Computerworld Singapore September/October 2013 by Executive Networks Media

P20 How to keep terrorists, hackers and other bad guys from stealing your data

Singapore

P14 BYOD blues: What practices and policies to put in place to make staff departures smooth

The Voice of I.T. Management

News P02 Turning Mauritian Smartphones into Smart-wallets P03 Workers Seek Jobs Offering Progress and Higher Pay P04 Singapore Hotel Group Achieves 80% Savings P05 Seagate Invests in R&D Centre in Singapore P06 SingTel, Visa Push for Cashless Payments P07 Singapore’s Cloud Uptake: High But Nascent P08 NUS Advances Analytics in New Course with QlikView P09 jobsDB Partners Yahoo! to Expand Singapore’s Reach P10 Teleperformance, Republic Polytechnic extend partnership

byod P16 Embracing BYOD: Is It Worth It?

i.t. management P17 Eight is Enough! IT’s Biggest Frenemies

virtualisation P21 Minimise Physical Space Usage with Virtualisation

career P24 13 Steps to Dealing With Losing Your IT Job

$2.50/copy inc GST (exclude delivery charges)

wwwww

I nsid e

computerworld.com.sg

september–october 2013

The Mountaineering I.T. Leader Read the full story on page 12

Masterplan to Enhance Singapore’s First Merchant Cyber Security to Accept Bitcoin: Artistry The vision of Singapore’s new fiveyear Masterplan is to be a trusted and robust infocomm hub by 2018. By Nurdianah Md Nur

By Caroline Ng

n an effort to further secure the republic’s cyber environment, the Singapore government has launched a five-year National Cyber Security Masterplan 2018 (NCSM2018). Announcing the launch at the Information Security Seminar 2013 in late July was Dr Yaacob Ibrahim, Minister for Communications and Information in Singapore. According to McAfee’s 2012 State of Security Survey, nearly a quarter of businesses in Singapore did not test their incident response plans or rehearsed incident response plans after a security breach. McAfee’s Digital Assets survey 2013 also found that although seven in 10 Singaporeans were aware of security dangers, they did not have Continued on page 2

CONSIGN BACKUP WINDOWS TO HISTORY Keep Backup Windows in the Past f Enable ZERO-impact backup—even during business hours f Near-INSTANT data recovery—resuming business operations and IT services f RECOVER data to any point in time

Artistry trials the uncharted waters of bitcoin payments, challenging its status-quo in the city-state.

2013

Download White Paper http://info.falconstor.com/WhitePaperRegisterCWS.html For enquire, email us at infoSEA@falconstor.com or call +65.6361.2450

vant-garde is the name of the game at Artistry. From showcasing exhibitions of emerging artists to serving homegrown coffees, the art gallery cafe has become Singapore’s first brick and mortar store to accept bitcoin as payment. As a digital currency, bitcoin is used to make peerto-peer payments with as little as zero fees, without interference from governments or banks. The cafe started turning bitcoins into rounds of drinks, albeit unofficially, in early July and has since made over 20 transactions but raking in over 20 percent in profit just from the rise of its value. “Once we get clarification from the central bank and tax authorities regarding accounting purposes, we will be able to officially roll out bitcoins,” said Pashant Somosundram, Continued on page 6

0 0

news

September – October 2013

Continued from page , Masterplan any security software installed on their mobile devices. Dr Yaacob said: “The Masterplan will enhance the security of Singapore’s critical infocomm infrastructure and address the security of businesses and individuals [… to] create a robust infocomm ecosystem.”

Three Key Areas

NCSM2018 was developed through a multiagency effort led by Infocomm Development Authority of Singapore (IDA) under the guidance of the National Infocomm Security Committee (NISC). The Masterplan will focus on three key areas. First, NCSM2018 will enhance security and resilience of critical infocomm infrastructure (CII). With the CII Protection Assessment Programme, vulnerabilities and gaps in the CII can be identified and addressed. National cyber security exercises will also continue to be conducted for critical sectors, as well as new cross-sectors exercises, to improve overall resilience of infrastructure and services. For the public sector, the existing Cyber Watch Centre and Threat Assessment Centre will be upgraded for improved detection and analytics capabilities. Second, efforts to promote infocomm security adoption among end-users and businesses will be amped up through various publicity channels, including online platforms, roadshows and broadcast media. Dr Yaacob said collaborations with industry and trade associations will also take place “to promote cyber security and exchange of threat information”. The final key area is to grow the republic’s pool of infocomm security experts. In 2011, IT security specialists only made up “one percent of the total infocomm industry manpower in Singapore”, said Dr Yaacob. By having more cyber security professionals today, the republic will be able to better defend against sophisticated cyber threats. To do so, IDA will be working with Institutes of Higher Learning and industry partners to train and develop more students and professionals in infocomm security.

Previous Masterplans

NCSM2018 succeeds both Infocomm Security Masterplan and Infocomm Security Masterplan 2 that were implemented from 2005 to 2012. These previous masterplans had contributed to the establishment of a Cyber-Watch Centre, Threat Analysis Centre and the Cyber Security Awareness Alliance to promote infocomm security awareness. The Association of Information Security Professionals was also set up to help develop local infocomm professionals. The previous masterplans also saw the rollout of the Secure and Resilient Internet Infrastructure Code of Practice, which required designated ISPs to adopt mandatory cyber security measures. ///////////////////////////////////////////////////////////////////////////

computerworld Singapore www.computerworld.com.sg

Turning Mauritian Smartphones into Smart-wallets Mauritius Commercial Bank rolls out the country-first mobile payment app developed by Singapore firm, Tagit, paving the way for a cashless society. By Caroline Ng

ingapore mobile software firm, Tagit, has launched the latest mobile payment service, Juice, to customers of Mauritius Commercial Bank. Marking as the country’s first mobile banking service, the Juice app allows people to use their mobile phones to make purchases, money transfers and ATM withdrawals, bypassing traditional cards.

Cutting Edge

“Tagit has built with us a cutting edge, worldclass MCB app that has set the benchmark for mobile payments and banking,” said Binesh Mangar, Head of Cards SBU at Mauritius Commercial Bank. Through the Juice app, functions such as “Juice Cash” and “Juice ATM” offer more

innovative cash solutions to customers. Juice Cash allows people to withdraw money from partner merchants while Juice ATM enables fund transfer to another account for withdrawal with a generated code. Sandeep Bagaria, Chief Executive of Tagit, said mobile will steer in the evolution of payment methods and banks would profit from creating innovative banking services for its customers. “A market like Mauritius with more than 100 percent mobile penetration is ripe for such new services,” he said. MCB’s m-banking app, which includes Juice mobile banking service, is now available on Google Play store and the Apple App store. ///////////////////////////////////////////////////////////////////////////

Vendor Influence Blinds Enterprises From Cost Savings Hardware refresh cycles and maintenance contracts could be the silent culprits of hidden costs, controlled by vendors: Forrester By Caroline Ng

nder vendor influence, enterprises are spending unnecessarily on premature hardware upgrades and costly maintenance contracts, according to a study by Forrester Consulting. The survey was conducted on 304 IT decision-makers in Australia, France, Germany, India, Japan, Singapore, the UK and the US. “Every CIO should make it a priority to read this report,” said Mike Sheldon, President and Chief Executive of Network Hardware Resale. “Businesses of all sizes need to know that there can be incredible value and cost savings with a reliable third party maintenance service provider.” According to the new study, although IT decision-makers pride cost savings as top priority, many are influenced by vendors, and are oblivious to cheaper third party maintenance solutions and the rewards of extending hardware lifecycle. The industry averages created by vendors for networking infrastructures have resulted in 79 percent of organisations upgrading every one to five years. Such predefined end-of-life agenda often means unnecessary and expensive replacement of IT equipments that have otherwise, a market value of 20-plus years mean time between failure. The findings also showed

that 85 percent of respondents would have kept their legacy networking equipment if vendors continued to support it. Despite the chagrin of most organisations for misrepresented cost savings and inflexible pricing models by vendors, more than 80 percent continue to buy maintenance contracts with them. This irony could be due to a lack of awareness of third party maintenance options. Only 21 percent reported they have leveraged third party bids when negotiating maintenance contracts. But given the knowledge of lower cost solutions, 80 percent said they would switch to third party maintenance.

Recommendations

The research firm recommends companies to: ● Avoid premature and unnecessary upgrades by keeping working equipments. ● Scrutinise all maintenance contracts to find valuable Operational Expenditure savings. ● Place a competitive bidding for maintenance contracts for third party options, resellers. ● Place metrics to reward value, quality and longevity, not just resiliency. ///////////////////////////////////////////////////////////////////////////

computerworld Singapore www.computerworld.com.sg

news

September – October 2013

Workers Seek Jobs Offering Progress and Higher Pay Singapore workers believe being able to thrive in stressful situations, work with people of different cultures and having respect for hierarchy are important in order to secure a job in the republic: jobsDB By Nurdianah Md Nur

ccording to jobsDB’s recent National Day Survey, workers in Singapore viewed the opportunity to progress and earn higher incomes as important when it comes to securing a job in the republic. Held in early July in Singapore, the online survey covered over 2,000 respondents. Eighty-four percent of the respondents rated the opportunity to progress in a new role as highly important when looking for a prospective employer. It was also revealed that 77 percent of the respondents would switch jobs to secure a higher income. Ironically, 67 percent of them would be willing to accept a lower salary to secure a job. This hints that while workers in Singapore are ambitious, many of them consistently felt undervalued. While respondents indicated that they want jobs allowing them to progress and earn higher incomes, they believed that it comes at a cost.

Ninety-five percent of the respondents believed the ability to work in stressful situations is vital to securing a job in Singapore. This reflects the high pressure environments that workers felt they are exposed to.

Culturally Diverse

Hierarchy seems to be prevalent in Singapore’s working environment too as 80 percent of the respondents rated having respect for hierarchy as important. Given Singapore’s culturally diverse workforce, respondents also indicated the ability to work with people of different cultures (94 percent) as important. This finding is further reinforced with 67 percent of respondents believing that being a part of a culturally diverse team is important when evaluating a prospective employer. ///////////////////////////////////////////////////////////////////////////

Joint Lab Advances Technologies for Eye Maladies Singapore and Japan’s top institutes set up a joint lab here to develop ocular technologies. By Caroline Ng

he Institute for Infocomm Research (I²R) has set up a joint laboratory with Japan’s opthalmic manufacturer, Topcon Corporation, to research on eye treatment technologies. The ATLANTIA (Advanced Technological Laboratory for A*STAR aNd Topcon’s Innovative Alliance), located in I²R premises at Fusionopolis, will develop technologies for early detection of eye maladies. Dr. Tan Geok Leng, Executive Director of I²R, said the collaboration will enable them to develop a wide range of technologies that could nip the causes of blindness in the bud.

High Rate of Myopia

“Our eyes are the windows to the world. Early detection of eye diseases such as glaucoma, myopia and age-related macular degeneration can potentially reduce healthcare costs and prevent and reduce pain and suffering,” he said. Despite a well-established healthcare system that has placed Singapore in sixth position among the world’s healthcare systems last ranked by the World Health Organization in 2000, the country still has one of the highest cases of myopia in the world.

Myopia, otherwise known as shortsightedness, allows individuals to see near objects clearly but not distant objects. Eight out of 10 Singaporeans, who are 18 years and above, are myopic with almost three in 10 children, as young as seven years old, suffering from myopia, according to a study by National University of Singapore. Glaucoma, dubbed as the ‘silent thief of sight,’ accounts for 40 percent of blindness in Singapore. Currently, about six percent of the population suffers from chronic glaucoma, a disease that has no symptoms in the early stages. Meanwhile, age-related macular degeneration (AMD) affects close to five percent of the population, with males at higher risk than females. The risk of deteriorating eyesight increases with age, hitting eight percent for those in their 60s and 16 percent for those in their 70s, according to a study by SingHealth. The collaboration aims to reduce the economic and social impact of blindness on patients, healthcare industry and the government by leveraging on the expertise of I²R’s Ocular Imaging Programme and Topcon. The collaboration will develop automated intelligent technologies to improve accuracies

and to speed up detection of eye disorders. These technologies could later be installed by eye screening machines used by hospitals and optical shops in future routine eye checks.

Speed Up Detection

The prospects for high-tech early detection of eye disease are further fuelled by a highly accessible cloud based data management system co-developed for healthcare practitioners and patients. “For early detection of eye diseases, Topcon is developing the cloud-based eye screening and management system,” said Yasufumi Fukuma, President of eye care company at Topcon. “I²R has capabilities in developing the image recognition software from horizontal and cross-sectional ocular images which can be incorporated into our system,” he added. The joint laboratory will leverage on Topcon’s Swept-Source OCT (Optical Coherence Tomography), a pioneering imaging technology that allows doctors to discover the causes of eye diseases, and I²R’s established repertoire of ocular systems. ///////////////////////////////////////////////////////////////////////////

04 0

news

September – October 2013

computerworld Singapore www.computerworld.com.sg

Singapore Hotel Group Achieves 80% Savings Pan Pacific Hotels Group significantly reduces guest response time with Avaya solution By Zafar Anjum

ingapore-based Pan Pacific Hotel Group has achieved 80 percent cost savings with Avaya, a global provider of business communications and collaboration systems and services. The group deployed Avaya Aura Unified Communications and contact centre technology to enhance its resource management, employee mobility and productivity to achieve greater guest satisfaction, said Avaya in a press statement. Based in Singapore, Pan Pacific Hotel Groups owns and/or manages over 30 hotels, resorts and serviced suites with over 10,000 rooms in Asia, Australasia and North America, comprising two brands: Pan Pacific and PARKROYAL. “We needed to improve our industry competitiveness by enhancing staff mobility and offering guests new room service options, such as room cleaning or laundry requests,” said Tsi Lip Siong, Vice President of Information

Technology, Pan Pacific Hotels Group. “We also wanted to reduce equipment maintenance, administration and costs by deploying a converged network to operate hotel telephony, CCTV and inroom data services.”

