order to achieve a reasonable and consistent level of security throughout the organization. Guidelines are documented in such places as the Common Criteria, Policy and procedures 60 ENTERPRISE IT WORLD SEPTEMBER 2017
are living documents that change constantly as technology evolves or as business needs change. There are differing layers of policy. The higherlevel policy should be reasonably generic and cover such items as “It is the policy of Company X that all computer systems will maintain virus scanning tools with up-to-date virus signatures.” This is a management statement of direction. At a lower level are more technical statements or standards that spell out the specific virus scanning software on which the company has standardized. This is the company virus scanning standard. Procedures are the step-by-step actions to support policy and will identify the specifics of how to maintain the virus signatures or use the standard virus tool. These lower-level policies must be maintained and must evolve, always having the support of management and company commitment for consistent enforcement. Higher-level policy is less likely to change but, nonetheless, must be regularly reviewed and even tested to see if it is still applicable to the organization’s business model. Policy, just like program code, should have version control, with old versions archived for future reference, management review, and authorizations (signoff) for implementation. These are the essential components of basic change management.
COMPLIANCE: Compliance plays a Vital Role in maintaining security framework. Availability of robust Security Policies, Procedures & Guidelines does not ensure they are being followed to prevent any security pit fall. Even availability of best of the breed Security Tools & solutions does not mean that they have been configured properly, patched and maintained at regular interval. Hence Information systems should be regularly checked for compliance with security implementation standards. Technical compliance checking involves the examination of operational systems to ensure that hardware and software controls have been correctly implemented. This type of compliance checking requires specialist technical personnel & should be performed manually supported by appropriate software tools, if necessary. Compliance checking, for example, Penetration testing which should be carried out by independent experts specifically trained for this purpose. This can be useful in detecting vulnerabilities in the system and for checking how effective the controls are in preventing unauthorized access due to these vulnerabilities. Compliance with legal requirements should be ensured to avoid breaches of any criminal and civil law, statutory, regulatory or contractual obligations and of any security requirements. Hence the design,
operation, use and management of information systems may be subject to statutory, regulatory and contractual security requirements.
CRITICAL SUCCESS FACTORS Experience shows that the following factors are often critical to the successful implementation of information security within an organization: l Security policy, objectives and activities that reflect business objectives; l Visible support and commitment from Management; l A good understanding of the security requirements, risk assessment and risk management; l Distribution of guidance on information security policy , procedure and standards to all employees and contractors; l Providing appropriate Training and Education l A comprehensive and balanced system of measurement to evaluate performance in information security management and feedback suggestions for improvement.
SUMMARY Learn from the mistakes of others. You will not live long enough to make all of them yourself. One needs to learn from past mistakes. Not patching or performing maintenance on hardware and software leaves them vulnerable to the same unauthorized access. Known vulnerabilities are a primary cause of unauthorized access and jeopardize the stability of the processing environment. There are eight layers of vulnerability. These layers fit neatly into physical, technical, and administrative layers. Detail vulnerabilities can be found in each layers of the OSI Reference Model: physical, data link, network, transport, session, presentation, and application, plus the toughest to control layer of vulnerability, the user, who is probably the greatest exposure. Creating a perfect security environment requires attention to all of the layers that make up a business-processing model. Each layer can introduce unique vulnerabilities. The complete solution is not just about technology. Administration, Management, Policies and process are all important parts of the security solution. Understanding the overall security process can help build a comprehensive security framework. It will have management’s commitment, an adequate budget, and a roadmap called policy with a security awareness program that educates, communicates, and ties everything together by providing feedback to the User as well as management to keep the cycle of security flowing.
DIGITAL DIARY
wide. Many organizations today find digital initiatives popping up in every business unit, in every region and in every department. The floodgates have opened.
