LEADERSHIP BUSINESS
TECHNOLOGY
VOL/09 | ISSUE/10
Broken Promises
Beware bold promises from a multibillion-dollar industry that can’t prevent your IT systems from being routinely hacked. Here are seven promises that they can’t deliver on. Page 38
GOING PUBLIC How—and why—Fortis Healthcare moved to the public cloud. Page 58
AUGUST 15, 2014 | `100.00 WWW.CIO.IN
CXO AGENDA Somesh Chandra, Max Bupa, on how IT puts customers first. Page 50
FROM THE EDITOR-IN-CHIEF
PUBLISHER, PRESIDENT & CEO Louis D’Mello ASSOCIATE PUBLISHER Parul Singh E D I TO R I A L EDITOR-IN-CHIEF EXECUTIVE EDITORS DEPUTY EDITOR FEATURES EDITOR ASSISTANT EDITORS
Hybrid Surge A “hybrid first” cloud model is emerging across Indian enterprises big and small. When I first wrote an edit on cloud computing six years ago, there was buzz around SOA, server virtualization was turning to magma, and an enterprise-class cloud was little more than vapourware. You’d think that with time cloud computing would gathermomentum, and at a goodly pace. The typical large enterprise one expects would set up a highly virtualized environment, increase automation, add in an orchestration layer, throw in better manageability, migrate apps and voila—the private cloud. So would it surprise you to note that that’s not how enterprise cloud strategy is playing out in India? A little over six months ago, conversations that I’d been having with a host of CIOs pointed to a new trend emerging—India Inc. was beginning to see a move toward a “hybrid first” model. The latest data from the State of the CIO: Mid-Year Study indicates that this trend, this trickle, has turned into a raging torrent, with 49 percent of Indian mid-to large enterprises choosing a hybrid strategy. These companies believe that doing so provides them with better performance, higher control, lower cost and improved reliability. I’m not surprised at this hybrid surge. If you take today’s business demands of efficiency, agility and speed, add the blurry business horizon, with a generous helping of business end-goals and stir in the acute shortage of internal IT talent most organizations are staring at a recipe for catastrophic business failure. In trying to avoid this, CIOs have few options than to move some workloads to the public cloud, while keeping the more critical ones within the perimeter. Our research backs this, given that the top three workloads moving to the public cloud are mail and messaging, collaboration and externally-facing web-apps. Then there’s also the increase in datacenter complexity that’s being driven by increasing data volumes, a rise in the quantum of business critical appsand, of course, virtualization. Thus, it is that 39 percent of CIOs move less critical systems and processes to the cloud. Yet whichever path gets chosen, it leads to one inescapable destination—the here and now and future of the cloud is hybrid. Companies might choose to keep some data and applications at home to escape issues with latency or compliance, the rest will need homes elsewhere—homes that will be rented.
Vijay Ramachandran Gunjan Trivedi, Yogesh Gupta Sunil Shah Shardha Subramanian Gopal Kishore, Radhika Nallayam, Shantheri Mallaya SPECIAL CORRESPONDENT Sneha Jha PRINCIPAL CORRESPONDENTS Aritra Sarkhel, Shubhra Rishi, Shweta Rao SENIOR COPY EDITOR Vinay Kumaar VIDEO EDITORS Kshitish B.S., Vasu N. Arjun LEAD DESIGNERS Suresh Nair, Vikas Kapoor SENIOR DESIGNERS Sabrina Naresh, Unnikrishnan A.V. TRAINEE JOURNALISTS Bhavika Bhuwalka, Ishan Bhattacharya, Madhav Mohan, Mayukh Mukherjee, Sejuti Das Vaishnavi Desai SALES & MARKETING PRESIDENT SALES & MARKETING VICE PRESIDENT SALES GM MARKETING GENERAL MANAGER SALES MANAGER KEY ACCOUNTS MANAGER SALES SUPPORT SR. MARKETING ASSOCIATES
Sudhir Kamath Sudhir Argula Siddharth Singh Jaideep M. Sakshee Bagri Nadira Hyder Arjun Punchappady, Benjamin Jeevanraj, Cleanne Serrao, Margaret DCosta MARKETING ASSOCIATES Varsh Shetty LEAD DESIGNER Jithesh C.C. SENIOR DESIGNER Laaljith C.K. MANAGEMENT TRAINEES Aditya Sawant, Bhavya Mishra, Brijesh Saxena, Chitiz Gupta, Deepali Patel, Deepinder Singh, Eshant Oguri, Mayur Shah, R. Venkat Raman O P E R AT I O N S
VICE PRESIDENT HR & OPERATIONS FINANCIAL CONTROLLER CIO SR. MANAGER OPERATIONS SR. MANAGER ACCOUNTS SR. MANAGER PRODUCTION MANAGER OPERATIONS EA TO THE CEO MANAGER CREDIT CONTROL ASSISTANT MGR. ACCOUNTS
Rupesh Sreedharan Sivaramakrishnan T.P. Pavan Mehra Ajay Adhikari, Pooja Chhabra Sasi Kumar V. T.K. Karunakaran Dinesh P., Tharuna Paul Prachi Gupta Poornima
All rights reserved. No part of this publication may be reproduced by any means without prior written permission from the publisher. Address requests for customized reprints to IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027, India. IDG Media Private Limited is an IDG (International Data Group) company.
Vijay Ramachandran, Editor-in-Chief vijay_r@cio.in VOL/9 | ISSUE/09
Printed and Published by Louis D’Mello on behalf of IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027. Editor: Louis D’Mello Printed at Manipal Press Ltd., Press Corner, Tile Factory Road, Manipal, Udupi, Karnataka - 576 104.
IDG Offices in India are listed on the next page
REAL CIO WORLD | J U N E 1 5 , 2 0 1 4
105
contents AUGUST 15, 2014 | VOL/9 | ISSUE/10
72 | Design. Decode.
Decide
FEATURE | ANALYTICS It's not just about collecting mounds of data anymore, but analyzing it to make smart decisions. By Nancy Gohring
Case Files 58 | Fortis Healthcare PUBLIC CLOUD How Fortis Healthcare made the venturesome move to a 100 percent public cloud model By Radhika Nallayam
62 | IndusInd
3 8
COVER DESIGN BY UN NIKRISHNAN AV & VIKAS KAP OOR
38 | Broken Promises COVER STORY | SECURITY Beware bold promises from a multibillion-dollar industry that can’t prevent your IT systems from being routinely hacked. Here are seven promises that they can’t deliver on. By Roger A. Grimes with inputs from Ishan Bhattacharya, Radhika Nallayam and Sneha Jha
VIDEO BRANCH IndusInd Bank deploys an app, which allows customers to enjoy banking services via a video chat. It’s creating a lot of customer stickiness, says the bank’s CIO. By Shubhra Rishi
5 8
64 | 9 Signs You Should Jump Ship FEATURE | CAREERS Poor teamwork, little experimentation, no clear career path—your employer may be sending unmistakable signals of career stagnation. Don't miss them. By Bob Violino
2
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
VOL/9 | ISSUE/10
14 – 17 October Goa, India gartnerevent.com/in/symcio
THE WORLD’S MOST IMPORTANT GATHERING OF CIOs AND SENIOR IT EXECUTIVES Register using promotion code SYMAD1 by 15 August to save INR 11,000
Gartner Symposium/ITxpo at a glance: • Four days • 950+ attendees with 300+ CIOs • Over 125 analyst-led sessions
Driving Digital Business Digital business is blurring the lines between the digital and the physical worlds, disrupting all industries and redefining the role of IT. At Gartner Symposium/ITxpo 2014, CIOs and senior IT executives will learn how to realize, build and optimize digital opportunities, move digital business from theory to practice, and evolve their own IT leadership to become indispensable in the new digital business world.
• Exclusive CIO Program • Five role-based tracks • 270+ organizations • 30+ Gartner analysts on-site • 40+ solution providers
LUMINARY GUEST KEYNOTE Lewis Pugh Ocean advocate, maritime lawyer and a pioneer swimmer
CIO PROGRAM KEYNOTE Anupam Kher Padma Shri award-winning actor
DEPARTMENTS 1 | From the Editor-in-Chief Hybrid Surge By Vijay Ramachandran
7 | Trendlines
5 0
Electronics | A Reel Death Applications | The Garden of Edyn Robotics | Robo Museum Guide Wearables | Happiness Quotient Supercomputers | Reborn from the Crap Components | Computer-abled Popular Science | Monkeys Love to Gamble Consumer Electronics | Anyone Can be a Weather Reporter Environment | Tech to Ease Beijing’s Breathing Social Media | Challenge of the Century: Quit Facebook By the Numbers | Software Status: Unlicensed
22 | Alert Threat | A Mole in Your Bay Breach | Security Nightmares
50 | Where the Customer Comes First CXO AGENDA | OPERATIONS Why Somesh Chandra, Director-Customer Service, Operations, Technology and chief quality officer, Max Bupa, believes in putting his customers on a pedestal and is banking on IT to keep them there. By Shubhra Rishi
Column
52
30 | The Robot Apocalypse ROBOTICS Robots are coming, and they will eventually take many of our jobs.
77 | Essential Technology Networking | SDN to the Rescue Cloud Computing | Private Cloud GuideWork
80 | Endlines Internet of Things | Robot Stands Guard By Madhav Mohan
3 4
By Rob Enderle
34 | Wasted Wearables? WEARABLES Wearable tech devices promise to improve health, fitness and wellness. To have that impact it must go beyond telling people things they already know. By Brian Eastwood
4
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
VOL/9 | ISSUE/10
CIO Online
.in CIO ADVERTISER INDEX
Accenture Services Pvt. Ltd
[ CI O TV ]
BC
Bharthi Airtel Ltd
17, 18 &19
Video Library
Business Software Alliance
5
Cyberoam Technologies Pvt. Ltd
9
From peer-to-peer advice, and new technology developments to international events, our videos cover everything that affects you. Keep yourself abreast with the world of IT, watch our videos on cio.in.
Gartner India Research & Advisory Services
[ Ca se S tudies ] Real Solutions
To know about the different business challenges that companies in your industry and beyond faced and how their IT departments came to their rescue, read our case studies. Real problems. Real people. Real solutions. cio.in/find/case_study
[ S l i des hows ] From the IT in the World Cup to other tech projects, view our slideshows.
Pvt Ltd
3 + flap on cover
IBM India Pvt. Ltd
IFC
Microsoft Corporation (India) Pvt. Ltd. 28 & 29 SAS Institute (India) Pvt Ltd
15
Schneider Electric IT Business India Pvt Ltd. IBC Starcom of Denuo Ltd Taiwan Branch(Delta)
11
Tata Communications Ltd
12 & 13
Vodafone India Ltd ( Corp)
insert
[ Su r veys ]
By the Numbers Our surveys are a treasure trove of technology, staffing, security trends and beyond. They mirror economic realities and how they impact you. Visit the By the Numbers section online. cio.in/by-the-numbers
[ N EWS ] Our CIO World newsletter gives you a daily dose of everything that impacts you, your staff, and your business. Log on to check out the latest news.
Don't receive our newsletters? Log on to our website to subscribe today!
>> cio.in/news
Read More@ cio.in 6
>> Case Studies >> Whitepapers >> Articles >> Slideshows >> CEO Interviews >> Events
J U LY 1 5 , 2 0 1 4 | REAL CIO WORLD
FOLLOW US ON www.facebook.com/CIOIndiaIDG twitter.com/CIOIn
This index is provided as an additional service. The publisher does not assume any liabilities for errors or omissions.
VOL/9 | ISSUE/09
E D I T E D B Y VA I S H N AV I D E S A I
NEW
*
HOT
*
UNEXPECTED
A Reel Death It gets weirder: Compared to the overall study population, the study participants who watch more than three hours of TV daily are 44 percent more likely to die from heart disease or stroke, 21 percent more likely to die of cancer, and 55 percent more likely to die from something else. The amount of TV watching made the difference; age, sex, smoking, weight, and diet did not. Why is long-term TV watching so deadly? No one knows. Dr. Martinez-Gonzalez thinks it may be due to people binging on junk food while watching TV, but who does that? No one we know. Um. Predictably, the experts are advising people to watch less TV and get more exercise to avoid these negative effects.
TRENDLINES
First the experts told us that sitting too long at our computer screens can cut our life spans, due to a lack of exercise and gaining weight. But now they’re saying that watching House of Cards from start to finish is also seriously dangerous for our health—and not just for old folks! That’s right: An ongoing Spanish study tracking 13,284 affluent, healthy people with an average age of 37 found that people who watch lots of TV are at a much greater risk of dying. To be precise, “Participants reporting three or more hours a day of television viewing had a twofold higher risk of mortality than those reporting less than one hour a day,” said Dr. Martinez-Gonzalez of the University of Navarra, writing in the Journal of the American Heart Association. Apparently the risk of dying for this youthful group of binge TV-watchers is higher than that for those same-age people who sit at a desk all day, or drive a car for a living!
ELECTRONICS
—By James Careless
The Garden of Edyn
VOL/9 | ISSUE/10
bigger, healthier plants, even if they’re a complete novice in the garden. Edyn’s garden sensor measures how much light, water, and fertilizer your plants are receiving, collecting this data via a long metal probe that you stick in the ground in your garden. Sensors at ground level detect the ambient temperature, light, and humidity, while sensors in the probe measure the soil’s moisture, acidity, and fertility. The system uses Wi-Fi to send all that data up to the cloud, where it’s analyzed along with the data you entered into the Edyn app about what you’ve planted, and weather data based on your location. That lets the
cloud intelligently control the other half of the system, the Edyn water valve, which has regular hose threads to connect to your water source: Drip irrigation, soaker hose, or even a plain old sprinkler. Aside from just telling you what your plants need, the app can even recommend a mix of plants that should thrive in your garden’s conditions. If the shipping hardware is as wellbuilt and expensive-feeling as the working prototype I saw, and the app as beautifully designed and informative, I think Edyn could really grow.
IMAGE: BABAK ZIAIE/PURDUE
APPLICATIONS The smart yard is not a 3-foot ruler with Bluetooth—it’s a gardening system that waters intelligently based on what your plants need for their exact conditions. And Edyn wants to make it possible. The Edyn gardening system’s Kickstarter campaign ends Tuesday after easily blowing by its initial goal of $100,000, but it’s already a working product—I saw it in action in a pleasant rooftop garden on a sunny but windwhipped San Francisco afternoon. Founder and soil scientist Jason Aramburu explained how Edyn’s solarpowered, Wi-Fi-equipped, sensor-packed system is designed to help anyone grow
—By Susie Ochs REAL CIO WORLD | A U G U S T 1 5 , 2 0 1 4
7
Robo Museum Guide R O B O T I C S They might not be your idea of the ideal museum guide, but two androids designed to be lifelike have landed “jobs” at a prestigious Japanese technology center.
— By Tim Hornyak 8
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
Happiness Quotient W E A R A B L E S Hate your work place because it gives you no scope for any kind of physical activity? You probably don’t work at the Happiest Minds campus in Bangalore. The IT services and consulting firm is among the first in the country to use wearable technology to ensure the physical wellness of its staffers. Today, close to half of the company’s workforce uses a wearable pedometer, produced by Bangalore-based start-up GetActive that monitors their physical activity. At a time when wearable tech is still largely restricted to the consumer world, Happiest Minds is nudging it into the enterprise. The stylish device, when worn by an employee, tracks the number of steps they take, the distance they cover, and the number of calories they burn. It also tracks how much they sleep. But unlike many wearables in the market, this pedometer allows users to see their activities on an interactive dashboard. The device can be directly connected to a laptop to analyze the data. “We conduct ‘virtual walkathons’ for employees. The dashboard is integrated with google maps, so people can see the places covered and compare their progress with the ‘buddies’ who are competing with them.” says Gaurav Saini, associate director of People Practice team at Happiest Minds. The device ensures users achieve the ideal scenario of at least 10,000-12,000 steps a day. What’s more, walking is now an act of philanthropy at Happiest Minds. Through a tie-up with a local NGO, the company’s management converts ‘steps’ into meals for under-privileged children. Every 1,000 steps covered by the employees is considered as one meal by the company management. All the more reason for walking!
—By Radhika Nallayam
VOL/9 | ISSUE/10
IMAGES BY AVIATION TO DAY
TRENDLINES
Named Kodomoroid and Otonaroid, the droids are designed as hyper-realistic androids that look like a girl and a woman, respectively. At a press event, former astronaut Mamoru Mohri, director of the National Museum of Emerging Science and Innovation (Miraikan) in Tokyo, presented Otonaroid with its official credentials. Otonaroid accepted the paper, awkwardly grasping it with its fingers coated with synthetic skin. The robot’s business card, which bears the title “science communicator,” was handed out to reporters. It chatted with attendees after Kodomoroid announced the latest earthquake news. Powered by compressed air and servomotors, the androids can be remote controlled but they cannot walk around. They can move their upper bodies, arms, fingers and heads and also show a range of facial expressions while lip-synching prerecorded speech. Kodomoroid is linked to the Internet read the latest news when the machines went on display. Otonaroid can be controlled by visitors so they can experience what it’s like to have a robot surrogate. A third droid being put on display at the Miraikan is Telenoid, a toddler-sized, remote-controlled humanoid that was first shown off in 2010 as a way to convey emotions through a machine surrogate. Lacking the realism of Kodomoroid and Otonaroid, its pale body has been compared, unfavorably, to an overgrown fetus. They’re the handiwork of a team led by Hiroshi Ishiguro, an Osaka University and Advanced Telecommunications Research Institute International (ATR) roboticist who has been creating extremely lifelike androids for years. He’s known for creating an android “clone” called Geminoid that is the spitting image of himself. A kind of “Pinocchio” moment occurred when Kodomoroid asked Ishiguro why he had created it. He responded that he wanted to create a child news announcer. “I hope these new science communicators can help increase the numbers of return visitors to the museum,” Mohri said.
Reborn from the Crap An older supercomputer from the Los Alamos National Laboratory has been cannibalized and rebuilt into a new one, thanks to a team from Carnegie Mellon University. The older system was called Cerrillos, which was once the 29th-fastest supercomputer in the world, according to the Top500 list from November 2009. Cerrillos was a smaller offshoot of Roadrunner, a more powerful machine that was once the fastest in the world, and the first to break the 1 petaflop performance barrier. Both machines were shut down in 2013. Four hundred and forty-eight blade computers from Cerrillos will be used to power Narwhal, a far smaller computer with a total of 1,792 processor cores to Cerrillos’ 14,400. The project’s leader, computer science professor Garth Gibson, said in a statement that the new machine will nevertheless be a powerful teaching aid. Narwhal will use the Roadrunner/Cerrillos technology somewhat differently, according to CMU. The original systems used large numbers of IBM Cell processors for computational heavy lifting, alongside AMD Opterons for more basic workloads. Narwhal won’t need as many specialized Cell processors, so the institution opted for additional AMD blades. CMU said that Narwhal’s main use will be as a teaching tool for students conducting research into parallel computing and infrastructure. The school will also purchase a 400-disk storage array to complement Narwhal. —By Jon Gold
A New Galaxy of CIOs Emerging technologies are having a profound effect on the role of a CIO. Among them, mobility tops the list, across verticals and company sizes.
TECHNOLOGY
Technologies That are Affecting the CIO Role
63%
48%
Mobility
Analytics
39%
Consumeriztion of IT
40% Cloud
Source: CIO Mid-year Review 2014
10
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
Computer-abled C O M P O N E N T S Thanks to a computer chip, algorithms and nearly 10 years of research, a 23-year-old quadriplegic moved his fingers and hand with the power of his own thoughts. “I never dreamed I would ever be able to do that again,” said Ian Burkhart, of Dublin, Ohio. Burkhart, who was injured in a 2010 diving accident, is the first patient to use Neurobridge, an electronic neural bypass system developed at the Ohio State University Wexner Medical Center. The system, which is aimed at spinal cord injuries, is designed to reconnect the brain directly to muscles, allowing voluntary and functional control of a paralyzed limb. The technology may one day give self-propelled movement back to patients affected by brain and spinal cord injuries. Burkhart, according to the university, is the first of five potential participants in a clinical study. He has begun a six-month clinical trial that required a three-hour surgery to implant a chip into his brain. In a laboratory at the Ohio State University Wexner Medical Center, a 23-year-old quadriplegic man moved his paralyzed hand with his own thoughts. The internally funded project, which has been in the works for nearly a decade, uses algorithms constructed to learn and decode the user’s brain activity, along with a muscle stimulation sleeve that translates neural impulses from the brain and transmits new signals to the paralyzed limb, the university reported. A chip, smaller than a pea, also needs to be implanted on the motor cortex of the patient’s brain. The chip is designed to interpret the user’s brain signals and send them to a computer, which then recodes them and sends them along to the stimulation sleeve. The sleeve then stimulates the exact muscles needed to enact a movement. The university reported that Burkhart’s thoughts are translated into movement within a tenth of a second. Burkhart said he’s hopeful that the technology will give him more control over his body and his life. The work at Ohio State is another step in efforts to use technology to help those suffering from paralysis and other debilitating illnesses. —By Sharon Gaudin
VOL/9 | ISSUE/10
IMAGE: OSUWMC.MULT IMEDIAN EWSROO M.T V
TRENDLINES
SUPERCOMPUTERS
The power behind competitiveness
Delta UPS – Ultron Family DPS Series, Three Phase 60 – 3200kVA • Innovative energy-saving technology • Leading power efficiency up to 96% • High input power factor (>0.99) and low iTHD (< 3%) • Configurable for N+X redundancy and hot-standby • Compact footprint with transformer-less design • 0.9 high output power factor
+91 9999992084 www.deltapowersolutions.com
COMMITTED TO EXCELLENCE:
NEW DELHI’S NEW DATA CENTRE By setting up a new data centre, which is also the 44th overall, Tata Communications is set to take its service capabilities to a whole new level. This new facility is sure to cement the company’s position as a leader in the ICT market.
T
ata Communications, one of India’s leading ICT service providers, recently inaugurated its 44th data centre in New Delhi. This data centre is located in the heart of the city and is an integral part of Tata Communications’ overall objective to strengthen its global data centre footprint. The launch of this data centre positions Tata Communications as a truly panIndia player in the data centre business with continued commitment to growth in this sector. The new data centre, which has an overall
SPECIAL EVENT COVERAGE
available area of 54,000 sq. ft. across two floors, has a power capacity of 4.5 MVA and assures 99.982% of power uptime. Besides, this data centre is one of its kind in that it is the only available tier-3 data centre in New Delhi and also stands on self-owned property. Other key features of this data centre include 5-level security with electric fencing, excellent multicarrier connectivity, and a number of green initiatives that ensure eco-friendliness. As a result, this new facility will be an incredible
addition to Tata Communications’ already active portfolio of data centres that have delivered over 2,500 days of service with 100 percent uptime. At the inauguration, Rangu Salgame, EVP and CEO, Growth Ventures, Tata Communications, spoke in detail about the ICT major’s roadmap to effectively cater to enterprises’ need for robust data storage, scalability, and realtime access. “We are witnessing a surge in data generation and storage needs like never before. Enterprises are contending with trends
SPECIAL EVENT COVERAGE TATA COMMUNICATIONS
such as bring your own device (BYOD), social networking, mobile, analytics and cloud, and Tata Communications is well placed to partner with them through these exciting times. Our global data centre portfolio underpinned with our unmatched network reach provides the infrastructure backbone that our customers can leverage to their advantage. This, our third data centre in Delhi, has been designed and constructed with a ‘no-compromises’ approach: right from LEED Gold certification for the building to free air cooling and scalability to 200,000 sq. ft. and 10 MW,” he said. The Mumbai-headquartered ICT giant recently achieved the distinction of being a “Leader” in international research firm Gartner’s prestigious Magic Quadrant for Global Network Service Providers. It also won Frost & Sullivan’s India ICT Award for the sixth year in a row. On that vein, Benoy CS, director, ICT Practice, Frost & Sullivan, shed more light on Tata Communications’ leadership position in the market. He said, “With an increase in the uptake of cloud services, data centre has become a critical element in every enterprises’ infrastructure strategy. The third party data centre market is poised to grow very fast as many enterprises are now strategizing to avail IT Infrastructure ‘as a service’ rather
than investing in huge captive data centres. Tata Communications has emerged as the Indian Third Party Data Centre Service Provider of the Year 2014 with its extensive product portfolio, channel strategy, and presence across the country. Its data centre solutions enable enterprises to move towards a dynamic infrastructure by leveraging best practices and technologies, thereby helping them to manage costs, improve operational performance and also quickly respond to changing business needs. It also offers tremendous scalability and dynamic responsiveness while providing an energy efficiency and resilient infrastructure.” Tata Communications further plans to invest more than $200 million (about Rs 1,220 crore) towards doubling its data centre capacity in India from 500,000 sq. ft. to 1,000,000 sq. ft. over a period of three years. The data centres it plans to set up will offer a complete array of configuration choices, including shared rack space, full cabinets and cage space colocation along with unlimited scalability in the future. Centrally managed, these data centres will provide customers with optimal performance, reduced TCO, security and effective utilization of resources.
Data about the Data Centre
Area
54,000 sq. ft. across two floors
Power
4.5 MVA
Uptime
99.982% of power uptime
Eco-Friendliness
Multiple green initiatives
Security
5 levels, with electric fencing
Connectivity
Excellent, with multiple carriers
IDG SERVICES
Monkeys Love to Gamble If you’ve ever ridden a hot streak “too long” at a blackjack table or left in a huff after the dealer hit 21 three times in a row, then you are no better at gambling than a rhesus monkey. That’s not exactly the conclusion as articulated by researchers at the University of Rochester, but rather my interpretation of their study that showed monkeys possess the same “hot hand bias” as humans when it comes to gambling. In other words, both species have trouble accepting the reality of randomness. From a university blog post: The new results suggest that the penchant to see patterns that actually don’t exist may be inherited—an evolutionary adaptation that may have provided our ancestors a selective advantage when foraging for food in the wild, according to lead author Tommy Blanchard, a doctoral candidate in brain and cognitive sciences at the University of Rochester. This inborn tendency to feel that we are on a roll or in a slump may help explain why gambling can be so alluring and why the stock market is so prone to wild swings, says coauthor Benjamin Hayden, assistant professor brain and cognitive sciences. “Luckily, monkeys love to gamble,” says Blanchard. Presumably because monkeys would make a mess of playing cards, the researchers devised games that in two instances returned patterned results that were quickly learned, but in a third produced results that were truly
TRENDLINES
POPULAR SCIENCE
random. The monkeys played all three scenarios the same way— even over time—thereby exhibiting the “hot hand bias” that has been the undoing of many a human gambler. —By Paul McNamara
Anyone Can be a Weather Reporter Anyone who’s spent much time in San Francisco quickly learns the limitations of typical weather-forecasting apps: “Today’s high 68 degrees” they’ll say, and in return you’ll scoff “Where?!” Because of the city’s hilly topography, water on three sides, and the movements of its famous fog, temperatures can vary widely depending on what part of the city you’re in. One of the easiest ways to know what the weather is like across town is to just ask someone who’s already there, but that’s kind of a low-tech approach. BloomSky, a startup based in San Francisco, wants to build a network of personal, smart weather stations that you can ask instead. The BloomSky mobile app will be free for anyone to use, but it pulls its hyperlocal weather data from a network of BloomSky weather stations—the company is currently beta-testing stations around the Bay Area, with input from a Stanford meteorologist on where to place them to cover the whole city of San Francisco.
CONSUMER ELECTRONICS
14
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
The weather station, which was successfully funded on Kickstarter, contains an HD camera that’s pointed at the sky and takes photos every three to five minutes, dawn to dusk. It’s also packed with sensors to measure the UV index, humidity, barometric pressure, temperature, and rain fall. The weather station’s outdoor module can be staked into the ground or mounted to a roof, wall, balcony, or patio, and an optional solar panel can be mounted alongside to provide power. All the data is sent up to the cloud over your home Wi-Fi network, along with the images captured by the HD camera, which can pivot up to 45 degrees so you can find a nice patch of sky to watch. BloomSky’s app will use data from those Weather Underground stations for the first year while building up its own network. You can even get push notifications when the weather is about to change at the location of your BloomSky module. —By Susie Ochs
VOL/9 | ISSUE/10
Tech to Ease Beijing’s Breathing China’s nagging pollution problems could start to abate with the help of an IBM project that seeks to predict and control the air quality in Beijing, using new computing technologies. IBM recently announced it was partnering with the Chinese capital to address the city’s ongoing air pollution woes. Populated by over 21 million people, Beijing is one of the country’s largest municipalities. But it’s also among the Chinese cities with some of the worst air quality in the nation, with pollution levels often rising to hazardous levels. Causing the smog are the millions of cars in Beijing, the surrounding factories, fossil fuel burning power plants, and the pollution coming from other neighboring cities. Despite the complexities, IBM wants to accurately map the problem with computer modeling. “You could then take a lot of actions to improve your air quality,” said Jin Dong, an IBM Research director involved in the project. IBM is hoping to design a better system tailored for Beijing that can predict air quality levels three days in advance, and even pinpoint the exact sources of the pollution down to the street level, explained Dong. IBM has 20 years of experience in weather
TRENDLINES
ENVIRONMENT
modeling, he added, but forecasting the air quality will require new computer modeling to take into account all of Beijing’s different pollution sources. Along with the city, IBM is also partnering with academics and industry players to pull pollution-related data from local air quality monitoring stations, weather satellites, and the company’s own optical sensors. The pay-off could be big. By successfully forecasting Beijing’s pollution patterns, the system could also suggest preventive measures to keep the city’s air quality from approaching hazardous levels. The government would know when to reduce production at certain factories, or where to limit car traffic, said Xiaowei Shen, director of IBM Research in China. IBM’s partnership with Beijing is just part of the US company’s larger effort, called Green Horizon, to work with China in solving its environmental and energy issues. IBM will need not just technology to solve the problems, but also participation from the entire industry. The company hopes that the Green Horizon project can attract more partners, Shen said.
— By Michael Kan
What would you do with your time if you gave up Facebook for 99 days? Stepping away from the comments, posts, likes and selfies for 99 days could give you more time to read a book, hang out with friends or go for a bike ride. A non-profit group out of The Netherlands—dubbed 99 Days of Freedom—is challenging Facebook users to step away from the social network for 99 consecutive days and then report back on how the break affected their happiness. The challenge comes in the wake of last week’s worldwide brouhaha over news that 700,000 Facebook users were surreptitiously used in a psychological study for a week in 2012. Facebook declined to comment on 99 Days of Freedom. Patrick
SOCIAL MEDIA
16
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
Moorhead, an analyst with Moor Insights & Strategy, said the effort is likely an emotional response to Facebook’s psychological experiment. “There are benefits for any user to question their time and how frequently they use Facebook,” he added. “In a way, we are addicted to Facebook. Our friends and family are on it, so we have a hard time getting away.” So far, the non-profit site reports that more than 1,160 people have agreed to take up their challenge. That’s a drop in the bucket for a social network with more than 1 billion users, but the organizers hope the number will grow exponentially as word gets out. A non-profit group from The Netherlands has launched a campaign
to get Facebook users to quit the site for 99 days. The group even walks potential users through some steps that would make taking a break even easier. For instance, the instructions show how to replace your profile picture with a time-off image and how to create a 99-day countdown clock. Participants also are asked to complete an anonymous “happiness survey” at the 33-day, 66-day and 99-day marks. The results will be posted on 99daysoffreedom.com, which will also host a message board where participants can discuss their experience.
— By Sharon Gaudin
VOL/9 | ISSUE/10
IMAGE: T HINKSTO CKP HOTOS
Challenge of the Century: Quit Facebook
Becoming a Formidable Services Institution The BFSI sector is going through a sea of change with respect to the way services are delivered to end-customers. Ashish Arora, CMO, Airtel Enterprise and Government Business, shares insight on how Airtel is helping BFSI companies innovate and transform their modes of service delivery.
T
he banking financial services and insurance (BFSI) sector is generally conservative—the reason for its initial hesitance to adopt new-age technologies such as mobility, cloud computing, and video. However, of late, the sector has begun embracing these technologies with open arms. As a solutions provider enabling close to 70 percent of organizations in the Indian BFSI market, Airtel has observed that four broad trends are defining the direction for BFSI companies today and will do so in the near future. The four trends are as follows:
Digital Crossing: The BFSI sector today is sitting on the cusp of a digital crossing, where every process—customer experience or operational efficiency— is getting ‘mobified’ or ‘digitized’. For instance, there is a massive surge in the adoption of dedicated apps and tablet banking among banks, while insurance companies are increasingly deploying mobile productivity apps to help their agents tap the humongous uninsured rural population in India. With the increasing penetration of smartphones and data services, we foresee that mobification and digitization shall touch many more BFSI institutions in the near future, enabling them to grow their business and ensure superior customer experience. Empowering the Last Mile to the Customer: Today, a lot of the banking services in remote locations are being facilitated by correspondent- or a partnerled model where these partners are a critical last mile to service end-customers. Ensuring they have access to the latest
ADVERTORIAL AND PROMOTIONAL FEATURE AIRTEL
Airtel’s core strategy involves enabling business transformational solutions on mobile devices, thereby becoming an BFSI enterprise enabler. ASHISH ARORA CMO, Airtel Enterprise and Government Business data in real-time for effective service is motivating BFSI companies to innovate and transform the means of collaboration, communication, and connectivity.
Enabling Greater Financial Inclusion: This is an agenda being driven by the government and the regulators. Today, India’s banked population is about 400 million, while unbanked population stands at about 700 million. Sixty percent of new branches in India will be opened in unbanked locations. Unfortunately, connectivity to most of these areas is impeded by geographical and infrastructure limitations. However, the good news is we have mobile connectivity touching 900 million people. As a result, mobile would emerge as a crucial route to bank the unbanked and insure the uninsured. The exponential rise in adoption of smartphones and data services comes as an icing on the cake to extend the opportunity to the BFSI companies to innovate and differentiate.
Digital Signage for a Leading Global Bank A leading global bank wanted to promote its brand, products, and offers across 1,000 branches. It wanted a solution through which a central team could broadcast multimedia messages, anytime, any branch. Digital signage was the default choice, but finding the apt signage solution wasn’t easy. It needed central view and management of displays across locations, no hassle of hardware maintenance, managing connectivity and support, and a ready to be on-air anytime experience. The bank chose Airtel’s Digital Signage solution, which enabled a cloud platform rendering any multimedia format, pan-India management and support, end-to-end implementation, central view and control. As a result, the bank now enjoys lower perceived wait time, enhanced customer experience, consistent communication, branding and dynamic promotion at each touchpoint, and faster TTM for promotional campaigns.
Datafication of BFSI: Another trend to watch out for is the increasing demand for big data and migration to the cloud across the BFSI sector due to the increasing emphasis on data, data analytics, and data security. The Telecom Throttle In such a dynamic scenario, telecom service providers stand to play a major role in enabling cutting-edge solutions for BFSI companies. We can offer solutions cutting across the communications, connectivity, collaboration, and customer experience layers. Take, for instance, a leading private sector bank that wanted to speed up its account opening process in order to increase the number of saving accounts in under-banked areas. We made this happen for them by designing an end-to-end tablet banking solution that includes tablets with 3G for last mile connectivity, apps for real-time account opening and instant document upload, real-time prompts on offers and schemes,
Benefits Enhanced customer experience
Faster time-to-market for promotional campaigns
Branding and dynamic promotion at each touch-point
ADVERTORIAL AND PROMOTIONAL FEATURE AIRTEL
Toll-free Data for ICICI Prudential Mobile data usage is expected to go through the roof in the coming years. Due to this, employees might shy away from the perceived costs of enterprise mobility. ICICI Prudential started consciously working towards freeing its employee of this burden. It had mobile-enabled its field force and advisors with tablets to login into their enterprise applications. The field force and advisors had inhibitions to access online applications through tablets due to data costs involved. Despite distributing tablets across to 3,000 field advisors, ICICI Prudential was not able to push usage beyond 20 percent. That’s when the insurance giant decided to make browsing and usage on the portal free for its field force and advisors. After evaluating all their options, ICICI Prudential chose Airtel to help them out. With a quick turnaround, Airtel provided a competent solution that could always be scaled up or down. It also provided free website access to tablet users, even while roaming and irrespective of the type of content being accessed—all this without a huge rise in costs in less than two months’ period.
and AAA authentication for data security. Our superior capabilities and expertise as a leading global telecom operator was the main reason we could offer such a robust solution that encompasses all crucial aspects of communication and connectivity.