Better Response to Requests

According to Avaya, core to the deployment was the installation of IP Deskphones in guest rooms and hotel back office, alongside the deployment of the Avaya Aura Communication Manager. The Avaya Aura Unified Communications Network allowed staff members to answer and respond to requests from anywhere in the hotel more efficiently. The deployment enabled the organisation to reduce the number of employee mobile

phones required by about 84 percent (from 160 to around 25 phones), and number of phones required by its back offices by 50 percent (from 300 to 150). More importantly, the deployment allowed the hotel to embrace a BringYour-Own-Device (BYOD) approach where staff could use their own mobile devices to respond to customer demands on-the-go. This has enabled staff to be three to four times more efficient. Pan Pacific Hotels Group has also seen significant cost savings to the tune of 80 percent savings on customer service costs, according to Avaya. ///////////////////////////////////////////////////////////////////////////

Mobile Apps for Nurses on SingHealth’s Nurses’ Day Singapore’s SingHealth presents 7,000 nurses with three specially created mobile apps to help nursing needs. By T.C. Seow

ingapore’s Minister for Health, Gan Kim Yong launched Nurses Pal in late July as part of SingHealth’s Nurses’ Day celebrations. The mobile app will benefit about 7,000 nurses and trainees across the healthcare group’s hospitals, national specialty centres and polyclinics. Developed by Singapore General Hospital’s nurses and Integrated Health Information Systems (IHiS), the Health Ministry’s IT arm, Nurses Pal is the region’s first such set of mobile apps produced by a healthcare group for its nurses. IHiS has developed Nurses Pal on both iOS and Android platforms, based on the most common mobile phones used by SingHealth nurses.

Better and Safer Care

SingHealth Group Director of Nursing, Dr. Tracy Carol Ayre, said: “Nurses Pal is designed by nurses for nurses with localised content that is vital for diagnoses, treatment and patient education. With such comprehensive information at their fingertips, our nurses, especially new recruits will be able to deliver better and safer care. “This is a good start as our nurses continue to explore ways to leverage technology and wireless devices to bring better outcomes to our patients.” IHiS Chief Executive Officer, Dr. Chong Yoke Sin, said: “IHiS is now looking at enhancing the

smartphones every healthcare staff carries, so that they can become smart care tools at staff ’s fingertips to help them work faster and more efficiently.” IHiS Group Chief Information Officer for SingHealth, Benedict Tan, said: “These mobile apps will help increase the productivity of nurses, but more importantly improve the quality of patient care and enhance patient safety.” With Nurses Pal, healthcare staff will have a convenient point-of-care tools and guides to use without having to leave a patient’s bedside. Designed with evidence-based clinical instructions and illustrations, the mobile apps will help nurses more quickly identify patients at risk and carry out early interventions to prevent their conditions from deteriorating.

Key Apps

The three key apps are: ● Intravenous Drip Rate App—The app helps nurses more quickly adjust patients’ intravenous drips by simulating the sound of the correct drip flow rates using the latest mobile multimedia technology. Nurses first enter into their smartphones data such as a patient’s fluid infusion type, volume and required time. The app then calculates and generates the sound of the correct rate of

drops for the nurses to use to calibrate the patient’s drip. This saves nurses time counting drops with their stopwatches. IHiS has also built into the app a reminder to alert nurses when drip bottles are due to be changed. ● Pressure Ulcer App—This app uses the Braden Scale to assess a patient’s risk of developing bedsores. Nurses enter into their smartphones their assessment of patients’ alertness, ability to move independently, nutrition level, skin moisture and friction in daily movements. The app then calculates the Braden score and reminds the nurses of preventive actions to take, based on SingHealth’s care procedures. ● Falls Prevention App—The Prevention and Management of Patient’s Fall App helps nurses calculate patients’ risk of falling using the Morse Fall Score, which is used internationally. Nurses enter into their mobile phones patients’ fall history, secondary diagnosis, gait, mental status and need for walking aids. The app then calculates the patients’ Morse Fall Scores, and guides the nurses on their care strategies according to SingHealth’s care plans. ///////////////////////////////////////////////////////////////////////////

news

computerworld Singapore www.computerworld.com.sg

September – October 2013

Seagate Invests in R&D Centre in Singapore With an investment of over S$100 million, the new facility will be ready by early 2015. It will house all R&D personnel to foster collaboration and innovation. By Nurdianah Md Nur

eagate has unveiled plans to build a new design centre at one-north in Singapore. Over S$100 million (US$78.7 million) is invested in the new facility, said Mark Re, CTO and Senior Vice President for Research and Development at Seagate Technology, at the groundbreaking ceremony in late July. Named ‘The Shugart’, after the company’s founder Alan Shugart, the facility is scheduled to be completed by early 2015. With a gross floor area of about 40,880 sqm, it will consist of a nine-floor tower connected to a six-floor tower with three basement levels. The Shugart will provide research and development (R&D) facilities for the mobile storage R&D team in Singapore, said Re. The team will focus on developing 2.5-inch HDDs for thin and light devices such as tablets and slim external storage products, as well as for network attached storage solutions. Focusing on this area will be beneficial to Seagate. According to John Ryding, IDC’s Research Vice President for Hard Disk Drives, the 2.5-inch HDD will contribute to “nearly 60 percent of worldwide HDD industry shipments”.

Another Development

Another development that Seagate is looking into is the heat-assisted magnetic recording (HAMR) which helps increase storage capacities of hard drives. As of March 2012, Seagate announced that its first generation HAMR drives achieved a storage density of 1 terabit per square inch. With this, future maximum capacity of 3.5-inch and 2.5 drives would be 6TB and 2TB respectively. Seagate has been in Singapore for over 30 years. Its current footprints in the city-state include Seagate Singapore International Headquarters (IHQ) in Ang Mo Kio, the Woodlands Recording Media operation, and the Science Park Design Centre. The team in the Science Park Design Centre will be relocating to The Shugart building when it is ready. ////////////////////////////////////////////////////////////////////////////////////////////////

SingTel Launches New Mobile Social Plans for Prepaid Users With these new plans, prepaid users will receive 1GB of data per day that they can use to either send instant messages via WhatsApp or surf the web at an affordable rate. By Nurdianah Md Nur

ith SingTel’s new prepaid mobile social plans, prepaid users can now be connected to the Internet and send instant messages at an affordable rate. For avid WhatsApp users, SingTel’s WhatsApp plans offer them 1GB worth of data per day. A one-day plan costs only SG$0.50 (US$0.40). Users can take advantage of savings by subscribing to a seven-day or 30-day plan, priced at S$3 (US$2.40) and S$6 (US$4.70) respectively.

Users preferring data to surf the web or connect to social networks via their mobile devices can leverage SingTel’s Opera Mini Surf & Mail plans. Priced at S$1 (US$0.80) for a one-day plan, prepaid users are provided with 1GB of data per day for web surfing via the Opera Mini Browser. Those looking for longer coverage can opt for a seven-day or 30-day plan which costs S$5 (US$3.90) and $10 (US$7.90) respectively.

Meet Online Needs

Opera Mini can be used with feature phones, smartphones, as well as iOS and Android tablets. Johan Buse, SingTel’s Vice President of Consumer Marketing, said these plans will help “meet the prepaid users’ online needs” —such as being active on social media and embracing web-based apps—“at an affordable price”. //////////////////////////////////////////////////////////////////////////

06 0

September – October 2013

news

computerworld Singapore www.computerworld.com.sg

SingTel, Visa Push for Cashless Payments By early 2014, SingTel customers in Singapore can make payments by waving their NFC-enabled smartphones at any Visa payWave acceptance point. By Nurdianah Md Nur

ash—and maybe even cards—may soon be a thing of the past. Visa and SingTel have jointly announced that Visa is currently working to link Visa prepaid accounts to mCash, SingTel’s mobile money solution.

Easy and Convenient

SingTel customers in Singapore will thus be able to pay for goods and services by simply waving their NFC-enabled smartphones at any Visa payWave acceptance points from early 2014 onwards. There are currently over 12,000 Visa

payWave acceptance points in Singapore. These merchants include Din Tai Fung, Fairprice, Burger King, G2000 and Eng Wah Cinemas. Gan Siok Hoon, SingTel’s Vice President for mCommerce, said: “SingTel is excited to broaden the capabilities of mCash with Visa payments in our push towards a cashless society. With Visa’s extensive network, cashless payments will be even easier and more convenient for our customers.” ///////////////////////////////////////////////////////////////////////////

Continued from page 1, Bitcoin Owner of Artistry. While adoption is trickling leisurely for Artistry, new bitcoin services are popping up daily around the world. In fact, small businesses are driving the nascent technology. “Unlike large corporations which have a mutual interest in maintaining the status quo, SMEs have more to gain because they can increase their margins by reducing fees to institutions,” said Philip Mockridge, Cofounder of Squash Passion, who has also started accepting bitcoins.

Slow to React

Although bitcoin seems to be gaining traction by such pioneering businesses, governments and banks have historically been slow to react to new digital trends. Currently, virtual currencies do not fall under the regulatory ambit of Monetary Authority of Singapore—the Current Act only regulates legally tendered bills. Banks also have little incentive to change the system to compete fairly in the market. “The problem in today’s economy is that you cannot keep money outside the banking system,” said Luv Khemani, Founder of Singapore’s only bitcoin exchange, FYB-SG. “So money is guaranteed to be stuck in the banking system, allowing banks to leverage up many times—fractional reserve banking—than would be possible in an open system as there is little fear of a bank run when money cannot leave the system.” As a decentralised currency, bitcoin is designed to bypass governments and banks. This means if bitcoins were to become a widely accepted currency one day, the power of governments and banks could be diluted unless agreements can be made to achieve a win-win situation. But sceptics are reserving their doubts as to whether governments might be willing to

Mobiroo Introduces Apps Unlimited Service on M1’s MiBox Instead of paying for individual apps, M1 MiBox’s customers can now pay an affordable subscription fee to gain unlimited access to top paid Android apps and games. By Nurdianah Md Nur

bow to the disruptive technology but expecting instead a clampdown. Last week, Thailand has become the world’s first country to issue a preliminary ruling to render using the cryptocurrency as illegal. Bank of Thailand has also refused to give a licence to Bitcoin Co. Ltd, a Bangkok-based exchange, which it needs to operate lawfully. Since Singapore’s central bank has yet to define what bitcoin is, local exchange FYB-SG does not need a licence to operate.

Tech Giants as Clearing Houses

While it is unclear how bitcoin will fit into the financial landscape, “tech giants could develop processing capacity and become clearing houses of digital currency either on their own or through joint ventures with financial institutions,” according to a latest report by the Banco Bilbao Vizcaya Argentaria. “If bitcoin really takes off, banks will have to get involved in it in some way,” said Michael Yeo, Market Analyst for IDC Financial Insights. “A bank could still possibly get into the ecosystem by leveraging on its own expertise in areas such as providing underlying systems for potential merchant point-of-sale systems or via providing secure transaction frameworks that comply with local regulatory requirements.” ////////////////////////////////////////////////////////////////////////////

obiroo, a Canadian mobile apps pioneer, has partnered with M1 to introduce the first App Subscription service for Android set-top boxes in Singapore. With the service, customers will gain unlimited access to hundreds of top paid Android apps and games from all categories. This includes top apps from developers including Team17, Halfbrick, HeroCraft and Gamehouse. Mobiroo will be available through M1’s MiBox Internet TV service for S$5.35 (US$4.20) per month, excluding the basic MiBox fee.

Value for Money

“It is great value for money as M1 customers pay an affordable fee... for unlimited access and unlimited downloads to hundreds of Android games and apps. [This saves them] thousands of dollars on their usual individual app downloads,” said Alan Wong, Mobiroo’s president of APAC. As part of MiBox’s launch promotion, customers can enjoy a two-week free trial of the service till 27 August 2013. Thereafter, the free trial is limited to seven days. Mobiroo will be rolled out onto phones and tablets within the coming months. ///////////////////////////////////////////////////////////////////////////

computerworld Singapore www.computerworld.com.sg

news

September – October 2013

Singapore’s Cloud Uptake: High But Nascent Opportunities abound for enterprises to step up to hybrid cloud for more advanced activities, according to a survey by Rackspace. By Caroline Ng

espite Singapore’s success in cloud adoption, at 73 percent, falling shortly behind India (79 percent) and Hong Kong (84 percent), the city-state remains far from unlocking true cloud value as it has been underutilised, according to a survey by Rackspace. The survey, based on 712 IT decision makers across the three cities, revealed that cloud has been largely used for basic applications, including storage (66 percent), email hosting (65 percent) and back-up (58 percent). Only a minority camp use it for advanced activities, including disaster recovery (23 percent), supply chain (19 percent) and application testing (18 percent).

Lags Behind US

The results of Singapore’s hybrid cloud uptake pale in comparison to the same survey conducted in the US. According to the cloud computing survey, the American market is more advanced in cloud

usage. Sixty-four percent of enterprises use cloud computing for disaster recovery while 62 percent use it for testing and development. The prevalence of basic cloud usage in Singapore presents “a huge opportunity for organisations to tap into hybrid cloud solutions in particular to save costs, increase flexibility and security across a much greater range of applications and IT-related activities,” said Ajit Melarkode, Managing Director of Rackspace Asia Pacific.

Barriers to Cloud Maturity

Security tops the list of concerns echoed by senior management. Three quarters (75 percent) of respondents in Singapore said data security is their main concern. Fifty-eight percent also felt there is still a raft of market confusion revolving around cloud implementation while 53 percent of companies are concerned about meeting compliance requirements.

ITE Sets Up Joint Training Centre

“These concerns are potential barriers to the full adoption of cloud computing technologies in Singapore,” said Melarkode. “Hybrid cloud solutions can provide a way to get both security and potential compliancy of private cloud and the scalability of public cloud.” According to Melarkode, education on cloud implementation is needed to bridge the vacuum that currently exists in Singapore.