VIVEK JADHAV, DEPUTY GENERAL MANAGER IT, VFS GLOBAL
DIGITAL TRANSFORMATION: THE FLOODGATES HAVE OPENED
D
igitization is playing vital role today in all business sectors like Manufacturing, Services, Automobiles, Oil and Gas, Banking, Utility etc. Operation structures are being redrawn for the customers, vendors, business partners, and employees alike. This has been putting immense pressure on CIOs, CTOs and CDOs to regulate and decide whether digitalization solutions are ready for the organiza-
tion. In this increasingly high pressure situation, vital components like reliability, security, usability, performance management, data management and cloud infrastructure sizing should not be neglected. CIO, CTOs and CDOs should have a clear vision of a world in which every customer, worker and supplier is hyper-productive, hyperavailable and hyper-engaged. Innovation in connectivity and IoT devices marked the launch of the digital revolution. The revolution has now reached businesses far and
IN THIS CHAOTIC ENVIRONMENT, CIOS TODAY FACE THE FOLLOWING CHALLENGES: l System Integration challenges – Lack of effective and mobilized IT system for digitalization integration as part of prerequisite. l Regulatory standards and compliance – Managing regulatory standards and compliance issues are among the major challenges toward digital adoption. l Budgetary constraints – Active participation in the objectives defined and acceptance at every level of the organization as well as considerable allocation of funds is a major concern. l Data Capture – Capturing large amounts of customer data from social media, purchase transaction records, call details and GPS signals from mobile phones in fast moving organizations are difficult to manage. l Seamless transition to digital platforms – Online platforms are poorly suited to offering a seamless customer experience thus banks are still in the process of transitioning to up-to-date digital integration platforms. l Organization Silos – Business leaders from various parts of the organization need to collaborate closely. Organizational silos and traditional, hierarchical structures are often a strong inhibitor to digital transformation l Data Security Acceleration – A key challenge when playing with big data is that the data security process should accelerate and prevent malwares like ransomware etc. INDUSTRY DIGITIZATION PROCESS INNOVATIONS: Organizations can benefit by Digitization of Processes through in the following ways: l Service innovation: With integrated mobile payment and shopping apps through digitization, companies will deploy new business models to win over the end consumer and create profitable demand. l Digital transformation: By partnering with intermediaries and specialized companies, digitization of the processes will reshape the employee-employer relationship and offer a new social approach to talent management. l Service innovation via co-creation and crowdsourcing will ensure that any new technology investment goes beyond automating existing processes to support dynamic and strategic analysis, and decision making, to enable the digitalized value chain. SEPTEMBER 2017 ENTERPRISE IT WORLD
61
GUEST ARTICLE
SANDIP KUMAR PANDA, Founder and CEO, InstaSafe
USING SDP TO PROTECT YOUR MOBILE NETWORKS
B Y S A N J AY @ A C C E N T I N FO M E D I A . C O M
“Software-Defined Perimeter (SDP) ensures trusted device access to hybrid networks.”
A
company salesman checking remotely into cloud and headquarter resources for the latest price list for his product and generating a quote for a customer; support workers on the field, accessing the company knowledge base 62 ENTERPRISE IT WORLD SEPTEMBER 2017
for a solution to a tricky technical issue; or even an employee updating travel expenses from his hotel room. These are just a few of many applications for which employees on the move will want to access their private cloud networks for information or to make a transaction, but each of these attempts could translate into a major security risk if we are not careful.
“Organizations need to be able to give their employees access on the fly to data they need, regardless of whether they are accessing from a smartphone, tablet or laptop, and from a variety of remote locations, including public hotspots.” For a time, it was thought that virtual private networks, better known as VPNs, could provide the secure connectivity that is required between multiple people and devices over public networks like the internet. But using these encrypted tunnels on public networks have a number of limitations, including the use by VPNs of sometimes insecure encryption. VPNs also provide all-or-none access to the network, which means that once a device has access to the corporate network, it can from then hop on to other parts of the network, potentially creating damage all along the way. Access requests on VPNs can also have high latency and get bandwidth intensive as they would require traffic to be backhauled in and out of the corporate network. Key to SDP is its addition of a layer of preauthentication and pre-authorization to devices before they can even send a single packet to a server over a network. Client software running on user devices, called initiating hosts, are authenticated on a gateway controller, which is a piece of software that can be quickly deployed and configured in the cloud to give the user appropriate network access based on set policies. “Organizations need to make sure that the access is confined to that set of applications or part of applications that employees really need to access, and both the user and the device need to be first authenticated.” Authentication and authorization are not based on IP addresses but on validation of the the user and the device, thus ensuring access to workers who are coming in from unknown IP addresses such as public hotspots. Unlike VPNs, SDP doesn’t provide broad access to a network, but instead gives the user access to only specific parts of the network related to their business function or role. This feature prevents a malicious insider from taking advantage of access to attack other parts of the network as other resources will remain hidden. The SDP approach also gets around the issue of having to backhaul traffic in and out of the corporate network when using a VPN. In such a scenario, the user would first have to VPN to the corporate network and then access the cloud as if on a corporate local area network. In the SDP model, the user accesses the resource protected by a Gateway, whether resident on the corporate network or the cloud, after being authenticated by the controller.
RNI NO: DEL ENG/ 2017/ 69906 www.ctrls.in Asia's Largest Tier 4 Datacenter
Our customers have every reason to smile as they achieve IT and business alignment, gain agility, comply with regulations and secure their data through our comprehensive service portfolio
Our Comprehensive Service Portfolio Colocation Services Cloud (Public, Private, Hybrid) Community Cloud - Banking Community Cloud - Insurance Community Cloud - Manufacturing Community Cloud Managed Services Disaster Recovery as a Service (DRaaS) Cloud Managed Services Managed Security Services
Powering 13 of the Fortune 100 Global Multinationals and 25 of ET 100 Indian Companies Write to us at marketing@ctrls.in for more details
CtrlS Datacenters Ltd
USA | India | Singapore | Middle East | APAC