Airtel’s Value Proposition There are several reasons to say that Airtel is the one telecom provider that’s best-suited to help BFSI companies in their journey to deliver exceptional service to customers irrespective of their location. Here are the three major factors that contribute to Airtel’s leadership in the market:
Expertise: We have a wide array of endto-end solutions tailored specially for the BFSI segment. Take, for instance, the aforementioned tablet banking solution we offered the private sector bank; it consists of a 3G-capable tablet with a private APN and MDM solution. Besides this one, there’s also a mass mobile banking (USSD self-service) solution and desktop/mobile VC over 3G for tellerless branches.
Experience: We have gone past the proof of concept stage and have live solutions for several BFSI customers. Some of the innovative solutions that Airtel has deployed include: � VC over 3G tablets for a leading private bank that wanted to offer personalized wealth management service to high networth individual (HNI) customers
Toll-free data to a leading bank to free their tablet-enabled field force and agents from the data cost burden of using office applications on the tablet � Digital signage for a leading BFSI enterprise to build brand recall at its branches Security has always been a major concern for the BFSI segment. The need for a proactive, strong security backbone would be even pronounced now, with the arrival of mobile, cloud computing, and video into the scene. Having realized this early on, Airtel, today, offers an entire suite of secure banking solutions including ATM surveillance solution, white label ATM security, DR on cloud services, DDoS detection and mitigation services, and MDM/ secure container for mobile data. This secure suite of solutions is sure to help BFSI companies deliver superior experience to the fast evolving digital customer of today, and, as a result, stay ahead of the competition curve. �
Exceptional Innovation: Airtel has been innovating consistently to meet the nextgeneration demands of the BFSI sector. In the coming few months, we plan to roll out next-generation mobile and connectivity solutions. Some of them are video call centers over websites to 3G as a last mile access for ATMs for greater financial inclusion, 3G for rural banking, etcetera. We
also plan to strengthen our security suite by enabling security for banking transactions.
Airtel’s BFSI Focus As has been mentioned already, digitization and mobification are introducing new demands with respect to how BFSI services are delivered to end-customers. In particular, millennials (those under the age of 30) have distinct preferences regarding financial services and digital technology. Airtel’s core strategy for the BFSI segment involves leveraging in-depth BFSI domain knowledge to offer cutting-edge end-toend digital solutions, thereby becoming an enterprise enabler empowering more and more BFSI organizations to embrace the digital journey.
To know more, please write to business@in.airtel.com or visit http://www.airtel.in/business
This article is brought to you by IDG Services in association with Airtel Business
COMPILED BY TEAM CIO
Best Practices
Software Status: Unlicensed
U
In terms of commercial value of unlicensed software, India stands at the third position, after US and China.
TRENDLINES
Unlicensed software is wreaking havoc in organizations world over. Worse, it’s exposing the lack of awareness in organizations when it comes to use of unlicensed software. According to BSA Global Software Survey, the commercial value of unlicensed software in India is $2,911 (about Rs 1.7 lakh). That puts the country in the third position—after US and China—in the unlicensed software market. This is a clear indication of the rising threat from unlicensed software. These threats can include data loss, unauthorized access to company information, loss of intellectual property or proprietary information. What’s intensifying the problem is a lack of awareness about unlicensed software. Even though the unlicensed software market in India is big, only 33 percent of companies have written policies in place requiring the use of properly licensed software. Globally, only 48 percent of CIOs are confident that their company’s software is properly licensed. If organizations can fix the lack of awareness about unlicensed software creeping in their organizations, then they can prevent security threats to a large extent.
1
CONDUCT employee workshops and regular software audits to help businesses of all sizes ensure they are staying compliant.
2
LEAD by example and ensure your organization uses fully licensed software for its operations.
3
CREATE policies pertaining to the proper use of software in the organization to prevent security threats.
Unlicensed Software a Menace in India Does your organization have a policy around the use of licensed software?
60%
Of the software installed on personal computers in India in 2013 were not properly licensed.
No/ Don’t Know
42%
Workers CIOs
14%
Informal Workers
32% CIOs
Written Workers
26% CIOs
51%
33%
Of companies in India have written policies in place requiring use of properly licensed software.
35% SOURCE:BSA GLOBAL SOFTWARE SURVEY
20
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
VOL/9 | ISSUE/10
Presents
CIO100 HALL OF FAME 2014
WWW.CIO100.IN
4 - 5 SEPTEMBER 2014 | JW MARRIOTT, PUNE
alert
ENTERPRISE RISK MANAGEMENT
A Mole in Your Bay T
IMAGES BY THINKSTOCKPHOTOS.IN
The typical organization loses 5 percent of its revenues to fraud by its own employees each year, with most thefts committed by trusted employees in executive management, operations, accounting, sales, customer service or purchasing, according to the Association of Certified Fraud Examiners (ACFE). This type of malicious behavior by “privileged users” who have been given broad access to the company’s computer assets has captured the attention of CIOs across the country. It’s no mystery why: Insider breaches can damage a company’s reputation, market advantage and its bottom line, stretching into billions of dollars. Despite the increased awareness and severity of the risk, a recent Ponemon survey of 693 IT professionals, commissioned by Raytheon revealed only 40 percent
of IT budgets have dedicated funding to fight insider threats. There is a reason for lack of funding. IT security budgets are largely targeted to defend against external threats, which are greater in number, but not necessarily as devastating in severity and damage to an organization. The irony of this is highlighted in the same survey: 45 percent say it’s likely that social engineers from outside the organization will target privileged users to obtain their access rights. This underscores that “insider” does not mean a person has to be physically based in an organization and that privileged users should truly be the focus when we talk about insider threats.
Who is the Privileged User?
In any company, the privileged user is an employee with authority to access more than usual company data or make changes to the company network. Companies need privileged users because they have access to source code, file systems and other assets that allow them to upgrade the systems or make other technical changes. Because they have greater access to the network and are limited by fewer controls, privileged users can access more of their companies’ intellectual property, such as corporate data or confidential product information. They often have the ability to easily get around controls that restrict other non-
FINDINGS
Security Nightmares With the deployment of advanced technologies, the discussions around security have become more important. Here are the top three areas of concern when it comes to security breaches.
Security issues CIOs are concerned about 26%
Increase in datacenter complexities
21%
Security in the cloud
13%
Mobile security requirements
78%
Of Indian CIOs stated that they would spend more on security management and planning in 2014. SOURCE: CIO Mid-year Review 2014
22
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
VOL/9 | ISSUE/10
Presents
CIO100 SPECIAL AWARDS The
BUSINESS ASSURANCE CHAMPIONS 2014
WWW.CIO100.IN
4 - 5 SEPTEMBER 2014 | JW MARRIOTT, PUNE
alert
ENTERPRISE RISK MANAGEMENT
privileged users and they sometimes abuse what should be temporary access privileges to perform tasks. An example illustrates the problem: Bob is logged in with ordinary network access privileges but receives a help desk ticket that requires him to log out and log back in as a system administrator. Once the task is performed, Bob remains logged in as the system administrator with elevated privileges, exposing the network to a much greater security vulnerability if he were to be victimized by a cyberattack. One way to tackle it is by focusing on Privileged User Monitoring and Access (PUMA), which relies on monitoring human behavior to determine the context of the behavior and people’s intent as well as automated tools such as video replay to keep an eye on privileged user activities. Monitoring human behavior is especially important with privileged users because they often have the know-how to cover their tracks, a feat that becomes much harder with video replay and other technologies that can have a deterrent effect by their presence. If privileged users know you’re monitoring their activity, they’re less likely to behave badly. At the core of the privileged user problem is this dichotomy: With greater access to a company’s computer assets comes greater security risk. The privileged user can be a company’s security enforcer but also its greatest security risk. The privileged user threat shows no signs of diminishing, in part because of economic pressures that have forced companies to try and do more with smaller staffs, leading to stressed out
employees who are likely to be more careless about their use of elevated access privileges. And in today’s environment companies have a greater responsibility to report data losses of all sizes, so data theft by privileged users on the inside attracts widespread attention with significant negative impacts on the company’s reputation and stock price. It all adds up to a realization by companies that the biggest cyberthreat to their organization may not be from an external attack. The most serious threat may be from an unknowing “privileged user” colleague right down the hall.
Mitigating the Risk Survey respondents said the two biggest challenges companies face when addressing insider threats are having enough contextual information provided by security tools (69%) and security tools that yield too many false positives (56%). Endpoint monitoring and auditing tools allow visibility and context, alleviating these challenges. Additionally, the best approach to mitigating privileged user abuse is to develop a comprehensive and layered strategy that implements best practices, involves process and technology, and most importantly, involves a better understanding of human behavior. It is a common myth among IT management staff that auditing privileged user activity is too difficult and complicated.
The truth is that privileged user auditing does not have to be a complicated technical challenge if the auditing and monitoring process is flexible, policy-based, and provides irrefutable attribution to a particular privileged user. The knowledge alone that an organization uses auditing and monitoring technology is a huge deterrent against privileged user abuse. While there are a variety of tools that address different aspects of privileged user security, there is no single technology that fully mitigates the problem. Gartner identifies solutions used for privileged account management (PAM) as a set of technologies enabling enterprises to address these specific needs: Your company needs its privileged users—perhaps the most valuable players in any organization. However, these are the very same people who can also become a super threat if not properly monitored. Organizations can protect themselves from privileged user threats by implementing best practices and implementing a flexible policy-based monitoring solution that ensures enterprise-wide visibility into privileged user activities. The key to mitigating privilege user abuse is the ability to determine context and intent, which can only be accomplished by monitoring human behavior. CIO
Michael Crouse is Director of Insider Threat Strategies at Raytheon. Send feedback to editor@ cio.in
[ONE LINER:]
Going forward, security teams are going to be more business engaged than they were in the past. —VISHAL SALVI, CISO, HDFC BANK
24
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
VOL/9 | ISSUE/10
Presents
KEYNOTE SPEAKER RON KAUFMAN Founder and Chairman, UP! Your Service and author of 15 books including the bestseller Uplifting Service
WWW.CIO100.IN
4 - 5 SEPTEMBER 2014 | JW MARRIOTT, PUNE
alert
ENTERPRISE RISK MANAGEMENT
Rise of the Digital Risk Officer
26
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
and allocations of responsibility, as well as the development of new capabilities in security and risk assessment, monitoring, analysis, and control. “DROs will influence governance, oversight and decision making related to digital business. This role will work with CEOs and managing directors in various capacities to better understand digital business risk and facilitate a balance between the needs to protect the organization and the needs to run the business.” Trying to bridge the “cultural gap” between DROs and CEOs presents a significant challenge, however. “Many executives believe technology—and technology-related risk—is a technical problem, handled by technical people, buried in IT. If this
Thief in The Trap
A
new security role called the Digital Risk Officer (DRO) is emerging in response to new cyber threats introduced by the Internet of Things (IoT), according to Gartner United States distinguished analyst Paul Proctor. He has forecast that some enterprises will have a DRO or equivalent role by 2017 to handle risks that may emerge from the IoT. “DROs will require a mix of business acumen and understanding with sufficient technical knowledge to assess and make recommendations for appropriately addressing digital business risk,” he said in a statement. According to Proctor, the scope of a DRO is “very different” to that of a chief information security officer (CISO). “The DRO will report to a senior executive role outside of IT such as the chief risk officer, chief digital officer or the chief operating officer. They will manage risk at an executive level across digital business units working directly with peers in legal, privacy, compliance, digital marketing, digital sales, and digital operations,” he said. According to Proctor, IoT and connected devices form a “superset of technology” that challenges the ability of existing cyber security structures, skills and tools to manage technology risks. “Simply expanding the portfolio of the existing IT security team to include technology risk for all Internet-aware technology is not viable,” he said. “New technology managed outside of the IT department requires skills and tools beyond the competence of the IT security team in its current responsibilities, and the teams involved in management of these technologies are culturally distinct from the IT department.” In addition, he said the development of a digital risk management capability requires deconstruction and re-engineering of enterprise structures
gap is not bridged effectively, technology and consequent business risk will hit inappropriate levels and there will be no visibility or governance process to check this risk,” he said. According to a Gartner CEO and senior executive survey conducted in April 2014, 50 per cent of the 410 CEOs, CFOs, COOs, and other executives who took part said they will have a senior digital leader role in their staff by the end of 2015. The survey was conducted in Asia Pacific, North America, Europe, Japan, Brazil, South Africa and the Middle East.
Hamish Barwick writes on security. Send feedback to editor@cio.in
Tokyo police arrested a systems engineer accused of stealing millions of customer names from the computer database of a large education firm to sell them for profit. Masaomi Matsuzaki, a 39-year-old temporary staffer, was arrested for violation of the unfair competition prevention law, a spokesman for the Metropolitan Police Department said. Matsuzaki allegedly copied personal data related to at least 7.6 million customers of Benesse, the parent company of Berlitz language schools in Japan. The information was allegedly copied at the Tokyo office of Synform, a Benesse-affiliated website development company where the engineer had been dispatched by a staffing agency. Matsuzaki may have gained access to the data because of lax access controls, according to local news reports. The data was saved on a portable recording device such as a USB memory stick, sold to a broker of name lists for millions of yen (tens of thousands of US dollars) and later used for direct mailing, according to Japanese media reports. The information, which contained names, addresses, birth dates and phone numbers, could include up to 20.7 million items, Benesse said in a statement. It had speculated the information was stolen by an outsider who had authority to access its database. The Benesse breach is one of the largest-ever data leaks in Japan, a spokesman for the Consumer Affairs Agency said. — Tim Hornyak
VOL/9 | ISSUE/10
Presents
CIO CONVERSATIONS on
THE POWER OF VISUAL ANALYTICS
WWW.CIO100.IN
4 - 5 SEPTEMBER 2014 | JW MARRIOTT, PUNE
Towards Growth,
Together
One reason for the phenomenal growth of the Indian IT industry is the collaboration between major players. To foster this spirit of togetherness and take it to the next level, Microsoft recently held an MNC IT Summit in Bangalore.
M
icrosoft India recently organized the first ever MNC IT Summit in Bangalore. The Summit brought together over 70 leaders of Indiabased IT organizations of multinational corporations (MNCs) in an endeavor to shape their collective vision for the industry and identify areas for collaboration. The attendees represent Fortune Global and Forbes 1000 companies with combined
SPECIAL EVENT COVERAGE
annual revenues in excess of $2 trillion, employing six million people globally including more than one million in India. The Global In-house Centers (GICs) of these MNCs provide a range of services to their parent companies—IT services, Business Process Management, and Engineering R&D. India’s GIC exports are expected to reach $17 billion (about Rs 1.04 lakh crore) in 2014.
The theme of the summit was “What will it take for the MNC IT Community to increase its impact ten-fold in five years?” The MNC IT leaders articulated their vision, approach, and path forward for their community. They committed to work together in enhancing India’s IT brand to attract more MNCs to set up IT centers in India, and called for sharing of best practices to help expand existing
centers and enable them move up the IT value chain by doing mission-critical work from India. The event was kicked off by Microsoft India’s chairman, Bhaskar Pramanik, who said, “The IT-GICs have been playing an important role in adoption of cutting edge technology by their organizations. At Microsoft, we are committed to strengthen the ecosystem with future-ready productivity and platform tools for the mobile-first, cloud-first world.” Further, Microsoft’s CIO Jim DuBois, spoke on the tremendous growth in the Indian IT space. “It has been amazing to watch the IT industry grow and evolve in India. Cloud is the next big trend that is driving the next wave of IT growth and transformation, not just for large enterprises but also for SMBs, governments and citizens,” he said. Taking cue from DuBois, Microsoft IT India’s MD Raj Biyani said, “By collaborating closely, the leaders of the MNC IT units can boost India’s IT ecosystem exponentially in the next five years,” he said. He also shared key insights
from the three-year journey that fundamentally transformed Microsoft’s own IT-GIC into a talent hub—a transformation that has been documented in recent case studies by the Harvard Business School and IIM-Calcutta. The Summit included keynotes, panel discussions, and focused workgroup sessions by prominent speakers from academia, business, government, and media including Adil Zainulbhai, senior advisor, McKinsey and editor of Reimagining India: Unlocking India’s Potential; Prof. Anil Gupta, IIM Ahmedabad; Dr. Raghunath Mashelkar, former chairman, CSIR; Rajesh Dalal, senior consultant – Healthcare & former MD, Johnson & Johnson; Prof. S. Sadagopan, director, IIIT Bangalore; and Som Mittal; ex-Chairman, NASSCOM. Dr. Sadagopan pointed out that Indian IT centers are being instrumental in establishing centers in other countries, including Vietnam and Argentina, while Zainulbhai emphasized the need to leverage the vast untapped potential of India’s youthful economy. In a panel discussion
titled “Innovating and Winning from India”, Dr. Mashelkar, Dalal, and Prof. Anil Gupta shared inspiring examples of successful innovations in India, what Dr. Mashelkar labeled as “affordable excellence.” Later, Mittal highlighted the contribution of the overall IT industry to India’s economy creating 3.2 million jobs and generating over $100 billion (about Rs 6.1 lakh crore) in exports. IT-GICs make a substantial contribution in this impact. He appreciated the spirit of collaboration among Indian IT organizations, stating, “There is no place elsewhere in the world where competitors collaborate so fiercely.” The Summit also saw the unveiling of Emmy Award winner Rafeeq Ellias’ documentary titled Inventing the Zero, Reaching for Infinity: The Story of India and its IT Industry which puts the spotlight on the role of MNC IT ecosystem’s symbiotic relationship with India and features perspectives of its leaders from the IT industry.
IDG SERVICES
Rob Enderle
ROBOTICS
The RobotApocalypse Robots are coming and they will eventually take many of our jobs.
G
oogle's huge entry into robotics leaves little doubt that we'll shortly be up to our armpits in robot alternatives to people. Robots will enter all aspects of our business and personal lives. Machines, vehicles, drones, cameras, sensors, you name it. We've long known that privacy is a thing of the past. Could our job prospects go the same way after the robot apocalypseâ&#x20AC;&#x201C; and how the heck should IT prepare for all of this?
Robopocalypse Will Be Painful
ILLUST RATION BY T HINKSTOCK
There's a book called Robopocalypse and a movie under development. The general consensus is that the jobs that most affected will be menial, low-paying onesâ&#x20AC;&#x201C;but this may not be the low-hanging fruit at all. I ran across a TekCarta piece by Andrew Sheehy responding to Mark Andreessen's Financial Times column on what jobs robots will eat. Andreessen paints a glowing future when people have better access to jobs and education and still drive creativity and innovation. More new jobs will be created than taken away, he says. Larry Page has similar thoughts: Folks will work less and have far more time to spend on wonderful things because they'll share jobs. (He glosses over the part where they'll also make far less money, likely falling under the threshold where their employers pay for medical coverage.) I agree with Sheehy. Andreessen's view that everything will be OK overlooks the massive pain of what will likely be an Industrial Revolution at hyper speed. Not even "creativity and innovation" jobs are safe. You should think about where your job is going, and where your 30
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
VOL/9 | ISSUE/10
Presents
CIO100 SPECIAL AWARDS The
SOURCING SHOGUNS 2014
WWW.CIO100.IN
4 - 5 SEPTEMBER 2014 | JW MARRIOTT, PUNE
Rob Enderle
ROBOTICS
kids should focus their education, so you and they don't become prematurely obsolete. It's time for a discussion about what the future will bring. It won't be world of lollipops and rainbows that Andreessen and Page will live in. The world of the rich won't apply to the rest of us. Interestingly, Google Chairman Eric Schmidt better anticipates the "jobs and robots" problem, but his solution is investing in startups, which is where we'll all work while the robots do our existing jobs. Sure, robots already do some jobs: Assembly lines, selfdriving cars, delivery drones and cleaning robots, both the consumer Roomba and larger, industrial vacuums. There's a bigger threat: Workers who basically look at numbers and draw conclusions. Robots are surprisingly good at this, too. Robots could do a range of jobs–including analysis, purchasing, consulting, and journalism–because they can look at more real-time information in less time and with better recommendations than people. This is one downside to big data analytics. Once you have the information, Watson, Siri, Cortana or any other artificial intelligence-like system can do a pretty decent job of identifying the best path. In the near term, at least, people will remain in the loop, but they'll increasingly serve as little more than quality control–and, unfortunately, won't operate fast enough to do the job properly. Sheehy also created a spreadsheet that ranks the jobs that robots are most and least likely to take from people. The top jobs at risk: Financial analyst, financial advisor, industrial buyer, administrator, chartered legal executive (compliance officer) and financial trader. Least at risk: Clinical embryologist, bar manager, diplomatic services officer, community arts worker, international aid worker, dancer, aid/development worker and osteopath. What's interesting is that jobs that focus on dealing with people are relatively safe, while jobs that focus on analyzing things aren't. Now if the people you focus on are increasingly unemployed, I have to wonder where the money's coming from to pay the salaries of the peoplefocused folks.
to be ready for the robot apocalypse–and those who aren't ready have the greatest likelihood of being displaced. Implementing those automated systems won't be without pain, either. Employees will object to being displaced in large numbers. Based on past experience, the companies most aggressive with robotics are the most likely to catastrophically screw things up. I'd like to be able to point to several companies leading the charge, but only Google seems to be aggressively investing in robots. Google's hardly friendly to IT or to jobs, and it will present more of a problem than any type of solution. Page, based on his talk, seems to think cutting incomes massively and giving people more free time will
We have between five and 15 years to be ready for the robot apocalypse—and those who aren't ready have the greatest likelihood of being displaced. be utopian, but it's more likely to cause riots and revolts. Google may be the most frightening technology vendor we have yet seen. We have time, but as the market marches on, we should be realistic about our expectations. The idea that the only jobs that will be affected by robots aren't our own is simply not supported. This change promises to encompass all parts of our personal and business life. At some point, we need to get our arms around this problem. If we start now, it's less likely to hit us in the butt when we least expect it. I'm not saying you need to run for the hills, but the robots are coming, and it's time to start thinking about what that means for you, your employees and your loved ones. Put a different way, when facing a massive global change, the folks who do the best tend to be the ones that anticipate the change. CIO
Jobs to Benefit from Robopocalypse Since so few people think about the personal impact of this automation, this is a role IT can fill. Since IT jobs are on the line as well, being a critical part of the decision matrix should provide substantial warnings about additional risk. Those who can install, train, build, integrate and operate these new automated systems will be in high demand. Depending on the job, we have between five and 15 years
32
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
Rob Enderle writes on emerging technology, security, and Linux. Send feedback on this feature to editor@cio.in
VOL/9 | ISSUE/10
Presents
CIO100 SPECIAL AWARDS The
BUSINESS TRANSFORMERS 2014
WWW.CIO100.IN
4 - 5 SEPTEMBER 2014 | JW MARRIOTT, PUNE
Brian Eastwood
WEARABLES
WastedWearables? Wearable tech devices promise to improve health, fitness, and wellness. To have that impact it must go beyond telling people things they already know.
W
hen people learn that I run marathons in addition to covering healthcare IT, it doesn't take long for them to ask, "Where's your fitness tracker?" It's a legitimate question. By all accounts, wearable tech is about to explode. Juniper Research expects 130 million devices to ship by 2018. IDC says it'll be closer to 120 million units, in part because most of the activity won't take place until 2016. Clearly, wearable tech is no gimmick. By all accounts, it's a good thing, too. Generally speaking, the more people know about their own health and wellness, as measured by a device they often forget they're wearing, the better their chances of improving their health and wellness. Over time, this means fewer trips to the doctor, lower medical bills and, if all goes well, improved quality of life.
Complementary Wearable Tech
ILLUST RATION BY T HINKSTOCK
That said, I tend to disappoint people by pointing out that I don't wear a fitness tracker. Inevitably, they ask why. Admittedly, it would make sense. Would my life be a little easier if a device automatically uploaded the time, distance, pace and per-mile breakdown of my runs to a Web service or the cloud? Wouldn't that be easier than writing the information my watch collects on a sticky note so I remember it when I plug it into dailymile? Of course. However, I already own a GPS-enabled watch. Most runners do. (I've no hard evidence, but I have to look pretty hard to find someone toeing the line at a road race who isn't wearing a watch.) Most runners also run their watches into the ground, getting a new device only when the old one finally calls it quits. 34
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
VOL/9 | ISSUE/10
Presents
CIO100 SPECIAL AWARDS The
INFORMATION MASTERMINDS 2014
WWW.CIO100.IN
4 - 5 SEPTEMBER 2014 | JW MARRIOTT, PUNE
Brian Eastwood
WEARABLES
(Hey, when you also have to spring for shoes, clothes, race registrations, protein shakes and a bright yellow bib so cars can see you in the dark, you pay attention to the bottom line.) Today's fitness trackers could complement my watch, measuring my heart rate and level of dehydration during a run as well as monitoring my sleep patterns so I do more than just "listen to my body" when I take an unplanned rest day. The operative word there, though, is complement. No fitness tracker will replace my watch outright–not unless it can display my pace, distance and elapsed time all at once, at a casual glance when there's sweat and sunscreen in my eyes, and do so for under $100 (about Rs 6,000). Suffice to say the watches that do that and track various vital signs don't do so for under $100 (about Rs 6,000), either.
like me who willingly run in the cold, the heat and the rain. Plus, wellness programs can backfire if, say, they make it a little too obvious that they target employees who need to lose weight. Health insurers are getting in on the action, too, partnering with wearable tech firms, wellness startups and other companies to provide a whole host of incentives to customers who link apps and devices to their insurance plans. Again, these (rightfully) target those who need a nudge, not people who already take the stairs and avoid the grocery store's middle aisles.
Health and Wellness Aren’t Numbers
Healthcare providers have been slow on the uptake. There's much promise in sharing patient-generated health and wellness data with physicians, but it's mostly promise. Few patients have the time, resources or know-how to collect data, and few physicians have the time, resources or know-how to sift through the data that patients collect. Emerging consumer health apps may help, but they're just as likely to confuse. Data is only as valuable as what you can do with it. A fitness tracker churning out all kinds of health, wellness and fitness data provides value only if my insurer, my doctors and (eventually) my caregiver can see that data and alter my shortand long-term care plan. As a Rock Health presentation on wearable tech points out, many of today's devices either serve a single purpose or, in the words of Proteus Chief Product Officer David O'Reilly, "go after things that are obvious." I don't need wearable tech to tell me I run a lot, sweat a lot and eat a lot. That's obvious. I need wearable tech to tell me what I don't know–and to do it without being uncomfortable, intrusive or expensive. Until that happens, I'll stick with my watch. CIO
I need wearable tech to tell me what I don't know—and to do it without being uncomfortable, intrusive, or expensive.
There's another factor at play here. Fitness trackers and apps typically target those who need motivation–a badge for hitting mileage goals, a thumbs-up for eating right, a community of like-minded people who want to improve their health and, above all, a bit of guidance along the way. There's absolutely nothing wrong with that. The Couchto-5K Running Plan and its associated mobile app, for example, have helped thousands of people successfully run their first 3.1-mile race. Few stop at one race. Many go on to discover, as I have, that running makes you a better person and introduces you to some amazing people. Such plans, and their associated apps, thrive on data. Again, there's nothing wrong with that. It's just not a universal motivator. Yes, I run for time–to hit the goal pace on my training plan, to beat my personal best on race day and, in a sense, to slow down the inexorable march of time. I log my times, I think about my times and I train to improve my times. I have other motives, though. I run to clear my head, to think and to challenge myself. Some of my proudest moments in the last few months weren't races but, rather, the days I braved the polar vortex, donning four shirts and two pairs of gloves for a 20-minute run in subzero wind chill just because I could. That can't be measured. Data is important, but it can't—and shouldn't–define who we are. So what will get me to wear a fitness tracker? Simply put, I need a reason. So far, I haven't found a compelling one. (Neither, it seems, have the one-third of Americans abandoning wearables within six months of buying them.) Some companies use fitness trackers for employee wellness, but those programs (rightfully) tend to target those who need that extra bit of motivation, not crazy people 36
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
Brian Eastwood is a senior editor for CIO.com (CIO's sister website) covering healthcare IT. Send feedback on this feature to editor@cio.in
VOL/9 | ISSUE/10
Presents
KEYNOTE SPEAKER STEVE DONAHUE Sahara Desert Adventurer, Documentary Filmmaker and author of Follow Your Compass
WWW.CIO100.IN
4 - 5 SEPTEMBER 2014 | JW MARRIOTT, PUNE
Security Vendor Promises That Don’t Deliver Beware bold promises from a multibillion-dollar industry that can’t prevent your IT systems from being routinely hacked. Here are seven promises that they can’t deliver on. By Roger A. Grimes
A Reader ROI: Why it’s important to put a price to your data Different methods to evaluate the value of data How to determine which data to safeguard
VOL/9 | ISSUE/10
All computer security vendors want us to think that signing on the dotted line and sending them a check will mean our worries are over. Rarely do they deliver. And although a little marketing hype never really hurts--we’re all used to taking it with a grain of salt--some vendors can be caught outright lying, expecting us to buy what amounts to security snake oil. If you’re a hardened IT security pro, you’ve probably had these tactics run by you over and over. It’s never only one vendor touting unbelievable claims but many. It’s like a pathology of the computer security industry, this alltoo-frequent underhanded quackery used in the hopes of duping an IT organization into buying dubious claims or overhyped wares. Following are seven computer security claims or technologies that, when mentioned in a sales pitch, should get your snake-oil radar up for false promises.
Unbreakable Software Believe it or not, vendors and developers alike have claimed their software is without vulnerability. In
Cover Story
fact, “Unbreakable” was the name of one famous vendor’s public relations campaign. The formula for this snake oil is simple: The vendor claims that its competitors are weak and don’t know how to make invulnerable code the way it does. Buy the vendor’s software and live in a world forever without exploits. The last vendor to claim this had its software exploited so badly, so quickly that it should serve as notice to every computer security organization never to make such a claim again. Amazingly, even as exploit after exploit was discovered in the vendor’s software (the vendor is best known for database software), the “Unbreakable” ad campaign continued for another year. We security professionals wondered how many CEOs might have fallen for the PR pitch, not realizing that the vendor’s support queues were full of calls demanding quick patches. To this day, dozens of exploits are found every year in that vendor’s software. Of course, this vendor isn’t alone with its illusions of invulnerability. Browser vendors used to kick Microsoft for making an overly vulnerable browser in Internet Explorer. But then they would release their invulnerable browsers, only to learn they had more uncovered public vulnerabilities than the browser they claimed was overly vulnerable. You don’t hear browser vendors bragging about making perfectly secure browsers anymore.
Security
And then there’s the infamous University of Illinois at Chicago professor who consistently lambasts software vendors for making software full of security holes. He chides and belittles them and says they should be subject to legal prosecution for making imperfect software. He even made his own software programs and challenged people to find even one security bug, backing this challenge with a reward. Not surprisingly, people found bugs. Initially he tried to claim that the first found vulnerability wasn’t an exploitable bug “within the parameters of the guarantee.” Most people disagreed. Then someone found a second bug, in another of his programs, and he paid the reward. Turns out making invulnerable software is pretty difficult. We don’t mean to negate that professor’s contributions to computer security. He’s one of the best computer security experts in the world--truly a hero to the cause. But you won’t hear him claim anymore that perfect software can be made. Remember these high-profile lessons in humility the next time you hear a vendor claim that its software is invulnerable.
1,000,000-bit Crypto Every year a vendor or coder no one has heard of claims to have made unbreakable crypto. And, with few exceptions, they fail miserably. Although it’s a claim similar to unbreakable software, technical discussion will illuminate a very different flavor of snake oil at work here.
REAL CIO WORLD | A U G U S T 1 5 , 2 0 1 4
39
Cover Story
Security
Good crypto is hard to make; even the best in the world don’t have the guts (or sanity) to claim theirs can’t be broken. In fact, you’ll be lucky to get them to concede that their encryption is anything but “nontrivial” to compromise. Trust the encryption expert who doesn’t trust himself. Anything else means trusting a snake-oil salesman trying to sell you flawed crypto. Case in point: A few years ago a vendor came on the scene claiming he had unbreakable
crypto. What made his encryption so incredible was that he used a huge key and distributed part (or parts) of the secret key in the cloud. Because the key was never in one place, it would be impossible to compromise. And the encryption algorithm and routine was secure because it was a secret, too. Most knowledgeable security pros recognize that a good cipher should always have a known encryption algorithm that stands up to public review.
Not this vendor. But the best (and most hilarious) part was the vendor’s claim that his superior cipher was backed by a million-bit key. Never mind that strong encryption today is backed by key sizes of 256-bit (symmetric) or 2,048-bit (asymmetric). This company was promising an encryption key that was orders of magnitude bigger. Cryptologists chuckled at this for two reasons. First, when you have a good encryption routine, the involved key size
can be small because no one can brute-force all the possible permutations of even relatively small encryption keys--think, more than the “number of atoms in the known universe” type of stuff. Instead, to break ciphers today, cryptologists find flaws in the cipher’s mathematics, which allow them to rule out very large parts of the populations of possible keys. In a nutshell, found cryptographic weaknesses allow attackers to develop shortcuts to faster guessing of the valid possible keys.
What’s Better: Single Vendor Security Solutions or Best-ofBreed? Indian CISOs debate the pros and cons of bestof-breed and single vendor security solutions.
Should CIOs and CISOs opt for a single-vendor security solution or go for best-of-breed? It isn’t a question that hasn’t been asked before. Yet, it’s a question that hasn’t been answered--but avoided. That could be because, in the past, Indian organizations have considered security as an after-thought. But that’s changing. Indian CIOs are taking security a lot more seriously. So much so that according to CIO India’s Mid-Year Review 2014, 74 percent of Indian CIOs say they plan to spend most of their time in security planning and management. Central to that planning is to determine which strategy to use when it comes to security solutions: Single vendor or bestof-breed? Security officers do not seem to agree on any one approach. Some are of the opinion that a single vendor approach is better while some feel that it’s not possible for one single vendor to provide all security solutions. “Best-of-breed is an ideal solution. One needs to have checks and balances, and from that perspective it is better to go for
40
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
Parag Deodhar, Chief Risk Officer, CISO, VP-Process Excellence and Program Mgmt, Bharti AXA General Insurance, says best-of-breed is ideal.
best-of-breed security solutions,” says Parag Deodhar, chief risk officer, CISO, VP-Process Excellence and Program Mgmt. at Bharti AXA General Insurance. Another challenge with expecting a complete end-to-end security solution from a single vendor is that security has many aspects, and it is difficult for one vendor to master them all, says Deodhar. “I am yet to come across a single vendor who covers all aspects of security. Right from identity management, to firewalls, to anti-virus, to SIEM, to encryption; that’s a lot of ground to cover the entire gambit. I don’t think one single vendor can do that,” says Deodhar. But that’s something Mannan Godil, CISO, Edelweiss Financial Services, doesn’t agree with. “If a vendor offers a high quality solution on one single platform, then I will go for that vendor,”
VOL/9 | ISSUE/10
Cover Story
All things being equal, a proven cipher with a smaller key size is considered more secure. So saying you have a million-bit key is akin to saying your invented cipher is so sucky it takes a million bits of obscurity (versus 384 bits) to keep the protected data secure. Five thousand bits would be overkill from any good cipher, because no one is known to be able to come close to breaking even 3,000-bit keys from a really good cipher. When you make a million-bit key, you’re absolutely saying you don’t trust your cipher
to be good at smaller key sizes. This paradox is perhaps only understood by cipher enthusiasts, and you’d slay the audience at any crypto convention by repeating this story. Second, if you were required to use a million-bit key, that means you would somehow have to communicate that huge mother from sender to receiver, making that communication at least a megabyte. Suppose you encrypted an e-mail containing a single character. The resulting encrypted blob would be 1MB.