Gaining Traction

Despite cloud’s relatively nascent phase in Singapore, the survey has also found that among those respondents who have yet to use cloud, 84 percent have expressed their intentions to do so, driven by the need to stay relevant in the future. Of these, 42 percent were considering a transition within the next 12 months while another 45 percent were looking at a span of one to two years. ///////////////////////////////////////////////////////////////////////////

from our CAD training will be an asset to the students for any professional career in the electronics industry,” said Thomas Liratsch, General Manager of CadSoft Computer. Ravi Pagar, Regional Director of element14 South Asia, said their connection with industryleading suppliers will enable them to “work more closely on industrial projects together to enhance the training of their students.”

Partnership with CadSoft and element14 is set to boost electronics design training in the institution. By Caroline Ng

Schematics Capture

Under this partnership, CadSoft will collaborate with ITE to develop its PCB design curriculum in the electronics faculty. This includes schematics capture, components of library creation and PCB routing. Dr. Yek Tiew Ming, Principal at ITE College

element14 EAGLE (Easily Applicable Graphical Layout Editor) Training Centre will provide training for students and industry professionals in the use of the EAGLE software. EAGLE is a computer-aided design software which has been used by engineers for about 25 years. The eighth time product-of-the-year winner, awarded by Elektronik, offers great value to schools with its free lifetime support, as well

West, said the new training centre represents a closer relationship with the industry in a move to prepare students with industry-relevant skills and increase their employability. “This partnership will offer an excellent platform for us to draw on their [CadSoft and element14] individual strengths and synergise their resources for the common good,” he said.

nstitute of Technical Education (ITE) Singapore has established a joint training centre with electronics vendors CadSoft Computer and element14. Located at ITE College West, the CadSoft

as the flexibility of interchanging between all three operating systems. The training aims to acquaint students early on with ‘a taste of the real world’ for professional careers in the field of electronics design. “The familiarity and proficiency gained

///////////////////////////////////////////////////////////////////////////

08 0

September – October 2013

news

computerworld Singapore www.computerworld.com.sg

NUS Advances Analytics in New Course with QlikView Grooming Singapore’s ‘data scientists’ to tap into the emerging phenomenon of big data. By Caroline Ng

he National University of Singapore has unveiled a new undergraduate degree course that it said can help boost the pool of business analysts in the country. QlikView Academic Program is part of QlikTech’s global Corporate Social Responsibility Program that gives universities around the globe free licences to use its Business Directory platform within the curriculum. Students of the Purchasing and Materials Management course will make use of QlikView Academic Program. The Program has seen 100 grants in schools in 35 countries since its inception one year ago.

Industry experience

The new course will be taught by adjunct associate professor, Keith Carter, who has extensive experience with QlikView to offer students a taste of the real world. “Because of the QlikView Academic Program, instead of using textbooks, our students are getting real industry experience with big data

tools to learn about a wide variety of industries such as transportation, beverage, and retail,” he said. The course aims to inculcate students with strong analytical skills so they could leverage data for better business decisions. “Knowing how to use a ground-breaking tool like QlikView lets them show their future bosses what’s possible,” Carter added. Other universities that benefit from this programme include Universidad Nacional de La Pampa (Agentina); Macquarie University (Australia); British Columbia Institute of Technology (Canada); University of Economics, Prague (Czech Republic); Tallinn University of Technology (Estonia); Polytech Lyon (France); Dresden University of Technology (Germany); Thammast University (Thailand); Stockholm University (Sweden); University of Derby (UK); Idaho State University (US) and Hult International Business School (US). ///////////////////////////////////////////////////////////////////////////

Republic Polytechnic Signs MoU with Cisco Singapore’s Republic Polytechnic and Cisco launch security-focused networking certification; also collaborate on students’ final-year project. By T.C. Seow

isco and Republic Polytechnic have signed a memorandum of agreement to integrate the Cisco CCNA Security training programme into the polytechnic’s Diploma in Information Technology course. CCNA (Cisco Certified Network Associate) certification is a first-level Cisco Career certification. The certification validates the certified person’s ability to install, configure, operate, and troubleshoot medium-size routed and switched networks. The Cisco CCNA Security curriculum within the Diploma in IT will provide students at Republic Polytechnic with the necessary skills for jobs within the network security industry. The programme trains the students on the skills required to develop a security infrastructure, recognise threats and vulnerabilities to networks, and mitigate security threats. According to Cisco, it emphasises core security technologies, the installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices, and competency in the technologies used in a security structure. In addition to this memorandum of agreement, Republic Polytechnic and Cisco

on the business value of technology. The winning final-year project—by Ong Man Ru, Gerald Lim, Gary Koh and Honey Aung—will be displayed at Cisco’s new regional headquarters at Changi.

Longstanding Partnership

collaborated on a project for students enrolled in the final year of the Diploma in IT. For the final year project, students developed a working prototype of a mobility-focused physical demonstration unit, a Web portal for information access, a video and a demonstration script. They were mentored by Cisco engineers, taught to develop outcomes based on business needs and customer applications, and schooled

Said Yeo Li Pheow, Principal/CEO of Republic Polytechnic: “RP values its longstanding partnership with Cisco. This MoU will further provide RP students from the School of Infocomm with the skills and knowledge on computer networking systems, allowing them to sharpen their technical capabilities in this area.” Joshua Soh, Managing Director for Cisco in Singapore and Brunei, said: “I’m excited by the prospects this collaboration provides students in Republic Polytechnic as the skills they learn in the classroom, combined with the practical experiences acquired through their final-year project, will be key for Singapore’s growth as we enhance national competitiveness and continually cultivate a pool of qualified professionals able to bridge the industry demand in the region.” ///////////////////////////////////////////////////////////////////////////

computerworld Singapore www.computerworld.com.sg

news

September – October 2013

jobsDB Partners Yahoo! to Expand Singapore’s Reach Broadening the horizon of talent search for both jobseekers and employers. By Caroline Ng

nline job portal, jobsDB Singapore, has announced a partnership with Yahoo! Asia Pacific to widen the recruitment net for jobseekers in the country. Under this collaboration, Yahoo! Singapore will include a job icon for its 5.5 million unique visitors to directly access about 22,000 available jobs on jobsDB Singapore site. Angeli Beltran, Managing Director of jobsDB Singapore and Malaysia, said Yahoo’s extensive traffic is a perfect synergy for effective matches between job seekers with employers.

Natural Fit

“We chose to partner with Yahoo! APAC for two reasons: firstly, because of the sheer volume of visitors frequenting their site on a monthly basis, and secondly, we see a natural fit between the two brands and the user experience we aim to deliver,” he said. Kee Jon-Tjin, Sales Director of Yahoo! Singapore, said the move will offer another compelling reason for users to visit the site, as well as the convenience for them to search for jobs. “Preferred placement on our home page provides jobsDB an unparalleled reach among Singaporeans,” he said. /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

NLB Leverages SAS solution to Forecast Demand for Books Thanks to the SAS Demand Driven Forecasting solution, the library has seen a 60% improvement in accuracy when forecasting demand for new and existing titles. By Nurdianah Md Nur

ith the wide variety of books that are rolled out into the market daily, how do libraries determine which books and the number of copies to purchase? For Singapore’s National Library Board (NLB), it relies on a SAS Demand Driven Forecasting solution which generates forecasts based on past data statistics. The solution analyses NLB’s loan data to generate unrestricted, rolling forecast numbers for new titles, existing titles and for unmet demand such as patrons who fail to checkout a book on their visit. Each forecast is individually calculated using statistically optimised parameters to provide up-to-date projections. The forecasting processes also take into consideration factors that may impact the demand analysis including loans, categories of books, renewals, reservations, authors, and titles.

Greater Accuracy

By using this solution, the library has seen a 60 percent improvement in accuracy when forecasting demand for new and existing titles. Colin Seow, Manager for Resource Management at NLB, said: “Through the SAS Demand-Driven Forecasting solution, we are able to analyse past patron and circulation data, and turn these data into useful insights to guide our acquisition decisions.” The solution is currently commissioned across NLB’s libraries and is fully automated. It also uses data from different systems, enabling the library’s staff to provide better acquisition and collection planning recommendations with greater accuracy. /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

10 010

September – October 2013

news

computerworld Singapore www.computerworld.com.sg

Teleperformance, Republic Polytechnic extend partnership Both sign a fresh three-year Memorandum of Understanding that encompasses scholarships, joint research projects, student attachments and site visits. By T.C. Seow

ontact centre provider Teleperformance has signed a three-year Memorandum of Understanding with Singapore’s Republic Polytechnic (RP) to extend their partnership aimed at training and nurturing the next generation of customer experience professionals in Singapore. Under the MoU, Teleperformance will offer 10 scholarships per year worth US$5,000 each to third-year students from the Diploma in Customer Relationship and Service Management programme at RP’s School of Hospitality. Students who are awarded the scholarship will be enrolled in a one-year management trainee programme at Teleperformance upon graduation. The best performing scholars will be given short overseas stints during their attachment, allowing them to observe global industry best practices in action. RP students will also benefit from internship opportunities and site visits that will provide them with valuable industry experience.

aim of raising industry standards in Singapore and the region. Albert Toh, Director, School of Hospitality, Republic Polytechnic, said: “This is an important collaboration for Republic Polytechnic’s Diploma in Customer Relationship and Service Management, as it allows our students to gain valuable industry experience, while at the same time keeping our faculty abreast of the latest industry trends to ensure that our curriculum is industry-relevant.”

Transform Passion into Excellence

In addition, the MOU includes plans for joint research programmes and staff exchanges that will allow both organisations to share knowledge and expertise in the area of customer relationship and service management, with the

“We are pleased to offer RP students the opportunity to transform their passion into excellence. Our global network and emphasis on industry best practices will be invaluable as these young talents embark on a career of delivering excellent customer service,” commented Jeffrey Nah, CEO, Southeast Asia, Teleperformance. ///////////////////////////////////////////////////////////////////////////

DHL and Infineon Achieve the ‘Perfect’ Supply Chain The partnership established for Zero Defects Program wins Best Collaborative Partnership Award. By Nurdianah Md Nur

HL and Infineon Technologies, a global semiconductor solutions provider, have today jointly announced that they have created a ‘perfect’ supply chain via a Zero Defects Program. This achievement brings several benefits to Infineon’s customers: damage-free and always on-time deliveries with no shipments or packages lost, and correct documentation at all times. Launched in Asia in 2010, the Zero Defects Program aims to reduce the number of supply chain management and distribution defects to zero. In its first year, the program targeted a reduction in defects by 50 percent at Infineon regional distribution centre in Singapore, which is managed by DHL Supply Chain. Similar goals were established for DHL Global Forwarding, which offers air freight services, and DHL Express, which is responsible for getting Infineon’s time-definite shipments to customers across the region.

Zero Defect Target

In 2011, DHL Supply Chain was tasked to deliver another 50 percent reduction in defects. A zero defect target was achieved in 2012. Roxane Desmicht, Senior Director for Corporate Supply Chain at Infineon Technologies Asia Pacific, said: “A defect in one of our shipments for any reason can idle a line and result in a loss of millions of dollars. Our collaboration with DHL has helped us streamline our processes and find greater operational efficiency.” The Zero Defects Program is built on the foundation of DHL First Choice. The latter uses tools and strategies from Six Sigma and Lean process improvement methodologies to achieve a customer-centric culture focused on the continuous enhancement of service quality. At the 9th annual SCM Logistics Excellence Awards in Singapore in July this year, DHL and Infineon were presented Best Collaborative Partnership Award for their partnership established for this Zero Defects Program. ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

news

computerworld Singapore www.computerworld.com.sg

September – October 2013

FACT Software Signs on 4 Partners in India The Singapore-based ERP vendor recently announced channel partnerships with Octopus Systems, Transteck Systems, Middlepath Technology Solutions and Treewalker Technologies. By F.Y. Teng

he enterprise resource planning (ERP) technology provider FACT Software— with its business headquarters in Singapore and research and development centre in Kolkata, India—announced in early August that it had “signed four strategic channel partners as part of its national expansion plans in the fast-growing Indian market.” The companies named were: Octopus Systems, Transteck Systems Private Limited, Middlepath Technology Solutions and Treewalker Technologies Pvt Ltd. According to FACT Software executives, these partnerships will enable their company “to reach 45 percent more SMEs [small and medium enterprises]” in the Indian market. “FACT was set up in India 25 years ago and we continue to be committed towards helping SMEs become more efficient, more productive and, as a result, more profitable,” said Founder and CEO of FACT Software Arvind Agarwalla, who firmly believes the ERP market in India will continue to grow, in great part due to the demand among SMEs.

Educating the Audience

“SMEs in India put in 40 percent towards the country’s exports and employ 40 percent of its workforce, but their contribution towards India’s GDP is only 17 percent. The lack of technology adoption is holding many of these businesses back. FACT is focused on educating

this audience on the significance of technology adoption,” said Agarwalla. “The four strategic channel partners, three in Bangalore and one in Mumbai, are expected to further open up the India market for FACT, widening their brand awareness and presence. The level of knowledge and experience that each of the channel partners brings to FACT is something that we are very keen on as it helps us serve our customers better.”

Commenting on their channel partnership, CEO of Transteck Systems Vikash Raj Bhansali said: “FACT’s unique product, advanced technology and world-class customer service appeals greatly to both channel distribution partners and their clients.This partnership will enhance the efficiency of our customers and at the same time reduce their costs.” ///////////////////////////////////////////////////////////////////////////

Pacnet Appoints New VP of Customer Operations Also launches Pacnet Connect that complements the company’s customer and technical support capabilities. By Zafar Anjum

acnet has appointed Paul Cooney as Vice President of Customer Operations to manage the company’s global customer support team, the company announced in mid-July. Cooney brings over 28 years of industry experience into Asia Pacific’s leading provider of managed data connectivity solutions. He was previously responsible for Customer Operations with Nokia Siemens Networks in Australia.

New Initiatives

Pacnet announced that it has also launched Pacnet Connect, an enhanced customer portal that provides online information and communication. This portal allows customers to access service details, monitor network performance, process billing information

and request support. “I am very excited to join Pacnet as it embarks on a range of new initiatives targeted to deliver enhanced service and support to customers around the world,” said Cooney. “The launch of Pacnet Connect demonstrates our continued innovation and strong commitment towards improving our customer experience by enabling real-time monitoring and management of these services.” According to the company, Pacnet Connect complements the company’s broad customer and technical support capabilities which include its Malaysia-located Customer Services Center, Network Operations Centers (NOCs) in Singapore, Sydney and global field operations team. ///////////////////////////////////////////////////////////////////////////

September – October 2013

I.T. leader

computerworld Singapore www.computerworld.com.sg

n today’s increasingly complex world, IT leaders are expected to move beyond traditional roles and take on a myriad of skills across multiple disciplines within the organisation. But for Marcelo De Santis, he will be doing more than just learning new things and moving out of comfort zones. Come March 2014, he will embark on a climbing expedition to scale Mount Everest. According to De Santis, who is the Director of Information Systems & Business Process Excellence, AP at Mondelez International, the expedition is not just about scaling new heights but also a personal mission for him to support the United Nations Children’s Fund (UNICEF). In an interview, Computerworld Singapore spoke with De Santis to find out more about his upcoming journey and how climbing relates to IT leadership management.

The Mountaineering IT Leader Marcelo De Santis of Mondelez is scaling Mount Everest in support of UNICEF.

1) Please tell us more about the impending expedition.

In 2014, I am planning to climb Mount Everest in support to UNICEF (Expedition Climbing for the Children http://www.firstgiving.com/fundraiser/ MarceloDeSantis/climbingforthechildren) with the objective to raise US$250,000 in donation funds. I think that taking the UNICEF flag to the top of the world is a way to raise awareness about the issues affecting childhood as well as to highlight the importance of supporting the UNICEF cause. All raised funds will go to UNICEF, none of those funds go to me or any expedition member. Every day 19,000 children die of causes that we can prevent. The majority of deaths occur among the poorer families in developing countries. Personally, I do feel a huge responsibility to work and contribute to change that reality for better and provide a brighter future for those children. I decided to support UNICEF since its mission is to save and improve children’s lives by providing things like healthcare, immunisations, clean water, nutrition and education. It is also an impactful organisation that covers 190 countries and territories and their programmes have already reduced the number of under-five child deaths more than 40 percent since 1990, a figure that demonstrates it is possible to radically reduce child mortality.

By Jack Loo

Marcelo De Santis

2) Why did you choose climbing?

I believe that you always need to learn new things, especially those that take you out of your comfort zone. Years ago, I started taking part in triathlons to deal with my lack of comfort with open water swimming. After that I wanted to tackle the next challenge, which is being uncomfortable with heights, by climbing mountains. My preparation started four years ago in New Zealand, training with top-notch mountaineering companies and climbing a few 4000-5000-metre peaks. Finally last year,

I attempted my first 8000-metre peak in the Himalayas. I believe adventure sports give me the opportunity to develop and balance myself physically, mentally, emotionally and spiritually. Be it after 11 hours in an Ironman competition, or climbing at 7000 metres with thin air, physical strength is no longer the main source of energy. It is your mind and your connection with others around you that provides you the final boost to your goal.

The expedition to Mount Everest will start at the end of March 2014 and finish by early June. It takes a long time to get your body acclimatised to the thin air and prepare the logistics to ensure a safe ascent to the summit. It is a long journey requiring a significant amount of physical, mental and spiritual strength to handle all the unplanned circumstances that this mountain can dish out to climbers.

computerworld Singapore www.computerworld.com.sg

3) How are you training for your Everest climb?

First, you need to spend a few years climbing, learning alpine climbing techniques and climbing a few peaks to negotiate different terrains with different exposures, understand how to work as part of a climbing team, get well educated in rescue techniques and overall, become comfortable living in harsh conditions. It is almost mandatory that you test how your body will perform at 7000-8000 metres. This is achieved attempting a peak of those characteristics, but you do not want to learn that on Everest. This training alone will take three to four years to complete.

I.T. leader When we were descending to Camp 1, my legs were so fatigued that they were not responding anymore. I said to the team “I stay here in Camp 1, I am too tired. I do not want to slow you down, you guys go ahead and I climb down tomorrow”. One of them looked at me in the eyes and said “We started this together, we will finish this together. I know you can do this, it is not right that we leave you here and it might be dangerous for you.” He gave me his last “energy gel” to eat and I decided to continue with them. We ended up descending safely to base camp at the end of the evening. How important were those words? The next morning, there was an

“Climbing mountains is always a long journey and you need to not only set a clear goal, but also have the resilience and determination to negotiate with unexpected consequences. Things are no different in business.” — Marcelo De Santis, Director of Information Systems & Business Process Excellence, AP, Mondelez International

Once you have this foundation in place, you are ready to start preparing for your Everest climb. It starts with a visit to a doctor to make sure that you are medically fit to climb. I train almost every day mixing strength, endurance and cardio routines with a personal trainer in Singapore. The challenge of living in Singapore is that the only elevated ground closest to a mountain is Bukit Timah Hill. But it is good enough if you ascend and descend multiple times, with a heavy backpack in order to simulate a mountain climb. Your core, legs and lungs will get stronger. Your nutrition is also an important factor and I get help from a nutritionist to build up my muscles for climbing. Later in September, I plan to meet my Everest guide, and visit the mountains to do some technical specific training in exposed and icy terrain.

4) What are the challenges that mountain climbers can face?

In an expedition to the Manaslu peak in the Himalayas, we were almost killed by an avalanche. We were travelling between Camp 2 and Camp 3 and resting for the day, when the avalanche wiped out the two camps within minutes. It was a very challenging moment for the team having to deal with such an unpredictable situation. We finally managed to help those affected and descended safely to the base camp after a long physically and emotionally exhausting day. Sadly we lost climbing colleagues during that episode. I remember how important it was to continuously support each other; we knew it was going to be a long, tough day for each of us.

avalanche at the Camp 1 area. It was probably the most important and timely set of advice I have heard in my life.

5) How does climbing influence you as an IT leader?

Climbing mountains is always a long journey and you need to not only set a clear goal, but also have the resilience and determination to negotiate with unexpected consequences. Things are no different in business. You need to focus on the things that you can control; choosing the right team, continuously developing you and your team’s capabilities, plus creating an atmosphere of mutual trust where the team members help each other. These are the essentials that you need to get right from the beginning in almost any business situation. It is not different from what you do in preparation for a large expedition to the mountains. The unexpected will always be at every corner, waiting to test your work in foundational areas but if they are solid, your chances of succeeding are higher, and honestly, without challenges, there is no opportunity to learn and improve. In my daily role of leading Information Systems in the Asia Pacific region, there are many times where the business challenges test the ability, resilience and dynamics of my team. We have developed and continue to refine those essentials. We certainly know that regardless of the eventual challenges, there is only one way to overcome them; working together, learning together and getting the right people to help us when needed.

September – October 2013

6) Did you apply any management experience to your climbing expeditions?

The funny thing is that being in the Information Systems made me the “to-goperson” for all the technical difficulties at base camp. They range from smartphones not connecting to the satellite dish to the solar panels not charging the battery packs. During work, whenever you deal with large infrastructure outages affecting your business operations, it is important to get the team focused on restoring the operations as fast as possible. Then set out to clearly understand the root causes and learn how to avoid a similar incident in the future. In other words, manage the crisis first and debrief and document the lessons learnt to improve internal processes. When we were dealing with the avalanche situation in the Himalayas, I had to make sure that we were actually looking to focus on the most critical things. It did not matter at that time what was going to happen to the equipment that we located in the higher camps, or the weather forecast had not been well analysed. It only mattered to make a safe, fast descent to base camp due to the danger of additional avalanches. I helped the team to identify what was the right conversation at that moment; sort out the facts, emotions, realities and possibilities to put our attention in the right place.

7) In your opinion, how can sports help an IT leader in his management experience and skills?

Adventure sports and specifically mountaineering, put you in challenging situations and test the speed of your decision making skills. You need right and fast decisions while balancing the impact on yourself, your team, your family and the goal you are trying to achieve. In order to do that, you need to be aware of what you are good at, what you are not good at and learn from each of your colleagues. The combination of individual strengths and your ability to learn from each other is what will make you summit. Nobody can summit a mountain like Everest by himself or herself. Even Edmund Hillary and Sherpa Tenzing Norgay worked as a team to conquer the summit for the first time. Life and business are interlinked, they are not separate events and they are integrated. They are both dynamic, fast paced, filled with challenges and opportunities. But each of us has a choice: to explore, learn and conquer new heights. You will never know what are you capable of if you do not try and when you have a great team by your side, the journey offers significant rewards for everybody. Currently, I am exercising my choice of living this Everest Expedition to meet and learn from great people, to experience the challenges of a large mountain, to spread the word that a better world is needed for our children and help UNICEF fulfill its global mission. //////////////////////////////////////////////////////////////////////

September – October 2013

byod

computerworld Singapore www.computerworld.com.sg

BYOD Blues: What To Do When Employees Leave What practices and policies can IT departments put in place to make departures as smooth as possible? By Lisa Schmeiser

he bring-your-own-device (BYOD) trend is gaining steam, thanks to the cost benefits and increased productivity that can come from allowing employees to provision their own technology. Mobile workers are more likely to put in more hours, so if your employees want to buy their own equipment and do more work on their own time, it’s a win for the company. At least, a BYOD-practising workforce seems like a win right until you have to let one of your BYOD workers go and there’s no easy way to ask if you can please see their iPad for a moment because you want to check if there’s anything on their personal device that doesn’t belong to them. As more workplaces embrace BYOD practices, they’ll increasingly confront the question of how to balance the benefits of a self-provisioned workforce against the risks of company assets walking out the door when workers are let go. What can IT departments currently do to minimise risk when BYOD-practising employees are laid off ? What practices and policies can they put in place to make future departures as smooth as possible?

BYOD layoffs: What you can do now

It’s a fact that some data always walks with the employees: email addresses of business contacts, or knowledge of the organisation’s key business practices and initiatives. In the old days, people slipped files into their briefcases. Digital files just mean that copying and moving information can be done quickly. Skip through the denial and anger stages and just accept that some data is inherently more vulnerable than others, and it’s that vulnerable data, such as emails, that will be walking out the door. “There’s no definitive way to get on to a [departing] employee’s personal devices and undo what’s been done,” says Joshua Weiss, CEO of mobile application development firm TeliApp. “And if your workers have been using off-the-shelf solutions like Dropbox, it’s virtually impossible with some sort of exit interview.” Rick Veague, CTO of IFS Technologies, says that you can sift structured communications data into three distinct categories: email, files that could contain company information, and mobile data. Once you’ve sifted out the data,

you can figure out whether your soon-to-be-ex employee is really in danger of walking out with the company’s assets on an iPad. “Mobile data is a big problem, so it’s time to start compartmentalising risks. This way, you can find a balance between the benefits of a [BYOD] workforce and the risks,” Veague says. And how can your IT department manage the risks without cutting into the perceived BYOD benefits? By planning ahead for the next employee departure.

BYOD layoffs: Plan for the future

If your company is in the happy position of not having to lay anyone off in the near future, then you have time to get a game plan together. Here is a rundown of policies and practices you should consider implementing to make the unfortunate event go more smoothly, while mitigating company risk.

Have a written BYOD policy

This is a simple idea in theory, but not an easy one in practice. TeliApp’s Weiss says that it took his company three months to come up with their current policy. “It started off as a simple paragraph and turned into what felt like a three-page demand letter,” he says. Why did it take so long? TeliApp treated it like a software development project. After that one paragraph, Weiss and his management team began compiling what-if scenarios and incorporating them into the policy, what Weiss calls the policy’s “alpha testing.” Once the team discovered they hadn’t thought of everything, they expanded the BYOD policy to include the real-life situations that arose. After this beta period, the policy was set. For managers looking to establish a BYOD policy, here are some of the issues to consider: 1) Defining “acceptable business use” for the device, such as which activities are determined to directly or indirectly benefit the business. 2) Defining the limits of “acceptable personal use” on company time, such as whether employees will be able to play Angry Birds or load their Kindle’s e-book collection. 3) Defining which apps are allowed or which are not. 4) Defining which company resources (email, calendars, and so on) may be accessed via a personal device.

5) Defining which behaviours won’t be tolerated under the rubric of doing business, such as using the device to harass others on company time, or texting and checking email while driving. 6) Listing which devices IT will allow to access their networks (it helps to be as specific as possible with models, operating systems, and versions). 7) Determining when devices are presented to IT for proper configuration of employment-specific applications and accounts on the device. 8) Outlining the reimbursement policies for costs, such as the purchase of devices and/ or software, the worker’s mobile coverage, and roaming charges. 9) Listing security requirements for devices that must be met before personal devices are allowed to connect to company networks. 10) Listing the what-ifs, including what to do if a device is lost or stolen, what to expect after five failed logins to the device or to a specific application, and what liabilities and risks the employee assumes for physical maintenance of the device.

computerworld Singapore www.computerworld.com.sg

byod

September – October 2013

company network and employee devices. It will ultimately reduce IT’s workload and add a layer of security to the company’s networks. “If you mobile-enable users and they have access to your enterprise data in an unrestricted fashion, you have to actively manage that device, which is difficult to do,” Veague says. One example of a cloud-based service that can minimise risk to the BYOD workplace: YouMail. The voicemail service stores all its customers’ voicemails and call history in the cloud, so an employer who has YouMail as its voicemail standard will retain contact information and voicemail content even after an individual user leaves. The downside? In the current businessclass offerings, users can still access their old accounts. However, in a forthcoming enterprise product, which is still in private beta, but aiming for customer deployment by the end of the summer, an administrator will be able to activate and deactivate individual user accounts. You’ll also want tools that let an administrator remotely wipe or delete an account. This way, former workers can maintain their device, yet they will no longer have access to their old accounts in certain apps. Find applications that minimise the amount of data that’s downloaded to any mobile device, Veague suggests, and follow this rule of thumb: “If you can’t access the app, you can’t access the data.” If this rule is followed, then all an IT admin has to do when an employee leaves is shut off the individual user account; the data remains safe.