Ashish Mishra, CISO, TESCO, says single vendor solutions are known to be more in tune with each other.
says Godil. Apart from that, single vendor solutions have other advantages that can’t be ignored. “One advantage of single vendor solutions is that they will be a complete story. Also, single vendor solutions are known to be more in tune with each other,” says Ashish Chandra Mishra, CISO, TESCO. Having said that, Mishra feels that while integration is better when it comes to single vendor products, best-of-breed solutions provide more intelligence. But, at the same time the risk is higher in multi-vendor products. And there it comes a full circle. But it’s heartening to see that Indian CISOs aren’t ducking the question anymore.
—Ishan Bhattacharya
VOL/9 | ISSUE/10
That’s pretty wasteful. A “secret” million-bit cipher being split among the cloud was enough to do that crypto in. No one took it seriously, and at least one impressive encryption expert, Bruce Schneier, publicly mocked it. The worst part was that the vendor claimed to have proof that it sold $5 million of its crypto to the military. I hope the vendor was lying; otherwise, the military purchaser has a lot of explaining to do.
100% Accurate Antivirus Software Also akin to the claim of unbreakable software is the claim from multiple vendors that their anti-malware detection is 100 percent accurate. And they almost all say this detection rate has been “verified independently in test after test.” Have you ever wondered why these buy-once-andnever-worry-again solutions don’t take over the world? It’s because they’re a lie. No anti-malware software is, or can be, 100 percent accurate. Antivirus software wasn’t 100 percent accurate when we only had a few viruses to contend with, and today’s world has tens of millions of mutating malware programs. In fact, today’s malware is pretty good at changing its form. Many malicious programs use “mutation engines” coupled with the very same good encryption mentioned above. Good encryption introduces realistic randomness, and malware uses the very same properties to hide itself. Most malware creators run their latest creations against every available anti-malware
Security
program before they begin to propagate, and then they selfupdate every day. It’s a neverending battle, and sadly the bad guys are winning. Some vendors, using general behavior-detection techniques known as heuristics and change-detecting emulation environments, have valiantly tried to up their accuracy. What they’ve discovered is that as you enter the upper ranges of detection, you run into the problem of false positives. As it turns out, programs that detect malware at extremely accurate rates are bad at not detecting legitimate programs as malicious. Show me a 100 percent accurate anti-malware program, and I’ll show you a program that flags nearly everything as malicious. Even worse, as accuracy increases, performance decreases. Some antivirus programs make their host systems so slow that they’re unusable. Users would rather knowingly compute with active malware than run antivirus software. With tens of millions of malware programs that must be checked against hundreds of thousands of files contained on a typical computer, doing a perfectly accurate comparison would simply take too long. Antimalware vendors are acutely aware of these sad paradoxes, and, in the end, they all make the decision to be less accurate. Counterintuitively, being less accurate actually helps security vendors sell more of their products. I don’t mean that lowered accuracy allows malware to propagate, thereby ensuring security vendors can sell more software. It’s that the trade-offs of extremely accurate
REAL CIO WORLD | A U G U S T 1 5 , 2 0 1 4
41
A New Style of IT,
A New Reality Yesterday’s emerging trends are today’s evidently beneficial technologies. A synergy of mobility, big data, and cloud computing can open up new areas of growth for organizations. Through HP World Tour, HP showed how Indian IT leaders can create a new style of IT to augment growth. By Aritra Sarkhel
C
IOs and IT decision maker from across industry verticals need to build a better enterprise, and critical brainstorming for furnishing ideas for the same is important. Such far reaching ideas which can change the course of the IT industry needs a platform. A platform that will help IT leaders tap into the collective energy and expertise of the Indian enterprise IT community, experience the innovation, and engage with various
SPECIAL EVENT COVERAGE
industry executives to gain strategic insight into their respective IT infrastructure. And that’s exactly what the first Indian edition of the prestigious HP CIO Forum and HP World Tour planned to achieve. The two day-long event was held in Mumbai. HP CIO Forum (day 1) was focused towards IT leaders. HP India’s managing director Neelam Dhawan opened the proceedings by elaborating on the global success of the event. Taking pride
in the fact that the hugely successful event finally made its way to India, she also pointed out that the presence of the business heads of HP’s various divisions at the event would ensure that the audience would get a glimpse of the innovation that goes into engineering HP’s products—the innovation that makes HP top different analysts’ ratings. She also spoke about the new style of IT that next-gen technologies are giving
SPECIAL EVENT COVERAGE HP
rise to and ways to counter the challenges associated with them. “Today’s enterprises demand a new foundation of infrastructure, devices, software, and services that support greater agility, increased accessibility, and lower costs,” she said. Not only that, Bruce Dahlgren, SVP and GM, Enterprise Services, HP APJ stated that 2014 is the 75th anniversary of HP and they are celebrating it with world tours across the world including India and the world tour is finally here in India to celebrate HP’s legacy of invention and innovation. Taking that thought of innovation forward, Bruce, spoke about how CIOs can demonstrate relevance and drive success in a rapidly changing business-led IT landscape by adopting a new style of IT. He said, “We live in exciting times, wherein a lot of innovation is happening around, and HP’s cutting-edge set of solutions and services is at the forefront for the enterprises.” He further pointed out the various trends that are impacting CIOs’ course towards achieving the said new style of IT. “The phenomenon of mobility, cloud and big data are going to impact the way technology is consumed and delivered and how end-users engage with technology overall,” said Dahlgren.
Taking the conversation on the new style of IT further, an esteemed set of panelists consisting of top HP executives deliberated on the current state of IT and associated barriers. IDG Media’s editor- in- chief Vijay Ramachandran moderated the discussion. The conversation encompassed a wide array of topics ranging from mobility and consumerization of IT to user experience, need for a robust enterprise application ecosystem, and collaboration. Later, the assembled IT leaders received valuable insights on thought leadership from IIM-Ahmedabad’s Prof. Anil Gupta’s speech on the importance of accepting and implementing new ideas. “Enterprises should allow free rein of ideas and never say no to new ideas. With great and unique ideas, even smaller companies can take on industry giants,” he said. HP World Tour The second leg of the program - HP World Tour was held on the next day and witnessed a grand opening with Neelam Dhawan and Bruce Dahlgren delivering the keynote sessions. This was followed up with a series of spotlight sessions cloud, big data, mobility, and security.
Aman Neil Dokania, VP & GM, HP Cloud Division, HP APJ, pointed out the importance of cloud computing and how the technology is critical to the success of enterprises of all sizes and verticals today. He also shed light on HP’s state-of-the-art Helion cloud platform and the HP Helion Network which is the largest network of cloud providers across the world. Following Dokania, Kamal Dutta, VP, IT Management Business Unit of HP Software, spoke about HP’s investment in leveraging big data for meaningful and actionable insights. While Anneliese Olson, VP & GM of HP APJ’s Personal Computing division, shared effective mobility strategies, Joseph Wong, SOC Principal Consultant, HP Enterprise Security Products Consulting, HP APJ shared security best practices with the IT decision maker present at the event and detailed ways to prevent cyber criminals from stealing mission-critical data. The other major attraction was Anil Kumble, one of the most remarkable Indian cricketers. The former captain of the Indian cricket team, who is also a coach and entrepreneur, spoke about core leadership qualities and the criticality of technology as a growth-enabler and competitive differentiator.
IDG SERVICES
Cover Story
Security
anti-malware detection are unacceptable to those shopping for security software. And if you do find yourself buying the claim of 100 percent accuracy, just don’t ask your vendor to put it in writing or ask for a refund when something slips by. They won’t back the claim.
Network Intrusion Detection IDSes (intrusion detection systems) have been around even longer than antivirus software. My first experience was with Ross Greenberg’s Flu-Shot program back in the mid-1980s. Although often described, even by the author, as an early antivirus program, it was more of a behavioraldetection/prevention program. Early versions didn’t have “signatures” with which to detect early malware; it was quickly defeated by malware. During the past two decades, more sophisticated IDSes were invented. Popular ones are in use in nearly every company in America. Commercial, professional versions can cost in the hundreds of thousands of dollars for only a few sensors. Many companies won’t put up a network without first deploying an NIDS (network-based IDS). Unfortunately, IDSes have worse accuracy and performance issues than antivirus programs. Most NIDSes work by intercepting network packets. The average computer gets hundreds of packets per second, if not more. An NIDS has to perform a comparison of known signatures against all those network packets, and if they did so, even somewhat accurately, it would slow 44
Can Your Team Really Assess the Effectiveness of a Security Solution? In-house IT teams tend to be lean--and therefore made up of generalists. That can be a challenge if they are asked to assess a security solution. How Godrej Industries’ tackles that issue. It is very important for an organization to build the internal tech competency required to assess a security solution. But that’s easier said than done; in-house talent tends to have a generalist make-up than a specialist one. Then once capability is built, it soon becomes outdated and needs constant upgrading. Risks that are known and mitigated successfully yesterday, are of little use today. Retaining talent in a V. Swaminathan, EVP-Corp. Audit and competitive environment is Assurance at Godrej Industries, believes another big challenge CISOs that the skill of a CISO lies in identifying face today. the internal risk perception. However, more mature organizations have the right strategy and policies to tackle this situation. Godrej Industries, for instance, has a two-pronged approach. Other than constantly upgrading itself with the latest technology--which is an absolute necessity--the in-house competency team works closely with the business. “Once we know what the business is planning to do today--and in the next few years--we know what kind of risks are likely to be encountered,” says V. Swaminathan, EVP-Corp. Audit and Assurance at Godrej Industries. Through this approach, his team has increased its efficiency to the point that it was well-prepared for the organization’s shift to the cloud--even before the business decided to embrace cloud computing. Collaboration with the business, he says, helped the team understand that the company was in expansion mode and would soon be going global. The team kept a watch for developments in the area of cloud computing and boned up on the risks associated with it. “When the business finally decided to move to the cloud, we were ready with the kind of security solutions we needed,” says Swaminathan. In addition, the team kept a watch through various security forums and on their industry peers who were already moving to cloud. Interactions with them helped identify the service provider who would help them assess risks and mitigate them proactively. Swaminathan believes that the skill of a CISO lies in identifying the internal risk perception and in finding solutions to mitigate them. “At Godrej, we always ask vendors to do a POC to test whether the results meet our expectations. There is no ‘one size fits all’ solution when it comes to security,” he says.
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
—Radhika Nallayam
VOL/9 | ISSUE/10
Presents
CIO CONVERSATIONS on
UNIFIED COMMUNICATIONS: COLLABORATIVE, CREATIVE, COMMERCIAL
WWW.CIO100.IN
4 - 5 SEPTEMBER 2014 | JW MARRIOTT, PUNE
Cover Story
Security
down network traffic so much that the computer’s network communications, and involved applications, would become unbearably sluggish. So what NIDSes do is compare network traffic against a few dozen or hundred signatures. I’ve never seen an NIDS with even two hundred signatures activated--paltry in comparison to the tens of millions of malware and thousands of network attack signatures they should be checking to be truly accurate. Instead, we’ve become accustomed to the fact that NIDSes can’t be configured to be meaningfully accurate, so we “fine-tune” them to be somewhat accurate against things antivirus software is less accurate at detecting.
Firewalls I spend part of my professional career telling people to make sure they use firewalls. If you don’t have one, I’ll probably write up an audit finding. But the truth is that firewalls (traditional or advanced) rarely protect us against anything. Firewalls block unauthorized traffic from vulnerable, exploitable listening services. Today, we don’t have that many vulnerable services or truly remote attacks. We do get vulnerable services, but even most of those attacks would not have been stopped by a firewall. The websites using OpenSSL already opened the ports that OpenSSL needed to function. The vulnerable version of OpenSSL was available for any knowledgeable attacker to compromise. Today, most attacks (and I mean 99.99 percent) are application-layer attacks that require user involvement to 46
succeed. Once the user is tricked into running something, the malicious program executes in the user’s computer’s memory, and the firewall can’t help. The badness scoots past the firewall on allowed ports and executes on the user’s desktop. Firewalls can help only if they prevent attacks against blocked ports. But everyone allows port 80 and 443 into their networks, and those are the two ports that most successful attacks will target. You can’t block them
of the information-security acronym CIA is availability (the other two are confidentiality and integrity). As a concept, availability makes for great sales pitches. The reality, however, is that availability is more snake oil than we might like to admit. Availability, and redundancy, drives a significant amount of hardware sales. These days, we have redundant power supplies, redundant hard drives, even redundant
so we would never have an outage again. That promise lasted two days, when we had our first crash with the resplendent redundant system. We experienced unexpected data corruption, and that corruption was dutifully copied between the first server and the backup unit. Admittedly, the failover was flawless, with the corruption cloned impeccably between systems. My upset CEO didn’t want to listen to my explanations of server system
Admittedly, the failover was flawless, with the corruption cloned impeccably between systems. My upset CEO didn’t want to listen to my explanations of server system backups and RAID levels. He just knew I’d wasted his money on false promises. because it would bring business to a halt. Don’t believe me? When is the last time you thought, “Wow, if I had just had a firewall enabled, I wouldn’t have been successfully attacked”? I’ll give you full credit if you can even remember the year. A lot of firewall vendors already know my personal feelings, and they will often tell me that the problem is only with “traditional” firewalls and that their “advanced” firewall solves the problem. Their advanced firewall is always an application proxy or filter that includes an anti-virus scanner or IDS capabilities. If advanced firewalls worked, we’d all be running them, and our hacker problems would be over.
Redundancy The oft-forgotten third word
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
motherboards and CPUs. Before redundancy became a thing, I never needed the second unit. It’s almost as if vendors give us components they know will fail. I have a computer that’s been running on the same hard drive, motherboard, and power supply for more than 20 years. Never had a problem. I don’t even clean out all the dust. But I rarely buy a $100K server or appliance with redundant everything that I don’t end up having problems with. My first fully redundant server system ended up being a hard-earned lesson about the promise of redundancy. The system included a secondary clone of everything, with the backup unit ready to pick up where the failed unit quit, without a millisecond of downtime. I convinced my CEO to spend the extra $100K
backups and RAID levels. He just knew I’d wasted his money on false promises.
Smartcards Almost every company I know that doesn’t have smartcards wants to have smartcards. Smartcards are two-factor authentication, which, as everyone knows, is better than one-factor authentication. But most companies today think that enabling smartcards in their environments will significantly reduce the risk of hacker attack--or stop all attacks outright. Or at least that’s how it’s sold to them. Every company I know that’s implemented smartcards is just as thoroughly hacked as the companies that don’t. Smartcards do give you added security, but it’s only a small amount and not in the places
VOL/9 | ISSUE/10
Presents
CIO100 SPECIAL AWARDS The
NETWORKING PIONEERS 2014
WWW.CIO100.IN
4 - 5 SEPTEMBER 2014 | JW MARRIOTT, PUNE
Cover Story
Security
India Needs a Formal Network That Shares Security Updates Nandkumar Saravade, an independent advisor on security and fraud security, says an insights-sharing platform with CISOs and government agencies can help security professionals battle security threats. Countless man-hours, enormous amounts of money, and a lot of intelligence has gone into trying to stay ahead of the bad guys. And, in many cases, it hasn’t gotten us anywhere. Here’s something that might help: A formal network that shares security updates between CISOs to help them defend their organization. Information on counterstrategies in cyber-security is important so that members can calibrate their responses. It ensures if one security fence goes down, the same trick doesn’t apply on others. “Collaboration during ongoing incidents and the sharing of learnings is another reason to build and operate such a network. These networks need to have secure infrastructure given the sensitive nature of the information being traded,” says Nandkumar Saravade, Independent Advisor on Security and Fraud (currently advising EY, ICICI Bank and Citi). He says that government agencies and organizations are an important stakeholder group which can contribute to the security information stream and benefit from it. Hence, the need to have a formal structure and optimal governance. Initiatives to share information have existed in the US and other advanced countries for many years. Saravade cites the example of the Financial Services Information Sharing and Analysis Centre (FS-ISAC) in the US, which has been in existence since 1999. “Other sector ISACs are also enjoy more than 90 percent coverage. There is a National Council of ISACs, which organizes an annual conference of member ISACs on critical infrastructure protection,” he says. In India, initiatives to create such networks have been attempted. “I was a member of the Gopalakrishna Committee (in the fraud domain) which recommended creating state level bodies which could meet from time-to-time and review fraud trends and work on countermeasures,” says Saravade. However, he laments that due to lack of sufficient ownership, the recommendation did not result in adequate resourcing and operationalization. “Creating new institutions requires an ability to understand best practices elsewhere, and an ability to innovate and persist till a level of maturity is reached. In India, we will see results when these factors combine, with the onus clearly being on the government, to make things happen,” he says. Saravade says that the primary goal of a formal network is to build a community of professionals who can share information on risk mitigation, incident response and threat intelligence. The objective is to provide members with accurate, actionable, and relevant information. “The activities could include access to a 24/7 security operations center, briefings, white papers, threat calls, webinars, and anonymous critical infrastructure reporting,” he says. — Sneha Jha
you really need it. Want to stop hackers? Improve your patch management processes and practices, and help your users refrain from installing stuff they shouldn’t. Those two solutions will work hundreds of times better than smartcards.
Compromising Situation Today’s computer security world is a crazy, paradoxical one. Computer security companies are collecting billions of dollars for customers who are still routinely hacked. Firewalls, IDSes, and antivirus programs don’t work. How do I know? Because most companies have all these security technologies in place, and are still compromised by hackers, almost at will. Even our reliable, secure encryption is mostly meaningless. Either hackers go around the crypto (by directly attacking the target in its unencrypted state on the endpoint), or the cryptography is poorly implemented (the OpenSSL Heartbleed bug is an example). As a result, we security professionals are accepting that our computer security defenses are partial at best, while our vendors tout their solutions as incredibly accurate and impenetrable. It ain’t so. We’re being sold snake oil and being told it’s sound, scientifically researched medicine. Push for real solutions. Take a look at how your environment and systems are being compromised and push for solutions that fix those real problems. CIO With inputs from Ishan Bhattacharya, Radhika Nallayam, and Sneha Jha Send feedback to editor@cio.in
48
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
VOL/9 | ISSUE/10
Presents
CIO100 SPECIAL AWARDS The
CLOUD CONQUERORS 2014
WWW.CIO100.IN
4 - 5 SEPTEMBER 2014 | JW MARRIOTT, PUNE
Someshâ&#x20AC;&#x2122;s Agenda: To leverage IT in order to serve customers better.
The foundations of some of the world’s greatest companies crack when their customers walk away. They fade out into oblivion. That’s the power customers have. While that sounds elementary, not many companies acknowledge it. Max Bupa isn’t one of them. Thanks to Somesh Chandra, director-Customer Service, Operations, Technology and chief quality officer, Max Bupa, who puts his customers on a pedestal and is banking on IT to keep them there.
Where the
BY SHUBHRA RISHI
CUSTOMER
comes
FIRST VOL/9 | ISSUE/10
REAL CIO WORLD | A U G U S T 1 5 , 2 0 1 4
51
CXO Agenda | Operations CIO: You have held multiple portfolios at different organizations in the past. How did you manage?
SOMESH CHANDRA In the last 16 years, I have worked across a number of services-based industries such as IT/ITeS, management consulting, financial services, and healthcare. All these sectors are very complementary. For instance, in custodian banks, a trade settlement is a critical activity whereas in healthcare, pre-authorization activity is most important. But the key to success is always about tying these critical activities to business needs. At Max Bupa, whether it is technology, operations, or services, all of it rolls into owning the customer experience and serving them well. That’s our goal.
terms of responsibility. At Max Bupa, technology is a front-facing role, and my role is tied to the company’s penultimate vision of helping our customers live healthy and successful lives. The IT role is not just about ensuring that systems are up and running, and products are delivered in a timely and cost-effective manner, but it’s more about creating impact, becoming innovative in the market place, and serving customers better. Therefore, it’s a combination of organizational vision, mind-set change for the CIO, and the industry itself where technology is core to what we do, which makes it a natural and an unavoidable transition, and IT is the glue connecting these various portfolios.
CIOS CAN NO LONGER SAY THEY DON’T CARE WHETHER CUSTOMER NEEDS ARE MET OR NOT. Everybody is going to move to a customer-facing role, irrespective of departments.
How have you transitioned from an IT role to handling multiple portfolios such as customer service, operations, and quality?
This is a transition that has its own ups and downs. It requires a mind-set change: From owning the transactional outcomes, to start owning the company’s vision. This is a transition that a lot of IT leaders are seeing, where the business is asking: Being cost effective and delivering on time is okay, but what can I do to serve my customers better? This transition of moving from a technology role to a customer-facing role is hugely empowering because it covers all aspects of our customers. It’s a natural progression but an important one, and a big leap in 52
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
What are some of the IT initiatives that you have spearheaded at Max Bupa?
One-and-a-half years ago, we started our biggest transformation journey where our main objective was to help our customers to make the right decisions. We wanted to make sure that we were quick in responding to our customers. For instance, at our contact center, we wanted to make sure that every single call is heard. Therefore, we transitioned from an existing dialler network from a technology standpoint, to a platform which was more sophisticated and allowed us to transform customer facing business processes. We also invested in an underwriting system which has the most advanced auto underwriting rules engine,
VOL/9 | ISSUE/10
Presents
CIO100 SPECIAL AWARDS The
INFRASTRUCTURE EVOLUTION FUTURISTS 2014
WWW.CIO100.IN
4 - 5 SEPTEMBER 2014 | JW MARRIOTT, PUNE
CXO Agenda | Operations
Interview
AT MAX BUPA, TECHNOLOGY IS A FRONTFACING ROLE, and it’s tied
providing Max Bupa a competitive edge over other health insurance players. Currently, the system is configured with underwriting risk adjustment recommendations and it covers more than 95 percent cases in the industry. It also allows Max Bupa to rate the risk correctly leading to better pricing and savings with correct risk acceptance. We also decided that we weren’t going to use paper to do any processing in-house. This led to our investment in a rule-based workflow and document management system. The solution has been deployed for processing new business requests and renewals. Right from login of the policy to issuance, printing, and dispatch, all the activities are tracked under one system. The solution is also used in processing pre-authorizations and claims, making both the processes workflow-enabled. The document management part of the solution provides a single repository, storing all the customer documents at one place which can be accessed by any department. The solution also comes with an integrated scanning solution for high volume scanning and is platform independent (this means it can be deployed on tablets and mobile).
to the company’s penultimate vision of helping our customers live healthy lives.
How are you leveraging trends like analytics and mobility?
We have a wide range of mobile applications for our sales partners and customers. The apps help to explore our latest products, calculate premiums, and renew and maintain customers’ health profile. These apps can be downloaded from Google Play free of cost and can run on Android-enabled handsets. This is also available for BlackBerry. An example of such an app is Max Bupa’s New Premium Calculator that is not only equipped with premium calculation capabilities but also highlights the key products, features, and benefits. We are also investing in a mobile website to ease the flexibility and accessibility of product information for our consumers. Apart from that, we also built two separate versions of an in-house application, titled Nutshell, for our advisors and sales teams. The applications have been downloaded by close to 14,000 sales advisors. The applications enable advisors to calculate premiums offline, calculate BMI (body mass index) of the customer for proposal forms, retrieve product information, view hospital list on Google Maps, request for policy certificate on behalf of customers, view commission statement, and claim status. We are also using our analytics platform to run customer analytics for predicting customer behavior. It provides us with upsell and cross-sell opportunities, as well as probability of customer repeat calls and other such analytics. 54
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
What kind of IT investments did you make in order to make this transformation possible?
To be honest, we have a clear cut IT infrastructure budget of 3-5 percent, but that’s a small drop in the ocean when compared to our larger goal of attaining our company’s vision through better sales, and customer service. Many a times, IT projects are successful without any impact on customer satisfaction. But our target is to make IT investments that will enhance our customer satisfaction from x to 2x, year after year. So, is it safe to assume that the transformation of the IT landscape has transformed customer experience at Max Bupa?
The journey over the last one year has been quite interesting. It has touched our customers and we are clearer of what they are doing. It has given us the benefits, not in just numbers, but also in terms of the impact that we want to create. We are now the seventh largest health insurance player in the industry. Our customer base at 1.8 million, has doubled since last year. In terms of listening to our customers, we have been able to pick 90 percent of customer calls within 10 seconds of a call. We have been able to make sure that every single call is heard. The biggest test has come when the customer has brought the policy, and is actually going to renew it. Our renewal rates have improved and crossed the industry standard of 90 percent. Going forward, we wish to maintain a near realtime customer information with a 360 degree view cutting across systems. We also intend to provide a single ticketing system for handling all customer queries and enable a single integration point with social media platforms. So, to summarize, we have done well. We have strengthened our company’s IT infrastructure and made it so robust that our focus is now directed only towards empowering customers. Considering customer service is your focus, what’s the next step?
We measure our customer experience index every quarter in an exhaustive way, and conduct a dipstick every month.
VOL/9 | ISSUE/10
Presents
CIO100 SPECIAL AWARDS The
SECURITY SUPREMOS 2014
WWW.CIO100.IN
4 - 5 SEPTEMBER 2014 | JW MARRIOTT, PUNE
CXO Agenda | Operations Across our customer services, claims, renewals, buying journey, we measure customer satisfaction every month and priorities come out for the next quarter and year based on it. In the health insurance industry, customers interact the most with us when they want to buy a policy or file a claim. We want to become a partner to the customer in order to help them when they need to coordinate with doctors and process their insurance claims. We don’t want that to be self-service but we feel that most of our customers should be able to buy a policy seamlessly. In order to succeed in that aim, we became the first to launch an over-the-counter-issuance—where the customers walk into a branch and have the policy issued. We also have a strong tele-sales setup which allows customers to buy a policy over a phone call. But we feel that self-service portals will become a big thing when it comes to policy issuance. So is enabling self-service for your customers the next big thing on your agenda?
Our vision is to enable our employees working in IT, sales and services to provide exemplary customer services. Our mission is to be customer-centric, reach first, and be fair to our customers. As an organization, we feel that self-service portals will provide a means to help our customers help themselves. Therefore, we are enhancing and continuously upgrading our self-service portals so
that customers would have to make minimum calls to the contact centers. We are developing a CRM solution to improve customer servicing capabilities across all touchpoints—sales, renewals, and customer service. The reason is not to get a single view of the customer, but to make Max Bupa a 100 percent self-service oriented organization. So far, we have handled a total of over 50,000 self-servicing requests in the past six months. Going forward, we wish to continue improving our selfservice capabilities for customers thereby reducing the call as well as e-mail flow for customer services teams. Do you see a customer-facing role encompassing all other roles such as IT, operations, and customer service?
There are some things that will change. If you think about customers, they don’t worry about departments, but all they care about are outcomes. At Max Bupa, as a best practice, we always had one single role for all the multiple portfolios. But from an industry perspective, I see these roles becoming much thinner and merging into each other. CIOs can no longer step back saying they don’t care whether customer needs are met or not. Going forward, I believe all the roles are going to merge into a customer-facing role. CIO
Shubhra Rishi is principal correspondent. Send feedback on this interview to shubhra_rishi@idgindia.com
Where Opinions Come Alive!
WWW
V I D E O S
IN
Listen to the views that matter. Catch up with industry news. Watch real CIOs talk about the real issues. All of this in a format that's short, crisp, and snappy. Tune into CIO videos now! www.cio.in/videos
Presents
CIO100 SPECIAL AWARDS The
INNOVATION ARCHITECTS 2014
WWW.CIO100.IN
4 - 5 SEPTEMBER 2014 | JW MARRIOTT, PUNE
Going Public How Fortis Healthcare made the venturesome move to a 100 percent public cloud model. BY R A D H I K A N A L L AYA M
Case File | Fortis Healthcare
O
n New Year’s Eve in December 2013, when the rest of the world was putting on their dancing shoes, Varun Sood, CIO of Fortis Healthcare, was doing something that you wouldn’t really call a celebration. But it was nothing less than an adventure. Sood was going to shut down the company’s corporate datacenter and migrate the company’s entire IT onto a public cloud! If you thought Sood is crazy, you’re not alone. In fact, many people within his team and outside his organization thought he had gone off his rocker. Indian CIOs were ready to experiment with hybrid clouds—part private and part public—but a 100 percent public cloud model was something unheard of. According to CIO India’s Mid-Year Review 2014, only 15 percent of Indian CIOs currently use or are considering moving to public clouds. And Sood falls in that bracket. But he was unfazed. So much so that the transition to the public cloud happened in a year after he took over as Fortis’ CIO. That said, it wasn’t an easy call to make. Sood had to fight many cynics, including the one within him.
Breathing Business Fortis is one of the largest integrated healthcare delivery providers with a presence in five countries. It has 65 healthcare facilities, over 10,000 beds, 240 diagnostic centers and a staff of more than 17,000 people. That aside, Fortis had to be on the qui vive to beat competition and do well in the fiercely competitive healthcare business. And technology had a sufficiently great role in achieving that goal. Its eICU (electronic ICU), for instance, is a tele-medicine venture aimed at providing expert services to critically ill patients in remote locations. Launched in 2012, a time when telemedicine was yet to gain ground in India, the system was first-of-its-kind in the country. Sitting at the Central Command Center of a Fortis hospital, specialists provide advanced consultation and care to hundreds of people who have no access to such services.
VOL/9 | ISSUE/10
That’s not it. Use of wearable devices for neonatal monitoring is another way by which Fortis ensures high-tech patient care. IT has to support many such critical systems at Fortis, and also be able to change with the changing face of the healthcare industry in India. The company’s corporate datacenter, which was at a hosted location, wasn’t actually a problem. And maintaining status quo wasn’t going to take too much of Sood’s energy. But Sood was not someone to be content with status quo. But Sood’s ‘business DNA’—the 10 years he spent in various business functions, including M&A, business analysis and integration—craved for change. Sood and his team sat together to understand how things can be done in a better way. Also, there came a point where he had to re-invest in the infrastructure which was nearing its end of life. “Our aim was simple—to establish a scalable and cost-effective infrastructure that meets not just the current needs but also the future needs of Fortis. Also, we as a company, were about to take up a whole host of new initiatives, which meant that the load on
The economic benefits of the public cloud were significant. With the savings achieved, IT could take up other new projects that were crying for attention— without increasing budget. As a result, Fortis is able to allocate significant portion of its IT budget to innovative projects. IT would go up further. Increasing overhead was another problem we faced. We had to be on our toes just to keep the lights on and that’s not the situation I wanted my team to be in,” says Sood. Sood saw no sense in throwing more people and money at the problem. He instead decided to start with a clean slate. “We were open to all types of options—public cloud, private cloud, hosting or on-premise,” says Sood. REAL CIO WORLD | A U G U S T 1 5 , 2 0 1 4
59
Case File | Fortis Healthcare
With news of Sood scouting for cloud vendors, he quickly became the most popular CIO in town. He was approached by 19 vendors in the coming days, who opened out their long list of specs and benefits on the table. Not the one to get misled easily, Sood prepared a list of business priorities that needed to be met. Business was agnostic to the model of the cloud IT would use, says Sood. “The business wanted performance, availability, and security. From the IT point of view, we needed scalability, flexibility, and lower TCO and the public cloud met all these requirements,” he says.
Moving Out But one question lingered on: Who in their right minds would move completely to the public cloud? This was the same question that was bothering Sood’s team members. “Tech professionals typically have a hardwarecentric mindset. They don’t understand why you are telling them to stop worrying about things like adding more servers or more memory. People are used to “seeing” servers and having the latest tech and the best specs. It was this belief that needed to change,” he says. Sood badly wanted the team’s support as they were the ones who were eventually going to execute the project. He worked with them closely and kept them motivated. Once he won that support, Sood’s confidence doubled. Along with the hardware infrastructure, Sood and team moved the bulk of the core applications to the cloud. Fortunately, for Sood, most of the applications used by the company were already built for a virtual environment. That made the migration easier. But it certainly was not trouble-free. The support from OEMs and ISVs was a challenge. But the results were worth all the trouble, says Sood. But ask him about how happy the end users are, Sood quickly turns into a philosopher. “User expectation is a moving target. Their benchmarks keep moving up,” he says. Today, users don’t have to worry about the size of attachments while sending an e-mail or the delay in opening an app during busy hours. “But nobody notices when you turn on the switch and the room is lit up. But 60
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
“The business wanted performance, availability, and security. And IT needed scalability and flexibility. The public cloud met both our needs.” Varun Sood, CIO, Fortis Healthcare
people do get disappointed when it does not happen,” he says. But for the IT team, the move to the public cloud was worth all the debate and effort. Sood says his team does not really spend much time on mundane tasks like capacity planning and infrastructure monitoring anymore. They are able to focus on factors that drive business and growth. The time spent on ‘keeping the lights on’ reduced drastically. The economic benefits of the public cloud were significant. With the savings
achieved, IT could take up other new projects that were crying for attention— without increasing budget. Sood is able to allocate significant portion of his IT budget to other newer and innovative projects now. A team that once looked at the public cloud with disbelief now is in agreement that the public cloud was the way to go. CIO Radhika Nallayam is assisstant editor. Send feedback on this feature to radhika_nallayam@idgindia.com
VOL/9 | ISSUE/10
casefiles REAL PEOPLE
* REAL PROBLEMS * REAL SOLUTIONS
FROM VOICE
TO VIDEO IndusInd Bank deploys an app, which allows customers to enjoy banking services via a video chat. It’s creating a lot of customer stickiness, says the bank’s CIO.
BY SHUBHRA RISHI Banking isn’t what it used to be. Today, consumers use smartphones and social media platforms to transfer money and bank—a far cry from when you had to stand in a queue for everything. In the midst of this innovation, there’s one bank that stands out for relying on technology to do something remarkable for its customers. The Organization: It’s no secret that IndusInd Bank is one of the fastest growing midsized banks in India. The bank underwent a complete transformation in 2008 when Romesh Sobti took over as its MD. Today, it has a market capitalization of Rs 28,331 crore—a huge leap from Rs 1,337 crore six years ago. This year, the bank is betting on a video branch, which was launched in June. The video branch puts some of the bank's call centers on steroids, by allowing customers to interact with the bank over video. “Customers do not have the time to visit branches. The video branch is an effort to give the power back to customers, and offer a new service under our theme of ‘Responsive Innovation’," says Sanjay Jaiswal, CIO, IndusInd Bank. Customerss can now schedule video calls with their branch managers or relationship managers. The Solution: Customers who want to interact with the bank using video have to download the video app, called Video Branch—available on Google Play and Apple App Store on their smart devices—or from the website on their laptops or desktops. Customers are authenticated with one time password (OTP) sent over registered mobile numbers to initiate any interaction with the video branch. Photographs
62
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
VOL/9 | ISSUE/10
are matched to ensure a second-level of authentication, and finally, all transactions occur in encrypted mode and every interaction is recorded for audit and future reference. Once customers are authenticated, their call is routed to a video branch executive based on the language preference they select (there’s an option of two languages). Then customers can avail of IndusInd’s many phone banking services via video chat with a contact center executive. The video app also allows customers and agents to share their screens. If, for example, a customer is not sure an agent has understood her, she can request for a screen share, so that she can view the agent’s screen and vice versa. “We utilized the best agents from our voice contact centers; they understand basic processes, systems, as well as all our banking products. We provided them with etiquette and behavioral training, how to conduct video chats,” says Jaiswal. It’s the sort of innovation many other banks would like to have gotten to first, except they aren’t all set up to ensure that innovation is a process—like it is at IndusInd. The company maintains an idea pool; top management monitors and approves ideas it believes are the most viable innovations. The video branch app was the brainchild of the solution delivery group with assistance of the in-house IT team, solution providers, and partners. The Benefits: Digitization, in general, has been tremendously successful for IndusInd Bank. Of all the customer accounts it opens a year, between 60 and 70 percent are activated on the electronic channel. The bank has over 2.5 lakh account holders accessing digital channels, including net banking and mobile banking users. “We target digitally-engaged customers who have businesses or holdings online
VOL/9 | ISSUE/10
“We are seeing a lot of customer stickiness with the video app service,” says Sanjay Jaiswal, CIO, IndusInd Bank.
at the rate of 3x to 5x times more than customers who aren’t online. We are a technology-backed, customer-centric bank that wants our customers to treat us as a primary institution with a presence online and on mobile,” says Jaiswal. Within one-and-a-half months of the app's launch, IndusInd Bank recorded downloads from across APAC, Europe, the Middle East and Asia; more than 550 app
installations for its iOS version, and 1,200 installations for its Android app. “We have also received over 3,000 calls to find out more about the new service,” says Jaiswal. “We are seeing a lot of customer stickiness with the video app service and we will continue to give them a multichannel experience,” says Jaiswal. CIO Send feedback to shubhra_rishi@idgindia.com
REAL CIO WORLD | A U G U S T 1 5 , 2 0 1 4
63
CIO Career
9
Signs You Should Jump Ship
By Bob Violino
Poor teamwork, little experimentation, no clear career path—your employer may be sending unmistakable signals of career stagnation. Don’t miss them.
CIO Career
I
f leading job indicators are to be believed, many tech workers are enjoying high demand for their services these days, making this the prime time to assess whether your current employer is a good fit for your career goals. “CIOs have had it relatively easy for the last few years as their staff members hunkered down to keep their jobs, let alone look for a new one and run the risk of ending up in a less desirable situation,” says Nicholas Colisto, senior vice president and CIO at Xylem, a water technology provider. “With the job market returning, [IT] staff will likely get more aggressive with their job search.” Here are some leading indicators that your IT career growth might be of little interest in your current employment and that staying where you are could mean further spinning your wheels at a time when your technology skills are in great demand.
1 New Ideas Meet Red Lights
Earning a stable income to endure ongoing tedium isn’t everyone’s ultimate goal for a career in IT. Unfortunately, that’s all some employers have to offer—even if it didn’t seem that way when you took the job years ago. Stagnation can mean career death in a competitive field, and if your company isn’t offering unique, forward-looking projects, it might be time to hit the road. “The speed of change that businesses are seeing today means that our IT organization needs to be more flexible, more adaptable, and we challenge the status quo more than ever,” says Philip Garland, CIO at consulting firm PwC. “Disruptive innovation is the name of the game for our IT professionals.” The surest sign that your employer isn’t facing this reality? A pervasive fear of failure can be felt throughout IT. “We facilitate an environment that is conducive to innovation, and our IT professionals know that it’s okay to fail
VOL/9 | ISSUE/10
5
IT CAREER MISSTEPS YOU SHOULD AVOID
1. DON’T STOP NETWORKING Networking can be a crucial part of any job search, but don’t quit once you’re hired, Chris Duchesne, vice president of global workplace solutions at Care.com says. Continuing to build strong business connections, and taking care of the relationships you already have, is critical for future success, he says. And don’t neglect networking and relationship-building within your own organization, he adds. Networking within your organization can help you gain visibility and contribute to your reputation as a team player. 2. DRIVE YOUR OWN DESTINY Duchesne says it’s important to take control of your own career path and avoid getting complacent. Too many people depend on their manager or boss to set the tone and the direction for their career path. He advises being proactive when asking for assignments and responsibilities. 3. CREATE A FIVE-YEAR PLAN To that end, Duchesne says, create and maintain a five-year plan. When you started out in your career, it’s likely you had a five-year plan, he says. You should make sure to keep that plan fresh; constantly updating and refreshing that plan and reviewing goals and achievements can help make sure you’re on track. 4. KEEP SOCIAL MEDIA PROFILES PROFESSIONAL “People do extensive research on these sites before they hire you,” Duchesne says. “Because of the technology, the personal and professional spheres are more integrated than ever, and it’s safest to assume that your social media persona is not separate from your professional persona,” he says. To avoid potentially career-ending mistakes, he says, you should know what your organization’s social media policies are and follow those to the letter. 5. KEEP YOUR IT SKILLS SHARP Finally, no matter what industry you work in, it’s important to keep building on and adding to your skill sets, he says. “It’s not enough to graduate from college and call it a day. Education is an ongoing process and it’s important to stay sharp and keep up with the latest industry trends if you want to be a key player at your company,” Duchesne says. — Sharon Florentine
when they’re coming up with new and innovative ideas,” Garland says. If your company puts the brakes on new ideas because failure isn’t an option, it might
be time to polish up that résumé. Otherwise, your career may take a hit when itz comes time to find a job at a company that thrives on innovation. REAL CIO WORLD | A U G U S T 1 5 , 2 0 1 4
65
EMC Forum is a global event experience designed for IT leaders and executives seeking insights to cloud solutions and opportunities to network and share with their peers. It is an ideal platform to learn about how the latest technologies can redefine your business and prepare your organizations for the future.
October 9 & 10, 2014 | JW Marriott Aerocity | New Delhi Entry by invitation only.
ACTION PACKED AGENDA
Celebrity Entertainers
Gala Awards Night
Innovative Tech Showcase
Expert Speakers
Live Demos with vLabs
Insightful CXO Engagement
EMC Forum 2014 is gearing up to be the biggest tech showcase of the year. It promises to be a storehouse of path-breaking sessions, cutting-edge technology and usable inputs from global experts. With a dedicated day for CIOs on October 9th, you can expect to learn how EMC can redefine organizations of all sizes by accelerating their abilities through the power of the hybrid cloud.
CIO Career
2
Respect and Recognition are Afterthoughts
Competitive pressures should not translate into poor treatment of staffers and co-workers, but all too often, dignity and respect take a back seat when the going gets tough. When contention impedes results, a change of scenery may be the right call. “Passionate arguments are required [in IT], but insults or anger never brought a system from an idea to the production environment,” says Bill Thirsk, vice president of IT and CIO at Marist College. Respect means more than just the occasional pat on the back. Employers intent on retaining tech talent offer formal or informal rewards systems to recognize extraordinary efforts or achievements. Marist’s Thirsk, for example, encourages staffers to take risks and apply for awards. “It could earn them a really nice trip [that] we will sponsor, a Starbucks gift card, or an endof-year cash bonus,” he says. If your company doesn’t do the same, it may be a sign that it doesn’t adequately respect good work.
Clear Career Path— 3 NoBeyond Management
Management isn’t for everyone, but far too few employers offer career opportunities beyond managerial ones. For many IT pros, this means alienation from their one true love: Working with tech. If your employer offers no clear career path for your niche, chances are it does not recognize—let alone value—the variety of career interests that a healthy IT organization should support. Managers have to recognize that not everybody in IT is the same, says Greg Meyers, vice president-global IT, Biogen Idec, a biotechnology company. There are different types of IT professionals, he says, and each wants to be offered viable career paths. Some people might like to run projects that deliver basic services to the organization, while others are happiest when they’re continually experimenting with new technologies or testing new theories. Still others might want to dedicate themselves to security or governance efforts. 68
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
“We need to first be clear on which type they are, and then make sure we’ve created career paths for them,” Meyers says. “There is room in IT departments for all of these types. I think where [organizations] often fail is they don’t recognize that different groups of people need different things to give them a sense of hope” at work. It’s up to the supervisors within individual areas of IT to make sure that employees are receiving the appropriate career development and coaching they need. Is your supervisor showing a genuine interest in what you want to do over the long haul, or is it a day-to-day grind with no consideration for where you’re headed?
are Not Sought from 4 Leaders the Tech Ranks
Working on an IT project from concept to completion and seeing the impact the effort has on the business can be hugely satisfying.
IT
If your company isn’t creating opportunities for IT pros to have input throughout the lifecycle of IT projects, let alone lead them, then it might be worth looking for a new employer that does. As PwC’s clients demand edgier, faster, and more innovative offerings, the firm has created roles in its IT organization that are focused on strategy for each of its business lines, Garland says. “To provide the highest level of client experience and meet the everexpanding demand for new solutions, we’ve created roles responsible for owning IT products through the entire lifecycle,” he says. This fits with the firm’s IT strategy of appointing leaders to conceptualize business strategy first then develop technology tools next. “We are in the strategy game now, not just the technology game,” Garland says. “In addition to being cutting-edge technology specialists, our IT professionals are proactive business leaders
STRESSED STAFF CALL ‘IT’ QUITS
Research conducted by Opinion Matters has revealed that 68 percent of IT staff are actively considering leaving their job due to job-related stress. The survey gauged respondents’ stress levels at work and revealed their opinions on their main stressors, as well as how their stress level compares to that of friends and family, and how it affects their personal and professional lives. The survey found that 67 percent consider their job stressful-just one percent lower than in 2013, when similar research was carried out. Over a third (36 percent) have missed social functions due to overrunning issues at work, and a further 36 percent reported missing time with their families due to work demands on their personal time. In addition, 28 percent of IT staff regularly lose sleep over work pressures, and 19 percent have suffered stress-related illness—up on 2013—while a further 15 percent complain of feeling in poor physical condition due to work demands. And 17 percent of respondents have seen a relationship fail or be severely damaged due to their job. One quarter (24 percent) feel they are the most stressed person in their social or family group. Management was clearly singled out as the biggest contributing factor to workplace stress, with half the respondents citing management as the biggest source of stress for them. — Antony Savvas
VOL/9 | ISSUE/10
CIO Career across all of our service lines.” And nothing says dead end like a lack of leadership opportunities.
5Train on Your Own Time or Dime
Let’s say you want to learn a new programming language or develop some business management skills, but the only way to do this is by paying for classes yourself and taking them on the weekend or at night. You might just be training yourself for a new job at a new employer. Companies that are invested in their employees are willing to pick up the tab to train them. They also offer career development initiatives, such as formal or informal mentorship programs, says Melisa Bockrath, vice president of the IT Americas product group at Kelly Services, a staffing services firm. Some even allow employees to rotate through various projects, exposing them to new technologies as well as different parts of the business, Bockrath says. So if attending an offsite workshop or an industry conference is a stretch for your current employer, it’s probably time to expand your horizons elsewhere.
for IT is Cloudy or 6 Vision Conflicted
Working in an environment where strategic goals for IT department are vague or contradictory is a recipe for frustration. Worse, it can indicate that management is conflicted over the long-term role and value of IT. “People value workplaces where they feel that they have a meaningful purpose, both as a group and as individuals,” says Mike O’Dell, senior vice president and CIO at retailer Raley’s Family of Fine Stores. “The painstaking and usually slow process of building leadership, creating a mission, and developing a culture of excellence” is how successful companies foster this sense of purpose. If your company hasn’t put in this work, or is showing signs of backing away from it, it may be because IT is viewed as back-office commodity work, ripe for costcutting measures. Or it may be simply a matter of weak management within IT. “We’ve all heard
VOL/9 | ISSUE/10
Competitive pressures should not translate into poor treatment of staffers and coworkers, but dignity and respect take a back seat when the going gets tough. for years that employees don’t leave organizations—they leave because of direct management,” Kelly Services’ Bockrath says. Superiors who lack leadership skills or are ineffective at communicating the value IT can derail the career goals of those who report to them. Don’t miss the signals.
7 Teamwork: A Thing of the Past
Poor teamwork often leads to failed projects. The problem is that while the project is in motion, it’s not always easy to spot poor teamwork in action. One sure sign is a top-down disinterest in your work. Encouraging excellent communication should begin with managers, says Michael Wright, vice president and IT director, HomeTown Bank. “Nothing discourages employees more, in my opinion, than an unanswered email or phone call.” And in this age of mobile devices and online collaboration tools, there’s no excuse for people not to stay in touch. “I’m interested in fostering feelings of value and worth among the team members. That’s a critical piece to me personally, being responsive, even if it’s a ‘no’ or ‘not now,’” Wright says. If you find yourself working in a
vacuum or battling others for attention and recognition, teamwork may have already eroded behind repair.
Trends Met With 8 Tech Skepticism
IT trends are always emerging, and not every company can benefit by jumping on each new wave. Social networking, gamification, big data—valuable IT resources can be wasted following the flavor of the month. But if your company steers clear of every new trend in favor of keeping the lights running, consider it a red flag worth paying attention to. Organizations interested in the career growth of their IT employees allow IT staffers to spend a higher percentage of their time on forward-looking projects rather than on operations, says Mark Farrow, vice president and CIO at healthcare provider Hamilton Health Sciences.
9 Little Outlet to Experiment
Along the same lines as staying up on and embracing some of the latest trends, organizations that do not encourage IT pros to experiment with new tech tools are doing their employees a career disservice. Farrow says he tries to get IT staffers “the latest technology to be able to play with, so that they can learn. But also [to] help them think about where it could take us, while giving them access to new things to learn; we do this in a focused manner, as we cannot get tech for the sake of tech, but it is a way to harness the interest and advance the learning.” People that venture into IT careers typically enjoy working with the latest technology, Xylem’s Colisto says. “So if you work for a company that doesn’t enjoy the risk associated with using bleeding-edge technology for its finance systems, you can at least allow your staff to dabble in the latest and greatest trends in safer areas.” And if you find yourself unable to scratch that itch with new tech, tedium and stagnation may be just a few steps away. Don’t let it kill your career. CIO
Send feedback to editor@cio.in
REAL CIO WORLD | A U G U S T 1 5 , 2 0 1 4
69
ENABLING A NEW STYLE OF
BUSINESS-READY IT
Disruptive technologies like in-memory databases will change how enterprises plan and consume IT. In a series of roundtable discussions, leading CIO’s discussed ways to minimize the impact of the disruption and make the transition smoother. By Aritra Sarkhel
I
n the dynamic IT scenario prevailing in enterprises today, CIOs irrespective of industries are grappling with new challenges when it comes to fulfilling business needs. For instance, the number of projects that IT handles has increased exponentially compared to the amount of time and resources available to deliver them. Needless to say, the onus is on CIOs to ensure that IT matches the speed at which business is changing. To derive insights on the challenges presented by the new age of business-ready IT and ways to overcome them, HP and Intel in association with CIO magazine recently conducted roundtable discussions
among leading CIOs in Mumbai and Gurgaon. The discussion also revolved around how organizations can keep themselves abreast of disruptive technologies such as in-memory computing and other innovations.
Technologies such as in-memory computing provide a common platform designed for faster big data analytics, a more scalable data warehouse, and the ability to migrate business applications to one underlying database. An optimized
“The advancement in hardware technology has led to process optimization and automation in the last one decade, resulting in the creation of a lot of data. Making sense of this data quickly will accelerate revenue generation.” —Maneesh Sharma, Head, Solutions & Business Development, SAP India
EVENT REPORT HP data management architecture should be deployed without disruption to unlock operational efficiencies and turn large amounts of data into real-time, actionable business insights. According to Maneesh Sharma, head, Solutions & Business Development, SAP India, business benefit is the primary driver in the entire process. “The advancement in hardware technology has led to process optimization and automation in the last one decade, resulting in the creation of a lot of data. Making sense of this data quickly will accelerate revenue generation,” he said. In the same vein, Sudip Mazumder, divisional CIO and GM-Business Transformation, KEC International, said, “Big data is the new big kid on the block, but these are still early stages. Especially for B2B and B2C sectors, there are two definite areas to look into: One is the end-consumer side and other one is the internal machine side where we can use big data effectively.” Manoj Shrivastava, director-IT, MTS India, had a similar perspective to share. He pointed out that in today’s IT scenario, customer CIOs are talking more about actionable analytics. “The concept of actionable analytics is being embedded into business processes and is no more a post facto analysis. The way the industry has been moving, analytics and in-memory computing are not just standalone technologies but are now embedded into processes. It is part of business functions. That is the thought process that business users are coming back with.” Mukesh Kumar, CIO, TGP Wholesale, spoke about the imminent inevitability of including in-memory computing into
“HP has designed servers tailored for specific workloads to deliver optimum performance. These servers share management, power, cooling, networking, and storage, enabling a faster innovation cycle.” —Vikram K, Director, HP Servers
the IT infrastructure. The main reason, according to him, was that business users today want to take decisions faster. “No one wants to do those long-architected technology projects because business wants to start and see immediate ROI
and benefits. They want to just close on the enablement curve as well. People are doing analytics to impact revenue generation or margin generation. Sometime in the future, everyone would go for in-memory databases because of the performance they deliver.” On the other hand, family owned Avon cycles wanted to buckle up for the huge growth in the near future. “We wanted to analyze the huge amounts of data to gather momentum in critical areas of business like sales and procurement which would eventually assist in real time monitoring,” says Kuljeet Sethi, CIO, Avon Cycles. Such pressing needs made Sethi and team migrate to HP as-a-service solution for SAP HANA which saw a momentous increase up to 45% in terms greater execution of business functions and got an 80% reduction in back up requirements. Similarly, cloud, mobility, security, and big data are transforming what business expects from IT, giving rise to a “new style of IT” which is largely dependent on hardware. According to Vikram K, Director, HP Servers, what’s required today is a huge leap forward in infrastructure design that addresses the speed, scale, and specialization that enterprises demand. “Towards this end, HP has designed servers tailored for specific workloads to deliver optimum performance. These low power servers share management, power, cooling, networking, and storage, enabling a faster innovation cycle,” he said. “With nearly 10 billion devices connected to the Internet and predictions for exponential growth, we’ve reached a point where the space, power, and cost demands of traditional technology are no longer sustainable. These servers mark the beginning of a new style of IT that will change the infrastructure economics and lay the foundation for the next 20 billion devices,” he added.
This event report is brought to you by IDG Services in association with HP and Intel
Security
DESIGN DECODE DECIDE
By Nancy Gohring
Itâ&#x20AC;&#x2122;s not just about collecting mounds of data anymore, but analyzing it to make smart decisions.
72
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
VOL/9 | ISSUE/10
Analytics
T
elegant solutions—or if they have, they’ve had to do a The market for connected devices like fitness lot of custom wrangling to get it right. wearables, smart watches and smart glasses, not to mention remote sensing devices that track the health of equipment, is expected to soar in the coming years. Putting the Pieces Together By 2020, Gartner expects, 26 billion units will make “We see countless companies that are past the part up the Internet of Things, and that excludes PCs, of experimentation and deploying sensors and tablets and smartphones. collecting data” but that don’t have a fully integrated With so many sensors collecting data about solution, IDC’s Turner says. “It’s the complexity of equipment status, environmental conditions, and the implementation.” human activities, companies are growing rich with Businesses need infrastructure on the back end information. The question becomes: What to do with it that enables the combination of data from various all? How to process it most effectively and use it in the sources as well as the analytics power to make sense smartest way possible? of it all. Then they need dashboards or visualizations Businesses are learning that it’s not enough to gather that let line of business people understand the mounds of data. The data on its own is only marginally meaning of the data so they can make smart decisions interesting. “Where we are today is static,” says Vernon based on it, he says. Turner, an IDC analyst. Daikin Applied is one company that, with the help Some current examples in the consumer world of partners, has put together a sophisticated set of exemplify this. A fitness wearable, for instance, might hardware and software that collects and analyzes 4,000 tell users how many steps they’ve walked in a day. But different data points about its commercial heating and the device could be much more valuable if it were linked air conditioning rooftop units. The system, designed to other health data. In that case, an app could tell the with Intel, syncs with weather forecasts to allow user that lack of activity might explain higher blood building owners to adjust for changing temperatures pressure results. Or, the device could learn that the user in advance and lets Daikin know when changes in tends to walk less on weekends and send a reminder energy use by individual components indicate a failure during a gap on her calendar to get some exercise. is imminent so that the company can dispatch a repair A SunPower employee points to app that allows technician beforehand. homeowners with integrated solar panel roofs to In the future, the system also will let Daikin feed track their home’s daily, weekly and monthly power important data to local utilities that might be able to production and consumption. use it to reduce the power output to any given piece of It’s a similar situation for businesses that are gear. Talks with utilities are in preliminary stages right collecting detailed information about products in the now, says Kevin Facinelli, executive vice president of field and trying to marry it with data from other sources operations at Daikin Applied. (Daikin Applied is part so that they can make smart business decisions. of Daikin Industries, the largest HVAC manufacturer Traditionally, businesses have used tools like in the world.) business intelligence software to look at data about “Instead of just passing all the data through to the the company’s internal activities, he says. But adding cloud, we have an SoC so we can do pre-possessing,” other information including public data about the Facinelli explains. That means the gateway, which environment or local events, for instance, as well as will be built into all future Daikin rooftop systems, data produced by sensors that other companies have sends only important data, like a change in status of in the field, can add much more value, a component, rather than sending he says. along an endless stream of “I’m Reader ROI: It turns out, though, that combining normal” signals, he says. Doing How data can be used that data is often tough because it some processing on site reduces smartly typically comes in different forms. the volume of data that needs to be What you need to collect and For now, while many companies are transmitted—Daikin primarily uses analyze data moving in the right direction, not cellular connectivity—and also helps The importance of predictive many have built fully integrated, to reduce the data warehousing load analytics
VOL/9 | ISSUE/10
REAL CIO WORLD | A U G U S T 1 5 , 2 0 1 4
73
Analytics
on the back end. Daikin also uses a power meter that monitors the supply coming into the unit. Via the gateway, it sends data about the power signal to an Intel cloud, where it’s analyzed to determine the power usage of each component inside the HVAC system, like fans and refrigerant compressors. Without the back-end analytics, Daikin would have to install meters on each component, an implementation that would be prohibitively expensive, Facinelli says. Daikin’s commercial Rebel cooling or heat pumps allow property owners to track
energy consumption. Once the component energy use data is available, it’s sent to Daikin’s cloud, where Daikin uses it for fault detection and diagnoses and to predict if the equipment needs maintenance. Many businesses have been collecting data about equipment in the field for years. But what’s new now is that they can collect enough data, and the right kind of data, to do predictive analytics. At Daikin, the data about individual component use of energy is very valuable. “Over time if you see energy increasing for a motor, it can be a good indication
that the motor is starting to fail,” Facinelli says. Technicians have enough advance warning, probably a month, before the failure happens so they can service the unit before problems start. The energy use data also means Daikin can change filters only when needed, rather than on a regular schedule. That’s because components like the fan have to work harder, pulling more energy, when pollen and other material clog the filter. “Instead of changing the filter every week or every month, we do it when it needs it, based on performance,” he says.
Adidas is Smart With Sensors Adidas, sports apparel and equipment company has been building sensors into products in ways aimed at making both users and the company smarter. Adidas turns smart with the use of sensors into its products. Its new soccer ball, which Adidas calls the miCoach Smart Ball and is full of sensors that communicate with a user’s iPhone, shows information like the ball’s trajectory and how fast it was traveling when kicked. It also offers coaching about how to better curve the ball, for instance. Expected to become commercially available this summer, the ball also sends some data back to Adidas so the company knows if a user is improving his shots or putting more spin on the ball based on the coaching he’s getting from the app, says Chris Murphy, director of brand communications and digital marketing at Adidas. “We can see how consumers are using it, how frequently and if they are truly improving,” he says. That means Adidas could recommend products to an individual user based on her results. For instance, it could send a message to the user congratulating her on her improvements putting spin on the ball
74
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
and recommending a new Adidas shoe with a special design that could improve her shot even more, Murphy says. Similarly, Adidas currently offers a device that runners can attach to their shoes to monitor their performance. In addition to offering value to users, the data allows Adidas to market relevant products to them, he says. Adidas has also been selling smart apparel to professional sports teams, and last year all Major League Soccer teams began using them. Athletes wear shirts that have electrodes and sensors woven into the fabric. The shirts transmit more than 200 data records per second and a coach on the sidelines can use an iPad to monitor individual players, compare two players or view the whole team. Coaches can also view players’ heart rate, speed, acceleration, distance and field position. “We’re seeing real adoption at the professional level,” Murphy says of Adidas products aimed at top-tier athletes. In fact, he says, some teams are hiring new staff members to focus on how to best use the data from its smart products in ways that can help the teams train smarter. — Nancy Gohring
VOL/9 | ISSUE/10
Analytics
Daikin and its partners have been working on its system, including the gateway and the power meter, for about a year and have six installed systems as a field trial. The technology will be built into all units going forward and can be retrofitted into units built since 2008. A number of technologies had to be available for the companies to build this system. Mobile, cloud, analytics and a good user experience were all necessary, Facinelli says. “It isn’t about a lot of data but about contextualizing it for the user,” he says.
Businesses need infrastructure on the back-end that enables the combination of data from various sources as well as the analytics power to make sense of it all.
Building a Crystal Ball NCR, which similarly collects information about the status of many of its products, including ATMs, self-checkout machines at grocery stores and movie theater ticket kiosks, is also using predictive analytics to get ahead of problems, says Mark Vigoroso, vice president-global services strategy and program management, NCR. The predictions indicate that a failure is likely to happen—usually with a few days notice—giving technicians time to get to the site with the right diagnostic and repair equipment before a failure happens, he says. NCR has been doing this kind of prediction for several years, but Vigoroso says previously “It was a smaller operation with less precision, less accuracy and less coverage.” That said, it is still the “early days of capturing the value of predictive services. Our effectiveness depends on how broad our predictive logic coverage is.” NCR has done some pilot programs where it marries data collected from its machines with other sources of data to draw different types of conclusions. For example, it has combined weather data with equipment performance data to look for patterns that might indicate that heat, humidity or cold are impacting equipment performance, Vigoroso says. It has also started using cash management data, which it already supplies to customers of its ATMs, in new ways. NCR has long notified banks about nearby events like a major 76
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
sporting game so that the bank can ensure an ATM will have enough cash to support users. That same data, it turns out, is now helpful to NCR internally, because the company can use it to make predictions that help with machine maintenance. NCR knows how many card swipes the hardware can take before it begins to fail or how many receipts a printer will handle before it will have problems. Being able to factor in heavy usage related to events in advance allows NCR to more accurately predict when a component should be serviced—before it fails. “That’s the part we’re excited about. The new technologies that allow us to look across multiple data sets that allows us to crunch those numbers that we weren’t able to do previously,” Vigoroso says. NCR is using a software which lets users create SQL-like queries to do complex analysis in a simple way, says Brian Valeyko, senior director of enterprise data warehouse and business intelligence for NCR. Analysts can make queries in an isolated environment without having to fear any negative effects on production apps, he says. The setup allows NCR to build new queries much quicker than it used to. In the past, it might take three to six months to build a new algorithm to do predictive analysis about a given component, Valeyko says. Plus, depending on the size of the data set, those algorithms might take days or
weeks to produce results. With its current implementation, Valeyko figures the company can now run through that process in 20% of the time it used to. That allows it to tackle new types of analysis, by correlating data, for example. Valeyko describes a scenario where NCR can now look at data about a printer component that’s used in many different products. Rather than just knowing that the printer is having problems in all the products, analysts can discover, for instance, that it’s actually only failing in products where it’s combined with a certain kind of power supply. For now, companies like Daikin and NCR have pieced together their sensor-analysis systems, using some off-the-shelf products plus plenty of their own development. Will it get easier? “Absolutely,” says Avalon Consulting’s Cagle. Once more work is done on easing the pain around unifying different kinds of data, putting together systems like what Daikin and NCR have won’t be quite so challenging, he says. CIO
Send feedback to editor@cio.in
VOL/9 | ISSUE/10
ESSENTIAL
technology IMAGE BY MASTERFILE.COM
NETWORKING
Today's hardware and software applications’poor performance is hugely impacting cloud-based environments. Here’s how the challenges can be addressed.
VOL/9 | ISSUE/10
SDN to the Rescue BY DR. HOSSEIN ESLAMBOLCHI
NETWORKING | As an industry, we have been looking at cloud-based technologies both from private and public structure and thinking of how best to optimize design, engineer, and develop such technologies to better optimize the world of wireless and the Internet of Everything. But one aspect that has not been discussed at length is how poorly hardware and software perform in cloud-based environments. I want to discuss some of the challenges that the industry is facing and some potential solutions that can help create and bring a new revolution to the world of Wide Area Networks (WAN), along with the automation of practically every human-to-human and human-to-machine interface. Currently, there are two technologies being discussed almost everywhere—software defined networking (SDN) and network function virtualization (NFV). While these vary in structure according to vendors, clearly, all of them attack certain aspects of the mobile carrier network or Tier-I landline networks. Let me give you my two-cents on what these technologies must address. SDN must create a more agile network with the development of an open northbound interface. This becomes an enabler for service providers (SPs) to reduce time-to-market for service introduction, reduce capex unit cost by focusing network elements (NEs) to just REAL CIO WORLD | A U G U S T 1 5 , 2 0 1 4
77
ESSENTIAL technology
move traffic, and reducing opex unit cost for network services that take significant human capital cost to deliver, such as establishing protection and restoration or providing new connectivity services. NFV must enable SPs to provide new services, and hence, new incremental revenue, by replacing dedicated hardware/ software located on the customer premise, e.g., DVR, storage, firewall and others. Cloud computing, on the other hand, must enable enterprises to leverage shared and scalable computing resources, hardware and software to impact their capex and opex unit costs. These promises are expected to deliver a much better total cost of ownership (TCO) with lower opex and in essence support moving to a hardware-agnostic or independent model, offering further savings. About a decade ago, I predicted that the battleground in the 21st century would be all about software and not hardware. Although hardware is needed, it is the role of software to optimize all five
mobile access points up to WANs. SDN, by itself, is not really a new technology and has been in existence since 2006. It has been used to mainly improve data center performance, since the concept of big central offices with large Class 4/5 switches is pretty much obsolete in the 21st century. But SDN has a long way to go to deliver an agile network. Today's management of transport networks does not match the agility of the cloud-based services being deployed on them. These two have to converge to bring the transport agility into the 21st century for service delivery. Why should it take weeks and months to establish a new enterprise customer on an SP network? Why should it take weeks to provision high-speed point-topoint connectivity with specific protection requirements? SDN has yet to deliver just that. NFV, in contrast, was introduced between 2010 and 2012 to operators in order to improve service time-to-market and network flexibility and allow a smooth transition to the cloud with significantly lower opex. In my view, the sky is the limit
Challenge your teams to ask how SDN and NFV functions can work in harmony, including within datacenters from public to private, from orchestration to automation and hybrid-based cloud models. functions above using new state-of-the-art technologies such as SDN and NFV. The problem that can become very complicated is that enterprise customers' networks and appliances are not designed for multiple tenants, pay-for-play or on-demand services. However, SDN and NFV are fundamentally designed for such functions. That means that it is imperative for CXOs to sponsor corporatewide programs to move into SDN and NFV, offering capabilities to drive higher revenues while competing for device replacements at the network margins from 78
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
on NFV. For any onsite services (storage, firewall and DVR), whether today or in the future, NFV gives SPs the opportunity to deliver both consumers and enterprises major benefits, such as having a turn-key solution that lowers costs and improves quality of service (QoS). From my perspective, I believe NFV has already taken over Layer 4-7 of the SDN movement by delivering lower capex and cycle time, creating a competitive supply of innovative applications by third parties and introducing control abstractions to foster innovations that
85%
of Indian CIOs say SDX is not on their tech roadmap despite its advantages. carriers need in order to compete with all over-the-top players. Let's also note that the new world requires openness in almost every API layer of the network from access to the core. The issue is legacy systems and processes that need to be changed in order to adapt to the new world of SDN and NFV. In essence, these sectors need to change all analog processes using legacy systems into digital processes, in which NFV can easily fit. That transition may take years, if not a decade, before it is fully implemented. But the question is whether MNOs and Tier-I carriers can wait that long to implement NFV and get the most optimized set of solutions in order to compete globally. My guess is no, they cannot wait and stay competitive. Mobile network operators (MNOs) and Tier-I land-line carriers need to aggressively and quickly implement NFV to remain competitive. I'll tell you how. A significant amount of innovation both from the vendor and carrier side is needed to turn these into real, actionable plans to finally change the structure and essence of what we had been dealing with for many decades (WAN). It is time to bring a new revolution to this space, especially around 4G LTE. Adding billions of devices to the network drives this complexity even higher, which, in turn, drives the need for higher speed of integration. I believe that if we look at the centralized control plane architecture of SDN along with the virtualized nature of NFV, one can allow network administrators to place
VOL/9 | ISSUE/10
ESSENTIAL technology
network resources where they can deliver the best customer experience at the lowest cost while minimizing even churn in every aspect of the process, especially throughout the wireless world. This could also mean that we may need to place resources at the edge of the network, using policy-based management and real intelligence driven by devices and networks. The role of IT can easily be defined as building high-level configuration and policy statements, which can then flow through the distributed infrastructure via Open Flow. This eliminates the need to reconfigure network devices each time an endpoint, service or application is added or moved, or when a policy changes. The implications of such a scenario are what I would have dreamed about a decade ago to bring more innovation with lower cycle time and costs. The time has finally arrived for this to be done using both SDN and NFV, working in harmony. Let’s examine the operations side and what applications are most suited for NFV/SDN. My top choices, given the industry, are—consumer CPE, service assurance, SLA monitoring, Network policy control and charging, tunnelling gateway, traffic management including deep packet inspection with massive amounts of data, VoIP signalling, network engineering and optimization, and network-based security respectively. My final thoughts and recommendations are to challenge your teams to ask how both SDN and NFV functions can work in harmony, including within data centers from public to private, from orchestration to automation and finally hybrid-based cloud models, using both SDN and NFV. The other challenge is to enable agile hardware and software connectivity and automation of human-to-human and human-to-machine interfaces as they exist in the wild, to seize the opportunities created by the rapid development of endpoint and mobile devices and the Internet of Things. CIO
CLOUDY FUTURE AHEAD
Private Cloud Guide CLOUD COMPUTING |Cloud has become vital for every enterprise’s tech management strategy, but designing a robust cloud strategy is not easy. Enterprises struggle with their private cloud built-out. Success with a private cloud comes only through embracing the true cloud model of self-service, full automation, and business and developer agility. There are certain things that every tech manager should know about private cloud to avoid over-investment, missed deadlines, and strategies that limit better engagement with internal customers. A majority of enterprises today claim private cloud adoption, but in reality they don’t have a private cloud, rather an improved virtualization environment that uses a private cloud software for tech management efficiency practices. There has been an emergence of four private cloud approaches that are being driven by very different strategies—reflecting different priorities, budgets, sizes, keys to success, vendor selection criteria, and challenges—and thus, have variant scopes and outcomes. Also, transformational hybrid cloud strategies can be a long and arduous process. It's not the net-new resources that slow private cloud adoption, but connecting these environments to your legacy systems of records, operational processes, and help desk systems is what slows it all down. Along with this, enterprises are also now asking when they should leverage public versus private cloud on an application/workload level, where specific application characteristics align to certain deployment models. Achieving cloud economics within a private cloud environment needs a large, diverse user base, highly standardized costs, a pervasive chargeback system, and aggressive capacity planning and consolidation practices. Designing and implementing incentives that reward change while showing a promising career path is essential for a successful private cloud strategy.