Do sweeps regularly

“There’s no definitive way to get on to a [departing] employee’s personal devices and undo what’s been done. And if your workers have been using off-theshelf solutions like Dropbox, it’s virtually impossible with some sort of exit interview.” — Joshua Weiss, CEO of mobile application development firm TeliApp Consider other employee policies

Most companies have established non-compete, confidentiality, and non-disclosure agreements. With these legal protections in place, Weiss says, your employees are already constrained from walking off with a company’s intellectual property and using it for their personal gain.

Monitor where your data is going

This is where IT can shine. By setting up shared company file servers and as well as protocols for who can access files and how, IT can monitor people accessing any locally hosted files. Weiss says that TeliApp runs on the understanding that anything on the company server is company property, and so users don’t

copy files to their desktops. If someone does copy a file, the action is immediately logged and remedied. “Everyone understands the policy after their first well-meaning screw-up,” Weiss says.

Try to keep data off local devices

When choosing applications and services, make sure a lot of data can’t be downloaded and saved to local devices. One of the keys to minimising risk in a BYOD workplace is restricting user access to networks and central repositories. You’ll want to find tools that can sync all user data to a central account that an administrator controls access to. You’ll also want to find ways to place intermediary technologies between the

One of the downsides of a self-provisioning workforce is that not every worker is going to be as assiduous about application updates, security measures, and backups as a dedicated IT professional is. So have IT step in and do regular security check-ups on any devices that are allowed to access company networks. Because security requirements will be written into any BYOD policy, users will know that their devices are going to be scanned and updated regularly.

Hire carefully

This last step may be out of IT’s hands, but it is often the first step in avoiding any problems. Weiss says, “You have to know who you’re hiring—it all comes down to that. If you don’t think a person’s trustworthy, regardless of what their credentials are, then don’t hire them.” With these steps in place, the risks of letting employees provision their own hardware are managed in a way that lets IT professionals still maintain their primary responsibilities to a company without being perceived as an obstacle for mobile-mad employees to work around. And being seen as business-friendly while also protecting the business? That’s the real win-win when you think about employees’ departures as you’re bringing both them and their devices on board. //////////////////////////////////////////////////////////////////////

September – October 2013

byod

computerworld Singapore www.computerworld.com.sg

Embracing BYOD: Is It Worth It? Balancing the benefits of BYOD with its security risks might be tricky but it is not impossible if you have the right policy and security framework in place. by Nurdianah Md Nur

ove it or hate it, there is no escape from the BYOD (Bring Your Own Device) trend. Based on Forrester’s Forrsights Workforce Employee Survey conducted in the fourth quarter of 2012, at least 84 percent of employees in Asia Pacific used smartphones, tablets, apps, and online services they purchased with their own money for both personal use and at work. The BYOD trend in the region is expected to strengthen over the next two years, said Katyayan Gupta, an analyst at Forrester Research. This is due to the increasing quality and affordability of devices, apps, wireless connectivity, coverage and capacity. Since the shift towards this trend has already begun, organisations should aid this transition instead of resisting it.

Upsides of BYOD

Mobility, flexibility of devices to work on and cost savings come to mind when one thinks of the advantages of BYOD. According to Forrester’s survey, more than three quarters of the respondents in Asia Pacific who use a smartphone or tablet for work chose the devices themselves—their companies neither issued nor approve these devices. One organisation that has recognised this trend is Standard Chartered. The bank is currently refining its BYOD strategy, which is a part of its Workspace Technology Strategy, to ensure more flexibility for its deviceusing employees. At Standard Chartered, the Workspace Technology Strategy defines the current and future state Katyayan Gupta for the entire workspace—in terms of devices, security, access, productivity, collaboration and communications—for all its employees. When the bank first started its mobility journey in 2010, the same model of iOSbased devices, with very little variation in its configuration, were issued to its employees. Peter Walker, Group Head of Technology Architecture at Standard Chartered Bank, said: “It was a good strategy back then as it provided cost savings from bulk purchase and ease of controlling security parameters.” However, after examining the work requirements of the different segments of users within the bank, Walker realised that a more flexible BYOD strategy is now needed. “We realised that the needs for mobility, productivity and data security is different. Some [such as executives] have higher productivity as its main

focus while other groups of users [such as customer-facing employees] have customer data privacy as paramount importance.” As part of the changes to its BYOD strategy, about 3,800 of the bank’s employees now have access to their work email and the apps on the internally created Standard Chartered App Centre through their personal smartphones and tablets. The App Centre currently offers 17 proprietary custom-built apps that enable employees to tap into the internal systems for access to information and collaboration. Aside from allowing employees Peter Walker to work on their device of choice, BYOD can help an organisation to save cost, said Marcelo De Santis, Director of Information Systems & Business Process Excellence for Asia Pacific region at Mondelèz International. “There are cost savings associated with BYOD mainly due to relieving the IT team of their responsibility of buying, managing and supporting devices purchased by employees.” The company thus embraced the BYOD trend after recognising that its employees were already using their personal devices for work and analysing the business implications of it.

Security Concerns

Even though the advantages are tempting, the adoption of BYOD is hindered by security concerns, especially data loss or leakage. Based on Forrester’s survey, 27 percent of the respondents in Asia Pacific used unauthorised Internet-based services for work. By accessing or sharing data via these unprotected services, there is potential for that data to be leaked out to external parties. Besides, data loss or leakage can occur if an organisation does not remotely wipe the company-related data stored in the personal devices of employees when they leave the company. The solution adopted by both Mondelèz International and Standard Chartered is to have their employees sign legal agreements acknowledging their understanding and commitment to security before joining the BYOD programme. At Mondelèz International, personal devices permitted for work are required to have basic programmes such as encryption, anti-virus and minimum operating system standards.

Employees who are unable to “self-support their hardware and software” will be denied from being part of the BYOD programme, said De Santis Standard Chartered safeguards its data by having in place digital security measures. “We have installed digital security measures like certificates, password policies and VPN… [as well as] rolled out a mobile device management [MDM] tool that partitions personal data from work-related data,” said Walker.

Guidelines for Devices

Having in place compliance policies and a multi-layered security framework are vital in any BYOD programme, said Gupta. A BYOD policy should contain guidelines for devices, applications and services; allow employees to opt in or out of the programme; and outline penalties for non-compliance. Gupta added that since BYOD is usually linked to productivity, KPIs must be attached to the mobility programme to track progress and be modified as needed. However, it is not enough to simply rely on MDM technologies to completely secure enterprise data, added Gupta. He advised organisations to implement security checks at every point that personal technology and corporate data intersect. For instance, aside from deploying network access control to ensure that only authorised devices have access to corporate files, data on a device or sent outside the firewall should be encrypted. By integrating different layers of security measures into a cohesive network, security fears surrounding BYOD can be alleviated, he said. Even with the right policies and security framework in place, BYOD programmes would not be able to run without employees with the right skills. To provision and manage mobility, organisations should hire professionals with the right skills such as mobile app developers and mobile security specialists, said Gupta. Organisations should also equip their existing networking staff with advanced WLAN skills to support the myriad of devices, and with application optimisation know-how to ensure faster connectivity with centralised apps, especially from remote locations. If these are too much of a hassle, organisations can partner up with an outsourced mobile agency for their needs, said Gupta. //////////////////////////////////////////////////////////////////////

computerworld Singapore www.computerworld.com.sg

i.t. management

September –October 2013

Eight is Enough! IT’s Biggest Frenemies Colleagues can be both allies and adversaries. Here’s how IT can cope with the eight worst types of coworkers. by dan tynan

ou probably have a good idea about who your enemies are. But what about your frenemies? These are people you deal with on a regular basis, largely because you have no choice. But even when their intentions are good, they can still cause you all manner of grief. They range from BYOD Betty, who insists on using her iPhone at work (but wants you to support it) to Cloudy Claudette, who’s running her own shadow IT organisation with the help of public cloud providers. It could be Pedro, the work-at-home manager who never takes off his pajamas but expects tech support to be at his beck and call 24x7, or Leaky Louise, who also brings work files home, until she inevitably loses them. You might work with Frightened Frank, the chief security officer whose vocabulary consists of a single word (“no”) or HR Harriet, the human resources head who makes hiring even more hellish than it should be. And if Legacy Larry, you might still be using hardware or software that hasn’t been updated since the grunge era. The biggest problem with frenemies is that you have to work with these people. You might even have to be nice to them. But while you may never end up BFFs, you don’t have to put up with all their shenanigans. Here are eight common frenemies and how to keep them in check.

IT frenemy No. 1: Legacy Larry

The new senior manager with the perfect cure for your IT woes—and it’s only 20 years old. You know Larry. He’s the new boss who’s brought his favourite tech tools with him—the same ones he used at his last job and the one before that. Now he’s decided that everyone has to use them. Larry can also be the CEO who’ll cling to old technology “as long as it still works,” no matter how paleolithic or performance sapping it may be. Anthony R. Howard recalls having to convince one Legacy Larry to replace the 15-year-old 10/100Mbps switches in his network with newer 10-gigabit models. “I told him, ‘I remember this model; it came out when I was in college,’” says Howard, a best-selling author (“The Invisible Enemy: Black Fox”) and independent technology consultant for Fortune 50 companies and the U.S. military. “’Technology has come a long way since ‘The Matrix’ came out, Larry. Your network is now running 100 times slower than it should be.’”

Robert King, Principal of management consulting firm EntelliProj, was working with an organisation in the mid-2000s built around Microsoft Exchange. A newly hired senior manager convinced the board that Lotus Notes was the collaboration tool of the future. After nearly two years, a steep learning curve, and a vast expenditure of IT resources, Notes was fully deployed—just as Microsoft SharePoint began getting traction in the marketplace. “One of my pet peeves is senior decisionmakers who are indebted to a specific technology and want to implement it in every company they pass through, without regard to cost, training, change management, or employee morale,” says King. “What worked for organisation A won’t necessarily work for organisation B just because an executive changed jobs.” How to keep them in check: You can start by pointing out how much the legacy solution is costing the company, says Howard. “A savvy supplier can get you new equipment that’s cheaper than maintaining the old gear,” he says. “You just have to show Larry this in a way he understands it, using dollar signs. Put it in terms of risk, disadvantage to competition, cost of maintenance, energy usage, and lost productivity.” And if management still insists on using ageing technology? “My advice is to accept that and try to get it to work as best you can,” says King. “If IT continues to resist, it will end up being devalued by senior management and lose influence.”

IT frenemy No. 2: BYOD Betty

No need to supply Betty with mobile technology; she’s bringing her own. What she’s also bringing: A support and security headache. Betty may be constantly on the go, but she’s never very far from her iDevice. Of course,

if she runs into problems, she’ll expect IT to support it, just as Android Alex and BlackBerry Bob do. And if her baby gets lost or stolen, well, let’s hope there’s no sensitive company data on it. The beauty of BYOD is it enables employees to be productive from virtually anywhere with minimal up-front costs for the organisation. But Betty and her cohorts aren’t making any friends in the IT department. “Each new tablet or smartphone platform introduces added complexity for IT,” says Nathan McNeill, Chief Strategy Officer for Bomgar, makers of remote support software. “Not only are reps tasked with troubleshooting them when something goes wrong, they also need to develop—and support—applications that work across different mobile operating systems.” How to keep them in check: Trying to keep people from using their own tablets and smartphones at work is a battle you are likely to lose. But you can take steps to minimise the pain of BYOD. Instead of trying to become experts in all mobile devices, McNeil says, tech support should try to bring in power users with OS expertise to help handle issues as they arise. As for securing BYOD gear, it’s ultimately no different than securing devices distributed by the enterprise, says Tsion Gonen, Chief Strategy Officer for security firm SafeNet. “You start by creating a simple policy that says you can use your phone at work so long as you don’t rootkey or jailbreak it,” says Gonen. “After that, it’s just basic stuff—encrypt the data, enforce a serious password, and enable remote wipes of lost devices. It’s not rocket science. People want to be compliant; you just need to tell them how.”