— Forrester Report Send feedback on this feature to editor@cio.in
VOL/9 | ISSUE/10
REAL CIO WORLD | A U G U S T 1 5 , 2 0 1 4
79
endlines INTERNET OF THINGS
* BY MADHAV MOHAN
You are eating out with your friends but are distracted because you are concerned about the safety of your home. You could do one of two things: Dash out of there and rush home, or sit back, relax, and enjoy your dinner because you have a robot for a guard. Yes, you read it right. Meet Bot-SO, a smart robot created by Debraj Dutta, Tapas Bose, and Avinaba Majumder of Edifixo. Bot-SO interacts with users via Twitter and can be deployed for remote home surveillance. Users send a tweet from their smartphones to the robot to survey a particular area in their homes. When it senses a stranger—using motion detectors—it uploads the message on Google drive and sends a URL to the users’ private chat window, alerting the user. “Robots will become a part of our lives like digital systems have today. Social media is the platform which brings machines and humans together and,” says Dutta, who is the director of Edifixo. The company is a subsidiary of EdifiXio SAS, Paris, and it provides services like CMS platform development and J2EE software integration, implementation, installation, support and operation to enterprises. And its IoT-based robot is an interesting indicator of the fact that technology is moving to the next level.
80
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
VOL/9 | ISSUE/10
IMAGE BY T HIN KSTO CKP HOTOS.IN
Robot Stands Guard
FROM THE EDITOR-IN-CHIEF
PUBLISHER, PRESIDENT & CEO Louis D’Mello ASSOCIATE PUBLISHER Parul Singh E D I TO R I A L EDITOR-IN-CHIEF EXECUTIVE EDITORS DEPUTY EDITOR FEATURES EDITOR ASSISTANT EDITORS
Hybrid Surge A “hybrid first” cloud model is emerging across Indian enterprises big and small. When I first wrote an edit on cloud computing six years ago, there was buzz around SOA, server virtualization was turning to magma, and an enterprise-class cloud was little more than vapourware. You’d think that with time cloud computing would gathermomentum, and at a goodly pace. The typical large enterprise one expects would set up a highly virtualized environment, increase automation, add in an orchestration layer, throw in better manageability, migrate apps and voila—the private cloud. So would it surprise you to note that that’s not how enterprise cloud strategy is playing out in India? A little over six months ago, conversations that I’d been having with a host of CIOs pointed to a new trend emerging—India Inc. was beginning to see a move toward a “hybrid first” model. The latest data from the State of the CIO: Mid-Year Study indicates that this trend, this trickle, has turned into a raging torrent, with 49 percent of Indian mid-to large enterprises choosing a hybrid strategy. These companies believe that doing so provides them with better performance, higher control, lower cost and improved reliability. I’m not surprised at this hybrid surge. If you take today’s business demands of efficiency, agility and speed, add the blurry business horizon, with a generous helping of business end-goals and stir in the acute shortage of internal IT talent most organizations are staring at a recipe for catastrophic business failure. In trying to avoid this, CIOs have few options than to move some workloads to the public cloud, while keeping the more critical ones within the perimeter. Our research backs this, given that the top three workloads moving to the public cloud are mail and messaging, collaboration and externally-facing web-apps. Then there’s also the increase in datacenter complexity that’s being driven by increasing data volumes, a rise in the quantum of business critical appsand, of course, virtualization. Thus, it is that 39 percent of CIOs move less critical systems and processes to the cloud. Yet whichever path gets chosen, it leads to one inescapable destination—the here and now and future of the cloud is hybrid. Companies might choose to keep some data and applications at home to escape issues with latency or compliance, the rest will need homes elsewhere—homes that will be rented.
Vijay Ramachandran Gunjan Trivedi, Yogesh Gupta Sunil Shah Shardha Subramanian Gopal Kishore, Radhika Nallayam, Shantheri Mallaya SPECIAL CORRESPONDENT Sneha Jha PRINCIPAL CORRESPONDENTS Aritra Sarkhel, Shubhra Rishi, Shweta Rao SENIOR COPY EDITOR Vinay Kumaar VIDEO EDITORS Kshitish B.S., Vasu N. Arjun LEAD DESIGNERS Suresh Nair, Vikas Kapoor SENIOR DESIGNERS Sabrina Naresh, Unnikrishnan A.V. TRAINEE JOURNALISTS Bhavika Bhuwalka, Ishan Bhattacharya, Madhav Mohan, Mayukh Mukherjee, Sejuti Das Vaishnavi Desai SALES & MARKETING PRESIDENT SALES & MARKETING VICE PRESIDENT SALES GM MARKETING GENERAL MANAGER SALES MANAGER KEY ACCOUNTS MANAGER SALES SUPPORT SR. MARKETING ASSOCIATES
Sudhir Kamath Sudhir Argula Siddharth Singh Jaideep M. Sakshee Bagri Nadira Hyder Arjun Punchappady, Benjamin Jeevanraj, Cleanne Serrao, Margaret DCosta MARKETING ASSOCIATES Varsh Shetty LEAD DESIGNER Jithesh C.C. SENIOR DESIGNER Laaljith C.K. MANAGEMENT TRAINEES Aditya Sawant, Bhavya Mishra, Brijesh Saxena, Chitiz Gupta, Deepali Patel, Deepinder Singh, Eshant Oguri, Mayur Shah, R. Venkat Raman O P E R AT I O N S
VICE PRESIDENT HR & OPERATIONS FINANCIAL CONTROLLER CIO SR. MANAGER OPERATIONS SR. MANAGER ACCOUNTS SR. MANAGER PRODUCTION MANAGER OPERATIONS EA TO THE CEO MANAGER CREDIT CONTROL ASSISTANT MGR. ACCOUNTS
Rupesh Sreedharan Sivaramakrishnan T.P. Pavan Mehra Ajay Adhikari, Pooja Chhabra Sasi Kumar V. T.K. Karunakaran Dinesh P., Tharuna Paul Prachi Gupta Poornima
All rights reserved. No part of this publication may be reproduced by any means without prior written permission from the publisher. Address requests for customized reprints to IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027, India. IDG Media Private Limited is an IDG (International Data Group) company.
Vijay Ramachandran, Editor-in-Chief vijay_r@cio.in VOL/9 | ISSUE/09
Printed and Published by Louis D’Mello on behalf of IDG Media Private Limited, Geetha Building, 49, 3rd Cross, Mission Road, Bangalore - 560 027. Editor: Louis D’Mello Printed at Manipal Press Ltd., Press Corner, Tile Factory Road, Manipal, Udupi, Karnataka - 576 104.
IDG Offices in India are listed on the next page
REAL CIO WORLD | J U N E 1 5 , 2 0 1 4
105
contents AUGUST 15, 2014 | VOL/9 | ISSUE/10
72 | Design. Decode.
Decide
FEATURE | ANALYTICS It's not just about collecting mounds of data anymore, but analyzing it to make smart decisions. By Nancy Gohring
Case Files 58 | Fortis Healthcare PUBLIC CLOUD How Fortis Healthcare made the venturesome move to a 100 percent public cloud model By Radhika Nallayam
62 | IndusInd
3 8
COVER DESIGN BY UN NIKRISHNAN AV & VIKAS KAP OOR
38 | Broken Promises COVER STORY | SECURITY Beware bold promises from a multibillion-dollar industry that can’t prevent your IT systems from being routinely hacked. Here are seven promises that they can’t deliver on. By Roger A. Grimes with inputs from Ishan Bhattacharya, Radhika Nallayam and Sneha Jha
VIDEO BRANCH IndusInd Bank deploys an app, which allows customers to enjoy banking services via a video chat. It’s creating a lot of customer stickiness, says the bank’s CIO. By Shubhra Rishi
5 8
64 | 9 Signs You Should Jump Ship FEATURE | CAREERS Poor teamwork, little experimentation, no clear career path—your employer may be sending unmistakable signals of career stagnation. Don't miss them. By Bob Violino
2
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
VOL/9 | ISSUE/10
14 – 17 October Goa, India gartnerevent.com/in/symcio
THE WORLD’S MOST IMPORTANT GATHERING OF CIOs AND SENIOR IT EXECUTIVES Register using promotion code SYMAD1 by 15 August to save INR 11,000
Gartner Symposium/ITxpo at a glance: • Four days • 950+ attendees with 300+ CIOs • Over 125 analyst-led sessions
Driving Digital Business Digital business is blurring the lines between the digital and the physical worlds, disrupting all industries and redefining the role of IT. At Gartner Symposium/ITxpo 2014, CIOs and senior IT executives will learn how to realize, build and optimize digital opportunities, move digital business from theory to practice, and evolve their own IT leadership to become indispensable in the new digital business world.
• Exclusive CIO Program • Five role-based tracks • 270+ organizations • 30+ Gartner analysts on-site • 40+ solution providers
LUMINARY GUEST KEYNOTE Lewis Pugh Ocean advocate, maritime lawyer and a pioneer swimmer
CIO PROGRAM KEYNOTE Anupam Kher Padma Shri award-winning actor
DEPARTMENTS 1 | From the Editor-in-Chief Hybrid Surge By Vijay Ramachandran
7 | Trendlines
5 0
Electronics | A Reel Death Applications | The Garden of Edyn Robotics | Robo Museum Guide Wearables | Happiness Quotient Supercomputers | Reborn from the Crap Components | Computer-abled Popular Science | Monkeys Love to Gamble Consumer Electronics | Anyone Can be a Weather Reporter Environment | Tech to Ease Beijingâ&#x20AC;&#x2122;s Breathing Social Media | Challenge of the Century: Quit Facebook By the Numbers | Software Status: Unlicensed
22 | Alert Threat | A Mole in Your Bay Breach | Security Nightmares
50 | Where the Customer Comes First CXO AGENDA | OPERATIONS Why Somesh Chandra, Director-Customer Service, Operations, Technology and chief quality officer, Max Bupa, believes in putting his customers on a pedestal and is banking on IT to keep them there. By Shubhra Rishi
Column
52
30 | The Robot Apocalypse ROBOTICS Robots are coming, and they will eventually take many of our jobs.
77 | Essential Technology Networking | SDN to the Rescue Cloud Computing | Private Cloud GuideWork
80 | Endlines Internet of Things | Robot Stands Guard By Madhav Mohan
3 4
By Rob Enderle
34 | Wasted Wearables? WEARABLES Wearable tech devices promise to improve health, fitness and wellness. To have that impact it must go beyond telling people things they already know. By Brian Eastwood
4
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
VOL/9 | ISSUE/10
CIO Online
.in CIO ADVERTISER INDEX
Accenture Services Pvt. Ltd
[ CI O TV ]
BC
Bharthi Airtel Ltd
17, 18 &19
Video Library
Business Software Alliance
5
Cyberoam Technologies Pvt. Ltd
9
From peer-to-peer advice, and new technology developments to international events, our videos cover everything that affects you. Keep yourself abreast with the world of IT, watch our videos on cio.in.
Gartner India Research & Advisory Services
[ Ca se S tudies ] Real Solutions
To know about the different business challenges that companies in your industry and beyond faced and how their IT departments came to their rescue, read our case studies. Real problems. Real people. Real solutions. cio.in/find/case_study
[ S l i des hows ] From the IT in the World Cup to other tech projects, view our slideshows.
Pvt Ltd
3 + flap on cover
IBM India Pvt. Ltd
IFC
Microsoft Corporation (India) Pvt. Ltd. 28 & 29 SAS Institute (India) Pvt Ltd
15
Schneider Electric IT Business India Pvt Ltd. IBC Starcom of Denuo Ltd Taiwan Branch(Delta)
11
Tata Communications Ltd
12 & 13
Vodafone India Ltd ( Corp)
insert
[ Su r veys ]
By the Numbers Our surveys are a treasure trove of technology, staffing, security trends and beyond. They mirror economic realities and how they impact you. Visit the By the Numbers section online. cio.in/by-the-numbers
[ N EWS ] Our CIO World newsletter gives you a daily dose of everything that impacts you, your staff, and your business. Log on to check out the latest news.
Don't receive our newsletters? Log on to our website to subscribe today!
>> cio.in/news
Read More@ cio.in 6
>> Case Studies >> Whitepapers >> Articles >> Slideshows >> CEO Interviews >> Events
J U LY 1 5 , 2 0 1 4 | REAL CIO WORLD
FOLLOW US ON www.facebook.com/CIOIndiaIDG twitter.com/CIOIn
This index is provided as an additional service. The publisher does not assume any liabilities for errors or omissions.
VOL/9 | ISSUE/09
E D I T E D B Y VA I S H N AV I D E S A I
NEW
*
HOT
*
UNEXPECTED
A Reel Death It gets weirder: Compared to the overall study population, the study participants who watch more than three hours of TV daily are 44 percent more likely to die from heart disease or stroke, 21 percent more likely to die of cancer, and 55 percent more likely to die from something else. The amount of TV watching made the difference; age, sex, smoking, weight, and diet did not. Why is long-term TV watching so deadly? No one knows. Dr. Martinez-Gonzalez thinks it may be due to people binging on junk food while watching TV, but who does that? No one we know. Um. Predictably, the experts are advising people to watch less TV and get more exercise to avoid these negative effects.
TRENDLINES
First the experts told us that sitting too long at our computer screens can cut our life spans, due to a lack of exercise and gaining weight. But now they’re saying that watching House of Cards from start to finish is also seriously dangerous for our health—and not just for old folks! That’s right: An ongoing Spanish study tracking 13,284 affluent, healthy people with an average age of 37 found that people who watch lots of TV are at a much greater risk of dying. To be precise, “Participants reporting three or more hours a day of television viewing had a twofold higher risk of mortality than those reporting less than one hour a day,” said Dr. Martinez-Gonzalez of the University of Navarra, writing in the Journal of the American Heart Association. Apparently the risk of dying for this youthful group of binge TV-watchers is higher than that for those same-age people who sit at a desk all day, or drive a car for a living!
ELECTRONICS
—By James Careless
The Garden of Edyn
VOL/9 | ISSUE/10
bigger, healthier plants, even if they’re a complete novice in the garden. Edyn’s garden sensor measures how much light, water, and fertilizer your plants are receiving, collecting this data via a long metal probe that you stick in the ground in your garden. Sensors at ground level detect the ambient temperature, light, and humidity, while sensors in the probe measure the soil’s moisture, acidity, and fertility. The system uses Wi-Fi to send all that data up to the cloud, where it’s analyzed along with the data you entered into the Edyn app about what you’ve planted, and weather data based on your location. That lets the
cloud intelligently control the other half of the system, the Edyn water valve, which has regular hose threads to connect to your water source: Drip irrigation, soaker hose, or even a plain old sprinkler. Aside from just telling you what your plants need, the app can even recommend a mix of plants that should thrive in your garden’s conditions. If the shipping hardware is as wellbuilt and expensive-feeling as the working prototype I saw, and the app as beautifully designed and informative, I think Edyn could really grow.
IMAGE: BABAK ZIAIE/PURDUE
APPLICATIONS The smart yard is not a 3-foot ruler with Bluetooth—it’s a gardening system that waters intelligently based on what your plants need for their exact conditions. And Edyn wants to make it possible. The Edyn gardening system’s Kickstarter campaign ends Tuesday after easily blowing by its initial goal of $100,000, but it’s already a working product—I saw it in action in a pleasant rooftop garden on a sunny but windwhipped San Francisco afternoon. Founder and soil scientist Jason Aramburu explained how Edyn’s solarpowered, Wi-Fi-equipped, sensor-packed system is designed to help anyone grow
—By Susie Ochs REAL CIO WORLD | A U G U S T 1 5 , 2 0 1 4
7
Robo Museum Guide R O B O T I C S They might not be your idea of the ideal museum guide, but two androids designed to be lifelike have landed “jobs” at a prestigious Japanese technology center.
— By Tim Hornyak 8
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
Happiness Quotient W E A R A B L E S Hate your work place because it gives you no scope for any kind of physical activity? You probably don’t work at the Happiest Minds campus in Bangalore. The IT services and consulting firm is among the first in the country to use wearable technology to ensure the physical wellness of its staffers. Today, close to half of the company’s workforce uses a wearable pedometer, produced by Bangalore-based start-up GetActive that monitors their physical activity. At a time when wearable tech is still largely restricted to the consumer world, Happiest Minds is nudging it into the enterprise. The stylish device, when worn by an employee, tracks the number of steps they take, the distance they cover, and the number of calories they burn. It also tracks how much they sleep. But unlike many wearables in the market, this pedometer allows users to see their activities on an interactive dashboard. The device can be directly connected to a laptop to analyze the data. “We conduct ‘virtual walkathons’ for employees. The dashboard is integrated with google maps, so people can see the places covered and compare their progress with the ‘buddies’ who are competing with them.” says Gaurav Saini, associate director of People Practice team at Happiest Minds. The device ensures users achieve the ideal scenario of at least 10,000-12,000 steps a day. What’s more, walking is now an act of philanthropy at Happiest Minds. Through a tie-up with a local NGO, the company’s management converts ‘steps’ into meals for under-privileged children. Every 1,000 steps covered by the employees is considered as one meal by the company management. All the more reason for walking!
—By Radhika Nallayam
VOL/9 | ISSUE/10
IMAGES BY AVIATION TO DAY
TRENDLINES
Named Kodomoroid and Otonaroid, the droids are designed as hyper-realistic androids that look like a girl and a woman, respectively. At a press event, former astronaut Mamoru Mohri, director of the National Museum of Emerging Science and Innovation (Miraikan) in Tokyo, presented Otonaroid with its official credentials. Otonaroid accepted the paper, awkwardly grasping it with its fingers coated with synthetic skin. The robot’s business card, which bears the title “science communicator,” was handed out to reporters. It chatted with attendees after Kodomoroid announced the latest earthquake news. Powered by compressed air and servomotors, the androids can be remote controlled but they cannot walk around. They can move their upper bodies, arms, fingers and heads and also show a range of facial expressions while lip-synching prerecorded speech. Kodomoroid is linked to the Internet read the latest news when the machines went on display. Otonaroid can be controlled by visitors so they can experience what it’s like to have a robot surrogate. A third droid being put on display at the Miraikan is Telenoid, a toddler-sized, remote-controlled humanoid that was first shown off in 2010 as a way to convey emotions through a machine surrogate. Lacking the realism of Kodomoroid and Otonaroid, its pale body has been compared, unfavorably, to an overgrown fetus. They’re the handiwork of a team led by Hiroshi Ishiguro, an Osaka University and Advanced Telecommunications Research Institute International (ATR) roboticist who has been creating extremely lifelike androids for years. He’s known for creating an android “clone” called Geminoid that is the spitting image of himself. A kind of “Pinocchio” moment occurred when Kodomoroid asked Ishiguro why he had created it. He responded that he wanted to create a child news announcer. “I hope these new science communicators can help increase the numbers of return visitors to the museum,” Mohri said.
Reborn from the Crap An older supercomputer from the Los Alamos National Laboratory has been cannibalized and rebuilt into a new one, thanks to a team from Carnegie Mellon University. The older system was called Cerrillos, which was once the 29th-fastest supercomputer in the world, according to the Top500 list from November 2009. Cerrillos was a smaller offshoot of Roadrunner, a more powerful machine that was once the fastest in the world, and the first to break the 1 petaflop performance barrier. Both machines were shut down in 2013. Four hundred and forty-eight blade computers from Cerrillos will be used to power Narwhal, a far smaller computer with a total of 1,792 processor cores to Cerrillos’ 14,400. The project’s leader, computer science professor Garth Gibson, said in a statement that the new machine will nevertheless be a powerful teaching aid. Narwhal will use the Roadrunner/Cerrillos technology somewhat differently, according to CMU. The original systems used large numbers of IBM Cell processors for computational heavy lifting, alongside AMD Opterons for more basic workloads. Narwhal won’t need as many specialized Cell processors, so the institution opted for additional AMD blades. CMU said that Narwhal’s main use will be as a teaching tool for students conducting research into parallel computing and infrastructure. The school will also purchase a 400-disk storage array to complement Narwhal. —By Jon Gold
A New Galaxy of CIOs Emerging technologies are having a profound effect on the role of a CIO. Among them, mobility tops the list, across verticals and company sizes.
TECHNOLOGY
Technologies That are Affecting the CIO Role
63%
48%
Mobility
Analytics
39%
Consumeriztion of IT
40% Cloud
Source: CIO Mid-year Review 2014
10
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
Computer-abled C O M P O N E N T S Thanks to a computer chip, algorithms and nearly 10 years of research, a 23-year-old quadriplegic moved his fingers and hand with the power of his own thoughts. “I never dreamed I would ever be able to do that again,” said Ian Burkhart, of Dublin, Ohio. Burkhart, who was injured in a 2010 diving accident, is the first patient to use Neurobridge, an electronic neural bypass system developed at the Ohio State University Wexner Medical Center. The system, which is aimed at spinal cord injuries, is designed to reconnect the brain directly to muscles, allowing voluntary and functional control of a paralyzed limb. The technology may one day give self-propelled movement back to patients affected by brain and spinal cord injuries. Burkhart, according to the university, is the first of five potential participants in a clinical study. He has begun a six-month clinical trial that required a three-hour surgery to implant a chip into his brain. In a laboratory at the Ohio State University Wexner Medical Center, a 23-year-old quadriplegic man moved his paralyzed hand with his own thoughts. The internally funded project, which has been in the works for nearly a decade, uses algorithms constructed to learn and decode the user’s brain activity, along with a muscle stimulation sleeve that translates neural impulses from the brain and transmits new signals to the paralyzed limb, the university reported. A chip, smaller than a pea, also needs to be implanted on the motor cortex of the patient’s brain. The chip is designed to interpret the user’s brain signals and send them to a computer, which then recodes them and sends them along to the stimulation sleeve. The sleeve then stimulates the exact muscles needed to enact a movement. The university reported that Burkhart’s thoughts are translated into movement within a tenth of a second. Burkhart said he’s hopeful that the technology will give him more control over his body and his life. The work at Ohio State is another step in efforts to use technology to help those suffering from paralysis and other debilitating illnesses. —By Sharon Gaudin
VOL/9 | ISSUE/10
IMAGE: OSUWMC.MULT IMEDIAN EWSROO M.T V
TRENDLINES
SUPERCOMPUTERS
The power behind competitiveness
Delta UPS – Ultron Family DPS Series, Three Phase 60 – 3200kVA • Innovative energy-saving technology • Leading power efficiency up to 96% • High input power factor (>0.99) and low iTHD (< 3%) • Configurable for N+X redundancy and hot-standby • Compact footprint with transformer-less design • 0.9 high output power factor
+91 9999992084 www.deltapowersolutions.com
COMMITTED TO EXCELLENCE:
NEW DELHI’S NEW DATA CENTRE By setting up a new data centre, which is also the 44th overall, Tata Communications is set to take its service capabilities to a whole new level. This new facility is sure to cement the company’s position as a leader in the ICT market.
T
ata Communications, one of India’s leading ICT service providers, recently inaugurated its 44th data centre in New Delhi. This data centre is located in the heart of the city and is an integral part of Tata Communications’ overall objective to strengthen its global data centre footprint. The launch of this data centre positions Tata Communications as a truly panIndia player in the data centre business with continued commitment to growth in this sector. The new data centre, which has an overall
SPECIAL EVENT COVERAGE
available area of 54,000 sq. ft. across two floors, has a power capacity of 4.5 MVA and assures 99.982% of power uptime. Besides, this data centre is one of its kind in that it is the only available tier-3 data centre in New Delhi and also stands on self-owned property. Other key features of this data centre include 5-level security with electric fencing, excellent multicarrier connectivity, and a number of green initiatives that ensure eco-friendliness. As a result, this new facility will be an incredible
addition to Tata Communications’ already active portfolio of data centres that have delivered over 2,500 days of service with 100 percent uptime. At the inauguration, Rangu Salgame, EVP and CEO, Growth Ventures, Tata Communications, spoke in detail about the ICT major’s roadmap to effectively cater to enterprises’ need for robust data storage, scalability, and realtime access. “We are witnessing a surge in data generation and storage needs like never before. Enterprises are contending with trends
SPECIAL EVENT COVERAGE TATA COMMUNICATIONS
such as bring your own device (BYOD), social networking, mobile, analytics and cloud, and Tata Communications is well placed to partner with them through these exciting times. Our global data centre portfolio underpinned with our unmatched network reach provides the infrastructure backbone that our customers can leverage to their advantage. This, our third data centre in Delhi, has been designed and constructed with a ‘no-compromises’ approach: right from LEED Gold certification for the building to free air cooling and scalability to 200,000 sq. ft. and 10 MW,” he said. The Mumbai-headquartered ICT giant recently achieved the distinction of being a “Leader” in international research firm Gartner’s prestigious Magic Quadrant for Global Network Service Providers. It also won Frost & Sullivan’s India ICT Award for the sixth year in a row. On that vein, Benoy CS, director, ICT Practice, Frost & Sullivan, shed more light on Tata Communications’ leadership position in the market. He said, “With an increase in the uptake of cloud services, data centre has become a critical element in every enterprises’ infrastructure strategy. The third party data centre market is poised to grow very fast as many enterprises are now strategizing to avail IT Infrastructure ‘as a service’ rather
than investing in huge captive data centres. Tata Communications has emerged as the Indian Third Party Data Centre Service Provider of the Year 2014 with its extensive product portfolio, channel strategy, and presence across the country. Its data centre solutions enable enterprises to move towards a dynamic infrastructure by leveraging best practices and technologies, thereby helping them to manage costs, improve operational performance and also quickly respond to changing business needs. It also offers tremendous scalability and dynamic responsiveness while providing an energy efficiency and resilient infrastructure.” Tata Communications further plans to invest more than $200 million (about Rs 1,220 crore) towards doubling its data centre capacity in India from 500,000 sq. ft. to 1,000,000 sq. ft. over a period of three years. The data centres it plans to set up will offer a complete array of configuration choices, including shared rack space, full cabinets and cage space colocation along with unlimited scalability in the future. Centrally managed, these data centres will provide customers with optimal performance, reduced TCO, security and effective utilization of resources.
Data about the Data Centre
Area
54,000 sq. ft. across two floors
Power
4.5 MVA
Uptime
99.982% of power uptime
Eco-Friendliness
Multiple green initiatives
Security
5 levels, with electric fencing
Connectivity
Excellent, with multiple carriers
IDG SERVICES
Monkeys Love to Gamble If you’ve ever ridden a hot streak “too long” at a blackjack table or left in a huff after the dealer hit 21 three times in a row, then you are no better at gambling than a rhesus monkey. That’s not exactly the conclusion as articulated by researchers at the University of Rochester, but rather my interpretation of their study that showed monkeys possess the same “hot hand bias” as humans when it comes to gambling. In other words, both species have trouble accepting the reality of randomness. From a university blog post: The new results suggest that the penchant to see patterns that actually don’t exist may be inherited—an evolutionary adaptation that may have provided our ancestors a selective advantage when foraging for food in the wild, according to lead author Tommy Blanchard, a doctoral candidate in brain and cognitive sciences at the University of Rochester. This inborn tendency to feel that we are on a roll or in a slump may help explain why gambling can be so alluring and why the stock market is so prone to wild swings, says coauthor Benjamin Hayden, assistant professor brain and cognitive sciences. “Luckily, monkeys love to gamble,” says Blanchard. Presumably because monkeys would make a mess of playing cards, the researchers devised games that in two instances returned patterned results that were quickly learned, but in a third produced results that were truly
TRENDLINES
POPULAR SCIENCE
random. The monkeys played all three scenarios the same way— even over time—thereby exhibiting the “hot hand bias” that has been the undoing of many a human gambler. —By Paul McNamara
Anyone Can be a Weather Reporter Anyone who’s spent much time in San Francisco quickly learns the limitations of typical weather-forecasting apps: “Today’s high 68 degrees” they’ll say, and in return you’ll scoff “Where?!” Because of the city’s hilly topography, water on three sides, and the movements of its famous fog, temperatures can vary widely depending on what part of the city you’re in. One of the easiest ways to know what the weather is like across town is to just ask someone who’s already there, but that’s kind of a low-tech approach. BloomSky, a startup based in San Francisco, wants to build a network of personal, smart weather stations that you can ask instead. The BloomSky mobile app will be free for anyone to use, but it pulls its hyperlocal weather data from a network of BloomSky weather stations—the company is currently beta-testing stations around the Bay Area, with input from a Stanford meteorologist on where to place them to cover the whole city of San Francisco.
CONSUMER ELECTRONICS
14
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
The weather station, which was successfully funded on Kickstarter, contains an HD camera that’s pointed at the sky and takes photos every three to five minutes, dawn to dusk. It’s also packed with sensors to measure the UV index, humidity, barometric pressure, temperature, and rain fall. The weather station’s outdoor module can be staked into the ground or mounted to a roof, wall, balcony, or patio, and an optional solar panel can be mounted alongside to provide power. All the data is sent up to the cloud over your home Wi-Fi network, along with the images captured by the HD camera, which can pivot up to 45 degrees so you can find a nice patch of sky to watch. BloomSky’s app will use data from those Weather Underground stations for the first year while building up its own network. You can even get push notifications when the weather is about to change at the location of your BloomSky module. —By Susie Ochs
VOL/9 | ISSUE/10
Tech to Ease Beijing’s Breathing China’s nagging pollution problems could start to abate with the help of an IBM project that seeks to predict and control the air quality in Beijing, using new computing technologies. IBM recently announced it was partnering with the Chinese capital to address the city’s ongoing air pollution woes. Populated by over 21 million people, Beijing is one of the country’s largest municipalities. But it’s also among the Chinese cities with some of the worst air quality in the nation, with pollution levels often rising to hazardous levels. Causing the smog are the millions of cars in Beijing, the surrounding factories, fossil fuel burning power plants, and the pollution coming from other neighboring cities. Despite the complexities, IBM wants to accurately map the problem with computer modeling. “You could then take a lot of actions to improve your air quality,” said Jin Dong, an IBM Research director involved in the project. IBM is hoping to design a better system tailored for Beijing that can predict air quality levels three days in advance, and even pinpoint the exact sources of the pollution down to the street level, explained Dong. IBM has 20 years of experience in weather
TRENDLINES
ENVIRONMENT
modeling, he added, but forecasting the air quality will require new computer modeling to take into account all of Beijing’s different pollution sources. Along with the city, IBM is also partnering with academics and industry players to pull pollution-related data from local air quality monitoring stations, weather satellites, and the company’s own optical sensors. The pay-off could be big. By successfully forecasting Beijing’s pollution patterns, the system could also suggest preventive measures to keep the city’s air quality from approaching hazardous levels. The government would know when to reduce production at certain factories, or where to limit car traffic, said Xiaowei Shen, director of IBM Research in China. IBM’s partnership with Beijing is just part of the US company’s larger effort, called Green Horizon, to work with China in solving its environmental and energy issues. IBM will need not just technology to solve the problems, but also participation from the entire industry. The company hopes that the Green Horizon project can attract more partners, Shen said.
— By Michael Kan
What would you do with your time if you gave up Facebook for 99 days? Stepping away from the comments, posts, likes and selfies for 99 days could give you more time to read a book, hang out with friends or go for a bike ride. A non-profit group out of The Netherlands—dubbed 99 Days of Freedom—is challenging Facebook users to step away from the social network for 99 consecutive days and then report back on how the break affected their happiness. The challenge comes in the wake of last week’s worldwide brouhaha over news that 700,000 Facebook users were surreptitiously used in a psychological study for a week in 2012. Facebook declined to comment on 99 Days of Freedom. Patrick
SOCIAL MEDIA
16
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
Moorhead, an analyst with Moor Insights & Strategy, said the effort is likely an emotional response to Facebook’s psychological experiment. “There are benefits for any user to question their time and how frequently they use Facebook,” he added. “In a way, we are addicted to Facebook. Our friends and family are on it, so we have a hard time getting away.” So far, the non-profit site reports that more than 1,160 people have agreed to take up their challenge. That’s a drop in the bucket for a social network with more than 1 billion users, but the organizers hope the number will grow exponentially as word gets out. A non-profit group from The Netherlands has launched a campaign
to get Facebook users to quit the site for 99 days. The group even walks potential users through some steps that would make taking a break even easier. For instance, the instructions show how to replace your profile picture with a time-off image and how to create a 99-day countdown clock. Participants also are asked to complete an anonymous “happiness survey” at the 33-day, 66-day and 99-day marks. The results will be posted on 99daysoffreedom.com, which will also host a message board where participants can discuss their experience.
— By Sharon Gaudin
VOL/9 | ISSUE/10
IMAGE: T HINKSTO CKP HOTOS
Challenge of the Century: Quit Facebook
T
he banking financial services and insurance (BFSI) sector is generally conservative—the reason for its initial hesitance to adopt new-age technologies such as mobility, cloud computing, and video. However, of late, the sector has begun embracing these technologies with open arms. As a solutions provider enabling close to 70 percent of organizations in the Indian BFSI market, Airtel has observed that four broad trends are defining the direction for BFSI companies today and will do so in the near future. The four trends are as follows:
Digital Crossing: The BFSI sector today is sitting on the cusp of a digital crossing, where every process—customer experience or operational efficiency— is getting ‘mobified’ or ‘digitized’. For instance, there is a massive surge in the adoption of dedicated apps and tablet banking among banks, while insurance companies are increasingly deploying mobile productivity apps to help their agents tap the humongous uninsured rural population in India. With the increasing penetration of smartphones and data services, we foresee that mobification and digitization shall touch many more BFSI institutions in the near future, enabling them to grow their business and ensure superior customer experience. Empowering the Last Mile to the Customer: Today, a lot of the banking services in remote locations are being facilitated by correspondent- or a partnerled model where these partners are a critical last mile to service end-customers. Ensuring they have access to the latest
ADVERTORIAL AND PROMOTIONAL FEATURE AIRTEL
Airtel’s core strategy involves enabling business transformational solutions on mobile devices, thereby becoming an BFSI enterprise enabler. ASHISH ARORA CMO, Airtel Enterprise and Government Business data in real-time for effective service is motivating BFSI companies to innovate and transform the means of collaboration, communication, and connectivity.
Enabling Greater Financial Inclusion: This is an agenda being driven by the government and the regulators. Today, India’s banked population is about 400 million, while unbanked population stands at about 700 million. Sixty percent of new branches in India will be opened in unbanked locations. Unfortunately, connectivity to most of these areas is impeded by geographical and infrastructure limitations. However, the good news is we have mobile connectivity touching 900 million people. As a result, mobile would emerge as a crucial route to bank the unbanked and insure the uninsured. The exponential rise in adoption of smartphones and data services comes as an icing on the cake to extend the opportunity to the BFSI companies to innovate and differentiate.
Digital Signage for a Leading Global Bank A leading global bank wanted to promote its brand, products, and offers across 1,000 branches. It wanted a solution through which a central team could broadcast multimedia messages, anytime, any branch. Digital signage was the default choice, but finding the apt signage solution wasn’t easy. It needed central view and management of displays across locations, no hassle of hardware maintenance, managing connectivity and support, and a ready to be on-air anytime experience. The bank chose Airtel’s Digital Signage solution, which enabled a cloud platform rendering any multimedia format, pan-India management and support, end-to-end implementation, central view and control. As a result, the bank now enjoys lower perceived wait time, enhanced customer experience, consistent communication, branding and dynamic promotion at each touchpoint, and faster TTM for promotional campaigns.
Datafication of BFSI: Another trend to watch out for is the increasing demand for big data and migration to the cloud across the BFSI sector due to the increasing emphasis on data, data analytics, and data security. The Telecom Throttle In such a dynamic scenario, telecom service providers stand to play a major role in enabling cutting-edge solutions for BFSI companies. We can offer solutions cutting across the communications, connectivity, collaboration, and customer experience layers. Take, for instance, a leading private sector bank that wanted to speed up its account opening process in order to increase the number of saving accounts in under-banked areas. We made this happen for them by designing an end-to-end tablet banking solution that includes tablets with 3G for last mile connectivity, apps for real-time account opening and instant document upload, real-time prompts on offers and schemes,
Benefits Enhanced customer experience
Faster time-to-market for promotional campaigns
Branding and dynamic promotion at each touch-point
ADVERTORIAL AND PROMOTIONAL FEATURE AIRTEL
Toll-free Data for ICICI Prudential Mobile data usage is expected to go through the roof in the coming years. Due to this, employees might shy away from the perceived costs of enterprise mobility. ICICI Prudential started consciously working towards freeing its employee of this burden. It had mobile-enabled its field force and advisors with tablets to login into their enterprise applications. The field force and advisors had inhibitions to access online applications through tablets due to data costs involved. Despite distributing tablets across to 3,000 field advisors, ICICI Prudential was not able to push usage beyond 20 percent. That’s when the insurance giant decided to make browsing and usage on the portal free for its field force and advisors. After evaluating all their options, ICICI Prudential chose Airtel to help them out. With a quick turnaround, Airtel provided a competent solution that could always be scaled up or down. It also provided free website access to tablet users, even while roaming and irrespective of the type of content being accessed—all this without a huge rise in costs in less than two months’ period.
and AAA authentication for data security. Our superior capabilities and expertise as a leading global telecom operator was the main reason we could offer such a robust solution that encompasses all crucial aspects of communication and connectivity.
Airtel’s Value Proposition There are several reasons to say that Airtel is the one telecom provider that’s best-suited to help BFSI companies in their journey to deliver exceptional service to customers irrespective of their location. Here are the three major factors that contribute to Airtel’s leadership in the market:
Expertise: We have a wide array of endto-end solutions tailored specially for the BFSI segment. Take, for instance, the aforementioned tablet banking solution we offered the private sector bank; it consists of a 3G-capable tablet with a private APN and MDM solution. Besides this one, there’s also a mass mobile banking (USSD self-service) solution and desktop/mobile VC over 3G for tellerless branches.
Experience: We have gone past the proof of concept stage and have live solutions for several BFSI customers. Some of the innovative solutions that Airtel has deployed include: � VC over 3G tablets for a leading private bank that wanted to offer personalized wealth management service to high networth individual (HNI) customers
Toll-free data to a leading bank to free their tablet-enabled field force and agents from the data cost burden of using office applications on the tablet � Digital signage for a leading BFSI enterprise to build brand recall at its branches Security has always been a major concern for the BFSI segment. The need for a proactive, strong security backbone would be even pronounced now, with the arrival of mobile, cloud computing, and video into the scene. Having realized this early on, Airtel, today, offers an entire suite of secure banking solutions including ATM surveillance solution, white label ATM security, DR on cloud services, DDoS detection and mitigation services, and MDM/ secure container for mobile data. This secure suite of solutions is sure to help BFSI companies deliver superior experience to the fast evolving digital customer of today, and, as a result, stay ahead of the competition curve. �
Exceptional Innovation: Airtel has been innovating consistently to meet the nextgeneration demands of the BFSI sector. In the coming few months, we plan to roll out next-generation mobile and connectivity solutions. Some of them are video call centers over websites to 3G as a last mile access for ATMs for greater financial inclusion, 3G for rural banking, etcetera. We
also plan to strengthen our security suite by enabling security for banking transactions.
Airtel’s BFSI Focus As has been mentioned already, digitization and mobification are introducing new demands with respect to how BFSI services are delivered to end-customers. In particular, millennials (those under the age of 30) have distinct preferences regarding financial services and digital technology. Airtel’s core strategy for the BFSI segment involves leveraging in-depth BFSI domain knowledge to offer cutting-edge end-toend digital solutions, thereby becoming an enterprise enabler empowering more and more BFSI organizations to embrace the digital journey.
To know more, please write to business@in.airtel.com or visit http://www.airtel.in/business
This article is brought to you by IDG Services in association with Airtel Business
COMPILED BY TEAM CIO
Best Practices
Software Status: Unlicensed
U
In terms of commercial value of unlicensed software, India stands at the third position, after US and China.
TRENDLINES
Unlicensed software is wreaking havoc in organizations world over. Worse, it’s exposing the lack of awareness in organizations when it comes to use of unlicensed software. According to BSA Global Software Survey, the commercial value of unlicensed software in India is $2,911 (about Rs 1.7 lakh). That puts the country in the third position—after US and China—in the unlicensed software market. This is a clear indication of the rising threat from unlicensed software. These threats can include data loss, unauthorized access to company information, loss of intellectual property or proprietary information. What’s intensifying the problem is a lack of awareness about unlicensed software. Even though the unlicensed software market in India is big, only 33 percent of companies have written policies in place requiring the use of properly licensed software. Globally, only 48 percent of CIOs are confident that their company’s software is properly licensed. If organizations can fix the lack of awareness about unlicensed software creeping in their organizations, then they can prevent security threats to a large extent.
1
CONDUCT employee workshops and regular software audits to help businesses of all sizes ensure they are staying compliant.
2
LEAD by example and ensure your organization uses fully licensed software for its operations.
3
CREATE policies pertaining to the proper use of software in the organization to prevent security threats.
Unlicensed Software a Menace in India Does your organization have a policy around the use of licensed software?
60%
Of the software installed on personal computers in India in 2013 were not properly licensed.
No/ Don’t Know
42%
Workers CIOs
14%
Informal Workers
32% CIOs
Written Workers
26% CIOs
51%
33%
Of companies in India have written policies in place requiring use of properly licensed software.
35% SOURCE:BSA GLOBAL SOFTWARE SURVEY
20
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
VOL/9 | ISSUE/10
Presents
CIO100 HALL OF FAME 2014
WWW.CIO100.IN
4 - 5 SEPTEMBER 2014 | JW MARRIOTT, PUNE
alert
ENTERPRISE RISK MANAGEMENT
A Mole in Your Bay T
IMAGES BY THINKSTOCKPHOTOS.IN
The typical organization loses 5 percent of its revenues to fraud by its own employees each year, with most thefts committed by trusted employees in executive management, operations, accounting, sales, customer service or purchasing, according to the Association of Certified Fraud Examiners (ACFE). This type of malicious behavior by “privileged users” who have been given broad access to the company’s computer assets has captured the attention of CIOs across the country. It’s no mystery why: Insider breaches can damage a company’s reputation, market advantage and its bottom line, stretching into billions of dollars. Despite the increased awareness and severity of the risk, a recent Ponemon survey of 693 IT professionals, commissioned by Raytheon revealed only 40 percent
of IT budgets have dedicated funding to fight insider threats. There is a reason for lack of funding. IT security budgets are largely targeted to defend against external threats, which are greater in number, but not necessarily as devastating in severity and damage to an organization. The irony of this is highlighted in the same survey: 45 percent say it’s likely that social engineers from outside the organization will target privileged users to obtain their access rights. This underscores that “insider” does not mean a person has to be physically based in an organization and that privileged users should truly be the focus when we talk about insider threats.
Who is the Privileged User?
In any company, the privileged user is an employee with authority to access more than usual company data or make changes to the company network. Companies need privileged users because they have access to source code, file systems and other assets that allow them to upgrade the systems or make other technical changes. Because they have greater access to the network and are limited by fewer controls, privileged users can access more of their companies’ intellectual property, such as corporate data or confidential product information. They often have the ability to easily get around controls that restrict other non-
FINDINGS
Security Nightmares With the deployment of advanced technologies, the discussions around security have become more important. Here are the top three areas of concern when it comes to security breaches.
Security issues CIOs are concerned about 26%
Increase in datacenter complexities
21%
Security in the cloud
13%
Mobile security requirements
78%
Of Indian CIOs stated that they would spend more on security management and planning in 2014. SOURCE: CIO Mid-year Review 2014
22
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
VOL/9 | ISSUE/10
Presents
CIO100 SPECIAL AWARDS The
BUSINESS ASSURANCE CHAMPIONS 2014
WWW.CIO100.IN
4 - 5 SEPTEMBER 2014 | JW MARRIOTT, PUNE
alert
ENTERPRISE RISK MANAGEMENT
privileged users and they sometimes abuse what should be temporary access privileges to perform tasks. An example illustrates the problem: Bob is logged in with ordinary network access privileges but receives a help desk ticket that requires him to log out and log back in as a system administrator. Once the task is performed, Bob remains logged in as the system administrator with elevated privileges, exposing the network to a much greater security vulnerability if he were to be victimized by a cyberattack. One way to tackle it is by focusing on Privileged User Monitoring and Access (PUMA), which relies on monitoring human behavior to determine the context of the behavior and people’s intent as well as automated tools such as video replay to keep an eye on privileged user activities. Monitoring human behavior is especially important with privileged users because they often have the know-how to cover their tracks, a feat that becomes much harder with video replay and other technologies that can have a deterrent effect by their presence. If privileged users know you’re monitoring their activity, they’re less likely to behave badly. At the core of the privileged user problem is this dichotomy: With greater access to a company’s computer assets comes greater security risk. The privileged user can be a company’s security enforcer but also its greatest security risk. The privileged user threat shows no signs of diminishing, in part because of economic pressures that have forced companies to try and do more with smaller staffs, leading to stressed out
employees who are likely to be more careless about their use of elevated access privileges. And in today’s environment companies have a greater responsibility to report data losses of all sizes, so data theft by privileged users on the inside attracts widespread attention with significant negative impacts on the company’s reputation and stock price. It all adds up to a realization by companies that the biggest cyberthreat to their organization may not be from an external attack. The most serious threat may be from an unknowing “privileged user” colleague right down the hall.
Mitigating the Risk Survey respondents said the two biggest challenges companies face when addressing insider threats are having enough contextual information provided by security tools (69%) and security tools that yield too many false positives (56%). Endpoint monitoring and auditing tools allow visibility and context, alleviating these challenges. Additionally, the best approach to mitigating privileged user abuse is to develop a comprehensive and layered strategy that implements best practices, involves process and technology, and most importantly, involves a better understanding of human behavior. It is a common myth among IT management staff that auditing privileged user activity is too difficult and complicated.
The truth is that privileged user auditing does not have to be a complicated technical challenge if the auditing and monitoring process is flexible, policy-based, and provides irrefutable attribution to a particular privileged user. The knowledge alone that an organization uses auditing and monitoring technology is a huge deterrent against privileged user abuse. While there are a variety of tools that address different aspects of privileged user security, there is no single technology that fully mitigates the problem. Gartner identifies solutions used for privileged account management (PAM) as a set of technologies enabling enterprises to address these specific needs: Your company needs its privileged users—perhaps the most valuable players in any organization. However, these are the very same people who can also become a super threat if not properly monitored. Organizations can protect themselves from privileged user threats by implementing best practices and implementing a flexible policy-based monitoring solution that ensures enterprise-wide visibility into privileged user activities. The key to mitigating privilege user abuse is the ability to determine context and intent, which can only be accomplished by monitoring human behavior. CIO
Michael Crouse is Director of Insider Threat Strategies at Raytheon. Send feedback to editor@ cio.in
[ONE LINER:]
Going forward, security teams are going to be more business engaged than they were in the past. —VISHAL SALVI, CISO, HDFC BANK
24
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
VOL/9 | ISSUE/10
Presents
KEYNOTE SPEAKER RON KAUFMAN Founder and Chairman, UP! Your Service and author of 15 books including the bestseller Uplifting Service
WWW.CIO100.IN
4 - 5 SEPTEMBER 2014 | JW MARRIOTT, PUNE
alert
ENTERPRISE RISK MANAGEMENT
Rise of the Digital Risk Officer
26
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
and allocations of responsibility, as well as the development of new capabilities in security and risk assessment, monitoring, analysis, and control. “DROs will influence governance, oversight and decision making related to digital business. This role will work with CEOs and managing directors in various capacities to better understand digital business risk and facilitate a balance between the needs to protect the organization and the needs to run the business.” Trying to bridge the “cultural gap” between DROs and CEOs presents a significant challenge, however. “Many executives believe technology—and technology-related risk—is a technical problem, handled by technical people, buried in IT. If this
Thief in The Trap
A
new security role called the Digital Risk Officer (DRO) is emerging in response to new cyber threats introduced by the Internet of Things (IoT), according to Gartner United States distinguished analyst Paul Proctor. He has forecast that some enterprises will have a DRO or equivalent role by 2017 to handle risks that may emerge from the IoT. “DROs will require a mix of business acumen and understanding with sufficient technical knowledge to assess and make recommendations for appropriately addressing digital business risk,” he said in a statement. According to Proctor, the scope of a DRO is “very different” to that of a chief information security officer (CISO). “The DRO will report to a senior executive role outside of IT such as the chief risk officer, chief digital officer or the chief operating officer. They will manage risk at an executive level across digital business units working directly with peers in legal, privacy, compliance, digital marketing, digital sales, and digital operations,” he said. According to Proctor, IoT and connected devices form a “superset of technology” that challenges the ability of existing cyber security structures, skills and tools to manage technology risks. “Simply expanding the portfolio of the existing IT security team to include technology risk for all Internet-aware technology is not viable,” he said. “New technology managed outside of the IT department requires skills and tools beyond the competence of the IT security team in its current responsibilities, and the teams involved in management of these technologies are culturally distinct from the IT department.” In addition, he said the development of a digital risk management capability requires deconstruction and re-engineering of enterprise structures
gap is not bridged effectively, technology and consequent business risk will hit inappropriate levels and there will be no visibility or governance process to check this risk,” he said. According to a Gartner CEO and senior executive survey conducted in April 2014, 50 per cent of the 410 CEOs, CFOs, COOs, and other executives who took part said they will have a senior digital leader role in their staff by the end of 2015. The survey was conducted in Asia Pacific, North America, Europe, Japan, Brazil, South Africa and the Middle East.
Hamish Barwick writes on security. Send feedback to editor@cio.in
Tokyo police arrested a systems engineer accused of stealing millions of customer names from the computer database of a large education firm to sell them for profit. Masaomi Matsuzaki, a 39-year-old temporary staffer, was arrested for violation of the unfair competition prevention law, a spokesman for the Metropolitan Police Department said. Matsuzaki allegedly copied personal data related to at least 7.6 million customers of Benesse, the parent company of Berlitz language schools in Japan. The information was allegedly copied at the Tokyo office of Synform, a Benesse-affiliated website development company where the engineer had been dispatched by a staffing agency. Matsuzaki may have gained access to the data because of lax access controls, according to local news reports. The data was saved on a portable recording device such as a USB memory stick, sold to a broker of name lists for millions of yen (tens of thousands of US dollars) and later used for direct mailing, according to Japanese media reports. The information, which contained names, addresses, birth dates and phone numbers, could include up to 20.7 million items, Benesse said in a statement. It had speculated the information was stolen by an outsider who had authority to access its database. The Benesse breach is one of the largest-ever data leaks in Japan, a spokesman for the Consumer Affairs Agency said. — Tim Hornyak
VOL/9 | ISSUE/10
Presents
CIO CONVERSATIONS on
THE POWER OF VISUAL ANALYTICS
WWW.CIO100.IN
4 - 5 SEPTEMBER 2014 | JW MARRIOTT, PUNE
Towards Growth,
Together
One reason for the phenomenal growth of the Indian IT industry is the collaboration between major players. To foster this spirit of togetherness and take it to the next level, Microsoft recently held an MNC IT Summit in Bangalore.
M
icrosoft India recently organized the first ever MNC IT Summit in Bangalore. The Summit brought together over 70 leaders of Indiabased IT organizations of multinational corporations (MNCs) in an endeavor to shape their collective vision for the industry and identify areas for collaboration. The attendees represent Fortune Global and Forbes 1000 companies with combined
SPECIAL EVENT COVERAGE
annual revenues in excess of $2 trillion, employing six million people globally including more than one million in India. The Global In-house Centers (GICs) of these MNCs provide a range of services to their parent companies—IT services, Business Process Management, and Engineering R&D. India’s GIC exports are expected to reach $17 billion (about Rs 1.04 lakh crore) in 2014.
The theme of the summit was “What will it take for the MNC IT Community to increase its impact ten-fold in five years?” The MNC IT leaders articulated their vision, approach, and path forward for their community. They committed to work together in enhancing India’s IT brand to attract more MNCs to set up IT centers in India, and called for sharing of best practices to help expand existing
centers and enable them move up the IT value chain by doing mission-critical work from India. The event was kicked off by Microsoft India’s chairman, Bhaskar Pramanik, who said, “The IT-GICs have been playing an important role in adoption of cutting edge technology by their organizations. At Microsoft, we are committed to strengthen the ecosystem with future-ready productivity and platform tools for the mobile-first, cloud-first world.” Further, Microsoft’s CIO Jim DuBois, spoke on the tremendous growth in the Indian IT space. “It has been amazing to watch the IT industry grow and evolve in India. Cloud is the next big trend that is driving the next wave of IT growth and transformation, not just for large enterprises but also for SMBs, governments and citizens,” he said. Taking cue from DuBois, Microsoft IT India’s MD Raj Biyani said, “By collaborating closely, the leaders of the MNC IT units can boost India’s IT ecosystem exponentially in the next five years,” he said. He also shared key insights
from the three-year journey that fundamentally transformed Microsoft’s own IT-GIC into a talent hub—a transformation that has been documented in recent case studies by the Harvard Business School and IIM-Calcutta. The Summit included keynotes, panel discussions, and focused workgroup sessions by prominent speakers from academia, business, government, and media including Adil Zainulbhai, senior advisor, McKinsey and editor of Reimagining India: Unlocking India’s Potential; Prof. Anil Gupta, IIM Ahmedabad; Dr. Raghunath Mashelkar, former chairman, CSIR; Rajesh Dalal, senior consultant – Healthcare & former MD, Johnson & Johnson; Prof. S. Sadagopan, director, IIIT Bangalore; and Som Mittal; ex-Chairman, NASSCOM. Dr. Sadagopan pointed out that Indian IT centers are being instrumental in establishing centers in other countries, including Vietnam and Argentina, while Zainulbhai emphasized the need to leverage the vast untapped potential of India’s youthful economy. In a panel discussion
titled “Innovating and Winning from India”, Dr. Mashelkar, Dalal, and Prof. Anil Gupta shared inspiring examples of successful innovations in India, what Dr. Mashelkar labeled as “affordable excellence.” Later, Mittal highlighted the contribution of the overall IT industry to India’s economy creating 3.2 million jobs and generating over $100 billion (about Rs 6.1 lakh crore) in exports. IT-GICs make a substantial contribution in this impact. He appreciated the spirit of collaboration among Indian IT organizations, stating, “There is no place elsewhere in the world where competitors collaborate so fiercely.” The Summit also saw the unveiling of Emmy Award winner Rafeeq Ellias’ documentary titled Inventing the Zero, Reaching for Infinity: The Story of India and its IT Industry which puts the spotlight on the role of MNC IT ecosystem’s symbiotic relationship with India and features perspectives of its leaders from the IT industry.
IDG SERVICES
Rob Enderle
ROBOTICS
The RobotApocalypse Robots are coming and they will eventually take many of our jobs.
G
oogle's huge entry into robotics leaves little doubt that we'll shortly be up to our armpits in robot alternatives to people. Robots will enter all aspects of our business and personal lives. Machines, vehicles, drones, cameras, sensors, you name it. We've long known that privacy is a thing of the past. Could our job prospects go the same way after the robot apocalypseâ&#x20AC;&#x201C; and how the heck should IT prepare for all of this?
Robopocalypse Will Be Painful
ILLUST RATION BY T HINKSTOCK
There's a book called Robopocalypse and a movie under development. The general consensus is that the jobs that most affected will be menial, low-paying onesâ&#x20AC;&#x201C;but this may not be the low-hanging fruit at all. I ran across a TekCarta piece by Andrew Sheehy responding to Mark Andreessen's Financial Times column on what jobs robots will eat. Andreessen paints a glowing future when people have better access to jobs and education and still drive creativity and innovation. More new jobs will be created than taken away, he says. Larry Page has similar thoughts: Folks will work less and have far more time to spend on wonderful things because they'll share jobs. (He glosses over the part where they'll also make far less money, likely falling under the threshold where their employers pay for medical coverage.) I agree with Sheehy. Andreessen's view that everything will be OK overlooks the massive pain of what will likely be an Industrial Revolution at hyper speed. Not even "creativity and innovation" jobs are safe. You should think about where your job is going, and where your 30
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
VOL/9 | ISSUE/10
Presents
CIO100 SPECIAL AWARDS The
SOURCING SHOGUNS 2014
WWW.CIO100.IN
4 - 5 SEPTEMBER 2014 | JW MARRIOTT, PUNE
Rob Enderle
ROBOTICS
kids should focus their education, so you and they don't become prematurely obsolete. It's time for a discussion about what the future will bring. It won't be world of lollipops and rainbows that Andreessen and Page will live in. The world of the rich won't apply to the rest of us. Interestingly, Google Chairman Eric Schmidt better anticipates the "jobs and robots" problem, but his solution is investing in startups, which is where we'll all work while the robots do our existing jobs. Sure, robots already do some jobs: Assembly lines, selfdriving cars, delivery drones and cleaning robots, both the consumer Roomba and larger, industrial vacuums. There's a bigger threat: Workers who basically look at numbers and draw conclusions. Robots are surprisingly good at this, too. Robots could do a range of jobs–including analysis, purchasing, consulting, and journalism–because they can look at more real-time information in less time and with better recommendations than people. This is one downside to big data analytics. Once you have the information, Watson, Siri, Cortana or any other artificial intelligence-like system can do a pretty decent job of identifying the best path. In the near term, at least, people will remain in the loop, but they'll increasingly serve as little more than quality control–and, unfortunately, won't operate fast enough to do the job properly. Sheehy also created a spreadsheet that ranks the jobs that robots are most and least likely to take from people. The top jobs at risk: Financial analyst, financial advisor, industrial buyer, administrator, chartered legal executive (compliance officer) and financial trader. Least at risk: Clinical embryologist, bar manager, diplomatic services officer, community arts worker, international aid worker, dancer, aid/development worker and osteopath. What's interesting is that jobs that focus on dealing with people are relatively safe, while jobs that focus on analyzing things aren't. Now if the people you focus on are increasingly unemployed, I have to wonder where the money's coming from to pay the salaries of the peoplefocused folks.
to be ready for the robot apocalypse–and those who aren't ready have the greatest likelihood of being displaced. Implementing those automated systems won't be without pain, either. Employees will object to being displaced in large numbers. Based on past experience, the companies most aggressive with robotics are the most likely to catastrophically screw things up. I'd like to be able to point to several companies leading the charge, but only Google seems to be aggressively investing in robots. Google's hardly friendly to IT or to jobs, and it will present more of a problem than any type of solution. Page, based on his talk, seems to think cutting incomes massively and giving people more free time will
We have between five and 15 years to be ready for the robot apocalypse—and those who aren't ready have the greatest likelihood of being displaced. be utopian, but it's more likely to cause riots and revolts. Google may be the most frightening technology vendor we have yet seen. We have time, but as the market marches on, we should be realistic about our expectations. The idea that the only jobs that will be affected by robots aren't our own is simply not supported. This change promises to encompass all parts of our personal and business life. At some point, we need to get our arms around this problem. If we start now, it's less likely to hit us in the butt when we least expect it. I'm not saying you need to run for the hills, but the robots are coming, and it's time to start thinking about what that means for you, your employees and your loved ones. Put a different way, when facing a massive global change, the folks who do the best tend to be the ones that anticipate the change. CIO
Jobs to Benefit from Robopocalypse Since so few people think about the personal impact of this automation, this is a role IT can fill. Since IT jobs are on the line as well, being a critical part of the decision matrix should provide substantial warnings about additional risk. Those who can install, train, build, integrate and operate these new automated systems will be in high demand. Depending on the job, we have between five and 15 years
32
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
Rob Enderle writes on emerging technology, security, and Linux. Send feedback on this feature to editor@cio.in
VOL/9 | ISSUE/10
Presents
CIO100 SPECIAL AWARDS The
BUSINESS TRANSFORMERS 2014
WWW.CIO100.IN
4 - 5 SEPTEMBER 2014 | JW MARRIOTT, PUNE
Brian Eastwood
WEARABLES
WastedWearables? Wearable tech devices promise to improve health, fitness, and wellness. To have that impact it must go beyond telling people things they already know.
W
hen people learn that I run marathons in addition to covering healthcare IT, it doesn't take long for them to ask, "Where's your fitness tracker?" It's a legitimate question. By all accounts, wearable tech is about to explode. Juniper Research expects 130 million devices to ship by 2018. IDC says it'll be closer to 120 million units, in part because most of the activity won't take place until 2016. Clearly, wearable tech is no gimmick. By all accounts, it's a good thing, too. Generally speaking, the more people know about their own health and wellness, as measured by a device they often forget they're wearing, the better their chances of improving their health and wellness. Over time, this means fewer trips to the doctor, lower medical bills and, if all goes well, improved quality of life.
Complementary Wearable Tech
ILLUST RATION BY T HINKSTOCK
That said, I tend to disappoint people by pointing out that I don't wear a fitness tracker. Inevitably, they ask why. Admittedly, it would make sense. Would my life be a little easier if a device automatically uploaded the time, distance, pace and per-mile breakdown of my runs to a Web service or the cloud? Wouldn't that be easier than writing the information my watch collects on a sticky note so I remember it when I plug it into dailymile? Of course. However, I already own a GPS-enabled watch. Most runners do. (I've no hard evidence, but I have to look pretty hard to find someone toeing the line at a road race who isn't wearing a watch.) Most runners also run their watches into the ground, getting a new device only when the old one finally calls it quits. 34
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
VOL/9 | ISSUE/10
Presents
CIO100 SPECIAL AWARDS The
INFORMATION MASTERMINDS 2014
WWW.CIO100.IN
4 - 5 SEPTEMBER 2014 | JW MARRIOTT, PUNE
Brian Eastwood
WEARABLES
(Hey, when you also have to spring for shoes, clothes, race registrations, protein shakes and a bright yellow bib so cars can see you in the dark, you pay attention to the bottom line.) Today's fitness trackers could complement my watch, measuring my heart rate and level of dehydration during a run as well as monitoring my sleep patterns so I do more than just "listen to my body" when I take an unplanned rest day. The operative word there, though, is complement. No fitness tracker will replace my watch outright–not unless it can display my pace, distance and elapsed time all at once, at a casual glance when there's sweat and sunscreen in my eyes, and do so for under $100 (about Rs 6,000). Suffice to say the watches that do that and track various vital signs don't do so for under $100 (about Rs 6,000), either.
like me who willingly run in the cold, the heat and the rain. Plus, wellness programs can backfire if, say, they make it a little too obvious that they target employees who need to lose weight. Health insurers are getting in on the action, too, partnering with wearable tech firms, wellness startups and other companies to provide a whole host of incentives to customers who link apps and devices to their insurance plans. Again, these (rightfully) target those who need a nudge, not people who already take the stairs and avoid the grocery store's middle aisles.
Health and Wellness Aren’t Numbers
Healthcare providers have been slow on the uptake. There's much promise in sharing patient-generated health and wellness data with physicians, but it's mostly promise. Few patients have the time, resources or know-how to collect data, and few physicians have the time, resources or know-how to sift through the data that patients collect. Emerging consumer health apps may help, but they're just as likely to confuse. Data is only as valuable as what you can do with it. A fitness tracker churning out all kinds of health, wellness and fitness data provides value only if my insurer, my doctors and (eventually) my caregiver can see that data and alter my shortand long-term care plan. As a Rock Health presentation on wearable tech points out, many of today's devices either serve a single purpose or, in the words of Proteus Chief Product Officer David O'Reilly, "go after things that are obvious." I don't need wearable tech to tell me I run a lot, sweat a lot and eat a lot. That's obvious. I need wearable tech to tell me what I don't know–and to do it without being uncomfortable, intrusive or expensive. Until that happens, I'll stick with my watch. CIO
I need wearable tech to tell me what I don't know—and to do it without being uncomfortable, intrusive, or expensive.
There's another factor at play here. Fitness trackers and apps typically target those who need motivation–a badge for hitting mileage goals, a thumbs-up for eating right, a community of like-minded people who want to improve their health and, above all, a bit of guidance along the way. There's absolutely nothing wrong with that. The Couchto-5K Running Plan and its associated mobile app, for example, have helped thousands of people successfully run their first 3.1-mile race. Few stop at one race. Many go on to discover, as I have, that running makes you a better person and introduces you to some amazing people. Such plans, and their associated apps, thrive on data. Again, there's nothing wrong with that. It's just not a universal motivator. Yes, I run for time–to hit the goal pace on my training plan, to beat my personal best on race day and, in a sense, to slow down the inexorable march of time. I log my times, I think about my times and I train to improve my times. I have other motives, though. I run to clear my head, to think and to challenge myself. Some of my proudest moments in the last few months weren't races but, rather, the days I braved the polar vortex, donning four shirts and two pairs of gloves for a 20-minute run in subzero wind chill just because I could. That can't be measured. Data is important, but it can't—and shouldn't–define who we are. So what will get me to wear a fitness tracker? Simply put, I need a reason. So far, I haven't found a compelling one. (Neither, it seems, have the one-third of Americans abandoning wearables within six months of buying them.) Some companies use fitness trackers for employee wellness, but those programs (rightfully) tend to target those who need that extra bit of motivation, not crazy people 36
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
Brian Eastwood is a senior editor for CIO.com (CIO's sister website) covering healthcare IT. Send feedback on this feature to editor@cio.in
VOL/9 | ISSUE/10
Presents
KEYNOTE SPEAKER STEVE DONAHUE Sahara Desert Adventurer, Documentary Filmmaker and author of Follow Your Compass
WWW.CIO100.IN
4 - 5 SEPTEMBER 2014 | JW MARRIOTT, PUNE
Security Vendor Promises That Don’t Deliver Beware bold promises from a multibillion-dollar industry that can’t prevent your IT systems from being routinely hacked. Here are seven promises that they can’t deliver on. By Roger A. Grimes
A Reader ROI: Why it’s important to put a price to your data Different methods to evaluate the value of data How to determine which data to safeguard
VOL/9 | ISSUE/10
All computer security vendors want us to think that signing on the dotted line and sending them a check will mean our worries are over. Rarely do they deliver. And although a little marketing hype never really hurts--we’re all used to taking it with a grain of salt--some vendors can be caught outright lying, expecting us to buy what amounts to security snake oil. If you’re a hardened IT security pro, you’ve probably had these tactics run by you over and over. It’s never only one vendor touting unbelievable claims but many. It’s like a pathology of the computer security industry, this alltoo-frequent underhanded quackery used in the hopes of duping an IT organization into buying dubious claims or overhyped wares. Following are seven computer security claims or technologies that, when mentioned in a sales pitch, should get your snake-oil radar up for false promises.
Unbreakable Software Believe it or not, vendors and developers alike have claimed their software is without vulnerability. In
Cover Story
fact, “Unbreakable” was the name of one famous vendor’s public relations campaign. The formula for this snake oil is simple: The vendor claims that its competitors are weak and don’t know how to make invulnerable code the way it does. Buy the vendor’s software and live in a world forever without exploits. The last vendor to claim this had its software exploited so badly, so quickly that it should serve as notice to every computer security organization never to make such a claim again. Amazingly, even as exploit after exploit was discovered in the vendor’s software (the vendor is best known for database software), the “Unbreakable” ad campaign continued for another year. We security professionals wondered how many CEOs might have fallen for the PR pitch, not realizing that the vendor’s support queues were full of calls demanding quick patches. To this day, dozens of exploits are found every year in that vendor’s software. Of course, this vendor isn’t alone with its illusions of invulnerability. Browser vendors used to kick Microsoft for making an overly vulnerable browser in Internet Explorer. But then they would release their invulnerable browsers, only to learn they had more uncovered public vulnerabilities than the browser they claimed was overly vulnerable. You don’t hear browser vendors bragging about making perfectly secure browsers anymore.
Security
And then there’s the infamous University of Illinois at Chicago professor who consistently lambasts software vendors for making software full of security holes. He chides and belittles them and says they should be subject to legal prosecution for making imperfect software. He even made his own software programs and challenged people to find even one security bug, backing this challenge with a reward. Not surprisingly, people found bugs. Initially he tried to claim that the first found vulnerability wasn’t an exploitable bug “within the parameters of the guarantee.” Most people disagreed. Then someone found a second bug, in another of his programs, and he paid the reward. Turns out making invulnerable software is pretty difficult. We don’t mean to negate that professor’s contributions to computer security. He’s one of the best computer security experts in the world--truly a hero to the cause. But you won’t hear him claim anymore that perfect software can be made. Remember these high-profile lessons in humility the next time you hear a vendor claim that its software is invulnerable.
1,000,000-bit Crypto Every year a vendor or coder no one has heard of claims to have made unbreakable crypto. And, with few exceptions, they fail miserably. Although it’s a claim similar to unbreakable software, technical discussion will illuminate a very different flavor of snake oil at work here.
REAL CIO WORLD | A U G U S T 1 5 , 2 0 1 4
39
Cover Story
Security
Good crypto is hard to make; even the best in the world don’t have the guts (or sanity) to claim theirs can’t be broken. In fact, you’ll be lucky to get them to concede that their encryption is anything but “nontrivial” to compromise. Trust the encryption expert who doesn’t trust himself. Anything else means trusting a snake-oil salesman trying to sell you flawed crypto. Case in point: A few years ago a vendor came on the scene claiming he had unbreakable
crypto. What made his encryption so incredible was that he used a huge key and distributed part (or parts) of the secret key in the cloud. Because the key was never in one place, it would be impossible to compromise. And the encryption algorithm and routine was secure because it was a secret, too. Most knowledgeable security pros recognize that a good cipher should always have a known encryption algorithm that stands up to public review.
Not this vendor. But the best (and most hilarious) part was the vendor’s claim that his superior cipher was backed by a million-bit key. Never mind that strong encryption today is backed by key sizes of 256-bit (symmetric) or 2,048-bit (asymmetric). This company was promising an encryption key that was orders of magnitude bigger. Cryptologists chuckled at this for two reasons. First, when you have a good encryption routine, the involved key size
can be small because no one can brute-force all the possible permutations of even relatively small encryption keys--think, more than the “number of atoms in the known universe” type of stuff. Instead, to break ciphers today, cryptologists find flaws in the cipher’s mathematics, which allow them to rule out very large parts of the populations of possible keys. In a nutshell, found cryptographic weaknesses allow attackers to develop shortcuts to faster guessing of the valid possible keys.
What’s Better: Single Vendor Security Solutions or Best-ofBreed? Indian CISOs debate the pros and cons of bestof-breed and single vendor security solutions.
Should CIOs and CISOs opt for a single-vendor security solution or go for best-of-breed? It isn’t a question that hasn’t been asked before. Yet, it’s a question that hasn’t been answered--but avoided. That could be because, in the past, Indian organizations have considered security as an after-thought. But that’s changing. Indian CIOs are taking security a lot more seriously. So much so that according to CIO India’s Mid-Year Review 2014, 74 percent of Indian CIOs say they plan to spend most of their time in security planning and management. Central to that planning is to determine which strategy to use when it comes to security solutions: Single vendor or bestof-breed? Security officers do not seem to agree on any one approach. Some are of the opinion that a single vendor approach is better while some feel that it’s not possible for one single vendor to provide all security solutions. “Best-of-breed is an ideal solution. One needs to have checks and balances, and from that perspective it is better to go for
40
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
Parag Deodhar, Chief Risk Officer, CISO, VP-Process Excellence and Program Mgmt, Bharti AXA General Insurance, says best-of-breed is ideal.
best-of-breed security solutions,” says Parag Deodhar, chief risk officer, CISO, VP-Process Excellence and Program Mgmt. at Bharti AXA General Insurance. Another challenge with expecting a complete end-to-end security solution from a single vendor is that security has many aspects, and it is difficult for one vendor to master them all, says Deodhar. “I am yet to come across a single vendor who covers all aspects of security. Right from identity management, to firewalls, to anti-virus, to SIEM, to encryption; that’s a lot of ground to cover the entire gambit. I don’t think one single vendor can do that,” says Deodhar. But that’s something Mannan Godil, CISO, Edelweiss Financial Services, doesn’t agree with. “If a vendor offers a high quality solution on one single platform, then I will go for that vendor,”
VOL/9 | ISSUE/10
Cover Story
All things being equal, a proven cipher with a smaller key size is considered more secure. So saying you have a million-bit key is akin to saying your invented cipher is so sucky it takes a million bits of obscurity (versus 384 bits) to keep the protected data secure. Five thousand bits would be overkill from any good cipher, because no one is known to be able to come close to breaking even 3,000-bit keys from a really good cipher. When you make a million-bit key, you’re absolutely saying you don’t trust your cipher
to be good at smaller key sizes. This paradox is perhaps only understood by cipher enthusiasts, and you’d slay the audience at any crypto convention by repeating this story. Second, if you were required to use a million-bit key, that means you would somehow have to communicate that huge mother from sender to receiver, making that communication at least a megabyte. Suppose you encrypted an e-mail containing a single character. The resulting encrypted blob would be 1MB.