IT frenemy No. 3: Pedro de las Pajamas

Because he’s special, he gets to work from home. And because he’s constantly having tech

September –October 2013

issues, you get to work from his home, too. Though he’s rarely seen around the office, Pedro’s no slacker. He gets his work done without anyone standing over his shoulder. Thanks to Skype he never misses a meeting. And because there’s no separation between his home and work life, he’ll respond to urgent emails and texts after most of his colleagues have clocked out for the night. But Pedro can be a support nightmare, especially if he lives in a different time zone than other employees, notes Bomgar’s McNeill. He may also be using devices and applications not officially sanctioned by IT, posing potential security or compatibility problems. “Remote workers need just as much tech support as those in the office, but they can cause more headaches,” says McNeill. “If they’re located in different time zones, you need members of your support team available during those hours, regardless of how inconvenient that may be.” You start to understand why Marissa Mayer banned them from Yahoo. How to keep them in check: Having secure remote support tools are critical for helping frenemies like Pedro, McNeill says. You’ll also need education materials on hand so that remote workers can get up to speed on company procedures and technologies on their own. “Supporting remote workers requires IT to be constantly one step ahead,” he says. “You need to anticipate challenges before they arise while also ensuring the tools they’re using to assist these employees are not exposing the company to serious risks.”

i.t. management

computerworld Singapore www.computerworld.com.sg

The biggest problem with frenemies is that you have to work with these people. You might even have to be nice to them. But while you may never end up BFFs, you don’t have to put up with all their shenanigans. IT frenemy No. 4: Leaky Louise

She was only taking work home—she didn’t mean to lose that thumb drive with your entire client list on it. Louise is nothing if not dedicated to her job. Every night, she religiously loads data onto a USB drive or emails files to her personal account so that she can catch up on work after dinner. Though technically against company rules, nobody seems to care—and it’s for the good of the business, right? Nearly half of all employees take company data home with them at least once a week, according to a February 2013 survey by Symantec and the Ponemon Institute. One-third of all companies surveyed by Kaspersky Labs last January reported data loss due to staff members losing mobile devices. Though not as insidious as a rogue insider, Leaky Louise could potentially be more

damaging, especially if she works in a highly regulated industry, such as finance or health care. How to keep them in check: A robust data loss prevention program that encrypts files at rest and on mobile devices is the most thorough way to prevent data spills, says Robert Hamilton, Director of Product Marketing for Symantec’s data loss prevention products. If a device is lost or stolen, encrypting the data on it will make it useless to anyone else. If an employee goes rogue or tries to take the data with them to another company, you can simply revoke their encryption keys so that they can no longer access the files. “Aside from technical solutions, the best approach is employee education,” he adds. “Most people don’t realise what they’re doing is wrong, or they think their employers don’t care. When you do your annual security awareness training, you need to re-iterate that you do care.”

computerworld Singapore www.computerworld.com.sg

IT frenemy No. 5: Slippery Sam

This software salesman has a licence to fill —and you’re in his cross-hairs. It seems like only yesterday you dropped seven figures on software licences, but there’s Sam on your doorstep looking to discuss renewals. When you tell him you’re thinking about ditching your on-premises software for a cloud solution, though, the friendly smile fades. Maybe it’s finally time for that compliance audit, he mutters darkly. “The sales guy wants you to believe he’s a partner in helping your organisation succeed, but the relationship is usually more hostile,” says technology attorney Rob Scott, Managing Partner of Scott & Scott, LLP. “The major software publishers have abandoned the strategy of partnering with customers and instead routinely investigate them for software licence compliance.” Sam has a lot in common with his colleague, Hardware Hank. An old drinking buddy of Legacy Larry, Hank will happily extend the renewal on end-of-life equipment because he knows how much Larry hates change. He’ll resell you gear he knows you can get much more cheaply direct from the manufacturer—if only your procurement rules allowed you to do that—at a 200 percent markup. “Hank brings nothing to the table,” says Howard. “He doesn’t touch the product, provide warranty or services, or assist in the deployment. He makes a six-figure salary just by slapping his name on the sale.” How to keep them in check: If you encounter Hardware Hank, run as fast as you can in the opposite

i.t. management direction, suggests Howard. “If you can’t articulate the value a reseller brings, you need to find another reseller,” he says. The best way to deal with Slippery Sam is to secure a written agreement that forgives any past compliance transgressions, says Scott. The best time to do that is right before you sign the check. Then try to move core applications like email or Web hosting to the public cloud, where compliance issues become someone else’s headache.

IT frenemy No. 6: Cloudy Claudette

She has an Amazon Web Services account and she knows how to use it. Claudette doesn’t have time to wait for IT to give her what she needs. With one phone call and a corporate Amex card, she has entire server farms at her beck and call. She’s moving at the speed of business, spinning up Web services, and cranking out innovative ideas faster than you can say “IT asset management audit.” But she’s also creating IT sprawl in every direction—as are her pals Darlene Dell, Ricky Rackspace, and VMware vCloud Vanesh. More than half of IT pros surveyed by PMG, a business process automation vendor, say cloud sprawl is having a negative impact on their operations and budgets. Four out of five worry about security of data in the cloud, and nearly 60 percent are concerned about compliance. “To me, the biggest concern is security,” said Joe LeCompte, Principal at PMG. “With cloud sprawl there’s nothing to keep employees from putting sensitive files on Dropbox, forgetting they’re there, and giving access to their files to people outside the organisation. IT wouldn’t even know about it.” How to keep them in check: If you can’t keep your employees from using public cloud services—odds are you can’t—IT’s best tactic is to get there ahead of them and offer the same things as part of a managed services catalog, says LeCompte. “If I can call up Amazon and get a server spun up in five minutes, why is IT telling me it’s going to take two months?” he says. “The solution is for IT to act more like the Dropbox and Amazons of the world and get fast and efficient. Either it’s going to happen in a way you can manage and drive, or it’s going to happen outside your control—and you have an even bigger problem.”

IT frenemy No. 7: HR Harriet

Finding and hiring tech talent is hard—and Harriet makes it even tougher. On paper, your goals look perfectly in sync. You and Harriet both want to find and recruit talent into the organisation, evaluate candidates, and make the right hires. But wait, Harriet has more paper for you to fill out. And still more after that. That job you needed to fill three weeks ago will take another three months before it’s approved and posted. The final job description looks nothing like

September –October 2013

the one you wrote. Meanwhile, you’re doing the work of three people. “Getting qualified people is hard enough, but human resources and IT never seem to mix well,” says Mike Meikle, CEO of the Hawkthorne Group, a boutique management and technology consulting firm. “Getting your job requirements through the HR résumé SEO machine is nearly impossible. Suddenly it’s a mishmash of bureaucratic phrases and meaningless buzzwords like ‘empowerment.’ And that mid-level programmer you want to hire now needs a Master’s in Information Systems and 30 years of Java experience.” How to keep them in check: Eventually, every new hire will have to go through Harriet. The key is to keep her out of recruiting and evaluating applicants for as long as humanly possible, says Meikle. “Try to find a way to work with potential candidates without putting HR in the middle,” he says. “Harriet should only be involved in the nuts and bolts of the on-boarding process, not determining who’s best suited for a position. That’s your job.”

IT frenemy No. 8: Frightened Frank

When “CSO” rhymes with “just say no.” Want to deploy 4G iPads to your road warriors? Need to spin up a new production server for the marketing department? Hoping to set up a Dropbox account so that you can access work files from your home? Ask Frightened Frank, and the answer to all of these questions —as well as any others you might think to ask —is no. The result, of course, is an explosion in the number of BYOD Betties and Cloudy Claudettes, not to mention the security, support, and management problems associated with each. A lot of IT managers—especially those with the word “security” in their job titles—are programmed to say no, says SafeNet’s Gonen. “They’re not bad people,” he says. “They literally think it’s their job to say no. But the business has totally moved to yes, and IT needs to get there too.” How to keep them in check: The key to avoiding Frightened Frank—or acting like him —is to adopt a new mind-set, says Gonen. Organisations need to accept that data breaches are inevitable, as well as put in processes and procedures to minimise the impact on their most sensitive data, he says. They need to find out what cloud services employees are using and set up simple policies on how to enable them securely. “If someone comes to you and asks, ‘Is it OK if we use Amazon Web Services?’ you need to say, ‘That’s fine, so long as you use it in the following way,’ ” Gonen says. “The same goes with smartphones or Dropbox. Because even if you don’t allow them, people will use them anyway. You have to give people a way to take shadow IT and make it real IT.” //////////////////////////////////////////////////////////////////////

September – October 2013

security

computerworld Singapore www.computerworld.com.sg

Stop Terrorists, Hackers From Stealing Your Data Public cloud providers offer inexpensive application hosting and data storage services. However, relying on a service provider to secure your data is risky business, so you need to take your own precautions. Here’s what it takes to ensure security without breaking the bank. By Paul Mah

he sheer volume of digital information that businesses produce and collect today offers a greater incentive than ever for hackers to break into private online communications and company files. Recent revelations that the National Security Agency (NSA) successfully used digital snooping to foil real-world terrorist operations serves as a glowing reminder of life in the digital information age. The dramatic leak is also a somber reminder of the fragile nature of computer security. Even disregarding concerns over NSA surveillance, small businesses need to ask themselves if their IT infrastructure can withstand potential intrusion attempts from foreign governments or organisations with deep pockets and no qualms about hacking into their networks. Here are some strategies that your businesses can consider to tighten the bolts on security and reduce your risk.

Bringing IT Home: Better Security, But at What Cost?

Bringing everything in house is the easiest way to ensure that no data can be secretly accessed. This is relatively straightforward task for popular collaboration platforms such as Microsoft Exchange Server and SharePoint, both of which are available in both cloud and onsite flavors. In some instances, a hybrid deployment model that puts highly sensitive data on an onsite server, but more generic information at a cloud location, may serve you well, too. While the initial cost of a non-cloud approach will almost always be more costly than a cloud deployment, the maturity and available expertise in virtualisation infrastructure deployment means that mid- to long-term costs should not be significantly more expensive. Moreover, the availability of more powerful computer hardware, not to mention cheap storage and RAM, means that even a relatively low-end server today is capable of running more virtual machines simultaneously than ever before. Unfortunately, the proliferation of online services means that an onsite deployment may not always be possible. Security-conscious businesses may want to reevaluate if onlineonly services such as QuickBooks Online and FreshBooks are really necessary. If that answer is “Yes,” you should at least ensure that all communications with the online service is always conducted over an encrypted channel such as secure sockets layer (SSL).

Add Encryption Services to Cloud Storage

Cloud storage has garnered a big following among businesses and end-users—and for good reason. The benefits are real: You can back up

data to a remote location with nothing more than an Internet connection, then access this data regardless of your geographic location. You can use cloud storage reasonably safely, provided you adhere to certain precautions— specifically, encrypt all data and perform all uploads over SSL. While practically all cloud providers say they encrypt uploaded data, many also hold the decryption key, which renders any benefit moot. Ideally, the cloud storage provider should have no access to the unencrypted data at all. This is referred to as having zero knowledge of the data. SpiderOak is one vendor that encrypts data at the block level. If your business has already invested in a cloud storage service such as Google Drive, SkyDrive and SugarSync, you may want to look at Boxcryptor, which works on top of these services to add AES 256 and RSA encryption to uploaded files. Another option is Mozy, which offers the optional capability to encrypt data with a private key. You can even use non-secure services such as Dropbox if you ensure that data files are separately encrypted prior to being uploaded. In addition, small and mid-sized businesses will be glad to know that offsite backups are possible without having to resort to cloud services, because network-attached storage (NAS) appliances from vendors such as Lenovo Iomega and Synology offer the capability to perform device-to-device replication.

Protect Instant Messages by Establishing Private Networks

Unprotected IM communication is also vulnerable to interception. Workers used to conducting chats via public IM networks such as AIM, Google Hangouts and Windows Live are essentially transmitting confidential discussions, passwords and other privileged information with no guarantees of their privacy. Many IM services also support video calls or voice chats, which serves as additional risk vectors vulnerable to snooping by unauthorised parties. Sidestepping these glaring security

shortcomings entails circumventing public IM networks entirely by establishing a private network—typically with a private IM server deployed within a corporate network. Options include Microsoft Lync Server or an open source alternative such as Cisco Systems’ Jabber. (Note that Lync may entail additional licensing costs, while Jabber and others may require more effort to deploy.) Getting users to adopt a new IM service may be a bigger challenge than most businesses anticipate. AIM, Google Hangouts and Windows Live are popular for a reason. Also note that many popular IM chat clients on both the desktop and mobile devices may not support open standards such as Jabber, while a closed platform such as Lync is typically accessible only on official clients.

Use VPN to Encrypt All Data Transfers

The virtual private network (VPN) is another commonly ignored security component that businesses should hasten to implement. For remote workers, the capability to encrypt data communications from their laptops and desktops back to the office not only protects them from snooping at insecure Wi-Fi hotspots, it also grants remote access to resources on the corporate network. The complexity and cost of setting up a VPN has declined significantly. Moreover, support is offered on a variety of tablets and smartphones. That said, you will need to do some research to determine what will work best. (Most leading VPN services will plug into existing directory services such as Active Directory for authentication.) Depending on the number of VPN users your company expects at any given time, it may be necessary to deploy a beefier appliance or increase the specifications of the virtual machine to deal with the workload. Traditional physical and virtual solutions aside, outlier offerings such as the iTwin Connect may work well for smaller organisations, too.

Businesses Must Stay on Their Toes

Allegations of snooping on government officials at the 2009 G20 summit, along with the high-profile RSA hack in 2011, offer additional insight into what governments and highly skilled hackers can pull off. Even SSL encryption may not be as foolproof as once believed, given how hackers are stealing secret encryption keys and successfully attacking digital certificate authorities. //////////////////////////////////////////////////////////////////////

computerworld Singapore www.computerworld.com.sg

Virtualisation

September –October 2013

Minimise Physical Space Usage with Virtualisation Virtualisation is an important element of Resorts World Sentosa’s server and desktop strategy. by JACK LOO

therefore we remove the door,” he adds. To help save further space, data patch panels on cable baskets are placed above the server racks, instead of the usual practice of being installed within the racks. Instead of the standard static UPS, the IT team deployed an UPS system that had alternate power sources including flywheelbased technology. This method does not require an air conditioning environment, thus saving energy costs.

Virtual Servers

Yap Chee Yuen

esorts World Sentosa (RWS) CIO Yap Chee Yuen only had a small space allocated for his data centre during the construction phase of the integrated resorts more than three years ago. In fact, Yap estimates that his data centre only took up less than 0.1 percent of the 49-hectare development that is located on the island of Sentosa south of Singapore mainland. “As with any other business entity, most of the floor area will typically be given to revenuegenerating entities first and then allocated to the rest, in that sense, the data centre has to compete for space,” says Yap who is also Executive Vice President, Corporate Services, at Resorts World Sentosa. A survey on data centres in the region by Datacenter Dynamics published in the first quarter of this year indicates that the average size of data centres is 1,235 sq m. In comparison, the data centre space in Resorts World Sentosa takes up less than half of that measurement. The challenge for Yap and his team is to design a data centre that maximises server housing capacity, and in the meantime, keep floor space usage at a minimum. The first solution involved having higher racks for slots in more servers. At seven feet high, an average server rack can accommodate 42 units of server equipment, and the industry term is 42U. The racks in Resorts World Sentosa are of the 52U standard. “Our racks are 10 percent higher than normal so that you can put more servers into the racks,” says Yap. “At the same time, we have open frames because when you have doors to the rack, it will have to take up space so

Another method employed by Yap’s team to better utilise data centre space is virtualisation technology. “In order to minimise and optimise the space that we have, virtualisation is one of the key principles and strategies for this project,” says Yap. Six hundred out of the 1000 servers in Resorts World Sentosa are virtual servers running on VMware’s ESX server virtualisation platform, allowing the IT team to optimise the use of physical space and help reduce energy consumption. According to Yap, his data centre has 10 virtual servers running on one ESX server. This means a server consolidation ration of 10 to one, says Matt Hardman, Senior Product Manager for Cloud Infrastructure Solutions, ASEAN & India, VMware. “I would say that Resorts World’s consolidation ratio is really advanced. Typically when you start looking at server consolidation ratios, you are looking at 4 or 5:1 ratios,” says Hardman. “So when you are looking at 10:1, it’s really advanced. They have got it down to a point where they’ve already moved beyond the basics of virtualisation. You’re moving beyond basic workloads and into your Tier 2 and Tier 3 applications. You’re going up to mission critical,” says Hardman. Being able to reduce the number of physical servers also cut down the amount of energy required for cooling, says Yap. “This means that your energy management is better optimised.” He did not give details on the energy savings his organisation achieved. Tackling the space constraint also contributed to making the Resorts World Sentosa data centre an energy efficient facility. In fact, the organisation became part of a pioneer group that achieved the Singapore Standard for Green DC certification in 2011. According to Yap, his virtualisation strategy is not limited to servers but extends to desktops as well. He employed desktop virtualisation with VMware’s View in the following areas. Resorts World Sentosa deployed 30 self-service kiosks in its employee cafeterias that allow 6,000 workers to log into the organisation’s human resource self-service portal to check payslips and manage rosters and leave allocation. These records can also be printed from printers located at the cafeterias.