Ashish Mishra, CISO, TESCO, says single vendor solutions are known to be more in tune with each other.
says Godil. Apart from that, single vendor solutions have other advantages that can’t be ignored. “One advantage of single vendor solutions is that they will be a complete story. Also, single vendor solutions are known to be more in tune with each other,” says Ashish Chandra Mishra, CISO, TESCO. Having said that, Mishra feels that while integration is better when it comes to single vendor products, best-of-breed solutions provide more intelligence. But, at the same time the risk is higher in multi-vendor products. And there it comes a full circle. But it’s heartening to see that Indian CISOs aren’t ducking the question anymore.
—Ishan Bhattacharya
VOL/9 | ISSUE/10
That’s pretty wasteful. A “secret” million-bit cipher being split among the cloud was enough to do that crypto in. No one took it seriously, and at least one impressive encryption expert, Bruce Schneier, publicly mocked it. The worst part was that the vendor claimed to have proof that it sold $5 million of its crypto to the military. I hope the vendor was lying; otherwise, the military purchaser has a lot of explaining to do.
100% Accurate Antivirus Software Also akin to the claim of unbreakable software is the claim from multiple vendors that their anti-malware detection is 100 percent accurate. And they almost all say this detection rate has been “verified independently in test after test.” Have you ever wondered why these buy-once-andnever-worry-again solutions don’t take over the world? It’s because they’re a lie. No anti-malware software is, or can be, 100 percent accurate. Antivirus software wasn’t 100 percent accurate when we only had a few viruses to contend with, and today’s world has tens of millions of mutating malware programs. In fact, today’s malware is pretty good at changing its form. Many malicious programs use “mutation engines” coupled with the very same good encryption mentioned above. Good encryption introduces realistic randomness, and malware uses the very same properties to hide itself. Most malware creators run their latest creations against every available anti-malware
Security
program before they begin to propagate, and then they selfupdate every day. It’s a neverending battle, and sadly the bad guys are winning. Some vendors, using general behavior-detection techniques known as heuristics and change-detecting emulation environments, have valiantly tried to up their accuracy. What they’ve discovered is that as you enter the upper ranges of detection, you run into the problem of false positives. As it turns out, programs that detect malware at extremely accurate rates are bad at not detecting legitimate programs as malicious. Show me a 100 percent accurate anti-malware program, and I’ll show you a program that flags nearly everything as malicious. Even worse, as accuracy increases, performance decreases. Some antivirus programs make their host systems so slow that they’re unusable. Users would rather knowingly compute with active malware than run antivirus software. With tens of millions of malware programs that must be checked against hundreds of thousands of files contained on a typical computer, doing a perfectly accurate comparison would simply take too long. Antimalware vendors are acutely aware of these sad paradoxes, and, in the end, they all make the decision to be less accurate. Counterintuitively, being less accurate actually helps security vendors sell more of their products. I don’t mean that lowered accuracy allows malware to propagate, thereby ensuring security vendors can sell more software. It’s that the trade-offs of extremely accurate
REAL CIO WORLD | A U G U S T 1 5 , 2 0 1 4
41
A New Style of IT,
A New Reality Yesterday’s emerging trends are today’s evidently beneficial technologies. A synergy of mobility, big data, and cloud computing can open up new areas of growth for organizations. Through HP World Tour, HP showed how Indian IT leaders can create a new style of IT to augment growth. By Aritra Sarkhel
C
IOs and IT decision maker from across industry verticals need to build a better enterprise, and critical brainstorming for furnishing ideas for the same is important. Such far reaching ideas which can change the course of the IT industry needs a platform. A platform that will help IT leaders tap into the collective energy and expertise of the Indian enterprise IT community, experience the innovation, and engage with various
SPECIAL EVENT COVERAGE
industry executives to gain strategic insight into their respective IT infrastructure. And that’s exactly what the first Indian edition of the prestigious HP CIO Forum and HP World Tour planned to achieve. The two day-long event was held in Mumbai. HP CIO Forum (day 1) was focused towards IT leaders. HP India’s managing director Neelam Dhawan opened the proceedings by elaborating on the global success of the event. Taking pride
in the fact that the hugely successful event finally made its way to India, she also pointed out that the presence of the business heads of HP’s various divisions at the event would ensure that the audience would get a glimpse of the innovation that goes into engineering HP’s products—the innovation that makes HP top different analysts’ ratings. She also spoke about the new style of IT that next-gen technologies are giving
SPECIAL EVENT COVERAGE HP
rise to and ways to counter the challenges associated with them. “Today’s enterprises demand a new foundation of infrastructure, devices, software, and services that support greater agility, increased accessibility, and lower costs,” she said. Not only that, Bruce Dahlgren, SVP and GM, Enterprise Services, HP APJ stated that 2014 is the 75th anniversary of HP and they are celebrating it with world tours across the world including India and the world tour is finally here in India to celebrate HP’s legacy of invention and innovation. Taking that thought of innovation forward, Bruce, spoke about how CIOs can demonstrate relevance and drive success in a rapidly changing business-led IT landscape by adopting a new style of IT. He said, “We live in exciting times, wherein a lot of innovation is happening around, and HP’s cutting-edge set of solutions and services is at the forefront for the enterprises.” He further pointed out the various trends that are impacting CIOs’ course towards achieving the said new style of IT. “The phenomenon of mobility, cloud and big data are going to impact the way technology is consumed and delivered and how end-users engage with technology overall,” said Dahlgren.
Taking the conversation on the new style of IT further, an esteemed set of panelists consisting of top HP executives deliberated on the current state of IT and associated barriers. IDG Media’s editor- in- chief Vijay Ramachandran moderated the discussion. The conversation encompassed a wide array of topics ranging from mobility and consumerization of IT to user experience, need for a robust enterprise application ecosystem, and collaboration. Later, the assembled IT leaders received valuable insights on thought leadership from IIM-Ahmedabad’s Prof. Anil Gupta’s speech on the importance of accepting and implementing new ideas. “Enterprises should allow free rein of ideas and never say no to new ideas. With great and unique ideas, even smaller companies can take on industry giants,” he said. HP World Tour The second leg of the program - HP World Tour was held on the next day and witnessed a grand opening with Neelam Dhawan and Bruce Dahlgren delivering the keynote sessions. This was followed up with a series of spotlight sessions cloud, big data, mobility, and security.
Aman Neil Dokania, VP & GM, HP Cloud Division, HP APJ, pointed out the importance of cloud computing and how the technology is critical to the success of enterprises of all sizes and verticals today. He also shed light on HP’s state-of-the-art Helion cloud platform and the HP Helion Network which is the largest network of cloud providers across the world. Following Dokania, Kamal Dutta, VP, IT Management Business Unit of HP Software, spoke about HP’s investment in leveraging big data for meaningful and actionable insights. While Anneliese Olson, VP & GM of HP APJ’s Personal Computing division, shared effective mobility strategies, Joseph Wong, SOC Principal Consultant, HP Enterprise Security Products Consulting, HP APJ shared security best practices with the IT decision maker present at the event and detailed ways to prevent cyber criminals from stealing mission-critical data. The other major attraction was Anil Kumble, one of the most remarkable Indian cricketers. The former captain of the Indian cricket team, who is also a coach and entrepreneur, spoke about core leadership qualities and the criticality of technology as a growth-enabler and competitive differentiator.
IDG SERVICES
Cover Story
Security
anti-malware detection are unacceptable to those shopping for security software. And if you do find yourself buying the claim of 100 percent accuracy, just don’t ask your vendor to put it in writing or ask for a refund when something slips by. They won’t back the claim.
Network Intrusion Detection IDSes (intrusion detection systems) have been around even longer than antivirus software. My first experience was with Ross Greenberg’s Flu-Shot program back in the mid-1980s. Although often described, even by the author, as an early antivirus program, it was more of a behavioraldetection/prevention program. Early versions didn’t have “signatures” with which to detect early malware; it was quickly defeated by malware. During the past two decades, more sophisticated IDSes were invented. Popular ones are in use in nearly every company in America. Commercial, professional versions can cost in the hundreds of thousands of dollars for only a few sensors. Many companies won’t put up a network without first deploying an NIDS (network-based IDS). Unfortunately, IDSes have worse accuracy and performance issues than antivirus programs. Most NIDSes work by intercepting network packets. The average computer gets hundreds of packets per second, if not more. An NIDS has to perform a comparison of known signatures against all those network packets, and if they did so, even somewhat accurately, it would slow 44
Can Your Team Really Assess the Effectiveness of a Security Solution? In-house IT teams tend to be lean--and therefore made up of generalists. That can be a challenge if they are asked to assess a security solution. How Godrej Industries’ tackles that issue. It is very important for an organization to build the internal tech competency required to assess a security solution. But that’s easier said than done; in-house talent tends to have a generalist make-up than a specialist one. Then once capability is built, it soon becomes outdated and needs constant upgrading. Risks that are known and mitigated successfully yesterday, are of little use today. Retaining talent in a V. Swaminathan, EVP-Corp. Audit and competitive environment is Assurance at Godrej Industries, believes another big challenge CISOs that the skill of a CISO lies in identifying face today. the internal risk perception. However, more mature organizations have the right strategy and policies to tackle this situation. Godrej Industries, for instance, has a two-pronged approach. Other than constantly upgrading itself with the latest technology--which is an absolute necessity--the in-house competency team works closely with the business. “Once we know what the business is planning to do today--and in the next few years--we know what kind of risks are likely to be encountered,” says V. Swaminathan, EVP-Corp. Audit and Assurance at Godrej Industries. Through this approach, his team has increased its efficiency to the point that it was well-prepared for the organization’s shift to the cloud--even before the business decided to embrace cloud computing. Collaboration with the business, he says, helped the team understand that the company was in expansion mode and would soon be going global. The team kept a watch for developments in the area of cloud computing and boned up on the risks associated with it. “When the business finally decided to move to the cloud, we were ready with the kind of security solutions we needed,” says Swaminathan. In addition, the team kept a watch through various security forums and on their industry peers who were already moving to cloud. Interactions with them helped identify the service provider who would help them assess risks and mitigate them proactively. Swaminathan believes that the skill of a CISO lies in identifying the internal risk perception and in finding solutions to mitigate them. “At Godrej, we always ask vendors to do a POC to test whether the results meet our expectations. There is no ‘one size fits all’ solution when it comes to security,” he says.
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
—Radhika Nallayam
VOL/9 | ISSUE/10
Presents
CIO CONVERSATIONS on
UNIFIED COMMUNICATIONS: COLLABORATIVE, CREATIVE, COMMERCIAL
WWW.CIO100.IN
4 - 5 SEPTEMBER 2014 | JW MARRIOTT, PUNE
Cover Story
Security
down network traffic so much that the computer’s network communications, and involved applications, would become unbearably sluggish. So what NIDSes do is compare network traffic against a few dozen or hundred signatures. I’ve never seen an NIDS with even two hundred signatures activated--paltry in comparison to the tens of millions of malware and thousands of network attack signatures they should be checking to be truly accurate. Instead, we’ve become accustomed to the fact that NIDSes can’t be configured to be meaningfully accurate, so we “fine-tune” them to be somewhat accurate against things antivirus software is less accurate at detecting.
Firewalls I spend part of my professional career telling people to make sure they use firewalls. If you don’t have one, I’ll probably write up an audit finding. But the truth is that firewalls (traditional or advanced) rarely protect us against anything. Firewalls block unauthorized traffic from vulnerable, exploitable listening services. Today, we don’t have that many vulnerable services or truly remote attacks. We do get vulnerable services, but even most of those attacks would not have been stopped by a firewall. The websites using OpenSSL already opened the ports that OpenSSL needed to function. The vulnerable version of OpenSSL was available for any knowledgeable attacker to compromise. Today, most attacks (and I mean 99.99 percent) are application-layer attacks that require user involvement to 46
succeed. Once the user is tricked into running something, the malicious program executes in the user’s computer’s memory, and the firewall can’t help. The badness scoots past the firewall on allowed ports and executes on the user’s desktop. Firewalls can help only if they prevent attacks against blocked ports. But everyone allows port 80 and 443 into their networks, and those are the two ports that most successful attacks will target. You can’t block them
of the information-security acronym CIA is availability (the other two are confidentiality and integrity). As a concept, availability makes for great sales pitches. The reality, however, is that availability is more snake oil than we might like to admit. Availability, and redundancy, drives a significant amount of hardware sales. These days, we have redundant power supplies, redundant hard drives, even redundant
so we would never have an outage again. That promise lasted two days, when we had our first crash with the resplendent redundant system. We experienced unexpected data corruption, and that corruption was dutifully copied between the first server and the backup unit. Admittedly, the failover was flawless, with the corruption cloned impeccably between systems. My upset CEO didn’t want to listen to my explanations of server system
Admittedly, the failover was flawless, with the corruption cloned impeccably between systems. My upset CEO didn’t want to listen to my explanations of server system backups and RAID levels. He just knew I’d wasted his money on false promises. because it would bring business to a halt. Don’t believe me? When is the last time you thought, “Wow, if I had just had a firewall enabled, I wouldn’t have been successfully attacked”? I’ll give you full credit if you can even remember the year. A lot of firewall vendors already know my personal feelings, and they will often tell me that the problem is only with “traditional” firewalls and that their “advanced” firewall solves the problem. Their advanced firewall is always an application proxy or filter that includes an anti-virus scanner or IDS capabilities. If advanced firewalls worked, we’d all be running them, and our hacker problems would be over.
Redundancy The oft-forgotten third word
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
motherboards and CPUs. Before redundancy became a thing, I never needed the second unit. It’s almost as if vendors give us components they know will fail. I have a computer that’s been running on the same hard drive, motherboard, and power supply for more than 20 years. Never had a problem. I don’t even clean out all the dust. But I rarely buy a $100K server or appliance with redundant everything that I don’t end up having problems with. My first fully redundant server system ended up being a hard-earned lesson about the promise of redundancy. The system included a secondary clone of everything, with the backup unit ready to pick up where the failed unit quit, without a millisecond of downtime. I convinced my CEO to spend the extra $100K
backups and RAID levels. He just knew I’d wasted his money on false promises.
Smartcards Almost every company I know that doesn’t have smartcards wants to have smartcards. Smartcards are two-factor authentication, which, as everyone knows, is better than one-factor authentication. But most companies today think that enabling smartcards in their environments will significantly reduce the risk of hacker attack--or stop all attacks outright. Or at least that’s how it’s sold to them. Every company I know that’s implemented smartcards is just as thoroughly hacked as the companies that don’t. Smartcards do give you added security, but it’s only a small amount and not in the places
VOL/9 | ISSUE/10
Presents
CIO100 SPECIAL AWARDS The
NETWORKING PIONEERS 2014
WWW.CIO100.IN
4 - 5 SEPTEMBER 2014 | JW MARRIOTT, PUNE
Cover Story
Security
India Needs a Formal Network That Shares Security Updates Nandkumar Saravade, an independent advisor on security and fraud security, says an insights-sharing platform with CISOs and government agencies can help security professionals battle security threats. Countless man-hours, enormous amounts of money, and a lot of intelligence has gone into trying to stay ahead of the bad guys. And, in many cases, it hasn’t gotten us anywhere. Here’s something that might help: A formal network that shares security updates between CISOs to help them defend their organization. Information on counterstrategies in cyber-security is important so that members can calibrate their responses. It ensures if one security fence goes down, the same trick doesn’t apply on others. “Collaboration during ongoing incidents and the sharing of learnings is another reason to build and operate such a network. These networks need to have secure infrastructure given the sensitive nature of the information being traded,” says Nandkumar Saravade, Independent Advisor on Security and Fraud (currently advising EY, ICICI Bank and Citi). He says that government agencies and organizations are an important stakeholder group which can contribute to the security information stream and benefit from it. Hence, the need to have a formal structure and optimal governance. Initiatives to share information have existed in the US and other advanced countries for many years. Saravade cites the example of the Financial Services Information Sharing and Analysis Centre (FS-ISAC) in the US, which has been in existence since 1999. “Other sector ISACs are also enjoy more than 90 percent coverage. There is a National Council of ISACs, which organizes an annual conference of member ISACs on critical infrastructure protection,” he says. In India, initiatives to create such networks have been attempted. “I was a member of the Gopalakrishna Committee (in the fraud domain) which recommended creating state level bodies which could meet from time-to-time and review fraud trends and work on countermeasures,” says Saravade. However, he laments that due to lack of sufficient ownership, the recommendation did not result in adequate resourcing and operationalization. “Creating new institutions requires an ability to understand best practices elsewhere, and an ability to innovate and persist till a level of maturity is reached. In India, we will see results when these factors combine, with the onus clearly being on the government, to make things happen,” he says. Saravade says that the primary goal of a formal network is to build a community of professionals who can share information on risk mitigation, incident response and threat intelligence. The objective is to provide members with accurate, actionable, and relevant information. “The activities could include access to a 24/7 security operations center, briefings, white papers, threat calls, webinars, and anonymous critical infrastructure reporting,” he says. — Sneha Jha
you really need it. Want to stop hackers? Improve your patch management processes and practices, and help your users refrain from installing stuff they shouldn’t. Those two solutions will work hundreds of times better than smartcards.
Compromising Situation Today’s computer security world is a crazy, paradoxical one. Computer security companies are collecting billions of dollars for customers who are still routinely hacked. Firewalls, IDSes, and antivirus programs don’t work. How do I know? Because most companies have all these security technologies in place, and are still compromised by hackers, almost at will. Even our reliable, secure encryption is mostly meaningless. Either hackers go around the crypto (by directly attacking the target in its unencrypted state on the endpoint), or the cryptography is poorly implemented (the OpenSSL Heartbleed bug is an example). As a result, we security professionals are accepting that our computer security defenses are partial at best, while our vendors tout their solutions as incredibly accurate and impenetrable. It ain’t so. We’re being sold snake oil and being told it’s sound, scientifically researched medicine. Push for real solutions. Take a look at how your environment and systems are being compromised and push for solutions that fix those real problems. CIO With inputs from Ishan Bhattacharya, Radhika Nallayam, and Sneha Jha Send feedback to editor@cio.in
48
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
VOL/9 | ISSUE/10
Presents
CIO100 SPECIAL AWARDS The
CLOUD CONQUERORS 2014
WWW.CIO100.IN
4 - 5 SEPTEMBER 2014 | JW MARRIOTT, PUNE
Someshâ&#x20AC;&#x2122;s Agenda: To leverage IT in order to serve customers better.
CXO Agenda | Operations CIO: You have held multiple portfolios at different organizations in the past. How did you manage?
SOMESH CHANDRA In the last 16 years, I have worked across a number of services-based industries such as IT/ITeS, management consulting, financial services, and healthcare. All these sectors are very complementary. For instance, in custodian banks, a trade settlement is a critical activity whereas in healthcare, pre-authorization activity is most important. But the key to success is always about tying these critical activities to business needs. At Max Bupa, whether it is technology, operations, or services, all of it rolls into owning the customer experience and serving them well. That’s our goal.
terms of responsibility. At Max Bupa, technology is a front-facing role, and my role is tied to the company’s penultimate vision of helping our customers live healthy and successful lives. The IT role is not just about ensuring that systems are up and running, and products are delivered in a timely and cost-effective manner, but it’s more about creating impact, becoming innovative in the market place, and serving customers better. Therefore, it’s a combination of organizational vision, mind-set change for the CIO, and the industry itself where technology is core to what we do, which makes it a natural and an unavoidable transition, and IT is the glue connecting these various portfolios.
CIOS CAN NO LONGER SAY THEY DON’T CARE WHETHER CUSTOMER NEEDS ARE MET OR NOT. Everybody is going to move to a customer-facing role, irrespective of departments.
How have you transitioned from an IT role to handling multiple portfolios such as customer service, operations, and quality?
This is a transition that has its own ups and downs. It requires a mind-set change: From owning the transactional outcomes, to start owning the company’s vision. This is a transition that a lot of IT leaders are seeing, where the business is asking: Being cost effective and delivering on time is okay, but what can I do to serve my customers better? This transition of moving from a technology role to a customer-facing role is hugely empowering because it covers all aspects of our customers. It’s a natural progression but an important one, and a big leap in 52
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
What are some of the IT initiatives that you have spearheaded at Max Bupa?
One-and-a-half years ago, we started our biggest transformation journey where our main objective was to help our customers to make the right decisions. We wanted to make sure that we were quick in responding to our customers. For instance, at our contact center, we wanted to make sure that every single call is heard. Therefore, we transitioned from an existing dialler network from a technology standpoint, to a platform which was more sophisticated and allowed us to transform customer facing business processes. We also invested in an underwriting system which has the most advanced auto underwriting rules engine,
VOL/9 | ISSUE/10
Presents
CIO100 SPECIAL AWARDS The
INFRASTRUCTURE EVOLUTION FUTURISTS 2014
WWW.CIO100.IN
4 - 5 SEPTEMBER 2014 | JW MARRIOTT, PUNE
CXO Agenda | Operations
Interview
AT MAX BUPA, TECHNOLOGY IS A FRONTFACING ROLE, and it’s tied
providing Max Bupa a competitive edge over other health insurance players. Currently, the system is configured with underwriting risk adjustment recommendations and it covers more than 95 percent cases in the industry. It also allows Max Bupa to rate the risk correctly leading to better pricing and savings with correct risk acceptance. We also decided that we weren’t going to use paper to do any processing in-house. This led to our investment in a rule-based workflow and document management system. The solution has been deployed for processing new business requests and renewals. Right from login of the policy to issuance, printing, and dispatch, all the activities are tracked under one system. The solution is also used in processing pre-authorizations and claims, making both the processes workflow-enabled. The document management part of the solution provides a single repository, storing all the customer documents at one place which can be accessed by any department. The solution also comes with an integrated scanning solution for high volume scanning and is platform independent (this means it can be deployed on tablets and mobile).
to the company’s penultimate vision of helping our customers live healthy lives.
How are you leveraging trends like analytics and mobility?
We have a wide range of mobile applications for our sales partners and customers. The apps help to explore our latest products, calculate premiums, and renew and maintain customers’ health profile. These apps can be downloaded from Google Play free of cost and can run on Android-enabled handsets. This is also available for BlackBerry. An example of such an app is Max Bupa’s New Premium Calculator that is not only equipped with premium calculation capabilities but also highlights the key products, features, and benefits. We are also investing in a mobile website to ease the flexibility and accessibility of product information for our consumers. Apart from that, we also built two separate versions of an in-house application, titled Nutshell, for our advisors and sales teams. The applications have been downloaded by close to 14,000 sales advisors. The applications enable advisors to calculate premiums offline, calculate BMI (body mass index) of the customer for proposal forms, retrieve product information, view hospital list on Google Maps, request for policy certificate on behalf of customers, view commission statement, and claim status. We are also using our analytics platform to run customer analytics for predicting customer behavior. It provides us with upsell and cross-sell opportunities, as well as probability of customer repeat calls and other such analytics. 54
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
What kind of IT investments did you make in order to make this transformation possible?
To be honest, we have a clear cut IT infrastructure budget of 3-5 percent, but that’s a small drop in the ocean when compared to our larger goal of attaining our company’s vision through better sales, and customer service. Many a times, IT projects are successful without any impact on customer satisfaction. But our target is to make IT investments that will enhance our customer satisfaction from x to 2x, year after year. So, is it safe to assume that the transformation of the IT landscape has transformed customer experience at Max Bupa?
The journey over the last one year has been quite interesting. It has touched our customers and we are clearer of what they are doing. It has given us the benefits, not in just numbers, but also in terms of the impact that we want to create. We are now the seventh largest health insurance player in the industry. Our customer base at 1.8 million, has doubled since last year. In terms of listening to our customers, we have been able to pick 90 percent of customer calls within 10 seconds of a call. We have been able to make sure that every single call is heard. The biggest test has come when the customer has brought the policy, and is actually going to renew it. Our renewal rates have improved and crossed the industry standard of 90 percent. Going forward, we wish to maintain a near realtime customer information with a 360 degree view cutting across systems. We also intend to provide a single ticketing system for handling all customer queries and enable a single integration point with social media platforms. So, to summarize, we have done well. We have strengthened our company’s IT infrastructure and made it so robust that our focus is now directed only towards empowering customers. Considering customer service is your focus, what’s the next step?
We measure our customer experience index every quarter in an exhaustive way, and conduct a dipstick every month.
VOL/9 | ISSUE/10
Presents
CIO100 SPECIAL AWARDS The
SECURITY SUPREMOS 2014
WWW.CIO100.IN
4 - 5 SEPTEMBER 2014 | JW MARRIOTT, PUNE
CXO Agenda | Operations Across our customer services, claims, renewals, buying journey, we measure customer satisfaction every month and priorities come out for the next quarter and year based on it. In the health insurance industry, customers interact the most with us when they want to buy a policy or file a claim. We want to become a partner to the customer in order to help them when they need to coordinate with doctors and process their insurance claims. We don’t want that to be self-service but we feel that most of our customers should be able to buy a policy seamlessly. In order to succeed in that aim, we became the first to launch an over-the-counter-issuance—where the customers walk into a branch and have the policy issued. We also have a strong tele-sales setup which allows customers to buy a policy over a phone call. But we feel that self-service portals will become a big thing when it comes to policy issuance. So is enabling self-service for your customers the next big thing on your agenda?
Our vision is to enable our employees working in IT, sales and services to provide exemplary customer services. Our mission is to be customer-centric, reach first, and be fair to our customers. As an organization, we feel that self-service portals will provide a means to help our customers help themselves. Therefore, we are enhancing and continuously upgrading our self-service portals so
that customers would have to make minimum calls to the contact centers. We are developing a CRM solution to improve customer servicing capabilities across all touchpoints—sales, renewals, and customer service. The reason is not to get a single view of the customer, but to make Max Bupa a 100 percent self-service oriented organization. So far, we have handled a total of over 50,000 self-servicing requests in the past six months. Going forward, we wish to continue improving our selfservice capabilities for customers thereby reducing the call as well as e-mail flow for customer services teams. Do you see a customer-facing role encompassing all other roles such as IT, operations, and customer service?
There are some things that will change. If you think about customers, they don’t worry about departments, but all they care about are outcomes. At Max Bupa, as a best practice, we always had one single role for all the multiple portfolios. But from an industry perspective, I see these roles becoming much thinner and merging into each other. CIOs can no longer step back saying they don’t care whether customer needs are met or not. Going forward, I believe all the roles are going to merge into a customer-facing role. CIO
Shubhra Rishi is principal correspondent. Send feedback on this interview to shubhra_rishi@idgindia.com
Where Opinions Come Alive!
WWW
V I D E O S
IN
Listen to the views that matter. Catch up with industry news. Watch real CIOs talk about the real issues. All of this in a format that's short, crisp, and snappy. Tune into CIO videos now! www.cio.in/videos
Presents
CIO100 SPECIAL AWARDS The
INNOVATION ARCHITECTS 2014
WWW.CIO100.IN
4 - 5 SEPTEMBER 2014 | JW MARRIOTT, PUNE
Going Public How Fortis Healthcare made the venturesome move to a 100 percent public cloud model. BY R A D H I K A N A L L AYA M
Case File | Fortis Healthcare
O
n New Year’s Eve in December 2013, when the rest of the world was putting on their dancing shoes, Varun Sood, CIO of Fortis Healthcare, was doing something that you wouldn’t really call a celebration. But it was nothing less than an adventure. Sood was going to shut down the company’s corporate datacenter and migrate the company’s entire IT onto a public cloud! If you thought Sood is crazy, you’re not alone. In fact, many people within his team and outside his organization thought he had gone off his rocker. Indian CIOs were ready to experiment with hybrid clouds—part private and part public—but a 100 percent public cloud model was something unheard of. According to CIO India’s Mid-Year Review 2014, only 15 percent of Indian CIOs currently use or are considering moving to public clouds. And Sood falls in that bracket. But he was unfazed. So much so that the transition to the public cloud happened in a year after he took over as Fortis’ CIO. That said, it wasn’t an easy call to make. Sood had to fight many cynics, including the one within him.
Breathing Business Fortis is one of the largest integrated healthcare delivery providers with a presence in five countries. It has 65 healthcare facilities, over 10,000 beds, 240 diagnostic centers and a staff of more than 17,000 people. That aside, Fortis had to be on the qui vive to beat competition and do well in the fiercely competitive healthcare business. And technology had a sufficiently great role in achieving that goal. Its eICU (electronic ICU), for instance, is a tele-medicine venture aimed at providing expert services to critically ill patients in remote locations. Launched in 2012, a time when telemedicine was yet to gain ground in India, the system was first-of-its-kind in the country. Sitting at the Central Command Center of a Fortis hospital, specialists provide advanced consultation and care to hundreds of people who have no access to such services.
VOL/9 | ISSUE/10
That’s not it. Use of wearable devices for neonatal monitoring is another way by which Fortis ensures high-tech patient care. IT has to support many such critical systems at Fortis, and also be able to change with the changing face of the healthcare industry in India. The company’s corporate datacenter, which was at a hosted location, wasn’t actually a problem. And maintaining status quo wasn’t going to take too much of Sood’s energy. But Sood was not someone to be content with status quo. But Sood’s ‘business DNA’—the 10 years he spent in various business functions, including M&A, business analysis and integration—craved for change. Sood and his team sat together to understand how things can be done in a better way. Also, there came a point where he had to re-invest in the infrastructure which was nearing its end of life. “Our aim was simple—to establish a scalable and cost-effective infrastructure that meets not just the current needs but also the future needs of Fortis. Also, we as a company, were about to take up a whole host of new initiatives, which meant that the load on
The economic benefits of the public cloud were significant. With the savings achieved, IT could take up other new projects that were crying for attention— without increasing budget. As a result, Fortis is able to allocate significant portion of its IT budget to innovative projects. IT would go up further. Increasing overhead was another problem we faced. We had to be on our toes just to keep the lights on and that’s not the situation I wanted my team to be in,” says Sood. Sood saw no sense in throwing more people and money at the problem. He instead decided to start with a clean slate. “We were open to all types of options—public cloud, private cloud, hosting or on-premise,” says Sood. REAL CIO WORLD | A U G U S T 1 5 , 2 0 1 4
59
Case File | Fortis Healthcare
With news of Sood scouting for cloud vendors, he quickly became the most popular CIO in town. He was approached by 19 vendors in the coming days, who opened out their long list of specs and benefits on the table. Not the one to get misled easily, Sood prepared a list of business priorities that needed to be met. Business was agnostic to the model of the cloud IT would use, says Sood. “The business wanted performance, availability, and security. From the IT point of view, we needed scalability, flexibility, and lower TCO and the public cloud met all these requirements,” he says.
Moving Out But one question lingered on: Who in their right minds would move completely to the public cloud? This was the same question that was bothering Sood’s team members. “Tech professionals typically have a hardwarecentric mindset. They don’t understand why you are telling them to stop worrying about things like adding more servers or more memory. People are used to “seeing” servers and having the latest tech and the best specs. It was this belief that needed to change,” he says. Sood badly wanted the team’s support as they were the ones who were eventually going to execute the project. He worked with them closely and kept them motivated. Once he won that support, Sood’s confidence doubled. Along with the hardware infrastructure, Sood and team moved the bulk of the core applications to the cloud. Fortunately, for Sood, most of the applications used by the company were already built for a virtual environment. That made the migration easier. But it certainly was not trouble-free. The support from OEMs and ISVs was a challenge. But the results were worth all the trouble, says Sood. But ask him about how happy the end users are, Sood quickly turns into a philosopher. “User expectation is a moving target. Their benchmarks keep moving up,” he says. Today, users don’t have to worry about the size of attachments while sending an e-mail or the delay in opening an app during busy hours. “But nobody notices when you turn on the switch and the room is lit up. But 60
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
“The business wanted performance, availability, and security. And IT needed scalability and flexibility. The public cloud met both our needs.” Varun Sood, CIO, Fortis Healthcare
people do get disappointed when it does not happen,” he says. But for the IT team, the move to the public cloud was worth all the debate and effort. Sood says his team does not really spend much time on mundane tasks like capacity planning and infrastructure monitoring anymore. They are able to focus on factors that drive business and growth. The time spent on ‘keeping the lights on’ reduced drastically. The economic benefits of the public cloud were significant. With the savings
achieved, IT could take up other new projects that were crying for attention— without increasing budget. Sood is able to allocate significant portion of his IT budget to other newer and innovative projects now. A team that once looked at the public cloud with disbelief now is in agreement that the public cloud was the way to go. CIO Radhika Nallayam is assisstant editor. Send feedback on this feature to radhika_nallayam@idgindia.com
VOL/9 | ISSUE/10
casefiles REAL PEOPLE
* REAL PROBLEMS * REAL SOLUTIONS
FROM VOICE
TO VIDEO IndusInd Bank deploys an app, which allows customers to enjoy banking services via a video chat. It’s creating a lot of customer stickiness, says the bank’s CIO.
BY SHUBHRA RISHI Banking isn’t what it used to be. Today, consumers use smartphones and social media platforms to transfer money and bank—a far cry from when you had to stand in a queue for everything. In the midst of this innovation, there’s one bank that stands out for relying on technology to do something remarkable for its customers. The Organization: It’s no secret that IndusInd Bank is one of the fastest growing midsized banks in India. The bank underwent a complete transformation in 2008 when Romesh Sobti took over as its MD. Today, it has a market capitalization of Rs 28,331 crore—a huge leap from Rs 1,337 crore six years ago. This year, the bank is betting on a video branch, which was launched in June. The video branch puts some of the bank's call centers on steroids, by allowing customers to interact with the bank over video. “Customers do not have the time to visit branches. The video branch is an effort to give the power back to customers, and offer a new service under our theme of ‘Responsive Innovation’," says Sanjay Jaiswal, CIO, IndusInd Bank. Customerss can now schedule video calls with their branch managers or relationship managers. The Solution: Customers who want to interact with the bank using video have to download the video app, called Video Branch—available on Google Play and Apple App Store on their smart devices—or from the website on their laptops or desktops. Customers are authenticated with one time password (OTP) sent over registered mobile numbers to initiate any interaction with the video branch. Photographs
62
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
VOL/9 | ISSUE/10
are matched to ensure a second-level of authentication, and finally, all transactions occur in encrypted mode and every interaction is recorded for audit and future reference. Once customers are authenticated, their call is routed to a video branch executive based on the language preference they select (there’s an option of two languages). Then customers can avail of IndusInd’s many phone banking services via video chat with a contact center executive. The video app also allows customers and agents to share their screens. If, for example, a customer is not sure an agent has understood her, she can request for a screen share, so that she can view the agent’s screen and vice versa. “We utilized the best agents from our voice contact centers; they understand basic processes, systems, as well as all our banking products. We provided them with etiquette and behavioral training, how to conduct video chats,” says Jaiswal. It’s the sort of innovation many other banks would like to have gotten to first, except they aren’t all set up to ensure that innovation is a process—like it is at IndusInd. The company maintains an idea pool; top management monitors and approves ideas it believes are the most viable innovations. The video branch app was the brainchild of the solution delivery group with assistance of the in-house IT team, solution providers, and partners. The Benefits: Digitization, in general, has been tremendously successful for IndusInd Bank. Of all the customer accounts it opens a year, between 60 and 70 percent are activated on the electronic channel. The bank has over 2.5 lakh account holders accessing digital channels, including net banking and mobile banking users. “We target digitally-engaged customers who have businesses or holdings online
VOL/9 | ISSUE/10
“We are seeing a lot of customer stickiness with the video app service,” says Sanjay Jaiswal, CIO, IndusInd Bank.
at the rate of 3x to 5x times more than customers who aren’t online. We are a technology-backed, customer-centric bank that wants our customers to treat us as a primary institution with a presence online and on mobile,” says Jaiswal. Within one-and-a-half months of the app's launch, IndusInd Bank recorded downloads from across APAC, Europe, the Middle East and Asia; more than 550 app
installations for its iOS version, and 1,200 installations for its Android app. “We have also received over 3,000 calls to find out more about the new service,” says Jaiswal. “We are seeing a lot of customer stickiness with the video app service and we will continue to give them a multichannel experience,” says Jaiswal. CIO Send feedback to shubhra_rishi@idgindia.com
REAL CIO WORLD | A U G U S T 1 5 , 2 0 1 4
63
CIO Career
9
Signs You Should Jump Ship
By Bob Violino
Poor teamwork, little experimentation, no clear career path—your employer may be sending unmistakable signals of career stagnation. Don’t miss them.
CIO Career
I
f leading job indicators are to be believed, many tech workers are enjoying high demand for their services these days, making this the prime time to assess whether your current employer is a good fit for your career goals. “CIOs have had it relatively easy for the last few years as their staff members hunkered down to keep their jobs, let alone look for a new one and run the risk of ending up in a less desirable situation,” says Nicholas Colisto, senior vice president and CIO at Xylem, a water technology provider. “With the job market returning, [IT] staff will likely get more aggressive with their job search.” Here are some leading indicators that your IT career growth might be of little interest in your current employment and that staying where you are could mean further spinning your wheels at a time when your technology skills are in great demand.
1 New Ideas Meet Red Lights
Earning a stable income to endure ongoing tedium isn’t everyone’s ultimate goal for a career in IT. Unfortunately, that’s all some employers have to offer—even if it didn’t seem that way when you took the job years ago. Stagnation can mean career death in a competitive field, and if your company isn’t offering unique, forward-looking projects, it might be time to hit the road. “The speed of change that businesses are seeing today means that our IT organization needs to be more flexible, more adaptable, and we challenge the status quo more than ever,” says Philip Garland, CIO at consulting firm PwC. “Disruptive innovation is the name of the game for our IT professionals.” The surest sign that your employer isn’t facing this reality? A pervasive fear of failure can be felt throughout IT. “We facilitate an environment that is conducive to innovation, and our IT professionals know that it’s okay to fail
VOL/9 | ISSUE/10
5
IT CAREER MISSTEPS YOU SHOULD AVOID
1. DON’T STOP NETWORKING Networking can be a crucial part of any job search, but don’t quit once you’re hired, Chris Duchesne, vice president of global workplace solutions at Care.com says. Continuing to build strong business connections, and taking care of the relationships you already have, is critical for future success, he says. And don’t neglect networking and relationship-building within your own organization, he adds. Networking within your organization can help you gain visibility and contribute to your reputation as a team player. 2. DRIVE YOUR OWN DESTINY Duchesne says it’s important to take control of your own career path and avoid getting complacent. Too many people depend on their manager or boss to set the tone and the direction for their career path. He advises being proactive when asking for assignments and responsibilities. 3. CREATE A FIVE-YEAR PLAN To that end, Duchesne says, create and maintain a five-year plan. When you started out in your career, it’s likely you had a five-year plan, he says. You should make sure to keep that plan fresh; constantly updating and refreshing that plan and reviewing goals and achievements can help make sure you’re on track. 4. KEEP SOCIAL MEDIA PROFILES PROFESSIONAL “People do extensive research on these sites before they hire you,” Duchesne says. “Because of the technology, the personal and professional spheres are more integrated than ever, and it’s safest to assume that your social media persona is not separate from your professional persona,” he says. To avoid potentially career-ending mistakes, he says, you should know what your organization’s social media policies are and follow those to the letter. 5. KEEP YOUR IT SKILLS SHARP Finally, no matter what industry you work in, it’s important to keep building on and adding to your skill sets, he says. “It’s not enough to graduate from college and call it a day. Education is an ongoing process and it’s important to stay sharp and keep up with the latest industry trends if you want to be a key player at your company,” Duchesne says. — Sharon Florentine
when they’re coming up with new and innovative ideas,” Garland says. If your company puts the brakes on new ideas because failure isn’t an option, it might
be time to polish up that résumé. Otherwise, your career may take a hit when itz comes time to find a job at a company that thrives on innovation. REAL CIO WORLD | A U G U S T 1 5 , 2 0 1 4
65
CIO Career
2
Respect and Recognition are Afterthoughts
Competitive pressures should not translate into poor treatment of staffers and co-workers, but all too often, dignity and respect take a back seat when the going gets tough. When contention impedes results, a change of scenery may be the right call. “Passionate arguments are required [in IT], but insults or anger never brought a system from an idea to the production environment,” says Bill Thirsk, vice president of IT and CIO at Marist College. Respect means more than just the occasional pat on the back. Employers intent on retaining tech talent offer formal or informal rewards systems to recognize extraordinary efforts or achievements. Marist’s Thirsk, for example, encourages staffers to take risks and apply for awards. “It could earn them a really nice trip [that] we will sponsor, a Starbucks gift card, or an endof-year cash bonus,” he says. If your company doesn’t do the same, it may be a sign that it doesn’t adequately respect good work.
Clear Career Path— 3 NoBeyond Management
Management isn’t for everyone, but far too few employers offer career opportunities beyond managerial ones. For many IT pros, this means alienation from their one true love: Working with tech. If your employer offers no clear career path for your niche, chances are it does not recognize—let alone value—the variety of career interests that a healthy IT organization should support. Managers have to recognize that not everybody in IT is the same, says Greg Meyers, vice president-global IT, Biogen Idec, a biotechnology company. There are different types of IT professionals, he says, and each wants to be offered viable career paths. Some people might like to run projects that deliver basic services to the organization, while others are happiest when they’re continually experimenting with new technologies or testing new theories. Still others might want to dedicate themselves to security or governance efforts. 68
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
“We need to first be clear on which type they are, and then make sure we’ve created career paths for them,” Meyers says. “There is room in IT departments for all of these types. I think where [organizations] often fail is they don’t recognize that different groups of people need different things to give them a sense of hope” at work. It’s up to the supervisors within individual areas of IT to make sure that employees are receiving the appropriate career development and coaching they need. Is your supervisor showing a genuine interest in what you want to do over the long haul, or is it a day-to-day grind with no consideration for where you’re headed?
are Not Sought from 4 Leaders the Tech Ranks
Working on an IT project from concept to completion and seeing the impact the effort has on the business can be hugely satisfying.
IT
If your company isn’t creating opportunities for IT pros to have input throughout the lifecycle of IT projects, let alone lead them, then it might be worth looking for a new employer that does. As PwC’s clients demand edgier, faster, and more innovative offerings, the firm has created roles in its IT organization that are focused on strategy for each of its business lines, Garland says. “To provide the highest level of client experience and meet the everexpanding demand for new solutions, we’ve created roles responsible for owning IT products through the entire lifecycle,” he says. This fits with the firm’s IT strategy of appointing leaders to conceptualize business strategy first then develop technology tools next. “We are in the strategy game now, not just the technology game,” Garland says. “In addition to being cutting-edge technology specialists, our IT professionals are proactive business leaders
STRESSED STAFF CALL ‘IT’ QUITS
Research conducted by Opinion Matters has revealed that 68 percent of IT staff are actively considering leaving their job due to job-related stress. The survey gauged respondents’ stress levels at work and revealed their opinions on their main stressors, as well as how their stress level compares to that of friends and family, and how it affects their personal and professional lives. The survey found that 67 percent consider their job stressful-just one percent lower than in 2013, when similar research was carried out. Over a third (36 percent) have missed social functions due to overrunning issues at work, and a further 36 percent reported missing time with their families due to work demands on their personal time. In addition, 28 percent of IT staff regularly lose sleep over work pressures, and 19 percent have suffered stress-related illness—up on 2013—while a further 15 percent complain of feeling in poor physical condition due to work demands. And 17 percent of respondents have seen a relationship fail or be severely damaged due to their job. One quarter (24 percent) feel they are the most stressed person in their social or family group. Management was clearly singled out as the biggest contributing factor to workplace stress, with half the respondents citing management as the biggest source of stress for them. — Antony Savvas
VOL/9 | ISSUE/10
CIO Career across all of our service lines.” And nothing says dead end like a lack of leadership opportunities.
5Train on Your Own Time or Dime
Let’s say you want to learn a new programming language or develop some business management skills, but the only way to do this is by paying for classes yourself and taking them on the weekend or at night. You might just be training yourself for a new job at a new employer. Companies that are invested in their employees are willing to pick up the tab to train them. They also offer career development initiatives, such as formal or informal mentorship programs, says Melisa Bockrath, vice president of the IT Americas product group at Kelly Services, a staffing services firm. Some even allow employees to rotate through various projects, exposing them to new technologies as well as different parts of the business, Bockrath says. So if attending an offsite workshop or an industry conference is a stretch for your current employer, it’s probably time to expand your horizons elsewhere.
for IT is Cloudy or 6 Vision Conflicted
Working in an environment where strategic goals for IT department are vague or contradictory is a recipe for frustration. Worse, it can indicate that management is conflicted over the long-term role and value of IT. “People value workplaces where they feel that they have a meaningful purpose, both as a group and as individuals,” says Mike O’Dell, senior vice president and CIO at retailer Raley’s Family of Fine Stores. “The painstaking and usually slow process of building leadership, creating a mission, and developing a culture of excellence” is how successful companies foster this sense of purpose. If your company hasn’t put in this work, or is showing signs of backing away from it, it may be because IT is viewed as back-office commodity work, ripe for costcutting measures. Or it may be simply a matter of weak management within IT. “We’ve all heard
VOL/9 | ISSUE/10
Competitive pressures should not translate into poor treatment of staffers and coworkers, but dignity and respect take a back seat when the going gets tough. for years that employees don’t leave organizations—they leave because of direct management,” Kelly Services’ Bockrath says. Superiors who lack leadership skills or are ineffective at communicating the value IT can derail the career goals of those who report to them. Don’t miss the signals.
7 Teamwork: A Thing of the Past
Poor teamwork often leads to failed projects. The problem is that while the project is in motion, it’s not always easy to spot poor teamwork in action. One sure sign is a top-down disinterest in your work. Encouraging excellent communication should begin with managers, says Michael Wright, vice president and IT director, HomeTown Bank. “Nothing discourages employees more, in my opinion, than an unanswered email or phone call.” And in this age of mobile devices and online collaboration tools, there’s no excuse for people not to stay in touch. “I’m interested in fostering feelings of value and worth among the team members. That’s a critical piece to me personally, being responsive, even if it’s a ‘no’ or ‘not now,’” Wright says. If you find yourself working in a
vacuum or battling others for attention and recognition, teamwork may have already eroded behind repair.
Trends Met With 8 Tech Skepticism
IT trends are always emerging, and not every company can benefit by jumping on each new wave. Social networking, gamification, big data—valuable IT resources can be wasted following the flavor of the month. But if your company steers clear of every new trend in favor of keeping the lights running, consider it a red flag worth paying attention to. Organizations interested in the career growth of their IT employees allow IT staffers to spend a higher percentage of their time on forward-looking projects rather than on operations, says Mark Farrow, vice president and CIO at healthcare provider Hamilton Health Sciences.
9 Little Outlet to Experiment
Along the same lines as staying up on and embracing some of the latest trends, organizations that do not encourage IT pros to experiment with new tech tools are doing their employees a career disservice. Farrow says he tries to get IT staffers “the latest technology to be able to play with, so that they can learn. But also [to] help them think about where it could take us, while giving them access to new things to learn; we do this in a focused manner, as we cannot get tech for the sake of tech, but it is a way to harness the interest and advance the learning.” People that venture into IT careers typically enjoy working with the latest technology, Xylem’s Colisto says. “So if you work for a company that doesn’t enjoy the risk associated with using bleeding-edge technology for its finance systems, you can at least allow your staff to dabble in the latest and greatest trends in safer areas.” And if you find yourself unable to scratch that itch with new tech, tedium and stagnation may be just a few steps away. Don’t let it kill your career. CIO
Send feedback to editor@cio.in
REAL CIO WORLD | A U G U S T 1 5 , 2 0 1 4
69
ENABLING A NEW STYLE OF
BUSINESS-READY IT
Disruptive technologies like in-memory databases will change how enterprises plan and consume IT. In a series of roundtable discussions, leading CIO’s discussed ways to minimize the impact of the disruption and make the transition smoother. By Aritra Sarkhel
I
n the dynamic IT scenario prevailing in enterprises today, CIOs irrespective of industries are grappling with new challenges when it comes to fulfilling business needs. For instance, the number of projects that IT handles has increased exponentially compared to the amount of time and resources available to deliver them. Needless to say, the onus is on CIOs to ensure that IT matches the speed at which business is changing. To derive insights on the challenges presented by the new age of business-ready IT and ways to overcome them, HP and Intel in association with CIO magazine recently conducted roundtable discussions
among leading CIOs in Mumbai and Gurgaon. The discussion also revolved around how organizations can keep themselves abreast of disruptive technologies such as in-memory computing and other innovations.
Technologies such as in-memory computing provide a common platform designed for faster big data analytics, a more scalable data warehouse, and the ability to migrate business applications to one underlying database. An optimized
“The advancement in hardware technology has led to process optimization and automation in the last one decade, resulting in the creation of a lot of data. Making sense of this data quickly will accelerate revenue generation.” —Maneesh Sharma, Head, Solutions & Business Development, SAP India
EVENT REPORT HP data management architecture should be deployed without disruption to unlock operational efficiencies and turn large amounts of data into real-time, actionable business insights. According to Maneesh Sharma, head, Solutions & Business Development, SAP India, business benefit is the primary driver in the entire process. “The advancement in hardware technology has led to process optimization and automation in the last one decade, resulting in the creation of a lot of data. Making sense of this data quickly will accelerate revenue generation,” he said. In the same vein, Sudip Mazumder, divisional CIO and GM-Business Transformation, KEC International, said, “Big data is the new big kid on the block, but these are still early stages. Especially for B2B and B2C sectors, there are two definite areas to look into: One is the end-consumer side and other one is the internal machine side where we can use big data effectively.” Manoj Shrivastava, director-IT, MTS India, had a similar perspective to share. He pointed out that in today’s IT scenario, customer CIOs are talking more about actionable analytics. “The concept of actionable analytics is being embedded into business processes and is no more a post facto analysis. The way the industry has been moving, analytics and in-memory computing are not just standalone technologies but are now embedded into processes. It is part of business functions. That is the thought process that business users are coming back with.” Mukesh Kumar, CIO, TGP Wholesale, spoke about the imminent inevitability of including in-memory computing into
“HP has designed servers tailored for specific workloads to deliver optimum performance. These servers share management, power, cooling, networking, and storage, enabling a faster innovation cycle.” —Vikram K, Director, HP Servers
the IT infrastructure. The main reason, according to him, was that business users today want to take decisions faster. “No one wants to do those long-architected technology projects because business wants to start and see immediate ROI
and benefits. They want to just close on the enablement curve as well. People are doing analytics to impact revenue generation or margin generation. Sometime in the future, everyone would go for in-memory databases because of the performance they deliver.” On the other hand, family owned Avon cycles wanted to buckle up for the huge growth in the near future. “We wanted to analyze the huge amounts of data to gather momentum in critical areas of business like sales and procurement which would eventually assist in real time monitoring,” says Kuljeet Sethi, CIO, Avon Cycles. Such pressing needs made Sethi and team migrate to HP as-a-service solution for SAP HANA which saw a momentous increase up to 45% in terms greater execution of business functions and got an 80% reduction in back up requirements. Similarly, cloud, mobility, security, and big data are transforming what business expects from IT, giving rise to a “new style of IT” which is largely dependent on hardware. According to Vikram K, Director, HP Servers, what’s required today is a huge leap forward in infrastructure design that addresses the speed, scale, and specialization that enterprises demand. “Towards this end, HP has designed servers tailored for specific workloads to deliver optimum performance. These low power servers share management, power, cooling, networking, and storage, enabling a faster innovation cycle,” he said. “With nearly 10 billion devices connected to the Internet and predictions for exponential growth, we’ve reached a point where the space, power, and cost demands of traditional technology are no longer sustainable. These servers mark the beginning of a new style of IT that will change the infrastructure economics and lay the foundation for the next 20 billion devices,” he added.
This event report is brought to you by IDG Services in association with HP and Intel
Security
DESIGN DECODE DECIDE
By Nancy Gohring
Itâ&#x20AC;&#x2122;s not just about collecting mounds of data anymore, but analyzing it to make smart decisions.
72
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
VOL/9 | ISSUE/10
Analytics
T
elegant solutions—or if they have, they’ve had to do a The market for connected devices like fitness lot of custom wrangling to get it right. wearables, smart watches and smart glasses, not to mention remote sensing devices that track the health of equipment, is expected to soar in the coming years. Putting the Pieces Together By 2020, Gartner expects, 26 billion units will make “We see countless companies that are past the part up the Internet of Things, and that excludes PCs, of experimentation and deploying sensors and tablets and smartphones. collecting data” but that don’t have a fully integrated With so many sensors collecting data about solution, IDC’s Turner says. “It’s the complexity of equipment status, environmental conditions, and the implementation.” human activities, companies are growing rich with Businesses need infrastructure on the back end information. The question becomes: What to do with it that enables the combination of data from various all? How to process it most effectively and use it in the sources as well as the analytics power to make sense smartest way possible? of it all. Then they need dashboards or visualizations Businesses are learning that it’s not enough to gather that let line of business people understand the mounds of data. The data on its own is only marginally meaning of the data so they can make smart decisions interesting. “Where we are today is static,” says Vernon based on it, he says. Turner, an IDC analyst. Daikin Applied is one company that, with the help Some current examples in the consumer world of partners, has put together a sophisticated set of exemplify this. A fitness wearable, for instance, might hardware and software that collects and analyzes 4,000 tell users how many steps they’ve walked in a day. But different data points about its commercial heating and the device could be much more valuable if it were linked air conditioning rooftop units. The system, designed to other health data. In that case, an app could tell the with Intel, syncs with weather forecasts to allow user that lack of activity might explain higher blood building owners to adjust for changing temperatures pressure results. Or, the device could learn that the user in advance and lets Daikin know when changes in tends to walk less on weekends and send a reminder energy use by individual components indicate a failure during a gap on her calendar to get some exercise. is imminent so that the company can dispatch a repair A SunPower employee points to app that allows technician beforehand. homeowners with integrated solar panel roofs to In the future, the system also will let Daikin feed track their home’s daily, weekly and monthly power important data to local utilities that might be able to production and consumption. use it to reduce the power output to any given piece of It’s a similar situation for businesses that are gear. Talks with utilities are in preliminary stages right collecting detailed information about products in the now, says Kevin Facinelli, executive vice president of field and trying to marry it with data from other sources operations at Daikin Applied. (Daikin Applied is part so that they can make smart business decisions. of Daikin Industries, the largest HVAC manufacturer Traditionally, businesses have used tools like in the world.) business intelligence software to look at data about “Instead of just passing all the data through to the the company’s internal activities, he says. But adding cloud, we have an SoC so we can do pre-possessing,” other information including public data about the Facinelli explains. That means the gateway, which environment or local events, for instance, as well as will be built into all future Daikin rooftop systems, data produced by sensors that other companies have sends only important data, like a change in status of in the field, can add much more value, a component, rather than sending he says. along an endless stream of “I’m Reader ROI: It turns out, though, that combining normal” signals, he says. Doing How data can be used that data is often tough because it some processing on site reduces smartly typically comes in different forms. the volume of data that needs to be What you need to collect and For now, while many companies are transmitted—Daikin primarily uses analyze data moving in the right direction, not cellular connectivity—and also helps The importance of predictive many have built fully integrated, to reduce the data warehousing load analytics
VOL/9 | ISSUE/10
REAL CIO WORLD | A U G U S T 1 5 , 2 0 1 4
73
Analytics
on the back end. Daikin also uses a power meter that monitors the supply coming into the unit. Via the gateway, it sends data about the power signal to an Intel cloud, where it’s analyzed to determine the power usage of each component inside the HVAC system, like fans and refrigerant compressors. Without the back-end analytics, Daikin would have to install meters on each component, an implementation that would be prohibitively expensive, Facinelli says. Daikin’s commercial Rebel cooling or heat pumps allow property owners to track
energy consumption. Once the component energy use data is available, it’s sent to Daikin’s cloud, where Daikin uses it for fault detection and diagnoses and to predict if the equipment needs maintenance. Many businesses have been collecting data about equipment in the field for years. But what’s new now is that they can collect enough data, and the right kind of data, to do predictive analytics. At Daikin, the data about individual component use of energy is very valuable. “Over time if you see energy increasing for a motor, it can be a good indication
that the motor is starting to fail,” Facinelli says. Technicians have enough advance warning, probably a month, before the failure happens so they can service the unit before problems start. The energy use data also means Daikin can change filters only when needed, rather than on a regular schedule. That’s because components like the fan have to work harder, pulling more energy, when pollen and other material clog the filter. “Instead of changing the filter every week or every month, we do it when it needs it, based on performance,” he says.
Adidas is Smart With Sensors Adidas, sports apparel and equipment company has been building sensors into products in ways aimed at making both users and the company smarter. Adidas turns smart with the use of sensors into its products. Its new soccer ball, which Adidas calls the miCoach Smart Ball and is full of sensors that communicate with a user’s iPhone, shows information like the ball’s trajectory and how fast it was traveling when kicked. It also offers coaching about how to better curve the ball, for instance. Expected to become commercially available this summer, the ball also sends some data back to Adidas so the company knows if a user is improving his shots or putting more spin on the ball based on the coaching he’s getting from the app, says Chris Murphy, director of brand communications and digital marketing at Adidas. “We can see how consumers are using it, how frequently and if they are truly improving,” he says. That means Adidas could recommend products to an individual user based on her results. For instance, it could send a message to the user congratulating her on her improvements putting spin on the ball
74
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
and recommending a new Adidas shoe with a special design that could improve her shot even more, Murphy says. Similarly, Adidas currently offers a device that runners can attach to their shoes to monitor their performance. In addition to offering value to users, the data allows Adidas to market relevant products to them, he says. Adidas has also been selling smart apparel to professional sports teams, and last year all Major League Soccer teams began using them. Athletes wear shirts that have electrodes and sensors woven into the fabric. The shirts transmit more than 200 data records per second and a coach on the sidelines can use an iPad to monitor individual players, compare two players or view the whole team. Coaches can also view players’ heart rate, speed, acceleration, distance and field position. “We’re seeing real adoption at the professional level,” Murphy says of Adidas products aimed at top-tier athletes. In fact, he says, some teams are hiring new staff members to focus on how to best use the data from its smart products in ways that can help the teams train smarter. — Nancy Gohring
VOL/9 | ISSUE/10
Analytics
Daikin and its partners have been working on its system, including the gateway and the power meter, for about a year and have six installed systems as a field trial. The technology will be built into all units going forward and can be retrofitted into units built since 2008. A number of technologies had to be available for the companies to build this system. Mobile, cloud, analytics and a good user experience were all necessary, Facinelli says. “It isn’t about a lot of data but about contextualizing it for the user,” he says.
Businesses need infrastructure on the back-end that enables the combination of data from various sources as well as the analytics power to make sense of it all.
Building a Crystal Ball NCR, which similarly collects information about the status of many of its products, including ATMs, self-checkout machines at grocery stores and movie theater ticket kiosks, is also using predictive analytics to get ahead of problems, says Mark Vigoroso, vice president-global services strategy and program management, NCR. The predictions indicate that a failure is likely to happen—usually with a few days notice—giving technicians time to get to the site with the right diagnostic and repair equipment before a failure happens, he says. NCR has been doing this kind of prediction for several years, but Vigoroso says previously “It was a smaller operation with less precision, less accuracy and less coverage.” That said, it is still the “early days of capturing the value of predictive services. Our effectiveness depends on how broad our predictive logic coverage is.” NCR has done some pilot programs where it marries data collected from its machines with other sources of data to draw different types of conclusions. For example, it has combined weather data with equipment performance data to look for patterns that might indicate that heat, humidity or cold are impacting equipment performance, Vigoroso says. It has also started using cash management data, which it already supplies to customers of its ATMs, in new ways. NCR has long notified banks about nearby events like a major 76
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
sporting game so that the bank can ensure an ATM will have enough cash to support users. That same data, it turns out, is now helpful to NCR internally, because the company can use it to make predictions that help with machine maintenance. NCR knows how many card swipes the hardware can take before it begins to fail or how many receipts a printer will handle before it will have problems. Being able to factor in heavy usage related to events in advance allows NCR to more accurately predict when a component should be serviced—before it fails. “That’s the part we’re excited about. The new technologies that allow us to look across multiple data sets that allows us to crunch those numbers that we weren’t able to do previously,” Vigoroso says. NCR is using a software which lets users create SQL-like queries to do complex analysis in a simple way, says Brian Valeyko, senior director of enterprise data warehouse and business intelligence for NCR. Analysts can make queries in an isolated environment without having to fear any negative effects on production apps, he says. The setup allows NCR to build new queries much quicker than it used to. In the past, it might take three to six months to build a new algorithm to do predictive analysis about a given component, Valeyko says. Plus, depending on the size of the data set, those algorithms might take days or
weeks to produce results. With its current implementation, Valeyko figures the company can now run through that process in 20% of the time it used to. That allows it to tackle new types of analysis, by correlating data, for example. Valeyko describes a scenario where NCR can now look at data about a printer component that’s used in many different products. Rather than just knowing that the printer is having problems in all the products, analysts can discover, for instance, that it’s actually only failing in products where it’s combined with a certain kind of power supply. For now, companies like Daikin and NCR have pieced together their sensor-analysis systems, using some off-the-shelf products plus plenty of their own development. Will it get easier? “Absolutely,” says Avalon Consulting’s Cagle. Once more work is done on easing the pain around unifying different kinds of data, putting together systems like what Daikin and NCR have won’t be quite so challenging, he says. CIO
Send feedback to editor@cio.in
VOL/9 | ISSUE/10
ESSENTIAL
technology IMAGE BY MASTERFILE.COM
NETWORKING
Today's hardware and software applications’poor performance is hugely impacting cloud-based environments. Here’s how the challenges can be addressed.
VOL/9 | ISSUE/10
SDN to the Rescue BY DR. HOSSEIN ESLAMBOLCHI
NETWORKING | As an industry, we have been looking at cloud-based technologies both from private and public structure and thinking of how best to optimize design, engineer, and develop such technologies to better optimize the world of wireless and the Internet of Everything. But one aspect that has not been discussed at length is how poorly hardware and software perform in cloud-based environments. I want to discuss some of the challenges that the industry is facing and some potential solutions that can help create and bring a new revolution to the world of Wide Area Networks (WAN), along with the automation of practically every human-to-human and human-to-machine interface. Currently, there are two technologies being discussed almost everywhere—software defined networking (SDN) and network function virtualization (NFV). While these vary in structure according to vendors, clearly, all of them attack certain aspects of the mobile carrier network or Tier-I landline networks. Let me give you my two-cents on what these technologies must address. SDN must create a more agile network with the development of an open northbound interface. This becomes an enabler for service providers (SPs) to reduce time-to-market for service introduction, reduce capex unit cost by focusing network elements (NEs) to just REAL CIO WORLD | A U G U S T 1 5 , 2 0 1 4
77
ESSENTIAL technology
move traffic, and reducing opex unit cost for network services that take significant human capital cost to deliver, such as establishing protection and restoration or providing new connectivity services. NFV must enable SPs to provide new services, and hence, new incremental revenue, by replacing dedicated hardware/ software located on the customer premise, e.g., DVR, storage, firewall and others. Cloud computing, on the other hand, must enable enterprises to leverage shared and scalable computing resources, hardware and software to impact their capex and opex unit costs. These promises are expected to deliver a much better total cost of ownership (TCO) with lower opex and in essence support moving to a hardware-agnostic or independent model, offering further savings. About a decade ago, I predicted that the battleground in the 21st century would be all about software and not hardware. Although hardware is needed, it is the role of software to optimize all five
mobile access points up to WANs. SDN, by itself, is not really a new technology and has been in existence since 2006. It has been used to mainly improve data center performance, since the concept of big central offices with large Class 4/5 switches is pretty much obsolete in the 21st century. But SDN has a long way to go to deliver an agile network. Today's management of transport networks does not match the agility of the cloud-based services being deployed on them. These two have to converge to bring the transport agility into the 21st century for service delivery. Why should it take weeks and months to establish a new enterprise customer on an SP network? Why should it take weeks to provision high-speed point-topoint connectivity with specific protection requirements? SDN has yet to deliver just that. NFV, in contrast, was introduced between 2010 and 2012 to operators in order to improve service time-to-market and network flexibility and allow a smooth transition to the cloud with significantly lower opex. In my view, the sky is the limit
Challenge your teams to ask how SDN and NFV functions can work in harmony, including within datacenters from public to private, from orchestration to automation and hybrid-based cloud models. functions above using new state-of-the-art technologies such as SDN and NFV. The problem that can become very complicated is that enterprise customers' networks and appliances are not designed for multiple tenants, pay-for-play or on-demand services. However, SDN and NFV are fundamentally designed for such functions. That means that it is imperative for CXOs to sponsor corporatewide programs to move into SDN and NFV, offering capabilities to drive higher revenues while competing for device replacements at the network margins from 78
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
on NFV. For any onsite services (storage, firewall and DVR), whether today or in the future, NFV gives SPs the opportunity to deliver both consumers and enterprises major benefits, such as having a turn-key solution that lowers costs and improves quality of service (QoS). From my perspective, I believe NFV has already taken over Layer 4-7 of the SDN movement by delivering lower capex and cycle time, creating a competitive supply of innovative applications by third parties and introducing control abstractions to foster innovations that
85%
of Indian CIOs say SDX is not on their tech roadmap despite its advantages. carriers need in order to compete with all over-the-top players. Let's also note that the new world requires openness in almost every API layer of the network from access to the core. The issue is legacy systems and processes that need to be changed in order to adapt to the new world of SDN and NFV. In essence, these sectors need to change all analog processes using legacy systems into digital processes, in which NFV can easily fit. That transition may take years, if not a decade, before it is fully implemented. But the question is whether MNOs and Tier-I carriers can wait that long to implement NFV and get the most optimized set of solutions in order to compete globally. My guess is no, they cannot wait and stay competitive. Mobile network operators (MNOs) and Tier-I land-line carriers need to aggressively and quickly implement NFV to remain competitive. I'll tell you how. A significant amount of innovation both from the vendor and carrier side is needed to turn these into real, actionable plans to finally change the structure and essence of what we had been dealing with for many decades (WAN). It is time to bring a new revolution to this space, especially around 4G LTE. Adding billions of devices to the network drives this complexity even higher, which, in turn, drives the need for higher speed of integration. I believe that if we look at the centralized control plane architecture of SDN along with the virtualized nature of NFV, one can allow network administrators to place
VOL/9 | ISSUE/10
ESSENTIAL technology
network resources where they can deliver the best customer experience at the lowest cost while minimizing even churn in every aspect of the process, especially throughout the wireless world. This could also mean that we may need to place resources at the edge of the network, using policy-based management and real intelligence driven by devices and networks. The role of IT can easily be defined as building high-level configuration and policy statements, which can then flow through the distributed infrastructure via Open Flow. This eliminates the need to reconfigure network devices each time an endpoint, service or application is added or moved, or when a policy changes. The implications of such a scenario are what I would have dreamed about a decade ago to bring more innovation with lower cycle time and costs. The time has finally arrived for this to be done using both SDN and NFV, working in harmony. Let’s examine the operations side and what applications are most suited for NFV/SDN. My top choices, given the industry, are—consumer CPE, service assurance, SLA monitoring, Network policy control and charging, tunnelling gateway, traffic management including deep packet inspection with massive amounts of data, VoIP signalling, network engineering and optimization, and network-based security respectively. My final thoughts and recommendations are to challenge your teams to ask how both SDN and NFV functions can work in harmony, including within data centers from public to private, from orchestration to automation and finally hybrid-based cloud models, using both SDN and NFV. The other challenge is to enable agile hardware and software connectivity and automation of human-to-human and human-to-machine interfaces as they exist in the wild, to seize the opportunities created by the rapid development of endpoint and mobile devices and the Internet of Things. CIO
CLOUDY FUTURE AHEAD
Private Cloud Guide CLOUD COMPUTING |Cloud has become vital for every enterprise’s tech management strategy, but designing a robust cloud strategy is not easy. Enterprises struggle with their private cloud built-out. Success with a private cloud comes only through embracing the true cloud model of self-service, full automation, and business and developer agility. There are certain things that every tech manager should know about private cloud to avoid over-investment, missed deadlines, and strategies that limit better engagement with internal customers. A majority of enterprises today claim private cloud adoption, but in reality they don’t have a private cloud, rather an improved virtualization environment that uses a private cloud software for tech management efficiency practices. There has been an emergence of four private cloud approaches that are being driven by very different strategies—reflecting different priorities, budgets, sizes, keys to success, vendor selection criteria, and challenges—and thus, have variant scopes and outcomes. Also, transformational hybrid cloud strategies can be a long and arduous process. It's not the net-new resources that slow private cloud adoption, but connecting these environments to your legacy systems of records, operational processes, and help desk systems is what slows it all down. Along with this, enterprises are also now asking when they should leverage public versus private cloud on an application/workload level, where specific application characteristics align to certain deployment models. Achieving cloud economics within a private cloud environment needs a large, diverse user base, highly standardized costs, a pervasive chargeback system, and aggressive capacity planning and consolidation practices. Designing and implementing incentives that reward change while showing a promising career path is essential for a successful private cloud strategy.
— Forrester Report Send feedback on this feature to editor@cio.in
VOL/9 | ISSUE/10
REAL CIO WORLD | A U G U S T 1 5 , 2 0 1 4
79
endlines INTERNET OF THINGS
* BY MADHAV MOHAN
You are eating out with your friends but are distracted because you are concerned about the safety of your home. You could do one of two things: Dash out of there and rush home, or sit back, relax, and enjoy your dinner because you have a robot for a guard. Yes, you read it right. Meet Bot-SO, a smart robot created by Debraj Dutta, Tapas Bose, and Avinaba Majumder of Edifixo. Bot-SO interacts with users via Twitter and can be deployed for remote home surveillance. Users send a tweet from their smartphones to the robot to survey a particular area in their homes. When it senses a stranger—using motion detectors—it uploads the message on Google drive and sends a URL to the users’ private chat window, alerting the user. “Robots will become a part of our lives like digital systems have today. Social media is the platform which brings machines and humans together and,” says Dutta, who is the director of Edifixo. The company is a subsidiary of EdifiXio SAS, Paris, and it provides services like CMS platform development and J2EE software integration, implementation, installation, support and operation to enterprises. And its IoT-based robot is an interesting indicator of the fact that technology is moving to the next level.
80
A U G U S T 1 5 , 2 0 1 4 | REAL CIO WORLD
VOL/9 | ISSUE/10
IMAGE BY T HIN KSTO CKP HOTOS.IN
Robot Stands Guard