Higher Learning

There is also an e-learning laboratory with 25 thin clients running on VMware View for Resorts World Sentosa employees. “Imagine that in the past, each stand-alone PC in the classroom had all the course materials in the drive, so whenever there was any change in any courseware, you had to go to all the PCs and load with the master disc,” says Yap. “So with this, you only change once at the back-end, and all you have to do is go and fetch your courseware through the VDI screen,” says Yap. Resorts World Sentosa also installed some 25 virtual desktops for its call centre in Manila, Philippines. There is no need to provide resources to support the Manila location, according to Yap. “So through the VDI machine that is stored in a remote location, they are able to come into our application and environment to execute all those applications that needs to be performed when they answer to customers’ queries for booking and for facilities, promotions and so forth,” he says. Besides efficient space utilisation and productivity gains, virtualisation can improve the way Yap’s team can support the Resorts World Sentosa’s business units. If the organisation were to depend on just physical servers, a business unit looking to access infrastructure resources to develop applications would need to wait four to six weeks for IT to order and install a new machine. But with virtualisation, server provisioning is now a breeze, according to Yap. “Instead of weeks or even months, you now cut down to minutes where I can execute server provisioning. Within a day we should be able to provision it and then go in the application to run the tests.” Virtualisation also makes disaster recovery a much easier affair, says Yap. At the same time it also helps to increase uptime. “In the past in disaster recovery I needed to have the same full set of similar machines, components and cards, if not, it would not work,” says Yap. “Now you don’t need to because it is software controlled rather than hardware controlled. Therefore it does really help to improve the way disaster recover can be done,” says Yap. Looking back at his virtualisation journey, Yap says one key benefit has been physical space optimisation. “You do not need to find a bigger space because there is good optimisation in the floor area,” he says. So what is next for Yap in his virtualisation strategy? The next phase for him is in the area of desktop virtualisation. He believes there are members of the Resorts World Sentosa workforce that do not require dedicated desktops. “I think that’s where we can have more simplicity in client devices. All this simplicity means lower costs, better efficiency and productivity,” he says. //////////////////////////////////////////////////////////////////////

seful insights into financing and technology options for small and medium-sized enterprises (SMEs) summed up the morning of talks at the “Transform with Technology and Take Your Business to the Next Level” seminar. The seminar was held on 9 July and organised by Computerworld Singapore and ASME/SMECentre, and sponsored by leading storage vendor EMC. The attendees represented SMEs from a variety of industries. Gagan Tambur, EMC Global Financial Services Consultant, talked about the flexible and creative financing options offered by EMC in the first presentation of the day. “GFS [Global Financial Services] is not a profit centre,” said Tambur, in the presentation titled “Leveraging GFS”. “Our strategy is to facilitate sales, not to generate interest income. This is unique in the industry. We are not a separate legal entity, but are part of the sales organisation.” He explained that GFS is not just about financing, but also about asset management. GFS has developed strategies to buy back and trade in older EMC boxes and also to swap out competitive gear. “Our sole objective is to work with the sales team, to help customers buy EMC equipment. Everything comes down to cost.” To do this, GFS has structured many creative acquisition options that include:  Structured payments and step leases  Payment holiday plans (buy now, pay later)  0% financing  Capacity-on-demand plans (EMC OpenScale) He emphasised that organisations that do not have the budget for technology acquisition may still be able to realise their technology projects with the help of GFS. Tambur cited an example of a company that wanted to undertake a S$150,000 project based on the available budget of $75,000 for the current financial year, and budget available in the next financial year of S$100,000. GFS is able to offer a 0012 payment plan, where the company pays an upfront payment of $75,000, followed by zero payment for 12 months, and the balance of $75,000 after 12 months. Another example is of a company that does not have any Capital Expenditure (CAPEX) budget for the $150,000 project, but has a $50,000 Operating Expense (OPEX) budget. GFS can offer a plan for a 3-year OPEX lease, with annual payments of $50,000. And for companies that want to refresh existing equipment, GFS can offer buy back money for this gear. On the subject of when a company should refresh its IT equipment. Tambur suggested that it is timely to do so when:  There is a need to meet compliance requirements;  The equipment is end of life and no longer functional; or  If the cost of maintaining existing equipment is heftier than getting a technology refresh, based on a Total Cost of Ownership (TCO) analysis. In response to a question from the floor about the repayment options, Tambur said that GFS offers a range of repayment options that can mean no payment for 3-9 months. “The beauty is that we can structure the repayment as per the finance of the customer. Our aim is to do zero percent interest, though in some cases, there are minimal interest costs.” “The old perception is that EMC can be unaffordable and expensive. Don’t worry about it, we have structures and methods to ensure that any impact on cashflow is minimised, and investments can be for as low as $500 a month,” said Tambur.

Handy Tips on Financing & Tech Options for SMEs All-Purpose, Unified Storage for SMEs

EMC may have a reputation for being the largest enterprise storage provider around, but the conception of it being a vendor for large customers is a faulty one, said the next presenter, Daniel Ong, Solution Consultant, from Office of the CTO for APJ, EMC. “We have taken great strides to change the reputation that our solutions are only for the enterprise,” said Ong.“EMC is now focusing more on topics like data consolidation, virtualisation and data protection… we have the whole suite of data protection solutions that fit each specific environment.” EMC’s VNXe offers enterprise-type functionality and performance, but at a price and packaged to suit SMEs. Ong noted that the typical IT environments are server-based, with direct-attached storage. The challenges faced in such environments are having islands of direct-attached storage – an inefficient use of storage capacity. Data availability and protection is a major challenge, and storage growth can be expensive and complex to manage as adding capacity means adding servers. Said Ong: EMC’s VNXe series has benefits that can help tackle these challenges. Not only can it help to consolidate storage and management, it can eliminate file servers, reduce average capacity requirements, and streamline backup and recovery. Some organisations can get stuck in a rut, he noted, and continue to function with highly inefficient backup approaches that can take over a day. Instead of file share, another approach is to streamline backup by taking snapshot of storage at that point in time, requiring no changes and zero space. Another efficiency enhancer is best-practice software wizards that can configure storage with just a few clicks. They can set up hundreds of Microsoft Exchange mailboxes in fewer than 10 clicks, or set up datastores, iSCSI volumes, NFS and CIFS shares in minutes. For the M icrosof t administrator, the EMC Storage Integrator can empower

Gagan Tambur

government (SPRING Singapore, ieSingapore, WDA, MDA, MOM, MCYS, etc.). The different schemes from the various statutory boards cater to different needs. SMEs are defined as companies with an employee headcount of no more than 200, with a minimum 30% local shareholding, or have an annual turnover of not more than S$100m. Phua highlighted the Productivity and Innovation Credit (PIC) scheme, under which companies get cash and tax deductions for investing in activities to improve innovation and productivity. The six areas that qualify include: automation, acquisition of IP rights, registration of IP rights, training, R&D, and design. Other schemes highlighted include: Wage Credit scheme, which can offer reimbursement of 40% of wage increment; Work-pro scheme; Age Management Grant to help employers acquire skills and knowledge on age management practices; Job Redesign Grant to support the cost of redesigning jobs to recruit and retain mature workers, economically inactive persons and those who have been out of work for three months or more; and Work-Life grant, to support implementation of work-life strategies.

Daniel Ong

him or her to automate application workflows, provide end-toend monitoring. There is even EMC Storage Analytics for VNXe to proactively detect issues, pinpoint problems, diagnosis and action. The virtualisation features in VNXe can streamline management tied to virtualisation consoles, and enable application provisioning for Exchange. Innovations in backup has seen EMC gather the industry’s most scalable inline deduplication systems, such as the DD160 Appliance, that is ideal for enterprise data centres and remote offices. “EMC has innovated in backup, and a key innovation is deduplication,” said Ong. Deduplication analyses the data and has eliminated duplicate copies of repeating data, enabling companies to use disks as cost effective backup and reduce the need to invest in tape backup.

Government Help

The next speaker, Shawn Phua from SMECENTRE@ASME, offered insights into the government assistance that SMEs can receive via the SMECENTRE@ASME. SMECENTRE@ASME was previously the Enterprise Development Centre, a Spring Singapore initiative. It reaches out to SMEs, as well as to aspiring entrepreneurs, providing first-level business advisory at no charge. Affordable SME-specific products and services are also available under extended levels of consultancy. SME Centre @ ASME is committed to providing entrepreneurs and companies with:  Information Access and Assistance on Government Schemes  Basic Advisory & Customised Consultancy on Business Needs  Workshops and Training on Work-Related Knowledge and Competencies  Seminars on current issues  National Initiatives on Re-employment of Older Workers “Our aim is to reach out to more SMEs, with schemes to help them grow,” said Phua. “Where we used to focus on grant introduction… we are now moving towards a more diagnostic approach, similar to insurance, to help SMEs as a business advisory at no cost.” To date, there are more than 170 assistance schemes from the

Shawn Phua

Panel Discussion

The event ended with a panel discussion, with questions thrown up by the members in the audience. In response to the question on which financing options are most popular with Singapore companies, Tambur responded that the deferred payment plan is the most common financing plan. On the topic of which EMC products are best suited for SMEs, Ong replied that the VNXe and Data Domain DD160 are ideal for SMEs, given the feature sets and affordable price point. “They are ideal as pricing starts at a low entry level price, providing bang for the buck, and data protection.” He added that both the EMC Celerra and Clariion range of products are still supported, and are being upgraded into the VNXe series of products. Ultimately, the attendees walked away from the seminar with a greater understanding of the different financing and technology options available for them to improve their productivity and processes. brought to you by

career

September – October 2013

computerworld Singapore www.computerworld.com.sg

13 Steps

to Dealing With Losing Your IT Job Even some of the most talented IT professionals have found themselves the victim of a downsizing or reorganisation. You can never feel too safe regardless of how stable the environment seems. If you find yourself in your worst-case scenario, these tips will help you work your way out of it. By RICH HEIN

M Step 1: Accept Your Situation

ost would agree that losing financial stability is the worst of it. Whether you’re single, a sole provider or married with kids, just the thought of suddenly being unemployed can bring many sleepless nights. However, beyond the financial impact, we oftentimes don’t consider how much of our identity is tied to what we do professionally. “Job loss is an understandably emotional time. Many people use this time to be upset or lash out, and that’s understandable, but you still need to be thinking about the next steps necessary to move forward,” says Career Strategist and Resume Writer Stephen Van Vreede. Experts agree that the only way out of this situation is to build a plan and then work the plan. To help you get back on track as quickly as possible, we spoke with a CIO, a career strategist and IT staffing firm Modis to see what they advise people in their network to do when they wind up in this scenario.

The first step, according to Matt Ripaldi, Vice President of Modis, is to accept it. “The most common thing I see is that people have a difficult time accepting it right away. Some people waste time thinking ‘maybe I can save this or is this really happening,’ but you just have to accept it,” says Ripaldi.

Step 2: Take a Moment to Reflect

“Getting things rolling is important, but you want to know what you’re moving towards,” says Van Vreede. Unless you have a good severance package, you can’t always afford to take an extended break and examine what you want to do and then re-educate yourself accordingly. However, anyone in this situation should take at

least some time to step back and take stock of their professional goals. “Are you not passionate about your previous job? In that case, although it’s unfortunate you’ve lost your job, you can use this as an opportunity to move in a different direction. A lot of times you just need to take a deep breath and ask yourself, ‘is this really a blessing in disguise?’ “ says Ripaldi.

computerworld Singapore www.computerworld.com.sg

Step 3: Bridge the Gap

If you aren’t already doing what you’re passionate about, perhaps now is the time to build a plan to get there. “Job loss often forces people to assess the direction of their career. It may even be an opportunity to change careers and find a profession that is more fulfilling or more aligned with your skills and aspirations,” says Caitlin Sampson of Regal Resumes. From a certification standpoint, there a number of different online choices depending on what your specialisations are. Schools are also a great place to start to add IT skills and certifications.

Step 4: Clean Up Your Social Media Profiles

“We always recommend clients update their social media profiles like LinkedIn right away, and then their resumes second. The first place most recruiters and hiring managers look is your LinkedIn profile,” says Ripaldi. Be sure your LinkedIn, Facebook and Google+ profiles are up-to-date and are focused on the role you are trying to attain. Update your personal brand via your social profiles and resume by articulating what value you add to a prospective employer’s company. Try looking at the social profiles of people in the position you are applying for to find the commonalities like keywords, skills highlighted and so on.

Step 5: Avoid Surprises

You also want to Google your name, says Ripaldi. “You want to find out what comes up because a lot of times you need to be aware of what’s out there in regards to your personal branding.” You don’t want to go into an interview and be blind-sided by some thought you posted two years ago or a picture that needs explaining.

Step 6: Update your Resume

When it comes to your resume, says Ripaldi, “you want it to be no more than two pages and almost like a basic template, then as you respond to different openings that’s when you’ll decide what skills to highlight in your resume. If you’ve been in the IT world for any length of time then your skills will likely fill up more than two pages. You really need to target to whatever position you responding to.” Your resume should be up-to-date with all of your latest work experience, education, training and career highlights, according to Sampson. “Review your performance reviews and include applicable achievements, training, courses, and/ or relevant responsibilities. Getting help writing a new resume is probably good idea, especially if you haven’t updated it for some time. According to Ripaldi, statistics show that a professionally

career written resume tends to get a better response so help with writing a new resume is probably good idea. That may be especially true if you haven’t updated it for some time. There’s also a lot of material out there that you can purchase or read yourself. For example, books, articles and tips walk you through resume-writing and brand-building process.

Step 7: Reach Out to Your Network

Be active, communicate and talk to your network. Try to make your messaging positive and upbeat. “Some people are hesitant to talk about it, but we counsel our clients and candidates that it can happen in the course of your career and it’s OK to talk about. If your company was in the middle of a reorg or layoff and you were affected by that, it’s OK,” says Ripaldi. When it comes to social networking, says Ripaldi, you should act immediately. “Reach out to your network and let them know you’re looking for a change or a new opportunity. If people ask what’s causing the move, simply explain that the company is reorganising and you’re looking for your next contract position, your next full-time position or for the next opportunity.” Depending on the contact, you can go into more detail or not. Just make sure you’re focusing on where you’re going next. That is, focus on the next opportunity and what your skills are that can help that contact. “How you frame it is very important. You don’t want to appear like a charity case,” says Van Vreede. “You don’t want to put too much pressure on people and make them feel as if you’re counting on them to get you a job.” You don’t want to burn any bridges here, so again keep your messaging upbeat and when people ask, be prepared to articulate a solid answer. “People take job loss personally and because of this they speak poorly about their past employer, manager and/or co-workers. It is crucial to remain professional throughout the process. If you maintain a neutral relationship with your previous employer, this can provide the opportunity for a potential reference in the future,” says Sampson.

Step 8: Use Tradeshows, Groups, Projects and User Groups to Network

IT pros can also reach out to the LinkedIn groups they participate in and any relevant developer groups that they are a member of. If possible, attend any relevant trade shows that are in your area.

Step 9: Create an Elevator Pitch

The other thing you want to work on, according to Ripaldi, is your elevator pitch—a short, wellarticulated story that highlights what separates

September – October 2013

you from all the other people out there doing the same job. “When you tell people that story, they should know what you do and, if it’s done the right way, they should remember you,” says Ripaldi.

Step 10: Consider Contract Work

As an IT pro, taking a contract position can be a way to build new skills or fill the financial gap that losing your job causes. “You’ve got to pay your bills, but experts warn that the stopgap measure that gets the funds rolling in oftentimes turns into a situation where a year later you’re asking yourself, “How did I get here?” “You’ve got to ask yourself, what do I want to do moving forward?’” says Van Vreede. Remember taking a contract position is a stopgap measure unless you plan on remaining independent indefinitely; you still need to devote the proper amount of time to finding a new position that matches your skillset and needs.

Step 11: Use the Right Email Address

A lot of job searching happens online so make sure you are using an appropriate email address to conduct your job hunting. “Always use a personal email address for your job search. Ensure that the address is professional—for example, firstname.lastname@serviceprovider. com. Another affordable option is to purchase a personalised domain from a domain registry, such as www.godaddy.com for as little as $6/year. This ensures privacy, provides customisation and separates work from personal emails,” says Sampson.

Step 12: Speak With HR

Make sure you take the time to find out from HR how to apply for Cobra health benefits. Alternately, if you have a spouse you could get put on his or her policy. Depending on how many people are being terminated, outplacement services such as job search and resume help may be available.

Step 13: Don’t Be Too Hard on Yourself

Losing a job is difficult, but it’s important to remain positive and focused on the task at hand. If you just sit back and listen to yourself that’s when doubt sets in and that will make your transition more difficult. Try not to listen to yourself; you’ll be focusing on the challenges a little too much. This may put you in a negative frame of mind. Try giving yourself words of encouragement and go over your plan. Tell yourself: “Here’s what I’m going to do, these are the companies I’m going to target, these are the companies that I could be of value to, here is my plan for this week.” Give yourself the opportunity to get through this period of transition. //////////////////////////////////////////////////////////////////////

September – October 2013

project management

computerworld Singapore www.computerworld.com.sg

15 Ways to Screw Up an IT Project Project management experts discuss sure-fire ways to delay or derail a project, and how one can avoid these common project management pitfalls. By Jennifer Lonoff Schiff

aul Simon famously sang that there must be 50 ways to leave your lover. Similar could be said (if not sung) regarding projects: There must be 50 ways to screw up your IT projects. Indeed, ask IT executives and project management experts, and they will rattle off dozens of reasons why projects go astray. For the sake of brevity, however, we are starting with the top 15 ways to derail a project--and how to avoid these project management pitfalls.

Having a poor or no statement of work. “I’ve seen many projects encounter troubles due to the lack of a well-defined project scope,” says Bryan Fangman, Senior Project Manager at Borland, a Micro Focus Company. “Despite the best planning efforts, change is inevitable, so having a clear statement of work up front is essential in getting agreement with the customer on what will actually be accomplished,” Fangman says.

Not setting expectations up front. One of the key ways to screw up a project is to not create a roadmap and define project requirements and expectations for all stakeholders at the beginning of the project. That’s why “before we start any projects, I make sure that everyone on both the customer team and project team have a clear, documented understanding of two primary things: What we are going to do, and how we know when we are done,” says Tim Garcia, CEO, Apptricity, which provides service-oriented architecture (SOA) for asset management enterprise resource planning (ERP).

Not securing management buy-in. “Executing a project without securing sponsor support is not only counterproductive but also a recipe for disaster,” says Brad Clark, COO at Daptiv, a provider of ondemand Project Portfolio Management (PPM) solutions. “It’s imperative to be on the same page with the sponsor for a project to move in the desired direction and get organisational buy-in.”

Using the same methodology for all size projects. “Most project management methodologies have a standard set of key tasks and deliverables for enterprise IT projects,” says Robert Longley, a consultant at Intuaction, a coaching and consulting company. “If you have a project that is $100,000 and you try to use the standard approach, you may find that it costs more to do the deliverables than it does to do the actual project,” Longley says.

Overloading team members. “Your team members are not machines,” says Dan Schoenbaum, the CEO of Teambox, a cloud-based collaboration and project management company. “Pay attention to how much work each individual member is assigned,” he says. “If one member is overloaded, the end product will suffer. Utilise the strengths of your team and spread out the workload as much as possible. This will avoid overwhelming your team.”

Waiting or not wanting to share information. “Waterfall approaches to project delivery—where results are not presented to users and stakeholders until late in the project—introduce risk and often lead to disappointing results,” says Apptricity’s Garcia. Garcia recommends using an agile, iterative approach to project management. “Iterative projects delivers results in short, quick phases, with the most critical and complex components delivered first.”

Not having a clearly defined decisionmaking process. “Project teams should embrace change, but change decisions need authoritative approval, agreement and documentation. Understanding the process and chain of command keeps everyone reading from the same playbook,” says Garcia.

Not using a project management software system. “Excel spreadsheets relegate project managers to manual intervention and worst of all, ‘walk the floor’ status updating,” says Brian Ahearn, CEO, evolphin Software, the developer of digital asset management software. “Project managers need a solution that automatically updates project status each time a task is completed, alerts you when a task is past it’s due date and will provide a complete and up to date project status report,” he says.

Allowing scope creep (or excessive scope creep). “Ensure project objectives are understood, deliverables are defined and the project is monitored daily,” says Sandeep Anand, Vice President of Project Governance at Nagarro, a high-end software development firm. That said, it is a good idea to “budget for scope creep and have a defined process for accommodating change requests.”

Being afraid to say “no.” Part of being a good project manager is being “an educated advisor,” says Markus Remark, Vice President, Customer Operations, TOA Technologies, a provider

of field service management software and solutions. “Knowing how to say no and offering a constructive alternative solution” can prevent a project from becoming derailed or delayed.

Not being a team player. “Every project has a team that is expected to work together to successfully complete the work,” says Hilary Atkinson, Director of Project Management at Force 3, a business solutions provider. “The project manager is the hub of the team, the process and the solution. Yet many young or new project managers make decisions without consulting with the team and without gaining approval.”

Poor communication. “Too many times projects managers feel they are too busy managing day-to-day tasks to take the time to communicate,” Atkinson says. “This is a critical mistake and often the demise of a project. If the PM does not send out the meeting minutes, status reports and follow-up emails, he is increasing the risk for delays, risk for conflict and project failure.”

Too many, too long status meetings. “Nothing sucks the life out of a team more than a status meeting,” says Liz Pearce, the CEO of LiquidPlanner, an online project management provider. Her advice: “Reserve team meetings for decision-making. For instance, agile teams have daily ‘stand-ups’ which are useful in quickly identifying and removing obstacles.”

Not caring about quality—the “good enough” syndrome. “Due to different factors, such as schedule or budget pressure, it might be tempting to reduce the effort on quality assurance (QA),” says Sergio Loewenberg, Senior Manager, Business Consulting, Neoris, a global business and IT consulting company. However, a “lack of proper QA will result in a weak end product,” he says. So the project management team needs to understand “that the cost of preventing errors is lower than the cost of fixing them.”

Not learning from past project management mistakes. “A key benefit of using a project management tool is the ability to access the data that can provide answers to these questions,” says LiquidPlanner’s Pearce. “If a team is committed to self-improvement, they’ll reap significant rewards by spending a few hours conducting post-project analysis.” //////////////////////////////////////////////////////////////////////

logging off

September –October 2013

www.computerworld.com.sg

The Engaging IT Leader

Editorial EDITOR Jack Loo SUB-EDITOR Subatra Suppiah ONLINE EDITOR Zafar Hasan Anjum contributors Rich Heinm, Paul Mah, Lisa

Schmeiser, T.C. Seow, F.Y. Teng, Dan Tynan ReporterS Caroline Ng, Nurdianah Md Nur Correspondent AvantiKumar (Malaysia) Designer Yasin

Advertising/MArketing/Reprints Sales Director

Glen Myles Tel: +65 6395 8018 Regional Account Director

Ng Yi-lin Tel: +65 6395 8045 Regional account Director

Francesca Lee Tel: +65 6395 8041 account MANAGER

Catherine Loh Tel: +603 7804 3692 Regional MARKETING MANAGER

Tissie Adhistia Tel: +65 6395 8012 circulation & PRODUCTION Circulation and production specialist

Josephine Goh Tel: +65 6395 8060

how to contact the editor We welcome your letters, questions, comments, complaints and compliments. All should be addressed to the Editor, Jack Loo: Tel: +65 6395 8062 Email: jloo@execnetworks.com Address: 152 Beach Road, #11-06/08 Gateway East, Singapore 189721 executive networks media managing director Mark Hobson finance manager Allan Chee operations manager Alison Lim

Subscriber services & Updates Please contact Josephine Goh Email: subs-cws@execnetworks.com Subscription rates for one year Singapore — S$20.00 Countries within Asia — US$28.00 Countries outside Asia — US$38.00

he IT leader needs to be able to “talk to the business”, a sentiment shared among the speakers and delegates at the recent CIO Summit 2013 in Singapore. The ability to not just present well to the board but to successfully engage the business units within the organisation is an important skill for the IT leader to possess. This is something that IT leaders of today must have, an opinion expressed by Miao Song, Group CIO, Golden-Agri Resources, Michael Lee, CIO, Banyan Tree Hotels and Resorts, and Koh Kok Tian, Information Systems Director, Inchcape, Asia, who were members of a panel discussion at the Summit. It becomes a bigger challenge for the IT leader because compared to a CEO or CFO a CIO typically does not have many opportunities to present in front of a board. And the length of the presentation might last only 30 minutes or even less. Recognising the need for the IT leader to successfully engage the board, the ITMA (Information Technology Management Association) in Singapore rolled out its CIO Executive Programme this year. The initiative seeks to help prepare CIOs and IT managers for meetings with executive management and the board. “The board is not interested in details like big data,” said Glen Francis, who heads the organising committee in ITMA for the Executive Programme. He is also Vice President, Head of Group IT, Global Logistics Properties. What the board wants to know are strategic issues like risk management and governance, he explained. The board is less likely to be keen on the technologies involved in a project, but more interested in the business benefits created from the initiative. The board members will want to know the risks are understood and controlled. In the past, the CIO role was just to “keep the lights on” and make sure that there is no downtime. Much has been said about how big data, analytics, social media and consumerisation of IT can disrupt the traditional role of the CIO. But on the other hand, it means that there are now more tools at the IT leader’s disposal to present to the board that their benefits far outweigh the technology and implementation risks. So dear readers, it is now time to get started on the following. Drop the jargon, work with your peers in management, and figure out how to make money for the business.

This publication may not be reproduced or transmitted in any form in whole or in part without the written express consent of the publishers. Printed by KHL Printing Co Pte Ltd 57 Loyang Drive, Singapore 508968 MCI(P)016/06/2013 RCB No: 199605247D

jloo@execnetworks.com

Get your latest technology resources from

the largest I.T. library in the region

cio-asia.com

technology issues that impact business

mis-asia.com

deeper insights into IT strategy and best practices

computerworld.com.sg and computerworld.com.my analytical reporting on local and global breaking news

Sign-up for our e-newsletters that suit your key responsibilities and information needs: Regional e-newsletters  CIO Asia  MIS Asia Country e-newsletters  Computerworld Singapore  Computerworld Malaysia  MIS tech Hong Kong Technology e-newsletters  MIS tech Cloud Computing  MIS tech Security  MIS tech Data Centre Industry e-newsletters  MIS Asia Public Sector  MIS Asia Manufacturing  MIS Asia Financial Services  MIS Asia Logistics & Retail